diff options
Diffstat (limited to 'core/net_crypto.c')
| -rw-r--r-- | core/net_crypto.c | 414 |
1 files changed, 205 insertions, 209 deletions
diff --git a/core/net_crypto.c b/core/net_crypto.c index 8fcb62e1..dcf36a12 100644 --- a/core/net_crypto.c +++ b/core/net_crypto.c | |||
| @@ -26,42 +26,12 @@ | |||
| 26 | 26 | ||
| 27 | #include "net_crypto.h" | 27 | #include "net_crypto.h" |
| 28 | 28 | ||
| 29 | /* Our public and secret keys. */ | ||
| 30 | uint8_t self_public_key[crypto_box_PUBLICKEYBYTES]; | ||
| 31 | uint8_t self_secret_key[crypto_box_SECRETKEYBYTES]; | ||
| 32 | |||
| 33 | typedef struct { | ||
| 34 | uint8_t public_key[crypto_box_PUBLICKEYBYTES]; /* the real public key of the peer. */ | ||
| 35 | uint8_t recv_nonce[crypto_box_NONCEBYTES]; /* nonce of received packets */ | ||
| 36 | uint8_t sent_nonce[crypto_box_NONCEBYTES]; /* nonce of sent packets. */ | ||
| 37 | uint8_t sessionpublic_key[crypto_box_PUBLICKEYBYTES]; /* our public key for this session. */ | ||
| 38 | uint8_t sessionsecret_key[crypto_box_SECRETKEYBYTES]; /* our private key for this session. */ | ||
| 39 | uint8_t peersessionpublic_key[crypto_box_PUBLICKEYBYTES]; /* The public key of the peer. */ | ||
| 40 | uint8_t shared_key[crypto_box_BEFORENMBYTES]; /* the precomputed shared key from encrypt_precompute */ | ||
| 41 | uint8_t status; /* 0 if no connection, 1 we have sent a handshake, 2 if connexion is not confirmed yet | ||
| 42 | (we have received a handshake but no empty data packet), 3 if the connection is established. | ||
| 43 | 4 if the connection is timed out. */ | ||
| 44 | uint16_t number; /* Lossless_UDP connection number corresponding to this connection. */ | ||
| 45 | |||
| 46 | } Crypto_Connection; | ||
| 47 | |||
| 48 | static Crypto_Connection *crypto_connections; | ||
| 49 | |||
| 50 | static uint32_t crypto_connections_length; /* Length of connections array */ | ||
| 51 | |||
| 52 | #define MAX_CRYPTO_CONNECTIONS crypto_connections_length | ||
| 53 | |||
| 54 | #define CONN_NO_CONNECTION 0 | 29 | #define CONN_NO_CONNECTION 0 |
| 55 | #define CONN_HANDSHAKE_SENT 1 | 30 | #define CONN_HANDSHAKE_SENT 1 |
| 56 | #define CONN_NOT_CONFIRMED 2 | 31 | #define CONN_NOT_CONFIRMED 2 |
| 57 | #define CONN_ESTABLISHED 3 | 32 | #define CONN_ESTABLISHED 3 |
| 58 | #define CONN_TIMED_OUT 4 | 33 | #define CONN_TIMED_OUT 4 |
| 59 | 34 | ||
| 60 | #define MAX_INCOMING 64 | ||
| 61 | |||
| 62 | /* keeps track of the connection numbers for friends request so we can check later if they were sent */ | ||
| 63 | static int incoming_connections[MAX_INCOMING]; | ||
| 64 | |||
| 65 | /* Use this instead of memcmp; not vulnerable to timing attacks. */ | 35 | /* Use this instead of memcmp; not vulnerable to timing attacks. */ |
| 66 | uint8_t crypto_iszero(uint8_t *mem, uint32_t length) | 36 | uint8_t crypto_iszero(uint8_t *mem, uint32_t length) |
| 67 | { | 37 | { |
| @@ -175,16 +145,16 @@ void random_nonce(uint8_t *nonce) | |||
| 175 | /* return 0 if there is no received data in the buffer | 145 | /* return 0 if there is no received data in the buffer |
| 176 | return -1 if the packet was discarded. | 146 | return -1 if the packet was discarded. |
| 177 | return length of received data if successful */ | 147 | return length of received data if successful */ |
| 178 | int read_cryptpacket(int crypt_connection_id, uint8_t *data) | 148 | int read_cryptpacket(Net_Crypto *c, int crypt_connection_id, uint8_t *data) |
| 179 | { | 149 | { |
| 180 | if (crypt_connection_id < 0 || crypt_connection_id >= MAX_CRYPTO_CONNECTIONS) | 150 | if (crypt_connection_id < 0 || crypt_connection_id >= c->crypto_connections_length) |
| 181 | return 0; | 151 | return 0; |
| 182 | 152 | ||
| 183 | if (crypto_connections[crypt_connection_id].status != CONN_ESTABLISHED) | 153 | if (c->crypto_connections[crypt_connection_id].status != CONN_ESTABLISHED) |
| 184 | return 0; | 154 | return 0; |
| 185 | 155 | ||
| 186 | uint8_t temp_data[MAX_DATA_SIZE]; | 156 | uint8_t temp_data[MAX_DATA_SIZE]; |
| 187 | int length = read_packet(crypto_connections[crypt_connection_id].number, temp_data); | 157 | int length = read_packet(c->lossless_udp, c->crypto_connections[crypt_connection_id].number, temp_data); |
| 188 | 158 | ||
| 189 | if (length == 0) | 159 | if (length == 0) |
| 190 | return 0; | 160 | return 0; |
| @@ -192,12 +162,12 @@ int read_cryptpacket(int crypt_connection_id, uint8_t *data) | |||
| 192 | if (temp_data[0] != 3) | 162 | if (temp_data[0] != 3) |
| 193 | return -1; | 163 | return -1; |
| 194 | 164 | ||
| 195 | int len = decrypt_data_fast(crypto_connections[crypt_connection_id].shared_key, | 165 | int len = decrypt_data_fast(c->crypto_connections[crypt_connection_id].shared_key, |
| 196 | crypto_connections[crypt_connection_id].recv_nonce, | 166 | c->crypto_connections[crypt_connection_id].recv_nonce, |
| 197 | temp_data + 1, length - 1, data); | 167 | temp_data + 1, length - 1, data); |
| 198 | 168 | ||
| 199 | if (len != -1) { | 169 | if (len != -1) { |
| 200 | increment_nonce(crypto_connections[crypt_connection_id].recv_nonce); | 170 | increment_nonce(c->crypto_connections[crypt_connection_id].recv_nonce); |
| 201 | return len; | 171 | return len; |
| 202 | } | 172 | } |
| 203 | 173 | ||
| @@ -206,20 +176,20 @@ int read_cryptpacket(int crypt_connection_id, uint8_t *data) | |||
| 206 | 176 | ||
| 207 | /* return 0 if data could not be put in packet queue | 177 | /* return 0 if data could not be put in packet queue |
| 208 | return 1 if data was put into the queue */ | 178 | return 1 if data was put into the queue */ |
| 209 | int write_cryptpacket(int crypt_connection_id, uint8_t *data, uint32_t length) | 179 | int write_cryptpacket(Net_Crypto *c, int crypt_connection_id, uint8_t *data, uint32_t length) |
| 210 | { | 180 | { |
| 211 | if (crypt_connection_id < 0 || crypt_connection_id >= MAX_CRYPTO_CONNECTIONS) | 181 | if (crypt_connection_id < 0 || crypt_connection_id >= c->crypto_connections_length) |
| 212 | return 0; | 182 | return 0; |
| 213 | 183 | ||
| 214 | if (length - crypto_box_BOXZEROBYTES + crypto_box_ZEROBYTES > MAX_DATA_SIZE - 1) | 184 | if (length - crypto_box_BOXZEROBYTES + crypto_box_ZEROBYTES > MAX_DATA_SIZE - 1) |
| 215 | return 0; | 185 | return 0; |
| 216 | 186 | ||
| 217 | if (crypto_connections[crypt_connection_id].status != CONN_ESTABLISHED) | 187 | if (c->crypto_connections[crypt_connection_id].status != CONN_ESTABLISHED) |
