summaryrefslogtreecommitdiff
path: root/core/net_crypto.c
diff options
context:
space:
mode:
Diffstat (limited to 'core/net_crypto.c')
-rw-r--r--core/net_crypto.c203
1 files changed, 50 insertions, 153 deletions
diff --git a/core/net_crypto.c b/core/net_crypto.c
index e01ed695..28cb83e8 100644
--- a/core/net_crypto.c
+++ b/core/net_crypto.c
@@ -1,38 +1,35 @@
1/* net_crypto.c 1/* net_crypto.c
2* 2 *
3* Functions for the core network crypto. 3 * Functions for the core network crypto.
4* See also: docs/Crypto.txt 4 * See also: docs/Crypto.txt
5* 5 *
6* NOTE: This code has to be perfect. We don't mess around with encryption. 6 * NOTE: This code has to be perfect. We don't mess around with encryption.
7* 7 *
8 8 * Copyright (C) 2013 Tox project All Rights Reserved.
9 Copyright (C) 2013 Tox project All Rights Reserved. 9 *
10 10 * This file is part of Tox.
11 This file is part of Tox. 11 *
12 12 * Tox is free software: you can redistribute it and/or modify
13 Tox is free software: you can redistribute it and/or modify 13 * it under the terms of the GNU General Public License as published by
14 it under the terms of the GNU General Public License as published by 14 * the Free Software Foundation, either version 3 of the License, or
15 the Free Software Foundation, either version 3 of the License, or 15 * (at your option) any later version.
16 (at your option) any later version. 16 *
17 17 * Tox is distributed in the hope that it will be useful,
18 Tox is distributed in the hope that it will be useful, 18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 but WITHOUT ANY WARRANTY; without even the implied warranty of 19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 20 * GNU General Public License for more details.
21 GNU General Public License for more details. 21 *
22 22 * You should have received a copy of the GNU General Public License
23 You should have received a copy of the GNU General Public License 23 * along with Tox. If not, see <http://www.gnu.org/licenses/>.
24 along with Tox. If not, see <http://www.gnu.org/licenses/>. 24 *
25 25 */
26*/
27 26
28#include "net_crypto.h" 27#include "net_crypto.h"
29 28
30
31/* Our public and secret keys. */ 29/* Our public and secret keys. */
32uint8_t self_public_key[crypto_box_PUBLICKEYBYTES]; 30uint8_t self_public_key[crypto_box_PUBLICKEYBYTES];
33uint8_t self_secret_key[crypto_box_SECRETKEYBYTES]; 31uint8_t self_secret_key[crypto_box_SECRETKEYBYTES];
34 32
35
36typedef struct 33typedef struct
37{ 34{
38 uint8_t public_key[crypto_box_PUBLICKEYBYTES]; /* the real public key of the peer. */ 35 uint8_t public_key[crypto_box_PUBLICKEYBYTES]; /* the real public key of the peer. */
@@ -65,9 +62,7 @@ int encrypt_data(uint8_t * public_key, uint8_t * secret_key, uint8_t * nonce,
65 uint8_t * plain, uint32_t length, uint8_t * encrypted) 62 uint8_t * plain, uint32_t length, uint8_t * encrypted)
66{ 63{
67 if(length - crypto_box_BOXZEROBYTES + crypto_box_ZEROBYTES > MAX_DATA_SIZE || length == 0) 64 if(length - crypto_box_BOXZEROBYTES + crypto_box_ZEROBYTES > MAX_DATA_SIZE || length == 0)
68 {
69 return -1; 65 return -1;
70 }
71 66
72 uint8_t temp_plain[MAX_DATA_SIZE + crypto_box_ZEROBYTES - crypto_box_BOXZEROBYTES] = {0}; 67 uint8_t temp_plain[MAX_DATA_SIZE + crypto_box_ZEROBYTES - crypto_box_BOXZEROBYTES] = {0};
73 uint8_t temp_encrypted[MAX_DATA_SIZE + crypto_box_ZEROBYTES]; 68 uint8_t temp_encrypted[MAX_DATA_SIZE + crypto_box_ZEROBYTES];
@@ -79,9 +74,8 @@ int encrypt_data(uint8_t * public_key, uint8_t * secret_key, uint8_t * nonce,
79 74
80 /* if encryption is successful the first crypto_box_BOXZEROBYTES of the message will be zero */ 75 /* if encryption is successful the first crypto_box_BOXZEROBYTES of the message will be zero */
81 if(memcmp(temp_encrypted, zeroes, crypto_box_BOXZEROBYTES) != 0) 76 if(memcmp(temp_encrypted, zeroes, crypto_box_BOXZEROBYTES) != 0)
