search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Do not use pseudorandom nonces
[tor.git] / src / or / connection_or.c
blob8de0b2a2f3899bc52b5de9155b9e7ca187deaa7d
1 /* Copyright 2001,2002 Roger Dingledine, Matej Pfajfar. */
2 /* See LICENSE for licensing information */
3 /* $Id$ */
4
5 #include "or.h"
6 extern or_options_t options; /* command-line and config-file options */
7
8 /*
9 *
10 * these two functions are the main ways 'in' to connection_or
11 *
12 */
13
14 int connection_or_process_inbuf(connection_t *conn) {
15
16 assert(conn && conn->type == CONN_TYPE_OR);
17
18 if(conn->inbuf_reached_eof) {
19 /* eof reached, kill it. */
20 log(LOG_DEBUG,"connection_or_process_inbuf(): conn reached eof. Closing.");
21 return -1;
22 }
23
24 // log(LOG_DEBUG,"connection_or_process_inbuf(): state %d.",conn->state);
25
26 switch(conn->state) {
27 case OR_CONN_STATE_CLIENT_AUTH_WAIT:
28 return or_handshake_client_process_auth(conn);
29 case OR_CONN_STATE_SERVER_AUTH_WAIT:
30 return or_handshake_server_process_auth(conn);
31 case OR_CONN_STATE_SERVER_NONCE_WAIT:
32 return or_handshake_server_process_nonce(conn);
33 case OR_CONN_STATE_OPEN:
34 return connection_process_cell_from_inbuf(conn);
35 default:
36 log(LOG_DEBUG,"connection_or_process_inbuf() called in state where I'm writing. Ignoring buf for now.");
37 }
38
39 return 0;
40 }
41
42 int connection_or_finished_flushing(connection_t *conn) {
43 int e, len=sizeof(e);
44
45 assert(conn && conn->type == CONN_TYPE_OR);
46
47 switch(conn->state) {
48 case OR_CONN_STATE_OP_SENDING_KEYS:
49 return or_handshake_op_finished_sending_keys(conn);
50 case OR_CONN_STATE_CLIENT_CONNECTING:
51 if (getsockopt(conn->s, SOL_SOCKET, SO_ERROR, &e, &len) < 0) { /* not yet */
52 if(errno != EINPROGRESS){
53 /* yuck. kill it. */
54 log(LOG_DEBUG,"connection_or_finished_flushing(): in-progress connect failed. Removing.");
55 return -1;
56 } else {
57 return 0; /* no change, see if next time is better */
58 }
59 }
60 /* the connect has finished. */
61
62 log(LOG_DEBUG,"connection_or_finished_flushing() : OR connection to router %s:%u established.",
63 conn->address,conn->port);
64
65 if(options.OnionRouter)
66 return or_handshake_client_send_auth(conn);
67 else
68 return or_handshake_op_send_keys(conn);
69 case OR_CONN_STATE_CLIENT_SENDING_AUTH:
70 log(LOG_DEBUG,"connection_or_finished_flushing(): client finished sending auth.");
71 conn->state = OR_CONN_STATE_CLIENT_AUTH_WAIT;
72 connection_watch_events(conn, POLLIN);
73 return 0;
74 case OR_CONN_STATE_CLIENT_SENDING_NONCE:
75 log(LOG_DEBUG,"connection_or_finished_flushing(): client finished sending nonce.");
76 conn_or_init_crypto(conn);
77 connection_or_set_open(conn);
78
79 return connection_process_inbuf(conn); /* in case there's anything waiting on it */
80 case OR_CONN_STATE_SERVER_SENDING_AUTH:
81 log(LOG_DEBUG,"connection_or_finished_flushing(): server finished sending auth.");
82 conn->state = OR_CONN_STATE_SERVER_NONCE_WAIT;
83 connection_watch_events(conn, POLLIN);
84 return 0;
85 case OR_CONN_STATE_OPEN:
86 /* FIXME down the road, we'll clear out circuits that are pending to close */
87 connection_stop_writing(conn);
88 return 0;
89 default:
90 log(LOG_DEBUG,"Bug: connection_or_finished_flushing() called in unexpected state.");
