ffi-tox 0.1.1 → 0.1.3

data/ProjectTox-Core/toxcore/onion_client.h

@@ -0,0 +1,253 @@
+/*
+* onion_client.h -- Implementation of the client part of docs/Prevent_Tracking.txt
+*                   (The part that uses the onion stuff to connect to the friend)
+*
+*  Copyright (C) 2013 Tox project All Rights Reserved.
+*
+*  This file is part of Tox.
+*
+*  Tox is free software: you can redistribute it and/or modify
+*  it under the terms of the GNU General Public License as published by
+*  the Free Software Foundation, either version 3 of the License, or
+*  (at your option) any later version.
+*
+*  Tox is distributed in the hope that it will be useful,
+*  but WITHOUT ANY WARRANTY; without even the implied warranty of
+*  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+*  GNU General Public License for more details.
+*
+*  You should have received a copy of the GNU General Public License
+*  along with Tox.  If not, see <http://www.gnu.org/licenses/>.
+*
+*/
+
+#ifndef ONION_CLIENT_H
+#define ONION_CLIENT_H
+
+#include "onion_announce.h"
+#include "net_crypto.h"
+#include "ping_array.h"
+
+#define MAX_ONION_CLIENTS 8
+#define ONION_NODE_PING_INTERVAL 30
+#define ONION_NODE_TIMEOUT (ONION_NODE_PING_INTERVAL * 4)
+
+/* The interval in seconds at which to tell our friends where we are */
+#define ONION_FAKEID_INTERVAL 30
+#define DHT_FAKEID_INTERVAL 20
+
+#define NUMBER_ONION_PATHS 3
+
+/* The timeout the first time the path is added and
+   then for all the next consecutive times */
+#define ONION_PATH_FIRST_TIMEOUT 5
+#define ONION_PATH_TIMEOUT 30
+#define ONION_PATH_MAX_LIFETIME 600
+
+#define MAX_STORED_PINGED_NODES 9
+#define MIN_NODE_PING_TIME 10
+
+#define MAX_PATH_NODES 32
+
+typedef struct {
+    uint8_t     client_id[CLIENT_ID_SIZE];
+    IP_Port     ip_port;
+    uint8_t     ping_id[ONION_PING_ID_SIZE];
+    uint8_t     data_public_key[crypto_box_PUBLICKEYBYTES];
+    uint8_t     is_stored;
+
+    uint64_t    timestamp;
+
+    uint64_t    last_pinged;
+
+    uint32_t    path_used;
+} Onion_Node;
+
+typedef struct {
+    Onion_Path paths[NUMBER_ONION_PATHS];
+    uint64_t last_path_success[NUMBER_ONION_PATHS];
+    uint64_t path_creation_time[NUMBER_ONION_PATHS];
+} Onion_Client_Paths;
+
+typedef struct {
+    uint8_t     client_id[CLIENT_ID_SIZE];
+    uint64_t    timestamp;
+} Last_Pinged;
+
+typedef struct {
+    uint8_t status; /* 0 if friend is not valid, 1 if friend is valid.*/
+    uint8_t is_online; /* Set by the onion_set_friend_status function. */
+
+    uint8_t is_fake_clientid; /* 0 if we don't know the fake client id of the other 1 if we do. */
+    uint64_t fake_client_id_timestamp;
+    uint8_t fake_client_id[crypto_box_PUBLICKEYBYTES];
+    uint8_t real_client_id[crypto_box_PUBLICKEYBYTES];
+
+    Onion_Node clients_list[MAX_ONION_CLIENTS];
+    uint8_t temp_public_key[crypto_box_PUBLICKEYBYTES];
+    uint8_t temp_secret_key[crypto_box_SECRETKEYBYTES];
+
+    uint64_t last_fakeid_onion_sent;
+    uint64_t last_fakeid_dht_sent;
+
+    uint64_t last_noreplay;
+
+    uint64_t last_seen;
+
+    Onion_Client_Paths onion_paths;
+
+    Last_Pinged last_pinged[MAX_STORED_PINGED_NODES];
+    uint8_t last_pinged_index;
+
+    int (*tcp_relay_node_callback)(void *object, uint32_t number, IP_Port ip_port, const uint8_t *public_key);
+    void *tcp_relay_node_callback_object;
+    uint32_t tcp_relay_node_callback_number;
+
+    uint32_t run_count;
+} Onion_Friend;
+
+typedef int (*oniondata_handler_callback)(void *object, const uint8_t *source_pubkey, const uint8_t *data,
+        uint32_t len);
+
+typedef struct {
+    DHT     *dht;
+    Net_Crypto *c;
+    Networking_Core *net;
+    Onion_Friend    *friends_list;
+    uint16_t       num_friends;
+
+    Onion_Node clients_announce_list[MAX_ONION_CLIENTS];
+
+    Onion_Client_Paths onion_paths;
+
+    uint8_t secret_symmetric_key[crypto_box_KEYBYTES];
+    uint64_t last_run;
+
+    uint8_t temp_public_key[crypto_box_PUBLICKEYBYTES];
+    uint8_t temp_secret_key[crypto_box_SECRETKEYBYTES];
+
+    Last_Pinged last_pinged[MAX_STORED_PINGED_NODES];
+
+    Node_format path_nodes[MAX_PATH_NODES];
+    uint16_t path_nodes_index;
+
+    Ping_Array announce_ping_array;
+    uint8_t last_pinged_index;
+    struct {
+        oniondata_handler_callback function;
+        void *object;
+    } Onion_Data_Handlers[256];
+} Onion_Client;
+
+
+/* Add a node to the path_nodes array.
