summaryrefslogtreecommitdiff
path: root/toxcore/net_crypto.c
diff options
context:
space:
mode:
Diffstat (limited to 'toxcore/net_crypto.c')
-rw-r--r--toxcore/net_crypto.c180
1 files changed, 90 insertions, 90 deletions
diff --git a/toxcore/net_crypto.c b/toxcore/net_crypto.c
index 269d03a3..d4dd5ff8 100644
--- a/toxcore/net_crypto.c
+++ b/toxcore/net_crypto.c
@@ -53,13 +53,13 @@ static uint8_t crypt_connection_id_not_valid(const Net_Crypto *c, int crypt_conn
53 53
54/* cookie timeout in seconds */ 54/* cookie timeout in seconds */
55#define COOKIE_TIMEOUT 15 55#define COOKIE_TIMEOUT 15
56#define COOKIE_DATA_LENGTH (crypto_box_PUBLICKEYBYTES * 2) 56#define COOKIE_DATA_LENGTH (CRYPTO_PUBLIC_KEY_SIZE * 2)
57#define COOKIE_CONTENTS_LENGTH (sizeof(uint64_t) + COOKIE_DATA_LENGTH) 57#define COOKIE_CONTENTS_LENGTH (sizeof(uint64_t) + COOKIE_DATA_LENGTH)
58#define COOKIE_LENGTH (crypto_box_NONCEBYTES + COOKIE_CONTENTS_LENGTH + crypto_box_MACBYTES) 58#define COOKIE_LENGTH (CRYPTO_NONCE_SIZE + COOKIE_CONTENTS_LENGTH + CRYPTO_MAC_SIZE)
59 59
60#define COOKIE_REQUEST_PLAIN_LENGTH (COOKIE_DATA_LENGTH + sizeof(uint64_t)) 60#define COOKIE_REQUEST_PLAIN_LENGTH (COOKIE_DATA_LENGTH + sizeof(uint64_t))
61#define COOKIE_REQUEST_LENGTH (1 + crypto_box_PUBLICKEYBYTES + crypto_box_NONCEBYTES + COOKIE_REQUEST_PLAIN_LENGTH + crypto_box_MACBYTES) 61#define COOKIE_REQUEST_LENGTH (1 + CRYPTO_PUBLIC_KEY_SIZE + CRYPTO_NONCE_SIZE + COOKIE_REQUEST_PLAIN_LENGTH + CRYPTO_MAC_SIZE)
62#define COOKIE_RESPONSE_LENGTH (1 + crypto_box_NONCEBYTES + COOKIE_LENGTH + sizeof(uint64_t) + crypto_box_MACBYTES) 62#define COOKIE_RESPONSE_LENGTH (1 + CRYPTO_NONCE_SIZE + COOKIE_LENGTH + sizeof(uint64_t) + CRYPTO_MAC_SIZE)
63 63
64/* Create a cookie request packet and put it in packet. 64/* Create a cookie request packet and put it in packet.
65 * dht_public_key is the dht public key of the other 65 * dht_public_key is the dht public key of the other
@@ -73,26 +73,26 @@ static int create_cookie_request(const Net_Crypto *c, uint8_t *packet, uint8_t *
73 uint8_t *shared_key) 73 uint8_t *shared_key)
74{ 74{
75 uint8_t plain[COOKIE_REQUEST_PLAIN_LENGTH]; 75 uint8_t plain[COOKIE_REQUEST_PLAIN_LENGTH];
76 uint8_t padding[crypto_box_PUBLICKEYBYTES] = {0}; 76 uint8_t padding[CRYPTO_PUBLIC_KEY_SIZE] = {0};
77 77
78 memcpy(plain, c->self_public_key, crypto_box_PUBLICKEYBYTES); 78 memcpy(plain, c->self_public_key, CRYPTO_PUBLIC_KEY_SIZE);
79 memcpy(plain + crypto_box_PUBLICKEYBYTES, padding, crypto_box_PUBLICKEYBYTES); 79 memcpy(plain + CRYPTO_PUBLIC_KEY_SIZE, padding, CRYPTO_PUBLIC_KEY_SIZE);
80 memcpy(plain + (crypto_box_PUBLICKEYBYTES * 2), &number, sizeof(uint64_t)); 80 memcpy(plain + (CRYPTO_PUBLIC_KEY_SIZE * 2), &number, sizeof(uint64_t));
81 81
82 DHT_get_shared_key_sent(c->dht, shared_key, dht_public_key); 82 DHT_get_shared_key_sent(c->dht, shared_key, dht_public_key);
83 uint8_t nonce[crypto_box_NONCEBYTES]; 83 uint8_t nonce[CRYPTO_NONCE_SIZE];
84 random_nonce(nonce); 84 random_nonce(nonce);
85 packet[0] = NET_PACKET_COOKIE_REQUEST; 85 packet[0] = NET_PACKET_COOKIE_REQUEST;
86 memcpy(packet + 1, c->dht->self_public_key, crypto_box_PUBLICKEYBYTES); 86 memcpy(packet + 1, c->dht->self_public_key, CRYPTO_PUBLIC_KEY_SIZE);
87 memcpy(packet + 1 + crypto_box_PUBLICKEYBYTES, nonce, crypto_box_NONCEBYTES); 87 memcpy(packet + 1 + CRYPTO_PUBLIC_KEY_SIZE, nonce, CRYPTO_NONCE_SIZE);
88 int len = encrypt_data_symmetric(shared_key, nonce, plain, sizeof(plain), 88 int len = encrypt_data_symmetric(shared_key, nonce, plain, sizeof(plain),
89 packet + 1 + crypto_box_PUBLICKEYBYTES + crypto_box_NONCEBYTES); 89 packet + 1 + CRYPTO_PUBLIC_KEY_SIZE + CRYPTO_NONCE_SIZE);
90 90
91 if (len != COOKIE_REQUEST_PLAIN_LENGTH + crypto_box_MACBYTES) { 91 if (len != COOKIE_REQUEST_PLAIN_LENGTH + CRYPTO_MAC_SIZE) {
92 return -1; 92 return -1;
93 } 93 }
94 94
