Decided pretty much how the handshake would work.

Started writing the code.

Astyled some files.

13 files changed, 226 insertions, 50 deletions

diff --git a/docs/Tox_middle_level_network_protocol.txt b/docs/Tox_middle_level_network_protocol.txt
index ae0fd0f6..be8253cd 100644
--- a/docs/Tox_middle_level_network_protocol.txt
+++ b/docs/Tox_middle_level_network_protocol.txt
@@ -38,4 +38,26 @@ from evil "friends" framing relays must also be implemented.
 
 Detailed implementation details:
 
-Coming soon.
+cookie request packet:
+[uint8_t 24][Senders DHT Public key (32 bytes)][Random nonce (24 
+bytes)][Encrypted message containing: [Senders real public key (32 
+bytes)][Recievers real public key (32 bytes)]]
+Encrypted message is encrypted with sender DHT private key, recievers DHT public 
+key and the nonce.
+
+cookie response packet:
+[uint8_t 25][Random nonce (24 bytes)][Encrypted message containing: [Cookie]]
+Encrypted message is encrypted with sender DHT private key, recievers DHT public 
+key and the nonce.
+
+The Cookie should be basically:
+[nonce][encrypted data:[uint64_t time][Senders real public key (32 
+bytes)][Recievers real public key (32 bytes)]]
+
+Handshake packet:
+[uint8_t 26][Cookie][nonce][Encrypted message containing: [random 24 bytes base 
+nonce][session public key of the peer (32 bytes)]]
+
+The handshake packet is encrypted using the real private key of the sender, the 
+real private key of the reciever and the nonce.
+
diff --git a/toxcore/DHT.c b/toxcore/DHT.c
index 267d3ef9..5b43cdb0 100644
--- a/toxcore/DHT.c
+++ b/toxcore/DHT.c
@@ -163,7 +163,7 @@ void get_shared_key(Shared_Keys *shared_keys, uint8_t *shared_key, uint8_t *secr
     }
 }
 
-/* Copy shared_key to decrypt DHT packet from client_id into shared_key
+/* Copy shared_key to encrypt/decrypt DHT packet from client_id into shared_key
  * for packets that we recieve.
  */
 void DHT_get_shared_key_recv(DHT *dht, uint8_t *shared_key, uint8_t *client_id)
@@ -171,7 +171,7 @@ void DHT_get_shared_key_recv(DHT *dht, uint8_t *shared_key, uint8_t *client_id)
     return get_shared_key(&dht->shared_keys_recv, shared_key, dht->self_secret_key, client_id);
 }
 
-/* Copy shared_key to decrypt DHT packet from client_id into shared_key
+/* Copy shared_key to encrypt/decrypt DHT packet from client_id into shared_key
  * for packets that we send.
  */
 void DHT_get_shared_key_sent(DHT *dht, uint8_t *shared_key, uint8_t *client_id)
@@ -974,10 +974,10 @@ static int getnodes(DHT *dht, IP_Port ip_port, uint8_t *public_key, uint8_t *cli
     uint8_t shared_key[crypto_box_BEFORENMBYTES];
     DHT_get_shared_key_sent(dht, shared_key, public_key);
     int len = encrypt_data_symmetric( shared_key,
-                                 nonce,
-                                 plain,
-                                 CLIENT_ID_SIZE + NODES_ENCRYPTED_MESSAGE_LENGTH,
-                                 encrypt );
+                                      nonce,
+                                      plain,
+                                      CLIENT_ID_SIZE + NODES_ENCRYPTED_MESSAGE_LENGTH,
+                                      encrypt );
 
     if (len != CLIENT_ID_SIZE + NODES_ENCRYPTED_MESSAGE_LENGTH + crypto_box_MACBYTES)
         return -1;
@@ -1020,10 +1020,10 @@ static int sendnodes_ipv6(DHT *dht, IP_Port ip_port, uint8_t *public_key, uint8_
 
     memcpy(plain + nodes_length, encrypted_data, NODES_ENCRYPTED_MESSAGE_LENGTH);
     int len = encrypt_data_symmetric( shared_encryption_key,
-                                 nonce,
-                                 plain,
-                                 nodes_length + NODES_ENCRYPTED_MESSAGE_LENGTH,
-                                 encrypt );
+                                      nonce,
+                                      plain,
+                                      nodes_length + NODES_ENCRYPTED_MESSAGE_LENGTH,
+                                      encrypt );
 
     if ((unsigned int)len != nodes_length + NODES_ENCRYPTED_MESSAGE_LENGTH + crypto_box_MACBYTES)
         return -1;
@@ -1053,10 +1053,10 @@ static int handle_getnodes(void *object, IP_Port source, uint8_t *packet, uint32
 
