Coverage Report

Created: 2025-04-04 10:29

/src/c-toxcore/toxcore/onion.c
Line
Count
Source (jump to first uncovered line)
1
/* SPDX-License-Identifier: GPL-3.0-or-later
2
 * Copyright © 2016-2025 The TokTok team.
3
 * Copyright © 2013 Tox project.
4
 */
5
6
/**
7
 * Implementation of the onion part of docs/Prevent_Tracking.txt
8
 */
9
#include "onion.h"
10
11
#include <assert.h>
12
#include <string.h>
13
14
#include "DHT.h"
15
#include "attributes.h"
16
#include "ccompat.h"
17
#include "crypto_core.h"
18
#include "logger.h"
19
#include "mem.h"
20
#include "mono_time.h"
21
#include "network.h"
22
#include "shared_key_cache.h"
23
#include "util.h"
24
25
0
#define RETURN_1 ONION_RETURN_1
26
0
#define RETURN_2 ONION_RETURN_2
27
0
#define RETURN_3 ONION_RETURN_3
28
29
0
#define SEND_BASE ONION_SEND_BASE
30
0
#define SEND_3 ONION_SEND_3
31
0
#define SEND_2 ONION_SEND_2
32
0
#define SEND_1 ONION_SEND_1
33
34
0
#define KEY_REFRESH_INTERVAL (2 * 60 * 60)
35
36
// Settings for the shared key cache
37
5.34k
#define MAX_KEYS_PER_SLOT 4
38
5.34k
#define KEYS_TIMEOUT 600
39
40
/** Change symmetric keys every 2 hours to make paths expire eventually. */
41
non_null()
42
static void change_symmetric_key(Onion *onion)
43
0
{
44
0
    if (mono_time_is_timeout(onion->mono_time, onion->timestamp, KEY_REFRESH_INTERVAL)) {
45
0
        new_symmetric_key(onion->rng, onion->secret_symmetric_key);
46
0
        onion->timestamp = mono_time_get(onion->mono_time);
47
0
    }
48
0
}
49
50
/** packing and unpacking functions */
51
non_null()
52
static void ip_pack_to_bytes(uint8_t *data, const IP *source)
53
0
{
54
0
    data[0] = source->family.value;
55
56
0
    if (net_family_is_ipv4(source->family) || net_family_is_tox_tcp_ipv4(source->family)) {
57
0
        memzero(data + 1, SIZE_IP6);
58
0
        memcpy(data + 1, source->ip.v4.uint8, SIZE_IP4);
59
0
    } else {
60
0
        memcpy(data + 1, source->ip.v6.uint8, SIZE_IP6);
61
0
    }
62
0
}
63
64
/** return 0 on success, -1 on failure. */
65
non_null()
66
static int ip_unpack_from_bytes(IP *target, const uint8_t *data, unsigned int data_size, bool disable_family_check)
67
0
{
68
0
    if (data_size < (1 + SIZE_IP6)) {
69
0
        return -1;
70
0
    }
71
72
    // TODO(iphydf): Validate input.
73
0
    target->family.value = data[0];
74
75
0
    if (net_family_is_ipv4(target->family) || net_family_is_tox_tcp_ipv4(target->family)) {
76
0
        memcpy(target->ip.v4.uint8, data + 1, SIZE_IP4);
77
0
    } else {
78
0
        memcpy(target->ip.v6.uint8, data + 1, SIZE_IP6);
79
0
    }
80
81
0
    const bool valid = disable_family_check ||
82
0
                       net_family_is_ipv4(target->family) ||
83
0
                       net_family_is_ipv6(target->family);
84
85
0
    return valid ? 0 : -1;
86
0
}
87
88
non_null()
89
static void ipport_pack(uint8_t *data, const IP_Port *source)
90
0
{
91
0
    ip_pack_to_bytes(data, &source->ip);
92
0
    memcpy(data + SIZE_IP, &source->port, SIZE_PORT);
93
0
}
94
95
/** return 0 on success, -1 on failure. */
96
non_null()
97
static int ipport_unpack(IP_Port *target, const uint8_t *data, unsigned int data_size, bool disable_family_check)
98
0
{
99
0
    if (data_size < (SIZE_IP + SIZE_PORT)) {
100
0
        return -1;
101
0
    }
102
103
0
    if (ip_unpack_from_bytes(&target->ip, data, data_size, disable_family_check) == -1) {
104
0
        return -1;
105
0
    }
106
107
0
    memcpy(&target->port, data + SIZE_IP, SIZE_PORT);
108
0
    return 0;
109
0
}
110
111
/** @brief Create a new onion path.
112
 *
113
 * Create a new onion path out of nodes (nodes is a list of ONION_PATH_LENGTH nodes)
114
 *
115
 * new_path must be an empty memory location of at least Onion_Path size.
116
 *
117
 * return -1 on failure.
118
 * return 0 on success.
