mirror of
https://github.com/irungentoo/toxcore.git
synced 2024-03-22 13:30:51 +08:00
Crypto related cleanups.
Moved Bunch of functions from net_crypto to crypto_core. decrypt_data_fast and decrypt_data_symmetric were the same thing therefore, removed decrypt_data_fast. Replaced all the crypto_secretbox_* defines with the equivalent crypto_box_* one. New define: crypto_box_KEYBYTES that is equal to crypto_box_BEFORENMBYTES.
This commit is contained in:
parent
1603ca974e
commit
9c6a8432ce
|
@ -89,7 +89,7 @@ START_TEST(test_basic)
|
||||||
uint8_t r_req[2 + 1 + crypto_box_PUBLICKEYBYTES + crypto_box_MACBYTES];
|
uint8_t r_req[2 + 1 + crypto_box_PUBLICKEYBYTES + crypto_box_MACBYTES];
|
||||||
uint16_t size = 1 + crypto_box_PUBLICKEYBYTES + crypto_box_MACBYTES;
|
uint16_t size = 1 + crypto_box_PUBLICKEYBYTES + crypto_box_MACBYTES;
|
||||||
size = htons(size);
|
size = htons(size);
|
||||||
ret = encrypt_data_fast(f_shared_key, f_nonce, r_req_p, 1 + crypto_box_PUBLICKEYBYTES, r_req + 2);
|
ret = encrypt_data_symmetric(f_shared_key, f_nonce, r_req_p, 1 + crypto_box_PUBLICKEYBYTES, r_req + 2);
|
||||||
increment_nonce(f_nonce);
|
increment_nonce(f_nonce);
|
||||||
memcpy(r_req, &size, 2);
|
memcpy(r_req, &size, 2);
|
||||||
uint32_t i;
|
uint32_t i;
|
||||||
|
@ -110,7 +110,7 @@ START_TEST(test_basic)
|
||||||
memcpy(&size, packet_resp, 2);
|
memcpy(&size, packet_resp, 2);
|
||||||
ck_assert_msg(ntohs(size) == 2 + crypto_box_PUBLICKEYBYTES + crypto_box_MACBYTES, "Wrong packet size.");
|
ck_assert_msg(ntohs(size) == 2 + crypto_box_PUBLICKEYBYTES + crypto_box_MACBYTES, "Wrong packet size.");
|
||||||
uint8_t packet_resp_plain[4096];
|
uint8_t packet_resp_plain[4096];
|
||||||
ret = decrypt_data_fast(f_shared_key, f_nonce_r, packet_resp + 2, recv_data_len - 2, packet_resp_plain);
|
ret = decrypt_data_symmetric(f_shared_key, f_nonce_r, packet_resp + 2, recv_data_len - 2, packet_resp_plain);
|
||||||
ck_assert_msg(ret != -1, "decryption failed");
|
ck_assert_msg(ret != -1, "decryption failed");
|
||||||
increment_nonce(f_nonce_r);
|
increment_nonce(f_nonce_r);
|
||||||
ck_assert_msg(packet_resp_plain[0] == 1, "wrong packet id %u", packet_resp_plain[0]);
|
ck_assert_msg(packet_resp_plain[0] == 1, "wrong packet id %u", packet_resp_plain[0]);
|
||||||
|
@ -179,7 +179,7 @@ int write_packet_TCP_secure_connection(struct sec_TCP_con *con, uint8_t *data, u
|
||||||
|
|
||||||
uint16_t c_length = htons(length + crypto_box_MACBYTES);
|
uint16_t c_length = htons(length + crypto_box_MACBYTES);
|
||||||
memcpy(packet, &c_length, sizeof(uint16_t));
|
memcpy(packet, &c_length, sizeof(uint16_t));
|
||||||
int len = encrypt_data_fast(con->shared_key, con->sent_nonce, data, length, packet + sizeof(uint16_t));
|
int len = encrypt_data_symmetric(con->shared_key, con->sent_nonce, data, length, packet + sizeof(uint16_t));
|
||||||
|
|
||||||
if ((unsigned int)len != (sizeof(packet) - sizeof(uint16_t)))
|
if ((unsigned int)len != (sizeof(packet) - sizeof(uint16_t)))
|
||||||
return -1;
|
return -1;
|
||||||
|
@ -194,7 +194,7 @@ int read_packet_sec_TCP(struct sec_TCP_con *con, uint8_t *data, uint16_t length)
|
||||||
{
|
{
|
||||||
int len;
|
int len;
|
||||||
ck_assert_msg((len = recv(con->sock, data, length, 0)) == length, "wrong len %i\n", len);
|
ck_assert_msg((len = recv(con->sock, data, length, 0)) == length, "wrong len %i\n", len);
|
||||||
ck_assert_msg((len = decrypt_data_fast(con->shared_key, con->recv_nonce, data + 2, length - 2, data)) != -1,
|
ck_assert_msg((len = decrypt_data_symmetric(con->shared_key, con->recv_nonce, data + 2, length - 2, data)) != -1,
|
||||||
"Decrypt failed");
|
"Decrypt failed");
|
||||||
increment_nonce(con->recv_nonce);
|
increment_nonce(con->recv_nonce);
|
||||||
return len;
|
return len;
|
||||||
|
|
|
@ -126,12 +126,12 @@ START_TEST(test_fast_known)
|
||||||
ck_assert_msg(sizeof(test_c) == sizeof(c), "sanity check failed");
|
ck_assert_msg(sizeof(test_c) == sizeof(c), "sanity check failed");
|
||||||
ck_assert_msg(sizeof(test_m) == sizeof(m), "sanity check failed");
|
ck_assert_msg(sizeof(test_m) == sizeof(m), "sanity check failed");
|
||||||
|
|
||||||
clen = encrypt_data_fast(k, nonce, test_m, sizeof(test_m) / sizeof(unsigned char), c);
|
clen = encrypt_data_symmetric(k, nonce, test_m, sizeof(test_m) / sizeof(unsigned char), c);
|
||||||
|
|
||||||
ck_assert_msg(memcmp(test_c, c, sizeof(c)) == 0, "cyphertext doesn't match test vector");
|
ck_assert_msg(memcmp(test_c, c, sizeof(c)) == 0, "cyphertext doesn't match test vector");
|
||||||
ck_assert_msg(clen == sizeof(c) / sizeof(unsigned char), "wrong ciphertext length");
|
ck_assert_msg(clen == sizeof(c) / sizeof(unsigned char), "wrong ciphertext length");
|
||||||
|
|
||||||
mlen = decrypt_data_fast(k, nonce, test_c, sizeof(test_c) / sizeof(unsigned char), m);
|
mlen = decrypt_data_symmetric(k, nonce, test_c, sizeof(test_c) / sizeof(unsigned char), m);
|
||||||
|
|
||||||
ck_assert_msg(memcmp(test_m, m, sizeof(m)) == 0, "decrypted text doesn't match test vector");
|
ck_assert_msg(memcmp(test_m, m, sizeof(m)) == 0, "decrypted text doesn't match test vector");
|
||||||
ck_assert_msg(mlen == sizeof(m) / sizeof(unsigned char), "wrong plaintext length");
|
ck_assert_msg(mlen == sizeof(m) / sizeof(unsigned char), "wrong plaintext length");
|
||||||
|
@ -186,8 +186,8 @@ START_TEST(test_endtoend)
|
||||||
//Encrypt all four ways
|
//Encrypt all four ways
|
||||||
c1len = encrypt_data(pk2, sk1, n, m, mlen, c1);
|
c1len = encrypt_data(pk2, sk1, n, m, mlen, c1);
|
||||||
c2len = encrypt_data(pk1, sk2, n, m, mlen, c2);
|
c2len = encrypt_data(pk1, sk2, n, m, mlen, c2);
|
||||||
c3len = encrypt_data_fast(k1, n, m, mlen, c3);
|
c3len = encrypt_data_symmetric(k1, n, m, mlen, c3);
|
||||||
c4len = encrypt_data_fast(k2, n, m, mlen, c4);
|
c4len = encrypt_data_symmetric(k2, n, m, mlen, c4);
|
||||||
|
|
||||||
ck_assert_msg(c1len == c2len && c1len == c3len && c1len == c4len, "cyphertext lengths differ");
|
ck_assert_msg(c1len == c2len && c1len == c3len && c1len == c4len, "cyphertext lengths differ");
|
||||||
ck_assert_msg(c1len == mlen + (int)crypto_box_MACBYTES, "wrong cyphertext length");
|
ck_assert_msg(c1len == mlen + (int)crypto_box_MACBYTES, "wrong cyphertext length");
|
||||||
|
@ -197,8 +197,8 @@ START_TEST(test_endtoend)
|
||||||
//Decrypt all four ways
|
//Decrypt all four ways
|
||||||
m1len = decrypt_data(pk2, sk1, n, c1, c1len, m1);
|
m1len = decrypt_data(pk2, sk1, n, c1, c1len, m1);
|
||||||
m2len = decrypt_data(pk1, sk2, n, c1, c1len, m2);
|
m2len = decrypt_data(pk1, sk2, n, c1, c1len, m2);
|
||||||
m3len = decrypt_data_fast(k1, n, c1, c1len, m3);
|
m3len = decrypt_data_symmetric(k1, n, c1, c1len, m3);
|
||||||
m4len = decrypt_data_fast(k2, n, c1, c1len, m4);
|
m4len = decrypt_data_symmetric(k2, n, c1, c1len, m4);
|
||||||
|
|
||||||
ck_assert_msg(m1len == m2len && m1len == m3len && m1len == m4len, "decrypted text lengths differ");
|
ck_assert_msg(m1len == m2len && m1len == m3len && m1len == m4len, "decrypted text lengths differ");
|
||||||
ck_assert_msg(m1len == mlen, "wrong decrypted text length");
|
ck_assert_msg(m1len == mlen, "wrong decrypted text length");
|
||||||
|
@ -233,13 +233,13 @@ START_TEST(test_large_data)
|
||||||
//Generate key
|
//Generate key
|
||||||
rand_bytes(k, crypto_box_BEFORENMBYTES);
|
rand_bytes(k, crypto_box_BEFORENMBYTES);
|
||||||
|
|
||||||
c1len = encrypt_data_fast(k, n, m1, sizeof(m1), c1);
|
c1len = encrypt_data_symmetric(k, n, m1, sizeof(m1), c1);
|
||||||
c2len = encrypt_data_fast(k, n, m2, sizeof(m2), c2);
|
c2len = encrypt_data_symmetric(k, n, m2, sizeof(m2), c2);
|
||||||
|
|
||||||
ck_assert_msg(c1len == sizeof(m1) + crypto_box_MACBYTES, "could not encrypt max size");
|
ck_assert_msg(c1len == sizeof(m1) + crypto_box_MACBYTES, "could not encrypt max size");
|
||||||
ck_assert_msg(c2len == -1, "incorrectly succeeded encrypting massive size");
|
ck_assert_msg(c2len == -1, "incorrectly succeeded encrypting massive size");
|
||||||
|
|
||||||
m1plen = decrypt_data_fast(k, n, c1, c1len, m1prime);
|
m1plen = decrypt_data_symmetric(k, n, c1, c1len, m1prime);
|
||||||
|
|
||||||
ck_assert_msg(m1plen == sizeof(m1), "decrypted text lengths differ");
|
ck_assert_msg(m1plen == sizeof(m1), "decrypted text lengths differ");
|
||||||
ck_assert_msg(memcmp(m1prime, m1, sizeof(m1)) == 0, "decrypted texts differ");
|
ck_assert_msg(memcmp(m1prime, m1, sizeof(m1)) == 0, "decrypted texts differ");
|
||||||
|
@ -248,9 +248,9 @@ END_TEST
|
||||||
|
|
||||||
START_TEST(test_large_data_symmetric)
|
START_TEST(test_large_data_symmetric)
|
||||||
{
|
{
|
||||||
unsigned char k[crypto_secretbox_KEYBYTES];
|
unsigned char k[crypto_box_KEYBYTES];
|
||||||
|
|
||||||
unsigned char n[crypto_secretbox_NONCEBYTES];
|
unsigned char n[crypto_box_NONCEBYTES];
|
||||||
|
|
||||||
unsigned char m1[16 * 16 * 16];
|
unsigned char m1[16 * 16 * 16];
|
||||||
unsigned char c1[sizeof(m1) + crypto_box_MACBYTES];
|
unsigned char c1[sizeof(m1) + crypto_box_MACBYTES];
|
||||||
|
|
|
@ -97,8 +97,8 @@ int main(int argc, char *argv[])
|
||||||
starttime = get_time();
|
starttime = get_time();
|
||||||
|
|
||||||
for (trialno = 0; trialno < numtrials; trialno++) {
|
for (trialno = 0; trialno < numtrials; trialno++) {
|
||||||
encrypt_data_fast(k1, n, m, sizeof(m), c);
|
encrypt_data_symmetric(k1, n, m, sizeof(m), c);
|
||||||
decrypt_data_fast(k2, n, c, sizeof(c), m);
|
decrypt_data_symmetric(k2, n, c, sizeof(c), m);
|
||||||
}
|
}
|
||||||
|
|
||||||
endtime = get_time();
|
endtime = get_time();
|
||||||
|
|
32
toxav/msi.c
32
toxav/msi.c
|
@ -932,11 +932,11 @@ int handle_recv_start ( MSISession *session, MSIMessage *msg )
|
||||||
|
|
||||||
session->call->state = call_active;
|
session->call->state = call_active;
|
||||||
|
|
||||||
session->call->key_peer = calloc ( sizeof ( uint8_t ), crypto_secretbox_KEYBYTES );
|
session->call->key_peer = calloc ( sizeof ( uint8_t ), crypto_box_KEYBYTES );
|
||||||
memcpy ( session->call->key_peer, msg->cryptokey.header_value, crypto_secretbox_KEYBYTES );
|
memcpy ( session->call->key_peer, msg->cryptokey.header_value, crypto_box_KEYBYTES );
|
||||||
|
|
||||||
session->call->nonce_peer = calloc ( sizeof ( uint8_t ), crypto_secretbox_NONCEBYTES );
|
session->call->nonce_peer = calloc ( sizeof ( uint8_t ), crypto_box_NONCEBYTES );
|
||||||
memcpy ( session->call->nonce_peer, msg->nonce.header_value, crypto_secretbox_NONCEBYTES );
|
memcpy ( session->call->nonce_peer, msg->nonce.header_value, crypto_box_NONCEBYTES );
|
||||||
|
|
||||||
flush_peer_type ( session, msg, 0 );
|
flush_peer_type ( session, msg, 0 );
|
||||||
|
|
||||||
|
@ -1030,24 +1030,24 @@ int handle_recv_starting ( MSISession *session, MSIMessage *msg )
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Generate local key/nonce to send */
|
/* Generate local key/nonce to send */
|
||||||
session->call->key_local = calloc ( sizeof ( uint8_t ), crypto_secretbox_KEYBYTES );
|
session->call->key_local = calloc ( sizeof ( uint8_t ), crypto_box_KEYBYTES );
|
||||||