82 {
83 return -1; 77 return -1;
84 } 78
85 /* unpad the encrypted message */ 79 /* unpad the encrypted message */
86 memcpy(encrypted, temp_encrypted + crypto_box_BOXZEROBYTES, length - crypto_box_BOXZEROBYTES + crypto_box_ZEROBYTES); 80 memcpy(encrypted, temp_encrypted + crypto_box_BOXZEROBYTES, length - crypto_box_BOXZEROBYTES + crypto_box_ZEROBYTES);
87 return length - crypto_box_BOXZEROBYTES + crypto_box_ZEROBYTES; 81 return length - crypto_box_BOXZEROBYTES + crypto_box_ZEROBYTES;
@@ -95,9 +89,8 @@ int decrypt_data(uint8_t * public_key, uint8_t * secret_key, uint8_t * nonce,
95 uint8_t * encrypted, uint32_t length, uint8_t * plain) 89 uint8_t * encrypted, uint32_t length, uint8_t * plain)
96{ 90{
97 if(length > MAX_DATA_SIZE || length <= crypto_box_BOXZEROBYTES) 91 if(length > MAX_DATA_SIZE || length <= crypto_box_BOXZEROBYTES)
98 {
99 return -1; 92 return -1;
100 } 93
101 uint8_t temp_plain[MAX_DATA_SIZE - crypto_box_ZEROBYTES + crypto_box_BOXZEROBYTES]; 94 uint8_t temp_plain[MAX_DATA_SIZE - crypto_box_ZEROBYTES + crypto_box_BOXZEROBYTES];
102 uint8_t temp_encrypted[MAX_DATA_SIZE + crypto_box_ZEROBYTES] = {0}; 95 uint8_t temp_encrypted[MAX_DATA_SIZE + crypto_box_ZEROBYTES] = {0};
103 uint8_t zeroes[crypto_box_ZEROBYTES] = {0}; 96 uint8_t zeroes[crypto_box_ZEROBYTES] = {0};
@@ -106,14 +99,12 @@ int decrypt_data(uint8_t * public_key, uint8_t * secret_key, uint8_t * nonce,
106 99
107 if(crypto_box_open(temp_plain, temp_encrypted, length + crypto_box_BOXZEROBYTES, 100 if(crypto_box_open(temp_plain, temp_encrypted, length + crypto_box_BOXZEROBYTES,
108 nonce, public_key, secret_key) == -1) 101 nonce, public_key, secret_key) == -1)
109 {
110 return -1; 102 return -1;
111 } 103
112 /* if decryption is successful the first crypto_box_ZEROBYTES of the message will be zero */ 104 /* if decryption is successful the first crypto_box_ZEROBYTES of the message will be zero */
113 if(memcmp(temp_plain, zeroes, crypto_box_ZEROBYTES) != 0) 105 if(memcmp(temp_plain, zeroes, crypto_box_ZEROBYTES) != 0)
114 {
115 return -1; 106 return -1;
116 } 107
117 /* unpad the plain message */ 108 /* unpad the plain message */
118 memcpy(plain, temp_plain + crypto_box_ZEROBYTES, length - crypto_box_ZEROBYTES + crypto_box_BOXZEROBYTES); 109 memcpy(plain, temp_plain + crypto_box_ZEROBYTES, length - crypto_box_ZEROBYTES + crypto_box_BOXZEROBYTES);
119 return length - crypto_box_ZEROBYTES + crypto_box_BOXZEROBYTES; 110 return length - crypto_box_ZEROBYTES + crypto_box_BOXZEROBYTES;
@@ -123,13 +114,10 @@ int decrypt_data(uint8_t * public_key, uint8_t * secret_key, uint8_t * nonce,
123void increment_nonce(uint8_t * nonce) 114void increment_nonce(uint8_t * nonce)
124{ 115{
125 uint32_t i; 116 uint32_t i;
126 for(i = 0; i < crypto_box_NONCEBYTES; ++i) 117 for(i = 0; i < crypto_box_NONCEBYTES; ++i) {
127 {
128 ++nonce[i]; 118 ++nonce[i];
129 if(nonce[i] != 0) 119 if(nonce[i] != 0)
130 {
131 break; 120 break;
132 }
133 } 121 }
134} 122}
135 123
@@ -137,8 +125,7 @@ void increment_nonce(uint8_t * nonce)
137void random_nonce(uint8_t * nonce) 125void random_nonce(uint8_t * nonce)
138{ 126{
139 uint32_t i, temp; 127 uint32_t i, temp;
140 for (i = 0; i < crypto_box_NONCEBYTES / 4; ++i) 128 for (i = 0; i < crypto_box_NONCEBYTES / 4; ++i) {
141 {
142 temp = random_int(); 129 temp = random_int();
143 memcpy(nonce + 4 * i, &temp, 4); 130 memcpy(nonce + 4 * i, &temp, 4);
144 } 131 }
@@ -150,64 +137,44 @@ void random_nonce(uint8_t * nonce)
150int read_cryptpacket(int crypt_connection_id, uint8_t * data) 137int read_cryptpacket(int crypt_connection_id, uint8_t * data)
151{ 138{
152 if(crypt_connection_id < 0 || crypt_connection_id >= MAX_CRYPTO_CONNECTIONS) 139 if(crypt_connection_id < 0 || crypt_connection_id >= MAX_CRYPTO_CONNECTIONS)
