Java Code Examples for sun.security.util.KeyUtil#getKeySize()
The following examples show how to use
sun.security.util.KeyUtil#getKeySize() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: ShortRSAKeyWithinTLS.java From jdk8u_jdk with GNU General Public License v2.0 | 7 votes |
|
private void checkKeySize(KeyStore ks) throws Exception {
PrivateKey privateKey = null;
PublicKey publicKey = null;
if (ks.containsAlias(keyAlias)) {
System.out.println("Loaded entry: " + keyAlias);
privateKey = (PrivateKey)ks.getKey(keyAlias, null);
publicKey = (PublicKey)ks.getCertificate(keyAlias).getPublicKey();
int privateKeySize = KeyUtil.getKeySize(privateKey);
if (privateKeySize != keySize) {
throw new Exception("Expected key size is " + keySize +
", but the private key size is " + privateKeySize);
}
int publicKeySize = KeyUtil.getKeySize(publicKey);
if (publicKeySize != keySize) {
throw new Exception("Expected key size is " + keySize +
", but the public key size is " + publicKeySize);
}
}
}
Example 2
| Source File: ShortRSAKeyWithinTLS.java From openjdk-8 with GNU General Public License v2.0 | 6 votes |
|
private void checkKeySize(KeyStore ks) throws Exception {
PrivateKey privateKey = null;
PublicKey publicKey = null;
if (ks.containsAlias(keyAlias)) {
System.out.println("Loaded entry: " + keyAlias);
privateKey = (PrivateKey)ks.getKey(keyAlias, null);
publicKey = (PublicKey)ks.getCertificate(keyAlias).getPublicKey();
int privateKeySize = KeyUtil.getKeySize(privateKey);
if (privateKeySize != keySize) {
throw new Exception("Expected key size is " + keySize +
", but the private key size is " + privateKeySize);
}
int publicKeySize = KeyUtil.getKeySize(publicKey);
if (publicKeySize != keySize) {
throw new Exception("Expected key size is " + keySize +
", but the public key size is " + publicKeySize);
}
}
}
Example 3
| Source File: ShortRSAKeyWithinTLS.java From hottub with GNU General Public License v2.0 | 6 votes |
|
private void checkKeySize(KeyStore ks) throws Exception {
PrivateKey privateKey = null;
PublicKey publicKey = null;
if (ks.containsAlias(keyAlias)) {
System.out.println("Loaded entry: " + keyAlias);
privateKey = (PrivateKey)ks.getKey(keyAlias, null);
publicKey = (PublicKey)ks.getCertificate(keyAlias).getPublicKey();
int privateKeySize = KeyUtil.getKeySize(privateKey);
if (privateKeySize != keySize) {
throw new Exception("Expected key size is " + keySize +
", but the private key size is " + privateKeySize);
}
int publicKeySize = KeyUtil.getKeySize(publicKey);
if (publicKeySize != keySize) {
throw new Exception("Expected key size is " + keySize +
", but the public key size is " + publicKeySize);
}
}
}
Example 4
| Source File: ShortRSAKeyWithinTLS.java From jdk8u-jdk with GNU General Public License v2.0 | 6 votes |
|
private void checkKeySize(KeyStore ks) throws Exception {
PrivateKey privateKey = null;
PublicKey publicKey = null;
if (ks.containsAlias(keyAlias)) {
System.out.println("Loaded entry: " + keyAlias);
privateKey = (PrivateKey)ks.getKey(keyAlias, null);
publicKey = (PublicKey)ks.getCertificate(keyAlias).getPublicKey();
int privateKeySize = KeyUtil.getKeySize(privateKey);
if (privateKeySize != keySize) {
throw new Exception("Expected key size is " + keySize +
", but the private key size is " + privateKeySize);
}
int publicKeySize = KeyUtil.getKeySize(publicKey);
if (publicKeySize != keySize) {
throw new Exception("Expected key size is " + keySize +
", but the public key size is " + publicKeySize);
}
}
}
Example 5
| Source File: ShortRSAKeyWithinTLS.java From jdk8u60 with GNU General Public License v2.0 | 6 votes |
|
private void checkKeySize(KeyStore ks) throws Exception {
PrivateKey privateKey = null;
PublicKey publicKey = null;
if (ks.containsAlias(keyAlias)) {
System.out.println("Loaded entry: " + keyAlias);
privateKey = (PrivateKey)ks.getKey(keyAlias, null);
publicKey = (PublicKey)ks.getCertificate(keyAlias).getPublicKey();
int privateKeySize = KeyUtil.getKeySize(privateKey);
if (privateKeySize != keySize) {
throw new Exception("Expected key size is " + keySize +
", but the private key size is " + privateKeySize);
}
int publicKeySize = KeyUtil.getKeySize(publicKey);
if (publicKeySize != keySize) {
throw new Exception("Expected key size is " + keySize +
", but the public key size is " + publicKeySize);
}
}
}
Example 6
| Source File: DOMSignatureMethod.java From TencentKona-8 with GNU General Public License v2.0 | 6 votes |
|
/**
* If secure validation mode is enabled, checks that the key size is
* restricted.
