summaryrefslogtreecommitdiff
path: root/core/net_crypto.c
diff options
context:
space:
mode:
Diffstat (limited to 'core/net_crypto.c')
-rw-r--r--core/net_crypto.c176
1 files changed, 83 insertions, 93 deletions
diff --git a/core/net_crypto.c b/core/net_crypto.c
index 28cb83e8..c1571467 100644
--- a/core/net_crypto.c
+++ b/core/net_crypto.c
@@ -30,8 +30,7 @@
30uint8_t self_public_key[crypto_box_PUBLICKEYBYTES]; 30uint8_t self_public_key[crypto_box_PUBLICKEYBYTES];
31uint8_t self_secret_key[crypto_box_SECRETKEYBYTES]; 31uint8_t self_secret_key[crypto_box_SECRETKEYBYTES];
32 32
33typedef struct 33typedef struct {
34{
35 uint8_t public_key[crypto_box_PUBLICKEYBYTES]; /* the real public key of the peer. */ 34 uint8_t public_key[crypto_box_PUBLICKEYBYTES]; /* the real public key of the peer. */
36 uint8_t recv_nonce[crypto_box_NONCEBYTES]; /* nonce of received packets */ 35 uint8_t recv_nonce[crypto_box_NONCEBYTES]; /* nonce of received packets */
37 uint8_t sent_nonce[crypto_box_NONCEBYTES]; /* nonce of sent packets. */ 36 uint8_t sent_nonce[crypto_box_NONCEBYTES]; /* nonce of sent packets. */
@@ -43,7 +42,7 @@ typedef struct
43 4 if the connection is timed out. */ 42 4 if the connection is timed out. */
44 uint16_t number; /* Lossless_UDP connection number corresponding to this connection. */ 43 uint16_t number; /* Lossless_UDP connection number corresponding to this connection. */
45 44
46}Crypto_Connection; 45} Crypto_Connection;
47 46
48#define MAX_CRYPTO_CONNECTIONS 256 47#define MAX_CRYPTO_CONNECTIONS 256
49 48
@@ -58,10 +57,10 @@ static int incoming_connections[MAX_INCOMING];
58 public key(32 bytes) of the receiver and the secret key of the sender and a 24 byte nonce 57 public key(32 bytes) of the receiver and the secret key of the sender and a 24 byte nonce
59 return -1 if there was a problem. 58 return -1 if there was a problem.
60 return length of encrypted data if everything was fine. */ 59 return length of encrypted data if everything was fine. */
61int encrypt_data(uint8_t * public_key, uint8_t * secret_key, uint8_t * nonce, 60int encrypt_data(uint8_t *public_key, uint8_t *secret_key, uint8_t *nonce,
62 uint8_t * plain, uint32_t length, uint8_t * encrypted) 61 uint8_t *plain, uint32_t length, uint8_t *encrypted)
63{ 62{
64 if(length - crypto_box_BOXZEROBYTES + crypto_box_ZEROBYTES > MAX_DATA_SIZE || length == 0) 63 if (length - crypto_box_BOXZEROBYTES + crypto_box_ZEROBYTES > MAX_DATA_SIZE || length == 0)
65 return -1; 64 return -1;
66 65
67 uint8_t temp_plain[MAX_DATA_SIZE + crypto_box_ZEROBYTES - crypto_box_BOXZEROBYTES] = {0}; 66 uint8_t temp_plain[MAX_DATA_SIZE + crypto_box_ZEROBYTES - crypto_box_BOXZEROBYTES] = {0};
@@ -73,7 +72,7 @@ int encrypt_data(uint8_t * public_key, uint8_t * secret_key, uint8_t * nonce,
73 crypto_box(temp_encrypted, temp_plain, length + crypto_box_ZEROBYTES, nonce, public_key, secret_key); 72 crypto_box(temp_encrypted, temp_plain, length + crypto_box_ZEROBYTES, nonce, public_key, secret_key);
74 73
75 /* if encryption is successful the first crypto_box_BOXZEROBYTES of the message will be zero */ 74 /* if encryption is successful the first crypto_box_BOXZEROBYTES of the message will be zero */
76 if(memcmp(temp_encrypted, zeroes, crypto_box_BOXZEROBYTES) != 0) 75 if (memcmp(temp_encrypted, zeroes, crypto_box_BOXZEROBYTES) != 0)
77 return -1; 76 return -1;
78 77
79 /* unpad the encrypted message */ 78 /* unpad the encrypted message */