91 return 0;
92 }
93
94 return 0;
95
96 }
97
98 /*********************/
99
100 void connection_or_set_open(connection_t *conn) {
101 conn->state = OR_CONN_STATE_OPEN;
102 directory_set_dirty();
103 connection_init_timeval(conn);
104 connection_watch_events(conn, POLLIN);
105 }
106
107 void conn_or_init_crypto(connection_t *conn) {
108 //int x;
109 unsigned char iv[16];
110
111 assert(conn);
112
113 memset((void *)iv, 0, 16);
114 crypto_cipher_set_iv(conn->f_crypto, iv);
115 crypto_cipher_set_iv(conn->b_crypto, iv);
116
117 crypto_cipher_encrypt_init_cipher(conn->f_crypto);
118 crypto_cipher_decrypt_init_cipher(conn->b_crypto);
119 /* always encrypt with f, always decrypt with b */
120 }
121
122 connection_t *connection_or_connect(routerinfo_t *router) {
123 connection_t *conn;
124 struct sockaddr_in router_addr;
125 int s;
126
127 assert(router);
128
129 if(router_is_me(router->addr, router->or_port)) {
130 /* this is me! don't connect to me. */
131 log(LOG_DEBUG,"connection_or_connect(): This is me. Skipping.");
132 return NULL;
133 }
134
135 /* this function should never be called if we're already connected to router, but */
136 /* check first to be sure */
137 conn = connection_exact_get_by_addr_port(router->addr,router->or_port);
138 if(conn)
139 return conn;
140
141 conn = connection_new(CONN_TYPE_OR);
142 if(!conn) {
143 return NULL;
144 }
145
146 /* set up conn so it's got all the data we need to remember */
147 conn->addr = router->addr;
148 conn->port = router->or_port;
149 conn->bandwidth = router->bandwidth;
150 conn->pkey = crypto_pk_dup_key(router->pkey);
151 conn->address = strdup(router->address);
152
153 s=socket(PF_INET,SOCK_STREAM,IPPROTO_TCP);
154 if (s < 0) {
155 log(LOG_ERR,"Error creating network socket.");
156 connection_free(conn);
157 return NULL;
158 }
159 fcntl(s, F_SETFL, O_NONBLOCK); /* set s to non-blocking */
160
161 memset((void *)&router_addr,0,sizeof(router_addr));
162 router_addr.sin_family = AF_INET;
163 router_addr.sin_port = htons(router->or_port);
164 router_addr.sin_addr.s_addr = htonl(router->addr);
165
166 log(LOG_DEBUG,"connection_or_connect() : Trying to connect to %s:%u.",router->address,router->or_port);
167 if(connect(s,(struct sockaddr *)&router_addr,sizeof(router_addr)) < 0){
168 if(errno != EINPROGRESS){
169 /* yuck. kill it. */
170 connection_free(conn);
171 return NULL;
172 } else {
173 /* it's in progress. set state appropriately and return. */
174 conn->s = s;
175
176 if(connection_add(conn) < 0) { /* no space, forget it */
177 connection_free(conn);
178 return NULL;
179 }
180
181 log(LOG_DEBUG,"connection_or_connect() : connect in progress.");
182 connection_watch_events(conn, POLLIN | POLLOUT); /* writable indicates finish, readable indicates broken link */
183 conn->state = OR_CONN_STATE_CLIENT_CONNECTING;
184 return conn;
185 }
186 }
187
188 /* it succeeded. we're connected. */
189 conn->s = s;
190
191 if(connection_add(conn) < 0) { /* no space, forget it */
192 connection_free(conn);
193 return NULL;
194 }
195
196 log(LOG_DEBUG,"connection_or_connect() : Connection to router %s:%u established.",
197 router->address, router->or_port);
198
199 if((options.OnionRouter && or_handshake_client_send_auth(conn) >= 0) ||
