mirror of
https://github.com/zerotier/ZeroTierOne.git
synced 2024-12-20 21:43:08 +00:00
AES work... but disabled in this commit.
This commit is contained in:
parent
1ad555a071
commit
e6b5f8aabd
@ -880,6 +880,8 @@ void Packet::armor(const void *key,bool encryptPayload,const AES aesKeys[2])
|
|||||||
{
|
{
|
||||||
uint8_t *const data = reinterpret_cast<uint8_t *>(unsafeData());
|
uint8_t *const data = reinterpret_cast<uint8_t *>(unsafeData());
|
||||||
if ((aesKeys) && (encryptPayload)) {
|
if ((aesKeys) && (encryptPayload)) {
|
||||||
|
char tmp0[16],tmp1[16];
|
||||||
|
printf("AES armor %.16llx %s -> %s %u\n",*reinterpret_cast<const uint64_t *>(data),Address(data + ZT_PACKET_IDX_SOURCE,5).toString(tmp0),Address(data + ZT_PACKET_IDX_DEST,5).toString(tmp1),size());
|
||||||
setCipher(ZT_PROTO_CIPHER_SUITE__AES_GMAC_SIV);
|
setCipher(ZT_PROTO_CIPHER_SUITE__AES_GMAC_SIV);
|
||||||
|
|
||||||
uint8_t *const payload = data + ZT_PACKET_IDX_VERB;
|
uint8_t *const payload = data + ZT_PACKET_IDX_VERB;
|
||||||
@ -945,6 +947,7 @@ bool Packet::dearmor(const void *key,const AES aesKeys[2])
|
|||||||
|
|
||||||
if (cs == ZT_PROTO_CIPHER_SUITE__AES_GMAC_SIV) {
|
if (cs == ZT_PROTO_CIPHER_SUITE__AES_GMAC_SIV) {
|
||||||
if (aesKeys) {
|
if (aesKeys) {
|
||||||
|
printf("AES dearmor\n");
|
||||||
AES::GMACSIVDecryptor dec(aesKeys[0],aesKeys[1]);
|
AES::GMACSIVDecryptor dec(aesKeys[0],aesKeys[1]);
|
||||||
|
|
||||||
uint64_t tag[2];
|
uint64_t tag[2];
|
||||||
|
@ -57,11 +57,12 @@
|
|||||||
* + Inline push of CertificateOfMembership deprecated
|
* + Inline push of CertificateOfMembership deprecated
|
||||||
* 9 - 1.2.0 ... 1.2.14
|
* 9 - 1.2.0 ... 1.2.14
|
||||||
* 10 - 1.4.0 ... 1.4.6
|
* 10 - 1.4.0 ... 1.4.6
|
||||||
* 11 - 1.4.8 ... end of 1.4 series
|
* 11 - 1.4.7 ... 1.4.8
|
||||||
* + Multipath capability and load balancing (beta)
|
* + Multipath capability and load balancing (beta)
|
||||||
|
* 12 - 1.4.8 ... CURRENT (1.4 series)
|
||||||
* + AES-GMAC-SIV backported for faster peer-to-peer crypto
|
* + AES-GMAC-SIV backported for faster peer-to-peer crypto
|
||||||
*/
|
*/
|
||||||
#define ZT_PROTO_VERSION 11
|
#define ZT_PROTO_VERSION 12
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Minimum supported protocol version
|
* Minimum supported protocol version
|
||||||
|
@ -62,12 +62,12 @@ Peer::Peer(const RuntimeEnvironment *renv,const Identity &myIdentity,const Ident
|
|||||||
throw ZT_EXCEPTION_INVALID_ARGUMENT;
|
throw ZT_EXCEPTION_INVALID_ARGUMENT;
|
||||||
}
|
}
|
||||||
|
|
||||||
uint8_t ktmp[32];
|
uint8_t ktmp[48];
|
||||||
KBKDFHMACSHA384(_key,ZT_KBKDF_LABEL_AES_GMAC_SIV_K0,0,0,ktmp);
|
KBKDFHMACSHA384(_key,ZT_KBKDF_LABEL_AES_GMAC_SIV_K0,0,0,ktmp);
|
||||||
_aesKeys[0].init(ktmp);
|
_aesKeys[0].init(ktmp);
|
||||||
KBKDFHMACSHA384(_key,ZT_KBKDF_LABEL_AES_GMAC_SIV_K1,0,0,ktmp);
|
KBKDFHMACSHA384(_key,ZT_KBKDF_LABEL_AES_GMAC_SIV_K1,0,0,ktmp);
|
||||||
_aesKeys[0].init(ktmp);
|
_aesKeys[0].init(ktmp);
|
||||||
Utils::burn(ktmp, 32);
|
Utils::burn(ktmp, 48);
|
||||||
}
|
}
|
||||||
|
|
||||||
void Peer::received(
|
void Peer::received(
|
||||||
|
@ -533,11 +533,11 @@ public:
|
|||||||
*/
|
*/
|
||||||
inline int8_t bondingPolicy() { return _bondingPolicy; }
|
inline int8_t bondingPolicy() { return _bondingPolicy; }
|
||||||
|
|
||||||
//const AES *aesKeysIfSupported() const
|
|
||||||
//{ return (const AES *)0; }
