forked from premiere/premiere-libtorrent
remove 'encrypted peer connections' feature (ssl is a better idea)
This commit is contained in:
parent
a9b6de413a
commit
8b459a27bd
|
@ -87,8 +87,6 @@ void print_usage()
|
|||
" where the filename defaults to a.torrent\n"
|
||||
"-c file add root certificate to the torrent, to verify\n"
|
||||
" the HTTPS tracker\n"
|
||||
"-e file add an AES-256 encryption key. This is used\n"
|
||||
" to encrypt every peer connection\n"
|
||||
, stderr);
|
||||
}
|
||||
|
||||
|
@ -114,7 +112,6 @@ int main(int argc, char* argv[])
|
|||
int piece_size = 0;
|
||||
int flags = 0;
|
||||
std::string root_cert;
|
||||
std::string encryption_key;
|
||||
|
||||
std::string outfile;
|
||||
std::string merklefile;
|
||||
|
@ -170,10 +167,6 @@ int main(int argc, char* argv[])
|
|||
++i;
|
||||
root_cert = argv[i];
|
||||
break;
|
||||
case 'e':
|
||||
++i;
|
||||
encryption_key = argv[i];
|
||||
break;
|
||||
default:
|
||||
print_usage();
|
||||
return 1;
|
||||
|
@ -226,20 +219,6 @@ int main(int argc, char* argv[])
|
|||
}
|
||||
}
|
||||
|
||||
if (!encryption_key.empty())
|
||||
{
|
||||
std::vector<char> key;
|
||||
load_file(encryption_key, key, ec, 32);
|
||||
if (ec)
|
||||
{
|
||||
fprintf(stderr, "failed to load AES-256 encryption key: %s\n", ec.message().c_str());
|
||||
}
|
||||
else
|
||||
{
|
||||
t.set_encryption_key(std::string(&key[0], key.size()));
|
||||
}
|
||||
}
|
||||
|
||||
// create the torrent and print it to stdout
|
||||
std::vector<char> torrent;
|
||||
bencode(back_inserter(torrent), t.generate());
|
||||
|
|
|
@ -90,7 +90,6 @@ namespace libtorrent
|
|||
void add_node(std::pair<std::string, int> const& node);
|
||||
void add_tracker(std::string const& url, int tier = 0);
|
||||
void set_root_cert(std::string const& pem);
|
||||
void set_encryption_key(std::string const& key);
|
||||
void set_priv(bool p) { m_private = p; }
|
||||
|
||||
int num_pieces() const { return m_files.num_pieces(); }
|
||||
|
@ -150,11 +149,6 @@ namespace libtorrent
|
|||
// this is the root cert for SSL torrents
|
||||
std::string m_root_cert;
|
||||
|
||||
// if this is an encrypted torrent, this is the
|
||||
// symmetric encryption key every stream is
|
||||
// encrypted by
|
||||
std::string m_encryption_key;
|
||||
|
||||
// this is used when creating a torrent. If there's
|
||||
// only one file there are cases where it's impossible
|
||||
// to know if it should be written as a multifile torrent
|
||||
|
|
|
@ -335,8 +335,6 @@ namespace libtorrent
|
|||
|
||||
#ifdef TORRENT_USE_OPENSSL
|
||||
std::string const& ssl_cert() const { return m_ssl_root_cert; }
|
||||
|
||||
std::string const& encryption_key() const { return m_aes_key; }
|
||||
#endif
|
||||
|
||||
bool is_valid() const { return m_files.is_valid(); }
|
||||
|
@ -473,9 +471,6 @@ namespace libtorrent
|
|||
// certificate, in .pem format (i.e. ascii
|
||||
// base64 encoded with head and tails)
|
||||
std::string m_ssl_root_cert;
|
||||
|
||||
// used to encrypt the peer connections
|
||||
std::string m_aes_key;
|
||||
#endif
|
||||
|
||||
// the info section parsed. points into m_info_section
|
||||
|
|
|
@ -132,21 +132,6 @@ namespace libtorrent
|
|||
m_in_constructor = false;
|
||||
#endif
|
||||
memset(m_reserved_bits, 0, sizeof(m_reserved_bits));
|
||||
|
||||
#ifdef TORRENT_USE_OPENSSL
|
||||
boost::shared_ptr<torrent> t = tor.lock();
|
||||
std::string const key = t->torrent_file().encryption_key();
|
||||
if (key.size() == 32)
|
||||
{
|
||||
m_enc_handler.reset(new aes256_handler);
|
||||
m_enc_handler->set_incoming_key((const unsigned char*)key.c_str(), key.size());
|
||||
m_encrypted = true;
|
||||
m_rc4_encrypted = true;
|
||||
#ifdef TORRENT_VERBOSE_LOGGING
|
||||
peer_log("*** encrypted torrent. enabling AES-256 encryption");
|
||||
#endif
|
||||
}
|
||||
#endif
|
||||
}
|
||||
|
||||
bt_peer_connection::bt_peer_connection(
|
||||
|
@ -221,12 +206,6 @@ namespace libtorrent
|
|||
pe_settings::enc_policy out_enc_policy = m_ses.get_pe_settings().out_enc_policy;
|
||||
|
||||
#ifdef TORRENT_USE_OPENSSL
|
||||
// if this torrent is using AES-256 encryption, don't
|
||||
// also enable the normal encryption
|
||||
boost::shared_ptr<torrent> t = associated_torrent().lock();
|
||||
std::string const key = t->torrent_file().encryption_key();
|
||||
if (key.size() == 32) out_enc_policy = pe_settings::disabled;
|
||||
|
||||