     DHT_get_shared_key_recv(dht, shared_key, packet + 1);
     int len = decrypt_data_symmetric( shared_key,
-                                 packet + 1 + CLIENT_ID_SIZE,
-                                 packet + 1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES,
-                                 CLIENT_ID_SIZE + NODES_ENCRYPTED_MESSAGE_LENGTH + crypto_box_MACBYTES,
-                                 plain );
+                                      packet + 1 + CLIENT_ID_SIZE,
+                                      packet + 1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES,
+                                      CLIENT_ID_SIZE + NODES_ENCRYPTED_MESSAGE_LENGTH + crypto_box_MACBYTES,
+                                      plain );
 
     if (len != CLIENT_ID_SIZE + NODES_ENCRYPTED_MESSAGE_LENGTH)
         return 1;
@@ -2283,6 +2283,7 @@ DHT *new_DHT(Net_Crypto *c)
         DHT_addfriend(dht, random_key_bytes);
     }
 
+    c->dht = dht;
     return dht;
 }
 
@@ -2317,6 +2318,7 @@ void kill_DHT(DHT *dht)
     networking_registerhandler(dht->net, NET_PACKET_SEND_NODES_IPV6, NULL, NULL);
     cryptopacket_registerhandler(dht->c, CRYPTO_PACKET_NAT_PING, NULL, NULL);
     cryptopacket_registerhandler(dht->c, CRYPTO_PACKET_HARDENING, NULL, NULL);
+    dht->c->dht = 0;
     kill_ping(dht->ping);
     free(dht->friends_list);
     free(dht);
diff --git a/toxcore/DHT.h b/toxcore/DHT.h
index c4c0db41..0c59dc81 100644
--- a/toxcore/DHT.h
+++ b/toxcore/DHT.h
@@ -204,12 +204,12 @@ typedef struct {
  */
 void get_shared_key(Shared_Keys *shared_keys, uint8_t *shared_key, uint8_t *secret_key, uint8_t *client_id);
 
-/* Copy shared_key to decrypt DHT packet from client_id into shared_key
+/* Copy shared_key to encrypt/decrypt DHT packet from client_id into shared_key
  * for packets that we recieve.
  */
 void DHT_get_shared_key_recv(DHT *dht, uint8_t *shared_key, uint8_t *client_id);
 
-/* Copy shared_key to decrypt DHT packet from client_id into shared_key
+/* Copy shared_key to encrypt/decrypt DHT packet from client_id into shared_key
  * for packets that we send.
  */
 void DHT_get_shared_key_sent(DHT *dht, uint8_t *shared_key, uint8_t *client_id);
diff --git a/toxcore/TCP_client.c b/toxcore/TCP_client.c
index 825d762c..3745e14d 100644
--- a/toxcore/TCP_client.c
+++ b/toxcore/TCP_client.c
@@ -75,7 +75,7 @@ static int generate_handshake(TCP_Client_Connection *TCP_conn, uint8_t *self_pub
     memcpy(TCP_conn->last_packet, self_public_key, crypto_box_PUBLICKEYBYTES);
     new_nonce(TCP_conn->last_packet + crypto_box_PUBLICKEYBYTES);
     int len = encrypt_data_symmetric(TCP_conn->shared_key, TCP_conn->last_packet + crypto_box_PUBLICKEYBYTES, plain,
-                                sizeof(plain), TCP_conn->last_packet + crypto_box_PUBLICKEYBYTES + crypto_box_NONCEBYTES);
+                                     sizeof(plain), TCP_conn->last_packet + crypto_box_PUBLICKEYBYTES + crypto_box_NONCEBYTES);
 
