Permalink
Browse files

Change default DH group chosen by TLS server to 2048 bits

TLS client will not accept < 1024 bits DH group by default
  • Loading branch information...
1 parent e3f3ba7 commit 39879ec3744842711c2570b6a5f86346058183f0 @peterdettman peterdettman committed May 25, 2015
@@ -44,7 +44,7 @@ protected TlsSignerCredentials getRSASignerCredentials()
protected DHParameters getDHParameters()
{
- return DHStandardGroups.rfc5114_1024_160;
+ return DHStandardGroups.rfc5114_2048_256;
}
protected int[] getCipherSuites()
@@ -28,7 +28,7 @@ protected TlsEncryptionCredentials getRSAEncryptionCredentials() throws IOExcept
protected DHParameters getDHParameters()
{
- return DHStandardGroups.rfc5114_1024_160;
+ return DHStandardGroups.rfc5114_2048_256;
}
protected int[] getCipherSuites()
@@ -89,7 +89,7 @@ public void processServerKeyExchange(InputStream input)
}
this.dhAgreePublicKey = TlsDHUtils.validateDHPublicKey(dhParams.getPublicKey());
- this.dhParameters = dhAgreePublicKey.getParameters();
+ this.dhParameters = validateDHParameters(dhAgreePublicKey.getParameters());
}
protected Signer initVerifyer(TlsSigner tlsSigner, SignatureAndHashAlgorithm algorithm, SecurityParameters securityParameters)
@@ -93,6 +93,7 @@ public void processServerCertificate(Certificate serverCertificate)
try
{
this.dhAgreePublicKey = TlsDHUtils.validateDHPublicKey((DHPublicKeyParameters)this.serverPublicKey);
+ this.dhParameters = validateDHParameters(dhAgreePublicKey.getParameters());
}
catch (ClassCastException e)
{
@@ -183,8 +184,12 @@ public void generateClientKeyExchange(OutputStream output)
public void processClientCertificate(Certificate clientCertificate) throws IOException
{
- // TODO Extract the public key
- // TODO If the certificate is 'fixed', take the public key as dhAgreeClientPublicKey
+ // TODO Extract the public key and validate
+
+ /*
+ * TODO If the certificate is 'fixed', take the public key as dhAgreePublicKey and check
+ * that the parameters match the server's (see 'areCompatibleParameters').
+ */
}
public void processClientKeyExchange(InputStream input) throws IOException
@@ -215,4 +220,19 @@ public void processClientKeyExchange(InputStream input) throws IOException
throw new TlsFatalAlert(AlertDescription.internal_error);
}
+
+ protected int getMinimumPrimeBits()
+ {
+ return 1024;
+ }
+
+ protected DHParameters validateDHParameters(DHParameters params) throws IOException
+ {
+ if (params.getP().bitLength() < getMinimumPrimeBits())
+ {
+ throw new TlsFatalAlert(AlertDescription.insufficient_security);
+ }
+
+ return TlsDHUtils.validateDHParameters(params);
+ }
}
@@ -462,10 +462,8 @@ public static DHPrivateKeyParameters generateEphemeralServerKeyExchange(SecureRa
return (DHPrivateKeyParameters)kp.getPrivate();
}
- public static DHPublicKeyParameters validateDHPublicKey(DHPublicKeyParameters key) throws IOException
+ public static DHParameters validateDHParameters(DHParameters params) throws IOException
{
- BigInteger Y = key.getY();
- DHParameters params = key.getParameters();
BigInteger p = params.getP();
BigInteger g = params.getG();
@@ -477,7 +475,16 @@ public static DHPublicKeyParameters validateDHPublicKey(DHPublicKeyParameters ke
{
throw new TlsFatalAlert(AlertDescription.illegal_parameter);
}
- if (Y.compareTo(TWO) < 0 || Y.compareTo(p.subtract(TWO)) > 0)
+
+ return params;
+ }
+
+ public static DHPublicKeyParameters validateDHPublicKey(DHPublicKeyParameters key) throws IOException
+ {
+ DHParameters params = validateDHParameters(key.getParameters());
+
+ BigInteger Y = key.getY();
+ if (Y.compareTo(TWO) < 0 || Y.compareTo(params.getP().subtract(TWO)) > 0)
{
throw new TlsFatalAlert(AlertDescription.illegal_parameter);
}

0 comments on commit 39879ec

Please sign in to comment.