diff options
| -rw-r--r-- | src/or/circuit.c | 4 | ||||
| -rw-r--r-- | src/or/connection.c | 4 | ||||
| -rw-r--r-- | src/or/connection_or.c | 8 | ||||
| -rw-r--r-- | src/or/onion.c | 22 | ||||
| -rw-r--r-- | src/or/or.h | 6 | ||||
| -rw-r--r-- | src/or/routers.c | 6 |
6 files changed, 25 insertions, 25 deletions
diff --git a/src/or/circuit.c b/src/or/circuit.c index 98f0b14430..3ba0dad5e8 100644 --- a/src/or/circuit.c +++ b/src/or/circuit.c @@ -872,13 +872,13 @@ int circuit_finish_handshake(circuit_t *circ, char *reply) { log_fn(LOG_DEBUG,"hop %d init cipher forward %d, backward %d.", (uint32_t)hop, *(uint32_t*)keys, *(uint32_t*)(keys+16)); if (!(hop->f_crypto = - crypto_create_init_cipher(DEFAULT_CIPHER,keys,iv,1))) { + crypto_create_init_cipher(CIRCUIT_CIPHER,keys,iv,1))) { log(LOG_ERR,"Cipher initialization failed."); return -1; } if (!(hop->b_crypto = - crypto_create_init_cipher(DEFAULT_CIPHER,keys+16,iv,0))) { + crypto_create_init_cipher(CIRCUIT_CIPHER,keys+16,iv,0))) { log(LOG_ERR,"Cipher initialization failed."); return -1; } diff --git a/src/or/connection.c b/src/or/connection.c index 59608c56be..0b88b4cd47 100644 --- a/src/or/connection.c +++ b/src/or/connection.c @@ -88,12 +88,12 @@ connection_t *connection_new(int type) { conn->timestamp_lastwritten = now.tv_sec; if (connection_speaks_cells(conn)) { - conn->f_crypto = crypto_new_cipher_env(CRYPTO_CIPHER_3DES); + conn->f_crypto = crypto_new_cipher_env(CONNECTION_CIPHER); if (!conn->f_crypto) { free((void *)conn); return NULL; } - conn->b_crypto = crypto_new_cipher_env(CRYPTO_CIPHER_3DES); + conn->b_crypto = crypto_new_cipher_env(CONNECTION_CIPHER); if (!conn->b_crypto) { crypto_free_cipher_env(conn->f_crypto); free((void *)conn); diff --git a/src/or/connection_or.c b/src/or/connection_or.c index 683c966554..2408ebac48 100644 --- a/src/or/connection_or.c +++ b/src/or/connection_or.c @@ -232,10 +232,10 @@ or_handshake_op_send_keys(connection_t *conn) { /* generate random keys */ if(crypto_cipher_generate_key(conn->f_crypto) || crypto_cipher_generate_key(conn->b_crypto)) { - log(LOG_ERR,"Cannot generate a secure 3DES key."); + log(LOG_ERR,"Cannot generate a secure symmetric key."); return -1; } - log(LOG_DEBUG,"or_handshake_op_send_keys() : Generated 3DES keys."); + log(LOG_DEBUG,"or_handshake_op_send_keys() : Generated symmetric keys."); /* compose the message */ *(uint16_t *)(message) = htons(HANDSHAKE_AS_OP); *(uint32_t *)(message+FLAGS_LEN) = htonl(conn->bandwidth); @@ -301,10 +301,10 @@ or_handshake_client_send_auth(connection_t *conn) { /* generate random keys */ if(crypto_cipher_generate_key(conn->f_crypto) || crypto_cipher_generate_key(conn->b_crypto)) { - log(LOG_ERR,"Cannot generate a secure DES key."); + log(LOG_ERR,"Cannot generate a secure symmetric key."); return -1; } - log(LOG_DEBUG,"or_handshake_client_send_auth() : Generated DES keys."); + log(LOG_DEBUG,"or_handshake_client_send_auth() : Generated symmetric keys."); /* generate first message */ *(uint16_t*)buf = htons(HANDSHAKE_AS_OR); diff --git a/src/or/onion.c b/src/or/onion.c index 9cf3041e34..ea457c5b4a 100644 --- a/src/or/onion.c +++ b/src/or/onion.c @@ -156,13 +156,13 @@ static int onionskin_process(circuit_t *circ) { log(LOG_DEBUG,"onionskin_process: init cipher forward %d, backward %d.", *(int*)keys, *(int*)(keys+16)); if (!