author | ascarpino |
Tue, 11 Jun 2019 16:31:37 -0700 | |
changeset 55336 | c2398053ee90 |
parent 48225 | 718669e6b375 |
permissions | -rw-r--r-- |
20539
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
1 |
/* |
45064
b1b45177051b
8140436: Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for TLS
xuelei
parents:
33295
diff
changeset
|
2 |
* Copyright (c) 2013, 2017, Oracle and/or its affiliates. All rights reserved. |
20539
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
3 |
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
4 |
* |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
5 |
* This code is free software; you can redistribute it and/or modify it |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
6 |
* under the terms of the GNU General Public License version 2 only, as |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
7 |
* published by the Free Software Foundation. |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
8 |
* |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
9 |
* This code is distributed in the hope that it will be useful, but WITHOUT |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
10 |
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
11 |
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
12 |
* version 2 for more details (a copy is included in the LICENSE file that |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
13 |
* accompanied this code). |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
14 |
* |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
15 |
* You should have received a copy of the GNU General Public License version |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
16 |
* 2 along with this work; if not, write to the Free Software Foundation, |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
17 |
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
18 |
* |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
19 |
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
20 |
* or visit www.oracle.com if you need additional information or have any |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
21 |
* questions. |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
22 |
*/ |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
23 |
|
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
24 |
// |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
25 |
// SunJSSE does not support dynamic system properties, no way to re-use |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
26 |
// system properties in samevm/agentvm mode. |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
27 |
// |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
28 |
|
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
29 |
/* |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
30 |
* @test |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
31 |
* @bug 6956398 |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
32 |
* @summary make ephemeral DH key match the length of the certificate key |
55336
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
48225
diff
changeset
|
33 |
* @run main/othervm -Djdk.tls.client.enableSessionTicketExtension=false |
48225
718669e6b375
8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension
xuelei
parents:
47216
diff
changeset
|
34 |
* DHEKeySizing TLS_DHE_RSA_WITH_AES_128_CBC_SHA false 1643 267 |
45064
b1b45177051b
8140436: Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for TLS
xuelei
parents:
33295
diff
changeset
|
35 |
* @run main/othervm -Djsse.enableFFDHE=false |
55336
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
48225
diff
changeset
|
36 |
* -Djdk.tls.client.enableSessionTicketExtension=false |
48225
718669e6b375
8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension
xuelei
parents:
47216
diff
changeset
|
37 |
* DHEKeySizing SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA true 1259 75 |
45064
b1b45177051b
8140436: Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for TLS
xuelei
parents:
33295
diff
changeset
|
38 |
* @run main/othervm -Djsse.enableFFDHE=false |
b1b45177051b
8140436: Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for TLS
xuelei
parents:
33295
diff
changeset
|
39 |
* -Djdk.tls.ephemeralDHKeySize=matched |
55336
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
48225
diff
changeset
|
40 |
* -Djdk.tls.client.enableSessionTicketExtension=false |
48225
718669e6b375
8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension
xuelei
parents:
47216
diff
changeset
|
41 |
* DHEKeySizing SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA true 1259 75 |
45064
b1b45177051b
8140436: Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for TLS
xuelei
parents:
33295
diff
changeset
|
42 |
* @run main/othervm -Djsse.enableFFDHE=false |
b1b45177051b
8140436: Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for TLS
xuelei
parents:
33295
diff
changeset
|
43 |
* -Djdk.tls.ephemeralDHKeySize=legacy |
55336
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
48225
diff
changeset
|
44 |
* -Djdk.tls.client.enableSessionTicketExtension=false |
48225
718669e6b375
8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension
xuelei
parents:
47216
diff
changeset
|
45 |
* DHEKeySizing SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA true 1259 75 |
45064
b1b45177051b
8140436: Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for TLS
xuelei
parents:
33295
diff
changeset
|
46 |
* @run main/othervm -Djsse.enableFFDHE=false |
b1b45177051b
8140436: Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for TLS
xuelei
parents:
33295
diff
changeset
|
47 |
* -Djdk.tls.ephemeralDHKeySize=1024 |
55336
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
48225
diff
changeset
|
48 |
* -Djdk.tls.client.enableSessionTicketExtension=false |
48225
718669e6b375
8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension
xuelei
parents:
47216
diff
changeset
|
49 |
* DHEKeySizing SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA true 1259 75 |
20539
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
50 |
* |
45064
b1b45177051b
8140436: Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for TLS
xuelei
parents:
33295
diff
changeset
|
51 |
* @run main/othervm -Djsse.enableFFDHE=false |
55336
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
48225
diff
changeset
|
52 |
* -Djdk.tls.client.enableSessionTicketExtension=false |
48225
718669e6b375
8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension
xuelei
parents:
47216
diff
changeset
|
53 |
* DHEKeySizing SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA true 233 75 |
20539
