3105cc20ef
81b1e4f6348 chore: Release v0.2.21-rc.1 9303e2e49a1 chore: Update the pkgsrc versions in the update-versions tool 71ec4b3b1e9 chore: Update the version-sync script to work in a post-tox.api.h world 66da842f753 chore: Add version update script compatible with ci-tools. 199878f7660 chore: Use new bazel script for circle ci. 8278e9cda46 chore: Add release issue template and workflow. a9bb3a1c4d1 chore: Fix alpine-s390x build. 6e0a641272e chore: Add a source tarball deploy workflow. 4adebe4d8b1 chore: Don't upload ios/macos variants in deploy workflows. 18f1d858ccb chore: Move one of the 3 freebsd builds to post-submit. 432ab60c002 feat: Add a Makefile for the single file deploy build. a86c0011fd5 chore: Add deploy job for single C file library. 2e7495e8f2a docs: Update changelog format to use the new clog-compatible way. a682da99e84 chore: Export wasmExports from the wasm binary. 12f34cdff27 chore: Add wasm to the nightly binary deploys. 1451029613f chore: Add strict-abi support for macOS/iOS. c53c30e09d9 chore: Add time option to manual fuzz trigger. 2ccecdc2a1a chore: Add remaining fuzz tests to cflite. 4626c2e230e test: Add a Net_Crypto fuzz test. b4a0e617c48 refactor: Use IP string length from ip_ntoa instead of strlen. b85b91f22f6 cleanup: rename getnodes/sendnodes to nodes request/response This change alignes the naming to be closer to the spec and make it less ambiguous. This change also changes the naming of some private/experimental marked APIs. - tox_callback_dht_nodes_response() - tox_dht_nodes_request() - Tox_Event_Dht_Get_Nodes_Response f1991aaa029 perf: Use stack allocation for strerror rendering. 3984211ccbf cleanup: remove kicked peers from saved peers list 26a991ed2be fix: ip to string function not accepting tcp families 712861f2e6d cleanup: Make websockify output qtox-compatible logging. 01932ea2f73 chore: Add opus and vpx to the toxcore wasm build. d29c42ef631 refactor: don't fully discard received DHT nodes. This is mostly forward thinking, where we might introduce other ip families, in addition to ipv4, ipv6, tcp_ipv4 etc. 21e2325934f chore: Fix xcframework tarball creation. b10c8b766ba chore: Fix xcframework checksum creation. 93787a9322e chore: Add ios/macos framework build. 9f723f891d3 fix: run do_gca also in bootstrap nodes 496cc703556 chore: Support arm64 iphone simulator. aa0e2a8e928 chore: Add support for more iOS architectures. 13ad8e81cbf chore: Add binary deploy workflows. c8344726378 refactor: Move tox_log_level out into its own file. 8799bea76c3 cleanup: Mark events/dispatch headers as experimental. d4164edb548 refactor: Remove tox_types.h; use `struct` tags instead. d408c982090 refactor: Move `Tox_Options` to `tox_options.h`. 5ab42d41209 chore: Move most cirrus jobs to circleci. 463eeae1144 cleanup: Avoid clashing with global define `DEBUG`. 92cc1e91747 refactor: Make Tox_Options own the passed proxy host and savedata. f276b397226 test: Add some more asserts for I/O and alloc to succeed. edb4dfc4869 fix: Don't crash on malloc failures in bin_unpack. be457d5d0b2 cleanup: Use tox memory for bin_unpack and net_strerror. git-subtree-dir: external/toxcore/c-toxcore git-subtree-split: 81b1e4f6348124784088591c4fe9ab41e273031d
Current Coverage:
Website | Wiki | Blog | FAQ | Binaries/Downloads | Clients | Compiling
What is Tox
Tox is a peer to peer (serverless) instant messenger aimed at making security and privacy easy to obtain for regular users. It uses libsodium (based on NaCl) for its encryption and authentication.
IMPORTANT!
This is an experimental cryptographic network library. It has not been formally audited by an independent third party that specializes in cryptography or cryptanalysis. Use this library at your own risk.
The underlying crypto library libsodium provides reliable encryption, but the security model has not yet been fully specified. See issue 210 for a discussion on developing a threat model. See other issues for known weaknesses (e.g. issue 426 describes what can happen if your secret key is stolen).
Toxcore Development Roadmap
The roadmap and changelog are generated from GitHub issues. You may view them on the website, where they are updated at least once every 24 hours:
- Changelog: https://toktok.ltd/changelog/c-toxcore
- Roadmap: https://toktok.ltd/roadmap/c-toxcore
Installing toxcore
Detailed installation instructions can be found in INSTALL.md.