95 return (1 + crypto_box_PUBLICKEYBYTES + crypto_box_NONCEBYTES + len); 95 return (1 + CRYPTO_PUBLIC_KEY_SIZE + CRYPTO_NONCE_SIZE + len);
96} 96}
97 97
98/* Create cookie of length COOKIE_LENGTH from bytes of length COOKIE_DATA_LENGTH using encryption_key 98/* Create cookie of length COOKIE_LENGTH from bytes of length COOKIE_DATA_LENGTH using encryption_key
@@ -107,9 +107,9 @@ static int create_cookie(uint8_t *cookie, const uint8_t *bytes, const uint8_t *e
107 memcpy(contents, &temp_time, sizeof(temp_time)); 107 memcpy(contents, &temp_time, sizeof(temp_time));
108 memcpy(contents + sizeof(temp_time), bytes, COOKIE_DATA_LENGTH); 108 memcpy(contents + sizeof(temp_time), bytes, COOKIE_DATA_LENGTH);
109 random_nonce(cookie); 109 random_nonce(cookie);
110 int len = encrypt_data_symmetric(encryption_key, cookie, contents, sizeof(contents), cookie + crypto_box_NONCEBYTES); 110 int len = encrypt_data_symmetric(encryption_key, cookie, contents, sizeof(contents), cookie + CRYPTO_NONCE_SIZE);
111 111
112 if (len != COOKIE_LENGTH - crypto_box_NONCEBYTES) { 112 if (len != COOKIE_LENGTH - CRYPTO_NONCE_SIZE) {
113 return -1; 113 return -1;
114 } 114 }
115 115
@@ -124,8 +124,8 @@ static int create_cookie(uint8_t *cookie, const uint8_t *bytes, const uint8_t *e
124static int open_cookie(uint8_t *bytes, const uint8_t *cookie, const uint8_t *encryption_key) 124static int open_cookie(uint8_t *bytes, const uint8_t *cookie, const uint8_t *encryption_key)
125{ 125{
126 uint8_t contents[COOKIE_CONTENTS_LENGTH]; 126 uint8_t contents[COOKIE_CONTENTS_LENGTH];
127 int len = decrypt_data_symmetric(encryption_key, cookie, cookie + crypto_box_NONCEBYTES, 127 int len = decrypt_data_symmetric(encryption_key, cookie, cookie + CRYPTO_NONCE_SIZE,
128 COOKIE_LENGTH - crypto_box_NONCEBYTES, contents); 128 COOKIE_LENGTH - CRYPTO_NONCE_SIZE, contents);
129 129
130 if (len != sizeof(contents)) { 130 if (len != sizeof(contents)) {
131 return -1; 131 return -1;
@@ -155,8 +155,8 @@ static int create_cookie_response(const Net_Crypto *c, uint8_t *packet, const ui
155 const uint8_t *shared_key, const uint8_t *dht_public_key) 155 const uint8_t *shared_key, const uint8_t *dht_public_key)
156{ 156{
157 uint8_t cookie_plain[COOKIE_DATA_LENGTH]; 157 uint8_t cookie_plain[COOKIE_DATA_LENGTH];
158 memcpy(cookie_plain, request_plain, crypto_box_PUBLICKEYBYTES); 158 memcpy(cookie_plain, request_plain, CRYPTO_PUBLIC_KEY_SIZE);
159 memcpy(cookie_plain + crypto_box_PUBLICKEYBYTES, dht_public_key, crypto_box_PUBLICKEYBYTES); 159 memcpy(cookie_plain + CRYPTO_PUBLIC_KEY_SIZE, dht_public_key, CRYPTO_PUBLIC_KEY_SIZE);
160 uint8_t plain[COOKIE_LENGTH + sizeof(uint64_t)]; 160 uint8_t plain[COOKIE_LENGTH + sizeof(uint64_t)];
161 161
162 if (create_cookie(plain, cookie_plain, c->secret_symmetric_key) != 0) { 162 if (create_cookie(plain, cookie_plain, c->secret_symmetric_key) != 0) {
@@ -166,9 +166,9 @@ static int create_cookie_response(const Net_Crypto *c, uint8_t *packet, const ui
166 memcpy(plain + COOKIE_LENGTH, request_plain + COOKIE_DATA_LENGTH, sizeof(uint64_t)); 166 memcpy(plain + COOKIE_LENGTH, request_plain + COOKIE_DATA_LENGTH, sizeof(uint64_t));
167 packet[0] = NET_PACKET_COOKIE_RESPONSE; 167 packet[0] = NET_PACKET_COOKIE_RESPONSE;
168 random_nonce(packet + 1); 168 random_nonce(packet + 1);
169 int len = encrypt_data_symmetric(shared_key, packet + 1, plain, sizeof(plain), packet + 1 + crypto_box_NONCEBYTES); 169 int len = encrypt_data_symmetric(shared_key, packet + 1, plain, sizeof(plain), packet + 1 + CRYPTO_NONCE_SIZE);
170 170
171 if (len != COOKIE_RESPONSE_LENGTH - (1 + crypto_box_NONCEBYTES)) { 171 if (len != COOKIE_RESPONSE_LENGTH - (1 + CRYPTO_NONCE_SIZE)) {
172 return -1; 172 return -1;
173 } 173 }
174 174
@@ -177,7 +177,7 @@ static int create_cookie_response(const Net_Crypto *c, uint8_t *packet, const ui
177 177
178/* Handle the cookie request packet of length length. 178/* Handle the cookie request packet of length length.