+ *
+ * return -1 on failure
+ * return 0 on success
+ */
+int onion_add_path_node(Onion_Client *onion_c, IP_Port ip_port, const uint8_t *client_id);
+
+/* Put up to max_num nodes in nodes.
+ *
+ * return the number of nodes.
+ */
+uint16_t onion_backup_nodes(const Onion_Client *onion_c, Node_format *nodes, uint16_t max_num);
+
+/* Add a friend who we want to connect to.
+ *
+ * return -1 on failure.
+ * return the friend number on success or if the friend was already added.
+ */
+int onion_friend_num(const Onion_Client *onion_c, const uint8_t *client_id);
+
+/* Add a friend who we want to connect to.
+ *
+ * return -1 on failure.
+ * return the friend number on success.
+ */
+int onion_addfriend(Onion_Client *onion_c, const uint8_t *client_id);
+
+/* Delete a friend.
+ *
+ * return -1 on failure.
+ * return the deleted friend number on success.
+ */
+int onion_delfriend(Onion_Client *onion_c, int friend_num);
+
+/* Set if friend is online or not.
+ * NOTE: This function is there and should be used so that we don't send useless packets to the friend if he is online.
+ *
+ * is_online 1 means friend is online.
+ * is_online 0 means friend is offline
+ *
+ * return -1 on failure.
+ * return 0 on success.
+ */
+int onion_set_friend_online(Onion_Client *onion_c, int friend_num, uint8_t is_online);
+
+/* Get the ip of friend friendnum and put it in ip_port
+ *
+ *  return -1, -- if client_id does NOT refer to a friend
+ *  return  0, -- if client_id refers to a friend and we failed to find the friend (yet)
+ *  return  1, ip if client_id refers to a friend and we found him
+ *
+ */
+int onion_getfriendip(const Onion_Client *onion_c, int friend_num, IP_Port *ip_port);
+
+/* Set the function for this friend that will be callbacked with object and number
+ * when that friends gives us one of the TCP relays he is connected to.
+ *
+ * object and number will be passed as argument to this function.
+ *
+ * return -1 on failure.
+ * return 0 on success.
+ */
+int recv_tcp_relay_handler(Onion_Client *onion_c, int friend_num, int (*tcp_relay_node_callback)(void *object,
+                           uint32_t number, IP_Port ip_port, const uint8_t *public_key), void *object, uint32_t number);
+
+/* Set a friends DHT public key.
+ * timestamp is the time (current_time_monotonic()) at which the key was last confirmed belonging to
+ * the other peer.
+ *
+ * return -1 on failure.
+ * return 0 on success.
+ */
+int onion_set_friend_DHT_pubkey(Onion_Client *onion_c, int friend_num, const uint8_t *dht_key, uint64_t timestamp);
+
+/* Copy friends DHT public key into dht_key.
+ *
+ * return 0 on failure (no key copied).
+ * return timestamp on success (key copied).
+ */
+uint64_t onion_getfriend_DHT_pubkey(const Onion_Client *onion_c, int friend_num, uint8_t *dht_key);
+
+#define ONION_DATA_IN_RESPONSE_MIN_SIZE (crypto_box_PUBLICKEYBYTES + crypto_box_MACBYTES)
+#define ONION_CLIENT_MAX_DATA_SIZE (MAX_DATA_REQUEST_SIZE - ONION_DATA_IN_RESPONSE_MIN_SIZE)
+
+/* Send data of length length to friendnum.
