[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [tor/master] Combine DH_BYTES and DH_KEY_LEN; put them in a lib/defs header.



commit 7a61a92870df84c37bacd9d065e0c8df2b938d37
Author: Nick Mathewson <nickm@xxxxxxxxxxxxxx>
Date:   Sun Jul 1 11:25:29 2018 -0400

    Combine DH_BYTES and DH_KEY_LEN; put them in a lib/defs header.
---
 src/lib/crypt_ops/crypto_dh.c |  4 +--
 src/lib/crypt_ops/crypto_dh.h |  4 +--
 src/lib/defs/dh_sizes.h       | 13 +++++++
 src/lib/defs/include.am       |  3 +-
 src/or/hs_circuit.c           | 10 +++---
 src/or/hs_common.h            |  2 +-
 src/or/onion.c                |  4 +--
 src/or/onion_tap.c            | 18 +++++-----
 src/or/onion_tap.h            |  4 +--
 src/or/or.h                   |  2 --
 src/or/rendclient.c           |  6 ++--
 src/or/rendmid.c              |  4 +--
 src/or/rendservice.c          | 16 ++++-----
 src/or/rendservice.h          |  2 +-
 src/test/bench.c              | 10 +++---
 src/test/test.c               |  3 +-
 src/test/test_crypto.c        | 83 ++++++++++++++++++++++++-------------------
 src/test/test_hs_client.c     |  6 ++--
 18 files changed, 107 insertions(+), 87 deletions(-)

diff --git a/src/lib/crypt_ops/crypto_dh.c b/src/lib/crypt_ops/crypto_dh.c
index a2622cfc2..c37e286da 100644
--- a/src/lib/crypt_ops/crypto_dh.c
+++ b/src/lib/crypt_ops/crypto_dh.c
@@ -344,7 +344,7 @@ crypto_dh_generate_public(crypto_dh_t *dh)
 
 /** Generate g^x as necessary, and write the g^x for the key exchange
  * as a <b>pubkey_len</b>-byte value into <b>pubkey</b>. Return 0 on
- * success, -1 on failure.  <b>pubkey_len</b> must be \>= DH_BYTES.
+ * success, -1 on failure.  <b>pubkey_len</b> must be \>= DH1024_KEY_LEN.
  */
 int
 crypto_dh_get_public(crypto_dh_t *dh, char *pubkey, size_t pubkey_len)
@@ -378,7 +378,7 @@ crypto_dh_get_public(crypto_dh_t *dh, char *pubkey, size_t pubkey_len)
   tor_assert(bytes >= 0);
   if (pubkey_len < (size_t)bytes) {
     log_warn(LD_CRYPTO,
-             "Weird! pubkey_len (%d) was smaller than DH_BYTES (%d)",
+             "Weird! pubkey_len (%d) was smaller than DH1024_KEY_LEN (%d)",
              (int) pubkey_len, bytes);
     return -1;
   }
diff --git a/src/lib/crypt_ops/crypto_dh.h b/src/lib/crypt_ops/crypto_dh.h
index 7b03e128a..73a7bcb52 100644
--- a/src/lib/crypt_ops/crypto_dh.h
+++ b/src/lib/crypt_ops/crypto_dh.h
@@ -14,9 +14,7 @@
 #define TOR_CRYPTO_DH_H
 
 #include "orconfig.h"
-
-/** Length of our DH keys. */
-#define DH_BYTES (1024/8)
+#include "lib/defs/dh_sizes.h"
 
 typedef struct crypto_dh_t crypto_dh_t;
 
diff --git a/src/lib/defs/dh_sizes.h b/src/lib/defs/dh_sizes.h
new file mode 100644
index 000000000..b60957281
--- /dev/null
+++ b/src/lib/defs/dh_sizes.h
@@ -0,0 +1,13 @@
+/* Copyright (c) 2001, Matej Pfajfar.
+ * Copyright (c) 2001-2004, Roger Dingledine.
+ * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
+ * Copyright (c) 2007-2018, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+#ifndef TOR_DH_SIZES_H
+#define TOR_DH_SIZES_H
+
+/** Length of our legacy DH keys. */
+#define DH1024_KEY_LEN (1024/8)
+
+#endif
diff --git a/src/lib/defs/include.am b/src/lib/defs/include.am
index ff48cff07..b54bac555 100644
--- a/src/lib/defs/include.am
+++ b/src/lib/defs/include.am
@@ -1,3 +1,4 @@
 