new_symmetric_key ( session->call->key_local );
|
new_symmetric_key ( session->call->key_local );
|
||||||
|
|
||||||
session->call->nonce_local = calloc ( sizeof ( uint8_t ), crypto_secretbox_NONCEBYTES );
|
session->call->nonce_local = calloc ( sizeof ( uint8_t ), crypto_box_NONCEBYTES );
|
||||||
new_nonce ( session->call->nonce_local );
|
new_nonce ( session->call->nonce_local );
|
||||||
|
|
||||||
/* Save peer key/nonce */
|
/* Save peer key/nonce */
|
||||||
session->call->key_peer = calloc ( sizeof ( uint8_t ), crypto_secretbox_KEYBYTES );
|
session->call->key_peer = calloc ( sizeof ( uint8_t ), crypto_box_KEYBYTES );
|
||||||
memcpy ( session->call->key_peer, msg->cryptokey.header_value, crypto_secretbox_KEYBYTES );
|
memcpy ( session->call->key_peer, msg->cryptokey.header_value, crypto_box_KEYBYTES );
|
||||||
|
|
||||||
session->call->nonce_peer = calloc ( sizeof ( uint8_t ), crypto_secretbox_NONCEBYTES );
|
session->call->nonce_peer = calloc ( sizeof ( uint8_t ), crypto_box_NONCEBYTES );
|
||||||
memcpy ( session->call->nonce_peer, msg->nonce.header_value, crypto_secretbox_NONCEBYTES );
|
memcpy ( session->call->nonce_peer, msg->nonce.header_value, crypto_box_NONCEBYTES );
|
||||||
|
|
||||||
session->call->state = call_active;
|
session->call->state = call_active;
|
||||||
|
|
||||||
MSIMessage *_msg_start = msi_new_message ( TYPE_REQUEST, stringify_request ( start ) );
|
MSIMessage *_msg_start = msi_new_message ( TYPE_REQUEST, stringify_request ( start ) );
|
||||||
msi_msg_set_cryptokey ( _msg_start, session->call->key_local, crypto_secretbox_KEYBYTES );
|
msi_msg_set_cryptokey ( _msg_start, session->call->key_local, crypto_box_KEYBYTES );
|
||||||
msi_msg_set_nonce ( _msg_start, session->call->nonce_local, crypto_secretbox_NONCEBYTES );
|
msi_msg_set_nonce ( _msg_start, session->call->nonce_local, crypto_box_NONCEBYTES );
|
||||||
send_message ( session, _msg_start, msg->friend_id );
|
send_message ( session, _msg_start, msg->friend_id );
|
||||||
free_message ( _msg_start );
|
free_message ( _msg_start );
|
||||||
|
|
||||||
|
@ -1402,14 +1402,14 @@ int msi_answer ( MSISession *session, MSICallType call_type )
|
||||||
|
|
||||||
/* Now set the local encryption key and pass it with STARTING message */
|
/* Now set the local encryption key and pass it with STARTING message */
|
||||||
|
|
||||||
session->call->key_local = calloc ( sizeof ( uint8_t ), crypto_secretbox_KEYBYTES );
|
session->call->key_local = calloc ( sizeof ( uint8_t ), crypto_box_KEYBYTES );
|
||||||
new_symmetric_key ( session->call->key_local );
|
new_symmetric_key ( session->call->key_local );
|
||||||
|
|
||||||
session->call->nonce_local = calloc ( sizeof ( uint8_t ), crypto_secretbox_NONCEBYTES );
|
session->call->nonce_local = calloc ( sizeof ( uint8_t ), crypto_box_NONCEBYTES );
|
||||||
new_nonce ( session->call->nonce_local );
|
new_nonce ( session->call->nonce_local );
|
||||||
|
|
||||||
msi_msg_set_cryptokey ( _msg_starting, session->call->key_local, crypto_secretbox_KEYBYTES );
|
msi_msg_set_cryptokey ( _msg_starting, session->call->key_local, crypto_box_KEYBYTES );
|
||||||
msi_msg_set_nonce ( _msg_starting, session->call->nonce_local, crypto_secretbox_NONCEBYTES );
|
msi_msg_set_nonce ( _msg_starting, session->call->nonce_local, crypto_box_NONCEBYTES );
|
||||||
|
|
||||||
send_message ( session, _msg_starting, session->call->peers[session->call->peer_count - 1] );
|
send_message ( session, _msg_starting, session->call->peers[session->call->peer_count - 1] );
|
||||||
free_message ( _msg_starting );
|
free_message ( _msg_starting );
|
||||||
|
|
40
toxav/rtp.c
40
toxav/rtp.c
|
@ -168,8 +168,8 @@ inline__ void increase_nonce(uint8_t *nonce, uint16_t target)
|
||||||
uint16_t _nonce_counter;
|
uint16_t _nonce_counter;
|
||||||
|
|
||||||
uint8_t _reverse_bytes[2];
|
uint8_t _reverse_bytes[2];
|
||||||
_reverse_bytes[0] = nonce[crypto_secretbox_NONCEBYTES - 1];
|
_reverse_bytes[0] = nonce[crypto_box_NONCEBYTES - 1];
|
||||||
_reverse_bytes[1] = nonce[crypto_secretbox_NONCEBYTES - 2];
|
_reverse_bytes[1] = nonce[crypto_box_NONCEBYTES - 2];
|
||||||
|
|
||||||
bytes_to_U16(&_nonce_counter, _reverse_bytes );
|
bytes_to_U16(&_nonce_counter, _reverse_bytes );
|
||||||
|
|
||||||
|
@ -177,8 +177,8 @@ inline__ void increase_nonce(uint8_t *nonce, uint16_t target)
|
||||||
if (_nonce_counter > UINT16_MAX - target ) { /* 2 bytes are not long enough */
|
if (_nonce_counter > UINT16_MAX - target ) { /* 2 bytes are not long enough */
|
||||||
uint8_t _it = 3;
|
uint8_t _it = 3;
|
||||||
|
|
||||||
while ( _it <= crypto_secretbox_NONCEBYTES ) _it += ++nonce[crypto_secretbox_NONCEBYTES - _it] ?
|
while ( _it <= crypto_box_NONCEBYTES ) _it += ++nonce[crypto_box_NONCEBYTES - _it] ?
|
||||||
crypto_secretbox_NONCEBYTES : 1;
|
crypto_box_NONCEBYTES : 1;
|
||||||
|
|
||||||
_nonce_counter = _nonce_counter - (UINT16_MAX - target ); /* Assign the rest of it */
|
_nonce_counter = _nonce_counter - (UINT16_MAX - target ); /* Assign the rest of it */
|
||||||
} else { /* Increase nonce */
|
} else { /* Increase nonce */
|
||||||
|
@ -189,8 +189,8 @@ inline__ void increase_nonce(uint8_t *nonce, uint16_t target)
|
||||||
/* Assign the last bytes */
|
/* Assign the last bytes */
|
||||||
|
|
||||||
U16_to_bytes( _reverse_bytes, _nonce_counter);
|
U16_to_bytes( _reverse_bytes, _nonce_counter);
|
||||||
nonce [crypto_secretbox_NONCEBYTES - 1] = _reverse_bytes[0];
|
nonce [crypto_box_NONCEBYTES - 1] = _reverse_bytes[0];
|
||||||
nonce [crypto_secretbox_NONCEBYTES - 2] = _reverse_bytes[1];
|
nonce [crypto_box_NONCEBYTES - 2] = _reverse_bytes[1];
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -496,7 +496,7 @@ int rtp_handle_packet ( void *object, IP_Port ip_port, uint8_t *data, uint32_t l
|
||||||
RTPSession *_session = object;
|
RTPSession *_session = object;
|
||||||
RTPMessage *_msg;
|
RTPMessage *_msg;
|
||||||
|
|
||||||
if ( !_session || length < 13 + crypto_secretbox_MACBYTES) /* 12 is the minimum length for rtp + desc. byte */
|
if ( !_session || length < 13 + crypto_box_MACBYTES) /* 12 is the minimum length for rtp + desc. byte */
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
uint8_t _plain[MAX_UDP_PACKET_SIZE];
|
uint8_t _plain[MAX_UDP_PACKET_SIZE];
|
||||||
|
@ -505,8 +505,8 @@ int rtp_handle_packet ( void *object, IP_Port ip_port, uint8_t *data, uint32_t l
|
||||||
bytes_to_U16(&_sequnum, data + 1);
|
bytes_to_U16(&_sequnum, data + 1);
|
||||||
|
|
||||||
/* Clculate the right nonce */
|
/* Clculate the right nonce */
|
||||||
uint8_t _calculated[crypto_secretbox_NONCEBYTES];
|
uint8_t _calculated[crypto_box_NONCEBYTES];
|
||||||
memcpy(_calculated, _session->decrypt_nonce, crypto_secretbox_NONCEBYTES);
|
memcpy(_calculated, _session->decrypt_nonce, crypto_box_NONCEBYTES);
|
||||||
increase_nonce ( _calculated, _sequnum );
|
increase_nonce ( _calculated, _sequnum );
|
||||||
|
|
||||||
/* Decrypt message */
|
/* Decrypt message */
|
||||||
|
@ -536,8 +536,8 @@ int rtp_handle_packet ( void *object, IP_Port ip_port, uint8_t *data, uint32_t l
|
||||||
if ( _decrypted_length == -1 ) return -1; /* This is just an error */
|
if ( _decrypted_length == -1 ) return -1; /* This is just an error */
|
||||||
|
|
||||||
/* A new cycle setting. */
|
/* A new cycle setting. */
|
||||||
memcpy(_session->nonce_cycle, _session->decrypt_nonce, crypto_secretbox_NONCEBYTES);
|
memcpy(_session->nonce_cycle, _session->decrypt_nonce, crypto_box_NONCEBYTES);
|
||||||
memcpy(_session->decrypt_nonce, _calculated, crypto_secretbox_NONCEBYTES);
|
memcpy(_session->decrypt_nonce, _calculated, crypto_box_NONCEBYTES);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -735,8 +735,8 @@ int rtp_send_msg ( RTPSession *session, Messenger *messenger, const uint8_t *dat
|
||||||
_send_data[0] = session->prefix;
|
_send_data[0] = session->prefix;
|
||||||
|
|
||||||
/* Generate the right nonce */
|
/* Generate the right nonce */
|
||||||
uint8_t _calculated[crypto_secretbox_NONCEBYTES];
|
uint8_t _calculated[crypto_box_NONCEBYTES];
|
||||||
memcpy(_calculated, session->encrypt_nonce, crypto_secretbox_NONCEBYTES);
|
memcpy(_calculated, session->encrypt_nonce, crypto_box_NONCEBYTES);
|
||||||
increase_nonce ( _calculated, msg->header->sequnum );
|
increase_nonce ( _calculated, msg->header->sequnum );
|
||||||
|
|
||||||
/* Need to skip 2 bytes that are for sequnum */
|
/* Need to skip 2 bytes that are for sequnum */
|
||||||
|
@ -760,7 +760,7 @@ int rtp_send_msg ( RTPSession *session, Messenger *messenger, const uint8_t *dat
|
||||||
/* Set sequ number */
|
/* Set sequ number */
|
||||||
if ( session->sequnum >= MAX_SEQU_NUM ) {
|
if ( session->sequnum >= MAX_SEQU_NUM ) {
|
||||||
session->sequnum = 0;
|
session->sequnum = 0;
|
||||||
memcpy(session->encrypt_nonce, _calculated, crypto_secretbox_NONCEBYTES);
|
memcpy(session->encrypt_nonce, _calculated, crypto_box_NONCEBYTES);
|
||||||
} else {
|
} else {
|
||||||
session->sequnum++;
|
session->sequnum++;
|
||||||
}
|
}
|
||||||
|
@ -850,16 +850,16 @@ RTPSession *rtp_init_session ( int payload_type,
|
||||||
_retu->decrypt_key = decrypt_key;
|
_retu->decrypt_key = decrypt_key;
|
||||||
|
|
||||||
/* Need to allocate new memory */
|
/* Need to allocate new memory */
|
||||||
_retu->encrypt_nonce = calloc ( crypto_secretbox_NONCEBYTES, sizeof (uint8_t) );
|
_retu->encrypt_nonce = calloc ( crypto_box_NONCEBYTES, sizeof (uint8_t) );
|
||||||
assert(_retu->encrypt_nonce);
|
assert(_retu->encrypt_nonce);
|
||||||
_retu->decrypt_nonce = calloc ( crypto_secretbox_NONCEBYTES, sizeof (uint8_t) );
|
_retu->decrypt_nonce = calloc ( crypto_box_NONCEBYTES, sizeof (uint8_t) );
|
||||||
assert(_retu->decrypt_nonce);
|
assert(_retu->decrypt_nonce);
|
||||||
_retu->nonce_cycle = calloc ( crypto_secretbox_NONCEBYTES, sizeof (uint8_t) );
|
_retu->nonce_cycle = calloc ( crypto_box_NONCEBYTES, sizeof (uint8_t) );
|
||||||
assert(_retu->nonce_cycle);
|
assert(_retu->nonce_cycle);
|
||||||
|
|
||||||
memcpy(_retu->encrypt_nonce, encrypt_nonce, crypto_secretbox_NONCEBYTES);
|
memcpy(_retu->encrypt_nonce, encrypt_nonce, crypto_box_NONCEBYTES);
|
||||||
memcpy(_retu->decrypt_nonce, decrypt_nonce, crypto_secretbox_NONCEBYTES);
|
memcpy(_retu->decrypt_nonce, decrypt_nonce, crypto_box_NONCEBYTES);
|
||||||
memcpy(_retu->nonce_cycle , decrypt_nonce, crypto_secretbox_NONCEBYTES);
|
memcpy(_retu->nonce_cycle , decrypt_nonce, crypto_box_NONCEBYTES);
|
||||||
|
|
||||||
_retu->csrc = calloc(1, sizeof (uint32_t));
|
_retu->csrc = calloc(1, sizeof (uint32_t));
|
||||||
assert(_retu->csrc);
|
assert(_retu->csrc);
|
||||||
|
|
|
@ -925,7 +925,7 @@ end:
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
#define NODES_ENCRYPTED_MESSAGE_LENGTH (crypto_secretbox_NONCEBYTES + sizeof(uint64_t) + sizeof(Node_format) + sizeof(Node_format) + crypto_secretbox_MACBYTES)
|
#define NODES_ENCRYPTED_MESSAGE_LENGTH (crypto_box_NONCEBYTES + sizeof(uint64_t) + sizeof(Node_format) + sizeof(Node_format) + crypto_box_MACBYTES)
|
||||||
|
|
||||||
/* Send a getnodes request.
|
/* Send a getnodes request.