+ * Maximum length of data is ONION_CLIENT_MAX_DATA_SIZE.
+ * This data will be received by the friend using the Onion_Data_Handlers callbacks.
+ *
+ * Even if this function succeeds, the friend might not receive any data.
+ *
+ * return the number of packets sent on success
+ * return -1 on failure.
+ */
+int send_onion_data(const Onion_Client *onion_c, int friend_num, const uint8_t *data, uint32_t length);
+
+/* Function to call when onion data packet with contents beginning with byte is received. */
+void oniondata_registerhandler(Onion_Client *onion_c, uint8_t byte, oniondata_handler_callback cb, void *object);
+
+void do_onion_client(Onion_Client *onion_c);
+
+Onion_Client *new_onion_client(Net_Crypto *c);
+
+void kill_onion_client(Onion_Client *onion_c);
+
+
+/*  return 0 if we are not connected to the network.
+ *  return 1 if we are.
+ */
+int onion_isconnected(const Onion_Client *onion_c);
+
+#endif

data/ProjectTox-Core/toxcore/ping.c

@@ -0,0 +1,346 @@
+/*
+ * ping.c -- Buffered pinging using cyclic arrays.
+ *
+ * This file is donated to the Tox Project.
+ * Copyright 2013  plutooo
+ *
+ *  Copyright (C) 2013 Tox project All Rights Reserved.
+ *
+ *  This file is part of Tox.
+ *
+ *  Tox is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation, either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  Tox is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with Tox.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include <stdint.h>
+
+#include "DHT.h"
+#include "ping.h"
+
+#include "network.h"
+#include "util.h"
+#include "ping_array.h"
+
+#define PING_NUM_MAX 512
+
+/* Maximum newly announced nodes to ping per TIME_TO_PING seconds. */
+#define MAX_TO_PING 16
+
+/* Ping newly announced nodes to ping per TIME_TO_PING seconds*/
+#define TIME_TO_PING 4
+
+
+struct PING {
+    DHT *dht;
+
+    Ping_Array  ping_array;
+    Node_format to_ping[MAX_TO_PING];
+    uint64_t    last_to_ping;
+};
+
+
+#define PING_PLAIN_SIZE (1 + sizeof(uint64_t))
+#define DHT_PING_SIZE (1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES + PING_PLAIN_SIZE + crypto_box_MACBYTES)
+#define PING_DATA_SIZE (CLIENT_ID_SIZE + sizeof(IP_Port))
+
+int send_ping_request(PING *ping, IP_Port ipp, const uint8_t *client_id)
+{
+    uint8_t   pk[DHT_PING_SIZE];
+    int       rc;
+    uint64_t  ping_id;
+
+    if (id_equal(client_id, ping->dht->self_public_key))
+        return 1;
+
+    uint8_t shared_key[crypto_box_BEFORENMBYTES];
+
+    // generate key to encrypt ping_id with recipient privkey
+    DHT_get_shared_key_sent(ping->dht, shared_key, client_id);
+    // Generate random ping_id.
+    uint8_t data[PING_DATA_SIZE];
+    id_copy(data, client_id);
+    memcpy(data + CLIENT_ID_SIZE, &ipp, sizeof(IP_Port));
+    ping_id = ping_array_add(&ping->ping_array, data, sizeof(data));
+
+    if (ping_id == 0)
+        return 1;
+
+    uint8_t ping_plain[PING_PLAIN_SIZE];
+    ping_plain[0] = NET_PACKET_PING_REQUEST;
+    memcpy(ping_plain + 1, &ping_id, sizeof(ping_id));
+
+    pk[0] = NET_PACKET_PING_REQUEST;
+    id_copy(pk + 1, ping->dht->self_public_key);     // Our pubkey
+    new_nonce(pk + 1 + CLIENT_ID_SIZE); // Generate new nonce
+
+
+    rc = encrypt_data_symmetric(shared_key,
+                                pk + 1 + CLIENT_ID_SIZE,
+                                ping_plain, sizeof(ping_plain),
+                                pk + 1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES);
+
+    if (rc != PING_PLAIN_SIZE + crypto_box_MACBYTES)
+        return 1;
+
+    return sendpacket(ping->dht->net, ipp, pk, sizeof(pk));
+}
+
+static int send_ping_response(PING *ping, IP_Port ipp, const uint8_t *client_id, uint64_t ping_id,
+                              uint8_t *shared_encryption_key)
