summaryrefslogtreecommitdiff
path: root/core/net_crypto.c
diff options
context:
space:
mode:
authorirungentoo <irungentoo@gmail.com>2013-08-16 13:11:09 -0400
committerirungentoo <irungentoo@gmail.com>2013-08-16 13:11:09 -0400
commit88ff81d9def5efe69cbaf91aa41906177ba7dde9 (patch)
treecb9f149e438bcd1f18d8c1eb5d8be6b0a22f58a4 /core/net_crypto.c
parentc5af8f44a9d040a0bbe0442ec074d9fc8562dd32 (diff)
Passed everything through astyle.
Diffstat (limited to 'core/net_crypto.c')
-rw-r--r--core/net_crypto.c131
1 files changed, 99 insertions, 32 deletions
diff --git a/core/net_crypto.c b/core/net_crypto.c
index a05208ef..4b7fa043 100644
--- a/core/net_crypto.c
+++ b/core/net_crypto.c
@@ -65,14 +65,16 @@ uint8_t crypto_iszero(uint8_t *mem, uint32_t length)
65{ 65{
66 uint8_t check = 0; 66 uint8_t check = 0;
67 uint32_t i; 67 uint32_t i;
68
68 for (i = 0; i < length; ++i) { 69 for (i = 0; i < length; ++i) {
69 check |= mem[i]; 70 check |= mem[i];
70 } 71 }
72
71 return check; // We return zero if mem is made out of zeroes. 73 return check; // We return zero if mem is made out of zeroes.
72} 74}
73 75
74/* Precomputes the shared key from their public_key and our secret_key. 76/* Precomputes the shared key from their public_key and our secret_key.
75 This way we can avoid an expensive elliptic curve scalar multiply for each 77 This way we can avoid an expensive elliptic curve scalar multiply for each
76 encrypt/decrypt operation. 78 encrypt/decrypt operation.
77 enc_key has to be crypto_box_BEFORENMBYTES bytes long. */ 79 enc_key has to be crypto_box_BEFORENMBYTES bytes long. */
78void encrypt_precompute(uint8_t *public_key, uint8_t *secret_key, uint8_t *enc_key) 80void encrypt_precompute(uint8_t *public_key, uint8_t *secret_key, uint8_t *enc_key)
@@ -81,7 +83,7 @@ void encrypt_precompute(uint8_t *public_key, uint8_t *secret_key, uint8_t *enc_k
81} 83}
82 84
83/* Fast encrypt. Depends on enc_key from encrypt_precompute. */ 85/* Fast encrypt. Depends on enc_key from encrypt_precompute. */
84int encrypt_data_fast(uint8_t *enc_key, uint8_t *nonce, 86int encrypt_data_fast(uint8_t *enc_key, uint8_t *nonce,
85 uint8_t *plain, uint32_t length, uint8_t *encrypted) 87 uint8_t *plain, uint32_t length, uint8_t *encrypted)
86{ 88{
87 if (length + crypto_box_MACBYTES > MAX_DATA_SIZE || length == 0) 89 if (length + crypto_box_MACBYTES > MAX_DATA_SIZE || length == 0)
@@ -94,7 +96,7 @@ int encrypt_data_fast(uint8_t *enc_key, uint8_t *nonce,
94 96
95 crypto_box_afternm(temp_encrypted, temp_plain, length + crypto_box_ZEROBYTES, nonce, enc_key); 97 crypto_box_afternm(temp_encrypted, temp_plain, length + crypto_box_ZEROBYTES, nonce, enc_key);
96 98
97 if(crypto_iszero(temp_encrypted, crypto_box_BOXZEROBYTES) != 0) 99 if (crypto_iszero(temp_encrypted, crypto_box_BOXZEROBYTES) != 0)
98 return -1; 100 return -1;
99 101
100 /* unpad the encrypted message */ 102 /* unpad the encrypted message */
@@ -118,9 +120,9 @@ int decrypt_data_fast(uint8_t *enc_key, uint8_t *nonce,
118 nonce, enc_key) == -1) 120 nonce, enc_key) == -1)
119 return -1; 121 return -1;
120 122
121 /* if decryption is successful the first crypto_box_ZEROBYTES of the message will be zero 123 /* if decryption is successful the first crypto_box_ZEROBYTES of the message will be zero
122 apparently memcmp should not be used so we do this instead:*/ 124 apparently memcmp should not be used so we do this instead:*/
123 if(crypto_iszero(temp_plain, crypto_box_ZEROBYTES) != 0) 125 if (crypto_iszero(temp_plain, crypto_box_ZEROBYTES) != 0)
124 return -1; 126 return -1;
125 127
126 /* unpad the plain message */ 128 /* unpad the plain message */
@@ -148,9 +150,11 @@ int decrypt_data(uint8_t *public_key, uint8_t *secret_key, uint8_t *nonce,
148static void increment_nonce(uint8_t *nonce) 150static void increment_nonce(uint8_t *nonce)
149{ 151{
150 uint32_t i; 152 uint32_t i;
153
151 for (i = 0; i < crypto_box_NONCEBYTES; ++i) { 154 for (i = 0; i < crypto_box_NONCEBYTES; ++i) {
152 ++nonce[i]; 155 ++nonce[i];