|
||||||
sendback_node is the node that it will send back the response to (set to NULL to disable this) */
|
sendback_node is the node that it will send back the response to (set to NULL to disable this) */
|
||||||
|
@ -958,9 +958,9 @@ static int getnodes(DHT *dht, IP_Port ip_port, uint8_t *public_key, uint8_t *cli
|
||||||
nonce,
|
nonce,
|
||||||
plain_message,
|
plain_message,
|
||||||
sizeof(temp_time) + sizeof(reciever) + sizeof(Node_format),
|
sizeof(temp_time) + sizeof(reciever) + sizeof(Node_format),
|
||||||
encrypted_message + crypto_secretbox_NONCEBYTES);
|
encrypted_message + crypto_box_NONCEBYTES);
|
||||||
|
|
||||||
if (len_m != NODES_ENCRYPTED_MESSAGE_LENGTH - crypto_secretbox_NONCEBYTES)
|
if (len_m != NODES_ENCRYPTED_MESSAGE_LENGTH - crypto_box_NONCEBYTES)
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
uint8_t data[1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES + CLIENT_ID_SIZE + NODES_ENCRYPTED_MESSAGE_LENGTH + crypto_box_MACBYTES];
|
uint8_t data[1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES + CLIENT_ID_SIZE + NODES_ENCRYPTED_MESSAGE_LENGTH + crypto_box_MACBYTES];
|
||||||
|
@ -973,7 +973,7 @@ static int getnodes(DHT *dht, IP_Port ip_port, uint8_t *public_key, uint8_t *cli
|
||||||
|
|
||||||
uint8_t shared_key[crypto_box_BEFORENMBYTES];
|
uint8_t shared_key[crypto_box_BEFORENMBYTES];
|
||||||
DHT_get_shared_key_sent(dht, shared_key, public_key);
|
DHT_get_shared_key_sent(dht, shared_key, public_key);
|
||||||
int len = encrypt_data_fast( shared_key,
|
int len = encrypt_data_symmetric( shared_key,
|
||||||
nonce,
|
nonce,
|
||||||
plain,
|
plain,
|
||||||
CLIENT_ID_SIZE + NODES_ENCRYPTED_MESSAGE_LENGTH,
|
CLIENT_ID_SIZE + NODES_ENCRYPTED_MESSAGE_LENGTH,
|
||||||
|
@ -1019,7 +1019,7 @@ static int sendnodes_ipv6(DHT *dht, IP_Port ip_port, uint8_t *public_key, uint8_
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
memcpy(plain + nodes_length, encrypted_data, NODES_ENCRYPTED_MESSAGE_LENGTH);
|
memcpy(plain + nodes_length, encrypted_data, NODES_ENCRYPTED_MESSAGE_LENGTH);
|
||||||
int len = encrypt_data_fast( shared_encryption_key,
|
int len = encrypt_data_symmetric( shared_encryption_key,
|
||||||
nonce,
|
nonce,
|
||||||
plain,
|
plain,
|
||||||
nodes_length + NODES_ENCRYPTED_MESSAGE_LENGTH,
|
nodes_length + NODES_ENCRYPTED_MESSAGE_LENGTH,
|
||||||
|
@ -1052,7 +1052,7 @@ static int handle_getnodes(void *object, IP_Port source, uint8_t *packet, uint32
|
||||||
uint8_t shared_key[crypto_box_BEFORENMBYTES];
|
uint8_t shared_key[crypto_box_BEFORENMBYTES];
|
||||||
|
|
||||||
DHT_get_shared_key_recv(dht, shared_key, packet + 1);
|
DHT_get_shared_key_recv(dht, shared_key, packet + 1);
|
||||||
int len = decrypt_data_fast( shared_key,
|
int len = decrypt_data_symmetric( shared_key,
|
||||||
packet + 1 + CLIENT_ID_SIZE,
|
packet + 1 + CLIENT_ID_SIZE,
|
||||||
packet + 1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES,
|
packet + 1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES,
|
||||||
CLIENT_ID_SIZE + NODES_ENCRYPTED_MESSAGE_LENGTH + crypto_box_MACBYTES,
|
CLIENT_ID_SIZE + NODES_ENCRYPTED_MESSAGE_LENGTH + crypto_box_MACBYTES,
|
||||||
|
@ -1075,8 +1075,8 @@ static uint8_t sent_getnode_to_node(DHT *dht, uint8_t *client_id, IP_Port node_i
|
||||||
{
|
{
|
||||||
uint8_t plain_message[NODES_ENCRYPTED_MESSAGE_LENGTH];
|
uint8_t plain_message[NODES_ENCRYPTED_MESSAGE_LENGTH];
|
||||||
|
|
||||||
if (decrypt_data_symmetric(dht->secret_symmetric_key, encrypted_data, encrypted_data + crypto_secretbox_NONCEBYTES,
|
if (decrypt_data_symmetric(dht->secret_symmetric_key, encrypted_data, encrypted_data + crypto_box_NONCEBYTES,
|
||||||
NODES_ENCRYPTED_MESSAGE_LENGTH - crypto_secretbox_NONCEBYTES,
|
NODES_ENCRYPTED_MESSAGE_LENGTH - crypto_box_NONCEBYTES,
|
||||||
plain_message) != sizeof(uint64_t) + sizeof(Node_format) * 2)
|
plain_message) != sizeof(uint64_t) + sizeof(Node_format) * 2)
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
|
@ -1121,7 +1121,7 @@ static int handle_sendnodes_core(void *object, IP_Port source, uint8_t *packet,
|
||||||
uint8_t plain[data_size + NODES_ENCRYPTED_MESSAGE_LENGTH];
|
uint8_t plain[data_size + NODES_ENCRYPTED_MESSAGE_LENGTH];
|
||||||
uint8_t shared_key[crypto_box_BEFORENMBYTES];
|
uint8_t shared_key[crypto_box_BEFORENMBYTES];
|
||||||
DHT_get_shared_key_sent(dht, shared_key, packet + 1);
|
DHT_get_shared_key_sent(dht, shared_key, packet + 1);
|
||||||
int len = decrypt_data_fast(
|
int len = decrypt_data_symmetric(
|
||||||
shared_key,
|
shared_key,
|
||||||
packet + 1 + CLIENT_ID_SIZE,
|
packet + 1 + CLIENT_ID_SIZE,
|
||||||
packet + 1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES,
|
packet + 1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES,
|
||||||
|
|
|
@ -177,7 +177,7 @@ typedef struct {
|
||||||
uint32_t close_bootstrap_times;
|
uint32_t close_bootstrap_times;
|
||||||
|
|
||||||
/* Note: this key should not be/is not used to transmit any sensitive materials */
|
/* Note: this key should not be/is not used to transmit any sensitive materials */
|
||||||
uint8_t secret_symmetric_key[crypto_secretbox_KEYBYTES];
|
uint8_t secret_symmetric_key[crypto_box_KEYBYTES];
|
||||||
/* DHT keypair */
|
/* DHT keypair */
|
||||||
uint8_t self_public_key[crypto_box_PUBLICKEYBYTES];
|
uint8_t self_public_key[crypto_box_PUBLICKEYBYTES];
|
||||||
uint8_t self_secret_key[crypto_box_SECRETKEYBYTES];
|
uint8_t self_secret_key[crypto_box_SECRETKEYBYTES];
|
||||||
|
|
|
@ -9,6 +9,8 @@ libtoxcore_la_SOURCES = ../toxcore/DHT.h \
|
||||||
../toxcore/DHT.c \
|
../toxcore/DHT.c \
|
||||||
../toxcore/network.h \
|
../toxcore/network.h \
|
||||||
../toxcore/network.c \
|
../toxcore/network.c \
|
||||||
|
../toxcore/crypto_core.h \
|
||||||
|
../toxcore/crypto_core.c \
|
||||||
../toxcore/Lossless_UDP.h \
|
../toxcore/Lossless_UDP.h \
|
||||||
../toxcore/Lossless_UDP.c \
|
../toxcore/Lossless_UDP.c \
|
||||||
../toxcore/net_crypto.h \
|
../toxcore/net_crypto.h \
|
||||||
|
|
|
@ -2752,75 +2752,6 @@ int messenger_load(Messenger *m, uint8_t *data, uint32_t length)
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* return the size of data to pass to messenger_save_encrypted(...)
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
uint32_t messenger_size_encrypted(Messenger *m)
|
|
||||||
{
|
|
||||||
return messenger_size(m) + crypto_secretbox_MACBYTES + crypto_secretbox_NONCEBYTES;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Save the messenger, encrypting the data with key of length key_length
|
|
||||||
*
|
|
||||||
* return 0 on success.
|
|
||||||
* return -1 on failure.
|
|
||||||
*/
|
|
||||||
int messenger_save_encrypted(Messenger *m, uint8_t *data, uint8_t *key, uint16_t key_length)
|
|
||||||
{
|
|
||||||
uint32_t m_size = messenger_size(m);
|
|
||||||
uint8_t *plain_messenger = malloc(m_size);
|
|
||||||
|
|
||||||
if (plain_messenger == NULL)
|
|
||||||
return -1;
|
|
||||||
|
|
||||||
messenger_save(m, plain_messenger);
|
|
||||||
|
|
||||||
/* Hash the key with SHA256 to get a 32byte key. */
|
|
||||||
uint8_t hash[crypto_hash_sha256_BYTES];
|
|
||||||
crypto_hash_sha256(hash, key, key_length);
|
|
||||||
random_nonce(data);
|
|
||||||
encrypt_data_symmetric(hash, data, plain_messenger, m_size, data + crypto_secretbox_NONCEBYTES);
|
|
||||||
|
|
||||||
memset(plain_messenger, 0, m_size);
|
|
||||||
free(plain_messenger);
|
|
||||||
memset(hash, 0, crypto_hash_sha256_BYTES);
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Load the messenger from data of size length encrypted with key of key_length.
|
|
||||||
*
|
|
||||||
* return 0 on success.
|
|
||||||
* return -1 on failure.
|
|
||||||
*/
|
|
||||||
int messenger_load_encrypted(Messenger *m, uint8_t *data, uint32_t length, uint8_t *key, uint16_t key_length)
|
|
||||||
{
|
|
||||||
if (length <= crypto_secretbox_MACBYTES + crypto_secretbox_NONCEBYTES)
|
|
||||||
return -1;
|
|
||||||
|
|
||||||
uint8_t *plain_messenger = malloc(length);
|
|
||||||
|
|
||||||
if (plain_messenger == NULL)
|
|
||||||
return -1;
|
|
||||||
|
|
||||||
/* Hash the key with SHA256 to get a 32byte key. */
|
|
||||||
uint8_t hash[crypto_hash_sha256_BYTES];
|
|
||||||
crypto_hash_sha256(hash, key, key_length);
|
|
||||||
int len = decrypt_data_symmetric(hash, data, data + crypto_secretbox_NONCEBYTES, length - crypto_secretbox_NONCEBYTES,
|
|
||||||
plain_messenger);
|
|
||||||
int ret;
|
|
||||||
|
|
||||||
if ((uint32_t)len == length - crypto_secretbox_NONCEBYTES - crypto_secretbox_MACBYTES) {
|
|
||||||
ret = messenger_load(m, plain_messenger, length - crypto_secretbox_NONCEBYTES - crypto_secretbox_MACBYTES);
|
|
||||||
} else {
|
|
||||||
ret = -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
memset(plain_messenger, 0, length);
|
|
||||||
free(plain_messenger);
|
|
||||||
memset(hash, 0, crypto_hash_sha256_BYTES);
|
|
||||||
return ret;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Return the number of friends in the instance m.
|
/* Return the number of friends in the instance m.
|
||||||
* You should use this to determine how much memory to allocate
|
* You should use this to determine how much memory to allocate
|
||||||
* for copy_friendlist. */
|
* for copy_friendlist. */
|
||||||
|
|
|
@ -736,24 +736,6 @@ void messenger_save(Messenger *m, uint8_t *data);
|
||||||
/* Load the messenger from data of size length. */
|
/* Load the messenger from data of size length. */
|
||||||
int messenger_load(Messenger *m, uint8_t *data, uint32_t length);
|
int messenger_load(Messenger *m, uint8_t *data, uint32_t length);
|
||||||
|
|
||||||
/* return the size of data to pass to messenger_save_encrypted(...)
|
|
||||||
*/
|
|
||||||
uint32_t messenger_size_encrypted(Messenger *m);
|
|
||||||
|
|
||||||
/* Save the messenger, encrypting the data with key of length key_length
|
|
||||||
*
|
|
||||||
* return 0 on success.
|
|
||||||
* return -1 on failure.
|
|
||||||
*/
|
|
||||||
int messenger_save_encrypted(Messenger *m, uint8_t *data, uint8_t *key, uint16_t key_length);
|
|
||||||
|
|
||||||
/* Load the messenger from data of size length encrypted with key of key_length.
|
|
||||||
*
|
|
||||||
* return 0 on success.
|
|
||||||
* return -1 on failure.
|
|
||||||
*/
|
|
||||||
int messenger_load_encrypted(Messenger *m, uint8_t *data, uint32_t length, uint8_t *key, uint16_t key_length);
|
|
||||||
|
|
||||||
/* Return the number of friends in the instance m.
|
/* Return the number of friends in the instance m.
