Rest of work on new hashcash based identity scheme.

2025-02-20 17:52:46 +00:00 · 2013-10-05 07:00:55 -04:00 · 2013-10-05 07:00:55 -04:00 · 0e43e5e8f2
commit 0e43e5e8f2
parent b0187f4472
6 changed files with 41 additions and 177 deletions
--- a/node/Identity.cpp
+++ b/node/Identity.cpp
@ -36,6 +36,8 @@
 #include "Salsa20.hpp"
 #include "Utils.hpp"

+#define ZT_IDENTITY_SHA_BYTE1_MASK 0xf8
+
 namespace ZeroTier {

 /*
@ -51,7 +53,7 @@ struct _Identity_generate_cond
 	{
 		SHA512::hash(sha512buf,kp.pub.data,kp.pub.size());

-		if ((!sha512buf[0])&&(!(sha512buf[1] & 0xf0)))
+		if ((!sha512buf[0])&&(!(sha512buf[1] & ZT_IDENTITY_SHA_BYTE1_MASK)))
 			return true;

 		return false;
@ -76,9 +78,20 @@ void Identity::generate()
 	*_privateKey = kp.priv;
 }

-bool Identity::locallyValidate(bool doAddressDerivationCheck) const
+bool Identity::locallyValidate() const
 {
-	return true;
+	char sha512buf[64];
+	char addrb[5];
+	_address.copyTo(addrb,5);
+	SHA512::hash(sha512buf,_publicKey.data,_publicKey.size());
+	return (
+		(!sha512buf[0])&&
+		(!(sha512buf[1] & ZT_IDENTITY_SHA_BYTE1_MASK))&&
+		(sha512buf[59] == addrb[0])&&
+		(sha512buf[60] == addrb[1])&&
+		(sha512buf[61] == addrb[2])&&
+		(sha512buf[62] == addrb[3])&&
+		(sha512buf[63] == addrb[4]));
 }

 std::string Identity::toString(bool includePrivate) const
--- a/node/Identity.hpp
+++ b/node/Identity.hpp
@ -128,19 +128,11 @@ public:
 	void generate();

 	/**
-	 * Performs local validation, with two levels available
-	 * 
-	 * With the parameter false, this performs self-signature verification
-	 * which checks the basic integrity of the key and identity. Setting the
-	 * parameter to true performs a fairly time consuming computation to
-	 * check that the address was properly derived from the key. This is
-	 * normally not done unless a conflicting identity is received, in
-	 * which case the invalid identity is thrown out.
-	 * 
-	 * @param doAddressDerivationCheck If true, do the time-consuming address check
+	 * Check the validity of this identity's pairing of key to address
+	 *
 	 * @return True if validation check passes
 	 */
-	bool locallyValidate(bool doAddressDerivationCheck) const;
+	bool locallyValidate() const;

 	/**
 	 * @return True if this identity contains a private key
--- a/node/Topology.cpp
+++ b/node/Topology.cpp
@ -244,7 +244,7 @@ void Topology::threadMain()
 				 * since this means either malicious intent or broken software. */
 				TRACE("verifying peer: %s",job.candidate->identity().address().toString().c_str());

-				if ((job.candidate->identity())&&(!job.candidate->identity().address().isReserved())&&(job.candidate->identity().locallyValidate(false))) {
+				if ((job.candidate->identity())&&(!job.candidate->identity().address().isReserved())&&(job.candidate->identity().locallyValidate())) {
 					// Peer passes sniff test, so check to see if we've already got
 					// one with the same address.

@ -271,11 +271,11 @@ void Topology::threadMain()
 							// existing claimant, and toss the imposter. If both verify, the
 							// one we already have wins.

-							if (!job.candidate->identity().locallyValidate(true)) {
+							if (!job.candidate->identity().locallyValidate()) {
 								LOG("Topology: IMPOSTER %s rejected",job.candidate->identity().address().toString().c_str());
 								if (job.callback)
 									job.callback(job.arg,job.candidate,PEER_VERIFY_REJECTED_INVALID_IDENTITY);
-							} else if (!existingPeer->identity().locallyValidate(true)) {
+							} else if (!existingPeer->identity().locallyValidate()) {
 								LOG("Topology: previous IMPOSTER %s displaced by valid identity!",job.candidate->identity().address().toString().c_str());
 								_reallyAddPeer(job.candidate);
 								if (job.callback)
--- a/node/Utils.cpp
+++ b/node/Utils.cpp
@ -50,137 +50,6 @@ namespace ZeroTier {

 const char Utils::HEXCHARS[16] = { '0','1','2','3','4','5','6','7','8','9','a','b','c','d','e','f' };