| 218 | return 0; | 188 | return 0; |
| 219 | 189 | ||
| 220 | uint8_t temp_data[MAX_DATA_SIZE]; | 190 | uint8_t temp_data[MAX_DATA_SIZE]; |
| 221 | int len = encrypt_data_fast(crypto_connections[crypt_connection_id].shared_key, | 191 | int len = encrypt_data_fast(c->crypto_connections[crypt_connection_id].shared_key, |
| 222 | crypto_connections[crypt_connection_id].sent_nonce, | 192 | c->crypto_connections[crypt_connection_id].sent_nonce, |
| 223 | data, length, temp_data + 1); | 193 | data, length, temp_data + 1); |
| 224 | 194 | ||
| 225 | if (len == -1) | 195 | if (len == -1) |
| @@ -227,20 +197,22 @@ int write_cryptpacket(int crypt_connection_id, uint8_t *data, uint32_t length) | |||
| 227 | 197 | ||
| 228 | temp_data[0] = 3; | 198 | temp_data[0] = 3; |
| 229 | 199 | ||
| 230 | if (write_packet(crypto_connections[crypt_connection_id].number, temp_data, len + 1) == 0) | 200 | if (write_packet(c->lossless_udp, c->crypto_connections[crypt_connection_id].number, temp_data, len + 1) == 0) |
| 231 | return 0; | 201 | return 0; |
| 232 | 202 | ||
| 233 | increment_nonce(crypto_connections[crypt_connection_id].sent_nonce); | 203 | increment_nonce(c->crypto_connections[crypt_connection_id].sent_nonce); |
| 234 | return 1; | 204 | return 1; |
| 235 | } | 205 | } |
| 236 | 206 | ||
| 237 | /* create a request to peer with public_key. | 207 | /* create a request to peer. |
| 208 | send_public_key and send_secret_key are the pub/secret keys of the sender | ||
| 209 | recv_public_key is public key of reciever | ||
| 238 | packet must be an array of MAX_DATA_SIZE big. | 210 | packet must be an array of MAX_DATA_SIZE big. |
| 239 | Data represents the data we send with the request with length being the length of the data. | 211 | Data represents the data we send with the request with length being the length of the data. |
| 240 | request_id is the id of the request (32 = friend request, 254 = ping request) | 212 | request_id is the id of the request (32 = friend request, 254 = ping request) |
| 241 | returns -1 on failure | 213 | returns -1 on failure |
| 242 | returns the length of the created packet on success */ | 214 | returns the length of the created packet on success */ |
| 243 | int create_request(uint8_t *packet, uint8_t *public_key, uint8_t *data, uint32_t length, uint8_t request_id) | 215 | int create_request(uint8_t *send_public_key, uint8_t *send_secret_key, uint8_t *packet, uint8_t *recv_public_key, uint8_t *data, uint32_t length, uint8_t request_id) |
| 244 | { | 216 | { |
| 245 | if (MAX_DATA_SIZE < length + 1 + crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES + 1 + ENCRYPTION_PADDING) | 217 | if (MAX_DATA_SIZE < length + 1 + crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES + 1 + ENCRYPTION_PADDING) |
| 246 | return -1; | 218 | return -1; |
| @@ -250,15 +222,15 @@ int create_request(uint8_t *packet, uint8_t *public_key, uint8_t *data, uint32_t | |||
| 250 | memcpy(temp + 1, data, length); | 222 | memcpy(temp + 1, data, length); |
| 251 | temp[0] = request_id; | 223 | temp[0] = request_id; |
| 252 | random_nonce(nonce); | 224 | random_nonce(nonce); |
| 253 | int len = encrypt_data(public_key, self_secret_key, nonce, temp, length + 1, | 225 | int len = encrypt_data(recv_public_key, send_secret_key, nonce, temp, length + 1, |
| 254 | 1 + crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES + packet); | 226 | 1 + crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES + packet); |
| 255 | 227 | ||
| 256 | if (len == -1) | 228 | if (len == -1) |
| 257 | return -1; | 229 | return -1; |
| 258 | 230 | ||
| 259 | packet[0] = 32; | 231 | packet[0] = 32; |
| 260 | memcpy(packet + 1, public_key, crypto_box_PUBLICKEYBYTES); | 232 | memcpy(packet + 1, recv_public_key, crypto_box_PUBLICKEYBYTES); |
| 261 | memcpy(packet + 1 + crypto_box_PUBLICKEYBYTES, self_public_key, crypto_box_PUBLICKEYBYTES); | 233 | memcpy(packet + 1 + crypto_box_PUBLICKEYBYTES, send_public_key, crypto_box_PUBLICKEYBYTES); |
| 262 | memcpy(packet + 1 + crypto_box_PUBLICKEYBYTES * 2, nonce, crypto_box_NONCEBYTES); | 234 | memcpy(packet + 1 + crypto_box_PUBLICKEYBYTES * 2, nonce, crypto_box_NONCEBYTES); |
| 263 | 235 | ||
| 264 | return len + 1 + crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES; | 236 | return len + 1 + crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES; |
| @@ -268,17 +240,17 @@ int create_request(uint8_t *packet, uint8_t *public_key, uint8_t *data, uint32_t | |||
| 268 | in data if a friend or ping request was sent to us and returns the length of the data. | 240 | in data if a friend or ping request was sent to us and returns the length of the data. |
| 269 | packet is the request packet and length is its length | 241 | packet is the request packet and length is its length |
| 270 | return -1 if not valid request. */ | 242 | return -1 if not valid request. */ |
| 271 | static int handle_request(uint8_t *public_key, uint8_t *data, uint8_t *request_id, uint8_t *packet, uint16_t length) | 243 | static int handle_request(Net_Crypto *c, uint8_t *public_key, uint8_t *data, uint8_t *request_id, uint8_t *packet, uint16_t length) |
| 272 | { | 244 | { |
| 273 | 245 | ||
| 274 | if (length > crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES + 1 + ENCRYPTION_PADDING && | 246 | if (length > crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES + 1 + ENCRYPTION_PADDING && |
| 275 | length <= MAX_DATA_SIZE + ENCRYPTION_PADDING && | 247 | length <= MAX_DATA_SIZE + ENCRYPTION_PADDING && |
| 276 | memcmp(packet + 1, self_public_key, crypto_box_PUBLICKEYBYTES) == 0) { | 248 | memcmp(packet + 1, c->self_public_key, crypto_box_PUBLICKEYBYTES) == 0) { |
| 277 | memcpy(public_key, packet + 1 + crypto_box_PUBLICKEYBYTES, crypto_box_PUBLICKEYBYTES); | 249 | memcpy(public_key, packet + 1 + crypto_box_PUBLICKEYBYTES, crypto_box_PUBLICKEYBYTES); |
| 278 | uint8_t nonce[crypto_box_NONCEBYTES]; | 250 | uint8_t nonce[crypto_box_NONCEBYTES]; |
| 279 | uint8_t temp[MAX_DATA_SIZE]; | 251 | uint8_t temp[MAX_DATA_SIZE]; |
| 280 | memcpy(nonce, packet + 1 + crypto_box_PUBLICKEYBYTES * 2, crypto_box_NONCEBYTES); | 252 | memcpy(nonce, packet + 1 + crypto_box_PUBLICKEYBYTES * 2, crypto_box_NONCEBYTES); |
| 281 | int len1 = decrypt_data(public_key, self_secret_key, nonce, | 253 | int len1 = decrypt_data(public_key, c->self_secret_key, nonce, |
