end-to-end integrity checking now works

initialize digests from shared secrets at handshake
make circuit_send_next_onion_skin use connection_edge_send_command


svn:r948

1 files changed, 11 insertions, 5 deletions

diff --git a/src/or/onion.c b/src/or/onion.c
index 5c52dd6295..dd7db61622 100644
--- a/src/or/onion.c
+++ b/src/or/onion.c
@@ -131,16 +131,22 @@ int onionskin_answer(circuit_t *circ, unsigned char *payload, unsigned char *key
 
   memcpy(cell.payload, payload, ONIONSKIN_REPLY_LEN);
 
-  log_fn(LOG_DEBUG,"init cipher forward %d, backward %d.", *(int*)keys, *(int*)(keys+16));
-
+  log_fn(LOG_INFO,"init digest forward %d, backward %d.",
+         *(uint32_t*)(keys), *(uint32_t*)(keys+20));
+  circ->n_digest = crypto_new_digest_env(CRYPTO_SHA1_DIGEST);
+  crypto_digest_add_bytes(circ->n_digest, keys, 20);
+  circ->p_digest = crypto_new_digest_env(CRYPTO_SHA1_DIGEST);
+  crypto_digest_add_bytes(circ->p_digest, keys+20, 20);
+
+  log_fn(LOG_DEBUG,"init cipher forward %d, backward %d.",
+         *(uint32_t*)(keys+40), *(uint32_t*)(keys+40+16));
   if (!(circ->n_crypto =
-        crypto_create_init_cipher(CIRCUIT_CIPHER,keys,iv,0))) {
+        crypto_create_init_cipher(CIRCUIT_CIPHER,keys+40,iv,0))) {
     log_fn(LOG_WARN,"Cipher initialization failed (n).");
     return -1;
   }
-
   if (!(circ->p_crypto =
-        crypto_create_init_cipher(CIRCUIT_CIPHER,keys+16,iv,1))) {
+        crypto_create_init_cipher(CIRCUIT_CIPHER,keys+40+16,iv,1))) {
     log_fn(LOG_WARN,"Cipher initialization failed (p).");
     return -1;
   }