forked from premiere/premiere-libtorrent
remove 'encrypted peer connections' feature (ssl is a better idea)
This commit is contained in:
parent
a9b6de413a
commit
8b459a27bd
|
@ -87,8 +87,6 @@ void print_usage()
|
||||||
" where the filename defaults to a.torrent\n"
|
" where the filename defaults to a.torrent\n"
|
||||||
"-c file add root certificate to the torrent, to verify\n"
|
"-c file add root certificate to the torrent, to verify\n"
|
||||||
" the HTTPS tracker\n"
|
" the HTTPS tracker\n"
|
||||||
"-e file add an AES-256 encryption key. This is used\n"
|
|
||||||
" to encrypt every peer connection\n"
|
|
||||||
, stderr);
|
, stderr);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -114,7 +112,6 @@ int main(int argc, char* argv[])
|
||||||
int piece_size = 0;
|
int piece_size = 0;
|
||||||
int flags = 0;
|
int flags = 0;
|
||||||
std::string root_cert;
|
std::string root_cert;
|
||||||
std::string encryption_key;
|
|
||||||
|
|
||||||
std::string outfile;
|
std::string outfile;
|
||||||
std::string merklefile;
|
std::string merklefile;
|
||||||
|
@ -170,10 +167,6 @@ int main(int argc, char* argv[])
|
||||||
++i;
|
++i;
|
||||||
root_cert = argv[i];
|
root_cert = argv[i];
|
||||||
break;
|
break;
|
||||||
case 'e':
|
|
||||||
++i;
|
|
||||||
encryption_key = argv[i];
|
|
||||||
break;
|
|
||||||
default:
|
default:
|
||||||
print_usage();
|
print_usage();
|
||||||
return 1;
|
return 1;
|
||||||
|
@ -226,20 +219,6 @@ int main(int argc, char* argv[])
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!encryption_key.empty())
|
|
||||||
{
|
|
||||||
std::vector<char> key;
|
|
||||||
load_file(encryption_key, key, ec, 32);
|
|
||||||
if (ec)
|
|
||||||
{
|
|
||||||
fprintf(stderr, "failed to load AES-256 encryption key: %s\n", ec.message().c_str());
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
t.set_encryption_key(std::string(&key[0], key.size()));
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// create the torrent and print it to stdout
|
// create the torrent and print it to stdout
|
||||||
std::vector<char> torrent;
|
std::vector<char> torrent;
|
||||||
bencode(back_inserter(torrent), t.generate());
|
bencode(back_inserter(torrent), t.generate());
|
||||||
|
|
|
@ -90,7 +90,6 @@ namespace libtorrent
|
||||||
void add_node(std::pair<std::string, int> const& node);
|
void add_node(std::pair<std::string, int> const& node);
|
||||||
void add_tracker(std::string const& url, int tier = 0);
|
void add_tracker(std::string const& url, int tier = 0);
|
||||||
void set_root_cert(std::string const& pem);
|
void set_root_cert(std::string const& pem);
|
||||||
void set_encryption_key(std::string const& key);
|
|
||||||
void set_priv(bool p) { m_private = p; }
|
void set_priv(bool p) { m_private = p; }
|
||||||
|
|
||||||
int num_pieces() const { return m_files.num_pieces(); }
|
int num_pieces() const { return m_files.num_pieces(); }
|
||||||
|
@ -150,11 +149,6 @@ namespace libtorrent
|
||||||
// this is the root cert for SSL torrents
|
// this is the root cert for SSL torrents
|
||||||
std::string m_root_cert;
|
std::string m_root_cert;
|
||||||
|
|
||||||
// if this is an encrypted torrent, this is the
|
|
||||||
// symmetric encryption key every stream is
|
|
||||||
// encrypted by
|
|
||||||
std::string m_encryption_key;
|
|
||||||
|
|
||||||
// this is used when creating a torrent. If there's
|
// this is used when creating a torrent. If there's
|
||||||
// only one file there are cases where it's impossible
|
// only one file there are cases where it's impossible
|
||||||
// to know if it should be written as a multifile torrent
|
// to know if it should be written as a multifile torrent
|
||||||
|
|
|
@ -335,8 +335,6 @@ namespace libtorrent
|
||||||
|
|
||||||
#ifdef TORRENT_USE_OPENSSL
|
#ifdef TORRENT_USE_OPENSSL
|
||||||
std::string const& ssl_cert() const { return m_ssl_root_cert; }
|
std::string const& ssl_cert() const { return m_ssl_root_cert; }
|
||||||
|
|
||||||