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
54 |
* |
45064
b1b45177051b
8140436: Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for TLS
xuelei
parents:
33295
diff
changeset
|
55 |
* @run main/othervm -Djsse.enableFFDHE=false |
55336
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
48225
diff
changeset
|
56 |
* -Djdk.tls.client.enableSessionTicketExtension=false |
48225
718669e6b375
8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension
xuelei
parents:
47216
diff
changeset
|
57 |
* DHEKeySizing TLS_DHE_RSA_WITH_AES_128_CBC_SHA false 1387 139 |
45064
b1b45177051b
8140436: Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for TLS
xuelei
parents:
33295
diff
changeset
|
58 |
* @run main/othervm -Djsse.enableFFDHE=false |
b1b45177051b
8140436: Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for TLS
xuelei
parents:
33295
diff
changeset
|
59 |
* -Djdk.tls.ephemeralDHKeySize=legacy |
55336
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
48225
diff
changeset
|
60 |
* -Djdk.tls.client.enableSessionTicketExtension=false |
48225
718669e6b375
8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension
xuelei
parents:
47216
diff
changeset
|
61 |
* DHEKeySizing TLS_DHE_RSA_WITH_AES_128_CBC_SHA false 1323 107 |
45064
b1b45177051b
8140436: Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for TLS
xuelei
parents:
33295
diff
changeset
|
62 |
* @run main/othervm -Djsse.enableFFDHE=false |
b1b45177051b
8140436: Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for TLS
xuelei
parents:
33295
diff
changeset
|
63 |
* -Djdk.tls.ephemeralDHKeySize=matched |
55336
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
48225
diff
changeset
|
64 |
* -Djdk.tls.client.enableSessionTicketExtension=false |
48225
718669e6b375
8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension
xuelei
parents:
47216
diff
changeset
|
65 |
* DHEKeySizing TLS_DHE_RSA_WITH_AES_128_CBC_SHA false 1643 267 |
45064
b1b45177051b
8140436: Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for TLS
xuelei
parents:
33295
diff
changeset
|
66 |
* @run main/othervm -Djsse.enableFFDHE=false |
b1b45177051b
8140436: Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for TLS
xuelei
parents:
33295
diff
changeset
|
67 |
* -Djdk.tls.ephemeralDHKeySize=1024 |
55336
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
48225
diff
changeset
|
68 |
* -Djdk.tls.client.enableSessionTicketExtension=false |
48225
718669e6b375
8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension
xuelei
parents:
47216
diff
changeset
|
69 |
* DHEKeySizing TLS_DHE_RSA_WITH_AES_128_CBC_SHA false 1387 139 |
20539
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
70 |
* |
45064
b1b45177051b
8140436: Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for TLS
xuelei
parents:
33295
diff
changeset
|
71 |
* @run main/othervm -Djsse.enableFFDHE=false |
55336
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
48225
diff
changeset
|
72 |
* -Djdk.tls.client.enableSessionTicketExtension=false |
48225
718669e6b375
8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension
xuelei
parents:
47216
diff
changeset
|
73 |
* DHEKeySizing SSL_DH_anon_WITH_RC4_128_MD5 false 361 139 |
45064
b1b45177051b
8140436: Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for TLS
xuelei
parents:
33295
diff
changeset
|
74 |
* @run main/othervm -Djsse.enableFFDHE=false |
55336
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
48225
diff
changeset
|
75 |
* -Djdk.tls.client.enableSessionTicketExtension=false |
45064
b1b45177051b
8140436: Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for TLS
xuelei
parents:
33295
diff
changeset
|
76 |
* -Djdk.tls.ephemeralDHKeySize=legacy |
48225
718669e6b375
8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension
xuelei
parents:
47216
diff
changeset
|
77 |
* DHEKeySizing SSL_DH_anon_WITH_RC4_128_MD5 false 297 107 |
45064
b1b45177051b
8140436: Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for TLS
xuelei
parents:
33295
diff
changeset
|
78 |
* @run main/othervm -Djsse.enableFFDHE=false |
55336
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
48225
diff
changeset
|
79 |
* -Djdk.tls.client.enableSessionTicketExtension=false |
45064
b1b45177051b
8140436: Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for TLS
xuelei
parents:
33295
diff
changeset
|
80 |
* -Djdk.tls.ephemeralDHKeySize=matched |
48225
718669e6b375
8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension
xuelei
parents:
47216
diff
changeset
|
81 |
* DHEKeySizing SSL_DH_anon_WITH_RC4_128_MD5 false 361 139 |
45064
b1b45177051b
8140436: Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for TLS
xuelei
parents:
33295
diff
changeset
|
82 |
* @run main/othervm -Djsse.enableFFDHE=false |
55336
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
48225
diff
changeset
|
83 |
* -Djdk.tls.client.enableSessionTicketExtension=false |
45064
b1b45177051b
8140436: Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for TLS
xuelei
parents:
33295
diff
changeset
|
84 |
* -Djdk.tls.ephemeralDHKeySize=1024 |
48225
718669e6b375
8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension
xuelei
parents:
47216
diff
changeset
|
85 |
* DHEKeySizing SSL_DH_anon_WITH_RC4_128_MD5 false 361 139 |
20539
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
86 |
*/ |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
87 |
|
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
88 |
/* |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
89 |
* This is a simple hack to test key sizes of Diffie-Hellman key exchanging |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
90 |
* during SSL/TLS handshaking. |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
91 |
* |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
92 |
* The record length of DH ServerKeyExchange and ClientKeyExchange. |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
93 |
* ServerKeyExchange message are wrapped in ServerHello series messages, which |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
94 |
* contains ServerHello, Certificate and ServerKeyExchange message. |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
95 |
* |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
96 |
* struct { |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
97 |
* opaque dh_p<1..2^16-1>; |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
98 |
* opaque dh_g<1..2^16-1>; |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
99 |
* opaque dh_Ys<1..2^16-1>; |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
100 |
* } ServerDHParams; // Ephemeral DH parameters |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
101 |
