2013-07-04 20:56:19 +00:00
|
|
|
/*
|
2015-02-17 21:11:34 +00:00
|
|
|
* ZeroTier One - Network Virtualization Everywhere
|
2017-04-28 03:47:25 +00:00
|
|
|
* Copyright (C) 2011-2017 ZeroTier, Inc. https://www.zerotier.com/
|
2013-07-04 20:56:19 +00:00
|
|
|
*
|
|
|
|
* This program is free software: you can redistribute it and/or modify
|
|
|
|
* it under the terms of the GNU General Public License as published by
|
|
|
|
* the Free Software Foundation, either version 3 of the License, or
|
|
|
|
* (at your option) any later version.
|
|
|
|
*
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
2017-04-28 03:47:25 +00:00
|
|
|
*
|
|
|
|
* --
|
|
|
|
*
|
|
|
|
* You can be released from the requirements of the license by purchasing
|
|
|
|
* a commercial license. Buying such a license is mandatory as soon as you
|
|
|
|
* develop commercial closed-source software that incorporates or links
|
|
|
|
* directly against ZeroTier software without disclosing the source code
|
|
|
|
* of your own application.
|
2013-07-04 20:56:19 +00:00
|
|
|
*/
|
|
|
|
|
|
|
|
#include <stdio.h>
|
|
|
|
#include <string.h>
|
|
|
|
#include <stdlib.h>
|
2013-07-17 18:10:44 +00:00
|
|
|
#include <stdarg.h>
|
2015-12-22 00:15:39 +00:00
|
|
|
#include <time.h>
|
2013-08-13 01:25:36 +00:00
|
|
|
#include <sys/stat.h>
|
2013-07-04 20:56:19 +00:00
|
|
|
|
2013-08-10 14:12:16 +00:00
|
|
|
#include "Constants.hpp"
|
|
|
|
|
|
|
|
#ifdef __UNIX_LIKE__
|
2013-07-04 20:56:19 +00:00
|
|
|
#include <unistd.h>
|
2013-08-10 14:12:16 +00:00
|
|
|
#include <errno.h>
|
2013-07-04 20:56:19 +00:00
|
|
|
#include <fcntl.h>
|
|
|
|
#include <sys/types.h>
|
2014-08-07 13:35:54 +00:00
|
|
|
#include <sys/stat.h>
|
2013-08-10 14:12:16 +00:00
|
|
|
#include <sys/uio.h>
|
2013-07-25 21:53:57 +00:00
|
|
|
#include <dirent.h>
|
2013-07-04 20:56:19 +00:00
|
|
|
#endif
|
|
|
|
|
2014-08-08 18:53:55 +00:00
|
|
|
#ifdef __WINDOWS__
|
|
|
|
#include <wincrypt.h>
|
|
|
|
#endif
|
|
|
|
|
2013-07-25 21:53:57 +00:00
|
|
|
#include "Utils.hpp"
|
|
|
|
#include "Mutex.hpp"
|
2015-05-15 00:41:05 +00:00
|
|
|
#include "Salsa20.hpp"
|
2013-07-25 21:53:57 +00:00
|
|
|
|
2013-07-04 20:56:19 +00:00
|
|
|
namespace ZeroTier {
|
|
|
|
|
|
|
|
const char Utils::HEXCHARS[16] = { '0','1','2','3','4','5','6','7','8','9','a','b','c','d','e','f' };
|
|
|
|
|
2017-07-07 00:32:41 +00:00
|
|
|
// Crazy hack to force memory to be securely zeroed in spite of the best efforts of optimizing compilers.
