AES work... but disabled in this commit.

2024-12-18 20:47:53 +00:00 · 2020-09-10 15:43:40 -04:00 · 2020-09-10 15:43:40 -04:00 · e6b5f8aabd
commit e6b5f8aabd
parent 1ad555a071
7 changed files with 68 additions and 15 deletions
--- a/node/Packet.cpp
+++ b/node/Packet.cpp
@ -880,6 +880,8 @@ void Packet::armor(const void *key,bool encryptPayload,const AES aesKeys[2])
 {
 	uint8_t *const data = reinterpret_cast<uint8_t *>(unsafeData());
 	if ((aesKeys) && (encryptPayload)) {
+		char tmp0[16],tmp1[16];
+		printf("AES armor %.16llx %s -> %s %u\n",*reinterpret_cast<const uint64_t *>(data),Address(data + ZT_PACKET_IDX_SOURCE,5).toString(tmp0),Address(data + ZT_PACKET_IDX_DEST,5).toString(tmp1),size());
 		setCipher(ZT_PROTO_CIPHER_SUITE__AES_GMAC_SIV);

 		uint8_t *const payload = data + ZT_PACKET_IDX_VERB;
@ -945,6 +947,7 @@ bool Packet::dearmor(const void *key,const AES aesKeys[2])

 	if (cs == ZT_PROTO_CIPHER_SUITE__AES_GMAC_SIV) {
 		if (aesKeys) {
+			printf("AES dearmor\n");
 			AES::GMACSIVDecryptor dec(aesKeys[0],aesKeys[1]);

 			uint64_t tag[2];
--- a/node/Packet.hpp
+++ b/node/Packet.hpp
@ -57,11 +57,12 @@
 *    + Inline push of CertificateOfMembership deprecated
 * 9  - 1.2.0 ... 1.2.14
 * 10 - 1.4.0 ... 1.4.6
- * 11 - 1.4.8 ... end of 1.4 series
+ * 11 - 1.4.7 ... 1.4.8
 *    + Multipath capability and load balancing (beta)
+ * 12 - 1.4.8 ... CURRENT (1.4 series)
 *    + AES-GMAC-SIV backported for faster peer-to-peer crypto
 */
-#define ZT_PROTO_VERSION 11
+#define ZT_PROTO_VERSION 12

 /**
 * Minimum supported protocol version
--- a/node/Peer.cpp
+++ b/node/Peer.cpp
@ -62,12 +62,12 @@ Peer::Peer(const RuntimeEnvironment *renv,const Identity &myIdentity,const Ident
 		throw ZT_EXCEPTION_INVALID_ARGUMENT;
 	}

-	uint8_t ktmp[32];
+	uint8_t ktmp[48];
 	KBKDFHMACSHA384(_key,ZT_KBKDF_LABEL_AES_GMAC_SIV_K0,0,0,ktmp);
 	_aesKeys[0].init(ktmp);
 	KBKDFHMACSHA384(_key,ZT_KBKDF_LABEL_AES_GMAC_SIV_K1,0,0,ktmp);
 	_aesKeys[0].init(ktmp);
-	Utils::burn(ktmp, 32);
+	Utils::burn(ktmp, 48);
 }

 void Peer::received(
--- a/node/Peer.hpp
+++ b/node/Peer.hpp
@ -533,11 +533,11 @@ public:
 	 */
 	inline int8_t bondingPolicy() { return _bondingPolicy; }

-	//const AES *aesKeysIfSupported() const
-	//{ return (const AES *)0; }
-
 	const AES *aesKeysIfSupported() const
-	{ return (_vProto >= 10) ? _aesKeys : (const AES *)0; }
+	{ return (const AES *)0; }
+
+	//const AES *aesKeysIfSupported() const
+	//{ return (_vProto >= 12) ? _aesKeys : (const AES *)0; }

 private:
 	struct _PeerPath
--- a/node/Topology.cpp
+++ b/node/Topology.cpp
@ -363,13 +363,15 @@ void Topology::_memoizeUpstreams(void *tPtr)
 	_amUpstream = false;

 	for(std::vector<World::Root>::const_iterator i(_planet.roots().begin());i!=_planet.roots().end();++i) {
-		if (i->identity == RR->identity) {
+		const Identity &id = i->identity;
+		if (id == RR->identity) {
 			_amUpstream = true;
-		} else if (std::find(_upstreamAddresses.begin(),_upstreamAddresses.end(),i->identity.address()) == _upstreamAddresses.end()) {
-			_upstreamAddresses.push_back(i->identity.address());
-			SharedPtr<Peer> &hp = _peers[i->identity.address()];
-			if (!hp)
-				hp = new Peer(RR,RR->identity,i->identity);
+		} else if (std::find(_upstreamAddresses.begin(),_upstreamAddresses.end(),id.address()) == _upstreamAddresses.end()) {
+			_upstreamAddresses.push_back(id.address());
+			SharedPtr<Peer> &hp = _peers[id.address()];
+			if (!hp) {
+				hp = new Peer(RR,RR->identity,id);
+			}
 		}
 	}

--- a/node/Utils.hpp
+++ b/node/Utils.hpp
@ -418,6 +418,53 @@ public:
 		return true;
 	}

+	/**
+	 * Unconditionally swap bytes regardless of host byte order
+	 *
+	 * @param n Integer to swap
+	 * @return Integer with bytes reversed
+	 */
+	static ZT_INLINE uint64_t swapBytes(const uint64_t n) noexcept
+	{
+	#ifdef __GNUC__
+		return __builtin_bswap64(n);
+	#else
+	#ifdef _MSC_VER
+		return (uint64_t)_byteswap_uint64((unsigned __int64)n);
+	#else
+		return (
+			((n & 0x00000000000000ffULL) << 56) |
+			((n & 0x000000000000ff00ULL) << 40) |
+			((n & 0x0000000000ff0000ULL) << 24) |
+			((n & 0x00000000ff000000ULL) <<  8) |
+			((n & 0x000000ff00000000ULL) >>  8) |
+			((n & 0x0000ff0000000000ULL) >> 24) |
+			((n & 0x00ff000000000000ULL) >> 40) |
+			((n & 0xff00000000000000ULL) >> 56)
+		);
+	#endif
+	#endif
+	}
+
+	/**
+	 * Unconditionally swap bytes regardless of host byte order
+	 *
+	 * @param n Integer to swap
+	 * @return Integer with bytes reversed
+	 */
+	static ZT_INLINE uint32_t swapBytes(const uint32_t n) noexcept
+	{
+	#if defined(__GNUC__)
+		return __builtin_bswap32(n);
+	#else
+	#ifdef _MSC_VER
+		return (uint32_t)_byteswap_ulong((unsigned long)n);
+	#else
+		return htonl(n);
+	#endif
+	#endif
+	}
+
 	/**
 	 * Unconditionally swap bytes regardless of host byte order
 	 *
--- a/version.h
+++ b/version.h
@ -27,7 +27,7 @@
 /**
 * Revision
 */
-#define ZEROTIER_ONE_VERSION_REVISION 6
+#define ZEROTIER_ONE_VERSION_REVISION 8

 /**
 * Build version