     if (len != sizeof(plain) + crypto_box_MACBYTES)
         return -1;
@@ -94,7 +94,7 @@ static int handle_handshake(TCP_Client_Connection *TCP_conn, uint8_t *data)
 {
     uint8_t plain[crypto_box_PUBLICKEYBYTES + crypto_box_NONCEBYTES];
     int len = decrypt_data_symmetric(TCP_conn->shared_key, data, data + crypto_box_NONCEBYTES,
-                                TCP_SERVER_HANDSHAKE_SIZE - crypto_box_NONCEBYTES, plain);
+                                     TCP_SERVER_HANDSHAKE_SIZE - crypto_box_NONCEBYTES, plain);
 
     if (len != sizeof(plain))
         return -1;
diff --git a/toxcore/TCP_server.c b/toxcore/TCP_server.c
index 0ca39c47..fa49274a 100644
--- a/toxcore/TCP_server.c
+++ b/toxcore/TCP_server.c
@@ -357,7 +357,7 @@ static int handle_TCP_handshake(TCP_Secure_Connection *con, uint8_t *data, uint1
     encrypt_precompute(data, self_secret_key, shared_key);
     uint8_t plain[TCP_HANDSHAKE_PLAIN_SIZE];
     int len = decrypt_data_symmetric(shared_key, data + crypto_box_PUBLICKEYBYTES,
-                                data + crypto_box_PUBLICKEYBYTES + crypto_box_NONCEBYTES, TCP_HANDSHAKE_PLAIN_SIZE + crypto_box_MACBYTES, plain);
+                                     data + crypto_box_PUBLICKEYBYTES + crypto_box_NONCEBYTES, TCP_HANDSHAKE_PLAIN_SIZE + crypto_box_MACBYTES, plain);
 
     if (len != TCP_HANDSHAKE_PLAIN_SIZE)
         return -1;
@@ -373,7 +373,8 @@ static int handle_TCP_handshake(TCP_Secure_Connection *con, uint8_t *data, uint1
     uint8_t response[TCP_SERVER_HANDSHAKE_SIZE];
     new_nonce(response);
 
-    len = encrypt_data_symmetric(shared_key, response, resp_plain, TCP_HANDSHAKE_PLAIN_SIZE, response + crypto_box_NONCEBYTES);
+    len = encrypt_data_symmetric(shared_key, response, resp_plain, TCP_HANDSHAKE_PLAIN_SIZE,
+                                 response + crypto_box_NONCEBYTES);
 
     if (len != TCP_HANDSHAKE_PLAIN_SIZE + crypto_box_MACBYTES)
         return -1;
diff --git a/toxcore/TCP_server.h b/toxcore/TCP_server.h
index e4c45dad..26cfa493 100644
--- a/toxcore/TCP_server.h
+++ b/toxcore/TCP_server.h
@@ -54,8 +54,6 @@
 
 #define ARRAY_ENTRY_SIZE 6
 
-#define TCP_ONION_FAMILY (AF_INET6 + 1)
-
 /* frequency to ping connected nodes and timeout in seconds */
 #define TCP_PING_FREQUENCY 30
 #define TCP_PING_TIMEOUT 20
diff --git a/toxcore/crypto_core.c b/toxcore/crypto_core.c
index 38048076..22612442 100644
--- a/toxcore/crypto_core.c
+++ b/toxcore/crypto_core.c
@@ -65,6 +65,7 @@ int encrypt_data_symmetric(uint8_t *secret_key, uint8_t *nonce, uint8_t *plain,
 
     if (crypto_box_afternm(temp_encrypted, temp_plain, length + crypto_box_ZEROBYTES, nonce, secret_key) != 0)
         return -1;
+
     /* Unpad the encrypted message. */
     memcpy(encrypted, temp_encrypted + crypto_box_BOXZEROBYTES, length + crypto_box_MACBYTES);
     return length + crypto_box_MACBYTES;
diff --git a/toxcore/net_crypto.c b/toxcore/net_crypto.c
index d0212d11..3eb9ca4c 100644
--- a/toxcore/net_crypto.c
+++ b/toxcore/net_crypto.c
@@ -34,6 +34,145 @@ static uint8_t crypt_connection_id_not_valid(Net_Crypto *c, int crypt_connection
 {
     return (uint32_t)crypt_connection_id >= c->crypto_connections_length;
 }
+#define COOKIE_REQUEST_PLAIN_LENGTH (crypto_box_PUBLICKEYBYTES * 2)
+#define COOKIE_REQUEST_LENGTH (1 + crypto_box_PUBLICKEYBYTES + crypto_box_NONCEBYTES + COOKIE_REQUEST_PLAIN_LENGTH + crypto_box_MACBYTES)
+
+/* Create a cookie request packet and put it in packet.
+ *
+ * packet must be of size COOKIE_REQUEST_LENGTH or bigger.
+ *
+ * return -1 on failure.
+ * return COOKIE_REQUEST_LENGTH on success.
+ */
+static int create_cookie_request(Net_Crypto *c, uint8_t *packet, uint8_t *dht_public_key, uint8_t *real_public_key)
+{
+    if (!c->dht)
+        return -1;
+
+    uint8_t plain[COOKIE_REQUEST_PLAIN_LENGTH];
+
+    memcpy(plain, c->self_public_key, crypto_box_PUBLICKEYBYTES);
+    memcpy(plain + crypto_box_PUBLICKEYBYTES, real_public_key, crypto_box_PUBLICKEYBYTES);
+
+    uint8_t shared_key[crypto_box_BEFORENMBYTES];
+    DHT_get_shared_key_sent(c->dht, shared_key, dht_public_key);
+    uint8_t nonce[crypto_box_NONCEBYTES];
+    new_nonce(nonce);
+    packet[0] = NET_PACKET_COOKIE_REQUEST;
+    memcpy(packet + 1, c->dht->self_public_key, crypto_box_PUBLICKEYBYTES);
+    memcpy(packet + 1 + crypto_box_PUBLICKEYBYTES, nonce, crypto_box_NONCEBYTES);
+    int len = encrypt_data_symmetric(shared_key, nonce, plain, sizeof(plain),
+                                     packet + 1 + crypto_box_PUBLICKEYBYTES + crypto_box_NONCEBYTES);
+
+    if (len != COOKIE_REQUEST_PLAIN_LENGTH + crypto_box_MACBYTES)
+        return -1;
+
+    return (1 + crypto_box_PUBLICKEYBYTES + crypto_box_NONCEBYTES + len);
+}
+
+/* cookie timeout in seconds */
+#define COOKIE_TIMEOUT 10
+#define COOKIE_CONTENTS_LENGTH (sizeof(uint64_t) + COOKIE_REQUEST_PLAIN_LENGTH)
+#define COOKIE_LENGTH (crypto_box_NONCEBYTES + COOKIE_CONTENTS_LENGTH + crypto_box_MACBYTES)
+
+/* Create cookie of length COOKIE_LENGTH from bytes of length COOKIE_REQUEST_PLAIN_LENGTH using encryption_key
+ *
+ * return -1 on failure.
+ * return 0 on success.
+ */
+static int create_cookie(uint8_t *cookie, uint8_t *bytes, uint8_t *encryption_key)
+{
+    uint8_t contents[COOKIE_CONTENTS_LENGTH];
+    uint64_t temp_time = unix_time();
+    memcpy(contents, &temp_time, sizeof(temp_time));
+    memcpy(contents + sizeof(temp_time), bytes, COOKIE_REQUEST_PLAIN_LENGTH);
+    new_nonce(cookie);
+    int len = encrypt_data_symmetric(encryption_key, cookie, contents, sizeof(contents), cookie + crypto_box_NONCEBYTES);
