+++ /dev/null
-/* Copyright 2001,2002 Roger Dingledine, Matej Pfajfar. */
-/* See LICENSE for licensing information */
-/* $Id$ */
-
-#include "or.h"
-
-int connection_op_process_inbuf(connection_t *conn) {
-
- assert(conn && conn->type == CONN_TYPE_OP);
-
- if(conn->inbuf_reached_eof) {
- /* eof reached, kill it. */
- log(LOG_DEBUG,"connection_op_process_inbuf(): conn reached eof. Closing.");
- return -1;
- }
-
- log(LOG_DEBUG,"connection_op_process_inbuf(): state %d.",conn->state);
-
- switch(conn->state) {
- case OP_CONN_STATE_AWAITING_KEYS:
- return op_handshake_process_keys(conn);
- case OP_CONN_STATE_OPEN:
- return connection_process_cell_from_inbuf(conn);
- default:
- log(LOG_DEBUG,"connection_op_process_inbuf() called in state where I'm writing. Ignoring buf for now.")
-;
- }
-
- return 0;
-}
-
-int op_handshake_process_keys(connection_t *conn) {
- int retval;
- //int x;
- unsigned char iv[16];
-
- /* key exchange message */
- unsigned char auth_cipher[128];
- unsigned char auth_plain[128];
-
- assert(conn);
-
- log(LOG_DEBUG,"op_handshake_process_keys() entered.");
-
- if(conn->inbuf_datalen < 128) /* entire response available? */
- return 0; /* not yet */
-
- if(connection_fetch_from_buf(auth_cipher,128,conn) < 0) {
- return -1;
- }
- log(LOG_DEBUG,"op_handshake_process_keys() : Received auth.");
-
- /* decrypt response */
- retval = crypto_pk_private_decrypt(get_privatekey(), auth_cipher, 128, auth_plain,RSA_PKCS1_PADDING);
- if (retval == -1)
- {
- log(LOG_ERR,"Decrypting keys from new OP failed.");
- log(LOG_DEBUG,"op_handshake_process_keys() : Reason : %s.",
- crypto_perror());
- return -1;
- }
- /* XXXX Check length */
-
- log(LOG_DEBUG,"Successfully decrypted keys from new OP.");
-
- conn->bandwidth = ntohl(*((uint32_t *)auth_plain));
- log(LOG_DEBUG,"op_handshake_process_keys(): Bandwidth %d requested.",conn->bandwidth);
-
- crypto_cipher_set_key(conn->b_crypto, auth_plain+4);
- crypto_cipher_set_key(conn->f_crypto, auth_plain+20);
-#if 0
- printf("f_session_key: ");
- for(x=0;x<8;x++) {
- printf("%d ",conn->f_crypto->key[x]);
- }
- printf("\nb_session_key: ");
- for(x=0;x<8;x++) {
- printf("%d ",conn->b_crypto->key[x]);
- }
- printf("\n");
-#endif
-
- memset(iv, 0, 16);
- crypto_cipher_set_iv(conn->b_crypto, iv);
- crypto_cipher_set_iv(conn->f_crypto, iv);
-
- crypto_cipher_encrypt_init_cipher(conn->b_crypto);
- crypto_cipher_decrypt_init_cipher(conn->f_crypto);
-
- conn->state = OP_CONN_STATE_OPEN;
- connection_init_timeval(conn);
- connection_watch_events(conn, POLLIN);
-
- return connection_process_inbuf(conn); /* in case they sent some cells along with the keys */
-}
-
-int connection_op_finished_flushing(connection_t *conn) {
-
- assert(conn && conn->type == CONN_TYPE_OP);
-
- switch(conn->state) {
- case OP_CONN_STATE_OPEN:
- /* FIXME down the road, we'll clear out circuits that are pending to close */
- connection_stop_writing(conn);
- return 0;
- default:
- log(LOG_DEBUG,"Bug: connection_op_finished_flushing() called in unexpected state.");
- return 0;
- }
-
- return 0;
-
-}
-
-int connection_op_create_listener(struct sockaddr_in *bindaddr) {
- log(LOG_DEBUG,"connection_create_op_listener starting");
- return connection_create_listener(bindaddr, CONN_TYPE_OP_LISTENER);
-}
-
-int connection_op_handle_listener_read(connection_t *conn) {
- log(LOG_NOTICE,"OP: Received a connection request. Waiting for keys.");
- return connection_handle_listener_read(conn, CONN_TYPE_OP, OP_CONN_STATE_AWAITING_KEYS);
-}
-
-/*
- Local Variables:
- mode:c
- indent-tabs-mode:nil
- c-basic-offset:2
- End:
-*/
/* $Id$ */
#include "or.h"
+extern or_options_t options; /* command-line and config-file options */
-/*
+/*
*
* these two functions are the main ways 'in' to connection_or
*
assert(conn && conn->type == CONN_TYPE_OR);
switch(conn->state) {
- case OR_CONN_STATE_OP_CONNECTING:
- if (getsockopt(conn->s, SOL_SOCKET, SO_ERROR, &e, &len) < 0) { /* not yet */
- if(errno != EINPROGRESS){
- /* yuck. kill it. */
- log(LOG_DEBUG,"connection_or_finished_flushing(): in-progress connect failed. Removing.");
- return -1;
- } else {
- return 0; /* no change, see if next time is better */
- }
- }
- /* the connect has finished. */
-
- log(LOG_DEBUG,"connection_or_finished_flushing() : OP connection to router %s:%u established.",
- conn->address,conn->port);
-
- return or_handshake_op_send_keys(conn);
case OR_CONN_STATE_OP_SENDING_KEYS:
return or_handshake_op_finished_sending_keys(conn);
case OR_CONN_STATE_CLIENT_CONNECTING:
log(LOG_DEBUG,"connection_or_finished_flushing() : OR connection to router %s:%u established.",
conn->address,conn->port);
- return or_handshake_client_send_auth(conn);
+ if(options.OnionRouter)
+ return or_handshake_client_send_auth(conn);
+ else
+ return or_handshake_op_send_keys(conn);
case OR_CONN_STATE_CLIENT_SENDING_AUTH:
log(LOG_DEBUG,"connection_or_finished_flushing(): client finished sending auth.");
conn->state = OR_CONN_STATE_CLIENT_AUTH_WAIT;
unsigned char iv[16];
assert(conn);
-#if 0
- printf("f_session_key: ");
- for(x=0;x<8;x++) {
- printf("%d ",conn->f_crypto->key[x]);
- }
- printf("\nb_session_key: ");
- for(x=0;x<8;x++) {
- printf("%d ",conn->b_crypto->key[x]);
- }
- printf("\n");
-#endif
memset((void *)iv, 0, 16);
crypto_cipher_set_iv(conn->f_crypto, iv);
crypto_cipher_set_iv(conn->b_crypto, iv);
-
+
crypto_cipher_encrypt_init_cipher(conn->f_crypto);
crypto_cipher_decrypt_init_cipher(conn->b_crypto);
/* always encrypt with f, always decrypt with b */
-
}
-/* helper function for connection_or_connect_as_or and _as_op.
- * returns NULL if the connection fails. If it succeeds, it sets
- * *result to 1 if connect() returned before completing, or to 2
- * if it completed, and returns the new conn.
- */
-connection_t *connection_or_connect(routerinfo_t *router, uint16_t port, int *result) {
+connection_t *connection_or_connect(routerinfo_t *router) {
connection_t *conn;
struct sockaddr_in router_addr;
int s;
+ assert(router);
+
+ if(router_is_me(router->addr, router->or_port)) {
+ /* this is me! don't connect to me. */
+ log(LOG_DEBUG,"connection_or_connect(): This is me. Skipping.");
+ return NULL;
+ }
+
+ /* this function should never be called if we're already connected to router, but */
+ /* check first to be sure */
+ conn = connection_exact_get_by_addr_port(router->addr,router->or_port);
+ if(conn)
+ return conn;
+
conn = connection_new(CONN_TYPE_OR);
if(!conn) {
return NULL;
/* set up conn so it's got all the data we need to remember */
conn->addr = router->addr;
- conn->port = router->or_port; /* NOTE we store or_port here always */
+ conn->port = router->or_port;
conn->bandwidth = router->bandwidth;
conn->pkey = crypto_pk_dup_key(router->pkey);
conn->address = strdup(router->address);
s=socket(PF_INET,SOCK_STREAM,IPPROTO_TCP);
- if (s < 0)
- {
+ if (s < 0) {
log(LOG_ERR,"Error creating network socket.");
connection_free(conn);
return NULL;
memset((void *)&router_addr,0,sizeof(router_addr));
router_addr.sin_family = AF_INET;
- router_addr.sin_port = htons(port);
