{"id":13547206,"url":"https://github.com/TokTok/c-toxcore","last_synced_at":"2025-04-02T19:32:48.537Z","repository":{"id":37602751,"uuid":"62703642","full_name":"TokTok/c-toxcore","owner":"TokTok","description":"The future of online communications.","archived":false,"fork":true,"pushed_at":"2025-03-28T15:51:50.000Z","size":24543,"stargazers_count":2370,"open_issues_count":219,"forks_count":292,"subscribers_count":106,"default_branch":"master","last_synced_at":"2025-03-28T16:38:57.661Z","etag":null,"topics":["cryptography","encryption","network","p2p","security","toxcore"],"latest_commit_sha":null,"homepage":"https://tox.chat","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":"irungentoo/toxcore","license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/TokTok.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null}},"created_at":"2016-07-06T08:15:22.000Z","updated_at":"2025-03-28T15:51:44.000Z","dependencies_parsed_at":"2023-02-14T02:16:11.534Z","dependency_job_id":null,"html_url":"https://github.com/TokTok/c-toxcore","commit_stats":null,"previous_names":[],"tags_count":38,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/TokTok%2Fc-toxcore","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/TokTok%2Fc-toxcore/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/TokTok%2Fc-toxcore/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/TokTok%2Fc-toxcore/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/TokTok","download_url":"https://codeload.github.com/TokTok/c-toxcore/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246880273,"owners_count":20848838,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cryptography","encryption","network","p2p","security","toxcore"],"created_at":"2024-08-01T12:00:52.431Z","updated_at":"2025-04-02T19:32:43.526Z","avatar_url":"https://github.com/TokTok.png","language":"C","funding_links":[],"categories":["C","By Industry","security"],"sub_categories":["Security"],"readme":"# ![Project Tox](https://raw.github.com/TokTok/c-toxcore/master/other/tox.png \"Project Tox\")\n\n**Current Coverage:**\n[![coverage](https://codecov.io/gh/TokTok/c-toxcore/branch/master/graph/badge.svg?token=BRfCKo02De)](https://codecov.io/gh/TokTok/c-toxcore)\n\n[**Website**](https://tox.chat) **|** [**Wiki**](https://wiki.tox.chat/) **|**\n[**Blog**](https://blog.tox.chat/) **|**\n[**FAQ**](https://wiki.tox.chat/doku.php?id=users:faq) **|**\n[**Binaries/Downloads**](https://tox.chat/download.html) **|**\n[**Clients**](https://wiki.tox.chat/doku.php?id=clients) **|**\n[**Compiling**](/INSTALL.md)\n\n## What is Tox\n\nTox is a peer to peer (serverless) instant messenger aimed at making security\nand privacy easy to obtain for regular users. It uses\n[libsodium](https://doc.libsodium.org/) (based on\n[NaCl](https://nacl.cr.yp.to/)) for its encryption and authentication.\n\n## IMPORTANT!\n\n### ![Danger: Experimental](other/tox-warning.png)\n\nThis is an **experimental** cryptographic network library. It has not been\nformally audited by an independent third party that specializes in cryptography\nor cryptanalysis. **Use this library at your own risk.**\n\nThe underlying crypto library [libsodium](https://doc.libsodium.org/) provides\nreliable encryption, but the security model has not yet been fully specified.\nSee [issue 210](https://github.com/TokTok/c-toxcore/issues/210) for a discussion\non developing a threat model. See other issues for known weaknesses (e.g.\n[issue 426](https://github.com/TokTok/c-toxcore/issues/426) describes what can\nhappen if your secret key is stolen).\n\n## Toxcore Development Roadmap\n\nThe roadmap and changelog are generated from GitHub issues. You may view them on\nthe website, where they are updated at least once every 24 hours:\n\n- Changelog: https://toktok.ltd/changelog/c-toxcore\n- Roadmap: https://toktok.ltd/roadmap/c-toxcore\n\n## Installing toxcore\n\nDetailed installation instructions can be found in [INSTALL.md](INSTALL.md).\n\nBe advised that due to the addition of `cmp` as a submodule, you now also need\nto initialize the git submodules required by toxcore. This can be done by\ncloning the repo with the following command:\n`git clone --recurse-submodules https://github.com/Toktok/c-toxcore` or by\nrunning `git submodule update --init` in the root directory of the repo.\n\nIn a nutshell, if you have [libsodium](https://github.com/jedisct1/libsodium)\ninstalled, run:\n\n```sh\nmkdir _build \u0026\u0026 cd _build\ncmake ..\nmake\nsudo make install\n```\n\nIf you have [libvpx](https://github.com/webmproject/libvpx) and\n[opus](https://github.com/xiph/opus) installed, the above will also build the\nA/V library for multimedia chats.\n\n## Using toxcore\n\nThe simplest \"hello world\" example could be an echo bot. Here we will walk\nthrough the implementation of a simple bot.\n\n### Creating the tox instance\n\nAll toxcore API functions work with error parameters. They are enums with one\n`OK` value and several error codes that describe the different situations in\nwhich the function might fail.