|
||||||
* You should use this to determine how much memory to allocate
|
* You should use this to determine how much memory to allocate
|
||||||
* for copy_friendlist. */
|
* for copy_friendlist. */
|
||||||
|
|
|
@ -74,7 +74,7 @@ static int generate_handshake(TCP_Client_Connection *TCP_conn, uint8_t *self_pub
|
||||||
memcpy(plain + crypto_box_PUBLICKEYBYTES, TCP_conn->sent_nonce, crypto_box_NONCEBYTES);
|
memcpy(plain + crypto_box_PUBLICKEYBYTES, TCP_conn->sent_nonce, crypto_box_NONCEBYTES);
|
||||||
memcpy(TCP_conn->last_packet, self_public_key, crypto_box_PUBLICKEYBYTES);
|
memcpy(TCP_conn->last_packet, self_public_key, crypto_box_PUBLICKEYBYTES);
|
||||||
new_nonce(TCP_conn->last_packet + crypto_box_PUBLICKEYBYTES);
|
new_nonce(TCP_conn->last_packet + crypto_box_PUBLICKEYBYTES);
|
||||||
int len = encrypt_data_fast(TCP_conn->shared_key, TCP_conn->last_packet + crypto_box_PUBLICKEYBYTES, plain,
|
int len = encrypt_data_symmetric(TCP_conn->shared_key, TCP_conn->last_packet + crypto_box_PUBLICKEYBYTES, plain,
|
||||||
sizeof(plain), TCP_conn->last_packet + crypto_box_PUBLICKEYBYTES + crypto_box_NONCEBYTES);
|
sizeof(plain), TCP_conn->last_packet + crypto_box_PUBLICKEYBYTES + crypto_box_NONCEBYTES);
|
||||||
|
|
||||||
if (len != sizeof(plain) + crypto_box_MACBYTES)
|
if (len != sizeof(plain) + crypto_box_MACBYTES)
|
||||||
|
@ -93,7 +93,7 @@ static int generate_handshake(TCP_Client_Connection *TCP_conn, uint8_t *self_pub
|
||||||
static int handle_handshake(TCP_Client_Connection *TCP_conn, uint8_t *data)
|
static int handle_handshake(TCP_Client_Connection *TCP_conn, uint8_t *data)
|
||||||
{
|
{
|
||||||
uint8_t plain[crypto_box_PUBLICKEYBYTES + crypto_box_NONCEBYTES];
|
uint8_t plain[crypto_box_PUBLICKEYBYTES + crypto_box_NONCEBYTES];
|
||||||
int len = decrypt_data_fast(TCP_conn->shared_key, data, data + crypto_box_NONCEBYTES,
|
int len = decrypt_data_symmetric(TCP_conn->shared_key, data, data + crypto_box_NONCEBYTES,
|
||||||
TCP_SERVER_HANDSHAKE_SIZE - crypto_box_NONCEBYTES, plain);
|
TCP_SERVER_HANDSHAKE_SIZE - crypto_box_NONCEBYTES, plain);
|
||||||
|
|
||||||
if (len != sizeof(plain))
|
if (len != sizeof(plain))
|
||||||
|
@ -149,7 +149,7 @@ static int write_packet_TCP_secure_connection(TCP_Client_Connection *con, uint8_
|
||||||
|
|
||||||
uint16_t c_length = htons(length + crypto_box_MACBYTES);
|
uint16_t c_length = htons(length + crypto_box_MACBYTES);
|
||||||
memcpy(packet, &c_length, sizeof(uint16_t));
|
memcpy(packet, &c_length, sizeof(uint16_t));
|
||||||
int len = encrypt_data_fast(con->shared_key, con->sent_nonce, data, length, packet + sizeof(uint16_t));
|
int len = encrypt_data_symmetric(con->shared_key, con->sent_nonce, data, length, packet + sizeof(uint16_t));
|
||||||
|
|
||||||
if ((unsigned int)len != (sizeof(packet) - sizeof(uint16_t)))
|
if ((unsigned int)len != (sizeof(packet) - sizeof(uint16_t)))
|
||||||
return -1;
|
return -1;
|
||||||
|
|
|
@ -24,7 +24,7 @@
|
||||||
#ifndef TCP_CLIENT_H
|
#ifndef TCP_CLIENT_H
|
||||||
#define TCP_CLIENT_H
|
#define TCP_CLIENT_H
|
||||||
|
|
||||||
#include "net_crypto.h"
|
#include "crypto_core.h"
|
||||||
#include "TCP_server.h"
|
#include "TCP_server.h"
|
||||||
|
|
||||||
#define TCP_CONNECTION_TIMEOUT 10
|
#define TCP_CONNECTION_TIMEOUT 10
|
||||||
|
|
|
@ -258,7 +258,7 @@ int read_packet_TCP_secure_connection(sock_t sock, uint16_t *next_packet_length,
|
||||||
|
|
||||||
*next_packet_length = 0;
|
*next_packet_length = 0;
|
||||||
|
|
||||||
int len = decrypt_data_fast(shared_key, recv_nonce, data_encrypted, len_packet, data);
|
int len = decrypt_data_symmetric(shared_key, recv_nonce, data_encrypted, len_packet, data);
|
||||||
|
|
||||||
if (len + crypto_box_MACBYTES != len_packet)
|
if (len + crypto_box_MACBYTES != len_packet)
|
||||||
return -1;
|
return -1;
|
||||||
|
@ -313,7 +313,7 @@ static int write_packet_TCP_secure_connection(TCP_Secure_Connection *con, uint8_
|
||||||
|
|
||||||
uint16_t c_length = htons(length + crypto_box_MACBYTES);
|
uint16_t c_length = htons(length + crypto_box_MACBYTES);
|
||||||
memcpy(packet, &c_length, sizeof(uint16_t));
|
memcpy(packet, &c_length, sizeof(uint16_t));
|
||||||
int len = encrypt_data_fast(con->shared_key, con->sent_nonce, data, length, packet + sizeof(uint16_t));
|
int len = encrypt_data_symmetric(con->shared_key, con->sent_nonce, data, length, packet + sizeof(uint16_t));
|
||||||
|
|
||||||
if ((unsigned int)len != (sizeof(packet) - sizeof(uint16_t)))
|
if ((unsigned int)len != (sizeof(packet) - sizeof(uint16_t)))
|
||||||
return -1;
|
return -1;
|
||||||
|
@ -356,7 +356,7 @@ static int handle_TCP_handshake(TCP_Secure_Connection *con, uint8_t *data, uint1
|
||||||
uint8_t shared_key[crypto_box_BEFORENMBYTES];
|
uint8_t shared_key[crypto_box_BEFORENMBYTES];
|
||||||
encrypt_precompute(data, self_secret_key, shared_key);
|
encrypt_precompute(data, self_secret_key, shared_key);
|
||||||
uint8_t plain[TCP_HANDSHAKE_PLAIN_SIZE];
|
uint8_t plain[TCP_HANDSHAKE_PLAIN_SIZE];
|
||||||
int len = decrypt_data_fast(shared_key, data + crypto_box_PUBLICKEYBYTES,
|
int len = decrypt_data_symmetric(shared_key, data + crypto_box_PUBLICKEYBYTES,
|
||||||
data + crypto_box_PUBLICKEYBYTES + crypto_box_NONCEBYTES, TCP_HANDSHAKE_PLAIN_SIZE + crypto_box_MACBYTES, plain);
|
data + crypto_box_PUBLICKEYBYTES + crypto_box_NONCEBYTES, TCP_HANDSHAKE_PLAIN_SIZE + crypto_box_MACBYTES, plain);
|
||||||
|
|
||||||
if (len != TCP_HANDSHAKE_PLAIN_SIZE)
|
if (len != TCP_HANDSHAKE_PLAIN_SIZE)
|
||||||
|
@ -373,7 +373,7 @@ static int handle_TCP_handshake(TCP_Secure_Connection *con, uint8_t *data, uint1
|
||||||
uint8_t response[TCP_SERVER_HANDSHAKE_SIZE];
|
uint8_t response[TCP_SERVER_HANDSHAKE_SIZE];
|
||||||
new_nonce(response);
|
new_nonce(response);
|
||||||
|
|
||||||
len = encrypt_data_fast(shared_key, response, resp_plain, TCP_HANDSHAKE_PLAIN_SIZE, response + crypto_box_NONCEBYTES);
|
len = encrypt_data_symmetric(shared_key, response, resp_plain, TCP_HANDSHAKE_PLAIN_SIZE, response + crypto_box_NONCEBYTES);
|
||||||
|
|
||||||
if (len != TCP_HANDSHAKE_PLAIN_SIZE + crypto_box_MACBYTES)
|
if (len != TCP_HANDSHAKE_PLAIN_SIZE + crypto_box_MACBYTES)
|
||||||
return -1;
|
return -1;
|
||||||
|
|
|
@ -23,7 +23,7 @@
|
||||||
#ifndef TCP_SERVER_H
|
#ifndef TCP_SERVER_H
|
||||||
#define TCP_SERVER_H
|
#define TCP_SERVER_H
|
||||||
|
|
||||||
#include "net_crypto.h"
|
#include "crypto_core.h"
|
||||||
#include "onion.h"
|
#include "onion.h"
|
||||||
|
|
||||||
#if defined(_WIN32) || defined(__WIN32__) || defined(WIN32) || defined(__MACH__)
|
#if defined(_WIN32) || defined(__WIN32__) || defined(WIN32) || defined(__MACH__)
|
||||||
|
|
168
toxcore/crypto_core.c
Normal file
168
toxcore/crypto_core.c
Normal file
|
@ -0,0 +1,168 @@
|
||||||
|
/* net_crypto.c
|
||||||
|
*
|
||||||
|
* Functions for the core crypto.
|
||||||
|
*
|
||||||
|
* NOTE: This code has to be perfect. We don't mess around with encryption.
|
||||||
|
*
|
||||||
|
* Copyright (C) 2013 Tox project All Rights Reserved.
|
||||||
|
*
|
||||||
|
* This file is part of Tox.
|
||||||
|
*
|
||||||
|
* Tox is free software: you can redistribute it and/or modify
|
||||||
|
* it under the terms of the GNU General Public License as published by
|
||||||
|
* the Free Software Foundation, either version 3 of the License, or
|
||||||
|
* (at your option) any later version.
|
||||||
|
*
|
||||||
|
* Tox is distributed in the hope that it will be useful,
|
||||||
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
* GNU General Public License for more details.
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU General Public License
|
||||||
|
* along with Tox. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
|
||||||
|
#ifdef HAVE_CONFIG_H
|
||||||
|
#include "config.h"
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#include "crypto_core.h"
|
||||||
|
|
||||||
|
/* Use this instead of memcmp; not vulnerable to timing attacks. */
|
||||||
|
uint8_t crypto_iszero(uint8_t *mem, uint32_t length)
|
||||||
|
{
|
||||||
|
uint8_t check = 0;
|
||||||
|
uint32_t i;
|
||||||
|
|
||||||
|
for (i = 0; i < length; ++i) {
|
||||||
|
check |= mem[i];
|
||||||
|
}
|
||||||
|
|
||||||
|
return check; // We return zero if mem is made out of zeroes.
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Precomputes the shared key from their public_key and our secret_key.
|
||||||
|
* This way we can avoid an expensive elliptic curve scalar multiply for each
|
||||||
|
* encrypt/decrypt operation.
|
||||||
|
* enc_key has to be crypto_box_BEFORENMBYTES bytes long.
|
||||||
|
*/
|
||||||
|
void encrypt_precompute(uint8_t *public_key, uint8_t *secret_key, uint8_t *enc_key)
|
||||||
|
{
|
||||||
|
crypto_box_beforenm(enc_key, public_key, secret_key);
|
||||||
|
}
|
||||||
|
|
||||||
|
int encrypt_data_symmetric(uint8_t *secret_key, uint8_t *nonce, uint8_t *plain, uint32_t length, uint8_t *encrypted)
|
||||||
|
{
|
||||||
|
if (length == 0)
|
||||||
|
return -1;
|
||||||
|
|
||||||
|
uint8_t temp_plain[length + crypto_box_ZEROBYTES];
|
||||||
|
uint8_t temp_encrypted[length + crypto_box_MACBYTES + crypto_box_BOXZEROBYTES];
|
||||||
|
|
||||||
|
memset(temp_plain, 0, crypto_box_ZEROBYTES);
|
||||||
|
memcpy(temp_plain + crypto_box_ZEROBYTES, plain, length); // Pad the message with 32 0 bytes.
|
||||||
|
|
||||||
|
if (crypto_box_afternm(temp_encrypted, temp_plain, length + crypto_box_ZEROBYTES, nonce, secret_key) != 0)
|
||||||
|
return -1;
|
||||||
|
/* Unpad the encrypted message. */
|
||||||
|
memcpy(encrypted, temp_encrypted + crypto_box_BOXZEROBYTES, length + crypto_box_MACBYTES);
|
||||||
|
return length + crypto_box_MACBYTES;
|
||||||
|
}
|
||||||
|
|
||||||
|
int decrypt_data_symmetric(uint8_t *secret_key, uint8_t *nonce, uint8_t *encrypted, uint32_t length, uint8_t *plain)
|
||||||
|
{
|
||||||
|
if (length <= crypto_box_BOXZEROBYTES)
|
||||||
|
return -1;
|
||||||
|
|
||||||
|
uint8_t temp_plain[length + crypto_box_ZEROBYTES];
|
||||||
|
uint8_t temp_encrypted[length + crypto_box_BOXZEROBYTES];
|
||||||
|
|
||||||
|
memset(temp_plain, 0, crypto_box_BOXZEROBYTES);
|
||||||
|
memcpy(temp_encrypted + crypto_box_BOXZEROBYTES, encrypted, length); // Pad the message with 16 0 bytes.
|
||||||
|
|
||||||
|
if (crypto_box_open_afternm(temp_plain, temp_encrypted, length + crypto_box_BOXZEROBYTES, nonce, secret_key) != 0)
|
||||||
|
return -1;
|
||||||
|
|
||||||
|
memcpy(plain, temp_plain + crypto_box_ZEROBYTES, length - crypto_box_MACBYTES);
|
||||||
|
return length - crypto_box_MACBYTES;
|
||||||
|
}
|
||||||
|
|
||||||
|
int encrypt_data(uint8_t *public_key, uint8_t *secret_key, uint8_t *nonce,
|
||||||
|
uint8_t *plain, uint32_t length, uint8_t *encrypted)
|
||||||
|
{
|
||||||
|
uint8_t k[crypto_box_BEFORENMBYTES];
|
||||||
|
encrypt_precompute(public_key, secret_key, k);
|
||||||
|
return encrypt_data_symmetric(k, nonce, plain, length, encrypted);
|
||||||
|
}
|
||||||
|
|
||||||
|
int decrypt_data(uint8_t *public_key, uint8_t *secret_key, uint8_t *nonce,
|
||||||
|
uint8_t *encrypted, uint32_t length, uint8_t *plain)
|
||||||
|
{
|
||||||
|
uint8_t k[crypto_box_BEFORENMBYTES];
|
||||||
|
encrypt_precompute(public_key, secret_key, k);
|
||||||
|
return decrypt_data_symmetric(k, nonce, encrypted, length, plain);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/* Increment the given nonce by 1. */
|
||||||
|
void increment_nonce(uint8_t *nonce)
|
||||||
|
{
|
||||||
|
uint32_t i;
|
||||||
|
|
||||||
|
for (i = crypto_box_NONCEBYTES; i != 0; --i) {
|
||||||
|
++nonce[i - 1];
|
||||||
|
|
||||||
|
if (nonce[i - 1] != 0)
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
/* increment the given nonce by num */
|
||||||
|
void increment_nonce_number(uint8_t *nonce, uint32_t num)
|
||||||
|
{
|
||||||
|
uint32_t num1, num2;
|
||||||
|
memcpy(&num1, nonce + (crypto_box_NONCEBYTES - sizeof(num1)), sizeof(num1));
|
||||||
|
num1 = ntohl(num1);
|
||||||
|
num2 = num + num1;
|
||||||
|
|
||||||
|
if (num2 < num1) {
|
||||||
|
uint32_t i;
|
||||||
|
|
||||||
|
for (i = crypto_box_NONCEBYTES - sizeof(num1); i != 0; --i) {
|
||||||
|
++nonce[i - 1];
|
||||||
|
|
||||||
|
if (nonce[i - 1] != 0)
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
num2 = htonl(num2);
|
||||||
|
memcpy(nonce + (crypto_box_NONCEBYTES - sizeof(num2)), &num2, sizeof(num2));
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Fill the given nonce with random bytes. */
|
||||||
|
void random_nonce(uint8_t *nonce)
|
||||||
|
{
|
||||||
|
randombytes(nonce, crypto_box_NONCEBYTES);
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Fill a key crypto_box_KEYBYTES big with random bytes */
|
||||||
|
void new_symmetric_key(uint8_t *key)
|
||||||
|
{
|
||||||
|
randombytes(key, crypto_box_KEYBYTES);
|
||||||
|
}
|
||||||
|
|
||||||
|
static uint8_t base_nonce[crypto_box_NONCEBYTES];
|
||||||
|
static uint8_t nonce_set = 0;
|
||||||
|
|
||||||
|
/* Gives a nonce guaranteed to be different from previous ones.*/
|
||||||
|
void new_nonce(uint8_t *nonce)
|
||||||
|
{
|
||||||
|
if (nonce_set == 0) {
|
||||||
|
random_nonce(base_nonce);
|
||||||
|
nonce_set = 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
increment_nonce(base_nonce);
|
||||||
|
memcpy(nonce, base_nonce, crypto_box_NONCEBYTES);
|
||||||
|
}
|
86
toxcore/crypto_core.h
Normal file
86
toxcore/crypto_core.h
Normal file
|
@ -0,0 +1,86 @@
|
||||||
|
/* crypto_core.h
|
||||||
|
*
|
||||||
|
* Functions for the core crypto.
|
||||||
|
*
|
||||||
|
* Copyright (C) 2013 Tox project All Rights Reserved.
|
||||||
|
*
|
||||||
|
* This file is part of Tox.
|
||||||
|
*
|
||||||
|
* Tox is free software: you can redistribute it and/or modify
|
||||||
|
* it under the terms of the GNU General Public License as published by
|
||||||
|
* the Free Software Foundation, either version 3 of the License, or
|
||||||
|
* (at your option) any later version.
|
||||||
|
*
|
||||||
|
* Tox is distributed in the hope that it will be useful,
|
||||||
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
* GNU General Public License for more details.
