[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[or-cvs] src/or



Update of /home/or/cvsroot/src/or
In directory moria.mit.edu:/tmp/cvs-serv27570/src/or

Modified Files:
	circuit.c connection.c connection_or.c onion.c or.h routers.c 
Log Message:
src/or

Index: circuit.c
===================================================================
RCS file: /home/or/cvsroot/src/or/circuit.c,v
retrieving revision 1.55
retrieving revision 1.56
diff -u -d -r1.55 -r1.56
--- circuit.c	3 Jul 2003 03:40:47 -0000	1.55
+++ circuit.c	30 Jul 2003 19:12:02 -0000	1.56
@@ -872,13 +872,13 @@
 
   log_fn(LOG_DEBUG,"hop %d init cipher forward %d, backward %d.", (uint32_t)hop, *(uint32_t*)keys, *(uint32_t*)(keys+16));
   if (!(hop->f_crypto =
-        crypto_create_init_cipher(DEFAULT_CIPHER,keys,iv,1))) {
+        crypto_create_init_cipher(CIRCUIT_CIPHER,keys,iv,1))) {
     log(LOG_ERR,"Cipher initialization failed.");
     return -1;
   }
 
   if (!(hop->b_crypto =
-        crypto_create_init_cipher(DEFAULT_CIPHER,keys+16,iv,0))) {
+        crypto_create_init_cipher(CIRCUIT_CIPHER,keys+16,iv,0))) {
     log(LOG_ERR,"Cipher initialization failed.");
     return -1;
   }

Index: connection.c
===================================================================
RCS file: /home/or/cvsroot/src/or/connection.c,v
retrieving revision 1.71
retrieving revision 1.72
diff -u -d -r1.71 -r1.72
--- connection.c	5 Jul 2003 07:10:34 -0000	1.71
+++ connection.c	30 Jul 2003 19:12:02 -0000	1.72
@@ -88,12 +88,12 @@
   conn->timestamp_lastwritten = now.tv_sec;
 
   if (connection_speaks_cells(conn)) {
-    conn->f_crypto = crypto_new_cipher_env(CRYPTO_CIPHER_3DES);
+    conn->f_crypto = crypto_new_cipher_env(CONNECTION_CIPHER);
     if (!conn->f_crypto) {
       free((void *)conn);
       return NULL;
     }
-    conn->b_crypto = crypto_new_cipher_env(CRYPTO_CIPHER_3DES);
+    conn->b_crypto = crypto_new_cipher_env(CONNECTION_CIPHER);
     if (!conn->b_crypto) {
       crypto_free_cipher_env(conn->f_crypto);
       free((void *)conn);

Index: connection_or.c
===================================================================
RCS file: /home/or/cvsroot/src/or/connection_or.c,v
retrieving revision 1.35
retrieving revision 1.36
diff -u -d -r1.35 -r1.36
--- connection_or.c	3 Jul 2003 03:40:47 -0000	1.35
+++ connection_or.c	30 Jul 2003 19:12:02 -0000	1.36
@@ -232,10 +232,10 @@
   /* generate random keys */
   if(crypto_cipher_generate_key(conn->f_crypto) ||
      crypto_cipher_generate_key(conn->b_crypto)) {
-    log(LOG_ERR,"Cannot generate a secure 3DES key.");
+    log(LOG_ERR,"Cannot generate a secure symmetric key.");
     return -1;
   }
-  log(LOG_DEBUG,"or_handshake_op_send_keys() : Generated 3DES keys.");
+  log(LOG_DEBUG,"or_handshake_op_send_keys() : Generated symmetric keys.");
   /* compose the message */
   *(uint16_t *)(message) = htons(HANDSHAKE_AS_OP);
   *(uint32_t *)(message+FLAGS_LEN) = htonl(conn->bandwidth);
@@ -301,10 +301,10 @@
   /* generate random keys */
   if(crypto_cipher_generate_key(conn->f_crypto) ||
      crypto_cipher_generate_key(conn->b_crypto)) {
-    log(LOG_ERR,"Cannot generate a secure DES key.");
+    log(LOG_ERR,"Cannot generate a secure symmetric key.");
     return -1;
   }
-  log(LOG_DEBUG,"or_handshake_client_send_auth() : Generated DES keys.");
+  log(LOG_DEBUG,"or_handshake_client_send_auth() : Generated symmetric keys.");
 
   /* generate first message */
   *(uint16_t*)buf = htons(HANDSHAKE_AS_OR);

