21 vuotta sitten · ac5893c626
--- a/src/or/circuit.c
+++ b/src/or/circuit.c
@@ -872,13 +872,13 @@ int circuit_finish_handshake(circuit_t *circ, char *reply) {
 
				 
			
 
				   log_fn(LOG_DEBUG,"hop %d init cipher forward %d, backward %d.", (uint32_t)hop, *(uint32_t*)keys, *(uint32_t*)(keys+16));
			
 
				   if (!(hop->f_crypto =
			
 
				-        crypto_create_init_cipher(DEFAULT_CIPHER,keys,iv,1))) {
			
 
				+        crypto_create_init_cipher(CIRCUIT_CIPHER,keys,iv,1))) {
			
 
				     log(LOG_ERR,"Cipher initialization failed.");
			
 
				     return -1;
			
 
				   }
			
 
				 
			
 
				   if (!(hop->b_crypto =
			
 
				-        crypto_create_init_cipher(DEFAULT_CIPHER,keys+16,iv,0))) {
			
 
				+        crypto_create_init_cipher(CIRCUIT_CIPHER,keys+16,iv,0))) {
			
 
				     log(LOG_ERR,"Cipher initialization failed.");
			
 
				     return -1;
			
 
				   }
			
--- a/src/or/connection.c
+++ b/src/or/connection.c
@@ -88,12 +88,12 @@ connection_t *connection_new(int type) {
 
				   conn->timestamp_lastwritten = now.tv_sec;
			
 
				 
			
 
				   if (connection_speaks_cells(conn)) {
			
 
				-    conn->f_crypto = crypto_new_cipher_env(CRYPTO_CIPHER_3DES);
			
 
				+    conn->f_crypto = crypto_new_cipher_env(CONNECTION_CIPHER);
			
 
				     if (!conn->f_crypto) {
			
 
				       free((void *)conn);
			
 
				       return NULL;
			
 
				     }
			
 
				-    conn->b_crypto = crypto_new_cipher_env(CRYPTO_CIPHER_3DES);
			
 
				+    conn->b_crypto = crypto_new_cipher_env(CONNECTION_CIPHER);
			
 
				     if (!conn->b_crypto) {
			
 
				       crypto_free_cipher_env(conn->f_crypto);
			
 
				       free((void *)conn);
			
--- a/src/or/connection_or.c
+++ b/src/or/connection_or.c
@@ -232,10 +232,10 @@ or_handshake_op_send_keys(connection_t *conn) {
 
				   /* generate random keys */
			
 
				   if(crypto_cipher_generate_key(conn->f_crypto) ||
			
 
				      crypto_cipher_generate_key(conn->b_crypto)) {
			
 
				-    log(LOG_ERR,"Cannot generate a secure 3DES key.");
			
 
				+    log(LOG_ERR,"Cannot generate a secure symmetric key.");
			
 
				     return -1;
			
 
				   }
			
 
				-  log(LOG_DEBUG,"or_handshake_op_send_keys() : Generated 3DES keys.");
			
 
				+  log(LOG_DEBUG,"or_handshake_op_send_keys() : Generated symmetric keys.");
			
 
				   /* compose the message */
			
 
				   *(uint16_t *)(message) = htons(HANDSHAKE_AS_OP);
			
 
				   *(uint32_t *)(message+FLAGS_LEN) = htonl(conn->bandwidth);
			
@@ -301,10 +301,10 @@ or_handshake_client_send_auth(connection_t *conn) {
 
				   /* generate random keys */
			
 
				   if(crypto_cipher_generate_key(conn->f_crypto) ||
			
 
				      crypto_cipher_generate_key(conn->b_crypto)) {
			
 
				-    log(LOG_ERR,"Cannot generate a secure DES key.");
			
 
				+    log(LOG_ERR,"Cannot generate a secure symmetric key.");
			
 
				     return -1;
			
 
				   }
			
 
				-  log(LOG_DEBUG,"or_handshake_client_send_auth() : Generated DES keys.");
			
 
				+  log(LOG_DEBUG,"or_handshake_client_send_auth() : Generated symmetric keys.");
			
 
				 
			
 
				   /* generate first message */
			
 
				   *(uint16_t*)buf = htons(HANDSHAKE_AS_OR);
			
--- a/src/or/onion.c
+++ b/src/or/onion.c
@@ -156,13 +156,13 @@ static int onionskin_process(circuit_t *circ) {
 
				   log(LOG_DEBUG,"onionskin_process: init cipher forward %d, backward %d.", *(int*)keys, *(int*)(keys+16));
			
 
				 
			
 
				   if (!(circ->n_crypto =
			
 
				-        crypto_create_init_cipher(DEFAULT_CIPHER,keys,iv,0))) {
			
 
				+        crypto_create_init_cipher(CIRCUIT_CIPHER,keys,iv,0))) {
			
 
				     log(LOG_ERR,"Cipher initialization failed.");
			
 
				     return -1;
			
 
				   }
			
 
				 
			
 
				   if (!(circ->p_crypto =
			
 
				-        crypto_create_init_cipher(DEFAULT_CIPHER,keys+16,iv,1))) {
			
 
				+        crypto_create_init_cipher(CIRCUIT_CIPHER,keys+16,iv,1))) {
			
 
				     log(LOG_ERR,"Cipher initialization failed.");
			
 
				     return -1;
			
