|
|
@@ -418,16 +418,17 @@ crypt_path_t *onion_generate_cpath(routerinfo_t **firsthop) {
|
|
|
|
|
|
/*----------------------------------------------------------------------*/
|
|
|
|
|
|
-/* Given a router's public key, generates a 208-byte encrypted DH pubkey,
|
|
|
+/* Given a router's public key, generates a 144-byte encrypted DH pubkey,
|
|
|
* and stores it into onion_skin out. Stores the DH private key into
|
|
|
* handshake_state_out for later completion of the handshake.
|
|
|
*
|
|
|
* The encrypted pubkey is formed as follows:
|
|
|
* 16 bytes of symmetric key
|
|
|
- * 192 bytes of g^x for DH.
|
|
|
+ * 128 bytes of g^x for DH.
|
|
|
* The first 128 bytes are RSA-encrypted with the server's public key,
|
|
|
- * and the last 80 are encrypted with the symmetric key.
|
|
|
+ * and the last 16 are encrypted with the symmetric key.
|
|
|
*/
|
|
|
+/* FIXME: Nick: looks like we could simplify this by just using 128 bytes for g^x. */
|
|
|
int
|
|
|
onion_skin_create(crypto_pk_env_t *dest_router_key,
|
|
|
crypto_dh_env_t **handshake_state_out,
|
|
|
@@ -502,7 +503,7 @@ onion_skin_create(crypto_pk_env_t *dest_router_key,
|
|
|
}
|
|
|
|
|
|
/* Given an encrypted DH public key as generated by onion_skin_create,
|
|
|
- * and the private key for this onion router, generate the 192-byte DH
|
|
|
+ * and the private key for this onion router, generate the 128-byte DH
|
|
|
* reply, and key_out_len bytes of key material, stored in key_out.
|
|
|
*/
|
|
|
int
|
|
|
@@ -563,7 +564,7 @@ onion_skin_server_handshake(char *onion_skin, /* DH_ONIONSKIN_LEN bytes long */
|
|
|
}
|
|
|
|
|
|
/* Finish the client side of the DH handshake.
|
|
|
- * Given the 192 byte DH reply as generated by onion_skin_server_handshake
|
|
|
+ * Given the 128 byte DH reply as generated by onion_skin_server_handshake
|
|
|
* and the handshake state generated by onion_skin_create, generate
|
|
|
* key_out_len bytes of shared key material and store them in key_out.
|
|
|
*
|
Roger Dingledine