diff options
Diffstat (limited to 'node')
-rw-r--r-- | node/C25519.hpp | 3 | ||||
-rw-r--r-- | node/Defaults.cpp | 2 | ||||
-rw-r--r-- | node/Identity.cpp | 118 | ||||
-rw-r--r-- | node/Identity.hpp | 14 | ||||
-rw-r--r-- | node/SHA512.cpp | 2 |
5 files changed, 36 insertions, 103 deletions
diff --git a/node/C25519.hpp b/node/C25519.hpp index 8d6a58ba..79edfa06 100644 --- a/node/C25519.hpp +++ b/node/C25519.hpp @@ -101,7 +101,8 @@ public: Utils::getSecureRandom(priv,kp.priv.size()); _calcPubED(kp); // do Ed25519 key -- bytes 32-63 of pub and priv do { - ++*((uint64_t *)priv); + ++(((uint64_t *)priv)[1]); + --(((uint64_t *)priv)[2]); _calcPubDH(kp); // keep regenerating bytes 0-31 until satisfied } while (!cond(kp)); return kp; diff --git a/node/Defaults.cpp b/node/Defaults.cpp index 9ce72b30..d3d6f049 100644 --- a/node/Defaults.cpp +++ b/node/Defaults.cpp @@ -53,6 +53,7 @@ static inline std::map< Identity,std::vector<InetAddress> > _mkSupernodeMap() // designated as such and trusted to provide WHOIS lookup. // cthulhu.zerotier.com - New York, New York, USA +#if 0 addrs.clear(); if (!id.fromString("a0fa79d81c:2:0bb348bb38883a29054659a37c204f2c0b082985cb51b36fad31366dfedd616c20aacc5e33ceee2b054670639563238c4fe50bb8716c1ac7996762c0eaefbb23:b7e91f4c77815327c59ff0979f33861e665d002a357448572954c85919be61f768ee6a4d4e42318ffd9cfcc08cadedcd0277a33a950e316a1d7b5bf082919400c44cad1e725fc2035e2d7087d0c8bf51adc5875b643d759a475f899cfbf3e1a4")) throw std::runtime_error("invalid identity in Defaults"); @@ -72,6 +73,7 @@ static inline std::map< Identity,std::vector<InetAddress> > _mkSupernodeMap() throw std::runtime_error("invalid identity in Defaults"); addrs.push_back(InetAddress("198.211.127.172",ZT_DEFAULT_UDP_PORT)); sn[id] = addrs; +#endif return sn; } diff --git a/node/Identity.cpp b/node/Identity.cpp index 93d5024b..e897a42c 100644 --- a/node/Identity.cpp +++ b/node/Identity.cpp @@ -34,37 +34,50 @@ #include "Identity.hpp" #include "SHA512.hpp" #include "Salsa20.hpp" +#include "Utils.hpp" namespace ZeroTier { +/* + * This is the hashcash criterion + */ +struct _Identity_generate_cond +{ + _Identity_generate_cond() throw() {} + _Identity_generate_cond(char *sb) throw() : sha512buf(sb) {} + + inline bool operator()(const C25519::Pair &kp) const + throw() + { + SHA512::hash(sha512buf,kp.pub.data,kp.pub.size()); + + if ((!sha512buf[0])&&(!(sha512buf[1] & 0xf0))) + return true; + + return false; + } + + char *sha512buf; +}; + void Identity::generate() { + char sha512buf[64]; + C25519::Pair kp; do { - kp = C25519::generate(); - _address = deriveAddress(kp.pub.data,kp.pub.size()); + kp = C25519::generateSatisfying(_Identity_generate_cond(sha512buf)); + _address.setTo(sha512buf + 59,ZT_ADDRESS_LENGTH); // last 5 bytes are address } while (_address.isReserved()); _publicKey = kp.pub; if (!