std::string const& encryption_key() const { return m_aes_key; }
|
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
bool is_valid() const { return m_files.is_valid(); }
|
bool is_valid() const { return m_files.is_valid(); }
|
||||||
|
@ -473,9 +471,6 @@ namespace libtorrent
|
||||||
// certificate, in .pem format (i.e. ascii
|
// certificate, in .pem format (i.e. ascii
|
||||||
// base64 encoded with head and tails)
|
// base64 encoded with head and tails)
|
||||||
std::string m_ssl_root_cert;
|
std::string m_ssl_root_cert;
|
||||||
|
|
||||||
// used to encrypt the peer connections
|
|
||||||
std::string m_aes_key;
|
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
// the info section parsed. points into m_info_section
|
// the info section parsed. points into m_info_section
|
||||||
|
|
|
@ -132,21 +132,6 @@ namespace libtorrent
|
||||||
m_in_constructor = false;
|
m_in_constructor = false;
|
||||||
#endif
|
#endif
|
||||||
memset(m_reserved_bits, 0, sizeof(m_reserved_bits));
|
memset(m_reserved_bits, 0, sizeof(m_reserved_bits));
|
||||||
|
|
||||||
#ifdef TORRENT_USE_OPENSSL
|
|
||||||
boost::shared_ptr<torrent> t = tor.lock();
|
|
||||||
std::string const key = t->torrent_file().encryption_key();
|
|
||||||
if (key.size() == 32)
|
|
||||||
{
|
|
||||||
m_enc_handler.reset(new aes256_handler);
|
|
||||||
m_enc_handler->set_incoming_key((const unsigned char*)key.c_str(), key.size());
|
|
||||||
m_encrypted = true;
|
|
||||||
m_rc4_encrypted = true;
|
|
||||||
#ifdef TORRENT_VERBOSE_LOGGING
|
|
||||||
peer_log("*** encrypted torrent. enabling AES-256 encryption");
|
|
||||||
#endif
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
}
|
}
|
||||||
|
|
||||||
bt_peer_connection::bt_peer_connection(
|
bt_peer_connection::bt_peer_connection(
|
||||||
|
@ -221,12 +206,6 @@ namespace libtorrent
|
||||||
pe_settings::enc_policy out_enc_policy = m_ses.get_pe_settings().out_enc_policy;
|
pe_settings::enc_policy out_enc_policy = m_ses.get_pe_settings().out_enc_policy;
|
||||||
|
|
||||||
#ifdef TORRENT_USE_OPENSSL
|
#ifdef TORRENT_USE_OPENSSL
|
||||||
// if this torrent is using AES-256 encryption, don't
|
|
||||||
// also enable the normal encryption
|
|
||||||
boost::shared_ptr<torrent> t = associated_torrent().lock();
|
|
||||||
std::string const key = t->torrent_file().encryption_key();
|
|
||||||
if (key.size() == 32) out_enc_policy = pe_settings::disabled;
|
|
||||||
|
|
||||||
// never try an encrypted connection when already using SSL
|
// never try an encrypted connection when already using SSL
|
||||||
if (is_ssl(*get_socket()))
|
if (is_ssl(*get_socket()))
|
||||||
out_enc_policy = pe_settings::disabled;
|
out_enc_policy = pe_settings::disabled;
|
||||||
|
@ -2571,12 +2550,6 @@ namespace libtorrent
|
||||||
{
|
{
|
||||||
torrent const& ti = *i->second;
|
torrent const& ti = *i->second;
|
||||||
|
|
||||||
#ifdef TORRENT_USE_OPENSSL
|
|
||||||
// don't consider encrypted torrents (since that would
|
|
||||||
// open up a hole to connecting to them without the key)
|
|
||||||
if (ti.torrent_file().encryption_key().size() == 32) continue;
|
|
||||||
#endif
|
|
||||||
|
|
||||||
sha1_hash const& skey_hash = ti.obfuscated_hash();
|
sha1_hash const& skey_hash = ti.obfuscated_hash();
|
||||||
sha1_hash obfs_hash = m_dh_key_exchange->get_hash_xor_mask();
|
sha1_hash obfs_hash = m_dh_key_exchange->get_hash_xor_mask();
|
||||||
obfs_hash ^= skey_hash;
|
obfs_hash ^= skey_hash;
|
||||||
|
@ -2955,69 +2928,30 @@ namespace libtorrent
|
||||||
}
|
}
|
||||||
#endif // TORRENT_USE_OPENSSL
|
#endif // TORRENT_USE_OPENSSL
|
||||||
|
|
||||||
bool found_encrypted_torrent = false;
|
if (!is_outgoing()
|
||||||
#ifdef TORRENT_USE_OPENSSL
|
|
||||||
if (!is_outgoing())
|
|
||||||
{
|
|
||||||
std::auto_ptr<encryption_handler> handler(new aes256_handler);
|
|
||||||
boost::uint8_t temp_pad[20];
|
|
||||||
|
|
||||||
for (std::set<boost::shared_ptr<torrent> >::iterator i = m_ses.m_encrypted_torrents.begin()