*
* @param context the context
* @param key the key to check
* @throws XMLSignatureException if the key size is restricted
*/
private static void checkKeySize(XMLCryptoContext context, Key key)
throws XMLSignatureException {
if (Utils.secureValidation(context)) {
int size = KeyUtil.getKeySize(key);
if (size == -1) {
// key size cannot be determined, so we cannot check against
// restrictions. Note that a DSA key w/o params will be
// rejected later if the certificate chain is validated.
if (log.isLoggable(java.util.logging.Level.FINE)) {
log.log(java.util.logging.Level.FINE, "Size for " +
key.getAlgorithm() + " key cannot be determined");
}
return;
}
if (Policy.restrictKey(key.getAlgorithm(), size)) {
throw new XMLSignatureException(key.getAlgorithm() +
" keys less than " +
Policy.minKeySize(key.getAlgorithm()) + " bits are" +
" forbidden when secure validation is enabled");
}
}
}
Example 7
| Source File: SignatureAndHashAlgorithm.java From jdk8u-jdk with GNU General Public License v2.0 | 5 votes |
|
private static int getMaxDigestLength(PrivateKey signingKey) {
int maxDigestLength = Integer.MAX_VALUE;
// only need to check RSA algorithm at present.
if (signingKey != null &&
"rsa".equalsIgnoreCase(signingKey.getAlgorithm())) {
/*
* RSA keys of 512 bits have been shown to be practically
* breakable, it does not make much sense to use the strong
* hash algorithm for keys whose key size less than 512 bits.
* So it is not necessary to caculate the required max digest
* length exactly.
*
* If key size is greater than or equals to 768, there is no max
* digest length limitation in currect implementation.
*
* If key size is greater than or equals to 512, but less than
* 768, the digest length should be less than or equal to 32 bytes.
*
* If key size is less than 512, the digest length should be
* less than or equal to 20 bytes.
*/
int keySize = KeyUtil.getKeySize(signingKey);
if (keySize >= 768) {
maxDigestLength = HashAlgorithm.SHA512.length;
} else if ((keySize >= 512) && (keySize < 768)) {
maxDigestLength = HashAlgorithm.SHA256.length;
} else if ((keySize > 0) && (keySize < 512)) {
maxDigestLength = HashAlgorithm.SHA1.length;
} // Otherwise, cannot determine the key size, prefer the most
// preferable hash algorithm.
}
return maxDigestLength;
}
Example 8
| Source File: SignatureAndHashAlgorithm.java From hottub with GNU General Public License v2.0 | 5 votes |
|
private static int getMaxDigestLength(PrivateKey signingKey) {
int maxDigestLength = Integer.MAX_VALUE;
// only need to check RSA algorithm at present.
if (signingKey != null &&
"rsa".equalsIgnoreCase(signingKey.getAlgorithm())) {
/*
* RSA keys of 512 bits have been shown to be practically
* breakable, it does not make much sense to use the strong
* hash algorithm for keys whose key size less than 512 bits.
* So it is not necessary to caculate the required max digest
* length exactly.
*
* If key size is greater than or equals to 768, there is no max
* digest length limitation in currect implementation.
*
* If key size is greater than or equals to 512, but less than
* 768, the digest length should be less than or equal to 32 bytes.
*
* If key size is less than 512, the digest length should be
* less than or equal to 20 bytes.
*/
int keySize = KeyUtil.getKeySize(signingKey);
if (keySize >= 768) {
maxDigestLength = HashAlgorithm.SHA512.length;
} else if ((keySize >= 512) && (keySize < 768)) {
maxDigestLength = HashAlgorithm.SHA256.length;
} else if ((keySize > 0) && (keySize < 512)) {
maxDigestLength = HashAlgorithm.SHA1.length;
} // Otherwise, cannot determine the key size, prefer the most
// preferable hash algorithm.
