summaryrefslogtreecommitdiff
path: root/node
diff options
context:
space:
mode:
Diffstat (limited to 'node')
-rw-r--r--node/C25519.hpp3
-rw-r--r--node/Defaults.cpp2
-rw-r--r--node/Identity.cpp118
-rw-r--r--node/Identity.hpp14
-rw-r--r--node/SHA512.cpp2
5 files changed, 36 insertions, 103 deletions
diff --git a/node/C25519.hpp b/node/C25519.hpp
index 8d6a58ba..79edfa06 100644
--- a/node/C25519.hpp
+++ b/node/C25519.hpp
@@ -101,7 +101,8 @@ public:
Utils::getSecureRandom(priv,kp.priv.size());
_calcPubED(kp); // do Ed25519 key -- bytes 32-63 of pub and priv
do {
- ++*((uint64_t *)priv);
+ ++(((uint64_t *)priv)[1]);
+ --(((uint64_t *)priv)[2]);
_calcPubDH(kp); // keep regenerating bytes 0-31 until satisfied
} while (!cond(kp));
return kp;
diff --git a/node/Defaults.cpp b/node/Defaults.cpp
index 9ce72b30..d3d6f049 100644
--- a/node/Defaults.cpp
+++ b/node/Defaults.cpp
@@ -53,6 +53,7 @@ static inline std::map< Identity,std::vector<InetAddress> > _mkSupernodeMap()
// designated as such and trusted to provide WHOIS lookup.
// cthulhu.zerotier.com - New York, New York, USA
+#if 0
addrs.clear();
if (!id.fromString("a0fa79d81c:2:0bb348bb38883a29054659a37c204f2c0b082985cb51b36fad31366dfedd616c20aacc5e33ceee2b054670639563238c4fe50bb8716c1ac7996762c0eaefbb23:b7e91f4c77815327c59ff0979f33861e665d002a357448572954c85919be61f768ee6a4d4e42318ffd9cfcc08cadedcd0277a33a950e316a1d7b5bf082919400c44cad1e725fc2035e2d7087d0c8bf51adc5875b643d759a475f899cfbf3e1a4"))
throw std::runtime_error("invalid identity in Defaults");
@@ -72,6 +73,7 @@ static inline std::map< Identity,std::vector<InetAddress> > _mkSupernodeMap()
throw std::runtime_error("invalid identity in Defaults");
addrs.push_back(InetAddress("198.211.127.172",ZT_DEFAULT_UDP_PORT));
sn[id] = addrs;
+#endif
return sn;
}
diff --git a/node/Identity.cpp b/node/Identity.cpp
index 93d5024b..e897a42c 100644
--- a/node/Identity.cpp
+++ b/node/Identity.cpp
@@ -34,37 +34,50 @@
#include "Identity.hpp"
#include "SHA512.hpp"
#include "Salsa20.hpp"
+#include "Utils.hpp"
namespace ZeroTier {
+/*
+ * This is the hashcash criterion
+ */
+struct _Identity_generate_cond
+{
+ _Identity_generate_cond() throw() {}
+ _Identity_generate_cond(char *sb) throw() : sha512buf(sb) {}
+
+ inline bool operator()(const C25519::Pair &kp) const
+ throw()
+ {
+ SHA512::hash(sha512buf,kp.pub.data,kp.pub.size());
+
+ if ((!sha512buf[0])&&(!(sha512buf[1] & 0xf0)))
+ return true;
+
+ return false;
+ }
+
+ char *sha512buf;
+};
+
void Identity::generate()
{
+ char sha512buf[64];
+
C25519::Pair kp;
do {
- kp = C25519::generate();
- _address = deriveAddress(kp.pub.data,kp.pub.size());
+ kp = C25519::generateSatisfying(_Identity_generate_cond(sha512buf));
+ _address.setTo(sha512buf + 59,ZT_ADDRESS_LENGTH); // last 5 bytes are address
} while (_address.isReserved());
_publicKey = kp.pub;
if (!_privateKey)
_privateKey = new C25519::Private();
*_privateKey = kp.priv;
-
- unsigned char tmp[ZT_ADDRESS_LENGTH + ZT_C25519_PUBLIC_KEY_LEN];
- _address.copyTo(tmp,ZT_ADDRESS_LENGTH);
- memcpy(tmp + ZT_ADDRESS_LENGTH,_publicKey.data,ZT_C25519_PUBLIC_KEY_LEN);
- _signature = C25519::sign(kp,tmp,sizeof(tmp));
}
bool Identity::locallyValidate(bool doAddressDerivationCheck) const
{
- unsigned char tmp[ZT_ADDRESS_LENGTH + ZT_C25519_PUBLIC_KEY_LEN];
