1 /*
2 * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 */
85 * Fomr above structures, it is clear that if the DH key size increasing 128
86 * bits (16 bytes), the ServerHello series messages increases 48 bytes
87 * (becuase dh_p, dh_g and dh_Ys each increase 16 bytes) and ClientKeyExchange
88 * increases 16 bytes (because of the size increasing of dh_Yc).
89 *
90 * Here is a summary of the record length in the test case.
91 *
92 * | ServerHello Series | ClientKeyExchange | ServerHello Anon
93 * 512-bit | 1318 bytes | 75 bytes | 292 bytes
94 * 768-bit | 1414 bytes | 107 bytes | 388 bytes
95 * 1024-bit | 1510 bytes | 139 bytes | 484 bytes
96 * 2048-bit | 1894 bytes | 267 bytes | 484 bytes
97 */
98
99 import javax.net.ssl.*;
100 import javax.net.ssl.SSLEngineResult.*;
101 import java.io.*;
102 import java.nio.*;
103 import java.security.KeyStore;
104 import java.security.KeyFactory;
105 import java.security.cert.Certificate;
106 import java.security.cert.CertificateFactory;
107 import java.security.spec.PKCS8EncodedKeySpec;
108 import java.security.spec.*;
109 import java.security.interfaces.*;
110 import java.util.Base64;
111
112 public class DHEKeySizing {
113
114 private final static boolean debug = true;
115
116 // key length bias because of the stripping of leading zero bytes of
117 // negotiated DH keys.
118 //
119 // This is an effort to mimum intermittent failure when we cannot
120 // estimate what's the exact number of leading zero bytes of
121 // negotiated DH keys.
122 private final static int KEY_LEN_BIAS = 6;
123
124 private SSLContext sslc;
125 private SSLEngine ssle1; // client
126 private SSLEngine ssle2; // server
127
128 private ByteBuffer appOut1; // write side of ssle1
360 Status.OK, HandshakeStatus.FINISHED, result2.bytesProduced(), 0);
361 twoToOne.compact();
362
363 log("===================");
364 log("Check Session/Ciphers");
365 String cs = ssle1.getSession().getCipherSuite();
366 if (!cs.equals(suites[0])) {
367 throw new Exception("suites not equal: " + cs + "/" + suites[0]);
368 }
369
370 cs = ssle2.getSession().getCipherSuite();
371 if (!cs.equals(suites[0])) {
372 throw new Exception("suites not equal: " + cs + "/" + suites[0]);
373 }
374
375 log("===================");
376 log("Done with SSL/TLS handshaking");
377 }
378
379 public static void main(String args[]) throws Exception {
380 if (args.length != 4) {
381 System.out.println(
382 "Usage: java DHEKeySizing cipher-suite " +
383 "exportable(true|false)\n" +
384 " size-of-server-hello-record size-of-client-key-exchange");
385 throw new Exception("Incorrect usage!");
386 }
387
388 (new DHEKeySizing()).test(args[0],
389 Boolean.parseBoolean(args[1]),
390 Integer.parseInt(args[2]),
391 Integer.parseInt(args[3]));
392 System.out.println("Test Passed.");
393 }
394
395 /*
396 * **********************************************************
397 * Majority of the test case is above, below is just setup stuff
398 * **********************************************************
399 */
|
1 /*
2 * Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 */
85 * Fomr above structures, it is clear that if the DH key size increasing 128
86 * bits (16 bytes), the ServerHello series messages increases 48 bytes
87 * (becuase dh_p, dh_g and dh_Ys each increase 16 bytes) and ClientKeyExchange
88 * increases 16 bytes (because of the size increasing of dh_Yc).
89 *
90 * Here is a summary of the record length in the test case.
91 *
92 * | ServerHello Series | ClientKeyExchange | ServerHello Anon
93 * 512-bit | 1318 bytes | 75 bytes | 292 bytes
94 * 768-bit | 1414 bytes | 107 bytes | 388 bytes
95 * 1024-bit | 1510 bytes | 139 bytes | 484 bytes
96 * 2048-bit | 1894 bytes | 267 bytes | 484 bytes
97 */
98
99 import javax.net.ssl.*;
100 import javax.net.ssl.SSLEngineResult.*;
101 import java.io.*;
102 import java.nio.*;
103 import java.security.KeyStore;
104 import java.security.KeyFactory;
105 import java.security.Security;
106 import java.security.cert.Certificate;
107 import java.security.cert.CertificateFactory;
108 import java.security.spec.PKCS8EncodedKeySpec;
109 import java.security.interfaces.*;
110 import java.util.Base64;
111
112 public class DHEKeySizing {
113
114 private final static boolean debug = true;
115
116 // key length bias because of the stripping of leading zero bytes of
117 // negotiated DH keys.
118 //
119 // This is an effort to mimum intermittent failure when we cannot
120 // estimate what's the exact number of leading zero bytes of
121 // negotiated DH keys.
122 private final static int KEY_LEN_BIAS = 6;
123
124 private SSLContext sslc;
125 private SSLEngine ssle1; // client
126 private SSLEngine ssle2; // server
127
128 private ByteBuffer appOut1; // write side of ssle1
360 Status.OK, HandshakeStatus.FINISHED, result2.bytesProduced(), 0);
361 twoToOne.compact();
362
363 log("===================");
364 log("Check Session/Ciphers");
365 String cs = ssle1.getSession().getCipherSuite();
366 if (!cs.equals(suites[0])) {
367 throw new Exception("suites not equal: " + cs + "/" + suites[0]);
368 }
369
370 cs = ssle2.getSession().getCipherSuite();
371 if (!cs.equals(suites[0])) {
372 throw new Exception("suites not equal: " + cs + "/" + suites[0]);
373 }
374
375 log("===================");
376 log("Done with SSL/TLS handshaking");
377 }
378
379 public static void main(String args[]) throws Exception {
380 // reset the security property to make sure that the algorithms
381 // and keys used in this test are not disabled.
382 Security.setProperty("jdk.tls.disabledAlgorithms", "");
383
384 if (args.length != 4) {
385 System.out.println(
386 "Usage: java DHEKeySizing cipher-suite " +
387 "exportable(true|false)\n" +
388 " size-of-server-hello-record size-of-client-key-exchange");
389 throw new Exception("Incorrect usage!");
390 }
391
392 (new DHEKeySizing()).test(args[0],
393 Boolean.parseBoolean(args[1]),
394 Integer.parseInt(args[2]),
395 Integer.parseInt(args[3]));
396 System.out.println("Test Passed.");
397 }
398
399 /*
400 * **********************************************************
401 * Majority of the test case is above, below is just setup stuff
402 * **********************************************************
403 */
|