119
 */
120
int create_onion_path(const Random *rng, const DHT *dht, Onion_Path *new_path, const Node_format *nodes)
121
0
{
122
0
    if (new_path == nullptr || nodes == nullptr) {
123
0
        return -1;
124
0
    }
125
126
0
    encrypt_precompute(nodes[0].public_key, dht_get_self_secret_key(dht), new_path->shared_key1);
127
0
    memcpy(new_path->public_key1, dht_get_self_public_key(dht), CRYPTO_PUBLIC_KEY_SIZE);
128
129
0
    uint8_t random_public_key[CRYPTO_PUBLIC_KEY_SIZE];
130
0
    uint8_t random_secret_key[CRYPTO_SECRET_KEY_SIZE];
131
132
0
    crypto_new_keypair(rng, random_public_key, random_secret_key);
133
0
    encrypt_precompute(nodes[1].public_key, random_secret_key, new_path->shared_key2);
134
0
    memcpy(new_path->public_key2, random_public_key, CRYPTO_PUBLIC_KEY_SIZE);
135
136
0
    crypto_new_keypair(rng, random_public_key, random_secret_key);
137
0
    encrypt_precompute(nodes[2].public_key, random_secret_key, new_path->shared_key3);
138
0
    memcpy(new_path->public_key3, random_public_key, CRYPTO_PUBLIC_KEY_SIZE);
139
140
0
    crypto_memzero(random_secret_key, sizeof(random_secret_key));
141
142
0
    new_path->ip_port1 = nodes[0].ip_port;
143
0
    new_path->ip_port2 = nodes[1].ip_port;
144
0
    new_path->ip_port3 = nodes[2].ip_port;
145
146
0
    memcpy(new_path->node_public_key1, nodes[0].public_key, CRYPTO_PUBLIC_KEY_SIZE);
147
0
    memcpy(new_path->node_public_key2, nodes[1].public_key, CRYPTO_PUBLIC_KEY_SIZE);
148
0
    memcpy(new_path->node_public_key3, nodes[2].public_key, CRYPTO_PUBLIC_KEY_SIZE);
149
150
0
    return 0;
151
0
}
152
153
/** @brief Dump nodes in onion path to nodes of length num_nodes.
154
 *
155
 * return -1 on failure.
156
 * return 0 on success.
157
 */
158
int onion_path_to_nodes(Node_format *nodes, unsigned int num_nodes, const Onion_Path *path)
159
0
{
160
0
    if (num_nodes < ONION_PATH_LENGTH) {
161
0
        return -1;
162
0
    }
163
164
0
    nodes[0].ip_port = path->ip_port1;
165
0
    nodes[1].ip_port = path->ip_port2;
166
0
    nodes[2].ip_port = path->ip_port3;
167
168
0
    memcpy(nodes[0].public_key, path->node_public_key1, CRYPTO_PUBLIC_KEY_SIZE);
169
0
    memcpy(nodes[1].public_key, path->node_public_key2, CRYPTO_PUBLIC_KEY_SIZE);
170
0
    memcpy(nodes[2].public_key, path->node_public_key3, CRYPTO_PUBLIC_KEY_SIZE);
171
0
    return 0;
172
0
}
173
174
/** @brief Create a onion packet.
175
 *
176
 * Use Onion_Path path to create packet for data of length to dest.
177
 * Maximum length of data is ONION_MAX_DATA_SIZE.
178
 * packet should be at least ONION_MAX_PACKET_SIZE big.
179
 *
180
 * return -1 on failure.
181
 * return length of created packet on success.
182
 */
183
int create_onion_packet(const Memory *mem, const Random *rng, uint8_t *packet, uint16_t max_packet_length,
184
                        const Onion_Path *path, const IP_Port *dest,
185
                        const uint8_t *data, uint16_t length)
186
0
{
187
0
    if (1 + length + SEND_1 > max_packet_length || length == 0) {
188
0
        return -1;
189
0
    }
190
191
0
    const uint16_t step1_size = SIZE_IPPORT + length;
192
0
    VLA(uint8_t, step1, step1_size);
193
194
0
    ipport_pack(step1, dest);
195
0
    memcpy(step1 + SIZE_IPPORT, data, length);
196
197
0
    uint8_t nonce[CRYPTO_NONCE_SIZE];
198
0
    random_nonce(rng, nonce);
199
200
0
    const uint16_t step2_size = SIZE_IPPORT + SEND_BASE + length;
201
0
    VLA(uint8_t, step2, step2_size);
202
0
    ipport_pack(step2, &path->ip_port3);
203
0
    memcpy(step2 + SIZE_IPPORT, path->public_key3, CRYPTO_PUBLIC_KEY_SIZE);
204
205
0
    int len = encrypt_data_symmetric(mem, path->shared_key3, nonce, step1, step1_size,
206
0