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU General Public License
|
||||||
|
* along with Tox. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
#ifndef CORE_CRYPTO_H
|
||||||
|
#define CORE_CRYPTO_H
|
||||||
|
|
||||||
|
#include "network.h"
|
||||||
|
|
||||||
|
/* return zero if the buffer contains only zeros. */
|
||||||
|
uint8_t crypto_iszero(uint8_t *buffer, uint32_t blen);
|
||||||
|
|
||||||
|
/* Encrypts plain of length length to encrypted of length + 16 using the
|
||||||
|
* public key(32 bytes) of the receiver and the secret key of the sender and a 24 byte nonce.
|
||||||
|
*
|
||||||
|
* return -1 if there was a problem.
|
||||||
|
* return length of encrypted data if everything was fine.
|
||||||
|
*/
|
||||||
|
int encrypt_data(uint8_t *public_key, uint8_t *secret_key, uint8_t *nonce,
|
||||||
|
uint8_t *plain, uint32_t length, uint8_t *encrypted);
|
||||||
|
|
||||||
|
|
||||||
|
/* Decrypts encrypted of length length to plain of length length - 16 using the
|
||||||
|
* public key(32 bytes) of the sender, the secret key of the receiver and a 24 byte nonce.
|
||||||
|
*
|
||||||
|
* return -1 if there was a problem (decryption failed).
|
||||||
|
* return length of plain data if everything was fine.
|
||||||
|
*/
|
||||||
|
int decrypt_data(uint8_t *public_key, uint8_t *secret_key, uint8_t *nonce,
|
||||||
|
uint8_t *encrypted, uint32_t length, uint8_t *plain);
|
||||||
|
|
||||||
|
/* Fast encrypt/decrypt operations. Use if this is not a one-time communication.
|
||||||
|
encrypt_precompute does the shared-key generation once so it does not have
|
||||||
|
to be preformed on every encrypt/decrypt. */
|
||||||
|
void encrypt_precompute(uint8_t *public_key, uint8_t *secret_key, uint8_t *enc_key);
|
||||||
|
|
||||||
|
/* Encrypts plain of length length to encrypted of length + 16 using a
|
||||||
|
* secret key crypto_box_KEYBYTES big and a 24 byte nonce.
|
||||||
|
*
|
||||||
|
* return -1 if there was a problem.
|
||||||
|
* return length of encrypted data if everything was fine.
|
||||||
|
*/
|
||||||
|
int encrypt_data_symmetric(uint8_t *secret_key, uint8_t *nonce, uint8_t *plain, uint32_t length, uint8_t *encrypted);
|
||||||
|
|
||||||
|
/* Decrypts encrypted of length length to plain of length length - 16 using a
|
||||||
|
* secret key crypto_box_KEYBYTES big and a 24 byte nonce.
|
||||||
|
*
|
||||||
|
* return -1 if there was a problem (decryption failed).
|
||||||
|
* return length of plain data if everything was fine.
|
||||||
|
*/
|
||||||
|
int decrypt_data_symmetric(uint8_t *secret_key, uint8_t *nonce, uint8_t *encrypted, uint32_t length, uint8_t *plain);
|
||||||
|
|
||||||
|
/* Increment the given nonce by 1. */
|
||||||
|
void increment_nonce(uint8_t *nonce);
|
||||||
|
|
||||||
|
/* increment the given nonce by num */
|
||||||
|
void increment_nonce_number(uint8_t *nonce, uint32_t num);
|
||||||
|
|
||||||
|
/* Fill the given nonce with random bytes. */
|
||||||
|
void random_nonce(uint8_t *nonce);
|
||||||
|
|
||||||
|
/* Fill a key crypto_box_KEYBYTES big with random bytes */
|
||||||
|
void new_symmetric_key(uint8_t *key);
|
||||||
|
|
||||||
|
/*Gives a nonce guaranteed to be different from previous ones.*/
|
||||||
|
void new_nonce(uint8_t *nonce);
|
||||||
|
|
||||||
|
#endif
|
|
@ -25,8 +25,6 @@
|
||||||
#define FRIEND_REQUESTS_H
|
#define FRIEND_REQUESTS_H
|
||||||
|
|
||||||
#include "onion_client.h"
|
#include "onion_client.h"
|
||||||
#include "net_crypto.h"
|
|
||||||
|
|
||||||
|
|
||||||
typedef struct {
|
typedef struct {
|
||||||
uint32_t nospam;
|
uint32_t nospam;
|
||||||
|
|
|
@ -26,8 +26,9 @@
|
||||||
#include "config.h"
|
#include "config.h"
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#include "group_chats.h"
|
#include "DHT.h"
|
||||||
#include "assoc.h"
|
#include "assoc.h"
|
||||||
|
#include "group_chats.h"
|
||||||
#include "LAN_discovery.h"
|
#include "LAN_discovery.h"
|
||||||
#include "util.h"
|
#include "util.h"
|
||||||
|
|
||||||
|
|
|
@ -25,8 +25,6 @@
|
||||||
#ifndef GROUP_CHATS_H
|
#ifndef GROUP_CHATS_H
|
||||||
#define GROUP_CHATS_H
|
#define GROUP_CHATS_H
|
||||||
|
|
||||||
#include "net_crypto.h"
|
|
||||||
|
|
||||||
#define MAX_NICK_BYTES 128
|
#define MAX_NICK_BYTES 128
|
||||||
|
|
||||||
typedef struct {
|
typedef struct {
|
||||||
|
|
|
@ -35,202 +35,6 @@ static uint8_t crypt_connection_id_not_valid(Net_Crypto *c, int crypt_connection
|
||||||
return (uint32_t)crypt_connection_id >= c->crypto_connections_length;
|
return (uint32_t)crypt_connection_id >= c->crypto_connections_length;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Use this instead of memcmp; not vulnerable to timing attacks. */
|
|
||||||
uint8_t crypto_iszero(uint8_t *mem, uint32_t length)
|
|
||||||
{
|
|
||||||
uint8_t check = 0;
|
|
||||||
uint32_t i;
|
|
||||||
|
|
||||||
for (i = 0; i < length; ++i) {
|
|
||||||
check |= mem[i];
|
|
||||||
}
|
|
||||||
|
|
||||||
return check; // We return zero if mem is made out of zeroes.
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Precomputes the shared key from their public_key and our secret_key.
|
|
||||||
* This way we can avoid an expensive elliptic curve scalar multiply for each
|
|
||||||
* encrypt/decrypt operation.
|
|
||||||
* enc_key has to be crypto_box_BEFORENMBYTES bytes long.
|
|
||||||
*/
|
|
||||||
void encrypt_precompute(uint8_t *public_key, uint8_t *secret_key, uint8_t *enc_key)
|
|
||||||
{
|
|
||||||
crypto_box_beforenm(enc_key, public_key, secret_key);
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Fast encrypt. Depends on enc_key from encrypt_precompute. */
|
|
||||||
int encrypt_data_fast(uint8_t *enc_key, uint8_t *nonce,
|
|
||||||
uint8_t *plain, uint32_t length, uint8_t *encrypted)
|
|
||||||
{
|
|
||||||
if (length + crypto_box_MACBYTES > MAX_DATA_SIZE || length == 0)
|
|
||||||
return -1;
|
|
||||||
|
|
||||||
uint8_t temp_plain[MAX_DATA_SIZE + crypto_box_ZEROBYTES] = {0};
|
|
||||||
uint8_t temp_encrypted[MAX_DATA_SIZE + crypto_box_BOXZEROBYTES];
|
|
||||||
|
|
||||||
memcpy(temp_plain + crypto_box_ZEROBYTES, plain, length); // Pad the message with 32 0 bytes.
|
|
||||||
|
|
||||||
crypto_box_afternm(temp_encrypted, temp_plain, length + crypto_box_ZEROBYTES, nonce, enc_key);
|
|
||||||
|
|
||||||
if (crypto_iszero(temp_encrypted, crypto_box_BOXZEROBYTES) != 0)
|
|
||||||
return -1;
|
|
||||||
|
|
||||||
/* Unpad the encrypted message. */
|
|
||||||
memcpy(encrypted, temp_encrypted + crypto_box_BOXZEROBYTES, length + crypto_box_MACBYTES);
|
|
||||||
return length + crypto_box_MACBYTES;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Fast decrypt. Depends on enc_ley from encrypt_precompute. */
|
|
||||||
int decrypt_data_fast(uint8_t *enc_key, uint8_t *nonce,
|
|
||||||
uint8_t *encrypted, uint32_t length, uint8_t *plain)
|
|
||||||
{
|
|
||||||
if (length > MAX_DATA_SIZE || length <= crypto_box_BOXZEROBYTES)
|
|
||||||
return -1;
|
|
||||||
|
|
||||||
uint8_t temp_plain[MAX_DATA_SIZE + crypto_box_ZEROBYTES];
|
|
||||||
uint8_t temp_encrypted[MAX_DATA_SIZE + crypto_box_BOXZEROBYTES] = {0};
|
|
||||||
|
|
||||||
memcpy(temp_encrypted + crypto_box_BOXZEROBYTES, encrypted, length); // Pad the message with 16 0 bytes.
|
|
||||||
|
|
||||||
if (crypto_box_open_afternm(temp_plain, temp_encrypted, length + crypto_box_BOXZEROBYTES,
|
|
||||||
nonce, enc_key) == -1)
|
|
||||||
return -1;
|
|
||||||
|
|
||||||
/* If decryption is successful the first crypto_box_ZEROBYTES of the message will be zero.
|
|
||||||
* Apparently memcmp should not be used so we do this instead:
|
|
||||||
*/
|
|
||||||
if (crypto_iszero(temp_plain, crypto_box_ZEROBYTES) != 0)
|
|
||||||
return -1;
|
|
||||||
|
|
||||||
/* Unpad the plain message. */
|
|
||||||
memcpy(plain, temp_plain + crypto_box_ZEROBYTES, length - crypto_box_MACBYTES);
|
|
||||||
return length - crypto_box_MACBYTES;
|
|
||||||
}
|
|
||||||
|
|
||||||
int encrypt_data(uint8_t *public_key, uint8_t *secret_key, uint8_t *nonce,
|
|
||||||
uint8_t *plain, uint32_t length, uint8_t *encrypted)
|
|
||||||
{
|
|
||||||
uint8_t k[crypto_box_BEFORENMBYTES];
|
|
||||||
encrypt_precompute(public_key, secret_key, k);
|
|
||||||
return encrypt_data_fast(k, nonce, plain, length, encrypted);
|
|
||||||
}
|
|
||||||
|
|
||||||
int decrypt_data(uint8_t *public_key, uint8_t *secret_key, uint8_t *nonce,
|
|
||||||
uint8_t *encrypted, uint32_t length, uint8_t *plain)
|
|
||||||
{
|
|
||||||
uint8_t k[crypto_box_BEFORENMBYTES];
|
|
||||||
encrypt_precompute(public_key, secret_key, k);
|
|
||||||
return decrypt_data_fast(k, nonce, encrypted, length, plain);
|
|
||||||
}
|
|
||||||
|
|
||||||
int encrypt_data_symmetric(uint8_t *secret_key, uint8_t *nonce, uint8_t *plain, uint32_t length, uint8_t *encrypted)
|
|
||||||
{
|
|
||||||
if (length == 0)
|
|
||||||
return -1;
|
|
||||||
|
|
||||||
uint8_t temp_plain[length + crypto_secretbox_ZEROBYTES];
|
|
||||||
uint8_t temp_encrypted[length + crypto_secretbox_MACBYTES + crypto_secretbox_BOXZEROBYTES];
|
|
||||||
|
|
||||||
memset(temp_plain, 0, crypto_secretbox_ZEROBYTES);
|
|
||||||
memcpy(temp_plain + crypto_secretbox_ZEROBYTES, plain, length); // Pad the message with 32 0 bytes.
|
|
||||||
|
|
||||||
crypto_secretbox(temp_encrypted, temp_plain, length + crypto_secretbox_ZEROBYTES, nonce, secret_key);
|
|
||||||
/* Unpad the encrypted message. */
|
|
||||||
memcpy(encrypted, temp_encrypted + crypto_secretbox_BOXZEROBYTES, length + crypto_secretbox_MACBYTES);
|
|
||||||
return length + crypto_secretbox_MACBYTES;
|
|
||||||
}
|
|
||||||
|
|
||||||
int decrypt_data_symmetric(uint8_t *secret_key, uint8_t *nonce, uint8_t *encrypted, uint32_t length, uint8_t *plain)
|
|
||||||
{
|
|
||||||
if (length <= crypto_secretbox_BOXZEROBYTES)
|
|
||||||
return -1;
|
|
||||||
|
|
||||||
uint8_t temp_plain[length + crypto_secretbox_ZEROBYTES];
|
|
||||||
uint8_t temp_encrypted[length + crypto_secretbox_BOXZEROBYTES];
|
|
||||||
|
|
||||||
memset(temp_plain, 0, crypto_secretbox_BOXZEROBYTES);
|
|
||||||
memcpy(temp_encrypted + crypto_secretbox_BOXZEROBYTES, encrypted, length); // Pad the message with 16 0 bytes.
|
|
||||||
|
|
||||||
if (crypto_secretbox_open(temp_plain, temp_encrypted, length + crypto_secretbox_BOXZEROBYTES, nonce, secret_key) == -1)
|
|
||||||
return -1;
|
|
||||||
|
|
||||||
memcpy(plain, temp_plain + crypto_secretbox_ZEROBYTES, length - crypto_secretbox_MACBYTES);
|
|
||||||
return length - crypto_secretbox_MACBYTES;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Increment the given nonce by 1. */
|
|
||||||
void increment_nonce(uint8_t *nonce)
|
|
||||||
{
|
|
||||||
uint32_t i;
|
|
||||||
|
|
||||||
for (i = crypto_box_NONCEBYTES; i != 0; --i) {
|
|
||||||
++nonce[i - 1];
|
|
||||||
|
|
||||||
if (nonce[i - 1] != 0)
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
/* increment the given nonce by num */
|
|
||||||
void increment_nonce_number(uint8_t *nonce, uint32_t num)
|
|
||||||
{
|
|
||||||
uint32_t num1, num2;
|
|
||||||
memcpy(&num1, nonce + (crypto_box_NONCEBYTES - sizeof(num1)), sizeof(num1));
|
|
||||||
num1 = ntohl(num1);
|
|
||||||
num2 = num + num1;
|
|
||||||
|
|
||||||
if (num2 < num1) {
|
|
||||||
uint32_t i;
|
|
||||||
|
|
||||||
for (i = crypto_box_NONCEBYTES - sizeof(num1); i != 0; --i) {
|
|
||||||
++nonce[i - 1];
|
|
||||||
|
|
||||||
if (nonce[i - 1] != 0)
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
num2 = htonl(num2);
|
|
||||||
memcpy(nonce + (crypto_box_NONCEBYTES - sizeof(num2)), &num2, sizeof(num2));
|
|
||||||
}
|
|
||||||
|
|
||||||
#if crypto_box_NONCEBYTES != crypto_secretbox_NONCEBYTES
|
|
||||||
/*if they no longer equal each other, this function and the previous ones
|
|
||||||
*must be split into two.