// never try an encrypted connection when already using SSL
|
||||
if (is_ssl(*get_socket()))
|
||||
out_enc_policy = pe_settings::disabled;
|
||||
|
@ -2571,12 +2550,6 @@ namespace libtorrent
|
|||
{
|
||||
torrent const& ti = *i->second;
|
||||
|
||||
#ifdef TORRENT_USE_OPENSSL
|
||||
// don't consider encrypted torrents (since that would
|
||||
// open up a hole to connecting to them without the key)
|
||||
if (ti.torrent_file().encryption_key().size() == 32) continue;
|
||||
#endif
|
||||
|
||||
sha1_hash const& skey_hash = ti.obfuscated_hash();
|
||||
sha1_hash obfs_hash = m_dh_key_exchange->get_hash_xor_mask();
|
||||
obfs_hash ^= skey_hash;
|
||||
|
@ -2955,69 +2928,30 @@ namespace libtorrent
|
|||
}
|
||||
#endif // TORRENT_USE_OPENSSL
|
||||
|
||||
bool found_encrypted_torrent = false;
|
||||
#ifdef TORRENT_USE_OPENSSL
|
||||
if (!is_outgoing())
|
||||
{
|
||||
std::auto_ptr<encryption_handler> handler(new aes256_handler);
|
||||
boost::uint8_t temp_pad[20];
|
||||
|
||||
for (std::set<boost::shared_ptr<torrent> >::iterator i = m_ses.m_encrypted_torrents.begin()
|
||||
, end(m_ses.m_encrypted_torrents.end()); i != end; ++i)
|
||||
{
|
||||
boost::shared_ptr<torrent> t = *i;
|
||||
std::string const key = t->torrent_file().encryption_key();
|
||||
TORRENT_ASSERT(key.size() == 32);
|
||||
handler->set_incoming_key((const unsigned char*)key.c_str(), key.size());
|
||||
std::memcpy(temp_pad, recv_buffer.begin, 20);
|
||||
handler->decrypt((char*)temp_pad, 20);
|
||||
if (memcmp(temp_pad, protocol_string, 20) != 0) continue;
|
||||
|
||||
// we found the key that could decrypt it
|
||||
m_rc4_encrypted = true;
|
||||
m_encrypted = true;
|
||||
m_enc_handler.reset(handler.release());
|
||||
found_encrypted_torrent = true;
|
||||
#ifdef TORRENT_VERBOSE_LOGGING
|
||||
peer_log("*** found encrypted torrent");
|
||||
#endif
|
||||
TORRENT_ASSERT(recv_buffer.left() == 20);
|
||||
// handler->decrypt((char*)recv_buffer.begin + 20, recv_buffer.left() - 20);
|
||||
break;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
if (!found_encrypted_torrent)
|
||||
{
|
||||
|
||||
if (!is_outgoing()
|
||||
if (!is_outgoing()
|
||||
&& m_ses.get_pe_settings().in_enc_policy == pe_settings::disabled)
|
||||
{
|
||||
disconnect(errors::no_incoming_encrypted);
|
||||
return;
|
||||
}
|
||||
|
||||
// Don't attempt to perform an encrypted handshake
|
||||
// within an encrypted connection. For local connections,
|
||||
// we're expected to already have passed the encrypted
|
||||
// handshake by this point
|
||||
if (m_encrypted || is_outgoing())
|
||||
{
|
||||
disconnect(errors::invalid_info_hash, 1);
|
||||
return;
|
||||
}
|
||||
|
||||
#ifdef TORRENT_VERBOSE_LOGGING
|
||||
peer_log("*** attempting encrypted connection");
|
||||
#endif
|
||||
m_state = read_pe_dhkey;
|
||||
cut_receive_buffer(0, dh_key_len);
|
||||
TORRENT_ASSERT(!packet_finished());
|
||||
{
|
||||
disconnect(errors::no_incoming_encrypted);
|
||||
return;
|
||||
}
|
||||
|
||||
TORRENT_ASSERT((!is_outgoing() && m_encrypted) || is_outgoing());
|
||||
// Don't attempt to perform an encrypted handshake
|
||||
// within an encrypted connection. For local connections,
|
||||
// we're expected to already have passed the encrypted
|
||||
// handshake by this point
|
||||
if (m_encrypted || is_outgoing())
|
||||
{
|
||||
disconnect(errors::invalid_info_hash, 1);
|
||||
return;
|
||||
}
|
||||
|
||||
#ifdef TORRENT_VERBOSE_LOGGING
|
||||
peer_log("*** attempting encrypted connection");
|
||||
#endif
|
||||
m_state = read_pe_dhkey;
|
||||
cut_receive_buffer(0, dh_key_len);
|
||||
TORRENT_ASSERT(!packet_finished());
|
||||
return;
|
||||
#else
|
||||
disconnect(errors::invalid_info_hash, 1);
|
||||
return;
|
||||
|
|
|
@ -301,9 +301,6 @@ namespace libtorrent
|
|||
if (!m_root_cert.empty())
|
||||
info["ssl-cert"] = m_root_cert;
|
||||
|
||||
if (!m_encryption_key.empty())
|
||||
info["encryption-key"] = m_encryption_key;
|
||||
|
||||
if (m_private) info["private"] = 1;
|
||||
|
||||
if (!m_multifile)
|
||||
|
@ -493,11 +490,6 @@ namespace libtorrent
|
|||
else m_comment = str;
|
||||
}
|
||||
|
||||
void create_torrent::set_encryption_key(std::string const& key)
|
||||
{
|
||||
m_encryption_key = key;
|
||||
}
|
||||
|
||||
void create_torrent::set_creator(char const* str)
|
||||
{
|
||||
if (str == 0) m_created_by.clear();
|
||||
|
|
Loading…
Reference in New Issue