153 if(nonce[i] != 0) 156
157 if (nonce[i] != 0)
154 break; 158 break;
155 } 159 }
156} 160}
@@ -159,6 +163,7 @@ static void increment_nonce(uint8_t *nonce)
159void random_nonce(uint8_t *nonce) 163void random_nonce(uint8_t *nonce)
160{ 164{
161 uint32_t i, temp; 165 uint32_t i, temp;
166
162 for (i = 0; i < crypto_box_NONCEBYTES / 4; ++i) { 167 for (i = 0; i < crypto_box_NONCEBYTES / 4; ++i) {
163 temp = random_int(); 168 temp = random_int();
164 memcpy(nonce + 4 * i, &temp, 4); 169 memcpy(nonce + 4 * i, &temp, 4);
@@ -172,21 +177,28 @@ int read_cryptpacket(int crypt_connection_id, uint8_t *data)
172{ 177{
173 if (crypt_connection_id < 0 || crypt_connection_id >= MAX_CRYPTO_CONNECTIONS) 178 if (crypt_connection_id < 0 || crypt_connection_id >= MAX_CRYPTO_CONNECTIONS)
174 return 0; 179 return 0;
180
175 if (crypto_connections[crypt_connection_id].status != CONN_ESTABLISHED) 181 if (crypto_connections[crypt_connection_id].status != CONN_ESTABLISHED)
176 return 0; 182 return 0;
183
177 uint8_t temp_data[MAX_DATA_SIZE]; 184 uint8_t temp_data[MAX_DATA_SIZE];
178 int length = read_packet(crypto_connections[crypt_connection_id].number, temp_data); 185 int length = read_packet(crypto_connections[crypt_connection_id].number, temp_data);
186
179 if (length == 0) 187 if (length == 0)
180 return 0; 188 return 0;
189
181 if (temp_data[0] != 3) 190 if (temp_data[0] != 3)
182 return -1; 191 return -1;
192
183 int len = decrypt_data_fast(crypto_connections[crypt_connection_id].shared_key, 193 int len = decrypt_data_fast(crypto_connections[crypt_connection_id].shared_key,
184 crypto_connections[crypt_connection_id].recv_nonce, 194 crypto_connections[crypt_connection_id].recv_nonce,
185 temp_data + 1, length - 1, data); 195 temp_data + 1, length - 1, data);
196
186 if (len != -1) { 197 if (len != -1) {
187 increment_nonce(crypto_connections[crypt_connection_id].recv_nonce); 198 increment_nonce(crypto_connections[crypt_connection_id].recv_nonce);
188 return len; 199 return len;
189 } 200 }
201
190 return -1; 202 return -1;
191} 203}
192 204
@@ -196,19 +208,26 @@ int write_cryptpacket(int crypt_connection_id, uint8_t *data, uint32_t length)
196{ 208{
197 if (crypt_connection_id < 0 || crypt_connection_id >= MAX_CRYPTO_CONNECTIONS) 209 if (crypt_connection_id < 0 || crypt_connection_id >= MAX_CRYPTO_CONNECTIONS)
198 return 0; 210 return 0;
211
199 if (length - crypto_box_BOXZEROBYTES + crypto_box_ZEROBYTES > MAX_DATA_SIZE - 1) 212 if (length - crypto_box_BOXZEROBYTES + crypto_box_ZEROBYTES > MAX_DATA_SIZE - 1)
200 return 0; 213 return 0;
214
201 if (crypto_connections[crypt_connection_id].status != CONN_ESTABLISHED) 215 if (crypto_connections[crypt_connection_id].status != CONN_ESTABLISHED)
202 return 0; 216 return 0;
217
203 uint8_t temp_data[MAX_DATA_SIZE]; 218 uint8_t temp_data[MAX_DATA_SIZE];
204 int len = encrypt_data_fast(crypto_connections[crypt_connection_id].shared_key, 219 int len = encrypt_data_fast(crypto_connections[crypt_connection_id].shared_key,
205 crypto_connections[crypt_connection_id].sent_nonce, 220 crypto_connections[crypt_connection_id].sent_nonce,
206 data, length, temp_data + 1); 221 data, length, temp_data + 1);
222
207 if (len == -1) 223 if (len == -1)
208 return 0; 224 return 0;
225
209 temp_data[0] = 3; 226 temp_data[0] = 3;
227
210 if (write_packet(crypto_connections[crypt_connection_id].number, temp_data, len + 1) == 0) 228 if (write_packet(crypto_connections[crypt_connection_id].number, temp_data, len + 1) == 0)
211 return 0; 229 return 0;
230
212 increment_nonce(crypto_connections[crypt_connection_id].sent_nonce); 231 increment_nonce(crypto_connections[crypt_connection_id].sent_nonce);
213 return 1; 232 return 1;
214} 233}
@@ -223,6 +242,7 @@ int create_request(uint8_t *packet, uint8_t *public_key, uint8_t *data, uint32_t
223{ 242{
224 if (MAX_DATA_SIZE < length + 1 + crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES + 1 + ENCRYPTION_PADDING) 243 if (MAX_DATA_SIZE < length + 1 + crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES + 1 + ENCRYPTION_PADDING)
225 return -1; 244 return -1;
245
226 uint8_t nonce[crypto_box_NONCEBYTES]; 246 uint8_t nonce[crypto_box_NONCEBYTES];
227 uint8_t temp[MAX_DATA_SIZE]; 247 uint8_t temp[MAX_DATA_SIZE];
228 memcpy(temp + 1, data, length); 248 memcpy(temp + 1, data, length);
@@ -230,8 +250,10 @@ int create_request(uint8_t *packet, uint8_t *public_key, uint8_t *data, uint32_t
230 random_nonce(nonce); 250 random_nonce(nonce);
231 int len = encrypt_data(public_key, self_secret_key, nonce, temp, length + 1, 251 int len = encrypt_data(public_key, self_secret_key, nonce, temp, length + 1,
232 1 + crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES + packet); 252 1 + crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES + packet);
253
233 if (len == -1) 254 if (len == -1)
234 return -1; 255 return -1;
256
235 packet[0] = 32; 257 packet[0] = 32;
236 memcpy(packet + 1, public_key, crypto_box_PUBLICKEYBYTES); 258 memcpy(packet + 1, public_key, crypto_box_PUBLICKEYBYTES);
237 memcpy(packet + 1 + crypto_box_PUBLICKEYBYTES, self_public_key, crypto_box_PUBLICKEYBYTES); 259 memcpy(packet + 1 + crypto_box_PUBLICKEYBYTES, self_public_key, crypto_box_PUBLICKEYBYTES);
@@ -248,16 +270,19 @@ static int handle_request(uint8_t *public_key, uint8_t *data, uint8_t *request_i
248{ 270{
249 271
250 if (length > crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES + 1 + ENCRYPTION_PADDING && 272 if (length > crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES + 1 + ENCRYPTION_PADDING &&
251 length <= MAX_DATA_SIZE + ENCRYPTION_PADDING && 273 length <= MAX_DATA_SIZE + ENCRYPTION_PADDING &&
252 memcmp(packet + 1, self_public_key, crypto_box_PUBLICKEYBYTES) == 0) { 274 memcmp(packet + 1, self_public_key, crypto_box_PUBLICKEYBYTES) == 0) {
253 memcpy(public_key, packet + 1 + crypto_box_PUBLICKEYBYTES, crypto_box_PUBLICKEYBYTES); 275 memcpy(public_key, packet + 1 + crypto_box_PUBLICKEYBYTES, crypto_box_PUBLICKEYBYTES);
254 uint8_t nonce[crypto_box_NONCEBYTES]; 276 uint8_t nonce[crypto_box_NONCEBYTES];
255 uint8_t temp[MAX_DATA_SIZE]; 277 uint8_t temp[MAX_DATA_SIZE];
256 memcpy(nonce, packet + 1 + crypto_box_PUBLICKEYBYTES * 2, crypto_box_NONCEBYTES); 278 memcpy(nonce, packet + 1 + crypto_box_PUBLICKEYBYTES * 2, crypto_box_NONCEBYTES);
257 int len1 = decrypt_data(public_key, self_secret_key, nonce, packet + 1 + crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES, 279 int len1 = decrypt_data(public_key, self_secret_key, nonce,
280 packet + 1 + crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES,
258 length - (crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES + 1), temp); 281 length - (crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES + 1), temp);
259 if(len1 == -1 || len1 == 0) 282
283 if (len1 == -1 || len1 == 0)
260 return -1; 284 return -1;
285
261 request_id[0] = temp[0]; 286 request_id[0] = temp[0];
262 --len1; 287 --len1;
263 memcpy(data, temp + 1, len1); 288 memcpy(data, temp + 1, len1);
@@ -273,27 +298,32 @@ void cryptopacket_registerhandler(uint8_t byte, cryptopacket_handler_callback cb
273 cryptopackethandlers[byte] = cb; 298 cryptopackethandlers[byte] = cb;
274} 299}
275 300
276static int cryptopacket_handle(IP_Port source, uint8_t * packet, uint32_t length) 301static int cryptopacket_handle(IP_Port source, uint8_t *packet, uint32_t length)
277{ 302{
278 if (packet[0] == 32) { 303 if (packet[0] == 32) {
279 if (length <= crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES + 1 + ENCRYPTION_PADDING || 304 if (length <= crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES + 1 + ENCRYPTION_PADDING ||
280 length > MAX_DATA_SIZE + ENCRYPTION_PADDING) 305 length > MAX_DATA_SIZE + ENCRYPTION_PADDING)
281 return 1; 306 return 1;
307
282 if (memcmp(packet + 1, self_public_key, crypto_box_PUBLICKEYBYTES) == 0) {// check if request is for us. 308 if (memcmp(packet + 1, self_public_key, crypto_box_PUBLICKEYBYTES) == 0) {// check if request is for us.
