configurable DHE key size

Bernd Eckenfels ecki at zusammenkunft.net
Sat May 23 23:58:17 UTC 2015 

Hello,

I need to correct a statement:

Am Sat, 23 May 2015 15:50:06 +0200
schrieb Bernd Eckenfels <ecki at zusammenkunft.net>:
> BTW in Regards to the Server side:
> 
> That document should mention that the parameter group is generated
> randomly on first use (matching DSA restrictions). It is a good thing
> there are no standard primes used

This is actually wrong. I missed the fact that the Parameter Cache is
pre-populated with primes for some sizes. Theoretically one can pick a
different bit size and it should be randomly generated. However this
has a problem:

- ServerHandshaker restricts custom sizes between 1024 and 2048

Exception in thread "main" java.lang.ExceptionInInitializerError
	at sun.security.ssl.SSLSocketImpl.initHandshaker(SSLSocketImpl.java:1310)
        at sun.security.ssl.SSLSocketImpl.doneConnect(SSLSocketImpl.java:678)
        at sun.security.ssl.SSLServerSocketImpl.accept(SSLServerSocketImpl.java:349)
        at net.eckenfels.test.ssl.JSSESocketServer.main(JSSESocketServer.java:104)
Caused by: java.lang.IllegalArgumentException: Customized DH key size should be positive integer between 1024 and 2048 bits, inclusive
        at sun.security.ssl.ServerHandshaker.<clinit>(ServerHandshaker.java:131)

- DHParameterGenerator on the other hand allows custom sizes only
  between 512 and 1024:

Exception in thread "main" javax.net.ssl.SSLException: java.security.InvalidParameterException: Keysize must be multiple of 64 ranging from 512 to 1024 (inclusive), or 2048
	at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
	at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1937)
	at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1894)
	at sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1877)
	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1398)
	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1375)
	at net.eckenfels.test.ssl.JSSESocketServer.main(JSSESocketServer.java:118)
Caused by: java.security.InvalidParameterException: Keysize must be multiple of 64 ranging from 512 to 1024 (inclusive), or 2048
	at com.sun.crypto.provider.DHParameterGenerator.engineInit(DHParameterGenerator.java:84)
	at java.security.AlgorithmParameterGenerator.init(AlgorithmParameterGenerator.java:296)
	at sun.security.provider.ParameterCache.getDHParameterSpec(ParameterCache.java:130)
	at com.sun.crypto.provider.DHKeyPairGenerator.generateKeyPair(DHKeyPairGenerator.java:148)
	at java.security.KeyPairGenerator$Delegate.generateKeyPair(KeyPairGenerator.java:697)
	at sun.security.ssl.DHCrypt.generateDHPublicKeySpec(DHCrypt.java:226)
	at sun.security.ssl.DHCrypt.<init>(DHCrypt.java:101)
	at sun.security.ssl.ServerHandshaker.setupEphemeralDHKeys(ServerHandshaker.java:1357)
...

So you can effectively only set 1024 or 2048, and both are precomputed.

It would be good to allow a wider range to be set and generated (asuming it can generate safe primes) and even better to specify the parameters on the SSLParameters.

Gruss
Bernd

More information about the security-dev mailing list