* |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
102 |
* struct { |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
103 |
* select (PublicValueEncoding) { |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
104 |
* case implicit: struct { }; |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
105 |
* case explicit: opaque dh_Yc<1..2^16-1>; |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
106 |
* } dh_public; |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
107 |
* } ClientDiffieHellmanPublic; |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
108 |
* |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
109 |
* Fomr above structures, it is clear that if the DH key size increasing 128 |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
110 |
* bits (16 bytes), the ServerHello series messages increases 48 bytes |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
111 |
* (becuase dh_p, dh_g and dh_Ys each increase 16 bytes) and ClientKeyExchange |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
112 |
* increases 16 bytes (because of the size increasing of dh_Yc). |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
113 |
* |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
114 |
* Here is a summary of the record length in the test case. |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
115 |
* |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
116 |
* | ServerHello Series | ClientKeyExchange | ServerHello Anon |
48225
718669e6b375
8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension
xuelei
parents:
47216
diff
changeset
|
117 |
* 512-bit | 1259 bytes | 75 bytes | 233 bytes |
718669e6b375
8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension
xuelei
parents:
47216
diff
changeset
|
118 |
* 768-bit | 1323 bytes | 107 bytes | 297 bytes |
718669e6b375
8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension
xuelei
parents:
47216
diff
changeset
|
119 |
* 1024-bit | 1387 bytes | 139 bytes | 361 bytes |
718669e6b375
8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension
xuelei
parents:
47216
diff
changeset
|
120 |
* 2048-bit | 1643 bytes | 267 bytes | 361 bytes |
20539
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
121 |
*/ |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
122 |
|
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
123 |
import javax.net.ssl.*; |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
124 |
import javax.net.ssl.SSLEngineResult.*; |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
125 |
import java.io.*; |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
126 |
import java.nio.*; |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
127 |
import java.security.KeyStore; |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
128 |
import java.security.KeyFactory; |
29902 | 129 |
import java.security.Security; |
20539
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
130 |
import java.security.cert.Certificate; |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
131 |
import java.security.cert.CertificateFactory; |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
132 |
import java.security.spec.PKCS8EncodedKeySpec; |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
133 |
import java.security.interfaces.*; |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
134 |
import java.util.Base64; |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
135 |
|
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
136 |
public class DHEKeySizing { |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
137 |
|
20781
ae06c2172e4c
8026119: Regression test DHEKeySizing.java failing intermittently
xuelei
parents:
20539
diff
changeset
|
138 |
private final static boolean debug = true; |
ae06c2172e4c
8026119: Regression test DHEKeySizing.java failing intermittently
xuelei
parents:
20539
diff
changeset
|
139 |
|
ae06c2172e4c
8026119: Regression test DHEKeySizing.java failing intermittently
xuelei
parents:
20539
diff
changeset
|
140 |
// key length bias because of the stripping of leading zero bytes of |
ae06c2172e4c
8026119: Regression test DHEKeySizing.java failing intermittently
xuelei
parents:
20539
diff
changeset
|
141 |
// negotiated DH keys. |
ae06c2172e4c
8026119: Regression test DHEKeySizing.java failing intermittently
xuelei
parents:
20539
diff
changeset
|
142 |
// |
ae06c2172e4c
8026119: Regression test DHEKeySizing.java failing intermittently
xuelei
parents:
20539
diff
changeset
|
143 |
// This is an effort to mimum intermittent failure when we cannot |
ae06c2172e4c
8026119: Regression test DHEKeySizing.java failing intermittently
xuelei
parents:
20539
diff
changeset
|
144 |
// estimate what's the exact number of leading zero bytes of |
ae06c2172e4c
8026119: Regression test DHEKeySizing.java failing intermittently
xuelei
parents:
20539
diff
changeset
|
145 |
// negotiated DH keys. |
ae06c2172e4c
8026119: Regression test DHEKeySizing.java failing intermittently
xuelei
parents:
20539
diff
changeset
|
146 |
private final static int KEY_LEN_BIAS = 6; |
20539
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
147 |
|
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
148 |
private SSLContext sslc; |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
149 |
private SSLEngine ssle1; // client |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
150 |
private SSLEngine ssle2; // server |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
151 |
|
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
152 |
private ByteBuffer appOut1; // write side of ssle1 |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
153 |
private ByteBuffer appIn1; // read side of ssle1 |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
154 |
private ByteBuffer appOut2; // write side of ssle2 |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
155 |
private ByteBuffer appIn2; // read side of ssle2 |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
156 |
|
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
157 |
private ByteBuffer oneToTwo; // "reliable" transport ssle1->ssle2 |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
158 |
private ByteBuffer twoToOne; // "reliable" transport ssle2->ssle1 |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
159 |
|
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
160 |
/* |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
161 |
* Where do we find the keystores? |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
162 |
*/ |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
163 |
// Certificates and key used in the test. |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