283 uint8_t public_key[crypto_box_PUBLICKEYBYTES]; 309 uint8_t public_key[crypto_box_PUBLICKEYBYTES];
284 uint8_t data[MAX_DATA_SIZE]; 310 uint8_t data[MAX_DATA_SIZE];
285 uint8_t number; 311 uint8_t number;
286 int len = handle_request(public_key, data, &number, packet, length); 312 int len = handle_request(public_key, data, &number, packet, length);
313
287 if (len == -1 || len == 0) 314 if (len == -1 || len == 0)
288 return 1; 315 return 1;
316
289 if (!cryptopackethandlers[number]) return 1; 317 if (!cryptopackethandlers[number]) return 1;
318
290 cryptopackethandlers[number](source, public_key, data, len); 319 cryptopackethandlers[number](source, public_key, data, len);
291 320
292 } else { /* if request is not for us, try routing it. */ 321 } else { /* if request is not for us, try routing it. */
293 if(route_packet(packet + 1, packet, length) == length) 322 if (route_packet(packet + 1, packet, length) == length)
294 return 0; 323 return 0;
295 } 324 }
296 } 325 }
326
297 return 1; 327 return 1;
298} 328}
299 329
@@ -312,8 +342,10 @@ static int send_cryptohandshake(int connection_id, uint8_t *public_key, uint8_t
312 342
313 int len = encrypt_data(public_key, self_secret_key, nonce, temp, crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES, 343 int len = encrypt_data(public_key, self_secret_key, nonce, temp, crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES,
314 1 + crypto_box_PUBLICKEYBYTES + crypto_box_NONCEBYTES + temp_data); 344 1 + crypto_box_PUBLICKEYBYTES + crypto_box_NONCEBYTES + temp_data);
345
315 if (len == -1) 346 if (len == -1)
316 return 0; 347 return 0;
348
317 temp_data[0] = 2; 349 temp_data[0] = 2;
318 memcpy(temp_data + 1, self_public_key, crypto_box_PUBLICKEYBYTES); 350 memcpy(temp_data + 1, self_public_key, crypto_box_PUBLICKEYBYTES);
319 memcpy(temp_data + 1 + crypto_box_PUBLICKEYBYTES, nonce, crypto_box_NONCEBYTES); 351 memcpy(temp_data + 1 + crypto_box_PUBLICKEYBYTES, nonce, crypto_box_NONCEBYTES);
@@ -324,15 +356,18 @@ static int send_cryptohandshake(int connection_id, uint8_t *public_key, uint8_t
324 return 1 if successful 356 return 1 if successful
325 return 0 if failure */ 357 return 0 if failure */
326static int handle_cryptohandshake(uint8_t *public_key, uint8_t *secret_nonce, 358static int handle_cryptohandshake(uint8_t *public_key, uint8_t *secret_nonce,
327 uint8_t *session_key, uint8_t *data, uint16_t length) 359 uint8_t *session_key, uint8_t *data, uint16_t length)
328{ 360{
329 int pad = (- crypto_box_BOXZEROBYTES + crypto_box_ZEROBYTES); 361 int pad = (- crypto_box_BOXZEROBYTES + crypto_box_ZEROBYTES);
362
330 if (length != 1 + crypto_box_PUBLICKEYBYTES + crypto_box_NONCEBYTES 363 if (length != 1 + crypto_box_PUBLICKEYBYTES + crypto_box_NONCEBYTES
331 + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES + pad) { 364 + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES + pad) {
332 return 0; 365 return 0;
333 } 366 }
367
334 if (data[0] != 2) 368 if (data[0] != 2)
335 return 0; 369 return 0;
370
336 uint8_t temp[crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES]; 371 uint8_t temp[crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES];
337 372
338 memcpy(public_key, data + 1, crypto_box_PUBLICKEYBYTES); 373 memcpy(public_key, data + 1, crypto_box_PUBLICKEYBYTES);
@@ -355,11 +390,13 @@ static int handle_cryptohandshake(uint8_t *public_key, uint8_t *secret_nonce,
355static int getcryptconnection_id(uint8_t *public_key) 390static int getcryptconnection_id(uint8_t *public_key)
356{ 391{
357 uint32_t i; 392 uint32_t i;
393
358 for (i = 0; i < MAX_CRYPTO_CONNECTIONS; ++i) { 394 for (i = 0; i < MAX_CRYPTO_CONNECTIONS; ++i) {
359 if (crypto_connections[i].status != CONN_NO_CONNECTION) 395 if (crypto_connections[i].status != CONN_NO_CONNECTION)
360 if (memcmp(public_key, crypto_connections[i].public_key, crypto_box_PUBLICKEYBYTES) == 0) 396 if (memcmp(public_key, crypto_connections[i].public_key, crypto_box_PUBLICKEYBYTES) == 0)
361 return i; 397 return i;