                                     step2 + SIZE_IPPORT + CRYPTO_PUBLIC_KEY_SIZE);
207
208
0
    if (len != SIZE_IPPORT + length + CRYPTO_MAC_SIZE) {
209
0
        return -1;
210
0
    }
211
212
0
    const uint16_t step3_size = SIZE_IPPORT + SEND_BASE * 2 + length;
213
0
    VLA(uint8_t, step3, step3_size);
214
0
    ipport_pack(step3, &path->ip_port2);
215
0
    memcpy(step3 + SIZE_IPPORT, path->public_key2, CRYPTO_PUBLIC_KEY_SIZE);
216
0
    len = encrypt_data_symmetric(mem, path->shared_key2, nonce, step2, step2_size,
217
0
                                 step3 + SIZE_IPPORT + CRYPTO_PUBLIC_KEY_SIZE);
218
219
0
    if (len != SIZE_IPPORT + SEND_BASE + length + CRYPTO_MAC_SIZE) {
220
0
        return -1;
221
0
    }
222
223
0
    packet[0] = NET_PACKET_ONION_SEND_INITIAL;
224
0
    memcpy(packet + 1, nonce, CRYPTO_NONCE_SIZE);
225
0
    memcpy(packet + 1 + CRYPTO_NONCE_SIZE, path->public_key1, CRYPTO_PUBLIC_KEY_SIZE);
226
227
0
    len = encrypt_data_symmetric(mem, path->shared_key1, nonce, step3, step3_size,
228
0
                                 packet + 1 + CRYPTO_NONCE_SIZE + CRYPTO_PUBLIC_KEY_SIZE);
229
230
0
    if (len != SIZE_IPPORT + SEND_BASE * 2 + length + CRYPTO_MAC_SIZE) {
231
0
        return -1;
232
0
    }
233
234
0
    return 1 + CRYPTO_NONCE_SIZE + CRYPTO_PUBLIC_KEY_SIZE + len;
235
0
}
236
237
/** @brief Create a onion packet to be sent over tcp.
238
 *
239
 * Use Onion_Path path to create packet for data of length to dest.
240
 * Maximum length of data is ONION_MAX_DATA_SIZE.
241
 * packet should be at least ONION_MAX_PACKET_SIZE big.
242
 *
243
 * return -1 on failure.
244
 * return length of created packet on success.
245
 */
246
int create_onion_packet_tcp(const Memory *mem, const Random *rng, uint8_t *packet, uint16_t max_packet_length,
247
                            const Onion_Path *path, const IP_Port *dest,
248
                            const uint8_t *data, uint16_t length)
249
0
{
250
0
    if (CRYPTO_NONCE_SIZE + SIZE_IPPORT + SEND_BASE * 2 + length > max_packet_length || length == 0) {
251
0
        return -1;
252
0
    }
253
254
0
    const uint16_t step1_size = SIZE_IPPORT + length;
255
0
    VLA(uint8_t, step1, step1_size);
256
257
0
    ipport_pack(step1, dest);
258
0
    memcpy(step1 + SIZE_IPPORT, data, length);
259
260
0
    uint8_t nonce[CRYPTO_NONCE_SIZE];
261
0
    random_nonce(rng, nonce);
262
263
0
    const uint16_t step2_size = SIZE_IPPORT + SEND_BASE + length;
264
0
    VLA(uint8_t, step2, step2_size);
265
0
    ipport_pack(step2, &path->ip_port3);
266
0
    memcpy(step2 + SIZE_IPPORT, path->public_key3, CRYPTO_PUBLIC_KEY_SIZE);
267
268
0
    int len = encrypt_data_symmetric(mem, path->shared_key3, nonce, step1, step1_size,
269
0
                                     step2 + SIZE_IPPORT + CRYPTO_PUBLIC_KEY_SIZE);
270
271
0
    if (len != SIZE_IPPORT + length + CRYPTO_MAC_SIZE) {
272
0
        return -1;
273
0
    }
274
275
0
    ipport_pack(packet + CRYPTO_NONCE_SIZE, &path->ip_port2);
276
0
    memcpy(packet + CRYPTO_NONCE_SIZE + SIZE_IPPORT, path->public_key2, CRYPTO_PUBLIC_KEY_SIZE);
277
0
    len = encrypt_data_symmetric(mem, path->shared_key2, nonce, step2, step2_size,
278
0
                                 packet + CRYPTO_NONCE_SIZE + SIZE_IPPORT + CRYPTO_PUBLIC_KEY_SIZE);
279
280
0
    if (len != SIZE_IPPORT + SEND_BASE + length + CRYPTO_MAC_SIZE) {
281
0
        return -1;
282
0
    }
283
284
0
    memcpy(packet, nonce, CRYPTO_NONCE_SIZE);
285
286
0
    return CRYPTO_NONCE_SIZE + SIZE_IPPORT + CRYPTO_PUBLIC_KEY_SIZE + len;
287
0
}
288
289
/** @brief Create and send a onion response sent initially to dest with.
290
 * Maximum length of data is ONION_RESPONSE_MAX_DATA_SIZE.
291
 *
292
 * return -1 on failure.
293
 * return 0 on success.