+
+    if (len != COOKIE_LENGTH - crypto_box_NONCEBYTES)
+        return -1;
+
+    return 0;
+}
+
+#define COOKIE_RESPONSE_LENGTH (1 + crypto_box_NONCEBYTES + COOKIE_LENGTH + crypto_box_MACBYTES)
+
+/* Open cookie of length COOKIE_LENGTH from bytes of length COOKIE_REQUEST_PLAIN_LENGTH using encryption_key
+ *
+ * return -1 on failure.
+ * return 0 on success.
+ */
+static int open_cookie(uint8_t *bytes, uint8_t *cookie, uint8_t *encryption_key)
+{
+    uint8_t contents[COOKIE_CONTENTS_LENGTH];
+    int len = decrypt_data_symmetric(encryption_key, cookie, cookie + crypto_box_NONCEBYTES,
+                                     COOKIE_LENGTH - crypto_box_NONCEBYTES, contents);
+
+    if (len != sizeof(contents))
+        return -1;
+
+    uint64_t cookie_time;
+    memcpy(&cookie_time, contents, sizeof(cookie_time));
+    uint64_t temp_time = unix_time();
+
+    if (cookie_time + COOKIE_TIMEOUT < temp_time || temp_time < cookie_time)
+        return -1;
+
+    memcpy(bytes, contents + sizeof(cookie_time), COOKIE_REQUEST_PLAIN_LENGTH);
+    return 0;
+}
+
+
+/* Create a cookie request packet and put it in packet.
+ * request_plain must be COOKIE_REQUEST_PLAIN_LENGTH bytes.
+ * packet must be of size COOKIE_RESPONSE_LENGTH or bigger.
+ *
+ * return -1 on failure.
+ * return COOKIE_RESPONSE_LENGTH on success.
+ */
+static int create_cookie_response(Net_Crypto *c, uint8_t *packet, uint8_t *request_plain, uint8_t *shared_key)
+{
+    uint8_t cookie[COOKIE_LENGTH];
+
+    if (create_cookie(cookie, request_plain, c->secret_symmetric_key) != 0)
+        return -1;
+
+    packet[0] = NET_PACKET_COOKIE_RESPONSE;
+    new_nonce(packet + 1);
+    int len = encrypt_data_symmetric(shared_key, packet + 1, cookie, sizeof(cookie), packet + 1 + crypto_box_NONCEBYTES);
+
+    if (len != COOKIE_RESPONSE_LENGTH - (1 + crypto_box_NONCEBYTES))
+        return -1;
+
+    return COOKIE_RESPONSE_LENGTH;
+}
+
+/* Handle the cookie request packet of length length.
+ * Put what was in the request in request_plain (must be of size COOKIE_REQUEST_PLAIN_LENGTH)
+ * Put the key used to decrypt the request into shared_key (of size crypto_box_BEFORENMBYTES) for use in the response.
+ *
+ * return -1 on failure.
+ * return 0 on success.
+ */
+static int handle_cookie_request(Net_Crypto *c, uint8_t *request_plain, uint8_t *shared_key, uint8_t *packet,
+                                 uint16_t length)
+{
+    if (!c->dht)
+        return -1;
+
+    if (length != COOKIE_REQUEST_LENGTH)
+        return -1;
+
+    DHT_get_shared_key_sent(c->dht, shared_key, packet + 1);
+    int len = decrypt_data_symmetric(shared_key, packet + 1 + crypto_box_PUBLICKEYBYTES,
+                                     packet + 1 + crypto_box_PUBLICKEYBYTES + crypto_box_NONCEBYTES, COOKIE_REQUEST_PLAIN_LENGTH + crypto_box_MACBYTES,
+                                     request_plain);
+
+    if (len != COOKIE_REQUEST_PLAIN_LENGTH)
+        return -1;
+
+    return 0;
+}
 