|
|
|
|
static void _Utils_doBurn(volatile uint8_t *ptr,unsigned int len)
|
|
|
|
{
|
|
|
|
volatile uint8_t *const end = ptr + len;
|
|
|
|
while (ptr != end) *(ptr++) = (uint8_t)0;
|
|
|
|
}
|
|
|
|
static void (*volatile _Utils_doBurn_ptr)(volatile uint8_t *,unsigned int) = _Utils_doBurn;
|
|
|
|
void Utils::burn(void *ptr,unsigned int len) { (_Utils_doBurn_ptr)((volatile uint8_t *)ptr,len); }
|
|
|
|
|
2017-07-06 23:11:11 +00:00
|
|
|
static unsigned long _Utils_itoa(unsigned long n,char *s)
|
2013-07-04 20:56:19 +00:00
|
|
|
{
|
2017-07-06 23:11:11 +00:00
|
|
|
if (n == 0)
|
|
|
|
return 0;
|
|
|
|
unsigned long pos = _Utils_itoa(n / 10,s);
|
|
|
|
if (pos >= 22) // sanity check, should be impossible
|
|
|
|
pos = 22;
|
|
|
|
s[pos] = '0' + (char)(n % 10);
|
|
|
|
return pos + 1;
|
2013-07-04 20:56:19 +00:00
|
|
|
}
|
2017-07-06 23:11:11 +00:00
|
|
|
char *Utils::decimal(unsigned long n,char s[24])
|
2013-07-04 20:56:19 +00:00
|
|
|
{
|
2017-07-06 23:11:11 +00:00
|
|
|
if (n == 0) {
|
|
|
|
s[0] = '0';
|
|
|
|
s[1] = (char)0;
|
|
|
|
return s;
|
2013-07-04 20:56:19 +00:00
|
|
|
}
|
2017-07-06 23:11:11 +00:00
|
|
|
s[_Utils_itoa(n,s)] = (char)0;
|
|
|
|
return s;
|
2013-07-04 20:56:19 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
void Utils::getSecureRandom(void *buf,unsigned int bytes)
|
|
|
|
{
|
2014-08-08 18:53:55 +00:00
|
|
|
static Mutex globalLock;
|
2015-05-15 00:41:05 +00:00
|
|
|
static Salsa20 s20;
|
2015-12-22 00:15:39 +00:00
|
|
|
static bool s20Initialized = false;
|
2017-02-06 19:49:41 +00:00
|
|
|
static uint8_t randomBuf[65536];
|
|
|
|
static unsigned int randomPtr = sizeof(randomBuf);
|
2014-08-08 18:53:55 +00:00
|
|
|
|
|
|
|
Mutex::Lock _l(globalLock);
|
|
|
|
|
2015-12-22 00:15:39 +00:00
|
|
|
/* Just for posterity we Salsa20 encrypt the result of whatever system
|
|
|
|
* CSPRNG we use. There have been several bugs at the OS or OS distribution
|
|
|
|
* level in the past that resulted in systematically weak or predictable
|
|
|
|
* keys due to random seeding problems. This mitigates that by grabbing
|
|
|
|
* a bit of extra entropy and further randomizing the result, and comes
|
|
|
|
* at almost no cost and with no real downside if the random source is
|
|
|
|
* good. */
|
|
|
|
if (!s20Initialized) {
|
|
|
|
s20Initialized = true;
|
|
|
|
uint64_t s20Key[4];
|
|
|
|
s20Key[0] = (uint64_t)time(0); // system clock
|
|
|
|
s20Key[1] = (uint64_t)buf; // address of buf
|
|
|
|
s20Key[2] = (uint64_t)s20Key; // address of s20Key[]
|
|
|
|
s20Key[3] = (uint64_t)&s20; // address of s20
|
2017-04-17 23:43:03 +00:00
|
|
|
s20.init(s20Key,s20Key);
|
2015-12-22 00:15:39 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
#ifdef __WINDOWS__