153 {
154 return 0; 140 return 0;
155 }
156 if(crypto_connections[crypt_connection_id].status != 3) 141 if(crypto_connections[crypt_connection_id].status != 3)
157 {
158 return 0; 142 return 0;
159 }
160 uint8_t temp_data[MAX_DATA_SIZE]; 143 uint8_t temp_data[MAX_DATA_SIZE];
161 int length = read_packet(crypto_connections[crypt_connection_id].number, temp_data); 144 int length = read_packet(crypto_connections[crypt_connection_id].number, temp_data);
162 if(length == 0) 145 if(length == 0)
163 {
164 return 0; 146 return 0;
165 }
166 if(temp_data[0] != 3) 147 if(temp_data[0] != 3)
167 {
168 return -1; 148 return -1;
169 }
170 int len = decrypt_data(crypto_connections[crypt_connection_id].peersessionpublic_key, 149 int len = decrypt_data(crypto_connections[crypt_connection_id].peersessionpublic_key,
171 crypto_connections[crypt_connection_id].sessionsecret_key, 150 crypto_connections[crypt_connection_id].sessionsecret_key,
172 crypto_connections[crypt_connection_id].recv_nonce, temp_data + 1, length - 1, data); 151 crypto_connections[crypt_connection_id].recv_nonce, temp_data + 1, length - 1, data);
173 if(len != -1) 152 if(len != -1) {
174 {
175 increment_nonce(crypto_connections[crypt_connection_id].recv_nonce); 153 increment_nonce(crypto_connections[crypt_connection_id].recv_nonce);
176 return len; 154 return len;
177 } 155 }
178 return -1; 156 return -1;
179} 157}
180 158
181
182/* return 0 if data could not be put in packet queue 159/* return 0 if data could not be put in packet queue
183 return 1 if data was put into the queue */ 160 return 1 if data was put into the queue */
184int write_cryptpacket(int crypt_connection_id, uint8_t * data, uint32_t length) 161int write_cryptpacket(int crypt_connection_id, uint8_t * data, uint32_t length)
185{ 162{
186 if(crypt_connection_id < 0 || crypt_connection_id >= MAX_CRYPTO_CONNECTIONS) 163 if(crypt_connection_id < 0 || crypt_connection_id >= MAX_CRYPTO_CONNECTIONS)
187 {
188 return 0; 164 return 0;
189 }
190 if(length - crypto_box_BOXZEROBYTES + crypto_box_ZEROBYTES > MAX_DATA_SIZE - 1) 165 if(length - crypto_box_BOXZEROBYTES + crypto_box_ZEROBYTES > MAX_DATA_SIZE - 1)
191 {
192 return 0; 166 return 0;
193 }
194 if(crypto_connections[crypt_connection_id].status != 3) 167 if(crypto_connections[crypt_connection_id].status != 3)
195 {
196 return 0; 168 return 0;
197 }
198 uint8_t temp_data[MAX_DATA_SIZE]; 169 uint8_t temp_data[MAX_DATA_SIZE];
199 int len = encrypt_data(crypto_connections[crypt_connection_id].peersessionpublic_key, 170 int len = encrypt_data(crypto_connections[crypt_connection_id].peersessionpublic_key,
200 crypto_connections[crypt_connection_id].sessionsecret_key, 171 crypto_connections[crypt_connection_id].sessionsecret_key,
201 crypto_connections[crypt_connection_id].sent_nonce, data, length, temp_data + 1); 172 crypto_connections[crypt_connection_id].sent_nonce, data, length, temp_data + 1);
202 if(len == -1) 173 if(len == -1)
203 {
204 return 0; 174 return 0;
205 }
206 temp_data[0] = 3; 175 temp_data[0] = 3;
207 if(write_packet(crypto_connections[crypt_connection_id].number, temp_data, len + 1) == 0) 176 if(write_packet(crypto_connections[crypt_connection_id].number, temp_data, len + 1) == 0)
208 {
209 return 0; 177 return 0;
210 }
211 increment_nonce(crypto_connections[crypt_connection_id].sent_nonce); 178 increment_nonce(crypto_connections[crypt_connection_id].sent_nonce);
212 return 1; 179 return 1;
213} 180}
@@ -221,17 +188,13 @@ int write_cryptpacket(int crypt_connection_id, uint8_t * data, uint32_t length)
221int create_request(uint8_t * packet, uint8_t * public_key, uint8_t * data, uint32_t length, uint8_t request_id) 188int create_request(uint8_t * packet, uint8_t * public_key, uint8_t * data, uint32_t length, uint8_t request_id)
222{ 189{
