diff options
| author | Nick Mathewson <nickm@torproject.org> | 2011-01-24 16:03:14 -0500 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2011-01-24 16:50:11 -0500 |
| commit | 5ed73e3807d90dd0a3a2e5542f98a0a58374a066 (patch) | |
| tree | 7cd2519566d26786ae866f3c516e2b9a40643a6b /src/common/crypto.c | |
| parent | 13e9a2b19d4a65d9761256ac72f754c35c371b0b (diff) | |
| download | tor-5ed73e3807d90dd0a3a2e5542f98a0a58374a066.tar.gz tor-5ed73e3807d90dd0a3a2e5542f98a0a58374a066.zip | |
Make the DH parameter we use for TLS match the one from Apache's mod_ssl
Our regular DH parameters that we use for circuit and rendezvous
crypto are unchanged. This is yet another small step on the path of
protocol fingerprinting resistance.
Diffstat (limited to 'src/common/crypto.c')
| -rw-r--r-- | src/common/crypto.c | 34 |
1 files changed, 28 insertions, 6 deletions
diff --git a/src/common/crypto.c b/src/common/crypto.c index e847d8c033..5264fd8085 100644 --- a/src/common/crypto.c +++ b/src/common/crypto.c @@ -1685,8 +1685,10 @@ crypto_hmac_sha1(char *hmac_out, /* DH */ -/** Shared P parameter for our DH key exchanged. */ +/** Shared P parameter for our circuit-crypto DH key exchanges. */ static BIGNUM *dh_param_p = NULL; +/** Shared P parameter for our TLS DH key exchanges. */ +static BIGNUM *dh_param_p_tls = NULL; /** Shared G parameter for our DH key exchanges. */ static BIGNUM *dh_param_g = NULL; @@ -1695,14 +1697,16 @@ static BIGNUM *dh_param_g = NULL; static void init_dh_param(void) { - BIGNUM *p, *g; + BIGNUM *p, *p2, *g; int r; - if (dh_param_p && dh_param_g) + if (dh_param_p && dh_param_g && dh_param_p_tls) return; p = BN_new(); + p2 = BN_new(); g = BN_new(); tor_assert(p); + tor_assert(p2); tor_assert(g); /* This is from rfc2409, section 6.2. It's a safe prime, and @@ -1716,10 +1720,20 @@ init_dh_param(void) "A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE6" "49286651ECE65381FFFFFFFFFFFFFFFF"); tor_assert(r); + /* This is the 1024-bit safe prime that Apache uses for its DH stuff; see + * modules/ssl/ssl_engine_dh.c */ + r = BN_hex2bn(&p2, + "D67DE440CBBBDC1936D693D34AFD0AD50C84D239A45F520BB88174CB98" + "BCE951849F912E639C72FB13B4B4D7177E16D55AC179BA420B2A29FE324A" + "467A635E81FF5901377BEDDCFD33168A461AAD3B72DAE8860078045B07A7" + "DBCA7874087D1510EA9FCC9DDD330507DD62DB88AEAA747DE0F4D6E2BD68" + "B0E7393E0F24218EB3"); + tor_assert(r); r = BN_set_word(g, 2); tor_assert(r); dh_param_p = p; + dh_param_p_tls = p2; dh_param_g = g; } @@ -1728,18 +1742,26 @@ init_dh_param(void) /** Allocate and return a new DH object for a key exchange. */ crypto_dh_env_t * -crypto_dh_new(void) +crypto_dh_new(int dh_type) { crypto_dh_env_t *res = tor_malloc_zero(sizeof(crypto_dh_env_t)); + tor_assert(dh_type == DH_TYPE_CIRCUIT || dh_type == DH_TYPE_TLS || + dh_type == DH_TYPE_REND); + if (!dh_param_p) init_dh_param(); if (!(res->dh = DH_new())) goto err; - if (!(res->dh->p = BN_dup(dh_param_p))) - goto err; + if (dh_type == DH_TYPE_TLS) { + if (!(res->dh->p = BN_dup(dh_param_p_tls))) + goto err; + } else { + if (!(res->dh->p = BN_dup(dh_param_p))) + goto err; + } if (!(res->dh->g = BN_dup(dh_param_g))) goto err; |