test/sun/security/ssl/com/sun/net/ssl/internal/ssl/DHKeyExchange/DHEKeySizing.java

Print this page


   1 /*
   2  * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.
   8  *
   9  * This code is distributed in the hope that it will be useful, but WITHOUT
  10  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  11  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  12  * version 2 for more details (a copy is included in the LICENSE file that
  13  * accompanied this code).
  14  *
  15  * You should have received a copy of the GNU General Public License version
  16  * 2 along with this work; if not, write to the Free Software Foundation,
  17  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  18  *
  19  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  20  * or visit www.oracle.com if you need additional information or have any
  21  * questions.
  22  */


  85  * Fomr above structures, it is clear that if the DH key size increasing 128
  86  * bits (16 bytes), the ServerHello series messages increases 48 bytes
  87  * (becuase dh_p, dh_g and dh_Ys each increase 16 bytes) and ClientKeyExchange
  88  * increases 16 bytes (because of the size increasing of dh_Yc).
  89  *
  90  * Here is a summary of the record length in the test case.
  91  *
  92  *            |  ServerHello Series  |  ClientKeyExchange | ServerHello Anon
  93  *   512-bit  |          1318 bytes  |           75 bytes |        292 bytes
  94  *   768-bit  |          1414 bytes  |          107 bytes |        388 bytes
  95  *  1024-bit  |          1510 bytes  |          139 bytes |        484 bytes
  96  *  2048-bit  |          1894 bytes  |          267 bytes |        484 bytes
  97  */
  98 
  99 import javax.net.ssl.*;
 100 import javax.net.ssl.SSLEngineResult.*;
 101 import java.io.*;
 102 import java.nio.*;
 103 import java.security.KeyStore;
 104 import java.security.KeyFactory;

 105 import java.security.cert.Certificate;
 106 import java.security.cert.CertificateFactory;
 107 import java.security.spec.PKCS8EncodedKeySpec;
 108 import java.security.spec.*;
 109 import java.security.interfaces.*;
 110 import java.util.Base64;
 111 
 112 public class DHEKeySizing {
 113 
 114     private final static boolean debug = true;
 115 
 116     // key length bias because of the stripping of leading zero bytes of
 117     // negotiated DH keys.
 118     //
 119     // This is an effort to mimum intermittent failure when we cannot
 120     // estimate what's the exact number of leading zero bytes of
 121     // negotiated DH keys.
 122     private final static int KEY_LEN_BIAS = 6;
 123 
 124     private SSLContext sslc;
 125     private SSLEngine ssle1;    // client
 126     private SSLEngine ssle2;    // server
 127 
 128     private ByteBuffer appOut1;         // write side of ssle1


 360             Status.OK, HandshakeStatus.FINISHED, result2.bytesProduced(), 0);
 361         twoToOne.compact();
 362 
 363         log("===================");
 364         log("Check Session/Ciphers");
 365         String cs = ssle1.getSession().getCipherSuite();
 366         if (!cs.equals(suites[0])) {
 367             throw new Exception("suites not equal: " + cs + "/" + suites[0]);
 368         }
 369 
 370         cs = ssle2.getSession().getCipherSuite();
 371         if (!cs.equals(suites[0])) {
 372             throw new Exception("suites not equal: " + cs + "/" + suites[0]);
 373         }
 374 
 375         log("===================");
 376         log("Done with SSL/TLS handshaking");
 377     }
 378 
 379     public static void main(String args[]) throws Exception {




 380         if (args.length != 4) {
 381             System.out.println(
 382                 "Usage: java DHEKeySizing cipher-suite " +
 383                 "exportable(true|false)\n" +
 384                 "    size-of-server-hello-record size-of-client-key-exchange");
 385             throw new Exception("Incorrect usage!");
 386         }
 387 
 388         (new DHEKeySizing()).test(args[0],
 389                 Boolean.parseBoolean(args[1]),
 390                 Integer.parseInt(args[2]),
 391                 Integer.parseInt(args[3]));
 392         System.out.println("Test Passed.");
 393     }
 394 
 395     /*
 396      * **********************************************************
 397      * Majority of the test case is above, below is just setup stuff
 398      * **********************************************************
 399      */


