Decided pretty much how the handshake would work.

Started writing the code. Astyled some files.
author: irungentoo <irungentoo@gmail.com> 2014-04-22 20:28:40 -0400
committer: irungentoo <irungentoo@gmail.com> 2014-04-22 20:28:40 -0400
commit: 1bfe15ee88844bdbd43052b4026202cf924ad6ca (patch)
tree: a740f16199cf0a263447e2084dd8906028a7b268 /toxcore/net_crypto.c
parent: c46ab5821d0fa8c604de52e15009e2b8da5d9c07 (diff)
1 files changed, 144 insertions, 4 deletions
diff --git a/toxcore/net_crypto.c b/toxcore/net_crypto.c
index d0212d11..3eb9ca4c 100644
--- a/toxcore/net_crypto.c
+++ b/toxcore/net_crypto.c
@@ -34,6 +34,145 @@ static uint8_t crypt_connection_id_not_valid(Net_Crypto *c, int crypt_connection
 {
    return (uint32_t)crypt_connection_id >= c->crypto_connections_length;
 }
+#define COOKIE_REQUEST_PLAIN_LENGTH (crypto_box_PUBLICKEYBYTES * 2)
+#define COOKIE_REQUEST_LENGTH (1 + crypto_box_PUBLICKEYBYTES + crypto_box_NONCEBYTES + COOKIE_REQUEST_PLAIN_LENGTH + crypto_box_MACBYTES)
+/* Create a cookie request packet and put it in packet.
+ *
+ * packet must be of size COOKIE_REQUEST_LENGTH or bigger.
+ *
+ * return -1 on failure.
+ * return COOKIE_REQUEST_LENGTH on success.
+ */
+static int create_cookie_request(Net_Crypto *c, uint8_t *packet, uint8_t *dht_public_key, uint8_t *real_public_key)
+{
+    if (!c->dht)
+        return -1;
+    uint8_t plain[COOKIE_REQUEST_PLAIN_LENGTH];
+    memcpy(plain, c->self_public_key, crypto_box_PUBLICKEYBYTES);
+    memcpy(plain + crypto_box_PUBLICKEYBYTES, real_public_key, crypto_box_PUBLICKEYBYTES);
+    uint8_t shared_key[crypto_box_BEFORENMBYTES];
+    DHT_get_shared_key_sent(c->dht, shared_key, dht_public_key);
+    uint8_t nonce[crypto_box_NONCEBYTES];
+    new_nonce(nonce);
+    packet[0] = NET_PACKET_COOKIE_REQUEST;
+    memcpy(packet + 1, c->dht->self_public_key, crypto_box_PUBLICKEYBYTES);
+    memcpy(packet + 1 + crypto_box_PUBLICKEYBYTES, nonce, crypto_box_NONCEBYTES);
+    int len = encrypt_data_symmetric(shared_key, nonce, plain, sizeof(plain),
+                                     packet + 1 + crypto_box_PUBLICKEYBYTES + crypto_box_NONCEBYTES);
+    if (len != COOKIE_REQUEST_PLAIN_LENGTH + crypto_box_MACBYTES)
+        return -1;
+    return (1 + crypto_box_PUBLICKEYBYTES + crypto_box_NONCEBYTES + len);
+}
+/* cookie timeout in seconds */
+#define COOKIE_TIMEOUT 10
+#define COOKIE_CONTENTS_LENGTH (sizeof(uint64_t) + COOKIE_REQUEST_PLAIN_LENGTH)
+#define COOKIE_LENGTH (crypto_box_NONCEBYTES + COOKIE_CONTENTS_LENGTH + crypto_box_MACBYTES)
+/* Create cookie of length COOKIE_LENGTH from bytes of length COOKIE_REQUEST_PLAIN_LENGTH using encryption_key
+ *
+ * return -1 on failure.
+ * return 0 on success.
