2013-07-04 20:56:19 +00:00
|
|
|
/*
|
2015-02-17 21:11:34 +00:00
|
|
|
* ZeroTier One - Network Virtualization Everywhere
|
|
|
|
|
* Copyright (C) 2011-2015 ZeroTier, Inc.
|
2013-07-04 20:56:19 +00:00
|
|
|
*
|
|
|
|
|
* This program is free software: you can redistribute it and/or modify
|
|
|
|
|
* it under the terms of the GNU General Public License as published by
|
|
|
|
|
* the Free Software Foundation, either version 3 of the License, or
|
|
|
|
|
* (at your option) any later version.
|
|
|
|
|
*
|
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
|
*
|
|
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
|
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
|
*
|
|
|
|
|
* --
|
|
|
|
|
*
|
|
|
|
|
* ZeroTier may be used and distributed under the terms of the GPLv3, which
|
|
|
|
|
* are available at: http://www.gnu.org/licenses/gpl-3.0.html
|
|
|
|
|
*
|
|
|
|
|
* If you would like to embed ZeroTier into a commercial application or
|
|
|
|
|
* redistribute it in a modified binary form, please contact ZeroTier Networks
|
|
|
|
|
* LLC. Start here: http://www.zerotier.com/
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#include <stdio.h>
|
|
|
|
|
#include <stdlib.h>
|
|
|
|
|
#include <string.h>
|
|
|
|
|
#include <stdint.h>
|
|
|
|
|
|
2013-09-17 20:49:16 +00:00
|
|
|
#include "Constants.hpp"
|
2013-07-04 20:56:19 +00:00
|
|
|
#include "Identity.hpp"
|
2013-09-16 17:57:57 +00:00
|
|
|
#include "SHA512.hpp"
|
2013-09-16 18:47:48 +00:00
|
|
|
#include "Salsa20.hpp"
|
2013-10-05 10:00:47 +00:00
|
|
|
#include "Utils.hpp"
|
2013-07-04 20:56:19 +00:00
|
|
|
|
2013-10-05 18:15:59 +00:00
|
|
|
// These can't be changed without a new identity type. They define the
|
|
|
|
|
// parameters of the hashcash hashing/searching algorithm.
|
2013-10-07 16:48:27 +00:00
|
|
|
|
2013-10-20 19:46:36 +00:00
|
|
|
#define ZT_IDENTITY_GEN_HASHCASH_FIRST_BYTE_LESS_THAN 17
|
|
|
|
|
#define ZT_IDENTITY_GEN_MEMORY 2097152
|
2013-10-18 21:39:48 +00:00
|
|
|
#define ZT_IDENTITY_GEN_SALSA20_ROUNDS 20
|
|
|
|
|
|
2013-07-04 20:56:19 +00:00
|
|
|
namespace ZeroTier {
|
|
|
|
|
|
2013-10-06 09:28:25 +00:00
|
|
|
// A memory-hard composition of SHA-512 and Salsa20 for hashcash hashing
|
2013-10-07 16:48:27 +00:00
|
|
|
static inline void _computeMemoryHardHash(const void *publicKey,unsigned int publicKeyBytes,void *digest,void *genmem)
|
2013-10-05 18:15:59 +00:00
|
|
|
{
|
2013-10-20 19:31:32 +00:00
|
|
|
// Digest publicKey[] to obtain initial digest
|
2013-10-07 16:48:27 +00:00
|
|
|
SHA512::hash(digest,publicKey,publicKeyBytes);
|
2013-10-05 18:15:59 +00:00
|
|
|
|
2013-10-20 19:31:32 +00:00
|
|
|
// Initialize genmem[] using Salsa20 in a CBC-like configuration since
|
|
|
|
|
// ordinary Salsa20 is randomly seekable. This is good for a cipher
|
|
|
|
|
// but is not what we want for sequential memory-harndess.