- _address.copyTo(tmp,ZT_ADDRESS_LENGTH);
- memcpy(tmp + ZT_ADDRESS_LENGTH,_publicKey.data,ZT_C25519_PUBLIC_KEY_LEN);
- if (!C25519::verify(_publicKey,tmp,sizeof(tmp),_signature))
- return false;
- if ((doAddressDerivationCheck)&&(deriveAddress(_publicKey.data,_publicKey.size()) != _address))
- return false;
return true;
}
@@ -73,10 +86,8 @@ std::string Identity::toString(bool includePrivate) const
std::string r;
r.append(_address.toString());
- r.append(":2:"); // 2 == IDENTITY_TYPE_C25519
+ r.append(":0:"); // 0 == IDENTITY_TYPE_C25519
r.append(Utils::hex(_publicKey.data,_publicKey.size()));
- r.push_back(':');
- r.append(Utils::hex(_signature.data,_signature.size()));
if ((_privateKey)&&(includePrivate)) {
r.push_back(':');
r.append(Utils::hex(_privateKey->data,_privateKey->size()));
@@ -104,7 +115,7 @@ bool Identity::fromString(const char *str)
return false;
break;
case 1:
- if (strcmp(f,"2"))
+ if (f[0] != '0')
return false;
break;
case 2:
@@ -112,10 +123,6 @@ bool Identity::fromString(const char *str)
return false;
break;
case 3:
- if (Utils::unhex(f,_signature.data,_signature.size()) != _signature.size())
- return false;
- break;
- case 4:
_privateKey = new C25519::Private();
if (Utils::unhex(f,_privateKey->data,_privateKey->size()) != _privateKey->size())
return false;
@@ -130,72 +137,5 @@ bool Identity::fromString(const char *str)
return true;
}
-// These are fixed parameters and can't be changed without a new
-// identity type.
-#define ZT_IDENTITY_DERIVEADDRESS_MEMORY 33554432
-#define ZT_IDENTITY_DERIVEADDRESS_ROUNDS 50
-
-Address Identity::deriveAddress(const void *keyBytes,unsigned int keyLen)
-{
- /*
- * Sequential memory-hard algorithm wedding address to public key
- *
- * Conventional hashcash with long computations and quick verifications
- * unfortunately cannot be used here. If that were used, it would be
- * equivalently costly to simply increment/vary the public key and find
- * a collision as it would be to find the address. We need something
- * that creates a costly 1:~1 mapping from key to address, hence this
- * algorithm.
- *
- * Search for "sequential memory hard algorithm" for academic references
- * to similar concepts.
- */
-
- unsigned char *ram = new unsigned char[ZT_IDENTITY_DERIVEADDRESS_MEMORY];
- for(unsigned int i=0;i<ZT_IDENTITY_DERIVEADDRESS_MEMORY;++i)
- ram[i] = ((const unsigned char *)keyBytes)[i % keyLen];
-
- unsigned char salsaKey[ZT_SHA512_DIGEST_LEN];
- SHA512::hash(salsaKey,keyBytes,keyLen);
-
- uint64_t nonce = 0;
- for(unsigned int r=0;r<ZT_IDENTITY_DERIVEADDRESS_ROUNDS;++r) {
- nonce = Utils::crc64(nonce,ram,ZT_IDENTITY_DERIVEADDRESS_MEMORY);
-#if __BYTE_ORDER == __BIG_ENDIAN
- nonce = ( // swap to little endian -- this was written for a LE system
- ((nonce & 0x00000000000000FFULL) << 56) |
- ((nonce & 0x000000000000FF00ULL) << 40) |
- ((nonce & 0x0000000000FF0000ULL) << 24) |
- ((nonce & 0x00000000FF000000ULL) << 8) |
- ((nonce & 0x000000FF00000000ULL) >> 8) |
- ((nonce & 0x0000FF0000000000ULL) >> 24) |
- ((nonce & 0x00FF000000000000ULL) >> 40) |
- ((nonce & 0xFF00000000000000ULL) >> 56)
- );
-#endif
- Salsa20 s20(salsaKey,256,&nonce);
-#if __BYTE_ORDER == __BIG_ENDIAN
- nonce = ( // swap back to big endian
