forked from premiere/premiere-libtorrent
clean up encryption code some
This commit is contained in:
Arvid Norberg
parent
0a250c8f36
commit
ec74d500a4
|
|
@ -284,7 +284,7 @@ namespace libtorrent
|
|||
|
||||
// stream key (info hash of attached torrent)
|
||||
// secret is the DH shared secret
|
||||
// initializes m_rc4_handler
|
||||
// initializes m_enc_handler
|
||||
void init_pe_rc4_handler(char const* secret, sha1_hash const& stream_key);
|
||||
|
||||
public:
|
||||
|
|
@ -298,8 +298,8 @@ public:
|
|||
void append_send_buffer(char* buffer, int size, Destructor const& destructor)
|
||||
{
|
||||
#ifndef TORRENT_DISABLE_ENCRYPTION
|
||||
if (m_rc4_encrypted)
|
||||
m_rc4_handler->encrypt(buffer, size);
|
||||
if (m_enc_handler)
|
||||
m_enc_handler->encrypt(buffer, size);
|
||||
#endif
|
||||
peer_connection::append_send_buffer(buffer, size, destructor, true);
|
||||
}
|
||||
|
|
@ -414,14 +414,14 @@ private:
|
|||
int m_sync_bytes_read;
|
||||
|
||||
// initialized during write_pe1_2_dhkey, and destroyed on
|
||||
// creation of m_rc4_handler. Cannot reinitialize once
|
||||
// creation of m_enc_handler. Cannot reinitialize once
|
||||
// initialized.
|
||||
boost::scoped_ptr<dh_key_exchange> m_dh_key_exchange;
|
||||
|
||||
// if RC4 is negotiated, this is used for
|
||||
// if encryption is negotiated, this is used for
|
||||
// encryption/decryption during the entire session. Destroyed
|
||||
// if plaintext is selected
|
||||
boost::scoped_ptr<rc4_handler> m_rc4_handler;
|
||||
boost::scoped_ptr<encryption_handler> m_enc_handler;
|
||||
|
||||
// (outgoing only) synchronize verification constant with
|
||||
// remote peer, this will hold rc4_decrypt(vc). Destroyed
|
||||
|
|
|
|||
|
|
@ -85,7 +85,15 @@ namespace libtorrent
|
|||
sha1_hash m_xor_mask;
|
||||
};
|
||||
|
||||
class rc4_handler // Non copyable
|
||||
struct encryption_handler
|
||||
{
|
||||
virtual void set_incoming_key(unsigned char const* key, int len) = 0;
|
||||
virtual void set_outgoing_key(unsigned char const* key, int len) = 0;
|
||||
virtual void encrypt(char* pos, int len) = 0;
|
||||
virtual void decrypt(char* pos, int len) = 0;
|
||||
};
|
||||
|
||||
struct rc4_handler : encryption_handler
|
||||
{
|
||||
public:
|
||||
// Input longkeys must be 20 bytes
|
||||
|
|
|
|||
|
|
@ -1161,9 +1161,9 @@ namespace libtorrent
|
|||
|
||||
enum enc_level
|
||||
{
|
||||
plaintext, // use only plaintext encryption
|
||||
rc4, // use only rc4 encryption
|
||||
both // allow both
|
||||
plaintext = 1, // use only plaintext encryption
|
||||
rc4 = 2, // use only rc4 encryption
|
||||
both = 3 // allow both
|
||||
};
|
||||
|
||||
enc_policy out_enc_policy;
|
||||
|
|
|
|||
|
|
@ -518,7 +518,7 @@ namespace libtorrent
|
|||
#endif
|
||||
|
||||
write_pe_vc_cryptofield(ptr, encrypt_size, crypto_provide, pad_size);
|
||||
m_rc4_handler->encrypt(ptr, encrypt_size);
|
||||
m_enc_handler->encrypt(ptr, encrypt_size);
|
||||
send_buffer(msg, sizeof(msg) - 512 + pad_size);
|
||||
}
|
||||
|
||||
|
|
@ -538,7 +538,7 @@ namespace libtorrent
|
|||
char msg[512 + 8 + 4 + 2];
|
||||
write_pe_vc_cryptofield(msg, sizeof(msg), crypto_select, pad_size);
|
||||
|
||||
m_rc4_handler->encrypt(msg, buf_size);
|
||||
m_enc_handler->encrypt(msg, buf_size);
|
||||
send_buffer(msg, buf_size);
|
||||
|
||||
// encryption method has been negotiated
|
||||
|
|
@ -613,11 +613,12 @@ namespace libtorrent
|
|||
h.update((char const*)stream_key.begin(), 20);
|
||||
const sha1_hash remote_key = h.final();
|
||||
|
||||
TORRENT_ASSERT(!m_rc4_handler.get());
|
||||
m_rc4_handler.reset(new (std::nothrow) rc4_handler);
|
||||
m_rc4_handler->set_incoming_key(&remote_key[0], 20);
|
||||
m_rc4_handler->set_outgoing_key(&local_key[0], 20);
|
||||
if (!m_rc4_handler)
|
||||
TORRENT_ASSERT(!m_enc_handler.get());
|
||||
m_enc_handler.reset(new (std::nothrow) rc4_handler);
|
||||
m_enc_handler->set_incoming_key(&remote_key[0], 20);
|
||||
m_enc_handler->set_outgoing_key(&local_key[0], 20);
|
||||
|
||||
if (!m_enc_handler)
|
||||
{
|
||||
disconnect(errors::no_memory);
|
||||
return;
|
||||
|
|
@ -663,7 +664,7 @@ namespace libtorrent
|
|||
if (m_encrypted && m_rc4_encrypted)
|
||||
{
|
||||
fun = encrypt;
|
||||
userdata = m_rc4_handler.get();
|
||||
userdata = m_enc_handler.get();
|
||||
}
|
||||
#endif
|
||||
|
||||
|
|
@ -2362,8 +2363,8 @@ namespace libtorrent
|
|||
if (m_rc4_encrypted && m_encrypted)
|
||||
{
|
||||
std::pair<buffer::interval, buffer::interval> wr_buf = wr_recv_buffers(bytes_transferred);
|
||||
m_rc4_handler->decrypt(wr_buf.first.begin, wr_buf.first.left());
|
||||
if (wr_buf.second.left()) m_rc4_handler->decrypt(wr_buf.second.begin, wr_buf.second.left());
|
||||
m_enc_handler->decrypt(wr_buf.first.begin, wr_buf.first.left());
|
||||
if (wr_buf.second.left()) m_enc_handler->decrypt(wr_buf.second.begin, wr_buf.second.left());
|
||||
}
|
||||
#endif
|
||||
|
||||
|
|
@ -2555,7 +2556,7 @@ namespace libtorrent
|
|||
}
|
||||
}
|
||||
|
||||
if (!m_rc4_handler.get())
|
||||
if (!m_enc_handler.get())
|
||||
{
|
||||
disconnect(errors::invalid_info_hash, 1);
|
||||
return;
|
||||
|
|
@ -2563,7 +2564,7 @@ namespace libtorrent
|
|||
|
||||
// verify constant
|
||||
buffer::interval wr_recv_buf = wr_recv_buffer();
|
||||
m_rc4_handler->decrypt(wr_recv_buf.begin + 20, 8);
|
||||
m_enc_handler->decrypt(wr_recv_buf.begin + 20, 8);
|
||||
wr_recv_buf.begin += 28;
|
||||
|
||||
const char sh_vc[] = {0,0,0,0, 0,0,0,0};
|
||||
|
|
@ -2608,7 +2609,7 @@ namespace libtorrent
|
|||
return;
|
||||
}
|
||||
std::fill(m_sync_vc.get(), m_sync_vc.get() + 8, 0);
|
||||
m_rc4_handler->decrypt(m_sync_vc.get(), 8);
|
||||
m_enc_handler->decrypt(m_sync_vc.get(), 8);
|
||||
}
|
||||
|
||||