|
|
||||||
*/
|
|
||||||
#error random_nonce(): crypto_box_NONCEBYTES must equal crypto_secretbox_NONCEBYTES.
|
|
||||||
#endif
|
|
||||||
/* Fill the given nonce with random bytes. */
|
|
||||||
void random_nonce(uint8_t *nonce)
|
|
||||||
{
|
|
||||||
randombytes(nonce, crypto_box_NONCEBYTES);
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Fill a key crypto_secretbox_KEYBYTES big with random bytes */
|
|
||||||
void new_symmetric_key(uint8_t *key)
|
|
||||||
{
|
|
||||||
randombytes(key, crypto_secretbox_KEYBYTES);
|
|
||||||
}
|
|
||||||
|
|
||||||
static uint8_t base_nonce[crypto_box_NONCEBYTES];
|
|
||||||
static uint8_t nonce_set = 0;
|
|
||||||
|
|
||||||
#if crypto_box_NONCEBYTES != crypto_secretbox_NONCEBYTES
|
|
||||||
/*if they no longer equal each other, this function must be split into two.*/
|
|
||||||
#error new_nonce(): crypto_box_NONCEBYTES must equal crypto_secretbox_NONCEBYTES.
|
|
||||||
#endif
|
|
||||||
/* Gives a nonce guaranteed to be different from previous ones.*/
|
|
||||||
void new_nonce(uint8_t *nonce)
|
|
||||||
{
|
|
||||||
if (nonce_set == 0) {
|
|
||||||
random_nonce(base_nonce);
|
|
||||||
nonce_set = 1;
|
|
||||||
}
|
|
||||||
|
|
||||||
increment_nonce(base_nonce);
|
|
||||||
memcpy(nonce, base_nonce, crypto_box_NONCEBYTES);
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
/* return 0 if there is no received data in the buffer.
|
/* return 0 if there is no received data in the buffer.
|
||||||
* return -1 if the packet was discarded.
|
* return -1 if the packet was discarded.
|
||||||
* return length of received data if successful.
|
* return length of received data if successful.
|
||||||
|
@ -252,7 +56,7 @@ int read_cryptpacket(Net_Crypto *c, int crypt_connection_id, uint8_t *data)
|
||||||
if (temp_data[0] != 3)
|
if (temp_data[0] != 3)
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
int len = decrypt_data_fast(c->crypto_connections[crypt_connection_id].shared_key,
|
int len = decrypt_data_symmetric(c->crypto_connections[crypt_connection_id].shared_key,
|
||||||
c->crypto_connections[crypt_connection_id].recv_nonce,
|
c->crypto_connections[crypt_connection_id].recv_nonce,
|
||||||
temp_data + 1, length - 1, data);
|
temp_data + 1, length - 1, data);
|
||||||
|
|
||||||
|
@ -290,7 +94,7 @@ int write_cryptpacket(Net_Crypto *c, int crypt_connection_id, uint8_t *data, uin
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
uint8_t temp_data[MAX_DATA_SIZE];
|
uint8_t temp_data[MAX_DATA_SIZE];
|
||||||
int len = encrypt_data_fast(c->crypto_connections[crypt_connection_id].shared_key,
|
int len = encrypt_data_symmetric(c->crypto_connections[crypt_connection_id].shared_key,
|
||||||
c->crypto_connections[crypt_connection_id].sent_nonce,
|
c->crypto_connections[crypt_connection_id].sent_nonce,
|
||||||
data, length, temp_data + 1);
|
data, length, temp_data + 1);
|
||||||
|
|
||||||
|
|
|
@ -81,72 +81,6 @@ typedef struct {
|
||||||
|
|
||||||
#include "DHT.h"
|
#include "DHT.h"
|
||||||
|
|
||||||
/* return zero if the buffer contains only zeros. */
|
|
||||||
uint8_t crypto_iszero(uint8_t *buffer, uint32_t blen);
|
|
||||||
|
|
||||||
/* Encrypts plain of length length to encrypted of length + 16 using the
|
|
||||||
* public key(32 bytes) of the receiver and the secret key of the sender and a 24 byte nonce.
|
|
||||||
*
|
|
||||||
* return -1 if there was a problem.
|
|
||||||
* return length of encrypted data if everything was fine.
|
|
||||||
*/
|
|
||||||
int encrypt_data(uint8_t *public_key, uint8_t *secret_key, uint8_t *nonce,
|
|
||||||
uint8_t *plain, uint32_t length, uint8_t *encrypted);
|
|
||||||
|
|
||||||
|
|
||||||
/* Decrypts encrypted of length length to plain of length length - 16 using the
|
|
||||||
* public key(32 bytes) of the sender, the secret key of the receiver and a 24 byte nonce.
|
|
||||||
*
|
|
||||||
* return -1 if there was a problem (decryption failed).
|
|
||||||
* return length of plain data if everything was fine.
|
|
||||||
*/
|
|
||||||
int decrypt_data(uint8_t *public_key, uint8_t *secret_key, uint8_t *nonce,
|
|
||||||
uint8_t *encrypted, uint32_t length, uint8_t *plain);
|
|
||||||
|
|
||||||
/* Fast encrypt/decrypt operations. Use if this is not a one-time communication.
|
|
||||||
encrypt_precompute does the shared-key generation once so it does not have
|
|
||||||
to be preformed on every encrypt/decrypt. */
|
|
||||||
void encrypt_precompute(uint8_t *public_key, uint8_t *secret_key, uint8_t *enc_key);
|
|
||||||
|
|
||||||
/* Fast encrypt. Depends on enc_key from encrypt_precompute. */
|
|
||||||
int encrypt_data_fast(uint8_t *enc_key, uint8_t *nonce,
|
|
||||||
uint8_t *plain, uint32_t length, uint8_t *encrypted);
|
|
||||||
|
|
||||||
/* Fast decrypt. Depends on enc_ley from encrypt_precompute. */
|
|
||||||
int decrypt_data_fast(uint8_t *enc_key, uint8_t *nonce,
|
|
||||||
uint8_t *encrypted, uint32_t length, uint8_t *plain);
|
|
||||||
|
|
||||||
/* Encrypts plain of length length to encrypted of length + 16 using a
|
|
||||||
* secret key crypto_secretbox_KEYBYTES big and a 24 byte nonce.
|
|
||||||
*
|
|
||||||
* return -1 if there was a problem.
|
|
||||||
* return length of encrypted data if everything was fine.
|
|
||||||
*/
|
|
||||||
int encrypt_data_symmetric(uint8_t *secret_key, uint8_t *nonce, uint8_t *plain, uint32_t length, uint8_t *encrypted);
|
|
||||||
|
|
||||||
/* Decrypts encrypted of length length to plain of length length - 16 using a
|
|
||||||
* secret key crypto_secretbox_KEYBYTES big and a 24 byte nonce.
|
|
||||||
*
|
|
||||||
* return -1 if there was a problem (decryption failed).
|
|
||||||
* return length of plain data if everything was fine.
|
|
||||||
*/
|
|
||||||
int decrypt_data_symmetric(uint8_t *secret_key, uint8_t *nonce, uint8_t *encrypted, uint32_t length, uint8_t *plain);
|
|
||||||
|
|
||||||
/* Increment the given nonce by 1. */
|
|
||||||
void increment_nonce(uint8_t *nonce);
|
|
||||||
|
|
||||||
/* increment the given nonce by num */
|
|
||||||
void increment_nonce_number(uint8_t *nonce, uint32_t num);
|
|
||||||
|
|
||||||
/* Fill the given nonce with random bytes. */
|
|
||||||
void random_nonce(uint8_t *nonce);
|
|
||||||
|
|
||||||
/* Fill a key crypto_secretbox_KEYBYTES big with random bytes */
|
|
||||||
void new_symmetric_key(uint8_t *key);
|
|
||||||
|
|
||||||
/*Gives a nonce guaranteed to be different from previous ones.*/
|
|
||||||
void new_nonce(uint8_t *nonce);
|
|
||||||
|
|
||||||
/* return 0 if there is no received data in the buffer.
|
/* return 0 if there is no received data in the buffer.
|
||||||
* return -1 if the packet was discarded.
|
* return -1 if the packet was discarded.
|
||||||
* return length of received data if successful.
|
* return length of received data if successful.
|
||||||
|
|
|
@ -102,15 +102,12 @@ typedef int sock_t;
|
||||||
#include <sodium.h>
|
#include <sodium.h>
|
||||||
#else
|
#else
|
||||||
#include <crypto_box.h>
|
#include <crypto_box.h>
|
||||||
#include <crypto_secretbox.h>
|
|
||||||
#include <randombytes.h>
|
#include <randombytes.h>
|
||||||
#include <crypto_hash_sha256.h>
|
#include <crypto_hash_sha256.h>
|
||||||
#define crypto_box_MACBYTES (crypto_box_ZEROBYTES - crypto_box_BOXZEROBYTES)
|
#define crypto_box_MACBYTES (crypto_box_ZEROBYTES - crypto_box_BOXZEROBYTES)
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifndef crypto_secretbox_MACBYTES
|
#define crypto_box_KEYBYTES (crypto_box_BEFORENMBYTES)
|
||||||
#define crypto_secretbox_MACBYTES (crypto_secretbox_ZEROBYTES - crypto_secretbox_BOXZEROBYTES)
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#ifndef IPV6_ADD_MEMBERSHIP
|
#ifndef IPV6_ADD_MEMBERSHIP
|
||||||
#ifdef IPV6_JOIN_GROUP
|
#ifdef IPV6_JOIN_GROUP
|
||||||
|
|
|
@ -111,7 +111,7 @@ int send_onion_packet(Networking_Core *net, Onion_Path *path, IP_Port dest, uint
|
||||||
memcpy(step2, &path->ip_port3, sizeof(IP_Port));
|
memcpy(step2, &path->ip_port3, sizeof(IP_Port));
|
||||||
memcpy(step2 + sizeof(IP_Port), path->public_key3, crypto_box_PUBLICKEYBYTES);
|
memcpy(step2 + sizeof(IP_Port), path->public_key3, crypto_box_PUBLICKEYBYTES);
|
||||||
|
|
||||||
int len = encrypt_data_fast(path->shared_key3, nonce, step1, sizeof(step1),
|
int len = encrypt_data_symmetric(path->shared_key3, nonce, step1, sizeof(step1),
|
||||||
step2 + sizeof(IP_Port) + crypto_box_PUBLICKEYBYTES);
|
step2 + sizeof(IP_Port) + crypto_box_PUBLICKEYBYTES);
|
||||||
|
|
||||||
if ((uint32_t)len != sizeof(IP_Port) + length + crypto_box_MACBYTES)
|
if ((uint32_t)len != sizeof(IP_Port) + length + crypto_box_MACBYTES)
|
||||||
|
@ -120,7 +120,7 @@ int send_onion_packet(Networking_Core *net, Onion_Path *path, IP_Port dest, uint
|
||||||
uint8_t step3[sizeof(IP_Port) + SEND_BASE * 2 + length];
|
uint8_t step3[sizeof(IP_Port) + SEND_BASE * 2 + length];
|
||||||
memcpy(step3, &path->ip_port2, sizeof(IP_Port));
|
memcpy(step3, &path->ip_port2, sizeof(IP_Port));
|
||||||
memcpy(step3 + sizeof(IP_Port), path->public_key2, crypto_box_PUBLICKEYBYTES);
|
memcpy(step3 + sizeof(IP_Port), path->public_key2, crypto_box_PUBLICKEYBYTES);
|
||||||
len = encrypt_data_fast(path->shared_key2, nonce, step2, sizeof(step2),
|
len = encrypt_data_symmetric(path->shared_key2, nonce, step2, sizeof(step2),
|
||||||
step3 + sizeof(IP_Port) + crypto_box_PUBLICKEYBYTES);
|
step3 + sizeof(IP_Port) + crypto_box_PUBLICKEYBYTES);
|
||||||
|
|
||||||
if ((uint32_t)len != sizeof(IP_Port) + SEND_BASE + length + crypto_box_MACBYTES)
|
if ((uint32_t)len != sizeof(IP_Port) + SEND_BASE + length + crypto_box_MACBYTES)
|
||||||
|
@ -131,7 +131,7 @@ int send_onion_packet(Networking_Core *net, Onion_Path *path, IP_Port dest, uint
|
||||||
memcpy(packet + 1, nonce, crypto_box_NONCEBYTES);
|
memcpy(packet + 1, nonce, crypto_box_NONCEBYTES);
|
||||||
memcpy(packet + 1 + crypto_box_NONCEBYTES, path->public_key1, crypto_box_PUBLICKEYBYTES);
|
memcpy(packet + 1 + crypto_box_NONCEBYTES, path->public_key1, crypto_box_PUBLICKEYBYTES);
|
||||||
|
|
||||||
len = encrypt_data_fast(path->shared_key1, nonce, step3, sizeof(step3),
|
len = encrypt_data_symmetric(path->shared_key1, nonce, step3, sizeof(step3),
|
||||||
packet + 1 + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES);
|
packet + 1 + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES);
|
||||||
|
|
||||||
if ((uint32_t)len != sizeof(IP_Port) + SEND_BASE * 2 + length + crypto_box_MACBYTES)
|
if ((uint32_t)len != sizeof(IP_Port) + SEND_BASE * 2 + length + crypto_box_MACBYTES)
|
||||||
|
@ -175,7 +175,7 @@ static int handle_send_initial(void *object, IP_Port source, uint8_t *packet, ui
|
||||||
uint8_t plain[MAX_ONION_SIZE];
|
uint8_t plain[MAX_ONION_SIZE];
|
||||||
uint8_t shared_key[crypto_box_BEFORENMBYTES];
|
uint8_t shared_key[crypto_box_BEFORENMBYTES];
|
||||||
get_shared_key(&onion->shared_keys_1, shared_key, onion->dht->self_secret_key, packet + 1 + crypto_box_NONCEBYTES);
|
get_shared_key(&onion->shared_keys_1, shared_key, onion->dht->self_secret_key, packet + 1 + crypto_box_NONCEBYTES);
|
||||||
int len = decrypt_data_fast(shared_key, packet + 1, packet + 1 + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES,
|
int len = decrypt_data_symmetric(shared_key, packet + 1, packet + 1 + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES,
|
||||||
length - (1 + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES), plain);
|
