1 /* SPDX-License-Identifier: GPL-3.0-or-later
2  * Copyright © 2016-2018 The TokTok team.
3  * Copyright © 2013 Tox project.
4  */
5 
6 /*
7  * Functions for the core network crypto.
8  */
9 #ifndef C_TOXCORE_TOXCORE_NET_CRYPTO_H
10 #define C_TOXCORE_TOXCORE_NET_CRYPTO_H
11 
12 #include "DHT.h"
13 #include "LAN_discovery.h"
14 #include "TCP_connection.h"
15 #include "logger.h"
16 
17 #include <pthread.h>
18 
19 /** Crypto payloads. */
20 
21 /** Ranges. */
22 
23 /* Packets in this range are reserved for net_crypto internal use. */
24 #define PACKET_ID_RANGE_RESERVED_START 0
25 #define PACKET_ID_RANGE_RESERVED_END 15
26 /* Packets in this range are reserved for Messenger use. */
27 #define PACKET_ID_RANGE_LOSSLESS_START 16
28 #define PACKET_ID_RANGE_LOSSLESS_NORMAL_START 16
29 #define PACKET_ID_RANGE_LOSSLESS_NORMAL_END 159
30 /* Packets in this range can be used for anything. */
31 #define PACKET_ID_RANGE_LOSSLESS_CUSTOM_START 160
32 #define PACKET_ID_RANGE_LOSSLESS_CUSTOM_END 191
33 #define PACKET_ID_RANGE_LOSSLESS_END 191
34 /* Packets in this range are reserved for AV use. */
35 #define PACKET_ID_RANGE_LOSSY_START 192
36 #define PACKET_ID_RANGE_LOSSY_AV_START 192
37 #define PACKET_ID_RANGE_LOSSY_AV_SIZE 8
38 #define PACKET_ID_RANGE_LOSSY_AV_END 199
39 /* Packets in this range can be used for anything. */
40 #define PACKET_ID_RANGE_LOSSY_CUSTOM_START 200
41 #define PACKET_ID_RANGE_LOSSY_CUSTOM_END 254
42 #define PACKET_ID_RANGE_LOSSY_END 254
43 
44 /** Messages. */
45 
46 #define PACKET_ID_PADDING 0 // Denotes padding
47 #define PACKET_ID_REQUEST 1 // Used to request unreceived packets
48 #define PACKET_ID_KILL    2 // Used to kill connection
49 
50 #define PACKET_ID_ONLINE 24
51 #define PACKET_ID_OFFLINE 25
52 #define PACKET_ID_NICKNAME 48
53 #define PACKET_ID_STATUSMESSAGE 49
54 #define PACKET_ID_USERSTATUS 50
55 #define PACKET_ID_TYPING 51
56 #define PACKET_ID_MESSAGE 64
57 #define PACKET_ID_ACTION 65 // PACKET_ID_MESSAGE + MESSAGE_ACTION
58 #define PACKET_ID_MSI 69    // Used by AV to setup calls and etc
59 #define PACKET_ID_FILE_SENDREQUEST 80
60 #define PACKET_ID_FILE_CONTROL 81
61 #define PACKET_ID_FILE_DATA 82
62 #define PACKET_ID_INVITE_CONFERENCE 96
63 #define PACKET_ID_ONLINE_PACKET 97
64 #define PACKET_ID_DIRECT_CONFERENCE 98
65 #define PACKET_ID_MESSAGE_CONFERENCE 99
66 #define PACKET_ID_REJOIN_CONFERENCE 100
67 #define PACKET_ID_LOSSY_CONFERENCE 199
68 
69 /* Maximum size of receiving and sending packet buffers. */
70 #define CRYPTO_PACKET_BUFFER_SIZE 32768 // Must be a power of 2
71 
72 /* Minimum packet rate per second. */
73 #define CRYPTO_PACKET_MIN_RATE 4.0
74 
75 /* Minimum packet queue max length. */
76 #define CRYPTO_MIN_QUEUE_LENGTH 64
77 
78 /* Maximum total size of packets that net_crypto sends. */
79 #define MAX_CRYPTO_PACKET_SIZE (uint16_t)1400
80 