200 (!options.OnionRouter && or_handshake_op_send_keys(conn) >= 0))
201 return conn; /* success! */
202
203 /* failure */
204 connection_remove(conn);
205 connection_free(conn);
206 return NULL;
207 }
208
209 int or_handshake_op_send_keys(connection_t *conn) {
210 unsigned char message[38]; /* flag(16bits), bandwidth(32bits), forward key(128bits), backward key(128bits) */
211 unsigned char cipher[128];
212 int retval;
213
214 assert(conn && conn->type == CONN_TYPE_OR);
215
216 conn->bandwidth = DEFAULT_BANDWIDTH_OP;
217
218 /* generate random keys */
219 if(crypto_cipher_generate_key(conn->f_crypto) ||
220 crypto_cipher_generate_key(conn->b_crypto)) {
221 log(LOG_ERR,"Cannot generate a secure 3DES key.");
222 return -1;
223 }
224 log(LOG_DEBUG,"or_handshake_op_send_keys() : Generated 3DES keys.");
225 /* compose the message */
226 *(uint16_t *)(message) = htons(HANDSHAKE_AS_OP);
227 *(uint32_t *)(message+2) = htonl(conn->bandwidth);
228 memcpy((void *)(message+6), (void *)conn->f_crypto->key, 16);
229 memcpy((void *)(message+22), (void *)conn->b_crypto->key, 16);
230
231 /* encrypt with RSA */
232 if(crypto_pk_public_encrypt(conn->pkey, message, 38, cipher, RSA_PKCS1_PADDING) < 0) {
233 log(LOG_ERR,"or_handshake_op_send_keys(): Public key encryption failed.");
234 return -1;
235 }
236 log(LOG_DEBUG,"or_handshake_op_send_keys() : Encrypted authentication message.");
237
238 /* send message */
239
240 if(connection_write_to_buf(cipher, 128, conn) < 0) {
241 log(LOG_DEBUG,"or_handshake_op_send_keys(): my outbuf is full. Oops.");
242 return -1;
243 }
244 retval = connection_flush_buf(conn);
245 if(retval < 0) {
246 log(LOG_DEBUG,"or_handshake_op_send_keys(): bad socket while flushing.");
247 return -1;
248 }
249 if(retval > 0) {
250 /* still stuff on the buffer. */
251 conn->state = OR_CONN_STATE_OP_SENDING_KEYS;
252 connection_watch_events(conn, POLLOUT | POLLIN);
253 return 0;
254 }
255
256 /* it finished sending */
257 log(LOG_DEBUG,"or_handshake_op_send_keys(): Finished sending authentication message.");
258 return or_handshake_op_finished_sending_keys(conn);
259 }
260
261 int or_handshake_op_finished_sending_keys(connection_t *conn) {
262
263 /* do crypto initialization, etc */
264 conn_or_init_crypto(conn);
265
266 connection_or_set_open(conn);
267 circuit_n_conn_open(conn); /* send the pending onion(s) */
268 return 0;
269 }
270
271 int or_handshake_client_send_auth(connection_t *conn) {
272 int retval;
273 char buf[50];
274 char cipher[128];
275 struct sockaddr_in me; /* my router identity */
276
277 assert(conn);
278
279 if(learn_my_address(&me) < 0)
280 return -1;
281
282 /* generate random keys */
283 if(crypto_cipher_generate_key(conn->f_crypto) ||
284 crypto_cipher_generate_key(conn->b_crypto)) {
285 log(LOG_ERR,"Cannot generate a secure DES key.");
286 return -1;
287 }
288 log(LOG_DEBUG,"or_handshake_client_send_auth() : Generated DES keys.");
289
290 /* generate first message */
291 *(uint16_t*)buf = htons(HANDSHAKE_AS_OR);
292 *(uint32_t*)(buf+2) = me.sin_addr.s_addr; /* local address, network order */
293 *(uint16_t*)(buf+6) = me.sin_port; /* local port, network order */
294 *(uint32_t*)(buf+8) = htonl(conn->addr); /* remote address */
