commit 82fa55dbb1ec417655225ab25578c57e6341fe39
parent 965ae068eb77d503ac3e2576109ffe085f17acc4
Author: Nick Mathewson <nickm@torproject.org>
Date: Tue, 6 May 2025 18:40:39 -0400
Define a DH2048_KEY_LEN.
Diffstat:
3 files changed, 11 insertions(+), 8 deletions(-)
diff --git a/src/lib/crypt_ops/crypto_dh_nss.c b/src/lib/crypt_ops/crypto_dh_nss.c
@@ -25,7 +25,7 @@ ENABLE_GCC_WARNING("-Wstrict-prototypes")
static int dh_initialized = 0;
static SECKEYDHParams tls_dh_param, circuit_dh_param;
-static unsigned char tls_dh_prime_data[DH1024_KEY_LEN * 2];
+static unsigned char tls_dh_prime_data[DH2048_KEY_LEN];
static unsigned char circuit_dh_prime_data[DH1024_KEY_LEN];
static unsigned char dh_generator_data[1];
@@ -39,7 +39,7 @@ crypto_dh_init_nss(void)
r = base16_decode((char*)tls_dh_prime_data,
sizeof(tls_dh_prime_data),
TLS_DH_PRIME, strlen(TLS_DH_PRIME));
- tor_assert(r == DH1024_KEY_LEN * 2);
+ tor_assert(r == DH2048_KEY_LEN);
r = base16_decode((char*)circuit_dh_prime_data,
sizeof(circuit_dh_prime_data),
OAKLEY_PRIME_2, strlen(OAKLEY_PRIME_2));
@@ -47,7 +47,7 @@ crypto_dh_init_nss(void)
dh_generator_data[0] = DH_GENERATOR;
tls_dh_param.prime.data = tls_dh_prime_data;
- tls_dh_param.prime.len = DH1024_KEY_LEN * 2;
+ tls_dh_param.prime.len = DH2048_KEY_LEN;
tls_dh_param.base.data = dh_generator_data;
tls_dh_param.base.len = 1;
diff --git a/src/lib/defs/dh_sizes.h b/src/lib/defs/dh_sizes.h
@@ -16,7 +16,10 @@
#ifndef TOR_DH_SIZES_H
#define TOR_DH_SIZES_H
-/** Length of our legacy DH keys. */
+/** Length of our legacy DH keys, in bytes. */
#define DH1024_KEY_LEN (1024/8)
+/** Length of our current TLS DH keys, in bytes. */
+#define DH2048_KEY_LEN (2048/8)
+
#endif /* !defined(TOR_DH_SIZES_H) */
diff --git a/src/test/test_crypto.c b/src/test/test_crypto.c
@@ -43,10 +43,10 @@ test_crypto_dh(void *arg)
crypto_dh_t *dh1 = crypto_dh_new(DH_TYPE_CIRCUIT);
crypto_dh_t *dh1_dup = NULL;
crypto_dh_t *dh2 = crypto_dh_new(DH_TYPE_CIRCUIT);
- char p1[DH1024_KEY_LEN * 2];
- char p2[DH1024_KEY_LEN * 2];
- char s1[DH1024_KEY_LEN * 2];
- char s2[DH1024_KEY_LEN * 2];
+ char p1[DH2048_KEY_LEN];
+ char p2[DH2048_KEY_LEN];
+ char s1[DH2048_KEY_LEN];
+ char s2[DH2048_KEY_LEN];
ssize_t s1len, s2len;
#ifdef ENABLE_OPENSSL
crypto_dh_t *dh3 = NULL;