223 if(MAX_DATA_SIZE < length + 1 + crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES + ENCRYPTION_PADDING) 190 if(MAX_DATA_SIZE < length + 1 + crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES + ENCRYPTION_PADDING)
224 {
225 return -1; 191 return -1;
226 }
227 uint8_t nonce[crypto_box_NONCEBYTES]; 192 uint8_t nonce[crypto_box_NONCEBYTES];
228 random_nonce(nonce); 193 random_nonce(nonce);
229 int len = encrypt_data(public_key, self_secret_key, nonce, data, length, 194 int len = encrypt_data(public_key, self_secret_key, nonce, data, length,
230 1 + crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES + packet); 195 1 + crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES + packet);
231 if(len == -1) 196 if(len == -1)
232 {
233 return -1; 197 return -1;
234 }
235 packet[0] = request_id; 198 packet[0] = request_id;
236 memcpy(packet + 1, public_key, crypto_box_PUBLICKEYBYTES); 199 memcpy(packet + 1, public_key, crypto_box_PUBLICKEYBYTES);
237 memcpy(packet + 1 + crypto_box_PUBLICKEYBYTES, self_public_key, crypto_box_PUBLICKEYBYTES); 200 memcpy(packet + 1 + crypto_box_PUBLICKEYBYTES, self_public_key, crypto_box_PUBLICKEYBYTES);
@@ -257,18 +220,13 @@ int handle_request(uint8_t * public_key, uint8_t * data, uint8_t * packet, uint1
257 int len1 = decrypt_data(public_key, self_secret_key, nonce, packet + 1 + crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES, 220 int len1 = decrypt_data(public_key, self_secret_key, nonce, packet + 1 + crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES,
258 length - (crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES + 1), data); 221 length - (crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES + 1), data);
259 if(len1 == -1) 222 if(len1 == -1)
260 {
261 return -1; 223 return -1;
262 }
263 return len1; 224 return len1;
264 } 225 }
265 else 226 else
266 {
267 return -1; 227 return -1;
268 }
269} 228}
270 229
271
272/* Send a crypto handshake packet containing an encrypted secret nonce and session public key 230/* Send a crypto handshake packet containing an encrypted secret nonce and session public key
273 to peer with connection_id and public_key 231 to peer with connection_id and public_key
274 the packet is encrypted with a random nonce which is sent in plain text with the packet */ 232 the packet is encrypted with a random nonce which is sent in plain text with the packet */
@@ -285,9 +243,7 @@ int send_cryptohandshake(int connection_id, uint8_t * public_key, uint8_t * secr
285 int len = encrypt_data(public_key, self_secret_key, nonce, temp, crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES, 243 int len = encrypt_data(public_key, self_secret_key, nonce, temp, crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES,
286 1 + crypto_box_PUBLICKEYBYTES + crypto_box_NONCEBYTES + temp_data); 244 1 + crypto_box_PUBLICKEYBYTES + crypto_box_NONCEBYTES + temp_data);
287 if(len == -1) 245 if(len == -1)
288 {
289 return 0; 246 return 0;
290 }
291 temp_data[0] = 2; 247 temp_data[0] = 2;
292 memcpy(temp_data + 1, self_public_key, crypto_box_PUBLICKEYBYTES); 248 memcpy(temp_data + 1, self_public_key, crypto_box_PUBLICKEYBYTES);
293 memcpy(temp_data + 1 + crypto_box_PUBLICKEYBYTES, nonce, crypto_box_NONCEBYTES); 249 memcpy(temp_data + 1 + crypto_box_PUBLICKEYBYTES, nonce, crypto_box_NONCEBYTES);
@@ -307,9 +263,7 @@ int handle_cryptohandshake(uint8_t * public_key, uint8_t * secret_nonce,
307 return 0; 263 return 0;
308 } 264 }
309 if(data[0] != 2) 265 if(data[0] != 2)
310 {
311 return 0; 266 return 0;
312 }
313 uint8_t temp[crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES]; 267 uint8_t temp[crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES];
314 268
315 memcpy(public_key, data + 1, crypto_box_PUBLICKEYBYTES); 269 memcpy(public_key, data + 1, crypto_box_PUBLICKEYBYTES);
