Code Review Request 8072452 Support DHE sizes up to 8192-bits

Xuelei Fan xuelei.fan at oracle.com
Thu Apr 14 11:12:05 UTC 2016


Thanks for the comments.  Here is the new webrev:
    http://cr.openjdk.java.net/~xuelei/8072452/webrev.03/

On 4/14/2016 7:25 AM, Valerie Peng wrote:
> Here are some comments for the test changes:
> 
> <test/sun/security/pkcs11/KeyPairGenerator/TestDH2048.java>
> - Not testing key size 768?
> - line 82, would be useful to indicate version here, e.g. NSS (as of
> version xxx) has a hard coded ...
> - line 27, 4096 should be 8192?
> 
Updated.

> <test/sun/security/provider/DSA/TestAlgParameterGenerator.java>
> - format changes only? No test for (3072, 256)?
> 
I removed the update of this file.

> <test/com/sun/crypto/provider/KeyAgreement/UnsupportedDHKeys.java>
> - line 50, dhp8192(8191) looks like a typo?
> - line 66, do we really need to generate the key pair here?
> - line 71, seem redundant and potentially confusing as it's aligned
> differently comparing to line70?
> 
Updated.

> <test/sun/security/pkcs11/KeyAgreement/SupportedDHKeys.java>
> - line 63, why test for KeyAgreement here instead of KeyPairGenerator?
> 
Better to use KeyPairGenerator.  Updated.

> <test/sun/security/pkcs11/KeyAgreement/UnsupportedDHKeys.java>
> - line 53, dhp8192(8191) looks like a typo?
> - line 64, why test for KeyAgreement here instead of KeyPairGenerator?
> - line 75, do we really need to generate the key pair here?
> - line 80, seem redundant and potentially confusing as it's aligned
> differently comparing to line79?
> 
Updated.

> <test/sun/security/provider/DSA/SupportedDSAParaGen.java>
> - Use "Param" instead of "Para" in the test name "SupportedDSAParaGen"?
Hm, nice name.

> - Just curious, have u tried the specified timeout value across
> different platforms?
Not really, I only tested on JPRT and the solaris-sparc desktop.  This
test may be intermittent timeout failure in some circumstances.  I added
the intermittent key tag.

> - The file is new but the copyright year starts from 2012?
> 
Updated.

> As for the updated sources, all changes look fine. But while I was
> looking at
> src/java.base/share/classes/sun/security/ssl/ServerHandshaker.java, I
> have some more questions:
> - line 145, do we need to check for upper limit here? It used to have
> 2048, should it be 8192 now? If yes, then line 1526 need to be enhanced
> too.
I was wondering to remove the limit in case third party's implementation
support more size.  Not necessary.  Updated and limited to 8192 bits.

> - line 1551, now that more DH sizes are supported, shouldn't we make
> some changes here? Now it's either 1024 or 2048. The older impl on line
> 1550 uses 1024 as the lower limit and 2048 as the upper limit and will
> keep the value as is if it's in-between the limits. If there is a reason
> to keep 2048 as the upper limit, it'd be useful to add some comment here
> for clarification.
> 
This is mainly for compatibility and interoperability impact.  Some old
deployed application may not support DH key size bigger than 2048.  I
added back the comments.

Thanks,
Xuelei

> Thanks,
> Valerie
> 
> On 4/13/2016 7:23 AM, Xuelei Fan wrote:
>> Hi Valerie,
>>
>> All comments are good to me and accepted in the new webrev:
>>
>>    http://cr.openjdk.java.net/~xuelei/8072452/webrev.02/
>>
>> On 4/13/2016 8:26 AM, Valerie Peng wrote:
>>> Hi Xuelei,
>>>
>>> Mostly look good, just some comments in line...
>>>
>>> <src/java.base/share/classes/com/sun/crypto/provider/DHKeyPairGenerator.java>
>>>
>>>
>>> line 95-100, so essentially, we will use the built-in parameters as much
>>> as possible and if none available, we will try to generate the
>>> parameters for key sizes<= 1024, right? The current comment is a little
>>> hard to parse. Maybe we can just explain it as below?
>>>       // Use the built-in parameters (ranging from 512 to 8192) when
>>> available
>>>       this.params = ParameterCache.getCachedDHParameterSpec(keysize);
>>>      // Due to performance issue, only support DH parameters generation
>>>      // up to 1024 bits
>>>      if ((this.params == null)&&  (keysize>  1024)) {
>>>
>> Updated.
>>
>>> <src/java.base/share/classes/sun/security/provider/DSAParameterGenerator.java>
>>>
>>>
>>> - line 212, redundant?
>> Yes.  Updated.
>>
>>> <src/jdk.crypto.pkcs11/share/classes/sun/security/pkcs11/P11KeyPairGenerator.java>
>>>
>>>
>>> - line 277-303, the "params"argument for this particular method is
>>> always null for non-RSA algorithms based on the usage. It is commented
>>> on line 232 and several other places as indicated by the "// XXX sanity
>>> check params" comments. So, more code changes will be needed here.
>>> Either you can add another boolean hasParams and rely on that argument,
>>> or change the specified argument type from RSAKeyGenParameterSpec to a
>>> generic one and then cast it later when it is needed.
>>>
>> Good catch!  Updated per the latter proposal.
>>
>>> <src/java.base/share/classes/sun/security/ssl/ServerHandshaker.java>
>>> - line 141 - 146 and line 1548 - 1554 are identical. Seems to me that
>>> they can be customized a little as they are for different variable
>>> assignment. The "customizedDHKeySize" variable on line 147 is from user,
>>> right? Maybe what you really mean is something like the following?
>>>      // DH parameter generation can be extremely slow, best to use
>>> one of
>>> the
>>>      // supported pre-computed DH parameters (see DHCrypt class)
>>> As for line 1548 - 1554, it can be as simple as:
>>>      // DH parameter generation can be extremely slow, make sure to use
>>> one of the
>>>      // supported pre-computed DH parameters (see DHCrypt class)
>> Updated.
>>
>>> - line 148, can customizedDHKeySize be 1024? The old code accepts it but
>>> the new code will error out. Is there a reason for rejecting 1024? The
>>> check only rejects "<1024" but yet the exception message says the value
>>> should be larger than 1024.
>>> Lastly, "should larger" =>  "should be larger" (line 150).
>>>
>> 1024 bits should not be rejected.  Updated the exception message.
>>
>> Thanks for the comments!
>>
>> Xuelei
>>
>>> I will look at the tests next and send u comments separately.
>>> Thanks,
>>> Valerie
>>> On 4/1/2016 8:53 AM, Xuelei Fan wrote:
>>>> Hi,
>>>>
>>>> Please review this improvement update to support DHE sizes up to
>>>> 8192-bits and DSA sizes up to 3072-bits:
>>>>
>>>>     http://cr.openjdk.java.net/~xuelei/8072452/webrev.00
>>>>
>>>> This updated extends to support 3072-bits DH and DSA parameters
>>>> generation, and pre-computed DH parameters up to 8192 bits and
>>>> pre-computed DSA parameters up to 3072-bits.
>>>>
>>>> Thanks,
>>>> Xuelei



More information about the security-dev mailing list