362 } 398 }
399
363 return -1; 400 return -1;
364} 401}
365 402
@@ -370,16 +407,21 @@ int crypto_connect(uint8_t *public_key, IP_Port ip_port)
370{ 407{
371 uint32_t i; 408 uint32_t i;
372 int id = getcryptconnection_id(public_key); 409 int id = getcryptconnection_id(public_key);
410
373 if (id != -1) { 411 if (id != -1) {
374 IP_Port c_ip = connection_ip(crypto_connections[id].number); 412 IP_Port c_ip = connection_ip(crypto_connections[id].number);
375 if(c_ip.ip.i == ip_port.ip.i && c_ip.port == ip_port.port) 413
414 if (c_ip.ip.i == ip_port.ip.i && c_ip.port == ip_port.port)
376 return -1; 415 return -1;
377 } 416 }
417
378 for (i = 0; i < MAX_CRYPTO_CONNECTIONS; ++i) { 418 for (i = 0; i < MAX_CRYPTO_CONNECTIONS; ++i) {
379 if (crypto_connections[i].status == CONN_NO_CONNECTION) { 419 if (crypto_connections[i].status == CONN_NO_CONNECTION) {
380 int id = new_connection(ip_port); 420 int id = new_connection(ip_port);
421
381 if (id == -1) 422 if (id == -1)
382 return -1; 423 return -1;
424
383 crypto_connections[i].number = id; 425 crypto_connections[i].number = id;
384 crypto_connections[i].status = CONN_HANDSHAKE_SENT; 426 crypto_connections[i].status = CONN_HANDSHAKE_SENT;
385 random_nonce(crypto_connections[i].recv_nonce); 427 random_nonce(crypto_connections[i].recv_nonce);
@@ -391,9 +433,11 @@ int crypto_connect(uint8_t *public_key, IP_Port ip_port)
391 increment_nonce(crypto_connections[i].recv_nonce); 433 increment_nonce(crypto_connections[i].recv_nonce);
392 return i; 434 return i;
393 } 435 }
436
394 return -1; /* this should never happen. */ 437 return -1; /* this should never happen. */
395 } 438 }
396 } 439 }
440
397 return -1; 441 return -1;
398} 442}
399 443
@@ -407,6 +451,7 @@ int crypto_connect(uint8_t *public_key, IP_Port ip_port)
407int crypto_inbound(uint8_t *public_key, uint8_t *secret_nonce, uint8_t *session_key) 451int crypto_inbound(uint8_t *public_key, uint8_t *secret_nonce, uint8_t *session_key)
408{ 452{
409 uint32_t i; 453 uint32_t i;
454
410 for (i = 0; i < MAX_INCOMING; ++i) { 455 for (i = 0; i < MAX_INCOMING; ++i) {
411 if (incoming_connections[i] != -1) { 456 if (incoming_connections[i] != -1) {
412 if (is_connected(incoming_connections[i]) == 4 || is_connected(incoming_connections[i]) == 0) { 457 if (is_connected(incoming_connections[i]) == 4 || is_connected(incoming_connections[i]) == 0) {
@@ -414,9 +459,11 @@ int crypto_inbound(uint8_t *public_key, uint8_t *secret_nonce, uint8_t *session_
414 incoming_connections[i] = -1; 459 incoming_connections[i] = -1;
415 continue; 460 continue;
416 } 461 }
462
417 if (id_packet(incoming_connections[i]) == 2) { 463 if (id_packet(incoming_connections[i]) == 2) {
418 uint8_t temp_data[MAX_DATA_SIZE]; 464 uint8_t temp_data[MAX_DATA_SIZE];
419 uint16_t len = read_packet(incoming_connections[i], temp_data); 465 uint16_t len = read_packet(incoming_connections[i], temp_data);
466
420 if (handle_cryptohandshake(public_key, secret_nonce, session_key, temp_data, len)) { 467 if (handle_cryptohandshake(public_key, secret_nonce, session_key, temp_data, len)) {
421 int connection_id = incoming_connections[i]; 468 int connection_id = incoming_connections[i];
422 incoming_connections[i] = -1; /* remove this connection from the incoming connection list. */ 469 incoming_connections[i] = -1; /* remove this connection from the incoming connection list. */
@@ -425,6 +472,7 @@ int crypto_inbound(uint8_t *public_key, uint8_t *secret_nonce, uint8_t *session_
425 } 472 }
426 } 473 }
427 } 474 }
475
428 return -1; 476 return -1;
429} 477}
430 478
@@ -435,13 +483,15 @@ int crypto_kill(int crypt_connection_id)
435{ 483{
436 if (crypt_connection_id < 0 || crypt_connection_id >= MAX_CRYPTO_CONNECTIONS) 484 if (crypt_connection_id < 0 || crypt_connection_id >= MAX_CRYPTO_CONNECTIONS)
437 return 1; 485 return 1;
486
438 if (crypto_connections[crypt_connection_id].status != CONN_NO_CONNECTION) { 487 if (crypto_connections[crypt_connection_id].status != CONN_NO_CONNECTION) {
