diff options
| author | Nick Mathewson <nickm@torproject.org> | 2011-01-24 16:03:14 -0500 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2011-02-10 15:55:06 -0500 |
| commit | 50c259d763c7471588b4e1f242695d2652e4284b (patch) | |
| tree | 95018c9f25fde4fbf49338ecfb6af098b8558ecb | |
| parent | 5fc6967956610111d8cf24792ddf000bd83b4b86 (diff) | |
| download | tor-50c259d763c7471588b4e1f242695d2652e4284b.tar.gz tor-50c259d763c7471588b4e1f242695d2652e4284b.zip | |
Make the DH parameter we use for TLS match the one from Apache's mod_ssl
Our regular DH parameters that we use for circuit and rendezvous
crypto are unchanged. This is yet another small step on the path of
protocol fingerprinting resistance.
(Backport from 0.2.2's 5ed73e3807d90dd0a3)
| -rw-r--r-- | changes/dhparam | 3 | ||||
| -rw-r--r-- | src/common/crypto.c | 34 | ||||
| -rw-r--r-- | src/common/crypto.h | 5 | ||||
| -rw-r--r-- | src/common/tortls.c | 2 | ||||
| -rw-r--r-- | src/or/onion.c | 4 | ||||
| -rw-r--r-- | src/or/rendclient.c | 2 | ||||
| -rw-r--r-- | src/or/rendservice.c | 2 | ||||
| -rw-r--r-- | src/or/test.c | 4 |
8 files changed, 42 insertions, 14 deletions
diff --git a/changes/dhparam b/changes/dhparam new file mode 100644 index 0000000000..cb31243ba9 --- /dev/null +++ b/changes/dhparam @@ -0,0 +1,3 @@ + o Minor features + - Adjust our TLS Diffie-Hellman parameters to match those used by + Apache's mod_ssl. diff --git a/src/common/crypto.c b/src/common/crypto.c index 29137a834d..48c8dea08f 100644 --- a/src/common/crypto.c +++ b/src/common/crypto.c @@ -1505,8 +1505,10 @@ crypto_hmac_sha1(char *hmac_out, /* DH */ -/** Shared P parameter for our DH key exchanged. */ +/** Shared P parameter for our circuit-crypto DH key exchanges. */ static BIGNUM *dh_param_p = NULL; +/** Shared P parameter for our TLS DH key exchanges. */ +static BIGNUM *dh_param_p_tls = NULL; /** Shared G parameter for our DH key exchanges. */ static BIGNUM *dh_param_g = NULL; @@ -1515,14 +1517,16 @@ static BIGNUM *dh_param_g = NULL; static void init_dh_param(void) { - BIGNUM *p, *g; + BIGNUM *p, *p2, *g; int r; - if (dh_param_p && dh_param_g) + if (dh_param_p && dh_param_g && dh_param_p_tls) return; p = BN_new(); + p2 = BN_new(); g = BN_new(); tor_assert(p); + tor_assert(p2); tor_assert(g); /* This is from rfc2409, section 6.2. It's a safe prime, and @@ -1536,10 +1540,20 @@ init_dh_param(void) "A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE6" "49286651ECE65381FFFFFFFFFFFFFFFF"); tor_assert(r); + /* This is the 1024-bit safe prime that Apache uses for its DH stuff; see + * modules/ssl/ssl_engine_dh.c */ + r = BN_hex2bn(&p2, + "D67DE440CBBBDC1936D693D34AFD0AD50C84D239A45F520BB88174CB98" + "BCE951849F912E639C72FB13B4B4D7177E16D55AC179BA420B2A29FE324A" + "467A635E81FF5901377BEDDCFD33168A461AAD3B72DAE8860078045B07A7" + "DBCA7874087D1510EA9FCC9DDD330507DD62DB88AEAA747DE0F4D6E2BD68" + "B0E7393E0F24218EB3"); + tor_assert(r); r = BN_set_word(g, 2); tor_assert(r); dh_param_p = p; + dh_param_p_tls = p2; dh_param_g = g; } @@ -1548,18 +1562,26 @@ init_dh_param(void) /** Allocate and return a new DH object for a key exchange. */ crypto_dh_env_t * -crypto_dh_new(void) +crypto_dh_new(int dh_type) { crypto_dh_env_t *res = tor_malloc_zero(sizeof(crypto_dh_env_t)); + tor_assert(dh_type == DH_TYPE_CIRCUIT || dh_type == DH_TYPE_TLS || + dh_type == DH_TYPE_REND); + if (!dh_param_p) init_dh_param(); if (!(res->dh = DH_new())) goto err; - if (!