@@ -85,10 +84,10 @@ int encrypt_data(uint8_t * public_key, uint8_t * secret_key, uint8_t * nonce,
85 public key(32 bytes) of the sender, the secret key of the receiver and a 24 byte nonce 84 public key(32 bytes) of the sender, the secret key of the receiver and a 24 byte nonce
86 return -1 if there was a problem(decryption failed) 85 return -1 if there was a problem(decryption failed)
87 return length of plain data if everything was fine. */ 86 return length of plain data if everything was fine. */
88int decrypt_data(uint8_t * public_key, uint8_t * secret_key, uint8_t * nonce, 87int decrypt_data(uint8_t *public_key, uint8_t *secret_key, uint8_t *nonce,
89 uint8_t * encrypted, uint32_t length, uint8_t * plain) 88 uint8_t *encrypted, uint32_t length, uint8_t *plain)
90{ 89{
91 if(length > MAX_DATA_SIZE || length <= crypto_box_BOXZEROBYTES) 90 if (length > MAX_DATA_SIZE || length <= crypto_box_BOXZEROBYTES)
92 return -1; 91 return -1;
93 92
94 uint8_t temp_plain[MAX_DATA_SIZE - crypto_box_ZEROBYTES + crypto_box_BOXZEROBYTES]; 93 uint8_t temp_plain[MAX_DATA_SIZE - crypto_box_ZEROBYTES + crypto_box_BOXZEROBYTES];
@@ -97,12 +96,12 @@ int decrypt_data(uint8_t * public_key, uint8_t * secret_key, uint8_t * nonce,
97 96
98 memcpy(temp_encrypted + crypto_box_BOXZEROBYTES, encrypted, length); /* pad the message with 16 0 bytes. */ 97 memcpy(temp_encrypted + crypto_box_BOXZEROBYTES, encrypted, length); /* pad the message with 16 0 bytes. */
99 98
100 if(crypto_box_open(temp_plain, temp_encrypted, length + crypto_box_BOXZEROBYTES, 99 if (crypto_box_open(temp_plain, temp_encrypted, length + crypto_box_BOXZEROBYTES,
101 nonce, public_key, secret_key) == -1) 100 nonce, public_key, secret_key) == -1)
102 return -1; 101 return -1;
103 102
104 /* if decryption is successful the first crypto_box_ZEROBYTES of the message will be zero */ 103 /* if decryption is successful the first crypto_box_ZEROBYTES of the message will be zero */
105 if(memcmp(temp_plain, zeroes, crypto_box_ZEROBYTES) != 0) 104 if (memcmp(temp_plain, zeroes, crypto_box_ZEROBYTES) != 0)
106 return -1; 105 return -1;
107 106
108 /* unpad the plain message */ 107 /* unpad the plain message */
@@ -111,10 +110,10 @@ int decrypt_data(uint8_t * public_key, uint8_t * secret_key, uint8_t * nonce,
111} 110}
112 111
113/* increment the given nonce by 1 */ 112/* increment the given nonce by 1 */
114void increment_nonce(uint8_t * nonce) 113void increment_nonce(uint8_t *nonce)
115{ 114{
116 uint32_t i; 115 uint32_t i;
117 for(i = 0; i < crypto_box_NONCEBYTES; ++i) { 116 for (i = 0; i < crypto_box_NONCEBYTES; ++i) {
118 ++nonce[i]; 117 ++nonce[i];
119 if(nonce[i] != 0) 118 if(nonce[i] != 0)
120 break; 119 break;
@@ -122,7 +121,7 @@ void increment_nonce(uint8_t * nonce)
122} 121}
123 122
124/* fill the given nonce with random bytes. */ 123/* fill the given nonce with random bytes. */
125void random_nonce(uint8_t * nonce) 124void random_nonce(uint8_t *nonce)
126{ 125{
127 uint32_t i, temp; 126 uint32_t i, temp;
128 for (i = 0; i < crypto_box_NONCEBYTES / 4; ++i) { 127 for (i = 0; i < crypto_box_NONCEBYTES / 4; ++i) {
@@ -134,22 +133,22 @@ void random_nonce(uint8_t * nonce)
134/* return 0 if there is no received data in the buffer 133/* return 0 if there is no received data in the buffer
135 return -1 if the packet was discarded. 134 return -1 if the packet was discarded.