439 crypto_connections[crypt_connection_id].status = CONN_NO_CONNECTION; 488 crypto_connections[crypt_connection_id].status = CONN_NO_CONNECTION;
440 kill_connection(crypto_connections[crypt_connection_id].number); 489 kill_connection(crypto_connections[crypt_connection_id].number);
441 memset(&crypto_connections[crypt_connection_id], 0 ,sizeof(Crypto_Connection)); 490 memset(&crypto_connections[crypt_connection_id], 0 , sizeof(Crypto_Connection));
442 crypto_connections[crypt_connection_id].number = ~0; 491 crypto_connections[crypt_connection_id].number = ~0;
443 return 0; 492 return 0;
444 } 493 }
494
445 return 1; 495 return 1;
446} 496}
447 497
@@ -451,15 +501,17 @@ int crypto_kill(int crypt_connection_id)
451int accept_crypto_inbound(int connection_id, uint8_t *public_key, uint8_t *secret_nonce, uint8_t *session_key) 501int accept_crypto_inbound(int connection_id, uint8_t *public_key, uint8_t *secret_nonce, uint8_t *session_key)
452{ 502{
453 uint32_t i; 503 uint32_t i;
504
454 if (connection_id == -1) 505 if (connection_id == -1)
455 return -1; 506 return -1;
507
456 /* 508 /*
457 if(getcryptconnection_id(public_key) != -1) 509 if(getcryptconnection_id(public_key) != -1)
458 { 510 {
459 return -1; 511 return -1;
460 }*/ 512 }*/
461 for (i = 0; i < MAX_CRYPTO_CONNECTIONS; ++i) { 513 for (i = 0; i < MAX_CRYPTO_CONNECTIONS; ++i) {
462 if(crypto_connections[i].status == CONN_NO_CONNECTION) { 514 if (crypto_connections[i].status == CONN_NO_CONNECTION) {
463 crypto_connections[i].number = connection_id; 515 crypto_connections[i].number = connection_id;
464 crypto_connections[i].status = CONN_NOT_CONFIRMED; 516 crypto_connections[i].status = CONN_NOT_CONFIRMED;
465 random_nonce(crypto_connections[i].recv_nonce); 517 random_nonce(crypto_connections[i].recv_nonce);
@@ -474,17 +526,19 @@ int accept_crypto_inbound(int connection_id, uint8_t *public_key, uint8_t *secre
474 crypto_connections[i].sessionpublic_key) == 1) { 526 crypto_connections[i].sessionpublic_key) == 1) {
475 increment_nonce(crypto_connections[i].recv_nonce); 527 increment_nonce(crypto_connections[i].recv_nonce);
476 uint32_t zero = 0; 528 uint32_t zero = 0;
477 encrypt_precompute(crypto_connections[i].peersessionpublic_key, 529 encrypt_precompute(crypto_connections[i].peersessionpublic_key,
478 crypto_connections[i].sessionsecret_key, 530 crypto_connections[i].sessionsecret_key,
479 crypto_connections[i].shared_key); 531 crypto_connections[i].shared_key);
480 crypto_connections[i].status = CONN_ESTABLISHED; /* connection status needs to be 3 for write_cryptpacket() to work */ 532 crypto_connections[i].status = CONN_ESTABLISHED; /* connection status needs to be 3 for write_cryptpacket() to work */
481 write_cryptpacket(i, ((uint8_t *)&zero), sizeof(zero)); 533 write_cryptpacket(i, ((uint8_t *)&zero), sizeof(zero));
482 crypto_connections[i].status = CONN_NOT_CONFIRMED; /* set it to its proper value right after. */ 534 crypto_connections[i].status = CONN_NOT_CONFIRMED; /* set it to its proper value right after. */
483 return i; 535 return i;
484 } 536 }
537
485 return -1; /* this should never happen. */ 538 return -1; /* this should never happen. */
486 } 539 }
487 } 540 }
541
488 return -1; 542 return -1;
489} 543}
490 544
@@ -495,6 +549,7 @@ int is_cryptoconnected(int crypt_connection_id)
495{ 549{
496 if (crypt_connection_id >= 0 && crypt_connection_id < MAX_CRYPTO_CONNECTIONS) 550 if (crypt_connection_id >= 0 && crypt_connection_id < MAX_CRYPTO_CONNECTIONS)
497 return crypto_connections[crypt_connection_id].status; 551 return crypto_connections[crypt_connection_id].status;
552
498 return CONN_NO_CONNECTION; 553 return CONN_NO_CONNECTION;
499} 554}
500 555
@@ -502,7 +557,7 @@ int is_cryptoconnected(int crypt_connection_id)
502 Only call this function the first time the program starts. */ 557 Only call this function the first time the program starts. */
503void new_keys(void) 558void new_keys(void)
504{ 559{