@@ -319,18 +273,13 @@ int handle_cryptohandshake(uint8_t * public_key, uint8_t * secret_nonce,
319 crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES + pad, temp); 273 crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES + pad, temp);
320 274
321 if(len != crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES) 275 if(len != crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES)
322 {
323 return 0; 276 return 0;
324 }
325 277
326 memcpy(secret_nonce, temp, crypto_box_NONCEBYTES); 278 memcpy(secret_nonce, temp, crypto_box_NONCEBYTES);
327 memcpy(session_key, temp + crypto_box_NONCEBYTES, crypto_box_PUBLICKEYBYTES); 279 memcpy(session_key, temp + crypto_box_NONCEBYTES, crypto_box_PUBLICKEYBYTES);
328 return 1; 280 return 1;
329} 281}
330 282
331
332
333
334/* get crypto connection id from public key of peer 283/* get crypto connection id from public key of peer
335 return -1 if there are no connections like we are looking for 284 return -1 if there are no connections like we are looking for
336 return id if it found it */ 285 return id if it found it */
@@ -338,19 +287,12 @@ int getcryptconnection_id(uint8_t * public_key)
338{ 287{
339 uint32_t i; 288 uint32_t i;
340 for(i = 0; i < MAX_CRYPTO_CONNECTIONS; ++i) 289 for(i = 0; i < MAX_CRYPTO_CONNECTIONS; ++i)
341 {
342 if(crypto_connections[i].status > 0) 290 if(crypto_connections[i].status > 0)
343 {
344 if(memcmp(public_key, crypto_connections[i].public_key, crypto_box_PUBLICKEYBYTES) == 0) 291 if(memcmp(public_key, crypto_connections[i].public_key, crypto_box_PUBLICKEYBYTES) == 0)
345 {
346 return i; 292 return i;
347 }
348 }
349 }
350 return -1; 293 return -1;
351} 294}
352 295
353
354/* Start a secure connection with other peer who has public_key and ip_port 296/* Start a secure connection with other peer who has public_key and ip_port
355 returns -1 if failure 297 returns -1 if failure
356 returns crypt_connection_id of the initialized connection if everything went well. */ 298 returns crypt_connection_id of the initialized connection if everything went well. */
@@ -358,23 +300,17 @@ int crypto_connect(uint8_t * public_key, IP_Port ip_port)
358{ 300{
359 uint32_t i; 301 uint32_t i;
360 int id = getcryptconnection_id(public_key); 302 int id = getcryptconnection_id(public_key);
361 if(id != -1) 303 if(id != -1) {
362 {
363 IP_Port c_ip = connection_ip(crypto_connections[id].number); 304 IP_Port c_ip = connection_ip(crypto_connections[id].number);
364 if(c_ip.ip.i == ip_port.ip.i && c_ip.port == ip_port.port) 305 if(c_ip.ip.i == ip_port.ip.i && c_ip.port == ip_port.port)
365 {
366 return -1; 306 return -1;
367 }
368 } 307 }
369 for(i = 0; i < MAX_CRYPTO_CONNECTIONS; ++i) 308 for(i = 0; i < MAX_CRYPTO_CONNECTIONS; ++i)
370 { 309 {
371 if(crypto_connections[i].status == 0) 310 if(crypto_connections[i].status == 0) {
372 {
373 int id = new_connection(ip_port); 311 int id = new_connection(ip_port);
374 if(id == -1) 312 if(id == -1)
375 {
376 return -1; 313 return -1;
377 }
378 crypto_connections[i].number = id; 314 crypto_connections[i].number = id;
379 crypto_connections[i].status = 1; 315 crypto_connections[i].status = 1;
380 random_nonce(crypto_connections[i].recv_nonce); 316 random_nonce(crypto_connections[i].recv_nonce);
@@ -405,20 +341,16 @@ int crypto_inbound(uint8_t * public_key, uint8_t * secret_nonce, uint8_t * sessi
405 uint32_t i; 341 uint32_t i;
406 for(i = 0; i < MAX_INCOMING; ++i) 342 for(i = 0; i < MAX_INCOMING; ++i)
407 { 343 {
408 if(incoming_connections[i] != -1) 344 if(incoming_connections[i] != -1) {
409 { 345 if(is_connected(incoming_connections[i]) == 4 || is_connected(incoming_connections[i]) == 0) {
410 if(is_connected(incoming_connections[i]) == 4 || is_connected(incoming_connections[i]) == 0)
411 {
412 kill_connection(incoming_connections[i]); 346 kill_connection(incoming_connections[i]);