+ */
+static int create_cookie(uint8_t *cookie, uint8_t *bytes, uint8_t *encryption_key)
+{
+    uint8_t contents[COOKIE_CONTENTS_LENGTH];
+    uint64_t temp_time = unix_time();
+    memcpy(contents, &temp_time, sizeof(temp_time));
+    memcpy(contents + sizeof(temp_time), bytes, COOKIE_REQUEST_PLAIN_LENGTH);
+    new_nonce(cookie);
+    int len = encrypt_data_symmetric(encryption_key, cookie, contents, sizeof(contents), cookie + crypto_box_NONCEBYTES);
+    if (len != COOKIE_LENGTH - crypto_box_NONCEBYTES)
+        return -1;
+    return 0;
+}
+#define COOKIE_RESPONSE_LENGTH (1 + crypto_box_NONCEBYTES + COOKIE_LENGTH + crypto_box_MACBYTES)
+/* Open cookie of length COOKIE_LENGTH from bytes of length COOKIE_REQUEST_PLAIN_LENGTH using encryption_key
+ *
+ * return -1 on failure.
+ * return 0 on success.
+ */
+static int open_cookie(uint8_t *bytes, uint8_t *cookie, uint8_t *encryption_key)
+{
+    uint8_t contents[COOKIE_CONTENTS_LENGTH];
+    int len = decrypt_data_symmetric(encryption_key, cookie, cookie + crypto_box_NONCEBYTES,
+                                     COOKIE_LENGTH - crypto_box_NONCEBYTES, contents);
+    if (len != sizeof(contents))
+        return -1;
+    uint64_t cookie_time;
+    memcpy(&cookie_time, contents, sizeof(cookie_time));
+    uint64_t temp_time = unix_time();
+    if (cookie_time + COOKIE_TIMEOUT < temp_time || temp_time < cookie_time)
+        return -1;
+    memcpy(bytes, contents + sizeof(cookie_time), COOKIE_REQUEST_PLAIN_LENGTH);
+    return 0;
+}
+/* Create a cookie request packet and put it in packet.
+ * request_plain must be COOKIE_REQUEST_PLAIN_LENGTH bytes.
+ * packet must be of size COOKIE_RESPONSE_LENGTH or bigger.
+ *
+ * return -1 on failure.
+ * return COOKIE_RESPONSE_LENGTH on success.
+ */
+static int create_cookie_response(Net_Crypto *c, uint8_t *packet, uint8_t *request_plain, uint8_t *shared_key)
+{
+    uint8_t cookie[COOKIE_LENGTH];
+    if (create_cookie(cookie, request_plain, c->secret_symmetric_key) != 0)
+        return -1;
+    packet[0] = NET_PACKET_COOKIE_RESPONSE;
+    new_nonce(packet + 1);
+    int len = encrypt_data_symmetric(shared_key, packet + 1, cookie, sizeof(cookie), packet + 1 + crypto_box_NONCEBYTES);
+    if (len != COOKIE_RESPONSE_LENGTH - (1 + crypto_box_NONCEBYTES))
+        return -1;
+    return COOKIE_RESPONSE_LENGTH;
+}
+/* Handle the cookie request packet of length length.
+ * Put what was in the request in request_plain (must be of size COOKIE_REQUEST_PLAIN_LENGTH)
+ * Put the key used to decrypt the request into shared_key (of size crypto_box_BEFORENMBYTES) for use in the response.
+ *
+ * return -1 on failure.
+ * return 0 on success.
+ */
+static int handle_cookie_request(Net_Crypto *c, uint8_t *request_plain, uint8_t *shared_key, uint8_t *packet,
+                                 uint16_t length)
+{
+    if (!c->dht)
+        return -1;
+    if (length != COOKIE_REQUEST_LENGTH)
+        return -1;
+    DHT_get_shared_key_sent(c->dht, shared_key, packet + 1);
+    int len = decrypt_data_symmetric(shared_key, packet + 1 + crypto_box_PUBLICKEYBYTES,
+                                     packet + 1 + crypto_box_PUBLICKEYBYTES + crypto_box_NONCEBYTES, COOKIE_REQUEST_PLAIN_LENGTH + crypto_box_MACBYTES,
+                                     request_plain);
+    if (len != COOKIE_REQUEST_PLAIN_LENGTH)
+        return -1;
+    return 0;
+}
 /*  return 0 if there is no received data in the buffer.
