2013-07-04 20:56:19 +00:00
|
|
|
/*
|
2015-02-17 21:11:34 +00:00
|
|
|
* ZeroTier One - Network Virtualization Everywhere
|
2019-01-14 18:25:53 +00:00
|
|
|
* Copyright (C) 2011-2019 ZeroTier, Inc. https://www.zerotier.com/
|
2013-07-04 20:56:19 +00:00
|
|
|
*
|
|
|
|
* This program is free software: you can redistribute it and/or modify
|
|
|
|
* it under the terms of the GNU General Public License as published by
|
|
|
|
* the Free Software Foundation, either version 3 of the License, or
|
|
|
|
* (at your option) any later version.
|
|
|
|
*
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU General Public License
|
2019-01-14 18:25:53 +00:00
|
|
|
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
2017-04-28 03:47:25 +00:00
|
|
|
*
|
|
|
|
* --
|
|
|
|
*
|
|
|
|
* You can be released from the requirements of the license by purchasing
|
|
|
|
* a commercial license. Buying such a license is mandatory as soon as you
|
|
|
|
* develop commercial closed-source software that incorporates or links
|
|
|
|
* directly against ZeroTier software without disclosing the source code
|
|
|
|
* of your own application.
|
2013-07-04 20:56:19 +00:00
|
|
|
*/
|
|
|
|
|
2013-12-07 00:49:20 +00:00
|
|
|
#ifndef ZT_IDENTITY_HPP
|
|
|
|
#define ZT_IDENTITY_HPP
|
2013-07-04 20:56:19 +00:00
|
|
|
|
|
|
|
#include <stdio.h>
|
|
|
|
#include <stdlib.h>
|
|
|
|
|
2013-09-16 13:20:59 +00:00
|
|
|
#include "Constants.hpp"
|
2013-07-04 20:56:19 +00:00
|
|
|
#include "Utils.hpp"
|
|
|
|
#include "Address.hpp"
|
2013-09-16 13:20:59 +00:00
|
|
|
#include "C25519.hpp"
|
2013-07-04 20:56:19 +00:00
|
|
|
#include "Buffer.hpp"
|
2015-10-14 21:12:12 +00:00
|
|
|
#include "SHA512.hpp"
|
2019-07-17 15:52:08 +00:00
|
|
|
#include "ECC384.hpp"
|
2013-07-04 20:56:19 +00:00
|
|
|
|
2017-07-06 23:11:11 +00:00
|
|
|
#define ZT_IDENTITY_STRING_BUFFER_LENGTH 384
|
|
|
|
|
2013-07-04 20:56:19 +00:00
|
|
|
namespace ZeroTier {
|
|
|
|
|
|
|
|
/**
|
|
|
|
* A ZeroTier identity
|
|
|
|
*
|
|
|
|
* An identity consists of a public key, a 40-bit ZeroTier address computed
|
|
|
|
* from that key in a collision-resistant fashion, and a self-signature.
|
|
|
|
*
|
|
|
|
* The address derivation algorithm makes it computationally very expensive to
|
|
|
|
* search for a different public key that duplicates an existing address. (See
|
|
|
|
* code for deriveAddress() for this algorithm.)