+ router_addr.sin_port = htons(router->or_port);
router_addr.sin_addr.s_addr = htonl(router->addr);
- log(LOG_DEBUG,"connection_or_connect() : Trying to connect to %s:%u.",router->address,port);
-
+ log(LOG_DEBUG,"connection_or_connect() : Trying to connect to %s:%u.",router->address,router->or_port);
if(connect(s,(struct sockaddr *)&router_addr,sizeof(router_addr)) < 0){
if(errno != EINPROGRESS){
/* yuck. kill it. */
log(LOG_DEBUG,"connection_or_connect() : connect in progress.");
connection_watch_events(conn, POLLIN | POLLOUT); /* writable indicates finish, readable indicates broken link */
- *result = 1; /* connecting */
+ conn->state = OR_CONN_STATE_CLIENT_CONNECTING;
return conn;
-
}
}
return NULL;
}
- log(LOG_DEBUG,"connection_or_connect() : Connection to router %s:%u established.",router->address,port);
-
- *result = 2; /* connection finished */
- return(conn);
-}
-
-/*
- *
- * handshake for connecting to the op_port of an onion router
- *
- */
-
-connection_t *connection_or_connect_as_op(routerinfo_t *router) {
- connection_t *conn;
- int result=0; /* so connection_or_connect() can tell us what happened */
-
- assert(router);
-
- if(router_is_me(router->addr, router->or_port)) {
- /* this is me! don't connect to me. */
- log(LOG_WARNING,"connection_or_connect_as_op(): You just asked me to connect to myself.");
- return NULL;
- }
-
- /* this function should never be called if we're already connected to router, but */
- /* check first to be sure */
- conn = connection_exact_get_by_addr_port(router->addr,router->or_port);
- if(conn)
- return conn;
+ log(LOG_DEBUG,"connection_or_connect() : Connection to router %s:%u established.",
+ router->address, router->or_port);
- conn = connection_or_connect(router, router->op_port, &result);
- if(!conn)
- return NULL;
+ if((options.OnionRouter && or_handshake_client_send_auth(conn) >= 0) ||
+ (!options.OnionRouter && or_handshake_op_send_keys(conn) >= 0))
+ return conn; /* success! */
- assert(result != 0); /* if conn is defined, then it must have set result */
-
- /* now we know it succeeded */
- if(result == 1) {
- conn->state = OR_CONN_STATE_OP_CONNECTING;
- return conn;
- }
-
- if(result == 2) {
- /* move to the next step in the handshake */
- if(or_handshake_op_send_keys(conn) < 0) {
- connection_remove(conn);
- connection_free(conn);
- return NULL;
- }
- return conn;
- }
- return NULL; /* shouldn't get here; to keep gcc happy */
+ /* failure */
+ connection_remove(conn);
+ connection_free(conn);
+ return NULL;
}
int or_handshake_op_send_keys(connection_t *conn) {
- unsigned char message[36]; /* bandwidth(32bits), forward key(128bits), backward key(128bits) */
+ unsigned char message[38]; /* flag(16bits), bandwidth(32bits), forward key(128bits), backward key(128bits) */
unsigned char cipher[128];
int retval;
}
log(LOG_DEBUG,"or_handshake_op_send_keys() : Generated 3DES keys.");
/* compose the message */
- *(uint32_t *)message = htonl(conn->bandwidth);
- memcpy((void *)(message + 4), (void *)conn->f_crypto->key, 16);
- memcpy((void *)(message + 20), (void *)conn->b_crypto->key, 16);
-
-#if 0
- printf("f_session_key: ");
- for(x=0;x<16;x++) {
- printf("%d ",conn->f_crypto->key[x]);
- }
- printf("\nb_session_key: ");
- for(x=0;x<16;x++) {
- printf("%d ",conn->b_crypto->key[x]);
- }
- printf("\n");
-#endif
+ *(uint16_t *)(message) = htons(HANDSHAKE_AS_OP);
+ *(uint32_t *)(message+2) = htonl(conn->bandwidth);
+ memcpy((void *)(message+6), (void *)conn->f_crypto->key, 16);