179 * Put what was in the request in request_plain (must be of size COOKIE_REQUEST_PLAIN_LENGTH) 179 * Put what was in the request in request_plain (must be of size COOKIE_REQUEST_PLAIN_LENGTH)
180 * Put the key used to decrypt the request into shared_key (of size crypto_box_BEFORENMBYTES) for use in the response. 180 * Put the key used to decrypt the request into shared_key (of size CRYPTO_SHARED_KEY_SIZE) for use in the response.
181 * 181 *
182 * return -1 on failure. 182 * return -1 on failure.
183 * return 0 on success. 183 * return 0 on success.
@@ -189,10 +189,10 @@ static int handle_cookie_request(const Net_Crypto *c, uint8_t *request_plain, ui
189 return -1; 189 return -1;
190 } 190 }
191 191
192 memcpy(dht_public_key, packet + 1, crypto_box_PUBLICKEYBYTES); 192 memcpy(dht_public_key, packet + 1, CRYPTO_PUBLIC_KEY_SIZE);
193 DHT_get_shared_key_sent(c->dht, shared_key, dht_public_key); 193 DHT_get_shared_key_sent(c->dht, shared_key, dht_public_key);
194 int len = decrypt_data_symmetric(shared_key, packet + 1 + crypto_box_PUBLICKEYBYTES, 194 int len = decrypt_data_symmetric(shared_key, packet + 1 + CRYPTO_PUBLIC_KEY_SIZE,
195 packet + 1 + crypto_box_PUBLICKEYBYTES + crypto_box_NONCEBYTES, COOKIE_REQUEST_PLAIN_LENGTH + crypto_box_MACBYTES, 195 packet + 1 + CRYPTO_PUBLIC_KEY_SIZE + CRYPTO_NONCE_SIZE, COOKIE_REQUEST_PLAIN_LENGTH + CRYPTO_MAC_SIZE,
196 request_plain); 196 request_plain);
197 197
198 if (len != COOKIE_REQUEST_PLAIN_LENGTH) { 198 if (len != COOKIE_REQUEST_PLAIN_LENGTH) {
@@ -209,8 +209,8 @@ static int udp_handle_cookie_request(void *object, IP_Port source, const uint8_t
209{ 209{
210 Net_Crypto *c = (Net_Crypto *)object; 210 Net_Crypto *c = (Net_Crypto *)object;
211 uint8_t request_plain[COOKIE_REQUEST_PLAIN_LENGTH]; 211 uint8_t request_plain[COOKIE_REQUEST_PLAIN_LENGTH];
212 uint8_t shared_key[crypto_box_BEFORENMBYTES]; 212 uint8_t shared_key[CRYPTO_SHARED_KEY_SIZE];
213 uint8_t dht_public_key[crypto_box_PUBLICKEYBYTES]; 213 uint8_t dht_public_key[CRYPTO_PUBLIC_KEY_SIZE];
214 214
215 if (handle_cookie_request(c, request_plain, shared_key, dht_public_key, packet, length) != 0) { 215 if (handle_cookie_request(c, request_plain, shared_key, dht_public_key, packet, length) != 0) {
216 return 1; 216 return 1;
@@ -234,8 +234,8 @@ static int udp_handle_cookie_request(void *object, IP_Port source, const uint8_t
234static int tcp_handle_cookie_request(Net_Crypto *c, int connections_number, const uint8_t *packet, uint16_t length) 234static int tcp_handle_cookie_request(Net_Crypto *c, int connections_number, const uint8_t *packet, uint16_t length)
235{ 235{
236 uint8_t request_plain[COOKIE_REQUEST_PLAIN_LENGTH]; 236 uint8_t request_plain[COOKIE_REQUEST_PLAIN_LENGTH];
237 uint8_t shared_key[crypto_box_BEFORENMBYTES]; 237 uint8_t shared_key[CRYPTO_SHARED_KEY_SIZE];
238 uint8_t dht_public_key[crypto_box_PUBLICKEYBYTES]; 238 uint8_t dht_public_key[CRYPTO_PUBLIC_KEY_SIZE];
239 239
240 if (handle_cookie_request(c, request_plain, shared_key, dht_public_key, packet, length) != 0) { 240 if (handle_cookie_request(c, request_plain, shared_key, dht_public_key, packet, length) != 0) {
241 return -1; 241 return -1;
@@ -257,8 +257,8 @@ static int tcp_oob_handle_cookie_request(const Net_Crypto *c, unsigned int tcp_c
257 const uint8_t *dht_public_key, const uint8_t *packet, uint16_t length) 257 const uint8_t *dht_public_key, const uint8_t *packet, uint16_t length)
258{ 258{
259 uint8_t request_plain[COOKIE_REQUEST_PLAIN_LENGTH]; 259 uint8_t request_plain[COOKIE_REQUEST_PLAIN_LENGTH];
260 uint8_t shared_key[crypto_box_BEFORENMBYTES]; 260 uint8_t shared_key[CRYPTO_SHARED_KEY_SIZE];
261 uint8_t dht_public_key_temp[crypto_box_PUBLICKEYBYTES]; 261 uint8_t dht_public_key_temp[CRYPTO_PUBLIC_KEY_SIZE];
262 262
263 if (handle_cookie_request(c, request_plain, shared_key, dht_public_key_temp, packet, length) != 0) { 263 if (handle_cookie_request(c, request_plain, shared_key, dht_public_key_temp, packet, length) != 0) {
264 return -1; 264 return -1;
@@ -294,8 +294,8 @@ static int handle_cookie_response(uint8_t *cookie, uint64_t *number, const uint8
294 } 294 }
295 295
296 uint8_t plain[COOKIE_LENGTH + sizeof(uint64_t)]; 296 uint8_t plain[COOKIE_LENGTH + sizeof(uint64_t)];
297 int len = decrypt_data_symmetric(shared_key, packet + 1, packet + 1 + crypto_box_NONCEBYTES, 297 int len = decrypt_data_symmetric(shared_key, packet + 1, packet + 1 + CRYPTO_NONCE_SIZE,
298 length - (1 + crypto_box_NONCEBYTES), plain); 298 length - (1 + CRYPTO_NONCE_SIZE), plain);
299 299
300 if (len != sizeof(plain)) { 300 if (len != sizeof(plain)) {
301 return -1; 301 return -1;
@@ -306,7 +306,7 @@ static int handle_cookie_response(uint8_t *cookie, uint64_t *number, const uint8
306 return COOKIE_LENGTH; 306 return COOKIE_LENGTH;
307} 307}
308 308
309#define HANDSHAKE_PACKET_LENGTH (1 + COOKIE_LENGTH + crypto_box_NONCEBYTES + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES + crypto_hash_sha512_BYTES + COOKIE_LENGTH + crypto_box_MACBYTES) 309#define HANDSHAKE_PACKET_LENGTH (1 + COOKIE_LENGTH + CRYPTO_NONCE_SIZE + CRYPTO_NONCE_SIZE + CRYPTO_PUBLIC_KEY_SIZE + CRYPTO_SHA512_SIZE + COOKIE_LENGTH + CRYPTO_MAC_SIZE)
310 310
311/* Create a handshake packet and put it in packet. 311/* Create a handshake packet and put it in packet.