+{
+    uint8_t   pk[DHT_PING_SIZE];
+    int       rc;
+
+    if (id_equal(client_id, ping->dht->self_public_key))
+        return 1;
+
+    uint8_t ping_plain[PING_PLAIN_SIZE];
+    ping_plain[0] = NET_PACKET_PING_RESPONSE;
+    memcpy(ping_plain + 1, &ping_id, sizeof(ping_id));
+
+    pk[0] = NET_PACKET_PING_RESPONSE;
+    id_copy(pk + 1, ping->dht->self_public_key);     // Our pubkey
+    new_nonce(pk + 1 + CLIENT_ID_SIZE); // Generate new nonce
+
+    // Encrypt ping_id using recipient privkey
+    rc = encrypt_data_symmetric(shared_encryption_key,
+                                pk + 1 + CLIENT_ID_SIZE,
+                                ping_plain, sizeof(ping_plain),
+                                pk + 1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES );
+
+    if (rc != PING_PLAIN_SIZE + crypto_box_MACBYTES)
+        return 1;
+
+    return sendpacket(ping->dht->net, ipp, pk, sizeof(pk));
+}
+
+static int handle_ping_request(void *_dht, IP_Port source, const uint8_t *packet, uint32_t length)
+{
+    DHT       *dht = _dht;
+    int        rc;
+
+    if (length != DHT_PING_SIZE)
+        return 1;
+
+    PING *ping = dht->ping;
+
+    if (id_equal(packet + 1, ping->dht->self_public_key))
+        return 1;
+
+    uint8_t shared_key[crypto_box_BEFORENMBYTES];
+
+    uint8_t ping_plain[PING_PLAIN_SIZE];
+    // Decrypt ping_id
+    DHT_get_shared_key_recv(dht, shared_key, packet + 1);
+    rc = decrypt_data_symmetric(shared_key,
+                                packet + 1 + CLIENT_ID_SIZE,
+                                packet + 1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES,
+                                PING_PLAIN_SIZE + crypto_box_MACBYTES,
+                                ping_plain );
+
+    if (rc != sizeof(ping_plain))
+        return 1;
+
+    if (ping_plain[0] != NET_PACKET_PING_REQUEST)
+        return 1;
+
+    uint64_t   ping_id;
+    memcpy(&ping_id, ping_plain + 1, sizeof(ping_id));
+    // Send response
+    send_ping_response(ping, source, packet + 1, ping_id, shared_key);
+    add_to_ping(ping, packet + 1, source);
+
+    return 0;
+}
+
+static int handle_ping_response(void *_dht, IP_Port source, const uint8_t *packet, uint32_t length)
+{
+    DHT      *dht = _dht;
+    int       rc;
+
+    if (length != DHT_PING_SIZE)
+        return 1;
+
+    PING *ping = dht->ping;
+
+    if (id_equal(packet + 1, ping->dht->self_public_key))
+        return 1;
+
+    uint8_t shared_key[crypto_box_BEFORENMBYTES];
+
+    // generate key to encrypt ping_id with recipient privkey
+    DHT_get_shared_key_sent(ping->dht, shared_key, packet + 1);
+
+    uint8_t ping_plain[PING_PLAIN_SIZE];
+    // Decrypt ping_id
+    rc = decrypt_data_symmetric(shared_key,
+                                packet + 1 + CLIENT_ID_SIZE,
+                                packet + 1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES,
+                                PING_PLAIN_SIZE + crypto_box_MACBYTES,
+                                ping_plain);
+
+    if (rc != sizeof(ping_plain))
+        return 1;
+
+    if (ping_plain[0] != NET_PACKET_PING_RESPONSE)
+        return 1;
+
+    uint64_t   ping_id;
+    memcpy(&ping_id, ping_plain + 1, sizeof(ping_id));
+    uint8_t data[PING_DATA_SIZE];
+
+    if (ping_array_check(data, sizeof(data), &ping->ping_array, ping_id) != sizeof(data))
+        return 1;
+
+    if (!id_equal(packet + 1, data))
+        return 1;
+
+    IP_Port ipp;
+    memcpy(&ipp, data + CLIENT_ID_SIZE, sizeof(IP_Port));
+
+    if (!ipport_equal(&ipp, &source))
+        return 1;
+
+    addto_lists(dht, source, packet + 1);
+    return 0;
+}
+
+/* Check if client_id with ip_port is in the list.
+ *
+ * return 1 if it is.
