mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-24 12:23:32 +01:00
Combine DH_BYTES and DH_KEY_LEN; put them in a lib/defs header.
This commit is contained in:
parent
adcd1d8b9a
commit
7a61a92870
@ -344,7 +344,7 @@ crypto_dh_generate_public(crypto_dh_t *dh)
|
|||||||
|
|
||||||
/** Generate g^x as necessary, and write the g^x for the key exchange
|
/** Generate g^x as necessary, and write the g^x for the key exchange
|
||||||
* as a <b>pubkey_len</b>-byte value into <b>pubkey</b>. Return 0 on
|
* as a <b>pubkey_len</b>-byte value into <b>pubkey</b>. Return 0 on
|
||||||
* success, -1 on failure. <b>pubkey_len</b> must be \>= DH_BYTES.
|
* success, -1 on failure. <b>pubkey_len</b> must be \>= DH1024_KEY_LEN.
|
||||||
*/
|
*/
|
||||||
int
|
int
|
||||||
crypto_dh_get_public(crypto_dh_t *dh, char *pubkey, size_t pubkey_len)
|
crypto_dh_get_public(crypto_dh_t *dh, char *pubkey, size_t pubkey_len)
|
||||||
@ -378,7 +378,7 @@ crypto_dh_get_public(crypto_dh_t *dh, char *pubkey, size_t pubkey_len)
|
|||||||
tor_assert(bytes >= 0);
|
tor_assert(bytes >= 0);
|
||||||
if (pubkey_len < (size_t)bytes) {
|
if (pubkey_len < (size_t)bytes) {
|
||||||
log_warn(LD_CRYPTO,
|
log_warn(LD_CRYPTO,
|
||||||
"Weird! pubkey_len (%d) was smaller than DH_BYTES (%d)",
|
"Weird! pubkey_len (%d) was smaller than DH1024_KEY_LEN (%d)",
|
||||||
(int) pubkey_len, bytes);
|
(int) pubkey_len, bytes);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
@ -14,9 +14,7 @@
|
|||||||
#define TOR_CRYPTO_DH_H
|
#define TOR_CRYPTO_DH_H
|
||||||
|
|
||||||
#include "orconfig.h"
|
#include "orconfig.h"
|
||||||
|
#include "lib/defs/dh_sizes.h"
|
||||||
/** Length of our DH keys. */
|
|
||||||
#define DH_BYTES (1024/8)
|
|
||||||
|
|
||||||
typedef struct crypto_dh_t crypto_dh_t;
|
typedef struct crypto_dh_t crypto_dh_t;
|
||||||
|
|
||||||
|
13
src/lib/defs/dh_sizes.h
Normal file
13
src/lib/defs/dh_sizes.h
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
/* Copyright (c) 2001, Matej Pfajfar.
|
||||||
|
* Copyright (c) 2001-2004, Roger Dingledine.
|
||||||
|
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
|
||||||
|
* Copyright (c) 2007-2018, The Tor Project, Inc. */
|
||||||
|
/* See LICENSE for licensing information */
|
||||||
|
|
||||||
|
#ifndef TOR_DH_SIZES_H
|
||||||
|
#define TOR_DH_SIZES_H
|
||||||
|
|
||||||
|
/** Length of our legacy DH keys. */
|
||||||
|
#define DH1024_KEY_LEN (1024/8)
|
||||||
|
|
||||||
|
#endif
|
@ -1,3 +1,4 @@
|
|||||||
|
|
||||||
noinst_HEADERS += \
|
noinst_HEADERS += \
|
||||||
|
src/lib/defs/dh_sizes.h \
|
||||||
src/lib/defs/digest_sizes.h
|
src/lib/defs/digest_sizes.h
|
||||||
|
@ -102,7 +102,8 @@ create_rend_cpath(const uint8_t *ntor_key_seed, size_t seed_len,
|
|||||||
/* We are a v2 legacy HS client: Create and return a crypt path for the hidden
|
/* We are a v2 legacy HS client: Create and return a crypt path for the hidden
|
||||||
* service on the other side of the rendezvous circuit <b>circ</b>. Initialize
|
* service on the other side of the rendezvous circuit <b>circ</b>. Initialize
|
||||||
* the crypt path crypto using the body of the RENDEZVOUS1 cell at
|
* the crypt path crypto using the body of the RENDEZVOUS1 cell at
|
||||||
* <b>rend_cell_body</b> (which must be at least DH_KEY_LEN+DIGEST_LEN bytes).
|
* <b>rend_cell_body</b> (which must be at least DH1024_KEY_LEN+DIGEST_LEN
|
||||||
|
* bytes).