136 return length of received data if successful */ 135 return length of received data if successful */
137int read_cryptpacket(int crypt_connection_id, uint8_t * data) 136int read_cryptpacket(int crypt_connection_id, uint8_t *data)
138{ 137{
139 if(crypt_connection_id < 0 || crypt_connection_id >= MAX_CRYPTO_CONNECTIONS) 138 if (crypt_connection_id < 0 || crypt_connection_id >= MAX_CRYPTO_CONNECTIONS)
140 return 0; 139 return 0;
141 if(crypto_connections[crypt_connection_id].status != 3) 140 if (crypto_connections[crypt_connection_id].status != 3)
142 return 0; 141 return 0;
143 uint8_t temp_data[MAX_DATA_SIZE]; 142 uint8_t temp_data[MAX_DATA_SIZE];
144 int length = read_packet(crypto_connections[crypt_connection_id].number, temp_data); 143 int length = read_packet(crypto_connections[crypt_connection_id].number, temp_data);
145 if(length == 0) 144 if (length == 0)
146 return 0; 145 return 0;
147 if(temp_data[0] != 3) 146 if (temp_data[0] != 3)
148 return -1; 147 return -1;
149 int len = decrypt_data(crypto_connections[crypt_connection_id].peersessionpublic_key, 148 int len = decrypt_data(crypto_connections[crypt_connection_id].peersessionpublic_key,
150 crypto_connections[crypt_connection_id].sessionsecret_key, 149 crypto_connections[crypt_connection_id].sessionsecret_key,
151 crypto_connections[crypt_connection_id].recv_nonce, temp_data + 1, length - 1, data); 150 crypto_connections[crypt_connection_id].recv_nonce, temp_data + 1, length - 1, data);
152 if(len != -1) { 151 if (len != -1) {
153 increment_nonce(crypto_connections[crypt_connection_id].recv_nonce); 152 increment_nonce(crypto_connections[crypt_connection_id].recv_nonce);
154 return len; 153 return len;
155 } 154 }
@@ -158,22 +157,22 @@ int read_cryptpacket(int crypt_connection_id, uint8_t * data)
158 157
159/* return 0 if data could not be put in packet queue 158/* return 0 if data could not be put in packet queue
160 return 1 if data was put into the queue */ 159 return 1 if data was put into the queue */
161int write_cryptpacket(int crypt_connection_id, uint8_t * data, uint32_t length) 160int write_cryptpacket(int crypt_connection_id, uint8_t *data, uint32_t length)
162{ 161{
163 if(crypt_connection_id < 0 || crypt_connection_id >= MAX_CRYPTO_CONNECTIONS) 162 if (crypt_connection_id < 0 || crypt_connection_id >= MAX_CRYPTO_CONNECTIONS)
164 return 0; 163 return 0;
165 if(length - crypto_box_BOXZEROBYTES + crypto_box_ZEROBYTES > MAX_DATA_SIZE - 1) 164 if (length - crypto_box_BOXZEROBYTES + crypto_box_ZEROBYTES > MAX_DATA_SIZE - 1)
166 return 0; 165 return 0;
167 if(crypto_connections[crypt_connection_id].status != 3) 166 if (crypto_connections[crypt_connection_id].status != 3)
168 return 0; 167 return 0;
169 uint8_t temp_data[MAX_DATA_SIZE]; 168 uint8_t temp_data[MAX_DATA_SIZE];
170 int len = encrypt_data(crypto_connections[crypt_connection_id].peersessionpublic_key, 169 int len = encrypt_data(crypto_connections[crypt_connection_id].peersessionpublic_key,
171 crypto_connections[crypt_connection_id].sessionsecret_key, 170 crypto_connections[crypt_connection_id].sessionsecret_key,
172 crypto_connections[crypt_connection_id].sent_nonce, data, length, temp_data + 1); 171 crypto_connections[crypt_connection_id].sent_nonce, data, length, temp_data + 1);
173 if(len == -1) 172 if (len == -1)
174 return 0; 173 return 0;
175 temp_data[0] = 3; 174 temp_data[0] = 3;
176 if(write_packet(crypto_connections[crypt_connection_id].number, temp_data, len + 1) == 0) 175 if (write_packet(crypto_connections[crypt_connection_id].number, temp_data, len + 1) == 0)
177 return 0; 176 return 0;
178 increment_nonce(crypto_connections[crypt_connection_id].sent_nonce); 177 increment_nonce(crypto_connections[crypt_connection_id].sent_nonce);
179 return 1; 178 return 1;
@@ -185,15 +184,15 @@ int write_cryptpacket(int crypt_connection_id, uint8_t * data, uint32_t length)
185 request_id is the id of the request (32 = friend request, 254 = ping request) 184 request_id is the id of the request (32 = friend request, 254 = ping request)
186 returns -1 on failure 185 returns -1 on failure
187 returns the length of the created packet on success */ 186 returns the length of the created packet on success */
188int create_request(uint8_t * packet, uint8_t * public_key, uint8_t * data, uint32_t length, uint8_t request_id) 187int create_request(uint8_t *packet, uint8_t *public_key, uint8_t *data, uint32_t length, uint8_t request_id)
189{ 188{
190 if(MAX_DATA_SIZE < length + 1 + crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES + ENCRYPTION_PADDING) 189 if (MAX_DATA_SIZE < length + 1 + crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES + ENCRYPTION_PADDING)
191 return -1; 190 return -1;
192 uint8_t nonce[crypto_box_NONCEBYTES]; 191 uint8_t nonce[crypto_box_NONCEBYTES];
193 random_nonce(nonce); 192 random_nonce(nonce);
194 int len = encrypt_data(public_key, self_secret_key, nonce, data, length, 193 int len = encrypt_data(public_key, self_secret_key, nonce, data, length,
195 1 + crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES + packet); 194 1 + crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES + packet);
196 if(len == -1) 195 if (len == -1)
197 return -1; 196 return -1;
198 packet[0] = request_id; 197 packet[0] = request_id;
199 memcpy(packet + 1, public_key, crypto_box_PUBLICKEYBYTES); 198 memcpy(packet + 1, public_key, crypto_box_PUBLICKEYBYTES);
@@ -207,10 +206,10 @@ int create_request(uint8_t * packet, uint8_t * public_key, uint8_t * data, uint3
207 in data if a friend or ping request was sent to us and returns the length of the data. 206 in data if a friend or ping request was sent to us and returns the length of the data.
