mirror of
https://github.com/zerotier/ZeroTierOne.git
synced 2024-12-21 05:53:09 +00:00
Yet another revision of this algo... yeesh... and update to supernode IDs. I think I am gonna go with this one. Seems memory-hard enough to me. I am probably procrastinating by obsessing over it.
This commit is contained in:
parent
3c5c3280ff
commit
bad043729f
@ -53,21 +53,21 @@ static inline std::map< Identity,std::vector<InetAddress> > _mkSupernodeMap()
|
|||||||
|
|
||||||
// cthulhu.zerotier.com - New York, New York, USA
|
// cthulhu.zerotier.com - New York, New York, USA
|
||||||
addrs.clear();
|
addrs.clear();
|
||||||
if (!id.fromString("d2ba4048c3:0:cfa02701eb69e2f2c64aa498151e57f82c172036967186c93f2afbe45a64d64306f88fa1225724f6f87beabd6a0feb18c746cf4691867542e18b894390692303"))
|
if (!id.fromString("21e93d708a:0:f6bfe55675a3e66f6169eefc73187a64693a994ede68eba75c9ea65818730a2b03da67a41ce7023a68e5fcd44087529c123e802f510ee00dc9162244ccd63a88"))
|
||||||
throw std::runtime_error("invalid identity in Defaults");
|
throw std::runtime_error("invalid identity in Defaults");
|
||||||
addrs.push_back(InetAddress("198.199.73.93",ZT_DEFAULT_UDP_PORT));
|
addrs.push_back(InetAddress("198.199.73.93",ZT_DEFAULT_UDP_PORT));
|
||||||
sn[id] = addrs;
|
sn[id] = addrs;
|
||||||
|
|
||||||
// nyarlathotep.zerotier.com - San Francisco, California, USA
|
// nyarlathotep.zerotier.com - San Francisco, California, USA
|
||||||
addrs.clear();
|
addrs.clear();
|
||||||
if (!id.fromString("80eb92f707:0:7f0209663d815438dead321ec78c65c27fec6feeb8ccd9acc152c59066740521e45d1a1cbc5186e3773178429c4b26ab0df2c78f3e822540d70456724797f23f"))
|
if (!id.fromString("d383d43143:0:7f6fe9386bf67de895869a8a949dad651c1003d3ffb382e9971f9a1ab1513f451ecfe00c6a1c45998ab9fc9a4b4f88f06651d9323752d75eaa2a44a10125e79d"))
|
||||||
throw std::runtime_error("invalid identity in Defaults");
|
throw std::runtime_error("invalid identity in Defaults");
|
||||||
addrs.push_back(InetAddress("198.199.97.220",ZT_DEFAULT_UDP_PORT));
|
addrs.push_back(InetAddress("198.199.97.220",ZT_DEFAULT_UDP_PORT));
|
||||||
sn[id] = addrs;
|
sn[id] = addrs;
|
||||||
|
|
||||||
// shub-niggurath.zerotier.com - Amsterdam, Netherlands
|
// shub-niggurath.zerotier.com - Amsterdam, Netherlands
|
||||||
addrs.clear();
|
addrs.clear();
|
||||||
if (!id.fromString("34594c9086:0:2ac70c00cc03a078a2a8f889d61e72397f8cd684a6daecbe6350f24e0193790e118805a1673eaf57ce9f7b41f45525c995289c406461c739ccad2c93efa36746"))
|
if (!id.fromString("b6179d3e54:0:e4c7ac071b0ed0820da9cec34a5269398e7fa304bf7ded8faef8f929b247be1a6e0acc0f1ff8e6159f53fc94a797b05e27357891db854f693025e94582d8206d"))
|
||||||
throw std::runtime_error("invalid identity in Defaults");
|
throw std::runtime_error("invalid identity in Defaults");
|
||||||
addrs.push_back(InetAddress("198.211.127.172",ZT_DEFAULT_UDP_PORT));
|
addrs.push_back(InetAddress("198.211.127.172",ZT_DEFAULT_UDP_PORT));
|
||||||
sn[id] = addrs;
|
sn[id] = addrs;
|
||||||
|
@ -39,16 +39,8 @@
|
|||||||
// These can't be changed without a new identity type. They define the
|
// These can't be changed without a new identity type. They define the
|
||||||
// parameters of the hashcash hashing/searching algorithm.
|
// parameters of the hashcash hashing/searching algorithm.