|
||||||
*/
|
*/
|
||||||
static crypt_path_t *
|
static crypt_path_t *
|
||||||
create_rend_cpath_legacy(origin_circuit_t *circ, const uint8_t *rend_cell_body)
|
create_rend_cpath_legacy(origin_circuit_t *circ, const uint8_t *rend_cell_body)
|
||||||
@ -110,7 +111,7 @@ create_rend_cpath_legacy(origin_circuit_t *circ, const uint8_t *rend_cell_body)
|
|||||||
crypt_path_t *hop = NULL;
|
crypt_path_t *hop = NULL;
|
||||||
char keys[DIGEST_LEN+CPATH_KEY_MATERIAL_LEN];
|
char keys[DIGEST_LEN+CPATH_KEY_MATERIAL_LEN];
|
||||||
|
|
||||||
/* first DH_KEY_LEN bytes are g^y from the service. Finish the dh
|
/* first DH1024_KEY_LEN bytes are g^y from the service. Finish the dh
|
||||||
* handshake...*/
|
* handshake...*/
|
||||||
tor_assert(circ->build_state);
|
tor_assert(circ->build_state);
|
||||||
tor_assert(circ->build_state->pending_final_cpath);
|
tor_assert(circ->build_state->pending_final_cpath);
|
||||||
@ -118,7 +119,7 @@ create_rend_cpath_legacy(origin_circuit_t *circ, const uint8_t *rend_cell_body)
|
|||||||
|
|
||||||
tor_assert(hop->rend_dh_handshake_state);
|
tor_assert(hop->rend_dh_handshake_state);
|
||||||
if (crypto_dh_compute_secret(LOG_PROTOCOL_WARN, hop->rend_dh_handshake_state,
|
if (crypto_dh_compute_secret(LOG_PROTOCOL_WARN, hop->rend_dh_handshake_state,
|
||||||
(char*)rend_cell_body, DH_KEY_LEN,
|
(char*)rend_cell_body, DH1024_KEY_LEN,
|
||||||
keys, DIGEST_LEN+CPATH_KEY_MATERIAL_LEN)<0) {
|
keys, DIGEST_LEN+CPATH_KEY_MATERIAL_LEN)<0) {
|
||||||
log_warn(LD_GENERAL, "Couldn't complete DH handshake.");
|
log_warn(LD_GENERAL, "Couldn't complete DH handshake.");
|
||||||
goto err;
|
goto err;
|
||||||
@ -130,7 +131,7 @@ create_rend_cpath_legacy(origin_circuit_t *circ, const uint8_t *rend_cell_body)
|
|||||||
goto err;
|
goto err;
|
||||||
|
|
||||||
/* Check whether the digest is right... */
|
/* Check whether the digest is right... */
|
||||||
if (tor_memneq(keys, rend_cell_body+DH_KEY_LEN, DIGEST_LEN)) {
|
if (tor_memneq(keys, rend_cell_body+DH1024_KEY_LEN, DIGEST_LEN)) {
|
||||||
log_warn(LD_PROTOCOL, "Incorrect digest of key material.");
|
log_warn(LD_PROTOCOL, "Incorrect digest of key material.");
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
@ -1244,4 +1245,3 @@ hs_circ_cleanup(circuit_t *circ)
|
|||||||
hs_circuitmap_remove_circuit(circ);
|
hs_circuitmap_remove_circuit(circ);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -122,7 +122,7 @@
|
|||||||
* bigger than the 84 bytes needed for version 3 so we need to pad up to that
|
* bigger than the 84 bytes needed for version 3 so we need to pad up to that
|
||||||
* length so it is indistinguishable between versions. */
|
* length so it is indistinguishable between versions. */
|
||||||
#define HS_LEGACY_RENDEZVOUS_CELL_SIZE \
|
#define HS_LEGACY_RENDEZVOUS_CELL_SIZE \
|
||||||
(REND_COOKIE_LEN + DH_KEY_LEN + DIGEST_LEN)
|
(REND_COOKIE_LEN + DH1024_KEY_LEN + DIGEST_LEN)
|
||||||
|
|
||||||
/* Type of authentication key used by an introduction point. */
|
/* Type of authentication key used by an introduction point. */
|
||||||
typedef enum {
|
typedef enum {
|
||||||
|
@ -558,7 +558,7 @@ onion_skin_server_handshake(int type,
|
|||||||
(char*)keys_out, keys_out_len)<0)
|
(char*)keys_out, keys_out_len)<0)
|
||||||
return -1;
|
return -1;
|
||||||
r = TAP_ONIONSKIN_REPLY_LEN;
|
r = TAP_ONIONSKIN_REPLY_LEN;
|
||||||
memcpy(rend_nonce_out, reply_out+DH_KEY_LEN, DIGEST_LEN);
|
memcpy(rend_nonce_out, reply_out+DH1024_KEY_LEN, DIGEST_LEN);
|
||||||
break;
|
break;
|
||||||
case ONION_HANDSHAKE_TYPE_FAST:
|
case ONION_HANDSHAKE_TYPE_FAST:
|
||||||
if (onionskin_len != CREATE_FAST_LEN)
|
if (onionskin_len != CREATE_FAST_LEN)
|
||||||
@ -635,7 +635,7 @@ onion_skin_client_handshake(int type,
|
|||||||
msg_out) < 0)
|
msg_out) < 0)
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
memcpy(rend_authenticator_out, reply+DH_KEY_LEN, DIGEST_LEN);
|
memcpy(rend_authenticator_out, reply+DH1024_KEY_LEN, DIGEST_LEN);
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
case ONION_HANDSHAKE_TYPE_FAST:
|
case ONION_HANDSHAKE_TYPE_FAST:
|
||||||
|
@ -53,7 +53,7 @@ onion_skin_TAP_create(crypto_pk_t *dest_router_key,
|
|||||||
crypto_dh_t **handshake_state_out,
|
crypto_dh_t **handshake_state_out,
|
||||||
char *onion_skin_out) /* TAP_ONIONSKIN_CHALLENGE_LEN bytes */
