diff --git a/node/AES.hpp b/node/AES.hpp index 5b639ce47..ba9e07497 100644 --- a/node/AES.hpp +++ b/node/AES.hpp @@ -376,9 +376,8 @@ public: */ ZT_INLINE void finish1() noexcept { - uint64_t tmp[2]; - // Compute 128-bit GMAC tag. + uint64_t tmp[2]; _gmac.finish(reinterpret_cast(tmp)); // Shorten to 64 bits, concatenate with message IV, and encrypt with AES to diff --git a/node/Constants.hpp b/node/Constants.hpp index 5d6e735c4..c2b302a82 100644 --- a/node/Constants.hpp +++ b/node/Constants.hpp @@ -201,11 +201,6 @@ */ #define ZT_TX_QUEUE_SIZE 32 -/** - * Length of secret key in bytes -- 256-bit -- do not change - */ -#define ZT_PEER_SECRET_KEY_LENGTH 32 - /** * Minimum delay between timer task checks to prevent thrashing */ diff --git a/node/Identity.hpp b/node/Identity.hpp index fc7ac55fa..e6f658dc3 100644 --- a/node/Identity.hpp +++ b/node/Identity.hpp @@ -173,13 +173,12 @@ public: * * @param id Identity to agree with * @param key Result parameter to fill with key bytes - * @param klen Length of key in bytes * @return Was agreement successful? */ - inline bool agree(const Identity &id,void *key,unsigned int klen) const + inline bool agree(const Identity &id,void *const key) const { if (_privateKey) { - C25519::agree(*_privateKey,id._publicKey,key,klen); + C25519::agree(*_privateKey,id._publicKey,key,ZT_SYMMETRIC_KEY_SIZE); return true; } return false; diff --git a/node/IncomingPacket.cpp b/node/IncomingPacket.cpp index 56f1a5732..d64e7c1b0 100644 --- a/node/IncomingPacket.cpp +++ b/node/IncomingPacket.cpp @@ -286,8 +286,8 @@ bool IncomingPacket::_doHELLO(const RuntimeEnvironment *RR,void *tPtr,const bool if (!RR->node->rateGateIdentityVerification(now,_path->address())) return true; - uint8_t key[ZT_PEER_SECRET_KEY_LENGTH]; - if (RR->identity.agree(id,key,ZT_PEER_SECRET_KEY_LENGTH)) { + uint8_t key[ZT_SYMMETRIC_KEY_SIZE]; + if (RR->identity.agree(id,key)) { if (dearmor(key, peer->aesKeysIfSupported())) { // ensure packet is authentic, otherwise drop RR->t->incomingPacketDroppedHELLO(tPtr,_path,pid,fromAddress,"address collision"); Packet outp(id.address(),RR->identity.address(),Packet::VERB_ERROR); diff --git a/node/Packet.cpp b/node/Packet.cpp index 94168a503..1dbb4211b 100644 --- a/node/Packet.cpp +++ b/node/Packet.cpp @@ -881,7 +881,6 @@ void Packet::armor(const void *key,bool encryptPayload,const AES aesKeys[2]) uint8_t *const data = reinterpret_cast(unsafeData()); if ((aesKeys) && (encryptPayload)) { char tmp0[16],tmp1[16]; - printf("AES armor %.16llx %s -> %s %u\n",*reinterpret_cast(data),Address(data + ZT_PACKET_IDX_SOURCE,5).toString(tmp0),Address(data + ZT_PACKET_IDX_DEST,5).toString(tmp1),size()); setCipher(ZT_PROTO_CIPHER_SUITE__AES_GMAC_SIV); uint8_t *const payload = data + ZT_PACKET_IDX_VERB; @@ -899,7 +898,7 @@ void Packet::armor(const void *key,bool encryptPayload,const AES aesKeys[2]) Utils::copy<8>(data,tag); Utils::copy<8>(data + ZT_PACKET_IDX_MAC,tag + 1); #else - *reinterpret_cast(data) = tag[0]; + *reinterpret_cast(data + ZT_PACKET_IDX_IV) = tag[0]; *reinterpret_cast(data + ZT_PACKET_IDX_MAC) = tag[1]; #endif } else { @@ -947,20 +946,21 @@ bool Packet::dearmor(const void *key,const AES aesKeys[2]) if (cs == ZT_PROTO_CIPHER_SUITE__AES_GMAC_SIV) { if (aesKeys) { - printf("AES dearmor\n"); - AES::GMACSIVDecryptor dec(aesKeys[0],aesKeys[1]); - uint64_t tag[2]; #ifdef ZT_NO_UNALIGNED_ACCESS Utils::copy<8>(tag, data); Utils::copy<8>(tag + 1, data + ZT_PACKET_IDX_MAC); #else - tag[0] = *reinterpret_cast(data); + tag[0] = *reinterpret_cast(data + ZT_PACKET_IDX_IV); tag[1] = *reinterpret_cast(data + ZT_PACKET_IDX_MAC); #endif + AES::GMACSIVDecryptor dec(aesKeys[0],aesKeys[1]); dec.init(tag, payload); + const uint8_t oldFlags = data[ZT_PACKET_IDX_FLAGS]; + data[ZT_PACKET_IDX_FLAGS] &= 0xf8; dec.aad(data + ZT_PACKET_IDX_DEST,11); + data[ZT_PACKET_IDX_FLAGS] = oldFlags; dec.update(payload, payloadLen); return dec.finish(); } diff --git a/node/Peer.cpp b/node/Peer.cpp index 08b792bb3..3aa070e88 100644 --- a/node/Peer.cpp +++ b/node/Peer.cpp @@ -58,16 +58,15 @@ Peer::Peer(const RuntimeEnvironment *renv,const Identity &myIdentity,const Ident _bondingPolicy(0), _lastComputedAggregateMeanLatency(0) { - if (!myIdentity.agree(peerIdentity,_key,ZT_PEER_SECRET_KEY_LENGTH)) { + if (!myIdentity.agree(peerIdentity,_key)) throw ZT_EXCEPTION_INVALID_ARGUMENT; - } - uint8_t ktmp[48]; + uint8_t ktmp[ZT_SYMMETRIC_KEY_SIZE]; KBKDFHMACSHA384(_key,ZT_KBKDF_LABEL_AES_GMAC_SIV_K0,0,0,ktmp); _aesKeys[0].init(ktmp); KBKDFHMACSHA384(_key,ZT_KBKDF_LABEL_AES_GMAC_SIV_K1,0,0,ktmp); - _aesKeys[0].init(ktmp); - Utils::burn(ktmp, 48); + _aesKeys[1].init(ktmp); + Utils::burn(ktmp,ZT_SYMMETRIC_KEY_SIZE); } void Peer::received( diff --git a/node/Peer.hpp b/node/Peer.hpp index cb7d8f314..0ee138bb5 100644 --- a/node/Peer.hpp +++ b/node/Peer.hpp @@ -533,11 +533,11 @@ public: */ inline int8_t bondingPolicy() { return _bondingPolicy; } - const AES *aesKeysIfSupported() const - { return (const AES *)0; } - //const AES *aesKeysIfSupported() const - //{ return (_vProto >= 12) ? _aesKeys : (const AES *)0; } + //{ return (const AES *)0; } + + const AES *aesKeysIfSupported() const + { return (_vProto >= 12) ? _aesKeys : (const AES *)0; } private: struct _PeerPath @@ -548,7 +548,7 @@ private: long priority; // >= 1, higher is better }; - uint8_t _key[ZT_PEER_SECRET_KEY_LENGTH]; + uint8_t _key[ZT_SYMMETRIC_KEY_SIZE]; AES _aesKeys[2]; const RuntimeEnvironment *RR;