312 * cookie must be COOKIE_LENGTH bytes. 312 * cookie must be COOKIE_LENGTH bytes.
@@ -318,24 +318,24 @@ static int handle_cookie_response(uint8_t *cookie, uint64_t *number, const uint8
318static int create_crypto_handshake(const Net_Crypto *c, uint8_t *packet, const uint8_t *cookie, const uint8_t *nonce, 318static int create_crypto_handshake(const Net_Crypto *c, uint8_t *packet, const uint8_t *cookie, const uint8_t *nonce,
319 const uint8_t *session_pk, const uint8_t *peer_real_pk, const uint8_t *peer_dht_pubkey) 319 const uint8_t *session_pk, const uint8_t *peer_real_pk, const uint8_t *peer_dht_pubkey)
320{ 320{
321 uint8_t plain[crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES + crypto_hash_sha512_BYTES + COOKIE_LENGTH]; 321 uint8_t plain[CRYPTO_NONCE_SIZE + CRYPTO_PUBLIC_KEY_SIZE + CRYPTO_SHA512_SIZE + COOKIE_LENGTH];
322 memcpy(plain, nonce, crypto_box_NONCEBYTES); 322 memcpy(plain, nonce, CRYPTO_NONCE_SIZE);
323 memcpy(plain + crypto_box_NONCEBYTES, session_pk, crypto_box_PUBLICKEYBYTES); 323 memcpy(plain + CRYPTO_NONCE_SIZE, session_pk, CRYPTO_PUBLIC_KEY_SIZE);
324 crypto_hash_sha512(plain + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES, cookie, COOKIE_LENGTH); 324 crypto_sha512(plain + CRYPTO_NONCE_SIZE + CRYPTO_PUBLIC_KEY_SIZE, cookie, COOKIE_LENGTH);
325 uint8_t cookie_plain[COOKIE_DATA_LENGTH]; 325 uint8_t cookie_plain[COOKIE_DATA_LENGTH];
326 memcpy(cookie_plain, peer_real_pk, crypto_box_PUBLICKEYBYTES); 326 memcpy(cookie_plain, peer_real_pk, CRYPTO_PUBLIC_KEY_SIZE);
327 memcpy(cookie_plain + crypto_box_PUBLICKEYBYTES, peer_dht_pubkey, crypto_box_PUBLICKEYBYTES); 327 memcpy(cookie_plain + CRYPTO_PUBLIC_KEY_SIZE, peer_dht_pubkey, CRYPTO_PUBLIC_KEY_SIZE);
328 328
329 if (create_cookie(plain + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES + crypto_hash_sha512_BYTES, cookie_plain, 329 if (create_cookie(plain + CRYPTO_NONCE_SIZE + CRYPTO_PUBLIC_KEY_SIZE + CRYPTO_SHA512_SIZE, cookie_plain,
330 c->secret_symmetric_key) != 0) { 330 c->secret_symmetric_key) != 0) {
331 return -1; 331 return -1;
332 } 332 }
333 333
334 random_nonce(packet + 1 + COOKIE_LENGTH); 334 random_nonce(packet + 1 + COOKIE_LENGTH);
335 int len = encrypt_data(peer_real_pk, c->self_secret_key, packet + 1 + COOKIE_LENGTH, plain, sizeof(plain), 335 int len = encrypt_data(peer_real_pk, c->self_secret_key, packet + 1 + COOKIE_LENGTH, plain, sizeof(plain),
336 packet + 1 + COOKIE_LENGTH + crypto_box_NONCEBYTES); 336 packet + 1 + COOKIE_LENGTH + CRYPTO_NONCE_SIZE);
337 337
338 if (len != HANDSHAKE_PACKET_LENGTH - (1 + COOKIE_LENGTH + crypto_box_NONCEBYTES)) { 338 if (len != HANDSHAKE_PACKET_LENGTH - (1 + COOKIE_LENGTH + CRYPTO_NONCE_SIZE)) {
339 return -1; 339 return -1;
340 } 340 }
341 341
@@ -355,9 +355,9 @@ static int create_crypto_handshake(const Net_Crypto *c, uint8_t *packet, const u
355 * if expected_real_pk isn't NULL it denotes the real public key 355 * if expected_real_pk isn't NULL it denotes the real public key
356 * the packet should be from. 356 * the packet should be from.
357 * 357 *
358 * nonce must be at least crypto_box_NONCEBYTES 358 * nonce must be at least CRYPTO_NONCE_SIZE
359 * session_pk must be at least crypto_box_PUBLICKEYBYTES 359 * session_pk must be at least CRYPTO_PUBLIC_KEY_SIZE
360 * peer_real_pk must be at least crypto_box_PUBLICKEYBYTES 360 * peer_real_pk must be at least CRYPTO_PUBLIC_KEY_SIZE
361 * cookie must be at least COOKIE_LENGTH 361 * cookie must be at least COOKIE_LENGTH
362 * 362 *
363 * return -1 on failure. 363 * return -1 on failure.
