From 8b459a27bd0963f388c88f67e217bfaf49280202 Mon Sep 17 00:00:00 2001
From: Arvid Norberg <arvid@libtorrent.org>
Date: Thu, 9 Feb 2012 06:23:58 +0000
Subject: [PATCH] remove 'encrypted peer connections' feature (ssl is a better
 idea)

---
 examples/make_torrent.cpp             |  21 -----
 include/libtorrent/create_torrent.hpp |   6 --
 include/libtorrent/torrent_info.hpp   |   5 --
 src/bt_peer_connection.cpp            | 108 +++++---------------------
 src/create_torrent.cpp                |   8 --
 5 files changed, 21 insertions(+), 127 deletions(-)

diff --git a/examples/make_torrent.cpp b/examples/make_torrent.cpp
index 2c5cb3c3e..fa24d7f38 100644
--- a/examples/make_torrent.cpp
+++ b/examples/make_torrent.cpp
@@ -87,8 +87,6 @@ void print_usage()
 		"            where the filename defaults to a.torrent\n"
 		"-c file     add root certificate to the torrent, to verify\n"
 		"            the HTTPS tracker\n"
-		"-e file     add an AES-256 encryption key. This is used\n"
-		"            to encrypt every peer connection\n"
 		, stderr);
 }
 
@@ -114,7 +112,6 @@ int main(int argc, char* argv[])
 		int piece_size = 0;
 		int flags = 0;
 		std::string root_cert;
-		std::string encryption_key;
 
 		std::string outfile;
 		std::string merklefile;
@@ -170,10 +167,6 @@ int main(int argc, char* argv[])
 					++i;
 					root_cert = argv[i];
 					break;
-				case 'e':
-					++i;
-					encryption_key = argv[i];
-					break;
 				default:
 					print_usage();
 					return 1;
@@ -226,20 +219,6 @@ int main(int argc, char* argv[])
 			}
 		}
 
-		if (!encryption_key.empty())
-		{
-			std::vector<char> key;
-			load_file(encryption_key, key, ec, 32);
-			if (ec)
-			{
-				fprintf(stderr, "failed to load AES-256 encryption key: %s\n", ec.message().c_str());
-			}
-			else
-			{
-				t.set_encryption_key(std::string(&key[0], key.size()));
-			}
-		}
-
 		// create the torrent and print it to stdout
 		std::vector<char> torrent;
 		bencode(back_inserter(torrent), t.generate());
diff --git a/include/libtorrent/create_torrent.hpp b/include/libtorrent/create_torrent.hpp
index 73d0ce917..a7412665c 100644
--- a/include/libtorrent/create_torrent.hpp
+++ b/include/libtorrent/create_torrent.hpp
@@ -90,7 +90,6 @@ namespace libtorrent
 		void add_node(std::pair<std::string, int> const& node);
 		void add_tracker(std::string const& url, int tier = 0);
 		void set_root_cert(std::string const& pem);
-		void set_encryption_key(std::string const& key);
 		void set_priv(bool p) { m_private = p; }
 
 		int num_pieces() const { return m_files.num_pieces(); }
@@ -150,11 +149,6 @@ namespace libtorrent
 		// this is the root cert for SSL torrents
 		std::string m_root_cert;
 
-		// if this is an encrypted torrent, this is the
-		// symmetric encryption key every stream is
-		// encrypted by
-		std::string m_encryption_key;
-
 		// this is used when creating a torrent. If there's
 		// only one file there are cases where it's impossible
 		// to know if it should be written as a multifile torrent
diff --git a/include/libtorrent/torrent_info.hpp b/include/libtorrent/torrent_info.hpp
index 84a051d27..1acc1380b 100644
--- a/include/libtorrent/torrent_info.hpp
+++ b/include/libtorrent/torrent_info.hpp
@@ -335,8 +335,6 @@ namespace libtorrent
 
 #ifdef TORRENT_USE_OPENSSL
 		std::string const& ssl_cert() const { return m_ssl_root_cert; }
-
-		std::string const& encryption_key() const { return m_aes_key; }
 #endif
 
 		bool is_valid() const { return m_files.is_valid(); }
@@ -473,9 +471,6 @@ namespace libtorrent
 		// certificate, in .pem format (i.e. ascii
 		// base64 encoded with head and tails)
 		std::string m_ssl_root_cert;
-
-		// used to encrypt the peer connections
-		std::string m_aes_key;
 #endif
 
 		// the info section parsed. points into m_info_section
diff --git a/src/bt_peer_connection.cpp b/src/bt_peer_connection.cpp
index 51ec1e602..1eed9156b 100644
--- a/src/bt_peer_connection.cpp
+++ b/src/bt_peer_connection.cpp
@@ -132,21 +132,6 @@ namespace libtorrent
 		m_in_constructor = false;
 #endif
 		memset(m_reserved_bits, 0, sizeof(m_reserved_bits));
-
-#ifdef TORRENT_USE_OPENSSL
-		boost::shared_ptr<torrent> t = tor.lock();
-		std::string const key = t->torrent_file().encryption_key();
-		if (key.size() == 32)
-		{
-			m_enc_handler.reset(new aes256_handler);
-			m_enc_handler->set_incoming_key((const unsigned char*)key.c_str(), key.size());
-			m_encrypted = true;
-			m_rc4_encrypted = true;
-#ifdef TORRENT_VERBOSE_LOGGING
-			peer_log("*** encrypted torrent. enabling AES-256 encryption");
-#endif
-		}
-#endif
 	}
 
 	bt_peer_connection::bt_peer_connection(
@@ -221,12 +206,6 @@ namespace libtorrent
 		pe_settings::enc_policy out_enc_policy = m_ses.get_pe_settings().out_enc_policy;
 
