376 lines
15 KiB
Java
376 lines
15 KiB
Java
/*
|
|
* Copyright (c) 2013, 2023, Oracle and/or its affiliates. All rights reserved.
|
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
|
*
|
|
* This code is free software; you can redistribute it and/or modify it
|
|
* under the terms of the GNU General Public License version 2 only, as
|
|
* published by the Free Software Foundation.
|
|
*
|
|
* This code is distributed in the hope that it will be useful, but WITHOUT
|
|
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
|
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
|
* version 2 for more details (a copy is included in the LICENSE file that
|
|
* accompanied this code).
|
|
*
|
|
* You should have received a copy of the GNU General Public License version
|
|
* 2 along with this work; if not, write to the Free Software Foundation,
|
|
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
|
*
|
|
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
|
* or visit www.oracle.com if you need additional information or have any
|
|
* questions.
|
|
*/
|
|
|
|
//
|
|
// SunJSSE does not support dynamic system properties, no way to re-use
|
|
// system properties in samevm/agentvm mode.
|
|
//
|
|
|
|
/*
|
|
* @test
|
|
* @bug 6956398 8301700
|
|
* @summary make ephemeral DH key match the length of the certificate key
|
|
* @library /javax/net/ssl/templates
|
|
* @run main/othervm -Djdk.tls.client.enableSessionTicketExtension=false
|
|
* DHEKeySizing TLS_DHE_RSA_WITH_AES_128_CBC_SHA 1643 267 TLSv1
|
|
* @run main/othervm -Djsse.enableFFDHE=false
|
|
* -Djdk.tls.client.enableSessionTicketExtension=false
|
|
* DHEKeySizing SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA 1259 75 TLSv1.1
|
|
* @run main/othervm -Djsse.enableFFDHE=false
|
|
* -Djdk.tls.ephemeralDHKeySize=matched
|
|
* -Djdk.tls.client.enableSessionTicketExtension=false
|
|
* DHEKeySizing SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA 1259 75 TLSv1.2
|
|
* @run main/othervm -Djsse.enableFFDHE=false
|
|
* -Djdk.tls.ephemeralDHKeySize=legacy
|
|
* -Djdk.tls.client.enableSessionTicketExtension=false
|
|
* DHEKeySizing SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA 1259 75 TLSv1
|
|
* @run main/othervm -Djsse.enableFFDHE=false
|
|
* -Djdk.tls.ephemeralDHKeySize=1024
|
|
* -Djdk.tls.client.enableSessionTicketExtension=false
|
|
* DHEKeySizing SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA 1259 75 TLSv1.1
|
|
* @run main/othervm -Djsse.enableFFDHE=false
|
|
* -Djdk.tls.client.enableSessionTicketExtension=false
|
|
* DHEKeySizing SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA 233 75 TLSv1.2
|
|
* @run main/othervm -Djsse.enableFFDHE=false
|
|
* -Djdk.tls.client.enableSessionTicketExtension=false
|
|
* DHEKeySizing TLS_DHE_RSA_WITH_AES_128_CBC_SHA 1643 267 TLSv1
|
|
* @run main/othervm -Djsse.enableFFDHE=false
|
|
* -Djdk.tls.ephemeralDHKeySize=legacy
|
|
* -Djdk.tls.client.enableSessionTicketExtension=false
|
|
* DHEKeySizing TLS_DHE_RSA_WITH_AES_128_CBC_SHA 1323 107 TLSv1.1
|
|
* @run main/othervm -Djsse.enableFFDHE=false
|
|
* -Djdk.tls.ephemeralDHKeySize=matched
|
|
* -Djdk.tls.client.enableSessionTicketExtension=false
|
|
* DHEKeySizing TLS_DHE_RSA_WITH_AES_128_CBC_SHA 1645 267 TLSv1.2
|
|
* @run main/othervm -Djsse.enableFFDHE=false
|
|
* -Djdk.tls.ephemeralDHKeySize=1024
|
|
* -Djdk.tls.client.enableSessionTicketExtension=false
|
|
* DHEKeySizing TLS_DHE_RSA_WITH_AES_128_CBC_SHA 1387 139 TLSv1
|
|
* @run main/othervm -Djsse.enableFFDHE=false
|
|
* -Djdk.tls.client.enableSessionTicketExtension=false
|
|
* DHEKeySizing SSL_DH_anon_WITH_RC4_128_MD5 617 267 TLSv1.1
|
|
* @run main/othervm -Djsse.enableFFDHE=false
|
|
* -Djdk.tls.client.enableSessionTicketExtension=false
|
|
* -Djdk.tls.ephemeralDHKeySize=legacy
|
|
* DHEKeySizing SSL_DH_anon_WITH_RC4_128_MD5 297 107 TLSv1.2
|
|
* @run main/othervm -Djsse.enableFFDHE=false
|
|
* -Djdk.tls.client.enableSessionTicketExtension=false
|
|
* -Djdk.tls.ephemeralDHKeySize=matched
|
|
* DHEKeySizing SSL_DH_anon_WITH_RC4_128_MD5 617 267 TLSv1
|
|
* @run main/othervm -Djsse.enableFFDHE=false
|
|
* -Djdk.tls.client.enableSessionTicketExtension=false
|
|
* -Djdk.tls.ephemeralDHKeySize=1024
|
|
* DHEKeySizing SSL_DH_anon_WITH_RC4_128_MD5 361 139 TLSv1.1
|
|
*/
|
|
|
|
/*
|
|
* This is a simple hack to test key sizes of Diffie-Hellman key exchanging
|
|
* during SSL/TLS handshaking.
