[or-cvs] [tor/release-0.2.1] Make the DH parameter we use for TLS match the one from Apache's mod_ssl

arma at torproject.org arma at torproject.org
Fri Feb 11 06:04:08 UTC 2011


commit 50c259d763c7471588b4e1f242695d2652e4284b
Author: Nick Mathewson <nickm at torproject.org>
Date:   Mon Jan 24 16:03:14 2011 -0500

    Make the DH parameter we use for TLS match the one from Apache's mod_ssl
    
    Our regular DH parameters that we use for circuit and rendezvous
    crypto are unchanged.  This is yet another small step on the path of
    protocol fingerprinting resistance.
    
    (Backport from 0.2.2's 5ed73e3807d90dd0a3)
---
 changes/dhparam      |    3 +++
 src/common/crypto.c  |   34 ++++++++++++++++++++++++++++------
 src/common/crypto.h  |    5 ++++-
 src/common/tortls.c  |    2 +-
 src/or/onion.c       |    4 ++--
 src/or/rendclient.c  |    2 +-
 src/or/rendservice.c |    2 +-
 src/or/test.c        |    4 ++--
 8 files changed, 42 insertions(+), 14 deletions(-)

diff --git a/changes/dhparam b/changes/dhparam
new file mode 100644
index 0000000..cb31243
--- /dev/null
+++ b/changes/dhparam
@@ -0,0 +1,3 @@
+  o Minor features
+    - Adjust our TLS Diffie-Hellman parameters to match those used by
+      Apache's mod_ssl.
diff --git a/src/common/crypto.c b/src/common/crypto.c
index 29137a8..48c8dea 100644
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -1505,8 +1505,10 @@ crypto_hmac_sha1(char *hmac_out,
 
 /* DH */
 
-/** Shared P parameter for our DH key exchanged. */
+/** Shared P parameter for our circuit-crypto DH key exchanges. */
 static BIGNUM *dh_param_p = NULL;
+/** Shared P parameter for our TLS DH key exchanges. */
+static BIGNUM *dh_param_p_tls = NULL;
 /** Shared G parameter for our DH key exchanges. */
 static BIGNUM *dh_param_g = NULL;
 
@@ -1515,14 +1517,16 @@ static BIGNUM *dh_param_g = NULL;
 static void
 init_dh_param(void)
 {
-  BIGNUM *p, *g;
+  BIGNUM *p, *p2, *g;
   int r;
-  if (dh_param_p && dh_param_g)
+  if (dh_param_p && dh_param_g && dh_param_p_tls)
     return;
 
   p = BN_new();
+  p2 = BN_new();
   g = BN_new();
   tor_assert(p);
+  tor_assert(p2);
   tor_assert(g);
 
   /* This is from rfc2409, section 6.2.  It's a safe prime, and
@@ -1536,10 +1540,20 @@ init_dh_param(void)
                 "A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE6"
                 "49286651ECE65381FFFFFFFFFFFFFFFF");
   tor_assert(r);
+  /* This is the 1024-bit safe prime that Apache uses for its DH stuff; see
+   * modules/ssl/ssl_engine_dh.c */
+  r = BN_hex2bn(&p2,
+                  "D67DE440CBBBDC1936D693D34AFD0AD50C84D239A45F520BB88174CB98"
+                "BCE951849F912E639C72FB13B4B4D7177E16D55AC179BA420B2A29FE324A"
+                "467A635E81FF5901377BEDDCFD33168A461AAD3B72DAE8860078045B07A7"
+                "DBCA7874087D1510EA9FCC9DDD330507DD62DB88AEAA747DE0F4D6E2BD68"
+                "B0E7393E0F24218EB3");
+  tor_assert(r);
 
   r = BN_set_word(g, 2);
   tor_assert(r);
   dh_param_p = p;
+  dh_param_p_tls = p2;
   dh_param_g = g;
 }
 
@@ -1548,18 +1562,26 @@ init_dh_param(void)
 /** Allocate and return a new DH object for a key exchange.
  */
 crypto_dh_env_t *
-crypto_dh_new(void)
+crypto_dh_new(int dh_type)
 {
   crypto_dh_env_t *res = tor_malloc_zero(sizeof(crypto_dh_env_t));
 
+  tor_assert(dh_type == DH_TYPE_CIRCUIT || dh_type == DH_TYPE_TLS ||
+             dh_type == DH_TYPE_REND);
+
   if (!dh_param_p)
     init_dh_param();
 
   if (!(res->dh = DH_new()))
     goto err;
 