@@ -382,28 +382,28 @@ static int handle_crypto_handshake(const Net_Crypto *c, uint8_t *nonce, uint8_t
382 } 382 }
383 } 383 }
384 384
385 uint8_t cookie_hash[crypto_hash_sha512_BYTES]; 385 uint8_t cookie_hash[CRYPTO_SHA512_SIZE];
386 crypto_hash_sha512(cookie_hash, packet + 1, COOKIE_LENGTH); 386 crypto_sha512(cookie_hash, packet + 1, COOKIE_LENGTH);
387 387
388 uint8_t plain[crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES + crypto_hash_sha512_BYTES + COOKIE_LENGTH]; 388 uint8_t plain[CRYPTO_NONCE_SIZE + CRYPTO_PUBLIC_KEY_SIZE + CRYPTO_SHA512_SIZE + COOKIE_LENGTH];
389 int len = decrypt_data(cookie_plain, c->self_secret_key, packet + 1 + COOKIE_LENGTH, 389 int len = decrypt_data(cookie_plain, c->self_secret_key, packet + 1 + COOKIE_LENGTH,
390 packet + 1 + COOKIE_LENGTH + crypto_box_NONCEBYTES, 390 packet + 1 + COOKIE_LENGTH + CRYPTO_NONCE_SIZE,
391 HANDSHAKE_PACKET_LENGTH - (1 + COOKIE_LENGTH + crypto_box_NONCEBYTES), plain); 391 HANDSHAKE_PACKET_LENGTH - (1 + COOKIE_LENGTH + CRYPTO_NONCE_SIZE), plain);
392 392
393 if (len != sizeof(plain)) { 393 if (len != sizeof(plain)) {
394 return -1; 394 return -1;
395 } 395 }
396 396
397 if (sodium_memcmp(cookie_hash, plain + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES, 397 if (crypto_memcmp(cookie_hash, plain + CRYPTO_NONCE_SIZE + CRYPTO_PUBLIC_KEY_SIZE,
398 crypto_hash_sha512_BYTES) != 0) { 398 CRYPTO_SHA512_SIZE) != 0) {
399 return -1; 399 return -1;
400 } 400 }
401 401
402 memcpy(nonce, plain, crypto_box_NONCEBYTES); 402 memcpy(nonce, plain, CRYPTO_NONCE_SIZE);
403 memcpy(session_pk, plain + crypto_box_NONCEBYTES, crypto_box_PUBLICKEYBYTES); 403 memcpy(session_pk, plain + CRYPTO_NONCE_SIZE, CRYPTO_PUBLIC_KEY_SIZE);
404 memcpy(cookie, plain + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES + crypto_hash_sha512_BYTES, COOKIE_LENGTH); 404 memcpy(cookie, plain + CRYPTO_NONCE_SIZE + CRYPTO_PUBLIC_KEY_SIZE + CRYPTO_SHA512_SIZE, COOKIE_LENGTH);
405 memcpy(peer_real_pk, cookie_plain, crypto_box_PUBLICKEYBYTES); 405 memcpy(peer_real_pk, cookie_plain, CRYPTO_PUBLIC_KEY_SIZE);
406 memcpy(dht_public_key, cookie_plain + crypto_box_PUBLICKEYBYTES, crypto_box_PUBLICKEYBYTES); 406 memcpy(dht_public_key, cookie_plain + CRYPTO_PUBLIC_KEY_SIZE, CRYPTO_PUBLIC_KEY_SIZE);
407 return 0; 407 return 0;
408} 408}
409 409
@@ -884,7 +884,7 @@ static int handle_request_packet(Packets_Array *send_array, const uint8_t *data,
884 884
885/** END: Array Related functions **/ 885/** END: Array Related functions **/
886 886
887#define MAX_DATA_DATA_PACKET_SIZE (MAX_CRYPTO_PACKET_SIZE - (1 + sizeof(uint16_t) + crypto_box_MACBYTES)) 887#define MAX_DATA_DATA_PACKET_SIZE (MAX_CRYPTO_PACKET_SIZE - (1 + sizeof(uint16_t) + CRYPTO_MAC_SIZE))
888 888
889/* Creates and sends a data packet to the peer using the fastest route. 889/* Creates and sends a data packet to the peer using the fastest route.