+ * return 0 if it isn't.
+ */
+static int in_list(const Client_data *list, uint32_t length, const uint8_t *client_id, IP_Port ip_port)
+{
+    uint32_t i;
+
+    for (i = 0; i < length; ++i) {
+        if (id_equal(list[i].client_id, client_id)) {
+            const IPPTsPng *ipptp;
+
+            if (ip_port.ip.family == AF_INET) {
+                ipptp = &list[i].assoc4;
+            } else {
+                ipptp = &list[i].assoc6;
+            }
+
+            if (!is_timeout(ipptp->timestamp, BAD_NODE_TIMEOUT) && ipport_equal(&ipptp->ip_port, &ip_port))
+                return 1;
+        }
+    }
+
+    return 0;
+}
+
+/* Add nodes to the to_ping list.
+ * All nodes in this list are pinged every TIME_TO_PING seconds
+ * and are then removed from the list.
+ * If the list is full the nodes farthest from our client_id are replaced.
+ * The purpose of this list is to enable quick integration of new nodes into the
+ * network while preventing amplification attacks.
+ *
+ *  return 0 if node was added.
+ *  return -1 if node was not added.
+ */
+int add_to_ping(PING *ping, const uint8_t *client_id, IP_Port ip_port)
+{
+    if (!ip_isset(&ip_port.ip))
+        return -1;
+
+    if (in_list(ping->dht->close_clientlist, LCLIENT_LIST, client_id, ip_port))
+        return -1;
+
+    uint32_t i;
+
+    for (i = 0; i < MAX_TO_PING; ++i) {
+        if (!ip_isset(&ping->to_ping[i].ip_port.ip)) {
+            memcpy(ping->to_ping[i].client_id, client_id, CLIENT_ID_SIZE);
+            ipport_copy(&ping->to_ping[i].ip_port, &ip_port);
+            return 0;
+        }
+
+        if (memcmp(ping->to_ping[i].client_id, client_id, CLIENT_ID_SIZE) == 0) {
+            return -1;
+        }
+    }
+
+    uint32_t r = rand();
+
+    for (i = 0; i < MAX_TO_PING; ++i) {
+        if (id_closest(ping->dht->self_public_key, ping->to_ping[(i + r) % MAX_TO_PING].client_id, client_id) == 2) {
+            memcpy(ping->to_ping[(i + r) % MAX_TO_PING].client_id, client_id, CLIENT_ID_SIZE);
+            ipport_copy(&ping->to_ping[(i + r) % MAX_TO_PING].ip_port, &ip_port);
+            return 0;
+        }
+    }
+
+    return -1;
+}
+
+
+/* Ping all the valid nodes in the to_ping list every TIME_TO_PING seconds.
+ * This function must be run at least once every TIME_TO_PING seconds.
+ */
+void do_to_ping(PING *ping)
+{
+    if (!is_timeout(ping->last_to_ping, TIME_TO_PING))
+        return;
+
+    if (!ip_isset(&ping->to_ping[0].ip_port.ip))
+        return;
+
+    ping->last_to_ping = unix_time();
+    uint32_t i;
+
+    for (i = 0; i < MAX_TO_PING; ++i) {
+        if (!ip_isset(&ping->to_ping[i].ip_port.ip))
+            return;
+
+        send_ping_request(ping, ping->to_ping[i].ip_port, ping->to_ping[i].client_id);
+        ip_reset(&ping->to_ping[i].ip_port.ip);
+    }
+}
+
+
+PING *new_ping(DHT *dht)
+{
+    PING *ping = calloc(1, sizeof(PING));
+
+    if (ping == NULL)
+        return NULL;
+
+    if (ping_array_init(&ping->ping_array, PING_NUM_MAX, PING_TIMEOUT) != 0) {
+        free(ping);
+        return NULL;
+    }
+
+    ping->dht = dht;
+    networking_registerhandler(ping->dht->net, NET_PACKET_PING_REQUEST, &handle_ping_request, dht);
+    networking_registerhandler(ping->dht->net, NET_PACKET_PING_RESPONSE, &handle_ping_response, dht);
+
+    return ping;
+}
+
+void kill_ping(PING *ping)
+{
+    networking_registerhandler(ping->dht->net, NET_PACKET_PING_REQUEST, NULL, NULL);
+    networking_registerhandler(ping->dht->net, NET_PACKET_PING_RESPONSE, NULL, NULL);
+    ping_array_free_all(&ping->ping_array);
+
+    free(ping);
+}