294
 */
295
int send_onion_response(const Logger *log, const Networking_Core *net,
296
                        const IP_Port *dest, const uint8_t *data, uint16_t length,
297
                        const uint8_t *ret)
298
0
{
299
0
    if (length > ONION_RESPONSE_MAX_DATA_SIZE || length == 0) {
300
0
        return -1;
301
0
    }
302
303
0
    const uint16_t packet_size = 1 + RETURN_3 + length;
304
0
    VLA(uint8_t, packet, packet_size);
305
0
    packet[0] = NET_PACKET_ONION_RECV_3;
306
0
    memcpy(packet + 1, ret, RETURN_3);
307
0
    memcpy(packet + 1 + RETURN_3, data, length);
308
309
0
    if ((uint16_t)sendpacket(net, dest, packet, packet_size) != packet_size) {
310
0
        return -1;
311
0
    }
312
313
0
    Ip_Ntoa ip_str;
314
0
    LOGGER_TRACE(log, "forwarded onion RECV_3 to %s:%d (%02x in %02x, %d bytes)",
315
0
                 net_ip_ntoa(&dest->ip, &ip_str), net_ntohs(dest->port), data[0], packet[0], packet_size);
316
0
    return 0;
317
0
}
318
319
non_null()
320
static int handle_send_initial(void *object, const IP_Port *source, const uint8_t *packet, uint16_t length,
321
                               void *userdata)
322
0
{
323
0
    Onion *onion = (Onion *)object;
324
325
0
    if (length > ONION_MAX_PACKET_SIZE) {
326
0
        LOGGER_TRACE(onion->log, "invalid initial onion packet length: %u (max: %u)",
327
0
                     length, ONION_MAX_PACKET_SIZE);
328
0
        return 1;
329
0
    }
330
331
0
    if (length <= 1 + SEND_1) {
332
0
        LOGGER_TRACE(onion->log, "initial onion packet cannot contain SEND_1 packet: %u <= %u",
333
0
                     length, 1 + SEND_1);
334
0
        return 1;
335
0
    }
336
337
0
    change_symmetric_key(onion);
338
339
0
    const int nonce_start = 1;
340
0
    const int public_key_start = nonce_start + CRYPTO_NONCE_SIZE;
341
0
    const int ciphertext_start = public_key_start + CRYPTO_PUBLIC_KEY_SIZE;
342
343
0
    const int ciphertext_length = length - ciphertext_start;
344
0
    const int plaintext_length = ciphertext_length - CRYPTO_MAC_SIZE;
345
346
0
    uint8_t plain[ONION_MAX_PACKET_SIZE];
347
0
    const uint8_t *public_key = &packet[public_key_start];
348
0
    const uint8_t *shared_key = shared_key_cache_lookup(onion->shared_keys_1, public_key);
349
350
0
    if (shared_key == nullptr) {
351
        /* Error looking up/deriving the shared key */
352
0
        LOGGER_TRACE(onion->log, "shared onion key lookup failed for pk %02x%02x...",
353
0
                     public_key[0], public_key[1]);
354
0
        return 1;
355
0
    }
356
357
0
    const int len = decrypt_data_symmetric(
358
0
                        onion->mem, shared_key, &packet[nonce_start], &packet[ciphertext_start], ciphertext_length, plain);
359
360
0
    if (len != plaintext_length) {
361
0
        LOGGER_TRACE(onion->log, "decrypt failed: %d != %d", len, plaintext_length);
362
0
        return 1;
363
0
    }
364
365
0
    return onion_send_1(onion, plain, len, source, packet + 1);
366
0
}
367
368
int onion_send_1(const Onion *onion, const uint8_t *plain, uint16_t len, const IP_Port *source, const uint8_t *nonce)
369
0
{
370
0
    const uint16_t max_len = ONION_MAX_PACKET_SIZE + SIZE_IPPORT - (1 + CRYPTO_NONCE_SIZE + ONION_RETURN_1);
371
0
    if (len > max_len) {
372
0
        LOGGER_TRACE(onion->log, "invalid SEND_1 length: %d > %d", len, max_len);
373
0
        return 1;
374
0
    }
375
376
0
    if (len <= SIZE_IPPORT + SEND_BASE * 2) {
377
0
        return 1;
378
0
    }
379
380
0
    IP_Port send_to;
381
382
0
    if (ipport_unpack(&send_to, plain, len, false) == -1) {
383
0
        return 1;
384
0
    }
385
386
0
    uint8_t ip_port[SIZE_IPPORT];
387
0
    ipport_pack(ip_port, source);
388
389
0
    uint8_t data[ONION_MAX_PACKET_SIZE] = {0};
390
0
    data[0] = NET_PACKET_ONION_SEND_1;
391
0
    memcpy(data + 1, nonce, CRYPTO_NONCE_SIZE);