|
|
|
|
*/
|
|
|
|
class Identity
|
|
|
|
{
|
|
|
|
public:
|
2019-07-17 15:52:08 +00:00
|
|
|
enum Type
|
2013-07-04 20:56:19 +00:00
|
|
|
{
|
2019-08-07 16:20:12 +00:00
|
|
|
C25519 = 0, // Curve25519 and Ed25519 (1.0 and 2.0, default)
|
|
|
|
P384 = 1 // NIST P-384 ECDH and ECDSA (2.0+ only)
|
2019-07-17 15:52:08 +00:00
|
|
|
};
|
2013-07-04 20:56:19 +00:00
|
|
|
|
2019-07-17 15:52:08 +00:00
|
|
|
Identity() { memset(reinterpret_cast<void *>(this),0,sizeof(Identity)); }
|
|
|
|
Identity(const Identity &id) { memcpy(reinterpret_cast<void *>(this),&id,sizeof(Identity)); }
|
2013-07-04 20:56:19 +00:00
|
|
|
|
2019-07-17 15:52:08 +00:00
|
|
|
Identity(const char *str)
|
2013-07-04 20:56:19 +00:00
|
|
|
{
|
|
|
|
if (!fromString(str))
|
2017-07-17 21:21:09 +00:00
|
|
|
throw ZT_EXCEPTION_INVALID_SERIALIZED_DATA_INVALID_TYPE;
|
2013-07-04 20:56:19 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
template<unsigned int C>
|
2019-07-17 15:52:08 +00:00
|
|
|
Identity(const Buffer<C> &b,unsigned int startAt = 0) { deserialize(b,startAt); }
|
2013-07-04 20:56:19 +00:00
|
|
|
|
2019-07-17 15:52:08 +00:00
|
|
|
~Identity() { Utils::burn(reinterpret_cast<void *>(this),sizeof(Identity)); }
|
2013-07-04 20:56:19 +00:00
|
|
|
|
2019-08-07 22:06:03 +00:00
|
|
|
inline void zero() { Utils::burn(reinterpret_cast<void *>(this),sizeof(Identity)); }
|
2019-08-07 21:41:58 +00:00
|
|
|
|
2013-07-04 20:56:19 +00:00
|
|
|
inline Identity &operator=(const Identity &id)
|
|
|
|
{
|
2019-07-17 15:52:08 +00:00
|
|
|
memcpy(reinterpret_cast<void *>(this),&id,sizeof(Identity));
|
2013-07-04 20:56:19 +00:00
|
|
|
return *this;
|
|
|
|
}
|
|
|
|
|
2019-07-17 15:52:08 +00:00
|
|
|
/**
|
|
|
|
* @return Identity type
|
|
|
|
*/
|
|
|
|
inline Type type() const { return _type; }
|
|
|
|
|
2013-07-04 20:56:19 +00:00
|
|
|
/**
|
|
|
|
* Generate a new identity (address, key pair)
|
2013-09-16 13:20:59 +00:00
|
|
|
*
|
|
|
|
* This is a time consuming operation.
|
2019-07-17 15:52:08 +00:00
|
|
|
*
|
|
|
|
* @param t Type of identity to generate
|
2013-07-04 20:56:19 +00:00
|
|
|
*/
|
2019-07-17 15:52:08 +00:00
|
|
|
void generate(const Type t);
|
2013-07-04 20:56:19 +00:00
|
|
|
|
|
|
|
/**
|
2013-10-05 11:00:55 +00:00
|
|
|
* Check the validity of this identity's pairing of key to address
|
|
|
|
*
|
2013-07-04 20:56:19 +00:00
|
|
|
* @return True if validation check passes
|
|
|
|
*/
|
2013-10-05 11:00:55 +00:00
|
|
|
bool locallyValidate() const;
|
2013-07-04 20:56:19 +00:00
|
|
|
|
|
|
|
/**
|
2013-09-16 13:20:59 +00:00
|
|
|
* @return True if this identity contains a private key
|
2013-07-04 20:56:19 +00:00
|
|
|
*/
|
2019-07-17 15:52:08 +00:00
|
|
|
inline bool hasPrivate() const { return _hasPrivate; }
|
2013-07-04 20:56:19 +00:00
|
|
|
|
2015-10-14 21:12:12 +00:00
|
|
|
/**
|
|
|
|
* Compute the SHA512 hash of our private key (if we have one)
|
|
|
|
*
|
|
|
|
* @param sha Buffer to receive SHA512 (MUST be ZT_SHA512_DIGEST_LEN (64) bytes in length)
|
|
|
|
* @return True on success, false if no private key