164 |
static String trustedCertStr = |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
165 |
"-----BEGIN CERTIFICATE-----\n" + |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
166 |
"MIIC8jCCAdqgAwIBAgIEUjkuRzANBgkqhkiG9w0BAQUFADA7MR0wGwYDVQQLExRT\n" + |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
167 |
"dW5KU1NFIFRlc3QgU2VyaXZjZTENMAsGA1UEChMESmF2YTELMAkGA1UEBhMCVVMw\n" + |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
168 |
"HhcNMTMwOTE4MDQzODMxWhcNMTMxMjE3MDQzODMxWjA7MR0wGwYDVQQLExRTdW5K\n" + |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
169 |
"U1NFIFRlc3QgU2VyaXZjZTENMAsGA1UEChMESmF2YTELMAkGA1UEBhMCVVMwggEi\n" + |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
170 |
"MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCO+IGeaskJAvEcYc7pCl9neK3E\n" + |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
171 |
"a28fwWLtChufYNaC9hQfZlUdETWYjV7fZJVJKT/oLzdDNMWuVA0LKXArpI3thLNK\n" + |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
172 |
"QLXisdF9hKPlZRDazACL9kWUUtJ0FzpEySK4e8wW/z9FuU6e6iO19FbjxAfInJqk\n" + |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
173 |
"3EDiEhB5g73S2vtvPCxgq2DvWw9TDl/LIqdKG2JCS93koXCCaHmQ7MrIOqHPd+8r\n" + |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
174 |
"RbGpatXT9qyHKppUv9ATxVygO4rA794mgCFxpT+fkhz+NEB0twTkM65T1hnnOv5n\n" + |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
175 |
"ZIxkcjBggt85UlZtnP3b9P7SYxsWIa46Oc38Od2f3YejfVg6B+PqPgWNl3+/AgMB\n" + |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
176 |
"AAEwDQYJKoZIhvcNAQEFBQADggEBAAlrP6DFLRPSy0IgQhcI2i56tR/na8pezSte\n" + |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
177 |
"ZHcCdaCZPDy4UP8mpLJ9QCjEB5VJv8hPm4xdK7ULnKGOGHgYqDpV2ZHvQlhV1woQ\n" + |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
178 |
"TZGb/LM3c6kAs0j4j9KM2fq3iYUYexjIkS1KzsziflxMM6igS9BRMBR2LQyU+cYq\n" + |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
179 |
"YEsFzkF7Aj2ET4v/+tgot9mRr2NioJcaJkdsPDpMU3IKB1cczfu+OuLQ/GCG0Fqu\n" + |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
180 |
"6ijCeCqfnaAbemHbJeVZZ6Qgka3uC2YMntLBmLkhqEo1d9zGYLoh7oWL77y5ibQZ\n" + |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
181 |
"LK5/H/zikcu579TWjlDHcqL3arCwBcrtsjSaPrRSWMrWV/6c0qw=\n" + |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
182 |
"-----END CERTIFICATE-----"; |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
183 |
|
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
184 |
// Private key in the format of PKCS#8 |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
185 |
static String targetPrivateKey = |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
186 |
"MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCO+IGeaskJAvEc\n" + |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
187 |
"Yc7pCl9neK3Ea28fwWLtChufYNaC9hQfZlUdETWYjV7fZJVJKT/oLzdDNMWuVA0L\n" + |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
188 |
"KXArpI3thLNKQLXisdF9hKPlZRDazACL9kWUUtJ0FzpEySK4e8wW/z9FuU6e6iO1\n" + |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
189 |
"9FbjxAfInJqk3EDiEhB5g73S2vtvPCxgq2DvWw9TDl/LIqdKG2JCS93koXCCaHmQ\n" + |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
190 |
"7MrIOqHPd+8rRbGpatXT9qyHKppUv9ATxVygO4rA794mgCFxpT+fkhz+NEB0twTk\n" + |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
191 |
"M65T1hnnOv5nZIxkcjBggt85UlZtnP3b9P7SYxsWIa46Oc38Od2f3YejfVg6B+Pq\n" + |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
192 |
"PgWNl3+/AgMBAAECggEAPdb5Ycc4m4A9QBSCRcRpzbyiFLKPh0HDg1n65q4hOtYr\n" + |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
193 |
"kAVYTVFTSF/lqGS+Ob3w2YIKujQKSUQrvCc5UHdFuHXMgxKIWbymK0+DAMb9SlYw\n" + |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
194 |
"6lkkcWp9gx9E4dnJ/df2SAAxovvrKMuHlL1SFASHhVtPfH2URvSfUaANLDXxyYOs\n" + |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
195 |
"8BX0Nr6wazhWjLjXo9yIGnKSvFfB8XisYcA78kEgas43zhmIGCDPqaYyyffOfRbx\n" + |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
196 |
"pM1KNwGmlN86iWR1CbwA/wwhcMySWQueS+s7cHbpRqZIYJF9jEeELiwi0vxjealS\n" + |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
197 |
"EMuHYedIRFMWaDIq9XyjrvXamHb0Z25jlXBNZHaM0QKBgQDE9adl+zAezR/n79vw\n" + |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
198 |
"0XiX2Fx1UEo3ApZHuoA2Q/PcBk+rlKqqQ3IwTcy6Wo648wK7v6Nq7w5nEWcsf0dU\n" + |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
199 |
"QA2Ng/AJEev/IfF34x7sKGYxtk1gcE0EuSBA3R+ocEZxnNw1Ryd5nUU24s8d4jCP\n" + |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
200 |
"Mkothnyaim+zE2raDlEtVc0CaQKBgQC509av+02Uq5oMjzbQp5PBJfQFjATOQT15\n" + |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
201 |
"eefYnVYurkQ1kcVfixkrO2ORhg4SjmI2Z5hJDgGtXdwgidpzkad+R2epS5qLMyno\n" + |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
202 |
"lQVpY6bMpEZ7Mos0yQygxnm8uNohEcTExOe+nP5fNJVpzBsGmfeyYOhnPQlf6oqf\n" + |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
203 |
"0cHizedb5wKBgQC/l5LyMil6HOGHlhzmIm3jj7VI7QR0hJC5T6N+phVml8ESUDjA\n" + |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
204 |
"DYHbmSKouISTRtkG14FY+RiSjCxH7bvuKazFV2289PETquogTA/9e8MFYqfcQwG4\n" + |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
205 |
"sXi9gBxWlnj/9a2EKiYtOB5nKLR/BlNkSHA93tAA6N+FXEMZwMmYhxk42QKBgAuY\n" + |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
206 |
"HQgD3PZOsqDf+qKQIhbmAFCsSMx5o5VFtuJ8BpmJA/Z3ruHkMuDQpsi4nX4o5hXQ\n" + |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
207 |
"5t6AAjjH52kcUMXvK40kdWJJtk3DFnVNfvXxYsHX6hHbuHXFqYUKfSP6QJnZmvZP\n" + |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
208 |
"9smcz/4usLfWJUWHK740b6upUkFqx9Vq5/b3s9y3AoGAdM5TW7LkkOFsdMGVAUzR\n" + |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
209 |
"9iXmCWElHTK2Pcp/3yqDBHSfiQx6Yp5ANyPnE9NBM0yauCfOyBB2oxLO4Rdv3Rqk\n" + |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
210 |
"9V9kyR/YAGr7dJaPcQ7pZX0OpkzgueAOJYPrx5VUzPYUtklYV1ycFZTfKlpFCxT+\n" + |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
211 |
"Ei6KUo0NXSdUIcB4yib1J10="; |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
212 |
|
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
213 |
static char passphrase[] = "passphrase".toCharArray(); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
214 |
|
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
215 |
/* |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
216 |
* Majority of the test case is here, setup is done below. |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
217 |
*/ |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
218 |
|
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
219 |