81 #define CRYPTO_DATA_PACKET_MIN_SIZE (uint16_t)(1 + sizeof(uint16_t) + (sizeof(uint32_t) + sizeof(uint32_t)) + CRYPTO_MAC_SIZE)
82 
83 /* Max size of data in packets */
84 #define MAX_CRYPTO_DATA_SIZE (uint16_t)(MAX_CRYPTO_PACKET_SIZE - CRYPTO_DATA_PACKET_MIN_SIZE)
85 
86 /* Interval in ms between sending cookie request/handshake packets. */
87 #define CRYPTO_SEND_PACKET_INTERVAL 1000
88 
89 /* The maximum number of times we try to send the cookie request and handshake
90  * before giving up. */
91 #define MAX_NUM_SENDPACKET_TRIES 8
92 
93 /* The timeout of no received UDP packets before the direct UDP connection is considered dead. */
94 #define UDP_DIRECT_TIMEOUT 8
95 
96 #define MAX_TCP_CONNECTIONS 64
97 #define MAX_TCP_RELAYS_PEER 4
98 
99 /* All packets will be padded a number of bytes based on this number. */
100 #define CRYPTO_MAX_PADDING 8
101 
102 /* Base current transfer speed on last CONGESTION_QUEUE_ARRAY_SIZE number of points taken
103  * at the dT defined in net_crypto.c */
104 #define CONGESTION_QUEUE_ARRAY_SIZE 12
105 #define CONGESTION_LAST_SENT_ARRAY_SIZE (CONGESTION_QUEUE_ARRAY_SIZE * 2)
106 
107 /* Default connection ping in ms. */
108 #define DEFAULT_PING_CONNECTION 1000
109 #define DEFAULT_TCP_PING_CONNECTION 500
110 
111 typedef struct Net_Crypto Net_Crypto;
112 
113 const uint8_t *nc_get_self_public_key(const Net_Crypto *c);
114 const uint8_t *nc_get_self_secret_key(const Net_Crypto *c);
115 TCP_Connections *nc_get_tcp_c(const Net_Crypto *c);
116 DHT *nc_get_dht(const Net_Crypto *c);
117 
118 typedef struct New_Connection {
119     IP_Port source;
120     uint8_t public_key[CRYPTO_PUBLIC_KEY_SIZE]; /* The real public key of the peer. */
121     uint8_t dht_public_key[CRYPTO_PUBLIC_KEY_SIZE]; /* The dht public key of the peer. */
122     uint8_t recv_nonce[CRYPTO_NONCE_SIZE]; /* Nonce of received packets. */
123     uint8_t peersessionpublic_key[CRYPTO_PUBLIC_KEY_SIZE]; /* The public key of the peer. */
124     uint8_t *cookie;
125     uint8_t cookie_length;
126 } New_Connection;
127 
128 typedef int connection_status_cb(void *object, int id, uint8_t status, void *userdata);
129 typedef int connection_data_cb(void *object, int id, const uint8_t *data, uint16_t length, void *userdata);
130 typedef int connection_lossy_data_cb(void *object, int id, const uint8_t *data, uint16_t length, void *userdata);
131 typedef void dht_pk_cb(void *data, int32_t number, const uint8_t *dht_public_key, void *userdata);
132 typedef int new_connection_cb(void *object, New_Connection *n_c);
133 
134 /* Set function to be called when someone requests a new connection to us.
135  *
136  * The set function should return -1 on failure and 0 on success.
137  *
138  * n_c is only valid for the duration of the function call.
139  */
140 void new_connection_handler(Net_Crypto *c, new_connection_cb *new_connection_callback, void *object);
141 
142 /* Accept a crypto connection.