392
0
    memcpy(data + 1 + CRYPTO_NONCE_SIZE, plain + SIZE_IPPORT, len - SIZE_IPPORT);
393
0
    uint16_t data_len = 1 + CRYPTO_NONCE_SIZE + (len - SIZE_IPPORT);
394
0
    uint8_t *ret_part = data + data_len;
395
0
    random_nonce(onion->rng, ret_part);
396
0
    len = encrypt_data_symmetric(onion->mem, onion->secret_symmetric_key, ret_part, ip_port, SIZE_IPPORT,
397
0
                                 ret_part + CRYPTO_NONCE_SIZE);
398
399
0
    if (len != SIZE_IPPORT + CRYPTO_MAC_SIZE) {
400
0
        return 1;
401
0
    }
402
403
0
    data_len += CRYPTO_NONCE_SIZE + len;
404
405
0
    if ((uint32_t)sendpacket(onion->net, &send_to, data, data_len) != data_len) {
406
0
        return 1;
407
0
    }
408
409
0
    Ip_Ntoa ip_str;
410
0
    LOGGER_TRACE(onion->log, "forwarded onion packet to %s:%d, level 1 (%02x in %02x, %d bytes)",
411
0
                 net_ip_ntoa(&send_to.ip, &ip_str), net_ntohs(send_to.port), plain[0], data[0], data_len);
412
0
    return 0;
413
0
}
414
415
non_null()
416
static int handle_send_1(void *object, const IP_Port *source, const uint8_t *packet, uint16_t length, void *userdata)
417
0
{
418
0
    Onion *onion = (Onion *)object;
419
420
0
    if (length > ONION_MAX_PACKET_SIZE) {
421
0
        return 1;
422
0
    }
423
424
0
    if (length <= 1 + SEND_2) {
425
0
        return 1;
426
0
    }
427
428
0
    change_symmetric_key(onion);
429
430
0
    uint8_t plain[ONION_MAX_PACKET_SIZE];
431
0
    const uint8_t *public_key = packet + 1 + CRYPTO_NONCE_SIZE;
432
0
    const uint8_t *shared_key = shared_key_cache_lookup(onion->shared_keys_2, public_key);
433
434
0
    if (shared_key == nullptr) {
435
        /* Error looking up/deriving the shared key */
436
0
        return 1;
437
0
    }
438
439
0
    int len = decrypt_data_symmetric(onion->mem, shared_key, packet + 1, packet + 1 + CRYPTO_NONCE_SIZE + CRYPTO_PUBLIC_KEY_SIZE,
440
0
                                     length - (1 + CRYPTO_NONCE_SIZE + CRYPTO_PUBLIC_KEY_SIZE + RETURN_1), plain);
441
442
0
    if (len != length - (1 + CRYPTO_NONCE_SIZE + CRYPTO_PUBLIC_KEY_SIZE + RETURN_1 + CRYPTO_MAC_SIZE)) {
443
0
        return 1;
444
0
    }
445
446
0
    IP_Port send_to;
447
448
0
    if (ipport_unpack(&send_to, plain, len, false) == -1) {
449
0
        return 1;
450
0
    }
451
452
0
    uint8_t data[ONION_MAX_PACKET_SIZE] = {0};
453
0
    data[0] = NET_PACKET_ONION_SEND_2;
454
0
    memcpy(data + 1, packet + 1, CRYPTO_NONCE_SIZE);
455
0
    memcpy(data + 1 + CRYPTO_NONCE_SIZE, plain + SIZE_IPPORT, len - SIZE_IPPORT);
456
0
    uint16_t data_len = 1 + CRYPTO_NONCE_SIZE + (len - SIZE_IPPORT);
457
0
    uint8_t *ret_part = data + data_len;
458
0
    random_nonce(onion->rng, ret_part);
459
0
    uint8_t ret_data[RETURN_1 + SIZE_IPPORT];
460
0
    ipport_pack(ret_data, source);
461
0
    memcpy(ret_data + SIZE_IPPORT, packet + (length - RETURN_1), RETURN_1);
462
0
    len = encrypt_data_symmetric(onion->mem, onion->secret_symmetric_key, ret_part, ret_data, sizeof(ret_data),
463
0
                                 ret_part + CRYPTO_NONCE_SIZE);
464
465
0
    if (len != RETURN_2 - CRYPTO_NONCE_SIZE) {
466
0
        return 1;
467
0
    }
468
469
0
    data_len += CRYPTO_NONCE_SIZE + len;
470
471
0
    if ((uint32_t)sendpacket(onion->net, &send_to, data, data_len) != data_len) {
472
0
        return 1;
473
0
    }
474
475
0
    Ip_Ntoa ip_str;
476
0
    LOGGER_TRACE(onion->log, "forwarded onion packet to %s:%d, level 2 (%02x in %02x, %d bytes)",
477
0
                 net_ip_ntoa(&send_to.ip, &ip_str), net_ntohs(send_to.port), packet[0], data[0], data_len);
478
0
    return 0;
479
0
}
480
481
non_null()
482
static int handle_send_2(void *object, const IP_Port *source, const uint8_t *packet, uint16_t length, void *userdata)
483
0
{
484
0
    Onion *onion = (Onion *)object;
485
486
0
    if (length > ONION_MAX_PACKET_SIZE) {
487