208 packet is the request packet and length is its length 207 packet is the request packet and length is its length
209 return -1 if not valid request. */ 208 return -1 if not valid request. */
210int handle_request(uint8_t * public_key, uint8_t * data, uint8_t * packet, uint16_t length) 209int handle_request(uint8_t *public_key, uint8_t *data, uint8_t *packet, uint16_t length)
211{ 210{
212 211
213 if(length > crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES + 1 + ENCRYPTION_PADDING && 212 if (length > crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES + 1 + ENCRYPTION_PADDING &&
214 length <= MAX_DATA_SIZE + ENCRYPTION_PADDING && 213 length <= MAX_DATA_SIZE + ENCRYPTION_PADDING &&
215 memcmp(packet + 1, self_public_key, crypto_box_PUBLICKEYBYTES) == 0) 214 memcmp(packet + 1, self_public_key, crypto_box_PUBLICKEYBYTES) == 0)
216 { 215 {
@@ -230,7 +229,7 @@ int handle_request(uint8_t * public_key, uint8_t * data, uint8_t * packet, uint1
230/* Send a crypto handshake packet containing an encrypted secret nonce and session public key 229/* Send a crypto handshake packet containing an encrypted secret nonce and session public key
231 to peer with connection_id and public_key 230 to peer with connection_id and public_key
232 the packet is encrypted with a random nonce which is sent in plain text with the packet */ 231 the packet is encrypted with a random nonce which is sent in plain text with the packet */
233int send_cryptohandshake(int connection_id, uint8_t * public_key, uint8_t * secret_nonce, uint8_t * session_key) 232int send_cryptohandshake(int connection_id, uint8_t *public_key, uint8_t *secret_nonce, uint8_t *session_key)
234{ 233{
235 uint8_t temp_data[MAX_DATA_SIZE]; 234 uint8_t temp_data[MAX_DATA_SIZE];
236 uint8_t temp[crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES]; 235 uint8_t temp[crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES];
@@ -242,7 +241,7 @@ int send_cryptohandshake(int connection_id, uint8_t * public_key, uint8_t * secr
242 241
243 int len = encrypt_data(public_key, self_secret_key, nonce, temp, crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES, 242 int len = encrypt_data(public_key, self_secret_key, nonce, temp, crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES,
244 1 + crypto_box_PUBLICKEYBYTES + crypto_box_NONCEBYTES + temp_data); 243 1 + crypto_box_PUBLICKEYBYTES + crypto_box_NONCEBYTES + temp_data);
245 if(len == -1) 244 if (len == -1)
246 return 0; 245 return 0;
247 temp_data[0] = 2; 246 temp_data[0] = 2;
248 memcpy(temp_data + 1, self_public_key, crypto_box_PUBLICKEYBYTES); 247 memcpy(temp_data + 1, self_public_key, crypto_box_PUBLICKEYBYTES);
@@ -253,16 +252,16 @@ int send_cryptohandshake(int connection_id, uint8_t * public_key, uint8_t * secr
253/* Extract secret nonce, session public key and public_key from a packet(data) with length length 252/* Extract secret nonce, session public key and public_key from a packet(data) with length length
254 return 1 if successful 253 return 1 if successful
255 return 0 if failure */ 254 return 0 if failure */
256int handle_cryptohandshake(uint8_t * public_key, uint8_t * secret_nonce, 255int handle_cryptohandshake(uint8_t *public_key, uint8_t *secret_nonce,
257 uint8_t * session_key, uint8_t * data, uint16_t length) 256 uint8_t *session_key, uint8_t *data, uint16_t length)
258{ 257{
259 int pad = (- crypto_box_BOXZEROBYTES + crypto_box_ZEROBYTES); 258 int pad = (- crypto_box_BOXZEROBYTES + crypto_box_ZEROBYTES);
260 if(length != 1 + crypto_box_PUBLICKEYBYTES + crypto_box_NONCEBYTES 259 if (length != 1 + crypto_box_PUBLICKEYBYTES + crypto_box_NONCEBYTES
261 + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES + pad) 260 + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES + pad)
262 { 261 {
263 return 0; 262 return 0;
264 } 263 }
265 if(data[0] != 2) 264 if (data[0] != 2)
266 return 0; 265 return 0;
267 uint8_t temp[crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES]; 266 uint8_t temp[crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES];
268 267
@@ -272,7 +271,7 @@ int handle_cryptohandshake(uint8_t * public_key, uint8_t * secret_nonce,