413 incoming_connections[i] = -1; 347 incoming_connections[i] = -1;
414 continue; 348 continue;
415 } 349 }
416 if(id_packet(incoming_connections[i]) == 2) 350 if(id_packet(incoming_connections[i]) == 2) {
417 {
418 uint8_t temp_data[MAX_DATA_SIZE]; 351 uint8_t temp_data[MAX_DATA_SIZE];
419 uint16_t len = read_packet(incoming_connections[i], temp_data); 352 uint16_t len = read_packet(incoming_connections[i], temp_data);
420 if(handle_cryptohandshake(public_key, secret_nonce, session_key, temp_data, len)) 353 if(handle_cryptohandshake(public_key, secret_nonce, session_key, temp_data, len)) {
421 {
422 int connection_id = incoming_connections[i]; 354 int connection_id = incoming_connections[i];
423 incoming_connections[i] = -1; /* remove this connection from the incoming connection list. */ 355 incoming_connections[i] = -1; /* remove this connection from the incoming connection list. */
424 return connection_id; 356 return connection_id;
@@ -435,11 +367,8 @@ int crypto_inbound(uint8_t * public_key, uint8_t * secret_nonce, uint8_t * sessi
435int crypto_kill(int crypt_connection_id) 367int crypto_kill(int crypt_connection_id)
436{ 368{
437 if(crypt_connection_id < 0 || crypt_connection_id >= MAX_CRYPTO_CONNECTIONS) 369 if(crypt_connection_id < 0 || crypt_connection_id >= MAX_CRYPTO_CONNECTIONS)
438 {
439 return 1; 370 return 1;
440 } 371 if(crypto_connections[crypt_connection_id].status != 0) {
441 if(crypto_connections[crypt_connection_id].status != 0)
442 {
443 crypto_connections[crypt_connection_id].status = 0; 372 crypto_connections[crypt_connection_id].status = 0;
444 kill_connection(crypto_connections[crypt_connection_id].number); 373 kill_connection(crypto_connections[crypt_connection_id].number);
445 crypto_connections[crypt_connection_id].number = ~0; 374 crypto_connections[crypt_connection_id].number = ~0;
@@ -448,7 +377,6 @@ int crypto_kill(int crypt_connection_id)
448 return 1; 377 return 1;
449} 378}
450 379
451
452/* accept an incoming connection using the parameters provided by crypto_inbound 380/* accept an incoming connection using the parameters provided by crypto_inbound
453 return -1 if not successful 381 return -1 if not successful
454 returns the crypt_connection_id if successful */ 382 returns the crypt_connection_id if successful */
@@ -456,9 +384,7 @@ int accept_crypto_inbound(int connection_id, uint8_t * public_key, uint8_t * sec
456{ 384{
457 uint32_t i; 385 uint32_t i;
458 if(connection_id == -1) 386 if(connection_id == -1)
459 {
460 return -1; 387 return -1;
461 }
462 /* 388 /*
463 if(getcryptconnection_id(public_key) != -1) 389 if(getcryptconnection_id(public_key) != -1)
464 { 390 {
@@ -466,8 +392,7 @@ int accept_crypto_inbound(int connection_id, uint8_t * public_key, uint8_t * sec
466 }*/ 392 }*/
467 for(i = 0; i < MAX_CRYPTO_CONNECTIONS; ++i) 393 for(i = 0; i < MAX_CRYPTO_CONNECTIONS; ++i)
468 { 394 {
469 if(crypto_connections[i].status == 0) 395 if(crypto_connections[i].status == 0) {
470 {
471 crypto_connections[i].number = connection_id; 396 crypto_connections[i].number = connection_id;
472 crypto_connections[i].status = 2; 397 crypto_connections[i].status = 2;
473 random_nonce(crypto_connections[i].recv_nonce); 398 random_nonce(crypto_connections[i].recv_nonce);
@@ -494,19 +419,16 @@ int accept_crypto_inbound(int connection_id, uint8_t * public_key, uint8_t * sec
494 return -1; 419 return -1;
495} 420}
496 421
497/* return 0 if no connection, 1 we have sent a handshake, 2 if connexion is not confirmed yet 422/* return 0 if no connection, 1 we have sent a handshake, 2 if connection is not confirmed yet
498 (we have received a handshake but no empty data packet), 3 if the connection is established. 423 (we have received a handshake but no empty data packet), 3 if the connection is established.