-noinst_HEADERS += \
+noinst_HEADERS += 			\
+	src/lib/defs/dh_sizes.h 	\
 	src/lib/defs/digest_sizes.h
diff --git a/src/or/hs_circuit.c b/src/or/hs_circuit.c
index 9fcb30ecc..853669846 100644
--- a/src/or/hs_circuit.c
+++ b/src/or/hs_circuit.c
@@ -102,7 +102,8 @@ create_rend_cpath(const uint8_t *ntor_key_seed, size_t seed_len,
 /* We are a v2 legacy HS client: Create and return a crypt path for the hidden
  * service on the other side of the rendezvous circuit <b>circ</b>. Initialize
  * the crypt path crypto using the body of the RENDEZVOUS1 cell at
- * <b>rend_cell_body</b> (which must be at least DH_KEY_LEN+DIGEST_LEN bytes).
+ * <b>rend_cell_body</b> (which must be at least DH1024_KEY_LEN+DIGEST_LEN
+ * bytes).
  */
 static crypt_path_t *
 create_rend_cpath_legacy(origin_circuit_t *circ, const uint8_t *rend_cell_body)
@@ -110,7 +111,7 @@ create_rend_cpath_legacy(origin_circuit_t *circ, const uint8_t *rend_cell_body)
   crypt_path_t *hop = NULL;
   char keys[DIGEST_LEN+CPATH_KEY_MATERIAL_LEN];
 
-  /* first DH_KEY_LEN bytes are g^y from the service. Finish the dh
+  /* first DH1024_KEY_LEN bytes are g^y from the service. Finish the dh
    * handshake...*/
   tor_assert(circ->build_state);
   tor_assert(circ->build_state->pending_final_cpath);
@@ -118,7 +119,7 @@ create_rend_cpath_legacy(origin_circuit_t *circ, const uint8_t *rend_cell_body)
 
   tor_assert(hop->rend_dh_handshake_state);
   if (crypto_dh_compute_secret(LOG_PROTOCOL_WARN, hop->rend_dh_handshake_state,
-                               (char*)rend_cell_body, DH_KEY_LEN,
+                               (char*)rend_cell_body, DH1024_KEY_LEN,
                                keys, DIGEST_LEN+CPATH_KEY_MATERIAL_LEN)<0) {
     log_warn(LD_GENERAL, "Couldn't complete DH handshake.");
     goto err;
@@ -130,7 +131,7 @@ create_rend_cpath_legacy(origin_circuit_t *circ, const uint8_t *rend_cell_body)
     goto err;
 
   /* Check whether the digest is right... */
-  if (tor_memneq(keys, rend_cell_body+DH_KEY_LEN, DIGEST_LEN)) {
+  if (tor_memneq(keys, rend_cell_body+DH1024_KEY_LEN, DIGEST_LEN)) {
     log_warn(LD_PROTOCOL, "Incorrect digest of key material.");
     goto err;
   }
@@ -1244,4 +1245,3 @@ hs_circ_cleanup(circuit_t *circ)
     hs_circuitmap_remove_circuit(circ);
   }
 }
-
diff --git a/src/or/hs_common.h b/src/or/hs_common.h
index 6d60d7799..11806365e 100644
--- a/src/or/hs_common.h
+++ b/src/or/hs_common.h
@@ -122,7 +122,7 @@
  * bigger than the 84 bytes needed for version 3 so we need to pad up to that
  * length so it is indistinguishable between versions. */
 #define HS_LEGACY_RENDEZVOUS_CELL_SIZE \
-  (REND_COOKIE_LEN + DH_KEY_LEN + DIGEST_LEN)
+  (REND_COOKIE_LEN + DH1024_KEY_LEN + DIGEST_LEN)
 
 /* Type of authentication key used by an introduction point. */
 typedef enum {
diff --git a/src/or/onion.c b/src/or/onion.c
index 776aacbf7..2b30870e5 100644
--- a/src/or/onion.c
+++ b/src/or/onion.c
@@ -558,7 +558,7 @@ onion_skin_server_handshake(int type,
                                         (char*)keys_out, keys_out_len)<0)
       return -1;
     r = TAP_ONIONSKIN_REPLY_LEN;
-    memcpy(rend_nonce_out, reply_out+DH_KEY_LEN, DIGEST_LEN);
+    memcpy(rend_nonce_out, reply_out+DH1024_KEY_LEN, DIGEST_LEN);
     break;
   case ONION_HANDSHAKE_TYPE_FAST:
     if (onionskin_len != CREATE_FAST_LEN)
@@ -635,7 +635,7 @@ onion_skin_client_handshake(int type,
                                         msg_out) < 0)
       return -1;
 
-    memcpy(rend_authenticator_out, reply+DH_KEY_LEN, DIGEST_LEN);
+    memcpy(rend_authenticator_out, reply+DH1024_KEY_LEN, DIGEST_LEN);
 
     return 0;
   case ONION_HANDSHAKE_TYPE_FAST:
diff --git a/src/or/onion_tap.c b/src/or/onion_tap.c
index cf5963b19..0f9f638fa 100644
--- a/src/or/onion_tap.c
+++ b/src/or/onion_tap.c
@@ -53,7 +53,7 @@ onion_skin_TAP_create(crypto_pk_t *dest_router_key,
                   crypto_dh_t **handshake_state_out,
                   char *onion_skin_out) /* TAP_ONIONSKIN_CHALLENGE_LEN bytes */
 {
-  char challenge[DH_KEY_LEN];
+  char challenge[DH1024_KEY_LEN];
   crypto_dh_t *dh = NULL;
   int dhbytes, pkbytes;
 
@@ -77,7 +77,7 @@ onion_skin_TAP_create(crypto_pk_t *dest_router_key,
   /* set meeting point, meeting cookie, etc here. Leave zero for now. */
   if (crypto_pk_obsolete_public_hybrid_encrypt(dest_router_key, onion_skin_out,
                                       TAP_ONIONSKIN_CHALLENGE_LEN,
-                                      challenge, DH_KEY_LEN,
+                                      challenge, DH1024_KEY_LEN,
                                       PK_PKCS1_OAEP_PADDING, 1)<0)
     goto err;
 
@@ -136,7 +136,7 @@ onion_skin_TAP_server_handshake(
     log_info(LD_PROTOCOL,
              "Couldn't decrypt onionskin: client may be using old onion key");
     goto err;
-  } else if (len != DH_KEY_LEN) {
+  } else if (len != DH1024_KEY_LEN) {
     log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
            "Unexpected onionskin length after decryption: %ld",
            (long)len);
@@ -152,7 +152,7 @@ onion_skin_TAP_server_handshake(
     goto err;
     /* LCOV_EXCL_STOP */
   }
-  if (crypto_dh_get_public(dh, handshake_reply_out, DH_KEY_LEN)) {
+  if (crypto_dh_get_public(dh, handshake_reply_out, DH1024_KEY_LEN)) {
     /* LCOV_EXCL_START
      * This can only fail if the length of the key we just allocated is too
      * big. That should be impossible. */
@@ -164,7 +164,7 @@ onion_skin_TAP_server_handshake(
   key_material_len = DIGEST_LEN+key_out_len;
   key_material = tor_malloc(key_material_len);
   len = crypto_dh_compute_secret(LOG_PROTOCOL_WARN, dh, challenge,
-                                 DH_KEY_LEN, key_material,
+                                 DH1024_KEY_LEN, key_material,
                                  key_material_len);
   if (len < 0) {
     log_info(LD_GENERAL, "crypto_dh_compute_secret failed.");
@@ -172,7 +172,7 @@ onion_skin_TAP_server_handshake(
   }
 
   /* send back H(K|0) as proof that we learned K. */
-  memcpy(handshake_reply_out+DH_KEY_LEN, key_material, DIGEST_LEN);
+  memcpy(handshake_reply_out+DH1024_KEY_LEN, key_material, DIGEST_LEN);
 
   /* use the rest of the key material for our shared keys, digests, etc */
   memcpy(key_out, key_material+DIGEST_LEN, key_out_len);
@@ -212,12 +212,12 @@ onion_skin_TAP_client_handshake(crypto_dh_t *handshake_state,
   ssize_t len;
   char *key_material=NULL;
   size_t key_material_len;
-  tor_assert(crypto_dh_get_bytes(handshake_state) == DH_KEY_LEN);
+  tor_assert(crypto_dh_get_bytes(handshake_state) == DH1024_KEY_LEN);
 
   key_material_len = DIGEST_LEN + key_out_len;
   key_material = tor_malloc(key_material_len);
   len = crypto_dh_compute_secret(LOG_PROTOCOL_WARN, handshake_state,
-                                 handshake_reply, DH_KEY_LEN, key_material,
+                                 handshake_reply, DH1024_KEY_LEN, key_material,
                                  key_material_len);
   if (len < 0) {
     if (msg_out)
@@ -225,7 +225,7 @@ onion_skin_TAP_client_handshake(crypto_dh_t *handshake_state,
     goto err;
   }
 
-  if (tor_memneq(key_material, handshake_reply+DH_KEY_LEN, DIGEST_LEN)) {
+  if (tor_memneq(key_material, handshake_reply+DH1024_KEY_LEN, DIGEST_LEN)) {
     /* H(K) does *not* match. Something fishy. */
     if (msg_out)
       *msg_out = "Digest DOES NOT MATCH on onion handshake. Bug or attack.";
diff --git a/src/or/onion_tap.h b/src/or/onion_tap.h
index fdc2ce912..5b1eacce7 100644
--- a/src/or/onion_tap.h
+++ b/src/or/onion_tap.h
@@ -14,8 +14,8 @@
 