|
2013-10-07 16:48:27 +00:00
|
|
|
memset(genmem,0,ZT_IDENTITY_GEN_MEMORY);
|
2013-10-18 21:39:48 +00:00
|
|
|
Salsa20 s20(digest,256,(char *)digest + 32,ZT_IDENTITY_GEN_SALSA20_ROUNDS);
|
2013-10-20 19:31:32 +00:00
|
|
|
s20.encrypt((char *)genmem,(char *)genmem,64);
|
|
|
|
|
for(unsigned long i=64;i<ZT_IDENTITY_GEN_MEMORY;i+=64) {
|
|
|
|
|
unsigned long k = i - 64;
|
|
|
|
|
*((uint64_t *)((char *)genmem + i)) = *((uint64_t *)((char *)genmem + k));
|
|
|
|
|
*((uint64_t *)((char *)genmem + i + 8)) = *((uint64_t *)((char *)genmem + k + 8));
|
|
|
|
|
*((uint64_t *)((char *)genmem + i + 16)) = *((uint64_t *)((char *)genmem + k + 16));
|
|
|
|
|
*((uint64_t *)((char *)genmem + i + 24)) = *((uint64_t *)((char *)genmem + k + 24));
|
|
|
|
|
*((uint64_t *)((char *)genmem + i + 32)) = *((uint64_t *)((char *)genmem + k + 32));
|
|
|
|
|
*((uint64_t *)((char *)genmem + i + 40)) = *((uint64_t *)((char *)genmem + k + 40));
|
|
|
|
|
*((uint64_t *)((char *)genmem + i + 48)) = *((uint64_t *)((char *)genmem + k + 48));
|
|
|
|
|
*((uint64_t *)((char *)genmem + i + 56)) = *((uint64_t *)((char *)genmem + k + 56));
|
2013-10-20 15:04:58 +00:00
|
|
|
s20.encrypt((char *)genmem + i,(char *)genmem + i,64);
|
2013-10-07 16:48:27 +00:00
|
|
|
}
|
|
|
|
|
|
2013-10-20 19:31:32 +00:00
|
|
|
// Render final digest using genmem as a lookup table
|
|
|
|
|
for(unsigned long i=0;i<(ZT_IDENTITY_GEN_MEMORY / sizeof(uint64_t));) {
|
|
|
|
|
unsigned long idx1 = (unsigned long)(Utils::ntoh(((uint64_t *)genmem)[i++]) % (64 / sizeof(uint64_t)));
|
|
|
|
|
unsigned long idx2 = (unsigned long)(Utils::ntoh(((uint64_t *)genmem)[i++]) % (ZT_IDENTITY_GEN_MEMORY / sizeof(uint64_t)));
|
|
|
|
|
uint64_t tmp = ((uint64_t *)genmem)[idx2];
|
|
|
|
|
((uint64_t *)genmem)[idx2] = ((uint64_t *)digest)[idx1];
|
|
|
|
|
((uint64_t *)digest)[idx1] = tmp;
|
|
|
|
|
s20.encrypt(digest,digest,64);
|
|
|
|
|
}
|
2013-10-05 18:15:59 +00:00
|
|
|
}
|
|
|
|
|
|
2013-10-06 09:28:25 +00:00
|
|
|
// Hashcash generation halting condition -- halt when first byte is less than
|
|
|
|
|
// threshold value.
|
2013-10-05 10:00:47 +00:00
|
|
|
struct _Identity_generate_cond
|
|
|
|
|
{
|
|
|
|
|
_Identity_generate_cond() throw() {}
|
2013-10-07 19:00:38 +00:00
|
|
|
_Identity_generate_cond(unsigned char *sb,char *gm) throw() : digest(sb),genmem(gm) {}
|
2013-10-05 10:00:47 +00:00
|
|
|
inline bool operator()(const C25519::Pair &kp) const
|
|
|
|
|
throw()
|
|
|
|
|
{
|
2014-01-21 21:07:22 +00:00
|
|
|
_computeMemoryHardHash(kp.pub.data,(unsigned int)kp.pub.size(),digest,genmem);
|
2013-10-07 19:00:38 +00:00
|
|
|
return (digest[0] < ZT_IDENTITY_GEN_HASHCASH_FIRST_BYTE_LESS_THAN);
|
2013-10-05 10:00:47 +00:00
|
|
|
}
|
2013-10-07 19:00:38 +00:00
|
|
|
unsigned char *digest;
|
2013-10-07 16:48:27 +00:00
|
|
|
char *genmem;
|
2013-10-05 10:00:47 +00:00
|
|
|
};
|
|
|
|
|
|
2013-07-04 20:56:19 +00:00
|
|
|
void Identity::generate()
|
|
|
|
|
{
|
2013-10-07 19:00:38 +00:00
|
|
|
unsigned char digest[64];
|
2013-10-07 16:48:27 +00:00
|
|
|
char *genmem = new char[ZT_IDENTITY_GEN_MEMORY];
|
2013-10-05 10:00:47 +00:00
|
|
|
|
2013-09-16 13:20:59 +00:00
|
|
|
C25519::Pair kp;
|
2013-07-04 20:56:19 +00:00
|
|
|
do {
|
2013-10-07 19:00:38 +00:00
|
|
|
kp = C25519::generateSatisfying(_Identity_generate_cond(digest,genmem));
|
|
|
|
|
_address.setTo(digest + 59,ZT_ADDRESS_LENGTH); // last 5 bytes are address
|
2013-07-04 20:56:19 +00:00
|
|
|
} while (_address.isReserved());
|
2013-09-16 13:20:59 +00:00
|
|
|
|
|
|
|
|
_publicKey = kp.pub;
|
|
|
|
|
if (!_privateKey)
|
|
