diff options
author | irungentoo <irungentoo@gmail.com> | 2014-04-22 20:28:40 -0400 |
---|---|---|
committer | irungentoo <irungentoo@gmail.com> | 2014-04-22 20:28:40 -0400 |
commit | 1bfe15ee88844bdbd43052b4026202cf924ad6ca (patch) | |
tree | a740f16199cf0a263447e2084dd8906028a7b268 /toxcore/net_crypto.c | |
parent | c46ab5821d0fa8c604de52e15009e2b8da5d9c07 (diff) |
Decided pretty much how the handshake would work.
Started writing the code.
Astyled some files.
Diffstat (limited to 'toxcore/net_crypto.c')
-rw-r--r-- | toxcore/net_crypto.c | 148 |
1 files changed, 144 insertions, 4 deletions
diff --git a/toxcore/net_crypto.c b/toxcore/net_crypto.c index d0212d11..3eb9ca4c 100644 --- a/toxcore/net_crypto.c +++ b/toxcore/net_crypto.c | |||
@@ -34,6 +34,145 @@ static uint8_t crypt_connection_id_not_valid(Net_Crypto *c, int crypt_connection | |||
34 | { | 34 | { |
35 | return (uint32_t)crypt_connection_id >= c->crypto_connections_length; | 35 | return (uint32_t)crypt_connection_id >= c->crypto_connections_length; |
36 | } | 36 | } |
37 | #define COOKIE_REQUEST_PLAIN_LENGTH (crypto_box_PUBLICKEYBYTES * 2) | ||
38 | #define COOKIE_REQUEST_LENGTH (1 + crypto_box_PUBLICKEYBYTES + crypto_box_NONCEBYTES + COOKIE_REQUEST_PLAIN_LENGTH + crypto_box_MACBYTES) | ||
39 | |||
40 | /* Create a cookie request packet and put it in packet. | ||
41 | * | ||
42 | * packet must be of size COOKIE_REQUEST_LENGTH or bigger. | ||
43 | * | ||
44 | * return -1 on failure. | ||
45 | * return COOKIE_REQUEST_LENGTH on success. | ||
46 | */ | ||
47 | static int create_cookie_request(Net_Crypto *c, uint8_t *packet, uint8_t *dht_public_key, uint8_t *real_public_key) | ||
48 | { | ||
49 | if (!c->dht) | ||
50 | return -1; | ||
51 | |||
52 | uint8_t plain[COOKIE_REQUEST_PLAIN_LENGTH]; | ||
53 | |||
54 | memcpy(plain, c->self_public_key, crypto_box_PUBLICKEYBYTES); | ||
55 | memcpy(plain + crypto_box_PUBLICKEYBYTES, real_public_key, crypto_box_PUBLICKEYBYTES); | ||
56 | |||
57 | uint8_t shared_key[crypto_box_BEFORENMBYTES]; | ||
58 | DHT_get_shared_key_sent(c->dht, shared_key, dht_public_key); | ||
59 | uint8_t nonce[crypto_box_NONCEBYTES]; | ||
60 | new_nonce(nonce); | ||
61 | packet[0] = NET_PACKET_COOKIE_REQUEST; | ||
62 | memcpy(packet + 1, c->dht->self_public_key, crypto_box_PUBLICKEYBYTES); | ||
63 | memcpy(packet + 1 + crypto_box_PUBLICKEYBYTES, nonce, crypto_box_NONCEBYTES); | ||
64 | int len = encrypt_data_symmetric(shared_key, nonce, plain, sizeof(plain), | ||
65 | packet + 1 + crypto_box_PUBLICKEYBYTES + crypto_box_NONCEBYTES); | ||
66 | |||
67 | if (len != COOKIE_REQUEST_PLAIN_LENGTH + crypto_box_MACBYTES) | ||
68 | return -1; | ||
69 | |||
70 | return (1 + crypto_box_PUBLICKEYBYTES + crypto_box_NONCEBYTES + len); | ||
71 | } | ||
72 | |||
73 | /* cookie timeout in seconds */ | ||
74 | #define COOKIE_TIMEOUT 10 | ||
75 | #define COOKIE_CONTENTS_LENGTH (sizeof(uint64_t) + COOKIE_REQUEST_PLAIN_LENGTH) | ||
76 | #define COOKIE_LENGTH (crypto_box_NONCEBYTES + COOKIE_CONTENTS_LENGTH + crypto_box_MACBYTES) | ||
77 | |||