| 282 | packet + 1 + crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES, | 254 | packet + 1 + crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES, |
| 283 | length - (crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES + 1), temp); | 255 | length - (crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES + 1), temp); |
| 284 | 256 | ||
| @@ -293,15 +265,14 @@ static int handle_request(uint8_t *public_key, uint8_t *data, uint8_t *request_i | |||
| 293 | return -1; | 265 | return -1; |
| 294 | } | 266 | } |
| 295 | 267 | ||
| 296 | static cryptopacket_handler_callback cryptopackethandlers[256] = {0}; | 268 | void cryptopacket_registerhandler(Net_Crypto *c, uint8_t byte, cryptopacket_handler_callback cb) |
| 297 | |||
| 298 | void cryptopacket_registerhandler(uint8_t byte, cryptopacket_handler_callback cb) | ||
| 299 | { | 269 | { |
| 300 | cryptopackethandlers[byte] = cb; | 270 | c->cryptopackethandlers[byte] = cb; |
| 301 | } | 271 | } |
| 302 | 272 | ||
| 303 | static int cryptopacket_handle(IP_Port source, uint8_t *packet, uint32_t length) | 273 | static int cryptopacket_handle(void *object, IP_Port source, uint8_t *packet, uint32_t length) |
| 304 | { | 274 | { |
| 275 | Net_Crypto *c = object; | ||
| 305 | if (packet[0] == 32) { | 276 | if (packet[0] == 32) { |
| 306 | if (length <= crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES + 1 + ENCRYPTION_PADDING || | 277 | if (length <= crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES + 1 + ENCRYPTION_PADDING || |
| 307 | length > MAX_DATA_SIZE + ENCRYPTION_PADDING) | 278 | length > MAX_DATA_SIZE + ENCRYPTION_PADDING) |
| @@ -311,17 +282,17 @@ static int cryptopacket_handle(IP_Port source, uint8_t *packet, uint32_t length) | |||
| 311 | uint8_t public_key[crypto_box_PUBLICKEYBYTES]; | 282 | uint8_t public_key[crypto_box_PUBLICKEYBYTES]; |
| 312 | uint8_t data[MAX_DATA_SIZE]; | 283 | uint8_t data[MAX_DATA_SIZE]; |
| 313 | uint8_t number; | 284 | uint8_t number; |
| 314 | int len = handle_request(public_key, data, &number, packet, length); | 285 | int len = handle_request(c, public_key, data, &number, packet, length); |
| 315 | 286 | ||
| 316 | if (len == -1 || len == 0) | 287 | if (len == -1 || len == 0) |
| 317 | return 1; | 288 | return 1; |
| 318 | 289 | ||
| 319 | if (!cryptopackethandlers[number]) return 1; | 290 | if (!c->cryptopackethandlers[number]) return 1; |
| 320 | 291 | ||
| 321 | cryptopackethandlers[number](source, public_key, data, len); | 292 | c->cryptopackethandlers[number](source, public_key, data, len); |
| 322 | 293 | ||
| 323 | } else { /* if request is not for us, try routing it. */ | 294 | } else { /* if request is not for us, try routing it. */ |
| 324 | if (route_packet(packet + 1, packet, length) == length) | 295 | if (route_packet(packet + 1, packet, length) == length) //NOTE |
| 325 | return 0; | 296 | return 0; |
| 326 | } | 297 | } |
| 327 | } | 298 | } |
| @@ -332,7 +303,7 @@ static int cryptopacket_handle(IP_Port source, uint8_t *packet, uint32_t length) | |||
| 332 | /* Send a crypto handshake packet containing an encrypted secret nonce and session public key | 303 | /* Send a crypto handshake packet containing an encrypted secret nonce and session public key |
| 333 | to peer with connection_id and public_key | 304 | to peer with connection_id and public_key |
| 334 | the packet is encrypted with a random nonce which is sent in plain text with the packet */ | 305 | the packet is encrypted with a random nonce which is sent in plain text with the packet */ |
| 335 | static int send_cryptohandshake(int connection_id, uint8_t *public_key, uint8_t *secret_nonce, uint8_t *session_key) | 306 | static int send_cryptohandshake(Net_Crypto *c, int connection_id, uint8_t *public_key, uint8_t *secret_nonce, uint8_t *session_key) |
| 336 | { | 307 | { |
| 337 | uint8_t temp_data[MAX_DATA_SIZE]; | 308 | uint8_t temp_data[MAX_DATA_SIZE]; |
| 338 | uint8_t temp[crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES]; | 309 | uint8_t temp[crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES]; |
| @@ -342,22 +313,22 @@ static int send_cryptohandshake(int connection_id, uint8_t *public_key, uint8_t | |||
| 342 | memcpy(temp, secret_nonce, crypto_box_NONCEBYTES); | 313 | memcpy(temp, secret_nonce, crypto_box_NONCEBYTES); |
| 343 | memcpy(temp + crypto_box_NONCEBYTES, session_key, crypto_box_PUBLICKEYBYTES); | 314 | memcpy(temp + crypto_box_NONCEBYTES, session_key, crypto_box_PUBLICKEYBYTES); |
| 344 | 315 | ||
| 345 | int len = encrypt_data(public_key, self_secret_key, nonce, temp, crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES, | 316 | int len = encrypt_data(public_key, c->self_secret_key, nonce, temp, crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES, |
| 346 | 1 + crypto_box_PUBLICKEYBYTES + crypto_box_NONCEBYTES + temp_data); | 317 | 1 + crypto_box_PUBLICKEYBYTES + crypto_box_NONCEBYTES + temp_data); |
| 347 | 318 | ||
| 348 | if (len == -1) | 319 | if (len == -1) |
| 349 | return 0; | 320 | return 0; |
| 350 | 321 | ||
| 351 | temp_data[0] = 2; | 322 | temp_data[0] = 2; |
| 352 | memcpy(temp_data + 1, self_public_key, crypto_box_PUBLICKEYBYTES); | 323 | memcpy(temp_data + 1, c->self_public_key, crypto_box_PUBLICKEYBYTES); |
| 353 | memcpy(temp_data + 1 + crypto_box_PUBLICKEYBYTES, nonce, crypto_box_NONCEBYTES); | 324 | memcpy(temp_data + 1 + crypto_box_PUBLICKEYBYTES, nonce, crypto_box_NONCEBYTES); |
| 354 | return write_packet(connection_id, temp_data, len + 1 + crypto_box_PUBLICKEYBYTES + crypto_box_NONCEBYTES); | 325 | return write_packet(c->lossless_udp, connection_id, temp_data, len + 1 + crypto_box_PUBLICKEYBYTES + crypto_box_NONCEBYTES); |
| 355 | } | 326 | } |
| 356 | 327 | ||
| 357 | /* Extract secret nonce, session public key and public_key from a packet(data) with length length | 328 | /* Extract secret nonce, session public key and public_key from a packet(data) with length length |
| 358 | return 1 if successful | 329 | return 1 if successful |
| 359 | return 0 if failure */ | 330 | return 0 if failure */ |
| 360 | static int handle_cryptohandshake(uint8_t *public_key, uint8_t *secret_nonce, | 331 | static int handle_cryptohandshake(Net_Crypto *c, uint8_t *public_key, uint8_t *secret_nonce, |
| 361 | uint8_t *session_key, uint8_t *data, uint16_t length) | 332 | uint8_t *session_key, uint8_t *data, uint16_t length) |
| 362 | { | 333 | { |