+ memcpy((void *)(message+22), (void *)conn->b_crypto->key, 16);
/* encrypt with RSA */
- if(crypto_pk_public_encrypt(conn->pkey, message, 36, cipher, RSA_PKCS1_PADDING) < 0) {
+ if(crypto_pk_public_encrypt(conn->pkey, message, 38, cipher, RSA_PKCS1_PADDING) < 0) {
log(LOG_ERR,"or_handshake_op_send_keys(): Public key encryption failed.");
return -1;
}
return 0;
}
-/*
- *
- * auth handshake, as performed by OR *initiating* the connection
- *
- */
-
-connection_t *connection_or_connect_as_or(routerinfo_t *router) {
- connection_t *conn;
- int result=0; /* so connection_or_connect() can tell us what happened */
-
- assert(router);
-
- if(router_is_me(router->addr, router->or_port)) {
- /* this is me! don't connect to me. */
- log(LOG_DEBUG,"connection_or_connect_as_or(): This is me. Skipping.");
- return NULL;
- }
-
- conn = connection_or_connect(router, router->or_port, &result);
- if(!conn)
- return NULL;
-
- /* now we know it succeeded */
- if(result == 1) {
- conn->state = OR_CONN_STATE_CLIENT_CONNECTING;
- return conn;
- }
-
- if(result == 2) {
- /* move to the next step in the handshake */
- if(or_handshake_client_send_auth(conn) < 0) {
- connection_remove(conn);
- connection_free(conn);
- return NULL;
- }
- return conn;
- }
- return NULL; /* shouldn't get here; to keep gcc happy */
-}
-
int or_handshake_client_send_auth(connection_t *conn) {
int retval;
- char buf[48];
+ char buf[50];
char cipher[128];
struct sockaddr_in me; /* my router identity */
log(LOG_DEBUG,"or_handshake_client_send_auth() : Generated DES keys.");
/* generate first message */
- *(uint32_t*)buf = me.sin_addr.s_addr; /* local address, network order */
- *(uint16_t*)(buf+4) = me.sin_port; /* local port, network order */
- *(uint32_t*)(buf+6) = htonl(conn->addr); /* remote address */
- *(uint16_t*)(buf+10) = htons(conn->port); /* remote port */
- memcpy(buf+12,conn->f_crypto->key,16); /* keys */
- memcpy(buf+28,conn->b_crypto->key,16);
- *(uint32_t *)(buf+44) = htonl(conn->bandwidth); /* max link utilisation */
+ *(uint16_t*)buf = htons(HANDSHAKE_AS_OR);
+ *(uint32_t*)(buf+2) = me.sin_addr.s_addr; /* local address, network order */
+ *(uint16_t*)(buf+6) = me.sin_port; /* local port, network order */
+ *(uint32_t*)(buf+8) = htonl(conn->addr); /* remote address */
+ *(uint16_t*)(buf+12) = htons(conn->port); /* remote port */
+ memcpy(buf+14,conn->f_crypto->key,16); /* keys */
+ memcpy(buf+30,conn->b_crypto->key,16);
+ *(uint32_t *)(buf+46) = htonl(conn->bandwidth); /* max link utilisation */
log(LOG_DEBUG,"or_handshake_client_send_auth() : Generated first authentication message.");
/* encrypt message */
- retval = crypto_pk_public_encrypt(conn->pkey, buf, 48, cipher,RSA_PKCS1_PADDING);
+ retval = crypto_pk_public_encrypt(conn->pkey, buf, 50, cipher,RSA_PKCS1_PADDING);
if (retval == -1) /* error */
{
log(LOG_ERR,"Public-key encryption failed during authentication to %s:%u.",conn->address,conn->port);
int or_handshake_server_process_auth(connection_t *conn) {
int retval;
- char buf[128]; /* only 48 of this is expected to be used */
+ char buf[128]; /* 50 of this is expected to be used for OR, 38 for OP */
char cipher[128];
+ unsigned char iv[16];
+
uint32_t addr;
uint16_t port;
/* decrypt response */
retval = crypto_pk_private_decrypt(get_privatekey(), cipher, 128, buf, RSA_PKCS1_PADDING);
- if (retval == -1)
- {
+ if (retval == -1) {
log(LOG_ERR,"or_handshake_server_process_auth: Public-key decryption failed.");
log(LOG_DEBUG,"or_handshake_server_process_auth() : Reason : %s.",