-  if (!(res->dh->p = BN_dup(dh_param_p)))
-    goto err;
+  if (dh_type == DH_TYPE_TLS) {
+    if (!(res->dh->p = BN_dup(dh_param_p_tls)))
+      goto err;
+  } else {
+    if (!(res->dh->p = BN_dup(dh_param_p)))
+      goto err;
+  }
 
   if (!(res->dh->g = BN_dup(dh_param_g)))
     goto err;
diff --git a/src/common/crypto.h b/src/common/crypto.h
index d6f5555..576c03d 100644
--- a/src/common/crypto.h
+++ b/src/common/crypto.h
@@ -159,7 +159,10 @@ void crypto_hmac_sha1(char *hmac_out,
                       const char *msg, size_t msg_len);
 
 /* Key negotiation */
-crypto_dh_env_t *crypto_dh_new(void);
+#define DH_TYPE_CIRCUIT 1
+#define DH_TYPE_REND 2
+#define DH_TYPE_TLS 3
+crypto_dh_env_t *crypto_dh_new(int dh_type);
 int crypto_dh_get_bytes(crypto_dh_env_t *dh);
 int crypto_dh_generate_public(crypto_dh_env_t *dh);
 int crypto_dh_get_public(crypto_dh_env_t *dh, char *pubkey_out,
diff --git a/src/common/tortls.c b/src/common/tortls.c
index 1d597e2..7735618 100644
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -684,7 +684,7 @@ tor_tls_context_new(crypto_pk_env_t *identity, unsigned int key_lifetime)
   if (!SSL_CTX_check_private_key(result->ctx))
     goto error;
   {
-    crypto_dh_env_t *dh = crypto_dh_new();
+    crypto_dh_env_t *dh = crypto_dh_new(DH_TYPE_TLS);
     SSL_CTX_set_tmp_dh(result->ctx, _crypto_dh_env_get_dh(dh));
     crypto_dh_free(dh);
   }
diff --git a/src/or/onion.c b/src/or/onion.c
index bf72b4c..e455a52 100644
--- a/src/or/onion.c
+++ b/src/or/onion.c
@@ -173,7 +173,7 @@ onion_skin_create(crypto_pk_env_t *dest_router_key,
   *handshake_state_out = NULL;
   memset(onion_skin_out, 0, ONIONSKIN_CHALLENGE_LEN);
 
-  if (!(dh = crypto_dh_new()))
+  if (!(dh = crypto_dh_new(DH_TYPE_CIRCUIT)))
     goto err;
 
   dhbytes = crypto_dh_get_bytes(dh);
@@ -247,7 +247,7 @@ onion_skin_server_handshake(const char *onion_skin, /*ONIONSKIN_CHALLENGE_LEN*/
     goto err;
   }
 
-  dh = crypto_dh_new();
+  dh = crypto_dh_new(DH_TYPE_CIRCUIT);
   if (crypto_dh_get_public(dh, handshake_reply_out, DH_KEY_LEN)) {
     log_info(LD_GENERAL, "crypto_dh_get_public failed.");
     goto err;
diff --git a/src/or/rendclient.c b/src/or/rendclient.c
index 9587546..783a661 100644
--- a/src/or/rendclient.c
+++ b/src/or/rendclient.c
@@ -130,7 +130,7 @@ rend_client_send_introduction(origin_circuit_t *introcirc,
     cpath = rendcirc->build_state->pending_final_cpath =
       tor_malloc_zero(sizeof(crypt_path_t));
     cpath->magic = CRYPT_PATH_MAGIC;
-    if (!(cpath->dh_handshake_state = crypto_dh_new())) {
+    if (!(cpath->dh_handshake_state = crypto_dh_new(DH_TYPE_REND))) {
       log_warn(LD_BUG, "Internal error: couldn't allocate DH.");
       goto err;
     }
diff --git a/src/or/rendservice.c b/src/or/rendservice.c
index a650eda..33e8d3e 100644
--- a/src/or/rendservice.c
+++ b/src/or/rendservice.c
@@ -1151,7 +1151,7 @@ rend_service_introduce(origin_circuit_t *circuit, const uint8_t *request,
   }
 
   /* Try DH handshake... */
-  dh = crypto_dh_new();
+  dh = crypto_dh_new(DH_TYPE_REND);
   if (!dh || crypto_dh_generate_public(dh)<0) {
     log_warn(LD_BUG,"Internal error: couldn't build DH state "
              "or generate public key.");
diff --git a/src/or/test.c b/src/or/test.c
index 904ca69..b08f202 100644
--- a/src/or/test.c
+++ b/src/or/test.c
@@ -404,8 +404,8 @@ test_buffers(void)
 static void
 test_crypto_dh(void)
 {
-  crypto_dh_env_t *dh1 = crypto_dh_new();
-  crypto_dh_env_t *dh2 = crypto_dh_new();
+  crypto_dh_env_t *dh1 = crypto_dh_new(DH_TYPE_CIRCUIT);
+  crypto_dh_env_t *dh2 = crypto_dh_new(DH_TYPE_CIRCUIT);
   char p1[DH_BYTES];
   char p2[DH_BYTES];
   char s1[DH_BYTES];





More information about the tor-commits mailing list