EO uses a two-stage packet encryption scheme. The library exposes both the high-level encrypt/decrypt functions and the lower-level primitives.

Overview:

eo_swap_multiples() reverses contiguous runs of bytes that are multiples of a given value.
eo_encrypt_packet() additionally applies a position-based byte permutation and toggles the high bit of non-zero bytes.
Both operations are involutions: applying them twice yields the original data.

Typical client-side workflow:

// --- Sending a packet ---
uint8_t multiple = eo_generate_swap_multiple();  // random 6-12
 
// Prepend the multiple as the first byte of the payload, then encrypt
// bytes 2 onward (the actual packet data follows the two-byte header).
eo_encrypt_packet(payload + 2, payload_length - 2, multiple);
 
// --- Receiving a packet ---
uint8_t multiple = payload[0];  // negotiated during handshake
eo_decrypt_packet(payload + 2, payload_length - 2, multiple);

Server verification hash:

During the connection handshake the client sends a challenge value to the server. The server must respond with the correct hash, which the client can verify using eo_server_verification_hash():

int32_t challenge = ...; // chosen by the client and sent in the init packet
int32_t expected  = eo_server_verification_hash(challenge);
// Compare expected against the hash value received from the server.

Packets whose first two bytes are both 0xFF are never encrypted and are passed through unchanged by eo_encrypt_packet() / eo_decrypt_packet().