summaryrefslogtreecommitdiff
path: root/core/net_crypto.h
blob: 570b937373826bbe5cf8dbca6702b3332b77edc9 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
/* net_crypto.h
 *
 * Functions for the core network crypto.
 *
 *  Copyright (C) 2013 Tox project All Rights Reserved.
 *
 *  This file is part of Tox.
 *
 *  Tox is free software: you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation, either version 3 of the License, or
 *  (at your option) any later version.
 *
 *  Tox is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License
 *  along with Tox.  If not, see <http://www.gnu.org/licenses/>.
 *
 */

#ifndef NET_CRYPTO_H
#define NET_CRYPTO_H

#include "Lossless_UDP.h"
#include "DHT.h"

#ifdef __cplusplus
extern "C" {
#endif

/* Our public key. */
extern uint8_t self_public_key[crypto_box_PUBLICKEYBYTES];
extern uint8_t self_secret_key[crypto_box_SECRETKEYBYTES];

#define ENCRYPTION_PADDING (crypto_box_ZEROBYTES - crypto_box_BOXZEROBYTES)

/* returns zero if the buffer contains only zeros */
uint8_t crypto_iszero(uint8_t* buffer, uint32_t blen);

/* encrypts plain of length length to encrypted of length + 16 using the
    public key(32 bytes) of the receiver and the secret key of the sender and a 24 byte nonce
    return -1 if there was a problem.
    return length of encrypted data if everything was fine. */
int encrypt_data(uint8_t *public_key, uint8_t *secret_key, uint8_t *nonce,
                    uint8_t *plain, uint32_t length, uint8_t *encrypted);


/* decrypts encrypted of length length to plain of length length - 16 using the
    public key(32 bytes) of the sender, the secret key of the receiver and a 24 byte nonce
    return -1 if there was a problem(decryption failed)
    return length of plain data if everything was fine. */
int decrypt_data(uint8_t *public_key, uint8_t *secret_key, uint8_t *nonce,
                    uint8_t *encrypted, uint32_t length, uint8_t *plain);

/* Fast encrypt/decrypt operations. Use if this is not a one-time communication. 
   encrypt_precompute does the shared-key generation once so it does not have
   to be preformed on every encrypt/decrypt. */
void encrypt_precompute(uint8_t *public_key, uint8_t *secret_key, uint8_t *enc_key);

/* Fast encrypt. Depends on enc_key from encrypt_precompute. */
int encrypt_data_fast(uint8_t *enc_key, uint8_t *nonce, 
                      uint8_t *plain, uint32_t length, uint8_t *encrypted);

/* Fast decrypt. Depends on enc_ley from encrypt_precompute. */
int decrypt_data_fast(uint8_t *enc_key, uint8_t *nonce,
                      uint8_t *encrypted, uint32_t length, uint8_t *plain);


/* fill the given nonce with random bytes. */
void random_nonce(uint8_t *nonce);

/* return 0 if there is no received data in the buffer
    return -1  if the packet was discarded.
    return length of received data if successful */
int read_cryptpacket(int crypt_connection_id, uint8_t *data);

/* return 0 if data could not be put in packet queue
    return 1 if data was put into the queue */
int write_cryptpacket(int crypt_connection_id, uint8_t *data, uint32_t length);

/* create a request to peer with public_key.
    packet must be an array of MAX_DATA_SIZE big.
    Data represents the data we send with the request with length being the length of the data.
    request_id is the id of the request (32 = friend request, 254 = ping request)
    returns -1 on failure
    returns the length of the created packet on success */
int create_request(uint8_t *packet, uint8_t * public_key, uint8_t *data, uint32_t length, uint8_t request_id);


typedef int (*cryptopacket_handler_callback)(IP_Port ip_port, uint8_t * source_pubkey, uint8_t *data, uint32_t len);
/* Function to call when request beginning with byte is received */
void cryptopacket_registerhandler(uint8_t byte, cryptopacket_handler_callback cb);

/* Start a secure connection with other peer who has public_key and ip_port
    returns -1 if failure
    returns crypt_connection_id of the initialized connection if everything went well. */
int crypto_connect(uint8_t *public_key, IP_Port ip_port);

/* kill a crypto connection
    return 0 if killed successfully
    return 1 if there was a problem. */
int crypto_kill(int crypt_connection_id);

/* handle an incoming connection
    return -1 if no crypto inbound connection
    return incoming connection id (Lossless_UDP one) if there is an incoming crypto connection
    Put the public key of the peer in public_key, the secret_nonce from the handshake into secret_nonce
    and the session public key for the connection in session_key
    to accept it see: accept_crypto_inbound(...)
    to refuse it just call kill_connection(...) on the connection id */
int crypto_inbound(uint8_t *public_key, uint8_t * secret_nonce, uint8_t *session_key);

/* accept an incoming connection using the parameters provided by crypto_inbound
    return -1 if not successful
    returns the crypt_connection_id if successful */
int accept_crypto_inbound(int connection_id, uint8_t *public_key, uint8_t * secret_nonce, uint8_t *session_key);

/* return 0 if no connection, 1 we have sent a handshake, 2 if connexion is not confirmed yet
    (we have received a handshake but no empty data packet), 3 if the connection is established.
    4 if the connection is timed out and waiting to be killed */
int is_cryptoconnected(int crypt_connection_id);


/* Generate our public and private keys
    Only call this function the first time the program starts. */
void new_keys(void);

/* save the public and private keys to the keys array
    Length must be crypto_box_PUBLICKEYBYTES + crypto_box_SECRETKEYBYTES */
void save_keys(uint8_t * keys);

/* load the public and private keys from the keys array
    Length must be crypto_box_PUBLICKEYBYTES + crypto_box_SECRETKEYBYTES */
void load_keys(uint8_t * keys);

/* run this to (re)initialize net_crypto
    sets all the global connection variables to their default values. */
void initNetCrypto(void);

/* main loop */
void doNetCrypto(void);

#ifdef __cplusplus
}
#endif

#endif