| 363 | int pad = (- crypto_box_BOXZEROBYTES + crypto_box_ZEROBYTES); | 334 | int pad = (- crypto_box_BOXZEROBYTES + crypto_box_ZEROBYTES); |
| @@ -374,7 +345,7 @@ static int handle_cryptohandshake(uint8_t *public_key, uint8_t *secret_nonce, | |||
| 374 | 345 | ||
| 375 | memcpy(public_key, data + 1, crypto_box_PUBLICKEYBYTES); | 346 | memcpy(public_key, data + 1, crypto_box_PUBLICKEYBYTES); |
| 376 | 347 | ||
| 377 | int len = decrypt_data(public_key, self_secret_key, data + 1 + crypto_box_PUBLICKEYBYTES, | 348 | int len = decrypt_data(public_key, c->self_secret_key, data + 1 + crypto_box_PUBLICKEYBYTES, |
| 378 | data + 1 + crypto_box_PUBLICKEYBYTES + crypto_box_NONCEBYTES, | 349 | data + 1 + crypto_box_PUBLICKEYBYTES + crypto_box_NONCEBYTES, |
| 379 | crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES + pad, temp); | 350 | crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES + pad, temp); |
| 380 | 351 | ||
| @@ -389,13 +360,13 @@ static int handle_cryptohandshake(uint8_t *public_key, uint8_t *secret_nonce, | |||
| 389 | /* get crypto connection id from public key of peer | 360 | /* get crypto connection id from public key of peer |
| 390 | return -1 if there are no connections like we are looking for | 361 | return -1 if there are no connections like we are looking for |
| 391 | return id if it found it */ | 362 | return id if it found it */ |
| 392 | static int getcryptconnection_id(uint8_t *public_key) | 363 | static int getcryptconnection_id(Net_Crypto *c, uint8_t *public_key) |
| 393 | { | 364 | { |
| 394 | uint32_t i; | 365 | uint32_t i; |
| 395 | 366 | ||
| 396 | for (i = 0; i < MAX_CRYPTO_CONNECTIONS; ++i) { | 367 | for (i = 0; i < c->crypto_connections_length; ++i) { |
| 397 | if (crypto_connections[i].status != CONN_NO_CONNECTION) | 368 | if (c->crypto_connections[i].status != CONN_NO_CONNECTION) |
| 398 | if (memcmp(public_key, crypto_connections[i].public_key, crypto_box_PUBLICKEYBYTES) == 0) | 369 | if (memcmp(public_key, c->crypto_connections[i].public_key, crypto_box_PUBLICKEYBYTES) == 0) |
| 399 | return i; | 370 | return i; |
| 400 | } | 371 | } |
| 401 | 372 | ||
| @@ -404,63 +375,63 @@ static int getcryptconnection_id(uint8_t *public_key) | |||
| 404 | 375 | ||
| 405 | /* set the size of the friend list to numfriends | 376 | /* set the size of the friend list to numfriends |
| 406 | return -1 if realloc fails */ | 377 | return -1 if realloc fails */ |
| 407 | int realloc_cryptoconnection(uint32_t num) | 378 | int realloc_cryptoconnection(Net_Crypto *c, uint32_t num) |
| 408 | { | 379 | { |
| 409 | if (num == 0) { | 380 | if (num == 0) { |
| 410 | free(crypto_connections); | 381 | free(c->crypto_connections); |
| 411 | crypto_connections = NULL; | 382 | c->crypto_connections = NULL; |
| 412 | return 0; | 383 | return 0; |
| 413 | } | 384 | } |
| 414 | 385 | ||
| 415 | Crypto_Connection *newcrypto_connections = realloc(crypto_connections, num * sizeof(Crypto_Connection)); | 386 | Crypto_Connection *newcrypto_connections = realloc(c->crypto_connections, num * sizeof(Crypto_Connection)); |
| 416 | 387 | ||
| 417 | if (newcrypto_connections == NULL) | 388 | if (newcrypto_connections == NULL) |
| 418 | return -1; | 389 | return -1; |
| 419 | 390 | ||
| 420 | crypto_connections = newcrypto_connections; | 391 | c->crypto_connections = newcrypto_connections; |
| 421 | return 0; | 392 | return 0; |
| 422 | } | 393 | } |
| 423 | 394 | ||
| 424 | /* Start a secure connection with other peer who has public_key and ip_port | 395 | /* Start a secure connection with other peer who has public_key and ip_port |
| 425 | returns -1 if failure | 396 | returns -1 if failure |
| 426 | returns crypt_connection_id of the initialized connection if everything went well. */ | 397 | returns crypt_connection_id of the initialized connection if everything went well. */ |
| 427 | int crypto_connect(uint8_t *public_key, IP_Port ip_port) | 398 | int crypto_connect(Net_Crypto *c, uint8_t *public_key, IP_Port ip_port) |
| 428 | { | 399 | { |
| 429 | uint32_t i; | 400 | uint32_t i; |
| 430 | int id = getcryptconnection_id(public_key); | 401 | int id = getcryptconnection_id(c, public_key); |
| 431 | 402 | ||
| 432 | if (id != -1) { | 403 | if (id != -1) { |
| 433 | IP_Port c_ip = connection_ip(crypto_connections[id].number); | 404 | IP_Port c_ip = connection_ip(c->lossless_udp, c->crypto_connections[id].number); |
| 434 | 405 | ||
| 435 | if (c_ip.ip.i == ip_port.ip.i && c_ip.port == ip_port.port) | 406 | if (c_ip.ip.i == ip_port.ip.i && c_ip.port == ip_port.port) |
| 436 | return -1; | 407 | return -1; |
| 437 | } | 408 | } |
| 438 | 409 | ||
| 439 | if (realloc_cryptoconnection(crypto_connections_length + 1) == -1) | 410 | if (realloc_cryptoconnection(c, c->crypto_connections_length + 1) == -1) |
| 440 | return -1; | 411 | return -1; |
| 441 | 412 | ||
| 442 | memset(&crypto_connections[crypto_connections_length], 0, sizeof(Crypto_Connection)); | 413 | memset(&(c->crypto_connections[c->crypto_connections_length]), 0, sizeof(Crypto_Connection)); |
| 443 | crypto_connections[crypto_connections_length].number = ~0; | 414 | c->crypto_connections[c->crypto_connections_length].number = ~0; |
| 444 | 415 | ||
| 445 | for (i = 0; i <= MAX_CRYPTO_CONNECTIONS; ++i) { | 416 | for (i = 0; i <= c->crypto_connections_length; ++i) { |
| 446 | if (crypto_connections[i].status == CONN_NO_CONNECTION) { | 417 | if (c->crypto_connections[i].status == CONN_NO_CONNECTION) { |
| 447 | int id = new_connection(ip_port); | 418 | int id = new_connection(c->lossless_udp, ip_port); |
| 448 | 419 | ||
| 449 | if (id == -1) | 420 | if (id == -1) |
| 450 | return -1; | 421 | return -1; |
| 451 | 422 | ||
| 452 | crypto_connections[i].number = id; | 423 | c->crypto_connections[i].number = id; |
| 453 | crypto_connections[i].status = CONN_HANDSHAKE_SENT; | 424 | c->crypto_connections[i].status = CONN_HANDSHAKE_SENT; |
| 454 | random_nonce(crypto_connections[i].recv_nonce); | 425 | random_nonce(c->crypto_connections[i].recv_nonce); |
| 455 | memcpy(crypto_connections[i].public_key, public_key, crypto_box_PUBLICKEYBYTES); | 426 | memcpy(c->crypto_connections[i].public_key, public_key, crypto_box_PUBLICKEYBYTES); |
| 456 | crypto_box_keypair(crypto_connections[i].sessionpublic_key, crypto_connections[i].sessionsecret_key); | 427 | crypto_box_keypair(c->crypto_connections[i].sessionpublic_key, c->crypto_connections[i].sessionsecret_key); |
| 457 | 428 | ||
| 458 | if (crypto_connections_length == i) | 429 | if (c->crypto_connections_length == i) |
| 459 | ++crypto_connections_length; | 430 | ++c->crypto_connections_length; |
| 460 | 431 | ||
| 461 | if (send_cryptohandshake(id, public_key, crypto_connections[i].recv_nonce, | 432 | if (send_cryptohandshake(c, id, public_key, c->crypto_connections[i].recv_nonce, |
| 462 | crypto_connections[i].sessionpublic_key) == 1) { | 433 | c->crypto_connections[i].sessionpublic_key) == 1) { |
| 463 | increment_nonce(crypto_connections[i].recv_nonce); | 434 | increment_nonce(c->crypto_connections[i].recv_nonce); |
| 464 | return i; | 435 | return i; |
| 465 | } | 436 | } |
| 466 | 437 | ||
| @@ -478,25 +449,25 @@ int crypto_connect(uint8_t *public_key, IP_Port ip_port) | |||
| 478 | and the session public key for the connection in session_key | 449 | and the session public key for the connection in session_key |
| 479 | to accept it see: accept_crypto_inbound(...) | 450 | to accept it see: accept_crypto_inbound(...) |
| 480 | to refuse it just call kill_connection(...) on the connection id */ | 451 | to refuse it just call kill_connection(...) on the connection id */ |
| 481 | int crypto_inbound(uint8_t *public_key, uint8_t *secret_nonce, uint8_t *session_key) | 452 | int crypto_inbound(Net_Crypto *c, uint8_t *public_key, uint8_t *secret_nonce, uint8_t *session_key) |
| 482 | { | 453 | { |
| 483 | uint32_t i; | 454 | uint32_t i; |
| 484 | 455 | ||
| 485 | for (i = 0; i < MAX_INCOMING; ++i) { | 456 | for (i = 0; i < MAX_INCOMING; ++i) { |
| 486 | if (incoming_connections[i] != -1) { | 457 | if (c->incoming_connections[i] != -1) { |
| 487 | if (is_connected(incoming_connections[i]) == 4 || is_connected(incoming_connections[i]) == 0) { | 458 | if (is_connected(c->lossless_udp, c->incoming_connections[i]) == 4 || is_connected(c->lossless_udp, c->incoming_connections[i]) == 0) { |
| 488 | kill_connection(incoming_connections[i]); | 459 | kill_connection(c->lossless_udp, c->incoming_connections[i]); |
| 489 | incoming_connections[i] = -1; | 460 | c->incoming_connections[i] = -1; |
| 490 | continue; | 461 | continue; |
| 491 | } | 462 | } |
| 492 | 463 | ||
| 493 | if (id_packet(incoming_connections[i]) == 2) { | 464 | if (id_packet(c->lossless_udp, c->incoming_connections[i]) == 2) { |
| 494 | uint8_t temp_data[MAX_DATA_SIZE]; | 465 | uint8_t temp_data[MAX_DATA_SIZE]; |
| 495 | uint16_t len = read_packet(incoming_connections[i], temp_data); | 466 | uint16_t len = read_packet(c->lossless_udp, c->incoming_connections[i], temp_data); |
| 496 | 467 | ||
| 497 | if (handle_cryptohandshake(public_key, secret_nonce, session_key, temp_data, len)) { | 468 | if (handle_cryptohandshake(c, public_key, secret_nonce, session_key, temp_data, len)) { |
| 498 | int connection_id = incoming_connections[i]; | 469 | int connection_id = c->incoming_connections[i]; |
| 499 | incoming_connections[i] = -1; /* remove this connection from the incoming connection list. */ | 470 | c->incoming_connections[i] = -1; /* remove this connection from the incoming connection list. */ |
| 500 | return connection_id; | 471 | return connection_id; |
| 501 | } | 472 | } |
| 502 | } | 473 | } |
| @@ -509,25 +480,25 @@ int crypto_inbound(uint8_t *public_key, uint8_t *secret_nonce, uint8_t *session_ | |||
| 509 | /* kill a crypto connection | 480 | /* kill a crypto connection |
| 510 | return 0 if killed successfully | 481 | return 0 if killed successfully |
| 511 | return 1 if there was a problem. */ | 482 | return 1 if there was a problem. */ |
| 512 | int crypto_kill(int crypt_connection_id) | 483 | int crypto_kill(Net_Crypto *c, int crypt_connection_id) |
| 513 | { | 484 | { |
| 514 | if (crypt_connection_id < 0 || crypt_connection_id >= MAX_CRYPTO_CONNECTIONS) | 485 | if (crypt_connection_id < 0 || crypt_connection_id >= c->crypto_connections_length) |
| 515 | return 1; | 486 | return 1; |
| 516 | 487 | ||
| 517 | if (crypto_connections[crypt_connection_id].status != CONN_NO_CONNECTION) { | 488 | if (c->crypto_connections[crypt_connection_id].status != CONN_NO_CONNECTION) { |
| 518 | crypto_connections[crypt_connection_id].status = CONN_NO_CONNECTION; | 489 | c->crypto_connections[crypt_connection_id].status = CONN_NO_CONNECTION; |
| 519 | kill_connection(crypto_connections[crypt_connection_id].number); | 490 | kill_connection(c->lossless_udp, c->crypto_connections[crypt_connection_id].number); |
| 520 | memset(&crypto_connections[crypt_connection_id], 0 , sizeof(Crypto_Connection)); | 491 | memset(&(c->crypto_connections[crypt_connection_id]), 0 , sizeof(Crypto_Connection)); |
| 521 | crypto_connections[crypt_connection_id].number = ~0; | 492 | c->crypto_connections[crypt_connection_id].number = ~0; |
| 522 | uint32_t i; | 493 | uint32_t i; |
| 523 | 494 | ||
| 524 | for (i = crypto_connections_length; i != 0; --i) { | 495 | for (i = c->crypto_connections_length; i != 0; --i) { |
| 525 | if (crypto_connections[i - 1].status != CONN_NO_CONNECTION) | 496 | if (c->crypto_connections[i - 1].status != CONN_NO_CONNECTION) |
| 526 | break; | 497 | break; |
| 527 | } | 498 | } |
| 528 | 499 | ||
| 529 | crypto_connections_length = i; | 500 | c->crypto_connections_length = i; |
| 530 | realloc_cryptoconnection(crypto_connections_length); | 501 | realloc_cryptoconnection(c, c->crypto_connections_length); |
| 531 | return 0; | 502 | return 0; |
| 532 | } | 503 | } |
| 533 | 504 | ||
| @@ -537,7 +508,7 @@ int crypto_kill(int crypt_connection_id) | |||
| 537 | /* accept an incoming connection using the parameters provided by crypto_inbound | 508 | /* accept an incoming connection using the parameters provided by crypto_inbound |
| 538 | return -1 if not successful | 509 | return -1 if not successful |
| 539 | returns the crypt_connection_id if successful */ | 510 | returns the crypt_connection_id if successful */ |
| 540 | int accept_crypto_inbound(int connection_id, uint8_t *public_key, uint8_t *secret_nonce, uint8_t *session_key) | 511 | int accept_crypto_inbound(Net_Crypto *c, int connection_id, uint8_t *public_key, uint8_t *secret_nonce, uint8_t *session_key) |
| 541 | { | 512 | { |
| 542 | uint32_t i; | 513 | uint32_t i; |
| 543 | 514 | ||
| @@ -549,37 +520,37 @@ int accept_crypto_inbound(int connection_id, uint8_t *public_key, uint8_t *secre | |||
| 549 | { | 520 | { |
| 550 | return -1; | 521 | return -1; |
| 551 | }*/ | 522 | }*/ |
| 552 | if (realloc_cryptoconnection(crypto_connections_length + 1) == -1) | 523 | if (realloc_cryptoconnection(c, c->crypto_connections_length + 1) == -1) |
| 553 | return -1; | 524 | return -1; |
| 554 | 525 | ||
| 555 | memset(&crypto_connections[crypto_connections_length], 0, sizeof(Crypto_Connection)); | 526 | memset(&(c->crypto_connections[c->crypto_connections_length]), 0, sizeof(Crypto_Connection)); |
| 556 | crypto_connections[crypto_connections_length].number = ~0; | 527 | c->crypto_connections[c->crypto_connections_length].number = ~0; |
| 557 | 528 | ||
| 558 | for (i = 0; i <= MAX_CRYPTO_CONNECTIONS; ++i) { | 529 | for (i = 0; i <= c->crypto_connections_length; ++i) { |
| 559 | if (crypto_connections[i].status == CONN_NO_CONNECTION) { | 530 | if (c->crypto_connections[i].status == CONN_NO_CONNECTION) { |
| 560 | crypto_connections[i].number = connection_id; | 531 | c->crypto_connections[i].number = connection_id; |
| 561 | crypto_connections[i].status = CONN_NOT_CONFIRMED; | 532 | c->crypto_connections[i].status = CONN_NOT_CONFIRMED; |
| 562 | random_nonce(crypto_connections[i].recv_nonce); | 533 | random_nonce(c->crypto_connections[i].recv_nonce); |
| 563 | memcpy(crypto_connections[i].sent_nonce, secret_nonce, crypto_box_NONCEBYTES); | 534 | memcpy(c->crypto_connections[i].sent_nonce, secret_nonce, crypto_box_NONCEBYTES); |
| 564 | memcpy(crypto_connections[i].peersessionpublic_key, session_key, crypto_box_PUBLICKEYBYTES); | 535 | memcpy(c->crypto_connections[i].peersessionpublic_key, session_key, crypto_box_PUBLICKEYBYTES); |
| 565 | increment_nonce(crypto_connections[i].sent_nonce); | 536 | increment_nonce(c->crypto_connections[i].sent_nonce); |
| 566 | memcpy(crypto_connections[i].public_key, public_key, crypto_box_PUBLICKEYBYTES); | 537 | memcpy(c->crypto_connections[i].public_key, public_key, crypto_box_PUBLICKEYBYTES); |
| 567 | 538 | ||
| 568 | crypto_box_keypair(crypto_connections[i].sessionpublic_key, crypto_connections[i].sessionsecret_key); | 539 | crypto_box_keypair(c->crypto_connections[i].sessionpublic_key, c->crypto_connections[i].sessionsecret_key); |
| 569 | 540 | ||
| 570 | if (crypto_connections_length == i) | 541 | if (c->crypto_connections_length == i) |
| 571 | ++crypto_connections_length; | 542 | ++c->crypto_connections_length; |
| 572 | 543 | ||
| 573 | if (send_cryptohandshake(connection_id, public_key, crypto_connections[i].recv_nonce, | 544 | if (send_cryptohandshake(c, connection_id, public_key, c->crypto_connections[i].recv_nonce, |
| 574 | crypto_connections[i].sessionpublic_key) == 1) { | 545 | c->crypto_connections[i].sessionpublic_key) == 1) { |
| 575 | increment_nonce(crypto_connections[i].recv_nonce); | 546 | increment_nonce(c->crypto_connections[i].recv_nonce); |
| 576 | uint32_t zero = 0; | 547 | uint32_t zero = 0; |
| 577 | encrypt_precompute(crypto_connections[i].peersessionpublic_key, | 548 | encrypt_precompute(c->crypto_connections[i].peersessionpublic_key, |
| 578 | crypto_connections[i].sessionsecret_key, | 549 | c->crypto_connections[i].sessionsecret_key, |
| 579 | crypto_connections[i].shared_key); | 550 | c->crypto_connections[i].shared_key); |
| 580 | crypto_connections[i].status = CONN_ESTABLISHED; /* connection status needs to be 3 for write_cryptpacket() to work */ | 551 | c->crypto_connections[i].status = CONN_ESTABLISHED; /* connection status needs to be 3 for write_cryptpacket() to work */ |
| 581 | write_cryptpacket(i, ((uint8_t *)&zero), sizeof(zero)); | 552 | write_cryptpacket(c, i, ((uint8_t *)&zero), sizeof(zero)); |
| 582 | crypto_connections[i].status = CONN_NOT_CONFIRMED; /* set it to its proper value right after. */ | 553 | c->crypto_connections[i].status = CONN_NOT_CONFIRMED; /* set it to its proper value right after. */ |
| 583 | return i; | 554 | return i; |
| 584 | } | 555 | } |
| 585 | 556 | ||
| @@ -593,48 +564,54 @@ int accept_crypto_inbound(int connection_id, uint8_t *public_key, uint8_t *secre | |||
| 593 | /* return 0 if no connection, 1 we have sent a handshake, 2 if connection is not confirmed yet | 564 | /* return 0 if no connection, 1 we have sent a handshake, 2 if connection is not confirmed yet |
| 594 | (we have received a handshake but no empty data packet), 3 if the connection is established. | 565 | (we have received a handshake but no empty data packet), 3 if the connection is established. |
| 595 | 4 if the connection is timed out and waiting to be killed */ | 566 | 4 if the connection is timed out and waiting to be killed */ |
| 596 | int is_cryptoconnected(int crypt_connection_id) | 567 | int is_cryptoconnected(Net_Crypto *c, int crypt_connection_id) |
| 597 | { | 568 | { |
| 598 | if (crypt_connection_id >= 0 && crypt_connection_id < MAX_CRYPTO_CONNECTIONS) | 569 | if (crypt_connection_id >= 0 && crypt_connection_id < c->crypto_connections_length) |
| 599 | return crypto_connections[crypt_connection_id].status; | 570 | return c->crypto_connections[crypt_connection_id].status; |
| 600 | 571 | ||
| 601 | return CONN_NO_CONNECTION; | 572 | return CONN_NO_CONNECTION; |
| 602 | } | 573 | } |
| 603 | 574 | ||
| 604 | /* Generate our public and private keys | 575 | /* Generate our public and private keys |
| 605 | Only call this function the first time the program starts. */ | 576 | Only call this function the first time the program starts. */ |
| 606 | void new_keys(void) | 577 | |
| 578 | extern uint8_t self_public_key[crypto_box_PUBLICKEYBYTES];//TODO: Remove this | ||
| 579 | extern uint8_t self_secret_key[crypto_box_SECRETKEYBYTES]; | ||
| 580 | |||
| 581 | void new_keys(Net_Crypto *c) | ||
| 607 | { | 582 | { |
| 608 | crypto_box_keypair(self_public_key, self_secret_key); | 583 | crypto_box_keypair(c->self_public_key, c->self_secret_key); |
| 584 | memcpy(self_public_key, c->self_public_key, crypto_box_PUBLICKEYBYTES); | ||
| 585 | memcpy(self_secret_key, c->self_secret_key, crypto_box_PUBLICKEYBYTES); | ||
| 609 | } | 586 | } |
| 610 | 587 | ||
| 611 | /* save the public and private keys to the keys array | 588 | /* save the public and private keys to the keys array |
| 612 | Length must be crypto_box_PUBLICKEYBYTES + crypto_box_SECRETKEYBYTES */ | 589 | Length must be crypto_box_PUBLICKEYBYTES + crypto_box_SECRETKEYBYTES */ |
| 613 | void save_keys(uint8_t *keys) | 590 | void save_keys(Net_Crypto *c, uint8_t *keys) |
| 614 | { | 591 | { |