   1 /*
   2  * Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.
   8  *
   9  * This code is distributed in the hope that it will be useful, but WITHOUT
  10  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  11  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  12  * version 2 for more details (a copy is included in the LICENSE file that
  13  * accompanied this code).
  14  *
  15  * You should have received a copy of the GNU General Public License version
  16  * 2 along with this work; if not, write to the Free Software Foundation,
  17  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  18  *
  19  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  20  * or visit www.oracle.com if you need additional information or have any
  21  * questions.
  22  */


  85  * Fomr above structures, it is clear that if the DH key size increasing 128
  86  * bits (16 bytes), the ServerHello series messages increases 48 bytes
  87  * (becuase dh_p, dh_g and dh_Ys each increase 16 bytes) and ClientKeyExchange
  88  * increases 16 bytes (because of the size increasing of dh_Yc).
  89  *
  90  * Here is a summary of the record length in the test case.
  91  *
  92  *            |  ServerHello Series  |  ClientKeyExchange | ServerHello Anon
  93  *   512-bit  |          1318 bytes  |           75 bytes |        292 bytes
  94  *   768-bit  |          1414 bytes  |          107 bytes |        388 bytes
  95  *  1024-bit  |          1510 bytes  |          139 bytes |        484 bytes
  96  *  2048-bit  |          1894 bytes  |          267 bytes |        484 bytes
  97  */
  98 
  99 import javax.net.ssl.*;
 100 import javax.net.ssl.SSLEngineResult.*;
 101 import java.io.*;
 102 import java.nio.*;
 103 import java.security.KeyStore;
 104 import java.security.KeyFactory;
 105 import java.security.Security;
 106 import java.security.cert.Certificate;
 107 import java.security.cert.CertificateFactory;
 108 import java.security.spec.PKCS8EncodedKeySpec;

 109 import java.security.interfaces.*;
 110 import java.util.Base64;
 111 
 112 public class DHEKeySizing {
 113 
 114     private final static boolean debug = true;
 115 
 116     // key length bias because of the stripping of leading zero bytes of
 117     // negotiated DH keys.
 118     //
 119     // This is an effort to mimum intermittent failure when we cannot
 120     // estimate what's the exact number of leading zero bytes of
 121     // negotiated DH keys.
 122     private final static int KEY_LEN_BIAS = 6;
 123 
 124     private SSLContext sslc;
 125     private SSLEngine ssle1;    // client
 126     private SSLEngine ssle2;    // server
 127 
 128     private ByteBuffer appOut1;         // write side of ssle1


 360             Status.OK, HandshakeStatus.FINISHED, result2.bytesProduced(), 0);
 361         twoToOne.compact();
 362 
 363         log("===================");
 364         log("Check Session/Ciphers");
 365         String cs = ssle1.getSession().getCipherSuite();
 366         if (!cs.equals(suites[0])) {
 367             throw new Exception("suites not equal: " + cs + "/" + suites[0]);
 368         }
 369 
 370         cs = ssle2.getSession().getCipherSuite();
 371         if (!cs.equals(suites[0])) {
 372             throw new Exception("suites not equal: " + cs + "/" + suites[0]);
 373         }
 374 
 375         log("===================");
 376         log("Done with SSL/TLS handshaking");
 377     }
 378 
 379     public static void main(String args[]) throws Exception {
 380         // reset the security property to make sure that the algorithms
 381         // and keys used in this test are not disabled.
 382         Security.setProperty("jdk.tls.disabledAlgorithms", "");
 383 
 384         if (args.length != 4) {
 385             System.out.println(
 386                 "Usage: java DHEKeySizing cipher-suite " +
 387                 "exportable(true|false)\n" +
 388                 "    size-of-server-hello-record size-of-client-key-exchange");
 389             throw new Exception("Incorrect usage!");
 390         }
 391 
 392         (new DHEKeySizing()).test(args[0],
 393                 Boolean.parseBoolean(args[1]),
 394                 Integer.parseInt(args[2]),
 395                 Integer.parseInt(args[3]));
 396         System.out.println("Test Passed.");
 397     }
 398 
 399     /*
 400      * **********************************************************
 401      * Majority of the test case is above, below is just setup stuff
 402      * **********************************************************
 403      */