295 *(uint16_t*)(buf+12) = htons(conn->port); /* remote port */
296 memcpy(buf+14,conn->f_crypto->key,16); /* keys */
297 memcpy(buf+30,conn->b_crypto->key,16);
298 *(uint32_t *)(buf+46) = htonl(conn->bandwidth); /* max link utilisation */
299 log(LOG_DEBUG,"or_handshake_client_send_auth() : Generated first authentication message.");
300
301 /* encrypt message */
302 retval = crypto_pk_public_encrypt(conn->pkey, buf, 50, cipher,RSA_PKCS1_PADDING);
303 if (retval == -1) /* error */
304 {
305 log(LOG_ERR,"Public-key encryption failed during authentication to %s:%u.",conn->address,conn->port);
306 log(LOG_DEBUG,"or_handshake_client_send_auth() : Reason : %s.",crypto_perror());
307 return -1;
308 }
309 log(LOG_DEBUG,"or_handshake_client_send_auth() : Encrypted authentication message.");
310
311 /* send message */
312
313 if(connection_write_to_buf(cipher, 128, conn) < 0) {
314 log(LOG_DEBUG,"or_handshake_client_send_auth(): my outbuf is full. Oops.");
315 return -1;
316 }
317 retval = connection_flush_buf(conn);
318 if(retval < 0) {
319 log(LOG_DEBUG,"or_handshake_client_send_auth(): bad socket while flushing.");
320 return -1;
321 }
322 if(retval > 0) {
323 /* still stuff on the buffer. */
324 conn->state = OR_CONN_STATE_CLIENT_SENDING_AUTH;
325 connection_watch_events(conn, POLLOUT | POLLIN);
326 return 0;
327 }
328
329 /* it finished sending */
330 log(LOG_DEBUG,"or_handshake_client_send_auth(): Finished sending authentication message.");
331 conn->state = OR_CONN_STATE_CLIENT_AUTH_WAIT;
332 connection_watch_events(conn, POLLIN);
333 return 0;
334
335 }
336
337 int or_handshake_client_process_auth(connection_t *conn) {
338 char buf[128]; /* only 56 of this is expected to be used */
339 char cipher[128];
340 uint32_t bandwidth;
341 int retval;
342 struct sockaddr_in me; /* my router identity */
343
344 assert(conn);
345
346 if(learn_my_address(&me) < 0)
347 return -1;
348
349 if(conn->inbuf_datalen < 128) /* entire response available? */
350 return 0; /* not yet */
351
352 if(connection_fetch_from_buf(cipher,128,conn) < 0) {
353 return -1;
354 }
355 log(LOG_DEBUG,"or_handshake_client_process_auth() : Received auth.");
356
357 /* decrypt response */
358 retval = crypto_pk_private_decrypt(get_privatekey(), cipher, 128, buf, RSA_PKCS1_PADDING);
359 if (retval == -1)
360 {
361 log(LOG_ERR,"Public-key decryption failed during authentication to %s:%u.",
362 conn->address,conn->port);
363 log(LOG_DEBUG,"or_handshake_client_process_auth() : Reason : %s.",
364 crypto_perror());
365 return -1;
366 }
367 else if (retval != 56)
368 {
369 log(LOG_ERR,"client_process_auth: incorrect response from router %s:%u.",
370 conn->address,conn->port);
371 return -1;
372 }
373 log(LOG_DEBUG,"or_handshake_client_process_auth() : Decrypted response.");
374 /* check validity */
375 if ( (*(uint32_t*)buf != me.sin_addr.s_addr) || /* local address, network order */
376 (*(uint16_t*)(buf+4) != me.sin_port) || /* local port, network order */
377 (ntohl(*(uint32_t*)(buf+6)) != conn->addr) || /* remote address */
378 (ntohs(*(uint16_t*)(buf+10)) != conn->port) ) { /* remote port */
379 log(LOG_ERR,"client_process_auth: Router %s:%u: bad address info.", conn->address,conn->port);
380 return -1;
381 }
382 if ( (memcmp(conn->f_crypto->key, buf+12, 16)) || /* keys */
