mirror of
https://github.com/zerotier/ZeroTierOne.git
synced 2025-04-07 11:17:29 +00:00
AES works! Only with this or newer nodes. Uses salsa with older ones as usual.
This commit is contained in:
Adam Ierymenko
parent
1c9407e016
commit
7219ca0c0f
@ -376,9 +376,8 @@ public:
|
||||
*/
|
||||
ZT_INLINE void finish1() noexcept
|
||||
{
|
||||
uint64_t tmp[2];
|
||||
|
||||
// Compute 128-bit GMAC tag.
|
||||
uint64_t tmp[2];
|
||||
_gmac.finish(reinterpret_cast<uint8_t *>(tmp));
|
||||
|
||||
// Shorten to 64 bits, concatenate with message IV, and encrypt with AES to
|
||||
|
||||
@ -201,11 +201,6 @@
|
||||
*/
|
||||
#define ZT_TX_QUEUE_SIZE 32
|
||||
|
||||
/**
|
||||
* Length of secret key in bytes -- 256-bit -- do not change
|
||||
*/
|
||||
#define ZT_PEER_SECRET_KEY_LENGTH 32
|
||||
|
||||
/**
|
||||
* Minimum delay between timer task checks to prevent thrashing
|
||||
*/
|
||||
|
||||
@ -173,13 +173,12 @@ public:
|
||||
*
|
||||
* @param id Identity to agree with
|
||||
* @param key Result parameter to fill with key bytes
|
||||
* @param klen Length of key in bytes
|
||||
* @return Was agreement successful?
|
||||
*/
|
||||
inline bool agree(const Identity &id,void *key,unsigned int klen) const
|
||||
inline bool agree(const Identity &id,void *const key) const
|
||||
{
|
||||
if (_privateKey) {
|
||||
C25519::agree(*_privateKey,id._publicKey,key,klen);
|
||||
C25519::agree(*_privateKey,id._publicKey,key,ZT_SYMMETRIC_KEY_SIZE);
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
|
||||
@ -286,8 +286,8 @@ bool IncomingPacket::_doHELLO(const RuntimeEnvironment *RR,void *tPtr,const bool
|
||||
if (!RR->node->rateGateIdentityVerification(now,_path->address()))
|
||||
return true;
|
||||
|
||||
uint8_t key[ZT_PEER_SECRET_KEY_LENGTH];
|
||||
if (RR->identity.agree(id,key,ZT_PEER_SECRET_KEY_LENGTH)) {
|
||||
uint8_t key[ZT_SYMMETRIC_KEY_SIZE];
|
||||
if (RR->identity.agree(id,key)) {
|
||||
if (dearmor(key, peer->aesKeysIfSupported())) { // ensure packet is authentic, otherwise drop
|
||||
RR->t->incomingPacketDroppedHELLO(tPtr,_path,pid,fromAddress,"address collision");
|
||||
Packet outp(id.address(),RR->identity.address(),Packet::VERB_ERROR);
|
||||
|
||||
@ -881,7 +881,6 @@ void Packet::armor(const void *key,bool encryptPayload,const AES aesKeys[2])
|
||||
uint8_t *const data = reinterpret_cast<uint8_t *>(unsafeData());
|
||||
if ((aesKeys) && (encryptPayload)) {
|
||||
char tmp0[16],tmp1[16];
|
||||
printf("AES armor %.16llx %s -> %s %u\n",*reinterpret_cast<const uint64_t *>(data),Address(data + ZT_PACKET_IDX_SOURCE,5).toString(tmp0),Address(data + ZT_PACKET_IDX_DEST,5).toString(tmp1),size());
|
||||
setCipher(ZT_PROTO_CIPHER_SUITE__AES_GMAC_SIV);
|
||||
|
||||
uint8_t *const payload = data + ZT_PACKET_IDX_VERB;
|
||||
@ -899,7 +898,7 @@ void Packet::armor(const void *key,bool encryptPayload,const AES aesKeys[2])
|
||||
Utils::copy<8>(data,tag);
|
||||