890 * 890 *
@@ -893,7 +893,7 @@ static int handle_request_packet(Packets_Array *send_array, const uint8_t *data,
893 */ 893 */
894static int send_data_packet(Net_Crypto *c, int crypt_connection_id, const uint8_t *data, uint16_t length) 894static int send_data_packet(Net_Crypto *c, int crypt_connection_id, const uint8_t *data, uint16_t length)
895{ 895{
896 if (length == 0 || length + (1 + sizeof(uint16_t) + crypto_box_MACBYTES) > MAX_CRYPTO_PACKET_SIZE) { 896 if (length == 0 || length + (1 + sizeof(uint16_t) + CRYPTO_MAC_SIZE) > MAX_CRYPTO_PACKET_SIZE) {
897 return -1; 897 return -1;
898 } 898 }
899 899
@@ -904,9 +904,9 @@ static int send_data_packet(Net_Crypto *c, int crypt_connection_id, const uint8_
904 } 904 }
905 905
906 pthread_mutex_lock(&conn->mutex); 906 pthread_mutex_lock(&conn->mutex);
907 uint8_t packet[1 + sizeof(uint16_t) + length + crypto_box_MACBYTES]; 907 uint8_t packet[1 + sizeof(uint16_t) + length + CRYPTO_MAC_SIZE];
908 packet[0] = NET_PACKET_CRYPTO_DATA; 908 packet[0] = NET_PACKET_CRYPTO_DATA;
909 memcpy(packet + 1, conn->sent_nonce + (crypto_box_NONCEBYTES - sizeof(uint16_t)), sizeof(uint16_t)); 909 memcpy(packet + 1, conn->sent_nonce + (CRYPTO_NONCE_SIZE - sizeof(uint16_t)), sizeof(uint16_t));
910 int len = encrypt_data_symmetric(conn->shared_key, conn->sent_nonce, data, length, packet + 1 + sizeof(uint16_t)); 910 int len = encrypt_data_symmetric(conn->shared_key, conn->sent_nonce, data, length, packet + 1 + sizeof(uint16_t));
911 911
912 if (len + 1 + sizeof(uint16_t) != sizeof(packet)) { 912 if (len + 1 + sizeof(uint16_t) != sizeof(packet)) {
@@ -1042,7 +1042,7 @@ static int64_t send_lossless_packet(Net_Crypto *c, int crypt_connection_id, cons
1042static uint16_t get_nonce_uint16(const uint8_t *nonce) 1042static uint16_t get_nonce_uint16(const uint8_t *nonce)
1043{ 1043{
1044 uint16_t num; 1044 uint16_t num;
1045 memcpy(&num, nonce + (crypto_box_NONCEBYTES - sizeof(uint16_t)), sizeof(uint16_t)); 1045 memcpy(&num, nonce + (CRYPTO_NONCE_SIZE - sizeof(uint16_t)), sizeof(uint16_t));
1046 return ntohs(num); 1046 return ntohs(num);
1047} 1047}
1048 1048
@@ -1058,7 +1058,7 @@ static uint16_t get_nonce_uint16(const uint8_t *nonce)
1058static int handle_data_packet(const Net_Crypto *c, int crypt_connection_id, uint8_t *data, const uint8_t *packet, 1058static int handle_data_packet(const Net_Crypto *c, int crypt_connection_id, uint8_t *data, const uint8_t *packet,
1059 uint16_t length) 1059 uint16_t length)
1060{ 1060{
1061 if (length <= (1 + sizeof(uint16_t) + crypto_box_MACBYTES) || length > MAX_CRYPTO_PACKET_SIZE) { 1061 if (length <= (1 + sizeof(uint16_t) + CRYPTO_MAC_SIZE) || length > MAX_CRYPTO_PACKET_SIZE) {
1062 return -1; 1062 return -1;
1063 } 1063 }
1064 1064
@@ -1068,8 +1068,8 @@ static int handle_data_packet(const Net_Crypto *c, int crypt_connection_id, uint
1068 return -1; 1068 return -1;
1069 } 1069 }
1070 1070
1071 uint8_t nonce[crypto_box_NONCEBYTES]; 1071 uint8_t nonce[CRYPTO_NONCE_SIZE];
1072 memcpy(nonce, conn->recv_nonce, crypto_box_NONCEBYTES); 1072 memcpy(nonce, conn->recv_nonce, CRYPTO_NONCE_SIZE);
1073 uint16_t num_cur_nonce = get_nonce_uint16(nonce); 1073 uint16_t num_cur_nonce = get_nonce_uint16(nonce);
1074 uint16_t num; 1074 uint16_t num;
1075 memcpy(&num, packet + 1, sizeof(uint16_t)); 1075 memcpy(&num, packet + 1, sizeof(uint16_t));
@@ -1079,7 +1079,7 @@ static int handle_data_packet(const Net_Crypto *c, int crypt_connection_id, uint
1079 int len = decrypt_data_symmetric(conn->shared_key, nonce, packet + 1 + sizeof(uint16_t), 1079 int len = decrypt_data_symmetric(conn->shared_key, nonce, packet + 1 + sizeof(uint16_t),
1080 length - (1 + sizeof(uint16_t)), data); 1080 length - (1 + sizeof(uint16_t)), data);
1081 1081
1082 if ((unsigned int)len != length - (1 + sizeof(uint16_t) + crypto_box_MACBYTES)) { 1082 if ((unsigned int)len != length - (1 + sizeof(uint16_t) + CRYPTO_MAC_SIZE)) {
1083 return -1; 1083 return -1;
1084 } 1084 }
1085 1085
@@ -1509,8 +1509,8 @@ static int handle_packet_connection(Net_Crypto *c, int crypt_connection_id, cons
1509 case NET_PACKET_CRYPTO_HS: { 1509 case NET_PACKET_CRYPTO_HS: {
1510 if (conn->status == CRYPTO_CONN_COOKIE_REQUESTING || conn->status == CRYPTO_CONN_HANDSHAKE_SENT 1510 if (conn->status == CRYPTO_CONN_COOKIE_REQUESTING || conn->status == CRYPTO_CONN_HANDSHAKE_SENT
1511 || conn->status == CRYPTO_CONN_NOT_CONFIRMED) { 1511 || conn->status == CRYPTO_CONN_NOT_CONFIRMED) {