 #define TAP_ONIONSKIN_CHALLENGE_LEN (PKCS1_OAEP_PADDING_OVERHEAD+\
                                  CIPHER_KEY_LEN+\
-                                 DH_KEY_LEN)
-#define TAP_ONIONSKIN_REPLY_LEN (DH_KEY_LEN+DIGEST_LEN)
+                                 DH1024_KEY_LEN)
+#define TAP_ONIONSKIN_REPLY_LEN (DH1024_KEY_LEN+DIGEST_LEN)
 
 int onion_skin_TAP_create(crypto_pk_t *router_key,
                       crypto_dh_t **handshake_state_out,
diff --git a/src/or/or.h b/src/or/or.h
index 63349cffb..3d3972fb8 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -1542,8 +1542,6 @@ typedef struct crypt_path_reference_t crypt_path_reference_t;
 
 #define CPATH_KEY_MATERIAL_LEN (20*2+16*2)
 
-#define DH_KEY_LEN DH_BYTES
-
 typedef struct cpath_build_state_t cpath_build_state_t;
 
 /** "magic" value for an origin_circuit_t */
diff --git a/src/or/rendclient.c b/src/or/rendclient.c
index 1da695706..b71457456 100644
--- a/src/or/rendclient.c
+++ b/src/or/rendclient.c
@@ -258,7 +258,7 @@ rend_client_send_introduction(origin_circuit_t *introcirc,
   }
 
   if (crypto_dh_get_public(cpath->rend_dh_handshake_state, tmp+dh_offset,
-                           DH_KEY_LEN)<0) {
+                           DH1024_KEY_LEN)<0) {
     log_warn(LD_BUG, "Internal error: couldn't extract g^x.");
     status = -2;
     goto perm_err;
@@ -269,7 +269,7 @@ rend_client_send_introduction(origin_circuit_t *introcirc,
   r = crypto_pk_obsolete_public_hybrid_encrypt(intro_key, payload+DIGEST_LEN,
                                       sizeof(payload)-DIGEST_LEN,
                                       tmp,
-                                      (int)(dh_offset+DH_KEY_LEN),
+                                      (int)(dh_offset+DH1024_KEY_LEN),
                                       PK_PKCS1_OAEP_PADDING, 0);
   if (r<0) {
     log_warn(LD_BUG,"Internal error: hybrid pk encrypt failed.");
@@ -874,7 +874,7 @@ int
 rend_client_receive_rendezvous(origin_circuit_t *circ, const uint8_t *request,
                                size_t request_len)
 {
-  if (request_len != DH_KEY_LEN+DIGEST_LEN) {
+  if (request_len != DH1024_KEY_LEN+DIGEST_LEN) {
     log_warn(LD_PROTOCOL,"Incorrect length (%d) on RENDEZVOUS2 cell.",
              (int)request_len);
     goto err;
diff --git a/src/or/rendmid.c b/src/or/rendmid.c
index 56b65079a..38c1c52e4 100644
--- a/src/or/rendmid.c
+++ b/src/or/rendmid.c
@@ -157,7 +157,8 @@ rend_mid_introduce_legacy(or_circuit_t *circ, const uint8_t *request,
    * to revise this protocol anyway.
    */
   if (request_len < (DIGEST_LEN+(MAX_NICKNAME_LEN+1)+REND_COOKIE_LEN+
-                     DH_KEY_LEN+CIPHER_KEY_LEN+PKCS1_OAEP_PADDING_OVERHEAD)) {
+                     DH1024_KEY_LEN+CIPHER_KEY_LEN+
+                     PKCS1_OAEP_PADDING_OVERHEAD)) {
     log_warn(LD_PROTOCOL, "Impossibly short INTRODUCE1 cell on circuit %u; "
              "responding with nack.",
              (unsigned)circ->p_circ_id);
@@ -367,4 +368,3 @@ rend_mid_rendezvous(or_circuit_t *circ, const uint8_t *request,
   circuit_mark_for_close(TO_CIRCUIT(circ), reason);
   return -1;
 }
-
diff --git a/src/or/rendservice.c b/src/or/rendservice.c
index b2023c72c..f55b9b776 100644
--- a/src/or/rendservice.c
+++ b/src/or/rendservice.c
@@ -2005,7 +2005,7 @@ rend_service_receive_introduction(origin_circuit_t *circuit,
    * part 1. */
   replay = replaycache_add_test_and_elapsed(
       service->accepted_intro_dh_parts,
-      parsed_req->dh, DH_KEY_LEN,
+      parsed_req->dh, DH1024_KEY_LEN,
       &elapsed);
 