499 4 if the connection is timed out and waiting to be killed */ 424 4 if the connection is timed out and waiting to be killed */
500int is_cryptoconnected(int crypt_connection_id) 425int is_cryptoconnected(int crypt_connection_id)
501{ 426{
502 if(crypt_connection_id >= 0 && crypt_connection_id < MAX_CRYPTO_CONNECTIONS) 427 if(crypt_connection_id >= 0 && crypt_connection_id < MAX_CRYPTO_CONNECTIONS)
503 {
504 return crypto_connections[crypt_connection_id].status; 428 return crypto_connections[crypt_connection_id].status;
505 }
506 return 0; 429 return 0;
507} 430}
508 431
509
510/* Generate our public and private keys 432/* Generate our public and private keys
511 Only call this function the first time the program starts. */ 433 Only call this function the first time the program starts. */
512void new_keys() 434void new_keys()
@@ -537,10 +459,8 @@ void load_keys(uint8_t * keys)
537int new_incoming(int id) 459int new_incoming(int id)
538{ 460{
539 uint32_t i; 461 uint32_t i;
540 for(i = 0; i < MAX_INCOMING; ++i) 462 for(i = 0; i < MAX_INCOMING; ++i) {
541 { 463 if(incoming_connections[i] == -1) {
542 if(incoming_connections[i] == -1)
543 {
544 incoming_connections[i] = id; 464 incoming_connections[i] = id;
545 return 0; 465 return 0;
546 } 466 }
@@ -553,13 +473,10 @@ int new_incoming(int id)
553static void handle_incomings() 473static void handle_incomings()
554{ 474{
555 int income; 475 int income;
556 while(1) 476 while(1) {
557 {
558 income = incoming_connection(); 477 income = incoming_connection();
559 if(income == -1 || new_incoming(income) ) 478 if(income == -1 || new_incoming(income) )
560 {
561 break; 479 break;
562 }
563 } 480 }
564} 481}
565 482
@@ -578,17 +495,11 @@ static void receive_crypto()
578 uint16_t len; 495 uint16_t len;
579 if(id_packet(crypto_connections[i].number) == 1) 496 if(id_packet(crypto_connections[i].number) == 1)
580 /* if the packet is a friend request drop it (because we are already friends) */ 497 /* if the packet is a friend request drop it (because we are already friends) */
581 {
582 len = read_packet(crypto_connections[i].number, temp_data); 498 len = read_packet(crypto_connections[i].number, temp_data);
583 499 if(id_packet(crypto_connections[i].number) == 2) { /* handle handshake packet. */
584 }
585 if(id_packet(crypto_connections[i].number) == 2) /* handle handshake packet. */
586 {
587 len = read_packet(crypto_connections[i].number, temp_data); 500 len = read_packet(crypto_connections[i].number, temp_data);
588 if(handle_cryptohandshake(public_key, secret_nonce, session_key, temp_data, len)) 501 if(handle_cryptohandshake(public_key, secret_nonce, session_key, temp_data, len)) {
589 { 502 if(memcmp(public_key, crypto_connections[i].public_key, crypto_box_PUBLICKEYBYTES) == 0) {
590 if(memcmp(public_key, crypto_connections[i].public_key, crypto_box_PUBLICKEYBYTES) == 0)
591 {
592 memcpy(crypto_connections[i].sent_nonce, secret_nonce, crypto_box_NONCEBYTES); 503 memcpy(crypto_connections[i].sent_nonce, secret_nonce, crypto_box_NONCEBYTES);
593 memcpy(crypto_connections[i].peersessionpublic_key, session_key, crypto_box_PUBLICKEYBYTES); 504 memcpy(crypto_connections[i].peersessionpublic_key, session_key, crypto_box_PUBLICKEYBYTES);
594 increment_nonce(crypto_connections[i].sent_nonce); 505 increment_nonce(crypto_connections[i].sent_nonce);
@@ -600,17 +511,14 @@ static void receive_crypto()
600 } 511 }
601 } 512 }
602 else if(id_packet(crypto_connections[i].number) != -1) 513 else if(id_packet(crypto_connections[i].number) != -1)
603 {
604 /* This should not happen 514 /* This should not happen