383 (memcmp(conn->b_crypto->key, buf+28, 16)) ) {
384 log(LOG_ERR,"client_process_auth: Router %s:%u: bad key info.",conn->address,conn->port);
385 return -1;
386 }
387
388 log(LOG_DEBUG,"or_handshake_client_process_auth() : Response valid.");
389
390 /* update link info */
391 bandwidth = ntohl(*(uint32_t *)(buf+44));
392
393 if (conn->bandwidth > bandwidth)
394 conn->bandwidth = bandwidth;
395
396 /* reply is just local addr/port, remote addr/port, nonce */
397 memcpy(buf+12, buf+48, 8);
398
399 /* encrypt reply */
400 retval = crypto_pk_public_encrypt(conn->pkey, buf, 20, cipher,RSA_PKCS1_PADDING);
401 if (retval == -1) /* error */
402 {
403 log(LOG_ERR,"Public-key encryption failed during authentication to %s:%u.",conn->address,conn->port);
404 log(LOG_DEBUG,"or_handshake_client_process_auth() : Reason : %s.",crypto_perror());
405 return -1;
406 }
407
408 /* send the message */
409
410 if(connection_write_to_buf(cipher, 128, conn) < 0) {
411 log(LOG_DEBUG,"or_handshake_client_process_auth(): my outbuf is full. Oops.");
412 return -1;
413 }
414 retval = connection_flush_buf(conn);
415 if(retval < 0) {
416 log(LOG_DEBUG,"or_handshake_client_process_auth(): bad socket while flushing.");
417 return -1;
418 }
419 if(retval > 0) {
420 /* still stuff on the buffer. */
421 conn->state = OR_CONN_STATE_CLIENT_SENDING_NONCE;
422 connection_watch_events(conn, POLLOUT | POLLIN);
423 /* return(connection_process_inbuf(conn)); process the rest of the inbuf */
424 return 0;
425 }
426
427 /* it finished sending */
428 log(LOG_DEBUG,"or_handshake_client_process_auth(): Finished sending nonce.");
429 conn_or_init_crypto(conn);
430 connection_or_set_open(conn);
431 return connection_process_inbuf(conn); /* process the rest of the inbuf */
432
433 }
434
435 /*
436 *
437 * auth handshake, as performed by OR *receiving* the connection
438 *
439 */
440
441 int or_handshake_server_process_auth(connection_t *conn) {
442 int retval;
443
444 char buf[128]; /* 50 of this is expected to be used for OR, 38 for OP */
445 char cipher[128];
446
447 unsigned char iv[16];
448
449 uint32_t addr;
450 uint16_t port;
451
452 uint32_t bandwidth;
453 routerinfo_t *router;
454
455 assert(conn);
456
457 log(LOG_DEBUG,"or_handshake_server_process_auth() entered.");
458
459 if(conn->inbuf_datalen < 128) /* entire response available? */
460 return 0; /* not yet */
461
462 if(connection_fetch_from_buf(cipher,128,conn) < 0) {
463 return -1;
464 }
465 log(LOG_DEBUG,"or_handshake_server_process_auth() : Received auth.");
466
467 /* decrypt response */
468 retval = crypto_pk_private_decrypt(get_privatekey(), cipher, 128, buf, RSA_PKCS1_PADDING);
469 if (retval == -1) {
470 log(LOG_ERR,"or_handshake_server_process_auth: Public-key decryption failed.");
471 log(LOG_DEBUG,"or_handshake_server_process_auth() : Reason : %s.",
472 crypto_perror());
473 return -1;
474 }
475
476 if (retval == 50) {
477
478 log(LOG_DEBUG,"or_handshake_server_process_auth(): Decrypted OR-style auth message.");
479 if(ntohs(*(uint16_t*)buf) != HANDSHAKE_AS_OR) {
480 log(LOG_DEBUG,"or_handshake_server_process_auth(): ...but wasn't labelled OR. Dropping.");
481 return -1;
482 }
483
484 /* identify the router */
