1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
|
/* Copyright 2001,2002 Roger Dingledine, Matej Pfajfar. */
/* See LICENSE for licensing information */
/* $Id$ */
#include "or.h"
int connection_op_process_inbuf(connection_t *conn) {
assert(conn && conn->type == CONN_TYPE_OP);
if(conn->inbuf_reached_eof) {
/* eof reached, kill it. */
log(LOG_DEBUG,"connection_op_process_inbuf(): conn reached eof. Closing.");
return -1;
}
log(LOG_DEBUG,"connection_op_process_inbuf(): state %d.",conn->state);
switch(conn->state) {
case OP_CONN_STATE_AWAITING_KEYS:
return op_handshake_process_keys(conn);
case OP_CONN_STATE_OPEN:
return connection_process_cell_from_inbuf(conn);
default:
log(LOG_DEBUG,"connection_op_process_inbuf() called in state where I'm writing. Ignoring buf for now.")
;
}
return 0;
}
int op_handshake_process_keys(connection_t *conn) {
int retval;
//int x;
unsigned char iv[16];
/* key exchange message */
unsigned char auth_cipher[128];
unsigned char auth_plain[128];
assert(conn);
log(LOG_DEBUG,"op_handshake_process_keys() entered.");
if(conn->inbuf_datalen < 128) /* entire response available? */
return 0; /* not yet */
if(connection_fetch_from_buf(auth_cipher,128,conn) < 0) {
return -1;
}
log(LOG_DEBUG,"op_handshake_process_keys() : Received auth.");
/* decrypt response */
retval = crypto_pk_private_decrypt(conn->prkey, auth_cipher, 128, auth_plain,RSA_PKCS1_PADDING);
if (retval == -1)
{
log(LOG_ERR,"Decrypting keys from new OP failed.");
log(LOG_DEBUG,"op_handshake_process_keys() : Reason : %s.",
crypto_perror());
return -1;
}
log(LOG_DEBUG,"Successfully decrypted keys from new OP.");
conn->bandwidth = ntohl(*((uint32_t *)auth_plain));
crypto_cipher_set_key(conn->b_crypto, auth_plain+4);
crypto_cipher_set_key(conn->f_crypto, auth_plain+12);
#if 0
printf("f_session_key: ");
for(x=0;x<8;x++) {
printf("%d ",conn->f_crypto->key[x]);
}
printf("\nb_session_key: ");
for(x=0;x<8;x++) {
printf("%d ",conn->b_crypto->key[x]);
}
printf("\n");
#endif
memset(iv, 0, 16);
crypto_cipher_set_iv(conn->b_crypto, iv);
crypto_cipher_set_iv(conn->f_crypto, iv);
crypto_cipher_encrypt_init_cipher(conn->b_crypto);
crypto_cipher_decrypt_init_cipher(conn->f_crypto);
conn->state = OP_CONN_STATE_OPEN;
connection_init_timeval(conn);
connection_watch_events(conn, POLLIN);
return connection_process_inbuf(conn); /* in case they sent some cells along with the keys */
}
int connection_op_finished_flushing(connection_t *conn) {
assert(conn && conn->type == CONN_TYPE_OP);
switch(conn->state) {
case OP_CONN_STATE_OPEN:
/* FIXME down the road, we'll clear out circuits that are pending to close */
connection_stop_writing(conn);
return 0;
default:
log(LOG_DEBUG,"Bug: connection_op_finished_flushing() called in unexpected state.");
return 0;
}
return 0;
}
int connection_op_create_listener(crypto_pk_env_t *prkey, struct sockaddr_in *local) {
log(LOG_DEBUG,"connection_create_op_listener starting");
return connection_create_listener(prkey, local, CONN_TYPE_OP_LISTENER);
}
int connection_op_handle_listener_read(connection_t *conn) {
log(LOG_NOTICE,"OP: Received a connection request. Waiting for keys.");
return connection_handle_listener_read(conn, CONN_TYPE_OP, OP_CONN_STATE_AWAITING_KEYS);
}
|