\n\n```c\nTOX_ERR_NEW err_new;\nTox *tox = tox_new(NULL, \u0026err_new);\nif (err_new != TOX_ERR_NEW_OK) {\n  fprintf(stderr, \"tox_new failed with error code %d\\n\", err_new);\n  exit(1);\n}\n```\n\nHere, we simply exit the program, but in a real client you will probably want to\ndo some error handling and proper error reporting to the user. The `NULL`\nargument given to the first parameter of `tox_new` is the `Tox_Options`. It\ncontains various write-once network settings and allows you to load a previously\nserialised instance. See [toxcore/tox.h](tox.h) for details.\n\n### Setting up callbacks\n\nToxcore works with callbacks that you can register to listen for certain events.\nExamples of such events are \"friend request received\" or \"friend sent a\nmessage\". Search the API for `tox_callback_*` to find all of them.\n\nHere, we will set up callbacks for receiving friend requests and receiving\nmessages. We will always accept any friend request (because we're a bot), and\nwhen we receive a message, we send it back to the sender.\n\n```c\ntox_callback_friend_request(tox, handle_friend_request);\ntox_callback_friend_message(tox, handle_friend_message);\n```\n\nThese two function calls set up the callbacks. Now we also need to implement\nthese \"handle\" functions.\n\n### Handle friend requests\n\n```c\nstatic void handle_friend_request(\n  Tox *tox, const uint8_t *public_key, const uint8_t *message, size_t length,\n  void *user_data) {\n  // Accept the friend request:\n  TOX_ERR_FRIEND_ADD err_friend_add;\n  tox_friend_add_norequest(tox, public_key, \u0026err_friend_add);\n  if (err_friend_add != TOX_ERR_FRIEND_ADD_OK) {\n    fprintf(stderr, \"unable to add friend: %d\\n\", err_friend_add);\n  }\n}\n```\n\nThe `tox_friend_add_norequest` function adds the friend without sending them a\nfriend request. Since we already got a friend request, this is the right thing\nto do. If you wanted to send a friend request yourself, you would use\n`tox_friend_add`, which has an extra parameter for the message.\n\n### Handle messages\n\nNow, when the friend sends us a message, we want to respond to them by sending\nthem the same message back. This will be our \"echo\".\n\n```c\nstatic void handle_friend_message(\n  Tox *tox, uint32_t friend_number, TOX_MESSAGE_TYPE type,\n  const uint8_t *message, size_t length,\n  void *user_data) {\n  TOX_ERR_FRIEND_SEND_MESSAGE err_send;\n  tox_friend_send_message(tox, friend_number, type, message, length,\n    \u0026err_send);\n  if (err_send != TOX_ERR_FRIEND_SEND_MESSAGE_OK) {\n    fprintf(stderr, \"unable to send message back to friend %d: %d\\n\",\n      friend_number, err_send);\n  }\n}\n```\n\nThat's it for the setup. Now we want to actually run the bot.\n\n### Main event loop\n\nToxcore works with a main event loop function `tox_iterate` that you need to\ncall at a certain frequency dictated by `tox_iteration_interval`. This is a\npolling function that receives new network messages and processes them.\n\n```c\nwhile (true) {\n  usleep(1000 * tox_iteration_interval(tox));\n  tox_iterate(tox, NULL);\n}\n```\n\nThat's it! Now you have a working echo bot. The only problem is that since Tox\nworks with public keys, and you can't really guess your bot's public key, you\ncan't add it as a friend in your client. For this, we need to call another API\nfunction: `tox_self_get_address(tox, address)`. This will fill the 38 byte\nfriend address into the `address` buffer. You can then display that binary\nstring as hex and input it into your client. Writing a `bin2hex` function is\nleft as exercise for the reader.\n\nWe glossed over a lot of details, such as the user data which we passed to\n`tox_iterate` (passing `NULL`), bootstrapping into an actual network (this bot\nwill work in the LAN, but not on an internet server) and the fact that we now\nhave no clean way of stopping the bot (`while (true)`). If you want to write a\nreal bot, you will probably want to read up on all the API functions. Consult\nthe API documentation in [toxcore/tox.h](toxcore/tox.h) for more information.\n\n### Other resources\n\n- [Another echo bot](https://wiki.tox.chat/developers/client_examples/echo_bot)\n- [minitox](https://github.com/hqwrong/minitox) (A minimal tox client)\n\n## SAST Tools\n\nThis project uses various tools supporting Static Application Security Testing:\n\n- [clang-tidy](https://clang.llvm.org/extra/clang-tidy/): A clang-based C++\n  \"linter\" tool.\n- [Coverity](https://scan.coverity.com/): A cloud-based static analyzer service\n  for Java, C/C++, C#, JavaScript, Ruby, or Python that is free for open source\n  projects.\n- [cppcheck](https://cppcheck.sourceforge.io/): A static analyzer for C/C++\n  code.\n- [cpplint](https://github.com/cpplint/cpplint): Static code checker for C++\n- [goblint](https://goblint.in.tum.de/): A static analyzer for multi-threaded C\n  programs, specializing in finding concurrency bugs.\n- [infer](https://github.com/facebook/infer): A static analyzer for Java, C,\n  C++, and Objective-C.\n- [PVS-Studio](https://pvs-studio.com/en/pvs-studio/?utm_source=website\u0026utm_medium=github\u0026utm_campaign=open_source):\n  A static analyzer for C, C++, C#, and Java code.\n- [tokstyle](https://github.com/TokTok/hs-tokstyle): A style checker for TokTok\n  C projects.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FTokTok%2Fc-toxcore","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FTokTok%2Fc-toxcore","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FTokTok%2Fc-toxcore/lists"}