505 crypto_box_keypair(self_public_key,self_secret_key); 560 crypto_box_keypair(self_public_key, self_secret_key);
506} 561}
507 562
508/* save the public and private keys to the keys array 563/* save the public and private keys to the keys array
@@ -528,12 +583,14 @@ void load_keys(uint8_t *keys)
528static int new_incoming(int id) 583static int new_incoming(int id)
529{ 584{
530 uint32_t i; 585 uint32_t i;
586
531 for (i = 0; i < MAX_INCOMING; ++i) { 587 for (i = 0; i < MAX_INCOMING; ++i) {
532 if (incoming_connections[i] == -1) { 588 if (incoming_connections[i] == -1) {
533 incoming_connections[i] = id; 589 incoming_connections[i] = id;
534 return 0; 590 return 0;
535 } 591 }
536 } 592 }
593
537 return 1; 594 return 1;
538} 595}
539 596
@@ -542,9 +599,11 @@ static int new_incoming(int id)
542static void handle_incomings(void) 599static void handle_incomings(void)
543{ 600{
544 int income; 601 int income;
602
545 while (1) { 603 while (1) {
546 income = incoming_connection(); 604 income = incoming_connection();
547 if(income == -1 || new_incoming(income) ) 605
606 if (income == -1 || new_incoming(income) )
548 break; 607 break;
549 } 608 }
550} 609}
@@ -553,6 +612,7 @@ static void handle_incomings(void)
553static void receive_crypto(void) 612static void receive_crypto(void)
554{ 613{
555 uint32_t i; 614 uint32_t i;
615
556 for (i = 0; i < MAX_CRYPTO_CONNECTIONS; ++i) { 616 for (i = 0; i < MAX_CRYPTO_CONNECTIONS; ++i) {
557 if (crypto_connections[i].status == CONN_HANDSHAKE_SENT) { 617 if (crypto_connections[i].status == CONN_HANDSHAKE_SENT) {
558 uint8_t temp_data[MAX_DATA_SIZE]; 618 uint8_t temp_data[MAX_DATA_SIZE];
@@ -560,19 +620,22 @@ static void receive_crypto(void)
560 uint8_t public_key[crypto_box_PUBLICKEYBYTES]; 620 uint8_t public_key[crypto_box_PUBLICKEYBYTES];
561 uint8_t session_key[crypto_box_PUBLICKEYBYTES]; 621 uint8_t session_key[crypto_box_PUBLICKEYBYTES];
562 uint16_t len; 622 uint16_t len;
623
563 if (id_packet(crypto_connections[i].number) == 1) 624 if (id_packet(crypto_connections[i].number) == 1)
564 /* if the packet is a friend request drop it (because we are already friends) */ 625 /* if the packet is a friend request drop it (because we are already friends) */
565 len = read_packet(crypto_connections[i].number, temp_data); 626 len = read_packet(crypto_connections[i].number, temp_data);
627
566 if (id_packet(crypto_connections[i].number) == 2) { /* handle handshake packet. */ 628 if (id_packet(crypto_connections[i].number) == 2) { /* handle handshake packet. */
567 len = read_packet(crypto_connections[i].number, temp_data); 629 len = read_packet(crypto_connections[i].number, temp_data);
630
568 if (handle_cryptohandshake(public_key, secret_nonce, session_key, temp_data, len)) { 631 if (handle_cryptohandshake(public_key, secret_nonce, session_key, temp_data, len)) {
569 if (memcmp(public_key, crypto_connections[i].public_key, crypto_box_PUBLICKEYBYTES) == 0) { 632 if (memcmp(public_key, crypto_connections[i].public_key, crypto_box_PUBLICKEYBYTES) == 0) {
570 memcpy(crypto_connections[i].sent_nonce, secret_nonce, crypto_box_NONCEBYTES); 633 memcpy(crypto_connections[i].sent_nonce, secret_nonce, crypto_box_NONCEBYTES);
571 memcpy(crypto_connections[i].peersessionpublic_key, session_key, crypto_box_PUBLICKEYBYTES); 634 memcpy(crypto_connections[i].peersessionpublic_key, session_key, crypto_box_PUBLICKEYBYTES);
572 increment_nonce(crypto_connections[i].sent_nonce); 635 increment_nonce(crypto_connections[i].sent_nonce);
573 uint32_t zero = 0; 636 uint32_t zero = 0;
574 encrypt_precompute(crypto_connections[i].peersessionpublic_key, 637 encrypt_precompute(crypto_connections[i].peersessionpublic_key,
575 crypto_connections[i].sessionsecret_key, 638 crypto_connections[i].sessionsecret_key,
576 crypto_connections[i].shared_key); 639 crypto_connections[i].shared_key);
577 crypto_connections[i].status = CONN_ESTABLISHED; /* connection status needs to be 3 for write_cryptpacket() to work */ 640 crypto_connections[i].status = CONN_ESTABLISHED; /* connection status needs to be 3 for write_cryptpacket() to work */