| 615 | memcpy(keys, self_public_key, crypto_box_PUBLICKEYBYTES); | 592 | memcpy(keys, c->self_public_key, crypto_box_PUBLICKEYBYTES); |
| 616 | memcpy(keys + crypto_box_PUBLICKEYBYTES, self_secret_key, crypto_box_SECRETKEYBYTES); | 593 | memcpy(keys + crypto_box_PUBLICKEYBYTES, c->self_secret_key, crypto_box_SECRETKEYBYTES); |
| 617 | } | 594 | } |
| 618 | 595 | ||
| 619 | /* load the public and private keys from the keys array | 596 | /* load the public and private keys from the keys array |
| 620 | Length must be crypto_box_PUBLICKEYBYTES + crypto_box_SECRETKEYBYTES */ | 597 | Length must be crypto_box_PUBLICKEYBYTES + crypto_box_SECRETKEYBYTES */ |
| 621 | void load_keys(uint8_t *keys) | 598 | void load_keys(Net_Crypto *c, uint8_t *keys) |
| 622 | { | 599 | { |
| 623 | memcpy(self_public_key, keys, crypto_box_PUBLICKEYBYTES); | 600 | memcpy(c->self_public_key, keys, crypto_box_PUBLICKEYBYTES); |
| 624 | memcpy(self_secret_key, keys + crypto_box_PUBLICKEYBYTES, crypto_box_SECRETKEYBYTES); | 601 | memcpy(c->self_secret_key, keys + crypto_box_PUBLICKEYBYTES, crypto_box_SECRETKEYBYTES); |
| 625 | } | 602 | } |
| 626 | 603 | ||
| 627 | /* TODO: optimize this | 604 | /* TODO: optimize this |
| 628 | adds an incoming connection to the incoming_connection list. | 605 | adds an incoming connection to the incoming_connection list. |
| 629 | returns 0 if successful | 606 | returns 0 if successful |
| 630 | returns 1 if failure */ | 607 | returns 1 if failure */ |
| 631 | static int new_incoming(int id) | 608 | static int new_incoming(Net_Crypto *c, int id) |
| 632 | { | 609 | { |
| 633 | uint32_t i; | 610 | uint32_t i; |
| 634 | 611 | ||
| 635 | for (i = 0; i < MAX_INCOMING; ++i) { | 612 | for (i = 0; i < MAX_INCOMING; ++i) { |
| 636 | if (incoming_connections[i] == -1) { | 613 | if (c->incoming_connections[i] == -1) { |
| 637 | incoming_connections[i] = id; | 614 | c->incoming_connections[i] = id; |
| 638 | return 0; | 615 | return 0; |
| 639 | } | 616 | } |
| 640 | } | 617 | } |
| @@ -644,81 +621,81 @@ static int new_incoming(int id) | |||
| 644 | 621 | ||
| 645 | /* TODO: optimize this | 622 | /* TODO: optimize this |
| 646 | handle all new incoming connections. */ | 623 | handle all new incoming connections. */ |
| 647 | static void handle_incomings(void) | 624 | static void handle_incomings(Net_Crypto *c) |
| 648 | { | 625 | { |
| 649 | int income; | 626 | int income; |
| 650 | 627 | ||
| 651 | while (1) { | 628 | while (1) { |
| 652 | income = incoming_connection(); | 629 | income = incoming_connection(c->lossless_udp); |
| 653 | 630 | ||
| 654 | if (income == -1 || new_incoming(income) ) | 631 | if (income == -1 || new_incoming(c, income) ) |
| 655 | break; | 632 | break; |
| 656 | } | 633 | } |
| 657 | } | 634 | } |
| 658 | 635 | ||
| 659 | /* handle received packets for not yet established crypto connections. */ | 636 | /* handle received packets for not yet established crypto connections. */ |
| 660 | static void receive_crypto(void) | 637 | static void receive_crypto(Net_Crypto *c) |
| 661 | { | 638 | { |
| 662 | uint32_t i; | 639 | uint32_t i; |
| 663 | 640 | ||
| 664 | for (i = 0; i < MAX_CRYPTO_CONNECTIONS; ++i) { | 641 | for (i = 0; i < c->crypto_connections_length; ++i) { |
| 665 | if (crypto_connections[i].status == CONN_HANDSHAKE_SENT) { | 642 | if (c->crypto_connections[i].status == CONN_HANDSHAKE_SENT) { |
| 666 | uint8_t temp_data[MAX_DATA_SIZE]; | 643 | uint8_t temp_data[MAX_DATA_SIZE]; |
| 667 | uint8_t secret_nonce[crypto_box_NONCEBYTES]; | 644 | uint8_t secret_nonce[crypto_box_NONCEBYTES]; |
| 668 | uint8_t public_key[crypto_box_PUBLICKEYBYTES]; | 645 | uint8_t public_key[crypto_box_PUBLICKEYBYTES]; |
| 669 | uint8_t session_key[crypto_box_PUBLICKEYBYTES]; | 646 | uint8_t session_key[crypto_box_PUBLICKEYBYTES]; |
| 670 | uint16_t len; | 647 | uint16_t len; |
| 671 | 648 | ||
| 672 | if (id_packet(crypto_connections[i].number) == 2) { /* handle handshake packet. */ | 649 | if (id_packet(c->lossless_udp, c->crypto_connections[i].number) == 2) { /* handle handshake packet. */ |
| 673 | len = read_packet(crypto_connections[i].number, temp_data); | 650 | len = read_packet(c->lossless_udp, c->crypto_connections[i].number, temp_data); |
| 674 | 651 | ||
| 675 | if (handle_cryptohandshake(public_key, secret_nonce, session_key, temp_data, len)) { | 652 | if (handle_cryptohandshake(c, public_key, secret_nonce, session_key, temp_data, len)) { |
| 676 | if (memcmp(public_key, crypto_connections[i].public_key, crypto_box_PUBLICKEYBYTES) == 0) { | 653 | if (memcmp(public_key, c->crypto_connections[i].public_key, crypto_box_PUBLICKEYBYTES) == 0) { |
| 677 | memcpy(crypto_connections[i].sent_nonce, secret_nonce, crypto_box_NONCEBYTES); | 654 | memcpy(c->crypto_connections[i].sent_nonce, secret_nonce, crypto_box_NONCEBYTES); |
| 678 | memcpy(crypto_connections[i].peersessionpublic_key, session_key, crypto_box_PUBLICKEYBYTES); | 655 | memcpy(c->crypto_connections[i].peersessionpublic_key, session_key, crypto_box_PUBLICKEYBYTES); |
| 679 | increment_nonce(crypto_connections[i].sent_nonce); | 656 | increment_nonce(c->crypto_connections[i].sent_nonce); |
| 680 | uint32_t zero = 0; | 657 | uint32_t zero = 0; |
| 681 | encrypt_precompute(crypto_connections[i].peersessionpublic_key, | 658 | encrypt_precompute(c->crypto_connections[i].peersessionpublic_key, |
| 682 | crypto_connections[i].sessionsecret_key, | 659 | c->crypto_connections[i].sessionsecret_key, |
| 683 | crypto_connections[i].shared_key); | 660 | c->crypto_connections[i].shared_key); |
| 684 | crypto_connections[i].status = CONN_ESTABLISHED; /* connection status needs to be 3 for write_cryptpacket() to work */ | 661 | c->crypto_connections[i].status = CONN_ESTABLISHED; /* connection status needs to be 3 for write_cryptpacket() to work */ |
| 685 | write_cryptpacket(i, ((uint8_t *)&zero), sizeof(zero)); | 662 | write_cryptpacket(c, i, ((uint8_t *)&zero), sizeof(zero)); |
| 686 | crypto_connections[i].status = CONN_NOT_CONFIRMED; /* set it to its proper value right after. */ | 663 | c->crypto_connections[i].status = CONN_NOT_CONFIRMED; /* set it to its proper value right after. */ |
| 687 | } | 664 | } |
| 688 | } | 665 | } |
| 689 | } else if (id_packet(crypto_connections[i].number) != -1) { // This should not happen kill the connection if it does | 666 | } else if (id_packet(c->lossless_udp, c->crypto_connections[i].number) != -1) { // This should not happen kill the connection if it does |