485 addr = ntohl(*(uint32_t*)(buf+2)); /* save the IP address */
486 port = ntohs(*(uint16_t*)(buf+6)); /* save the port */
487
488 router = router_get_by_addr_port(addr,port);
489 if (!router) {
490 log(LOG_DEBUG,"or_handshake_server_process_auth() : unknown router '%s:%d'. Will drop.", conn->address, port);
491 return -1;
492 }
493 log(LOG_DEBUG,"or_handshake_server_process_auth() : Router identified as %s:%u.",
494 router->address,router->or_port);
495
496 if(connection_exact_get_by_addr_port(addr,port)) {
497 log(LOG_DEBUG,"or_handshake_server_process_auth(): That router is already connected. Dropping.");
498 return -1;
499 }
500
501 /* save keys */
502 crypto_cipher_set_key(conn->b_crypto,buf+14);
503 crypto_cipher_set_key(conn->f_crypto,buf+30);
504
505 /* update link info */
506 bandwidth = ntohl(*(uint32_t *)(buf+46));
507
508 conn->bandwidth = router->bandwidth;
509
510 if (conn->bandwidth > bandwidth)
511 conn->bandwidth = bandwidth;
512
513 /* copy all relevant info to conn */
514 conn->addr = router->addr, conn->port = router->or_port;
515 conn->pkey = crypto_pk_dup_key(router->pkey);
516 conn->address = strdup(router->address);
517
518 /* generate a nonce */
519 retval = crypto_rand(8, conn->nonce);
520 if (retval) { /* error */
521 log(LOG_ERR,"Cannot generate a nonce.");
522 return -1;
523 }
524 log(LOG_DEBUG,"or_handshake_server_process_auth(): Nonce generated.");
525
526 memmove(buf, buf+2, 44);
527 *(uint32_t *)(buf+44) = htonl(conn->bandwidth); /* send max link utilisation */
528 memcpy(buf+48,conn->nonce,8); /* append the nonce to the end of the message */
529
530 /* encrypt message */
531 retval = crypto_pk_public_encrypt(conn->pkey, buf, 56, cipher,RSA_PKCS1_PADDING);
532 if (retval == -1) { /* error */
533 log(LOG_ERR,"Public-key encryption failed during authentication to %s:%u.",conn->address,conn->port);
534 log(LOG_DEBUG,"or_handshake_server_process_auth() : Reason : %s.",crypto_perror());
535 return -1;
536 }
537 log(LOG_DEBUG,"or_handshake_server_process_auth() : Reply encrypted.");
538
539 /* send message */
540
541 if(connection_write_to_buf(cipher, 128, conn) < 0) {
542 log(LOG_DEBUG,"or_handshake_server_process_auth(): my outbuf is full. Oops.");
543 return -1;
544 }
545 retval = connection_flush_buf(conn);
546 if(retval < 0) {
547 log(LOG_DEBUG,"or_handshake_server_process_auth(): bad socket while flushing.");
548 return -1;
549 }
550 if(retval > 0) {
551 /* still stuff on the buffer. */
552 conn->state = OR_CONN_STATE_SERVER_SENDING_AUTH;
553 connection_watch_events(conn, POLLOUT | POLLIN);
554 return 0;
555 }
556
557 /* it finished sending */
558 log(LOG_DEBUG,"or_handshake_server_process_auth(): Finished sending auth.");
559 conn->state = OR_CONN_STATE_SERVER_NONCE_WAIT;
560 connection_watch_events(conn, POLLIN);
561 return 0;
562 }
563
564 if(retval == 38) {
565 log(LOG_DEBUG,"or_handshake_server_process_auth(): Decrypted OP-style auth message.");
566 if(ntohs(*(uint16_t*)buf) != HANDSHAKE_AS_OP) {
567 log(LOG_DEBUG,"or_handshake_server_process_auth(): ...but wasn't labelled OP. Dropping.");
568 return -1;
569 }
570
571 conn->bandwidth = ntohl(*((uint32_t *)(buf+2)));
572 log(LOG_DEBUG,"or_handshake_server_process_auth(): Bandwidth %d requested.",conn->bandwidth);
573
