From 5ed73e3807d90dd0a3a2e5542f98a0a58374a066 Mon Sep 17 00:00:00 2001
From: Nick Mathewson <nickm@torproject.org>
Date: Mon, 24 Jan 2011 16:03:14 -0500
Subject: Make the DH parameter we use for TLS match the one from Apache's
 mod_ssl

Our regular DH parameters that we use for circuit and rendezvous
crypto are unchanged.  This is yet another small step on the path of
protocol fingerprinting resistance.
---
 src/common/crypto.c | 34 ++++++++++++++++++++++++++++------
 1 file changed, 28 insertions(+), 6 deletions(-)

(limited to 'src/common/crypto.c')

diff --git a/src/common/crypto.c b/src/common/crypto.c
index e847d8c03..5264fd808 100644
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -1685,8 +1685,10 @@ crypto_hmac_sha1(char *hmac_out,
 
 /* DH */
 
-/** Shared P parameter for our DH key exchanged. */
+/** Shared P parameter for our circuit-crypto DH key exchanges. */
 static BIGNUM *dh_param_p = NULL;
+/** Shared P parameter for our TLS DH key exchanges. */
+static BIGNUM *dh_param_p_tls = NULL;
 /** Shared G parameter for our DH key exchanges. */
 static BIGNUM *dh_param_g = NULL;
 
@@ -1695,14 +1697,16 @@ static BIGNUM *dh_param_g = NULL;
 static void
 init_dh_param(void)
 {
-  BIGNUM *p, *g;
+  BIGNUM *p, *p2, *g;
   int r;
-  if (dh_param_p && dh_param_g)
+  if (dh_param_p && dh_param_g && dh_param_p_tls)
     return;
 
   p = BN_new();
+  p2 = BN_new();
   g = BN_new();
   tor_assert(p);
+  tor_assert(p2);
   tor_assert(g);
 
   /* This is from rfc2409, section 6.2.  It's a safe prime, and
@@ -1716,10 +1720,20 @@ init_dh_param(void)
                 "A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE6"
                 "49286651ECE65381FFFFFFFFFFFFFFFF");
   tor_assert(r);
+  /* This is the 1024-bit safe prime that Apache uses for its DH stuff; see
+   * modules/ssl/ssl_engine_dh.c */
+  r = BN_hex2bn(&p2,
+                  "D67DE440CBBBDC1936D693D34AFD0AD50C84D239A45F520BB88174CB98"
+                "BCE951849F912E639C72FB13B4B4D7177E16D55AC179BA420B2A29FE324A"
+                "467A635E81FF5901377BEDDCFD33168A461AAD3B72DAE8860078045B07A7"
+                "DBCA7874087D1510EA9FCC9DDD330507DD62DB88AEAA747DE0F4D6E2BD68"
+                "B0E7393E0F24218EB3");
+  tor_assert(r);
 
   r = BN_set_word(g, 2);
   tor_assert(r);
   dh_param_p = p;
+  dh_param_p_tls = p2;
   dh_param_g = g;
 }
 
@@ -1728,18 +1742,26 @@ init_dh_param(void)
 /** Allocate and return a new DH object for a key exchange.
  */
 crypto_dh_env_t *
-crypto_dh_new(void)
+crypto_dh_new(int dh_type)
 {
   crypto_dh_env_t *res = tor_malloc_zero(sizeof(crypto_dh_env_t));
 
+  tor_assert(dh_type == DH_TYPE_CIRCUIT || dh_type == DH_TYPE_TLS ||
+             dh_type == DH_TYPE_REND);
+
   if (!dh_param_p)
     init_dh_param();
 
   if (!(res->dh = DH_new()))
     goto err;
 
-  if (!(res->dh->p = BN_dup(dh_param_p)))
-    goto err;
+  if (dh_type == DH_TYPE_TLS) {
+    if (!(res->dh->p = BN_dup(dh_param_p_tls)))
+      goto err;
+  } else {
+    if (!(res->dh->p = BN_dup(dh_param_p)))
+      goto err;
+  }
 
   if (!(res->dh->g = BN_dup(dh_param_g)))
     goto err;
-- 
cgit v1.2.3