From: Alina Quereilhac <alina.quereilhac@inria.fr>
Date: Fri, 9 Nov 2012 12:36:39 +0000 (+0100)
Subject: Avoid mismtaching cryptography configuration in both extremes of a tunnel.
X-Git-Tag: nepi-3.0.0~140
X-Git-Url: http://git.onelab.eu/?a=commitdiff_plain;h=b9d102f036da61ce8fdd7731434debc474b06e83;p=nepi.git

Avoid mismtaching cryptography configuration in both extremes of a tunnel.
---

diff --git a/DEPENDENCIES b/DEPENDENCIES
index 1c83aa4d..c66fd9c7 100644
--- a/DEPENDENCIES
+++ b/DEPENDENCIES
@@ -1,2 +1,3 @@
 * ipaddr-2.1.7 : http://ipaddr-py.googlecode.com/files/ipaddr-2.1.7.tar.gz
-* sleekxmpp-1.0.1dev: 
+* sleekxmpp-1.0.1dev:
+* python-crypto
diff --git a/src/nepi/util/proxy.py b/src/nepi/util/proxy.py
index 04f3655a..4226bac0 100644
--- a/src/nepi/util/proxy.py
+++ b/src/nepi/util/proxy.py
@@ -759,7 +759,7 @@ class TestbedControllerServer(BaseServer):
                 broadcast)
 
     @Marshalling.handles(ADD_ROUTE)
-    @Marshalling.args(int, str, int, str, int)
+    @Marshalling.args(int, str, int, str, int, str)
     @Marshalling.retvoid
     def defer_add_route(self, guid, destination, netprefix, nexthop, 
             metric, device):
diff --git a/src/nepi/util/tunchannel.py b/src/nepi/util/tunchannel.py
index 78176d6d..a5c3960d 100644
--- a/src/nepi/util/tunchannel.py
+++ b/src/nepi/util/tunchannel.py
@@ -180,7 +180,7 @@ def decrypt(packet, crypter, ord=ord):
         padding = ord(packet[-1])
         if not (0 < padding <= crypter.block_size):
             # wrong padding
-            raise RuntimeError, "Truncated packet"
+            raise RuntimeError, "Truncated packet %s"
         packet = packet[:-padding]
     
     return packet
@@ -216,18 +216,27 @@ def tun_fwd(tun, remote, with_pi, ether_mode, cipher_key, udp, TERMINATE, SUSPEN
             ciphername = cipher
             cipher = getattr(Crypto.Cipher, cipher)
             hashed_key = hashlib.sha256(cipher_key).digest()
-            if getattr(cipher, 'key_size'):
-                hashed_key = hashed_key[:cipher.key_size]
+
+            if ciphername == 'AES':
+                hashed_key = hashed_key[:16]
+            elif ciphername == 'Blowfish':
+                hashed_key = hashed_key[:24]
+            elif ciphername == 'DES':
+                hashed_key = hashed_key[:8]
             elif ciphername == 'DES3':
                 hashed_key = hashed_key[:24]
+
             crypter = cipher.new(
                 hashed_key, 
                 cipher.MODE_ECB)
             crypto_mode = True
     except:
+        # We don't want decription to work only on one side,
+        # This could break things really bad
+        #crypto_mode = False
+        #crypter = None
         traceback.print_exc(file=sys.stderr)
-        crypto_mode = False
-        crypter = None
+        raise
 
     if stderr is not None:
         if crypto_mode: