diff options
author | Astonex <softukitu@gmail.com> | 2013-07-27 02:52:24 +0100 |
---|---|---|
committer | Astonex <softukitu@gmail.com> | 2013-07-27 02:52:24 +0100 |
commit | 3e1b96f333b7e51c8a714c2e701e7310239f1364 (patch) | |
tree | 838d8d55a7f2f69830ff59161820f21e86ddcca0 /core/net_crypto.c | |
parent | 37a300f9021cbf8c5e6e1134ae8eee9c33307eb7 (diff) | |
parent | 1b4ea2e1aeb874e872a2c767326633450de12d20 (diff) |
Merge remote-tracking branch 'ProjectTox/master'
Diffstat (limited to 'core/net_crypto.c')
-rw-r--r-- | core/net_crypto.c | 203 |
1 files changed, 50 insertions, 153 deletions
diff --git a/core/net_crypto.c b/core/net_crypto.c index e01ed695..28cb83e8 100644 --- a/core/net_crypto.c +++ b/core/net_crypto.c | |||
@@ -1,38 +1,35 @@ | |||
1 | /* net_crypto.c | 1 | /* net_crypto.c |
2 | * | 2 | * |
3 | * Functions for the core network crypto. | 3 | * Functions for the core network crypto. |
4 | * See also: docs/Crypto.txt | 4 | * See also: docs/Crypto.txt |
5 | * | 5 | * |
6 | * NOTE: This code has to be perfect. We don't mess around with encryption. | 6 | * NOTE: This code has to be perfect. We don't mess around with encryption. |
7 | * | 7 | * |
8 | 8 | * Copyright (C) 2013 Tox project All Rights Reserved. | |
9 | Copyright (C) 2013 Tox project All Rights Reserved. | 9 | * |
10 | 10 | * This file is part of Tox. | |
11 | This file is part of Tox. | 11 | * |
12 | 12 | * Tox is free software: you can redistribute it and/or modify | |
13 | Tox is free software: you can redistribute it and/or modify | 13 | * it under the terms of the GNU General Public License as published by |
14 | it under the terms of the GNU General Public License as published by | 14 | * the Free Software Foundation, either version 3 of the License, or |
15 | the Free Software Foundation, either version 3 of the License, or | 15 | * (at your option) any later version. |
16 | (at your option) any later version. | 16 | * |
17 | 17 | * Tox is distributed in the hope that it will be useful, | |
18 | Tox is distributed in the hope that it will be useful, | 18 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
19 | but WITHOUT ANY WARRANTY; without even the implied warranty of | 19 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
20 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | 20 | * GNU General Public License for more details. |
21 | GNU General Public License for more details. | 21 | * |
22 | 22 | * You should have received a copy of the GNU General Public License | |
23 | You should have received a copy of the GNU General Public License | 23 | * along with Tox. If not, see <http://www.gnu.org/licenses/>. |
24 | along with Tox. If not, see <http://www.gnu.org/licenses/>. | 24 | * |
25 | 25 | */ | |
26 | */ | ||
27 | 26 | ||
28 | #include "net_crypto.h" | 27 | #include "net_crypto.h" |
29 | 28 | ||
30 | |||
31 | /* Our public and secret keys. */ | 29 | /* Our public and secret keys. */ |
32 | uint8_t self_public_key[crypto_box_PUBLICKEYBYTES]; | 30 | uint8_t self_public_key[crypto_box_PUBLICKEYBYTES]; |
33 | uint8_t self_secret_key[crypto_box_SECRETKEYBYTES]; | 31 | uint8_t self_secret_key[crypto_box_SECRETKEYBYTES]; |
34 | 32 | ||
35 | |||
36 | typedef struct | 33 | typedef struct |
37 | { | 34 | { |
38 | uint8_t public_key[crypto_box_PUBLICKEYBYTES]; /* the real public key of the peer. */ | 35 | uint8_t public_key[crypto_box_PUBLICKEYBYTES]; /* the real public key of the peer. */ |
@@ -65,9 +62,7 @@ int encrypt_data(uint8_t * public_key, uint8_t * secret_key, uint8_t * nonce, | |||
65 | uint8_t * plain, uint32_t length, uint8_t * encrypted) | 62 | uint8_t * plain, uint32_t length, uint8_t * encrypted) |
66 | { | 63 | { |
67 | if(length - crypto_box_BOXZEROBYTES + crypto_box_ZEROBYTES > MAX_DATA_SIZE || length == 0) | 64 | if(length - crypto_box_BOXZEROBYTES + crypto_box_ZEROBYTES > MAX_DATA_SIZE || length == 0) |
68 | { | ||
69 | return -1; | 65 | return -1; |
70 | } | ||
71 | 66 | ||
72 | uint8_t temp_plain[MAX_DATA_SIZE + crypto_box_ZEROBYTES - crypto_box_BOXZEROBYTES] = {0}; | 67 | uint8_t temp_plain[MAX_DATA_SIZE + crypto_box_ZEROBYTES - crypto_box_BOXZEROBYTES] = {0}; |
73 | uint8_t temp_encrypted[MAX_DATA_SIZE + crypto_box_ZEROBYTES]; | 68 | uint8_t temp_encrypted[MAX_DATA_SIZE + crypto_box_ZEROBYTES]; |
@@ -79,9 +74,8 @@ int encrypt_data(uint8_t * public_key, uint8_t * secret_key, uint8_t * nonce, | |||
79 | 74 | ||
80 | /* if encryption is successful the first crypto_box_BOXZEROBYTES of the message will be zero */ | 75 | /* if encryption is successful the first crypto_box_BOXZEROBYTES of the message will be zero */ |
81 | if(memcmp(temp_encrypted, zeroes, crypto_box_BOXZEROBYTES) != 0) | 76 | if(memcmp(temp_encrypted, zeroes, crypto_box_BOXZEROBYTES) != 0) |
82 | { | ||
83 | return -1; | 77 | return -1; |
84 | } | 78 | |
85 | /* unpad the encrypted message */ | 79 | /* unpad the encrypted message */ |
86 | memcpy(encrypted, temp_encrypted + crypto_box_BOXZEROBYTES, length - crypto_box_BOXZEROBYTES + crypto_box_ZEROBYTES); | 80 | memcpy(encrypted, temp_encrypted + crypto_box_BOXZEROBYTES, length - crypto_box_BOXZEROBYTES + crypto_box_ZEROBYTES); |
87 | return length - crypto_box_BOXZEROBYTES + crypto_box_ZEROBYTES; | 81 | return length - crypto_box_BOXZEROBYTES + crypto_box_ZEROBYTES; |
@@ -95,9 +89,8 @@ int decrypt_data(uint8_t * public_key, uint8_t * secret_key, uint8_t * nonce, | |||
95 | uint8_t * encrypted, uint32_t length, uint8_t * plain) | 89 | uint8_t * encrypted, uint32_t length, uint8_t * plain) |
96 | { | 90 | { |
97 | if(length > MAX_DATA_SIZE || length <= crypto_box_BOXZEROBYTES) | 91 | if(length > MAX_DATA_SIZE || length <= crypto_box_BOXZEROBYTES) |
98 | { | ||
99 | return -1; | 92 | return -1; |
100 | } | 93 | |
101 | uint8_t temp_plain[MAX_DATA_SIZE - crypto_box_ZEROBYTES + crypto_box_BOXZEROBYTES]; | 94 | uint8_t temp_plain[MAX_DATA_SIZE - crypto_box_ZEROBYTES + crypto_box_BOXZEROBYTES]; |
102 | uint8_t temp_encrypted[MAX_DATA_SIZE + crypto_box_ZEROBYTES] = {0}; | 95 | uint8_t temp_encrypted[MAX_DATA_SIZE + crypto_box_ZEROBYTES] = {0}; |
103 | uint8_t zeroes[crypto_box_ZEROBYTES] = {0}; | 96 | uint8_t zeroes[crypto_box_ZEROBYTES] = {0}; |
@@ -106,14 +99,12 @@ int decrypt_data(uint8_t * public_key, uint8_t * secret_key, uint8_t * nonce, | |||
106 | 99 | ||
107 | if(crypto_box_open(temp_plain, temp_encrypted, length + crypto_box_BOXZEROBYTES, | 100 | if(crypto_box_open(temp_plain, temp_encrypted, length + crypto_box_BOXZEROBYTES, |
108 | nonce, public_key, secret_key) == -1) | 101 | nonce, public_key, secret_key) == -1) |
109 | { | ||
110 | return -1; | 102 | return -1; |
111 | } | 103 | |
112 | /* if decryption is successful the first crypto_box_ZEROBYTES of the message will be zero */ | 104 | /* if decryption is successful the first crypto_box_ZEROBYTES of the message will be zero */ |
113 | if(memcmp(temp_plain, zeroes, crypto_box_ZEROBYTES) != 0) | 105 | if(memcmp(temp_plain, zeroes, crypto_box_ZEROBYTES) != 0) |
114 | { | ||
115 | return -1; | 106 | return -1; |
116 | } | 107 | |
117 | /* unpad the plain message */ | 108 | /* unpad the plain message */ |
118 | memcpy(plain, temp_plain + crypto_box_ZEROBYTES, length - crypto_box_ZEROBYTES + crypto_box_BOXZEROBYTES); | 109 | memcpy(plain, temp_plain + crypto_box_ZEROBYTES, length - crypto_box_ZEROBYTES + crypto_box_BOXZEROBYTES); |
119 | return length - crypto_box_ZEROBYTES + crypto_box_BOXZEROBYTES; | 110 | return length - crypto_box_ZEROBYTES + crypto_box_BOXZEROBYTES; |
@@ -123,13 +114,10 @@ int decrypt_data(uint8_t * public_key, uint8_t * secret_key, uint8_t * nonce, | |||
123 | void increment_nonce(uint8_t * nonce) | 114 | void increment_nonce(uint8_t * nonce) |
124 | { | 115 | { |
125 | uint32_t i; | 116 | uint32_t i; |
126 | for(i = 0; i < crypto_box_NONCEBYTES; ++i) | 117 | for(i = 0; i < crypto_box_NONCEBYTES; ++i) { |
127 | { | ||
128 | ++nonce[i]; | 118 | ++nonce[i]; |
129 | if(nonce[i] != 0) | 119 | if(nonce[i] != 0) |
130 | { | ||
131 | break; | 120 | break; |
132 | } | ||
133 | } | 121 | } |
134 | } | 122 | } |
135 | 123 | ||
@@ -137,8 +125,7 @@ void increment_nonce(uint8_t * nonce) | |||
137 | void random_nonce(uint8_t * nonce) | 125 | void random_nonce(uint8_t * nonce) |
138 | { | 126 | { |
139 | uint32_t i, temp; | 127 | uint32_t i, temp; |
140 | for (i = 0; i < crypto_box_NONCEBYTES / 4; ++i) | 128 | for (i = 0; i < crypto_box_NONCEBYTES / 4; ++i) { |
141 | { | ||
142 | temp = random_int(); | 129 | temp = random_int(); |
143 | memcpy(nonce + 4 * i, &temp, 4); | 130 | memcpy(nonce + 4 * i, &temp, 4); |
144 | } | 131 | } |
@@ -150,64 +137,44 @@ void random_nonce(uint8_t * nonce) | |||
150 | int read_cryptpacket(int crypt_connection_id, uint8_t * data) | 137 | int read_cryptpacket(int crypt_connection_id, uint8_t * data) |
151 | { | 138 | { |
152 | if(crypt_connection_id < 0 || crypt_connection_id >= MAX_CRYPTO_CONNECTIONS) | 139 | if(crypt_connection_id < 0 || crypt_connection_id >= MAX_CRYPTO_CONNECTIONS) |
153 | { | ||
154 | return 0; | 140 | return 0; |
155 | } | ||
156 | if(crypto_connections[crypt_connection_id].status != 3) | 141 | if(crypto_connections[crypt_connection_id].status != 3) |
157 | { | ||
158 | return 0; | 142 | return 0; |
159 | } | ||
160 | uint8_t temp_data[MAX_DATA_SIZE]; | 143 | uint8_t temp_data[MAX_DATA_SIZE]; |
161 | int length = read_packet(crypto_connections[crypt_connection_id].number, temp_data); | 144 | int length = read_packet(crypto_connections[crypt_connection_id].number, temp_data); |
162 | if(length == 0) | 145 | if(length == 0) |
163 | { | ||
164 | return 0; | 146 | return 0; |
165 | } | ||
166 | if(temp_data[0] != 3) | 147 | if(temp_data[0] != 3) |
167 | { | ||
168 | return -1; | 148 | return -1; |
169 | } | ||
170 | int len = decrypt_data(crypto_connections[crypt_connection_id].peersessionpublic_key, | 149 | int len = decrypt_data(crypto_connections[crypt_connection_id].peersessionpublic_key, |
171 | crypto_connections[crypt_connection_id].sessionsecret_key, | 150 | crypto_connections[crypt_connection_id].sessionsecret_key, |
172 | crypto_connections[crypt_connection_id].recv_nonce, temp_data + 1, length - 1, data); | 151 | crypto_connections[crypt_connection_id].recv_nonce, temp_data + 1, length - 1, data); |
173 | if(len != -1) | 152 | if(len != -1) { |
174 | { | ||
175 | increment_nonce(crypto_connections[crypt_connection_id].recv_nonce); | 153 | increment_nonce(crypto_connections[crypt_connection_id].recv_nonce); |
176 | return len; | 154 | return len; |
177 | } | 155 | } |
178 | return -1; | 156 | return -1; |
179 | } | 157 | } |
180 | 158 | ||
181 | |||
182 | /* return 0 if data could not be put in packet queue | 159 | /* return 0 if data could not be put in packet queue |
183 | return 1 if data was put into the queue */ | 160 | return 1 if data was put into the queue */ |
184 | int write_cryptpacket(int crypt_connection_id, uint8_t * data, uint32_t length) | 161 | int write_cryptpacket(int crypt_connection_id, uint8_t * data, uint32_t length) |
185 | { | 162 | { |
186 | if(crypt_connection_id < 0 || crypt_connection_id >= MAX_CRYPTO_CONNECTIONS) | 163 | if(crypt_connection_id < 0 || crypt_connection_id >= MAX_CRYPTO_CONNECTIONS) |
187 | { | ||
188 | return 0; | 164 | return 0; |
189 | } | ||
190 | if(length - crypto_box_BOXZEROBYTES + crypto_box_ZEROBYTES > MAX_DATA_SIZE - 1) | 165 | if(length - crypto_box_BOXZEROBYTES + crypto_box_ZEROBYTES > MAX_DATA_SIZE - 1) |
191 | { | ||
192 | return 0; | 166 | return 0; |
193 | } | ||
194 | if(crypto_connections[crypt_connection_id].status != 3) | 167 | if(crypto_connections[crypt_connection_id].status != 3) |
195 | { | ||
196 | return 0; | 168 | return 0; |
197 | } | ||
198 | uint8_t temp_data[MAX_DATA_SIZE]; | 169 | uint8_t temp_data[MAX_DATA_SIZE]; |
199 | int len = encrypt_data(crypto_connections[crypt_connection_id].peersessionpublic_key, | 170 | int len = encrypt_data(crypto_connections[crypt_connection_id].peersessionpublic_key, |
200 | crypto_connections[crypt_connection_id].sessionsecret_key, | 171 | crypto_connections[crypt_connection_id].sessionsecret_key, |
201 | crypto_connections[crypt_connection_id].sent_nonce, data, length, temp_data + 1); | 172 | crypto_connections[crypt_connection_id].sent_nonce, data, length, temp_data + 1); |
202 | if(len == -1) | 173 | if(len == -1) |
203 | { | ||
204 | return 0; | 174 | return 0; |
205 | } | ||
206 | temp_data[0] = 3; | 175 | temp_data[0] = 3; |
207 | if(write_packet(crypto_connections[crypt_connection_id].number, temp_data, len + 1) == 0) | 176 | if(write_packet(crypto_connections[crypt_connection_id].number, temp_data, len + 1) == 0) |
208 | { | ||
209 | return 0; | 177 | return 0; |
210 | } | ||
211 | increment_nonce(crypto_connections[crypt_connection_id].sent_nonce); | 178 | increment_nonce(crypto_connections[crypt_connection_id].sent_nonce); |
212 | return 1; | 179 | return 1; |
213 | } | 180 | } |
@@ -221,17 +188,13 @@ int write_cryptpacket(int crypt_connection_id, uint8_t * data, uint32_t length) | |||
221 | int create_request(uint8_t * packet, uint8_t * public_key, uint8_t * data, uint32_t length, uint8_t request_id) | 188 | int create_request(uint8_t * packet, uint8_t * public_key, uint8_t * data, uint32_t length, uint8_t request_id) |
222 | { | 189 | { |
223 | if(MAX_DATA_SIZE < length + 1 + crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES + ENCRYPTION_PADDING) | 190 | if(MAX_DATA_SIZE < length + 1 + crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES + ENCRYPTION_PADDING) |
224 | { | ||
225 | return -1; | 191 | return -1; |
226 | } | ||
227 | uint8_t nonce[crypto_box_NONCEBYTES]; | 192 | uint8_t nonce[crypto_box_NONCEBYTES]; |
228 | random_nonce(nonce); | 193 | random_nonce(nonce); |
229 | int len = encrypt_data(public_key, self_secret_key, nonce, data, length, | 194 | int len = encrypt_data(public_key, self_secret_key, nonce, data, length, |
230 | 1 + crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES + packet); | 195 | 1 + crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES + packet); |
231 | if(len == -1) | 196 | if(len == -1) |
232 | { | ||
233 | return -1; | 197 | return -1; |
234 | } | ||
235 | packet[0] = request_id; | 198 | packet[0] = request_id; |
236 | memcpy(packet + 1, public_key, crypto_box_PUBLICKEYBYTES); | 199 | memcpy(packet + 1, public_key, crypto_box_PUBLICKEYBYTES); |
237 | memcpy(packet + 1 + crypto_box_PUBLICKEYBYTES, self_public_key, crypto_box_PUBLICKEYBYTES); | 200 | memcpy(packet + 1 + crypto_box_PUBLICKEYBYTES, self_public_key, crypto_box_PUBLICKEYBYTES); |
@@ -257,18 +220,13 @@ int handle_request(uint8_t * public_key, uint8_t * data, uint8_t * packet, uint1 | |||
257 | int len1 = decrypt_data(public_key, self_secret_key, nonce, packet + 1 + crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES, | 220 | int len1 = decrypt_data(public_key, self_secret_key, nonce, packet + 1 + crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES, |
258 | length - (crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES + 1), data); | 221 | length - (crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES + 1), data); |
259 | if(len1 == -1) | 222 | if(len1 == -1) |
260 | { | ||
261 | return -1; | 223 | return -1; |
262 | } | ||
263 | return len1; | 224 | return len1; |
264 | } | 225 | } |
265 | else | 226 | else |
266 | { | ||
267 | return -1; | 227 | return -1; |
268 | } | ||
269 | } | 228 | } |
270 | 229 | ||
271 | |||
272 | /* Send a crypto handshake packet containing an encrypted secret nonce and session public key | 230 | /* Send a crypto handshake packet containing an encrypted secret nonce and session public key |
273 | to peer with connection_id and public_key | 231 | to peer with connection_id and public_key |
274 | the packet is encrypted with a random nonce which is sent in plain text with the packet */ | 232 | the packet is encrypted with a random nonce which is sent in plain text with the packet */ |
@@ -285,9 +243,7 @@ int send_cryptohandshake(int connection_id, uint8_t * public_key, uint8_t * secr | |||
285 | int len = encrypt_data(public_key, self_secret_key, nonce, temp, crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES, | 243 | int len = encrypt_data(public_key, self_secret_key, nonce, temp, crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES, |
286 | 1 + crypto_box_PUBLICKEYBYTES + crypto_box_NONCEBYTES + temp_data); | 244 | 1 + crypto_box_PUBLICKEYBYTES + crypto_box_NONCEBYTES + temp_data); |
287 | if(len == -1) | 245 | if(len == -1) |
288 | { | ||
289 | return 0; | 246 | return 0; |
290 | } | ||
291 | temp_data[0] = 2; | 247 | temp_data[0] = 2; |
292 | memcpy(temp_data + 1, self_public_key, crypto_box_PUBLICKEYBYTES); | 248 | memcpy(temp_data + 1, self_public_key, crypto_box_PUBLICKEYBYTES); |
293 | memcpy(temp_data + 1 + crypto_box_PUBLICKEYBYTES, nonce, crypto_box_NONCEBYTES); | 249 | memcpy(temp_data + 1 + crypto_box_PUBLICKEYBYTES, nonce, crypto_box_NONCEBYTES); |
@@ -307,9 +263,7 @@ int handle_cryptohandshake(uint8_t * public_key, uint8_t * secret_nonce, | |||
307 | return 0; | 263 | return 0; |
308 | } | 264 | } |
309 | if(data[0] != 2) | 265 | if(data[0] != 2) |
310 | { | ||
311 | return 0; | 266 | return 0; |
312 | } | ||
313 | uint8_t temp[crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES]; | 267 | uint8_t temp[crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES]; |
314 | 268 | ||
315 | memcpy(public_key, data + 1, crypto_box_PUBLICKEYBYTES); | 269 | memcpy(public_key, data + 1, crypto_box_PUBLICKEYBYTES); |
@@ -319,18 +273,13 @@ int handle_cryptohandshake(uint8_t * public_key, uint8_t * secret_nonce, | |||
319 | crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES + pad, temp); | 273 | crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES + pad, temp); |
320 | 274 | ||
321 | if(len != crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES) | 275 | if(len != crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES) |
322 | { | ||
323 | return 0; | 276 | return 0; |
324 | } | ||
325 | 277 | ||
326 | memcpy(secret_nonce, temp, crypto_box_NONCEBYTES); | 278 | memcpy(secret_nonce, temp, crypto_box_NONCEBYTES); |
327 | memcpy(session_key, temp + crypto_box_NONCEBYTES, crypto_box_PUBLICKEYBYTES); | 279 | memcpy(session_key, temp + crypto_box_NONCEBYTES, crypto_box_PUBLICKEYBYTES); |
328 | return 1; | 280 | return 1; |
329 | } | 281 | } |
330 | 282 | ||
331 | |||
332 | |||
333 | |||
334 | /* get crypto connection id from public key of peer | 283 | /* get crypto connection id from public key of peer |
335 | return -1 if there are no connections like we are looking for | 284 | return -1 if there are no connections like we are looking for |
336 | return id if it found it */ | 285 | return id if it found it */ |
@@ -338,19 +287,12 @@ int getcryptconnection_id(uint8_t * public_key) | |||
338 | { | 287 | { |
339 | uint32_t i; | 288 | uint32_t i; |
340 | for(i = 0; i < MAX_CRYPTO_CONNECTIONS; ++i) | 289 | for(i = 0; i < MAX_CRYPTO_CONNECTIONS; ++i) |
341 | { | ||
342 | if(crypto_connections[i].status > 0) | 290 | if(crypto_connections[i].status > 0) |
343 | { | ||
344 | if(memcmp(public_key, crypto_connections[i].public_key, crypto_box_PUBLICKEYBYTES) == 0) | 291 | if(memcmp(public_key, crypto_connections[i].public_key, crypto_box_PUBLICKEYBYTES) == 0) |
345 | { | ||
346 | return i; | 292 | return i; |
347 | } | ||
348 | } | ||
349 | } | ||
350 | return -1; | 293 | return -1; |
351 | } | 294 | } |
352 | 295 | ||
353 | |||
354 | /* Start a secure connection with other peer who has public_key and ip_port | 296 | /* Start a secure connection with other peer who has public_key and ip_port |
355 | returns -1 if failure | 297 | returns -1 if failure |
356 | returns crypt_connection_id of the initialized connection if everything went well. */ | 298 | returns crypt_connection_id of the initialized connection if everything went well. */ |
@@ -358,23 +300,17 @@ int crypto_connect(uint8_t * public_key, IP_Port ip_port) | |||
358 | { | 300 | { |
359 | uint32_t i; | 301 | uint32_t i; |
360 | int id = getcryptconnection_id(public_key); | 302 | int id = getcryptconnection_id(public_key); |
361 | if(id != -1) | 303 | if(id != -1) { |
362 | { | ||
363 | IP_Port c_ip = connection_ip(crypto_connections[id].number); | 304 | IP_Port c_ip = connection_ip(crypto_connections[id].number); |
364 | if(c_ip.ip.i == ip_port.ip.i && c_ip.port == ip_port.port) | 305 | if(c_ip.ip.i == ip_port.ip.i && c_ip.port == ip_port.port) |
365 | { | ||
366 | return -1; | 306 | return -1; |
367 | } | ||
368 | } | 307 | } |
369 | for(i = 0; i < MAX_CRYPTO_CONNECTIONS; ++i) | 308 | for(i = 0; i < MAX_CRYPTO_CONNECTIONS; ++i) |
370 | { | 309 | { |
371 | if(crypto_connections[i].status == 0) | 310 | if(crypto_connections[i].status == 0) { |
372 | { | ||
373 | int id = new_connection(ip_port); | 311 | int id = new_connection(ip_port); |
374 | if(id == -1) | 312 | if(id == -1) |
375 | { | ||
376 | return -1; | 313 | return -1; |
377 | } | ||
378 | crypto_connections[i].number = id; | 314 | crypto_connections[i].number = id; |
379 | crypto_connections[i].status = 1; | 315 | crypto_connections[i].status = 1; |
380 | random_nonce(crypto_connections[i].recv_nonce); | 316 | random_nonce(crypto_connections[i].recv_nonce); |
@@ -405,20 +341,16 @@ int crypto_inbound(uint8_t * public_key, uint8_t * secret_nonce, uint8_t * sessi | |||
405 | uint32_t i; | 341 | uint32_t i; |
406 | for(i = 0; i < MAX_INCOMING; ++i) | 342 | for(i = 0; i < MAX_INCOMING; ++i) |
407 | { | 343 | { |
408 | if(incoming_connections[i] != -1) | 344 | if(incoming_connections[i] != -1) { |
409 | { | 345 | if(is_connected(incoming_connections[i]) == 4 || is_connected(incoming_connections[i]) == 0) { |
410 | if(is_connected(incoming_connections[i]) == 4 || is_connected(incoming_connections[i]) == 0) | ||
411 | { | ||
412 | kill_connection(incoming_connections[i]); | 346 | kill_connection(incoming_connections[i]); |
413 | incoming_connections[i] = -1; | 347 | incoming_connections[i] = -1; |
414 | continue; | 348 | continue; |
415 | } | 349 | } |
416 | if(id_packet(incoming_connections[i]) == 2) | 350 | if(id_packet(incoming_connections[i]) == 2) { |
417 | { | ||
418 | uint8_t temp_data[MAX_DATA_SIZE]; | 351 | uint8_t temp_data[MAX_DATA_SIZE]; |
419 | uint16_t len = read_packet(incoming_connections[i], temp_data); | 352 | uint16_t len = read_packet(incoming_connections[i], temp_data); |
420 | if(handle_cryptohandshake(public_key, secret_nonce, session_key, temp_data, len)) | 353 | if(handle_cryptohandshake(public_key, secret_nonce, session_key, temp_data, len)) { |
421 | { | ||
422 | int connection_id = incoming_connections[i]; | 354 | int connection_id = incoming_connections[i]; |
423 | incoming_connections[i] = -1; /* remove this connection from the incoming connection list. */ | 355 | incoming_connections[i] = -1; /* remove this connection from the incoming connection list. */ |
424 | return connection_id; | 356 | return connection_id; |
@@ -435,11 +367,8 @@ int crypto_inbound(uint8_t * public_key, uint8_t * secret_nonce, uint8_t * sessi | |||
435 | int crypto_kill(int crypt_connection_id) | 367 | int crypto_kill(int crypt_connection_id) |
436 | { | 368 | { |
437 | if(crypt_connection_id < 0 || crypt_connection_id >= MAX_CRYPTO_CONNECTIONS) | 369 | if(crypt_connection_id < 0 || crypt_connection_id >= MAX_CRYPTO_CONNECTIONS) |
438 | { | ||
439 | return 1; | 370 | return 1; |
440 | } | 371 | if(crypto_connections[crypt_connection_id].status != 0) { |
441 | if(crypto_connections[crypt_connection_id].status != 0) | ||
442 | { | ||
443 | crypto_connections[crypt_connection_id].status = 0; | 372 | crypto_connections[crypt_connection_id].status = 0; |
444 | kill_connection(crypto_connections[crypt_connection_id].number); | 373 | kill_connection(crypto_connections[crypt_connection_id].number); |
445 | crypto_connections[crypt_connection_id].number = ~0; | 374 | crypto_connections[crypt_connection_id].number = ~0; |
@@ -448,7 +377,6 @@ int crypto_kill(int crypt_connection_id) | |||
448 | return 1; | 377 | return 1; |
449 | } | 378 | } |
450 | 379 | ||
451 | |||
452 | /* accept an incoming connection using the parameters provided by crypto_inbound | 380 | /* accept an incoming connection using the parameters provided by crypto_inbound |
453 | return -1 if not successful | 381 | return -1 if not successful |
454 | returns the crypt_connection_id if successful */ | 382 | returns the crypt_connection_id if successful */ |
@@ -456,9 +384,7 @@ int accept_crypto_inbound(int connection_id, uint8_t * public_key, uint8_t * sec | |||
456 | { | 384 | { |
457 | uint32_t i; | 385 | uint32_t i; |
458 | if(connection_id == -1) | 386 | if(connection_id == -1) |
459 | { | ||
460 | return -1; | 387 | return -1; |
461 | } | ||
462 | /* | 388 | /* |
463 | if(getcryptconnection_id(public_key) != -1) | 389 | if(getcryptconnection_id(public_key) != -1) |
464 | { | 390 | { |
@@ -466,8 +392,7 @@ int accept_crypto_inbound(int connection_id, uint8_t * public_key, uint8_t * sec | |||
466 | }*/ | 392 | }*/ |
467 | for(i = 0; i < MAX_CRYPTO_CONNECTIONS; ++i) | 393 | for(i = 0; i < MAX_CRYPTO_CONNECTIONS; ++i) |
468 | { | 394 | { |
469 | if(crypto_connections[i].status == 0) | 395 | if(crypto_connections[i].status == 0) { |
470 | { | ||
471 | crypto_connections[i].number = connection_id; | 396 | crypto_connections[i].number = connection_id; |
472 | crypto_connections[i].status = 2; | 397 | crypto_connections[i].status = 2; |
473 | random_nonce(crypto_connections[i].recv_nonce); | 398 | random_nonce(crypto_connections[i].recv_nonce); |
@@ -494,19 +419,16 @@ int accept_crypto_inbound(int connection_id, uint8_t * public_key, uint8_t * sec | |||
494 | return -1; | 419 | return -1; |
495 | } | 420 | } |
496 | 421 | ||
497 | /* return 0 if no connection, 1 we have sent a handshake, 2 if connexion is not confirmed yet | 422 | /* return 0 if no connection, 1 we have sent a handshake, 2 if connection is not confirmed yet |
498 | (we have received a handshake but no empty data packet), 3 if the connection is established. | 423 | (we have received a handshake but no empty data packet), 3 if the connection is established. |
499 | 4 if the connection is timed out and waiting to be killed */ | 424 | 4 if the connection is timed out and waiting to be killed */ |
500 | int is_cryptoconnected(int crypt_connection_id) | 425 | int is_cryptoconnected(int crypt_connection_id) |
501 | { | 426 | { |
502 | if(crypt_connection_id >= 0 && crypt_connection_id < MAX_CRYPTO_CONNECTIONS) | 427 | if(crypt_connection_id >= 0 && crypt_connection_id < MAX_CRYPTO_CONNECTIONS) |
503 | { | ||
504 | return crypto_connections[crypt_connection_id].status; | 428 | return crypto_connections[crypt_connection_id].status; |
505 | } | ||
506 | return 0; | 429 | return 0; |
507 | } | 430 | } |
508 | 431 | ||
509 | |||
510 | /* Generate our public and private keys | 432 | /* Generate our public and private keys |
511 | Only call this function the first time the program starts. */ | 433 | Only call this function the first time the program starts. */ |
512 | void new_keys() | 434 | void new_keys() |
@@ -537,10 +459,8 @@ void load_keys(uint8_t * keys) | |||
537 | int new_incoming(int id) | 459 | int new_incoming(int id) |
538 | { | 460 | { |
539 | uint32_t i; | 461 | uint32_t i; |
540 | for(i = 0; i < MAX_INCOMING; ++i) | 462 | for(i = 0; i < MAX_INCOMING; ++i) { |
541 | { | 463 | if(incoming_connections[i] == -1) { |
542 | if(incoming_connections[i] == -1) | ||
543 | { | ||
544 | incoming_connections[i] = id; | 464 | incoming_connections[i] = id; |
545 | return 0; | 465 | return 0; |
546 | } | 466 | } |
@@ -553,13 +473,10 @@ int new_incoming(int id) | |||
553 | static void handle_incomings() | 473 | static void handle_incomings() |
554 | { | 474 | { |
555 | int income; | 475 | int income; |
556 | while(1) | 476 | while(1) { |
557 | { | ||
558 | income = incoming_connection(); | 477 | income = incoming_connection(); |
559 | if(income == -1 || new_incoming(income) ) | 478 | if(income == -1 || new_incoming(income) ) |
560 | { | ||
561 | break; | 479 | break; |
562 | } | ||
563 | } | 480 | } |
564 | } | 481 | } |
565 | 482 | ||
@@ -578,17 +495,11 @@ static void receive_crypto() | |||
578 | uint16_t len; | 495 | uint16_t len; |
579 | if(id_packet(crypto_connections[i].number) == 1) | 496 | if(id_packet(crypto_connections[i].number) == 1) |
580 | /* if the packet is a friend request drop it (because we are already friends) */ | 497 | /* if the packet is a friend request drop it (because we are already friends) */ |
581 | { | ||
582 | len = read_packet(crypto_connections[i].number, temp_data); | 498 | len = read_packet(crypto_connections[i].number, temp_data); |
583 | 499 | if(id_packet(crypto_connections[i].number) == 2) { /* handle handshake packet. */ | |
584 | } | ||
585 | if(id_packet(crypto_connections[i].number) == 2) /* handle handshake packet. */ | ||
586 | { | ||
587 | len = read_packet(crypto_connections[i].number, temp_data); | 500 | len = read_packet(crypto_connections[i].number, temp_data); |
588 | if(handle_cryptohandshake(public_key, secret_nonce, session_key, temp_data, len)) | 501 | if(handle_cryptohandshake(public_key, secret_nonce, session_key, temp_data, len)) { |
589 | { | 502 | if(memcmp(public_key, crypto_connections[i].public_key, crypto_box_PUBLICKEYBYTES) == 0) { |
590 | if(memcmp(public_key, crypto_connections[i].public_key, crypto_box_PUBLICKEYBYTES) == 0) | ||
591 | { | ||
592 | memcpy(crypto_connections[i].sent_nonce, secret_nonce, crypto_box_NONCEBYTES); | 503 | memcpy(crypto_connections[i].sent_nonce, secret_nonce, crypto_box_NONCEBYTES); |
593 | memcpy(crypto_connections[i].peersessionpublic_key, session_key, crypto_box_PUBLICKEYBYTES); | 504 | memcpy(crypto_connections[i].peersessionpublic_key, session_key, crypto_box_PUBLICKEYBYTES); |
594 | increment_nonce(crypto_connections[i].sent_nonce); | 505 | increment_nonce(crypto_connections[i].sent_nonce); |
@@ -600,17 +511,14 @@ static void receive_crypto() | |||
600 | } | 511 | } |
601 | } | 512 | } |
602 | else if(id_packet(crypto_connections[i].number) != -1) | 513 | else if(id_packet(crypto_connections[i].number) != -1) |
603 | { | ||
604 | /* This should not happen | 514 | /* This should not happen |
605 | kill the connection if it does */ | 515 | kill the connection if it does */ |
606 | crypto_kill(crypto_connections[i].number); | 516 | crypto_kill(crypto_connections[i].number); |
607 | } | ||
608 | 517 | ||
609 | } | 518 | } |
610 | if(crypto_connections[i].status == 2) | 519 | if(crypto_connections[i].status == 2) |
611 | { | 520 | { |
612 | if(id_packet(crypto_connections[i].number) == 3) | 521 | if(id_packet(crypto_connections[i].number) == 3) { |
613 | { | ||
614 | uint8_t temp_data[MAX_DATA_SIZE]; | 522 | uint8_t temp_data[MAX_DATA_SIZE]; |
615 | uint8_t data[MAX_DATA_SIZE]; | 523 | uint8_t data[MAX_DATA_SIZE]; |
616 | int length = read_packet(crypto_connections[i].number, temp_data); | 524 | int length = read_packet(crypto_connections[i].number, temp_data); |
@@ -618,8 +526,7 @@ static void receive_crypto() | |||
618 | crypto_connections[i].sessionsecret_key, | 526 | crypto_connections[i].sessionsecret_key, |
619 | crypto_connections[i].recv_nonce, temp_data + 1, length - 1, data); | 527 | crypto_connections[i].recv_nonce, temp_data + 1, length - 1, data); |
620 | uint32_t zero = 0; | 528 | uint32_t zero = 0; |
621 | if(len == sizeof(uint32_t) && memcmp(((uint8_t *)&zero), data, sizeof(uint32_t)) == 0) | 529 | if(len == sizeof(uint32_t) && memcmp(((uint8_t *)&zero), data, sizeof(uint32_t)) == 0) { |
622 | { | ||
623 | increment_nonce(crypto_connections[i].recv_nonce); | 530 | increment_nonce(crypto_connections[i].recv_nonce); |
624 | crypto_connections[i].status = 3; | 531 | crypto_connections[i].status = 3; |
625 | 532 | ||
@@ -627,18 +534,14 @@ static void receive_crypto() | |||
627 | kill_connection_in(crypto_connections[i].number, 3000000); | 534 | kill_connection_in(crypto_connections[i].number, 3000000); |
628 | } | 535 | } |
629 | else | 536 | else |
630 | { | ||
631 | /* This should not happen | 537 | /* This should not happen |
632 | kill the connection if it does */ | 538 | kill the connection if it does */ |
633 | crypto_kill(crypto_connections[i].number); | 539 | crypto_kill(crypto_connections[i].number); |
634 | } | ||
635 | } | 540 | } |
636 | else if(id_packet(crypto_connections[i].number) != -1) | 541 | else if(id_packet(crypto_connections[i].number) != -1) |
637 | { | ||
638 | /* This should not happen | 542 | /* This should not happen |
639 | kill the connection if it does */ | 543 | kill the connection if it does */ |
640 | crypto_kill(crypto_connections[i].number); | 544 | crypto_kill(crypto_connections[i].number); |
641 | } | ||
642 | } | 545 | } |
643 | } | 546 | } |
644 | } | 547 | } |
@@ -651,22 +554,16 @@ void initNetCrypto() | |||
651 | memset(incoming_connections, -1 ,sizeof(incoming_connections)); | 554 | memset(incoming_connections, -1 ,sizeof(incoming_connections)); |
652 | uint32_t i; | 555 | uint32_t i; |
653 | for(i = 0; i < MAX_CRYPTO_CONNECTIONS; ++i) | 556 | for(i = 0; i < MAX_CRYPTO_CONNECTIONS; ++i) |
654 | { | ||
655 | crypto_connections[i].number = ~0; | 557 | crypto_connections[i].number = ~0; |
656 | } | ||
657 | } | 558 | } |
658 | 559 | ||
659 | static void killTimedout() | 560 | static void killTimedout() |
660 | { | 561 | { |
661 | uint32_t i; | 562 | uint32_t i; |
662 | for(i = 0; i < MAX_CRYPTO_CONNECTIONS; ++i) | 563 | for(i = 0; i < MAX_CRYPTO_CONNECTIONS; ++i) { |
663 | { | ||
664 | if(crypto_connections[i].status != 0 && is_connected(crypto_connections[i].number) == 4) | 564 | if(crypto_connections[i].status != 0 && is_connected(crypto_connections[i].number) == 4) |
665 | { | ||
666 | crypto_connections[i].status = 4; | 565 | crypto_connections[i].status = 4; |
667 | } | 566 | else if(is_connected(crypto_connections[i].number) == 4) { |
668 | else if(is_connected(crypto_connections[i].number) == 4) | ||
669 | { | ||
670 | kill_connection(crypto_connections[i].number); | 567 | kill_connection(crypto_connections[i].number); |
671 | crypto_connections[i].number = ~0; | 568 | crypto_connections[i].number = ~0; |
672 | } | 569 | } |