[or-cvs] Finish zlib and half-open; switch to 3des (ede/ofb)
Nick Mathewson
nickm at seul.org
Wed Mar 19 20:48:58 UTC 2003
Update of /home/or/cvsroot/src/or
In directory moria.mit.edu:/tmp/cvs-serv24105
Modified Files:
connection.c connection_ap.c connection_exit.c connection_or.c
onion.c or.h
Log Message:
Finish zlib and half-open; switch to 3des (ede/ofb)
Index: connection.c
===================================================================
RCS file: /home/or/cvsroot/src/or/connection.c,v
retrieving revision 1.44
retrieving revision 1.45
diff -u -d -r1.44 -r1.45
--- connection.c 18 Mar 2003 01:49:55 -0000 1.44
+++ connection.c 19 Mar 2003 20:48:56 -0000 1.45
@@ -111,12 +111,12 @@
conn->timestamp_lastwritten = now.tv_sec;
if (connection_speaks_cells(conn)) {
- conn->f_crypto = crypto_new_cipher_env(CRYPTO_CIPHER_DES);
+ conn->f_crypto = crypto_new_cipher_env(CRYPTO_CIPHER_3DES);
if (!conn->f_crypto) {
free((void *)conn);
return NULL;
}
- conn->b_crypto = crypto_new_cipher_env(CRYPTO_CIPHER_DES);
+ conn->b_crypto = crypto_new_cipher_env(CRYPTO_CIPHER_3DES);
if (!conn->b_crypto) {
crypto_free_cipher_env(conn->f_crypto);
free((void *)conn);
@@ -385,6 +385,8 @@
int flush) {
int n;
struct timeval now;
+
+ assert(conn);
if (len) {
if (write_to_buf(string, len,
Index: connection_ap.c
===================================================================
RCS file: /home/or/cvsroot/src/or/connection_ap.c,v
retrieving revision 1.28
retrieving revision 1.29
diff -u -d -r1.28 -r1.29
--- connection_ap.c 18 Mar 2003 01:49:55 -0000 1.28
+++ connection_ap.c 19 Mar 2003 20:48:56 -0000 1.29
@@ -388,7 +388,6 @@
num_seen++;
log(LOG_DEBUG,"connection_ap_process_data_cell(): Now seen %d data cells here.", num_seen);
-
circuit_consider_sending_sendme(circ, EDGE_AP);
for(conn = circ->p_conn; conn && conn->topic_id != topic_id; conn = conn->next_topic) ;
@@ -420,8 +419,8 @@
#ifdef USE_ZLIB
if(connection_decompress_to_buf(cell->payload + TOPIC_HEADER_SIZE,
- cell->length - TOPIC_HEADER_SIZE,
- conn, Z_SYNC_FLUSH) < 0) {
+ cell->length - TOPIC_HEADER_SIZE,
+ conn, Z_SYNC_FLUSH) < 0) {
log(LOG_INFO,"connection_exit_process_data_cell(): write to buf failed. Marking for close.");
conn->marked_for_close = 1;
return 0;
@@ -455,7 +454,7 @@
conn->done_sending = 1;
shutdown(conn->s, 1); /* XXX check return; refactor NM */
if (conn->done_receiving)
- conn->marked_for_close = 1;
+ conn->marked_for_close = 1;
#endif
conn->marked_for_close = 1;
break;
@@ -493,6 +492,10 @@
case AP_CONN_STATE_OPEN:
/* FIXME down the road, we'll clear out circuits that are pending to close */
connection_stop_writing(conn);
+#ifdef USE_ZLIB
+ if (connection_decompress_to_buf(NULL, 0, conn, Z_SYNC_FLUSH) < 0)
+ return 0;
+#endif
return connection_consider_sending_sendme(conn, EDGE_AP);
default:
log(LOG_DEBUG,"Bug: connection_ap_finished_flushing() called in unexpected state.");
@@ -511,4 +514,3 @@
log(LOG_NOTICE,"AP: Received a connection request. Waiting for socksinfo.");
return connection_handle_listener_read(conn, CONN_TYPE_AP, AP_CONN_STATE_SOCKS_WAIT);
}
-
Index: connection_exit.c
===================================================================
RCS file: /home/or/cvsroot/src/or/connection_exit.c,v
retrieving revision 1.22
retrieving revision 1.23
diff -u -d -r1.22 -r1.23
--- connection_exit.c 17 Mar 2003 02:42:45 -0000 1.22
+++ connection_exit.c 19 Mar 2003 20:48:56 -0000 1.23
@@ -5,13 +5,43 @@
#include "or.h"
int connection_exit_process_inbuf(connection_t *conn) {
+ circuit_t *circ;