 *  return -1  if the packet was discarded.
@@ -57,8 +196,8 @@ int read_cryptpacket(Net_Crypto *c, int crypt_connection_id, uint8_t *data)
        return -1;
    int len = decrypt_data_symmetric(c->crypto_connections[crypt_connection_id].shared_key,
-                                c->crypto_connections[crypt_connection_id].recv_nonce,
+                                     c->crypto_connections[crypt_connection_id].recv_nonce,
-                                temp_data + 1, length - 1, data);
+                                     temp_data + 1, length - 1, data);
    if (len != -1) {
        increment_nonce(c->crypto_connections[crypt_connection_id].recv_nonce);
@@ -95,8 +234,8 @@ int write_cryptpacket(Net_Crypto *c, int crypt_connection_id, uint8_t *data, uin
    uint8_t temp_data[MAX_DATA_SIZE];
    int len = encrypt_data_symmetric(c->crypto_connections[crypt_connection_id].shared_key,
-                                c->crypto_connections[crypt_connection_id].sent_nonce,
+                                     c->crypto_connections[crypt_connection_id].sent_nonce,
-                                data, length, temp_data + 1);
+                                     data, length, temp_data + 1);
    if (len == -1)
        return 0;
@@ -655,6 +794,7 @@ Net_Crypto *new_net_crypto(Networking_Core *net)
    }
    new_keys(temp);
+    new_symmetric_key(temp->secret_symmetric_key);
    return temp;
 }
author	irungentoo <irungentoo@gmail.com>	2014-04-22 20:28:40 -0400
committer	irungentoo <irungentoo@gmail.com>	2014-04-22 20:28:40 -0400
commit	1bfe15ee88844bdbd43052b4026202cf924ad6ca (patch)
tree	a740f16199cf0a263447e2084dd8906028a7b268 /toxcore/net_crypto.c
parent	c46ab5821d0fa8c604de52e15009e2b8da5d9c07 (diff)

diff --git a/toxcore/net_crypto.c b/toxcore/net_crypto.c index d0212d11..3eb9ca4c 100644 --- a/toxcore/net_crypto.c +++ b/toxcore/net_crypto.c
@@ -34,6 +34,145 @@ static uint8_t crypt_connection_id_not_valid(Net_Crypto *c, int crypt_connection
34	{	34	{
35	return (uint32_t)crypt_connection_id >= c->crypto_connections_length;	35	return (uint32_t)crypt_connection_id >= c->crypto_connections_length;
36	}	36	}
		37	#define COOKIE_REQUEST_PLAIN_LENGTH (crypto_box_PUBLICKEYBYTES * 2)
		38	#define COOKIE_REQUEST_LENGTH (1 + crypto_box_PUBLICKEYBYTES + crypto_box_NONCEBYTES + COOKIE_REQUEST_PLAIN_LENGTH + crypto_box_MACBYTES)
		39
		40	/* Create a cookie request packet and put it in packet.
		41	*
		42	* packet must be of size COOKIE_REQUEST_LENGTH or bigger.
		43	*
		44	* return -1 on failure.
		45	* return COOKIE_REQUEST_LENGTH on success.