 #ifdef TORRENT_USE_OPENSSL
-		// if this torrent is using AES-256 encryption, don't
-		// also enable the normal encryption
-		boost::shared_ptr<torrent> t = associated_torrent().lock();
-		std::string const key = t->torrent_file().encryption_key();
-		if (key.size() == 32) out_enc_policy = pe_settings::disabled;
-
 		// never try an encrypted connection when already using SSL
 		if (is_ssl(*get_socket()))
 			out_enc_policy = pe_settings::disabled;
@@ -2571,12 +2550,6 @@ namespace libtorrent
 			{
 				torrent const& ti = *i->second;
 
-#ifdef TORRENT_USE_OPENSSL
-				// don't consider encrypted torrents (since that would
-				// open up a hole to connecting to them without the key)
-				if (ti.torrent_file().encryption_key().size() == 32) continue;
-#endif
-
 				sha1_hash const& skey_hash = ti.obfuscated_hash();
 				sha1_hash obfs_hash = m_dh_key_exchange->get_hash_xor_mask();
 				obfs_hash ^= skey_hash;
@@ -2955,69 +2928,30 @@ namespace libtorrent
 				}
 #endif // TORRENT_USE_OPENSSL
 
-				bool found_encrypted_torrent = false;
-#ifdef TORRENT_USE_OPENSSL
-				if (!is_outgoing())
-				{
-					std::auto_ptr<encryption_handler> handler(new aes256_handler);
-					boost::uint8_t temp_pad[20];
-
-					for (std::set<boost::shared_ptr<torrent> >::iterator i = m_ses.m_encrypted_torrents.begin()
-						, end(m_ses.m_encrypted_torrents.end()); i != end; ++i)
-					{
-						boost::shared_ptr<torrent> t = *i;
-						std::string const key = t->torrent_file().encryption_key();
-						TORRENT_ASSERT(key.size() == 32);
-						handler->set_incoming_key((const unsigned char*)key.c_str(), key.size());
-						std::memcpy(temp_pad, recv_buffer.begin, 20);
-						handler->decrypt((char*)temp_pad, 20);
-						if (memcmp(temp_pad, protocol_string, 20) != 0) continue;
-
-						// we found the key that could decrypt it
-						m_rc4_encrypted = true;
-						m_encrypted = true;
-						m_enc_handler.reset(handler.release());
-						found_encrypted_torrent = true;
-#ifdef TORRENT_VERBOSE_LOGGING
-						peer_log("*** found encrypted torrent");
-#endif
-						TORRENT_ASSERT(recv_buffer.left() == 20);
-//						handler->decrypt((char*)recv_buffer.begin + 20, recv_buffer.left() - 20);
-						break;
-					}
-				}
-#endif
-
-				if (!found_encrypted_torrent)
-				{
-
-					if (!is_outgoing()
+				if (!is_outgoing()
 					&& m_ses.get_pe_settings().in_enc_policy == pe_settings::disabled)
-					{
-						disconnect(errors::no_incoming_encrypted);
-						return;
-					}
-
-					// Don't attempt to perform an encrypted handshake
-					// within an encrypted connection. For local connections,
-					// we're expected to already have passed the encrypted
-					// handshake by this point
-					if (m_encrypted || is_outgoing())
-					{
-						disconnect(errors::invalid_info_hash, 1);
-						return;
-					}
-
-#ifdef TORRENT_VERBOSE_LOGGING
- 					peer_log("*** attempting encrypted connection");
-#endif
- 					m_state = read_pe_dhkey;
-					cut_receive_buffer(0, dh_key_len);
-					TORRENT_ASSERT(!packet_finished());
+				{
+					disconnect(errors::no_incoming_encrypted);
 					return;
 				}
-				
-				TORRENT_ASSERT((!is_outgoing() && m_encrypted) || is_outgoing());
+
+				// Don't attempt to perform an encrypted handshake
+				// within an encrypted connection. For local connections,
+				// we're expected to already have passed the encrypted
+				// handshake by this point
+				if (m_encrypted || is_outgoing())
+				{
+					disconnect(errors::invalid_info_hash, 1);
+					return;
+				}
+
+#ifdef TORRENT_VERBOSE_LOGGING
+				peer_log("*** attempting encrypted connection");
+#endif
+				m_state = read_pe_dhkey;
+				cut_receive_buffer(0, dh_key_len);
+				TORRENT_ASSERT(!packet_finished());
+				return;
 #else
 				disconnect(errors::invalid_info_hash, 1);
 				return;
diff --git a/src/create_torrent.cpp b/src/create_torrent.cpp
index 089dff4c3..1b584e6ac 100644
--- a/src/create_torrent.cpp
+++ b/src/create_torrent.cpp
@@ -301,9 +301,6 @@ namespace libtorrent
 		if (!m_root_cert.empty())
 			info["ssl-cert"] = m_root_cert;
 
-		if (!m_encryption_key.empty())
-			info["encryption-key"] = m_encryption_key;
-
 		if (m_private) info["private"] = 1;
 
 		if (!m_multifile)
@@ -493,11 +490,6 @@ namespace libtorrent
 		else m_comment = str;
 	}
 
-	void create_torrent::set_encryption_key(std::string const& key)
-	{
-		m_encryption_key = key;
-	}
-
 	void create_torrent::set_creator(char const* str)
 	{
 		if (str == 0) m_created_by.clear();