|
|
||||||
, end(m_ses.m_encrypted_torrents.end()); i != end; ++i)
|
|
||||||
{
|
|
||||||
boost::shared_ptr<torrent> t = *i;
|
|
||||||
std::string const key = t->torrent_file().encryption_key();
|
|
||||||
TORRENT_ASSERT(key.size() == 32);
|
|
||||||
handler->set_incoming_key((const unsigned char*)key.c_str(), key.size());
|
|
||||||
std::memcpy(temp_pad, recv_buffer.begin, 20);
|
|
||||||
handler->decrypt((char*)temp_pad, 20);
|
|
||||||
if (memcmp(temp_pad, protocol_string, 20) != 0) continue;
|
|
||||||
|
|
||||||
// we found the key that could decrypt it
|
|
||||||
m_rc4_encrypted = true;
|
|
||||||
m_encrypted = true;
|
|
||||||
m_enc_handler.reset(handler.release());
|
|
||||||
found_encrypted_torrent = true;
|
|
||||||
#ifdef TORRENT_VERBOSE_LOGGING
|
|
||||||
peer_log("*** found encrypted torrent");
|
|
||||||
#endif
|
|
||||||
TORRENT_ASSERT(recv_buffer.left() == 20);
|
|
||||||
// handler->decrypt((char*)recv_buffer.begin + 20, recv_buffer.left() - 20);
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
if (!found_encrypted_torrent)
|
|
||||||
{
|
|
||||||
|
|
||||||
if (!is_outgoing()
|
|
||||||
&& m_ses.get_pe_settings().in_enc_policy == pe_settings::disabled)
|
&& m_ses.get_pe_settings().in_enc_policy == pe_settings::disabled)
|
||||||
{
|
{
|
||||||
disconnect(errors::no_incoming_encrypted);
|
disconnect(errors::no_incoming_encrypted);
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
// Don't attempt to perform an encrypted handshake
|
|
||||||
// within an encrypted connection. For local connections,
|
|
||||||
// we're expected to already have passed the encrypted
|
|
||||||
// handshake by this point
|
|
||||||
if (m_encrypted || is_outgoing())
|
|
||||||
{
|
|
||||||
disconnect(errors::invalid_info_hash, 1);
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
#ifdef TORRENT_VERBOSE_LOGGING
|
|
||||||
peer_log("*** attempting encrypted connection");
|
|
||||||
#endif
|
|
||||||
m_state = read_pe_dhkey;
|
|
||||||
cut_receive_buffer(0, dh_key_len);
|
|
||||||
TORRENT_ASSERT(!packet_finished());
|
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
TORRENT_ASSERT((!is_outgoing() && m_encrypted) || is_outgoing());
|
// Don't attempt to perform an encrypted handshake
|
||||||
|
// within an encrypted connection. For local connections,
|
||||||
|
// we're expected to already have passed the encrypted
|
||||||
|
// handshake by this point
|
||||||
|
if (m_encrypted || is_outgoing())
|
||||||
|
{
|
||||||
|
disconnect(errors::invalid_info_hash, 1);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
#ifdef TORRENT_VERBOSE_LOGGING
|
||||||
|
peer_log("*** attempting encrypted connection");
|
||||||
|
#endif
|
||||||
|
m_state = read_pe_dhkey;
|
||||||
|
cut_receive_buffer(0, dh_key_len);
|
||||||
|
TORRENT_ASSERT(!packet_finished());
|
||||||
|
return;
|
||||||
#else
|
#else
|
||||||
disconnect(errors::invalid_info_hash, 1);
|
disconnect(errors::invalid_info_hash, 1);
|
||||||
return;
|
return;
|
||||||
|
|
|
@ -301,9 +301,6 @@ namespace libtorrent
|
||||||
if (!m_root_cert.empty())
|
if (!m_root_cert.empty())
|
||||||
info["ssl-cert"] = m_root_cert;
|
info["ssl-cert"] = m_root_cert;
|
||||||
|
|
||||||
if (!m_encryption_key.empty())
|
|
||||||
info["encryption-key"] = m_encryption_key;
|
|
||||||
|
|
||||||
if (m_private) info["private"] = 1;
|
if (m_private) info["private"] = 1;
|
||||||
|
|
||||||
if (!m_multifile)
|
if (!m_multifile)
|
||||||
|
@ -493,11 +490,6 @@ namespace libtorrent
|
||||||
else m_comment = str;
|
else m_comment = str;
|
||||||
}
|
}
|
||||||
|
|
||||||
void create_torrent::set_encryption_key(std::string const& key)
|
|
||||||
{
|
|
||||||
m_encryption_key = key;
|
|
||||||
}
|
|
||||||
|
|
||||||
void create_torrent::set_creator(char const* str)
|
void create_torrent::set_creator(char const* str)
|
||||||
{
|
{
|
||||||
if (str == 0) m_created_by.clear();
|
if (str == 0) m_created_by.clear();
|
||||||
|
|
Loading…
Reference in New Issue