mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-27 22:03:31 +01:00
Decrease DH group length to 1024. (Roger, you may want to read section 1 of the IETF draft: a 1024-bit DH key probably reduces our cipher strength to ~80 bits.)
svn:r269
This commit is contained in:
parent
d0ff485e1b
commit
445cd8f0f1
6
doc/TODO
6
doc/TODO
@ -54,9 +54,9 @@ SPEC!! D Non-clique topologies
|
||||
- Consider taking the master out of the loop?
|
||||
. Directory servers
|
||||
D Automated reputation management
|
||||
NICK - Include key in source; sign directories
|
||||
NICK . Include key in source; sign directories
|
||||
- Add versions to code
|
||||
NICK - Have directories list recommended-versions
|
||||
NICK . Have directories list recommended-versions
|
||||
- Quit if running the wrong version
|
||||
- Command-line option to override quit
|
||||
. Add more information to directory server entries
|
||||
@ -131,7 +131,7 @@ NICK . OS X
|
||||
o incremental path building
|
||||
- transition circuit-level sendmes to hop-level sendmes
|
||||
- implement truncate, truncated
|
||||
NICK - move from 192byte DH to 128byte DH, so it isn't so damn slow
|
||||
o move from 192byte DH to 128byte DH, so it isn't so damn slow
|
||||
- exiting from not-last hop
|
||||
- OP logic to decide to extend/truncate a path
|
||||
- make sure exiting from the not-last hop works
|
||||
|
@ -695,6 +695,7 @@ static void init_dh_param() {
|
||||
g = BN_new();
|
||||
assert(p && g);
|
||||
|
||||
#if 0
|
||||
/* This is from draft-ietf-ipsec-ike-modp-groups-05.txt. It's a safe
|
||||
prime, and supposedly it equals:
|
||||
2^1536 - 2^1472 - 1 + 2^64 * { [2^1406 pi] + 741804 }
|
||||
@ -708,6 +709,18 @@ static void init_dh_param() {
|
||||
"C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
|
||||
"83655D23DCA3AD961C62F356208552BB9ED529077096966D"
|
||||
"670C354E4ABC9804F1746C08CA237327FFFFFFFFFFFFFFFF");
|
||||
#endif
|
||||
|
||||
/* This is from rfc2409, section 6.2. It's a safe prime, and
|
||||
supposedly it equals:
|
||||
2^1024 - 2^960 - 1 + 2^64 * { [2^894 pi] + 129093 }.
|
||||
*/
|
||||
r = BN_hex2bn(&p,
|
||||
"FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E08"
|
||||
"8A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B"
|
||||
"302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9"
|
||||
"A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE6"
|
||||
"49286651ECE65381FFFFFFFFFFFFFFFF");
|
||||
assert(r);
|
||||
|
||||
r = BN_set_word(g, 2);
|
||||
|
@ -72,7 +72,8 @@ int base64_decode(char *dest, int destlen, char *src, int srclen);
|
||||
|
||||
/* Key negotiation */
|
||||
typedef struct crypto_dh_env_st crypto_dh_env_t;
|
||||
#define CRYPTO_DH_SIZE (1536 / 8)
|
||||
/* #define CRYPTO_DH_SIZE (1536 / 8) */
|
||||
#define CRYPTO_DH_SIZE (1024 / 8)
|
||||
crypto_dh_env_t *crypto_dh_new();
|
||||
int crypto_dh_get_bytes(crypto_dh_env_t *dh);
|
||||
int crypto_dh_get_public(crypto_dh_env_t *dh, char *pubkey_out,
|
||||
|
@ -354,8 +354,8 @@ struct crypt_path_t {
|
||||
|
||||
};
|
||||
|
||||
#define DH_KEY_LEN 192
|
||||
#define DH_ONIONSKIN_LEN 208
|
||||
#define DH_KEY_LEN CRYPTO_DH_SIZE
|
||||
#define DH_ONIONSKIN_LEN DH_KEY_LEN+16
|
||||
|
||||
typedef struct crypt_path_t crypt_path_t;
|
||||
|
||||
|
@ -631,7 +631,6 @@ main(int c, char**v) {
|
||||
log(LOG_ERR,NULL); /* make logging quieter */
|
||||
|
||||
setup_directory();
|
||||
#if 0
|
||||
puts("========================== Buffers =========================");
|
||||
test_buffers();
|
||||
puts("========================== Crypto ==========================");
|
||||
@ -641,7 +640,6 @@ main(int c, char**v) {
|
||||
test_util();
|
||||
puts("\n========================= Onion Skins =====================");
|
||||
test_onion_handshake();
|
||||
#endif
|
||||
puts("\n========================= Directory Formats ===============");
|
||||
test_dir_format();
|
||||
puts("");
|
||||
|
Loading…
Reference in New Issue
Block a user