/* Create a onion packet to be sent over tcp.
*
* Use Onion_Path path to create packet for data of length to dest.
* Maximum length of data is ONION_MAX_DATA_SIZE.
* packet should be at least ONION_MAX_PACKET_SIZE big.
*
* return -1 on failure.
* return length of created packet on success.
*/
int create_onion_packet_tcp(uint8_t *packet, uint16_t max_packet_length, const Onion_Path *path, IP_Port dest,
const uint8_t *data, uint16_t length)
{
if (crypto_box_NONCEBYTES + SIZE_IPPORT + SEND_BASE * 2 + length > max_packet_length || length == 0)
return -1;
#ifdef _MSC_VER
VLA_s(uint8_t, step1, SIZE_IPPORT + length);
#else
uint8_t step1[SIZE_IPPORT + length];
#endif
ipport_pack(step1, &dest);
memcpy(step1 + SIZE_IPPORT, data, length);
uint8_t nonce[crypto_box_NONCEBYTES];
random_nonce(nonce);
#ifdef _MSC_VER
VLA_s(uint8_t, step2, SIZE_IPPORT + SEND_BASE + length);
#else
uint8_t step2[SIZE_IPPORT + SEND_BASE + length];
#endif
ipport_pack(step2, &path->ip_port3);
memcpy(step2 + SIZE_IPPORT, path->public_key3, crypto_box_PUBLICKEYBYTES);
#ifdef _MSC_VER
int len = encrypt_data_symmetric(path->shared_key3, nonce, step1, sizeof_step1,
step2 + SIZE_IPPORT + crypto_box_PUBLICKEYBYTES);
#else
int len = encrypt_data_symmetric(path->shared_key3, nonce, step1, sizeof(step1),
step2 + SIZE_IPPORT + crypto_box_PUBLICKEYBYTES);
#endif
if (len != SIZE_IPPORT + length + crypto_box_MACBYTES)
return -1;
ipport_pack(packet + crypto_box_NONCEBYTES, &path->ip_port2);
memcpy(packet + crypto_box_NONCEBYTES + SIZE_IPPORT, path->public_key2, crypto_box_PUBLICKEYBYTES);
#ifdef _MSC_VER
len = encrypt_data_symmetric(path->shared_key2, nonce, step2, sizeof_step2,
packet + crypto_box_NONCEBYTES + SIZE_IPPORT + crypto_box_PUBLICKEYBYTES);
#else
len = encrypt_data_symmetric(path->shared_key2, nonce, step2, sizeof(step2),
packet + crypto_box_NONCEBYTES + SIZE_IPPORT + crypto_box_PUBLICKEYBYTES);
#endif
if (len != SIZE_IPPORT + SEND_BASE + length + crypto_box_MACBYTES)
return -1;
memcpy(packet, nonce, crypto_box_NONCEBYTES);
return crypto_box_NONCEBYTES + SIZE_IPPORT + crypto_box_PUBLICKEYBYTES + len;
}
/* Create a onion packet.
*
* Use Onion_Path path to create packet for data of length to dest.
* Maximum length of data is ONION_MAX_DATA_SIZE.
* packet should be at least ONION_MAX_PACKET_SIZE big.
*
* return -1 on failure.
* return length of created packet on success.