private void createSSLEngines() throws Exception { |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
220 |
ssle1 = sslc.createSSLEngine("client", 1); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
221 |
ssle1.setUseClientMode(true); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
222 |
|
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
223 |
ssle2 = sslc.createSSLEngine("server", 2); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
224 |
ssle2.setUseClientMode(false); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
225 |
} |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
226 |
|
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
227 |
private boolean isHandshaking(SSLEngine e) { |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
228 |
return (e.getHandshakeStatus() != HandshakeStatus.NOT_HANDSHAKING); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
229 |
} |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
230 |
|
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
231 |
private void checkResult(ByteBuffer bbIn, ByteBuffer bbOut, |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
232 |
SSLEngineResult result, |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
233 |
Status status, HandshakeStatus hsStatus, |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
234 |
int consumed, int produced) |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
235 |
throws Exception { |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
236 |
|
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
237 |
if ((status != null) && (result.getStatus() != status)) { |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
238 |
throw new Exception("Unexpected Status: need = " + status + |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
239 |
" got = " + result.getStatus()); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
240 |
} |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
241 |
|
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
242 |
if ((hsStatus != null) && (result.getHandshakeStatus() != hsStatus)) { |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
243 |
throw new Exception("Unexpected hsStatus: need = " + hsStatus + |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
244 |
" got = " + result.getHandshakeStatus()); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
245 |
} |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
246 |
|
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
247 |
if ((consumed != -1) && (consumed != result.bytesConsumed())) { |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
248 |
throw new Exception("Unexpected consumed: need = " + consumed + |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
249 |
" got = " + result.bytesConsumed()); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
250 |
} |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
251 |
|
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
252 |
if ((produced != -1) && (produced != result.bytesProduced())) { |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
253 |
throw new Exception("Unexpected produced: need = " + produced + |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
254 |
" got = " + result.bytesProduced()); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
255 |
} |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
256 |
|
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
257 |
if ((consumed != -1) && (bbIn.position() != result.bytesConsumed())) { |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
258 |
throw new Exception("Consumed " + bbIn.position() + |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
259 |
" != " + consumed); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
260 |
} |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
261 |
|
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
262 |
if ((produced != -1) && (bbOut.position() != result.bytesProduced())) { |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
263 |
throw new Exception("produced " + bbOut.position() + |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
264 |
" != " + produced); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
265 |
} |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
266 |
} |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
267 |
|
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
268 |
private void test(String cipherSuite, boolean exportable, |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
269 |
int lenServerKeyEx, int lenClientKeyEx) throws Exception { |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
270 |
|
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
271 |
createSSLEngines(); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
272 |
createBuffers(); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
273 |
|
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
274 |
SSLEngineResult result1; // ssle1's results from last operation |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
275 |
SSLEngineResult result2; // ssle2's results from last operation |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
276 |
|
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
277 |
String[] suites = new String [] {cipherSuite}; |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
278 |
|
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
279 |
ssle1.setEnabledCipherSuites(suites); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
280 |
ssle2.setEnabledCipherSuites(suites); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
281 |
|
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
282 |
log("======================================"); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
283 |
log("==================="); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
284 |
log("client hello"); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
285 |
result1 = ssle1.wrap(appOut1, oneToTwo); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
286 |
checkResult(appOut1, oneToTwo, result1, |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
287 |
Status.OK, HandshakeStatus.NEED_UNWRAP, 0, -1); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
288 |
oneToTwo.flip(); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
289 |
|
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
290 |
result2 = ssle2.unwrap(oneToTwo, appIn2); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
291 |
checkResult(oneToTwo, appIn2, result2, |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
292 |
Status.OK, HandshakeStatus.NEED_TASK, result1.bytesProduced(), 0); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