   if (replay) {
@@ -2055,7 +2055,7 @@ rend_service_receive_introduction(origin_circuit_t *circuit,
   }
   if (crypto_dh_compute_secret(LOG_PROTOCOL_WARN, dh,
                                (char *)(parsed_req->dh),
-                               DH_KEY_LEN, keys,
+                               DH1024_KEY_LEN, keys,
                                DIGEST_LEN+CPATH_KEY_MATERIAL_LEN)<0) {
     log_warn(LD_BUG, "Internal error: couldn't complete DH handshake");
     reason = END_CIRC_REASON_INTERNAL;
@@ -2336,7 +2336,7 @@ rend_service_begin_parse_intro(const uint8_t *request,
   /* min key length plus digest length plus nickname length */
   if (request_len <
         (DIGEST_LEN + REND_COOKIE_LEN + (MAX_NICKNAME_LEN + 1) +
-         DH_KEY_LEN + 42)) {
+         DH1024_KEY_LEN + 42)) {
     if (err_msg_out) {
       tor_asprintf(&err_msg,
                    "got a truncated INTRODUCE%d cell",
@@ -2872,14 +2872,14 @@ rend_service_parse_intro_plaintext(
    */
 
   ver_invariant_len = intro->plaintext_len - ver_specific_len;
-  if (ver_invariant_len < REND_COOKIE_LEN + DH_KEY_LEN) {
+  if (ver_invariant_len < REND_COOKIE_LEN + DH1024_KEY_LEN) {
     tor_asprintf(&err_msg,
         "decrypted plaintext of INTRODUCE%d cell was truncated (%ld bytes)",
         (int)(intro->type),
         (long)(intro->plaintext_len));
     status = -5;
     goto err;
-  } else if (ver_invariant_len > REND_COOKIE_LEN + DH_KEY_LEN) {
+  } else if (ver_invariant_len > REND_COOKIE_LEN + DH1024_KEY_LEN) {
     tor_asprintf(&err_msg,
         "decrypted plaintext of INTRODUCE%d cell was too long (%ld bytes)",
         (int)(intro->type),
@@ -2892,7 +2892,7 @@ rend_service_parse_intro_plaintext(
            REND_COOKIE_LEN);
     memcpy(intro->dh,
            intro->plaintext + ver_specific_len + REND_COOKIE_LEN,
-           DH_KEY_LEN);
+           DH1024_KEY_LEN);
   }
 
   /* Flag it as being fully parsed */
@@ -3449,12 +3449,12 @@ rend_service_rendezvous_has_opened(origin_circuit_t *circuit)
   /* All we need to do is send a RELAY_RENDEZVOUS1 cell... */
   memcpy(buf, rend_cookie, REND_COOKIE_LEN);
   if (crypto_dh_get_public(hop->rend_dh_handshake_state,
-                           buf+REND_COOKIE_LEN, DH_KEY_LEN)<0) {
+                           buf+REND_COOKIE_LEN, DH1024_KEY_LEN)<0) {
     log_warn(LD_GENERAL,"Couldn't get DH public key.");
     reason = END_CIRC_REASON_INTERNAL;
     goto err;
   }
-  memcpy(buf+REND_COOKIE_LEN+DH_KEY_LEN, hop->rend_circ_nonce,
+  memcpy(buf+REND_COOKIE_LEN+DH1024_KEY_LEN, hop->rend_circ_nonce,
          DIGEST_LEN);
 
   /* Send the cell */
diff --git a/src/or/rendservice.h b/src/or/rendservice.h
index b2644d8b4..a9b3689d2 100644
--- a/src/or/rendservice.h
+++ b/src/or/rendservice.h
@@ -58,7 +58,7 @@ struct rend_intro_cell_s {
   /* Rendezvous cookie */
   uint8_t rc[REND_COOKIE_LEN];
   /* Diffie-Hellman data */
-  uint8_t dh[DH_KEY_LEN];
+  uint8_t dh[DH1024_KEY_LEN];
 };
 