|
char *onion_skin_out) /* TAP_ONIONSKIN_CHALLENGE_LEN bytes */
|
||||||
{
|
{
|
||||||
char challenge[DH_KEY_LEN];
|
char challenge[DH1024_KEY_LEN];
|
||||||
crypto_dh_t *dh = NULL;
|
crypto_dh_t *dh = NULL;
|
||||||
int dhbytes, pkbytes;
|
int dhbytes, pkbytes;
|
||||||
|
|
||||||
@ -77,7 +77,7 @@ onion_skin_TAP_create(crypto_pk_t *dest_router_key,
|
|||||||
/* set meeting point, meeting cookie, etc here. Leave zero for now. */
|
/* set meeting point, meeting cookie, etc here. Leave zero for now. */
|
||||||
if (crypto_pk_obsolete_public_hybrid_encrypt(dest_router_key, onion_skin_out,
|
if (crypto_pk_obsolete_public_hybrid_encrypt(dest_router_key, onion_skin_out,
|
||||||
TAP_ONIONSKIN_CHALLENGE_LEN,
|
TAP_ONIONSKIN_CHALLENGE_LEN,
|
||||||
challenge, DH_KEY_LEN,
|
challenge, DH1024_KEY_LEN,
|
||||||
PK_PKCS1_OAEP_PADDING, 1)<0)
|
PK_PKCS1_OAEP_PADDING, 1)<0)
|
||||||
goto err;
|
goto err;
|
||||||
|
|
||||||
@ -136,7 +136,7 @@ onion_skin_TAP_server_handshake(
|
|||||||
log_info(LD_PROTOCOL,
|
log_info(LD_PROTOCOL,
|
||||||
"Couldn't decrypt onionskin: client may be using old onion key");
|
"Couldn't decrypt onionskin: client may be using old onion key");
|
||||||
goto err;
|
goto err;
|
||||||
} else if (len != DH_KEY_LEN) {
|
} else if (len != DH1024_KEY_LEN) {
|
||||||
log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
|
log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
|
||||||
"Unexpected onionskin length after decryption: %ld",
|
"Unexpected onionskin length after decryption: %ld",
|
||||||
(long)len);
|
(long)len);
|
||||||
@ -152,7 +152,7 @@ onion_skin_TAP_server_handshake(
|
|||||||
goto err;
|
goto err;
|
||||||
/* LCOV_EXCL_STOP */
|
/* LCOV_EXCL_STOP */
|
||||||
}
|
}
|
||||||
if (crypto_dh_get_public(dh, handshake_reply_out, DH_KEY_LEN)) {
|
if (crypto_dh_get_public(dh, handshake_reply_out, DH1024_KEY_LEN)) {
|
||||||
/* LCOV_EXCL_START
|
/* LCOV_EXCL_START
|
||||||
* This can only fail if the length of the key we just allocated is too
|
* This can only fail if the length of the key we just allocated is too
|
||||||
* big. That should be impossible. */
|
* big. That should be impossible. */
|
||||||
@ -164,7 +164,7 @@ onion_skin_TAP_server_handshake(
|
|||||||
key_material_len = DIGEST_LEN+key_out_len;
|
key_material_len = DIGEST_LEN+key_out_len;
|
||||||
key_material = tor_malloc(key_material_len);
|
key_material = tor_malloc(key_material_len);
|
||||||
len = crypto_dh_compute_secret(LOG_PROTOCOL_WARN, dh, challenge,
|
len = crypto_dh_compute_secret(LOG_PROTOCOL_WARN, dh, challenge,
|
||||||
DH_KEY_LEN, key_material,
|
DH1024_KEY_LEN, key_material,
|
||||||
key_material_len);
|
key_material_len);
|
||||||
if (len < 0) {
|
if (len < 0) {
|
||||||
log_info(LD_GENERAL, "crypto_dh_compute_secret failed.");
|
log_info(LD_GENERAL, "crypto_dh_compute_secret failed.");
|
||||||
@ -172,7 +172,7 @@ onion_skin_TAP_server_handshake(
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* send back H(K|0) as proof that we learned K. */
|
/* send back H(K|0) as proof that we learned K. */
|
||||||
memcpy(handshake_reply_out+DH_KEY_LEN, key_material, DIGEST_LEN);
|
memcpy(handshake_reply_out+DH1024_KEY_LEN, key_material, DIGEST_LEN);
|
||||||
|
|
||||||
/* use the rest of the key material for our shared keys, digests, etc */
|
/* use the rest of the key material for our shared keys, digests, etc */
|
||||||
memcpy(key_out, key_material+DIGEST_LEN, key_out_len);
|
memcpy(key_out, key_material+DIGEST_LEN, key_out_len);
|
||||||
@ -212,12 +212,12 @@ onion_skin_TAP_client_handshake(crypto_dh_t *handshake_state,
|
|||||||
ssize_t len;
|
ssize_t len;
|
||||||
char *key_material=NULL;
|
char *key_material=NULL;
|
||||||
size_t key_material_len;
|
size_t key_material_len;
|
||||||
tor_assert(crypto_dh_get_bytes(handshake_state) == DH_KEY_LEN);
|
tor_assert(crypto_dh_get_bytes(handshake_state) == DH1024_KEY_LEN);
|
||||||
|
|
||||||
key_material_len = DIGEST_LEN + key_out_len;
|
key_material_len = DIGEST_LEN + key_out_len;
|
||||||
key_material = tor_malloc(key_material_len);
|
key_material = tor_malloc(key_material_len);
|
||||||
len = crypto_dh_compute_secret(LOG_PROTOCOL_WARN, handshake_state,
|
len = crypto_dh_compute_secret(LOG_PROTOCOL_WARN, handshake_state,
|
||||||
handshake_reply, DH_KEY_LEN, key_material,