293 |
runDelegatedTasks(ssle2); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
294 |
oneToTwo.compact(); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
295 |
|
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
296 |
log("==================="); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
297 |
log("ServerHello"); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
298 |
result2 = ssle2.wrap(appOut2, twoToOne); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
299 |
checkResult(appOut2, twoToOne, result2, |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
300 |
Status.OK, HandshakeStatus.NEED_UNWRAP, 0, -1); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
301 |
twoToOne.flip(); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
302 |
|
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
303 |
log("Message length of ServerHello series: " + twoToOne.remaining()); |
20781
ae06c2172e4c
8026119: Regression test DHEKeySizing.java failing intermittently
xuelei
parents:
20539
diff
changeset
|
304 |
if (twoToOne.remaining() < (lenServerKeyEx - KEY_LEN_BIAS) || |
ae06c2172e4c
8026119: Regression test DHEKeySizing.java failing intermittently
xuelei
parents:
20539
diff
changeset
|
305 |
twoToOne.remaining() > lenServerKeyEx) { |
20539
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
306 |
throw new Exception( |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
307 |
"Expected to generate ServerHello series messages of " + |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
308 |
lenServerKeyEx + " bytes, but not " + twoToOne.remaining()); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
309 |
} |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
310 |
|
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
311 |
result1 = ssle1.unwrap(twoToOne, appIn1); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
312 |
checkResult(twoToOne, appIn1, result1, |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
313 |
Status.OK, HandshakeStatus.NEED_TASK, result2.bytesProduced(), 0); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
314 |
runDelegatedTasks(ssle1); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
315 |
twoToOne.compact(); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
316 |
|
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
317 |
log("==================="); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
318 |
log("Key Exchange"); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
319 |
result1 = ssle1.wrap(appOut1, oneToTwo); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
320 |
checkResult(appOut1, oneToTwo, result1, |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
321 |
Status.OK, HandshakeStatus.NEED_WRAP, 0, -1); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
322 |
oneToTwo.flip(); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
323 |
|
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
324 |
log("Message length of ClientKeyExchange: " + oneToTwo.remaining()); |
20781
ae06c2172e4c
8026119: Regression test DHEKeySizing.java failing intermittently
xuelei
parents:
20539
diff
changeset
|
325 |
if (oneToTwo.remaining() < (lenClientKeyEx - KEY_LEN_BIAS) || |
ae06c2172e4c
8026119: Regression test DHEKeySizing.java failing intermittently
xuelei
parents:
20539
diff
changeset
|
326 |
oneToTwo.remaining() > lenClientKeyEx) { |
20539
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
327 |
throw new Exception( |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
328 |
"Expected to generate ClientKeyExchange message of " + |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
329 |
lenClientKeyEx + " bytes, but not " + oneToTwo.remaining()); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
330 |
} |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
331 |
result2 = ssle2.unwrap(oneToTwo, appIn2); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
332 |
checkResult(oneToTwo, appIn2, result2, |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
333 |
Status.OK, HandshakeStatus.NEED_TASK, result1.bytesProduced(), 0); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
334 |
runDelegatedTasks(ssle2); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
335 |
oneToTwo.compact(); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
336 |
|
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
337 |
log("==================="); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
338 |
log("Client CCS"); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
339 |
result1 = ssle1.wrap(appOut1, oneToTwo); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
340 |
checkResult(appOut1, oneToTwo, result1, |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
341 |
Status.OK, HandshakeStatus.NEED_WRAP, 0, -1); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
342 |
oneToTwo.flip(); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
343 |
|
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
344 |
result2 = ssle2.unwrap(oneToTwo, appIn2); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
345 |
checkResult(oneToTwo, appIn2, result2, |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
346 |
Status.OK, HandshakeStatus.NEED_UNWRAP, |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
347 |
result1.bytesProduced(), 0); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
348 |
oneToTwo.compact(); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
349 |
|
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
350 |
log("==================="); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
351 |
log("Client Finished"); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
352 |
result1 = ssle1.wrap(appOut1, oneToTwo); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
353 |
checkResult(appOut1, oneToTwo, result1, |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
354 |
Status.OK, HandshakeStatus.NEED_UNWRAP, 0, -1); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
355 |
oneToTwo.flip(); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
356 |
|
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
357 |
result2 = ssle2.unwrap(oneToTwo, appIn2); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
358 |
checkResult(oneToTwo, appIn2, result2, |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
359 |
Status.OK, HandshakeStatus.NEED_WRAP, |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
360 |
result1.bytesProduced(), 0); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
361 |
oneToTwo.compact(); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
362 |
|