}
return maxDigestLength;
}
Example 9
| Source File: Main.java From Bytecoder with Apache License 2.0 | 5 votes |
|
private String withWeak(Key key) {
int kLen = KeyUtil.getKeySize(key);
String displayAlg = fullDisplayAlgName(key);
if (DISABLED_CHECK.permits(SIG_PRIMITIVE_SET, key)) {
if (kLen >= 0) {
return String.format(rb.getString("key.bit"), kLen, displayAlg);
} else {
return String.format(rb.getString("unknown.size.1"), displayAlg);
}
} else {
return String.format(rb.getString("key.bit.weak"), kLen, displayAlg);
}
}
Example 10
| Source File: SignatureAndHashAlgorithm.java From TencentKona-8 with GNU General Public License v2.0 | 5 votes |
|
private static int getMaxDigestLength(PrivateKey signingKey) {
int maxDigestLength = Integer.MAX_VALUE;
// only need to check RSA algorithm at present.
if (signingKey != null &&
"rsa".equalsIgnoreCase(signingKey.getAlgorithm())) {
/*
* RSA keys of 512 bits have been shown to be practically
* breakable, it does not make much sense to use the strong
* hash algorithm for keys whose key size less than 512 bits.
* So it is not necessary to caculate the required max digest
* length exactly.
*
* If key size is greater than or equals to 768, there is no max
* digest length limitation in currect implementation.
*
* If key size is greater than or equals to 512, but less than
* 768, the digest length should be less than or equal to 32 bytes.
*
* If key size is less than 512, the digest length should be
* less than or equal to 20 bytes.
*/
int keySize = KeyUtil.getKeySize(signingKey);
if (keySize >= 768) {
maxDigestLength = HashAlgorithm.SHA512.length;
} else if ((keySize >= 512) && (keySize < 768)) {
maxDigestLength = HashAlgorithm.SHA256.length;
} else if ((keySize > 0) && (keySize < 512)) {
maxDigestLength = HashAlgorithm.SHA1.length;
} // Otherwise, cannot determine the key size, prefer the most
// preferable hash algorithm.
}
return maxDigestLength;
}
Example 11
| Source File: DHKeyExchange.java From Bytecoder with Apache License 2.0 | 5 votes |
|
@Override
public byte[] encode() {
// Note: the DH public value is encoded as a big-endian integer
// and padded to the left with zeros to the size of p in bytes.
byte[] encoded = Utilities.toByteArray(publicKey.getY());
int pSize = (KeyUtil.getKeySize(publicKey) + 7) >>> 3;
if (pSize > 0 && encoded.length < pSize) {
byte[] buffer = new byte[pSize];
System.arraycopy(encoded, 0,
buffer, pSize - encoded.length, encoded.length);
encoded = buffer;
}
return encoded;
}
Example 12
| Source File: SignatureAndHashAlgorithm.java From openjdk-jdk9 with GNU General Public License v2.0 | 5 votes |
|
private static int getMaxDigestLength(PrivateKey signingKey) {
int maxDigestLength = Integer.MAX_VALUE;
// only need to check RSA algorithm at present.
if (signingKey != null &&
"rsa".equalsIgnoreCase(signingKey.getAlgorithm())) {
/*
* RSA keys of 512 bits have been shown to be practically
* breakable, it does not make much sense to use the strong
* hash algorithm for keys whose key size less than 512 bits.
* So it is not necessary to caculate the required max digest
* length exactly.
*
* If key size is greater than or equals to 768, there is no max
* digest length limitation in currect implementation.
*
* If key size is greater than or equals to 512, but less than
* 768, the digest length should be less than or equal to 32 bytes.
*
* If key size is less than 512, the digest length should be
* less than or equal to 20 bytes.
*/
int keySize = KeyUtil.getKeySize(signingKey);
if (keySize >= 768) {
maxDigestLength = HashAlgorithm.SHA512.length;
} else if ((keySize >= 512) && (keySize < 768)) {
maxDigestLength = HashAlgorithm.SHA256.length;
} else if ((keySize > 0) && (keySize < 512)) {
maxDigestLength = HashAlgorithm.SHA1.length;
} // Otherwise, cannot determine the key size, prefer the most
// preferable hash algorithm.