272 data + 1 + crypto_box_PUBLICKEYBYTES + crypto_box_NONCEBYTES, 271 data + 1 + crypto_box_PUBLICKEYBYTES + crypto_box_NONCEBYTES,
273 crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES + pad, temp); 272 crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES + pad, temp);
274 273
275 if(len != crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES) 274 if (len != crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES)
276 return 0; 275 return 0;
277 276
278 memcpy(secret_nonce, temp, crypto_box_NONCEBYTES); 277 memcpy(secret_nonce, temp, crypto_box_NONCEBYTES);
@@ -283,33 +282,33 @@ int handle_cryptohandshake(uint8_t * public_key, uint8_t * secret_nonce,
283/* get crypto connection id from public key of peer 282/* get crypto connection id from public key of peer
284 return -1 if there are no connections like we are looking for 283 return -1 if there are no connections like we are looking for
285 return id if it found it */ 284 return id if it found it */
286int getcryptconnection_id(uint8_t * public_key) 285int getcryptconnection_id(uint8_t *public_key)
287{ 286{
288 uint32_t i; 287 uint32_t i;
289 for(i = 0; i < MAX_CRYPTO_CONNECTIONS; ++i) 288 for (i = 0; i < MAX_CRYPTO_CONNECTIONS; ++i) {
290 if(crypto_connections[i].status > 0) 289 if (crypto_connections[i].status > 0)
291 if(memcmp(public_key, crypto_connections[i].public_key, crypto_box_PUBLICKEYBYTES) == 0) 290 if (memcmp(public_key, crypto_connections[i].public_key, crypto_box_PUBLICKEYBYTES) == 0)
292 return i; 291 return i;
292 }
293 return -1; 293 return -1;
294} 294}
295 295
296/* Start a secure connection with other peer who has public_key and ip_port 296/* Start a secure connection with other peer who has public_key and ip_port
297 returns -1 if failure 297 returns -1 if failure
298 returns crypt_connection_id of the initialized connection if everything went well. */ 298 returns crypt_connection_id of the initialized connection if everything went well. */
299int crypto_connect(uint8_t * public_key, IP_Port ip_port) 299int crypto_connect(uint8_t *public_key, IP_Port ip_port)
300{ 300{
301 uint32_t i; 301 uint32_t i;
302 int id = getcryptconnection_id(public_key); 302 int id = getcryptconnection_id(public_key);
303 if(id != -1) { 303 if (id != -1) {
304 IP_Port c_ip = connection_ip(crypto_connections[id].number); 304 IP_Port c_ip = connection_ip(crypto_connections[id].number);
305 if(c_ip.ip.i == ip_port.ip.i && c_ip.port == ip_port.port) 305 if(c_ip.ip.i == ip_port.ip.i && c_ip.port == ip_port.port)
306 return -1; 306 return -1;
307 } 307 }
308 for(i = 0; i < MAX_CRYPTO_CONNECTIONS; ++i) 308 for (i = 0; i < MAX_CRYPTO_CONNECTIONS; ++i) {
309 { 309 if (crypto_connections[i].status == 0) {
310 if(crypto_connections[i].status == 0) {
311 int id = new_connection(ip_port); 310 int id = new_connection(ip_port);
312 if(id == -1) 311 if (id == -1)
313 return -1; 312 return -1;
314 crypto_connections[i].number = id; 313 crypto_connections[i].number = id;
315 crypto_connections[i].status = 1; 314 crypto_connections[i].status = 1;
@@ -317,8 +316,8 @@ int crypto_connect(uint8_t * public_key, IP_Port ip_port)
317 memcpy(crypto_connections[i].public_key, public_key, crypto_box_PUBLICKEYBYTES); 316 memcpy(crypto_connections[i].public_key, public_key, crypto_box_PUBLICKEYBYTES);
318 crypto_box_keypair(crypto_connections[i].sessionpublic_key, crypto_connections[i].sessionsecret_key); 317 crypto_box_keypair(crypto_connections[i].sessionpublic_key, crypto_connections[i].sessionsecret_key);
319 318
320 if(send_cryptohandshake(id, public_key, crypto_connections[i].recv_nonce, 319 if (send_cryptohandshake(id, public_key, crypto_connections[i].recv_nonce,
321 crypto_connections[i].sessionpublic_key) == 1) 320 crypto_connections[i].sessionpublic_key) == 1)
322 { 321 {
323 increment_nonce(crypto_connections[i].recv_nonce); 322 increment_nonce(crypto_connections[i].recv_nonce);
324 return i; 323 return i;
@@ -336,21 +335,20 @@ int crypto_connect(uint8_t * public_key, IP_Port ip_port)
336 and the session public key for the connection in session_key 335 and the session public key for the connection in session_key
337 to accept it see: accept_crypto_inbound(...) 336 to accept it see: accept_crypto_inbound(...)