|
handshake_reply, DH1024_KEY_LEN, key_material,
|
||||||
key_material_len);
|
key_material_len);
|
||||||
if (len < 0) {
|
if (len < 0) {
|
||||||
if (msg_out)
|
if (msg_out)
|
||||||
@ -225,7 +225,7 @@ onion_skin_TAP_client_handshake(crypto_dh_t *handshake_state,
|
|||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (tor_memneq(key_material, handshake_reply+DH_KEY_LEN, DIGEST_LEN)) {
|
if (tor_memneq(key_material, handshake_reply+DH1024_KEY_LEN, DIGEST_LEN)) {
|
||||||
/* H(K) does *not* match. Something fishy. */
|
/* H(K) does *not* match. Something fishy. */
|
||||||
if (msg_out)
|
if (msg_out)
|
||||||
*msg_out = "Digest DOES NOT MATCH on onion handshake. Bug or attack.";
|
*msg_out = "Digest DOES NOT MATCH on onion handshake. Bug or attack.";
|
||||||
|
@ -14,8 +14,8 @@
|
|||||||
|
|
||||||
#define TAP_ONIONSKIN_CHALLENGE_LEN (PKCS1_OAEP_PADDING_OVERHEAD+\
|
#define TAP_ONIONSKIN_CHALLENGE_LEN (PKCS1_OAEP_PADDING_OVERHEAD+\
|
||||||
CIPHER_KEY_LEN+\
|
CIPHER_KEY_LEN+\
|
||||||
DH_KEY_LEN)
|
DH1024_KEY_LEN)
|
||||||
#define TAP_ONIONSKIN_REPLY_LEN (DH_KEY_LEN+DIGEST_LEN)
|
#define TAP_ONIONSKIN_REPLY_LEN (DH1024_KEY_LEN+DIGEST_LEN)
|
||||||
|
|
||||||
int onion_skin_TAP_create(crypto_pk_t *router_key,
|
int onion_skin_TAP_create(crypto_pk_t *router_key,
|
||||||
crypto_dh_t **handshake_state_out,
|
crypto_dh_t **handshake_state_out,
|
||||||
|
@ -1542,8 +1542,6 @@ typedef struct crypt_path_reference_t crypt_path_reference_t;
|
|||||||
|
|
||||||
#define CPATH_KEY_MATERIAL_LEN (20*2+16*2)
|
#define CPATH_KEY_MATERIAL_LEN (20*2+16*2)
|
||||||
|
|
||||||
#define DH_KEY_LEN DH_BYTES
|
|
||||||
|
|
||||||
typedef struct cpath_build_state_t cpath_build_state_t;
|
typedef struct cpath_build_state_t cpath_build_state_t;
|
||||||
|
|
||||||
/** "magic" value for an origin_circuit_t */
|
/** "magic" value for an origin_circuit_t */
|
||||||
|
@ -258,7 +258,7 @@ rend_client_send_introduction(origin_circuit_t *introcirc,
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (crypto_dh_get_public(cpath->rend_dh_handshake_state, tmp+dh_offset,
|
if (crypto_dh_get_public(cpath->rend_dh_handshake_state, tmp+dh_offset,
|
||||||
DH_KEY_LEN)<0) {
|
DH1024_KEY_LEN)<0) {
|
||||||
log_warn(LD_BUG, "Internal error: couldn't extract g^x.");
|
log_warn(LD_BUG, "Internal error: couldn't extract g^x.");
|
||||||
status = -2;
|
status = -2;
|
||||||
goto perm_err;
|
goto perm_err;
|
||||||
@ -269,7 +269,7 @@ rend_client_send_introduction(origin_circuit_t *introcirc,
|
|||||||
r = crypto_pk_obsolete_public_hybrid_encrypt(intro_key, payload+DIGEST_LEN,
|
r = crypto_pk_obsolete_public_hybrid_encrypt(intro_key, payload+DIGEST_LEN,
|
||||||
sizeof(payload)-DIGEST_LEN,
|
sizeof(payload)-DIGEST_LEN,
|
||||||
tmp,
|
tmp,
|
||||||
(int)(dh_offset+DH_KEY_LEN),
|
(int)(dh_offset+DH1024_KEY_LEN),
|
||||||
PK_PKCS1_OAEP_PADDING, 0);
|
PK_PKCS1_OAEP_PADDING, 0);
|
||||||
if (r<0) {
|
if (r<0) {
|
||||||
log_warn(LD_BUG,"Internal error: hybrid pk encrypt failed.");
|
log_warn(LD_BUG,"Internal error: hybrid pk encrypt failed.");
|
||||||
@ -874,7 +874,7 @@ int
|
|||||||
rend_client_receive_rendezvous(origin_circuit_t *circ, const uint8_t *request,
|
rend_client_receive_rendezvous(origin_circuit_t *circ, const uint8_t *request,
|
||||||
size_t request_len)
|
size_t request_len)
|
||||||
{
|
{
|
||||||
if (request_len != DH_KEY_LEN+DIGEST_LEN) {
|
if (request_len != DH1024_KEY_LEN+DIGEST_LEN) {
|
||||||
log_warn(LD_PROTOCOL,"Incorrect length (%d) on RENDEZVOUS2 cell.",
|
log_warn(LD_PROTOCOL,"Incorrect length (%d) on RENDEZVOUS2 cell.",
|
||||||
(int)request_len);
|
(int)request_len);
|
||||||
goto err;
|
goto err;
|
||||||
|
@ -157,7 +157,8 @@ rend_mid_introduce_legacy(or_circuit_t *circ, const uint8_t *request,
|
|||||||
* to revise this protocol anyway.
|
* to revise this protocol anyway.
|
||||||
*/
|
*/
|
||||||
if (request_len < (DIGEST_LEN+(MAX_NICKNAME_LEN+1)+REND_COOKIE_LEN+
|
if (request_len < (DIGEST_LEN+(MAX_NICKNAME_LEN+1)+REND_COOKIE_LEN+
|
||||||
DH_KEY_LEN+CIPHER_KEY_LEN+PKCS1_OAEP_PADDING_OVERHEAD)) {
|
DH1024_KEY_LEN+CIPHER_KEY_LEN+
|
||||||
|
PKCS1_OAEP_PADDING_OVERHEAD)) {
|
||||||
log_warn(LD_PROTOCOL, "Impossibly short INTRODUCE1 cell on circuit %u; "
|
log_warn(LD_PROTOCOL, "Impossibly short INTRODUCE1 cell on circuit %u; "
|
||||||