(res->dh->p = BN_dup(dh_param_p))) - goto err; + if (dh_type == DH_TYPE_TLS) { + if (!(res->dh->p = BN_dup(dh_param_p_tls))) + goto err; + } else { + if (!(res->dh->p = BN_dup(dh_param_p))) + goto err; + } if (!(res->dh->g = BN_dup(dh_param_g))) goto err; diff --git a/src/common/crypto.h b/src/common/crypto.h index d6f5555379..576c03dc30 100644 --- a/src/common/crypto.h +++ b/src/common/crypto.h @@ -159,7 +159,10 @@ void crypto_hmac_sha1(char *hmac_out, const char *msg, size_t msg_len); /* Key negotiation */ -crypto_dh_env_t *crypto_dh_new(void); +#define DH_TYPE_CIRCUIT 1 +#define DH_TYPE_REND 2 +#define DH_TYPE_TLS 3 +crypto_dh_env_t *crypto_dh_new(int dh_type); int crypto_dh_get_bytes(crypto_dh_env_t *dh); int crypto_dh_generate_public(crypto_dh_env_t *dh); int crypto_dh_get_public(crypto_dh_env_t *dh, char *pubkey_out, diff --git a/src/common/tortls.c b/src/common/tortls.c index 1d597e2952..7735618ea2 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -684,7 +684,7 @@ tor_tls_context_new(crypto_pk_env_t *identity, unsigned int key_lifetime) if (!SSL_CTX_check_private_key(result->ctx)) goto error; { - crypto_dh_env_t *dh = crypto_dh_new(); + crypto_dh_env_t *dh = crypto_dh_new(DH_TYPE_TLS); SSL_CTX_set_tmp_dh(result->ctx, _crypto_dh_env_get_dh(dh)); crypto_dh_free(dh); } diff --git a/src/or/onion.c b/src/or/onion.c index bf72b4cab1..e455a52637 100644 --- a/src/or/onion.c +++ b/src/or/onion.c @@ -173,7 +173,7 @@ onion_skin_create(crypto_pk_env_t *dest_router_key, *handshake_state_out = NULL; memset(onion_skin_out, 0, ONIONSKIN_CHALLENGE_LEN); - if (!(dh = crypto_dh_new())) + if (!(dh = crypto_dh_new(DH_TYPE_CIRCUIT))) goto err; dhbytes = crypto_dh_get_bytes(dh); @@ -247,7 +247,7 @@ onion_skin_server_handshake(const char *onion_skin, /*ONIONSKIN_CHALLENGE_LEN*/ goto err; } - dh = crypto_dh_new(); + dh = crypto_dh_new(DH_TYPE_CIRCUIT); if (crypto_dh_get_public(dh, handshake_reply_out, DH_KEY_LEN)) { log_info(LD_GENERAL, "crypto_dh_get_public failed."); goto err; diff --git a/src/or/rendclient.c b/src/or/rendclient.c index 95875465cb..783a66150e 100644 --- a/src/or/rendclient.c +++ b/src/or/rendclient.c @@ -130,7 +130,7 @@ rend_client_send_introduction(origin_circuit_t *introcirc, cpath = rendcirc->build_state->pending_final_cpath = tor_malloc_zero(sizeof(crypt_path_t)); cpath->magic = CRYPT_PATH_MAGIC; - if (!(cpath->dh_handshake_state = crypto_dh_new())) { + if (!(cpath->dh_handshake_state = crypto_dh_new(DH_TYPE_REND))) { log_warn(LD_BUG, "Internal error: couldn't allocate DH."); goto err; } diff --git a/src/or/rendservice.c b/src/or/rendservice.c index a650eda405..33e8d3e7e9 100644 --- a/src/or/rendservice.c +++ b/src/or/rendservice.c @@ -1151,7 +1151,7 @@ rend_service_introduce(origin_circuit_t *circuit, const uint8_t *request, } /* Try DH handshake... */ - dh = crypto_dh_new(); + dh = crypto_dh_new(DH_TYPE_REND); if (!dh || crypto_dh_generate_public(dh)<0) { log_warn(LD_BUG,"Internal error: couldn't build DH state " "or generate public key."); diff --git a/src/or/test.c b/src/or/test.c index 904ca69db1..b08f202c20 100644 --- a/src/or/test.c +++ b/src/or/test.c @@ -404,8 +404,8 @@ test_buffers(void) static void test_crypto_dh(void) { - crypto_dh_env_t *dh1 = crypto_dh_new(); - crypto_dh_env_t *dh2 = crypto_dh_new(); + crypto_dh_env_t *dh1 = crypto_dh_new(DH_TYPE_CIRCUIT); + crypto_dh_env_t *dh2 = crypto_dh_new(DH_TYPE_CIRCUIT); char p1[DH_BYTES]; char p2[DH_BYTES]; char s1[DH_BYTES]; |