_privateKey) _privateKey = new C25519::Private(); *_privateKey = kp.priv; - - unsigned char tmp[ZT_ADDRESS_LENGTH + ZT_C25519_PUBLIC_KEY_LEN]; - _address.copyTo(tmp,ZT_ADDRESS_LENGTH); - memcpy(tmp + ZT_ADDRESS_LENGTH,_publicKey.data,ZT_C25519_PUBLIC_KEY_LEN); - _signature = C25519::sign(kp,tmp,sizeof(tmp)); } bool Identity::locallyValidate(bool doAddressDerivationCheck) const { - unsigned char tmp[ZT_ADDRESS_LENGTH + ZT_C25519_PUBLIC_KEY_LEN]; - _address.copyTo(tmp,ZT_ADDRESS_LENGTH); - memcpy(tmp + ZT_ADDRESS_LENGTH,_publicKey.data,ZT_C25519_PUBLIC_KEY_LEN); - if (!C25519::verify(_publicKey,tmp,sizeof(tmp),_signature)) - return false; - if ((doAddressDerivationCheck)&&(deriveAddress(_publicKey.data,_publicKey.size()) != _address)) - return false; return true; } @@ -73,10 +86,8 @@ std::string Identity::toString(bool includePrivate) const std::string r; r.append(_address.toString()); - r.append(":2:"); // 2 == IDENTITY_TYPE_C25519 + r.append(":0:"); // 0 == IDENTITY_TYPE_C25519 r.append(Utils::hex(_publicKey.data,_publicKey.size())); - r.push_back(':'); - r.append(Utils::hex(_signature.data,_signature.size())); if ((_privateKey)&&(includePrivate)) { r.push_back(':'); r.append(Utils::hex(_privateKey->data,_privateKey->size())); @@ -104,7 +115,7 @@ bool Identity::fromString(const char *str) return false; break; case 1: - if (strcmp(f,"2")) + if (f[0] != '0') return false; break; case 2: @@ -112,10 +123,6 @@ bool Identity::fromString(const char *str) return false; break; case 3: - if (Utils::unhex(f,_signature.data,_signature.size()) != _signature.size()) - return false; - break; - case 4: _privateKey = new C25519::Private(); if (Utils::unhex(f,_privateKey->data,_privateKey->size()) != _privateKey->size()) return false; @@ -130,72 +137,5 @@ bool Identity::fromString(const char *str) return true; } -// These are fixed parameters and can't be changed without a new -// identity type. -#define ZT_IDENTITY_DERIVEADDRESS_MEMORY 33554432 -#define ZT_IDENTITY_DERIVEADDRESS_ROUNDS 50 - -Address Identity::deriveAddress(const void *keyBytes,unsigned int keyLen) -{ - /* - * Sequential memory-hard algorithm wedding address to public key - * - * Conventional hashcash with long computations and quick verifications - * unfortunately cannot be used here. If that were used, it would be - * equivalently costly to simply increment/vary the public key and find - * a collision as it would be to find the address. We need something - * that creates a costly 1:~1 mapping from key to address, hence this - * algorithm. - * - * Search for "sequential memory hard algorithm" for academic references - * to similar concepts. - */ - - unsigned char *ram = new unsigned char[ZT_IDENTITY_DERIVEADDRESS_MEMORY]; - for(unsigned int i=0;i<ZT_IDENTITY_DERIVEADDRESS_MEMORY;++i) - ram[i] = ((const unsigned char *)keyBytes)[i % keyLen]; - - unsigned char salsaKey[ZT_SHA512_DIGEST_LEN]; - SHA512::hash(salsaKey,keyBytes,keyLen); - - uint64_t nonce = 0; - for(unsigned int r=0;r<ZT_IDENTITY_DERIVEADDRESS_ROUNDS;++r) { - nonce = Utils::crc64(nonce,ram,ZT_IDENTITY_DERIVEADDRESS_MEMORY); -#if __BYTE_ORDER == __BIG_ENDIAN - nonce = ( // swap to little endian -- this was written for a LE system - ((nonce & 0x00000000000000FFULL) << 56) | - ((nonce & 0x000000000000FF00ULL) << 40) | - ((nonce & 0x0000000000FF0000ULL) << 24) | - ((nonce & 0x00000000FF000000ULL) << 8) | - ((nonce & 0x000000FF00000000ULL) >> 8) | - ((nonce & 0x0000FF0000000000ULL) >> 24) | - ((nonce & 0x00FF000000000000ULL) >> 40) | - ((nonce & 0xFF00000000000000ULL) >> 56) - ); -#endif - Salsa20 s20(salsaKey,256,&nonce); -#if __BYTE_ORDER == __BIG_ENDIAN - nonce = ( // swap back to big endian - ((nonce & 0x00000000000000FFULL) << 56) | - ((nonce & 0x000000000000FF00ULL) << 40) | - ((nonce & 0x0000000000FF0000ULL) << 24) | - ((nonce & 0x00000000FF000000ULL) << 8) | - ((nonce & 0x000000FF00000000ULL) >> 8) | - ((nonce & 0x0000FF0000000000ULL) >> 24) | - ((nonce & 0x00FF000000000000ULL) >> 40) | - ((nonce & 0xFF00000000000000ULL) >> 56) - ); -#endif - s20.encrypt(ram,ram,ZT_IDENTITY_DERIVEADDRESS_MEMORY); - } - - unsigned char finalDigest[ZT_SHA512_DIGEST_LEN]; - SHA512::hash(finalDigest,ram,ZT_IDENTITY_DERIVEADDRESS_MEMORY); - - delete [] ram; - - return Address(finalDigest,ZT_ADDRESS_LENGTH); -} - } // namespace ZeroTier diff --git a/node/Identity.hpp b/node/Identity.hpp index b2a57941..2c02a5f1 100644 --- a/node/Identity.hpp +++ b/node/Identity.hpp @@ -61,8 +61,7 @@ public: */ enum Type { - IDENTITY_TYPE_NIST_P_521 = 1, // OBSOLETE -- only present in some early alpha versions - IDENTITY_TYPE_C25519 = 2 + IDENTITY_TYPE_C25519 = 0 }; Identity() : @@ -73,7 +72,6 @@ public: Identity(const Identity &id) : _address(id._address), _publicKey(id._publicKey), - _signature(id._signature), _privateKey((id._privateKey) ? new C25519::Private(*(id._privateKey)) : (C25519::Private *)0) { } @@ -111,7 +109,6 @@ public: { _address = id._address; _publicKey = id._publicKey; - _signature = id._signature; if (id._privateKey) { if (!_privateKey) _privateKey = new C25519::Private(); @@ -236,7 +233,6 @@ public: _address.appendTo(b); b.append((unsigned char)IDENTITY_TYPE_C25519); b.append(_publicKey.data,_publicKey.size()); - b.append(_signature.data,_signature.size()); if ((_privateKey)&&(includePrivate)) { b.append((unsigned char)_privateKey->size()); b.append(_privateKey->data,_privateKey->size()); @@ -252,7 +248,7 @@ public: * @param b Buffer containing serialized data * @param startAt Index within buffer of serialized data (default: 0) * @return Length of serialized data read from buffer - * @throws std::out_of_range Buffer too small + * @throws std::out_of_range Serialized data invalid * @throws std::invalid_argument Serialized data invalid */ template<unsigned int C> @@ -272,8 +268,6 @@ public: memcpy(_publicKey.data,b.field(p,_publicKey.size()),_publicKey.size()); p += _publicKey.size(); - memcpy(_signature.data,b.field(p,_signature.size()),_signature.size()); - p += _signature.size(); unsigned int privateKeyLength = b[p++]; if ((privateKeyLength)&&(privateKeyLength == ZT_C25519_PRIVATE_KEY_LEN)) { @@ -318,12 +312,8 @@ public: inline bool operator>=(const Identity &id) const throw() { return !(*this < id); } private: - // Compute an address from public key bytes - static Address deriveAddress(const void *keyBytes,unsigned int keyLen); - Address _address; C25519::Public _publicKey; - C25519::Signature _signature; C25519::Private *_privateKey; }; diff --git a/node/SHA512.cpp b/node/SHA512.cpp index 9d6fbd95..7cec1741 100644 --- a/node/SHA512.cpp +++ b/node/SHA512.cpp @@ -121,7 +121,7 @@ static void store_bigendian(unsigned char *x,uint64 u) b = a; \ a = T1 + T2; -int crypto_hashblocks(unsigned char *statebytes,const unsigned char *in,unsigned long long inlen) +static inline int crypto_hashblocks(unsigned char *statebytes,const unsigned char *in,unsigned long long inlen) { uint64 state[8]; uint64 a; |