		46	*/
		47	static int create_cookie_request(Net_Crypto c, uint8_t packet, uint8_t dht_public_key, uint8_t real_public_key)
		48	{
		49	if (!c->dht)
		50	return -1;
		51
		52	uint8_t plain[COOKIE_REQUEST_PLAIN_LENGTH];
		53
		54	memcpy(plain, c->self_public_key, crypto_box_PUBLICKEYBYTES);
		55	memcpy(plain + crypto_box_PUBLICKEYBYTES, real_public_key, crypto_box_PUBLICKEYBYTES);
		56
		57	uint8_t shared_key[crypto_box_BEFORENMBYTES];
		58	DHT_get_shared_key_sent(c->dht, shared_key, dht_public_key);
		59	uint8_t nonce[crypto_box_NONCEBYTES];
		60	new_nonce(nonce);
		61	packet[0] = NET_PACKET_COOKIE_REQUEST;
		62	memcpy(packet + 1, c->dht->self_public_key, crypto_box_PUBLICKEYBYTES);
		63	memcpy(packet + 1 + crypto_box_PUBLICKEYBYTES, nonce, crypto_box_NONCEBYTES);
		64	int len = encrypt_data_symmetric(shared_key, nonce, plain, sizeof(plain),
		65	packet + 1 + crypto_box_PUBLICKEYBYTES + crypto_box_NONCEBYTES);
		66
		67	if (len != COOKIE_REQUEST_PLAIN_LENGTH + crypto_box_MACBYTES)
		68	return -1;
		69
		70	return (1 + crypto_box_PUBLICKEYBYTES + crypto_box_NONCEBYTES + len);
		71	}
		72
		73	/* cookie timeout in seconds */
		74	#define COOKIE_TIMEOUT 10
		75	#define COOKIE_CONTENTS_LENGTH (sizeof(uint64_t) + COOKIE_REQUEST_PLAIN_LENGTH)
		76	#define COOKIE_LENGTH (crypto_box_NONCEBYTES + COOKIE_CONTENTS_LENGTH + crypto_box_MACBYTES)
		77
		78	/* Create cookie of length COOKIE_LENGTH from bytes of length COOKIE_REQUEST_PLAIN_LENGTH using encryption_key
		79	*
		80	* return -1 on failure.
		81	* return 0 on success.
		82	*/
		83	static int create_cookie(uint8_t cookie, uint8_t bytes, uint8_t *encryption_key)
		84	{
		85	uint8_t contents[COOKIE_CONTENTS_LENGTH];
		86	uint64_t temp_time = unix_time();
		87	memcpy(contents, &temp_time, sizeof(temp_time));
		88	memcpy(contents + sizeof(temp_time), bytes, COOKIE_REQUEST_PLAIN_LENGTH);
		89	new_nonce(cookie);
		90	int len = encrypt_data_symmetric(encryption_key, cookie, contents, sizeof(contents), cookie + crypto_box_NONCEBYTES);
		91
		92	if (len != COOKIE_LENGTH - crypto_box_NONCEBYTES)
		93	return -1;
		94
		95	return 0;
		96	}
		97
		98	#define COOKIE_RESPONSE_LENGTH (1 + crypto_box_NONCEBYTES + COOKIE_LENGTH + crypto_box_MACBYTES)
		99
		100	/* Open cookie of length COOKIE_LENGTH from bytes of length COOKIE_REQUEST_PLAIN_LENGTH using encryption_key
		101	*
		102	* return -1 on failure.
		103	* return 0 on success.
		104	*/
		105	static int open_cookie(uint8_t bytes, uint8_t cookie, uint8_t *encryption_key)
		106	{
		107	uint8_t contents[COOKIE_CONTENTS_LENGTH];
		108	int len = decrypt_data_symmetric(encryption_key, cookie, cookie + crypto_box_NONCEBYTES,
		109	COOKIE_LENGTH - crypto_box_NONCEBYTES, contents);
		110
		111	if (len != sizeof(contents))
		112	return -1;
		113
		114	uint64_t cookie_time;
		115	memcpy(&cookie_time, contents, sizeof(cookie_time));
		116	uint64_t temp_time = unix_time();
		117
		118	if (cookie_time + COOKIE_TIMEOUT < temp_time \|\| temp_time < cookie_time)
		119	return -1;
		120
		121	memcpy(bytes, contents + sizeof(cookie_time), COOKIE_REQUEST_PLAIN_LENGTH);
		122	return 0;
		123	}
		124
		125
		126	/* Create a cookie request packet and put it in packet.
		127	* request_plain must be COOKIE_REQUEST_PLAIN_LENGTH bytes.
		128	* packet must be of size COOKIE_RESPONSE_LENGTH or bigger.
		129	*
		130	* return -1 on failure.
		131	* return COOKIE_RESPONSE_LENGTH on success.