- ((nonce & 0x00000000000000FFULL) << 56) |
- ((nonce & 0x000000000000FF00ULL) << 40) |
- ((nonce & 0x0000000000FF0000ULL) << 24) |
- ((nonce & 0x00000000FF000000ULL) << 8) |
- ((nonce & 0x000000FF00000000ULL) >> 8) |
- ((nonce & 0x0000FF0000000000ULL) >> 24) |
- ((nonce & 0x00FF000000000000ULL) >> 40) |
- ((nonce & 0xFF00000000000000ULL) >> 56)
- );
-#endif
- s20.encrypt(ram,ram,ZT_IDENTITY_DERIVEADDRESS_MEMORY);
- }
-
- unsigned char finalDigest[ZT_SHA512_DIGEST_LEN];
- SHA512::hash(finalDigest,ram,ZT_IDENTITY_DERIVEADDRESS_MEMORY);
-
- delete [] ram;
-
- return Address(finalDigest,ZT_ADDRESS_LENGTH);
-}
-
} // namespace ZeroTier
diff --git a/node/Identity.hpp b/node/Identity.hpp
index b2a57941..2c02a5f1 100644
--- a/node/Identity.hpp
+++ b/node/Identity.hpp
@@ -61,8 +61,7 @@ public:
*/
enum Type
{
- IDENTITY_TYPE_NIST_P_521 = 1, // OBSOLETE -- only present in some early alpha versions
- IDENTITY_TYPE_C25519 = 2
+ IDENTITY_TYPE_C25519 = 0
};
Identity() :
@@ -73,7 +72,6 @@ public:
Identity(const Identity &id) :
_address(id._address),
_publicKey(id._publicKey),
- _signature(id._signature),
_privateKey((id._privateKey) ? new C25519::Private(*(id._privateKey)) : (C25519::Private *)0)
{
}
@@ -111,7 +109,6 @@ public:
{
_address = id._address;
_publicKey = id._publicKey;
- _signature = id._signature;
if (id._privateKey) {
if (!_privateKey)
_privateKey = new C25519::Private();
@@ -236,7 +233,6 @@ public:
_address.appendTo(b);
b.append((unsigned char)IDENTITY_TYPE_C25519);
b.append(_publicKey.data,_publicKey.size());
- b.append(_signature.data,_signature.size());
if ((_privateKey)&&(includePrivate)) {
b.append((unsigned char)_privateKey->size());
b.append(_privateKey->data,_privateKey->size());
@@ -252,7 +248,7 @@ public:
* @param b Buffer containing serialized data
* @param startAt Index within buffer of serialized data (default: 0)
* @return Length of serialized data read from buffer
- * @throws std::out_of_range Buffer too small
+ * @throws std::out_of_range Serialized data invalid
* @throws std::invalid_argument Serialized data invalid
*/
template<unsigned int C>
@@ -272,8 +268,6 @@ public:
memcpy(_publicKey.data,b.field(p,_publicKey.size()),_publicKey.size());
p += _publicKey.size();
- memcpy(_signature.data,b.field(p,_signature.size()),_signature.size());
- p += _signature.size();
unsigned int privateKeyLength = b[p++];
if ((privateKeyLength)&&(privateKeyLength == ZT_C25519_PRIVATE_KEY_LEN)) {
@@ -318,12 +312,8 @@ public:
inline bool operator>=(const Identity &id) const throw() { return !(*this < id); }
private:
- // Compute an address from public key bytes
- static Address deriveAddress(const void *keyBytes,unsigned int keyLen);
-
Address _address;
C25519::Public _publicKey;
- C25519::Signature _signature;
C25519::Private *_privateKey;
};
diff --git a/node/SHA512.cpp b/node/SHA512.cpp
index 9d6fbd95..7cec1741 100644
--- a/node/SHA512.cpp
+++ b/node/SHA512.cpp
@@ -121,7 +121,7 @@ static void store_bigendian(unsigned char *x,uint64 u)
b = a; \
a = T1 + T2;
-int crypto_hashblocks(unsigned char *statebytes,const unsigned char *in,unsigned long long inlen)
+static inline int crypto_hashblocks(unsigned char *statebytes,const unsigned char *in,unsigned long long inlen)
{
uint64 state[8];
uint64 a;