| 690 | crypto_kill(crypto_connections[i].number); | 667 | crypto_kill(c, i); |
| 691 | return; | 668 | return; |
| 692 | } | 669 | } |
| 693 | } | 670 | } |
| 694 | 671 | ||
| 695 | if (crypto_connections[i].status == CONN_NOT_CONFIRMED) { | 672 | if (c->crypto_connections[i].status == CONN_NOT_CONFIRMED) { |
| 696 | if (id_packet(crypto_connections[i].number) == 3) { | 673 | if (id_packet(c->lossless_udp, c->crypto_connections[i].number) == 3) { |
| 697 | uint8_t temp_data[MAX_DATA_SIZE]; | 674 | uint8_t temp_data[MAX_DATA_SIZE]; |
| 698 | uint8_t data[MAX_DATA_SIZE]; | 675 | uint8_t data[MAX_DATA_SIZE]; |
| 699 | int length = read_packet(crypto_connections[i].number, temp_data); | 676 | int length = read_packet(c->lossless_udp, c->crypto_connections[i].number, temp_data); |
| 700 | int len = decrypt_data(crypto_connections[i].peersessionpublic_key, | 677 | int len = decrypt_data(c->crypto_connections[i].peersessionpublic_key, |
| 701 | crypto_connections[i].sessionsecret_key, | 678 | c->crypto_connections[i].sessionsecret_key, |
| 702 | crypto_connections[i].recv_nonce, temp_data + 1, length - 1, data); | 679 | c->crypto_connections[i].recv_nonce, temp_data + 1, length - 1, data); |
| 703 | uint32_t zero = 0; | 680 | uint32_t zero = 0; |
| 704 | 681 | ||
| 705 | if (len == sizeof(uint32_t) && memcmp(((uint8_t *)&zero), data, sizeof(uint32_t)) == 0) { | 682 | if (len == sizeof(uint32_t) && memcmp(((uint8_t *)&zero), data, sizeof(uint32_t)) == 0) { |
| 706 | increment_nonce(crypto_connections[i].recv_nonce); | 683 | increment_nonce(c->crypto_connections[i].recv_nonce); |
| 707 | encrypt_precompute(crypto_connections[i].peersessionpublic_key, | 684 | encrypt_precompute(c->crypto_connections[i].peersessionpublic_key, |
| 708 | crypto_connections[i].sessionsecret_key, | 685 | c->crypto_connections[i].sessionsecret_key, |
| 709 | crypto_connections[i].shared_key); | 686 | c->crypto_connections[i].shared_key); |
| 710 | crypto_connections[i].status = CONN_ESTABLISHED; | 687 | c->crypto_connections[i].status = CONN_ESTABLISHED; |
| 711 | 688 | ||
| 712 | /* connection is accepted so we disable the auto kill by setting it to about 1 month from now. */ | 689 | /* connection is accepted so we disable the auto kill by setting it to about 1 month from now. */ |
| 713 | kill_connection_in(crypto_connections[i].number, 3000000); | 690 | kill_connection_in(c->lossless_udp, c->crypto_connections[i].number, 3000000); |
| 714 | } else { | 691 | } else { |
| 715 | crypto_kill(crypto_connections[i].number); // This should not happen kill the connection if it does | 692 | crypto_kill(c, i); // This should not happen kill the connection if it does |
| 716 | return; | 693 | return; |
| 717 | } | 694 | } |
| 718 | } else if (id_packet(crypto_connections[i].number) != -1) | 695 | } else if (id_packet(c->lossless_udp, c->crypto_connections[i].number) != -1) |
| 719 | /* This should not happen | 696 | /* This should not happen |
| 720 | kill the connection if it does */ | 697 | kill the connection if it does */ |
| 721 | crypto_kill(crypto_connections[i].number); | 698 | crypto_kill(c, i); |
| 722 | 699 | ||
| 723 | return; | 700 | return; |
| 724 | } | 701 | } |
| @@ -727,33 +704,52 @@ static void receive_crypto(void) | |||
| 727 | 704 | ||
| 728 | /* run this to (re)initialize net_crypto | 705 | /* run this to (re)initialize net_crypto |
| 729 | sets all the global connection variables to their default values. */ | 706 | sets all the global connection variables to their default values. */ |
| 730 | void initNetCrypto(void) | 707 | Net_Crypto * new_net_crypto(Networking_Core * net) |
| 731 | { | 708 | { |
| 732 | memset(incoming_connections, -1 , sizeof(incoming_connections)); | 709 | Net_Crypto * temp = calloc(1, sizeof(Net_Crypto)); |
| 733 | networking_registerhandler(32, &cryptopacket_handle); | 710 | if (temp == NULL) |
| 711 | return NULL; | ||
| 712 | temp->lossless_udp = new_lossless_udp(net); | ||
| 713 | if (temp->lossless_udp == NULL) | ||
| 714 | return NULL; | ||
| 715 | memset(temp->incoming_connections, -1 , sizeof(int) * MAX_INCOMING); | ||
| 716 | //networking_registerhandler(temp, 32, &cryptopacket_handle); | ||
| 717 | networking_registerhandler(net, 32, &cryptopacket_handle, temp); | ||
| 718 | temp_net_crypto = temp; //TODO remove | ||
| 719 | return temp; | ||
| 734 | } | 720 | } |
| 735 | 721 | ||
| 736 | static void killTimedout(void) | 722 | static void kill_timedout(Net_Crypto *c) |
| 737 | { | 723 | { |
| 738 | uint32_t i; | 724 | uint32_t i; |
| 739 | 725 | ||
| 740 | for (i = 0; i < MAX_CRYPTO_CONNECTIONS; ++i) { | 726 | for (i = 0; i < c->crypto_connections_length; ++i) { |
| 741 | if (crypto_connections[i].status != CONN_NO_CONNECTION && is_connected(crypto_connections[i].number) == 4) | 727 | if (c->crypto_connections[i].status != CONN_NO_CONNECTION && is_connected(c->lossless_udp, c->crypto_connections[i].number) == 4) |
| 742 | crypto_connections[i].status = CONN_TIMED_OUT; | 728 | c->crypto_connections[i].status = CONN_TIMED_OUT; |
| 743 | else if (is_connected(crypto_connections[i].number) == 4) { | 729 | else if (is_connected(c->lossless_udp, c->crypto_connections[i].number) == 4) { |
| 744 | kill_connection(crypto_connections[i].number); | 730 | kill_connection(c->lossless_udp, c->crypto_connections[i].number); |
| 745 | crypto_connections[i].number = ~0; | 731 | c->crypto_connections[i].number = ~0; |
| 746 | } | 732 | } |
| 747 | } | 733 | } |
| 748 | } | 734 | } |
| 749 | 735 | ||
| 750 | /* main loop */ | 736 | /* main loop */ |
| 751 | void doNetCrypto(void) | 737 | void do_net_crypto(Net_Crypto *c) |
| 752 | { | 738 | { |
| 753 | /* TODO:check if friend requests were sent correctly | 739 | do_lossless_udp(c->lossless_udp); |
| 754 | handle new incoming connections | 740 | handle_incomings(c); |
| 755 | handle friend requests */ | 741 | receive_crypto(c); |
| 756 | handle_incomings(); | 742 | kill_timedout(c); |
| 757 | receive_crypto(); | 743 | } |
| 758 | killTimedout(); | 744 | |
| 745 | void kill_net_crypto(Net_Crypto *c) | ||
| 746 | { | ||
| 747 | uint32_t i; | ||
| 748 | |||
| 749 | for (i = 0; i < c->crypto_connections_length; ++i) { | ||
| 750 | crypto_kill(c, i); | ||
| 751 | } | ||
| 752 | kill_lossless_udp(c->lossless_udp); | ||
| 753 | memset(c, 0, sizeof(Net_Crypto)); | ||
| 754 | free(c); | ||
| 759 | } | 755 | } |