"responding with nack.",
|
"responding with nack.",
|
||||||
(unsigned)circ->p_circ_id);
|
(unsigned)circ->p_circ_id);
|
||||||
@ -367,4 +368,3 @@ rend_mid_rendezvous(or_circuit_t *circ, const uint8_t *request,
|
|||||||
circuit_mark_for_close(TO_CIRCUIT(circ), reason);
|
circuit_mark_for_close(TO_CIRCUIT(circ), reason);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -2005,7 +2005,7 @@ rend_service_receive_introduction(origin_circuit_t *circuit,
|
|||||||
* part 1. */
|
* part 1. */
|
||||||
replay = replaycache_add_test_and_elapsed(
|
replay = replaycache_add_test_and_elapsed(
|
||||||
service->accepted_intro_dh_parts,
|
service->accepted_intro_dh_parts,
|
||||||
parsed_req->dh, DH_KEY_LEN,
|
parsed_req->dh, DH1024_KEY_LEN,
|
||||||
&elapsed);
|
&elapsed);
|
||||||
|
|
||||||
if (replay) {
|
if (replay) {
|
||||||
@ -2055,7 +2055,7 @@ rend_service_receive_introduction(origin_circuit_t *circuit,
|
|||||||
}
|
}
|
||||||
if (crypto_dh_compute_secret(LOG_PROTOCOL_WARN, dh,
|
if (crypto_dh_compute_secret(LOG_PROTOCOL_WARN, dh,
|
||||||
(char *)(parsed_req->dh),
|
(char *)(parsed_req->dh),
|
||||||
DH_KEY_LEN, keys,
|
DH1024_KEY_LEN, keys,
|
||||||
DIGEST_LEN+CPATH_KEY_MATERIAL_LEN)<0) {
|
DIGEST_LEN+CPATH_KEY_MATERIAL_LEN)<0) {
|
||||||
log_warn(LD_BUG, "Internal error: couldn't complete DH handshake");
|
log_warn(LD_BUG, "Internal error: couldn't complete DH handshake");
|
||||||
reason = END_CIRC_REASON_INTERNAL;
|
reason = END_CIRC_REASON_INTERNAL;
|
||||||
@ -2336,7 +2336,7 @@ rend_service_begin_parse_intro(const uint8_t *request,
|
|||||||
/* min key length plus digest length plus nickname length */
|
/* min key length plus digest length plus nickname length */
|
||||||
if (request_len <
|
if (request_len <
|
||||||
(DIGEST_LEN + REND_COOKIE_LEN + (MAX_NICKNAME_LEN + 1) +
|
(DIGEST_LEN + REND_COOKIE_LEN + (MAX_NICKNAME_LEN + 1) +
|
||||||
DH_KEY_LEN + 42)) {
|
DH1024_KEY_LEN + 42)) {
|
||||||
if (err_msg_out) {
|
if (err_msg_out) {
|
||||||
tor_asprintf(&err_msg,
|
tor_asprintf(&err_msg,
|
||||||
"got a truncated INTRODUCE%d cell",
|
"got a truncated INTRODUCE%d cell",
|
||||||
@ -2872,14 +2872,14 @@ rend_service_parse_intro_plaintext(
|
|||||||
*/
|
*/
|
||||||
|
|
||||||
ver_invariant_len = intro->plaintext_len - ver_specific_len;
|
ver_invariant_len = intro->plaintext_len - ver_specific_len;
|
||||||
if (ver_invariant_len < REND_COOKIE_LEN + DH_KEY_LEN) {
|
if (ver_invariant_len < REND_COOKIE_LEN + DH1024_KEY_LEN) {
|
||||||
tor_asprintf(&err_msg,
|
tor_asprintf(&err_msg,
|
||||||
"decrypted plaintext of INTRODUCE%d cell was truncated (%ld bytes)",
|
"decrypted plaintext of INTRODUCE%d cell was truncated (%ld bytes)",
|
||||||
(int)(intro->type),
|
(int)(intro->type),
|
||||||
(long)(intro->plaintext_len));
|
(long)(intro->plaintext_len));
|
||||||
status = -5;
|
status = -5;
|
||||||
goto err;
|
goto err;
|
||||||
} else if (ver_invariant_len > REND_COOKIE_LEN + DH_KEY_LEN) {
|
} else if (ver_invariant_len > REND_COOKIE_LEN + DH1024_KEY_LEN) {
|
||||||
tor_asprintf(&err_msg,
|
tor_asprintf(&err_msg,
|
||||||
"decrypted plaintext of INTRODUCE%d cell was too long (%ld bytes)",
|
"decrypted plaintext of INTRODUCE%d cell was too long (%ld bytes)",
|
||||||
(int)(intro->type),
|
(int)(intro->type),
|
||||||
@ -2892,7 +2892,7 @@ rend_service_parse_intro_plaintext(
|
|||||||
REND_COOKIE_LEN);
|
REND_COOKIE_LEN);
|
||||||
memcpy(intro->dh,
|
memcpy(intro->dh,
|
||||||
intro->plaintext + ver_specific_len + REND_COOKIE_LEN,
|
intro->plaintext + ver_specific_len + REND_COOKIE_LEN,
|
||||||
DH_KEY_LEN);
|
DH1024_KEY_LEN);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Flag it as being fully parsed */
|
/* Flag it as being fully parsed */
|
||||||
@ -3449,12 +3449,12 @@ rend_service_rendezvous_has_opened(origin_circuit_t *circuit)
|
|||||||
/* All we need to do is send a RELAY_RENDEZVOUS1 cell... */
|
/* All we need to do is send a RELAY_RENDEZVOUS1 cell... */
|
||||||
memcpy(buf, rend_cookie, REND_COOKIE_LEN);
|
memcpy(buf, rend_cookie, REND_COOKIE_LEN);
|
||||||
if (crypto_dh_get_public(hop->rend_dh_handshake_state,
|
if (crypto_dh_get_public(hop->rend_dh_handshake_state,
|
||||||
buf+REND_COOKIE_LEN, DH_KEY_LEN)<0) {
|
buf+REND_COOKIE_LEN, DH1024_KEY_LEN)<0) {
|
||||||
log_warn(LD_GENERAL,"Couldn't get DH public key.");
