ExternalVendorCode/ZeroTierOne
1
0
Fork 0
mirror of https://github.com/zerotier/ZeroTierOne.git synced 2024-12-18 20:47:53 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

AES work... but disabled in this commit.

Browse Source
This commit is contained in:
Adam Ierymenko 2020-09-10 15:43:40 -04:00
parent 1ad555a071
commit e6b5f8aabd
7 changed files with 68 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
node/Packet.cpp
View File

@ -880,6 +880,8 @@ void Packet::armor(const void *key,bool encryptPayload,const AES aesKeys[2])
{ {
uint8_t *const data = reinterpret_cast<uint8_t *>(unsafeData()); uint8_t *const data = reinterpret_cast<uint8_t *>(unsafeData());
if ((aesKeys) && (encryptPayload)) { if ((aesKeys) && (encryptPayload)) {
char tmp0[16],tmp1[16];
printf("AES armor %.16llx %s -> %s %u\n",*reinterpret_cast<const uint64_t *>(data),Address(data + ZT_PACKET_IDX_SOURCE,5).toString(tmp0),Address(data + ZT_PACKET_IDX_DEST,5).toString(tmp1),size());
setCipher(ZT_PROTO_CIPHER_SUITE__AES_GMAC_SIV); setCipher(ZT_PROTO_CIPHER_SUITE__AES_GMAC_SIV);
uint8_t *const payload = data + ZT_PACKET_IDX_VERB; uint8_t *const payload = data + ZT_PACKET_IDX_VERB;
@ -945,6 +947,7 @@ bool Packet::dearmor(const void *key,const AES aesKeys[2])
if (cs == ZT_PROTO_CIPHER_SUITE__AES_GMAC_SIV) { if (cs == ZT_PROTO_CIPHER_SUITE__AES_GMAC_SIV) {
if (aesKeys) { if (aesKeys) {
printf("AES dearmor\n");
AES::GMACSIVDecryptor dec(aesKeys[0],aesKeys[1]); AES::GMACSIVDecryptor dec(aesKeys[0],aesKeys[1]);
uint64_t tag[2]; uint64_t tag[2];

5
node/Packet.hpp
View File

@ -57,11 +57,12 @@
* + Inline push of CertificateOfMembership deprecated * + Inline push of CertificateOfMembership deprecated
* 9 - 1.2.0 ... 1.2.14 * 9 - 1.2.0 ... 1.2.14
* 10 - 1.4.0 ... 1.4.6 * 10 - 1.4.0 ... 1.4.6
* 11 - 1.4.8 ... end of 1.4 series * 11 - 1.4.7 ... 1.4.8
* + Multipath capability and load balancing (beta) * + Multipath capability and load balancing (beta)
* 12 - 1.4.8 ... CURRENT (1.4 series)
* + AES-GMAC-SIV backported for faster peer-to-peer crypto * + AES-GMAC-SIV backported for faster peer-to-peer crypto
*/ */
#define ZT_PROTO_VERSION 11 #define ZT_PROTO_VERSION 12
/** /**
* Minimum supported protocol version * Minimum supported protocol version

4
node/Peer.cpp
View File

@ -62,12 +62,12 @@ Peer::Peer(const RuntimeEnvironment *renv,const Identity &myIdentity,const Ident
throw ZT_EXCEPTION_INVALID_ARGUMENT; throw ZT_EXCEPTION_INVALID_ARGUMENT;
} }
uint8_t ktmp[32]; uint8_t ktmp[48];
KBKDFHMACSHA384(_key,ZT_KBKDF_LABEL_AES_GMAC_SIV_K0,0,0,ktmp); KBKDFHMACSHA384(_key,ZT_KBKDF_LABEL_AES_GMAC_SIV_K0,0,0,ktmp);
_aesKeys[0].init(ktmp); _aesKeys[0].init(ktmp);
KBKDFHMACSHA384(_key,ZT_KBKDF_LABEL_AES_GMAC_SIV_K1,0,0,ktmp); KBKDFHMACSHA384(_key,ZT_KBKDF_LABEL_AES_GMAC_SIV_K1,0,0,ktmp);
_aesKeys[0].init(ktmp); _aesKeys[0].init(ktmp);
Utils::burn(ktmp, 32); Utils::burn(ktmp, 48);
} }
void Peer::received( void Peer::received(