		132	*/
		133	static int create_cookie_response(Net_Crypto c, uint8_t packet, uint8_t request_plain, uint8_t shared_key)
		134	{
		135	uint8_t cookie[COOKIE_LENGTH];
		136
		137	if (create_cookie(cookie, request_plain, c->secret_symmetric_key) != 0)
		138	return -1;
		139
		140	packet[0] = NET_PACKET_COOKIE_RESPONSE;
		141	new_nonce(packet + 1);
		142	int len = encrypt_data_symmetric(shared_key, packet + 1, cookie, sizeof(cookie), packet + 1 + crypto_box_NONCEBYTES);
		143
		144	if (len != COOKIE_RESPONSE_LENGTH - (1 + crypto_box_NONCEBYTES))
		145	return -1;
		146
		147	return COOKIE_RESPONSE_LENGTH;
		148	}
		149
		150	/* Handle the cookie request packet of length length.
		151	* Put what was in the request in request_plain (must be of size COOKIE_REQUEST_PLAIN_LENGTH)
		152	* Put the key used to decrypt the request into shared_key (of size crypto_box_BEFORENMBYTES) for use in the response.
		153	*
		154	* return -1 on failure.
		155	* return 0 on success.
		156	*/
		157	static int handle_cookie_request(Net_Crypto c, uint8_t request_plain, uint8_t shared_key, uint8_t packet,
		158	uint16_t length)
		159	{
		160	if (!c->dht)
		161	return -1;
		162
		163	if (length != COOKIE_REQUEST_LENGTH)
		164	return -1;
		165
		166	DHT_get_shared_key_sent(c->dht, shared_key, packet + 1);
		167	int len = decrypt_data_symmetric(shared_key, packet + 1 + crypto_box_PUBLICKEYBYTES,
		168	packet + 1 + crypto_box_PUBLICKEYBYTES + crypto_box_NONCEBYTES, COOKIE_REQUEST_PLAIN_LENGTH + crypto_box_MACBYTES,
		169	request_plain);
		170
		171	if (len != COOKIE_REQUEST_PLAIN_LENGTH)
		172	return -1;
		173
		174	return 0;
		175	}
37		176
38	/* return 0 if there is no received data in the buffer.	177	/* return 0 if there is no received data in the buffer.
39	* return -1 if the packet was discarded.	178	* return -1 if the packet was discarded.
@@ -57,8 +196,8 @@ int read_cryptpacket(Net_Crypto c, int crypt_connection_id, uint8_t data)
57	return -1;	196	return -1;
58		197
59	int len = decrypt_data_symmetric(c->crypto_connections[crypt_connection_id].shared_key,	198	int len = decrypt_data_symmetric(c->crypto_connections[crypt_connection_id].shared_key,
60	c->crypto_connections[crypt_connection_id].recv_nonce,	199	c->crypto_connections[crypt_connection_id].recv_nonce,
61	temp_data + 1, length - 1, data);	200	temp_data + 1, length - 1, data);
62		201
63	if (len != -1) {	202	if (len != -1) {
64	increment_nonce(c->crypto_connections[crypt_connection_id].recv_nonce);	203	increment_nonce(c->crypto_connections[crypt_connection_id].recv_nonce);
@@ -95,8 +234,8 @@ int write_cryptpacket(Net_Crypto c, int crypt_connection_id, uint8_t data, uin
95		234
96	uint8_t temp_data[MAX_DATA_SIZE];	235	uint8_t temp_data[MAX_DATA_SIZE];
97	int len = encrypt_data_symmetric(c->crypto_connections[crypt_connection_id].shared_key,	236	int len = encrypt_data_symmetric(c->crypto_connections[crypt_connection_id].shared_key,
98	c->crypto_connections[crypt_connection_id].sent_nonce,	237	c->crypto_connections[crypt_connection_id].sent_nonce,
99	data, length, temp_data + 1);	238	data, length, temp_data + 1);
100		239
101	if (len == -1)	240	if (len == -1)
102	return 0;	241	return 0;
@@ -655,6 +794,7 @@ Net_Crypto new_net_crypto(Networking_Core net)
655	}	794	}
656		795
657	new_keys(temp);	796	new_keys(temp);
		797	new_symmetric_key(temp->secret_symmetric_key);
658	return temp;	798	return temp;
659	}	799	}
660		800