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
363 |
log("==================="); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
364 |
log("Server CCS"); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
365 |
result2 = ssle2.wrap(appOut2, twoToOne); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
366 |
checkResult(appOut2, twoToOne, result2, |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
367 |
Status.OK, HandshakeStatus.NEED_WRAP, 0, -1); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
368 |
twoToOne.flip(); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
369 |
|
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
370 |
result1 = ssle1.unwrap(twoToOne, appIn1); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
371 |
checkResult(twoToOne, appIn1, result1, |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
372 |
Status.OK, HandshakeStatus.NEED_UNWRAP, result2.bytesProduced(), 0); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
373 |
twoToOne.compact(); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
374 |
|
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
375 |
log("==================="); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
376 |
log("Server Finished"); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
377 |
result2 = ssle2.wrap(appOut2, twoToOne); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
378 |
checkResult(appOut2, twoToOne, result2, |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
379 |
Status.OK, HandshakeStatus.FINISHED, 0, -1); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
380 |
twoToOne.flip(); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
381 |
|
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
382 |
result1 = ssle1.unwrap(twoToOne, appIn1); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
383 |
checkResult(twoToOne, appIn1, result1, |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
384 |
Status.OK, HandshakeStatus.FINISHED, result2.bytesProduced(), 0); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
385 |
twoToOne.compact(); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
386 |
|
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
387 |
log("==================="); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
388 |
log("Check Session/Ciphers"); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
389 |
String cs = ssle1.getSession().getCipherSuite(); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
390 |
if (!cs.equals(suites[0])) { |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
391 |
throw new Exception("suites not equal: " + cs + "/" + suites[0]); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
392 |
} |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
393 |
|
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
394 |
cs = ssle2.getSession().getCipherSuite(); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
395 |
if (!cs.equals(suites[0])) { |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
396 |
throw new Exception("suites not equal: " + cs + "/" + suites[0]); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
397 |
} |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
398 |
|
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
399 |
log("==================="); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
400 |
log("Done with SSL/TLS handshaking"); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
401 |
} |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
402 |
|
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
403 |
public static void main(String args[]) throws Exception { |
31712 | 404 |
// reset security properties to make sure that the algorithms |
29902 | 405 |
// and keys used in this test are not disabled. |
406 |
Security.setProperty("jdk.tls.disabledAlgorithms", ""); |
|
31712 | 407 |
Security.setProperty("jdk.certpath.disabledAlgorithms", ""); |
29902 | 408 |
|
20539
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
409 |
if (args.length != 4) { |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
410 |
System.out.println( |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
411 |
"Usage: java DHEKeySizing cipher-suite " + |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
412 |
"exportable(true|false)\n" + |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
413 |
" size-of-server-hello-record size-of-client-key-exchange"); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
414 |
throw new Exception("Incorrect usage!"); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
415 |
} |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
416 |
|
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
417 |
(new DHEKeySizing()).test(args[0], |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
418 |
Boolean.parseBoolean(args[1]), |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
419 |
Integer.parseInt(args[2]), |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
420 |
Integer.parseInt(args[3])); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
421 |
System.out.println("Test Passed."); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
422 |
} |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
423 |
|
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
424 |
/* |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
425 |
* ********************************************************** |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
426 |
* Majority of the test case is above, below is just setup stuff |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
427 |
* ********************************************************** |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
428 |
*/ |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
429 |
|
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
430 |
public DHEKeySizing() throws Exception { |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
431 |
sslc = getSSLContext(); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
432 |
} |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
433 |
|
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
434 |
/* |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
435 |
* Create an initialized SSLContext to use for this test. |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
436 |
*/ |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
437 |
private SSLContext getSSLContext() throws Exception { |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
438 |
|
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
439 |
// generate certificate from cert string |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