|
|
|
|
|
|
|
|
static HCRYPTPROV cryptProvider = NULL;
|
|
|
|
|
2017-02-06 19:49:41 +00:00
|
|
|
for(unsigned int i=0;i<bytes;++i) {
|
|
|
|
if (randomPtr >= sizeof(randomBuf)) {
|
|
|
|
if (cryptProvider == NULL) {
|
|
|
|
if (!CryptAcquireContextA(&cryptProvider,NULL,NULL,PROV_RSA_FULL,CRYPT_VERIFYCONTEXT|CRYPT_SILENT)) {
|
|
|
|
fprintf(stderr,"FATAL ERROR: Utils::getSecureRandom() unable to obtain WinCrypt context!\r\n");
|
|
|
|
exit(1);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if (!CryptGenRandom(cryptProvider,(DWORD)sizeof(randomBuf),(BYTE *)randomBuf)) {
|
|
|
|
fprintf(stderr,"FATAL ERROR: Utils::getSecureRandom() CryptGenRandom failed!\r\n");
|
|
|
|
exit(1);
|
|
|
|
}
|
|
|
|
randomPtr = 0;
|
|
|
|
s20.crypt12(randomBuf,randomBuf,sizeof(randomBuf));
|
2017-04-18 00:54:12 +00:00
|
|
|
s20.init(randomBuf,randomBuf);
|
2014-08-08 18:53:55 +00:00
|
|
|
}
|
2017-02-06 19:49:41 +00:00
|
|
|
((uint8_t *)buf)[i] = randomBuf[randomPtr++];
|
2014-08-08 18:53:55 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
#else // not __WINDOWS__
|
|
|
|
|
|
|
|
static int devURandomFd = -1;
|
|
|
|
|
2017-02-06 19:49:41 +00:00
|
|
|
if (devURandomFd < 0) {
|
2014-08-08 18:53:55 +00:00
|
|
|
devURandomFd = ::open("/dev/urandom",O_RDONLY);
|
2017-02-06 19:49:41 +00:00
|
|
|
if (devURandomFd < 0) {
|
2015-10-07 01:04:53 +00:00
|
|
|
fprintf(stderr,"FATAL ERROR: Utils::getSecureRandom() unable to open /dev/urandom\n");
|
2014-08-08 18:53:55 +00:00
|
|
|
exit(1);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
for(unsigned int i=0;i<bytes;++i) {
|
|
|
|
if (randomPtr >= sizeof(randomBuf)) {
|
2015-10-07 01:10:40 +00:00
|
|
|
for(;;) {
|
|
|
|
if ((int)::read(devURandomFd,randomBuf,sizeof(randomBuf)) != (int)sizeof(randomBuf)) {
|
|
|
|
::close(devURandomFd);
|
|
|
|
devURandomFd = ::open("/dev/urandom",O_RDONLY);
|
2017-02-06 19:49:41 +00:00
|
|
|
if (devURandomFd < 0) {
|
2015-10-07 01:10:40 +00:00
|
|
|
fprintf(stderr,"FATAL ERROR: Utils::getSecureRandom() unable to open /dev/urandom\n");
|
|
|
|
exit(1);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
} else break;
|
2013-08-13 01:25:36 +00:00
|
|
|
}
|
2014-08-08 18:53:55 +00:00
|
|
|
randomPtr = 0;
|
2017-02-06 19:49:41 +00:00
|
|
|
s20.crypt12(randomBuf,randomBuf,sizeof(randomBuf));
|
2017-04-18 00:54:12 +00:00
|
|
|
s20.init(randomBuf,randomBuf);
|
2013-07-04 20:56:19 +00:00
|
|
|
}
|
2017-02-06 19:49:41 +00:00
|
|
|
((uint8_t *)buf)[i] = randomBuf[randomPtr++];
|
2013-07-04 20:56:19 +00:00
|
|
|
}
|
2014-08-08 18:53:55 +00:00
|
|
|
|
2015-12-22 00:15:39 +00:00
|
|
|
#endif // __WINDOWS__ or not
|
2013-07-04 20:56:19 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
} // namespace ZeroTier
|