|
log_warn(LD_GENERAL,"Couldn't get DH public key.");
|
||||||
reason = END_CIRC_REASON_INTERNAL;
|
reason = END_CIRC_REASON_INTERNAL;
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
memcpy(buf+REND_COOKIE_LEN+DH_KEY_LEN, hop->rend_circ_nonce,
|
memcpy(buf+REND_COOKIE_LEN+DH1024_KEY_LEN, hop->rend_circ_nonce,
|
||||||
DIGEST_LEN);
|
DIGEST_LEN);
|
||||||
|
|
||||||
/* Send the cell */
|
/* Send the cell */
|
||||||
|
@ -58,7 +58,7 @@ struct rend_intro_cell_s {
|
|||||||
/* Rendezvous cookie */
|
/* Rendezvous cookie */
|
||||||
uint8_t rc[REND_COOKIE_LEN];
|
uint8_t rc[REND_COOKIE_LEN];
|
||||||
/* Diffie-Hellman data */
|
/* Diffie-Hellman data */
|
||||||
uint8_t dh[DH_KEY_LEN];
|
uint8_t dh[DH1024_KEY_LEN];
|
||||||
};
|
};
|
||||||
|
|
||||||
#ifdef RENDSERVICE_PRIVATE
|
#ifdef RENDSERVICE_PRIVATE
|
||||||
|
@ -551,8 +551,8 @@ bench_dh(void)
|
|||||||
reset_perftime();
|
reset_perftime();
|
||||||
start = perftime();
|
start = perftime();
|
||||||
for (i = 0; i < iters; ++i) {
|
for (i = 0; i < iters; ++i) {
|
||||||
char dh_pubkey_a[DH_BYTES], dh_pubkey_b[DH_BYTES];
|
char dh_pubkey_a[DH1024_KEY_LEN], dh_pubkey_b[DH1024_KEY_LEN];
|
||||||
char secret_a[DH_BYTES], secret_b[DH_BYTES];
|
char secret_a[DH1024_KEY_LEN], secret_b[DH1024_KEY_LEN];
|
||||||
ssize_t slen_a, slen_b;
|
ssize_t slen_a, slen_b;
|
||||||
crypto_dh_t *dh_a = crypto_dh_new(DH_TYPE_TLS);
|
crypto_dh_t *dh_a = crypto_dh_new(DH_TYPE_TLS);
|
||||||
crypto_dh_t *dh_b = crypto_dh_new(DH_TYPE_TLS);
|
crypto_dh_t *dh_b = crypto_dh_new(DH_TYPE_TLS);
|
||||||
@ -586,7 +586,7 @@ bench_ecdh_impl(int nid, const char *name)
|
|||||||
reset_perftime();
|
reset_perftime();
|
||||||
start = perftime();
|
start = perftime();
|
||||||
for (i = 0; i < iters; ++i) {
|
for (i = 0; i < iters; ++i) {
|
||||||
char secret_a[DH_BYTES], secret_b[DH_BYTES];
|
char secret_a[DH1024_KEY_LEN], secret_b[DH1024_KEY_LEN];
|
||||||
ssize_t slen_a, slen_b;
|
ssize_t slen_a, slen_b;
|
||||||
EC_KEY *dh_a = EC_KEY_new_by_curve_name(nid);
|
EC_KEY *dh_a = EC_KEY_new_by_curve_name(nid);
|
||||||
EC_KEY *dh_b = EC_KEY_new_by_curve_name(nid);
|
EC_KEY *dh_b = EC_KEY_new_by_curve_name(nid);
|
||||||
@ -597,10 +597,10 @@ bench_ecdh_impl(int nid, const char *name)
|
|||||||
|
|
||||||
EC_KEY_generate_key(dh_a);
|
EC_KEY_generate_key(dh_a);
|
||||||
EC_KEY_generate_key(dh_b);
|
EC_KEY_generate_key(dh_b);
|
||||||
slen_a = ECDH_compute_key(secret_a, DH_BYTES,
|
slen_a = ECDH_compute_key(secret_a, DH1024_KEY_LEN,
|
||||||
EC_KEY_get0_public_key(dh_b), dh_a,
|
EC_KEY_get0_public_key(dh_b), dh_a,
|
||||||
NULL);
|
NULL);
|
||||||
slen_b = ECDH_compute_key(secret_b, DH_BYTES,
|
slen_b = ECDH_compute_key(secret_b, DH1024_KEY_LEN,
|
||||||
EC_KEY_get0_public_key(dh_a), dh_b,
|
EC_KEY_get0_public_key(dh_a), dh_b,
|
||||||
NULL);
|
NULL);
|
||||||
|
|
||||||
|
@ -148,7 +148,8 @@ test_bad_onion_handshake(void *arg)
|
|||||||
memset(junk_buf, 0, sizeof(junk_buf));
|
memset(junk_buf, 0, sizeof(junk_buf));
|
||||||
crypto_pk_obsolete_public_hybrid_encrypt(pk,
|
crypto_pk_obsolete_public_hybrid_encrypt(pk,
|
||||||
junk_buf2, TAP_ONIONSKIN_CHALLENGE_LEN,
|
junk_buf2, TAP_ONIONSKIN_CHALLENGE_LEN,
|
||||||
junk_buf, DH_KEY_LEN, PK_PKCS1_OAEP_PADDING, 1);
|
junk_buf, DH1024_KEY_LEN,
|
||||||
|
PK_PKCS1_OAEP_PADDING, 1);
|
||||||
tt_int_op(-1, OP_EQ,
|
tt_int_op(-1, OP_EQ,
|
||||||
onion_skin_TAP_server_handshake(junk_buf2, pk, NULL,
|
onion_skin_TAP_server_handshake(junk_buf2, pk, NULL,
|
||||||
s_buf, s_keys, 40));
|
s_buf, s_keys, 40));
|
||||||
|
@ -23,38 +23,39 @@ test_crypto_dh(void *arg)
|
|||||||
crypto_dh_t *dh1 = crypto_dh_new(DH_TYPE_CIRCUIT);
|
crypto_dh_t *dh1 = crypto_dh_new(DH_TYPE_CIRCUIT);
|
||||||
crypto_dh_t *dh1_dup = NULL;
|
crypto_dh_t *dh1_dup = NULL;
|
||||||
crypto_dh_t *dh2 = crypto_dh_new(DH_TYPE_CIRCUIT);
|
crypto_dh_t *dh2 = crypto_dh_new(DH_TYPE_CIRCUIT);
|
||||||
char p1[DH_BYTES];
|
char p1[DH1024_KEY_LEN];
|
||||||
char p2[DH_BYTES];
|
char p2[DH1024_KEY_LEN];
|
||||||
char s1[DH_BYTES];
|
char s1[DH1024_KEY_LEN];
|
||||||
char s2[DH_BYTES];
|
char s2[DH1024_KEY_LEN];
|
||||||
ssize_t s1len, s2len;
|
ssize_t s1len, s2len;
|
||||||
|
|
||||||
(void)arg;
|
(void)arg;
|
||||||
tt_int_op(crypto_dh_get_bytes(dh1),OP_EQ, DH_BYTES);
|
tt_int_op(crypto_dh_get_bytes(dh1),OP_EQ, DH1024_KEY_LEN);