TORRENT_ASSERT(m_sync_vc.get());
|
||||
|
|
@ -2666,7 +2667,7 @@ namespace libtorrent
|
|||
if (!packet_finished()) return;
|
||||
|
||||
buffer::interval wr_buf = wr_recv_buffer();
|
||||
m_rc4_handler->decrypt(wr_buf.begin, packet_size());
|
||||
m_enc_handler->decrypt(wr_buf.begin, packet_size());
|
||||
|
||||
recv_buffer = receive_buffer();
|
||||
|
||||
|
|
@ -2681,80 +2682,57 @@ namespace libtorrent
|
|||
|
||||
if (!is_local())
|
||||
{
|
||||
int crypto_select = 0;
|
||||
// select a crypto method
|
||||
switch (m_ses.get_pe_settings().allowed_enc_level)
|
||||
int allowed_encryption = m_ses.get_pe_settings().allowed_enc_level;
|
||||
int crypto_select = crypto_field & allowed_encryption;
|
||||
|
||||
// when prefer_rc4 is set, keep the most significant bit
|
||||
// otherwise keep the least significant one
|
||||
if (m_ses.get_pe_settings().prefer_rc4)
|
||||
{
|
||||
case pe_settings::plaintext:
|
||||
if (!(crypto_field & 0x01))
|
||||
int mask = INT_MAX;
|
||||
while (crypto_select & (mask << 1))
|
||||
{
|
||||
disconnect(errors::no_plaintext_mode, 1);
|
||||
return;
|
||||
mask <<= 1;
|
||||
crypto_select = crypto_select & mask;
|
||||
}
|
||||
crypto_select = 0x01;
|
||||
break;
|
||||
case pe_settings::rc4:
|
||||
if (!(crypto_field & 0x02))
|
||||
}
|
||||
else
|
||||
{
|
||||
int mask = INT_MAX;
|
||||
while (crypto_select & (mask >> 1))
|
||||
{
|
||||
disconnect(errors::no_rc4_mode, 1);
|
||||
return;
|
||||
mask >>= 1;
|
||||
crypto_select = crypto_select & mask;
|
||||
}
|
||||
crypto_select = 0x02;
|
||||
break;
|
||||
case pe_settings::both:
|
||||
if (m_ses.get_pe_settings().prefer_rc4)
|
||||
{
|
||||
if (crypto_field & 0x02)
|
||||
crypto_select = 0x02;
|
||||
else if (crypto_field & 0x01)
|
||||
crypto_select = 0x01;
|
||||
}
|
||||
else
|
||||
{
|
||||
if (crypto_field & 0x01)
|
||||
crypto_select = 0x01;
|
||||
else if (crypto_field & 0x02)
|
||||
crypto_select = 0x02;
|
||||
}
|
||||
if (!crypto_select)
|
||||
{
|
||||
}
|
||||
|
||||
if (crypto_select == 0)
|
||||
{
|
||||
disconnect(errors::unsupported_encryption_mode, 1);
|
||||
return;
|
||||
}
|
||||
break;
|
||||
} // switch
|
||||
|
||||
}
|
||||
|
||||
// write the pe4 step
|
||||
write_pe4_sync(crypto_select);
|
||||
}
|
||||
else // is_local()
|
||||
{
|
||||
// check if crypto select is valid
|
||||
pe_settings::enc_level const& allowed_enc_level = m_ses.get_pe_settings().allowed_enc_level;
|
||||
int allowed_encryption = m_ses.get_pe_settings().allowed_enc_level;
|
||||
|
||||
if (crypto_field == 0x02)
|
||||
{
|
||||
if (allowed_enc_level == pe_settings::plaintext)
|
||||
{
|
||||
disconnect(errors::unsupported_encryption_mode_selected, 2);
|
||||
return;
|
||||
}
|
||||
m_rc4_encrypted = true;
|
||||
}
|
||||
else if (crypto_field == 0x01)
|
||||
{
|
||||
if (allowed_enc_level == pe_settings::rc4)
|
||||
{
|
||||
