configurable DHE key size
Bernd Eckenfels
ecki at zusammenkunft.net
Sat May 23 23:58:17 UTC 2015
Hello,
I need to correct a statement:
Am Sat, 23 May 2015 15:50:06 +0200
schrieb Bernd Eckenfels <ecki at zusammenkunft.net>:
> BTW in Regards to the Server side:
>
> That document should mention that the parameter group is generated
> randomly on first use (matching DSA restrictions). It is a good thing
> there are no standard primes used
This is actually wrong. I missed the fact that the Parameter Cache is
pre-populated with primes for some sizes. Theoretically one can pick a
different bit size and it should be randomly generated. However this
has a problem:
- ServerHandshaker restricts custom sizes between 1024 and 2048
Exception in thread "main" java.lang.ExceptionInInitializerError
at sun.security.ssl.SSLSocketImpl.initHandshaker(SSLSocketImpl.java:1310)
at sun.security.ssl.SSLSocketImpl.doneConnect(SSLSocketImpl.java:678)
at sun.security.ssl.SSLServerSocketImpl.accept(SSLServerSocketImpl.java:349)
at net.eckenfels.test.ssl.JSSESocketServer.main(JSSESocketServer.java:104)
Caused by: java.lang.IllegalArgumentException: Customized DH key size should be positive integer between 1024 and 2048 bits, inclusive
at sun.security.ssl.ServerHandshaker.<clinit>(ServerHandshaker.java:131)
- DHParameterGenerator on the other hand allows custom sizes only
between 512 and 1024:
Exception in thread "main" javax.net.ssl.SSLException: java.security.InvalidParameterException: Keysize must be multiple of 64 ranging from 512 to 1024 (inclusive), or 2048
at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1937)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1894)
at sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1877)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1398)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1375)
at net.eckenfels.test.ssl.JSSESocketServer.main(JSSESocketServer.java:118)
Caused by: java.security.InvalidParameterException: Keysize must be multiple of 64 ranging from 512 to 1024 (inclusive), or 2048
at com.sun.crypto.provider.DHParameterGenerator.engineInit(DHParameterGenerator.java:84)
at java.security.AlgorithmParameterGenerator.init(AlgorithmParameterGenerator.java:296)
at sun.security.provider.ParameterCache.getDHParameterSpec(ParameterCache.java:130)
at com.sun.crypto.provider.DHKeyPairGenerator.generateKeyPair(DHKeyPairGenerator.java:148)
at java.security.KeyPairGenerator$Delegate.generateKeyPair(KeyPairGenerator.java:697)
at sun.security.ssl.DHCrypt.generateDHPublicKeySpec(DHCrypt.java:226)
at sun.security.ssl.DHCrypt.<init>(DHCrypt.java:101)
at sun.security.ssl.ServerHandshaker.setupEphemeralDHKeys(ServerHandshaker.java:1357)
...
So you can effectively only set 1024 or 2048, and both are precomputed.
It would be good to allow a wider range to be set and generated (asuming it can generate safe primes) and even better to specify the parameters on the SSLParameters.
Gruss
Bernd
More information about the security-dev
mailing list