338 to refuse it just call kill_connection(...) on the connection id */ 337 to refuse it just call kill_connection(...) on the connection id */
339int crypto_inbound(uint8_t * public_key, uint8_t * secret_nonce, uint8_t * session_key) 338int crypto_inbound(uint8_t *public_key, uint8_t *secret_nonce, uint8_t *session_key)
340{ 339{
341 uint32_t i; 340 uint32_t i;
342 for(i = 0; i < MAX_INCOMING; ++i) 341 for (i = 0; i < MAX_INCOMING; ++i) {
343 { 342 if (incoming_connections[i] != -1) {
344 if(incoming_connections[i] != -1) { 343 if (is_connected(incoming_connections[i]) == 4 || is_connected(incoming_connections[i]) == 0) {
345 if(is_connected(incoming_connections[i]) == 4 || is_connected(incoming_connections[i]) == 0) {
346 kill_connection(incoming_connections[i]); 344 kill_connection(incoming_connections[i]);
347 incoming_connections[i] = -1; 345 incoming_connections[i] = -1;
348 continue; 346 continue;
349 } 347 }
350 if(id_packet(incoming_connections[i]) == 2) { 348 if (id_packet(incoming_connections[i]) == 2) {
351 uint8_t temp_data[MAX_DATA_SIZE]; 349 uint8_t temp_data[MAX_DATA_SIZE];
352 uint16_t len = read_packet(incoming_connections[i], temp_data); 350 uint16_t len = read_packet(incoming_connections[i], temp_data);
353 if(handle_cryptohandshake(public_key, secret_nonce, session_key, temp_data, len)) { 351 if (handle_cryptohandshake(public_key, secret_nonce, session_key, temp_data, len)) {
354 int connection_id = incoming_connections[i]; 352 int connection_id = incoming_connections[i];
355 incoming_connections[i] = -1; /* remove this connection from the incoming connection list. */ 353 incoming_connections[i] = -1; /* remove this connection from the incoming connection list. */
356 return connection_id; 354 return connection_id;
@@ -366,9 +364,9 @@ int crypto_inbound(uint8_t * public_key, uint8_t * secret_nonce, uint8_t * sessi
366 return 1 if there was a problem. */ 364 return 1 if there was a problem. */
367int crypto_kill(int crypt_connection_id) 365int crypto_kill(int crypt_connection_id)
368{ 366{
369 if(crypt_connection_id < 0 || crypt_connection_id >= MAX_CRYPTO_CONNECTIONS) 367 if (crypt_connection_id < 0 || crypt_connection_id >= MAX_CRYPTO_CONNECTIONS)
370 return 1; 368 return 1;
371 if(crypto_connections[crypt_connection_id].status != 0) { 369 if (crypto_connections[crypt_connection_id].status != 0) {
372 crypto_connections[crypt_connection_id].status = 0; 370 crypto_connections[crypt_connection_id].status = 0;
373 kill_connection(crypto_connections[crypt_connection_id].number); 371 kill_connection(crypto_connections[crypt_connection_id].number);
374 crypto_connections[crypt_connection_id].number = ~0; 372 crypto_connections[crypt_connection_id].number = ~0;
@@ -380,18 +378,17 @@ int crypto_kill(int crypt_connection_id)
380/* accept an incoming connection using the parameters provided by crypto_inbound 378/* accept an incoming connection using the parameters provided by crypto_inbound
381 return -1 if not successful 379 return -1 if not successful
382 returns the crypt_connection_id if successful */ 380 returns the crypt_connection_id if successful */
383int accept_crypto_inbound(int connection_id, uint8_t * public_key, uint8_t * secret_nonce, uint8_t * session_key) 381int accept_crypto_inbound(int connection_id, uint8_t *public_key, uint8_t *secret_nonce, uint8_t *session_key)
384{ 382{
385 uint32_t i; 383 uint32_t i;
386 if(connection_id == -1) 384 if (connection_id == -1)
387 return -1; 385 return -1;
388 /* 386 /*
389 if(getcryptconnection_id(public_key) != -1) 387 if(getcryptconnection_id(public_key) != -1)
390 { 388 {
391 return -1; 389 return -1;
392 }*/ 390 }*/
393 for(i = 0; i < MAX_CRYPTO_CONNECTIONS; ++i) 391 for (i = 0; i < MAX_CRYPTO_CONNECTIONS; ++i) {
394 {
395 if(crypto_connections[i].status == 0) { 392 if(crypto_connections[i].status == 0) {
396 crypto_connections[i].number = connection_id; 393 crypto_connections[i].number = connection_id;
397 crypto_connections[i].status = 2; 394 crypto_connections[i].status = 2;
@@ -403,7 +400,7 @@ int accept_crypto_inbound(int connection_id, uint8_t * public_key, uint8_t * sec
403 400
404 crypto_box_keypair(crypto_connections[i].sessionpublic_key, crypto_connections[i].sessionsecret_key); 401 crypto_box_keypair(crypto_connections[i].sessionpublic_key, crypto_connections[i].sessionsecret_key);
405 402
406 if(send_cryptohandshake(connection_id, public_key, crypto_connections[i].recv_nonce, 403 if (send_cryptohandshake(connection_id, public_key, crypto_connections[i].recv_nonce,