length - (1 + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES), plain);
|
||||||
|
|
||||||
if ((uint32_t)len != length - (1 + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES + crypto_box_MACBYTES))
|
if ((uint32_t)len != length - (1 + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES + crypto_box_MACBYTES))
|
||||||
|
@ -198,12 +198,12 @@ int onion_send_1(Onion *onion, uint8_t *plain, uint32_t len, IP_Port source, uin
|
||||||
uint8_t *ret_part = data + data_len;
|
uint8_t *ret_part = data + data_len;
|
||||||
new_nonce(ret_part);
|
new_nonce(ret_part);
|
||||||
len = encrypt_data_symmetric(onion->secret_symmetric_key, ret_part, (uint8_t *)&source, sizeof(IP_Port),
|
len = encrypt_data_symmetric(onion->secret_symmetric_key, ret_part, (uint8_t *)&source, sizeof(IP_Port),
|
||||||
ret_part + crypto_secretbox_NONCEBYTES);
|
ret_part + crypto_box_NONCEBYTES);
|
||||||
|
|
||||||
if (len != sizeof(IP_Port) + crypto_secretbox_MACBYTES)
|
if (len != sizeof(IP_Port) + crypto_box_MACBYTES)
|
||||||
return 1;
|
return 1;
|
||||||
|
|
||||||
data_len += crypto_secretbox_NONCEBYTES + len;
|
data_len += crypto_box_NONCEBYTES + len;
|
||||||
|
|
||||||
if ((uint32_t)sendpacket(onion->net, send_to, data, data_len) != data_len)
|
if ((uint32_t)sendpacket(onion->net, send_to, data, data_len) != data_len)
|
||||||
return 1;
|
return 1;
|
||||||
|
@ -226,7 +226,7 @@ static int handle_send_1(void *object, IP_Port source, uint8_t *packet, uint32_t
|
||||||
uint8_t plain[MAX_ONION_SIZE];
|
uint8_t plain[MAX_ONION_SIZE];
|
||||||
uint8_t shared_key[crypto_box_BEFORENMBYTES];
|
uint8_t shared_key[crypto_box_BEFORENMBYTES];
|
||||||
get_shared_key(&onion->shared_keys_2, shared_key, onion->dht->self_secret_key, packet + 1 + crypto_box_NONCEBYTES);
|
get_shared_key(&onion->shared_keys_2, shared_key, onion->dht->self_secret_key, packet + 1 + crypto_box_NONCEBYTES);
|
||||||
int len = decrypt_data_fast(shared_key, packet + 1, packet + 1 + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES,
|
int len = decrypt_data_symmetric(shared_key, packet + 1, packet + 1 + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES,
|
||||||
length - (1 + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES + RETURN_1), plain);
|
length - (1 + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES + RETURN_1), plain);
|
||||||
|
|
||||||
if ((uint32_t)len != length - (1 + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES + RETURN_1 + crypto_box_MACBYTES))
|
if ((uint32_t)len != length - (1 + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES + RETURN_1 + crypto_box_MACBYTES))
|
||||||
|
@ -247,12 +247,12 @@ static int handle_send_1(void *object, IP_Port source, uint8_t *packet, uint32_t
|
||||||
memcpy(ret_data, &source, sizeof(IP_Port));
|
memcpy(ret_data, &source, sizeof(IP_Port));
|
||||||
memcpy(ret_data + sizeof(IP_Port), packet + (length - RETURN_1), RETURN_1);
|
memcpy(ret_data + sizeof(IP_Port), packet + (length - RETURN_1), RETURN_1);
|
||||||
len = encrypt_data_symmetric(onion->secret_symmetric_key, ret_part, ret_data, sizeof(ret_data),
|
len = encrypt_data_symmetric(onion->secret_symmetric_key, ret_part, ret_data, sizeof(ret_data),
|
||||||
ret_part + crypto_secretbox_NONCEBYTES);
|
ret_part + crypto_box_NONCEBYTES);
|
||||||
|
|
||||||
if (len != RETURN_2 - crypto_secretbox_NONCEBYTES)
|
if (len != RETURN_2 - crypto_box_NONCEBYTES)
|
||||||
return 1;
|
return 1;
|
||||||
|
|
||||||
data_len += crypto_secretbox_NONCEBYTES + len;
|
data_len += crypto_box_NONCEBYTES + len;
|
||||||
|
|
||||||
if ((uint32_t)sendpacket(onion->net, send_to, data, data_len) != data_len)
|
if ((uint32_t)sendpacket(onion->net, send_to, data, data_len) != data_len)
|
||||||
return 1;
|
return 1;
|
||||||
|
@ -275,7 +275,7 @@ static int handle_send_2(void *object, IP_Port source, uint8_t *packet, uint32_t
|
||||||
uint8_t plain[MAX_ONION_SIZE];
|
uint8_t plain[MAX_ONION_SIZE];
|
||||||
uint8_t shared_key[crypto_box_BEFORENMBYTES];
|
uint8_t shared_key[crypto_box_BEFORENMBYTES];
|
||||||
get_shared_key(&onion->shared_keys_3, shared_key, onion->dht->self_secret_key, packet + 1 + crypto_box_NONCEBYTES);
|
get_shared_key(&onion->shared_keys_3, shared_key, onion->dht->self_secret_key, packet + 1 + crypto_box_NONCEBYTES);
|
||||||
int len = decrypt_data_fast(shared_key, packet + 1, packet + 1 + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES,
|
int len = decrypt_data_symmetric(shared_key, packet + 1, packet + 1 + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES,
|
||||||
length - (1 + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES + RETURN_2), plain);
|
length - (1 + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES + RETURN_2), plain);
|
||||||
|
|
||||||
if ((uint32_t)len != length - (1 + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES + RETURN_2 + crypto_box_MACBYTES))
|
if ((uint32_t)len != length - (1 + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES + RETURN_2 + crypto_box_MACBYTES))
|
||||||
|
@ -294,9 +294,9 @@ static int handle_send_2(void *object, IP_Port source, uint8_t *packet, uint32_t
|
||||||
memcpy(ret_data, &source, sizeof(IP_Port));
|
memcpy(ret_data, &source, sizeof(IP_Port));
|
||||||
memcpy(ret_data + sizeof(IP_Port), packet + (length - RETURN_2), RETURN_2);
|
memcpy(ret_data + sizeof(IP_Port), packet + (length - RETURN_2), RETURN_2);
|
||||||
len = encrypt_data_symmetric(onion->secret_symmetric_key, ret_part, ret_data, sizeof(ret_data),
|
len = encrypt_data_symmetric(onion->secret_symmetric_key, ret_part, ret_data, sizeof(ret_data),
|
||||||
ret_part + crypto_secretbox_NONCEBYTES);
|
ret_part + crypto_box_NONCEBYTES);
|
||||||
|
|
||||||
if (len != RETURN_3 - crypto_secretbox_NONCEBYTES)
|
if (len != RETURN_3 - crypto_box_NONCEBYTES)
|
||||||
return 1;
|
return 1;
|
||||||
|
|
||||||
data_len += RETURN_3;
|
data_len += RETURN_3;
|
||||||
|
@ -321,8 +321,8 @@ static int handle_recv_3(void *object, IP_Port source, uint8_t *packet, uint32_t
|
||||||
change_symmetric_key(onion);
|
change_symmetric_key(onion);
|
||||||
|
|
||||||
uint8_t plain[sizeof(IP_Port) + RETURN_2];
|
uint8_t plain[sizeof(IP_Port) + RETURN_2];
|
||||||
int len = decrypt_data_symmetric(onion->secret_symmetric_key, packet + 1, packet + 1 + crypto_secretbox_NONCEBYTES,
|
int len = decrypt_data_symmetric(onion->secret_symmetric_key, packet + 1, packet + 1 + crypto_box_NONCEBYTES,
|
||||||
sizeof(IP_Port) + RETURN_2 + crypto_secretbox_MACBYTES, plain);
|
sizeof(IP_Port) + RETURN_2 + crypto_box_MACBYTES, plain);
|
||||||
|
|
||||||
if ((uint32_t)len != sizeof(plain))
|
if ((uint32_t)len != sizeof(plain))
|
||||||
return 1;
|
return 1;
|
||||||
|
@ -355,8 +355,8 @@ static int handle_recv_2(void *object, IP_Port source, uint8_t *packet, uint32_t
|
||||||
change_symmetric_key(onion);
|
change_symmetric_key(onion);
|
||||||
|
|
||||||
uint8_t plain[sizeof(IP_Port) + RETURN_1];
|
uint8_t plain[sizeof(IP_Port) + RETURN_1];
|
||||||
int len = decrypt_data_symmetric(onion->secret_symmetric_key, packet + 1, packet + 1 + crypto_secretbox_NONCEBYTES,
|
int len = decrypt_data_symmetric(onion->secret_symmetric_key, packet + 1, packet + 1 + crypto_box_NONCEBYTES,
|
||||||
sizeof(IP_Port) + RETURN_1 + crypto_secretbox_MACBYTES, plain);
|
sizeof(IP_Port) + RETURN_1 + crypto_box_MACBYTES, plain);
|
||||||
|
|
||||||
if ((uint32_t)len != sizeof(plain))
|
if ((uint32_t)len != sizeof(plain))
|
||||||
return 1;
|
return 1;
|
||||||
|
@ -390,8 +390,8 @@ static int handle_recv_1(void *object, IP_Port source, uint8_t *packet, uint32_t
|
||||||
|
|
||||||
IP_Port send_to;
|
IP_Port send_to;
|
||||||
|
|
||||||
int len = decrypt_data_symmetric(onion->secret_symmetric_key, packet + 1, packet + 1 + crypto_secretbox_NONCEBYTES,
|
int len = decrypt_data_symmetric(onion->secret_symmetric_key, packet + 1, packet + 1 + crypto_box_NONCEBYTES,
|
||||||
sizeof(IP_Port) + crypto_secretbox_MACBYTES, (uint8_t *) &send_to);
|
sizeof(IP_Port) + crypto_box_MACBYTES, (uint8_t *) &send_to);
|
||||||
|
|
||||||
if ((uint32_t)len != sizeof(IP_Port))
|
if ((uint32_t)len != sizeof(IP_Port))
|
||||||
return 1;
|
return 1;
|
||||||
|
|
|
@ -28,7 +28,7 @@
|
||||||
typedef struct {
|
typedef struct {
|
||||||
DHT *dht;
|
DHT *dht;
|
||||||
Networking_Core *net;
|
Networking_Core *net;
|
||||||
uint8_t secret_symmetric_key[crypto_secretbox_KEYBYTES];
|
uint8_t secret_symmetric_key[crypto_box_KEYBYTES];
|
||||||
uint64_t timestamp;
|
uint64_t timestamp;
|
||||||
|
|
||||||
Shared_Keys shared_keys_1;
|
Shared_Keys shared_keys_1;
|
||||||
|
@ -39,9 +39,9 @@ typedef struct {
|
||||||
void *callback_object;
|
void *callback_object;
|
||||||
} Onion;
|
} Onion;
|
||||||
|
|
||||||
#define ONION_RETURN_1 (crypto_secretbox_NONCEBYTES + sizeof(IP_Port) + crypto_secretbox_MACBYTES)
|
#define ONION_RETURN_1 (crypto_box_NONCEBYTES + sizeof(IP_Port) + crypto_box_MACBYTES)
|
||||||
#define ONION_RETURN_2 (crypto_secretbox_NONCEBYTES + sizeof(IP_Port) + crypto_secretbox_MACBYTES + ONION_RETURN_1)
|
#define ONION_RETURN_2 (crypto_box_NONCEBYTES + sizeof(IP_Port) + crypto_box_MACBYTES + ONION_RETURN_1)
|
||||||
#define ONION_RETURN_3 (crypto_secretbox_NONCEBYTES + sizeof(IP_Port) + crypto_secretbox_MACBYTES + ONION_RETURN_2)
|
#define ONION_RETURN_3 (crypto_box_NONCEBYTES + sizeof(IP_Port) + crypto_box_MACBYTES + ONION_RETURN_2)
|
||||||
|
|
||||||
#define ONION_SEND_BASE (crypto_box_PUBLICKEYBYTES + sizeof(IP_Port) + crypto_box_MACBYTES)
|
#define ONION_SEND_BASE (crypto_box_PUBLICKEYBYTES + sizeof(IP_Port) + crypto_box_MACBYTES)
|
||||||
#define ONION_SEND_3 (crypto_box_NONCEBYTES + ONION_SEND_BASE + ONION_RETURN_2)
|
#define ONION_SEND_3 (crypto_box_NONCEBYTES + ONION_SEND_BASE + ONION_RETURN_2)
|
||||||
|
|
|
@ -115,11 +115,11 @@ static void generate_ping_id(Onion_Announce *onion_a, uint64_t time, uint8_t *pu
|
||||||
uint8_t *ping_id)
|
uint8_t *ping_id)
|
||||||
{
|
{
|
||||||
time /= PING_ID_TIMEOUT;
|
time /= PING_ID_TIMEOUT;
|
||||||
uint8_t data[crypto_secretbox_KEYBYTES + sizeof(time) + crypto_box_PUBLICKEYBYTES + sizeof(ret_ip_port)];
|
uint8_t data[crypto_box_KEYBYTES + sizeof(time) + crypto_box_PUBLICKEYBYTES + sizeof(ret_ip_port)];
|
||||||
memcpy(data, onion_a->secret_bytes, crypto_secretbox_KEYBYTES);
|
memcpy(data, onion_a->secret_bytes, crypto_box_KEYBYTES);
|
||||||
memcpy(data + crypto_secretbox_KEYBYTES, &time, sizeof(time));
|
memcpy(data + crypto_box_KEYBYTES, &time, sizeof(time));
|
||||||
memcpy(data + crypto_secretbox_KEYBYTES + sizeof(time), public_key, crypto_box_PUBLICKEYBYTES);
|
memcpy(data + crypto_box_KEYBYTES + sizeof(time), public_key, crypto_box_PUBLICKEYBYTES);
|
||||||
memcpy(data + crypto_secretbox_KEYBYTES + sizeof(time) + crypto_box_PUBLICKEYBYTES, &ret_ip_port, sizeof(ret_ip_port));
|
memcpy(data + crypto_box_KEYBYTES + sizeof(time) + crypto_box_PUBLICKEYBYTES, &ret_ip_port, sizeof(ret_ip_port));
|
||||||
crypto_hash_sha256(ping_id, data, sizeof(data));
|
crypto_hash_sha256(ping_id, data, sizeof(data));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -221,7 +221,7 @@ static int handle_announce_request(void *object, IP_Port source, uint8_t *packet
|
||||||
get_shared_key(&onion_a->shared_keys_recv, shared_key, onion_a->dht->self_secret_key, packet_public_key);
|
get_shared_key(&onion_a->shared_keys_recv, shared_key, onion_a->dht->self_secret_key, packet_public_key);
|
||||||
|
|
||||||