|
|
|
|
*/
|
|
|
|
inline bool sha512PrivateKey(void *sha) const
|
|
|
|
{
|
2019-07-17 15:52:08 +00:00
|
|
|
if (_hasPrivate) {
|
|
|
|
switch(_type) {
|
|
|
|
case C25519:
|
2019-08-07 21:41:58 +00:00
|
|
|
SHA512(sha,_k.t0.priv.data,ZT_C25519_PRIVATE_KEY_LEN);
|
2019-07-17 15:52:08 +00:00
|
|
|
return true;
|
|
|
|
case P384:
|
2019-08-07 21:41:58 +00:00
|
|
|
SHA512(sha,_k.t1.priv,ZT_ECC384_PRIVATE_KEY_SIZE);
|
2019-07-17 15:52:08 +00:00
|
|
|
return true;
|
|
|
|
}
|
2015-10-14 21:12:12 +00:00
|
|
|
}
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
2019-08-07 16:20:12 +00:00
|
|
|
/**
|
|
|
|
* Compute the SHA512 hash of our public key
|
|
|
|
*
|
|
|
|
* @param sha Buffer to receive hash bytes
|
|
|
|
* @return True on success, false if identity is empty or invalid
|
|
|
|
*/
|
|
|
|
inline bool sha512PublicKey(void *sha) const
|
|
|
|
{
|
|
|
|
if (_hasPrivate) {
|
|
|
|
switch(_type) {
|
|
|
|
case C25519:
|
2019-08-07 21:41:58 +00:00
|
|
|
SHA512(sha,_k.t0.pub.data,ZT_C25519_PUBLIC_KEY_LEN);
|
2019-08-07 16:20:12 +00:00
|
|
|
return true;
|
|
|
|
case P384:
|
2019-08-07 21:41:58 +00:00
|
|
|
SHA512(sha,_k.t1.pub,ZT_ECC384_PUBLIC_KEY_SIZE);
|
2019-08-07 16:20:12 +00:00
|
|
|
return true;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
2013-09-16 17:57:57 +00:00
|
|
|
/**
|
|
|
|
* Sign a message with this identity (private key required)
|
|
|
|
*
|
2019-07-17 15:52:08 +00:00
|
|
|
* The signature buffer should be large enough for the largest
|
|
|
|
* signature, which is currently 96 bytes.
|
|
|
|
*
|
2013-09-16 17:57:57 +00:00
|
|
|
* @param data Data to sign
|
|
|
|
* @param len Length of data
|
2019-07-17 15:52:08 +00:00
|
|
|
* @param sig Buffer to receive signature
|
|
|
|
* @param siglen Length of buffer
|
|
|
|
* @return Number of bytes actually written to sig or 0 on error
|
2013-09-16 17:57:57 +00:00
|
|
|
*/
|
2019-08-08 04:50:47 +00:00
|
|
|
unsigned int sign(const void *data,unsigned int len,void *sig,unsigned int siglen) const;
|
2013-09-16 17:57:57 +00:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Verify a message signature against this identity
|
|
|
|
*
|
|
|
|
* @param data Data to check
|
|
|
|
* @param len Length of data
|
|
|
|
* @param signature Signature bytes
|
|
|
|
* @param siglen Length of signature in bytes
|
|
|
|
* @return True if signature validates and data integrity checks
|
|
|
|
*/
|
2019-08-08 04:50:47 +00:00
|
|
|
bool verify(const void *data,unsigned int len,const void *sig,unsigned int siglen) const;
|
2013-10-04 16:24:21 +00:00
|
|
|
|
2013-07-04 20:56:19 +00:00
|
|
|
/**
|
|
|
|
* Shortcut method to perform key agreement with another identity
|
|
|
|
*
|
2013-09-16 13:20:59 +00:00
|
|
|
* This identity must have a private key. (Check hasPrivate())
|
2013-07-04 20:56:19 +00:00
|
|
|
*
|
|
|
|
* @param id Identity to agree with
|
|
|
|
* @param key Result parameter to fill with key bytes
|
|
|
|
* @param klen Length of key in bytes
|
|
|
|
* @return Was agreement successful?