|
||||||
tt_int_op(crypto_dh_get_bytes(dh2),OP_EQ, DH_BYTES);
|
tt_int_op(crypto_dh_get_bytes(dh2),OP_EQ, DH1024_KEY_LEN);
|
||||||
|
|
||||||
memset(p1, 0, DH_BYTES);
|
memset(p1, 0, DH1024_KEY_LEN);
|
||||||
memset(p2, 0, DH_BYTES);
|
memset(p2, 0, DH1024_KEY_LEN);
|
||||||
tt_mem_op(p1,OP_EQ, p2, DH_BYTES);
|
tt_mem_op(p1,OP_EQ, p2, DH1024_KEY_LEN);
|
||||||
|
|
||||||
tt_int_op(-1, OP_EQ, crypto_dh_get_public(dh1, p1, 6)); /* too short */
|
tt_int_op(-1, OP_EQ, crypto_dh_get_public(dh1, p1, 6)); /* too short */
|
||||||
|
|
||||||
tt_assert(! crypto_dh_get_public(dh1, p1, DH_BYTES));
|
tt_assert(! crypto_dh_get_public(dh1, p1, DH1024_KEY_LEN));
|
||||||
tt_mem_op(p1,OP_NE, p2, DH_BYTES);
|
tt_mem_op(p1,OP_NE, p2, DH1024_KEY_LEN);
|
||||||
tt_assert(! crypto_dh_get_public(dh2, p2, DH_BYTES));
|
tt_assert(! crypto_dh_get_public(dh2, p2, DH1024_KEY_LEN));
|
||||||
tt_mem_op(p1,OP_NE, p2, DH_BYTES);
|
tt_mem_op(p1,OP_NE, p2, DH1024_KEY_LEN);
|
||||||
|
|
||||||
memset(s1, 0, DH_BYTES);
|
memset(s1, 0, DH1024_KEY_LEN);
|
||||||
memset(s2, 0xFF, DH_BYTES);
|
memset(s2, 0xFF, DH1024_KEY_LEN);
|
||||||
s1len = crypto_dh_compute_secret(LOG_WARN, dh1, p2, DH_BYTES, s1, 50);
|
s1len = crypto_dh_compute_secret(LOG_WARN, dh1, p2, DH1024_KEY_LEN, s1, 50);
|
||||||
s2len = crypto_dh_compute_secret(LOG_WARN, dh2, p1, DH_BYTES, s2, 50);
|
s2len = crypto_dh_compute_secret(LOG_WARN, dh2, p1, DH1024_KEY_LEN, s2, 50);
|
||||||
tt_assert(s1len > 0);
|
tt_assert(s1len > 0);
|
||||||
tt_int_op(s1len,OP_EQ, s2len);
|
tt_int_op(s1len,OP_EQ, s2len);
|
||||||
tt_mem_op(s1,OP_EQ, s2, s1len);
|
tt_mem_op(s1,OP_EQ, s2, s1len);
|
||||||
|
|
||||||
/* test dh_dup; make sure it works the same. */
|
/* test dh_dup; make sure it works the same. */
|
||||||
dh1_dup = crypto_dh_dup(dh1);
|
dh1_dup = crypto_dh_dup(dh1);
|
||||||
s1len = crypto_dh_compute_secret(LOG_WARN, dh1_dup, p2, DH_BYTES, s1, 50);
|
s1len = crypto_dh_compute_secret(LOG_WARN, dh1_dup, p2, DH1024_KEY_LEN,
|
||||||
|
s1, 50);
|
||||||
tt_mem_op(s1,OP_EQ, s2, s1len);
|
tt_mem_op(s1,OP_EQ, s2, s1len);
|
||||||
|
|
||||||
{
|
{
|
||||||
@ -67,12 +68,14 @@ test_crypto_dh(void *arg)
|
|||||||
s1len = crypto_dh_compute_secret(LOG_WARN, dh1, "\x00", 1, s1, 50);
|
s1len = crypto_dh_compute_secret(LOG_WARN, dh1, "\x00", 1, s1, 50);
|
||||||
tt_int_op(-1, OP_EQ, s1len);
|
tt_int_op(-1, OP_EQ, s1len);
|
||||||
|
|
||||||
memset(p1, 0, DH_BYTES); /* 0 with padding. */
|
memset(p1, 0, DH1024_KEY_LEN); /* 0 with padding. */
|
||||||
s1len = crypto_dh_compute_secret(LOG_WARN, dh1, p1, DH_BYTES, s1, 50);
|
s1len = crypto_dh_compute_secret(LOG_WARN, dh1, p1, DH1024_KEY_LEN,
|
||||||
|
s1, 50);
|
||||||
tt_int_op(-1, OP_EQ, s1len);
|
tt_int_op(-1, OP_EQ, s1len);
|
||||||
|
|
||||||
p1[DH_BYTES-1] = 1; /* 1 with padding*/
|
p1[DH1024_KEY_LEN-1] = 1; /* 1 with padding*/
|
||||||
s1len = crypto_dh_compute_secret(LOG_WARN, dh1, p1, DH_BYTES, s1, 50);
|
s1len = crypto_dh_compute_secret(LOG_WARN, dh1, p1, DH1024_KEY_LEN,
|
||||||
|
s1, 50);
|
||||||
tt_int_op(-1, OP_EQ, s1len);
|
tt_int_op(-1, OP_EQ, s1len);
|
||||||
|
|
||||||
/* 2 is okay, though weird. */
|
/* 2 is okay, though weird. */
|
||||||
@ -89,15 +92,18 @@ test_crypto_dh(void *arg)
|
|||||||
/* p-1, p, and so on are not okay. */
|
/* p-1, p, and so on are not okay. */
|
||||||
base16_decode(p1, sizeof(p1), P, strlen(P));
|
base16_decode(p1, sizeof(p1), P, strlen(P));
|
||||||
|
|
||||||
s1len = crypto_dh_compute_secret(LOG_WARN, dh1, p1, DH_BYTES, s1, 50);
|
s1len = crypto_dh_compute_secret(LOG_WARN, dh1, p1, DH1024_KEY_LEN,
|
||||||
|
s1, 50);
|
||||||
tt_int_op(-1, OP_EQ, s1len);
|
tt_int_op(-1, OP_EQ, s1len);
|
||||||
|
|
||||||
p1[DH_BYTES-1] = 0xFE; /* p-1 */
|
p1[DH1024_KEY_LEN-1] = 0xFE; /* p-1 */
|
||||||
s1len = crypto_dh_compute_secret(LOG_WARN, dh1, p1, DH_BYTES, s1, 50);
|
s1len = crypto_dh_compute_secret(LOG_WARN, dh1, p1, DH1024_KEY_LEN,
|
||||||
|
s1, 50);
|
||||||
tt_int_op(-1, OP_EQ, s1len);
|
tt_int_op(-1, OP_EQ, s1len);
|
||||||
|
|
||||||
p1[DH_BYTES-1] = 0xFD; /* p-2 works fine */
|
p1[DH1024_KEY_LEN-1] = 0xFD; /* p-2 works fine */
|
||||||
s1len = crypto_dh_compute_secret(LOG_WARN, dh1, p1, DH_BYTES, s1, 50);
|
s1len = crypto_dh_compute_secret(LOG_WARN, dh1, p1, DH1024_KEY_LEN,
|
||||||
|
s1, 50);
|
||||||