407 crypto_connections[i].sessionpublic_key) == 1) 404 crypto_connections[i].sessionpublic_key) == 1)
408 { 405 {
409 increment_nonce(crypto_connections[i].recv_nonce); 406 increment_nonce(crypto_connections[i].recv_nonce);
@@ -424,7 +421,7 @@ int accept_crypto_inbound(int connection_id, uint8_t * public_key, uint8_t * sec
424 4 if the connection is timed out and waiting to be killed */ 421 4 if the connection is timed out and waiting to be killed */
425int is_cryptoconnected(int crypt_connection_id) 422int is_cryptoconnected(int crypt_connection_id)
426{ 423{
427 if(crypt_connection_id >= 0 && crypt_connection_id < MAX_CRYPTO_CONNECTIONS) 424 if (crypt_connection_id >= 0 && crypt_connection_id < MAX_CRYPTO_CONNECTIONS)
428 return crypto_connections[crypt_connection_id].status; 425 return crypto_connections[crypt_connection_id].status;
429 return 0; 426 return 0;
430} 427}
@@ -438,7 +435,7 @@ void new_keys()
438 435
439/* save the public and private keys to the keys array 436/* save the public and private keys to the keys array
440 Length must be crypto_box_PUBLICKEYBYTES + crypto_box_SECRETKEYBYTES */ 437 Length must be crypto_box_PUBLICKEYBYTES + crypto_box_SECRETKEYBYTES */
441void save_keys(uint8_t * keys) 438void save_keys(uint8_t *keys)
442{ 439{
443 memcpy(keys, self_public_key, crypto_box_PUBLICKEYBYTES); 440 memcpy(keys, self_public_key, crypto_box_PUBLICKEYBYTES);
444 memcpy(keys + crypto_box_PUBLICKEYBYTES, self_secret_key, crypto_box_SECRETKEYBYTES); 441 memcpy(keys + crypto_box_PUBLICKEYBYTES, self_secret_key, crypto_box_SECRETKEYBYTES);
@@ -446,7 +443,7 @@ void save_keys(uint8_t * keys)
446 443
447/* load the public and private keys from the keys array 444/* load the public and private keys from the keys array
448 Length must be crypto_box_PUBLICKEYBYTES + crypto_box_SECRETKEYBYTES */ 445 Length must be crypto_box_PUBLICKEYBYTES + crypto_box_SECRETKEYBYTES */
449void load_keys(uint8_t * keys) 446void load_keys(uint8_t *keys)
450{ 447{
451 memcpy(self_public_key, keys, crypto_box_PUBLICKEYBYTES); 448 memcpy(self_public_key, keys, crypto_box_PUBLICKEYBYTES);
452 memcpy(self_secret_key, keys + crypto_box_PUBLICKEYBYTES, crypto_box_SECRETKEYBYTES); 449 memcpy(self_secret_key, keys + crypto_box_PUBLICKEYBYTES, crypto_box_SECRETKEYBYTES);
@@ -459,8 +456,8 @@ void load_keys(uint8_t * keys)
459int new_incoming(int id) 456int new_incoming(int id)
460{ 457{
461 uint32_t i; 458 uint32_t i;
462 for(i = 0; i < MAX_INCOMING; ++i) { 459 for (i = 0; i < MAX_INCOMING; ++i) {
463 if(incoming_connections[i] == -1) { 460 if (incoming_connections[i] == -1) {
464 incoming_connections[i] = id; 461 incoming_connections[i] = id;
465 return 0; 462 return 0;
466 } 463 }
@@ -473,7 +470,7 @@ int new_incoming(int id)
473static void handle_incomings() 470static void handle_incomings()
474{ 471{
475 int income; 472 int income;
476 while(1) { 473 while (1) {
477 income = incoming_connection(); 474 income = incoming_connection();
478 if(income == -1 || new_incoming(income) ) 475 if(income == -1 || new_incoming(income) )
479 break; 476 break;
@@ -484,22 +481,20 @@ static void handle_incomings()
484static void receive_crypto() 481static void receive_crypto()
485{ 482{
486 uint32_t i; 483 uint32_t i;
487 for(i = 0; i < MAX_CRYPTO_CONNECTIONS; ++i) 484 for (i = 0; i < MAX_CRYPTO_CONNECTIONS; ++i) {
488 { 485 if (crypto_connections[i].status == 1) {
489 if(crypto_connections[i].status == 1)
490 {
491 uint8_t temp_data[MAX_DATA_SIZE]; 486 uint8_t temp_data[MAX_DATA_SIZE];
492 uint8_t secret_nonce[crypto_box_NONCEBYTES]; 487 uint8_t secret_nonce[crypto_box_NONCEBYTES];
493 uint8_t public_key[crypto_box_PUBLICKEYBYTES]; 488 uint8_t public_key[crypto_box_PUBLICKEYBYTES];
494 uint8_t session_key[crypto_box_PUBLICKEYBYTES]; 489 uint8_t session_key[crypto_box_PUBLICKEYBYTES];
495 uint16_t len; 490 uint16_t len;
496 if(id_packet(crypto_connections[i].number) == 1) 491 if (id_packet(crypto_connections[i].number) == 1)
497 /* if the packet is a friend request drop it (because we are already friends) */ 492 /* if the packet is a friend request drop it (because we are already friends) */
498 len = read_packet(crypto_connections[i].number, temp_data); 493 len = read_packet(crypto_connections[i].number, temp_data);
499 if(id_packet(crypto_connections[i].number) == 2) { /* handle handshake packet. */ 494 if (id_packet(crypto_connections[i].number) == 2) { /* handle handshake packet. */
500 len = read_packet(crypto_connections[i].number, temp_data); 495 len = read_packet(crypto_connections[i].number, temp_data);