+ cell_t cell;
assert(conn && conn->type == CONN_TYPE_EXIT);
if(conn->inbuf_reached_eof) {
+#if 1
+ /* XXX!!! If this is right, duplicate it in connection_ap.c */
+
+ /* eof reached; we're done reading, but we might want to write more. */
+ conn->done_receiving = 1;
+ shutdown(conn->s, 0); /* XXX check return, refactor NM */
+ if (conn->done_sending)
+ conn->marked_for_close = 1;
+
+ /* XXX Factor out common logic here and in circuit_about_to_close NM */
+ circ = circuit_get_by_conn(conn);
+ if (!circ)
+ return -1;
+
+ memset(&cell, 0, sizeof(cell_t));
+ cell.command = CELL_DATA;
+ cell.length = TOPIC_HEADER_SIZE;
+ *(uint16_t *)(cell.payload+2) = htons(conn->topic_id);
+ *cell.payload = TOPIC_COMMAND_END;
+ cell.aci = circ->p_aci;
+ if (circuit_deliver_data_cell_from_edge(&cell, circ, EDGE_EXIT) < 0) {
+ log(LOG_DEBUG,"connection_exit_process_inbuf: circuit_deliver_data_cell_from_edge failed. Closing");
+ circuit_close(circ);
+ }
+ return 0;
+#else
+
/* eof reached, kill it. */
log(LOG_DEBUG,"connection_exit_process_inbuf(): conn reached eof. Closing.");
return -1;
+#endif
}
log(LOG_DEBUG,"connection_exit_process_inbuf(): state %d.",conn->state);
@@ -62,6 +92,10 @@
/* FIXME down the road, we'll clear out circuits that are pending to close */
log(LOG_DEBUG,"connection_exit_finished_flushing(): finished flushing.");
connection_stop_writing(conn);
+#ifdef USE_ZLIB
+ if (connection_decompress_to_buf(NULL, 0, conn, Z_SYNC_FLUSH) < 0)
+ return 0;
+#endif
connection_consider_sending_sendme(conn, EDGE_EXIT);
return 0;
default:
@@ -219,8 +253,8 @@
log(LOG_DEBUG,"connection_exit_process_data_cell(): put %d bytes on outbuf.",cell->length - TOPIC_HEADER_SIZE);
#ifdef USE_ZLIB
if(connection_decompress_to_buf(cell->payload + TOPIC_HEADER_SIZE,
- cell->length - TOPIC_HEADER_SIZE,
- conn, Z_SYNC_FLUSH) < 0) {
+ cell->length - TOPIC_HEADER_SIZE,
+ conn, Z_SYNC_FLUSH) < 0) {
log(LOG_INFO,"connection_exit_process_data_cell(): write to buf failed. Marking for close.");
conn->marked_for_close = 1;
return 0;
@@ -255,9 +289,9 @@
conn->done_sending = 1;
shutdown(conn->s, 1); /* XXX check return; refactor NM */
if (conn->done_receiving)
- conn->marked_for_close = 1;
+ conn->marked_for_close = 1;
#endif
-
+
conn->marked_for_close = 1;
break;
case TOPIC_COMMAND_CONNECTED:
Index: connection_or.c
===================================================================
RCS file: /home/or/cvsroot/src/or/connection_or.c,v
retrieving revision 1.18
retrieving revision 1.19
diff -u -d -r1.18 -r1.19
--- connection_or.c 7 Mar 2003 07:57:55 -0000 1.18
+++ connection_or.c 19 Mar 2003 20:48:56 -0000 1.19
@@ -261,7 +261,7 @@
int or_handshake_op_send_keys(connection_t *conn) {
//int x;
uint32_t bandwidth = DEFAULT_BANDWIDTH_OP;
- unsigned char message[20]; /* bandwidth(32bits), forward key(64bits), backward key(64bits) */
+ unsigned char message[36]; /* bandwidth(32bits), forward key(128bits), backward key(128bits) */
unsigned char cipher[128];
int retval;
@@ -270,29 +270,29 @@
/* generate random keys */
if(crypto_cipher_generate_key(conn->f_crypto) ||
crypto_cipher_generate_key(conn->b_crypto)) {
- log(LOG_ERR,"Cannot generate a secure DES key.");
+ log(LOG_ERR,"Cannot generate a secure 3DES key.");
return -1;
}
- log(LOG_DEBUG,"or_handshake_op_send_keys() : Generated DES keys.");
+ log(LOG_DEBUG,"or_handshake_op_send_keys() : Generated 3DES keys.");
/* compose the message */
*(uint32_t *)message = htonl(bandwidth);
- memcpy((void *)(message + 4), (void *)conn->f_crypto->key, 8);