Utils::copy<8>(data + ZT_PACKET_IDX_MAC,tag + 1);
|
||||
#else
|
||||
*reinterpret_cast<uint64_t *>(data) = tag[0];
|
||||
*reinterpret_cast<uint64_t *>(data + ZT_PACKET_IDX_IV) = tag[0];
|
||||
*reinterpret_cast<uint64_t *>(data + ZT_PACKET_IDX_MAC) = tag[1];
|
||||
#endif
|
||||
} else {
|
||||
@ -947,20 +946,21 @@ bool Packet::dearmor(const void *key,const AES aesKeys[2])
|
||||
|
||||
if (cs == ZT_PROTO_CIPHER_SUITE__AES_GMAC_SIV) {
|
||||
if (aesKeys) {
|
||||
printf("AES dearmor\n");
|
||||
AES::GMACSIVDecryptor dec(aesKeys[0],aesKeys[1]);
|
||||
|
||||
uint64_t tag[2];
|
||||
#ifdef ZT_NO_UNALIGNED_ACCESS
|
||||
Utils::copy<8>(tag, data);
|
||||
Utils::copy<8>(tag + 1, data + ZT_PACKET_IDX_MAC);
|
||||
#else
|
||||
tag[0] = *reinterpret_cast<uint64_t *>(data);
|
||||
tag[0] = *reinterpret_cast<uint64_t *>(data + ZT_PACKET_IDX_IV);
|
||||
tag[1] = *reinterpret_cast<uint64_t *>(data + ZT_PACKET_IDX_MAC);
|
||||
#endif
|
||||
|
||||
AES::GMACSIVDecryptor dec(aesKeys[0],aesKeys[1]);
|
||||
dec.init(tag, payload);
|
||||
const uint8_t oldFlags = data[ZT_PACKET_IDX_FLAGS];
|
||||
data[ZT_PACKET_IDX_FLAGS] &= 0xf8;
|
||||
dec.aad(data + ZT_PACKET_IDX_DEST,11);
|
||||
data[ZT_PACKET_IDX_FLAGS] = oldFlags;
|
||||
dec.update(payload, payloadLen);
|
||||
return dec.finish();
|
||||
}
|
||||
|
||||
@ -58,16 +58,15 @@ Peer::Peer(const RuntimeEnvironment *renv,const Identity &myIdentity,const Ident
|
||||
_bondingPolicy(0),
|
||||
_lastComputedAggregateMeanLatency(0)
|
||||
{
|
||||
if (!myIdentity.agree(peerIdentity,_key,ZT_PEER_SECRET_KEY_LENGTH)) {
|
||||
if (!myIdentity.agree(peerIdentity,_key))
|
||||
throw ZT_EXCEPTION_INVALID_ARGUMENT;
|
||||
}
|
||||
|
||||
uint8_t ktmp[48];
|
||||
uint8_t ktmp[ZT_SYMMETRIC_KEY_SIZE];
|
||||
KBKDFHMACSHA384(_key,ZT_KBKDF_LABEL_AES_GMAC_SIV_K0,0,0,ktmp);
|
||||
_aesKeys[0].init(ktmp);
|
||||
KBKDFHMACSHA384(_key,ZT_KBKDF_LABEL_AES_GMAC_SIV_K1,0,0,ktmp);
|
||||
_aesKeys[0].init(ktmp);
|
||||
Utils::burn(ktmp, 48);
|
||||
_aesKeys[1].init(ktmp);
|
||||
Utils::burn(ktmp,ZT_SYMMETRIC_KEY_SIZE);
|
||||
}
|
||||
|
||||
void Peer::received(
|
||||
|
||||
@ -533,11 +533,11 @@ public:
|
||||
*/
|
||||
inline int8_t bondingPolicy() { return _bondingPolicy; }
|
||||
|
||||
const AES *aesKeysIfSupported() const
|
||||
{ return (const AES *)0; }
|
||||
|
||||
//const AES *aesKeysIfSupported() const
|
||||
//{ return (_vProto >= 12) ? _aesKeys : (const AES *)0; }
|
||||
//{ return (const AES *)0; }
|
||||
|
||||
const AES *aesKeysIfSupported() const
|
||||
{ return (_vProto >= 12) ? _aesKeys : (const AES *)0; }
|
||||
|
||||
private:
|
||||
struct _PeerPath
|
||||
@ -548,7 +548,7 @@ private:
|
||||
long priority; // >= 1, higher is better
|
||||
};
|
||||
|
||||
uint8_t _key[ZT_PEER_SECRET_KEY_LENGTH];
|
||||
uint8_t _key[ZT_SYMMETRIC_KEY_SIZE];
|
||||
AES _aesKeys[2];
|
||||
|
||||
const RuntimeEnvironment *RR;
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user