crypto_perror());
return -1;
}
- else if (retval != 48)
- {
- log(LOG_ERR,"or_handshake_server_process_auth(): received an incorrect authentication request.");
- return -1;
- }
- log(LOG_DEBUG,"or_handshake_server_process_auth() : Decrypted authentication message.");
- /* identify the router */
- addr = ntohl(*(uint32_t*)buf); /* save the IP address */
- port = ntohs(*(uint16_t*)(buf+4)); /* save the port */
+ if (retval == 50) {
- router = router_get_by_addr_port(addr,port);
- if (!router)
- {
- log(LOG_DEBUG,"or_handshake_server_process_auth() : unknown router '%s:%d'. Will drop.", conn->address, port);
- return -1;
- }
- log(LOG_DEBUG,"or_handshake_server_process_auth() : Router identified as %s:%u.",
- router->address,router->or_port);
+ log(LOG_DEBUG,"or_handshake_server_process_auth(): Decrypted OR-style auth message.");
+ if(ntohs(*(uint16_t*)buf) != HANDSHAKE_AS_OR) {
+ log(LOG_DEBUG,"or_handshake_server_process_auth(): ...but wasn't labelled OR. Dropping.");
+ return -1;
+ }
- if(connection_exact_get_by_addr_port(addr,port)) {
- log(LOG_DEBUG,"or_handshake_server_process_auth(): That router is already connected. Dropping.");
- return -1;
- }
+ /* identify the router */
+ addr = ntohl(*(uint32_t*)(buf+2)); /* save the IP address */
+ port = ntohs(*(uint16_t*)(buf+6)); /* save the port */
- /* save keys */
- crypto_cipher_set_key(conn->b_crypto,buf+12);
- crypto_cipher_set_key(conn->f_crypto,buf+28);
+ router = router_get_by_addr_port(addr,port);
+ if (!router) {
+ log(LOG_DEBUG,"or_handshake_server_process_auth() : unknown router '%s:%d'. Will drop.", conn->address, port);
+ return -1;
+ }
+ log(LOG_DEBUG,"or_handshake_server_process_auth() : Router identified as %s:%u.",
+ router->address,router->or_port);
- /* update link info */
- bandwidth = ntohl(*(uint32_t *)(buf+44));
+ if(connection_exact_get_by_addr_port(addr,port)) {
+ log(LOG_DEBUG,"or_handshake_server_process_auth(): That router is already connected. Dropping.");
+ return -1;
+ }
- conn->bandwidth = router->bandwidth;
+ /* save keys */
+ crypto_cipher_set_key(conn->b_crypto,buf+14);
+ crypto_cipher_set_key(conn->f_crypto,buf+30);
- if (conn->bandwidth > bandwidth)
- conn->bandwidth = bandwidth;
+ /* update link info */
+ bandwidth = ntohl(*(uint32_t *)(buf+46));
- /* copy all relevant info to conn */
- conn->addr = router->addr, conn->port = router->or_port;
- conn->pkey = crypto_pk_dup_key(router->pkey);
- conn->address = strdup(router->address);
+ conn->bandwidth = router->bandwidth;
- /* generate a nonce */
- retval = crypto_pseudo_rand(8, conn->nonce);
- if (retval) /* error */
- {
- log(LOG_ERR,"Cannot generate a nonce.");
- return -1;
- }
- log(LOG_DEBUG,"or_handshake_server_process_auth() : Nonce generated.");
+ if (conn->bandwidth > bandwidth)
+ conn->bandwidth = bandwidth;
- *(uint32_t *)(buf+44) = htonl(conn->bandwidth); /* send max link utilisation */
- memcpy(buf+48,conn->nonce,8); /* append the nonce to the end of the message */
+ /* copy all relevant info to conn */
+ conn->addr = router->addr, conn->port = router->or_port;
+ conn->pkey = crypto_pk_dup_key(router->pkey);
+ conn->address = strdup(router->address);
- /* encrypt message */
- retval = crypto_pk_public_encrypt(conn->pkey, buf, 56, cipher,RSA_PKCS1_PADDING);
- if (retval == -1) /* error */
- {
- log(LOG_ERR,"Public-key encryption failed during authentication to %s:%u.",conn->address,conn->port);
- log(LOG_DEBUG,"or_handshake_server_process_auth() : Reason : %s.",crypto_perror());
- return -1;
- }