|
|
||||||
|
|
||||||
const AES *aesKeysIfSupported() const
|
const AES *aesKeysIfSupported() const
|
||||||
{ return (_vProto >= 10) ? _aesKeys : (const AES *)0; }
|
{ return (const AES *)0; }
|
||||||
|
|
||||||
|
//const AES *aesKeysIfSupported() const
|
||||||
|
//{ return (_vProto >= 12) ? _aesKeys : (const AES *)0; }
|
||||||
|
|
||||||
private:
|
private:
|
||||||
struct _PeerPath
|
struct _PeerPath
|
||||||
|
@ -363,13 +363,15 @@ void Topology::_memoizeUpstreams(void *tPtr)
|
|||||||
_amUpstream = false;
|
_amUpstream = false;
|
||||||
|
|
||||||
for(std::vector<World::Root>::const_iterator i(_planet.roots().begin());i!=_planet.roots().end();++i) {
|
for(std::vector<World::Root>::const_iterator i(_planet.roots().begin());i!=_planet.roots().end();++i) {
|
||||||
if (i->identity == RR->identity) {
|
const Identity &id = i->identity;
|
||||||
|
if (id == RR->identity) {
|
||||||
_amUpstream = true;
|
_amUpstream = true;
|
||||||
} else if (std::find(_upstreamAddresses.begin(),_upstreamAddresses.end(),i->identity.address()) == _upstreamAddresses.end()) {
|
} else if (std::find(_upstreamAddresses.begin(),_upstreamAddresses.end(),id.address()) == _upstreamAddresses.end()) {
|
||||||
_upstreamAddresses.push_back(i->identity.address());
|
_upstreamAddresses.push_back(id.address());
|
||||||
SharedPtr<Peer> &hp = _peers[i->identity.address()];
|
SharedPtr<Peer> &hp = _peers[id.address()];
|
||||||
if (!hp)
|
if (!hp) {
|
||||||
hp = new Peer(RR,RR->identity,i->identity);
|
hp = new Peer(RR,RR->identity,id);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -418,6 +418,53 @@ public:
|
|||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Unconditionally swap bytes regardless of host byte order
|
||||||
|
*
|
||||||
|
* @param n Integer to swap
|
||||||
|
* @return Integer with bytes reversed
|
||||||
|
*/
|
||||||
|
static ZT_INLINE uint64_t swapBytes(const uint64_t n) noexcept
|
||||||
|
{
|
||||||
|
#ifdef __GNUC__
|
||||||
|
return __builtin_bswap64(n);
|
||||||
|
#else
|
||||||
|
#ifdef _MSC_VER
|
||||||
|
return (uint64_t)_byteswap_uint64((unsigned __int64)n);
|
||||||
|
#else
|
||||||
|
return (
|
||||||
|
((n & 0x00000000000000ffULL) << 56) |
|
||||||
|
((n & 0x000000000000ff00ULL) << 40) |
|
||||||
|
((n & 0x0000000000ff0000ULL) << 24) |
|
||||||
|
((n & 0x00000000ff000000ULL) << 8) |
|
||||||
|
((n & 0x000000ff00000000ULL) >> 8) |
|
||||||
|
((n & 0x0000ff0000000000ULL) >> 24) |
|
||||||
|
((n & 0x00ff000000000000ULL) >> 40) |
|
||||||
|
((n & 0xff00000000000000ULL) >> 56)
|
||||||
|
);
|
||||||
|
#endif
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Unconditionally swap bytes regardless of host byte order
|
||||||
|
*
|
||||||
|
* @param n Integer to swap
|
||||||
|
* @return Integer with bytes reversed
|
||||||
|
*/
|
||||||
|
static ZT_INLINE uint32_t swapBytes(const uint32_t n) noexcept
|
||||||
|
{
|
||||||
|
#if defined(__GNUC__)
|
||||||
|
return __builtin_bswap32(n);
|
||||||
|
#else
|
||||||
|
#ifdef _MSC_VER
|
||||||
|
return (uint32_t)_byteswap_ulong((unsigned long)n);
|
||||||
|
#else
|
||||||
|
return htonl(n);
|
||||||
|
#endif
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Unconditionally swap bytes regardless of host byte order
|
* Unconditionally swap bytes regardless of host byte order
|
||||||
*
|
*
|
||||||
|
Loading…
Reference in New Issue
Block a user