/* Kill a crypto connection.
*
* return 0 if killed successfully.
* return 1 if there was a problem.
*/
int crypto_kill(Net_Crypto *c, int crypt_connection_id)
{
if (crypt_connection_id_not_valid(c, crypt_connection_id))
return 1;
if (c->crypto_connections[crypt_connection_id].status != CRYPTO_CONN_NO_CONNECTION) {
c->crypto_connections[crypt_connection_id].status = CRYPTO_CONN_NO_CONNECTION;
kill_connection(c->lossless_udp, c->crypto_connections[crypt_connection_id].number);
memset(&(c->crypto_connections[crypt_connection_id]), 0 , sizeof(Crypto_Connection));
c->crypto_connections[crypt_connection_id].number = ~0;
uint32_t i;
for (i = c->crypto_connections_length; i != 0; --i) {
if (c->crypto_connections[i - 1].status != CRYPTO_CONN_NO_CONNECTION)
break;
}
if (c->crypto_connections_length != i) {
c->crypto_connections_length = i;
realloc_cryptoconnection(c, c->crypto_connections_length);
}
return 0;
}
return 1;
}
/* Accept an incoming connection using the parameters provided by crypto_inbound.
*
* return -1 if not successful.
* return the crypt_connection_id if successful.
*/
int accept_crypto_inbound(Net_Crypto *c, int connection_id, uint8_t *public_key, uint8_t *secret_nonce,
uint8_t *session_key)
{
uint32_t i;
if (discard_packet(c->lossless_udp, connection_id) == -1)
return -1;
/*
* if(getcryptconnection_id(public_key) != -1)
* {
* return -1;
* }
*/
if (realloc_cryptoconnection(c, c->crypto_connections_length + 1) == -1
|| c->crypto_connections == NULL)
return -1;
memset(&(c->crypto_connections[c->crypto_connections_length]), 0, sizeof(Crypto_Connection));
c->crypto_connections[c->crypto_connections_length].number = ~0;
for (i = 0; i <= c->crypto_connections_length; ++i) {
if (c->crypto_connections[i].status == CRYPTO_CONN_NO_CONNECTION) {
c->crypto_connections[i].number = connection_id;
c->crypto_connections[i].status = CRYPTO_CONN_NOT_CONFIRMED;
c->crypto_connections[i].timeout = unix_time() + CRYPTO_HANDSHAKE_TIMEOUT;
random_nonce(c->crypto_connections[i].recv_nonce);
memcpy(c->crypto_connections[i].sent_nonce, secret_nonce, crypto_box_NONCEBYTES);
memcpy(c->crypto_connections[i].peersessionpublic_key, session_key, crypto_box_PUBLICKEYBYTES);
increment_nonce(c->crypto_connections[i].sent_nonce);
memcpy(c->crypto_connections[i].public_key, public_key, crypto_box_PUBLICKEYBYTES);
crypto_box_keypair(c->crypto_connections[i].sessionpublic_key, c->crypto_connections[i].sessionsecret_key);
if (c->crypto_connections_length == i)
++c->crypto_connections_length;
if (send_cryptohandshake(c, connection_id, public_key, c->crypto_connections[i].recv_nonce,
c->crypto_connections[i].sessionpublic_key) == 1) {
increment_nonce(c->crypto_connections[i].recv_nonce);
uint32_t zero = 0;
encrypt_precompute(c->crypto_connections[i].peersessionpublic_key,
c->crypto_connections[i].sessionsecret_key,
c->crypto_connections[i].shared_key);
c->crypto_connections[i].status =
CRYPTO_CONN_ESTABLISHED; /* Connection status needs to be 3 for write_cryptpacket() to work. */
write_cryptpacket(c, i, ((uint8_t *)&zero), sizeof(zero));
c->crypto_connections[i].status = CRYPTO_CONN_NOT_CONFIRMED; /* Set it to its proper value right after. */
return i;
}
return -1; /* This should never happen. */
}
}
return -1;
}
/* Start a secure connection with other peer who has public_key and ip_port.