disconnect(errors::unsupported_encryption_mode_selected, 2);
|
||||
return;
|
||||
}
|
||||
m_rc4_encrypted = false;
|
||||
}
|
||||
else
|
||||
crypto_field &= allowed_encryption;
|
||||
if (crypto_field == 0)
|
||||
{
|
||||
// we don't allow any of the offered encryption levels
|
||||
disconnect(errors::unsupported_encryption_mode_selected, 2);
|
||||
return;
|
||||
}
|
||||
|
||||
if (crypto_field == pe_settings::plaintext)
|
||||
m_rc4_encrypted = false;
|
||||
else if (crypto_field == pe_settings::rc4)
|
||||
m_rc4_encrypted = true;
|
||||
}
|
||||
|
||||
int len_pad = detail::read_int16(recv_buffer.begin);
|
||||
|
|
@ -2789,7 +2767,7 @@ namespace libtorrent
|
|||
int pad_size = is_local() ? packet_size() : packet_size() - 2;
|
||||
|
||||
buffer::interval wr_buf = wr_recv_buffer();
|
||||
m_rc4_handler->decrypt(wr_buf.begin, packet_size());
|
||||
m_enc_handler->decrypt(wr_buf.begin, packet_size());
|
||||
|
||||
recv_buffer = receive_buffer();
|
||||
|
||||
|
|
@ -2838,7 +2816,7 @@ namespace libtorrent
|
|||
|
||||
// ia is always rc4, so decrypt it
|
||||
buffer::interval wr_buf = wr_recv_buffer();
|
||||
m_rc4_handler->decrypt(wr_buf.begin, packet_size());
|
||||
m_enc_handler->decrypt(wr_buf.begin, packet_size());
|
||||
|
||||
#ifdef TORRENT_VERBOSE_LOGGING
|
||||
peer_log("*** decrypted ia : %d bytes", packet_size());
|
||||
|
|
@ -2846,13 +2824,13 @@ namespace libtorrent
|
|||
|
||||
if (!m_rc4_encrypted)
|
||||
{
|
||||
m_rc4_handler.reset();
|
||||
m_enc_handler.reset();
|
||||
#ifdef TORRENT_VERBOSE_LOGGING
|
||||
peer_log("*** destroyed rc4 keys");
|
||||
#endif
|
||||
}
|
||||
|
||||
// everything that arrives after this is Encrypt2
|
||||
// everything that arrives after this is encrypted
|
||||
m_encrypted = true;
|
||||
|
||||
m_state = read_protocol_identifier;
|
||||
|
|
@ -2870,16 +2848,16 @@ namespace libtorrent
|
|||
{
|
||||
buffer::interval wr_buf = wr_recv_buffer();
|
||||
wr_buf.begin += packet_size();
|
||||
m_rc4_handler->decrypt(wr_buf.begin, wr_buf.left());
|
||||
m_enc_handler->decrypt(wr_buf.begin, wr_buf.left());
|
||||
#ifdef TORRENT_VERBOSE_LOGGING
|
||||
peer_log("*** decrypted remaining %d bytes", wr_buf.left());
|
||||
#endif
|
||||
}
|
||||
else // !m_rc4_encrypted
|
||||
{
|
||||
m_rc4_handler.reset();
|
||||
m_enc_handler.reset();
|
||||
#ifdef TORRENT_VERBOSE_LOGGING
|
||||
peer_log("*** destroyed rc4 keys");
|
||||
peer_log("*** destroyed encryption handler");
|
||||
#endif
|
||||
}
|
||||
|
||||
|
|
@ -3341,7 +3319,7 @@ namespace libtorrent
|
|||
TORRENT_ASSERT( (bool(m_state != read_pe_dhkey) || m_dh_key_exchange.get())
|
||||
|| !is_local());
|
||||
|
||||
TORRENT_ASSERT(!m_rc4_encrypted || m_rc4_handler.get());
|
||||
TORRENT_ASSERT(!m_rc4_encrypted || m_enc_handler.get());
|
||||
#endif
|
||||
if (!in_handshake())
|
||||
{
|
||||
|
|
|
|||
Loading…
Reference in New Issue