|
|
|
|
*/
|
2019-08-08 04:50:47 +00:00
|
|
|
bool agree(const Identity &id,void *key,unsigned int klen) const;
|
2013-07-04 20:56:19 +00:00
|
|
|
|
|
|
|
/**
|
|
|
|
* @return This identity's address
|
|
|
|
*/
|
2017-07-17 21:21:09 +00:00
|
|
|
inline const Address &address() const { return _address; }
|
2013-07-04 20:56:19 +00:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Serialize this identity (binary)
|
2016-01-12 22:04:55 +00:00
|
|
|
*
|
2013-07-04 20:56:19 +00:00
|
|
|
* @param b Destination buffer to append to
|
|
|
|
* @param includePrivate If true, include private key component (if present) (default: false)
|
|
|
|
* @throws std::out_of_range Buffer too small
|
|
|
|
*/
|
|
|
|
template<unsigned int C>
|
|
|
|
inline void serialize(Buffer<C> &b,bool includePrivate = false) const
|
|
|
|
{
|
2013-07-25 17:24:39 +00:00
|
|
|
_address.appendTo(b);
|
2019-07-17 15:52:08 +00:00
|
|
|
switch(_type) {
|
2019-08-07 22:06:03 +00:00
|
|
|
|
2019-07-17 15:52:08 +00:00
|
|
|
case C25519:
|
|
|
|
b.append((uint8_t)C25519);
|
|
|
|
b.append(_k.t0.pub.data,ZT_C25519_PUBLIC_KEY_LEN);
|
|
|
|
if ((_hasPrivate)&&(includePrivate)) {
|
|
|
|
b.append((uint8_t)ZT_C25519_PRIVATE_KEY_LEN);
|
|
|
|
b.append(_k.t0.priv.data,ZT_C25519_PRIVATE_KEY_LEN);
|
|
|
|
} else {
|
|
|
|
b.append((uint8_t)0);
|
|
|
|
}
|
|
|
|
break;
|
2019-08-07 22:06:03 +00:00
|
|
|
|
2019-07-17 15:52:08 +00:00
|
|
|
case P384:
|
|
|
|
b.append((uint8_t)P384);
|
|
|
|
b.append(_k.t1.pub,ZT_ECC384_PUBLIC_KEY_SIZE);
|
|
|
|
if ((_hasPrivate)&&(includePrivate)) {
|
|
|
|
b.append((uint8_t)ZT_ECC384_PRIVATE_KEY_SIZE);
|
|
|
|
b.append(_k.t1.priv,ZT_ECC384_PRIVATE_KEY_SIZE);
|
|
|
|
} else {
|
|
|
|
b.append((uint8_t)0);
|
|
|
|
}
|
|
|
|
break;
|
2019-08-07 22:06:03 +00:00
|
|
|
|
2019-07-17 15:52:08 +00:00
|
|
|
}
|
2013-07-04 20:56:19 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Deserialize a binary serialized identity
|
|
|
|
*
|
|
|
|
* If an exception is thrown, the Identity object is left in an undefined
|
|
|
|
* state and should not be used.
