From c7d370c17fc8b44f4d83868de9c6958347b75ca2 Mon Sep 17 00:00:00 2001 From: Adam Ierymenko Date: Tue, 24 Oct 2017 14:49:38 -0700 Subject: [PATCH] Delete something that turns out not to be useful. This will be handled differently. --- node/CertificateOfRepresentation.hpp | 188 --------------------------- node/Credential.hpp | 1 - node/IncomingPacket.cpp | 24 ---- node/Peer.cpp | 5 - node/Topology.cpp | 7 - node/Topology.hpp | 21 --- node/Trace.cpp | 13 -- node/Trace.hpp | 2 - 8 files changed, 261 deletions(-) delete mode 100644 node/CertificateOfRepresentation.hpp diff --git a/node/CertificateOfRepresentation.hpp b/node/CertificateOfRepresentation.hpp deleted file mode 100644 index 3007f1dc7..000000000 --- a/node/CertificateOfRepresentation.hpp +++ /dev/null @@ -1,188 +0,0 @@ -/* - * ZeroTier One - Network Virtualization Everywhere - * Copyright (C) 2011-2017 ZeroTier, Inc. https://www.zerotier.com/ - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see . - * - * -- - * - * You can be released from the requirements of the license by purchasing - * a commercial license. Buying such a license is mandatory as soon as you - * develop commercial closed-source software that incorporates or links - * directly against ZeroTier software without disclosing the source code - * of your own application. - */ - -#ifndef ZT_CERTIFICATEOFREPRESENTATION_HPP -#define ZT_CERTIFICATEOFREPRESENTATION_HPP - -#include "Constants.hpp" -#include "Credential.hpp" -#include "Address.hpp" -#include "C25519.hpp" -#include "Identity.hpp" -#include "Buffer.hpp" - -/** - * Maximum number of addresses allowed in a COR - */ -#define ZT_CERTIFICATEOFREPRESENTATION_MAX_ADDRESSES ZT_MAX_UPSTREAMS - -namespace ZeroTier { - -/** - * A signed enumeration of a node's roots (planet and moons) - * - * This is sent as part of HELLO and attests to which roots a node trusts - * to represent it on the network. Federated roots (moons) can send these - * further upstream to tell global roots which nodes they represent, making - * them reachable via federated roots if they are not reachable directly. - * - * As of 1.2.0 this is sent but not used. Right now nodes still always - * announce to planetary roots no matter what. In the future this can be - * used to implement even better fault tolerance for federation for the - * no roots are reachable case as well as a "privacy mode" where federated - * roots can shield nodes entirely and p2p connectivity behind them can - * be disabled. This will be desirable for a number of use cases. - */ -class CertificateOfRepresentation : public Credential -{ -public: - static inline Credential::Type credentialType() { return Credential::CREDENTIAL_TYPE_COR; } - - CertificateOfRepresentation() - { - memset(this,0,sizeof(CertificateOfRepresentation)); - } - - inline uint32_t id() const { return 0; } - inline uint64_t timestamp() const { return _timestamp; } - inline const Address &representative(const unsigned int i) const { return _reps[i]; } - inline unsigned int repCount() const { return _repCount; } - - inline void clear() - { - memset(this,0,sizeof(CertificateOfRepresentation)); - } - - /** - * Add a representative if space remains - * - * @param r Representative to add - * @return True if representative was added - */ - inline bool addRepresentative(const Address &r) - { - if (_repCount < ZT_CERTIFICATEOFREPRESENTATION_MAX_ADDRESSES) { - _reps[_repCount++] = r; - return true; - } - return false; - } - - /** - * Sign this COR with my identity - * - * @param myIdentity This node's identity - * @param ts COR timestamp for establishing new vs. old - */ - inline void sign(const Identity &myIdentity,const uint64_t ts) - { - _timestamp = ts; - Buffer tmp; - this->serialize(tmp,true); - _signature = myIdentity.sign(tmp.data(),tmp.size()); - } - - /** - * Verify this COR's signature - * - * @param senderIdentity Identity of sender of COR - * @return True if COR is valid - */ - inline bool verify(const Identity &senderIdentity) - { - try { - Buffer tmp; - this->serialize(tmp,true); - return senderIdentity.verify(tmp.data(),tmp.size(),_signature.data,ZT_C25519_SIGNATURE_LEN); - } catch ( ... ) { - return false; - } - } - - template - inline void serialize(Buffer &b,const bool forSign = false) const - { - if (forSign) b.append((uint64_t)0x7f7f7f7f7f7f7f7fULL); - - b.append((uint64_t)_timestamp); - b.append((uint16_t)_repCount); - for(unsigned int i=0;i<_repCount;++i) - _reps[i].appendTo(b); - - if (!forSign) { - b.append((uint8_t)1); // 1 == Ed25519 signature - b.append((uint16_t)ZT_C25519_SIGNATURE_LEN); - b.append(_signature.data,ZT_C25519_SIGNATURE_LEN); - } - - b.append((uint16_t)0); // size of any additional fields, currently 0 - - if (forSign) b.append((uint64_t)0x7f7f7f7f7f7f7f7fULL); - } - - template - inline unsigned int deserialize(const Buffer &b,unsigned int startAt = 0) - { - clear(); - - unsigned int p = startAt; - - _timestamp = b.template at(p); p += 8; - const unsigned int rc = b.template at(p); p += 2; - for(unsigned int i=0;i ZT_CERTIFICATEOFREPRESENTATION_MAX_ADDRESSES) ? ZT_CERTIFICATEOFREPRESENTATION_MAX_ADDRESSES : rc; - - if (b[p++] == 1) { - if (b.template at(p) == ZT_C25519_SIGNATURE_LEN) { - p += 2; - memcpy(_signature.data,b.field(p,ZT_C25519_SIGNATURE_LEN),ZT_C25519_SIGNATURE_LEN); - p += ZT_C25519_SIGNATURE_LEN; - } else throw ZT_EXCEPTION_INVALID_SERIALIZED_DATA_INVALID_CRYPTOGRAPHIC_TOKEN; - } else { - p += 2 + b.template at(p); - } - - p += 2 + b.template at(p); - if (p > b.size()) - throw ZT_EXCEPTION_INVALID_SERIALIZED_DATA_OVERFLOW; - - return (p - startAt); - } - -private: - uint64_t _timestamp; - Address _reps[ZT_CERTIFICATEOFREPRESENTATION_MAX_ADDRESSES]; - unsigned int _repCount; - C25519::Signature _signature; -}; - -} // namespace ZeroTier - -#endif diff --git a/node/Credential.hpp b/node/Credential.hpp index bc81919b9..e8767e229 100644 --- a/node/Credential.hpp +++ b/node/Credential.hpp @@ -56,7 +56,6 @@ public: CREDENTIAL_TYPE_CAPABILITY = 2, CREDENTIAL_TYPE_TAG = 3, CREDENTIAL_TYPE_COO = 4, // CertificateOfOwnership - CREDENTIAL_TYPE_COR = 5, // CertificateOfRepresentation CREDENTIAL_TYPE_REVOCATION = 6 }; }; diff --git a/node/IncomingPacket.cpp b/node/IncomingPacket.cpp index c0409c91d..9b614e376 100644 --- a/node/IncomingPacket.cpp +++ b/node/IncomingPacket.cpp @@ -44,7 +44,6 @@ #include "World.hpp" #include "Node.hpp" #include "CertificateOfMembership.hpp" -#include "CertificateOfRepresentation.hpp" #include "Capability.hpp" #include "Tag.hpp" #include "Revocation.hpp" @@ -328,15 +327,6 @@ bool IncomingPacket::_doHELLO(const RuntimeEnvironment *RR,void *tPtr,const bool ptr += 16; } } - - // Certificates of representation (if present) - if ((ptr + 2) <= size()) { - if (at(ptr) > 0) { - CertificateOfRepresentation cor; - ptr += 2; - ptr += cor.deserialize(*this,ptr); - } else ptr += 2; - } } // Send OK(HELLO) with an echo of the packet's timestamp and some of the same @@ -401,11 +391,6 @@ bool IncomingPacket::_doHELLO(const RuntimeEnvironment *RR,void *tPtr,const bool } outp.setAt(worldUpdateSizeAt,(uint16_t)(outp.size() - (worldUpdateSizeAt + 2))); - const unsigned int corSizeAt = outp.size(); - outp.addSize(2); - RR->topology->appendCertificateOfRepresentation(outp); - outp.setAt(corSizeAt,(uint16_t)(outp.size() - (corSizeAt + 2))); - outp.armor(peer->key(),true,_path->nextOutgoingCounter()); _path->send(RR,tPtr,outp.data(),outp.size(),now); @@ -460,15 +445,6 @@ bool IncomingPacket::_doOK(const RuntimeEnvironment *RR,void *tPtr,const SharedP } } - // Handle certificate of representation if present - if ((ptr + 2) <= size()) { - if (at(ptr) > 0) { - CertificateOfRepresentation cor; - ptr += 2; - ptr += cor.deserialize(*this,ptr); - } else ptr += 2; - } - if (!hops()) peer->addDirectLatencyMeasurment((unsigned int)latency); peer->setRemoteVersion(vProto,vMajor,vMinor,vRevision); diff --git a/node/Peer.cpp b/node/Peer.cpp index 606615923..255d40043 100644 --- a/node/Peer.cpp +++ b/node/Peer.cpp @@ -343,11 +343,6 @@ void Peer::sendHELLO(void *tPtr,const int64_t localSocket,const InetAddress &atA outp.append((uint64_t)0); } - const unsigned int corSizeAt = outp.size(); - outp.addSize(2); - RR->topology->appendCertificateOfRepresentation(outp); - outp.setAt(corSizeAt,(uint16_t)(outp.size() - (corSizeAt + 2))); - outp.cryptField(_key,startCryptedPortionAt,outp.size() - startCryptedPortionAt); RR->node->expectReplyTo(outp.packetId()); diff --git a/node/Topology.cpp b/node/Topology.cpp index f884e9c34..d5fea569a 100644 --- a/node/Topology.cpp +++ b/node/Topology.cpp @@ -425,13 +425,6 @@ void Topology::_memoizeUpstreams(void *tPtr) } std::sort(_upstreamAddresses.begin(),_upstreamAddresses.end()); - - _cor.clear(); - for(std::vector
::const_iterator a(_upstreamAddresses.begin());a!=_upstreamAddresses.end();++a) { - if (!_cor.addRepresentative(*a)) - break; - } - _cor.sign(RR->identity,RR->node->now()); } void Topology::_savePeer(void *tPtr,const SharedPtr &peer) diff --git a/node/Topology.hpp b/node/Topology.hpp index c3a218e3f..650e53631 100644 --- a/node/Topology.hpp +++ b/node/Topology.hpp @@ -46,7 +46,6 @@ #include "InetAddress.hpp" #include "Hashtable.hpp" #include "World.hpp" -#include "CertificateOfRepresentation.hpp" namespace ZeroTier { @@ -441,25 +440,6 @@ public: } } - /** - * @return Current certificate of representation (copy) - */ - inline CertificateOfRepresentation certificateOfRepresentation() const - { - Mutex::Lock _l(_upstreams_m); - return _cor; - } - - /** - * @param buf Buffer to receive COR - */ - template - void appendCertificateOfRepresentation(Buffer &buf) - { - Mutex::Lock _l(_upstreams_m); - _cor.serialize(buf); - } - private: Identity _getIdentity(void *tPtr,const Address &zta); void _memoizeUpstreams(void *tPtr); @@ -480,7 +460,6 @@ private: std::vector _moons; std::vector< std::pair > _moonSeeds; std::vector
_upstreamAddresses; - CertificateOfRepresentation _cor; bool _amRoot; Mutex _upstreams_m; // locks worlds, upstream info, moon info, etc. }; diff --git a/node/Trace.cpp b/node/Trace.cpp index 8e78b676a..d90c31439 100644 --- a/node/Trace.cpp +++ b/node/Trace.cpp @@ -32,7 +32,6 @@ #include "Dictionary.hpp" #include "CertificateOfMembership.hpp" #include "CertificateOfOwnership.hpp" -#include "CertificateOfRepresentation.hpp" #include "Tag.hpp" #include "Capability.hpp" #include "Revocation.hpp" @@ -287,18 +286,6 @@ void Trace::credentialRejected(void *const tPtr,const CertificateOfOwnership &c, _send(tPtr,d,c.networkId()); } -void Trace::credentialRejected(void *const tPtr,const CertificateOfRepresentation &c,const char *reason) -{ - Dictionary d; - d.add(ZT_REMOTE_TRACE_FIELD__EVENT,ZT_REMOTE_TRACE_EVENT__CREDENTIAL_REJECTED_S); - d.add(ZT_REMOTE_TRACE_FIELD__CREDENTIAL_TYPE,(uint64_t)c.credentialType()); - d.add(ZT_REMOTE_TRACE_FIELD__CREDENTIAL_ID,(uint64_t)c.id()); - d.add(ZT_REMOTE_TRACE_FIELD__CREDENTIAL_TIMESTAMP,c.timestamp()); - if (reason) - d.add(ZT_REMOTE_TRACE_FIELD__REASON,reason); - _send(tPtr,d,0); -} - void Trace::credentialRejected(void *const tPtr,const Capability &c,const char *reason) { Dictionary d; diff --git a/node/Trace.hpp b/node/Trace.hpp index a7b2b194f..5ee5b520e 100644 --- a/node/Trace.hpp +++ b/node/Trace.hpp @@ -53,7 +53,6 @@ class NetworkConfig; class MAC; class CertificateOfMembership; class CertificateOfOwnership; -class CertificateOfRepresentation; class Revocation; class Tag; class Capability; @@ -137,7 +136,6 @@ public: void credentialRejected(void *const tPtr,const CertificateOfMembership &c,const char *reason); void credentialRejected(void *const tPtr,const CertificateOfOwnership &c,const char *reason); - void credentialRejected(void *const tPtr,const CertificateOfRepresentation &c,const char *reason); void credentialRejected(void *const tPtr,const Capability &c,const char *reason); void credentialRejected(void *const tPtr,const Tag &c,const char *reason); void credentialRejected(void *const tPtr,const Revocation &c,const char *reason);