605 kill the connection if it does */ 515 kill the connection if it does */
606 crypto_kill(crypto_connections[i].number); 516 crypto_kill(crypto_connections[i].number);
607 }
608 517
609 } 518 }
610 if(crypto_connections[i].status == 2) 519 if(crypto_connections[i].status == 2)
611 { 520 {
612 if(id_packet(crypto_connections[i].number) == 3) 521 if(id_packet(crypto_connections[i].number) == 3) {
613 {
614 uint8_t temp_data[MAX_DATA_SIZE]; 522 uint8_t temp_data[MAX_DATA_SIZE];
615 uint8_t data[MAX_DATA_SIZE]; 523 uint8_t data[MAX_DATA_SIZE];
616 int length = read_packet(crypto_connections[i].number, temp_data); 524 int length = read_packet(crypto_connections[i].number, temp_data);
@@ -618,8 +526,7 @@ static void receive_crypto()
618 crypto_connections[i].sessionsecret_key, 526 crypto_connections[i].sessionsecret_key,
619 crypto_connections[i].recv_nonce, temp_data + 1, length - 1, data); 527 crypto_connections[i].recv_nonce, temp_data + 1, length - 1, data);
620 uint32_t zero = 0; 528 uint32_t zero = 0;
621 if(len == sizeof(uint32_t) && memcmp(((uint8_t *)&zero), data, sizeof(uint32_t)) == 0) 529 if(len == sizeof(uint32_t) && memcmp(((uint8_t *)&zero), data, sizeof(uint32_t)) == 0) {
622 {
623 increment_nonce(crypto_connections[i].recv_nonce); 530 increment_nonce(crypto_connections[i].recv_nonce);
624 crypto_connections[i].status = 3; 531 crypto_connections[i].status = 3;
625 532
@@ -627,18 +534,14 @@ static void receive_crypto()
627 kill_connection_in(crypto_connections[i].number, 3000000); 534 kill_connection_in(crypto_connections[i].number, 3000000);
628 } 535 }
629 else 536 else
630 {
631 /* This should not happen 537 /* This should not happen
632 kill the connection if it does */ 538 kill the connection if it does */
633 crypto_kill(crypto_connections[i].number); 539 crypto_kill(crypto_connections[i].number);
634 }
635 } 540 }
636 else if(id_packet(crypto_connections[i].number) != -1) 541 else if(id_packet(crypto_connections[i].number) != -1)
637 {
638 /* This should not happen 542 /* This should not happen
639 kill the connection if it does */ 543 kill the connection if it does */
640 crypto_kill(crypto_connections[i].number); 544 crypto_kill(crypto_connections[i].number);
641 }
642 } 545 }
643 } 546 }
644} 547}
@@ -651,22 +554,16 @@ void initNetCrypto()
651 memset(incoming_connections, -1 ,sizeof(incoming_connections)); 554 memset(incoming_connections, -1 ,sizeof(incoming_connections));
652 uint32_t i; 555 uint32_t i;
653 for(i = 0; i < MAX_CRYPTO_CONNECTIONS; ++i) 556 for(i = 0; i < MAX_CRYPTO_CONNECTIONS; ++i)
654 {
655 crypto_connections[i].number = ~0; 557 crypto_connections[i].number = ~0;
656 }
657} 558}
658 559
659static void killTimedout() 560static void killTimedout()
660{ 561{
661 uint32_t i; 562 uint32_t i;
662 for(i = 0; i < MAX_CRYPTO_CONNECTIONS; ++i) 563 for(i = 0; i < MAX_CRYPTO_CONNECTIONS; ++i) {
663 {
664 if(crypto_connections[i].status != 0 && is_connected(crypto_connections[i].number) == 4) 564 if(crypto_connections[i].status != 0 && is_connected(crypto_connections[i].number) == 4)
665 {
666 crypto_connections[i].status = 4; 565 crypto_connections[i].status = 4;
667 } 566 else if(is_connected(crypto_connections[i].number) == 4) {
668 else if(is_connected(crypto_connections[i].number) == 4)
669 {
670 kill_connection(crypto_connections[i].number); 567 kill_connection(crypto_connections[i].number);
671 crypto_connections[i].number = ~0; 568 crypto_connections[i].number = ~0;
672 } 569 }
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-07 05:11:55 +0000