1512 uint8_t peer_real_pk[crypto_box_PUBLICKEYBYTES]; 1512 uint8_t peer_real_pk[CRYPTO_PUBLIC_KEY_SIZE];
1513 uint8_t dht_public_key[crypto_box_PUBLICKEYBYTES]; 1513 uint8_t dht_public_key[CRYPTO_PUBLIC_KEY_SIZE];
1514 uint8_t cookie[COOKIE_LENGTH]; 1514 uint8_t cookie[COOKIE_LENGTH];
1515 1515
1516 if (handle_crypto_handshake(c, conn->recv_nonce, conn->peersessionpublic_key, peer_real_pk, dht_public_key, cookie, 1516 if (handle_crypto_handshake(c, conn->recv_nonce, conn->peersessionpublic_key, peer_real_pk, dht_public_key, cookie,
@@ -1636,7 +1636,7 @@ static int wipe_crypto_connection(Net_Crypto *c, int crypt_connection_id)
1636 1636
1637 /* Keep mutex, only destroy it when connection is realloced out. */ 1637 /* Keep mutex, only destroy it when connection is realloced out. */
1638 pthread_mutex_t mutex = c->crypto_connections[crypt_connection_id].mutex; 1638 pthread_mutex_t mutex = c->crypto_connections[crypt_connection_id].mutex;
1639 sodium_memzero(&(c->crypto_connections[crypt_connection_id]), sizeof(Crypto_Connection)); 1639 crypto_memzero(&(c->crypto_connections[crypt_connection_id]), sizeof(Crypto_Connection));
1640 c->crypto_connections[crypt_connection_id].mutex = mutex; 1640 c->crypto_connections[crypt_connection_id].mutex = mutex;
1641 1641
1642 for (i = c->crypto_connections_length; i != 0; --i) { 1642 for (i = c->crypto_connections_length; i != 0; --i) {
@@ -1763,8 +1763,8 @@ static int handle_new_connection_handshake(Net_Crypto *c, IP_Port source, const
1763 int ret = -1; 1763 int ret = -1;
1764 1764
1765 if (conn && (conn->status == CRYPTO_CONN_COOKIE_REQUESTING || conn->status == CRYPTO_CONN_HANDSHAKE_SENT)) { 1765 if (conn && (conn->status == CRYPTO_CONN_COOKIE_REQUESTING || conn->status == CRYPTO_CONN_HANDSHAKE_SENT)) {
1766 memcpy(conn->recv_nonce, n_c.recv_nonce, crypto_box_NONCEBYTES); 1766 memcpy(conn->recv_nonce, n_c.recv_nonce, CRYPTO_NONCE_SIZE);
1767 memcpy(conn->peersessionpublic_key, n_c.peersessionpublic_key, crypto_box_PUBLICKEYBYTES); 1767 memcpy(conn->peersessionpublic_key, n_c.peersessionpublic_key, CRYPTO_PUBLIC_KEY_SIZE);
1768 encrypt_precompute(conn->peersessionpublic_key, conn->sessionsecret_key, conn->shared_key); 1768 encrypt_precompute(conn->peersessionpublic_key, conn->sessionsecret_key, conn->shared_key);
1769 1769
1770 crypto_connection_add_source(c, crypt_connection_id, source); 1770 crypto_connection_add_source(c, crypt_connection_id, source);
@@ -1817,11 +1817,11 @@ int accept_crypto_connection(Net_Crypto *c, New_Connection *n_c)
1817 } 1817 }
1818 1818
1819 conn->connection_number_tcp = connection_number_tcp; 1819 conn->connection_number_tcp = connection_number_tcp;
1820 memcpy(conn->public_key, n_c->public_key, crypto_box_PUBLICKEYBYTES); 1820 memcpy(conn->public_key, n_c->public_key, CRYPTO_PUBLIC_KEY_SIZE);
1821 memcpy(conn->recv_nonce, n_c->recv_nonce, crypto_box_NONCEBYTES); 1821 memcpy(conn->recv_nonce, n_c->recv_nonce, CRYPTO_NONCE_SIZE);
1822 memcpy(conn->peersessionpublic_key, n_c->peersessionpublic_key, crypto_box_PUBLICKEYBYTES); 1822 memcpy(conn->peersessionpublic_key, n_c->peersessionpublic_key, CRYPTO_PUBLIC_KEY_SIZE);
1823 random_nonce(conn->sent_nonce); 1823 random_nonce(conn->sent_nonce);
1824 crypto_box_keypair(conn->sessionpublic_key, conn->sessionsecret_key); 1824 crypto_new_keypair(conn->sessionpublic_key, conn->sessionsecret_key);
1825 encrypt_precompute(conn->peersessionpublic_key, conn->sessionsecret_key, conn->shared_key); 1825 encrypt_precompute(conn->peersessionpublic_key, conn->sessionsecret_key, conn->shared_key);
1826 conn->status = CRYPTO_CONN_NOT_CONFIRMED; 1826 conn->status = CRYPTO_CONN_NOT_CONFIRMED;
1827 1827
@@ -1833,7 +1833,7 @@ int accept_crypto_connection(Net_Crypto *c, New_Connection *n_c)
1833 return -1; 1833 return -1;
1834 } 1834 }
1835 1835
1836 memcpy(conn->dht_public_key, n_c->dht_public_key, crypto_box_PUBLICKEYBYTES); 1836 memcpy(conn->dht_public_key, n_c->dht_public_key, CRYPTO_PUBLIC_KEY_SIZE);
1837 conn->packet_send_rate = CRYPTO_PACKET_MIN_RATE; 1837 conn->packet_send_rate = CRYPTO_PACKET_MIN_RATE;
1838 conn->packet_send_rate_requested = CRYPTO_PACKET_MIN_RATE; 1838 conn->packet_send_rate_requested = CRYPTO_PACKET_MIN_RATE;
1839 conn->packets_left = CRYPTO_MIN_QUEUE_LENGTH; 1839 conn->packets_left = CRYPTO_MIN_QUEUE_LENGTH;
@@ -1877,15 +1877,15 @@ int new_crypto_connection(Net_Crypto *c, const uint8_t *real_public_key, const u
1877 } 1877 }
1878 1878
1879 conn->connection_number_tcp = connection_number_tcp; 1879 conn->connection_number_tcp = connection_number_tcp;
1880 memcpy(conn->public_key, real_public_key, crypto_box_PUBLICKEYBYTES); 1880 memcpy(conn->public_key, real_public_key, CRYPTO_PUBLIC_KEY_SIZE);
1881 random_nonce(conn->sent_nonce); 1881 random_nonce(conn->sent_nonce);
1882 crypto_box_keypair(conn->sessionpublic_key, conn->sessionsecret_key); 1882 crypto_new_keypair(conn->sessionpublic_key, conn->sessionsecret_key);
1883 conn->status = CRYPTO_CONN_COOKIE_REQUESTING; 1883 conn->status = CRYPTO_CONN_COOKIE_REQUESTING;
1884 conn->packet_send_rate = CRYPTO_PACKET_MIN_RATE; 1884 conn->packet_send_rate = CRYPTO_PACKET_MIN_RATE;
1885 conn->packet_send_rate_requested = CRYPTO_PACKET_MIN_RATE; 1885 conn->packet_send_rate_requested = CRYPTO_PACKET_MIN_RATE;
1886 conn->packets_left = CRYPTO_MIN_QUEUE_LENGTH; 1886 conn->packets_left = CRYPTO_MIN_QUEUE_LENGTH;
1887 conn->rtt_time = DEFAULT_PING_CONNECTION; 1887 conn->rtt_time = DEFAULT_PING_CONNECTION;
1888 memcpy(conn->dht_public_key, dht_public_key, crypto_box_PUBLICKEYBYTES); 1888 memcpy(conn->dht_public_key, dht_public_key, CRYPTO_PUBLIC_KEY_SIZE);
1889 1889
1890 conn->cookie_request_number = random_64b(); 1890 conn->cookie_request_number = random_64b();
1891 uint8_t cookie_request[COOKIE_REQUEST_LENGTH]; 1891 uint8_t cookie_request[COOKIE_REQUEST_LENGTH];
@@ -2221,7 +2221,7 @@ static int crypto_id_ip_port(const Net_Crypto *c, IP_Port ip_port)
2221 return bs_list_find(&c->ip_port_list, (uint8_t *)&ip_port); 2221 return bs_list_find(&c->ip_port_list, (uint8_t *)&ip_port);
2222} 2222}
2223 2223
2224#define CRYPTO_MIN_PACKET_SIZE (1 + sizeof(uint16_t) + crypto_box_MACBYTES) 2224#define CRYPTO_MIN_PACKET_SIZE (1 + sizeof(uint16_t) + CRYPTO_MAC_SIZE)
2225 2225
2226/* Handle raw UDP packets coming directly from the socket. 2226/* Handle raw UDP packets coming directly from the socket.
2227 * 2227 *
@@ -2752,27 +2752,27 @@ unsigned int crypto_connection_status(const Net_Crypto *c, int crypt_connection_
2752 2752
2753void new_keys(Net_Crypto *c) 2753void new_keys(Net_Crypto *c)
2754{ 2754{
2755 crypto_box_keypair(c->self_public_key, c->self_secret_key); 2755 crypto_new_keypair(c->self_public_key, c->self_secret_key);
2756} 2756}
2757 2757
2758/* Save the public and private keys to the keys array. 2758/* Save the public and private keys to the keys array.
2759 * Length must be crypto_box_PUBLICKEYBYTES + crypto_box_SECRETKEYBYTES. 2759 * Length must be CRYPTO_PUBLIC_KEY_SIZE + CRYPTO_SECRET_KEY_SIZE.
2760 * 2760 *
2761 * TODO(irungentoo): Save only secret key. 2761 * TODO(irungentoo): Save only secret key.
2762 */ 2762 */
2763void save_keys(const Net_Crypto *c, uint8_t *keys) 2763void save_keys(const Net_Crypto *c, uint8_t *keys)
2764{ 2764{
2765 memcpy(keys, c->self_public_key, crypto_box_PUBLICKEYBYTES); 2765 memcpy(keys, c->self_public_key, CRYPTO_PUBLIC_KEY_SIZE);
2766 memcpy(keys + crypto_box_PUBLICKEYBYTES, c->self_secret_key, crypto_box_SECRETKEYBYTES); 2766 memcpy(keys + CRYPTO_PUBLIC_KEY_SIZE, c->self_secret_key, CRYPTO_SECRET_KEY_SIZE);
2767} 2767}
2768 2768
2769/* Load the secret key. 2769/* Load the secret key.
2770 * Length must be crypto_box_SECRETKEYBYTES. 2770 * Length must be CRYPTO_SECRET_KEY_SIZE.
2771 */ 2771 */
2772void load_secret_key(Net_Crypto *c, const uint8_t *sk) 2772void load_secret_key(Net_Crypto *c, const uint8_t *sk)
2773{ 2773{
2774 memcpy(c->self_secret_key, sk, crypto_box_SECRETKEYBYTES); 2774 memcpy(c->self_secret_key, sk, CRYPTO_SECRET_KEY_SIZE);
2775 crypto_scalarmult_curve25519_base(c->self_public_key, c->self_secret_key); 2775 crypto_derive_public_key(c->self_public_key, c->self_secret_key);
2776} 2776}
2777 2777
2778/* Run this to (re)initialize net_crypto. 2778/* Run this to (re)initialize net_crypto.
@@ -2896,6 +2896,6 @@ void kill_net_crypto(Net_Crypto *c)
2896 networking_registerhandler(c->dht->net, NET_PACKET_COOKIE_RESPONSE, NULL, NULL); 2896 networking_registerhandler(c->dht->net, NET_PACKET_COOKIE_RESPONSE, NULL, NULL);
2897 networking_registerhandler(c->dht->net, NET_PACKET_CRYPTO_HS, NULL, NULL); 2897 networking_registerhandler(c->dht->net, NET_PACKET_CRYPTO_HS, NULL, NULL);
2898 networking_registerhandler(c->dht->net, NET_PACKET_CRYPTO_DATA, NULL, NULL); 2898 networking_registerhandler(c->dht->net, NET_PACKET_CRYPTO_DATA, NULL, NULL);
2899 sodium_memzero(c, sizeof(Net_Crypto)); 2899 crypto_memzero(c, sizeof(Net_Crypto));
2900 free(c); 2900 free(c);
2901} 2901}
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-20 22:57:47 +0000