|
||||||
|
|
||||||
// Hashcash halting criteria
|
|
||||||
#define ZT_IDENTITY_GEN_HASHCASH_FIRST_BYTE_LESS_THAN 7
|
#define ZT_IDENTITY_GEN_HASHCASH_FIRST_BYTE_LESS_THAN 7
|
||||||
|
#define ZT_IDENTITY_GEN_MEMORY 4194304
|
||||||
// Amount of memory for memory-hardness
|
|
||||||
#define ZT_IDENTITY_GEN_MEMORY 8388608
|
|
||||||
|
|
||||||
// Step distance for mixing genmem[]
|
|
||||||
#define ZT_IDENTITY_GEN_MEMORY_MIX_STEP 1024
|
|
||||||
|
|
||||||
// Rounds used for Salsa20 step
|
|
||||||
#define ZT_IDENTITY_GEN_SALSA20_ROUNDS 20
|
#define ZT_IDENTITY_GEN_SALSA20_ROUNDS 20
|
||||||
|
|
||||||
namespace ZeroTier {
|
namespace ZeroTier {
|
||||||
@ -56,37 +48,37 @@ namespace ZeroTier {
|
|||||||
// A memory-hard composition of SHA-512 and Salsa20 for hashcash hashing
|
// A memory-hard composition of SHA-512 and Salsa20 for hashcash hashing
|
||||||
static inline void _computeMemoryHardHash(const void *publicKey,unsigned int publicKeyBytes,void *digest,void *genmem)
|
static inline void _computeMemoryHardHash(const void *publicKey,unsigned int publicKeyBytes,void *digest,void *genmem)
|
||||||
{
|
{
|
||||||
// Hash publicKey[] to obtain Salsa20 key
|
// Digest publicKey[] to obtain initial digest
|
||||||
SHA512::hash(digest,publicKey,publicKeyBytes);
|
SHA512::hash(digest,publicKey,publicKeyBytes);
|
||||||
|
|
||||||
// Generate genmem[] bytes of Salsa20 key stream
|
// Initialize genmem[] using Salsa20 in a CBC-like configuration since
|
||||||
|
// ordinary Salsa20 is randomly seekable. This is good for a cipher
|
||||||
|
// but is not what we want for sequential memory-harndess.
|
||||||
memset(genmem,0,ZT_IDENTITY_GEN_MEMORY);
|
memset(genmem,0,ZT_IDENTITY_GEN_MEMORY);
|
||||||
Salsa20 s20(digest,256,(char *)digest + 32,ZT_IDENTITY_GEN_SALSA20_ROUNDS);
|
Salsa20 s20(digest,256,(char *)digest + 32,ZT_IDENTITY_GEN_SALSA20_ROUNDS);
|
||||||
s20.encrypt(genmem,genmem,ZT_IDENTITY_GEN_MEMORY);
|
s20.encrypt((char *)genmem,(char *)genmem,64);
|
||||||
|
for(unsigned long i=64;i<ZT_IDENTITY_GEN_MEMORY;i+=64) {
|
||||||
// Do something to genmem[] that iteratively makes every value
|
unsigned long k = i - 64;
|
||||||
// possibly dependent on every other value with a nontrivial
|
*((uint64_t *)((char *)genmem + i)) = *((uint64_t *)((char *)genmem + k));
|
||||||
// probability. Continue to use already-initialized Salsa20 as
|
*((uint64_t *)((char *)genmem + i + 8)) = *((uint64_t *)((char *)genmem + k + 8));
|
||||||
// a random source.
|
*((uint64_t *)((char *)genmem + i + 16)) = *((uint64_t *)((char *)genmem + k + 16));
|
||||||
for(unsigned int i=0;i<ZT_IDENTITY_GEN_MEMORY;i+=ZT_IDENTITY_GEN_MEMORY_MIX_STEP) {
|
*((uint64_t *)((char *)genmem + i + 24)) = *((uint64_t *)((char *)genmem + k + 24));
|
||||||
|
*((uint64_t *)((char *)genmem + i + 32)) = *((uint64_t *)((char *)genmem + k + 32));
|
||||||
|
*((uint64_t *)((char *)genmem + i + 40)) = *((uint64_t *)((char *)genmem + k + 40));
|
||||||
|
*((uint64_t *)((char *)genmem + i + 48)) = *((uint64_t *)((char *)genmem + k + 48));
|
||||||
|
*((uint64_t *)((char *)genmem + i + 56)) = *((uint64_t *)((char *)genmem + k + 56));
|
||||||
s20.encrypt((char *)genmem + i,(char *)genmem + i,64);
|
s20.encrypt((char *)genmem + i,(char *)genmem + i,64);
|
||||||
uint64_t x = Utils::ntoh(*((uint64_t *)((char *)genmem + i)));
|
|
||||||
if (!(x & 3)) {
|
|
||||||
s20.encrypt((char *)genmem + i,(char *)genmem + i,64); // also makes future salsa20 state content-dependent
|
|
||||||
for(unsigned int k=0;k<8;++k,x>>=8)
|
|
||||||
++((unsigned char *)genmem)[(uintptr_t)x % ZT_IDENTITY_GEN_MEMORY];
|
|
||||||
} else {
|
|
||||||
for(unsigned int k=0;k<8;++k,x>>=8)
|
|
