Decrease DH group length to 1024. (Roger, you may want to read section 1 of the IETF draft: a 1024-bit DH key probably reduces our cipher strength to ~80 bits.)

svn:r269

doc/TODO

@@ -54,9 +54,9 @@ SPEC!!  D Non-clique topologies
                 - Consider taking the master out of the loop?
         . Directory servers
                 D Automated reputation management
-NICK            - Include key in source; sign directories
+NICK            . Include key in source; sign directories
                 - Add versions to code
-NICK            - Have directories list recommended-versions
+NICK            . Have directories list recommended-versions
                         - Quit if running the wrong version
                         - Command-line option to override quit
                 . Add more information to directory server entries
@@ -131,7 +131,7 @@ NICK                    . OS X
                 o incremental path building
                 - transition circuit-level sendmes to hop-level sendmes
                 - implement truncate, truncated
-NICK            - move from 192byte DH to 128byte DH, so it isn't so damn slow
+                o move from 192byte DH to 128byte DH, so it isn't so damn slow
                 - exiting from not-last hop
                         - OP logic to decide to extend/truncate a path
                         - make sure exiting from the not-last hop works

src/common/crypto.c

@@ -695,6 +695,7 @@ static void init_dh_param() {
   g = BN_new();
   assert(p && g);
 
+#if 0 
   /* This is from draft-ietf-ipsec-ike-modp-groups-05.txt.  It's a safe
      prime, and supposedly it equals:
       2^1536 - 2^1472 - 1 + 2^64 * { [2^1406 pi] + 741804 }
@@ -708,6 +709,18 @@ static void init_dh_param() {
 		"C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
 		"83655D23DCA3AD961C62F356208552BB9ED529077096966D"
 		"670C354E4ABC9804F1746C08CA237327FFFFFFFFFFFFFFFF");
+#endif
+
+  /* This is from rfc2409, section 6.2.  It's a safe prime, and
+     supposedly it equals:
+        2^1024 - 2^960 - 1 + 2^64 * { [2^894 pi] + 129093 }.
+  */
+  r = BN_hex2bn(&p,
+		"FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E08"
+		"8A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B"
+		"302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9"
+		"A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE6"
+		"49286651ECE65381FFFFFFFFFFFFFFFF");
   assert(r);
 
   r = BN_set_word(g, 2);

src/common/crypto.h

@@ -72,7 +72,8 @@ int base64_decode(char *dest, int destlen, char *src, int srclen);
 
 /* Key negotiation */
 typedef struct crypto_dh_env_st crypto_dh_env_t;
-#define CRYPTO_DH_SIZE (1536 / 8)
+/* #define CRYPTO_DH_SIZE (1536 / 8) */
+#define CRYPTO_DH_SIZE (1024 / 8)
 crypto_dh_env_t *crypto_dh_new();
 int crypto_dh_get_bytes(crypto_dh_env_t *dh);
 int crypto_dh_get_public(crypto_dh_env_t *dh, char *pubkey_out, 

src/or/or.h

@@ -354,8 +354,8 @@ struct crypt_path_t {
 
 };
 
-#define DH_KEY_LEN 192
+#define DH_KEY_LEN CRYPTO_DH_SIZE
-#define DH_ONIONSKIN_LEN 208
+#define DH_ONIONSKIN_LEN DH_KEY_LEN+16
 
 typedef struct crypt_path_t crypt_path_t;
 

src/or/test.c

@@ -631,7 +631,6 @@ main(int c, char**v) {
   log(LOG_ERR,NULL);         /* make logging quieter */
 
   setup_directory();
-#if 0
   puts("========================== Buffers =========================");
   test_buffers();
   puts("========================== Crypto ==========================");
@@ -641,7 +640,6 @@ main(int c, char**v) {
   test_util();
   puts("\n========================= Onion Skins =====================");
   test_onion_handshake();
-#endif
   puts("\n========================= Directory Formats ===============");
   test_dir_format();
   puts("");