-const uint64_t Utils::crc64Table[256] = {
-	0x0000000000000000ULL,0x7ad870c830358979ULL,
-	0xf5b0e190606b12f2ULL,0x8f689158505e9b8bULL,
-	0xc038e5739841b68fULL,0xbae095bba8743ff6ULL,
-	0x358804e3f82aa47dULL,0x4f50742bc81f2d04ULL,
-	0xab28ecb46814fe75ULL,0xd1f09c7c5821770cULL,
-	0x5e980d24087fec87ULL,0x24407dec384a65feULL,
-	0x6b1009c7f05548faULL,0x11c8790fc060c183ULL,
-	0x9ea0e857903e5a08ULL,0xe478989fa00bd371ULL,
-	0x7d08ff3b88be6f81ULL,0x07d08ff3b88be6f8ULL,
-	0x88b81eabe8d57d73ULL,0xf2606e63d8e0f40aULL,
-	0xbd301a4810ffd90eULL,0xc7e86a8020ca5077ULL,
-	0x4880fbd87094cbfcULL,0x32588b1040a14285ULL,
-	0xd620138fe0aa91f4ULL,0xacf86347d09f188dULL,
-	0x2390f21f80c18306ULL,0x594882d7b0f40a7fULL,
-	0x1618f6fc78eb277bULL,0x6cc0863448deae02ULL,
-	0xe3a8176c18803589ULL,0x997067a428b5bcf0ULL,
-	0xfa11fe77117cdf02ULL,0x80c98ebf2149567bULL,
-	0x0fa11fe77117cdf0ULL,0x75796f2f41224489ULL,
-	0x3a291b04893d698dULL,0x40f16bccb908e0f4ULL,
-	0xcf99fa94e9567b7fULL,0xb5418a5cd963f206ULL,
-	0x513912c379682177ULL,0x2be1620b495da80eULL,
-	0xa489f35319033385ULL,0xde51839b2936bafcULL,
-	0x9101f7b0e12997f8ULL,0xebd98778d11c1e81ULL,
-	0x64b116208142850aULL,0x1e6966e8b1770c73ULL,
-	0x8719014c99c2b083ULL,0xfdc17184a9f739faULL,
-	0x72a9e0dcf9a9a271ULL,0x08719014c99c2b08ULL,
-	0x4721e43f0183060cULL,0x3df994f731b68f75ULL,
-	0xb29105af61e814feULL,0xc849756751dd9d87ULL,
-	0x2c31edf8f1d64ef6ULL,0x56e99d30c1e3c78fULL,
-	0xd9810c6891bd5c04ULL,0xa3597ca0a188d57dULL,
-	0xec09088b6997f879ULL,0x96d1784359a27100ULL,
-	0x19b9e91b09fcea8bULL,0x636199d339c963f2ULL,
-	0xdf7adabd7a6e2d6fULL,0xa5a2aa754a5ba416ULL,
-	0x2aca3b2d1a053f9dULL,0x50124be52a30b6e4ULL,
-	0x1f423fcee22f9be0ULL,0x659a4f06d21a1299ULL,
-	0xeaf2de5e82448912ULL,0x902aae96b271006bULL,
-	0x74523609127ad31aULL,0x0e8a46c1224f5a63ULL,
-	0x81e2d7997211c1e8ULL,0xfb3aa75142244891ULL,
-	0xb46ad37a8a3b6595ULL,0xceb2a3b2ba0eececULL,
-	0x41da32eaea507767ULL,0x3b024222da65fe1eULL,
-	0xa2722586f2d042eeULL,0xd8aa554ec2e5cb97ULL,
-	0x57c2c41692bb501cULL,0x2d1ab4dea28ed965ULL,
-	0x624ac0f56a91f461ULL,0x1892b03d5aa47d18ULL,
-	0x97fa21650afae693ULL,0xed2251ad3acf6feaULL,
-	0x095ac9329ac4bc9bULL,0x7382b9faaaf135e2ULL,
-	0xfcea28a2faafae69ULL,0x8632586aca9a2710ULL,
-	0xc9622c4102850a14ULL,0xb3ba5c8932b0836dULL,
-	0x3cd2cdd162ee18e6ULL,0x460abd1952db919fULL,
-	0x256b24ca6b12f26dULL,0x5fb354025b277b14ULL,
-	0xd0dbc55a0b79e09fULL,0xaa03b5923b4c69e6ULL,
-	0xe553c1b9f35344e2ULL,0x9f8bb171c366cd9bULL,
-	0x10e3202993385610ULL,0x6a3b50e1a30ddf69ULL,
-	0x8e43c87e03060c18ULL,0xf49bb8b633338561ULL,
-	0x7bf329ee636d1eeaULL,0x012b592653589793ULL,
-	0x4e7b2d0d9b47ba97ULL,0x34a35dc5ab7233eeULL,
-	0xbbcbcc9dfb2ca865ULL,0xc113bc55cb19211cULL,
-	0x5863dbf1e3ac9decULL,0x22bbab39d3991495ULL,
-	0xadd33a6183c78f1eULL,0xd70b4aa9b3f20667ULL,
-	0x985b3e827bed2b63ULL,0xe2834e4a4bd8a21aULL,
-	0x6debdf121b863991ULL,0x1733afda2bb3b0e8ULL,
-	0xf34b37458bb86399ULL,0x8993478dbb8deae0ULL,
-	0x06fbd6d5ebd3716bULL,0x7c23a61ddbe6f812ULL,
-	0x3373d23613f9d516ULL,0x49aba2fe23cc5c6fULL,
-	0xc6c333a67392c7e4ULL,0xbc1b436e43a74e9dULL,
-	0x95ac9329ac4bc9b5ULL,0xef74e3e19c7e40ccULL,
-	0x601c72b9cc20db47ULL,0x1ac40271fc15523eULL,