 #ifdef RENDSERVICE_PRIVATE
diff --git a/src/test/bench.c b/src/test/bench.c
index 6653f4942..f46eeef7f 100644
--- a/src/test/bench.c
+++ b/src/test/bench.c
@@ -551,8 +551,8 @@ bench_dh(void)
   reset_perftime();
   start = perftime();
   for (i = 0; i < iters; ++i) {
-    char dh_pubkey_a[DH_BYTES], dh_pubkey_b[DH_BYTES];
-    char secret_a[DH_BYTES], secret_b[DH_BYTES];
+    char dh_pubkey_a[DH1024_KEY_LEN], dh_pubkey_b[DH1024_KEY_LEN];
+    char secret_a[DH1024_KEY_LEN], secret_b[DH1024_KEY_LEN];
     ssize_t slen_a, slen_b;
     crypto_dh_t *dh_a = crypto_dh_new(DH_TYPE_TLS);
     crypto_dh_t *dh_b = crypto_dh_new(DH_TYPE_TLS);
@@ -586,7 +586,7 @@ bench_ecdh_impl(int nid, const char *name)
   reset_perftime();
   start = perftime();
   for (i = 0; i < iters; ++i) {
-    char secret_a[DH_BYTES], secret_b[DH_BYTES];
+    char secret_a[DH1024_KEY_LEN], secret_b[DH1024_KEY_LEN];
     ssize_t slen_a, slen_b;
     EC_KEY *dh_a = EC_KEY_new_by_curve_name(nid);
     EC_KEY *dh_b = EC_KEY_new_by_curve_name(nid);
@@ -597,10 +597,10 @@ bench_ecdh_impl(int nid, const char *name)
 
     EC_KEY_generate_key(dh_a);
     EC_KEY_generate_key(dh_b);
-    slen_a = ECDH_compute_key(secret_a, DH_BYTES,
+    slen_a = ECDH_compute_key(secret_a, DH1024_KEY_LEN,
                               EC_KEY_get0_public_key(dh_b), dh_a,
                               NULL);
-    slen_b = ECDH_compute_key(secret_b, DH_BYTES,
+    slen_b = ECDH_compute_key(secret_b, DH1024_KEY_LEN,
                               EC_KEY_get0_public_key(dh_a), dh_b,
                               NULL);
 
diff --git a/src/test/test.c b/src/test/test.c
index e3121293c..d36c47a07 100644
--- a/src/test/test.c
+++ b/src/test/test.c
@@ -148,7 +148,8 @@ test_bad_onion_handshake(void *arg)
   memset(junk_buf, 0, sizeof(junk_buf));
   crypto_pk_obsolete_public_hybrid_encrypt(pk,
                                junk_buf2, TAP_ONIONSKIN_CHALLENGE_LEN,
-                               junk_buf, DH_KEY_LEN, PK_PKCS1_OAEP_PADDING, 1);
+                               junk_buf, DH1024_KEY_LEN,
+                               PK_PKCS1_OAEP_PADDING, 1);
   tt_int_op(-1, OP_EQ,
             onion_skin_TAP_server_handshake(junk_buf2, pk, NULL,
                                             s_buf, s_keys, 40));
diff --git a/src/test/test_crypto.c b/src/test/test_crypto.c
index e8a2efe59..a85d036e3 100644
--- a/src/test/test_crypto.c
+++ b/src/test/test_crypto.c
@@ -23,38 +23,39 @@ test_crypto_dh(void *arg)
   crypto_dh_t *dh1 = crypto_dh_new(DH_TYPE_CIRCUIT);
   crypto_dh_t *dh1_dup = NULL;
   crypto_dh_t *dh2 = crypto_dh_new(DH_TYPE_CIRCUIT);
-  char p1[DH_BYTES];
-  char p2[DH_BYTES];
-  char s1[DH_BYTES];
-  char s2[DH_BYTES];
+  char p1[DH1024_KEY_LEN];
+  char p2[DH1024_KEY_LEN];
+  char s1[DH1024_KEY_LEN];
+  char s2[DH1024_KEY_LEN];
   ssize_t s1len, s2len;
 
   (void)arg;
-  tt_int_op(crypto_dh_get_bytes(dh1),OP_EQ, DH_BYTES);
-  tt_int_op(crypto_dh_get_bytes(dh2),OP_EQ, DH_BYTES);
+  tt_int_op(crypto_dh_get_bytes(dh1),OP_EQ, DH1024_KEY_LEN);
+  tt_int_op(crypto_dh_get_bytes(dh2),OP_EQ, DH1024_KEY_LEN);
 
-  memset(p1, 0, DH_BYTES);
-  memset(p2, 0, DH_BYTES);
-  tt_mem_op(p1,OP_EQ, p2, DH_BYTES);
+  memset(p1, 0, DH1024_KEY_LEN);
+  memset(p2, 0, DH1024_KEY_LEN);
+  tt_mem_op(p1,OP_EQ, p2, DH1024_KEY_LEN);
 
   tt_int_op(-1, OP_EQ, crypto_dh_get_public(dh1, p1, 6)); /* too short */
 
-  tt_assert(! crypto_dh_get_public(dh1, p1, DH_BYTES));
-  tt_mem_op(p1,OP_NE, p2, DH_BYTES);
-  tt_assert(! crypto_dh_get_public(dh2, p2, DH_BYTES));
-  tt_mem_op(p1,OP_NE, p2, DH_BYTES);
+  tt_assert(! crypto_dh_get_public(dh1, p1, DH1024_KEY_LEN));
+  tt_mem_op(p1,OP_NE, p2, DH1024_KEY_LEN);
+  tt_assert(! crypto_dh_get_public(dh2, p2, DH1024_KEY_LEN));
+  tt_mem_op(p1,OP_NE, p2, DH1024_KEY_LEN);
 