- memcpy((void *)(message + 12), (void *)conn->b_crypto->key, 8);
+ memcpy((void *)(message + 4), (void *)conn->f_crypto->key, 16);
+ memcpy((void *)(message + 20), (void *)conn->b_crypto->key, 16);
#if 0
printf("f_session_key: ");
- for(x=0;x<8;x++) {
+ for(x=0;x<16;x++) {
printf("%d ",conn->f_crypto->key[x]);
}
printf("\nb_session_key: ");
- for(x=0;x<8;x++) {
+ for(x=0;x<16;x++) {
printf("%d ",conn->b_crypto->key[x]);
}
printf("\n");
#endif
/* encrypt with RSA */
- if(crypto_pk_public_encrypt(conn->pkey, message, 20, cipher, RSA_PKCS1_PADDING) < 0) {
+ if(crypto_pk_public_encrypt(conn->pkey, message, 36, cipher, RSA_PKCS1_PADDING) < 0) {
log(LOG_ERR,"or_handshake_op_send_keys(): Public key encryption failed.");
return -1;
}
@@ -375,7 +375,7 @@
int or_handshake_client_send_auth(connection_t *conn) {
int retval;
- char buf[44];
+ char buf[46];
char cipher[128];
struct sockaddr_in me; /* my router identity */
@@ -397,13 +397,13 @@
*(uint16_t*)(buf+4) = me.sin_port; /* local port, network order */
*(uint32_t*)(buf+6) = htonl(conn->addr); /* remote address */
*(uint16_t*)(buf+10) = htons(conn->port); /* remote port */
- memcpy(buf+12,conn->f_crypto->key,8); /* keys */
- memcpy(buf+20,conn->b_crypto->key,8);
- *(uint32_t *)(buf+28) = htonl(conn->bandwidth); /* max link utilisation */
+ memcpy(buf+12,conn->f_crypto->key,16); /* keys */
+ memcpy(buf+28,conn->b_crypto->key,16);
+ *(uint32_t *)(buf+44) = htonl(conn->bandwidth); /* max link utilisation */
log(LOG_DEBUG,"or_handshake_client_send_auth() : Generated first authentication message.");
/* encrypt message */
- retval = crypto_pk_public_encrypt(conn->pkey, buf, 32, cipher,RSA_PKCS1_PADDING);
+ retval = crypto_pk_public_encrypt(conn->pkey, buf, 48, cipher,RSA_PKCS1_PADDING);
if (retval == -1) /* error */
{
log(LOG_ERR,"Public-key encryption failed during authentication to %s:%u.",conn->address,conn->port);
@@ -439,7 +439,7 @@
}
int or_handshake_client_process_auth(connection_t *conn) {
- char buf[128]; /* only 40 of this is expected to be used */
+ char buf[128]; /* only 48 of this is expected to be used */
char cipher[128];
uint32_t bandwidth;
int retval;
@@ -468,7 +468,7 @@
crypto_perror());
return -1;
}
- else if (retval != 40)
+ else if (retval != 48)
{
log(LOG_ERR,"Received an incorrect response from router %s:%u during authentication.",
conn->address,conn->port);
@@ -480,8 +480,8 @@
(*(uint16_t*)(buf+4) != me.sin_port) || /* local port, network order */
(ntohl(*(uint32_t*)(buf+6)) != conn->addr) || /* remote address */
(ntohs(*(uint16_t*)(buf+10)) != conn->port) || /* remote port */
- (memcmp(conn->f_crypto->key, buf+12, 8)) || /* keys */
- (memcmp(conn->b_crypto->key, buf+20, 8)) )
+ (memcmp(conn->f_crypto->key, buf+12, 16)) || /* keys */
+ (memcmp(conn->b_crypto->key, buf+28, 16)) )
{ /* incorrect response */
log(LOG_ERR,"Router %s:%u failed to authenticate. Either the key I have is obsolete or they're doing something they're not supposed to.",conn->address,conn->port);
return -1;
@@ -490,7 +490,7 @@
log(LOG_DEBUG,"or_handshake_client_process_auth() : Response valid.");
/* update link info */
- bandwidth = ntohl(*(uint32_t *)(buf+28));
+ bandwidth = ntohl(*(uint32_t *)(buf+44));
if (conn->bandwidth > bandwidth)
conn->bandwidth = bandwidth;
@@ -545,7 +545,7 @@
int or_handshake_server_process_auth(connection_t *conn) {
int retval;
- char buf[128]; /* only 32 of this is expected to be used */
+ char buf[128]; /* only 48 of this is expected to be used */
char cipher[128];