143  *
144  * return -1 on failure.
145  * return connection id on success.
146  */
147 int accept_crypto_connection(Net_Crypto *c, New_Connection *n_c);
148 
149 /* Create a crypto connection.
150  * If one to that real public key already exists, return it.
151  *
152  * return -1 on failure.
153  * return connection id on success.
154  */
155 int new_crypto_connection(Net_Crypto *c, const uint8_t *real_public_key, const uint8_t *dht_public_key);
156 
157 /* Set the direct ip of the crypto connection.
158  *
159  * Connected is 0 if we are not sure we are connected to that person, 1 if we are sure.
160  *
161  * return -1 on failure.
162  * return 0 on success.
163  */
164 int set_direct_ip_port(Net_Crypto *c, int crypt_connection_id, IP_Port ip_port, bool connected);
165 
166 /* Set function to be called when connection with crypt_connection_id goes connects/disconnects.
167  *
168  * The set function should return -1 on failure and 0 on success.
169  * Note that if this function is set, the connection will clear itself on disconnect.
170  * Object and id will be passed to this function untouched.
171  * status is 1 if the connection is going online, 0 if it is going offline.
172  *
173  * return -1 on failure.
174  * return 0 on success.
175  */
176 int connection_status_handler(const Net_Crypto *c, int crypt_connection_id,
177                               connection_status_cb *connection_status_callback, void *object, int id);
178 
179 /* Set function to be called when connection with crypt_connection_id receives a lossless data packet of length.
180  *
181  * The set function should return -1 on failure and 0 on success.
182  * Object and id will be passed to this function untouched.
183  *
184  * return -1 on failure.
185  * return 0 on success.
186  */
187 int connection_data_handler(const Net_Crypto *c, int crypt_connection_id,
188                             connection_data_cb *connection_data_callback, void *object, int id);
189 
190 
191 /* Set function to be called when connection with crypt_connection_id receives a lossy data packet of length.
192  *
193  * The set function should return -1 on failure and 0 on success.
194  * Object and id will be passed to this function untouched.
195  *
196  * return -1 on failure.
197  * return 0 on success.
198  */
199 int connection_lossy_data_handler(Net_Crypto *c, int crypt_connection_id,
200                                   connection_lossy_data_cb *connection_lossy_data_callback, void *object, int id);
201 
202 /* Set the function for this friend that will be callbacked with object and number if
203  * the friend sends us a different dht public key than we have associated to him.
204  *
205  * If this function is called, the connection should be recreated with the new public key.
206  *
207  * object and number will be passed as argument to this function.
208  *
209  * return -1 on failure.
210  * return 0 on success.
211  */
212 int nc_dht_pk_callback(Net_Crypto *c, int crypt_connection_id, dht_pk_cb *function, void *object, uint32_t number);
213 
214 /* returns the number of packet slots left in the sendbuffer.
215  * return 0 if failure.
216  */
217 uint32_t crypto_num_free_sendqueue_slots(const Net_Crypto *c, int crypt_connection_id);
218 
219 /* Return 1 if max speed was reached for this connection (no more data can be physically through the pipe).
220  * Return 0 if it wasn't reached.
221  */
222 bool max_speed_reached(Net_Crypto *c, int crypt_connection_id);
223 
224 /* Sends a lossless cryptopacket.
225  *
226  * return -1 if data could not be put in packet queue.
227  * return positive packet number if data was put into the queue.
228  *
229  * The first byte of data must be in the PACKET_ID_RANGE_LOSSLESS.
230  *
231  * congestion_control: should congestion control apply to this packet?
232  */
233 int64_t write_cryptpacket(Net_Crypto *c, int crypt_connection_id, const uint8_t *data, uint16_t length,
234                           uint8_t congestion_control);
235 
236 /* Check if packet_number was received by the other side.
237  *
238  * packet_number must be a valid packet number of a packet sent on this connection.