uint8_t plain[ONION_PING_ID_SIZE + crypto_box_PUBLICKEYBYTES + crypto_box_PUBLICKEYBYTES + ONION_ANNOUNCE_SENDBACK_DATA_LENGTH];
|
uint8_t plain[ONION_PING_ID_SIZE + crypto_box_PUBLICKEYBYTES + crypto_box_PUBLICKEYBYTES + ONION_ANNOUNCE_SENDBACK_DATA_LENGTH];
|
||||||
int len = decrypt_data_fast(shared_key, packet + 1, packet + 1 + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES,
|
int len = decrypt_data_symmetric(shared_key, packet + 1, packet + 1 + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES,
|
||||||
ONION_PING_ID_SIZE + crypto_box_PUBLICKEYBYTES + crypto_box_PUBLICKEYBYTES + ONION_ANNOUNCE_SENDBACK_DATA_LENGTH +
|
ONION_PING_ID_SIZE + crypto_box_PUBLICKEYBYTES + crypto_box_PUBLICKEYBYTES + ONION_ANNOUNCE_SENDBACK_DATA_LENGTH +
|
||||||
crypto_box_MACBYTES, plain);
|
crypto_box_MACBYTES, plain);
|
||||||
|
|
||||||
|
@ -278,7 +278,7 @@ static int handle_announce_request(void *object, IP_Port source, uint8_t *packet
|
||||||
}
|
}
|
||||||
|
|
||||||
uint8_t data[ONION_ANNOUNCE_RESPONSE_MAX_SIZE];
|
uint8_t data[ONION_ANNOUNCE_RESPONSE_MAX_SIZE];
|
||||||
len = encrypt_data_fast(shared_key, nonce, pl, 1 + ONION_PING_ID_SIZE + nodes_length,
|
len = encrypt_data_symmetric(shared_key, nonce, pl, 1 + ONION_PING_ID_SIZE + nodes_length,
|
||||||
data + 1 + ONION_ANNOUNCE_SENDBACK_DATA_LENGTH + crypto_box_NONCEBYTES);
|
data + 1 + ONION_ANNOUNCE_SENDBACK_DATA_LENGTH + crypto_box_NONCEBYTES);
|
||||||
|
|
||||||
if (len != 1 + ONION_PING_ID_SIZE + nodes_length + crypto_box_MACBYTES)
|
if (len != 1 + ONION_PING_ID_SIZE + nodes_length + crypto_box_MACBYTES)
|
||||||
|
|
|
@ -29,7 +29,7 @@
|
||||||
#define ONION_ANNOUNCE_TIMEOUT 300
|
#define ONION_ANNOUNCE_TIMEOUT 300
|
||||||
#define ONION_PING_ID_SIZE crypto_hash_sha256_BYTES
|
#define ONION_PING_ID_SIZE crypto_hash_sha256_BYTES
|
||||||
|
|
||||||
#define ONION_ANNOUNCE_SENDBACK_DATA_LENGTH (crypto_secretbox_NONCEBYTES + sizeof(uint32_t) + sizeof(uint64_t) + crypto_box_PUBLICKEYBYTES + sizeof(IP_Port) + crypto_secretbox_MACBYTES)
|
#define ONION_ANNOUNCE_SENDBACK_DATA_LENGTH (crypto_box_NONCEBYTES + sizeof(uint32_t) + sizeof(uint64_t) + crypto_box_PUBLICKEYBYTES + sizeof(IP_Port) + crypto_box_MACBYTES)
|
||||||
|
|
||||||
#define ONION_ANNOUNCE_RESPONSE_MIN_SIZE (1 + ONION_ANNOUNCE_SENDBACK_DATA_LENGTH + crypto_box_NONCEBYTES + 1 + ONION_PING_ID_SIZE + crypto_box_MACBYTES)
|
#define ONION_ANNOUNCE_RESPONSE_MIN_SIZE (1 + ONION_ANNOUNCE_SENDBACK_DATA_LENGTH + crypto_box_NONCEBYTES + 1 + ONION_PING_ID_SIZE + crypto_box_MACBYTES)
|
||||||
#define ONION_ANNOUNCE_RESPONSE_MAX_SIZE (ONION_ANNOUNCE_RESPONSE_MIN_SIZE + sizeof(Node_format)*MAX_SENT_NODES)
|
#define ONION_ANNOUNCE_RESPONSE_MAX_SIZE (ONION_ANNOUNCE_RESPONSE_MIN_SIZE + sizeof(Node_format)*MAX_SENT_NODES)
|
||||||
|
@ -52,8 +52,8 @@ typedef struct {
|
||||||
DHT *dht;
|
DHT *dht;
|
||||||
Networking_Core *net;
|
Networking_Core *net;
|
||||||
Onion_Announce_Entry entries[ONION_ANNOUNCE_MAX_ENTRIES];
|
Onion_Announce_Entry entries[ONION_ANNOUNCE_MAX_ENTRIES];
|
||||||
/* This is crypto_secretbox_KEYBYTES long just so we can use new_symmetric_key() to fill it */
|
/* This is crypto_box_KEYBYTES long just so we can use new_symmetric_key() to fill it */
|
||||||
uint8_t secret_bytes[crypto_secretbox_KEYBYTES];
|
uint8_t secret_bytes[crypto_box_KEYBYTES];
|
||||||
|
|
||||||
Shared_Keys shared_keys_recv;
|
Shared_Keys shared_keys_recv;
|
||||||
} Onion_Announce;
|
} Onion_Announce;
|
||||||
|
|
|
@ -116,9 +116,9 @@ static int new_sendback(Onion_Client *onion_c, uint32_t num, uint8_t *public_key
|
||||||
memcpy(plain + sizeof(uint32_t) + sizeof(uint64_t) + crypto_box_PUBLICKEYBYTES, &ip_port, sizeof(IP_Port));
|
memcpy(plain + sizeof(uint32_t) + sizeof(uint64_t) + crypto_box_PUBLICKEYBYTES, &ip_port, sizeof(IP_Port));
|
||||||
|
|
||||||
int len = encrypt_data_symmetric(onion_c->secret_symmetric_key, sendback, plain, sizeof(plain),
|
int len = encrypt_data_symmetric(onion_c->secret_symmetric_key, sendback, plain, sizeof(plain),
|
||||||
sendback + crypto_secretbox_NONCEBYTES);
|
sendback + crypto_box_NONCEBYTES);
|
||||||
|
|
||||||
if ((uint32_t)len + crypto_secretbox_NONCEBYTES != ONION_ANNOUNCE_SENDBACK_DATA_LENGTH)
|
if ((uint32_t)len + crypto_box_NONCEBYTES != ONION_ANNOUNCE_SENDBACK_DATA_LENGTH)
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
|
@ -137,8 +137,8 @@ static int new_sendback(Onion_Client *onion_c, uint32_t num, uint8_t *public_key
|
||||||
static uint32_t check_sendback(Onion_Client *onion_c, uint8_t *sendback, uint8_t *ret_pubkey, IP_Port *ret_ip_port)
|
static uint32_t check_sendback(Onion_Client *onion_c, uint8_t *sendback, uint8_t *ret_pubkey, IP_Port *ret_ip_port)
|
||||||
{
|
{
|
||||||
uint8_t plain[sizeof(uint32_t) + sizeof(uint64_t) + crypto_box_PUBLICKEYBYTES + sizeof(IP_Port)];
|
uint8_t plain[sizeof(uint32_t) + sizeof(uint64_t) + crypto_box_PUBLICKEYBYTES + sizeof(IP_Port)];
|
||||||
int len = decrypt_data_symmetric(onion_c->secret_symmetric_key, sendback, sendback + crypto_secretbox_NONCEBYTES,
|
int len = decrypt_data_symmetric(onion_c->secret_symmetric_key, sendback, sendback + crypto_box_NONCEBYTES,
|
||||||
ONION_ANNOUNCE_SENDBACK_DATA_LENGTH - crypto_secretbox_NONCEBYTES, plain);
|
ONION_ANNOUNCE_SENDBACK_DATA_LENGTH - crypto_box_NONCEBYTES, plain);
|
||||||
|
|
||||||
if ((uint32_t)len != sizeof(plain))
|
if ((uint32_t)len != sizeof(plain))
|
||||||
return ~0;
|
return ~0;
|
||||||
|
|
|
@ -113,7 +113,7 @@ typedef struct {
|
||||||
|
|
||||||
Onion_Client_Paths onion_paths;
|
Onion_Client_Paths onion_paths;
|
||||||
|
|
||||||
uint8_t secret_symmetric_key[crypto_secretbox_KEYBYTES];
|
uint8_t secret_symmetric_key[crypto_box_KEYBYTES];
|
||||||
uint64_t last_run;
|
uint64_t last_run;
|
||||||
|
|
||||||
uint8_t temp_public_key[crypto_box_PUBLICKEYBYTES];
|
uint8_t temp_public_key[crypto_box_PUBLICKEYBYTES];
|
||||||
|
|
|
@ -168,7 +168,7 @@ int send_ping_request(PING *ping, IP_Port ipp, uint8_t *client_id)
|
||||||
new_nonce(pk + 1 + CLIENT_ID_SIZE); // Generate new nonce
|
new_nonce(pk + 1 + CLIENT_ID_SIZE); // Generate new nonce
|
||||||
|
|
||||||
|
|
||||||
rc = encrypt_data_fast(shared_key,
|
rc = encrypt_data_symmetric(shared_key,
|
||||||
pk + 1 + CLIENT_ID_SIZE,
|
pk + 1 + CLIENT_ID_SIZE,
|
||||||
(uint8_t *) &ping_id, sizeof(ping_id),
|
(uint8_t *) &ping_id, sizeof(ping_id),
|
||||||
pk + 1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES);
|
pk + 1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES);
|
||||||
|
@ -193,7 +193,7 @@ static int send_ping_response(PING *ping, IP_Port ipp, uint8_t *client_id, uint6
|
||||||
new_nonce(pk + 1 + CLIENT_ID_SIZE); // Generate new nonce
|
new_nonce(pk + 1 + CLIENT_ID_SIZE); // Generate new nonce
|
||||||
|
|
||||||
// Encrypt ping_id using recipient privkey
|
// Encrypt ping_id using recipient privkey
|
||||||
rc = encrypt_data_fast(shared_encryption_key,
|
rc = encrypt_data_symmetric(shared_encryption_key,
|
||||||
pk + 1 + CLIENT_ID_SIZE,
|
pk + 1 + CLIENT_ID_SIZE,
|
||||||
(uint8_t *) &ping_id, sizeof(ping_id),
|
(uint8_t *) &ping_id, sizeof(ping_id),
|
||||||
pk + 1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES );
|
pk + 1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES );
|
||||||
|
@ -222,7 +222,7 @@ static int handle_ping_request(void *_dht, IP_Port source, uint8_t *packet, uint
|
||||||
|
|
||||||
// Decrypt ping_id
|
// Decrypt ping_id
|
||||||
DHT_get_shared_key_recv(dht, shared_key, packet + 1);
|
DHT_get_shared_key_recv(dht, shared_key, packet + 1);
|
||||||
rc = decrypt_data_fast(shared_key,
|
rc = decrypt_data_symmetric(shared_key,
|
||||||
packet + 1 + CLIENT_ID_SIZE,
|
packet + 1 + CLIENT_ID_SIZE,
|
||||||
packet + 1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES,
|
packet + 1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES,
|
||||||
sizeof(ping_id) + crypto_box_MACBYTES,
|
sizeof(ping_id) + crypto_box_MACBYTES,
|
||||||
|
@ -259,7 +259,7 @@ static int handle_ping_response(void *_dht, IP_Port source, uint8_t *packet, uin
|
||||||
|
|
||||||
--ping_index;
|
--ping_index;
|
||||||
// Decrypt ping_id
|
// Decrypt ping_id
|
||||||
rc = decrypt_data_fast(ping->pings[ping_index].shared_key,
|
rc = decrypt_data_symmetric(ping->pings[ping_index].shared_key,
|
||||||
packet + 1 + CLIENT_ID_SIZE,
|
packet + 1 + CLIENT_ID_SIZE,
|
||||||
packet + 1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES,
|
packet + 1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES,
|
||||||
sizeof(ping_id) + crypto_box_MACBYTES,
|
sizeof(ping_id) + crypto_box_MACBYTES,
|
||||||
|
|
|
@ -828,34 +828,4 @@ int tox_load(Tox *tox, uint8_t *data, uint32_t length)
|
||||||
{
|
{
|
||||||
Messenger *m = tox;
|
Messenger *m = tox;
|
||||||
return messenger_load(m, data, length);
|
return messenger_load(m, data, length);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* return the size of data to pass to messenger_save_encrypted(...)
|
|
||||||
*/
|
|
||||||
uint32_t tox_size_encrypted(Tox *tox)
|
|
||||||
{
|
|
||||||
Messenger *m = tox;
|
|
||||||
return messenger_size_encrypted(m);
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Save the messenger, encrypting the data with key of length key_length
|
|
||||||
*
|
|
||||||
* return 0 on success.
|
|
||||||
* return -1 on failure.
|
|
||||||
*/
|
|
||||||
int tox_save_encrypted(Tox *tox, uint8_t *data, uint8_t *key, uint16_t key_length)
|
|
||||||
{
|
|
||||||
Messenger *m = tox;
|
|
||||||
return messenger_save_encrypted(m, data, key, key_length);
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Load the messenger from data of size length encrypted with key of key_length.
|
|
||||||
*
|
|
||||||
* return 0 on success.
|
|
||||||
* return -1 on failure.
|
|
||||||
*/
|
|
||||||
int tox_load_encrypted(Tox *tox, uint8_t *data, uint32_t length, uint8_t *key, uint16_t key_length)
|
|
||||||
{
|
|
||||||
Messenger *m = tox;
|
|
||||||
return messenger_load_encrypted(m, data, length, key, key_length);
|
|
||||||
}
|
|
|
@ -702,32 +702,6 @@ void tox_save(Tox *tox, uint8_t *data);
|
||||||
*/
|
*/
|
||||||
int tox_load(Tox *tox, uint8_t *data, uint32_t length);
|
int tox_load(Tox *tox, uint8_t *data, uint32_t length);
|
||||||
|
|
||||||
/**/
|
|
||||||
|
|
||||||
/* return the size of data to pass to messenger_save_encrypted(...)
|
|
||||||
*/
|
|
||||||
uint32_t tox_size_encrypted(Tox *tox);
|
|
||||||
|
|
||||||
/* Save the messenger, encrypting the data with key of length key_length
|
|
||||||
*
|
|
||||||
* This functions simply calls and then encrypt the output of tox_save(..)
|
|
||||||
* with crypto_secretbox(...) from NaCl/libsodium with the key
|
|
||||||
* given to crypto_secretbox(...) being the SHA256 sum of the key
|
|
||||||
* passed to this function.
|
|
||||||
*
|
|
||||||
* return 0 on success.
|
|
||||||
* return -1 on failure.
|
|
||||||
*/
|
|
||||||
int tox_save_encrypted(Tox *tox, uint8_t *data, uint8_t *key, uint16_t key_length);
|
|
||||||
|
|
||||||
/* Load the messenger from data of size length encrypted with key of key_length.
|
|
||||||
*
|
|
||||||
* return 0 on success.
|
|
||||||
* return -1 on failure.
|
|
||||||
*/
|
|
||||||
int tox_load_encrypted(Tox *tox, uint8_t *data, uint32_t length, uint8_t *key, uint16_t key_length);
|
|
||||||
|
|
||||||
|
|
||||||
#ifdef __cplusplus
|
#ifdef __cplusplus
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
Loading…
Reference in New Issue
Block a user