|
|
|
|
*
|
|
|
|
* @param b Buffer containing serialized data
|
|
|
|
* @param startAt Index within buffer of serialized data (default: 0)
|
|
|
|
* @return Length of serialized data read from buffer
|
2013-10-05 10:00:47 +00:00
|
|
|
* @throws std::out_of_range Serialized data invalid
|
2013-07-04 20:56:19 +00:00
|
|
|
* @throws std::invalid_argument Serialized data invalid
|
|
|
|
*/
|
|
|
|
template<unsigned int C>
|
|
|
|
inline unsigned int deserialize(const Buffer<C> &b,unsigned int startAt = 0)
|
|
|
|
{
|
2019-07-17 15:52:08 +00:00
|
|
|
_hasPrivate = false;
|
2013-07-04 20:56:19 +00:00
|
|
|
unsigned int p = startAt;
|
2019-07-17 15:52:08 +00:00
|
|
|
unsigned int pkl;
|
2013-07-04 20:56:19 +00:00
|
|
|
|
2013-07-29 20:18:29 +00:00
|
|
|
_address.setTo(b.field(p,ZT_ADDRESS_LENGTH),ZT_ADDRESS_LENGTH);
|
2013-07-04 20:56:19 +00:00
|
|
|
p += ZT_ADDRESS_LENGTH;
|
|
|
|
|
2019-07-17 15:52:08 +00:00
|
|
|
_type = (Type)b[p++];
|
|
|
|
switch(_type) {
|
2019-08-07 22:06:03 +00:00
|
|
|
|
2019-07-17 15:52:08 +00:00
|
|
|
case C25519:
|
|
|
|
memcpy(_k.t0.pub.data,b.field(p,ZT_C25519_PUBLIC_KEY_LEN),ZT_C25519_PUBLIC_KEY_LEN);
|
|
|
|
p += ZT_C25519_PUBLIC_KEY_LEN;
|
|
|
|
pkl = (unsigned int)b[p++];
|
|
|
|
if (pkl) {
|
|
|
|
if (pkl != ZT_C25519_PRIVATE_KEY_LEN)
|
|
|
|
throw ZT_EXCEPTION_INVALID_SERIALIZED_DATA_INVALID_CRYPTOGRAPHIC_TOKEN;
|
|
|
|
_hasPrivate = true;
|
|
|
|
memcpy(_k.t0.priv.data,b.field(p,ZT_C25519_PRIVATE_KEY_LEN),ZT_C25519_PRIVATE_KEY_LEN);
|
|
|
|
p += ZT_C25519_PRIVATE_KEY_LEN;
|
|
|
|
} else {
|
|
|
|
memset(_k.t0.priv.data,0,ZT_C25519_PRIVATE_KEY_LEN);
|
|
|
|
_hasPrivate = false;
|
|
|
|
}
|
|
|
|
break;
|
2019-08-07 22:06:03 +00:00
|
|
|
|
2019-07-17 15:52:08 +00:00
|
|
|
case P384:
|
|
|
|
memcpy(_k.t0.pub.data,b.field(p,ZT_ECC384_PUBLIC_KEY_SIZE),ZT_ECC384_PUBLIC_KEY_SIZE);
|
|
|
|
p += ZT_ECC384_PUBLIC_KEY_SIZE;
|
|
|
|
pkl = (unsigned int)b[p++];
|
|
|
|
if (pkl) {
|
|
|
|
if (pkl != ZT_ECC384_PRIVATE_KEY_SIZE)
|
|
|
|
throw ZT_EXCEPTION_INVALID_SERIALIZED_DATA_INVALID_CRYPTOGRAPHIC_TOKEN;
|
|
|
|
_hasPrivate = true;
|
|
|
|
memcpy(_k.t1.priv,b.field(p,ZT_ECC384_PRIVATE_KEY_SIZE),ZT_ECC384_PRIVATE_KEY_SIZE);
|
|
|
|
p += ZT_ECC384_PRIVATE_KEY_SIZE;
|
|
|
|
} else {
|
|
|
|
memset(_k.t1.priv,0,ZT_ECC384_PRIVATE_KEY_SIZE);
|
|
|
|
_hasPrivate = false;
|
|
|
|
}
|
|
|
|
break;
|
2019-08-07 22:06:03 +00:00
|
|
|
|
2019-07-17 15:52:08 +00:00
|
|
|
default:
|
|
|
|
throw ZT_EXCEPTION_INVALID_SERIALIZED_DATA_INVALID_TYPE;
|
2019-08-07 22:06:03 +00:00
|
|
|
|
2013-07-04 20:56:19 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
return (p - startAt);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Serialize to a more human-friendly string
|
|
|
|
*
|
|
|
|
* @param includePrivate If true, include private key (if it exists)
|
2017-07-06 23:11:11 +00:00
|
|
|
* @param buf Buffer to store string
|
2013-07-04 20:56:19 +00:00
|
|
|
* @return ASCII string representation of identity
|
|
|
|
*/
|
2017-07-06 23:11:11 +00:00
|
|
|
char *toString(bool includePrivate,char buf[ZT_IDENTITY_STRING_BUFFER_LENGTH]) const;
|
2013-07-04 20:56:19 +00:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Deserialize a human-friendly string
|
|
|
|
*
|
|
|
|
* Note: validation is for the format only. The locallyValidate() method
|
|
|
|
* must be used to check signature and address/key correspondence.
