diff --git a/examples/make_torrent.cpp b/examples/make_torrent.cpp index 2c5cb3c3e..fa24d7f38 100644 --- a/examples/make_torrent.cpp +++ b/examples/make_torrent.cpp @@ -87,8 +87,6 @@ void print_usage() " where the filename defaults to a.torrent\n" "-c file add root certificate to the torrent, to verify\n" " the HTTPS tracker\n" - "-e file add an AES-256 encryption key. This is used\n" - " to encrypt every peer connection\n" , stderr); } @@ -114,7 +112,6 @@ int main(int argc, char* argv[]) int piece_size = 0; int flags = 0; std::string root_cert; - std::string encryption_key; std::string outfile; std::string merklefile; @@ -170,10 +167,6 @@ int main(int argc, char* argv[]) ++i; root_cert = argv[i]; break; - case 'e': - ++i; - encryption_key = argv[i]; - break; default: print_usage(); return 1; @@ -226,20 +219,6 @@ int main(int argc, char* argv[]) } } - if (!encryption_key.empty()) - { - std::vector key; - load_file(encryption_key, key, ec, 32); - if (ec) - { - fprintf(stderr, "failed to load AES-256 encryption key: %s\n", ec.message().c_str()); - } - else - { - t.set_encryption_key(std::string(&key[0], key.size())); - } - } - // create the torrent and print it to stdout std::vector torrent; bencode(back_inserter(torrent), t.generate()); diff --git a/include/libtorrent/create_torrent.hpp b/include/libtorrent/create_torrent.hpp index 73d0ce917..a7412665c 100644 --- a/include/libtorrent/create_torrent.hpp +++ b/include/libtorrent/create_torrent.hpp @@ -90,7 +90,6 @@ namespace libtorrent void add_node(std::pair const& node); void add_tracker(std::string const& url, int tier = 0); void set_root_cert(std::string const& pem); - void set_encryption_key(std::string const& key); void set_priv(bool p) { m_private = p; } int num_pieces() const { return m_files.num_pieces(); } @@ -150,11 +149,6 @@ namespace libtorrent // this is the root cert for SSL torrents std::string m_root_cert; - // if this is an encrypted torrent, this is the - // symmetric encryption key every stream is - // encrypted by - std::string m_encryption_key; - // this is used when creating a torrent. If there's // only one file there are cases where it's impossible // to know if it should be written as a multifile torrent diff --git a/include/libtorrent/torrent_info.hpp b/include/libtorrent/torrent_info.hpp index 84a051d27..1acc1380b 100644 --- a/include/libtorrent/torrent_info.hpp +++ b/include/libtorrent/torrent_info.hpp @@ -335,8 +335,6 @@ namespace libtorrent #ifdef TORRENT_USE_OPENSSL std::string const& ssl_cert() const { return m_ssl_root_cert; } - - std::string const& encryption_key() const { return m_aes_key; } #endif bool is_valid() const { return m_files.is_valid(); } @@ -473,9 +471,6 @@ namespace libtorrent // certificate, in .pem format (i.e. ascii // base64 encoded with head and tails) std::string m_ssl_root_cert; - - // used to encrypt the peer connections - std::string m_aes_key; #endif // the info section parsed. points into m_info_section diff --git a/src/bt_peer_connection.cpp b/src/bt_peer_connection.cpp index 51ec1e602..1eed9156b 100644 --- a/src/bt_peer_connection.cpp +++ b/src/bt_peer_connection.cpp @@ -132,21 +132,6 @@ namespace libtorrent m_in_constructor = false; #endif memset(m_reserved_bits, 0, sizeof(m_reserved_bits)); - -#ifdef TORRENT_USE_OPENSSL - boost::shared_ptr t = tor.lock(); - std::string const key = t->torrent_file().encryption_key(); - if (key.size() == 32) - { - m_enc_handler.reset(new aes256_handler); - m_enc_handler->set_incoming_key((const unsigned char*)key.c_str(), key.size()); - m_encrypted = true; - m_rc4_encrypted = true; -#ifdef TORRENT_VERBOSE_LOGGING - peer_log("*** encrypted torrent. enabling AES-256 encryption"); -#endif - } -#endif } bt_peer_connection::bt_peer_connection( @@ -221,12 +206,6 @@ namespace libtorrent pe_settings::enc_policy out_enc_policy = m_ses.get_pe_settings().out_enc_policy; #ifdef TORRENT_USE_OPENSSL - // if this torrent is using AES-256 encryption, don't - // also enable the normal encryption - boost::shared_ptr t = associated_torrent().lock(); - std::string const key = t->torrent_file().encryption_key(); - if (key.size() == 32) out_enc_policy = pe_settings::disabled; - // never try an encrypted connection when already using SSL if (is_ssl(*get_socket())) out_enc_policy = pe_settings::disabled; @@ -2571,12 +2550,6 @@ namespace libtorrent { torrent const& ti = *i->second; -#ifdef TORRENT_USE_OPENSSL - // don't consider encrypted torrents (since that would - // open up a hole to connecting to them without the key) - if (ti.torrent_file().encryption_key().size() == 32) continue; -#endif - sha1_hash const& skey_hash = ti.obfuscated_hash(); sha1_hash obfs_hash = m_dh_key_exchange->get_hash_xor_mask(); obfs_hash ^= skey_hash; @@ -2955,69 +2928,30 @@ namespace libtorrent } #endif // TORRENT_USE_OPENSSL - bool found_encrypted_torrent = false; -#ifdef TORRENT_USE_OPENSSL - if (!is_outgoing()) - { - std::auto_ptr handler(new aes256_handler); - boost::uint8_t temp_pad[20]; - - for (std::set >::iterator i = m_ses.m_encrypted_torrents.begin() - , end(m_ses.m_encrypted_torrents.end()); i != end; ++i) - { - boost::shared_ptr t = *i; - std::string const key = t->torrent_file().encryption_key(); - TORRENT_ASSERT(key.size() == 32); - handler->set_incoming_key((const unsigned char*)key.c_str(), key.size()); - std::memcpy(temp_pad, recv_buffer.begin, 20); - handler->decrypt((char*)temp_pad, 20); - if (memcmp(temp_pad, protocol_string, 20) != 0) continue; - - // we found the key that could decrypt it - m_rc4_encrypted = true; - m_encrypted = true; - m_enc_handler.reset(handler.release()); - found_encrypted_torrent = true; -#ifdef TORRENT_VERBOSE_LOGGING - peer_log("*** found encrypted torrent"); -#endif - TORRENT_ASSERT(recv_buffer.left() == 20); -// handler->decrypt((char*)recv_buffer.begin + 20, recv_buffer.left() - 20); - break; - } - } -#endif - - if (!found_encrypted_torrent) - { - - if (!is_outgoing() + if (!is_outgoing() && m_ses.get_pe_settings().in_enc_policy == pe_settings::disabled) - { - disconnect(errors::no_incoming_encrypted); - return; - } - - // Don't attempt to perform an encrypted handshake - // within an encrypted connection. For local connections, - // we're expected to already have passed the encrypted - // handshake by this point - if (m_encrypted || is_outgoing()) - { - disconnect(errors::invalid_info_hash, 1); - return; - } - -#ifdef TORRENT_VERBOSE_LOGGING - peer_log("*** attempting encrypted connection"); -#endif - m_state = read_pe_dhkey; - cut_receive_buffer(0, dh_key_len); - TORRENT_ASSERT(!packet_finished()); + { + disconnect(errors::no_incoming_encrypted); return; } - - TORRENT_ASSERT((!is_outgoing() && m_encrypted) || is_outgoing()); + + // Don't attempt to perform an encrypted handshake + // within an encrypted connection. For local connections, + // we're expected to already have passed the encrypted + // handshake by this point + if (m_encrypted || is_outgoing()) + { + disconnect(errors::invalid_info_hash, 1); + return; + } + +#ifdef TORRENT_VERBOSE_LOGGING + peer_log("*** attempting encrypted connection"); +#endif + m_state = read_pe_dhkey; + cut_receive_buffer(0, dh_key_len); + TORRENT_ASSERT(!packet_finished()); + return; #else disconnect(errors::invalid_info_hash, 1); return; diff --git a/src/create_torrent.cpp b/src/create_torrent.cpp index 089dff4c3..1b584e6ac 100644 --- a/src/create_torrent.cpp +++ b/src/create_torrent.cpp @@ -301,9 +301,6 @@ namespace libtorrent if (!m_root_cert.empty()) info["ssl-cert"] = m_root_cert; - if (!m_encryption_key.empty()) - info["encryption-key"] = m_encryption_key; - if (m_private) info["private"] = 1; if (!m_multifile) @@ -493,11 +490,6 @@ namespace libtorrent else m_comment = str; } - void create_torrent::set_encryption_key(std::string const& key) - { - m_encryption_key = key; - } - void create_torrent::set_creator(char const* str) { if (str == 0) m_created_by.clear();