78 | /* Create cookie of length COOKIE_LENGTH from bytes of length COOKIE_REQUEST_PLAIN_LENGTH using encryption_key | ||
79 | * | ||
80 | * return -1 on failure. | ||
81 | * return 0 on success. | ||
82 | */ | ||
83 | static int create_cookie(uint8_t *cookie, uint8_t *bytes, uint8_t *encryption_key) | ||
84 | { | ||
85 | uint8_t contents[COOKIE_CONTENTS_LENGTH]; | ||
86 | uint64_t temp_time = unix_time(); | ||
87 | memcpy(contents, &temp_time, sizeof(temp_time)); | ||
88 | memcpy(contents + sizeof(temp_time), bytes, COOKIE_REQUEST_PLAIN_LENGTH); | ||
89 | new_nonce(cookie); | ||
90 | int len = encrypt_data_symmetric(encryption_key, cookie, contents, sizeof(contents), cookie + crypto_box_NONCEBYTES); | ||
91 | |||
92 | if (len != COOKIE_LENGTH - crypto_box_NONCEBYTES) | ||
93 | return -1; | ||
94 | |||
95 | return 0; | ||
96 | } | ||
97 | |||
98 | #define COOKIE_RESPONSE_LENGTH (1 + crypto_box_NONCEBYTES + COOKIE_LENGTH + crypto_box_MACBYTES) | ||
99 | |||
100 | /* Open cookie of length COOKIE_LENGTH from bytes of length COOKIE_REQUEST_PLAIN_LENGTH using encryption_key | ||
101 | * | ||
102 | * return -1 on failure. | ||
103 | * return 0 on success. | ||
104 | */ | ||
105 | static int open_cookie(uint8_t *bytes, uint8_t *cookie, uint8_t *encryption_key) | ||
106 | { | ||
107 | uint8_t contents[COOKIE_CONTENTS_LENGTH]; | ||
108 | int len = decrypt_data_symmetric(encryption_key, cookie, cookie + crypto_box_NONCEBYTES, | ||
109 | COOKIE_LENGTH - crypto_box_NONCEBYTES, contents); | ||
110 | |||
111 | if (len != sizeof(contents)) | ||
112 | return -1; | ||
113 | |||
114 | uint64_t cookie_time; | ||
115 | memcpy(&cookie_time, contents, sizeof(cookie_time)); | ||
116 | uint64_t temp_time = unix_time(); | ||
117 | |||
118 | if (cookie_time + COOKIE_TIMEOUT < temp_time || temp_time < cookie_time) | ||
119 | return -1; | ||
120 | |||
121 | memcpy(bytes, contents + sizeof(cookie_time), COOKIE_REQUEST_PLAIN_LENGTH); | ||
122 | return 0; | ||
123 | } | ||
124 | |||
125 | |||
126 | /* Create a cookie request packet and put it in packet. | ||
127 | * request_plain must be COOKIE_REQUEST_PLAIN_LENGTH bytes. | ||
128 | * packet must be of size COOKIE_RESPONSE_LENGTH or bigger. | ||
129 | * | ||
130 | * return -1 on failure. | ||
131 | * return COOKIE_RESPONSE_LENGTH on success. | ||
132 | */ | ||
133 | static int create_cookie_response(Net_Crypto *c, uint8_t *packet, uint8_t *request_plain, uint8_t *shared_key) | ||
134 | { | ||
135 | uint8_t cookie[COOKIE_LENGTH]; | ||
136 | |||
137 | if (create_cookie(cookie, request_plain, c->secret_symmetric_key) != 0) | ||
138 | return -1; | ||
139 | |||
140 | packet[0] = NET_PACKET_COOKIE_RESPONSE; | ||
141 | new_nonce(packet + 1); | ||
142 | int len = encrypt_data_symmetric(shared_key, packet + 1, cookie, sizeof(cookie), packet + 1 + crypto_box_NONCEBYTES); | ||
143 | |||
144 | if (len != COOKIE_RESPONSE_LENGTH - (1 + crypto_box_NONCEBYTES)) | ||
145 | return -1; | ||
146 | |||
147 | return COOKIE_RESPONSE_LENGTH; | ||
148 | } | ||
149 | |||
150 | /* Handle the cookie request packet of length length. | ||