tt_int_op(50, OP_EQ, s1len);
|
tt_int_op(50, OP_EQ, s1len);
|
||||||
|
|
||||||
const char P_plus_one[] =
|
const char P_plus_one[] =
|
||||||
@ -109,31 +115,35 @@ test_crypto_dh(void *arg)
|
|||||||
|
|
||||||
base16_decode(p1, sizeof(p1), P_plus_one, strlen(P_plus_one));
|
base16_decode(p1, sizeof(p1), P_plus_one, strlen(P_plus_one));
|
||||||
|
|
||||||
s1len = crypto_dh_compute_secret(LOG_WARN, dh1, p1, DH_BYTES, s1, 50);
|
s1len = crypto_dh_compute_secret(LOG_WARN, dh1, p1, DH1024_KEY_LEN,
|
||||||
|
s1, 50);
|
||||||
tt_int_op(-1, OP_EQ, s1len);
|
tt_int_op(-1, OP_EQ, s1len);
|
||||||
|
|
||||||
p1[DH_BYTES-1] = 0x01; /* p+2 */
|
p1[DH1024_KEY_LEN-1] = 0x01; /* p+2 */
|
||||||
s1len = crypto_dh_compute_secret(LOG_WARN, dh1, p1, DH_BYTES, s1, 50);
|
s1len = crypto_dh_compute_secret(LOG_WARN, dh1, p1, DH1024_KEY_LEN,
|
||||||
|
s1, 50);
|
||||||
tt_int_op(-1, OP_EQ, s1len);
|
tt_int_op(-1, OP_EQ, s1len);
|
||||||
|
|
||||||
p1[DH_BYTES-1] = 0xff; /* p+256 */
|
p1[DH1024_KEY_LEN-1] = 0xff; /* p+256 */
|
||||||
s1len = crypto_dh_compute_secret(LOG_WARN, dh1, p1, DH_BYTES, s1, 50);
|
s1len = crypto_dh_compute_secret(LOG_WARN, dh1, p1, DH1024_KEY_LEN,
|
||||||
|
s1, 50);
|
||||||
tt_int_op(-1, OP_EQ, s1len);
|
tt_int_op(-1, OP_EQ, s1len);
|
||||||
|
|
||||||
memset(p1, 0xff, DH_BYTES), /* 2^1024-1 */
|
memset(p1, 0xff, DH1024_KEY_LEN), /* 2^1024-1 */
|
||||||
s1len = crypto_dh_compute_secret(LOG_WARN, dh1, p1, DH_BYTES, s1, 50);
|
s1len = crypto_dh_compute_secret(LOG_WARN, dh1, p1, DH1024_KEY_LEN,
|
||||||
|
s1, 50);
|
||||||
tt_int_op(-1, OP_EQ, s1len);
|
tt_int_op(-1, OP_EQ, s1len);
|
||||||
}
|
}
|
||||||
|
|
||||||
{
|
{
|
||||||
/* provoke an error in the openssl DH_compute_key function; make sure we
|
/* provoke an error in the openssl DH_compute_key function; make sure we
|
||||||
* survive. */
|
* survive. */
|
||||||
tt_assert(! crypto_dh_get_public(dh1, p1, DH_BYTES));
|
tt_assert(! crypto_dh_get_public(dh1, p1, DH1024_KEY_LEN));
|
||||||
|
|
||||||
crypto_dh_free(dh2);
|
crypto_dh_free(dh2);
|
||||||
dh2= crypto_dh_new(DH_TYPE_CIRCUIT); /* no private key set */
|
dh2= crypto_dh_new(DH_TYPE_CIRCUIT); /* no private key set */
|
||||||
s1len = crypto_dh_compute_secret(LOG_WARN, dh2,
|
s1len = crypto_dh_compute_secret(LOG_WARN, dh2,
|
||||||
p1, DH_BYTES,
|
p1, DH1024_KEY_LEN,
|
||||||
s1, 50);
|
s1, 50);
|
||||||
tt_int_op(s1len, OP_EQ, -1);
|
tt_int_op(s1len, OP_EQ, -1);
|
||||||
}
|
}
|
||||||
@ -3063,4 +3073,3 @@ struct testcase_t crypto_tests[] = {
|
|||||||
{ "failure_modes", test_crypto_failure_modes, TT_FORK, NULL, NULL },
|
{ "failure_modes", test_crypto_failure_modes, TT_FORK, NULL, NULL },
|
||||||
END_OF_TESTCASES
|
END_OF_TESTCASES
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -197,17 +197,17 @@ test_e2e_rend_circuit_setup_legacy(void *arg)
|
|||||||
|
|
||||||
/* Make a good RENDEZVOUS1 cell body because it needs to pass key exchange
|
/* Make a good RENDEZVOUS1 cell body because it needs to pass key exchange
|
||||||
* digest verification... */
|
* digest verification... */
|
||||||
uint8_t rend_cell_body[DH_KEY_LEN+DIGEST_LEN] = {2};
|
uint8_t rend_cell_body[DH1024_KEY_LEN+DIGEST_LEN] = {2};
|
||||||
{
|
{
|
||||||
char keys[DIGEST_LEN+CPATH_KEY_MATERIAL_LEN];
|
char keys[DIGEST_LEN+CPATH_KEY_MATERIAL_LEN];
|
||||||
crypto_dh_t *dh_state =
|
crypto_dh_t *dh_state =
|
||||||
or_circ->build_state->pending_final_cpath->rend_dh_handshake_state;
|
or_circ->build_state->pending_final_cpath->rend_dh_handshake_state;
|
||||||
/* compute and overwrite digest of cell body with the right value */
|
/* compute and overwrite digest of cell body with the right value */
|
||||||
retval = crypto_dh_compute_secret(LOG_PROTOCOL_WARN, dh_state,
|
retval = crypto_dh_compute_secret(LOG_PROTOCOL_WARN, dh_state,
|
||||||
(char*)rend_cell_body, DH_KEY_LEN,
|
(char*)rend_cell_body, DH1024_KEY_LEN,
|
||||||
keys, DIGEST_LEN+CPATH_KEY_MATERIAL_LEN);
|
keys, DIGEST_LEN+CPATH_KEY_MATERIAL_LEN);
|
||||||
tt_int_op(retval, OP_GT, 0);
|
tt_int_op(retval, OP_GT, 0);
|
||||||
memcpy(rend_cell_body+DH_KEY_LEN, keys, DIGEST_LEN);
|
memcpy(rend_cell_body+DH1024_KEY_LEN, keys, DIGEST_LEN);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Setup the circuit */
|
/* Setup the circuit */
|
||||||
|
Loading…
Reference in New Issue
Block a user