440 |
CertificateFactory cf = CertificateFactory.getInstance("X.509"); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
441 |
|
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
442 |
// create a key store |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
443 |
KeyStore ts = KeyStore.getInstance("JKS"); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
444 |
KeyStore ks = KeyStore.getInstance("JKS"); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
445 |
ts.load(null, null); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
446 |
ks.load(null, null); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
447 |
|
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
448 |
// import the trused cert |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
449 |
ByteArrayInputStream is = |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
450 |
new ByteArrayInputStream(trustedCertStr.getBytes()); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
451 |
Certificate trusedCert = cf.generateCertificate(is); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
452 |
is.close(); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
453 |
ts.setCertificateEntry("rsa-trusted-2048", trusedCert); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
454 |
|
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
455 |
// generate the private key. |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
456 |
String keySpecStr = targetPrivateKey; |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
457 |
PKCS8EncodedKeySpec priKeySpec = new PKCS8EncodedKeySpec( |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
458 |
Base64.getMimeDecoder().decode(keySpecStr)); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
459 |
KeyFactory kf = KeyFactory.getInstance("RSA"); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
460 |
RSAPrivateKey priKey = (RSAPrivateKey)kf.generatePrivate(priKeySpec); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
461 |
|
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
462 |
Certificate[] chain = new Certificate[1]; |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
463 |
chain[0] = trusedCert; |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
464 |
|
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
465 |
// import the key entry. |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
466 |
ks.setKeyEntry("rsa-key-2048", priKey, passphrase, chain); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
467 |
|
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
468 |
// create SSL context |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
469 |
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
470 |
kmf.init(ks, passphrase); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
471 |
|
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
472 |
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509"); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
473 |
tmf.init(ts); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
474 |
|
22068 | 475 |
SSLContext sslCtx = SSLContext.getInstance("TLSv1"); |
20539
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
476 |
sslCtx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
477 |
|
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
478 |
return sslCtx; |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
479 |
} |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
480 |
|
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
481 |
private void createBuffers() { |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
482 |
// Size the buffers as appropriate. |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
483 |
|
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
484 |
SSLSession session = ssle1.getSession(); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
485 |
int appBufferMax = session.getApplicationBufferSize(); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
486 |
int netBufferMax = session.getPacketBufferSize(); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
487 |
|
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
488 |
appIn1 = ByteBuffer.allocateDirect(appBufferMax + 50); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
489 |
appIn2 = ByteBuffer.allocateDirect(appBufferMax + 50); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
490 |
|
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
491 |
oneToTwo = ByteBuffer.allocateDirect(netBufferMax); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
492 |
twoToOne = ByteBuffer.allocateDirect(netBufferMax); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
493 |
|
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
494 |
appOut1 = ByteBuffer.wrap("Hi Engine2, I'm SSLEngine1".getBytes()); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
495 |
appOut2 = ByteBuffer.wrap("Hello Engine1, I'm SSLEngine2".getBytes()); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
496 |
|
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
497 |
log("AppOut1 = " + appOut1); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
498 |
log("AppOut2 = " + appOut2); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
499 |
log(""); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
500 |
} |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
501 |
|
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
502 |
private static void runDelegatedTasks(SSLEngine engine) throws Exception { |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
503 |
|
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
504 |
Runnable runnable; |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
505 |
while ((runnable = engine.getDelegatedTask()) != null) { |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
506 |
log("running delegated task..."); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
507 |
runnable.run(); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
508 |
} |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
509 |
} |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
510 |
|
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
511 |
private static void log(String str) { |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
512 |
if (debug) { |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
513 |
System.out.println(str); |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
514 |
} |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
515 |
} |
cbff16f695c6
6956398: make ephemeral DH key match the length of the certificate key
xuelei
parents:
diff
changeset
|
516 |
} |