*
* return -1 if failure.
* return crypt_connection_id of the initialized connection if everything went well.
*/
int crypto_connect(Net_Crypto *c, uint8_t *public_key, IP_Port ip_port)
{
uint32_t i;
int id_existing = getcryptconnection_id(c, public_key);
if (id_existing != -1) {
IP_Port c_ip = connection_ip(c->lossless_udp, c->crypto_connections[id_existing].number);
if (ipport_equal(&c_ip, &ip_port))
return -1;
}
if (realloc_cryptoconnection(c, c->crypto_connections_length + 1) == -1
|| c->crypto_connections == NULL)
return -1;
memset(&(c->crypto_connections[c->crypto_connections_length]), 0, sizeof(Crypto_Connection));
c->crypto_connections[c->crypto_connections_length].number = ~0;
for (i = 0; i <= c->crypto_connections_length; ++i) {
if (c->crypto_connections[i].status == CRYPTO_CONN_NO_CONNECTION) {
int id_new = new_connection(c->lossless_udp, ip_port);
if (id_new == -1)
return -1;
c->crypto_connections[i].number = id_new;
c->crypto_connections[i].status = CRYPTO_CONN_HANDSHAKE_SENT;
random_nonce(c->crypto_connections[i].recv_nonce);
memcpy(c->crypto_connections[i].public_key, public_key, crypto_box_PUBLICKEYBYTES);
crypto_box_keypair(c->crypto_connections[i].sessionpublic_key, c->crypto_connections[i].sessionsecret_key);
c->crypto_connections[i].timeout = unix_time() + CRYPTO_HANDSHAKE_TIMEOUT;
if (c->crypto_connections_length == i)
++c->crypto_connections_length;
if (send_cryptohandshake(c, id_new, public_key, c->crypto_connections[i].recv_nonce,
c->crypto_connections[i].sessionpublic_key) == 1) {
increment_nonce(c->crypto_connections[i].recv_nonce);
return i;
}
return -1; /* This should never happen. */
}
}
return -1;
}
/* Start a secure connection with other peer who has public_key and ip_port.
*
* return -1 if failure.
* return crypt_connection_id of the initialized connection if everything went well.
*/
int crypto_connect(Net_Crypto *c, uint8_t *public_key, IP_Port ip_port)
{
uint32_t i;
int id = getcryptconnection_id(c, public_key);
if (id != -1) {
IP_Port c_ip = connection_ip(c->lossless_udp, c->crypto_connections[id].number);
if (c_ip.ip.uint32 == ip_port.ip.uint32 && c_ip.port == ip_port.port)
return -1;
}
if (realloc_cryptoconnection(c, c->crypto_connections_length + 1) == -1)
return -1;
memset(&(c->crypto_connections[c->crypto_connections_length]), 0, sizeof(Crypto_Connection));
c->crypto_connections[c->crypto_connections_length].number = ~0;
for (i = 0; i <= c->crypto_connections_length; ++i) {
if (c->crypto_connections[i].status == CONN_NO_CONNECTION) {
int id = new_connection(c->lossless_udp, ip_port);
if (id == -1)
return -1;
c->crypto_connections[i].number = id;
c->crypto_connections[i].status = CONN_HANDSHAKE_SENT;
random_nonce(c->crypto_connections[i].recv_nonce);
memcpy(c->crypto_connections[i].public_key, public_key, crypto_box_PUBLICKEYBYTES);
crypto_box_keypair(c->crypto_connections[i].sessionpublic_key, c->crypto_connections[i].sessionsecret_key);
if (c->crypto_connections_length == i)
++c->crypto_connections_length;
if (send_cryptohandshake(c, id, public_key, c->crypto_connections[i].recv_nonce,
c->crypto_connections[i].sessionpublic_key) == 1) {
increment_nonce(c->crypto_connections[i].recv_nonce);
return i;
}
return -1; /* This should never happen. */
}
}
return -1;
}
