[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[or-cvs] Note that much of check_dh_key is voodoo; make x in DH be o...

To: or-cvs@xxxxxxxxxxxxx
Subject: [or-cvs] Note that much of check_dh_key is voodoo; make x in DH be o...
From: nickm@xxxxxxxx (Nick Mathewson)
Date: Fri, 11 Nov 2005 15:18:03 -0500 (EST)
Delivered-to: archiver@seul.org
Delivered-to: or-cvs-outgoing@seul.org
Delivered-to: or-cvs@seul.org
Delivery-date: Fri, 11 Nov 2005 15:18:16 -0500
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-cvs@xxxxxxxxxxxxx

Update of /home/or/cvsroot/tor/src/common
In directory moria:/tmp/cvs-serv5536/src/common

Modified Files:
	crypto.c 
Log Message:
Note that much of check_dh_key is voodoo; make x in DH be only 320 bits for DH speed improvement: this wants auditing. [We have blessing from Ian on this.]  (Note that DH in SSL is not yet affected.)

Index: crypto.c
===================================================================
RCS file: /home/or/cvsroot/tor/src/common/crypto.c,v
retrieving revision 1.172
retrieving revision 1.173
diff -u -d -r1.172 -r1.173
--- crypto.c	26 Oct 2005 02:20:48 -0000	1.172
+++ crypto.c	11 Nov 2005 20:18:00 -0000	1.173
@@ -1390,6 +1390,8 @@
   return NULL;
 }
 
+#define DH_PRIVATE_KEY_BITS 320
+
 /** Return the length of the DH key in <b>dh</b>, in bytes.
  */
 int
@@ -1405,7 +1407,22 @@
 int
 crypto_dh_generate_public(crypto_dh_env_t *dh)
 {
+  int pk_bits = BN_num_bits(dh->dh->p);
+  if (pk_bits > DH_PRIVATE_KEY_BITS)
+    pk_bits = DH_PRIVATE_KEY_BITS;
  again:
+  if (!dh->dh->priv_key) {
+    dh->dh->priv_key = BN_new();
+    if (!dh->dh->priv_key) {
+      err(LD_MM, "Unable to allocate BN.");
+      return -1;
+    }
+  }
+  /* We generate the key ourselves so that we can get a 2-3x speedup by using
+   * a 320-bit x instead of a 1024-bit x. */
+  if (!BN_rand(dh->dh->priv_key, pk_bits, 0, 0)) {
+    crypto_log_errors(LOG_WARN, "Generating DH private key");
+  }
   if (!DH_generate_key(dh->dh)) {
     crypto_log_errors(LOG_WARN, "generating DH key");
     return -1;
@@ -1462,6 +1479,13 @@
 #define MIN_DIFFERING_BITS 16
   /* This covers another 2^25 keys, which is still negligible. */
 #define MIN_DIST_FROM_EDGE (1<<24)
+  /* XXXX Note that this is basically voodoo.  Really, we only care about 0,
+   * 1, 2, and -1.  The "number of bits set" business is inherited from some
+   * dire warnings in the OpenSSH comments.  Real Cryptographers assure us
+   * that these dire warnings are misplaced.
+   *
+   * Still, it can't hurt.
+   */
   int i, n_bits, n_set;
   BIGNUM *x = NULL;
   char *s;

Prev by Author: [or-cvs] Add cvsignore file for cs/bin in tor-ctl.
Next by Author: [or-cvs] Remove libevent fork from Tor cvs
Previous by thread: [or-cvs] refer to control-spec.txt for lists of INFO and CONF names
Next by thread: [or-cvs] correct nick"s comment
Index(es):
- Author
- Thread