|
|
*
|
|
* The record length of DH ServerKeyExchange and ClientKeyExchange.
|
|
* ServerKeyExchange message are wrapped in ServerHello series messages, which
|
|
* contains ServerHello, Certificate and ServerKeyExchange message.
|
|
*
|
|
* struct {
|
|
* opaque dh_p<1..2^16-1>;
|
|
* opaque dh_g<1..2^16-1>;
|
|
* opaque dh_Ys<1..2^16-1>;
|
|
* } ServerDHParams; // Ephemeral DH parameters
|
|
*
|
|
* struct {
|
|
* select (PublicValueEncoding) {
|
|
* case implicit: struct { };
|
|
* case explicit: opaque dh_Yc<1..2^16-1>;
|
|
* } dh_public;
|
|
* } ClientDiffieHellmanPublic;
|
|
*
|
|
* From the above structures, it is clear that if the DH key size increases 128
|
|
* bits (16 bytes), the ServerHello series messages increases 48 bytes
|
|
* (becuase dh_p, dh_g and dh_Ys each increase 16 bytes) and ClientKeyExchange
|
|
* increases 16 bytes (because of the size increasing of dh_Yc).
|
|
*
|
|
* Here is a summary of the record length in the test case.
|
|
*
|
|
* | ServerHello Series | ClientKeyExchange | ServerHello Anon
|
|
* 512-bit | 1259 bytes | 75 bytes | 233 bytes
|
|
* 768-bit | 1323 bytes | 107 bytes | 297 bytes
|
|
* 1024-bit | 1387 bytes | 139 bytes | 361 bytes
|
|
* 2048-bit | 1643 bytes | 267 bytes | 617 bytes
|
|
*/
|
|
|
|
import javax.net.ssl.*;
|
|
import javax.net.ssl.SSLEngineResult.*;
|
|
import java.nio.*;
|
|
import java.security.Security;
|
|
|
|
public class DHEKeySizing extends SSLEngineTemplate {
|
|
|
|
private final static boolean debug = true;
|
|
|
|
// key length bias because of the stripping of leading zero bytes of
|
|
// negotiated DH keys.
|
|
//
|
|
// This is an effort to minimize intermittent failures when we cannot
|
|
// estimate what's the exact number of leading zero bytes of
|
|
// negotiated DH keys.