0
        return 1;
488
0
    }
489
490
0
    if (length <= 1 + SEND_3) {
491
0
        return 1;
492
0
    }
493
494
0
    change_symmetric_key(onion);
495
496
0
    uint8_t plain[ONION_MAX_PACKET_SIZE];
497
0
    const uint8_t *public_key = packet + 1 + CRYPTO_NONCE_SIZE;
498
0
    const uint8_t *shared_key = shared_key_cache_lookup(onion->shared_keys_3, public_key);
499
500
0
    if (shared_key == nullptr) {
501
        /* Error looking up/deriving the shared key */
502
0
        return 1;
503
0
    }
504
505
0
    int len = decrypt_data_symmetric(onion->mem, shared_key, packet + 1, packet + 1 + CRYPTO_NONCE_SIZE + CRYPTO_PUBLIC_KEY_SIZE,
506
0
                                     length - (1 + CRYPTO_NONCE_SIZE + CRYPTO_PUBLIC_KEY_SIZE + RETURN_2), plain);
507
508
0
    if (len != length - (1 + CRYPTO_NONCE_SIZE + CRYPTO_PUBLIC_KEY_SIZE + RETURN_2 + CRYPTO_MAC_SIZE)) {
509
0
        return 1;
510
0
    }
511
512
0
    assert(len > SIZE_IPPORT);
513
514
0
    const uint8_t packet_id = plain[SIZE_IPPORT];
515
516
0
    if (packet_id != NET_PACKET_ANNOUNCE_REQUEST && packet_id != NET_PACKET_ANNOUNCE_REQUEST_OLD &&
517
0
            packet_id != NET_PACKET_ONION_DATA_REQUEST) {
518
0
        return 1;
519
0
    }
520
521
0
    IP_Port send_to;
522
523
0
    if (ipport_unpack(&send_to, plain, len, false) == -1) {
524
0
        return 1;
525
0
    }
526
527
0
    uint8_t data[ONION_MAX_PACKET_SIZE] = {0};
528
0
    memcpy(data, plain + SIZE_IPPORT, len - SIZE_IPPORT);
529
0
    uint16_t data_len = len - SIZE_IPPORT;
530
0
    uint8_t *ret_part = data + (len - SIZE_IPPORT);
531
0
    random_nonce(onion->rng, ret_part);
532
0
    uint8_t ret_data[RETURN_2 + SIZE_IPPORT];
533
0
    ipport_pack(ret_data, source);
534
0
    memcpy(ret_data + SIZE_IPPORT, packet + (length - RETURN_2), RETURN_2);
535
0
    len = encrypt_data_symmetric(onion->mem, onion->secret_symmetric_key, ret_part, ret_data, sizeof(ret_data),
536
0
                                 ret_part + CRYPTO_NONCE_SIZE);
537
538
0
    if (len != RETURN_3 - CRYPTO_NONCE_SIZE) {
539
0
        return 1;
540
0
    }
541
542
0
    data_len += RETURN_3;
543
544
0
    if ((uint32_t)sendpacket(onion->net, &send_to, data, data_len) != data_len) {
545
0
        return 1;
546
0
    }
547
548
0
    Ip_Ntoa ip_str;
549
0
    LOGGER_TRACE(onion->log, "forwarded onion packet to %s:%d, level 3 (%02x in %02x, %d bytes)",
550
0
                 net_ip_ntoa(&send_to.ip, &ip_str), net_ntohs(send_to.port), packet[0], data[0], data_len);
551
0
    return 0;
552
0
}
553
554
non_null()
555
static int handle_recv_3(void *object, const IP_Port *source, const uint8_t *packet, uint16_t length, void *userdata)
556
0
{
557
0
    Onion *onion = (Onion *)object;
558
559
0
    if (length > ONION_MAX_PACKET_SIZE) {
560
0
        return 1;
561
0
    }
562
563
0
    if (length <= 1 + RETURN_3) {
564
0
        return 1;
565
0
    }
566
567
0
    const uint8_t packet_id = packet[1 + RETURN_3];
568
569
0
    if (packet_id != NET_PACKET_ANNOUNCE_RESPONSE && packet_id != NET_PACKET_ANNOUNCE_RESPONSE_OLD &&
570
0
            packet_id != NET_PACKET_ONION_DATA_RESPONSE) {
571
0
        return 1;
572
0
    }
573
574
0
    change_symmetric_key(onion);
575
576
0
    uint8_t plain[SIZE_IPPORT + RETURN_2];
577
0
    const int len = decrypt_data_symmetric(onion->mem, onion->secret_symmetric_key, packet + 1, packet + 1 + CRYPTO_NONCE_SIZE,
578
0
                                           SIZE_IPPORT + RETURN_2 + CRYPTO_MAC_SIZE, plain);
579
580
0
    if ((uint32_t)len != sizeof(plain)) {
581
0
        return 1;
582
0
    }
583
584
0
    IP_Port send_to;
585
586
0
    if (ipport_unpack(&send_to, plain, len, false) == -1) {
587
0
        LOGGER_DEBUG(onion->log, "failed to unpack IP/Port");
588
0
        return 1;
589
0
    }
590
591
0
    uint8_t data[ONION_MAX_PACKET_SIZE] = {0};
592
0
    data[0] = NET_PACKET_ONION_RECV_2;
593
0
    memcpy(data + 1, plain + SIZE_IPPORT, RETURN_2);
594
0
    memcpy(data + 1 + RETURN_2, packet + 1 + RETURN_3, length - (1 + RETURN_3));
595
0
    const uint16_t data_len = 1 + RETURN_2 + (length - (1 + RETURN_3));
596
597
0
    if ((uint32_t)sendpacket(onion->net, &send_to, data, data_len) != data_len) {
598
0
        return 1;
599
0
    }
600
601
0
    Ip_Ntoa ip_str;
602
0
    LOGGER_TRACE(onion->log, "forwarded onion RECV_2 to %s:%d (%02x in %02x, %d bytes)",
603
0
                 net_ip_ntoa(&send_to.ip, &ip_str), net_ntohs(send_to.port), packet[0], data[0], data_len);
604
0
    return 0;
605
0
}
606
607
non_null()
608
static int handle_recv_2(void *object, const IP_Port *source, const uint8_t *packet, uint16_t length, void *userdata)
609
0
{
610
0
    Onion *onion = (Onion *)object;
611
612
0
    if (length > ONION_MAX_PACKET_SIZE) {
613
0
        return 1;
614
0
    }
615
616
0
    if (length <= 1 + RETURN_2) {
617
0
        return 1;
618
0
    }
619
620
0
    const uint8_t packet_id = packet[1 + RETURN_2];
621
622
0
    if (packet_id != NET_PACKET_ANNOUNCE_RESPONSE && packet_id != NET_PACKET_ANNOUNCE_RESPONSE_OLD &&
623
0
            packet_id != NET_PACKET_ONION_DATA_RESPONSE) {
624
0
        return 1;
625
0
    }
626
627
0
    change_symmetric_key(onion);
628
629
0
    uint8_t plain[SIZE_IPPORT + RETURN_1];
630
0
    const int len = decrypt_data_symmetric(onion->mem, onion->secret_symmetric_key, packet + 1, packet + 1 + CRYPTO_NONCE_SIZE,
631
0
                                           SIZE_IPPORT + RETURN_1 + CRYPTO_MAC_SIZE, plain);
632
633
0
    if ((uint32_t)len != sizeof(plain)) {
634
0
        return 1;
635
0
    }
636
637
0
    IP_Port send_to;
638
639
0
    if (ipport_unpack(&send_to, plain, len, false) == -1) {
640
0
        return 1;
641
0
    }
642
643
0
    uint8_t data[ONION_MAX_PACKET_SIZE] = {0};
644
0
    data[0] = NET_PACKET_ONION_RECV_1;
645
0
    memcpy(data + 1, plain + SIZE_IPPORT, RETURN_1);
646
0
    memcpy(data + 1 + RETURN_1, packet + 1 + RETURN_2, length - (1 + RETURN_2));
647
0
    const uint16_t data_len = 1 + RETURN_1 + (length - (1 + RETURN_2));
648
649
0
    if ((uint32_t)sendpacket(onion->net, &send_to, data, data_len) != data_len) {
650
0
        return 1;
651
0
    }
652
653
0
    Ip_Ntoa ip_str;
654
0
    LOGGER_TRACE(onion->log, "forwarded onion RECV_1 to %s:%d (%02x in %02x, %d bytes)",
655
0
                 net_ip_ntoa(&send_to.ip, &ip_str), net_ntohs(send_to.port), packet[0], data[0], data_len);
656
0
    return 0;
657
0
}
658
659
non_null()
660
static int handle_recv_1(void *object, const IP_Port *source, const uint8_t *packet, uint16_t length, void *userdata)
661
0
{
662
0
    Onion *onion = (Onion *)object;
663
664
0
    if (length > ONION_MAX_PACKET_SIZE) {
665
0
        return 1;
666
0
    }
667
668
0
    if (length <= 1 + RETURN_1) {
669
0
        return 1;
670
0
    }
671
672
0
    const uint8_t packet_id = packet[1 + RETURN_1];
673
674
0
    if (packet_id != NET_PACKET_ANNOUNCE_RESPONSE && packet_id != NET_PACKET_ANNOUNCE_RESPONSE_OLD &&
675
0
            packet_id != NET_PACKET_ONION_DATA_RESPONSE) {
676
0
        return 1;
677
0
    }
678
679
0
    change_symmetric_key(onion);
680
681
0
    uint8_t plain[SIZE_IPPORT];
682
0
    const int len = decrypt_data_symmetric(onion->mem, onion->secret_symmetric_key, packet + 1, packet + 1 + CRYPTO_NONCE_SIZE,
683
0
                                           SIZE_IPPORT + CRYPTO_MAC_SIZE, plain);
684
685
0
    if ((uint32_t)len != SIZE_IPPORT) {
686
0
        return 1;
687
0
    }
688
689
0
    IP_Port send_to;
690
691
0
    if (ipport_unpack(&send_to, plain, len, true) == -1) {
692
0
        LOGGER_DEBUG(onion->log, "failed to unpack IP/Port");
693
0
        return 1;
694
0
    }
695
696
0
    const uint16_t data_len = length - (1 + RETURN_1);
697
698
0