8
node/Peer.hpp
View File

@ -533,11 +533,11 @@ public:
*/ */
inline int8_t bondingPolicy() { return _bondingPolicy; } inline int8_t bondingPolicy() { return _bondingPolicy; }
//const AES *aesKeysIfSupported() const
//{ return (const AES *)0; }
const AES *aesKeysIfSupported() const const AES *aesKeysIfSupported() const
{ return (_vProto >= 10) ? _aesKeys : (const AES *)0; } { return (const AES *)0; }
//const AES *aesKeysIfSupported() const
//{ return (_vProto >= 12) ? _aesKeys : (const AES *)0; }
private: private:
struct _PeerPath struct _PeerPath

14
node/Topology.cpp
View File

@ -363,13 +363,15 @@ void Topology::_memoizeUpstreams(void *tPtr)
_amUpstream = false; _amUpstream = false;
for(std::vector<World::Root>::const_iterator i(_planet.roots().begin());i!=_planet.roots().end();++i) { for(std::vector<World::Root>::const_iterator i(_planet.roots().begin());i!=_planet.roots().end();++i) {
if (i->identity == RR->identity) { const Identity &id = i->identity;
if (id == RR->identity) {
_amUpstream = true; _amUpstream = true;
} else if (std::find(_upstreamAddresses.begin(),_upstreamAddresses.end(),i->identity.address()) == _upstreamAddresses.end()) { } else if (std::find(_upstreamAddresses.begin(),_upstreamAddresses.end(),id.address()) == _upstreamAddresses.end()) {
_upstreamAddresses.push_back(i->identity.address()); _upstreamAddresses.push_back(id.address());
SharedPtr<Peer> &hp = _peers[i->identity.address()]; SharedPtr<Peer> &hp = _peers[id.address()];
if (!hp) if (!hp) {
hp = new Peer(RR,RR->identity,i->identity); hp = new Peer(RR,RR->identity,id);
}
} }
} }

47
node/Utils.hpp
View File

@ -418,6 +418,53 @@ public:
return true; return true;
} }
/**
* Unconditionally swap bytes regardless of host byte order
*
* @param n Integer to swap
* @return Integer with bytes reversed
*/
static ZT_INLINE uint64_t swapBytes(const uint64_t n) noexcept
{
#ifdef __GNUC__
return __builtin_bswap64(n);
#else
#ifdef _MSC_VER
return (uint64_t)_byteswap_uint64((unsigned __int64)n);
#else
return (
((n & 0x00000000000000ffULL) << 56) |
((n & 0x000000000000ff00ULL) << 40) |
((n & 0x0000000000ff0000ULL) << 24) |
((n & 0x00000000ff000000ULL) << 8) |
((n & 0x000000ff00000000ULL) >> 8) |
((n & 0x0000ff0000000000ULL) >> 24) |
((n & 0x00ff000000000000ULL) >> 40) |
((n & 0xff00000000000000ULL) >> 56)
);
#endif
#endif
}
/**
* Unconditionally swap bytes regardless of host byte order
*
* @param n Integer to swap
* @return Integer with bytes reversed
*/
static ZT_INLINE uint32_t swapBytes(const uint32_t n) noexcept
{
#if defined(__GNUC__)
return __builtin_bswap32(n);
#else
#ifdef _MSC_VER
return (uint32_t)_byteswap_ulong((unsigned long)n);
#else
return htonl(n);
#endif
#endif
}
/** /**
* Unconditionally swap bytes regardless of host byte order * Unconditionally swap bytes regardless of host byte order
* *

2
version.h
View File

@ -27,7 +27,7 @@
/** /**
* Revision * Revision
*/ */
#define ZEROTIER_ONE_VERSION_REVISION 6 #define ZEROTIER_ONE_VERSION_REVISION 8
/** /**
* Build version * Build version