Index: onion.c
===================================================================
RCS file: /home/or/cvsroot/src/or/onion.c,v
retrieving revision 1.58
retrieving revision 1.59
diff -u -d -r1.58 -r1.59
--- onion.c	21 Jun 2003 19:03:22 -0000	1.58
+++ onion.c	30 Jul 2003 19:12:02 -0000	1.59
@@ -156,13 +156,13 @@
   log(LOG_DEBUG,"onionskin_process: init cipher forward %d, backward %d.", *(int*)keys, *(int*)(keys+16));
 
   if (!(circ->n_crypto =
-        crypto_create_init_cipher(DEFAULT_CIPHER,keys,iv,0))) {
+        crypto_create_init_cipher(CIRCUIT_CIPHER,keys,iv,0))) {
     log(LOG_ERR,"Cipher initialization failed.");
     return -1;
   }
 
   if (!(circ->p_crypto =
-        crypto_create_init_cipher(DEFAULT_CIPHER,keys+16,iv,1))) {
+        crypto_create_init_cipher(CIRCUIT_CIPHER,keys+16,iv,1))) {
     log(LOG_ERR,"Cipher initialization failed.");
     return -1;
   }
@@ -433,7 +433,7 @@
   puts("");
 #endif
 
-  cipher = crypto_create_init_cipher(CRYPTO_CIPHER_3DES, pubkey, iv, 1);
+  cipher = crypto_create_init_cipher(ONION_CIPHER, pubkey, iv, 1);
 
   if (!cipher)
     goto err;
@@ -490,7 +490,7 @@
   puts("");
 #endif
 
-  cipher = crypto_create_init_cipher(CRYPTO_CIPHER_3DES, buf, iv, 0);
+  cipher = crypto_create_init_cipher(ONION_CIPHER, buf, iv, 0);
 
   if (crypto_cipher_decrypt(cipher, onion_skin+pkbytes, DH_ONIONSKIN_LEN-pkbytes,
                             buf+pkbytes))
@@ -516,12 +516,10 @@
   puts("");
 #endif
 
-  len = crypto_dh_compute_secret(dh, buf+16, DH_KEY_LEN, buf);
+  len = crypto_dh_compute_secret(dh, buf+16, DH_KEY_LEN, key_out, key_out_len);
   if (len < 0)
     goto err;
 
-  memcpy(key_out, buf+len-key_out_len, key_out_len);
-
 #ifdef DEBUG_ONION_SKINS
   printf("Server: key material:");
   PA(buf, DH_KEY_LEN);
@@ -554,12 +552,9 @@
                             char *key_out,
                             int key_out_len) 
 {
-  char key_material[DH_KEY_LEN];
   int len;
   assert(crypto_dh_get_bytes(handshake_state) == DH_KEY_LEN);
   
-  memset(key_material, 0, DH_KEY_LEN);
-
 #ifdef DEBUG_ONION_SKINS
   printf("Client: server g^y:");
   PA(handshake_reply+0,3);
@@ -569,16 +564,11 @@
 #endif
 
   len = crypto_dh_compute_secret(handshake_state, handshake_reply, DH_KEY_LEN,
-                                 key_material);
+                                 key_out, key_out_len);
   if (len < 0)
     return -1;
   
-  memcpy(key_out, key_material+len-key_out_len, key_out_len);
-
 #ifdef DEBUG_ONION_SKINS
-  printf("Client: key material:");
-  PA(key_material, DH_KEY_LEN);
-  puts("");
   printf("Client: keys out:");
   PA(key_out, key_out_len);
   puts("");

Index: or.h
===================================================================
RCS file: /home/or/cvsroot/src/or/or.h,v
retrieving revision 1.99
retrieving revision 1.100
diff -u -d -r1.99 -r1.100
--- or.h	8 Jul 2003 08:38:24 -0000	1.99
+++ or.h	30 Jul 2003 19:12:03 -0000	1.100
@@ -126,6 +126,12 @@
 
 /* default cipher function */
 #define DEFAULT_CIPHER CRYPTO_CIPHER_AES_CTR
+/* Used to en/decrypt onion skins */
+#define ONION_CIPHER      DEFAULT_CIPHER
+/* Used to en/decrypt cells between ORs/OPs. */
+#define CONNECTION_CIPHER DEFAULT_CIPHER
+/* Used to en/decrypt RELAY cells */
+#define CIRCUIT_CIPHER    DEFAULT_CIPHER
 
 #define CELL_DIRECTION_IN 1
 #define CELL_DIRECTION_OUT 2

Index: routers.c
===================================================================
RCS file: /home/or/cvsroot/src/or/routers.c,v
retrieving revision 1.37
retrieving revision 1.38
diff -u -d -r1.37 -r1.38
--- routers.c	17 Jun 2003 22:18:26 -0000	1.37
+++ routers.c	30 Jul 2003 19:12:03 -0000	1.38
@@ -58,7 +58,11 @@
   memcpy((void *)&me->sin_addr,(void *)localhost->h_addr,sizeof(struct in_addr));
   me->sin_port = htons(options.ORPort);
   log_fn(LOG_DEBUG,"chose address as '%s'.",inet_ntoa(me->sin_addr));
-
+  if (!strncmp("127.",inet_ntoa(me->sin_addr), 4) &&
+      strcasecmp(localhostname, "localhost")) {
+    /* We're a loopback IP but we're not called localhost.  Uh oh! */
+    log_fn(LOG_WARNING, "Got a loopback address: /etc/hosts may be wrong");
+  }
   return 0;
 }