Be advised that due to the addition of cmp as a submodule, you now also need
to initialize the git submodules required by toxcore. This can be done by
cloning the repo with the following command:
git clone --recurse-submodules https://github.com/Toktok/c-toxcore or by
running git submodule update --init in the root directory of the repo.
In a nutshell, if you have libsodium installed, run:
mkdir _build && cd _build
cmake ..
make
sudo make install
If you have libvpx and opus installed, the above will also build the A/V library for multimedia chats.
Using toxcore
The simplest "hello world" example could be an echo bot. Here we will walk through the implementation of a simple bot.
Creating the tox instance
All toxcore API functions work with error parameters. They are enums with one
OK value and several error codes that describe the different situations in
which the function might fail.
TOX_ERR_NEW err_new;
Tox *tox = tox_new(NULL, &err_new);
if (err_new != TOX_ERR_NEW_OK) {
fprintf(stderr, "tox_new failed with error code %d\n", err_new);
exit(1);
}
Here, we simply exit the program, but in a real client you will probably want to
do some error handling and proper error reporting to the user. The NULL
argument given to the first parameter of tox_new is the Tox_Options. It
contains various write-once network settings and allows you to load a previously
serialised instance. See toxcore/tox.h for details.
Setting up callbacks
Toxcore works with callbacks that you can register to listen for certain events.
Examples of such events are "friend request received" or "friend sent a
message". Search the API for tox_callback_* to find all of them.
Here, we will set up callbacks for receiving friend requests and receiving messages. We will always accept any friend request (because we're a bot), and when we receive a message, we send it back to the sender.
tox_callback_friend_request(tox, handle_friend_request);
tox_callback_friend_message(tox, handle_friend_message);
These two function calls set up the callbacks. Now we also need to implement these "handle" functions.
Handle friend requests
static void handle_friend_request(
Tox *tox, const uint8_t *public_key, const uint8_t *message, size_t length,
void *user_data) {
// Accept the friend request:
TOX_ERR_FRIEND_ADD err_friend_add;
tox_friend_add_norequest(tox, public_key, &err_friend_add);
if (err_friend_add != TOX_ERR_FRIEND_ADD_OK) {
fprintf(stderr, "unable to add friend: %d\n", err_friend_add);
}
}
The tox_friend_add_norequest function adds the friend without sending them a
friend request. Since we already got a friend request, this is the right thing
to do. If you wanted to send a friend request yourself, you would use
tox_friend_add, which has an extra parameter for the message.
Handle messages
Now, when the friend sends us a message, we want to respond to them by sending them the same message back. This will be our "echo".
static void handle_friend_message(
Tox *tox, uint32_t friend_number, TOX_MESSAGE_TYPE type,
const uint8_t *message, size_t length,
void *user_data) {
TOX_ERR_FRIEND_SEND_MESSAGE err_send;
tox_friend_send_message(tox, friend_number, type, message, length,
&err_send);
if (err_send != TOX_ERR_FRIEND_SEND_MESSAGE_OK) {
fprintf(stderr, "unable to send message back to friend %d: %d\n",
friend_number, err_send);
}
}
That's it for the setup. Now we want to actually run the bot.
Main event loop
Toxcore works with a main event loop function tox_iterate that you need to
call at a certain frequency dictated by tox_iteration_interval. This is a
polling function that receives new network messages and processes them.
while (true) {
usleep(1000 * tox_iteration_interval(tox));
tox_iterate(tox, NULL);
}
That's it! Now you have a working echo bot. The only problem is that since Tox
works with public keys, and you can't really guess your bot's public key, you
can't add it as a friend in your client. For this, we need to call another API
function: tox_self_get_address(tox, address). This will fill the 38 byte
friend address into the address buffer. You can then display that binary
string as hex and input it into your client. Writing a bin2hex function is
left as exercise for the reader.
We glossed over a lot of details, such as the user data which we passed to
tox_iterate (passing NULL), bootstrapping into an actual network (this bot
will work in the LAN, but not on an internet server) and the fact that we now
have no clean way of stopping the bot (while (true)). If you want to write a
real bot, you will probably want to read up on all the API functions. Consult
the API documentation in toxcore/tox.h for more information.
Other resources
- Another echo bot
- minitox (A minimal tox client)
SAST Tools
This project uses various tools supporting Static Application Security Testing:
- clang-tidy: A clang-based C++ "linter" tool.
- Coverity: A cloud-based static analyzer service for Java, C/C++, C#, JavaScript, Ruby, or Python that is free for open source projects.
- cppcheck: A static analyzer for C/C++ code.
- cpplint: Static code checker for C++
- goblint: A static analyzer for multi-threaded C programs, specializing in finding concurrency bugs.
- infer: A static analyzer for Java, C, C++, and Objective-C.
- PVS-Studio: A static analyzer for C, C++, C#, and Java code.
- tokstyle: A style checker for TokTok C projects.