151 | * Put what was in the request in request_plain (must be of size COOKIE_REQUEST_PLAIN_LENGTH) | ||
152 | * Put the key used to decrypt the request into shared_key (of size crypto_box_BEFORENMBYTES) for use in the response. | ||
153 | * | ||
154 | * return -1 on failure. | ||
155 | * return 0 on success. | ||
156 | */ | ||
157 | static int handle_cookie_request(Net_Crypto *c, uint8_t *request_plain, uint8_t *shared_key, uint8_t *packet, | ||
158 | uint16_t length) | ||
159 | { | ||
160 | if (!c->dht) | ||
161 | return -1; | ||
162 | |||
163 | if (length != COOKIE_REQUEST_LENGTH) | ||
164 | return -1; | ||
165 | |||
166 | DHT_get_shared_key_sent(c->dht, shared_key, packet + 1); | ||
167 | int len = decrypt_data_symmetric(shared_key, packet + 1 + crypto_box_PUBLICKEYBYTES, | ||
168 | packet + 1 + crypto_box_PUBLICKEYBYTES + crypto_box_NONCEBYTES, COOKIE_REQUEST_PLAIN_LENGTH + crypto_box_MACBYTES, | ||
169 | request_plain); | ||
170 | |||
171 | if (len != COOKIE_REQUEST_PLAIN_LENGTH) | ||
172 | return -1; | ||
173 | |||
174 | return 0; | ||
175 | } | ||
37 | 176 | ||
38 | /* return 0 if there is no received data in the buffer. | 177 | /* return 0 if there is no received data in the buffer. |
39 | * return -1 if the packet was discarded. | 178 | * return -1 if the packet was discarded. |
@@ -57,8 +196,8 @@ int read_cryptpacket(Net_Crypto *c, int crypt_connection_id, uint8_t *data) | |||
57 | return -1; | 196 | return -1; |
58 | 197 | ||
59 | int len = decrypt_data_symmetric(c->crypto_connections[crypt_connection_id].shared_key, | 198 | int len = decrypt_data_symmetric(c->crypto_connections[crypt_connection_id].shared_key, |
60 | c->crypto_connections[crypt_connection_id].recv_nonce, | 199 | c->crypto_connections[crypt_connection_id].recv_nonce, |
61 | temp_data + 1, length - 1, data); | 200 | temp_data + 1, length - 1, data); |
62 | 201 | ||
63 | if (len != -1) { | 202 | if (len != -1) { |
64 | increment_nonce(c->crypto_connections[crypt_connection_id].recv_nonce); | 203 | increment_nonce(c->crypto_connections[crypt_connection_id].recv_nonce); |
@@ -95,8 +234,8 @@ int write_cryptpacket(Net_Crypto *c, int crypt_connection_id, uint8_t *data, uin | |||
95 | 234 | ||
96 | uint8_t temp_data[MAX_DATA_SIZE]; | 235 | uint8_t temp_data[MAX_DATA_SIZE]; |
97 | int len = encrypt_data_symmetric(c->crypto_connections[crypt_connection_id].shared_key, | 236 | int len = encrypt_data_symmetric(c->crypto_connections[crypt_connection_id].shared_key, |
98 | c->crypto_connections[crypt_connection_id].sent_nonce, | 237 | c->crypto_connections[crypt_connection_id].sent_nonce, |
99 | data, length, temp_data + 1); | 238 | data, length, temp_data + 1); |
100 | 239 | ||
101 | if (len == -1) | 240 | if (len == -1) |
102 | return 0; | 241 | return 0; |
@@ -655,6 +794,7 @@ Net_Crypto *new_net_crypto(Networking_Core *net) | |||
655 | } | 794 | } |
656 | 795 | ||
657 | new_keys(temp); | 796 | new_keys(temp); |
797 | new_symmetric_key(temp->secret_symmetric_key); | ||
658 | return temp; | 798 | return temp; |
659 | } | 799 | } |
660 | 800 | ||