}
return maxDigestLength;
}
Example 13
| Source File: SignatureAndHashAlgorithm.java From jdk8u-dev-jdk with GNU General Public License v2.0 | 4 votes |
|
static SignatureAndHashAlgorithm getPreferableAlgorithm(
Collection<SignatureAndHashAlgorithm> algorithms,
String expected, PrivateKey signingKey) {
if (expected == null && !algorithms.isEmpty()) {
for (SignatureAndHashAlgorithm sigAlg : algorithms) {
if (sigAlg.priority <= SUPPORTED_ALG_PRIORITY_MAX_NUM) {
return sigAlg;
}
}
return null; // no supported algorithm
}
if (expected == null ) {
return null; // no expected algorithm, no supported algorithm
}
/*
* Need to check RSA key length to match the length of hash value
*/
int maxDigestLength = Integer.MAX_VALUE;
if (signingKey != null &&
"rsa".equalsIgnoreCase(signingKey.getAlgorithm()) &&
expected.equalsIgnoreCase("rsa")) {
/*
* RSA keys of 512 bits have been shown to be practically
* breakable, it does not make much sense to use the strong
* hash algorithm for keys whose key size less than 512 bits.
* So it is not necessary to caculate the required max digest
* length exactly.
*
* If key size is greater than or equals to 768, there is no max
* digest length limitation in currect implementation.
*
* If key size is greater than or equals to 512, but less than
* 768, the digest length should be less than or equal to 32 bytes.
*
* If key size is less than 512, the digest length should be
* less than or equal to 20 bytes.
*/
int keySize = KeyUtil.getKeySize(signingKey);
if (keySize >= 768) {
maxDigestLength = HashAlgorithm.SHA512.length;
} else if ((keySize >= 512) && (keySize < 768)) {
maxDigestLength = HashAlgorithm.SHA256.length;
} else if ((keySize > 0) && (keySize < 512)) {
maxDigestLength = HashAlgorithm.SHA1.length;
} // Otherwise, cannot determine the key size, prefer the most
// preferable hash algorithm.
}
for (SignatureAndHashAlgorithm algorithm : algorithms) {
int signValue = algorithm.id & 0xFF;
if (expected.equalsIgnoreCase("rsa") &&
signValue == SignatureAlgorithm.RSA.value) {
if (algorithm.hash.length <= maxDigestLength) {
return algorithm;
}
} else if (
(expected.equalsIgnoreCase("dsa") &&
signValue == SignatureAlgorithm.DSA.value) ||
(expected.equalsIgnoreCase("ecdsa") &&
signValue == SignatureAlgorithm.ECDSA.value) ||
(expected.equalsIgnoreCase("ec") &&
signValue == SignatureAlgorithm.ECDSA.value)) {
return algorithm;
}
}
return null;
}
Example 14
| Source File: ServerHandshaker.java From jdk8u_jdk with GNU General Public License v2.0 | 4 votes |
|
private void setupEphemeralDHKeys(boolean export, Key key) {
/*
* 768 bits ephemeral DH private keys were used to be used in
* ServerKeyExchange except that exportable ciphers max out at 512
* bits modulus values. We still adhere to this behavior in legacy
* mode (system property "jdk.tls.ephemeralDHKeySize" is defined
* as "legacy").
*
* Old JDK (JDK 7 and previous) releases don't support DH keys bigger
* than 1024 bits. We have to consider the compatibility requirement.
* 1024 bits DH key is always used for non-exportable cipher suites
* in default mode (system property "jdk.tls.ephemeralDHKeySize"
* is not defined).
*
* However, if applications want more stronger strength, setting
* system property "jdk.tls.ephemeralDHKeySize" to "matched"
* is a workaround to use ephemeral DH key which size matches the
* corresponding authentication key. For example, if the public key
* size of an authentication certificate is 2048 bits, then the
* ephemeral DH key size should be 2048 bits accordingly unless
* the cipher suite is exportable. This key sizing scheme keeps
* the cryptographic strength consistent between authentication
* keys and key-exchange keys.
*
* Applications may also want to customize the ephemeral DH key size
* to a fixed length for non-exportable cipher suites. This can be
* approached by setting system property "jdk.tls.ephemeralDHKeySize"
* to a valid positive integer between 1024 and 8192 bits, inclusive.
*
* Note that the minimum acceptable key size is 1024 bits except
* exportable cipher suites or legacy mode.
*
* Note that per RFC 2246, the key size limit of DH is 512 bits for
* exportable cipher suites. Because of the weakness, exportable
* cipher suites are deprecated since TLS v1.1 and they are not
* enabled by default in Oracle provider. The legacy behavior is
* reserved and 512 bits DH key is always used for exportable
* cipher suites.
*/
int keySize = export ? 512 : 1024; // default mode
if (!export) {
if (useLegacyEphemeralDHKeys) { // legacy mode
keySize = 768;
} else if (useSmartEphemeralDHKeys) { // matched mode
if (key != null) {
int ks = KeyUtil.getKeySize(key);
// DH parameter generation can be extremely slow, make
// sure to use one of the supported pre-computed DH
// parameters (see DHCrypt class).