-	0x5594765a340a7f3aULL,0x2f4c0692043ff643ULL,
-	0xa02497ca54616dc8ULL,0xdafce7026454e4b1ULL,
-	0x3e847f9dc45f37c0ULL,0x445c0f55f46abeb9ULL,
-	0xcb349e0da4342532ULL,0xb1eceec59401ac4bULL,
-	0xfebc9aee5c1e814fULL,0x8464ea266c2b0836ULL,
-	0x0b0c7b7e3c7593bdULL,0x71d40bb60c401ac4ULL,
-	0xe8a46c1224f5a634ULL,0x927c1cda14c02f4dULL,
-	0x1d148d82449eb4c6ULL,0x67ccfd4a74ab3dbfULL,
-	0x289c8961bcb410bbULL,0x5244f9a98c8199c2ULL,
-	0xdd2c68f1dcdf0249ULL,0xa7f41839ecea8b30ULL,
-	0x438c80a64ce15841ULL,0x3954f06e7cd4d138ULL,
-	0xb63c61362c8a4ab3ULL,0xcce411fe1cbfc3caULL,
-	0x83b465d5d4a0eeceULL,0xf96c151de49567b7ULL,
-	0x76048445b4cbfc3cULL,0x0cdcf48d84fe7545ULL,
-	0x6fbd6d5ebd3716b7ULL,0x15651d968d029fceULL,
-	0x9a0d8ccedd5c0445ULL,0xe0d5fc06ed698d3cULL,
-	0xaf85882d2576a038ULL,0xd55df8e515432941ULL,
-	0x5a3569bd451db2caULL,0x20ed197575283bb3ULL,
-	0xc49581ead523e8c2ULL,0xbe4df122e51661bbULL,
-	0x3125607ab548fa30ULL,0x4bfd10b2857d7349ULL,
-	0x04ad64994d625e4dULL,0x7e7514517d57d734ULL,
-	0xf11d85092d094cbfULL,0x8bc5f5c11d3cc5c6ULL,
-	0x12b5926535897936ULL,0x686de2ad05bcf04fULL,
-	0xe70573f555e26bc4ULL,0x9ddd033d65d7e2bdULL,
-	0xd28d7716adc8cfb9ULL,0xa85507de9dfd46c0ULL,
-	0x273d9686cda3dd4bULL,0x5de5e64efd965432ULL,
-	0xb99d7ed15d9d8743ULL,0xc3450e196da80e3aULL,
-	0x4c2d9f413df695b1ULL,0x36f5ef890dc31cc8ULL,
-	0x79a59ba2c5dc31ccULL,0x037deb6af5e9b8b5ULL,
-	0x8c157a32a5b7233eULL,0xf6cd0afa9582aa47ULL,
-	0x4ad64994d625e4daULL,0x300e395ce6106da3ULL,
-	0xbf66a804b64ef628ULL,0xc5bed8cc867b7f51ULL,
-	0x8aeeace74e645255ULL,0xf036dc2f7e51db2cULL,
-	0x7f5e4d772e0f40a7ULL,0x05863dbf1e3ac9deULL,
-	0xe1fea520be311aafULL,0x9b26d5e88e0493d6ULL,
-	0x144e44b0de5a085dULL,0x6e963478ee6f8124ULL,
-	0x21c640532670ac20ULL,0x5b1e309b16452559ULL,
-	0xd476a1c3461bbed2ULL,0xaeaed10b762e37abULL,
-	0x37deb6af5e9b8b5bULL,0x4d06c6676eae0222ULL,
-	0xc26e573f3ef099a9ULL,0xb8b627f70ec510d0ULL,
-	0xf7e653dcc6da3dd4ULL,0x8d3e2314f6efb4adULL,
-	0x0256b24ca6b12f26ULL,0x788ec2849684a65fULL,
-	0x9cf65a1b368f752eULL,0xe62e2ad306bafc57ULL,
-	0x6946bb8b56e467dcULL,0x139ecb4366d1eea5ULL,
-	0x5ccebf68aecec3a1ULL,0x2616cfa09efb4ad8ULL,
-	0xa97e5ef8cea5d153ULL,0xd3a62e30fe90582aULL,
-	0xb0c7b7e3c7593bd8ULL,0xca1fc72bf76cb2a1ULL,
-	0x45775673a732292aULL,0x3faf26bb9707a053ULL,
-	0x70ff52905f188d57ULL,0x0a2722586f2d042eULL,
-	0x854fb3003f739fa5ULL,0xff97c3c80f4616dcULL,
-	0x1bef5b57af4dc5adULL,0x61372b9f9f784cd4ULL,
-	0xee5fbac7cf26d75fULL,0x9487ca0fff135e26ULL,
-	0xdbd7be24370c7322ULL,0xa10fceec0739fa5bULL,
-	0x2e675fb4576761d0ULL,0x54bf2f7c6752e8a9ULL,
-	0xcdcf48d84fe75459ULL,0xb71738107fd2dd20ULL,
-	0x387fa9482f8c46abULL,0x42a7d9801fb9cfd2ULL,
-	0x0df7adabd7a6e2d6ULL,0x772fdd63e7936bafULL,
-	0xf8474c3bb7cdf024ULL,0x829f3cf387f8795dULL,
-	0x66e7a46c27f3aa2cULL,0x1c3fd4a417c62355ULL,
-	0x935745fc4798b8deULL,0xe98f353477ad31a7ULL,
-	0xa6df411fbfb21ca3ULL,0xdc0731d78f8795daULL,
-	0x536fa08fdfd90e51ULL,0x29b7d047efec8728ULL
-};
-
 static const char *DAY_NAMES[7] = { "Sun","Mon","Tue","Wed","Thu","Fri","Sat" };
 static const char *MONTH_NAMES[12] = { "Jan","Feb","Mar","Apr","May","Jun","Jul","Aug","Sep","Oct","Nov","Dec" };