 
				   }
			
@@ -433,7 +433,7 @@ onion_skin_create(crypto_pk_env_t *dest_router_key,
 
				   puts("");
			
 
				 #endif
			
 
				 
			
 
				-  cipher = crypto_create_init_cipher(CRYPTO_CIPHER_3DES, pubkey, iv, 1);
			
 
				+  cipher = crypto_create_init_cipher(ONION_CIPHER, pubkey, iv, 1);
			
 
				 
			
 
				   if (!cipher)
			
 
				     goto err;
			
@@ -490,7 +490,7 @@ onion_skin_server_handshake(char *onion_skin, /* DH_ONIONSKIN_LEN bytes long */
 
				   puts("");
			
 
				 #endif
			
 
				 
			
 
				-  cipher = crypto_create_init_cipher(CRYPTO_CIPHER_3DES, buf, iv, 0);
			
 
				+  cipher = crypto_create_init_cipher(ONION_CIPHER, buf, iv, 0);
			
 
				 
			
 
				   if (crypto_cipher_decrypt(cipher, onion_skin+pkbytes, DH_ONIONSKIN_LEN-pkbytes,
			
 
				                             buf+pkbytes))
			
@@ -516,12 +516,10 @@ onion_skin_server_handshake(char *onion_skin, /* DH_ONIONSKIN_LEN bytes long */
 
				   puts("");
			
 
				 #endif
			
 
				 
			
 
				-  len = crypto_dh_compute_secret(dh, buf+16, DH_KEY_LEN, buf);
			
 
				+  len = crypto_dh_compute_secret(dh, buf+16, DH_KEY_LEN, key_out, key_out_len);
			
 
				   if (len < 0)
			
 
				     goto err;
			
 
				 
			
 
				-  memcpy(key_out, buf+len-key_out_len, key_out_len);
			
 
				-
			
 
				 #ifdef DEBUG_ONION_SKINS
			
 
				   printf("Server: key material:");
			
 
				   PA(buf, DH_KEY_LEN);
			
@@ -554,12 +552,9 @@ onion_skin_client_handshake(crypto_dh_env_t *handshake_state,
 
				                             char *key_out,
			
 
				                             int key_out_len) 
			
 
				 {
			
 
				-  char key_material[DH_KEY_LEN];
			
 
				   int len;
			
 
				   assert(crypto_dh_get_bytes(handshake_state) == DH_KEY_LEN);
			
 
				   
			
 
				-  memset(key_material, 0, DH_KEY_LEN);
			
 
				-
			
 
				 #ifdef DEBUG_ONION_SKINS
			
 
				   printf("Client: server g^y:");
			
 
				   PA(handshake_reply+0,3);
			
@@ -569,16 +564,11 @@ onion_skin_client_handshake(crypto_dh_env_t *handshake_state,
 
				 #endif
			
 
				 
			
 
				   len = crypto_dh_compute_secret(handshake_state, handshake_reply, DH_KEY_LEN,
			
 
				-                                 key_material);
			
 
				+                                 key_out, key_out_len);
			
 
				   if (len < 0)
			
 
				     return -1;
			
 
				   
			
 
				-  memcpy(key_out, key_material+len-key_out_len, key_out_len);
			
 
				-
			
 
				 #ifdef DEBUG_ONION_SKINS
			
 
				-  printf("Client: key material:");
			
 
				-  PA(key_material, DH_KEY_LEN);
			
 
				-  puts("");
			
 
				   printf("Client: keys out:");
			
 
				   PA(key_out, key_out_len);
			
 
				   puts("");
			
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -126,6 +126,12 @@
 
				 
			
 
				 /* default cipher function */
			
 
				 #define DEFAULT_CIPHER CRYPTO_CIPHER_AES_CTR
			
 
				+/* Used to en/decrypt onion skins */
			
 
				+#define ONION_CIPHER      DEFAULT_CIPHER
			
 
				+/* Used to en/decrypt cells between ORs/OPs. */
			
 
				+#define CONNECTION_CIPHER DEFAULT_CIPHER
			
 
				+/* Used to en/decrypt RELAY cells */
			
 
				+#define CIRCUIT_CIPHER    DEFAULT_CIPHER
			
 
				 
			
 
				 #define CELL_DIRECTION_IN 1
			
 
				 #define CELL_DIRECTION_OUT 2
			
--- a/src/or/routers.c
+++ b/src/or/routers.c
@@ -58,7 +58,11 @@ int learn_my_address(struct sockaddr_in *me) {
 
				   memcpy((void *)&me->sin_addr,(void *)localhost->h_addr,sizeof(struct in_addr));
			
 
				   me->sin_port = htons(options.ORPort);
			
 
				   log_fn(LOG_DEBUG,"chose address as '%s'.",inet_ntoa(me->sin_addr));
			
 
				-
			
 
				+  if (!strncmp("127.",inet_ntoa(me->sin_addr), 4) &&
			
 
				+      strcasecmp(localhostname, "localhost")) {
			
 
				+    /* We're a loopback IP but we're not called localhost.  Uh oh! */
			
 
				+    log_fn(LOG_WARNING, "Got a loopback address: /etc/hosts may be wrong");
			
 
				+  }
			
 
				   return 0;
			
 
				 }