//
// Old deployed applications may not be ready to support
// DH key sizes bigger than 2048 bits. Please DON'T use
// value other than 1024 and 2048 at present. May improve
// the underlying providers and key size limit in the
// future when the compatibility and interoperability
// impact is limited.
//
// keySize = ks <= 1024 ? 1024 : (ks >= 2048 ? 2048 : ks);
keySize = ks <= 1024 ? 1024 : 2048;
} // Otherwise, anonymous cipher suites, 1024-bit is used.
} else if (customizedDHKeySize > 0) { // customized mode
keySize = customizedDHKeySize;
}
}
dh = new DHCrypt(keySize, sslContext.getSecureRandom());
}
Example 15
| Source File: SignatureAndHashAlgorithm.java From openjdk-8-source with GNU General Public License v2.0 | 4 votes |
|
static SignatureAndHashAlgorithm getPreferableAlgorithm(
Collection<SignatureAndHashAlgorithm> algorithms,
String expected, PrivateKey signingKey) {
if (expected == null && !algorithms.isEmpty()) {
for (SignatureAndHashAlgorithm sigAlg : algorithms) {
if (sigAlg.priority <= SUPPORTED_ALG_PRIORITY_MAX_NUM) {
return sigAlg;
}
}
return null; // no supported algorithm
}
if (expected == null ) {
return null; // no expected algorithm, no supported algorithm
}
/*
* Need to check RSA key length to match the length of hash value
*/
int maxDigestLength = Integer.MAX_VALUE;
if (signingKey != null &&
"rsa".equalsIgnoreCase(signingKey.getAlgorithm()) &&
expected.equalsIgnoreCase("rsa")) {
/*
* RSA keys of 512 bits have been shown to be practically
* breakable, it does not make much sense to use the strong
* hash algorithm for keys whose key size less than 512 bits.
* So it is not necessary to caculate the required max digest
* length exactly.
*
* If key size is greater than or equals to 768, there is no max
* digest length limitation in currect implementation.
*
* If key size is greater than or equals to 512, but less than
* 768, the digest length should be less than or equal to 32 bytes.
*
* If key size is less than 512, the digest length should be
* less than or equal to 20 bytes.
*/
int keySize = KeyUtil.getKeySize(signingKey);
if (keySize >= 768) {
maxDigestLength = HashAlgorithm.SHA512.length;
} else if ((keySize >= 512) && (keySize < 768)) {
maxDigestLength = HashAlgorithm.SHA256.length;
} else if ((keySize > 0) && (keySize < 512)) {
maxDigestLength = HashAlgorithm.SHA1.length;
} // Otherwise, cannot determine the key size, prefer the most
// preferable hash algorithm.
}
for (SignatureAndHashAlgorithm algorithm : algorithms) {
int signValue = algorithm.id & 0xFF;
if (expected.equalsIgnoreCase("rsa") &&
signValue == SignatureAlgorithm.RSA.value) {
if (algorithm.hash.length <= maxDigestLength) {
return algorithm;
}
} else if (
(expected.equalsIgnoreCase("dsa") &&
signValue == SignatureAlgorithm.DSA.value) ||
(expected.equalsIgnoreCase("ecdsa") &&
signValue == SignatureAlgorithm.ECDSA.value) ||
(expected.equalsIgnoreCase("ec") &&
signValue == SignatureAlgorithm.ECDSA.value)) {
return algorithm;
}
}
return null;
}
Example 16
| Source File: ServerHandshaker.java From TencentKona-8 with GNU General Public License v2.0 | 4 votes |
|
private void setupEphemeralDHKeys(boolean export, Key key) {
/*
* 768 bits ephemeral DH private keys were used to be used in
* ServerKeyExchange except that exportable ciphers max out at 512
* bits modulus values. We still adhere to this behavior in legacy
* mode (system property "jdk.tls.ephemeralDHKeySize" is defined
* as "legacy").
*
* Old JDK (JDK 7 and previous) releases don't support DH keys bigger
* than 1024 bits. We have to consider the compatibility requirement.
* 1024 bits DH key is always used for non-exportable cipher suites
* in default mode (system property "jdk.tls.ephemeralDHKeySize"
* is not defined).
*
* However, if applications want more stronger strength, setting
* system property "jdk.tls.ephemeralDHKeySize" to "matched"
* is a workaround to use ephemeral DH key which size matches the
* corresponding authentication key. For example, if the public key
* size of an authentication certificate is 2048 bits, then the
* ephemeral DH key size should be 2048 bits accordingly unless
* the cipher suite is exportable. This key sizing scheme keeps
* the cryptographic strength consistent between authentication
* keys and key-exchange keys.