- log(LOG_DEBUG,"or_handshake_server_process_auth() : Reply encrypted.");
+ /* generate a nonce */
+ retval = crypto_pseudo_rand(8, conn->nonce);
+ if (retval) { /* error */
+ log(LOG_ERR,"Cannot generate a nonce.");
+ return -1;
+ }
+ log(LOG_DEBUG,"or_handshake_server_process_auth(): Nonce generated.");
+
+ memmove(buf, buf+2, 46);
+ *(uint32_t *)(buf+44) = htonl(conn->bandwidth); /* send max link utilisation */
+ memcpy(buf+48,conn->nonce,8); /* append the nonce to the end of the message */
+
+ /* encrypt message */
+ retval = crypto_pk_public_encrypt(conn->pkey, buf, 56, cipher,RSA_PKCS1_PADDING);
+ if (retval == -1) { /* error */
+ log(LOG_ERR,"Public-key encryption failed during authentication to %s:%u.",conn->address,conn->port);
+ log(LOG_DEBUG,"or_handshake_server_process_auth() : Reason : %s.",crypto_perror());
+ return -1;
+ }
+ log(LOG_DEBUG,"or_handshake_server_process_auth() : Reply encrypted.");
- /* send message */
+ /* send message */
- if(connection_write_to_buf(cipher, 128, conn) < 0) {
- log(LOG_DEBUG,"or_handshake_server_process_auth(): my outbuf is full. Oops.");
- return -1;
- }
- retval = connection_flush_buf(conn);
- if(retval < 0) {
- log(LOG_DEBUG,"or_handshake_server_process_auth(): bad socket while flushing.");
- return -1;
- }
- if(retval > 0) {
- /* still stuff on the buffer. */
- conn->state = OR_CONN_STATE_SERVER_SENDING_AUTH;
- connection_watch_events(conn, POLLOUT | POLLIN);
+ if(connection_write_to_buf(cipher, 128, conn) < 0) {
+ log(LOG_DEBUG,"or_handshake_server_process_auth(): my outbuf is full. Oops.");
+ return -1;
+ }
+ retval = connection_flush_buf(conn);
+ if(retval < 0) {
+ log(LOG_DEBUG,"or_handshake_server_process_auth(): bad socket while flushing.");
+ return -1;
+ }
+ if(retval > 0) {
+ /* still stuff on the buffer. */
+ conn->state = OR_CONN_STATE_SERVER_SENDING_AUTH;
+ connection_watch_events(conn, POLLOUT | POLLIN);
+ return 0;
+ }
+
+ /* it finished sending */
+ log(LOG_DEBUG,"or_handshake_server_process_auth(): Finished sending auth.");
+ conn->state = OR_CONN_STATE_SERVER_NONCE_WAIT;
+ connection_watch_events(conn, POLLIN);
return 0;
}
- /* it finished sending */
- log(LOG_DEBUG,"or_handshake_server_process_auth(): Finished sending auth.");
- conn->state = OR_CONN_STATE_SERVER_NONCE_WAIT;
- connection_watch_events(conn, POLLIN);
- return 0;
+ if(retval == 38) {
+ log(LOG_DEBUG,"or_handshake_server_process_auth(): Decrypted OP-style auth message.");
+ if(ntohs(*(uint16_t*)buf) != HANDSHAKE_AS_OP) {
+ log(LOG_DEBUG,"or_handshake_server_process_auth(): ...but wasn't labelled OP. Dropping.");
+ return -1;
+ }
+
+ conn->bandwidth = ntohl(*((uint32_t *)(buf+2)));
+ log(LOG_DEBUG,"or_handshake_server_process_auth(): Bandwidth %d requested.",conn->bandwidth);
+
+ crypto_cipher_set_key(conn->b_crypto, buf+6);
+ crypto_cipher_set_key(conn->f_crypto, buf+22);
+
+ memset(iv, 0, 16);
+ crypto_cipher_set_iv(conn->b_crypto, iv);
+ crypto_cipher_set_iv(conn->f_crypto, iv);
+
+ crypto_cipher_encrypt_init_cipher(conn->b_crypto);
+ crypto_cipher_decrypt_init_cipher(conn->f_crypto);
+
+ conn->state = OR_CONN_STATE_OPEN;
+ connection_init_timeval(conn);
+ connection_watch_events(conn, POLLIN);
+
+ return connection_process_inbuf(conn); /* in case they sent some cells along with the keys */
+ }
+ log(LOG_ERR,"or_handshake_server_process_auth(): received an incorrect authentication request.");
+ return -1;
}
int or_handshake_server_process_nonce(connection_t *conn) {
projects / thirdparty / tor.git / commitdiff