|
|
|
_privateKey = new C25519::Private();
|
|
|
|
|
*_privateKey = kp.priv;
|
2013-10-06 09:28:25 +00:00
|
|
|
|
|
|
|
|
delete [] genmem;
|
2013-07-04 20:56:19 +00:00
|
|
|
}
|
|
|
|
|
|
2013-10-05 11:00:55 +00:00
|
|
|
bool Identity::locallyValidate() const
|
2013-07-04 20:56:19 +00:00
|
|
|
{
|
2013-10-05 14:19:12 +00:00
|
|
|
if (_address.isReserved())
|
|
|
|
|
return false;
|
2013-10-05 18:15:59 +00:00
|
|
|
|
2013-10-07 19:00:38 +00:00
|
|
|
unsigned char digest[64];
|
2013-10-07 16:48:27 +00:00
|
|
|
char *genmem = new char[ZT_IDENTITY_GEN_MEMORY];
|
2014-01-21 21:07:22 +00:00
|
|
|
_computeMemoryHardHash(_publicKey.data,(unsigned int)_publicKey.size(),digest,genmem);
|
2013-10-06 09:28:25 +00:00
|
|
|
delete [] genmem;
|
2013-10-05 18:15:59 +00:00
|
|
|
|
|
|
|
|
unsigned char addrb[5];
|
2013-10-05 11:00:55 +00:00
|
|
|
_address.copyTo(addrb,5);
|
2013-10-20 15:04:58 +00:00
|
|
|
|
2013-10-05 11:00:55 +00:00
|
|
|
return (
|
2013-10-07 19:00:38 +00:00
|
|
|
(digest[0] < ZT_IDENTITY_GEN_HASHCASH_FIRST_BYTE_LESS_THAN)&&
|
|
|
|
|
(digest[59] == addrb[0])&&
|
|
|
|
|
(digest[60] == addrb[1])&&
|
|
|
|
|
(digest[61] == addrb[2])&&
|
|
|
|
|
(digest[62] == addrb[3])&&
|
|
|
|
|
(digest[63] == addrb[4]));
|
2013-07-04 20:56:19 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
std::string Identity::toString(bool includePrivate) const
|
|
|
|
|
{
|
|
|
|
|
std::string r;
|
2013-09-16 13:20:59 +00:00
|
|
|
|
2013-07-04 20:56:19 +00:00
|
|
|
r.append(_address.toString());
|
2013-10-05 10:00:47 +00:00
|
|
|
r.append(":0:"); // 0 == IDENTITY_TYPE_C25519
|
2014-01-21 21:07:22 +00:00
|
|
|
r.append(Utils::hex(_publicKey.data,(unsigned int)_publicKey.size()));
|
2013-09-16 17:02:10 +00:00
|
|
|
if ((_privateKey)&&(includePrivate)) {
|
|
|
|
|
r.push_back(':');
|
2014-01-21 21:07:22 +00:00
|
|
|
r.append(Utils::hex(_privateKey->data,(unsigned int)_privateKey->size()));
|
2013-09-16 17:02:10 +00:00
|
|
|
}
|
2013-09-16 13:20:59 +00:00
|
|
|
|
2013-07-04 20:56:19 +00:00
|
|
|
return r;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
bool Identity::fromString(const char *str)
|
|
|
|
|
{
|
2013-09-16 17:02:10 +00:00
|
|
|
char *saveptr = (char *)0;
|
|
|
|
|
char tmp[4096];
|
|
|
|
|
if (!Utils::scopy(tmp,sizeof(tmp),str))
|
|
|
|
|
return false;
|
|
|
|
|
|
|
|
|
|
delete _privateKey;
|
|
|
|
|
_privateKey = (C25519::Private *)0;
|
|
|
|
|
|
|
|
|
|
int fno = 0;
|
|
|
|
|
for(char *f=Utils::stok(tmp,":",&saveptr);(f);f=Utils::stok((char *)0,":",&saveptr)) {
|
|
|
|
|
switch(fno++) {
|
|
|
|
|
case 0:
|
|
|
|
|
_address = Address(f);
|
|
|
|
|
if (_address.isReserved())
|
|
|
|
|
return false;
|
|
|
|
|
break;
|
|
|
|
|
case 1:
|
2013-10-07 19:00:38 +00:00
|
|
|
if ((f[0] != '0')||(f[1]))
|
2013-09-16 17:02:10 +00:00
|
|
|
return false;
|
|
|
|
|
break;
|
|
|
|
|
case 2:
|
2014-01-21 21:07:22 +00:00
|
|
|
if (Utils::unhex(f,_publicKey.data,(unsigned int)_publicKey.size()) != _publicKey.size())
|
2013-09-16 17:02:10 +00:00
|
|
|
return false;
|
|
|
|
|
break;
|
|
|
|
|
case 3:
|
|
|
|
|
_privateKey = new C25519::Private();
|
2014-01-21 21:07:22 +00:00
|
|
|
if (Utils::unhex(f,_privateKey->data,(unsigned int)_privateKey->size()) != _privateKey->size())
|
2013-09-16 17:02:10 +00:00
|
|
|
return false;
|
|
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
}
|
2013-10-05 18:15:59 +00:00
|
|
|
if (fno < 3)
|
2013-09-16 17:02:10 +00:00
|
|
|
return false;
|
|
|
|
|
|
|
|
|
|
return true;
|
2013-07-04 20:56:19 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
} // namespace ZeroTier
|
|
|
|
|
|