--- a/node/Utils.hpp
+++ b/node/Utils.hpp
@ -678,22 +678,6 @@ public:
 		return ((*aptr & mask) == (*aptr & mask));
 	}

-	/**
-	 * Compute CRC64
-	 *
-	 * @param crc Previous CRC (0 to start)
-	 * @param s String to add to crc
-	 * @param l Length of string in bytes
-	 * @return New CRC
-	 */
-	static inline uint64_t crc64(uint64_t crc,const void *s,unsigned int l)
-		throw()
-	{
-		for(unsigned int i=0;i<l;++i)
-			crc = crc64Table[(uint8_t)crc ^ ((const uint8_t *)s)[i]] ^ (crc >> 8);
-		return crc;
-	}
-
 	static inline uint8_t hton(uint8_t n) throw() { return n; }
 	static inline int8_t hton(int8_t n) throw() { return n; }
 	static inline uint16_t hton(uint16_t n) throw() { return htons(n); }
@ -758,9 +742,6 @@ public:
 	 * Hexadecimal characters 0-f
 	 */
 	static const char HEXCHARS[16];
-
-private:
-	static const uint64_t crc64Table[256];
 };

 } // namespace ZeroTier
--- a/selftest.cpp
+++ b/selftest.cpp
@ -207,18 +207,27 @@ static int testIdentity()
 	Identity id;
 	Buffer<512> buf;