|
2016-01-12 22:04:55 +00:00
|
|
|
*
|
2013-07-04 20:56:19 +00:00
|
|
|
* @param str String to deserialize
|
|
|
|
* @return True if deserialization appears successful
|
|
|
|
*/
|
|
|
|
bool fromString(const char *str);
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @return True if this identity contains something
|
|
|
|
*/
|
2017-07-17 21:21:09 +00:00
|
|
|
inline operator bool() const { return (_address); }
|
|
|
|
|
2019-07-17 15:52:08 +00:00
|
|
|
inline bool operator==(const Identity &id) const
|
|
|
|
{
|
|
|
|
if ((_address == id._address)&&(_type == id._type)) {
|
|
|
|
switch(_type) {
|
|
|
|
case C25519:
|
|
|
|
return (memcmp(_k.t0.pub.data,id._k.t0.pub.data,ZT_C25519_PUBLIC_KEY_LEN) == 0);
|
|
|
|
case P384:
|
|
|
|
return (memcmp(_k.t1.pub,id._k.t1.pub,ZT_ECC384_PUBLIC_KEY_SIZE) == 0);
|
|
|
|
default:
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
inline bool operator<(const Identity &id) const
|
|
|
|
{
|
|
|
|
if (_address < id._address)
|
|
|
|
return true;
|
|
|
|
if (_address == id._address) {
|
|
|
|
if ((int)_type < (int)id._type)
|
|
|
|
return true;
|
|
|
|
if (_type == id._type) {
|
|
|
|
switch(_type) {
|
|
|
|
case C25519:
|
|
|
|
return (memcmp(_k.t0.pub.data,id._k.t0.pub.data,ZT_C25519_PUBLIC_KEY_LEN) < 0);
|
|
|
|
case P384:
|
|
|
|
return (memcmp(_k.t1.pub,id._k.t1.pub,ZT_ECC384_PUBLIC_KEY_SIZE) < 0);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return false;
|
|
|
|
}
|
2017-07-17 21:21:09 +00:00
|
|
|
inline bool operator!=(const Identity &id) const { return !(*this == id); }
|
|
|
|
inline bool operator>(const Identity &id) const { return (id < *this); }
|
|
|
|
inline bool operator<=(const Identity &id) const { return !(id < *this); }
|
|
|
|
inline bool operator>=(const Identity &id) const { return !(*this < id); }
|
2013-07-04 20:56:19 +00:00
|
|
|
|
2019-07-17 15:52:08 +00:00
|
|
|
inline unsigned long hashCode() const { return (unsigned long)_address.toInt(); }
|
|
|
|
|
2013-07-04 20:56:19 +00:00
|
|
|
private:
|
|
|
|
Address _address;
|
2019-07-17 15:52:08 +00:00
|
|
|
union {
|
|
|
|
struct {
|
|
|
|
C25519::Public pub;
|
|
|
|
C25519::Private priv;
|
|
|
|
} t0;
|
|
|
|
struct {
|
|
|
|
uint8_t pub[ZT_ECC384_PUBLIC_KEY_SIZE];
|
|
|
|
uint8_t priv[ZT_ECC384_PRIVATE_KEY_SIZE];
|
|
|
|
} t1;
|
|
|
|
} _k;
|
|
|
|
Type _type;
|
|
|
|
bool _hasPrivate;
|
2013-07-04 20:56:19 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
} // namespace ZeroTier
|
|
|
|
|
|
|
|
#endif
|