 /*  return 0 if there is no received data in the buffer.
  *  return -1  if the packet was discarded.
@@ -57,8 +196,8 @@ int read_cryptpacket(Net_Crypto *c, int crypt_connection_id, uint8_t *data)
         return -1;
 
     int len = decrypt_data_symmetric(c->crypto_connections[crypt_connection_id].shared_key,
-                                c->crypto_connections[crypt_connection_id].recv_nonce,
-                                temp_data + 1, length - 1, data);
+                                     c->crypto_connections[crypt_connection_id].recv_nonce,
+                                     temp_data + 1, length - 1, data);
 
     if (len != -1) {
         increment_nonce(c->crypto_connections[crypt_connection_id].recv_nonce);
@@ -95,8 +234,8 @@ int write_cryptpacket(Net_Crypto *c, int crypt_connection_id, uint8_t *data, uin
 
     uint8_t temp_data[MAX_DATA_SIZE];
     int len = encrypt_data_symmetric(c->crypto_connections[crypt_connection_id].shared_key,
-                                c->crypto_connections[crypt_connection_id].sent_nonce,
-                                data, length, temp_data + 1);
+                                     c->crypto_connections[crypt_connection_id].sent_nonce,
+                                     data, length, temp_data + 1);
 
     if (len == -1)
         return 0;
@@ -655,6 +794,7 @@ Net_Crypto *new_net_crypto(Networking_Core *net)
     }
 
     new_keys(temp);
+    new_symmetric_key(temp->secret_symmetric_key);
     return temp;
 }
 
diff --git a/toxcore/net_crypto.h b/toxcore/net_crypto.h
index f67ca2bd..bbb9ee23 100644
--- a/toxcore/net_crypto.h
+++ b/toxcore/net_crypto.h
@@ -25,6 +25,7 @@
 #define NET_CRYPTO_H
 
 #include "Lossless_UDP.h"
+#include "DHT.h"
 
 #define CRYPTO_PACKET_FRIEND_REQ    32  /* Friend request crypto packet ID. */
 #define CRYPTO_PACKET_HARDENING     48  /* Hardening crypto packet ID. */
@@ -67,6 +68,7 @@ typedef struct {
 
 typedef struct {
     Lossless_UDP *lossless_udp;
+    DHT *dht;
 
     Crypto_Connection *crypto_connections;
 
@@ -76,6 +78,9 @@ typedef struct {
     uint8_t self_public_key[crypto_box_PUBLICKEYBYTES];
     uint8_t self_secret_key[crypto_box_SECRETKEYBYTES];
 
+    /* The secret key used for cookies */
+    uint8_t secret_symmetric_key[crypto_secretbox_KEYBYTES];
+
     Cryptopacket_Handles cryptopackethandlers[256];
 } Net_Crypto;
 
diff --git a/toxcore/network.h b/toxcore/network.h
index c4fe0a7b..0e79954f 100644
--- a/toxcore/network.h
+++ b/toxcore/network.h
@@ -126,6 +126,8 @@ typedef int sock_t;
 #define NET_PACKET_HANDSHAKE       16  /* Handshake packet ID. */
 #define NET_PACKET_SYNC            17  /* SYNC packet ID. */
 #define NET_PACKET_DATA            18  /* Data packet ID. */
+#define NET_PACKET_COOKIE_REQUEST  24  /* Cookie request packet */
+#define NET_PACKET_COOKIE_RESPONSE 25  /* Cookie response packet */
 #define NET_PACKET_CRYPTO          32  /* Encrypted data packet ID. */
 #define NET_PACKET_LAN_DISCOVERY   33  /* LAN discovery packet ID. */
 #define NET_PACKET_GROUP_CHATS     48  /* Group chats packet ID. */
@@ -158,6 +160,11 @@ typedef int sock_t;
 #define TOX_PORTRANGE_TO   33545
 #define TOX_PORT_DEFAULT   TOX_PORTRANGE_FROM
 
+/* TCP related */
+#define TCP_ONION_FAMILY (AF_INET6 + 1)
+#define TCP_INET (AF_INET6 + 2)
+#define TCP_INET6 (AF_INET6 + 3)
+
 typedef union __attribute__ ((__packed__))
 {
     uint8_t uint8[4];
diff --git a/toxcore/onion.c b/toxcore/onion.c
index 8603de0a..c2ca21f8 100644
--- a/toxcore/onion.c
+++ b/toxcore/onion.c
@@ -112,7 +112,7 @@ int send_onion_packet(Networking_Core *net, Onion_Path *path, IP_Port dest, uint
     memcpy(step2 + sizeof(IP_Port), path->public_key3, crypto_box_PUBLICKEYBYTES);
 
     int len = encrypt_data_symmetric(path->shared_key3, nonce, step1, sizeof(step1),
-                                step2 + sizeof(IP_Port) + crypto_box_PUBLICKEYBYTES);
+                                     step2 + sizeof(IP_Port) + crypto_box_PUBLICKEYBYTES);
 