|
|
private final static int KEY_LEN_BIAS = 6;
|
|
|
|
private static String protocol;
|
|
|
|
private void checkResult(ByteBuffer bbIn, ByteBuffer bbOut,
|
|
SSLEngineResult result,
|
|
Status status, HandshakeStatus hsStatus,
|
|
int consumed, int produced)
|
|
throws Exception {
|
|
|
|
if ((status != null) && (result.getStatus() != status)) {
|
|
throw new Exception("Unexpected Status: need = " + status +
|
|
" got = " + result.getStatus());
|
|
}
|
|
|
|
if ((hsStatus != null) && (result.getHandshakeStatus() != hsStatus)) {
|
|
throw new Exception("Unexpected hsStatus: need = " + hsStatus +
|
|
" got = " + result.getHandshakeStatus());
|
|
}
|
|
|
|
if ((consumed != -1) && (consumed != result.bytesConsumed())) {
|
|
throw new Exception("Unexpected consumed: need = " + consumed +
|
|
" got = " + result.bytesConsumed());
|
|
}
|
|
|
|
if ((produced != -1) && (produced != result.bytesProduced())) {
|
|
throw new Exception("Unexpected produced: need = " + produced +
|
|
" got = " + result.bytesProduced());
|
|
}
|
|
|
|
if ((consumed != -1) && (bbIn.position() != result.bytesConsumed())) {
|
|
throw new Exception("Consumed " + bbIn.position() +
|
|
" != " + consumed);
|
|
}
|
|
|
|
if ((produced != -1) && (bbOut.position() != result.bytesProduced())) {
|
|
throw new Exception("produced " + bbOut.position() +
|
|
" != " + produced);
|
|
}
|
|
}
|
|
|
|
private void test(String cipherSuite, int lenServerKeyEx,
|
|
int lenClientKeyEx) throws Exception {
|
|
|
|
SSLEngineResult result1; // clientEngine's results from last operation
|
|
SSLEngineResult result2; // serverEngine's results from last operation
|
|
|
|
String[] suites = new String [] {cipherSuite};
|
|
|
|
clientEngine.setEnabledCipherSuites(suites);
|
|
serverEngine.setEnabledCipherSuites(suites);
|
|
|
|
log("======================================");
|
|
log("===================");
|
|
log("client hello");
|
|
result1 = clientEngine.wrap(clientOut, cTOs);
|
|
checkResult(clientOut, cTOs, result1,
|
|
Status.OK, HandshakeStatus.NEED_UNWRAP, 0, -1);
|
|
cTOs.flip();
|
|
|
|
result2 = serverEngine.unwrap(cTOs, serverIn);
|
|
checkResult(cTOs, serverIn, result2,
|
|
Status.OK, HandshakeStatus.NEED_TASK, result1.bytesProduced(), 0);
|
|
runDelegatedTasks(serverEngine);
|
|
cTOs.compact();
|
|
|
|
log("===================");
|
|
log("ServerHello");
|
|
result2 = serverEngine.wrap(serverOut, sTOc);
|
|
checkResult(serverOut, sTOc, result2,
|
|
Status.OK, HandshakeStatus.NEED_UNWRAP, 0, -1);
|
|
sTOc.flip();
|
|
|
|
log("Message length of ServerHello series: " + sTOc.remaining());
|
|
if (sTOc.remaining() < (lenServerKeyEx - KEY_LEN_BIAS) ||
|
|
sTOc.remaining() > lenServerKeyEx) {
|
|
throw new Exception(
|
|
"Expected to generate ServerHello series messages of " +
|
|
lenServerKeyEx + " bytes, but not " + sTOc.remaining());
|
|
}
|
|
|
|
result1 = clientEngine.unwrap(sTOc, clientIn);
|
|
checkResult(sTOc, clientIn, result1,
|
|
Status.OK, HandshakeStatus.NEED_TASK, result2.bytesProduced(), 0);
|
|
runDelegatedTasks(clientEngine);
|
|
sTOc.compact();
|
|
|
|
log("===================");
|
|
log("Key Exchange");
|
|
result1 = clientEngine.wrap(clientOut, cTOs);
|
|
checkResult(clientOut, cTOs, result1,
|
|
Status.OK, HandshakeStatus.NEED_WRAP, 0, -1);
|
|
cTOs.flip();
|
|
|
|
log("Message length of ClientKeyExchange: " + cTOs.remaining());
|
|
if (cTOs.remaining() < (lenClientKeyEx - KEY_LEN_BIAS) ||
|
|
cTOs.remaining() > lenClientKeyEx) {
|
|
throw new Exception(
|
|
"Expected to generate ClientKeyExchange message of " +
|
|
lenClientKeyEx + " bytes, but not " + cTOs.remaining());
|
|
}
|
|
result2 = serverEngine.unwrap(cTOs, serverIn);
|
|
checkResult(cTOs, serverIn, result2,
|
|
Status.OK, HandshakeStatus.NEED_TASK, result1.bytesProduced(), 0);
|
|
runDelegatedTasks(serverEngine);
|
|
cTOs.compact();
|
|
|
|
log("===================");
|
|
log("Client CCS");
|
|
result1 = clientEngine.wrap(clientOut, cTOs);
|
|
checkResult(clientOut, cTOs, result1,
|
|
Status.OK, HandshakeStatus.NEED_WRAP, 0, -1);
|
|
cTOs.flip();
|
|
|
|
result2 = serverEngine.unwrap(cTOs, serverIn);
|
|
checkResult(cTOs, serverIn, result2,
|
|
Status.OK, HandshakeStatus.NEED_UNWRAP,
|
|
result1.bytesProduced(), 0);
|
|
cTOs.compact();
|
|
|
|
log("===================");
|
|
log("Client Finished");
|
|
result1 = clientEngine.wrap(clientOut, cTOs);
|
|
checkResult(clientOut, cTOs, result1,
|
|
Status.OK, HandshakeStatus.NEED_UNWRAP, 0, -1);
|
|
cTOs.flip();
|
|
|
|
result2 = serverEngine.unwrap(cTOs, serverIn);
|
|
checkResult(cTOs, serverIn, result2,
|
|
Status.OK, HandshakeStatus.NEED_WRAP,
|
|
result1.bytesProduced(), 0);
|
|
cTOs.compact();
|
|
|
|
log("===================");
|
|
log("Server CCS");
|
|
result2 = serverEngine.wrap(serverOut, sTOc);
|
|
checkResult(serverOut, sTOc, result2,
|
|
Status.OK, HandshakeStatus.NEED_WRAP, 0, -1);
|
|
sTOc.flip();
|
|
|
|
result1 = clientEngine.unwrap(sTOc, clientIn);
|
|
checkResult(sTOc, clientIn, result1,
|
|
Status.OK, HandshakeStatus.NEED_UNWRAP, result2.bytesProduced(), 0);
|
|
sTOc.compact();
|
|
|
|
log("===================");
|
|
log("Server Finished");
|
|
result2 = serverEngine.wrap(serverOut, sTOc);
|
|
checkResult(serverOut, sTOc, result2,
|
|
Status.OK, HandshakeStatus.FINISHED, 0, -1);
|
|
sTOc.flip();
|
|
|
|
result1 = clientEngine.unwrap(sTOc, clientIn);
|
|
checkResult(sTOc, clientIn, result1,
|
|
Status.OK, HandshakeStatus.FINISHED, result2.bytesProduced(), 0);
|
|
sTOc.compact();
|
|
|
|
log("===================");
|
|
log("Check Session/Ciphers");
|
|
String cs = clientEngine.getSession().getCipherSuite();
|
|
if (!cs.equals(suites[0])) {
|
|
throw new Exception("suites not equal: " + cs + "/" + suites[0]);
|
|
}
|
|
|
|
cs = serverEngine.getSession().getCipherSuite();
|
|
if (!cs.equals(suites[0])) {
|
|
throw new Exception("suites not equal: " + cs + "/" + suites[0]);
|
|
}
|
|
|
|
log("===================");
|
|
log("Done with SSL/TLS handshaking");
|
|
}
|
|
|
|
public static void main(String args[]) throws Exception {
|
|
// reset security properties to make sure that the algorithms
|
|
// and keys used in this test are not disabled.
|
|
Security.setProperty("jdk.tls.disabledAlgorithms", "");
|
|
Security.setProperty("jdk.certpath.disabledAlgorithms", "");
|
|
|
|
if (args.length != 4) {
|
|
System.out.println(
|
|
"Usage: java DHEKeySizing cipher-suite " +
|
|
"size-of-server-hello-record\n" +
|
|
" size-of-client-key-exchange protocol");
|
|
throw new Exception("Incorrect usage!");
|
|
}
|
|
|
|
protocol = args[3];
|
|
|
|
(new DHEKeySizing()).test(args[0],
|
|
Integer.parseInt(args[1]),
|
|
Integer.parseInt(args[2]));
|
|
System.out.println("Test Passed.");
|
|
}
|
|
|
|
/*
|
|
* **********************************************************
|
|
* Majority of the test case is above, below is just setup stuff
|
|
* **********************************************************
|
|
*/
|
|
|
|
public DHEKeySizing() throws Exception {
|
|
super();
|
|
}
|
|
|
|
@Override
|
|
protected SSLEngine configureServerEngine(SSLEngine engine) {
|
|
engine.setNeedClientAuth(false);
|
|
engine.setUseClientMode(false);
|
|
return engine;
|
|
}
|
|
|
|
@Override
|
|
protected SSLContext createServerSSLContext() throws Exception {
|
|
return createSSLContext(null, new Cert[]{Cert.CA_SHA1_RSA_2048},
|
|
getServerContextParameters());
|
|
}
|
|
|
|
@Override
|
|
protected SSLContext createClientSSLContext() throws Exception {
|
|
return createSSLContext(new Cert[]{Cert.CA_SHA1_RSA_2048}, null,
|
|
getClientContextParameters());
|
|
}
|
|
|
|
@Override
|
|
protected ContextParameters getClientContextParameters() {
|
|
return new ContextParameters(protocol, "PKIX", "NewSunX509");
|
|
}
|
|
|
|
@Override
|
|
protected ContextParameters getServerContextParameters() {
|
|
return new ContextParameters(protocol, "PKIX", "NewSunX509");
|
|
}
|
|
|
|
private static void log(String str) {
|
|
if (debug) {
|
|
System.out.println(str);
|
|
}
|
|
}
|
|
}
|