log_fn(LOG_DEBUG,"hop %d init cipher forward %d, backward %d.", (uint32_t)hop, *(uint32_t*)keys, *(uint32_t*)(keys+16));
if (!(hop->f_crypto =
- crypto_create_init_cipher(DEFAULT_CIPHER,keys,iv,1))) {
+ crypto_create_init_cipher(CIRCUIT_CIPHER,keys,iv,1))) {
log(LOG_ERR,"Cipher initialization failed.");
return -1;
}
if (!(hop->b_crypto =
- crypto_create_init_cipher(DEFAULT_CIPHER,keys+16,iv,0))) {
+ crypto_create_init_cipher(CIRCUIT_CIPHER,keys+16,iv,0))) {
log(LOG_ERR,"Cipher initialization failed.");
return -1;
}
conn->timestamp_lastwritten = now.tv_sec;
if (connection_speaks_cells(conn)) {
- conn->f_crypto = crypto_new_cipher_env(CRYPTO_CIPHER_3DES);
+ conn->f_crypto = crypto_new_cipher_env(CONNECTION_CIPHER);
if (!conn->f_crypto) {
free((void *)conn);
return NULL;
}
- conn->b_crypto = crypto_new_cipher_env(CRYPTO_CIPHER_3DES);
+ conn->b_crypto = crypto_new_cipher_env(CONNECTION_CIPHER);
if (!conn->b_crypto) {
crypto_free_cipher_env(conn->f_crypto);
free((void *)conn);
/* generate random keys */
if(crypto_cipher_generate_key(conn->f_crypto) ||
crypto_cipher_generate_key(conn->b_crypto)) {
- log(LOG_ERR,"Cannot generate a secure 3DES key.");
+ log(LOG_ERR,"Cannot generate a secure symmetric key.");
return -1;
}
- log(LOG_DEBUG,"or_handshake_op_send_keys() : Generated 3DES keys.");
+ log(LOG_DEBUG,"or_handshake_op_send_keys() : Generated symmetric keys.");
/* compose the message */
*(uint16_t *)(message) = htons(HANDSHAKE_AS_OP);
*(uint32_t *)(message+FLAGS_LEN) = htonl(conn->bandwidth);
/* generate random keys */
if(crypto_cipher_generate_key(conn->f_crypto) ||
crypto_cipher_generate_key(conn->b_crypto)) {
- log(LOG_ERR,"Cannot generate a secure DES key.");
+ log(LOG_ERR,"Cannot generate a secure symmetric key.");
return -1;
}
- log(LOG_DEBUG,"or_handshake_client_send_auth() : Generated DES keys.");
+ log(LOG_DEBUG,"or_handshake_client_send_auth() : Generated symmetric keys.");
/* generate first message */
*(uint16_t*)buf = htons(HANDSHAKE_AS_OR);
log(LOG_DEBUG,"onionskin_process: init cipher forward %d, backward %d.", *(int*)keys, *(int*)(keys+16));
if (!(circ->n_crypto =
- crypto_create_init_cipher(DEFAULT_CIPHER,keys,iv,0))) {
+ crypto_create_init_cipher(CIRCUIT_CIPHER,keys,iv,0))) {
log(LOG_ERR,"Cipher initialization failed.");
return -1;
}
if (!(circ->p_crypto =
- crypto_create_init_cipher(DEFAULT_CIPHER,keys+16,iv,1))) {
+ crypto_create_init_cipher(CIRCUIT_CIPHER,keys+16,iv,1))) {
log(LOG_ERR,"Cipher initialization failed.");
return -1;
}
puts("");
#endif
- cipher = crypto_create_init_cipher(CRYPTO_CIPHER_3DES, pubkey, iv, 1);
+ cipher = crypto_create_init_cipher(ONION_CIPHER, pubkey, iv, 1);
if (!cipher)
goto err;
puts("");
#endif
- cipher = crypto_create_init_cipher(CRYPTO_CIPHER_3DES, buf, iv, 0);
+ cipher = crypto_create_init_cipher(ONION_CIPHER, buf, iv, 0);
if (crypto_cipher_decrypt(cipher, onion_skin+pkbytes, DH_ONIONSKIN_LEN-pkbytes,
buf+pkbytes))
puts("");
#endif
- len = crypto_dh_compute_secret(dh, buf+16, DH_KEY_LEN, buf);
+ len = crypto_dh_compute_secret(dh, buf+16, DH_KEY_LEN, key_out, key_out_len);
if (len < 0)
goto err;
- memcpy(key_out, buf+len-key_out_len, key_out_len);
-
#ifdef DEBUG_ONION_SKINS
printf("Server: key material:");
PA(buf, DH_KEY_LEN);
char *key_out,
int key_out_len)
{
- char key_material[DH_KEY_LEN];
int len;
assert(crypto_dh_get_bytes(handshake_state) == DH_KEY_LEN);
- memset(key_material, 0, DH_KEY_LEN);
-
#ifdef DEBUG_ONION_SKINS
printf("Client: server g^y:");
PA(handshake_reply+0,3);
#endif
len = crypto_dh_compute_secret(handshake_state, handshake_reply, DH_KEY_LEN,
- key_material);
+ key_out, key_out_len);
if (len < 0)
return -1;
- memcpy(key_out, key_material+len-key_out_len, key_out_len);
-
#ifdef DEBUG_ONION_SKINS
- printf("Client: key material:");
- PA(key_material, DH_KEY_LEN);
- puts("");
printf("Client: keys out:");
PA(key_out, key_out_len);
puts("");
/* default cipher function */
#define DEFAULT_CIPHER CRYPTO_CIPHER_AES_CTR
+/* Used to en/decrypt onion skins */
+#define ONION_CIPHER DEFAULT_CIPHER
+/* Used to en/decrypt cells between ORs/OPs. */
+#define CONNECTION_CIPHER DEFAULT_CIPHER
+/* Used to en/decrypt RELAY cells */
+#define CIRCUIT_CIPHER DEFAULT_CIPHER
#define CELL_DIRECTION_IN 1
#define CELL_DIRECTION_OUT 2
memcpy((void *)&me->sin_addr,(void *)localhost->h_addr,sizeof(struct in_addr));
me->sin_port = htons(options.ORPort);
log_fn(LOG_DEBUG,"chose address as '%s'.",inet_ntoa(me->sin_addr));
-
+ if (!strncmp("127.",inet_ntoa(me->sin_addr), 4) &&
+ strcasecmp(localhostname, "localhost")) {
+ /* We're a loopback IP but we're not called localhost. Uh oh! */
+ log_fn(LOG_WARNING, "Got a loopback address: /etc/hosts may be wrong");
+ }
return 0;
}
projects / thirdparty / tor.git / commitdiff