*/
int create_onion_packet(uint8_t *packet, uint16_t max_packet_length, const Onion_Path *path, IP_Port dest,
const uint8_t *data, uint16_t length)
{
if (1 + length + SEND_1 > max_packet_length || length == 0) {
return -1;
}
uint8_t step1[SIZE_IPPORT + length];
ipport_pack(step1, &dest);
memcpy(step1 + SIZE_IPPORT, data, length);
uint8_t nonce[crypto_box_NONCEBYTES];
random_nonce(nonce);
uint8_t step2[SIZE_IPPORT + SEND_BASE + length];
ipport_pack(step2, &path->ip_port3);
memcpy(step2 + SIZE_IPPORT, path->public_key3, crypto_box_PUBLICKEYBYTES);
int len = encrypt_data_symmetric(path->shared_key3, nonce, step1, sizeof(step1),
step2 + SIZE_IPPORT + crypto_box_PUBLICKEYBYTES);
if (len != SIZE_IPPORT + length + crypto_box_MACBYTES) {
return -1;
}
uint8_t step3[SIZE_IPPORT + SEND_BASE * 2 + length];
ipport_pack(step3, &path->ip_port2);
memcpy(step3 + SIZE_IPPORT, path->public_key2, crypto_box_PUBLICKEYBYTES);
len = encrypt_data_symmetric(path->shared_key2, nonce, step2, sizeof(step2),
step3 + SIZE_IPPORT + crypto_box_PUBLICKEYBYTES);
if (len != SIZE_IPPORT + SEND_BASE + length + crypto_box_MACBYTES) {
return -1;
}
packet[0] = NET_PACKET_ONION_SEND_INITIAL;
memcpy(packet + 1, nonce, crypto_box_NONCEBYTES);
memcpy(packet + 1 + crypto_box_NONCEBYTES, path->public_key1, crypto_box_PUBLICKEYBYTES);
len = encrypt_data_symmetric(path->shared_key1, nonce, step3, sizeof(step3),
packet + 1 + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES);
if (len != SIZE_IPPORT + SEND_BASE * 2 + length + crypto_box_MACBYTES) {
return -1;
}
return 1 + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES + len;
}
int onion_send_1(const Onion *onion, const uint8_t *plain, uint32_t len, IP_Port source, const uint8_t *nonce)
{
IP_Port send_to;
ipport_unpack(&send_to, plain);
to_host_family(&send_to.ip);
uint8_t ip_port[SIZE_IPPORT];
ipport_pack(ip_port, &source);
uint8_t data[ONION_MAX_PACKET_SIZE];
data[0] = NET_PACKET_ONION_SEND_1;
memcpy(data + 1, nonce, crypto_box_NONCEBYTES);
memcpy(data + 1 + crypto_box_NONCEBYTES, plain + SIZE_IPPORT, len - SIZE_IPPORT);
uint32_t data_len = 1 + crypto_box_NONCEBYTES + (len - SIZE_IPPORT);
uint8_t *ret_part = data + data_len;
new_nonce(ret_part);
len = encrypt_data_symmetric(onion->secret_symmetric_key, ret_part, ip_port, SIZE_IPPORT,
ret_part + crypto_box_NONCEBYTES);
if (len != SIZE_IPPORT + crypto_box_MACBYTES)
return 1;
data_len += crypto_box_NONCEBYTES + len;
if ((uint32_t)sendpacket(onion->net, send_to, data, data_len) != data_len)
return 1;
return 0;
}
static int handle_send_2(void *object, IP_Port source, const uint8_t *packet, uint16_t length)
{
Onion *onion = object;
if (length > ONION_MAX_PACKET_SIZE)
return 1;
if (length <= 1 + SEND_3)
return 1;
change_symmetric_key(onion);
uint8_t plain[ONION_MAX_PACKET_SIZE];
uint8_t shared_key[crypto_box_BEFORENMBYTES];
get_shared_key(&onion->shared_keys_3, shared_key, onion->dht->self_secret_key, packet + 1 + crypto_box_NONCEBYTES);
int len = decrypt_data_symmetric(shared_key, packet + 1, packet + 1 + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES,
length - (1 + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES + RETURN_2), plain);
if (len != length - (1 + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES + RETURN_2 + crypto_box_MACBYTES))
return 1;
if (len <= SIZE_IPPORT) {
return 1;
}
if (plain[SIZE_IPPORT] != NET_PACKET_ANNOUNCE_REQUEST &&
plain[SIZE_IPPORT] != NET_PACKET_ONION_DATA_REQUEST) {
return 1;
}
IP_Port send_to;