501 if(handle_cryptohandshake(public_key, secret_nonce, session_key, temp_data, len)) { 496 if (handle_cryptohandshake(public_key, secret_nonce, session_key, temp_data, len)) {
502 if(memcmp(public_key, crypto_connections[i].public_key, crypto_box_PUBLICKEYBYTES) == 0) { 497 if (memcmp(public_key, crypto_connections[i].public_key, crypto_box_PUBLICKEYBYTES) == 0) {
503 memcpy(crypto_connections[i].sent_nonce, secret_nonce, crypto_box_NONCEBYTES); 498 memcpy(crypto_connections[i].sent_nonce, secret_nonce, crypto_box_NONCEBYTES);
504 memcpy(crypto_connections[i].peersessionpublic_key, session_key, crypto_box_PUBLICKEYBYTES); 499 memcpy(crypto_connections[i].peersessionpublic_key, session_key, crypto_box_PUBLICKEYBYTES);
505 increment_nonce(crypto_connections[i].sent_nonce); 500 increment_nonce(crypto_connections[i].sent_nonce);
@@ -510,15 +505,12 @@ static void receive_crypto()
510 } 505 }
511 } 506 }
512 } 507 }
513 else if(id_packet(crypto_connections[i].number) != -1) 508 else if (id_packet(crypto_connections[i].number) != -1) // This should not happen kill the connection if it does
514 /* This should not happen
515 kill the connection if it does */
516 crypto_kill(crypto_connections[i].number); 509 crypto_kill(crypto_connections[i].number);
517 510
518 } 511 }
519 if(crypto_connections[i].status == 2) 512 if (crypto_connections[i].status == 2) {
520 { 513 if (id_packet(crypto_connections[i].number) == 3) {
521 if(id_packet(crypto_connections[i].number) == 3) {
522 uint8_t temp_data[MAX_DATA_SIZE]; 514 uint8_t temp_data[MAX_DATA_SIZE];
523 uint8_t data[MAX_DATA_SIZE]; 515 uint8_t data[MAX_DATA_SIZE];
524 int length = read_packet(crypto_connections[i].number, temp_data); 516 int length = read_packet(crypto_connections[i].number, temp_data);
@@ -526,7 +518,7 @@ static void receive_crypto()
526 crypto_connections[i].sessionsecret_key, 518 crypto_connections[i].sessionsecret_key,
527 crypto_connections[i].recv_nonce, temp_data + 1, length - 1, data); 519 crypto_connections[i].recv_nonce, temp_data + 1, length - 1, data);
528 uint32_t zero = 0; 520 uint32_t zero = 0;
529 if(len == sizeof(uint32_t) && memcmp(((uint8_t *)&zero), data, sizeof(uint32_t)) == 0) { 521 if (len == sizeof(uint32_t) && memcmp(((uint8_t *)&zero), data, sizeof(uint32_t)) == 0) {
530 increment_nonce(crypto_connections[i].recv_nonce); 522 increment_nonce(crypto_connections[i].recv_nonce);
531 crypto_connections[i].status = 3; 523 crypto_connections[i].status = 3;
532 524
@@ -534,9 +526,7 @@ static void receive_crypto()
534 kill_connection_in(crypto_connections[i].number, 3000000); 526 kill_connection_in(crypto_connections[i].number, 3000000);
535 } 527 }
536 else 528 else
537 /* This should not happen 529 crypto_kill(crypto_connections[i].number); // This should not happen kill the connection if it does
538 kill the connection if it does */
539 crypto_kill(crypto_connections[i].number);
540 } 530 }
541 else if(id_packet(crypto_connections[i].number) != -1) 531 else if(id_packet(crypto_connections[i].number) != -1)
542 /* This should not happen 532 /* This should not happen
@@ -553,17 +543,17 @@ void initNetCrypto()
553 memset(crypto_connections, 0 ,sizeof(crypto_connections)); 543 memset(crypto_connections, 0 ,sizeof(crypto_connections));
554 memset(incoming_connections, -1 ,sizeof(incoming_connections)); 544 memset(incoming_connections, -1 ,sizeof(incoming_connections));
555 uint32_t i; 545 uint32_t i;
556 for(i = 0; i < MAX_CRYPTO_CONNECTIONS; ++i) 546 for (i = 0; i < MAX_CRYPTO_CONNECTIONS; ++i)
557 crypto_connections[i].number = ~0; 547 crypto_connections[i].number = ~0;
558} 548}
559 549
560static void killTimedout() 550static void killTimedout()
561{ 551{
562 uint32_t i; 552 uint32_t i;
563 for(i = 0; i < MAX_CRYPTO_CONNECTIONS; ++i) { 553 for (i = 0; i < MAX_CRYPTO_CONNECTIONS; ++i) {
564 if(crypto_connections[i].status != 0 && is_connected(crypto_connections[i].number) == 4) 554 if (crypto_connections[i].status != 0 && is_connected(crypto_connections[i].number) == 4)
565 crypto_connections[i].status = 4; 555 crypto_connections[i].status = 4;
566 else if(is_connected(crypto_connections[i].number) == 4) { 556 else if (is_connected(crypto_connections[i].number) == 4) {
567 kill_connection(crypto_connections[i].number); 557 kill_connection(crypto_connections[i].number);
568 crypto_connections[i].number = ~0; 558 crypto_connections[i].number = ~0;
569 } 559 }
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-01 07:51:14 +0000