||||||
--((unsigned char *)genmem)[(uintptr_t)x % ZT_IDENTITY_GEN_MEMORY];
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// Mix in publicKey[] again, ensuring all entropy is used
|
// Render final digest using genmem as a lookup table
|
||||||
for(unsigned int i=0;i<publicKeyBytes;++i)
|
for(unsigned long i=0;i<(ZT_IDENTITY_GEN_MEMORY / sizeof(uint64_t));) {
|
||||||
((unsigned char *)genmem)[i] ^= ((const unsigned char *)publicKey)[i];
|
unsigned long idx1 = (unsigned long)(Utils::ntoh(((uint64_t *)genmem)[i++]) % (64 / sizeof(uint64_t)));
|
||||||
|
unsigned long idx2 = (unsigned long)(Utils::ntoh(((uint64_t *)genmem)[i++]) % (ZT_IDENTITY_GEN_MEMORY / sizeof(uint64_t)));
|
||||||
// Compute final digest from final genmem[]
|
uint64_t tmp = ((uint64_t *)genmem)[idx2];
|
||||||
SHA512::hash(digest,genmem,ZT_IDENTITY_GEN_MEMORY);
|
((uint64_t *)genmem)[idx2] = ((uint64_t *)digest)[idx1];
|
||||||
|
((uint64_t *)digest)[idx1] = tmp;
|
||||||
|
s20.encrypt(digest,digest,64);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Hashcash generation halting condition -- halt when first byte is less than
|
// Hashcash generation halting condition -- halt when first byte is less than
|
||||||
|
@ -3,8 +3,8 @@
|
|||||||
#ifndef _ZT_SELFTEST_CRYPTO_VECTORS_H
|
#ifndef _ZT_SELFTEST_CRYPTO_VECTORS_H
|
||||||
#define _ZT_SELFTEST_CRYPTO_VECTORS_H
|
#define _ZT_SELFTEST_CRYPTO_VECTORS_H
|
||||||
|
|
||||||
#define KNOWN_GOOD_IDENTITY "70c4e2c0df:0:65317c885f0ee89e5442f6d7b8a1e46d5abc0b0384c5d5a8e39a24b26900df302f8843063bbadd030ac77637aae908bad24a7b1bd78d9e71c6a11eadfc5b3ac7:241d41bf21916813b5048eb948561c15fcda055af8927810af32aa96288505e9ce78aa2737d99dc30e413d067315122703ff315c18c71561e9d3dfd62221d3d3"
|
#define KNOWN_GOOD_IDENTITY "a9b80c817b:0:c75cbb40e9c3b166ce5058e15bc939f5ef6f0249b3a98d58587ad25a818e486a4a8a31b0f0c5bff5f7da77be7a006b0112877d255b206ff2cd9f1e089f0e1070:c9d5b686aaa308f97d868c588d9e6e2187816d780911fd2ffcc38fa911df180cc96756e3619d33e8ec00c57e4c45112ec81c96615fc62a71795c9a4dba777cb4"
|
||||||
#define KNOWN_BAD_IDENTITY "71c4e2c0df:0:65317c885f0ee89e5442f6d7b8a1e46d5abc0b0384c5d5a8e39a24b26900df302f8843063bbadd030ac77637aae908bad24a7b1bd78d9e71c6a11eadfc5b3ac7:241d41bf21916813b5048eb948561c15fcda055af8927810af32aa96288505e9ce78aa2737d99dc30e413d067315122703ff315c18c71561e9d3dfd62221d3d3"
|
#define KNOWN_BAD_IDENTITY "a9b81c817b:0:c75cbb40e9c3b166ce5058e15bc939f5ef6f0249b3a98d58587ad25a818e486a4a8a31b0f0c5bff5f7da77be7a006b0112877d255b206ff2cd9f1e089f0e1070:c9d5b686aaa308f97d868c588d9e6e2187816d780911fd2ffcc38fa911df180cc96756e3619d33e8ec00c57e4c45112ec81c96615fc62a71795c9a4dba777cb4"
|
||||||
|
|
||||||
static const unsigned char s20TV0Key[32] = { 0x0f,0x62,0xb5,0x08,0x5b,0xae,0x01,0x54,0xa7,0xfa,0x4d,0xa0,0xf3,0x46,0x99,0xec,0x3f,0x92,0xe5,0x38,0x8b,0xde,0x31,0x84,0xd7,0x2a,0x7d,0xd0,0x23,0x76,0xc9,0x1c };
|
static const unsigned char s20TV0Key[32] = { 0x0f,0x62,0xb5,0x08,0x5b,0xae,0x01,0x54,0xa7,0xfa,0x4d,0xa0,0xf3,0x46,0x99,0xec,0x3f,0x92,0xe5,0x38,0x8b,0xde,0x31,0x84,0xd7,0x2a,0x7d,0xd0,0x23,0x76,0xc9,0x1c };
|
||||||
static const unsigned char s20TV0Iv[8] = { 0x28,0x8f,0xf6,0x5d,0xc4,0x2b,0x92,0xf9 };
|
static const unsigned char s20TV0Iv[8] = { 0x28,0x8f,0xf6,0x5d,0xc4,0x2b,0x92,0xf9 };
|
||||||
|
@ -472,6 +472,8 @@ int main(int argc,char **argv)
|
|||||||
exit(0);
|
exit(0);
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
std::cout << "[info] sizeof(void *) == " << sizeof(void *) << std::endl;
|
||||||
|
|
||||||
srand((unsigned int)time(0));
|
srand((unsigned int)time(0));
|
||||||
|
|
||||||
r |= testCrypto();
|
r |= testCrypto();
|
||||||
|
Loading…
Reference in New Issue
Block a user