if (ipport_unpack(&send_to, plain, len, 0) == -1)
return 1;
uint8_t data[ONION_MAX_PACKET_SIZE];
memcpy(data, plain + SIZE_IPPORT, len - SIZE_IPPORT);
uint16_t data_len = (len - SIZE_IPPORT);
uint8_t *ret_part = data + (len - SIZE_IPPORT);
new_nonce(ret_part);
uint8_t ret_data[RETURN_2 + SIZE_IPPORT];
ipport_pack(ret_data, &source);
memcpy(ret_data + SIZE_IPPORT, packet + (length - RETURN_2), RETURN_2);
len = encrypt_data_symmetric(onion->secret_symmetric_key, ret_part, ret_data, sizeof(ret_data),
ret_part + crypto_box_NONCEBYTES);
if (len != RETURN_3 - crypto_box_NONCEBYTES)
return 1;
data_len += RETURN_3;
if ((uint32_t)sendpacket(onion->net, send_to, data, data_len) != data_len)
return 1;
return 0;
}
static int handle_send_1(void *object, IP_Port source, const uint8_t *packet, uint16_t length, void *userdata)
{
Onion *onion = (Onion *)object;
if (length > ONION_MAX_PACKET_SIZE) {
return 1;
}
if (length <= 1 + SEND_2) {
return 1;
}
change_symmetric_key(onion);
uint8_t plain[ONION_MAX_PACKET_SIZE];
uint8_t shared_key[crypto_box_BEFORENMBYTES];
get_shared_key(&onion->shared_keys_2, shared_key, onion->dht->self_secret_key, packet + 1 + crypto_box_NONCEBYTES);
int len = decrypt_data_symmetric(shared_key, packet + 1, packet + 1 + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES,
length - (1 + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES + RETURN_1), plain);
if (len != length - (1 + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES + RETURN_1 + crypto_box_MACBYTES)) {
return 1;
}
IP_Port send_to;
if (ipport_unpack(&send_to, plain, len, 0) == -1) {
return 1;
}
uint8_t data[ONION_MAX_PACKET_SIZE];
data[0] = NET_PACKET_ONION_SEND_2;
memcpy(data + 1, packet + 1, crypto_box_NONCEBYTES);
memcpy(data + 1 + crypto_box_NONCEBYTES, plain + SIZE_IPPORT, len - SIZE_IPPORT);
uint16_t data_len = 1 + crypto_box_NONCEBYTES + (len - SIZE_IPPORT);
uint8_t *ret_part = data + data_len;
new_nonce(ret_part);
uint8_t ret_data[RETURN_1 + SIZE_IPPORT];
ipport_pack(ret_data, &source);
memcpy(ret_data + SIZE_IPPORT, packet + (length - RETURN_1), RETURN_1);
len = encrypt_data_symmetric(onion->secret_symmetric_key, ret_part, ret_data, sizeof(ret_data),
ret_part + crypto_box_NONCEBYTES);
if (len != RETURN_2 - crypto_box_NONCEBYTES) {
return 1;
}
data_len += crypto_box_NONCEBYTES + len;
if ((uint32_t)sendpacket(onion->net, send_to, data, data_len) != data_len) {
return 1;
}
return 0;
}
int onion_send_1(const Onion *onion, const uint8_t *plain, uint16_t len, IP_Port source, const uint8_t *nonce)
{
if (len > ONION_MAX_PACKET_SIZE + SIZE_IPPORT - (1 + crypto_box_NONCEBYTES + ONION_RETURN_1)) {
return 1;
}
if (len <= SIZE_IPPORT + SEND_BASE * 2) {
return 1;
}
IP_Port send_to;
if (ipport_unpack(&send_to, plain, len, 0) == -1) {
return 1;
}
uint8_t ip_port[SIZE_IPPORT];
ipport_pack(ip_port, &source);
uint8_t data[ONION_MAX_PACKET_SIZE];
data[0] = NET_PACKET_ONION_SEND_1;
memcpy(data + 1, nonce, crypto_box_NONCEBYTES);
memcpy(data + 1 + crypto_box_NONCEBYTES, plain + SIZE_IPPORT, len - SIZE_IPPORT);
uint16_t data_len = 1 + crypto_box_NONCEBYTES + (len - SIZE_IPPORT);
uint8_t *ret_part = data + data_len;
new_nonce(ret_part);
len = encrypt_data_symmetric(onion->secret_symmetric_key, ret_part, ip_port, SIZE_IPPORT,
ret_part + crypto_box_NONCEBYTES);
if (len != SIZE_IPPORT + crypto_box_MACBYTES) {
return 1;
}
data_len += crypto_box_NONCEBYTES + len;
if ((uint32_t)sendpacket(onion->net, send_to, data, data_len) != data_len) {
return 1;
}
return 0;
}