239  *
240  * return -1 on failure.
241  * return 0 on success.
242  */
243 int cryptpacket_received(Net_Crypto *c, int crypt_connection_id, uint32_t packet_number);
244 
245 /* Sends a lossy cryptopacket.
246  *
247  * return -1 on failure.
248  * return 0 on success.
249  *
250  * The first byte of data must be in the PACKET_ID_RANGE_LOSSY.
251  */
252 int send_lossy_cryptpacket(Net_Crypto *c, int crypt_connection_id, const uint8_t *data, uint16_t length);
253 
254 /* Add a tcp relay, associating it to a crypt_connection_id.
255  *
256  * return 0 if it was added.
257  * return -1 if it wasn't.
258  */
259 int add_tcp_relay_peer(Net_Crypto *c, int crypt_connection_id, IP_Port ip_port, const uint8_t *public_key);
260 
261 /* Add a tcp relay to the array.
262  *
263  * return 0 if it was added.
264  * return -1 if it wasn't.
265  */
266 int add_tcp_relay(Net_Crypto *c, IP_Port ip_port, const uint8_t *public_key);
267 
268 /* Return a random TCP connection number for use in send_tcp_onion_request.
269  *
270  * return TCP connection number on success.
271  * return -1 on failure.
272  */
273 int get_random_tcp_con_number(Net_Crypto *c);
274 
275 /* Send an onion packet via the TCP relay corresponding to TCP_conn_number.
276  *
277  * return 0 on success.
278  * return -1 on failure.
279  */
280 int send_tcp_onion_request(Net_Crypto *c, unsigned int tcp_connections_number, const uint8_t *data, uint16_t length);
281 
282 /* Copy a maximum of num TCP relays we are connected to to tcp_relays.
283  * NOTE that the family of the copied ip ports will be set to TCP_INET or TCP_INET6.
284  *
285  * return number of relays copied to tcp_relays on success.
286  * return 0 on failure.
287  */
288 unsigned int copy_connected_tcp_relays(Net_Crypto *c, Node_format *tcp_relays, uint16_t num);
289 
290 /* Kill a crypto connection.
291  *
292  * return -1 on failure.
293  * return 0 on success.
294  */
295 int crypto_kill(Net_Crypto *c, int crypt_connection_id);
296 
297 /* return true if connection is valid, false otherwise
298  *
299  * sets direct_connected to 1 if connection connects directly to other, 0 if it isn't.
300  * sets online_tcp_relays to the number of connected tcp relays this connection has.
301  */
302 bool crypto_connection_status(const Net_Crypto *c, int crypt_connection_id, bool *direct_connected,
303                               unsigned int *online_tcp_relays);
304 
305 /* Generate our public and private keys.
306  *  Only call this function the first time the program starts.
307  */
308 void new_keys(Net_Crypto *c);
309 
310 /* Save the public and private keys to the keys array.
311  *  Length must be CRYPTO_PUBLIC_KEY_SIZE + CRYPTO_SECRET_KEY_SIZE.
312  */
313 void save_keys(const Net_Crypto *c, uint8_t *keys);
314 
315 /* Load the secret key.
316  * Length must be CRYPTO_SECRET_KEY_SIZE.
317  */
318 void load_secret_key(Net_Crypto *c, const uint8_t *sk);
319 
320 /* Create new instance of Net_Crypto.
321  *  Sets all the global connection variables to their default values.
322  */
323 Net_Crypto *new_net_crypto(const Logger *log, Mono_Time *mono_time, DHT *dht, TCP_Proxy_Info *proxy_info);
324 
325 /* return the optimal interval in ms for running do_net_crypto.
326  */
327 uint32_t crypto_run_interval(const Net_Crypto *c);
328 
329 /* Main loop. */
330 void do_net_crypto(Net_Crypto *c, void *userdata);
331 
332 void kill_net_crypto(Net_Crypto *c);
333 
334 
335 
336 #endif
337