(circ->n_crypto = - crypto_create_init_cipher(DEFAULT_CIPHER,keys,iv,0))) { + crypto_create_init_cipher(CIRCUIT_CIPHER,keys,iv,0))) { log(LOG_ERR,"Cipher initialization failed."); return -1; } if (!(circ->p_crypto = - crypto_create_init_cipher(DEFAULT_CIPHER,keys+16,iv,1))) { + crypto_create_init_cipher(CIRCUIT_CIPHER,keys+16,iv,1))) { log(LOG_ERR,"Cipher initialization failed."); return -1; } @@ -433,7 +433,7 @@ onion_skin_create(crypto_pk_env_t *dest_router_key, puts(""); #endif - cipher = crypto_create_init_cipher(CRYPTO_CIPHER_3DES, pubkey, iv, 1); + cipher = crypto_create_init_cipher(ONION_CIPHER, pubkey, iv, 1); if (!cipher) goto err; @@ -490,7 +490,7 @@ onion_skin_server_handshake(char *onion_skin, /* DH_ONIONSKIN_LEN bytes long */ puts(""); #endif - cipher = crypto_create_init_cipher(CRYPTO_CIPHER_3DES, buf, iv, 0); + cipher = crypto_create_init_cipher(ONION_CIPHER, buf, iv, 0); if (crypto_cipher_decrypt(cipher, onion_skin+pkbytes, DH_ONIONSKIN_LEN-pkbytes, buf+pkbytes)) @@ -516,12 +516,10 @@ onion_skin_server_handshake(char *onion_skin, /* DH_ONIONSKIN_LEN bytes long */ puts(""); #endif - len = crypto_dh_compute_secret(dh, buf+16, DH_KEY_LEN, buf); + len = crypto_dh_compute_secret(dh, buf+16, DH_KEY_LEN, key_out, key_out_len); if (len < 0) goto err; - memcpy(key_out, buf+len-key_out_len, key_out_len); - #ifdef DEBUG_ONION_SKINS printf("Server: key material:"); PA(buf, DH_KEY_LEN); @@ -554,12 +552,9 @@ onion_skin_client_handshake(crypto_dh_env_t *handshake_state, char *key_out, int key_out_len) { - char key_material[DH_KEY_LEN]; int len; assert(crypto_dh_get_bytes(handshake_state) == DH_KEY_LEN); - memset(key_material, 0, DH_KEY_LEN); - #ifdef DEBUG_ONION_SKINS printf("Client: server g^y:"); PA(handshake_reply+0,3); @@ -569,16 +564,11 @@ onion_skin_client_handshake(crypto_dh_env_t *handshake_state, #endif len = crypto_dh_compute_secret(handshake_state, handshake_reply, DH_KEY_LEN, - key_material); + key_out, key_out_len); if (len < 0) return -1; - memcpy(key_out, key_material+len-key_out_len, key_out_len); - #ifdef DEBUG_ONION_SKINS - printf("Client: key material:"); - PA(key_material, DH_KEY_LEN); - puts(""); printf("Client: keys out:"); PA(key_out, key_out_len); puts(""); diff --git a/src/or/or.h b/src/or/or.h index 6ed77e3ea4..37a971e8d5 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -126,6 +126,12 @@ /* default cipher function */ #define DEFAULT_CIPHER CRYPTO_CIPHER_AES_CTR +/* Used to en/decrypt onion skins */ +#define ONION_CIPHER DEFAULT_CIPHER +/* Used to en/decrypt cells between ORs/OPs. */ +#define CONNECTION_CIPHER DEFAULT_CIPHER +/* Used to en/decrypt RELAY cells */ +#define CIRCUIT_CIPHER DEFAULT_CIPHER #define CELL_DIRECTION_IN 1 #define CELL_DIRECTION_OUT 2 diff --git a/src/or/routers.c b/src/or/routers.c index 06d7e2c793..f4d059d9cc 100644 --- a/src/or/routers.c +++ b/src/or/routers.c @@ -58,7 +58,11 @@ int learn_my_address(struct sockaddr_in *me) { memcpy((void *)&me->sin_addr,(void *)localhost->h_addr,sizeof(struct in_addr)); me->sin_port = htons(options.ORPort); log_fn(LOG_DEBUG,"chose address as '%s'.",inet_ntoa(me->sin_addr)); - + if (!strncmp("127.",inet_ntoa(me->sin_addr), 4) && + strcasecmp(localhostname, "localhost")) { + /* We're a loopback IP but we're not called localhost. Uh oh! */ + log_fn(LOG_WARNING, "Got a loopback address: /etc/hosts may be wrong"); + } return 0; } |