     if ((uint32_t)len != sizeof(IP_Port) + length + crypto_box_MACBYTES)
         return -1;
@@ -121,7 +121,7 @@ int send_onion_packet(Networking_Core *net, Onion_Path *path, IP_Port dest, uint
     memcpy(step3, &path->ip_port2, sizeof(IP_Port));
     memcpy(step3 + sizeof(IP_Port), path->public_key2, crypto_box_PUBLICKEYBYTES);
     len = encrypt_data_symmetric(path->shared_key2, nonce, step2, sizeof(step2),
-                            step3 + sizeof(IP_Port) + crypto_box_PUBLICKEYBYTES);
+                                 step3 + sizeof(IP_Port) + crypto_box_PUBLICKEYBYTES);
 
     if ((uint32_t)len != sizeof(IP_Port) + SEND_BASE + length + crypto_box_MACBYTES)
         return -1;
@@ -132,7 +132,7 @@ int send_onion_packet(Networking_Core *net, Onion_Path *path, IP_Port dest, uint
     memcpy(packet + 1 + crypto_box_NONCEBYTES, path->public_key1, crypto_box_PUBLICKEYBYTES);
 
     len = encrypt_data_symmetric(path->shared_key1, nonce, step3, sizeof(step3),
-                            packet + 1 + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES);
+                                 packet + 1 + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES);
 
     if ((uint32_t)len != sizeof(IP_Port) + SEND_BASE * 2 + length + crypto_box_MACBYTES)
         return -1;
@@ -176,7 +176,7 @@ static int handle_send_initial(void *object, IP_Port source, uint8_t *packet, ui
     uint8_t shared_key[crypto_box_BEFORENMBYTES];
     get_shared_key(&onion->shared_keys_1, shared_key, onion->dht->self_secret_key, packet + 1 + crypto_box_NONCEBYTES);
     int len = decrypt_data_symmetric(shared_key, packet + 1, packet + 1 + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES,
-                                length - (1 + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES), plain);
+                                     length - (1 + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES), plain);
 
     if ((uint32_t)len != length - (1 + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES + crypto_box_MACBYTES))
         return 1;
@@ -227,7 +227,7 @@ static int handle_send_1(void *object, IP_Port source, uint8_t *packet, uint32_t
     uint8_t shared_key[crypto_box_BEFORENMBYTES];
     get_shared_key(&onion->shared_keys_2, shared_key, onion->dht->self_secret_key, packet + 1 + crypto_box_NONCEBYTES);
     int len = decrypt_data_symmetric(shared_key, packet + 1, packet + 1 + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES,
-                                length - (1 + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES + RETURN_1), plain);
+                                     length - (1 + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES + RETURN_1), plain);
 
     if ((uint32_t)len != length - (1 + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES + RETURN_1 + crypto_box_MACBYTES))
         return 1;
@@ -276,7 +276,7 @@ static int handle_send_2(void *object, IP_Port source, uint8_t *packet, uint32_t
     uint8_t shared_key[crypto_box_BEFORENMBYTES];
     get_shared_key(&onion->shared_keys_3, shared_key, onion->dht->self_secret_key, packet + 1 + crypto_box_NONCEBYTES);
     int len = decrypt_data_symmetric(shared_key, packet + 1, packet + 1 + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES,
-                                length - (1 + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES + RETURN_2), plain);
+                                     length - (1 + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES + RETURN_2), plain);
 
     if ((uint32_t)len != length - (1 + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES + RETURN_2 + crypto_box_MACBYTES))
         return 1;
diff --git a/toxcore/onion_announce.c b/toxcore/onion_announce.c
index 28339ee6..5bab931a 100644
--- a/toxcore/onion_announce.c
+++ b/toxcore/onion_announce.c
@@ -222,8 +222,8 @@ static int handle_announce_request(void *object, IP_Port source, uint8_t *packet
 
     uint8_t plain[ONION_PING_ID_SIZE + crypto_box_PUBLICKEYBYTES + crypto_box_PUBLICKEYBYTES + ONION_ANNOUNCE_SENDBACK_DATA_LENGTH];
     int len = decrypt_data_symmetric(shared_key, packet + 1, packet + 1 + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES,
-                                ONION_PING_ID_SIZE + crypto_box_PUBLICKEYBYTES + crypto_box_PUBLICKEYBYTES + ONION_ANNOUNCE_SENDBACK_DATA_LENGTH +
-                                crypto_box_MACBYTES, plain);
+                                     ONION_PING_ID_SIZE + crypto_box_PUBLICKEYBYTES + crypto_box_PUBLICKEYBYTES + ONION_ANNOUNCE_SENDBACK_DATA_LENGTH +
+                                     crypto_box_MACBYTES, plain);
 