    if (onion->recv_1_function != nullptr &&
699
0
            !net_family_is_ipv4(send_to.ip.family) &&
700
0
            !net_family_is_ipv6(send_to.ip.family)) {
701
0
        return onion->recv_1_function(onion->callback_object, &send_to, packet + (1 + RETURN_1), data_len);
702
0
    }
703
704
0
    if ((uint32_t)sendpacket(onion->net, &send_to, packet + (1 + RETURN_1), data_len) != data_len) {
705
0
        return 1;
706
0
    }
707
708
0
    return 0;
709
0
}
710
711
void set_callback_handle_recv_1(Onion *onion, onion_recv_1_cb *function, void *object)
712
0
{
713
0
    onion->recv_1_function = function;
714
0
    onion->callback_object = object;
715
0
}
716
717
Onion *new_onion(const Logger *log, const Memory *mem, const Mono_Time *mono_time, const Random *rng, DHT *dht)
718
1.78k
{
719
1.78k
    if (dht == nullptr) {
720
0
        return nullptr;
721
0
    }
722
723
1.78k
    Onion *onion = (Onion *)mem_alloc(mem, sizeof(Onion));
724
725
1.78k
    if (onion == nullptr) {
726
0
        return nullptr;
727
0
    }
728
729
1.78k
    onion->log = log;
730
1.78k
    onion->dht = dht;
731
1.78k
    onion->net = dht_get_net(dht);
732
1.78k
    onion->mono_time = mono_time;
733
1.78k
    onion->rng = rng;
734
1.78k
    onion->mem = mem;
735
1.78k
    new_symmetric_key(rng, onion->secret_symmetric_key);
736
1.78k
    onion->timestamp = mono_time_get(onion->mono_time);
737
738
1.78k
    const uint8_t *secret_key = dht_get_self_secret_key(dht);
739
1.78k
    onion->shared_keys_1 = shared_key_cache_new(log, mono_time, mem, secret_key, KEYS_TIMEOUT, MAX_KEYS_PER_SLOT);
740
1.78k
    onion->shared_keys_2 = shared_key_cache_new(log, mono_time, mem, secret_key, KEYS_TIMEOUT, MAX_KEYS_PER_SLOT);
741
1.78k
    onion->shared_keys_3 = shared_key_cache_new(log, mono_time, mem, secret_key, KEYS_TIMEOUT, MAX_KEYS_PER_SLOT);
742
743
1.78k
    if (onion->shared_keys_1 == nullptr ||
744
1.78k
            onion->shared_keys_2 == nullptr ||
745
1.78k
            onion->shared_keys_3 == nullptr) {
746
        // cppcheck-suppress mismatchAllocDealloc
747
0
        kill_onion(onion);
748
0
        return nullptr;
749
0
    }
750
751
1.78k
    networking_registerhandler(onion->net, NET_PACKET_ONION_SEND_INITIAL, &handle_send_initial, onion);
752
1.78k
    networking_registerhandler(onion->net, NET_PACKET_ONION_SEND_1, &handle_send_1, onion);
753
1.78k
    networking_registerhandler(onion->net, NET_PACKET_ONION_SEND_2, &handle_send_2, onion);
754
755
1.78k
    networking_registerhandler(onion->net, NET_PACKET_ONION_RECV_3, &handle_recv_3, onion);
756
1.78k
    networking_registerhandler(onion->net, NET_PACKET_ONION_RECV_2, &handle_recv_2, onion);
757
1.78k
    networking_registerhandler(onion->net, NET_PACKET_ONION_RECV_1, &handle_recv_1, onion);
758
759
1.78k
    return onion;
760
1.78k
}
761
762
void kill_onion(Onion *onion)
763
1.78k
{
764
1.78k
    if (onion == nullptr) {
765
0
        return;
766
0
    }
767
768
1.78k
    networking_registerhandler(onion->net, NET_PACKET_ONION_SEND_INITIAL, nullptr, nullptr);
769
1.78k
    networking_registerhandler(onion->net, NET_PACKET_ONION_SEND_1, nullptr, nullptr);
770
1.78k
    networking_registerhandler(onion->net, NET_PACKET_ONION_SEND_2, nullptr, nullptr);
771
772
1.78k
    networking_registerhandler(onion->net, NET_PACKET_ONION_RECV_3, nullptr, nullptr);
773
1.78k
    networking_registerhandler(onion->net, NET_PACKET_ONION_RECV_2, nullptr, nullptr);
774
1.78k
    networking_registerhandler(onion->net, NET_PACKET_ONION_RECV_1, nullptr, nullptr);
775
776
1.78k
    crypto_memzero(onion->secret_symmetric_key, sizeof(onion->secret_symmetric_key));
777
778
1.78k
    shared_key_cache_free(onion->shared_keys_1);
779
1.78k
    shared_key_cache_free(onion->shared_keys_2);
780
1.78k
    shared_key_cache_free(onion->shared_keys_3);
781
782
1.78k
    mem_delete(onion->mem, onion);
783
1.78k
}