-  memset(s1, 0, DH_BYTES);
-  memset(s2, 0xFF, DH_BYTES);
-  s1len = crypto_dh_compute_secret(LOG_WARN, dh1, p2, DH_BYTES, s1, 50);
-  s2len = crypto_dh_compute_secret(LOG_WARN, dh2, p1, DH_BYTES, s2, 50);
+  memset(s1, 0, DH1024_KEY_LEN);
+  memset(s2, 0xFF, DH1024_KEY_LEN);
+  s1len = crypto_dh_compute_secret(LOG_WARN, dh1, p2, DH1024_KEY_LEN, s1, 50);
+  s2len = crypto_dh_compute_secret(LOG_WARN, dh2, p1, DH1024_KEY_LEN, s2, 50);
   tt_assert(s1len > 0);
   tt_int_op(s1len,OP_EQ, s2len);
   tt_mem_op(s1,OP_EQ, s2, s1len);
 
   /* test dh_dup; make sure it works the same. */
   dh1_dup = crypto_dh_dup(dh1);
-  s1len = crypto_dh_compute_secret(LOG_WARN, dh1_dup, p2, DH_BYTES, s1, 50);
+  s1len = crypto_dh_compute_secret(LOG_WARN, dh1_dup, p2, DH1024_KEY_LEN,
+                                   s1, 50);
   tt_mem_op(s1,OP_EQ, s2, s1len);
 
   {
@@ -67,12 +68,14 @@ test_crypto_dh(void *arg)
     s1len = crypto_dh_compute_secret(LOG_WARN, dh1, "\x00", 1, s1, 50);
     tt_int_op(-1, OP_EQ, s1len);
 
-    memset(p1, 0, DH_BYTES); /* 0 with padding. */
-    s1len = crypto_dh_compute_secret(LOG_WARN, dh1, p1, DH_BYTES, s1, 50);
+    memset(p1, 0, DH1024_KEY_LEN); /* 0 with padding. */
+    s1len = crypto_dh_compute_secret(LOG_WARN, dh1, p1, DH1024_KEY_LEN,
+                                     s1, 50);
     tt_int_op(-1, OP_EQ, s1len);
 
-    p1[DH_BYTES-1] = 1; /* 1 with padding*/
-    s1len = crypto_dh_compute_secret(LOG_WARN, dh1, p1, DH_BYTES, s1, 50);
+    p1[DH1024_KEY_LEN-1] = 1; /* 1 with padding*/
+    s1len = crypto_dh_compute_secret(LOG_WARN, dh1, p1, DH1024_KEY_LEN,
+                                     s1, 50);
     tt_int_op(-1, OP_EQ, s1len);
 
     /* 2 is okay, though weird. */
@@ -89,15 +92,18 @@ test_crypto_dh(void *arg)
     /* p-1, p, and so on are not okay. */
     base16_decode(p1, sizeof(p1), P, strlen(P));
 
-    s1len = crypto_dh_compute_secret(LOG_WARN, dh1, p1, DH_BYTES, s1, 50);
+    s1len = crypto_dh_compute_secret(LOG_WARN, dh1, p1, DH1024_KEY_LEN,
+                                     s1, 50);
     tt_int_op(-1, OP_EQ, s1len);
 
-    p1[DH_BYTES-1] = 0xFE; /* p-1 */
-    s1len = crypto_dh_compute_secret(LOG_WARN, dh1, p1, DH_BYTES, s1, 50);
+    p1[DH1024_KEY_LEN-1] = 0xFE; /* p-1 */
+    s1len = crypto_dh_compute_secret(LOG_WARN, dh1, p1, DH1024_KEY_LEN,
+                                     s1, 50);
     tt_int_op(-1, OP_EQ, s1len);
 
-    p1[DH_BYTES-1] = 0xFD; /* p-2 works fine */
-    s1len = crypto_dh_compute_secret(LOG_WARN, dh1, p1, DH_BYTES, s1, 50);
+    p1[DH1024_KEY_LEN-1] = 0xFD; /* p-2 works fine */
+    s1len = crypto_dh_compute_secret(LOG_WARN, dh1, p1, DH1024_KEY_LEN,
+                                     s1, 50);
     tt_int_op(50, OP_EQ, s1len);
 
     const char P_plus_one[] =
@@ -109,31 +115,35 @@ test_crypto_dh(void *arg)
 
     base16_decode(p1, sizeof(p1), P_plus_one, strlen(P_plus_one));
 