*
* Applications may also want to customize the ephemeral DH key size
* to a fixed length for non-exportable cipher suites. This can be
* approached by setting system property "jdk.tls.ephemeralDHKeySize"
* to a valid positive integer between 1024 and 8192 bits, inclusive.
*
* Note that the minimum acceptable key size is 1024 bits except
* exportable cipher suites or legacy mode.
*
* Note that per RFC 2246, the key size limit of DH is 512 bits for
* exportable cipher suites. Because of the weakness, exportable
* cipher suites are deprecated since TLS v1.1 and they are not
* enabled by default in Oracle provider. The legacy behavior is
* reserved and 512 bits DH key is always used for exportable
* cipher suites.
*/
int keySize = export ? 512 : 1024; // default mode
if (!export) {
if (useLegacyEphemeralDHKeys) { // legacy mode
keySize = 768;
} else if (useSmartEphemeralDHKeys) { // matched mode
if (key != null) {
int ks = KeyUtil.getKeySize(key);
// DH parameter generation can be extremely slow, make
// sure to use one of the supported pre-computed DH
// parameters (see DHCrypt class).
//
// Old deployed applications may not be ready to support
// DH key sizes bigger than 2048 bits. Please DON'T use
// value other than 1024 and 2048 at present. May improve
// the underlying providers and key size limit in the
// future when the compatibility and interoperability
// impact is limited.
//
// keySize = ks <= 1024 ? 1024 : (ks >= 2048 ? 2048 : ks);
keySize = ks <= 1024 ? 1024 : 2048;
} // Otherwise, anonymous cipher suites, 1024-bit is used.
} else if (customizedDHKeySize > 0) { // customized mode
keySize = customizedDHKeySize;
}
}
dh = new DHCrypt(keySize, sslContext.getSecureRandom());
}
Example 17
| Source File: ServerHandshaker.java From jdk8u-dev-jdk with GNU General Public License v2.0 | 4 votes |
|
private void setupEphemeralDHKeys(boolean export, Key key) {
/*
* 768 bits ephemeral DH private keys were used to be used in
* ServerKeyExchange except that exportable ciphers max out at 512
* bits modulus values. We still adhere to this behavior in legacy
* mode (system property "jdk.tls.ephemeralDHKeySize" is defined
* as "legacy").
*
* Old JDK (JDK 7 and previous) releases don't support DH keys bigger
* than 1024 bits. We have to consider the compatibility requirement.
* 1024 bits DH key is always used for non-exportable cipher suites
* in default mode (system property "jdk.tls.ephemeralDHKeySize"
* is not defined).
*
* However, if applications want more stronger strength, setting
* system property "jdk.tls.ephemeralDHKeySize" to "matched"
* is a workaround to use ephemeral DH key which size matches the
* corresponding authentication key. For example, if the public key
* size of an authentication certificate is 2048 bits, then the
* ephemeral DH key size should be 2048 bits accordingly unless
* the cipher suite is exportable. This key sizing scheme keeps
* the cryptographic strength consistent between authentication
* keys and key-exchange keys.
*
* Applications may also want to customize the ephemeral DH key size
* to a fixed length for non-exportable cipher suites. This can be
* approached by setting system property "jdk.tls.ephemeralDHKeySize"
* to a valid positive integer between 1024 and 2048 bits, inclusive.
*
* Note that the minimum acceptable key size is 1024 bits except
* exportable cipher suites or legacy mode.
*
* Note that the maximum acceptable key size is 2048 bits because
* DH keys bigger than 2048 are not always supported by underlying
* JCE providers.
*
* Note that per RFC 2246, the key size limit of DH is 512 bits for
* exportable cipher suites. Because of the weakness, exportable
* cipher suites are deprecated since TLS v1.1 and they are not
* enabled by default in Oracle provider. The legacy behavior is
* reserved and 512 bits DH key is always used for exportable
* cipher suites.
*/
int keySize = export ? 512 : 1024; // default mode
if (!export) {
if (useLegacyEphemeralDHKeys) { // legacy mode
keySize = 768;
} else if (useSmartEphemeralDHKeys) { // matched mode
if (key != null) {
int ks = KeyUtil.getKeySize(key);
// Note that SunJCE provider only supports 2048 bits DH
// keys bigger than 1024. Please DON'T use value other
// than 1024 and 2048 at present. We may improve the
// underlying providers and key size here in the future.
