- Consider taking the master out of the loop?
. Directory servers
D Automated reputation management
-NICK - Include key in source; sign directories
+NICK . Include key in source; sign directories
- Add versions to code
-NICK - Have directories list recommended-versions
+NICK . Have directories list recommended-versions
- Quit if running the wrong version
- Command-line option to override quit
. Add more information to directory server entries
o incremental path building
- transition circuit-level sendmes to hop-level sendmes
- implement truncate, truncated
-NICK - move from 192byte DH to 128byte DH, so it isn't so damn slow
+ o move from 192byte DH to 128byte DH, so it isn't so damn slow
- exiting from not-last hop
- OP logic to decide to extend/truncate a path
- make sure exiting from the not-last hop works
g = BN_new();
assert(p && g);
+#if 0
/* This is from draft-ietf-ipsec-ike-modp-groups-05.txt. It's a safe
prime, and supposedly it equals:
2^1536 - 2^1472 - 1 + 2^64 * { [2^1406 pi] + 741804 }
"C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
"83655D23DCA3AD961C62F356208552BB9ED529077096966D"
"670C354E4ABC9804F1746C08CA237327FFFFFFFFFFFFFFFF");
+#endif
+
+ /* This is from rfc2409, section 6.2. It's a safe prime, and
+ supposedly it equals:
+ 2^1024 - 2^960 - 1 + 2^64 * { [2^894 pi] + 129093 }.
+ */
+ r = BN_hex2bn(&p,
+ "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E08"
+ "8A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B"
+ "302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9"
+ "A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE6"
+ "49286651ECE65381FFFFFFFFFFFFFFFF");
assert(r);
r = BN_set_word(g, 2);
/* Key negotiation */
typedef struct crypto_dh_env_st crypto_dh_env_t;
-#define CRYPTO_DH_SIZE (1536 / 8)
+/* #define CRYPTO_DH_SIZE (1536 / 8) */
+#define CRYPTO_DH_SIZE (1024 / 8)
crypto_dh_env_t *crypto_dh_new();
int crypto_dh_get_bytes(crypto_dh_env_t *dh);
int crypto_dh_get_public(crypto_dh_env_t *dh, char *pubkey_out,
};
-#define DH_KEY_LEN 192
-#define DH_ONIONSKIN_LEN 208
+#define DH_KEY_LEN CRYPTO_DH_SIZE
+#define DH_ONIONSKIN_LEN DH_KEY_LEN+16
typedef struct crypt_path_t crypt_path_t;
log(LOG_ERR,NULL); /* make logging quieter */
setup_directory();
-#if 0
puts("========================== Buffers =========================");
test_buffers();
puts("========================== Crypto ==========================");
test_util();
puts("\n========================= Onion Skins =====================");
test_onion_handshake();
-#endif
puts("\n========================= Directory Formats ===============");
test_dir_format();
puts("");
projects / thirdparty / tor.git / commitdiff