     if ((uint32_t)len != sizeof(plain))
         return 1;
@@ -279,7 +279,7 @@ static int handle_announce_request(void *object, IP_Port source, uint8_t *packet
 
     uint8_t data[ONION_ANNOUNCE_RESPONSE_MAX_SIZE];
     len = encrypt_data_symmetric(shared_key, nonce, pl, 1 + ONION_PING_ID_SIZE + nodes_length,
-                            data + 1 + ONION_ANNOUNCE_SENDBACK_DATA_LENGTH + crypto_box_NONCEBYTES);
+                                 data + 1 + ONION_ANNOUNCE_SENDBACK_DATA_LENGTH + crypto_box_NONCEBYTES);
 
     if (len != 1 + ONION_PING_ID_SIZE + nodes_length + crypto_box_MACBYTES)
         return 1;
diff --git a/toxcore/ping.c b/toxcore/ping.c
index b0928d95..35aab86f 100644
--- a/toxcore/ping.c
+++ b/toxcore/ping.c
@@ -169,9 +169,9 @@ int send_ping_request(PING *ping, IP_Port ipp, uint8_t *client_id)
 
 
     rc = encrypt_data_symmetric(shared_key,
-                           pk + 1 + CLIENT_ID_SIZE,
-                           (uint8_t *) &ping_id, sizeof(ping_id),
-                           pk + 1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES);
+                                pk + 1 + CLIENT_ID_SIZE,
+                                (uint8_t *) &ping_id, sizeof(ping_id),
+                                pk + 1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES);
 
     if (rc != sizeof(ping_id) + crypto_box_MACBYTES)
         return 1;
@@ -194,9 +194,9 @@ static int send_ping_response(PING *ping, IP_Port ipp, uint8_t *client_id, uint6
 
     // Encrypt ping_id using recipient privkey
     rc = encrypt_data_symmetric(shared_encryption_key,
-                           pk + 1 + CLIENT_ID_SIZE,
-                           (uint8_t *) &ping_id, sizeof(ping_id),
-                           pk + 1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES );
+                                pk + 1 + CLIENT_ID_SIZE,
+                                (uint8_t *) &ping_id, sizeof(ping_id),
+                                pk + 1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES );
 
     if (rc != sizeof(ping_id) + crypto_box_MACBYTES)
         return 1;
@@ -223,10 +223,10 @@ static int handle_ping_request(void *_dht, IP_Port source, uint8_t *packet, uint
     // Decrypt ping_id
     DHT_get_shared_key_recv(dht, shared_key, packet + 1);
     rc = decrypt_data_symmetric(shared_key,
-                           packet + 1 + CLIENT_ID_SIZE,
-                           packet + 1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES,
-                           sizeof(ping_id) + crypto_box_MACBYTES,
-                           (uint8_t *) &ping_id );
+                                packet + 1 + CLIENT_ID_SIZE,
+                                packet + 1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES,
+                                sizeof(ping_id) + crypto_box_MACBYTES,
+                                (uint8_t *) &ping_id );
 
     if (rc != sizeof(ping_id))
         return 1;
@@ -260,10 +260,10 @@ static int handle_ping_response(void *_dht, IP_Port source, uint8_t *packet, uin
     --ping_index;
     // Decrypt ping_id
     rc = decrypt_data_symmetric(ping->pings[ping_index].shared_key,
-                           packet + 1 + CLIENT_ID_SIZE,
-                           packet + 1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES,
-                           sizeof(ping_id) + crypto_box_MACBYTES,
-                           (uint8_t *) &ping_id);
+                                packet + 1 + CLIENT_ID_SIZE,
+                                packet + 1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES,
+                                sizeof(ping_id) + crypto_box_MACBYTES,
+                                (uint8_t *) &ping_id);
 
     if (rc != sizeof(ping_id))
         return 1;