//
// keySize = ks <= 1024 ? 1024 : (ks >= 2048 ? 2048 : ks);
keySize = ks <= 1024 ? 1024 : 2048;
} // Otherwise, anonymous cipher suites, 1024-bit is used.
} else if (customizedDHKeySize > 0) { // customized mode
keySize = customizedDHKeySize;
}
}
dh = new DHCrypt(keySize, sslContext.getSecureRandom());
}
Example 18
| Source File: ServerHandshaker.java From jdk8u-jdk with GNU General Public License v2.0 | 4 votes |
|
private void setupEphemeralDHKeys(boolean export, Key key) {
/*
* 768 bits ephemeral DH private keys were used to be used in
* ServerKeyExchange except that exportable ciphers max out at 512
* bits modulus values. We still adhere to this behavior in legacy
* mode (system property "jdk.tls.ephemeralDHKeySize" is defined
* as "legacy").
*
* Old JDK (JDK 7 and previous) releases don't support DH keys bigger
* than 1024 bits. We have to consider the compatibility requirement.
* 1024 bits DH key is always used for non-exportable cipher suites
* in default mode (system property "jdk.tls.ephemeralDHKeySize"
* is not defined).
*
* However, if applications want more stronger strength, setting
* system property "jdk.tls.ephemeralDHKeySize" to "matched"
* is a workaround to use ephemeral DH key which size matches the
* corresponding authentication key. For example, if the public key
* size of an authentication certificate is 2048 bits, then the
* ephemeral DH key size should be 2048 bits accordingly unless
* the cipher suite is exportable. This key sizing scheme keeps
* the cryptographic strength consistent between authentication
* keys and key-exchange keys.
*
* Applications may also want to customize the ephemeral DH key size
* to a fixed length for non-exportable cipher suites. This can be
* approached by setting system property "jdk.tls.ephemeralDHKeySize"
* to a valid positive integer between 1024 and 2048 bits, inclusive.
*
* Note that the minimum acceptable key size is 1024 bits except
* exportable cipher suites or legacy mode.
*
* Note that the maximum acceptable key size is 2048 bits because
* DH keys bigger than 2048 are not always supported by underlying
* JCE providers.
*
* Note that per RFC 2246, the key size limit of DH is 512 bits for
* exportable cipher suites. Because of the weakness, exportable
* cipher suites are deprecated since TLS v1.1 and they are not
* enabled by default in Oracle provider. The legacy behavior is
* reserved and 512 bits DH key is always used for exportable
* cipher suites.
*/
int keySize = export ? 512 : 1024; // default mode
if (!export) {
if (useLegacyEphemeralDHKeys) { // legacy mode
keySize = 768;
} else if (useSmartEphemeralDHKeys) { // matched mode
if (key != null) {
int ks = KeyUtil.getKeySize(key);
// Note that SunJCE provider only supports 2048 bits DH
// keys bigger than 1024. Please DON'T use value other
// than 1024 and 2048 at present. We may improve the
// underlying providers and key size here in the future.
//
// keySize = ks <= 1024 ? 1024 : (ks >= 2048 ? 2048 : ks);
keySize = ks <= 1024 ? 1024 : 2048;
} // Otherwise, anonymous cipher suites, 1024-bit is used.
} else if (customizedDHKeySize > 0) { // customized mode
keySize = customizedDHKeySize;
}
}
dh = new DHCrypt(keySize, sslContext.getSecureRandom());
}
Example 19
| Source File: ServerHandshaker.java From openjdk-8 with GNU General Public License v2.0 | 4 votes |
|
private void setupEphemeralDHKeys(boolean export, Key key) {
/*
* 768 bits ephemeral DH private keys were used to be used in
* ServerKeyExchange except that exportable ciphers max out at 512
* bits modulus values. We still adhere to this behavior in legacy
* mode (system property "jdk.tls.ephemeralDHKeySize" is defined
* as "legacy").
*
* Old JDK (JDK 7 and previous) releases don't support DH keys bigger
* than 1024 bits. We have to consider the compatibility requirement.
* 1024 bits DH key is always used for non-exportable cipher suites
* in default mode (system property "jdk.tls.ephemeralDHKeySize"
* is not defined).
*
* However, if applications want more stronger strength, setting
* system property "jdk.tls.ephemeralDHKeySize" to "matched"
* is a workaround to use ephemeral DH key which size matches the
* corresponding authentication key. For example, if the public key
* size of an authentication certificate is 2048 bits, then the
* ephemeral DH key size should be 2048 bits accordingly unless
* the cipher suite is exportable. This key sizing scheme keeps
* the cryptographic strength consistent between authentication
* keys and key-exchange keys.
*
* Applications may also want to customize the ephemeral DH key size
* to a fixed length for non-exportable cipher suites. This can be
* approached by setting system property "jdk.tls.ephemeralDHKeySize"
* to a valid positive integer between 1024 and 2048 bits, inclusive.
*
* Note that the minimum acceptable key size is 1024 bits except
* exportable cipher suites or legacy mode.
*
* Note that the maximum acceptable key size is 2048 bits because
* DH keys bigger than 2048 are not always supported by underlying
* JCE providers.
*
* Note that per RFC 2246, the key size limit of DH is 512 bits for
* exportable cipher suites. Because of the weakness, exportable
* cipher suites are deprecated since TLS v1.1 and they are not
* enabled by default in Oracle provider. The legacy behavior is
* reserved and 512 bits DH key is always used for exportable
* cipher suites.
*/
int keySize = export ? 512 : 1024; // default mode
if (!export) {
if (useLegacyEphemeralDHKeys) { // legacy mode
keySize = 768;
} else if (useSmartEphemeralDHKeys) { // matched mode
if (key != null) {
int ks = KeyUtil.getKeySize(key);
// Note that SunJCE provider only supports 2048 bits DH
// keys bigger than 1024. Please DON'T use value other
// than 1024 and 2048 at present. We may improve the
// underlying providers and key size here in the future.
//
// keySize = ks <= 1024 ? 1024 : (ks >= 2048 ? 2048 : ks);
keySize = ks <= 1024 ? 1024 : 2048;
} // Otherwise, anonymous cipher suites, 1024-bit is used.
} else if (customizedDHKeySize > 0) { // customized mode
keySize = customizedDHKeySize;
}
}
dh = new DHCrypt(keySize, sslContext.getSecureRandom());
}
Example 20
| Source File: SignatureAndHashAlgorithm.java From jdk8u-jdk with GNU General Public License v2.0 | 4 votes |
|
static SignatureAndHashAlgorithm getPreferableAlgorithm(
Collection<SignatureAndHashAlgorithm> algorithms,
String expected, PrivateKey signingKey) {
if (expected == null && !algorithms.isEmpty()) {
for (SignatureAndHashAlgorithm sigAlg : algorithms) {
if (sigAlg.priority <= SUPPORTED_ALG_PRIORITY_MAX_NUM) {
return sigAlg;
}
}
return null; // no supported algorithm
}
if (expected == null ) {
return null; // no expected algorithm, no supported algorithm
}
/*
* Need to check RSA key length to match the length of hash value
*/
int maxDigestLength = Integer.MAX_VALUE;
if (signingKey != null &&
"rsa".equalsIgnoreCase(signingKey.getAlgorithm()) &&
expected.equalsIgnoreCase("rsa")) {
/*
* RSA keys of 512 bits have been shown to be practically
* breakable, it does not make much sense to use the strong
* hash algorithm for keys whose key size less than 512 bits.
* So it is not necessary to caculate the required max digest
* length exactly.
*
* If key size is greater than or equals to 768, there is no max
* digest length limitation in currect implementation.
*
* If key size is greater than or equals to 512, but less than
* 768, the digest length should be less than or equal to 32 bytes.
*
* If key size is less than 512, the digest length should be
* less than or equal to 20 bytes.
*/
int keySize = KeyUtil.getKeySize(signingKey);
if (keySize >= 768) {
maxDigestLength = HashAlgorithm.SHA512.length;
} else if ((keySize >= 512) && (keySize < 768)) {
maxDigestLength = HashAlgorithm.SHA256.length;
} else if ((keySize > 0) && (keySize < 512)) {
maxDigestLength = HashAlgorithm.SHA1.length;
} // Otherwise, cannot determine the key size, prefer the most
// preferable hash algorithm.
}
for (SignatureAndHashAlgorithm algorithm : algorithms) {
int signValue = algorithm.id & 0xFF;
if (expected.equalsIgnoreCase("rsa") &&
signValue == SignatureAlgorithm.RSA.value) {
if (algorithm.hash.length <= maxDigestLength) {
return algorithm;
}
} else if (
(expected.equalsIgnoreCase("dsa") &&
signValue == SignatureAlgorithm.DSA.value) ||
(expected.equalsIgnoreCase("ecdsa") &&
signValue == SignatureAlgorithm.ECDSA.value) ||
(expected.equalsIgnoreCase("ec") &&
signValue == SignatureAlgorithm.ECDSA.value)) {
return algorithm;
}
}
return null;
}