-#if 0
-	std::cout << "[identity] Fully validate known-good identity... "; std::cout.flush();
-	if (!id.fromString("b487ffe552:2:9b121d26968a86eceea96d689dfb364a13f645aea9530c6d0c00c457569751340e8ff9ddf46be38190dcdd6178ff555cc48012a47280fbdece35799d8c445104:902474096fc914f0d6320a9d19b9e52d23bcf652e98b3930432d07a8271be0e19a813d1e77ee24db3454ce0c6c4a35e18a3adc0d06ee3bf086b38bd26ff95b085b4f1fd1d4ce423b15bc362cd5f13079b58252fd38b98b67b45203bb81423780:24f7ce86df8e242e4d7d04b657cf37eddc1aa7b34b6f38821c35fe393a4a381e0eef6e7b8b4ceab35a51e6ab0b6cbeb7c7282bc21c0c60cb6a512e454ecd45c5")) {
+	std::cout << "[identity] Validate known-good identity... "; std::cout.flush();
+	if (!id.fromString("0614d4a18e:0:ad2020bb575ace4397c490c9143718b43c9e78d3be72e1793a7380e45491d45ab7180443cca8f4f08ba5ea7e3466e76751039cb2554c19cf6540df7babed4037:6dcd4d5edf3b00659baea6ac75fabc9f82ada9a4e8d5618e663505ef16a301b3d0ff4cf6c663bbd0989dac42dcf2df29862fc83ee1d1a032d723d777bb78d08b")) {
 		std::cout << "FAIL (1)" << std::endl;
 		return -1;
 	}
-	if (!id.locallyValidate(true)) {
+	if (!id.locallyValidate()) {
 		std::cout << "FAIL (2)" << std::endl;
 		return -1;
 	}
 	std::cout << "PASS" << std::endl;
-#endif
+
+	std::cout << "[identity] Validate known-bad identity... "; std::cout.flush();
+	if (!id.fromString("0615d4a18e:0:ad2020bb575ace4397c490c9143718b43c9e78d3be72e1793a7380e45491d45ab7180443cca8f4f08ba5ea7e3466e76751039cb2554c19cf6540df7babed4037:6dcd4d5edf3b00659baea6ac75fabc9f82ada9a4e8d5618e663505ef16a301b3d0ff4cf6c663bbd0989dac42dcf2df29862fc83ee1d1a032d723d777bb78d08b")) {
+		std::cout << "FAIL (1)" << std::endl;
+		return -1;
+	}
+	if (id.locallyValidate()) {
+		std::cout << "FAIL (2)" << std::endl;
+		return -1;
+	}
+	std::cout << "PASS (i.e. it failed)" << std::endl;

 	for(unsigned int k=0;k<4;++k) {
 		std::cout << "[identity] Generate identity... "; std::cout.flush();
@ -227,7 +236,7 @@ static int testIdentity()
 		uint64_t genend = Utils::now();
 		std::cout << "(took " << (genend - genstart) << "ms): " << id.toString(true) << std::endl;
 		std::cout << "[identity] Locally validate identity: ";
-		if (id.locallyValidate(false)) {
+		if (id.locallyValidate()) {
 			std::cout << "PASS" << std::endl;
 		} else {
 			std::cout << "FAIL" << std::endl;
@ -241,7 +250,7 @@ static int testIdentity()
 		id.serialize(buf,true);
 		id2.deserialize(buf);
 		std::cout << "[identity] Serialize and deserialize (w/private): ";
-		if ((id == id2)&&(id2.locallyValidate(false))) {
+		if ((id == id2)&&(id2.locallyValidate())) {
 			std::cout << "PASS" << std::endl;
 		} else {
 			std::cout << "FAIL" << std::endl;
@ -255,7 +264,7 @@ static int testIdentity()
 		id.serialize(buf,false);
 		id2.deserialize(buf);
 		std::cout << "[identity] Serialize and deserialize (no private): ";
-		if ((id == id2)&&(id2.locallyValidate(false))) {
+		if ((id == id2)&&(id2.locallyValidate())) {
 			std::cout << "PASS" << std::endl;
 		} else {
 			std::cout << "FAIL" << std::endl;
@ -267,7 +276,7 @@ static int testIdentity()
 		Identity id2;
 		id2.fromString(id.toString(true).c_str());
 		std::cout << "[identity] Serialize and deserialize (ASCII w/private): ";
-		if ((id == id2)&&(id2.locallyValidate(false))) {
+		if ((id == id2)&&(id2.locallyValidate())) {
 			std::cout << "PASS" << std::endl;
 		} else {
 			std::cout << "FAIL" << std::endl;
@ -279,7 +288,7 @@ static int testIdentity()
 		Identity id2;
 		id2.fromString(id.toString(false).c_str());
 		std::cout << "[identity] Serialize and deserialize (ASCII no private): ";
-		if ((id == id2)&&(id2.locallyValidate(false))) {
+		if ((id == id2)&&(id2.locallyValidate())) {
 			std::cout << "PASS" << std::endl;
 		} else {
 			std::cout << "FAIL" << std::endl;