uint32_t addr;
@@ -575,7 +575,7 @@
crypto_perror());
return -1;
}
- else if (retval != 32)
+ else if (retval != 48)
{
log(LOG_ERR,"Received an incorrect authentication request.");
return -1;
@@ -602,10 +602,10 @@
/* save keys */
crypto_cipher_set_key(conn->b_crypto,buf+12);
- crypto_cipher_set_key(conn->f_crypto,buf+20);
+ crypto_cipher_set_key(conn->f_crypto,buf+28);
/* update link info */
- bandwidth = ntohl(*(uint32_t *)(buf+28));
+ bandwidth = ntohl(*(uint32_t *)(buf+44));
conn->bandwidth = router->bandwidth;
@@ -627,11 +627,11 @@
log(LOG_DEBUG,"or_handshake_server_process_auth() : Nonce generated.");
/* generate message */
- memcpy(buf+32,conn->nonce,8); /* append the nonce to the end of the message */
+ memcpy(buf+48,conn->nonce,8); /* append the nonce to the end of the message */
*(uint32_t *)(buf+28) = htonl(conn->bandwidth); /* send max link utilisation */
/* encrypt message */
- retval = crypto_pk_public_encrypt(conn->pkey, buf, 40, cipher,RSA_PKCS1_PADDING);
+ retval = crypto_pk_public_encrypt(conn->pkey, buf, 56, cipher,RSA_PKCS1_PADDING);
if (retval == -1) /* error */
{
log(LOG_ERR,"Public-key encryption failed during authentication to %s:%u.",conn->address,conn->port);
Index: onion.c
===================================================================
RCS file: /home/or/cvsroot/src/or/onion.c,v
retrieving revision 1.29
retrieving revision 1.30
diff -u -d -r1.29 -r1.30
--- onion.c 18 Mar 2003 01:49:55 -0000 1.29
+++ onion.c 19 Mar 2003 20:48:56 -0000 1.30
@@ -420,6 +420,9 @@
case ONION_CIPHER_DES:
cipher_type = CRYPTO_CIPHER_DES;
break;
+ case ONION_CIPHER_3DES:
+ cipher_type = CRYPTO_CIPHER_3DES;
+ break;
case ONION_CIPHER_RC4 :
cipher_type = CRYPTO_CIPHER_RC4;
break;
@@ -624,8 +627,8 @@
log(LOG_DEBUG,"encrypt_onion() : RSA encrypted first 128 bytes of the onion.");
- /* now encrypt the rest with DES OFB */
- crypt_env = crypto_create_init_cipher(CRYPTO_CIPHER_DES, digest, iv, 1);
+ /* now encrypt the rest with 3DES OFB */
+ crypt_env = crypto_create_init_cipher(CRYPTO_CIPHER_3DES, digest, iv, 1);
if (!crypt_env) {
log(LOG_ERR,"Error creating the crypto environment.");
goto error;
@@ -635,7 +638,7 @@
log(LOG_ERR,"Error performing DES encryption:%s",crypto_perror());
goto error;
}
- log(LOG_DEBUG,"encrypt_onion() : DES OFB encrypted the rest of the onion.");
+ log(LOG_DEBUG,"encrypt_onion() : 3DES OFB encrypted the rest of the onion.");
/* now copy tmpbuf to onion */
memcpy(onion,tmpbuf,onionlen);
@@ -687,8 +690,8 @@
}
log(LOG_DEBUG,"decrypt_onion() : Computed DES key.");
- /* now decrypt the rest with DES OFB */
- crypt_env = crypto_create_init_cipher(CRYPTO_CIPHER_DES, digest, iv, 0);
+ /* now decrypt the rest with 3DES OFB */
+ crypt_env = crypto_create_init_cipher(CRYPTO_CIPHER_3DES, digest, iv, 0);
if (!crypt_env) {
log(LOG_ERR,"Error creating crypto environment");
goto error;
Index: or.h
===================================================================
RCS file: /home/or/cvsroot/src/or/or.h,v
retrieving revision 1.52
retrieving revision 1.53
diff -u -d -r1.52 -r1.53
--- or.h 18 Mar 2003 01:49:55 -0000 1.52
+++ or.h 19 Mar 2003 20:48:56 -0000 1.53
@@ -133,9 +133,10 @@
#define ONION_CIPHER_IDENTITY 0
#define ONION_CIPHER_DES 1
#define ONION_CIPHER_RC4 2
+#define ONION_CIPHER_3DES 3
/* default cipher function */
-#define ONION_DEFAULT_CIPHER ONION_CIPHER_DES
+#define ONION_DEFAULT_CIPHER ONION_CIPHER_3DES
#define CELL_DIRECTION_IN 1
#define CELL_DIRECTION_OUT 2
More information about the tor-commits
mailing list