578 write_cryptpacket(i, ((uint8_t *)&zero), sizeof(zero)); 641 write_cryptpacket(i, ((uint8_t *)&zero), sizeof(zero));
@@ -583,6 +646,7 @@ static void receive_crypto(void)
583 crypto_kill(crypto_connections[i].number); 646 crypto_kill(crypto_connections[i].number);
584 647
585 } 648 }
649
586 if (crypto_connections[i].status == CONN_NOT_CONFIRMED) { 650 if (crypto_connections[i].status == CONN_NOT_CONFIRMED) {
587 if (id_packet(crypto_connections[i].number) == 3) { 651 if (id_packet(crypto_connections[i].number) == 3) {
588 uint8_t temp_data[MAX_DATA_SIZE]; 652 uint8_t temp_data[MAX_DATA_SIZE];
@@ -592,10 +656,11 @@ static void receive_crypto(void)
592 crypto_connections[i].sessionsecret_key, 656 crypto_connections[i].sessionsecret_key,
593 crypto_connections[i].recv_nonce, temp_data + 1, length - 1, data); 657 crypto_connections[i].recv_nonce, temp_data + 1, length - 1, data);
594 uint32_t zero = 0; 658 uint32_t zero = 0;
659
595 if (len == sizeof(uint32_t) && memcmp(((uint8_t *)&zero), data, sizeof(uint32_t)) == 0) { 660 if (len == sizeof(uint32_t) && memcmp(((uint8_t *)&zero), data, sizeof(uint32_t)) == 0) {
596 increment_nonce(crypto_connections[i].recv_nonce); 661 increment_nonce(crypto_connections[i].recv_nonce);
597 encrypt_precompute(crypto_connections[i].peersessionpublic_key, 662 encrypt_precompute(crypto_connections[i].peersessionpublic_key,
598 crypto_connections[i].sessionsecret_key, 663 crypto_connections[i].sessionsecret_key,
599 crypto_connections[i].shared_key); 664 crypto_connections[i].shared_key);
600 crypto_connections[i].status = CONN_ESTABLISHED; 665 crypto_connections[i].status = CONN_ESTABLISHED;
601 666
@@ -603,7 +668,7 @@ static void receive_crypto(void)
603 kill_connection_in(crypto_connections[i].number, 3000000); 668 kill_connection_in(crypto_connections[i].number, 3000000);
604 } else 669 } else
605 crypto_kill(crypto_connections[i].number); // This should not happen kill the connection if it does 670 crypto_kill(crypto_connections[i].number); // This should not happen kill the connection if it does
606 } else if(id_packet(crypto_connections[i].number) != -1) 671 } else if (id_packet(crypto_connections[i].number) != -1)
607 /* This should not happen 672 /* This should not happen
608 kill the connection if it does */ 673 kill the connection if it does */
609 crypto_kill(crypto_connections[i].number); 674 crypto_kill(crypto_connections[i].number);
@@ -615,10 +680,11 @@ static void receive_crypto(void)
615 sets all the global connection variables to their default values. */ 680 sets all the global connection variables to their default values. */
616void initNetCrypto(void) 681void initNetCrypto(void)
617{ 682{
618 memset(crypto_connections, 0 ,sizeof(crypto_connections)); 683 memset(crypto_connections, 0 , sizeof(crypto_connections));
619 memset(incoming_connections, -1 ,sizeof(incoming_connections)); 684 memset(incoming_connections, -1 , sizeof(incoming_connections));
620 networking_registerhandler(32, &cryptopacket_handle); 685 networking_registerhandler(32, &cryptopacket_handle);
621 uint32_t i; 686 uint32_t i;
687
622 for (i = 0; i < MAX_CRYPTO_CONNECTIONS; ++i) 688 for (i = 0; i < MAX_CRYPTO_CONNECTIONS; ++i)
623 crypto_connections[i].number = ~0; 689 crypto_connections[i].number = ~0;
624} 690}
@@ -626,6 +692,7 @@ void initNetCrypto(void)
626static void killTimedout(void) 692static void killTimedout(void)
627{ 693{
628 uint32_t i; 694 uint32_t i;
695
629 for (i = 0; i < MAX_CRYPTO_CONNECTIONS; ++i) { 696 for (i = 0; i < MAX_CRYPTO_CONNECTIONS; ++i) {
630 if (crypto_connections[i].status != CONN_NO_CONNECTION && is_connected(crypto_connections[i].number) == 4) 697 if (crypto_connections[i].status != CONN_NO_CONNECTION && is_connected(crypto_connections[i].number) == 4)
631 crypto_connections[i].status = CONN_TIMED_OUT; 698 crypto_connections[i].status = CONN_TIMED_OUT;
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-08 08:35:13 +0000