574 crypto_cipher_set_key(conn->b_crypto, buf+6);
575 crypto_cipher_set_key(conn->f_crypto, buf+22);
576
577 memset(iv, 0, 16);
578 crypto_cipher_set_iv(conn->b_crypto, iv);
579 crypto_cipher_set_iv(conn->f_crypto, iv);
580
581 crypto_cipher_encrypt_init_cipher(conn->b_crypto);
582 crypto_cipher_decrypt_init_cipher(conn->f_crypto);
583
584 conn->state = OR_CONN_STATE_OPEN;
585 connection_init_timeval(conn);
586 connection_watch_events(conn, POLLIN);
587
588 return connection_process_inbuf(conn); /* in case they sent some cells along with the keys */
589 }
590
591 log(LOG_ERR,"or_handshake_server_process_auth(): received an incorrect authentication request.");
592 return -1;
593 }
594
595 int or_handshake_server_process_nonce(connection_t *conn) {
596
597 char buf[128];
598 char cipher[128];
599 int retval;
600 struct sockaddr_in me; /* my router identity */
601
602 assert(conn);
603
604 if(learn_my_address(&me) < 0)
605 return -1;
606
607 if(conn->inbuf_datalen < 128) /* entire response available? */
608 return 0; /* not yet */
609
610 if(connection_fetch_from_buf(cipher,128,conn) < 0) {
611 return -1;
612 }
613 log(LOG_DEBUG,"or_handshake_server_process_nonce() : Received auth.");
614
615 /* decrypt response */
616 retval = crypto_pk_private_decrypt(get_privatekey(), cipher, 128, buf,RSA_PKCS1_PADDING);
617 if (retval == -1)
618 {
619 log(LOG_ERR,"Public-key decryption failed during authentication to %s:%u.",
620 conn->address,conn->port);
621 log(LOG_DEBUG,"or_handshake_server_process_nonce() : Reason : %s.",
622 crypto_perror());
623 return -1;
624 }
625 else if (retval != 20)
626 {
627 log(LOG_ERR,"server_process_nonce: incorrect response from router %s:%u.",
628 conn->address,conn->port);
629 return -1;
630 }
631 log(LOG_DEBUG,"or_handshake_server_process_nonce() : Response decrypted.");
632
633 /* check validity */
634 if ((ntohl(*(uint32_t*)buf) != conn->addr) || /* remote address */
635 (ntohs(*(uint16_t*)(buf+4)) != conn->port) || /* remote port */
636 (*(uint32_t*)(buf+6) != me.sin_addr.s_addr) || /* local address, network order */
637 (*(uint16_t*)(buf+10) != me.sin_port) || /* local port, network order */
638 (memcmp(conn->nonce,buf+12,8))) /* nonce */
639 {
640 log(LOG_ERR,"server_process_nonce: Router %s:%u gave bad response.",conn->address,conn->port);
641 return -1;
642 }
643 log(LOG_DEBUG,"or_handshake_server_process_nonce() : Response valid. Authentication complete.");
644
645 conn_or_init_crypto(conn);
646 connection_or_set_open(conn);
647 return connection_process_inbuf(conn); /* process the rest of the inbuf */
648
649 }
650
651
652 /* ********************************** */
653
654
655 int connection_or_create_listener(struct sockaddr_in *bindaddr) {
656 log(LOG_DEBUG,"connection_create_or_listener starting");
657 return connection_create_listener(bindaddr, CONN_TYPE_OR_LISTENER);
658 }
659
660 int connection_or_handle_listener_read(connection_t *conn) {
661 log(LOG_NOTICE,"OR: Received a connection request from a router. Attempting to authenticate.");
662 return connection_handle_listener_read(conn, CONN_TYPE_OR, OR_CONN_STATE_SERVER_AUTH_WAIT);
663 }
664
665 /*
666 Local Variables:
667 mode:c
668 indent-tabs-mode:nil
669 c-basic-offset:2
670 End:
671 */
The Onion Router