-    s1len = crypto_dh_compute_secret(LOG_WARN, dh1, p1, DH_BYTES, s1, 50);
+    s1len = crypto_dh_compute_secret(LOG_WARN, dh1, p1, DH1024_KEY_LEN,
+                                     s1, 50);
     tt_int_op(-1, OP_EQ, s1len);
 
-    p1[DH_BYTES-1] = 0x01; /* p+2 */
-    s1len = crypto_dh_compute_secret(LOG_WARN, dh1, p1, DH_BYTES, s1, 50);
+    p1[DH1024_KEY_LEN-1] = 0x01; /* p+2 */
+    s1len = crypto_dh_compute_secret(LOG_WARN, dh1, p1, DH1024_KEY_LEN,
+                                     s1, 50);
     tt_int_op(-1, OP_EQ, s1len);
 
-    p1[DH_BYTES-1] = 0xff; /* p+256 */
-    s1len = crypto_dh_compute_secret(LOG_WARN, dh1, p1, DH_BYTES, s1, 50);
+    p1[DH1024_KEY_LEN-1] = 0xff; /* p+256 */
+    s1len = crypto_dh_compute_secret(LOG_WARN, dh1, p1, DH1024_KEY_LEN,
+                                     s1, 50);
     tt_int_op(-1, OP_EQ, s1len);
 
-    memset(p1, 0xff, DH_BYTES), /* 2^1024-1 */
-    s1len = crypto_dh_compute_secret(LOG_WARN, dh1, p1, DH_BYTES, s1, 50);
+    memset(p1, 0xff, DH1024_KEY_LEN), /* 2^1024-1 */
+    s1len = crypto_dh_compute_secret(LOG_WARN, dh1, p1, DH1024_KEY_LEN,
+                                     s1, 50);
     tt_int_op(-1, OP_EQ, s1len);
   }
 
   {
     /* provoke an error in the openssl DH_compute_key function; make sure we
      * survive. */
-    tt_assert(! crypto_dh_get_public(dh1, p1, DH_BYTES));
+    tt_assert(! crypto_dh_get_public(dh1, p1, DH1024_KEY_LEN));
 
     crypto_dh_free(dh2);
     dh2= crypto_dh_new(DH_TYPE_CIRCUIT); /* no private key set */
     s1len = crypto_dh_compute_secret(LOG_WARN, dh2,
-                                     p1, DH_BYTES,
+                                     p1, DH1024_KEY_LEN,
                                      s1, 50);
     tt_int_op(s1len, OP_EQ, -1);
   }
@@ -3063,4 +3073,3 @@ struct testcase_t crypto_tests[] = {
   { "failure_modes", test_crypto_failure_modes, TT_FORK, NULL, NULL },
   END_OF_TESTCASES
 };
-
diff --git a/src/test/test_hs_client.c b/src/test/test_hs_client.c
index 58002d629..3a4d35431 100644
--- a/src/test/test_hs_client.c
+++ b/src/test/test_hs_client.c
@@ -197,17 +197,17 @@ test_e2e_rend_circuit_setup_legacy(void *arg)
 
   /* Make a good RENDEZVOUS1 cell body because it needs to pass key exchange
    * digest verification... */
-  uint8_t rend_cell_body[DH_KEY_LEN+DIGEST_LEN] = {2};
+  uint8_t rend_cell_body[DH1024_KEY_LEN+DIGEST_LEN] = {2};
   {
     char keys[DIGEST_LEN+CPATH_KEY_MATERIAL_LEN];
     crypto_dh_t *dh_state =
       or_circ->build_state->pending_final_cpath->rend_dh_handshake_state;
     /* compute and overwrite digest of cell body with the right value */
     retval = crypto_dh_compute_secret(LOG_PROTOCOL_WARN, dh_state,
-                                      (char*)rend_cell_body, DH_KEY_LEN,
+                                      (char*)rend_cell_body, DH1024_KEY_LEN,
                                       keys, DIGEST_LEN+CPATH_KEY_MATERIAL_LEN);
     tt_int_op(retval, OP_GT, 0);
-    memcpy(rend_cell_body+DH_KEY_LEN, keys, DIGEST_LEN);
+    memcpy(rend_cell_body+DH1024_KEY_LEN, keys, DIGEST_LEN);
   }
 
   /* Setup the circuit */



_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits