void/ZeroTierOne
2
0
Fork 0
mirror of https://github.com/zerotier/ZeroTierOne.git synced 2025-07-27 04:32:51 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Clang-format changes.

Browse source
This commit is contained in:
Adam Ierymenko 2021-05-18 12:43:13 -04:00
parent 68c64d530b
commit 0290446000
No known key found for this signature in database
GPG key ID: C8877CF2D7A5D7F3
96 changed files with 4974 additions and 5613 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

252
core/AES.cpp
View file

@ -41,12 +41,21 @@ namespace {
uint32_t y1t_##N = (y)&0x22222222U; \
uint32_t y2t_##N = (y)&0x44444444U; \
uint32_t y3t_##N = (y)&0x88888888U; \
uint64_t z0t_##N = (((uint64_t)x0t_##N * y0t_##N) ^ ((uint64_t)x1t_##N * y3t_##N) ^ ((uint64_t)x2t_##N * y2t_##N) ^ ((uint64_t)x3t_##N * y1t_##N)) & 0x1111111111111111ULL; \
uint64_t z1t_##N = (((uint64_t)x0t_##N * y1t_##N) ^ ((uint64_t)x1t_##N * y0t_##N) ^ ((uint64_t)x2t_##N * y3t_##N) ^ ((uint64_t)x3t_##N * y2t_##N)) & 0x2222222222222222ULL; \
uint64_t z2t_##N = (((uint64_t)x0t_##N * y2t_##N) ^ ((uint64_t)x1t_##N * y1t_##N) ^ ((uint64_t)x2t_##N * y0t_##N) ^ ((uint64_t)x3t_##N * y3t_##N)) & 0x4444444444444444ULL; \
uint64_t z0t_##N = (((uint64_t)x0t_##N * y0t_##N) ^ ((uint64_t)x1t_##N * y3t_##N) ^ ((uint64_t)x2t_##N * y2t_##N) \
^ ((uint64_t)x3t_##N * y1t_##N)) \
& 0x1111111111111111ULL; \
uint64_t z1t_##N = (((uint64_t)x0t_##N * y1t_##N) ^ ((uint64_t)x1t_##N * y0t_##N) ^ ((uint64_t)x2t_##N * y3t_##N) \
^ ((uint64_t)x3t_##N * y2t_##N)) \
& 0x2222222222222222ULL; \
uint64_t z2t_##N = (((uint64_t)x0t_##N * y2t_##N) ^ ((uint64_t)x1t_##N * y1t_##N) ^ ((uint64_t)x2t_##N * y0t_##N) \
^ ((uint64_t)x3t_##N * y3t_##N)) \
& 0x4444444444444444ULL; \
z0t_##N |= z1t_##N; \
z2t_##N |= z0t_##N; \
uint64_t zt_##N = z2t_##N | ((((uint64_t)x0t_##N * y3t_##N) ^ ((uint64_t)x1t_##N * y2t_##N) ^ ((uint64_t)x2t_##N * y1t_##N) ^ ((uint64_t)x3t_##N * y0t_##N)) & 0x8888888888888888ULL); \
uint64_t zt_##N = z2t_##N \
| ((((uint64_t)x0t_##N * y3t_##N) ^ ((uint64_t)x1t_##N * y2t_##N) \
^ ((uint64_t)x2t_##N * y1t_##N) ^ ((uint64_t)x3t_##N * y0t_##N)) \
& 0x8888888888888888ULL); \
(rh) = (uint32_t)(zt_##N >> 32U); \
(rl) = (uint32_t)zt_##N;
@ -331,10 +340,14 @@ void AES::CTR::crypt(const void* const input, unsigned int len) noexcept
t1 = Te0[s1 >> 24U] ^ Te1_r((s2 >> 16U) & m8) ^ Te2_r((s3 >> 8U) & m8) ^ Te3_r(s0 & m8) ^ rk[53];
t2 = Te0[s2 >> 24U] ^ Te1_r((s3 >> 16U) & m8) ^ Te2_r((s0 >> 8U) & m8) ^ Te3_r(s1 & m8) ^ rk[54];
t3 = Te0[s3 >> 24U] ^ Te1_r((s0 >> 16U) & m8) ^ Te2_r((s1 >> 8U) & m8) ^ Te3_r(s2 & m8) ^ rk[55];
s0 = (Te2_r(t0 >> 24U) & m8_24) ^ (Te3_r((t1 >> 16U) & m8) & m8_16) ^ (Te0[(t2 >> 8U) & m8] & m8_8) ^ (Te1_r(t3 & m8) & m8) ^ rk[56];
s1 = (Te2_r(t1 >> 24U) & m8_24) ^ (Te3_r((t2 >> 16U) & m8) & m8_16) ^ (Te0[(t3 >> 8U) & m8] & m8_8) ^ (Te1_r(t0 & m8) & m8) ^ rk[57];
s2 = (Te2_r(t2 >> 24U) & m8_24) ^ (Te3_r((t3 >> 16U) & m8) & m8_16) ^ (Te0[(t0 >> 8U) & m8] & m8_8) ^ (Te1_r(t1 & m8) & m8) ^ rk[58];
s3 = (Te2_r(t3 >> 24U) & m8_24) ^ (Te3_r((t0 >> 16U) & m8) & m8_16) ^ (Te0[(t1 >> 8U) & m8] & m8_8) ^ (Te1_r(t2 & m8) & m8) ^ rk[59];
s0 = (Te2_r(t0 >> 24U) & m8_24) ^ (Te3_r((t1 >> 16U) & m8) & m8_16) ^ (Te0[(t2 >> 8U) & m8] & m8_8)
^ (Te1_r(t3 & m8) & m8) ^ rk[56];
s1 = (Te2_r(t1 >> 24U) & m8_24) ^ (Te3_r((t2 >> 16U) & m8) & m8_16) ^ (Te0[(t3 >> 8U) & m8] & m8_8)
^ (Te1_r(t0 & m8) & m8) ^ rk[57];
s2 = (Te2_r(t2 >> 24U) & m8_24) ^ (Te3_r((t3 >> 16U) & m8) & m8_16) ^ (Te0[(t0 >> 8U) & m8] & m8_8)
^ (Te1_r(t1 & m8) & m8) ^ rk[58];
s3 = (Te2_r(t3 >> 24U) & m8_24) ^ (Te3_r((t0 >> 16U) & m8) & m8_16) ^ (Te0[(t1 >> 8U) & m8] & m8_8)
^ (Te1_r(t2 & m8) & m8) ^ rk[59];
*reinterpret_cast<uint64_t *>(out) = in0 ^ Utils::hton(((uint64_t)s0 << 32U) | (uint64_t)s1);
*reinterpret_cast<uint64_t *>(out + 8) = in1 ^ Utils::hton(((uint64_t)s2 << 32U) | (uint64_t)s3);
@ -401,10 +414,14 @@ void AES::CTR::crypt(const void* const input, unsigned int len) noexcept
t1 = Te0[s1 >> 24U] ^ Te1_r((s2 >> 16U) & m8) ^ Te2_r((s3 >> 8U) & m8) ^ Te3_r(s0 & m8) ^ rk[53];
t2 = Te0[s2 >> 24U] ^ Te1_r((s3 >> 16U) & m8) ^ Te2_r((s0 >> 8U) & m8) ^ Te3_r(s1 & m8) ^ rk[54];
t3 = Te0[s3 >> 24U] ^ Te1_r((s0 >> 16U) & m8) ^ Te2_r((s1 >> 8U) & m8) ^ Te3_r(s2 & m8) ^ rk[55];
s0 = (Te2_r(t0 >> 24U) & m8_24) ^ (Te3_r((t1 >> 16U) & m8) & m8_16) ^ (Te0[(t2 >> 8U) & m8] & m8_8) ^ (Te1_r(t3 & m8) & m8) ^ rk[56];
s1 = (Te2_r(t1 >> 24U) & m8_24) ^ (Te3_r((t2 >> 16U) & m8) & m8_16) ^ (Te0[(t3 >> 8U) & m8] & m8_8) ^ (Te1_r(t0 & m8) & m8) ^ rk[57];
s2 = (Te2_r(t2 >> 24U) & m8_24) ^ (Te3_r((t3 >> 16U) & m8) & m8_16) ^ (Te0[(t0 >> 8U) & m8] & m8_8) ^ (Te1_r(t1 & m8) & m8) ^ rk[58];
s3 = (Te2_r(t3 >> 24U) & m8_24) ^ (Te3_r((t0 >> 16U) & m8) & m8_16) ^ (Te0[(t1 >> 8U) & m8] & m8_8) ^ (Te1_r(t2 & m8) & m8) ^ rk[59];
s0 = (Te2_r(t0 >> 24U) & m8_24) ^ (Te3_r((t1 >> 16U) & m8) & m8_16) ^ (Te0[(t2 >> 8U) & m8] & m8_8)
^ (Te1_r(t3 & m8) & m8) ^ rk[56];
s1 = (Te2_r(t1 >> 24U) & m8_24) ^ (Te3_r((t2 >> 16U) & m8) & m8_16) ^ (Te0[(t3 >> 8U) & m8] & m8_8)
^ (Te1_r(t0 & m8) & m8) ^ rk[57];
s2 = (Te2_r(t2 >> 24U) & m8_24) ^ (Te3_r((t3 >> 16U) & m8) & m8_16) ^ (Te0[(t0 >> 8U) & m8] & m8_8)
^ (Te1_r(t1 & m8) & m8) ^ rk[58];
s3 = (Te2_r(t3 >> 24U) & m8_24) ^ (Te3_r((t0 >> 16U) & m8) & m8_16) ^ (Te0[(t1 >> 8U) & m8] & m8_8)
^ (Te1_r(t2 & m8) & m8) ^ rk[59];
out[0] = in[0] ^ (uint8_t)(s0 >> 24U);
out[1] = in[1] ^ (uint8_t)(s0 >> 16U);
@ -451,63 +468,118 @@ void AES::CTR::finish() noexcept
// Software AES and AES key expansion ---------------------------------------------------------------------------------
const uint32_t AES::Te0[256] = { 0xc66363a5, 0xf87c7c84, 0xee777799, 0xf67b7b8d, 0xfff2f20d, 0xd66b6bbd, 0xde6f6fb1, 0x91c5c554, 0x60303050, 0x02010103, 0xce6767a9, 0x562b2b7d, 0xe7fefe19, 0xb5d7d762, 0x4dababe6, 0xec76769a,
0x8fcaca45, 0x1f82829d, 0x89c9c940, 0xfa7d7d87, 0xeffafa15, 0xb25959eb, 0x8e4747c9, 0xfbf0f00b, 0x41adadec, 0xb3d4d467, 0x5fa2a2fd, 0x45afafea, 0x239c9cbf, 0x53a4a4f7, 0xe4727296, 0x9bc0c05b,
0x75b7b7c2, 0xe1fdfd1c, 0x3d9393ae, 0x4c26266a, 0x6c36365a, 0x7e3f3f41, 0xf5f7f702, 0x83cccc4f, 0x6834345c, 0x51a5a5f4, 0xd1e5e534, 0xf9f1f108, 0xe2717193, 0xabd8d873, 0x62313153, 0x2a15153f,
0x0804040c, 0x95c7c752, 0x46232365, 0x9dc3c35e, 0x30181828, 0x379696a1, 0x0a05050f, 0x2f9a9ab5, 0x0e070709, 0x24121236, 0x1b80809b, 0xdfe2e23d, 0xcdebeb26, 0x4e272769, 0x7fb2b2cd, 0xea75759f,
0x1209091b, 0x1d83839e, 0x582c2c74, 0x341a1a2e, 0x361b1b2d, 0xdc6e6eb2, 0xb45a5aee, 0x5ba0a0fb, 0xa45252f6, 0x763b3b4d, 0xb7d6d661, 0x7db3b3ce, 0x5229297b, 0xdde3e33e, 0x5e2f2f71, 0x13848497,
0xa65353f5, 0xb9d1d168, 0x00000000, 0xc1eded2c, 0x40202060, 0xe3fcfc1f, 0x79b1b1c8, 0xb65b5bed, 0xd46a6abe, 0x8dcbcb46, 0x67bebed9, 0x7239394b, 0x944a4ade, 0x984c4cd4, 0xb05858e8, 0x85cfcf4a,
0xbbd0d06b, 0xc5efef2a, 0x4faaaae5, 0xedfbfb16, 0x864343c5, 0x9a4d4dd7, 0x66333355, 0x11858594, 0x8a4545cf, 0xe9f9f910, 0x04020206, 0xfe7f7f81, 0xa05050f0, 0x783c3c44, 0x259f9fba, 0x4ba8a8e3,
0xa25151f3, 0x5da3a3fe, 0x804040c0, 0x058f8f8a, 0x3f9292ad, 0x219d9dbc, 0x70383848, 0xf1f5f504, 0x63bcbcdf, 0x77b6b6c1, 0xafdada75, 0x42212163, 0x20101030, 0xe5ffff1a, 0xfdf3f30e, 0xbfd2d26d,
0x81cdcd4c, 0x180c0c14, 0x26131335, 0xc3ecec2f, 0xbe5f5fe1, 0x359797a2, 0x884444cc, 0x2e171739, 0x93c4c457, 0x55a7a7f2, 0xfc7e7e82, 0x7a3d3d47, 0xc86464ac, 0xba5d5de7, 0x3219192b, 0xe6737395,
0xc06060a0, 0x19818198, 0x9e4f4fd1, 0xa3dcdc7f, 0x44222266, 0x542a2a7e, 0x3b9090ab, 0x0b888883, 0x8c4646ca, 0xc7eeee29, 0x6bb8b8d3, 0x2814143c, 0xa7dede79, 0xbc5e5ee2, 0x160b0b1d, 0xaddbdb76,
0xdbe0e03b, 0x64323256, 0x743a3a4e, 0x140a0a1e, 0x924949db, 0x0c06060a, 0x4824246c, 0xb85c5ce4, 0x9fc2c25d, 0xbdd3d36e, 0x43acacef, 0xc46262a6, 0x399191a8, 0x319595a4, 0xd3e4e437, 0xf279798b,
0xd5e7e732, 0x8bc8c843, 0x6e373759, 0xda6d6db7, 0x018d8d8c, 0xb1d5d564, 0x9c4e4ed2, 0x49a9a9e0, 0xd86c6cb4, 0xac5656fa, 0xf3f4f407, 0xcfeaea25, 0xca6565af, 0xf47a7a8e, 0x47aeaee9, 0x10080818,
0x6fbabad5, 0xf0787888, 0x4a25256f, 0x5c2e2e72, 0x381c1c24, 0x57a6a6f1, 0x73b4b4c7, 0x97c6c651, 0xcbe8e823, 0xa1dddd7c, 0xe874749c, 0x3e1f1f21, 0x964b4bdd, 0x61bdbddc, 0x0d8b8b86, 0x0f8a8a85,
0xe0707090, 0x7c3e3e42, 0x71b5b5c4, 0xcc6666aa, 0x904848d8, 0x06030305, 0xf7f6f601, 0x1c0e0e12, 0xc26161a3, 0x6a35355f, 0xae5757f9, 0x69b9b9d0, 0x17868691, 0x99c1c158, 0x3a1d1d27, 0x279e9eb9,
0xd9e1e138, 0xebf8f813, 0x2b9898b3, 0x22111133, 0xd26969bb, 0xa9d9d970, 0x078e8e89, 0x339494a7, 0x2d9b9bb6, 0x3c1e1e22, 0x15878792, 0xc9e9e920, 0x87cece49, 0xaa5555ff, 0x50282878, 0xa5dfdf7a,
0x038c8c8f, 0x59a1a1f8, 0x09898980, 0x1a0d0d17, 0x65bfbfda, 0xd7e6e631, 0x844242c6, 0xd06868b8, 0x824141c3, 0x299999b0, 0x5a2d2d77, 0x1e0f0f11, 0x7bb0b0cb, 0xa85454fc, 0x6dbbbbd6, 0x2c16163a };
const uint32_t AES::Te4[256] = { 0x63636363, 0x7c7c7c7c, 0x77777777, 0x7b7b7b7b, 0xf2f2f2f2, 0x6b6b6b6b, 0x6f6f6f6f, 0xc5c5c5c5, 0x30303030, 0x01010101, 0x67676767, 0x2b2b2b2b, 0xfefefefe, 0xd7d7d7d7, 0xabababab, 0x76767676,
0xcacacaca, 0x82828282, 0xc9c9c9c9, 0x7d7d7d7d, 0xfafafafa, 0x59595959, 0x47474747, 0xf0f0f0f0, 0xadadadad, 0xd4d4d4d4, 0xa2a2a2a2, 0xafafafaf, 0x9c9c9c9c, 0xa4a4a4a4, 0x72727272, 0xc0c0c0c0,
0xb7b7b7b7, 0xfdfdfdfd, 0x93939393, 0x26262626, 0x36363636, 0x3f3f3f3f, 0xf7f7f7f7, 0xcccccccc, 0x34343434, 0xa5a5a5a5, 0xe5e5e5e5, 0xf1f1f1f1, 0x71717171, 0xd8d8d8d8, 0x31313131, 0x15151515,
0x04040404, 0xc7c7c7c7, 0x23232323, 0xc3c3c3c3, 0x18181818, 0x96969696, 0x05050505, 0x9a9a9a9a, 0x07070707, 0x12121212, 0x80808080, 0xe2e2e2e2, 0xebebebeb, 0x27272727, 0xb2b2b2b2, 0x75757575,
0x09090909, 0x83838383, 0x2c2c2c2c, 0x1a1a1a1a, 0x1b1b1b1b, 0x6e6e6e6e, 0x5a5a5a5a, 0xa0a0a0a0, 0x52525252, 0x3b3b3b3b, 0xd6d6d6d6, 0xb3b3b3b3, 0x29292929, 0xe3e3e3e3, 0x2f2f2f2f, 0x84848484,
0x53535353, 0xd1d1d1d1, 0x00000000, 0xedededed, 0x20202020, 0xfcfcfcfc, 0xb1b1b1b1, 0x5b5b5b5b, 0x6a6a6a6a, 0xcbcbcbcb, 0xbebebebe, 0x39393939, 0x4a4a4a4a, 0x4c4c4c4c, 0x58585858, 0xcfcfcfcf,
0xd0d0d0d0, 0xefefefef, 0xaaaaaaaa, 0xfbfbfbfb, 0x43434343, 0x4d4d4d4d, 0x33333333, 0x85858585, 0x45454545, 0xf9f9f9f9, 0x02020202, 0x7f7f7f7f, 0x50505050, 0x3c3c3c3c, 0x9f9f9f9f, 0xa8a8a8a8,
0x51515151, 0xa3a3a3a3, 0x40404040, 0x8f8f8f8f, 0x92929292, 0x9d9d9d9d, 0x38383838, 0xf5f5f5f5, 0xbcbcbcbc, 0xb6b6b6b6, 0xdadadada, 0x21212121, 0x10101010, 0xffffffff, 0xf3f3f3f3, 0xd2d2d2d2,
0xcdcdcdcd, 0x0c0c0c0c, 0x13131313, 0xecececec, 0x5f5f5f5f, 0x97979797, 0x44444444, 0x17171717, 0xc4c4c4c4, 0xa7a7a7a7, 0x7e7e7e7e, 0x3d3d3d3d, 0x64646464, 0x5d5d5d5d, 0x19191919, 0x73737373,
0x60606060, 0x81818181, 0x4f4f4f4f, 0xdcdcdcdc, 0x22222222, 0x2a2a2a2a, 0x90909090, 0x88888888, 0x46464646, 0xeeeeeeee, 0xb8b8b8b8, 0x14141414, 0xdededede, 0x5e5e5e5e, 0x0b0b0b0b, 0xdbdbdbdb,
0xe0e0e0e0, 0x32323232, 0x3a3a3a3a, 0x0a0a0a0a, 0x49494949, 0x06060606, 0x24242424, 0x5c5c5c5c, 0xc2c2c2c2, 0xd3d3d3d3, 0xacacacac, 0x62626262, 0x91919191, 0x95959595, 0xe4e4e4e4, 0x79797979,
0xe7e7e7e7, 0xc8c8c8c8, 0x37373737, 0x6d6d6d6d, 0x8d8d8d8d, 0xd5d5d5d5, 0x4e4e4e4e, 0xa9a9a9a9, 0x6c6c6c6c, 0x56565656, 0xf4f4f4f4, 0xeaeaeaea, 0x65656565, 0x7a7a7a7a, 0xaeaeaeae, 0x08080808,
0xbabababa, 0x78787878, 0x25252525, 0x2e2e2e2e, 0x1c1c1c1c, 0xa6a6a6a6, 0xb4b4b4b4, 0xc6c6c6c6, 0xe8e8e8e8, 0xdddddddd, 0x74747474, 0x1f1f1f1f, 0x4b4b4b4b, 0xbdbdbdbd, 0x8b8b8b8b, 0x8a8a8a8a,
0x70707070, 0x3e3e3e3e, 0xb5b5b5b5, 0x66666666, 0x48484848, 0x03030303, 0xf6f6f6f6, 0x0e0e0e0e, 0x61616161, 0x35353535, 0x57575757, 0xb9b9b9b9, 0x86868686, 0xc1c1c1c1, 0x1d1d1d1d, 0x9e9e9e9e,
0xe1e1e1e1, 0xf8f8f8f8, 0x98989898, 0x11111111, 0x69696969, 0xd9d9d9d9, 0x8e8e8e8e, 0x94949494, 0x9b9b9b9b, 0x1e1e1e1e, 0x87878787, 0xe9e9e9e9, 0xcececece, 0x55555555, 0x28282828, 0xdfdfdfdf,
0x8c8c8c8c, 0xa1a1a1a1, 0x89898989, 0x0d0d0d0d, 0xbfbfbfbf, 0xe6e6e6e6, 0x42424242, 0x68686868, 0x41414141, 0x99999999, 0x2d2d2d2d, 0x0f0f0f0f, 0xb0b0b0b0, 0x54545454, 0xbbbbbbbb, 0x16161616 };
const uint32_t AES::Td0[256] = { 0x51f4a750, 0x7e416553, 0x1a17a4c3, 0x3a275e96, 0x3bab6bcb, 0x1f9d45f1, 0xacfa58ab, 0x4be30393, 0x2030fa55, 0xad766df6, 0x88cc7691, 0xf5024c25, 0x4fe5d7fc, 0xc52acbd7, 0x26354480, 0xb562a38f,
0xdeb15a49, 0x25ba1b67, 0x45ea0e98, 0x5dfec0e1, 0xc32f7502, 0x814cf012, 0x8d4697a3, 0x6bd3f9c6, 0x038f5fe7, 0x15929c95, 0xbf6d7aeb, 0x955259da, 0xd4be832d, 0x587421d3, 0x49e06929, 0x8ec9c844,
0x75c2896a, 0xf48e7978, 0x99583e6b, 0x27b971dd, 0xbee14fb6, 0xf088ad17, 0xc920ac66, 0x7dce3ab4, 0x63df4a18, 0xe51a3182, 0x97513360, 0x62537f45, 0xb16477e0, 0xbb6bae84, 0xfe81a01c, 0xf9082b94,
0x70486858, 0x8f45fd19, 0x94de6c87, 0x527bf8b7, 0xab73d323, 0x724b02e2, 0xe31f8f57, 0x6655ab2a, 0xb2eb2807, 0x2fb5c203, 0x86c57b9a, 0xd33708a5, 0x302887f2, 0x23bfa5b2, 0x02036aba, 0xed16825c,
0x8acf1c2b, 0xa779b492, 0xf307f2f0, 0x4e69e2a1, 0x65daf4cd, 0x0605bed5, 0xd134621f, 0xc4a6fe8a, 0x342e539d, 0xa2f355a0, 0x058ae132, 0xa4f6eb75, 0x0b83ec39, 0x4060efaa, 0x5e719f06, 0xbd6e1051,
0x3e218af9, 0x96dd063d, 0xdd3e05ae, 0x4de6bd46, 0x91548db5, 0x71c45d05, 0x0406d46f, 0x605015ff, 0x1998fb24, 0xd6bde997, 0x894043cc, 0x67d99e77, 0xb0e842bd, 0x07898b88, 0xe7195b38, 0x79c8eedb,
0xa17c0a47, 0x7c420fe9, 0xf8841ec9, 0x00000000, 0x09808683, 0x322bed48, 0x1e1170ac, 0x6c5a724e, 0xfd0efffb, 0x0f853856, 0x3daed51e, 0x362d3927, 0x0a0fd964, 0x685ca621, 0x9b5b54d1, 0x24362e3a,
0x0c0a67b1, 0x9357e70f, 0xb4ee96d2, 0x1b9b919e, 0x80c0c54f, 0x61dc20a2, 0x5a774b69, 0x1c121a16, 0xe293ba0a, 0xc0a02ae5, 0x3c22e043, 0x121b171d, 0x0e090d0b, 0xf28bc7ad, 0x2db6a8b9, 0x141ea9c8,
0x57f11985, 0xaf75074c, 0xee99ddbb, 0xa37f60fd, 0xf701269f, 0x5c72f5bc, 0x44663bc5, 0x5bfb7e34, 0x8b432976, 0xcb23c6dc, 0xb6edfc68, 0xb8e4f163, 0xd731dcca, 0x42638510, 0x13972240, 0x84c61120,
0x854a247d, 0xd2bb3df8, 0xaef93211, 0xc729a16d, 0x1d9e2f4b, 0xdcb230f3, 0x0d8652ec, 0x77c1e3d0, 0x2bb3166c, 0xa970b999, 0x119448fa, 0x47e96422, 0xa8fc8cc4, 0xa0f03f1a, 0x567d2cd8, 0x223390ef,
0x87494ec7, 0xd938d1c1, 0x8ccaa2fe, 0x98d40b36, 0xa6f581cf, 0xa57ade28, 0xdab78e26, 0x3fadbfa4, 0x2c3a9de4, 0x5078920d, 0x6a5fcc9b, 0x547e4662, 0xf68d13c2, 0x90d8b8e8, 0x2e39f75e, 0x82c3aff5,
0x9f5d80be, 0x69d0937c, 0x6fd52da9, 0xcf2512b3, 0xc8ac993b, 0x10187da7, 0xe89c636e, 0xdb3bbb7b, 0xcd267809, 0x6e5918f4, 0xec9ab701, 0x834f9aa8, 0xe6956e65, 0xaaffe67e, 0x21bccf08, 0xef15e8e6,
0xbae79bd9, 0x4a6f36ce, 0xea9f09d4, 0x29b07cd6, 0x31a4b2af, 0x2a3f2331, 0xc6a59430, 0x35a266c0, 0x744ebc37, 0xfc82caa6, 0xe090d0b0, 0x33a7d815, 0xf104984a, 0x41ecdaf7, 0x7fcd500e, 0x1791f62f,
0x764dd68d, 0x43efb04d, 0xccaa4d54, 0xe49604df, 0x9ed1b5e3, 0x4c6a881b, 0xc12c1fb8, 0x4665517f, 0x9d5eea04, 0x018c355d, 0xfa877473, 0xfb0b412e, 0xb3671d5a, 0x92dbd252, 0xe9105633, 0x6dd64713,
0x9ad7618c, 0x37a10c7a, 0x59f8148e, 0xeb133c89, 0xcea927ee, 0xb761c935, 0xe11ce5ed, 0x7a47b13c, 0x9cd2df59, 0x55f2733f, 0x1814ce79, 0x73c737bf, 0x53f7cdea, 0x5ffdaa5b, 0xdf3d6f14, 0x7844db86,
0xcaaff381, 0xb968c43e, 0x3824342c, 0xc2a3405f, 0x161dc372, 0xbce2250c, 0x283c498b, 0xff0d9541, 0x39a80171, 0x080cb3de, 0xd8b4e49c, 0x6456c190, 0x7bcb8461, 0xd532b670, 0x486c5c74, 0xd0b85742 };
const uint8_t AES::Td4[256] = { 0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38, 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb, 0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87, 0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb,
0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d, 0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e, 0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2, 0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25,
0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16, 0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92, 0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda, 0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84,
0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a, 0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06, 0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02, 0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b,
0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea, 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73, 0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85, 0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e,
0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89, 0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b, 0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20, 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4,
0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31, 0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f, 0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d, 0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef,
0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0, 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61, 0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26, 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d };
const uint32_t AES::rcon[15] = { 0x01000000, 0x02000000, 0x04000000, 0x08000000, 0x10000000, 0x20000000, 0x40000000, 0x80000000, 0x1B000000, 0x36000000, 0x6c000000, 0xd8000000, 0xab000000, 0x4d000000, 0x9a000000 };
const uint32_t AES::Te0[256] = {
0xc66363a5, 0xf87c7c84, 0xee777799, 0xf67b7b8d, 0xfff2f20d, 0xd66b6bbd, 0xde6f6fb1, 0x91c5c554, 0x60303050,
0x02010103, 0xce6767a9, 0x562b2b7d, 0xe7fefe19, 0xb5d7d762, 0x4dababe6, 0xec76769a, 0x8fcaca45, 0x1f82829d,
0x89c9c940, 0xfa7d7d87, 0xeffafa15, 0xb25959eb, 0x8e4747c9, 0xfbf0f00b, 0x41adadec, 0xb3d4d467, 0x5fa2a2fd,
0x45afafea, 0x239c9cbf, 0x53a4a4f7, 0xe4727296, 0x9bc0c05b, 0x75b7b7c2, 0xe1fdfd1c, 0x3d9393ae, 0x4c26266a,
0x6c36365a, 0x7e3f3f41, 0xf5f7f702, 0x83cccc4f, 0x6834345c, 0x51a5a5f4, 0xd1e5e534, 0xf9f1f108, 0xe2717193,
0xabd8d873, 0x62313153, 0x2a15153f, 0x0804040c, 0x95c7c752, 0x46232365, 0x9dc3c35e, 0x30181828, 0x379696a1,
0x0a05050f, 0x2f9a9ab5, 0x0e070709, 0x24121236, 0x1b80809b, 0xdfe2e23d, 0xcdebeb26, 0x4e272769, 0x7fb2b2cd,
0xea75759f, 0x1209091b, 0x1d83839e, 0x582c2c74, 0x341a1a2e, 0x361b1b2d, 0xdc6e6eb2, 0xb45a5aee, 0x5ba0a0fb,
0xa45252f6, 0x763b3b4d, 0xb7d6d661, 0x7db3b3ce, 0x5229297b, 0xdde3e33e, 0x5e2f2f71, 0x13848497, 0xa65353f5,
0xb9d1d168, 0x00000000, 0xc1eded2c, 0x40202060, 0xe3fcfc1f, 0x79b1b1c8, 0xb65b5bed, 0xd46a6abe, 0x8dcbcb46,
0x67bebed9, 0x7239394b, 0x944a4ade, 0x984c4cd4, 0xb05858e8, 0x85cfcf4a, 0xbbd0d06b, 0xc5efef2a, 0x4faaaae5,
0xedfbfb16, 0x864343c5, 0x9a4d4dd7, 0x66333355, 0x11858594, 0x8a4545cf, 0xe9f9f910, 0x04020206, 0xfe7f7f81,
0xa05050f0, 0x783c3c44, 0x259f9fba, 0x4ba8a8e3, 0xa25151f3, 0x5da3a3fe, 0x804040c0, 0x058f8f8a, 0x3f9292ad,
0x219d9dbc, 0x70383848, 0xf1f5f504, 0x63bcbcdf, 0x77b6b6c1, 0xafdada75, 0x42212163, 0x20101030, 0xe5ffff1a,
0xfdf3f30e, 0xbfd2d26d, 0x81cdcd4c, 0x180c0c14, 0x26131335, 0xc3ecec2f, 0xbe5f5fe1, 0x359797a2, 0x884444cc,
0x2e171739, 0x93c4c457, 0x55a7a7f2, 0xfc7e7e82, 0x7a3d3d47, 0xc86464ac, 0xba5d5de7, 0x3219192b, 0xe6737395,
0xc06060a0, 0x19818198, 0x9e4f4fd1, 0xa3dcdc7f, 0x44222266, 0x542a2a7e, 0x3b9090ab, 0x0b888883, 0x8c4646ca,
0xc7eeee29, 0x6bb8b8d3, 0x2814143c, 0xa7dede79, 0xbc5e5ee2, 0x160b0b1d, 0xaddbdb76, 0xdbe0e03b, 0x64323256,
0x743a3a4e, 0x140a0a1e, 0x924949db, 0x0c06060a, 0x4824246c, 0xb85c5ce4, 0x9fc2c25d, 0xbdd3d36e, 0x43acacef,
0xc46262a6, 0x399191a8, 0x319595a4, 0xd3e4e437, 0xf279798b, 0xd5e7e732, 0x8bc8c843, 0x6e373759, 0xda6d6db7,
0x018d8d8c, 0xb1d5d564, 0x9c4e4ed2, 0x49a9a9e0, 0xd86c6cb4, 0xac5656fa, 0xf3f4f407, 0xcfeaea25, 0xca6565af,
0xf47a7a8e, 0x47aeaee9, 0x10080818, 0x6fbabad5, 0xf0787888, 0x4a25256f, 0x5c2e2e72, 0x381c1c24, 0x57a6a6f1,
0x73b4b4c7, 0x97c6c651, 0xcbe8e823, 0xa1dddd7c, 0xe874749c, 0x3e1f1f21, 0x964b4bdd, 0x61bdbddc, 0x0d8b8b86,
0x0f8a8a85, 0xe0707090, 0x7c3e3e42, 0x71b5b5c4, 0xcc6666aa, 0x904848d8, 0x06030305, 0xf7f6f601, 0x1c0e0e12,
0xc26161a3, 0x6a35355f, 0xae5757f9, 0x69b9b9d0, 0x17868691, 0x99c1c158, 0x3a1d1d27, 0x279e9eb9, 0xd9e1e138,
0xebf8f813, 0x2b9898b3, 0x22111133, 0xd26969bb, 0xa9d9d970, 0x078e8e89, 0x339494a7, 0x2d9b9bb6, 0x3c1e1e22,
0x15878792, 0xc9e9e920, 0x87cece49, 0xaa5555ff, 0x50282878, 0xa5dfdf7a, 0x038c8c8f, 0x59a1a1f8, 0x09898980,
0x1a0d0d17, 0x65bfbfda, 0xd7e6e631, 0x844242c6, 0xd06868b8, 0x824141c3, 0x299999b0, 0x5a2d2d77, 0x1e0f0f11,
0x7bb0b0cb, 0xa85454fc, 0x6dbbbbd6, 0x2c16163a
};
const uint32_t AES::Te4[256] = {
0x63636363, 0x7c7c7c7c, 0x77777777, 0x7b7b7b7b, 0xf2f2f2f2, 0x6b6b6b6b, 0x6f6f6f6f, 0xc5c5c5c5, 0x30303030,
0x01010101, 0x67676767, 0x2b2b2b2b, 0xfefefefe, 0xd7d7d7d7, 0xabababab, 0x76767676, 0xcacacaca, 0x82828282,
0xc9c9c9c9, 0x7d7d7d7d, 0xfafafafa, 0x59595959, 0x47474747, 0xf0f0f0f0, 0xadadadad, 0xd4d4d4d4, 0xa2a2a2a2,
0xafafafaf, 0x9c9c9c9c, 0xa4a4a4a4, 0x72727272, 0xc0c0c0c0, 0xb7b7b7b7, 0xfdfdfdfd, 0x93939393, 0x26262626,
0x36363636, 0x3f3f3f3f, 0xf7f7f7f7, 0xcccccccc, 0x34343434, 0xa5a5a5a5, 0xe5e5e5e5, 0xf1f1f1f1, 0x71717171,
0xd8d8d8d8, 0x31313131, 0x15151515, 0x04040404, 0xc7c7c7c7, 0x23232323, 0xc3c3c3c3, 0x18181818, 0x96969696,
0x05050505, 0x9a9a9a9a, 0x07070707, 0x12121212, 0x80808080, 0xe2e2e2e2, 0xebebebeb, 0x27272727, 0xb2b2b2b2,
0x75757575, 0x09090909, 0x83838383, 0x2c2c2c2c, 0x1a1a1a1a, 0x1b1b1b1b, 0x6e6e6e6e, 0x5a5a5a5a, 0xa0a0a0a0,
0x52525252, 0x3b3b3b3b, 0xd6d6d6d6, 0xb3b3b3b3, 0x29292929, 0xe3e3e3e3, 0x2f2f2f2f, 0x84848484, 0x53535353,
0xd1d1d1d1, 0x00000000, 0xedededed, 0x20202020, 0xfcfcfcfc, 0xb1b1b1b1, 0x5b5b5b5b, 0x6a6a6a6a, 0xcbcbcbcb,
0xbebebebe, 0x39393939, 0x4a4a4a4a, 0x4c4c4c4c, 0x58585858, 0xcfcfcfcf, 0xd0d0d0d0, 0xefefefef, 0xaaaaaaaa,
0xfbfbfbfb, 0x43434343, 0x4d4d4d4d, 0x33333333, 0x85858585, 0x45454545, 0xf9f9f9f9, 0x02020202, 0x7f7f7f7f,
0x50505050, 0x3c3c3c3c, 0x9f9f9f9f, 0xa8a8a8a8, 0x51515151, 0xa3a3a3a3, 0x40404040, 0x8f8f8f8f, 0x92929292,
0x9d9d9d9d, 0x38383838, 0xf5f5f5f5, 0xbcbcbcbc, 0xb6b6b6b6, 0xdadadada, 0x21212121, 0x10101010, 0xffffffff,
0xf3f3f3f3, 0xd2d2d2d2, 0xcdcdcdcd, 0x0c0c0c0c, 0x13131313, 0xecececec, 0x5f5f5f5f, 0x97979797, 0x44444444,
0x17171717, 0xc4c4c4c4, 0xa7a7a7a7, 0x7e7e7e7e, 0x3d3d3d3d, 0x64646464, 0x5d5d5d5d, 0x19191919, 0x73737373,
0x60606060, 0x81818181, 0x4f4f4f4f, 0xdcdcdcdc, 0x22222222, 0x2a2a2a2a, 0x90909090, 0x88888888, 0x46464646,
0xeeeeeeee, 0xb8b8b8b8, 0x14141414, 0xdededede, 0x5e5e5e5e, 0x0b0b0b0b, 0xdbdbdbdb, 0xe0e0e0e0, 0x32323232,
0x3a3a3a3a, 0x0a0a0a0a, 0x49494949, 0x06060606, 0x24242424, 0x5c5c5c5c, 0xc2c2c2c2, 0xd3d3d3d3, 0xacacacac,
0x62626262, 0x91919191, 0x95959595, 0xe4e4e4e4, 0x79797979, 0xe7e7e7e7, 0xc8c8c8c8, 0x37373737, 0x6d6d6d6d,
0x8d8d8d8d, 0xd5d5d5d5, 0x4e4e4e4e, 0xa9a9a9a9, 0x6c6c6c6c, 0x56565656, 0xf4f4f4f4, 0xeaeaeaea, 0x65656565,
0x7a7a7a7a, 0xaeaeaeae, 0x08080808, 0xbabababa, 0x78787878, 0x25252525, 0x2e2e2e2e, 0x1c1c1c1c, 0xa6a6a6a6,
0xb4b4b4b4, 0xc6c6c6c6, 0xe8e8e8e8, 0xdddddddd, 0x74747474, 0x1f1f1f1f, 0x4b4b4b4b, 0xbdbdbdbd, 0x8b8b8b8b,
0x8a8a8a8a, 0x70707070, 0x3e3e3e3e, 0xb5b5b5b5, 0x66666666, 0x48484848, 0x03030303, 0xf6f6f6f6, 0x0e0e0e0e,
0x61616161, 0x35353535, 0x57575757, 0xb9b9b9b9, 0x86868686, 0xc1c1c1c1, 0x1d1d1d1d, 0x9e9e9e9e, 0xe1e1e1e1,
0xf8f8f8f8, 0x98989898, 0x11111111, 0x69696969, 0xd9d9d9d9, 0x8e8e8e8e, 0x94949494, 0x9b9b9b9b, 0x1e1e1e1e,
0x87878787, 0xe9e9e9e9, 0xcececece, 0x55555555, 0x28282828, 0xdfdfdfdf, 0x8c8c8c8c, 0xa1a1a1a1, 0x89898989,
0x0d0d0d0d, 0xbfbfbfbf, 0xe6e6e6e6, 0x42424242, 0x68686868, 0x41414141, 0x99999999, 0x2d2d2d2d, 0x0f0f0f0f,
0xb0b0b0b0, 0x54545454, 0xbbbbbbbb, 0x16161616
};
const uint32_t AES::Td0[256] = {
0x51f4a750, 0x7e416553, 0x1a17a4c3, 0x3a275e96, 0x3bab6bcb, 0x1f9d45f1, 0xacfa58ab, 0x4be30393, 0x2030fa55,
0xad766df6, 0x88cc7691, 0xf5024c25, 0x4fe5d7fc, 0xc52acbd7, 0x26354480, 0xb562a38f, 0xdeb15a49, 0x25ba1b67,
0x45ea0e98, 0x5dfec0e1, 0xc32f7502, 0x814cf012, 0x8d4697a3, 0x6bd3f9c6, 0x038f5fe7, 0x15929c95, 0xbf6d7aeb,
0x955259da, 0xd4be832d, 0x587421d3, 0x49e06929, 0x8ec9c844, 0x75c2896a, 0xf48e7978, 0x99583e6b, 0x27b971dd,
0xbee14fb6, 0xf088ad17, 0xc920ac66, 0x7dce3ab4, 0x63df4a18, 0xe51a3182, 0x97513360, 0x62537f45, 0xb16477e0,
0xbb6bae84, 0xfe81a01c, 0xf9082b94, 0x70486858, 0x8f45fd19, 0x94de6c87, 0x527bf8b7, 0xab73d323, 0x724b02e2,
0xe31f8f57, 0x6655ab2a, 0xb2eb2807, 0x2fb5c203, 0x86c57b9a, 0xd33708a5, 0x302887f2, 0x23bfa5b2, 0x02036aba,
0xed16825c, 0x8acf1c2b, 0xa779b492, 0xf307f2f0, 0x4e69e2a1, 0x65daf4cd, 0x0605bed5, 0xd134621f, 0xc4a6fe8a,
0x342e539d, 0xa2f355a0, 0x058ae132, 0xa4f6eb75, 0x0b83ec39, 0x4060efaa, 0x5e719f06, 0xbd6e1051, 0x3e218af9,
0x96dd063d, 0xdd3e05ae, 0x4de6bd46, 0x91548db5, 0x71c45d05, 0x0406d46f, 0x605015ff, 0x1998fb24, 0xd6bde997,
0x894043cc, 0x67d99e77, 0xb0e842bd, 0x07898b88, 0xe7195b38, 0x79c8eedb, 0xa17c0a47, 0x7c420fe9, 0xf8841ec9,
0x00000000, 0x09808683, 0x322bed48, 0x1e1170ac, 0x6c5a724e, 0xfd0efffb, 0x0f853856, 0x3daed51e, 0x362d3927,
0x0a0fd964, 0x685ca621, 0x9b5b54d1, 0x24362e3a, 0x0c0a67b1, 0x9357e70f, 0xb4ee96d2, 0x1b9b919e, 0x80c0c54f,
0x61dc20a2, 0x5a774b69, 0x1c121a16, 0xe293ba0a, 0xc0a02ae5, 0x3c22e043, 0x121b171d, 0x0e090d0b, 0xf28bc7ad,
0x2db6a8b9, 0x141ea9c8, 0x57f11985, 0xaf75074c, 0xee99ddbb, 0xa37f60fd, 0xf701269f, 0x5c72f5bc, 0x44663bc5,
0x5bfb7e34, 0x8b432976, 0xcb23c6dc, 0xb6edfc68, 0xb8e4f163, 0xd731dcca, 0x42638510, 0x13972240, 0x84c61120,
0x854a247d, 0xd2bb3df8, 0xaef93211, 0xc729a16d, 0x1d9e2f4b, 0xdcb230f3, 0x0d8652ec, 0x77c1e3d0, 0x2bb3166c,
0xa970b999, 0x119448fa, 0x47e96422, 0xa8fc8cc4, 0xa0f03f1a, 0x567d2cd8, 0x223390ef, 0x87494ec7, 0xd938d1c1,
0x8ccaa2fe, 0x98d40b36, 0xa6f581cf, 0xa57ade28, 0xdab78e26, 0x3fadbfa4, 0x2c3a9de4, 0x5078920d, 0x6a5fcc9b,
0x547e4662, 0xf68d13c2, 0x90d8b8e8, 0x2e39f75e, 0x82c3aff5, 0x9f5d80be, 0x69d0937c, 0x6fd52da9, 0xcf2512b3,
0xc8ac993b, 0x10187da7, 0xe89c636e, 0xdb3bbb7b, 0xcd267809, 0x6e5918f4, 0xec9ab701, 0x834f9aa8, 0xe6956e65,
0xaaffe67e, 0x21bccf08, 0xef15e8e6, 0xbae79bd9, 0x4a6f36ce, 0xea9f09d4, 0x29b07cd6, 0x31a4b2af, 0x2a3f2331,
0xc6a59430, 0x35a266c0, 0x744ebc37, 0xfc82caa6, 0xe090d0b0, 0x33a7d815, 0xf104984a, 0x41ecdaf7, 0x7fcd500e,
0x1791f62f, 0x764dd68d, 0x43efb04d, 0xccaa4d54, 0xe49604df, 0x9ed1b5e3, 0x4c6a881b, 0xc12c1fb8, 0x4665517f,
0x9d5eea04, 0x018c355d, 0xfa877473, 0xfb0b412e, 0xb3671d5a, 0x92dbd252, 0xe9105633, 0x6dd64713, 0x9ad7618c,
0x37a10c7a, 0x59f8148e, 0xeb133c89, 0xcea927ee, 0xb761c935, 0xe11ce5ed, 0x7a47b13c, 0x9cd2df59, 0x55f2733f,
0x1814ce79, 0x73c737bf, 0x53f7cdea, 0x5ffdaa5b, 0xdf3d6f14, 0x7844db86, 0xcaaff381, 0xb968c43e, 0x3824342c,
0xc2a3405f, 0x161dc372, 0xbce2250c, 0x283c498b, 0xff0d9541, 0x39a80171, 0x080cb3de, 0xd8b4e49c, 0x6456c190,
0x7bcb8461, 0xd532b670, 0x486c5c74, 0xd0b85742
};
const uint8_t AES::Td4[256] = {
0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38, 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb, 0x7c, 0xe3, 0x39,
0x82, 0x9b, 0x2f, 0xff, 0x87, 0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb, 0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2,
0x23, 0x3d, 0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e, 0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2, 0x76,
0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25, 0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16, 0xd4, 0xa4, 0x5c, 0xcc,
0x5d, 0x65, 0xb6, 0x92, 0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda, 0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d,
0x84, 0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a, 0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06, 0xd0, 0x2c,
0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02, 0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b, 0x3a, 0x91, 0x11, 0x41, 0x4f,
0x67, 0xdc, 0xea, 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73, 0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85,
0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e, 0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89, 0x6f, 0xb7, 0x62,
0x0e, 0xaa, 0x18, 0xbe, 0x1b, 0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20, 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd,
0x5a, 0xf4, 0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31, 0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f, 0x60,
0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d, 0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef, 0xa0, 0xe0, 0x3b, 0x4d,
0xae, 0x2a, 0xf5, 0xb0, 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61, 0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6,
0x26, 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d
};
const uint32_t AES::rcon[15] = { 0x01000000, 0x02000000, 0x04000000, 0x08000000, 0x10000000,
0x20000000, 0x40000000, 0x80000000, 0x1B000000, 0x36000000,
0x6c000000, 0xd8000000, 0xab000000, 0x4d000000, 0x9a000000 };
void AES::p_initSW(const uint8_t *key) noexcept
{
@ -523,14 +595,16 @@ void AES::p_initSW(const uint8_t* key) noexcept
rk[7] = Utils::loadBigEndian<uint32_t>(key + 28);
for (int i = 0;;) {
uint32_t temp = rk[7];
rk[8] = rk[0] ^ (Te2_r((temp >> 16U) & 0xffU) & 0xff000000U) ^ (Te3_r((temp >> 8U) & 0xffU) & 0x00ff0000U) ^ (Te0[(temp)&0xffU] & 0x0000ff00U) ^ (Te1_r(temp >> 24U) & 0x000000ffU) ^ rcon[i];
rk[8] = rk[0] ^ (Te2_r((temp >> 16U) & 0xffU) & 0xff000000U) ^ (Te3_r((temp >> 8U) & 0xffU) & 0x00ff0000U)
^ (Te0[(temp)&0xffU] & 0x0000ff00U) ^ (Te1_r(temp >> 24U) & 0x000000ffU) ^ rcon[i];
rk[9] = rk[1] ^ rk[8];
rk[10] = rk[2] ^ rk[9];
rk[11] = rk[3] ^ rk[10];
if (++i == 7)
break;
temp = rk[11];
rk[12] = rk[4] ^ (Te2_r(temp >> 24U) & 0xff000000U) ^ (Te3_r((temp >> 16U) & 0xffU) & 0x00ff0000U) ^ (Te0[(temp >> 8U) & 0xffU] & 0x0000ff00U) ^ (Te1_r((temp)&0xffU) & 0x000000ffU);
rk[12] = rk[4] ^ (Te2_r(temp >> 24U) & 0xff000000U) ^ (Te3_r((temp >> 16U) & 0xffU) & 0x00ff0000U)
^ (Te0[(temp >> 8U) & 0xffU] & 0x0000ff00U) ^ (Te1_r((temp)&0xffU) & 0x000000ffU);
rk[13] = rk[5] ^ rk[12];
rk[14] = rk[6] ^ rk[13];
rk[15] = rk[7] ^ rk[14];
@ -561,10 +635,14 @@ void AES::p_initSW(const uint8_t* key) noexcept
}
for (int i = 1; i < 14; ++i) {
rk += 4;
rk[0] = Td0[Te4[(rk[0] >> 24U)] & 0xffU] ^ Td1_r(Te4[(rk[0] >> 16U) & 0xffU] & 0xffU) ^ Td2_r(Te4[(rk[0] >> 8U) & 0xffU] & 0xffU) ^ Td3_r(Te4[(rk[0]) & 0xffU] & 0xffU);
rk[1] = Td0[Te4[(rk[1] >> 24U)] & 0xffU] ^ Td1_r(Te4[(rk[1] >> 16U) & 0xffU] & 0xffU) ^ Td2_r(Te4[(rk[1] >> 8U) & 0xffU] & 0xffU) ^ Td3_r(Te4[(rk[1]) & 0xffU] & 0xffU);
rk[2] = Td0[Te4[(rk[2] >> 24U)] & 0xffU] ^ Td1_r(Te4[(rk[2] >> 16U) & 0xffU] & 0xffU) ^ Td2_r(Te4[(rk[2] >> 8U) & 0xffU] & 0xffU) ^ Td3_r(Te4[(rk[2]) & 0xffU] & 0xffU);
rk[3] = Td0[Te4[(rk[3] >> 24U)] & 0xffU] ^ Td1_r(Te4[(rk[3] >> 16U) & 0xffU] & 0xffU) ^ Td2_r(Te4[(rk[3] >> 8U) & 0xffU] & 0xffU) ^ Td3_r(Te4[(rk[3]) & 0xffU] & 0xffU);
rk[0] = Td0[Te4[(rk[0] >> 24U)] & 0xffU] ^ Td1_r(Te4[(rk[0] >> 16U) & 0xffU] & 0xffU)
^ Td2_r(Te4[(rk[0] >> 8U) & 0xffU] & 0xffU) ^ Td3_r(Te4[(rk[0]) & 0xffU] & 0xffU);
rk[1] = Td0[Te4[(rk[1] >> 24U)] & 0xffU] ^ Td1_r(Te4[(rk[1] >> 16U) & 0xffU] & 0xffU)
^ Td2_r(Te4[(rk[1] >> 8U) & 0xffU] & 0xffU) ^ Td3_r(Te4[(rk[1]) & 0xffU] & 0xffU);
rk[2] = Td0[Te4[(rk[2] >> 24U)] & 0xffU] ^ Td1_r(Te4[(rk[2] >> 16U) & 0xffU] & 0xffU)
^ Td2_r(Te4[(rk[2] >> 8U) & 0xffU] & 0xffU) ^ Td3_r(Te4[(rk[2]) & 0xffU] & 0xffU);
rk[3] = Td0[Te4[(rk[3] >> 24U)] & 0xffU] ^ Td1_r(Te4[(rk[3] >> 16U) & 0xffU] & 0xffU)
^ Td2_r(Te4[(rk[3] >> 8U) & 0xffU] & 0xffU) ^ Td3_r(Te4[(rk[3]) & 0xffU] & 0xffU);
}
}
@ -633,10 +711,14 @@ void AES::p_encryptSW(const uint8_t* in, uint8_t* out) const noexcept
t1 = Te0[s1 >> 24U] ^ Te1_r((s2 >> 16U) & m8) ^ Te2_r((s3 >> 8U) & m8) ^ Te3_r(s0 & m8) ^ rk[53];
t2 = Te0[s2 >> 24U] ^ Te1_r((s3 >> 16U) & m8) ^ Te2_r((s0 >> 8U) & m8) ^ Te3_r(s1 & m8) ^ rk[54];
t3 = Te0[s3 >> 24U] ^ Te1_r((s0 >> 16U) & m8) ^ Te2_r((s1 >> 8U) & m8) ^ Te3_r(s2 & m8) ^ rk[55];
s0 = (Te2_r(t0 >> 24U) & m8_24) ^ (Te3_r((t1 >> 16U) & m8) & m8_16) ^ (Te0[(t2 >> 8U) & m8] & m8_8) ^ (Te1_r(t3 & m8) & m8) ^ rk[56];
s1 = (Te2_r(t1 >> 24U) & m8_24) ^ (Te3_r((t2 >> 16U) & m8) & m8_16) ^ (Te0[(t3 >> 8U) & m8] & m8_8) ^ (Te1_r(t0 & m8) & m8) ^ rk[57];
s2 = (Te2_r(t2 >> 24U) & m8_24) ^ (Te3_r((t3 >> 16U) & m8) & m8_16) ^ (Te0[(t0 >> 8U) & m8] & m8_8) ^ (Te1_r(t1 & m8) & m8) ^ rk[58];
s3 = (Te2_r(t3 >> 24U) & m8_24) ^ (Te3_r((t0 >> 16U) & m8) & m8_16) ^ (Te0[(t1 >> 8U) & m8] & m8_8) ^ (Te1_r(t2 & m8) & m8) ^ rk[59];
s0 = (Te2_r(t0 >> 24U) & m8_24) ^ (Te3_r((t1 >> 16U) & m8) & m8_16) ^ (Te0[(t2 >> 8U) & m8] & m8_8)
^ (Te1_r(t3 & m8) & m8) ^ rk[56];
s1 = (Te2_r(t1 >> 24U) & m8_24) ^ (Te3_r((t2 >> 16U) & m8) & m8_16) ^ (Te0[(t3 >> 8U) & m8] & m8_8)
^ (Te1_r(t0 & m8) & m8) ^ rk[57];
s2 = (Te2_r(t2 >> 24U) & m8_24) ^ (Te3_r((t3 >> 16U) & m8) & m8_16) ^ (Te0[(t0 >> 8U) & m8] & m8_8)
^ (Te1_r(t1 & m8) & m8) ^ rk[58];
s3 = (Te2_r(t3 >> 24U) & m8_24) ^ (Te3_r((t0 >> 16U) & m8) & m8_16) ^ (Te0[(t1 >> 8U) & m8] & m8_8)
^ (Te1_r(t2 & m8) & m8) ^ rk[59];
Utils::storeBigEndian<uint32_t>(out, s0);
Utils::storeBigEndian<uint32_t>(out + 4, s1);
@ -706,10 +788,14 @@ void AES::p_decryptSW(const uint8_t* in, uint8_t* out) const noexcept
t1 = Td0[s1 >> 24U] ^ Td1_r((s0 >> 16U) & m8) ^ Td2_r((s3 >> 8U) & m8) ^ Td3_r(s2 & m8) ^ rk[53];
t2 = Td0[s2 >> 24U] ^ Td1_r((s1 >> 16U) & m8) ^ Td2_r((s0 >> 8U) & m8) ^ Td3_r(s3 & m8) ^ rk[54];
t3 = Td0[s3 >> 24U] ^ Td1_r((s2 >> 16U) & m8) ^ Td2_r((s1 >> 8U) & m8) ^ Td3_r(s0 & m8) ^ rk[55];
s0 = (Td4[t0 >> 24U] << 24U) ^ (Td4[(t3 >> 16U) & m8] << 16U) ^ (Td4[(t2 >> 8U) & m8] << 8U) ^ (Td4[(t1)&m8]) ^ rk[56];
s1 = (Td4[t1 >> 24U] << 24U) ^ (Td4[(t0 >> 16U) & m8] << 16U) ^ (Td4[(t3 >> 8U) & m8] << 8U) ^ (Td4[(t2)&m8]) ^ rk[57];
s2 = (Td4[t2 >> 24U] << 24U) ^ (Td4[(t1 >> 16U) & m8] << 16U) ^ (Td4[(t0 >> 8U) & m8] << 8U) ^ (Td4[(t3)&m8]) ^ rk[58];
s3 = (Td4[t3 >> 24U] << 24U) ^ (Td4[(t2 >> 16U) & m8] << 16U) ^ (Td4[(t1 >> 8U) & m8] << 8U) ^ (Td4[(t0)&m8]) ^ rk[59];
s0 = (Td4[t0 >> 24U] << 24U) ^ (Td4[(t3 >> 16U) & m8] << 16U) ^ (Td4[(t2 >> 8U) & m8] << 8U) ^ (Td4[(t1)&m8])
^ rk[56];
s1 = (Td4[t1 >> 24U] << 24U) ^ (Td4[(t0 >> 16U) & m8] << 16U) ^ (Td4[(t3 >> 8U) & m8] << 8U) ^ (Td4[(t2)&m8])
^ rk[57];
s2 = (Td4[t2 >> 24U] << 24U) ^ (Td4[(t1 >> 16U) & m8] << 16U) ^ (Td4[(t0 >> 8U) & m8] << 8U) ^ (Td4[(t3)&m8])
^ rk[58];
s3 = (Td4[t3 >> 24U] << 24U) ^ (Td4[(t2 >> 16U) & m8] << 16U) ^ (Td4[(t1 >> 8U) & m8] << 8U) ^ (Td4[(t0)&m8])
^ rk[59];
Utils::storeBigEndian<uint32_t>(out, s0);
Utils::storeBigEndian<uint32_t>(out + 4, s1);

44
core/AES.hpp
View file

@ -62,24 +62,16 @@ class AES {
/**
* Create an un-initialized AES instance (must call init() before use)
*/
ZT_INLINE AES() noexcept
{
}
ZT_INLINE AES() noexcept {}
/**
* Create an AES instance with the given key
*
* @param key 256-bit key
*/
explicit ZT_INLINE AES(const void* const key) noexcept
{
this->init(key);
}
explicit ZT_INLINE AES(const void *const key) noexcept { this->init(key); }
ZT_INLINE ~AES()
{
Utils::burn(&p_k, sizeof(p_k));
}
ZT_INLINE ~AES() { Utils::burn(&p_k, sizeof(p_k)); }
/**
* Set (or re-set) this AES256 cipher's key
@ -181,9 +173,7 @@ class AES {
*
* @param aes Keyed AES instance to use
*/
ZT_INLINE GMAC(const AES& aes) : _aes(aes)
{
}
ZT_INLINE GMAC(const AES &aes) : _aes(aes) {}
/**
* Reset and initialize for a new GMAC calculation
@ -260,9 +250,7 @@ class AES {
friend class GMACSIVDecryptor;
public:
ZT_INLINE CTR(const AES& aes) noexcept : _aes(aes)
{
}
ZT_INLINE CTR(const AES &aes) noexcept : _aes(aes) {}
/**
* Initialize this CTR instance to encrypt a new stream
@ -339,11 +327,7 @@ class AES {
* @param k0 First of two AES instances keyed with K0
* @param k1 Second of two AES instances keyed with K1
*/
ZT_INLINE GMACSIVEncryptor(const AES& k0, const AES& k1) noexcept
: _gmac(k0)
, _ctr(k1)
{
}
ZT_INLINE GMACSIVEncryptor(const AES &k0, const AES &k1) noexcept : _gmac(k0), _ctr(k1) {}
/**
* Initialize AES-GMAC-SIV
@ -389,10 +373,7 @@ class AES {
* @param input Plaintext chunk
* @param len Length of plaintext chunk
*/
ZT_INLINE void update1(const void* const input, const unsigned int len) noexcept
{
_gmac.update(input, len);
}
ZT_INLINE void update1(const void *const input, const unsigned int len) noexcept { _gmac.update(input, len); }
/**
* Finish first pass, compute CTR IV, initialize second pass.
@ -434,10 +415,7 @@ class AES {
* @param input Plaintext chunk
* @param len Length of plaintext chunk
*/
ZT_INLINE void update2(const void* const input, const unsigned int len) noexcept
{
_ctr.crypt(input, len);
}
ZT_INLINE void update2(const void *const input, const unsigned int len) noexcept { _ctr.crypt(input, len); }
/**
* Finish second pass and return a pointer to the opaque 128-bit IV+MAC block
@ -467,11 +445,7 @@ class AES {
*/
class GMACSIVDecryptor {
public:
ZT_INLINE GMACSIVDecryptor(const AES& k0, const AES& k1) noexcept
: _ctr(k1)
, _gmac(k0)
{
}
ZT_INLINE GMACSIVDecryptor(const AES &k0, const AES &k1) noexcept : _ctr(k1), _gmac(k0) {}
/**
* Initialize decryptor for a new message

60
core/AES_aesni.cpp
View file

@ -47,10 +47,15 @@ p_gmacPCLMUL128(const __m128i h, __m128i y) noexcept
t4 = _mm_xor_si128(t4, t2);
__m128i t5 = _mm_srli_epi32(t1, 31);
t1 = _mm_or_si128(_mm_slli_epi32(t1, 1), _mm_slli_si128(t5, 4));
t4 = _mm_or_si128(_mm_or_si128(_mm_slli_epi32(t4, 1), _mm_slli_si128(_mm_srli_epi32(t4, 31), 4)), _mm_srli_si128(t5, 12));
t4 = _mm_or_si128(
_mm_or_si128(_mm_slli_epi32(t4, 1), _mm_slli_si128(_mm_srli_epi32(t4, 31), 4)), _mm_srli_si128(t5, 12));
t5 = _mm_xor_si128(_mm_xor_si128(_mm_slli_epi32(t1, 31), _mm_slli_epi32(t1, 30)), _mm_slli_epi32(t1, 25));
t1 = _mm_xor_si128(t1, _mm_slli_si128(t5, 12));
t4 = _mm_xor_si128(_mm_xor_si128(_mm_xor_si128(_mm_xor_si128(_mm_xor_si128(t4, _mm_srli_si128(t5, 4)), t1), _mm_srli_epi32(t1, 2)), _mm_srli_epi32(t1, 7)), _mm_srli_epi32(t1, 1));
t4 = _mm_xor_si128(
_mm_xor_si128(
_mm_xor_si128(_mm_xor_si128(_mm_xor_si128(t4, _mm_srli_si128(t5, 4)), t1), _mm_srli_epi32(t1, 2)),
_mm_srli_epi32(t1, 7)),
_mm_srli_epi32(t1, 1));
return _mm_shuffle_epi8(t4, s_sseSwapBytes);
}
@ -85,7 +90,9 @@ void p_aesCtrInnerVAES512(unsigned int &len, const uint64_t c0, uint64_t &c1, co
const __m512i kk14 = _mm512_broadcast_i32x4(k[14]);
do {
__m512i p0 = _mm512_loadu_si512(reinterpret_cast<const __m512i *>(in));
__m512i d0 = _mm512_set_epi64((long long)Utils::hton(c1 + 3ULL), (long long)c0, (long long)Utils::hton(c1 + 2ULL), (long long)c0, (long long)Utils::hton(c1 + 1ULL), (long long)c0, (long long)Utils::hton(c1), (long long)c0);
__m512i d0 = _mm512_set_epi64(
(long long)Utils::hton(c1 + 3ULL), (long long)c0, (long long)Utils::hton(c1 + 2ULL), (long long)c0,
(long long)Utils::hton(c1 + 1ULL), (long long)c0, (long long)Utils::hton(c1), (long long)c0);
c1 += 4;
in += 64;
len -= 64;
@ -134,8 +141,10 @@ void p_aesCtrInnerVAES256(unsigned int &len, const uint64_t c0, uint64_t &c1, co
do {
__m256i p0 = _mm256_loadu_si256(reinterpret_cast<const __m256i *>(in));
__m256i p1 = _mm256_loadu_si256(reinterpret_cast<const __m256i *>(in + 32));
__m256i d0 = _mm256_set_epi64x((long long)Utils::hton(c1 + 1ULL), (long long)c0, (long long)Utils::hton(c1), (long long)c0);
__m256i d1 = _mm256_set_epi64x((long long)Utils::hton(c1 + 3ULL), (long long)c0, (long long)Utils::hton(c1 + 2ULL), (long long)c0);
__m256i d0 = _mm256_set_epi64x(
(long long)Utils::hton(c1 + 1ULL), (long long)c0, (long long)Utils::hton(c1), (long long)c0);
__m256i d1 = _mm256_set_epi64x(
(long long)Utils::hton(c1 + 3ULL), (long long)c0, (long long)Utils::hton(c1 + 2ULL), (long long)c0);
c1 += 4;
in += 64;
len -= 64;
@ -231,7 +240,8 @@ void AES::GMAC::p_aesNIUpdate(const uint8_t *in, unsigned int len) noexcept
--len;
_r[_rp++] = *(in++);
if (_rp == 16) {
y = p_gmacPCLMUL128(_aes.p_k.ni.h[0], _mm_xor_si128(y, _mm_loadu_si128(reinterpret_cast<__m128i*>(_r))));
y = p_gmacPCLMUL128(
_aes.p_k.ni.h[0], _mm_xor_si128(y, _mm_loadu_si128(reinterpret_cast<__m128i *>(_r))));
break;
}
}
@ -255,21 +265,34 @@ void AES::GMAC::p_aesNIUpdate(const uint8_t *in, unsigned int len) noexcept
__m128i d3 = _mm_shuffle_epi8(_mm_loadu_si128(reinterpret_cast<const __m128i *>(in + 32)), sb);
__m128i d4 = _mm_shuffle_epi8(_mm_loadu_si128(reinterpret_cast<const __m128i *>(in + 48)), sb);
in += 64;
__m128i a = _mm_xor_si128(_mm_xor_si128(_mm_clmulepi64_si128(hhhh, d1, 0x00), _mm_clmulepi64_si128(hhh, d2, 0x00)), _mm_xor_si128(_mm_clmulepi64_si128(hh, d3, 0x00), _mm_clmulepi64_si128(h, d4, 0x00)));
__m128i b = _mm_xor_si128(_mm_xor_si128(_mm_clmulepi64_si128(hhhh, d1, 0x11), _mm_clmulepi64_si128(hhh, d2, 0x11)), _mm_xor_si128(_mm_clmulepi64_si128(hh, d3, 0x11), _mm_clmulepi64_si128(h, d4, 0x11)));
__m128i a = _mm_xor_si128(
_mm_xor_si128(_mm_clmulepi64_si128(hhhh, d1, 0x00), _mm_clmulepi64_si128(hhh, d2, 0x00)),
_mm_xor_si128(_mm_clmulepi64_si128(hh, d3, 0x00), _mm_clmulepi64_si128(h, d4, 0x00)));
__m128i b = _mm_xor_si128(
_mm_xor_si128(_mm_clmulepi64_si128(hhhh, d1, 0x11), _mm_clmulepi64_si128(hhh, d2, 0x11)),
_mm_xor_si128(_mm_clmulepi64_si128(hh, d3, 0x11), _mm_clmulepi64_si128(h, d4, 0x11)));
__m128i c = _mm_xor_si128(
_mm_xor_si128(
_mm_xor_si128(_mm_clmulepi64_si128(hhhh2, _mm_xor_si128(_mm_shuffle_epi32(d1, 78), d1), 0x00), _mm_clmulepi64_si128(hhh2, _mm_xor_si128(_mm_shuffle_epi32(d2, 78), d2), 0x00)),
_mm_xor_si128(_mm_clmulepi64_si128(hh2, _mm_xor_si128(_mm_shuffle_epi32(d3, 78), d3), 0x00), _mm_clmulepi64_si128(h2, _mm_xor_si128(_mm_shuffle_epi32(d4, 78), d4), 0x00))),
_mm_xor_si128(
_mm_clmulepi64_si128(hhhh2, _mm_xor_si128(_mm_shuffle_epi32(d1, 78), d1), 0x00),
_mm_clmulepi64_si128(hhh2, _mm_xor_si128(_mm_shuffle_epi32(d2, 78), d2), 0x00)),
_mm_xor_si128(
_mm_clmulepi64_si128(hh2, _mm_xor_si128(_mm_shuffle_epi32(d3, 78), d3), 0x00),
_mm_clmulepi64_si128(h2, _mm_xor_si128(_mm_shuffle_epi32(d4, 78), d4), 0x00))),
_mm_xor_si128(a, b));
a = _mm_xor_si128(_mm_slli_si128(c, 8), a);
b = _mm_xor_si128(_mm_srli_si128(c, 8), b);
c = _mm_srli_epi32(a, 31);
a = _mm_or_si128(_mm_slli_epi32(a, 1), _mm_slli_si128(c, 4));
b = _mm_or_si128(_mm_or_si128(_mm_slli_epi32(b, 1), _mm_slli_si128(_mm_srli_epi32(b, 31), 4)), _mm_srli_si128(c, 12));
b = _mm_or_si128(
_mm_or_si128(_mm_slli_epi32(b, 1), _mm_slli_si128(_mm_srli_epi32(b, 31), 4)), _mm_srli_si128(c, 12));
c = _mm_xor_si128(_mm_slli_epi32(a, 31), _mm_xor_si128(_mm_slli_epi32(a, 30), _mm_slli_epi32(a, 25)));
a = _mm_xor_si128(a, _mm_slli_si128(c, 12));
b = _mm_xor_si128(b, _mm_xor_si128(a, _mm_xor_si128(_mm_xor_si128(_mm_srli_epi32(a, 1), _mm_srli_si128(c, 4)), _mm_xor_si128(_mm_srli_epi32(a, 2), _mm_srli_epi32(a, 7)))));
b = _mm_xor_si128(
b, _mm_xor_si128(
a, _mm_xor_si128(
_mm_xor_si128(_mm_srli_epi32(a, 1), _mm_srli_si128(c, 4)),
_mm_xor_si128(_mm_srli_epi32(a, 2), _mm_srli_epi32(a, 7)))));
y = _mm_shuffle_epi8(b, sb);
} while (likely(in != end64));
}
@ -515,9 +538,12 @@ void AES::CTR::p_aesNICrypt(const uint8_t *in, uint8_t *out, unsigned int len) n
d2 = _mm_aesenc_si128(d2, k13);
d3 = _mm_aesenc_si128(d3, k13);
d0 = _mm_xor_si128(_mm_aesenclast_si128(d0, k14), _mm_loadu_si128(reinterpret_cast<const __m128i *>(in)));
d1 = _mm_xor_si128(_mm_aesenclast_si128(d1, k14), _mm_loadu_si128(reinterpret_cast<const __m128i*>(in + 16)));
d2 = _mm_xor_si128(_mm_aesenclast_si128(d2, k14), _mm_loadu_si128(reinterpret_cast<const __m128i*>(in + 32)));
d3 = _mm_xor_si128(_mm_aesenclast_si128(d3, k14), _mm_loadu_si128(reinterpret_cast<const __m128i*>(in + 48)));
d1 = _mm_xor_si128(
_mm_aesenclast_si128(d1, k14), _mm_loadu_si128(reinterpret_cast<const __m128i *>(in + 16)));
d2 = _mm_xor_si128(
_mm_aesenclast_si128(d2, k14), _mm_loadu_si128(reinterpret_cast<const __m128i *>(in + 32)));
d3 = _mm_xor_si128(
_mm_aesenclast_si128(d3, k14), _mm_loadu_si128(reinterpret_cast<const __m128i *>(in + 48)));
in += 64;
_mm_storeu_si128(reinterpret_cast<__m128i *>(out), d0);
_mm_storeu_si128(reinterpret_cast<__m128i *>(out + 16), d1);
@ -544,7 +570,9 @@ skip_conventional_aesni_64:
d0 = _mm_aesenc_si128(d0, k11);
d0 = _mm_aesenc_si128(d0, k12);
d0 = _mm_aesenc_si128(d0, k13);
_mm_storeu_si128(reinterpret_cast<__m128i*>(out), _mm_xor_si128(_mm_aesenclast_si128(d0, k14), _mm_loadu_si128(reinterpret_cast<const __m128i*>(in))));
_mm_storeu_si128(
reinterpret_cast<__m128i *>(out),
_mm_xor_si128(_mm_aesenclast_si128(d0, k14), _mm_loadu_si128(reinterpret_cast<const __m128i *>(in))));
in += 16;
len -= 16;
out += 16;

38
core/AES_armcrypto.cpp
View file

@ -298,7 +298,9 @@ void AES::CTR::p_armCrypt(const uint8_t* in, uint8_t* out, unsigned int len) noe
vst1q_u8(reinterpret_cast<uint8_t *>(_ctr), vrev32q_u8(dd));
}
#define ZT_INIT_ARMNEON_CRYPTO_SUBWORD(w) ((uint32_t)s_sbox[w & 0xffU] + ((uint32_t)s_sbox[(w >> 8U) & 0xffU] << 8U) + ((uint32_t)s_sbox[(w >> 16U) & 0xffU] << 16U) + ((uint32_t)s_sbox[(w >> 24U) & 0xffU] << 24U))
#define ZT_INIT_ARMNEON_CRYPTO_SUBWORD(w) \
((uint32_t)s_sbox[w & 0xffU] + ((uint32_t)s_sbox[(w >> 8U) & 0xffU] << 8U) \
+ ((uint32_t)s_sbox[(w >> 16U) & 0xffU] << 16U) + ((uint32_t)s_sbox[(w >> 24U) & 0xffU] << 24U))
#define ZT_INIT_ARMNEON_CRYPTO_ROTWORD(w) (((w) << 8U) | ((w) >> 24U))
#define ZT_INIT_ARMNEON_CRYPTO_NK 8
#define ZT_INIT_ARMNEON_CRYPTO_NB 4
@ -306,28 +308,40 @@ void AES::CTR::p_armCrypt(const uint8_t* in, uint8_t* out, unsigned int len) noe
void AES::p_init_armneon_crypto(const uint8_t *key) noexcept
{
static const uint8_t s_sbox[256] = { 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5, 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76, 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0, 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0,
0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc, 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15, 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a, 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75,
0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0, 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84, 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b, 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf,
0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85, 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8, 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5, 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2,
0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17, 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73, 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88, 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb,
0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c, 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79, 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9, 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08,
0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6, 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a, 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e, 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e,
0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94, 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf, 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68, 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16 };
static const uint8_t s_sbox[256] = {
0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5, 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76, 0xca, 0x82,
0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0, 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0, 0xb7, 0xfd, 0x93, 0x26,
0x36, 0x3f, 0xf7, 0xcc, 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15, 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96,
0x05, 0x9a, 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75, 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0,
0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84, 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b, 0x6a, 0xcb,
0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf, 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85, 0x45, 0xf9, 0x02, 0x7f,
0x50, 0x3c, 0x9f, 0xa8, 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5, 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff,
0xf3, 0xd2, 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17, 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73,
0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88, 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb, 0xe0, 0x32,
0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c, 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79, 0xe7, 0xc8, 0x37, 0x6d,
0x8d, 0xd5, 0x4e, 0xa9, 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08, 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6,
0xb4, 0xc6, 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a, 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e,
0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e, 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94, 0x9b, 0x1e,
0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf, 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68, 0x41, 0x99, 0x2d, 0x0f,
0xb0, 0x54, 0xbb, 0x16
};
uint64_t h[2];
uint32_t *const w = reinterpret_cast<uint32_t *>(p_k.neon.ek);
for (unsigned int i = 0; i < ZT_INIT_ARMNEON_CRYPTO_NK; ++i) {
const unsigned int j = i * 4;
w[i] = ((uint32_t)key[j] << 24U) | ((uint32_t)key[j + 1] << 16U) | ((uint32_t)key[j + 2] << 8U) | (uint32_t)key[j + 3];
w[i] = ((uint32_t)key[j] << 24U) | ((uint32_t)key[j + 1] << 16U) | ((uint32_t)key[j + 2] << 8U)
| (uint32_t)key[j + 3];
}
for (unsigned int i = ZT_INIT_ARMNEON_CRYPTO_NK; i < (ZT_INIT_ARMNEON_CRYPTO_NB * (ZT_INIT_ARMNEON_CRYPTO_NR + 1)); ++i) {
for (unsigned int i = ZT_INIT_ARMNEON_CRYPTO_NK; i < (ZT_INIT_ARMNEON_CRYPTO_NB * (ZT_INIT_ARMNEON_CRYPTO_NR + 1));
++i) {
uint32_t t = w[i - 1];
const unsigned int imod = i & (ZT_INIT_ARMNEON_CRYPTO_NK - 1);
if (imod == 0) {
t = ZT_INIT_ARMNEON_CRYPTO_SUBWORD(ZT_INIT_ARMNEON_CRYPTO_ROTWORD(t)) ^ rcon[(i - 1) / ZT_INIT_ARMNEON_CRYPTO_NK];
t = ZT_INIT_ARMNEON_CRYPTO_SUBWORD(ZT_INIT_ARMNEON_CRYPTO_ROTWORD(t))
^ rcon[(i - 1) / ZT_INIT_ARMNEON_CRYPTO_NK];
}
else if (imod == 4) {
t = ZT_INIT_ARMNEON_CRYPTO_SUBWORD(t);

106
core/Address.hpp
View file

@ -30,15 +30,14 @@ namespace ZeroTier {
*/
class Address : public TriviallyCopyable {
public:
ZT_INLINE Address() noexcept : _a(0)
{
}
ZT_INLINE Address() noexcept : _a(0) {}
ZT_INLINE Address(const uint64_t a) noexcept : _a(a)
{
}
ZT_INLINE Address(const uint64_t a) noexcept : _a(a) {}
explicit ZT_INLINE Address(const uint8_t b[5]) noexcept : _a(((uint64_t)b[0] << 32U) | ((uint64_t)b[1] << 24U) | ((uint64_t)b[2] << 16U) | ((uint64_t)b[3] << 8U) | (uint64_t)b[4])
explicit ZT_INLINE Address(const uint8_t b[5]) noexcept
: _a(
((uint64_t)b[0] << 32U) | ((uint64_t)b[1] << 24U) | ((uint64_t)b[2] << 16U) | ((uint64_t)b[3] << 8U)
| (uint64_t)b[4])
{
}
@ -54,7 +53,8 @@ class Address : public TriviallyCopyable {
*/
ZT_INLINE void setTo(const uint8_t b[5]) noexcept
{
_a = ((uint64_t)b[0] << 32U) | ((uint64_t)b[1] << 24U) | ((uint64_t)b[2] << 16U) | ((uint64_t)b[3] << 8U) | (uint64_t)b[4];
_a = ((uint64_t)b[0] << 32U) | ((uint64_t)b[1] << 24U) | ((uint64_t)b[2] << 16U) | ((uint64_t)b[3] << 8U)
| (uint64_t)b[4];
}
/**
@ -74,18 +74,12 @@ class Address : public TriviallyCopyable {
/**
* @return Integer containing address (0 to 2^40)
*/
ZT_INLINE uint64_t toInt() const noexcept
{
return _a;
}
ZT_INLINE uint64_t toInt() const noexcept { return _a; }
/**
* Set address to zero/NIL
*/
ZT_INLINE void zero() noexcept
{
_a = 0;
}
ZT_INLINE void zero() noexcept { _a = 0; }
/**
* @param s String with at least 11 characters of space available (10 + terminating NULL)
@ -125,85 +119,37 @@ class Address : public TriviallyCopyable {
*
* @return True if address is reserved and may not be used
*/
ZT_INLINE bool isReserved() const noexcept
{
return ((! _a) || ((_a >> 32U) == ZT_ADDRESS_RESERVED_PREFIX));
}
ZT_INLINE bool isReserved() const noexcept { return ((!_a) || ((_a >> 32U) == ZT_ADDRESS_RESERVED_PREFIX)); }
ZT_INLINE unsigned long hashCode() const noexcept
{
return (unsigned long)_a;
}
ZT_INLINE unsigned long hashCode() const noexcept { return (unsigned long)_a; }
ZT_INLINE operator bool() const noexcept
{
return (_a != 0);
}
ZT_INLINE operator bool() const noexcept { return (_a != 0); }
ZT_INLINE operator uint64_t() const noexcept
{
return _a;
}
ZT_INLINE operator uint64_t() const noexcept { return _a; }
ZT_INLINE bool operator==(const Address& a) const noexcept
{
return _a == a._a;
}
ZT_INLINE bool operator==(const Address &a) const noexcept { return _a == a._a; }
ZT_INLINE bool operator!=(const Address& a) const noexcept
{
return _a != a._a;
}
ZT_INLINE bool operator!=(const Address &a) const noexcept { return _a != a._a; }
ZT_INLINE bool operator>(const Address& a) const noexcept
{
return _a > a._a;
}
ZT_INLINE bool operator>(const Address &a) const noexcept { return _a > a._a; }
ZT_INLINE bool operator<(const Address& a) const noexcept
{
return _a < a._a;
}
ZT_INLINE bool operator<(const Address &a) const noexcept { return _a < a._a; }
ZT_INLINE bool operator>=(const Address& a) const noexcept
{
return _a >= a._a;
}
ZT_INLINE bool operator>=(const Address &a) const noexcept { return _a >= a._a; }
ZT_INLINE bool operator<=(const Address& a) const noexcept
{
return _a <= a._a;
}
ZT_INLINE bool operator<=(const Address &a) const noexcept { return _a <= a._a; }
ZT_INLINE bool operator==(const uint64_t a) const noexcept
{
return _a == a;
}
ZT_INLINE bool operator==(const uint64_t a) const noexcept { return _a == a; }
ZT_INLINE bool operator!=(const uint64_t a) const noexcept
{
return _a != a;
}
ZT_INLINE bool operator!=(const uint64_t a) const noexcept { return _a != a; }
ZT_INLINE bool operator>(const uint64_t a) const noexcept
{
return _a > a;
}
ZT_INLINE bool operator>(const uint64_t a) const noexcept { return _a > a; }
ZT_INLINE bool operator<(const uint64_t a) const noexcept
{
return _a < a;
}
ZT_INLINE bool operator<(const uint64_t a) const noexcept { return _a < a; }
ZT_INLINE bool operator>=(const uint64_t a) const noexcept
{
return _a >= a;
}
ZT_INLINE bool operator>=(const uint64_t a) const noexcept { return _a >= a; }
ZT_INLINE bool operator<=(const uint64_t a) const noexcept
{
return _a <= a;
}
ZT_INLINE bool operator<=(const uint64_t a) const noexcept { return _a <= a; }
private:
uint64_t _a;

5
core/Buf.cpp
View file

@ -97,9 +97,6 @@ void Buf::freePool() noexcept
}
}
long Buf::poolAllocated() noexcept
{
return s_allocated.load(std::memory_order_relaxed);
}
long Buf::poolAllocated() noexcept { return s_allocated.load(std::memory_order_relaxed); }
} // namespace ZeroTier

83
core/Buf.hpp
View file

@ -120,22 +120,11 @@ class Buf {
{
}
ZT_INLINE Slice() noexcept
: b()
, s(0)
, e(0)
{
}
ZT_INLINE Slice() noexcept : b(), s(0), e(0) {}
ZT_INLINE operator bool() const noexcept
{
return (b);
}
ZT_INLINE operator bool() const noexcept { return (b); }
ZT_INLINE unsigned int size() const noexcept
{
return (e - s);
}
ZT_INLINE unsigned int size() const noexcept { return (e - s); }
ZT_INLINE void zero() noexcept
{
@ -165,9 +154,7 @@ class Buf {
*/
class PacketVector : public ZeroTier::FCV<Slice, ZT_MAX_PACKET_FRAGMENTS> {
public:
ZT_INLINE PacketVector() : ZeroTier::FCV<Slice, ZT_MAX_PACKET_FRAGMENTS>()
{
}
ZT_INLINE PacketVector() : ZeroTier::FCV<Slice, ZT_MAX_PACKET_FRAGMENTS>() {}
ZT_INLINE unsigned int totalSize() const noexcept
{
@ -211,7 +198,8 @@ class Buf {
* @tparam F Type of copyFunction (typically inferred)
* @return Size of data in destination or -1 on error
*/
template <typename F> ZT_INLINE int mergeMap(Buf& b, const unsigned int simpleCopyBefore, F copyFunction) const noexcept
template <typename F>
ZT_INLINE int mergeMap(Buf &b, const unsigned int simpleCopyBefore, F copyFunction) const noexcept
{
unsigned int size = 0;
for (PacketVector::const_iterator s(begin()); s != end(); ++s) {
@ -243,11 +231,7 @@ class Buf {
/**
* Create a new uninitialized buffer with undefined contents (use clear() to zero if needed)
*/
ZT_INLINE Buf() noexcept
: __nextInPool(0)
, __refCount(0)
{
}
ZT_INLINE Buf() noexcept : __nextInPool(0), __refCount(0) {}
/**
* Create a new buffer and copy data into it
@ -257,9 +241,7 @@ class Buf {
Utils::copy(unsafeData, data, len);
}
ZT_INLINE Buf(const Buf& b2) noexcept
: __nextInPool(0)
, __refCount(0)
ZT_INLINE Buf(const Buf &b2) noexcept : __nextInPool(0), __refCount(0)
{
Utils::copy<ZT_BUF_MEM_SIZE>(unsafeData, b2.unsafeData);
}
@ -280,10 +262,7 @@ class Buf {
* @param ii Iterator to check
* @return True if iterator has read past the size of the buffer
*/
static ZT_INLINE bool writeOverflow(const int& ii) noexcept
{
return ((ii - ZT_BUF_MEM_SIZE) > 0);
}
static ZT_INLINE bool writeOverflow(const int &ii) noexcept { return ((ii - ZT_BUF_MEM_SIZE) > 0); }
/**
* Check for overflow beyond the size of the data that should be in the buffer
@ -303,10 +282,7 @@ class Buf {
/**
* Set all memory to zero
*/
ZT_INLINE void clear() noexcept
{
Utils::zero<ZT_BUF_MEM_SIZE>(unsafeData);
}
ZT_INLINE void clear() noexcept { Utils::zero<ZT_BUF_MEM_SIZE>(unsafeData); }
/**
* Read a byte
@ -348,7 +324,9 @@ class Buf {
const unsigned int s = (unsigned int)ii & ZT_BUF_MEM_MASK;
ii += 4;
#ifdef ZT_NO_UNALIGNED_ACCESS
return (((uint32_t)unsafeData[s] << 24U) | ((uint32_t)unsafeData[s + 1] << 16U) | ((uint32_t)unsafeData[s + 2] << 8U) | (uint32_t)unsafeData[s + 3]);
return (
((uint32_t)unsafeData[s] << 24U) | ((uint32_t)unsafeData[s + 1] << 16U)
| ((uint32_t)unsafeData[s + 2] << 8U) | (uint32_t)unsafeData[s + 3]);
#else
return Utils::ntoh(*reinterpret_cast<const uint32_t *>(unsafeData + s));
#endif
@ -366,7 +344,9 @@ class Buf {
ii += 8;
#ifdef ZT_NO_UNALIGNED_ACCESS
return (
((uint64_t)unsafeData[s] << 56U) | ((uint64_t)unsafeData[s + 1] << 48U) | ((uint64_t)unsafeData[s + 2] << 40U) | ((uint64_t)unsafeData[s + 3] << 32U) | ((uint64_t)unsafeData[s + 4] << 24U) | ((uint64_t)unsafeData[s + 5] << 16U)
((uint64_t)unsafeData[s] << 56U) | ((uint64_t)unsafeData[s + 1] << 48U)
| ((uint64_t)unsafeData[s + 2] << 40U) | ((uint64_t)unsafeData[s + 3] << 32U)
| ((uint64_t)unsafeData[s + 4] << 24U) | ((uint64_t)unsafeData[s + 5] << 16U)
| ((uint64_t)unsafeData[s + 6] << 8U) | (uint64_t)unsafeData[s + 7]);
#else
return Utils::ntoh(*reinterpret_cast<const uint64_t *>(unsafeData + s));
@ -526,7 +506,9 @@ class Buf {
{
static_assert((I + 3) < ZT_BUF_MEM_SIZE, "overflow");
#ifdef ZT_NO_UNALIGNED_ACCESS
return (((uint32_t)unsafeData[I] << 24U) | ((uint32_t)unsafeData[I + 1] << 16U) | ((uint32_t)unsafeData[I + 2] << 8U) | (uint32_t)unsafeData[I + 3]);
return (
((uint32_t)unsafeData[I] << 24U) | ((uint32_t)unsafeData[I + 1] << 16U)
| ((uint32_t)unsafeData[I + 2] << 8U) | (uint32_t)unsafeData[I + 3]);
#else
return Utils::ntoh(*reinterpret_cast<const uint32_t *>(unsafeData + I));
#endif
@ -543,7 +525,9 @@ class Buf {
static_assert((I + 7) < ZT_BUF_MEM_SIZE, "overflow");
#ifdef ZT_NO_UNALIGNED_ACCESS
return (
((uint64_t)unsafeData[I] << 56U) | ((uint64_t)unsafeData[I + 1] << 48U) | ((uint64_t)unsafeData[I + 2] << 40U) | ((uint64_t)unsafeData[I + 3] << 32U) | ((uint64_t)unsafeData[I + 4] << 24U) | ((uint64_t)unsafeData[I + 5] << 16U)
((uint64_t)unsafeData[I] << 56U) | ((uint64_t)unsafeData[I + 1] << 48U)
| ((uint64_t)unsafeData[I + 2] << 40U) | ((uint64_t)unsafeData[I + 3] << 32U)
| ((uint64_t)unsafeData[I + 4] << 24U) | ((uint64_t)unsafeData[I + 5] << 16U)
| ((uint64_t)unsafeData[I + 6] << 8U) | (uint64_t)unsafeData[I + 7]);
#else
return Utils::ntoh(*reinterpret_cast<const uint64_t *>(unsafeData + I));
@ -557,10 +541,7 @@ class Buf {
* will not necessarily result in a 'true' return from readOverflow(). It does
* however subject 'ii' to soft bounds masking like the gI??() methods.
*/
ZT_INLINE uint8_t lI8(const int ii) const noexcept
{
return unsafeData[(unsigned int)ii & ZT_BUF_MEM_MASK];
}
ZT_INLINE uint8_t lI8(const int ii) const noexcept { return unsafeData[(unsigned int)ii & ZT_BUF_MEM_MASK]; }
/**
* Load a value at an index without advancing the index
@ -590,7 +571,9 @@ class Buf {
{
const unsigned int s = (unsigned int)ii & ZT_BUF_MEM_MASK;
#ifdef ZT_NO_UNALIGNED_ACCESS
return (((uint32_t)unsafeData[s] << 24U) | ((uint32_t)unsafeData[s + 1] << 16U) | ((uint32_t)unsafeData[s + 2] << 8U) | (uint32_t)unsafeData[s + 3]);
return (
((uint32_t)unsafeData[s] << 24U) | ((uint32_t)unsafeData[s + 1] << 16U)
| ((uint32_t)unsafeData[s + 2] << 8U) | (uint32_t)unsafeData[s + 3]);
#else
return Utils::ntoh(*reinterpret_cast<const uint32_t *>(unsafeData + s));
#endif
@ -608,7 +591,9 @@ class Buf {
const unsigned int s = (unsigned int)ii & ZT_BUF_MEM_MASK;
#ifdef ZT_NO_UNALIGNED_ACCESS
return (
((uint64_t)unsafeData[s] << 56U) | ((uint64_t)unsafeData[s + 1] << 48U) | ((uint64_t)unsafeData[s + 2] << 40U) | ((uint64_t)unsafeData[s + 3] << 32U) | ((uint64_t)unsafeData[s + 4] << 24U) | ((uint64_t)unsafeData[s + 5] << 16U)
((uint64_t)unsafeData[s] << 56U) | ((uint64_t)unsafeData[s + 1] << 48U)
| ((uint64_t)unsafeData[s + 2] << 40U) | ((uint64_t)unsafeData[s + 3] << 32U)
| ((uint64_t)unsafeData[s + 4] << 24U) | ((uint64_t)unsafeData[s + 5] << 16U)
| ((uint64_t)unsafeData[s + 6] << 8U) | (uint64_t)unsafeData[s + 7]);
#else
return Utils::ntoh(*reinterpret_cast<const uint64_t *>(unsafeData + s));
@ -772,10 +757,7 @@ class Buf {
/**
* Store a byte without advancing the index
*/
ZT_INLINE void sI8(const int ii, const uint8_t n) noexcept
{
unsafeData[(unsigned int)ii & ZT_BUF_MEM_MASK] = n;
}
ZT_INLINE void sI8(const int ii, const uint8_t n) noexcept { unsafeData[(unsigned int)ii & ZT_BUF_MEM_MASK] = n; }
/**
* Store an integer without advancing the index
@ -830,10 +812,7 @@ class Buf {
/**
* @return Capacity of this buffer (usable size of data.bytes)
*/
static constexpr unsigned int capacity() noexcept
{
return ZT_BUF_MEM_SIZE;
}
static constexpr unsigned int capacity() noexcept { return ZT_BUF_MEM_SIZE; }
private:
volatile uintptr_t __nextInPool;

73
core/C25519.cpp
View file

@ -27,7 +27,6 @@ namespace {
// --------------------------------------------------------------------------------------------------------------------
#define crypto_uint32 uint32_t
#define crypto_hash_sha512_BYTES 64
typedef uint8_t u8;
typedef int32_t s32;
@ -168,7 +167,7 @@ ZT_INLINE limb div_by_2_25(const limb v)
return (v + roundoff) >> 25;
}
void freduce_coefficients(limb *output)
ZT_INLINE void freduce_coefficients(limb *output)
{
output[10] = 0;
for (int i = 0; i < 10; i += 2) {
@ -183,12 +182,10 @@ void freduce_coefficients(limb *output)
output[0] += output[10] << 1;
output[0] += output[10];
output[10] = 0;
{
limb over = div_by_2_26(output[0]);
output[0] -= over << 26;
output[1] += over;
}
}
ZT_INLINE void fmul(limb *output, const limb *in, const limb *in2)
{
@ -591,11 +588,11 @@ ZT_INLINE void crypto_scalarmult_base(unsigned char *q, const unsigned char *n)
// Ed25519 ref from: http://bench.cr.yp.to/supercop.html
typedef struct {
crypto_uint32 v[32];
uint32_t v[32];
} fe25519;
typedef struct {
crypto_uint32 v[32];
uint32_t v[32];
} sc25519;
typedef struct {
@ -618,15 +615,15 @@ typedef struct {
void fe25519_sub(fe25519 *r, const fe25519 *x, const fe25519 *y);
ZT_INLINE crypto_uint32 equal(crypto_uint32 a, crypto_uint32 b)
ZT_INLINE uint32_t equal(uint32_t a, uint32_t b)
{
crypto_uint32 x = a ^ b;
uint32_t x = a ^ b;
x -= 1;
x >>= 31;
return x;
}
ZT_INLINE crypto_uint32 ge(crypto_uint32 a, crypto_uint32 b)
ZT_INLINE uint32_t ge(uint32_t a, uint32_t b)
{
unsigned int x = a;
x -= (unsigned int)b;
@ -635,13 +632,13 @@ ZT_INLINE crypto_uint32 ge(crypto_uint32 a, crypto_uint32 b)
return x;
}
ZT_INLINE crypto_uint32 times19(crypto_uint32 a) { return (a << 4) + (a << 1) + a; }
ZT_INLINE crypto_uint32 times38(crypto_uint32 a) { return (a << 5) + (a << 2) + (a << 1); }
ZT_INLINE uint32_t times19(uint32_t a) { return (a << 4) + (a << 1) + a; }
ZT_INLINE uint32_t times38(uint32_t a) { return (a << 5) + (a << 2) + (a << 1); }
void reduce_add_sub(fe25519 *r)
{
for (int rep = 0; rep < 4; rep++) {
crypto_uint32 t = r->v[31] >> 7;
uint32_t t = r->v[31] >> 7;
r->v[31] &= 127;
t = times19(t);
r->v[0] += t;
@ -656,7 +653,7 @@ void reduce_add_sub(fe25519 *r)
ZT_INLINE void reduce_mul(fe25519 *r)
{
for (int rep = 0; rep < 2; rep++) {
crypto_uint32 t = r->v[31] >> 7;
uint32_t t = r->v[31] >> 7;
r->v[31] &= 127;
t = times19(t);
r->v[0] += t;
@ -670,7 +667,7 @@ ZT_INLINE void reduce_mul(fe25519 *r)
void fe25519_freeze(fe25519 *r)
{
crypto_uint32 mm = equal(r->v[31], 127);
uint32_t mm = equal(r->v[31], 127);
for (int i = 30; i > 0; i--)
mm &= equal(r->v[i], 255);
mm &= ge(r->v[0], 237);
@ -711,7 +708,7 @@ ZT_INLINE int fe25519_iseq_vartime(const fe25519 *x, const fe25519 *y)
ZT_INLINE void fe25519_cmov(fe25519 *r, const fe25519 *x, unsigned char b)
{
crypto_uint32 mask = b;
uint32_t mask = b;
mask = -mask;
for (int i = 0; i < 32; i++)
r->v[i] ^= mask & (x->v[i] ^ r->v[i]);
@ -755,7 +752,7 @@ ZT_INLINE void fe25519_add(fe25519 *r, const fe25519 *x, const fe25519 *y)
void fe25519_sub(fe25519 *r, const fe25519 *x, const fe25519 *y)
{
crypto_uint32 t[32];
uint32_t t[32];
t[0] = x->v[0] + 0x1da;
t[31] = x->v[31] + 0xfe;
for (int i = 1; i < 31; i++)
@ -767,7 +764,7 @@ void fe25519_sub(fe25519 *r, const fe25519 *x, const fe25519 *y)
void fe25519_mul(fe25519 *r, const fe25519 *x, const fe25519 *y)
{
crypto_uint32 t[63];
uint32_t t[63];
for (int i = 0; i < 63; i++)
t[i] = 0;
for (int i = 0; i < 32; i++) {
@ -891,14 +888,15 @@ ZT_INLINE void fe25519_pow2523(fe25519 *r, const fe25519 *x)
fe25519_mul(r, &t, x);
}
const crypto_uint32 m[32] = { 0xED, 0xD3, 0xF5, 0x5C, 0x1A, 0x63, 0x12, 0x58, 0xD6, 0x9C, 0xF7,
0xA2, 0xDE, 0xF9, 0xDE, 0x14, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10 };
const crypto_uint32 mu[33] = { 0x1B, 0x13, 0x2C, 0x0A, 0xA3, 0xE5, 0x9C, 0xED, 0xA7, 0x29, 0x63,
const uint32_t m[32] = {
0xED, 0xD3, 0xF5, 0x5C, 0x1A, 0x63, 0x12, 0x58, 0xD6, 0x9C, 0xF7, 0xA2, 0xDE, 0xF9, 0xDE, 0x14,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10
};
const uint32_t mu[33] = { 0x1B, 0x13, 0x2C, 0x0A, 0xA3, 0xE5, 0x9C, 0xED, 0xA7, 0x29, 0x63,
0x08, 0x5D, 0x21, 0x06, 0x21, 0xEB, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x0F };
ZT_INLINE crypto_uint32 lt(crypto_uint32 a, crypto_uint32 b) /* 16-bit inputs */
ZT_INLINE uint32_t lt(uint32_t a, uint32_t b) /* 16-bit inputs */
{
unsigned int x = a;
x -= (unsigned int)b; /* 0..65535: no; 4294901761..4294967295: yes */
@ -908,9 +906,9 @@ ZT_INLINE crypto_uint32 lt(crypto_uint32 a, crypto_uint32 b) /* 16-bit inputs */
void reduce_add_sub(sc25519 *r)
{
crypto_uint32 pb = 0;
crypto_uint32 b;
crypto_uint32 mask;
uint32_t pb = 0;
uint32_t b;
uint32_t mask;
int i;
unsigned char t[32];
@ -925,15 +923,15 @@ void reduce_add_sub(sc25519 *r)
r->v[i] ^= mask & (r->v[i] ^ t[i]);
}
void barrett_reduce(sc25519 *r, const crypto_uint32 x[64])
void barrett_reduce(sc25519 *r, const uint32_t x[64])
{
/* See HAC, Alg. 14.42 */
int i, j;
crypto_uint32 q2[66];
crypto_uint32 *q3 = q2 + 33;
crypto_uint32 r1[33];
crypto_uint32 r2[33];
crypto_uint32 pb = 0;
uint32_t q2[66];
uint32_t *q3 = q2 + 33;
uint32_t r1[33];
uint32_t r2[33];
uint32_t pb = 0;
Utils::zero<sizeof(q2)>(q2);
// for (i = 0;i < 66;++i) q2[i] = 0;
@ -961,7 +959,7 @@ void barrett_reduce(sc25519 *r, const crypto_uint32 x[64])
for (i = 0; i < 32; i++) {
pb += r2[i];
crypto_uint32 b = lt(r1[i], pb);
uint32_t b = lt(r1[i], pb);
r->v[i] = r1[i] - pb + (b << 8);
pb = b;
}
@ -973,7 +971,7 @@ void barrett_reduce(sc25519 *r, const crypto_uint32 x[64])
ZT_INLINE void sc25519_from32bytes(sc25519 *r, const unsigned char x[32])
{
int i;
crypto_uint32 t[64];
uint32_t t[64];
for (i = 0; i < 32; i++)
t[i] = x[i];
for (i = 32; i < 64; ++i)
@ -984,7 +982,7 @@ ZT_INLINE void sc25519_from32bytes(sc25519 *r, const unsigned char x[32])
ZT_INLINE void sc25519_from64bytes(sc25519 *r, const unsigned char x[64])
{
int i;
crypto_uint32 t[64];
uint32_t t[64];
for (i = 0; i < 64; i++)
t[i] = x[i];
barrett_reduce(r, t);
@ -1012,7 +1010,7 @@ ZT_INLINE void sc25519_add(sc25519 *r, const sc25519 *x, const sc25519 *y)
ZT_INLINE void sc25519_mul(sc25519 *r, const sc25519 *x, const sc25519 *y)
{
int i, j;
crypto_uint32 t[64];
uint32_t t[64];
for (i = 0; i < 64; i++)
t[i] = 0;
@ -1094,7 +1092,8 @@ static const ge25519 ge25519_base = {
{ { 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } },
{ { 0xA3, 0xDD, 0xB7, 0xA5, 0xB3, 0x8A, 0xDE, 0x6D, 0xF5, 0x52, 0x51, 0x77, 0x80, 0x9F, 0xF0, 0x20,
0x7D, 0xE3, 0xAB, 0x64, 0x8E, 0x4E, 0xEA, 0x66, 0x65, 0x76, 0x8B, 0xD7, 0x0F, 0x5F, 0x87, 0x67 } } };
0x7D, 0xE3, 0xAB, 0x64, 0x8E, 0x4E, 0xEA, 0x66, 0x65, 0x76, 0x8B, 0xD7, 0x0F, 0x5F, 0x87, 0x67 } }
};
static const ge25519_aff ge25519_base_multiples_affine[425] = {
{ { { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } },
@ -2886,7 +2885,7 @@ ZT_INLINE void cmov_aff(ge25519_aff *r, const ge25519_aff *p, unsigned char b)
ZT_INLINE unsigned char equal(signed char b, signed char c)
{
unsigned char ub = b, uc = c, x = ub ^ uc;
crypto_uint32 y = x;
uint32_t y = x;
y -= 1;
y >>= 31;
return (unsigned char)y;

22
core/C25519.hpp
View file

@ -40,12 +40,14 @@ class C25519 {
/**
* Generate a set of two 25519 keys: a C25519 ECDH key pair and an Ed25519 EDDSA key pair.
*/
static void generateCombined(uint8_t pub[ZT_C25519_COMBINED_PUBLIC_KEY_SIZE], uint8_t priv[ZT_C25519_COMBINED_PRIVATE_KEY_SIZE]);
static void generateCombined(
uint8_t pub[ZT_C25519_COMBINED_PUBLIC_KEY_SIZE], uint8_t priv[ZT_C25519_COMBINED_PRIVATE_KEY_SIZE]);
/**
* Generate a C25519 ECDH key pair only.
*/
static void generateC25519(uint8_t pub[ZT_C25519_ECDH_PUBLIC_KEY_SIZE], uint8_t priv[ZT_C25519_ECDH_PRIVATE_KEY_SIZE]);
static void
generateC25519(uint8_t pub[ZT_C25519_ECDH_PUBLIC_KEY_SIZE], uint8_t priv[ZT_C25519_ECDH_PRIVATE_KEY_SIZE]);
/**
* Generate a key pair satisfying a condition
@ -60,7 +62,9 @@ class C25519 {
* @return Key pair where cond(kp) returns true
* @tparam F Type of 'cond'
*/
template <typename F> static ZT_INLINE void generateSatisfying(F cond, uint8_t pub[ZT_C25519_COMBINED_PUBLIC_KEY_SIZE], uint8_t priv[ZT_C25519_COMBINED_PRIVATE_KEY_SIZE])
template <typename F>
static ZT_INLINE void generateSatisfying(
F cond, uint8_t pub[ZT_C25519_COMBINED_PUBLIC_KEY_SIZE], uint8_t priv[ZT_C25519_COMBINED_PRIVATE_KEY_SIZE])
{
Utils::getSecureRandom(priv, ZT_C25519_COMBINED_PRIVATE_KEY_SIZE);
s_calcPubED(pub, priv); // do Ed25519 key -- bytes 32-63 of pub and priv
@ -81,7 +85,9 @@ class C25519 {
* @param their Their public key
* @param rawkey Buffer to receive raw (not hashed) agreed upon key
*/
static void agree(const uint8_t mine[ZT_C25519_ECDH_PRIVATE_KEY_SIZE], const uint8_t their[ZT_C25519_ECDH_PUBLIC_KEY_SIZE], uint8_t rawkey[ZT_C25519_ECDH_SHARED_SECRET_SIZE]);
static void agree(
const uint8_t mine[ZT_C25519_ECDH_PRIVATE_KEY_SIZE], const uint8_t their[ZT_C25519_ECDH_PUBLIC_KEY_SIZE],
uint8_t rawkey[ZT_C25519_ECDH_SHARED_SECRET_SIZE]);
/**
* Sign a message with a sender's key pair
@ -100,7 +106,9 @@ class C25519 {
* @param len Length of message in bytes
* @param signature Buffer to fill with signature -- MUST be 96 bytes in length
*/
static void sign(const uint8_t myPrivate[ZT_C25519_COMBINED_PRIVATE_KEY_SIZE], const uint8_t myPublic[ZT_C25519_COMBINED_PUBLIC_KEY_SIZE], const void* msg, unsigned int len, void* signature);
static void sign(
const uint8_t myPrivate[ZT_C25519_COMBINED_PRIVATE_KEY_SIZE],
const uint8_t myPublic[ZT_C25519_COMBINED_PUBLIC_KEY_SIZE], const void *msg, unsigned int len, void *signature);
/**
* Verify a message's signature
@ -112,7 +120,9 @@ class C25519 {
* @param siglen Length of signature in bytes
* @return True if signature is valid and the message is authentic and unmodified
*/
static bool verify(const uint8_t their[ZT_C25519_COMBINED_PUBLIC_KEY_SIZE], const void* msg, unsigned int len, const void* signature, unsigned int siglen);
static bool verify(
const uint8_t their[ZT_C25519_COMBINED_PUBLIC_KEY_SIZE], const void *msg, unsigned int len,
const void *signature, unsigned int siglen);
private:
// derive first 32 bytes of kp.pub from first 32 bytes of kp.priv

150
core/CAPI.cpp
View file

@ -77,7 +77,8 @@ ZT_MAYBE_UNUSED void ZT_version(int* major, int* minor, int* revision, int* buil
/********************************************************************************************************************/
ZT_MAYBE_UNUSED enum ZT_ResultCode ZT_Node_new(ZT_Node** node, int64_t clock, int64_t ticks, void* tptr, void* uptr, const struct ZT_Node_Callbacks* callbacks)
ZT_MAYBE_UNUSED enum ZT_ResultCode ZT_Node_new(
ZT_Node **node, int64_t clock, int64_t ticks, void *tptr, void *uptr, const struct ZT_Node_Callbacks *callbacks)
{
*node = nullptr;
try {
@ -107,13 +108,16 @@ ZT_MAYBE_UNUSED void ZT_Node_delete(ZT_Node* node, int64_t clock, int64_t ticks,
}
}
ZT_MAYBE_UNUSED enum ZT_ResultCode
ZT_Node_processWirePacket(ZT_Node* node, int64_t clock, int64_t ticks, void* tptr, int64_t localSocket, const ZT_InetAddress* remoteAddress, const void* packetData, unsigned int packetLength, int isZtBuffer, volatile int64_t*)
ZT_MAYBE_UNUSED enum ZT_ResultCode ZT_Node_processWirePacket(
ZT_Node *node, int64_t clock, int64_t ticks, void *tptr, int64_t localSocket, const ZT_InetAddress *remoteAddress,
const void *packetData, unsigned int packetLength, int isZtBuffer, volatile int64_t *)
{
try {
ZeroTier::CallContext cc(clock, ticks, tptr);
ZeroTier::SharedPtr<ZeroTier::Buf> buf((isZtBuffer) ? ZT_PTRTOBUF(packetData) : new ZeroTier::Buf(packetData, packetLength & ZT_BUF_MEM_MASK));
reinterpret_cast<ZeroTier::Node*>(node)->context().vl1->onRemotePacket(cc, localSocket, *ZeroTier::asInetAddress(remoteAddress), buf, packetLength);
ZeroTier::SharedPtr<ZeroTier::Buf> buf(
(isZtBuffer) ? ZT_PTRTOBUF(packetData) : new ZeroTier::Buf(packetData, packetLength & ZT_BUF_MEM_MASK));
reinterpret_cast<ZeroTier::Node *>(node)->context().vl1->onRemotePacket(
cc, localSocket, *ZeroTier::asInetAddress(remoteAddress), buf, packetLength);
}
catch (std::bad_alloc &exc) {
return ZT_RESULT_FATAL_ERROR_OUT_OF_MEMORY;
@ -126,18 +130,8 @@ ZT_Node_processWirePacket(ZT_Node* node, int64_t clock, int64_t ticks, void* tpt
}
ZT_MAYBE_UNUSED enum ZT_ResultCode ZT_Node_processVirtualNetworkFrame(
ZT_Node* node,
int64_t clock,
int64_t ticks,
void* tptr,
uint64_t nwid,
uint64_t sourceMac,
uint64_t destMac,
unsigned int etherType,
unsigned int vlanId,
const void* frameData,
unsigned int frameLength,
int isZtBuffer,
ZT_Node *node, int64_t clock, int64_t ticks, void *tptr, uint64_t nwid, uint64_t sourceMac, uint64_t destMac,
unsigned int etherType, unsigned int vlanId, const void *frameData, unsigned int frameLength, int isZtBuffer,
volatile int64_t *)
{
try {
@ -145,8 +139,10 @@ ZT_MAYBE_UNUSED enum ZT_ResultCode ZT_Node_processVirtualNetworkFrame(
const ZeroTier::Context &ctx = reinterpret_cast<ZeroTier::Node *>(node)->context();
ZeroTier::SharedPtr<ZeroTier::Network> network(ctx.networks->get(nwid));
if (likely(network)) {
ZeroTier::SharedPtr<ZeroTier::Buf> buf((isZtBuffer) ? ZT_PTRTOBUF(frameData) : new ZeroTier::Buf(frameData, frameLength & ZT_BUF_MEM_MASK));
ctx.vl2->onLocalEthernet(cc, network, ZeroTier::MAC(sourceMac), ZeroTier::MAC(destMac), etherType, vlanId, buf, frameLength);
ZeroTier::SharedPtr<ZeroTier::Buf> buf(
(isZtBuffer) ? ZT_PTRTOBUF(frameData) : new ZeroTier::Buf(frameData, frameLength & ZT_BUF_MEM_MASK));
ctx.vl2->onLocalEthernet(
cc, network, ZeroTier::MAC(sourceMac), ZeroTier::MAC(destMac), etherType, vlanId, buf, frameLength);
return ZT_RESULT_OK;
}
else {
@ -161,7 +157,8 @@ ZT_MAYBE_UNUSED enum ZT_ResultCode ZT_Node_processVirtualNetworkFrame(
}
}
ZT_MAYBE_UNUSED enum ZT_ResultCode ZT_Node_processBackgroundTasks(ZT_Node* node, int64_t clock, int64_t ticks, void* tptr, volatile int64_t* nextBackgroundTaskDeadline)
ZT_MAYBE_UNUSED enum ZT_ResultCode ZT_Node_processBackgroundTasks(
ZT_Node *node, int64_t clock, int64_t ticks, void *tptr, volatile int64_t *nextBackgroundTaskDeadline)
{
try {
ZeroTier::CallContext cc(clock, ticks, tptr);
@ -175,7 +172,9 @@ ZT_MAYBE_UNUSED enum ZT_ResultCode ZT_Node_processBackgroundTasks(ZT_Node* node,
}
}
ZT_MAYBE_UNUSED enum ZT_ResultCode ZT_Node_join(ZT_Node* node, int64_t clock, int64_t ticks, void* tptr, void* uptr, uint64_t nwid, const ZT_Fingerprint* controllerFingerprint)
ZT_MAYBE_UNUSED enum ZT_ResultCode ZT_Node_join(
ZT_Node *node, int64_t clock, int64_t ticks, void *tptr, void *uptr, uint64_t nwid,
const ZT_Fingerprint *controllerFingerprint)
{
try {
ZeroTier::CallContext cc(clock, ticks, tptr);
@ -189,7 +188,8 @@ ZT_MAYBE_UNUSED enum ZT_ResultCode ZT_Node_join(ZT_Node* node, int64_t clock, in
}
}
ZT_MAYBE_UNUSED enum ZT_ResultCode ZT_Node_leave(ZT_Node* node, int64_t clock, int64_t ticks, void* tptr, void** uptr, uint64_t nwid)
ZT_MAYBE_UNUSED enum ZT_ResultCode
ZT_Node_leave(ZT_Node *node, int64_t clock, int64_t ticks, void *tptr, void **uptr, uint64_t nwid)
{
try {
ZeroTier::CallContext cc(clock, ticks, tptr);
@ -203,7 +203,9 @@ ZT_MAYBE_UNUSED enum ZT_ResultCode ZT_Node_leave(ZT_Node* node, int64_t clock, i
}
}
ZT_MAYBE_UNUSED enum ZT_ResultCode ZT_Node_multicastSubscribe(ZT_Node* node, int64_t clock, int64_t ticks, void* tptr, uint64_t nwid, uint64_t multicastGroup, unsigned long multicastAdi)
ZT_MAYBE_UNUSED enum ZT_ResultCode ZT_Node_multicastSubscribe(
ZT_Node *node, int64_t clock, int64_t ticks, void *tptr, uint64_t nwid, uint64_t multicastGroup,
unsigned long multicastAdi)
{
try {
ZeroTier::CallContext cc(clock, ticks, tptr);
@ -217,7 +219,9 @@ ZT_MAYBE_UNUSED enum ZT_ResultCode ZT_Node_multicastSubscribe(ZT_Node* node, int
}
}
ZT_MAYBE_UNUSED enum ZT_ResultCode ZT_Node_multicastUnsubscribe(ZT_Node* node, int64_t clock, int64_t ticks, void* tptr, uint64_t nwid, uint64_t multicastGroup, unsigned long multicastAdi)
ZT_MAYBE_UNUSED enum ZT_ResultCode ZT_Node_multicastUnsubscribe(
ZT_Node *node, int64_t clock, int64_t ticks, void *tptr, uint64_t nwid, uint64_t multicastGroup,
unsigned long multicastAdi)
{
try {
ZeroTier::CallContext cc(clock, ticks, tptr);
@ -290,7 +294,8 @@ ZT_MAYBE_UNUSED void ZT_Node_setNetworkUserPtr(ZT_Node* node, uint64_t nwid, voi
}
}
ZT_MAYBE_UNUSED void ZT_Node_setInterfaceAddresses(ZT_Node* node, int64_t, int64_t, void*, const ZT_InterfaceAddress* addrs, unsigned int addrCount)
ZT_MAYBE_UNUSED void ZT_Node_setInterfaceAddresses(
ZT_Node *node, int64_t, int64_t, void *, const ZT_InterfaceAddress *addrs, unsigned int addrCount)
{
try {
reinterpret_cast<ZeroTier::Node *>(node)->setInterfaceAddresses(addrs, addrCount);
@ -299,7 +304,9 @@ ZT_MAYBE_UNUSED void ZT_Node_setInterfaceAddresses(ZT_Node* node, int64_t, int64
}
}
ZT_MAYBE_UNUSED enum ZT_CertificateError ZT_Node_addCertificate(ZT_Node* node, int64_t clock, int64_t ticks, void* tptr, unsigned int localTrust, const ZT_Certificate* cert, const void* certData, unsigned int certSize)
ZT_MAYBE_UNUSED enum ZT_CertificateError ZT_Node_addCertificate(
ZT_Node *node, int64_t clock, int64_t ticks, void *tptr, unsigned int localTrust, const ZT_Certificate *cert,
const void *certData, unsigned int certSize)
{
try {
ZeroTier::CallContext cc(clock, ticks, tptr);
@ -310,7 +317,8 @@ ZT_MAYBE_UNUSED enum ZT_CertificateError ZT_Node_addCertificate(ZT_Node* node, i
}
}
ZT_MAYBE_UNUSED enum ZT_ResultCode ZT_Node_deleteCertificate(ZT_Node* node, int64_t clock, int64_t ticks, void* tptr, const void* serialNo)
ZT_MAYBE_UNUSED enum ZT_ResultCode
ZT_Node_deleteCertificate(ZT_Node *node, int64_t clock, int64_t ticks, void *tptr, const void *serialNo)
{
try {
ZeroTier::CallContext cc(clock, ticks, tptr);
@ -331,7 +339,9 @@ ZT_MAYBE_UNUSED ZT_CertificateList* ZT_Node_listCertificates(ZT_Node* node, int6
}
}
ZT_MAYBE_UNUSED int ZT_Node_sendUserMessage(ZT_Node* node, int64_t clock, int64_t ticks, void* tptr, uint64_t dest, uint64_t typeId, const void* data, unsigned int len)
ZT_MAYBE_UNUSED int ZT_Node_sendUserMessage(
ZT_Node *node, int64_t clock, int64_t ticks, void *tptr, uint64_t dest, uint64_t typeId, const void *data,
unsigned int len)
{
try {
ZeroTier::CallContext cc(clock, ticks, tptr);
@ -353,14 +363,18 @@ ZT_MAYBE_UNUSED void ZT_Node_setController(ZT_Node* node, void* networkControlle
/********************************************************************************************************************/
ZT_MAYBE_UNUSED ZT_Locator* ZT_Locator_create(int64_t rev, const ZT_Endpoint* endpoints, const ZT_EndpointAttributes*, unsigned int endpointCount, const ZT_Identity* signer)
ZT_MAYBE_UNUSED ZT_Locator *ZT_Locator_create(
int64_t rev, const ZT_Endpoint *endpoints, const ZT_EndpointAttributes *, unsigned int endpointCount,
const ZT_Identity *signer)
{
try {
if ((!endpoints) || (endpointCount == 0) || (!signer))
return nullptr;
ZeroTier::Locator *loc = new ZeroTier::Locator();
for (unsigned int i = 0; i < endpointCount; ++i)
loc->add(reinterpret_cast<const ZeroTier::Endpoint*>(endpoints)[i], ZeroTier::Locator::EndpointAttributes::DEFAULT);
loc->add(
reinterpret_cast<const ZeroTier::Endpoint *>(endpoints)[i],
ZeroTier::Locator::EndpointAttributes::DEFAULT);
if (!loc->sign(rev, *reinterpret_cast<const ZeroTier::Identity *>(signer))) {
delete loc;
return nullptr;
@ -466,7 +480,10 @@ ZT_MAYBE_UNUSED int ZT_Locator_verify(const ZT_Locator* loc, const ZT_Identity*
{
if ((!loc) || (!signer))
return 0;
return reinterpret_cast<const ZeroTier::Locator*>(loc)->verify(*reinterpret_cast<const ZeroTier::Identity*>(signer)) ? 1 : 0;
return reinterpret_cast<const ZeroTier::Locator *>(loc)->verify(
*reinterpret_cast<const ZeroTier::Identity *>(signer))
? 1
: 0;
}
ZT_MAYBE_UNUSED void ZT_Locator_delete(const ZT_Locator *loc)
@ -495,7 +512,8 @@ ZT_MAYBE_UNUSED ZT_Identity* ZT_Identity_clone(const ZT_Identity* id)
{
if (id) {
try {
return reinterpret_cast<ZT_Identity*>(new ZeroTier::Identity(*reinterpret_cast<const ZeroTier::Identity*>(id)));
return reinterpret_cast<ZT_Identity *>(
new ZeroTier::Identity(*reinterpret_cast<const ZeroTier::Identity *>(id)));
}
catch (...) {
return nullptr;
@ -528,7 +546,8 @@ ZT_MAYBE_UNUSED int ZT_Identity_validate(const ZT_Identity* id)
return reinterpret_cast<const ZeroTier::Identity *>(id)->locallyValidate() ? 1 : 0;
}
ZT_MAYBE_UNUSED unsigned int ZT_Identity_sign(const ZT_Identity* id, const void* data, unsigned int len, void* signature, unsigned int signatureBufferLength)
ZT_MAYBE_UNUSED unsigned int ZT_Identity_sign(
const ZT_Identity *id, const void *data, unsigned int len, void *signature, unsigned int signatureBufferLength)
{
if (!id)
return 0;
@ -537,7 +556,8 @@ ZT_MAYBE_UNUSED unsigned int ZT_Identity_sign(const ZT_Identity* id, const void*
return reinterpret_cast<const ZeroTier::Identity *>(id)->sign(data, len, signature, signatureBufferLength);
}
ZT_MAYBE_UNUSED int ZT_Identity_verify(const ZT_Identity* id, const void* data, unsigned int len, const void* signature, unsigned int sigLen)
ZT_MAYBE_UNUSED int ZT_Identity_verify(
const ZT_Identity *id, const void *data, unsigned int len, const void *signature, unsigned int sigLen)
{
if ((!id) || (!signature) || (!sigLen))
return 0;
@ -587,7 +607,8 @@ ZT_MAYBE_UNUSED int ZT_Identity_compare(const ZT_Identity* a, const ZT_Identity*
if (*reinterpret_cast<const ZeroTier::Identity *>(a) < *reinterpret_cast<const ZeroTier::Identity *>(b)) {
return -1;
}
else if (*reinterpret_cast<const ZeroTier::Identity*>(b) < *reinterpret_cast<const ZeroTier::Identity*>(a)) {
else if (
*reinterpret_cast<const ZeroTier::Identity *>(b) < *reinterpret_cast<const ZeroTier::Identity *>(a)) {
return 1;
}
else {
@ -614,11 +635,14 @@ ZT_MAYBE_UNUSED void ZT_Identity_delete(const ZT_Identity* id)
/********************************************************************************************************************/
ZT_MAYBE_UNUSED int
ZT_Certificate_newKeyPair(const enum ZT_CertificatePublicKeyAlgorithm type, uint8_t publicKey[ZT_CERTIFICATE_MAX_PUBLIC_KEY_SIZE], int* const publicKeySize, uint8_t privateKey[ZT_CERTIFICATE_MAX_PRIVATE_KEY_SIZE], int* const privateKeySize)
ZT_MAYBE_UNUSED int ZT_Certificate_newKeyPair(
const enum ZT_CertificatePublicKeyAlgorithm type, uint8_t publicKey[ZT_CERTIFICATE_MAX_PUBLIC_KEY_SIZE],
int *const publicKeySize, uint8_t privateKey[ZT_CERTIFICATE_MAX_PRIVATE_KEY_SIZE], int *const privateKeySize)
{
try {
return ZeroTier::Certificate::newKeyPair(type, publicKey, publicKeySize, privateKey, privateKeySize) ? ZT_RESULT_OK : ZT_RESULT_ERROR_BAD_PARAMETER;
return ZeroTier::Certificate::newKeyPair(type, publicKey, publicKeySize, privateKey, privateKeySize)
? ZT_RESULT_OK
: ZT_RESULT_ERROR_BAD_PARAMETER;
}
catch (...) {
return ZT_RESULT_FATAL_ERROR_INTERNAL;
@ -626,18 +650,15 @@ ZT_Certificate_newKeyPair(const enum ZT_CertificatePublicKeyAlgorithm type, uint
}
ZT_MAYBE_UNUSED int ZT_Certificate_newCSR(
const ZT_Certificate_Subject* subject,
const void* const certificatePrivateKey,
const int certificatePrivateKeySize,
const void* const uniqueIdPrivateKey,
const int uniqueIdPrivateKeySize,
void* const csr,
int* const csrSize)
const ZT_Certificate_Subject *subject, const void *const certificatePrivateKey, const int certificatePrivateKeySize,
const void *const uniqueIdPrivateKey, const int uniqueIdPrivateKeySize, void *const csr, int *const csrSize)
{
try {
if ((!subject) || (!certificatePrivateKey) || (certificatePrivateKeySize <= 0))
return ZT_RESULT_ERROR_BAD_PARAMETER;
const ZeroTier::Vector<uint8_t> csrV(ZeroTier::Certificate::createCSR(*subject, certificatePrivateKey, (unsigned int)certificatePrivateKeySize, uniqueIdPrivateKey, (unsigned int)uniqueIdPrivateKeySize));
const ZeroTier::Vector<uint8_t> csrV(ZeroTier::Certificate::createCSR(
*subject, certificatePrivateKey, (unsigned int)certificatePrivateKeySize, uniqueIdPrivateKey,
(unsigned int)uniqueIdPrivateKeySize));
if (csrV.empty() || ((int)csrV.size() > *csrSize))
return ZT_RESULT_ERROR_BAD_PARAMETER;
ZeroTier::Utils::copy(csr, csrV.data(), (unsigned int)csrV.size());
@ -649,7 +670,9 @@ ZT_MAYBE_UNUSED int ZT_Certificate_newCSR(
}
}
ZT_MAYBE_UNUSED ZT_Certificate* ZT_Certificate_sign(const ZT_Certificate* cert, const uint8_t issuer[ZT_CERTIFICATE_HASH_SIZE], const void* issuerPrivateKey, int issuerPrivateKeySize)
ZT_MAYBE_UNUSED ZT_Certificate *ZT_Certificate_sign(
const ZT_Certificate *cert, const uint8_t issuer[ZT_CERTIFICATE_HASH_SIZE], const void *issuerPrivateKey,
int issuerPrivateKeySize)
{
try {
ZeroTier::Certificate *const c = new ZeroTier::Certificate(*cert);
@ -665,7 +688,8 @@ ZT_MAYBE_UNUSED ZT_Certificate* ZT_Certificate_sign(const ZT_Certificate* cert,
return nullptr;
}
ZT_MAYBE_UNUSED enum ZT_CertificateError ZT_Certificate_decode(const ZT_Certificate** decodedCert, const void* cert, int certSize, int verify)
ZT_MAYBE_UNUSED enum ZT_CertificateError
ZT_Certificate_decode(const ZT_Certificate **decodedCert, const void *cert, int certSize, int verify)
{
try {
if ((!decodedCert) || (!cert) || (certSize <= 0))
@ -763,7 +787,10 @@ ZT_MAYBE_UNUSED int ZT_Endpoint_fromBytes(ZT_Endpoint* ep, const void* bytes, un
{
if ((!ep) || (!bytes) || (!len))
return ZT_RESULT_ERROR_BAD_PARAMETER;
return (reinterpret_cast<ZeroTier::Endpoint*>(ep)->unmarshal(reinterpret_cast<const uint8_t*>(bytes), (int)len) > 0) ? 0 : ZT_RESULT_ERROR_BAD_PARAMETER;
return (reinterpret_cast<ZeroTier::Endpoint *>(ep)->unmarshal(reinterpret_cast<const uint8_t *>(bytes), (int)len)
> 0)
? 0
: ZT_RESULT_ERROR_BAD_PARAMETER;
}
/********************************************************************************************************************/
@ -822,7 +849,8 @@ ZT_MAYBE_UNUSED void ZT_InetAddress_set(ZT_InetAddress* ia, const void* saddr)
(*reinterpret_cast<ZeroTier::InetAddress *>(ia)) = reinterpret_cast<const struct sockaddr *>(saddr);
}
ZT_MAYBE_UNUSED void ZT_InetAddress_setIpBytes(ZT_InetAddress* ia, const void* ipBytes, unsigned int ipLen, unsigned int port)
ZT_MAYBE_UNUSED void
ZT_InetAddress_setIpBytes(ZT_InetAddress *ia, const void *ipBytes, unsigned int ipLen, unsigned int port)
{
if (likely(ia != nullptr))
reinterpret_cast<ZeroTier::InetAddress *>(ia)->set(ipBytes, ipLen, port);
@ -867,10 +895,12 @@ ZT_MAYBE_UNUSED unsigned int ZT_InetAddress_ipBytes(const ZT_InetAddress* ia, vo
if (ia) {
switch (reinterpret_cast<const ZeroTier::InetAddress *>(ia)->as.sa.sa_family) {
case AF_INET:
ZeroTier::Utils::copy<4>(buf, &(reinterpret_cast<const ZeroTier::InetAddress*>(ia)->as.sa_in.sin_addr.s_addr));
ZeroTier::Utils::copy<4>(
buf, &(reinterpret_cast<const ZeroTier::InetAddress *>(ia)->as.sa_in.sin_addr.s_addr));
return 4;
case AF_INET6:
ZeroTier::Utils::copy<16>(buf, reinterpret_cast<const ZeroTier::InetAddress*>(ia)->as.sa_in6.sin6_addr.s6_addr);
ZeroTier::Utils::copy<16>(
buf, reinterpret_cast<const ZeroTier::InetAddress *>(ia)->as.sa_in6.sin6_addr.s6_addr);
return 16;
}
}
@ -888,10 +918,13 @@ ZT_MAYBE_UNUSED int ZT_InetAddress_compare(const ZT_InetAddress* a, const ZT_Ine
{
if (a) {
if (b) {
if (*reinterpret_cast<const ZeroTier::InetAddress*>(a) < *reinterpret_cast<const ZeroTier::InetAddress*>(b)) {
if (*reinterpret_cast<const ZeroTier::InetAddress *>(a)
< *reinterpret_cast<const ZeroTier::InetAddress *>(b)) {
return -1;
}
else if (*reinterpret_cast<const ZeroTier::InetAddress*>(b) < *reinterpret_cast<const ZeroTier::InetAddress*>(a)) {
else if (
*reinterpret_cast<const ZeroTier::InetAddress *>(b)
< *reinterpret_cast<const ZeroTier::InetAddress *>(a)) {
return 1;
}
else {
@ -912,7 +945,9 @@ ZT_MAYBE_UNUSED int ZT_InetAddress_compare(const ZT_InetAddress* a, const ZT_Ine
/********************************************************************************************************************/
ZT_MAYBE_UNUSED int ZT_Dictionary_parse(const void* const dict, const unsigned int len, void* const arg, void (*f)(void*, const char*, unsigned int, const void*, unsigned int))
ZT_MAYBE_UNUSED int ZT_Dictionary_parse(
const void *const dict, const unsigned int len, void *const arg,
void (*f)(void *, const char *, unsigned int, const void *, unsigned int))
{
ZeroTier::Dictionary d;
if (d.decode(dict, len)) {
@ -926,9 +961,6 @@ ZT_MAYBE_UNUSED int ZT_Dictionary_parse(const void* const dict, const unsigned i
/********************************************************************************************************************/
ZT_MAYBE_UNUSED uint64_t ZT_random()
{
return ZeroTier::Utils::random();
}
ZT_MAYBE_UNUSED uint64_t ZT_random() { return ZeroTier::Utils::random(); }
} // extern "C"

4
core/CallContext.hpp
View file

@ -27,9 +27,7 @@ namespace ZeroTier {
*/
class CallContext {
public:
ZT_INLINE CallContext(const int64_t c, const int64_t t, void* const p) : clock(c), ticks(t), tPtr(p)
{
}
ZT_INLINE CallContext(const int64_t c, const int64_t t, void *const p) : clock(c), ticks(t), tPtr(p) {}
/**
* Real world time in milliseconds since Unix epoch or -1 if unknown.

24
core/CapabilityCredential.cpp
View file

@ -19,7 +19,9 @@
namespace ZeroTier {
CapabilityCredential::CapabilityCredential(const uint32_t id, const uint64_t nwid, const int64_t timestamp, const ZT_VirtualNetworkRule* const rules, const unsigned int ruleCount) noexcept
CapabilityCredential::CapabilityCredential(
const uint32_t id, const uint64_t nwid, const int64_t timestamp, const ZT_VirtualNetworkRule *const rules,
const unsigned int ruleCount) noexcept
: m_nwid(nwid)
, m_timestamp(timestamp)
, m_id(id)
@ -149,15 +151,14 @@ int CapabilityCredential::unmarshal(const uint8_t* data, int len) noexcept
return p;
}
int CapabilityCredential::marshalVirtualNetworkRules(uint8_t* data, const ZT_VirtualNetworkRule* const rules, const unsigned int ruleCount) noexcept
int CapabilityCredential::marshalVirtualNetworkRules(
uint8_t *data, const ZT_VirtualNetworkRule *const rules, const unsigned int ruleCount) noexcept
{
int p = 0;
for (unsigned int i = 0; i < ruleCount; ++i) {
data[p++] = rules[i].t;
switch ((ZT_VirtualNetworkRuleType)(rules[i].t & 0x3fU)) {
default:
data[p++] = 0;
break;
default: data[p++] = 0; break;
case ZT_NETWORK_RULE_ACTION_TEE:
case ZT_NETWORK_RULE_ACTION_WATCH:
case ZT_NETWORK_RULE_ACTION_REDIRECT:
@ -273,7 +274,8 @@ int CapabilityCredential::marshalVirtualNetworkRules(uint8_t* data, const ZT_Vir
data[p++] = 19;
Utils::storeBigEndian<uint64_t>(data + p, rules[i].v.intRange.start);
p += 8;
Utils::storeBigEndian<uint64_t>(data + p, rules[i].v.intRange.start + (uint64_t)rules[i].v.intRange.end);
Utils::storeBigEndian<uint64_t>(
data + p, rules[i].v.intRange.start + (uint64_t)rules[i].v.intRange.end);
p += 8;
Utils::storeBigEndian<uint16_t>(data + p, rules[i].v.intRange.idx);
p += 2;
@ -284,7 +286,9 @@ int CapabilityCredential::marshalVirtualNetworkRules(uint8_t* data, const ZT_Vir
return p;
}
int CapabilityCredential::unmarshalVirtualNetworkRules(const uint8_t* const data, const int len, ZT_VirtualNetworkRule* const rules, unsigned int& ruleCount, const unsigned int maxRuleCount) noexcept
int CapabilityCredential::unmarshalVirtualNetworkRules(
const uint8_t *const data, const int len, ZT_VirtualNetworkRule *const rules, unsigned int &ruleCount,
const unsigned int maxRuleCount) noexcept
{
int p = 0;
unsigned int rc = 0;
@ -296,8 +300,7 @@ int CapabilityCredential::unmarshalVirtualNetworkRules(const uint8_t* const data
if ((p + fieldLen) > len)
return -1;
switch ((ZT_VirtualNetworkRuleType)(rules[ruleCount].t & 0x3fU)) {
default:
break;
default: break;
case ZT_NETWORK_RULE_ACTION_TEE:
case ZT_NETWORK_RULE_ACTION_WATCH:
case ZT_NETWORK_RULE_ACTION_REDIRECT:
@ -429,7 +432,8 @@ int CapabilityCredential::unmarshalVirtualNetworkRules(const uint8_t* const data
return -1;
rules[ruleCount].v.intRange.start = Utils::loadBigEndian<uint64_t>(data + p);
p += 8;
rules[ruleCount].v.intRange.end = (uint32_t)(Utils::loadBigEndian<uint64_t>(data + p) - rules[ruleCount].v.intRange.start);
rules[ruleCount].v.intRange.end =
(uint32_t)(Utils::loadBigEndian<uint64_t>(data + p) - rules[ruleCount].v.intRange.start);
p += 8;
rules[ruleCount].v.intRange.idx = Utils::loadBigEndian<uint16_t>(data + p);
p += 2;

85
core/CapabilityCredential.hpp
View file

@ -22,7 +22,9 @@
#include "Utils.hpp"
#define ZT_VIRTUALNETWORKRULE_MARSHAL_SIZE_MAX 21
#define ZT_CAPABILITY_MARSHAL_SIZE_MAX (8 + 8 + 4 + 1 + 2 + (ZT_VIRTUALNETWORKRULE_MARSHAL_SIZE_MAX * ZT_MAX_CAPABILITY_RULES) + 2 + (5 + 5 + 1 + 2 + ZT_SIGNATURE_BUFFER_SIZE))
#define ZT_CAPABILITY_MARSHAL_SIZE_MAX \
(8 + 8 + 4 + 1 + 2 + (ZT_VIRTUALNETWORKRULE_MARSHAL_SIZE_MAX * ZT_MAX_CAPABILITY_RULES) + 2 \
+ (5 + 5 + 1 + 2 + ZT_SIGNATURE_BUFFER_SIZE))
namespace ZeroTier {
@ -50,15 +52,9 @@ class CapabilityCredential : public Credential {
friend class Credential;
public:
static constexpr ZT_CredentialType credentialType() noexcept
{
return ZT_CREDENTIAL_TYPE_CAPABILITY;
}
static constexpr ZT_CredentialType credentialType() noexcept { return ZT_CREDENTIAL_TYPE_CAPABILITY; }
ZT_INLINE CapabilityCredential() noexcept
{
memoryZero(this);
}
ZT_INLINE CapabilityCredential() noexcept { memoryZero(this); }
/**
* @param id Capability ID
@ -68,63 +64,35 @@ class CapabilityCredential : public Credential {
* @param rules Network flow rules for this capability
* @param ruleCount Number of flow rules
*/
CapabilityCredential(const uint32_t id, const uint64_t nwid, const int64_t timestamp, const ZT_VirtualNetworkRule* const rules, const unsigned int ruleCount) noexcept;
CapabilityCredential(
const uint32_t id, const uint64_t nwid, const int64_t timestamp, const ZT_VirtualNetworkRule *const rules,
const unsigned int ruleCount) noexcept;
/**
* @return Rules -- see ruleCount() for size of array
*/
ZT_INLINE const ZT_VirtualNetworkRule* rules() const noexcept
{
return m_rules;
}
ZT_INLINE const ZT_VirtualNetworkRule *rules() const noexcept { return m_rules; }
/**
* @return Number of rules in rules()
*/
ZT_INLINE unsigned int ruleCount() const noexcept
{
return m_ruleCount;
}
ZT_INLINE unsigned int ruleCount() const noexcept { return m_ruleCount; }
ZT_INLINE uint32_t id() const noexcept
{
return m_id;
}
ZT_INLINE uint32_t id() const noexcept { return m_id; }
ZT_INLINE uint64_t networkId() const noexcept
{
return m_nwid;
}
ZT_INLINE uint64_t networkId() const noexcept { return m_nwid; }
ZT_INLINE int64_t timestamp() const noexcept
{
return m_timestamp;
}
ZT_INLINE int64_t timestamp() const noexcept { return m_timestamp; }
ZT_INLINE int64_t revision() const noexcept
{
return m_timestamp;
}
ZT_INLINE int64_t revision() const noexcept { return m_timestamp; }
ZT_INLINE const Address& issuedTo() const noexcept
{
return m_issuedTo;
}
ZT_INLINE const Address &issuedTo() const noexcept { return m_issuedTo; }
ZT_INLINE const Address& signer() const noexcept
{
return m_signedBy;
}
ZT_INLINE const Address &signer() const noexcept { return m_signedBy; }
ZT_INLINE const uint8_t* signature() const noexcept
{
return m_signature;
}
ZT_INLINE const uint8_t *signature() const noexcept { return m_signature; }
ZT_INLINE unsigned int signatureLength() const noexcept
{
return m_signatureLength;
}
ZT_INLINE unsigned int signatureLength() const noexcept { return m_signatureLength; }
/**
* Sign this capability and add signature to its chain of custody
@ -151,10 +119,7 @@ class CapabilityCredential : public Credential {
return s_verify(ctx, cc, *this);
}
static constexpr int marshalSizeMax() noexcept
{
return ZT_CAPABILITY_MARSHAL_SIZE_MAX;
}
static constexpr int marshalSizeMax() noexcept { return ZT_CAPABILITY_MARSHAL_SIZE_MAX; }
int marshal(uint8_t data[ZT_CAPABILITY_MARSHAL_SIZE_MAX], bool forSign = false) const noexcept;
int unmarshal(const uint8_t *data, int len) noexcept;
@ -167,7 +132,8 @@ class CapabilityCredential : public Credential {
* @param ruleCount Number of rules
* @return Number of bytes written or -1 on error
*/
static int marshalVirtualNetworkRules(uint8_t* data, const ZT_VirtualNetworkRule* rules, unsigned int ruleCount) noexcept;
static int
marshalVirtualNetworkRules(uint8_t *data, const ZT_VirtualNetworkRule *rules, unsigned int ruleCount) noexcept;
/**
* Unmarshal a set of virtual network rules
@ -179,13 +145,12 @@ class CapabilityCredential : public Credential {
* @param maxRuleCount Capacity of rules buffer
* @return Number of bytes unmarshaled or -1 on error
*/
static int unmarshalVirtualNetworkRules(const uint8_t* data, int len, ZT_VirtualNetworkRule* rules, unsigned int& ruleCount, unsigned int maxRuleCount) noexcept;
static int unmarshalVirtualNetworkRules(
const uint8_t *data, int len, ZT_VirtualNetworkRule *rules, unsigned int &ruleCount,
unsigned int maxRuleCount) noexcept;
// Provides natural sort order by ID
ZT_INLINE bool operator<(const CapabilityCredential& c) const noexcept
{
return (m_id < c.m_id);
}
ZT_INLINE bool operator<(const CapabilityCredential &c) const noexcept { return (m_id < c.m_id); }
ZT_INLINE bool operator==(const CapabilityCredential &c) const noexcept
{

7
core/Certificate.cpp
View file

@ -345,12 +345,15 @@ bool Certificate::sign(
default: return false;
case ZT_CERTIFICATE_PUBLIC_KEY_ALGORITHM_ECDSA_NIST_P_384:
if (issuerPrivateKeySize == (1 + ZT_ECC384_PUBLIC_KEY_SIZE + ZT_ECC384_PRIVATE_KEY_SIZE)) {
if ((!issuer)||((this->publicKeySize == (ZT_ECC384_PUBLIC_KEY_SIZE + 1))&&(memcmp(issuerPrivateKey, this->publicKey, ZT_ECC384_PUBLIC_KEY_SIZE + 1) == 0))) {
if ((!issuer)
|| ((this->publicKeySize == (ZT_ECC384_PUBLIC_KEY_SIZE + 1))
&& (memcmp(issuerPrivateKey, this->publicKey, ZT_ECC384_PUBLIC_KEY_SIZE + 1) == 0))) {
// If public key and issuer public key match, this is a self-signed certificate.
// This can also be specified by signing with issuer set to NULL.
Utils::fill<sizeof(this->issuer), 0xff>(this->issuer);
this->issuerPublicKeySize = 0;
} else {
}
else {
// Otherwise set the issuer and issuer public key.
Utils::copy<sizeof(this->issuer)>(this->issuer, issuer);
Utils::copy<1 + ZT_ECC384_PUBLIC_KEY_SIZE>(

23
core/Certificate.hpp
View file

@ -64,10 +64,7 @@ class Certificate : public ZT_Certificate {
/**
* @return Serial number in a H384 object
*/
ZT_INLINE H384 getSerialNo() const noexcept
{
return H384(this->serialNo);
}
ZT_INLINE H384 getSerialNo() const noexcept { return H384(this->serialNo); }
/**
* @return True if this is a self-signed certificate
@ -156,7 +153,9 @@ class Certificate : public ZT_Certificate {
*
* @return True on success
*/
bool sign(const uint8_t issuer[ZT_CERTIFICATE_HASH_SIZE], const void* issuerPrivateKey, unsigned int issuerPrivateKeySize);
bool sign(
const uint8_t issuer[ZT_CERTIFICATE_HASH_SIZE], const void *issuerPrivateKey,
unsigned int issuerPrivateKeySize);
/**
* Verify self-contained signatures and validity of certificate structure
@ -178,7 +177,8 @@ class Certificate : public ZT_Certificate {
*/
ZT_INLINE bool verifyTimeWindow(int64_t clock) const noexcept
{
return ((clock >= this->validity[0]) && (clock <= this->validity[1]) && (this->validity[0] <= this->validity[1]));
return (
(clock >= this->validity[0]) && (clock <= this->validity[1]) && (this->validity[0] <= this->validity[1]));
}
/**
@ -191,7 +191,9 @@ class Certificate : public ZT_Certificate {
* @param privateKeySize Result parameter: set to size of private key
* @return True on success
*/
static bool newKeyPair(const ZT_CertificatePublicKeyAlgorithm type, uint8_t publicKey[ZT_CERTIFICATE_MAX_PUBLIC_KEY_SIZE], int* const publicKeySize, uint8_t privateKey[ZT_CERTIFICATE_MAX_PRIVATE_KEY_SIZE], int* const privateKeySize);
static bool newKeyPair(
const ZT_CertificatePublicKeyAlgorithm type, uint8_t publicKey[ZT_CERTIFICATE_MAX_PUBLIC_KEY_SIZE],
int *const publicKeySize, uint8_t privateKey[ZT_CERTIFICATE_MAX_PRIVATE_KEY_SIZE], int *const privateKeySize);
/**
* Create a CSR that encodes the subject of this certificate
@ -203,7 +205,9 @@ class Certificate : public ZT_Certificate {
* @param uniqueIdPrivateSize Size of unique ID private key
* @return Encoded subject (without any unique ID fields) or empty vector on error
*/
static Vector<uint8_t> createCSR(const ZT_Certificate_Subject& s, const void* certificatePrivateKey, unsigned int certificatePrivateKeySize, const void* uniqueIdPrivate, unsigned int uniqueIdPrivateSize);
static Vector<uint8_t> createCSR(
const ZT_Certificate_Subject &s, const void *certificatePrivateKey, unsigned int certificatePrivateKeySize,
const void *uniqueIdPrivate, unsigned int uniqueIdPrivateSize);
ZT_INLINE unsigned long hashCode() const noexcept
{
@ -242,7 +246,8 @@ class Certificate : public ZT_Certificate {
private:
void m_clear();
static bool m_setSubjectUniqueId(ZT_Certificate_Subject& s, const void* uniqueIdPrivate, unsigned int uniqueIdPrivateSize);
static bool
m_setSubjectUniqueId(ZT_Certificate_Subject &s, const void *uniqueIdPrivate, unsigned int uniqueIdPrivateSize);
static void m_encodeSubject(const ZT_Certificate_Subject &s, Dictionary &d, bool omitUniqueIdProofSignature);
// These hold any identity or locator objects that are owned by and should

118
core/Containers.hpp
View file

@ -38,13 +38,9 @@ namespace ZeroTier {
template <typename V> class Vector : public std::vector<V> {
public:
ZT_INLINE Vector() : std::vector<V>()
{
}
ZT_INLINE Vector() : std::vector<V>() {}
template <typename I> ZT_INLINE Vector(I begin, I end) : std::vector<V>(begin, end)
{
}
template <typename I> ZT_INLINE Vector(I begin, I end) : std::vector<V>(begin, end) {}
};
template <typename V> class List : public std::list<V> {
@ -53,10 +49,7 @@ template <typename V> class List : public std::list<V> {
#ifdef __CPP11__
struct intl_MapHasher {
template <typename O> std::size_t operator()(const O& obj) const noexcept
{
return (std::size_t)obj.hashCode();
}
template <typename O> std::size_t operator()(const O &obj) const noexcept { return (std::size_t)obj.hashCode(); }
std::size_t operator()(const Vector<uint8_t> &bytes) const noexcept
{
@ -87,7 +80,8 @@ struct intl_MapHasher {
template <typename K, typename V> class Map : public std::unordered_map<K, V, intl_MapHasher> {
};
template <typename K, typename V> class MultiMap : public std::unordered_multimap<K, V, intl_MapHasher, std::equal_to<K> > {
template <typename K, typename V>
class MultiMap : public std::unordered_multimap<K, V, intl_MapHasher, std::equal_to<K>> {
};
#else
@ -126,20 +120,11 @@ typedef std::string String;
struct H384 {
uint64_t data[6];
ZT_INLINE H384() noexcept
{
Utils::zero<sizeof(data)>(data);
}
ZT_INLINE H384() noexcept { Utils::zero<sizeof(data)>(data); }
ZT_INLINE H384(const H384& b) noexcept
{
Utils::copy<48>(data, b.data);
}
ZT_INLINE H384(const H384 &b) noexcept { Utils::copy<48>(data, b.data); }
explicit ZT_INLINE H384(const void* const d) noexcept
{
Utils::copy<48>(data, d);
}
explicit ZT_INLINE H384(const void *const d) noexcept { Utils::copy<48>(data, d); }
ZT_INLINE H384 &operator=(const H384 &b) noexcept
{
@ -147,45 +132,33 @@ struct H384 {
return *this;
}
ZT_INLINE unsigned long hashCode() const noexcept
{
return (unsigned long)data[0];
}
ZT_INLINE unsigned long hashCode() const noexcept { return (unsigned long)data[0]; }
ZT_INLINE operator bool() const noexcept
{
return ((data[0] != 0) && (data[1] != 0) && (data[2] != 0) && (data[3] != 0) && (data[4] != 0) && (data[5] != 0));
return (
(data[0] != 0) && (data[1] != 0) && (data[2] != 0) && (data[3] != 0) && (data[4] != 0) && (data[5] != 0));
}
ZT_INLINE bool operator==(const H384 &b) const noexcept
{
return ((data[0] == b.data[0]) && (data[1] == b.data[1]) && (data[2] == b.data[2]) && (data[3] == b.data[3]) && (data[4] == b.data[4]) && (data[5] == b.data[5]));
return (
(data[0] == b.data[0]) && (data[1] == b.data[1]) && (data[2] == b.data[2]) && (data[3] == b.data[3])
&& (data[4] == b.data[4]) && (data[5] == b.data[5]));
}
ZT_INLINE bool operator!=(const H384& b) const noexcept
{
return ! (*this == b);
}
ZT_INLINE bool operator!=(const H384 &b) const noexcept { return !(*this == b); }
ZT_INLINE bool operator<(const H384 &b) const noexcept
{
return std::lexicographical_compare(data, data + 6, b.data, b.data + 6);
}
ZT_INLINE bool operator<=(const H384& b) const noexcept
{
return ! (b < *this);
}
ZT_INLINE bool operator<=(const H384 &b) const noexcept { return !(b < *this); }
ZT_INLINE bool operator>(const H384& b) const noexcept
{
return (b < *this);
}
ZT_INLINE bool operator>(const H384 &b) const noexcept { return (b < *this); }
ZT_INLINE bool operator>=(const H384& b) const noexcept
{
return ! (*this < b);
}
ZT_INLINE bool operator>=(const H384 &b) const noexcept { return !(*this < b); }
};
static_assert(sizeof(H384) == 48, "H384 contains unnecessary padding");
@ -198,20 +171,11 @@ static_assert(sizeof(H384) == 48, "H384 contains unnecessary padding");
template <unsigned long S> struct Blob {
uint8_t data[S];
ZT_INLINE Blob() noexcept
{
Utils::zero<S>(data);
}
ZT_INLINE Blob() noexcept { Utils::zero<S>(data); }
ZT_INLINE Blob(const Blob& b) noexcept
{
Utils::copy<S>(data, b.data);
}
ZT_INLINE Blob(const Blob &b) noexcept { Utils::copy<S>(data, b.data); }
explicit ZT_INLINE Blob(const void* const d) noexcept
{
Utils::copy<S>(data, d);
}
explicit ZT_INLINE Blob(const void *const d) noexcept { Utils::copy<S>(data, d); }
explicit ZT_INLINE Blob(const void *const d, const unsigned int l) noexcept
{
@ -227,45 +191,21 @@ template <unsigned long S> struct Blob {
return *this;
}
ZT_INLINE unsigned long hashCode() const noexcept
{
return Utils::fnv1a32(data, (unsigned int)S);
}
ZT_INLINE unsigned long hashCode() const noexcept { return Utils::fnv1a32(data, (unsigned int)S); }
ZT_INLINE operator bool() const noexcept
{
return Utils::allZero(data, (unsigned int)S);
}
ZT_INLINE operator bool() const noexcept { return Utils::allZero(data, (unsigned int)S); }
ZT_INLINE bool operator==(const Blob& b) const noexcept
{
return (memcmp(data, b.data, S) == 0);
}
ZT_INLINE bool operator==(const Blob &b) const noexcept { return (memcmp(data, b.data, S) == 0); }
ZT_INLINE bool operator!=(const Blob& b) const noexcept
{
return (memcmp(data, b.data, S) != 0);
}
ZT_INLINE bool operator!=(const Blob &b) const noexcept { return (memcmp(data, b.data, S) != 0); }
ZT_INLINE bool operator<(const Blob& b) const noexcept
{
return (memcmp(data, b.data, S) < 0);
}
ZT_INLINE bool operator<(const Blob &b) const noexcept { return (memcmp(data, b.data, S) < 0); }
ZT_INLINE bool operator<=(const Blob& b) const noexcept
{
return (memcmp(data, b.data, S) <= 0);
}
ZT_INLINE bool operator<=(const Blob &b) const noexcept { return (memcmp(data, b.data, S) <= 0); }
ZT_INLINE bool operator>(const Blob& b) const noexcept
{
return (memcmp(data, b.data, S) > 0);
}
ZT_INLINE bool operator>(const Blob &b) const noexcept { return (memcmp(data, b.data, S) > 0); }
ZT_INLINE bool operator>=(const Blob& b) const noexcept
{
return (memcmp(data, b.data, S) >= 0);
}
ZT_INLINE bool operator>=(const Blob &b) const noexcept { return (memcmp(data, b.data, S) >= 0); }
};
} // namespace ZeroTier

5
core/Context.hpp
View file

@ -59,10 +59,7 @@ class Context {
secretIdentityStr[0] = 0;
}
ZT_INLINE ~Context() noexcept
{
Utils::burn(secretIdentityStr, sizeof(secretIdentityStr));
}
ZT_INLINE ~Context() noexcept { Utils::burn(secretIdentityStr, sizeof(secretIdentityStr)); }
// Unique ID generated on startup
const uint64_t instanceId;

27
core/Credential.cpp
View file

@ -43,7 +43,8 @@
namespace ZeroTier {
template <typename CRED> static ZT_INLINE Credential::VerifyResult p_credVerify(const Context& ctx, const CallContext& cc, CRED credential)
template <typename CRED>
static ZT_INLINE Credential::VerifyResult p_credVerify(const Context &ctx, const CallContext &cc, CRED credential)
{
uint8_t tmp[ZT_BUF_MEM_SIZE + 16];
@ -60,7 +61,10 @@ template <typename CRED> static ZT_INLINE Credential::VerifyResult p_credVerify(
int l = credential.marshal(tmp, true);
if (l <= 0)
return Credential::VERIFY_BAD_SIGNATURE;
return (peer->identity().verify(tmp, (unsigned int)l, credential.signature(), credential.signatureLength()) ? Credential::VERIFY_OK : Credential::VERIFY_BAD_SIGNATURE);
return (
peer->identity().verify(tmp, (unsigned int)l, credential.signature(), credential.signatureLength())
? Credential::VERIFY_OK
: Credential::VERIFY_BAD_SIGNATURE);
}
catch (...) {
}
@ -68,27 +72,32 @@ template <typename CRED> static ZT_INLINE Credential::VerifyResult p_credVerify(
return Credential::VERIFY_BAD_SIGNATURE;
}
Credential::VerifyResult Credential::s_verify(const Context& ctx, const CallContext& cc, const RevocationCredential& credential)
Credential::VerifyResult
Credential::s_verify(const Context &ctx, const CallContext &cc, const RevocationCredential &credential)
{
return p_credVerify(ctx, cc, credential);
}
Credential::VerifyResult Credential::s_verify(const Context& ctx, const CallContext& cc, const TagCredential& credential)
Credential::VerifyResult
Credential::s_verify(const Context &ctx, const CallContext &cc, const TagCredential &credential)
{
return p_credVerify(ctx, cc, credential);
}
Credential::VerifyResult Credential::s_verify(const Context& ctx, const CallContext& cc, const CapabilityCredential& credential)
Credential::VerifyResult
Credential::s_verify(const Context &ctx, const CallContext &cc, const CapabilityCredential &credential)
{
return p_credVerify(ctx, cc, credential);
}
Credential::VerifyResult Credential::s_verify(const Context& ctx, const CallContext& cc, const OwnershipCredential& credential)
Credential::VerifyResult
Credential::s_verify(const Context &ctx, const CallContext &cc, const OwnershipCredential &credential)
{
return p_credVerify(ctx, cc, credential);
}
Credential::VerifyResult Credential::s_verify(const Context& ctx, const CallContext& cc, const MembershipCredential& credential)
Credential::VerifyResult
Credential::s_verify(const Context &ctx, const CallContext &cc, const MembershipCredential &credential)
{
// Sanity check network ID.
if ((!credential.m_signedBy) || (credential.m_signedBy != Network::controllerFor(credential.m_networkId)))
@ -102,7 +111,9 @@ Credential::VerifyResult Credential::s_verify(const Context& ctx, const CallCont
// Now verify the controller's signature.
uint64_t buf[ZT_MEMBERSHIP_CREDENTIAL_MARSHAL_SIZE_MAX / 8];
const unsigned int bufSize = credential.m_fillSigningBuf(buf);
return peer->identity().verify(buf, bufSize, credential.m_signature, credential.m_signatureLength) ? Credential::VERIFY_OK : Credential::VERIFY_BAD_SIGNATURE;
return peer->identity().verify(buf, bufSize, credential.m_signature, credential.m_signatureLength)
? Credential::VERIFY_OK
: Credential::VERIFY_BAD_SIGNATURE;
}
} // namespace ZeroTier

29
core/Defragmenter.hpp
View file

@ -46,7 +46,10 @@ namespace ZeroTier {
* @tparam GCT Garbage collection trigger threshold, usually 2X GCS (default: ZT_MAX_PACKET_FRAGMENTS * 4)
* @tparam P Type for pointer to a path object (default: SharedPtr<Path>)
*/
template <unsigned int MF = ZT_MAX_PACKET_FRAGMENTS, unsigned int MFP = ZT_MAX_INCOMING_FRAGMENTS_PER_PATH, unsigned int GCS = (ZT_MAX_PACKET_FRAGMENTS * 2), unsigned int GCT = (ZT_MAX_PACKET_FRAGMENTS * 4), typename P = SharedPtr<Path> >
template <
unsigned int MF = ZT_MAX_PACKET_FRAGMENTS, unsigned int MFP = ZT_MAX_INCOMING_FRAGMENTS_PER_PATH,
unsigned int GCS = (ZT_MAX_PACKET_FRAGMENTS * 2), unsigned int GCT = (ZT_MAX_PACKET_FRAGMENTS * 4),
typename P = SharedPtr<Path>>
class Defragmenter {
public:
/**
@ -90,9 +93,7 @@ class Defragmenter {
ERR_OUT_OF_MEMORY
};
ZT_INLINE Defragmenter()
{
}
ZT_INLINE Defragmenter() {}
/**
* Process a fragment of a multi-part message
@ -136,15 +137,9 @@ class Defragmenter {
* @return Result code
*/
ZT_INLINE ResultCode assemble(
const uint64_t messageId,
FCV<Buf::Slice, MF>& message,
SharedPtr<Buf>& fragment,
const unsigned int fragmentDataIndex,
const unsigned int fragmentDataSize,
const unsigned int fragmentNo,
const unsigned int totalFragmentsExpected,
const int64_t ts,
const P& via)
const uint64_t messageId, FCV<Buf::Slice, MF> &message, SharedPtr<Buf> &fragment,
const unsigned int fragmentDataIndex, const unsigned int fragmentDataSize, const unsigned int fragmentNo,
const unsigned int totalFragmentsExpected, const int64_t ts, const P &via)
{
// Sanity checks for malformed fragments or invalid input parameters.
if ((fragmentNo >= totalFragmentsExpected) || (totalFragmentsExpected > MF) || (totalFragmentsExpected == 0))
@ -299,13 +294,7 @@ class Defragmenter {
private:
// p_E is an entry in the message queue.
struct p_E {
ZT_INLINE p_E() noexcept
: id(0)
, lastUsed(0)
, totalFragmentsExpected(0)
, fragmentsReceived(0)
{
}
ZT_INLINE p_E() noexcept : id(0), lastUsed(0), totalFragmentsExpected(0), fragmentsReceived(0) {}
ZT_INLINE p_E(const p_E &e) noexcept
: id(e.id)

30
core/Dictionary.cpp
View file

@ -15,10 +15,7 @@
namespace ZeroTier {
Vector<uint8_t>& Dictionary::operator[](const char* const k)
{
return m_entries[k];
}
Vector<uint8_t> &Dictionary::operator[](const char *const k) { return m_entries[k]; }
const Vector<uint8_t> &Dictionary::operator[](const char *const k) const
{
@ -87,10 +84,7 @@ char* Dictionary::getS(const char* k, char* v, const unsigned int cap) const
return v;
}
void Dictionary::clear()
{
m_entries.clear();
}
void Dictionary::clear() { m_entries.clear(); }
void Dictionary::encode(Vector<uint8_t> &out) const
{
@ -116,21 +110,11 @@ bool Dictionary::decode(const void* data, unsigned int len)
if (escape) {
escape = false;
switch (c) {
case 48:
v->push_back(0);
break;
case 101:
v->push_back(61);
break;
case 110:
v->push_back(10);
break;
case 114:
v->push_back(13);
break;
default:
v->push_back(c);
break;
case 48: v->push_back(0); break;
case 101: v->push_back(61); break;
case 110: v->push_back(10); break;
case 114: v->push_back(13); break;
default: v->push_back(c); break;
}
}
else {

35
core/Dictionary.hpp
View file

@ -41,13 +41,9 @@ class Dictionary {
public:
typedef SortedMap<String, Vector<uint8_t>>::const_iterator const_iterator;
ZT_INLINE Dictionary()
{
}
ZT_INLINE Dictionary() {}
ZT_INLINE ~Dictionary()
{
}
ZT_INLINE ~Dictionary() {}
/*
ZT_INLINE void dump() const
@ -95,18 +91,12 @@ class Dictionary {
/**
* @return Start of key->value pairs
*/
ZT_INLINE const_iterator begin() const noexcept
{
return m_entries.begin();
}
ZT_INLINE const_iterator begin() const noexcept { return m_entries.begin(); }
/**
* @return End of key->value pairs
*/
ZT_INLINE const_iterator end() const noexcept
{
return m_entries.end();
}
ZT_INLINE const_iterator end() const noexcept { return m_entries.end(); }
/**
* Add an integer as a hexadecimal string value
@ -213,18 +203,12 @@ class Dictionary {
/**
* @return Number of entries
*/
ZT_INLINE unsigned int size() const noexcept
{
return (unsigned int)m_entries.size();
}
ZT_INLINE unsigned int size() const noexcept { return (unsigned int)m_entries.size(); }
/**
* @return True if dictionary is not empty
*/
ZT_INLINE bool empty() const noexcept
{
return m_entries.empty();
}
ZT_INLINE bool empty() const noexcept { return m_entries.empty(); }
/**
* Encode to a string in the supplied vector
@ -362,7 +346,8 @@ class Dictionary {
* @param v Value
* @param vlen Value length in bytes
*/
template <typename V> ZT_INLINE static void append(V& out, const char* const k, const void* const v, const unsigned int vlen)
template <typename V>
ZT_INLINE static void append(V &out, const char *const k, const void *const v, const unsigned int vlen)
{
s_appendKey(out, k);
for (unsigned int i = 0; i < vlen; ++i)
@ -435,9 +420,7 @@ class Dictionary {
out.push_back(92);
out.push_back(92);
break;
default:
out.push_back(c);
break;
default: out.push_back(c); break;
}
}

12
core/ECC384.hpp
View file

@ -77,7 +77,9 @@ void ECC384GenerateKey(uint8_t pub[ZT_ECC384_PUBLIC_KEY_SIZE], uint8_t priv[ZT_E
* @param hash 48-byte hash
* @param sig Buffer to receive signature
*/
void ECC384ECDSASign(const uint8_t priv[ZT_ECC384_PRIVATE_KEY_SIZE], const uint8_t hash[ZT_ECC384_SIGNATURE_HASH_SIZE], uint8_t sig[ZT_ECC384_SIGNATURE_SIZE]);
void ECC384ECDSASign(
const uint8_t priv[ZT_ECC384_PRIVATE_KEY_SIZE], const uint8_t hash[ZT_ECC384_SIGNATURE_HASH_SIZE],
uint8_t sig[ZT_ECC384_SIGNATURE_SIZE]);
/**
* Verify a signature
@ -87,7 +89,9 @@ void ECC384ECDSASign(const uint8_t priv[ZT_ECC384_PRIVATE_KEY_SIZE], const uint8
* @param sig Signature to check
* @return True if signature is valid
*/
bool ECC384ECDSAVerify(const uint8_t pub[ZT_ECC384_PUBLIC_KEY_SIZE], const uint8_t hash[ZT_ECC384_SIGNATURE_HASH_SIZE], const uint8_t sig[ZT_ECC384_SIGNATURE_SIZE]);
bool ECC384ECDSAVerify(
const uint8_t pub[ZT_ECC384_PUBLIC_KEY_SIZE], const uint8_t hash[ZT_ECC384_SIGNATURE_HASH_SIZE],
const uint8_t sig[ZT_ECC384_SIGNATURE_SIZE]);
/**
* Perform ECDH key agreement
@ -99,7 +103,9 @@ bool ECC384ECDSAVerify(const uint8_t pub[ZT_ECC384_PUBLIC_KEY_SIZE], const uint8
* @param ourPriv Local private key
* @param secret Buffer to receive 48-byte secret
*/
bool ECC384ECDH(const uint8_t theirPub[ZT_ECC384_PUBLIC_KEY_SIZE], const uint8_t ourPriv[ZT_ECC384_PRIVATE_KEY_SIZE], uint8_t secret[ZT_ECC384_SHARED_SECRET_SIZE]);
bool ECC384ECDH(
const uint8_t theirPub[ZT_ECC384_PUBLIC_KEY_SIZE], const uint8_t ourPriv[ZT_ECC384_PRIVATE_KEY_SIZE],
uint8_t secret[ZT_ECC384_SHARED_SECRET_SIZE]);
} // namespace ZeroTier

97
core/Endpoint.cpp
View file

@ -20,48 +20,30 @@ namespace ZeroTier {
static ZT_INLINE char s_endpointTypeChar(const ZT_EndpointType t)
{
switch (t) {
default:
return '0';
case ZT_ENDPOINT_TYPE_ZEROTIER:
return 'z';
case ZT_ENDPOINT_TYPE_ETHERNET:
return 'e';
case ZT_ENDPOINT_TYPE_WIFI_DIRECT:
return 'd';
case ZT_ENDPOINT_TYPE_BLUETOOTH:
return 'b';
case ZT_ENDPOINT_TYPE_IP:
return 'i';
case ZT_ENDPOINT_TYPE_IP_UDP:
return 'u';
case ZT_ENDPOINT_TYPE_IP_TCP:
return 't';
case ZT_ENDPOINT_TYPE_IP_TCP_WS:
return 'w';
default: return '0';
case ZT_ENDPOINT_TYPE_ZEROTIER: return 'z';
case ZT_ENDPOINT_TYPE_ETHERNET: return 'e';
case ZT_ENDPOINT_TYPE_WIFI_DIRECT: return 'd';
case ZT_ENDPOINT_TYPE_BLUETOOTH: return 'b';
case ZT_ENDPOINT_TYPE_IP: return 'i';
case ZT_ENDPOINT_TYPE_IP_UDP: return 'u';
case ZT_ENDPOINT_TYPE_IP_TCP: return 't';
case ZT_ENDPOINT_TYPE_IP_TCP_WS: return 'w';
}
}
static ZT_INLINE ZT_EndpointType s_charEndpointType(const char c)
{
switch (c) {
default:
return ZT_ENDPOINT_TYPE_NIL;
case 'z':
return ZT_ENDPOINT_TYPE_ZEROTIER;
case 'e':
return ZT_ENDPOINT_TYPE_ETHERNET;
case 'd':
return ZT_ENDPOINT_TYPE_WIFI_DIRECT;
case 'b':
return ZT_ENDPOINT_TYPE_BLUETOOTH;
case 'i':
return ZT_ENDPOINT_TYPE_IP;
case 'u':
return ZT_ENDPOINT_TYPE_IP_UDP;
case 't':
return ZT_ENDPOINT_TYPE_IP_TCP;
case 'w':
return ZT_ENDPOINT_TYPE_IP_TCP_WS;
default: return ZT_ENDPOINT_TYPE_NIL;
case 'z': return ZT_ENDPOINT_TYPE_ZEROTIER;
case 'e': return ZT_ENDPOINT_TYPE_ETHERNET;
case 'd': return ZT_ENDPOINT_TYPE_WIFI_DIRECT;
case 'b': return ZT_ENDPOINT_TYPE_BLUETOOTH;
case 'i': return ZT_ENDPOINT_TYPE_IP;
case 'u': return ZT_ENDPOINT_TYPE_IP_UDP;
case 't': return ZT_ENDPOINT_TYPE_IP_TCP;
case 'w': return ZT_ENDPOINT_TYPE_IP_TCP_WS;
}
}
@ -108,8 +90,7 @@ bool Endpoint::fromString(const char* s) noexcept
// type/ADDRESS is a fully qualified endpoint.
this->type = s_charEndpointType(s[0]);
switch (this->type) {
case ZT_ENDPOINT_TYPE_NIL:
break;
case ZT_ENDPOINT_TYPE_NIL: break;
case ZT_ENDPOINT_TYPE_ZEROTIER:
if (!s[2])
return false;
@ -189,19 +170,15 @@ int Endpoint::unmarshal(const uint8_t* restrict data, int len) noexcept
if (data[0] < 16) {
switch (data[0]) {
case 0:
return 1;
case 0: return 1;
case 4:
case 6:
this->type = ZT_ENDPOINT_TYPE_IP_UDP;
return asInetAddress(this->value.ss).unmarshal(data, len);
case 6: this->type = ZT_ENDPOINT_TYPE_IP_UDP; return asInetAddress(this->value.ss).unmarshal(data, len);
}
return -1;
}
switch ((this->type = (ZT_EndpointType)(data[0] - 16))) {
case ZT_ENDPOINT_TYPE_NIL:
return 1;
case ZT_ENDPOINT_TYPE_NIL: return 1;
case ZT_ENDPOINT_TYPE_ZEROTIER:
if (len >= (1 + ZT_ADDRESS_LENGTH + ZT_FINGERPRINT_HASH_SIZE)) {
@ -225,11 +202,9 @@ int Endpoint::unmarshal(const uint8_t* restrict data, int len) noexcept
case ZT_ENDPOINT_TYPE_IP:
case ZT_ENDPOINT_TYPE_IP_UDP:
case ZT_ENDPOINT_TYPE_IP_TCP:
case ZT_ENDPOINT_TYPE_IP_TCP_WS:
return asInetAddress(this->value.ss).unmarshal(data + 1, len - 1);
case ZT_ENDPOINT_TYPE_IP_TCP_WS: return asInetAddress(this->value.ss).unmarshal(data + 1, len - 1);
default:
break;
default: break;
}
// Unrecognized types can still be passed over in a valid stream if they are
@ -246,19 +221,15 @@ bool Endpoint::operator==(const Endpoint& ep) const noexcept
{
if (this->type == ep.type) {
switch (this->type) {
case ZT_ENDPOINT_TYPE_ZEROTIER:
return zt() == ep.zt();
case ZT_ENDPOINT_TYPE_ZEROTIER: return zt() == ep.zt();
case ZT_ENDPOINT_TYPE_ETHERNET:
case ZT_ENDPOINT_TYPE_WIFI_DIRECT:
case ZT_ENDPOINT_TYPE_BLUETOOTH:
return this->value.mac == ep.value.mac;
case ZT_ENDPOINT_TYPE_BLUETOOTH: return this->value.mac == ep.value.mac;
case ZT_ENDPOINT_TYPE_IP:
case ZT_ENDPOINT_TYPE_IP_UDP:
case ZT_ENDPOINT_TYPE_IP_TCP:
case ZT_ENDPOINT_TYPE_IP_TCP_WS:
return ip() == ep.ip();
default:
return true;
case ZT_ENDPOINT_TYPE_IP_TCP_WS: return ip() == ep.ip();
default: return true;
}
}
return false;
@ -268,19 +239,15 @@ bool Endpoint::operator<(const Endpoint& ep) const noexcept
{
if (this->type == ep.type) {
switch (this->type) {
case ZT_ENDPOINT_TYPE_ZEROTIER:
return zt() < ep.zt();
case ZT_ENDPOINT_TYPE_ZEROTIER: return zt() < ep.zt();
case ZT_ENDPOINT_TYPE_ETHERNET:
case ZT_ENDPOINT_TYPE_WIFI_DIRECT:
case ZT_ENDPOINT_TYPE_BLUETOOTH:
return this->value.mac < ep.value.mac;
case ZT_ENDPOINT_TYPE_BLUETOOTH: return this->value.mac < ep.value.mac;
case ZT_ENDPOINT_TYPE_IP:
case ZT_ENDPOINT_TYPE_IP_UDP:
case ZT_ENDPOINT_TYPE_IP_TCP:
case ZT_ENDPOINT_TYPE_IP_TCP_WS:
return ip() < ep.ip();
default:
return true;
case ZT_ENDPOINT_TYPE_IP_TCP_WS: return ip() < ep.ip();
default: return true;
}
}
return (int)this->type < (int)ep.type;

95
core/Endpoint.hpp
View file

@ -27,11 +27,16 @@
namespace ZeroTier {
static_assert((ZT_ENDPOINT_MARSHAL_SIZE_MAX - 1) > ZT_INETADDRESS_MARSHAL_SIZE_MAX, "ZT_ENDPOINT_MARSHAL_SIZE_MAX not large enough");
static_assert((ZT_ENDPOINT_MARSHAL_SIZE_MAX - 1) > sizeof(ZT_Fingerprint), "ZT_ENDPOINT_MARSHAL_SIZE_MAX not large enough");
static_assert((ZT_ENDPOINT_MARSHAL_SIZE_MAX - 1) > sizeof(InetAddress), "ZT_ENDPOINT_MARSHAL_SIZE_MAX not large enough");
static_assert(
(ZT_ENDPOINT_MARSHAL_SIZE_MAX - 1) > ZT_INETADDRESS_MARSHAL_SIZE_MAX,
"ZT_ENDPOINT_MARSHAL_SIZE_MAX not large enough");
static_assert(
(ZT_ENDPOINT_MARSHAL_SIZE_MAX - 1) > sizeof(ZT_Fingerprint), "ZT_ENDPOINT_MARSHAL_SIZE_MAX not large enough");
static_assert(
(ZT_ENDPOINT_MARSHAL_SIZE_MAX - 1) > sizeof(InetAddress), "ZT_ENDPOINT_MARSHAL_SIZE_MAX not large enough");
static_assert((ZT_ENDPOINT_MARSHAL_SIZE_MAX - 1) > sizeof(MAC), "ZT_ENDPOINT_MARSHAL_SIZE_MAX not large enough");
static_assert((ZT_ENDPOINT_MARSHAL_SIZE_MAX - 1) > sizeof(Fingerprint), "ZT_ENDPOINT_MARSHAL_SIZE_MAX not large enough");
static_assert(
(ZT_ENDPOINT_MARSHAL_SIZE_MAX - 1) > sizeof(Fingerprint), "ZT_ENDPOINT_MARSHAL_SIZE_MAX not large enough");
/**
* Endpoint variant specifying some form of network endpoint.
@ -49,15 +54,9 @@ class Endpoint
/**
* Create a NIL/empty endpoint
*/
ZT_INLINE Endpoint() noexcept
{
memoryZero(this);
}
ZT_INLINE Endpoint() noexcept { memoryZero(this); }
ZT_INLINE Endpoint(const ZT_Endpoint& ep) noexcept
{
Utils::copy<sizeof(ZT_Endpoint)>((ZT_Endpoint*)this, &ep);
}
ZT_INLINE Endpoint(const ZT_Endpoint &ep) noexcept { Utils::copy<sizeof(ZT_Endpoint)>((ZT_Endpoint *)this, &ep); }
/**
* Create an endpoint for a type that uses an IP
@ -112,10 +111,7 @@ class Endpoint
/**
* @return True if endpoint type isn't NIL
*/
ZT_INLINE operator bool() const noexcept
{
return this->type != ZT_ENDPOINT_TYPE_NIL;
}
ZT_INLINE operator bool() const noexcept { return this->type != ZT_ENDPOINT_TYPE_NIL; }
/**
* @return True if this endpoint type has an InetAddress address type and thus ip() is valid
@ -126,10 +122,8 @@ class Endpoint
case ZT_ENDPOINT_TYPE_IP:
case ZT_ENDPOINT_TYPE_IP_UDP:
case ZT_ENDPOINT_TYPE_IP_TCP:
case ZT_ENDPOINT_TYPE_IP_TCP_WS:
return true;
default:
return false;
case ZT_ENDPOINT_TYPE_IP_TCP_WS: return true;
default: return false;
}
}
@ -153,14 +147,11 @@ class Endpoint
case ZT_ENDPOINT_TYPE_IP:
case ZT_ENDPOINT_TYPE_IP_UDP:
case ZT_ENDPOINT_TYPE_IP_TCP:
case ZT_ENDPOINT_TYPE_IP_TCP_WS:
return ip().ipsEqual(ep.ip());
default:
break;
case ZT_ENDPOINT_TYPE_IP_TCP_WS: return ip().ipsEqual(ep.ip());
default: break;
}
break;
default:
break;
default: break;
}
return (*this) == ep;
}
@ -170,47 +161,34 @@ class Endpoint
*
* @return InetAddress instance
*/
ZT_INLINE const InetAddress& ip() const noexcept
{
return asInetAddress(this->value.ss);
}
ZT_INLINE const InetAddress &ip() const noexcept { return asInetAddress(this->value.ss); }
/**
* Get MAC if this is an Ethernet, WiFi direct, or Bluetooth type (undefined otherwise)
*
* @return Ethernet MAC
*/
ZT_INLINE MAC eth() const noexcept
{
return MAC(this->value.mac);
}
ZT_INLINE MAC eth() const noexcept { return MAC(this->value.mac); }
/**
* Get fingerprint if this is a ZeroTier endpoint type (undefined otherwise)
*
* @return ZeroTier fingerprint
*/
ZT_INLINE Fingerprint zt() const noexcept
{
return Fingerprint(this->value.fp);
}
ZT_INLINE Fingerprint zt() const noexcept { return Fingerprint(this->value.fp); }
ZT_INLINE unsigned long hashCode() const noexcept
{
switch (this->type) {
default:
return 1;
case ZT_ENDPOINT_TYPE_ZEROTIER:
return (unsigned long)this->value.fp.address;
default: return 1;
case ZT_ENDPOINT_TYPE_ZEROTIER: return (unsigned long)this->value.fp.address;
case ZT_ENDPOINT_TYPE_ETHERNET:
case ZT_ENDPOINT_TYPE_WIFI_DIRECT:
case ZT_ENDPOINT_TYPE_BLUETOOTH:
return (unsigned long)Utils::hash64(this->value.mac);
case ZT_ENDPOINT_TYPE_BLUETOOTH: return (unsigned long)Utils::hash64(this->value.mac);
case ZT_ENDPOINT_TYPE_IP:
case ZT_ENDPOINT_TYPE_IP_UDP:
case ZT_ENDPOINT_TYPE_IP_TCP:
case ZT_ENDPOINT_TYPE_IP_TCP_WS:
return ip().hashCode();
case ZT_ENDPOINT_TYPE_IP_TCP_WS: return ip().hashCode();
}
}
@ -224,10 +202,7 @@ class Endpoint
bool fromString(const char *s) noexcept;
static constexpr int marshalSizeMax() noexcept
{
return ZT_ENDPOINT_MARSHAL_SIZE_MAX;
}
static constexpr int marshalSizeMax() noexcept { return ZT_ENDPOINT_MARSHAL_SIZE_MAX; }
int marshal(uint8_t data[ZT_ENDPOINT_MARSHAL_SIZE_MAX]) const noexcept;
@ -235,27 +210,15 @@ class Endpoint
bool operator==(const Endpoint &ep) const noexcept;
ZT_INLINE bool operator!=(const Endpoint& ep) const noexcept
{
return ! ((*this) == ep);
}
ZT_INLINE bool operator!=(const Endpoint &ep) const noexcept { return !((*this) == ep); }
bool operator<(const Endpoint &ep) const noexcept;
ZT_INLINE bool operator>(const Endpoint& ep) const noexcept
{
return (ep < *this);
}
ZT_INLINE bool operator>(const Endpoint &ep) const noexcept { return (ep < *this); }
ZT_INLINE bool operator<=(const Endpoint& ep) const noexcept
{
return ! (ep < *this);
}
ZT_INLINE bool operator<=(const Endpoint &ep) const noexcept { return !(ep < *this); }
ZT_INLINE bool operator>=(const Endpoint& ep) const noexcept
{
return ! (*this < ep);
}
ZT_INLINE bool operator>=(const Endpoint &ep) const noexcept { return !(*this < ep); }
};
static_assert(sizeof(Endpoint) == sizeof(ZT_Endpoint), "size mismatch");

14
core/Expect.hpp
View file

@ -38,9 +38,7 @@ namespace ZeroTier {
*/
class Expect {
public:
ZT_INLINE Expect() : m_packetIdSent()
{
}
ZT_INLINE Expect() : m_packetIdSent() {}
/**
* Called by other code when something is sending a packet that could potentially receive an OK response
@ -50,7 +48,8 @@ class Expect {
*/
ZT_INLINE void sending(const uint64_t packetId, const int64_t now) noexcept
{
m_packetIdSent[Utils::hash64(packetId ^ Utils::s_mapNonce) % ZT_EXPECT_BUCKETS] = (uint32_t)(now / ZT_EXPECT_TTL);
m_packetIdSent[Utils::hash64(packetId ^ Utils::s_mapNonce) % ZT_EXPECT_BUCKETS] =
(uint32_t)(now / ZT_EXPECT_TTL);
}
/**
@ -66,7 +65,12 @@ class Expect {
*/
ZT_INLINE bool expecting(const uint64_t inRePacketId, const int64_t now) noexcept
{
return (((now / ZT_EXPECT_TTL) - (int64_t)m_packetIdSent[(unsigned long)Utils::hash64(inRePacketId ^ Utils::s_mapNonce) % ZT_EXPECT_BUCKETS].exchange(0)) <= 1);
return (
((now / ZT_EXPECT_TTL)
- (int64_t)
m_packetIdSent[(unsigned long)Utils::hash64(inRePacketId ^ Utils::s_mapNonce) % ZT_EXPECT_BUCKETS]
.exchange(0))
<= 1);
}
private:

84
core/FCV.hpp
View file

@ -38,14 +38,9 @@ template <typename T, unsigned int C> class FCV {
typedef T *iterator;
typedef const T *const_iterator;
ZT_INLINE FCV() noexcept : _s(0)
{
}
ZT_INLINE FCV() noexcept : _s(0) {}
ZT_INLINE FCV(const FCV& v) : _s(0)
{
*this = v;
}
ZT_INLINE FCV(const FCV &v) : _s(0) { *this = v; }
ZT_INLINE FCV(const T *const contents, const unsigned int len) : _s(len)
{
@ -62,10 +57,7 @@ template <typename T, unsigned int C> class FCV {
}
}
ZT_INLINE ~FCV()
{
this->clear();
}
ZT_INLINE ~FCV() { this->clear(); }
ZT_INLINE FCV &operator=(const FCV &v)
{
@ -101,25 +93,13 @@ template <typename T, unsigned int C> class FCV {
_s = 0;
}
ZT_INLINE iterator begin() noexcept
{
return reinterpret_cast<T*>(_m);
}
ZT_INLINE iterator begin() noexcept { return reinterpret_cast<T *>(_m); }
ZT_INLINE iterator end() noexcept
{
return reinterpret_cast<T*>(_m) + _s;
}
ZT_INLINE iterator end() noexcept { return reinterpret_cast<T *>(_m) + _s; }
ZT_INLINE const_iterator begin() const noexcept
{
return reinterpret_cast<const T*>(_m);
}
ZT_INLINE const_iterator begin() const noexcept { return reinterpret_cast<const T *>(_m); }
ZT_INLINE const_iterator end() const noexcept
{
return reinterpret_cast<const T*>(_m) + _s;
}
ZT_INLINE const_iterator end() const noexcept { return reinterpret_cast<const T *>(_m) + _s; }
ZT_INLINE T &operator[](const unsigned int i)
{
@ -135,30 +115,15 @@ template <typename T, unsigned int C> class FCV {
throw Utils::OutOfRangeException;
}
static constexpr unsigned int capacity() noexcept
{
return C;
}
static constexpr unsigned int capacity() noexcept { return C; }
ZT_INLINE unsigned int size() const noexcept
{
return _s;
}
ZT_INLINE unsigned int size() const noexcept { return _s; }
ZT_INLINE bool empty() const noexcept
{
return (_s == 0);
}
ZT_INLINE bool empty() const noexcept { return (_s == 0); }
ZT_INLINE T* data() noexcept
{
return reinterpret_cast<T*>(_m);
}
ZT_INLINE T *data() noexcept { return reinterpret_cast<T *>(_m); }
ZT_INLINE const T* data() const noexcept
{
return reinterpret_cast<const T*>(_m);
}
ZT_INLINE const T *data() const noexcept { return reinterpret_cast<const T *>(_m); }
/**
* Push a value onto the back of this vector
@ -238,10 +203,7 @@ template <typename T, unsigned int C> class FCV {
*
* @param ns New size
*/
ZT_INLINE void unsafeSetSize(unsigned int ns)
{
_s = ns;
}
ZT_INLINE void unsafeSetSize(unsigned int ns) { _s = ns; }
/**
* This is a bounds checked auto-resizing variant of the [] operator
@ -298,30 +260,18 @@ template <typename T, unsigned int C> class FCV {
return false;
}
ZT_INLINE bool operator!=(const FCV& v) const noexcept
{
return *this != v;
}
ZT_INLINE bool operator!=(const FCV &v) const noexcept { return *this != v; }
ZT_INLINE bool operator<(const FCV &v) const noexcept
{
return std::lexicographical_compare(begin(), end(), v.begin(), v.end());
}
ZT_INLINE bool operator>(const FCV& v) const noexcept
{
return (v < *this);
}
ZT_INLINE bool operator>(const FCV &v) const noexcept { return (v < *this); }
ZT_INLINE bool operator<=(const FCV& v) const noexcept
{
return v >= *this;
}
ZT_INLINE bool operator<=(const FCV &v) const noexcept { return v >= *this; }
ZT_INLINE bool operator>=(const FCV& v) const noexcept
{
return *this >= v;
}
ZT_INLINE bool operator>=(const FCV &v) const noexcept { return *this >= v; }
private:
#ifdef _MSC_VER

56
core/Fingerprint.hpp
View file

@ -34,23 +34,14 @@ class Fingerprint
: public ZT_Fingerprint
, public TriviallyCopyable {
public:
ZT_INLINE Fingerprint() noexcept
{
memoryZero(this);
}
ZT_INLINE Fingerprint() noexcept { memoryZero(this); }
ZT_INLINE Fingerprint(const ZT_Fingerprint& fp) noexcept
{
Utils::copy<sizeof(ZT_Fingerprint)>(this, &fp);
}
ZT_INLINE Fingerprint(const ZT_Fingerprint &fp) noexcept { Utils::copy<sizeof(ZT_Fingerprint)>(this, &fp); }
/**
* @return True if hash is not all zero (missing/unspecified)
*/
ZT_INLINE bool haveHash() const noexcept
{
return (! Utils::allZero(this->hash, ZT_FINGERPRINT_HASH_SIZE));
}
ZT_INLINE bool haveHash() const noexcept { return (!Utils::allZero(this->hash, ZT_FINGERPRINT_HASH_SIZE)); }
/**
* Get a base32-encoded representation of this fingerprint
@ -62,7 +53,9 @@ class Fingerprint
Address(this->address).toString(s);
if (haveHash()) {
s[ZT_ADDRESS_LENGTH_HEX] = '-';
Utils::b32e(this->hash, ZT_FINGERPRINT_HASH_SIZE, s + (ZT_ADDRESS_LENGTH_HEX + 1), ZT_FINGERPRINT_STRING_SIZE_MAX - (ZT_ADDRESS_LENGTH_HEX + 1));
Utils::b32e(
this->hash, ZT_FINGERPRINT_HASH_SIZE, s + (ZT_ADDRESS_LENGTH_HEX + 1),
ZT_FINGERPRINT_STRING_SIZE_MAX - (ZT_ADDRESS_LENGTH_HEX + 1));
}
return s;
}
@ -91,7 +84,8 @@ class Fingerprint
a[ZT_ADDRESS_LENGTH_HEX] = 0;
this->address = Utils::hexStrToU64(a) & ZT_ADDRESS_MASK;
if (l > (ZT_ADDRESS_LENGTH_HEX + 1)) {
if (Utils::b32d(s + (ZT_ADDRESS_LENGTH_HEX + 1), this->hash, ZT_FINGERPRINT_HASH_SIZE) != ZT_FINGERPRINT_HASH_SIZE)
if (Utils::b32d(s + (ZT_ADDRESS_LENGTH_HEX + 1), this->hash, ZT_FINGERPRINT_HASH_SIZE)
!= ZT_FINGERPRINT_HASH_SIZE)
return false;
}
else {
@ -100,25 +94,13 @@ class Fingerprint
return true;
}
ZT_INLINE void zero() noexcept
{
memoryZero(this);
}
ZT_INLINE void zero() noexcept { memoryZero(this); }
ZT_INLINE unsigned long hashCode() const noexcept
{
return (unsigned long)this->address;
}
ZT_INLINE unsigned long hashCode() const noexcept { return (unsigned long)this->address; }
ZT_INLINE operator bool() const noexcept
{
return this->address != 0;
}
ZT_INLINE operator bool() const noexcept { return this->address != 0; }
static constexpr int marshalSizeMax() noexcept
{
return ZT_FINGERPRINT_MARSHAL_SIZE;
}
static constexpr int marshalSizeMax() noexcept { return ZT_FINGERPRINT_MARSHAL_SIZE; }
ZT_INLINE int marshal(uint8_t data[ZT_FINGERPRINT_MARSHAL_SIZE]) const noexcept
{
@ -141,14 +123,13 @@ class Fingerprint
return ((this->address == h.address) && (memcmp(this->hash, h.hash, ZT_FINGERPRINT_HASH_SIZE) == 0));
}
ZT_INLINE bool operator!=(const ZT_Fingerprint& h) const noexcept
{
return ! (*this == h);
}
ZT_INLINE bool operator!=(const ZT_Fingerprint &h) const noexcept { return !(*this == h); }
ZT_INLINE bool operator<(const ZT_Fingerprint &h) const noexcept
{
return ((this->address < h.address) || ((this->address == h.address) && (memcmp(this->hash, h.hash, ZT_FINGERPRINT_HASH_SIZE) < 0)));
return (
(this->address < h.address)
|| ((this->address == h.address) && (memcmp(this->hash, h.hash, ZT_FINGERPRINT_HASH_SIZE) < 0)));
}
ZT_INLINE bool operator>(const ZT_Fingerprint &h) const noexcept
@ -161,10 +142,7 @@ class Fingerprint
return !(*reinterpret_cast<const Fingerprint *>(&h) < *this);
}
ZT_INLINE bool operator>=(const ZT_Fingerprint& h) const noexcept
{
return ! (*this < h);
}
ZT_INLINE bool operator>=(const ZT_Fingerprint &h) const noexcept { return !(*this < h); }
};
static_assert(sizeof(Fingerprint) == sizeof(ZT_Fingerprint), "size mismatch");

99
core/Identity.cpp
View file

@ -30,7 +30,9 @@ namespace {
// This is the memory-intensive hash function used to compute v0 identities from v0 public keys.
#define ZT_V0_IDENTITY_GEN_MEMORY 2097152
void identityV0ProofOfWorkFrankenhash(const void* const restrict c25519CombinedPublicKey, void* const restrict digest, void* const restrict genmem) noexcept
void identityV0ProofOfWorkFrankenhash(
const void *const restrict c25519CombinedPublicKey, void *const restrict digest,
void *const restrict genmem) noexcept
{
// Digest publicKey[] to obtain initial digest
SHA512(digest, c25519CombinedPublicKey, ZT_C25519_COMBINED_PUBLIC_KEY_SIZE);
@ -57,7 +59,8 @@ void identityV0ProofOfWorkFrankenhash(const void* const restrict c25519CombinedP
// Render final digest using genmem as a lookup table
for (unsigned long i = 0; i < (ZT_V0_IDENTITY_GEN_MEMORY / sizeof(uint64_t));) {
unsigned long idx1 = (unsigned long)(Utils::ntoh(((uint64_t *)genmem)[i++]) % (64 / sizeof(uint64_t)));
unsigned long idx2 = (unsigned long)(Utils::ntoh(((uint64_t*)genmem)[i++]) % (ZT_V0_IDENTITY_GEN_MEMORY / sizeof(uint64_t)));
unsigned long idx2 =
(unsigned long)(Utils::ntoh(((uint64_t *)genmem)[i++]) % (ZT_V0_IDENTITY_GEN_MEMORY / sizeof(uint64_t)));
uint64_t tmp = ((uint64_t *)genmem)[idx2];
((uint64_t *)genmem)[idx2] = ((uint64_t *)digest)[idx1];
((uint64_t *)digest)[idx1] = tmp;
@ -65,8 +68,7 @@ void identityV0ProofOfWorkFrankenhash(const void* const restrict c25519CombinedP
}
}
struct identityV0ProofOfWorkCriteria
{
struct identityV0ProofOfWorkCriteria {
ZT_INLINE identityV0ProofOfWorkCriteria(unsigned char *restrict sb, char *restrict gm) noexcept
: digest(sb)
, genmem(gm)
@ -130,11 +132,13 @@ bool Identity::generate(const Type t)
case P384:
for (;;) {
C25519::generateCombined(m_pub + 7, m_priv);
ECC384GenerateKey(m_pub + 7 + ZT_C25519_COMBINED_PUBLIC_KEY_SIZE, m_priv + ZT_C25519_COMBINED_PRIVATE_KEY_SIZE);
ECC384GenerateKey(
m_pub + 7 + ZT_C25519_COMBINED_PUBLIC_KEY_SIZE, m_priv + ZT_C25519_COMBINED_PRIVATE_KEY_SIZE);
uint64_t challenge[4];
v1ChallengeFromPub(m_pub, challenge);
const uint64_t proof = MIMC52::delay(reinterpret_cast<const uint8_t*>(challenge), ZT_IDENTITY_TYPE1_MIMC52_ROUNDS);
const uint64_t proof =
MIMC52::delay(reinterpret_cast<const uint8_t *>(challenge), ZT_IDENTITY_TYPE1_MIMC52_ROUNDS);
m_pub[0] = (uint8_t)(proof >> 48U);
m_pub[1] = (uint8_t)(proof >> 40U);
m_pub[2] = (uint8_t)(proof >> 32U);
@ -152,8 +156,7 @@ bool Identity::generate(const Type t)
}
break;
default:
return false;
default: return false;
}
return true;
@ -179,9 +182,10 @@ bool Identity::locallyValidate() const noexcept
uint64_t challenge[4];
v1ChallengeFromPub(m_pub, challenge);
return MIMC52::verify(
reinterpret_cast<const uint8_t*>(challenge),
ZT_IDENTITY_TYPE1_MIMC52_ROUNDS,
((uint64_t)m_pub[0] << 48U) | ((uint64_t)m_pub[1] << 40U) | ((uint64_t)m_pub[2] << 32U) | ((uint64_t)m_pub[3] << 24U) | ((uint64_t)m_pub[4] << 16U) | ((uint64_t)m_pub[5] << 8U) | (uint64_t)m_pub[6]);
reinterpret_cast<const uint8_t *>(challenge), ZT_IDENTITY_TYPE1_MIMC52_ROUNDS,
((uint64_t)m_pub[0] << 48U) | ((uint64_t)m_pub[1] << 40U) | ((uint64_t)m_pub[2] << 32U)
| ((uint64_t)m_pub[3] << 24U) | ((uint64_t)m_pub[4] << 16U) | ((uint64_t)m_pub[5] << 8U)
| (uint64_t)m_pub[6]);
}
return false;
}
@ -200,9 +204,7 @@ void Identity::hashWithPrivate(uint8_t h[ZT_FINGERPRINT_HASH_SIZE]) const
SHA384(h, m_pub, ZT_C25519_COMBINED_PUBLIC_KEY_SIZE, m_priv, ZT_C25519_COMBINED_PRIVATE_KEY_SIZE);
return;
case P384:
SHA384(h, m_pub, sizeof(m_pub), m_priv, sizeof(m_priv));
return;
case P384: SHA384(h, m_pub, sizeof(m_pub), m_priv, sizeof(m_priv)); return;
}
}
Utils::zero<ZT_FINGERPRINT_HASH_SIZE>(h);
@ -236,8 +238,7 @@ unsigned int Identity::sign(const void* data, unsigned int len, void* sig, unsig
bool Identity::verify(const void *data, unsigned int len, const void *sig, unsigned int siglen) const
{
switch (m_type) {
case C25519:
return C25519::verify(m_pub, data, len, sig, siglen);
case C25519: return C25519::verify(m_pub, data, len, sig, siglen);
case P384:
if (siglen == ZT_ECC384_SIGNATURE_SIZE) {
@ -269,7 +270,9 @@ bool Identity::agree(const Identity& id, uint8_t key[ZT_SYMMETRIC_KEY_SIZE]) con
// or something. For those who don't trust P384 this means the privacy of
// your traffic is also protected by C25519.
C25519::agree(m_priv, id.m_pub, rawkey);
ECC384ECDH(id.m_pub + 7 + ZT_C25519_COMBINED_PUBLIC_KEY_SIZE, m_priv + ZT_C25519_COMBINED_PRIVATE_KEY_SIZE, rawkey + ZT_C25519_ECDH_SHARED_SECRET_SIZE);
ECC384ECDH(
id.m_pub + 7 + ZT_C25519_COMBINED_PUBLIC_KEY_SIZE, m_priv + ZT_C25519_COMBINED_PRIVATE_KEY_SIZE,
rawkey + ZT_C25519_ECDH_SHARED_SECRET_SIZE);
SHA384(key, rawkey, ZT_C25519_ECDH_SHARED_SECRET_SIZE + ZT_ECC384_SHARED_SECRET_SIZE);
return true;
}
@ -301,13 +304,15 @@ char* Identity::toString(bool includePrivate, char buf[ZT_IDENTITY_STRING_BUFFER
case P384: {
*(p++) = '1';
*(p++) = ':';
int el = Utils::b32e(m_pub, sizeof(m_pub), p, (int)(ZT_IDENTITY_STRING_BUFFER_LENGTH - (uintptr_t)(p - buf)));
int el =
Utils::b32e(m_pub, sizeof(m_pub), p, (int)(ZT_IDENTITY_STRING_BUFFER_LENGTH - (uintptr_t)(p - buf)));
if (el <= 0)
return nullptr;
p += el;
if ((m_hasPrivate) && (includePrivate)) {
*(p++) = ':';
el = Utils::b32e(m_priv, sizeof(m_priv), p, (int)(ZT_IDENTITY_STRING_BUFFER_LENGTH - (uintptr_t)(p - buf)));
el = Utils::b32e(
m_priv, sizeof(m_priv), p, (int)(ZT_IDENTITY_STRING_BUFFER_LENGTH - (uintptr_t)(p - buf)));
if (el <= 0)
return nullptr;
p += el;
@ -315,8 +320,7 @@ char* Identity::toString(bool includePrivate, char buf[ZT_IDENTITY_STRING_BUFFER
*p = (char)0;
return buf;
}
default:
buf[0] = 0;
default: buf[0] = 0;
}
return nullptr;
@ -354,7 +358,8 @@ bool Identity::fromString(const char* str)
case 2:
switch (m_type) {
case C25519:
if (Utils::unhex(f, strlen(f), m_pub, ZT_C25519_COMBINED_PUBLIC_KEY_SIZE) != ZT_C25519_COMBINED_PUBLIC_KEY_SIZE)
if (Utils::unhex(f, strlen(f), m_pub, ZT_C25519_COMBINED_PUBLIC_KEY_SIZE)
!= ZT_C25519_COMBINED_PUBLIC_KEY_SIZE)
return false;
break;
@ -369,7 +374,8 @@ bool Identity::fromString(const char* str)
if (strlen(f) > 1) {
switch (m_type) {
case C25519:
if (Utils::unhex(f, strlen(f), m_priv, ZT_C25519_COMBINED_PRIVATE_KEY_SIZE) != ZT_C25519_COMBINED_PRIVATE_KEY_SIZE) {
if (Utils::unhex(f, strlen(f), m_priv, ZT_C25519_COMBINED_PRIVATE_KEY_SIZE)
!= ZT_C25519_COMBINED_PRIVATE_KEY_SIZE) {
return false;
}
else {
@ -407,8 +413,10 @@ int Identity::marshal(uint8_t data[ZT_IDENTITY_MARSHAL_SIZE_MAX], const bool inc
Utils::copy<ZT_C25519_COMBINED_PUBLIC_KEY_SIZE>(data + ZT_ADDRESS_LENGTH + 1, m_pub);
if ((includePrivate) && (m_hasPrivate)) {
data[ZT_ADDRESS_LENGTH + 1 + ZT_C25519_COMBINED_PUBLIC_KEY_SIZE] = ZT_C25519_COMBINED_PRIVATE_KEY_SIZE;
Utils::copy<ZT_C25519_COMBINED_PRIVATE_KEY_SIZE>(data + ZT_ADDRESS_LENGTH + 1 + ZT_C25519_COMBINED_PUBLIC_KEY_SIZE + 1, m_priv);
return ZT_ADDRESS_LENGTH + 1 + ZT_C25519_COMBINED_PUBLIC_KEY_SIZE + 1 + ZT_C25519_COMBINED_PRIVATE_KEY_SIZE;
Utils::copy<ZT_C25519_COMBINED_PRIVATE_KEY_SIZE>(
data + ZT_ADDRESS_LENGTH + 1 + ZT_C25519_COMBINED_PUBLIC_KEY_SIZE + 1, m_priv);
return ZT_ADDRESS_LENGTH + 1 + ZT_C25519_COMBINED_PUBLIC_KEY_SIZE + 1
+ ZT_C25519_COMBINED_PRIVATE_KEY_SIZE;
}
data[ZT_ADDRESS_LENGTH + 1 + ZT_C25519_COMBINED_PUBLIC_KEY_SIZE] = 0;
return ZT_ADDRESS_LENGTH + 1 + ZT_C25519_COMBINED_PUBLIC_KEY_SIZE + 1;
@ -417,9 +425,12 @@ int Identity::marshal(uint8_t data[ZT_IDENTITY_MARSHAL_SIZE_MAX], const bool inc
data[ZT_ADDRESS_LENGTH] = (uint8_t)P384;
Utils::copy<ZT_IDENTITY_P384_COMPOUND_PUBLIC_KEY_SIZE>(data + ZT_ADDRESS_LENGTH + 1, m_pub);
if ((includePrivate) && (m_hasPrivate)) {
data[ZT_ADDRESS_LENGTH + 1 + ZT_IDENTITY_P384_COMPOUND_PUBLIC_KEY_SIZE] = ZT_IDENTITY_P384_COMPOUND_PRIVATE_KEY_SIZE;
Utils::copy<ZT_IDENTITY_P384_COMPOUND_PRIVATE_KEY_SIZE>(data + ZT_ADDRESS_LENGTH + 1 + ZT_IDENTITY_P384_COMPOUND_PUBLIC_KEY_SIZE + 1, m_priv);
return ZT_ADDRESS_LENGTH + 1 + ZT_IDENTITY_P384_COMPOUND_PUBLIC_KEY_SIZE + 1 + ZT_IDENTITY_P384_COMPOUND_PRIVATE_KEY_SIZE;
data[ZT_ADDRESS_LENGTH + 1 + ZT_IDENTITY_P384_COMPOUND_PUBLIC_KEY_SIZE] =
ZT_IDENTITY_P384_COMPOUND_PRIVATE_KEY_SIZE;
Utils::copy<ZT_IDENTITY_P384_COMPOUND_PRIVATE_KEY_SIZE>(
data + ZT_ADDRESS_LENGTH + 1 + ZT_IDENTITY_P384_COMPOUND_PUBLIC_KEY_SIZE + 1, m_priv);
return ZT_ADDRESS_LENGTH + 1 + ZT_IDENTITY_P384_COMPOUND_PUBLIC_KEY_SIZE + 1
+ ZT_IDENTITY_P384_COMPOUND_PRIVATE_KEY_SIZE;
}
data[ZT_ADDRESS_LENGTH + 1 + ZT_IDENTITY_P384_COMPOUND_PUBLIC_KEY_SIZE] = 0;
return ZT_ADDRESS_LENGTH + 1 + ZT_IDENTITY_P384_COMPOUND_PUBLIC_KEY_SIZE + 1;
@ -446,11 +457,15 @@ int Identity::unmarshal(const uint8_t* data, const int len) noexcept
privlen = data[ZT_ADDRESS_LENGTH + 1 + ZT_C25519_COMBINED_PUBLIC_KEY_SIZE];
if (privlen == ZT_C25519_COMBINED_PRIVATE_KEY_SIZE) {
if (len < (ZT_ADDRESS_LENGTH + 1 + ZT_C25519_COMBINED_PUBLIC_KEY_SIZE + 1 + ZT_C25519_COMBINED_PRIVATE_KEY_SIZE))
if (len
< (ZT_ADDRESS_LENGTH + 1 + ZT_C25519_COMBINED_PUBLIC_KEY_SIZE + 1
+ ZT_C25519_COMBINED_PRIVATE_KEY_SIZE))
return -1;
m_hasPrivate = true;
Utils::copy<ZT_C25519_COMBINED_PRIVATE_KEY_SIZE>(m_priv, data + ZT_ADDRESS_LENGTH + 1 + ZT_C25519_COMBINED_PUBLIC_KEY_SIZE + 1);
return ZT_ADDRESS_LENGTH + 1 + ZT_C25519_COMBINED_PUBLIC_KEY_SIZE + 1 + ZT_C25519_COMBINED_PRIVATE_KEY_SIZE;
Utils::copy<ZT_C25519_COMBINED_PRIVATE_KEY_SIZE>(
m_priv, data + ZT_ADDRESS_LENGTH + 1 + ZT_C25519_COMBINED_PUBLIC_KEY_SIZE + 1);
return ZT_ADDRESS_LENGTH + 1 + ZT_C25519_COMBINED_PUBLIC_KEY_SIZE + 1
+ ZT_C25519_COMBINED_PRIVATE_KEY_SIZE;
}
else if (privlen == 0) {
m_hasPrivate = false;
@ -473,11 +488,15 @@ int Identity::unmarshal(const uint8_t* data, const int len) noexcept
return ZT_ADDRESS_LENGTH + 1 + ZT_IDENTITY_P384_COMPOUND_PUBLIC_KEY_SIZE + 1;
}
else if (privlen == ZT_IDENTITY_P384_COMPOUND_PRIVATE_KEY_SIZE) {
if (len < (ZT_ADDRESS_LENGTH + 1 + ZT_IDENTITY_P384_COMPOUND_PUBLIC_KEY_SIZE + 1 + ZT_IDENTITY_P384_COMPOUND_PRIVATE_KEY_SIZE))
if (len
< (ZT_ADDRESS_LENGTH + 1 + ZT_IDENTITY_P384_COMPOUND_PUBLIC_KEY_SIZE + 1
+ ZT_IDENTITY_P384_COMPOUND_PRIVATE_KEY_SIZE))
return -1;
m_hasPrivate = true;
Utils::copy<ZT_IDENTITY_P384_COMPOUND_PRIVATE_KEY_SIZE>(&m_priv, data + ZT_ADDRESS_LENGTH + 1 + ZT_IDENTITY_P384_COMPOUND_PUBLIC_KEY_SIZE + 1);
return ZT_ADDRESS_LENGTH + 1 + ZT_IDENTITY_P384_COMPOUND_PUBLIC_KEY_SIZE + 1 + ZT_IDENTITY_P384_COMPOUND_PRIVATE_KEY_SIZE;
Utils::copy<ZT_IDENTITY_P384_COMPOUND_PRIVATE_KEY_SIZE>(
&m_priv, data + ZT_ADDRESS_LENGTH + 1 + ZT_IDENTITY_P384_COMPOUND_PUBLIC_KEY_SIZE + 1);
return ZT_ADDRESS_LENGTH + 1 + ZT_IDENTITY_P384_COMPOUND_PUBLIC_KEY_SIZE + 1
+ ZT_IDENTITY_P384_COMPOUND_PRIVATE_KEY_SIZE;
}
break;
}
@ -488,17 +507,11 @@ int Identity::unmarshal(const uint8_t* data, const int len) noexcept
void Identity::m_computeHash()
{
switch (m_type) {
default:
m_fp.zero();
break;
default: m_fp.zero(); break;
case C25519:
SHA384(m_fp.hash, m_pub, ZT_C25519_COMBINED_PUBLIC_KEY_SIZE);
break;
case C25519: SHA384(m_fp.hash, m_pub, ZT_C25519_COMBINED_PUBLIC_KEY_SIZE); break;
case P384:
SHA384(m_fp.hash, m_pub, ZT_IDENTITY_P384_COMPOUND_PUBLIC_KEY_SIZE);
break;
case P384: SHA384(m_fp.hash, m_pub, ZT_IDENTITY_P384_COMPOUND_PUBLIC_KEY_SIZE); break;
}
}

93
core/Identity.hpp
View file

@ -27,7 +27,8 @@
#define ZT_IDENTITY_STRING_BUFFER_LENGTH 1024
#define ZT_IDENTITY_P384_COMPOUND_PUBLIC_KEY_SIZE (7 + ZT_C25519_COMBINED_PUBLIC_KEY_SIZE + ZT_ECC384_PUBLIC_KEY_SIZE)
#define ZT_IDENTITY_P384_COMPOUND_PRIVATE_KEY_SIZE (ZT_C25519_COMBINED_PRIVATE_KEY_SIZE + ZT_ECC384_PRIVATE_KEY_SIZE)
#define ZT_IDENTITY_MARSHAL_SIZE_MAX (ZT_ADDRESS_LENGTH + 4 + ZT_IDENTITY_P384_COMPOUND_PUBLIC_KEY_SIZE + ZT_IDENTITY_P384_COMPOUND_PRIVATE_KEY_SIZE)
#define ZT_IDENTITY_MARSHAL_SIZE_MAX \
(ZT_ADDRESS_LENGTH + 4 + ZT_IDENTITY_P384_COMPOUND_PUBLIC_KEY_SIZE + ZT_IDENTITY_P384_COMPOUND_PRIVATE_KEY_SIZE)
#define ZT_IDENTITY_TYPE1_MIMC52_ROUNDS 262144
namespace ZeroTier {
@ -59,15 +60,9 @@ class Identity : public TriviallyCopyable {
*/
static const Identity NIL;
ZT_INLINE Identity() noexcept
{
memoryZero(this);
}
ZT_INLINE Identity() noexcept { memoryZero(this); }
ZT_INLINE Identity(const Identity& id) noexcept
{
Utils::copy<sizeof(Identity)>(this, &id);
}
ZT_INLINE Identity(const Identity &id) noexcept { Utils::copy<sizeof(Identity)>(this, &id); }
/**
* Construct identity from string
@ -77,15 +72,9 @@ class Identity : public TriviallyCopyable {
*
* @param str Identity in canonical string format
*/
explicit ZT_INLINE Identity(const char* str)
{
fromString(str);
}
explicit ZT_INLINE Identity(const char *str) { fromString(str); }
ZT_INLINE ~Identity()
{
Utils::burn(reinterpret_cast<void*>(&this->m_priv), sizeof(this->m_priv));
}
ZT_INLINE ~Identity() { Utils::burn(reinterpret_cast<void *>(&this->m_priv), sizeof(this->m_priv)); }
ZT_INLINE Identity &operator=(const Identity &id) noexcept
{
@ -97,18 +86,12 @@ class Identity : public TriviallyCopyable {
/**
* Set identity to NIL value (all zero)
*/
ZT_INLINE void zero() noexcept
{
memoryZero(this);
}
ZT_INLINE void zero() noexcept { memoryZero(this); }
/**
* @return Identity type (undefined if identity is null or invalid)
*/
ZT_INLINE Type type() const noexcept
{
return m_type;
}
ZT_INLINE Type type() const noexcept { return m_type; }
/**
* Generate a new identity (address, key pair)
@ -134,26 +117,17 @@ class Identity : public TriviallyCopyable {
/**
* @return True if this identity contains a private key
*/
ZT_INLINE bool hasPrivate() const noexcept
{
return m_hasPrivate;
}
ZT_INLINE bool hasPrivate() const noexcept { return m_hasPrivate; }
/**
* @return This identity's address
*/
ZT_INLINE Address address() const noexcept
{
return Address(m_fp.address);
}
ZT_INLINE Address address() const noexcept { return Address(m_fp.address); }
/**
* @return Full fingerprint of this identity (address plus SHA384 of keys)
*/
ZT_INLINE const Fingerprint& fingerprint() const noexcept
{
return m_fp;
}
ZT_INLINE const Fingerprint &fingerprint() const noexcept { return m_fp; }
/**
* Compute a hash of this identity's public and private keys.
@ -239,50 +213,23 @@ class Identity : public TriviallyCopyable {
/**
* @return True if this identity contains something
*/
explicit ZT_INLINE operator bool() const noexcept
{
return (m_fp);
}
explicit ZT_INLINE operator bool() const noexcept { return (m_fp); }
ZT_INLINE unsigned long hashCode() const noexcept
{
return m_fp.hashCode();
}
ZT_INLINE unsigned long hashCode() const noexcept { return m_fp.hashCode(); }
ZT_INLINE bool operator==(const Identity& id) const noexcept
{
return (m_fp == id.m_fp);
}
ZT_INLINE bool operator==(const Identity &id) const noexcept { return (m_fp == id.m_fp); }
ZT_INLINE bool operator!=(const Identity& id) const noexcept
{
return ! (*this == id);
}
ZT_INLINE bool operator!=(const Identity &id) const noexcept { return !(*this == id); }
ZT_INLINE bool operator<(const Identity& id) const noexcept
{
return (m_fp < id.m_fp);
}
ZT_INLINE bool operator<(const Identity &id) const noexcept { return (m_fp < id.m_fp); }
ZT_INLINE bool operator>(const Identity& id) const noexcept
{
return (id < *this);
}
ZT_INLINE bool operator>(const Identity &id) const noexcept { return (id < *this); }
ZT_INLINE bool operator<=(const Identity& id) const noexcept
{
return ! (id < *this);
}
ZT_INLINE bool operator<=(const Identity &id) const noexcept { return !(id < *this); }
ZT_INLINE bool operator>=(const Identity& id) const noexcept
{
return ! (*this < id);
}
ZT_INLINE bool operator>=(const Identity &id) const noexcept { return !(*this < id); }
static constexpr int marshalSizeMax() noexcept
{
return ZT_IDENTITY_MARSHAL_SIZE_MAX;
}
static constexpr int marshalSizeMax() noexcept { return ZT_IDENTITY_MARSHAL_SIZE_MAX; }
int marshal(uint8_t data[ZT_IDENTITY_MARSHAL_SIZE_MAX], bool includePrivate = false) const noexcept;
int unmarshal(const uint8_t *data, int len) noexcept;

186
core/InetAddress.hpp
View file

@ -59,65 +59,32 @@ struct InetAddress : public TriviallyCopyable {
*/
typedef ZT_InetAddress_IpScope IpScope;
ZT_INLINE InetAddress() noexcept
{
memoryZero(this);
}
ZT_INLINE InetAddress() noexcept { memoryZero(this); }
explicit ZT_INLINE InetAddress(const sockaddr_storage& ss) noexcept
{
*this = ss;
}
explicit ZT_INLINE InetAddress(const sockaddr_storage &ss) noexcept { *this = ss; }
explicit ZT_INLINE InetAddress(const sockaddr_storage* const ss) noexcept
{
*this = ss;
}
explicit ZT_INLINE InetAddress(const sockaddr_storage *const ss) noexcept { *this = ss; }
explicit ZT_INLINE InetAddress(const sockaddr& sa) noexcept
{
*this = sa;
}
explicit ZT_INLINE InetAddress(const sockaddr &sa) noexcept { *this = sa; }
explicit ZT_INLINE InetAddress(const sockaddr* const sa) noexcept
{
*this = sa;
}
explicit ZT_INLINE InetAddress(const sockaddr *const sa) noexcept { *this = sa; }
explicit ZT_INLINE InetAddress(const sockaddr_in& sa) noexcept
{
*this = sa;
}
explicit ZT_INLINE InetAddress(const sockaddr_in &sa) noexcept { *this = sa; }
explicit ZT_INLINE InetAddress(const sockaddr_in* const sa) noexcept
{
*this = sa;
}
explicit ZT_INLINE InetAddress(const sockaddr_in *const sa) noexcept { *this = sa; }
explicit ZT_INLINE InetAddress(const sockaddr_in6& sa) noexcept
{
*this = sa;
}
explicit ZT_INLINE InetAddress(const sockaddr_in6 &sa) noexcept { *this = sa; }
explicit ZT_INLINE InetAddress(const sockaddr_in6* const sa) noexcept
{
*this = sa;
}
explicit ZT_INLINE InetAddress(const sockaddr_in6 *const sa) noexcept { *this = sa; }
ZT_INLINE InetAddress(const void *const ipBytes, const unsigned int ipLen, const unsigned int port) noexcept
{
this->set(ipBytes, ipLen, port);
}
ZT_INLINE InetAddress(const uint32_t ipv4, const unsigned int port) noexcept
{
this->set(&ipv4, 4, port);
}
ZT_INLINE InetAddress(const uint32_t ipv4, const unsigned int port) noexcept { this->set(&ipv4, 4, port); }
explicit ZT_INLINE InetAddress(const char* const ipSlashPort) noexcept
{
this->fromString(ipSlashPort);
}
explicit ZT_INLINE InetAddress(const char *const ipSlashPort) noexcept { this->fromString(ipSlashPort); }
ZT_INLINE InetAddress &operator=(const sockaddr_storage &ss) noexcept
{
@ -186,10 +153,7 @@ struct InetAddress : public TriviallyCopyable {
return *this;
}
ZT_INLINE void clear() noexcept
{
memoryZero(this);
}
ZT_INLINE void clear() noexcept { memoryZero(this); }
/**
* @return IP scope classification (e.g. loopback, link-local, private, global)
@ -213,12 +177,8 @@ struct InetAddress : public TriviallyCopyable {
ZT_INLINE void setPort(unsigned int port) noexcept
{
switch (as.ss.ss_family) {
case AF_INET:
as.sa_in.sin_port = Utils::hton((uint16_t)port);
break;
case AF_INET6:
as.sa_in6.sin6_port = Utils::hton((uint16_t)port);
break;
case AF_INET: as.sa_in.sin_port = Utils::hton((uint16_t)port); break;
case AF_INET6: as.sa_in6.sin6_port = Utils::hton((uint16_t)port); break;
}
}
@ -263,12 +223,9 @@ struct InetAddress : public TriviallyCopyable {
ZT_INLINE unsigned int port() const noexcept
{
switch (as.ss.ss_family) {
case AF_INET:
return Utils::ntoh((uint16_t)as.sa_in.sin_port);
case AF_INET6:
return Utils::ntoh((uint16_t)as.sa_in6.sin6_port);
default:
return 0;
case AF_INET: return Utils::ntoh((uint16_t)as.sa_in.sin_port);
case AF_INET6: return Utils::ntoh((uint16_t)as.sa_in6.sin6_port);
default: return 0;
}
}
@ -281,10 +238,7 @@ struct InetAddress : public TriviallyCopyable {
*
* @return Netmask bits
*/
ZT_INLINE unsigned int netmaskBits() const noexcept
{
return port();
}
ZT_INLINE unsigned int netmaskBits() const noexcept { return port(); }
/**
* @return True if netmask bits is valid for the address type
@ -293,10 +247,8 @@ struct InetAddress : public TriviallyCopyable {
{
const unsigned int n = port();
switch (as.ss.ss_family) {
case AF_INET:
return (n <= 32);
case AF_INET6:
return (n <= 128);
case AF_INET: return (n <= 32);
case AF_INET6: return (n <= 128);
}
return false;
}
@ -309,10 +261,7 @@ struct InetAddress : public TriviallyCopyable {
*
* @return Gateway metric
*/
ZT_INLINE unsigned int metric() const noexcept
{
return port();
}
ZT_INLINE unsigned int metric() const noexcept { return port(); }
/**
* Construct a full netmask as an InetAddress
@ -357,18 +306,12 @@ struct InetAddress : public TriviallyCopyable {
/**
* @return True if this is an IPv4 address
*/
ZT_INLINE bool isV4() const noexcept
{
return (as.ss.ss_family == AF_INET);
}
ZT_INLINE bool isV4() const noexcept { return (as.ss.ss_family == AF_INET); }
/**
* @return True if this is an IPv6 address
*/
ZT_INLINE bool isV6() const noexcept
{
return (as.ss.ss_family == AF_INET6);
}
ZT_INLINE bool isV6() const noexcept { return (as.ss.ss_family == AF_INET6); }
/**
* @return pointer to raw address bytes or NULL if not available
@ -376,12 +319,9 @@ struct InetAddress : public TriviallyCopyable {
ZT_INLINE const void *rawIpData() const noexcept
{
switch (as.ss.ss_family) {
case AF_INET:
return reinterpret_cast<const void*>(&(as.sa_in.sin_addr.s_addr));
case AF_INET6:
return reinterpret_cast<const void*>(as.sa_in6.sin6_addr.s6_addr);
default:
return nullptr;
case AF_INET: return reinterpret_cast<const void *>(&(as.sa_in.sin_addr.s_addr));
case AF_INET6: return reinterpret_cast<const void *>(as.sa_in6.sin6_addr.s6_addr);
default: return nullptr;
}
}
@ -447,10 +387,14 @@ struct InetAddress : public TriviallyCopyable {
ZT_INLINE unsigned long hashCode() const noexcept
{
if (as.ss.ss_family == AF_INET) {
return (unsigned long)Utils::hash32(((uint32_t)as.sa_in.sin_addr.s_addr + (uint32_t)as.sa_in.sin_port) ^ (uint32_t)Utils::s_mapNonce);
return (unsigned long)Utils::hash32(
((uint32_t)as.sa_in.sin_addr.s_addr + (uint32_t)as.sa_in.sin_port) ^ (uint32_t)Utils::s_mapNonce);
}
else if (as.ss.ss_family == AF_INET6) {
return (unsigned long)Utils::hash64((Utils::loadMachineEndian<uint64_t>(as.sa_in6.sin6_addr.s6_addr) + Utils::loadMachineEndian<uint64_t>(as.sa_in6.sin6_addr.s6_addr + 8) + (uint64_t)as.sa_in6.sin6_port) ^ Utils::s_mapNonce);
return (unsigned long)Utils::hash64(
(Utils::loadMachineEndian<uint64_t>(as.sa_in6.sin6_addr.s6_addr)
+ Utils::loadMachineEndian<uint64_t>(as.sa_in6.sin6_addr.s6_addr + 8) + (uint64_t)as.sa_in6.sin6_port)
^ Utils::s_mapNonce);
}
return Utils::fnv1a32(this, sizeof(InetAddress));
}
@ -468,15 +412,9 @@ struct InetAddress : public TriviallyCopyable {
/**
* @return True if address family is non-zero
*/
explicit ZT_INLINE operator bool() const noexcept
{
return (as.ss.ss_family != 0);
}
explicit ZT_INLINE operator bool() const noexcept { return (as.ss.ss_family != 0); }
static constexpr int marshalSizeMax() noexcept
{
return ZT_INETADDRESS_MARSHAL_SIZE_MAX;
}
static constexpr int marshalSizeMax() noexcept { return ZT_INETADDRESS_MARSHAL_SIZE_MAX; }
int marshal(uint8_t data[ZT_INETADDRESS_MARSHAL_SIZE_MAX]) const noexcept;
@ -486,9 +424,13 @@ struct InetAddress : public TriviallyCopyable {
{
if (as.ss.ss_family == a.as.ss.ss_family) {
if (as.ss.ss_family == AF_INET)
return ((as.sa_in.sin_port == a.as.sa_in.sin_port) && (as.sa_in.sin_addr.s_addr == a.as.sa_in.sin_addr.s_addr));
return (
(as.sa_in.sin_port == a.as.sa_in.sin_port)
&& (as.sa_in.sin_addr.s_addr == a.as.sa_in.sin_addr.s_addr));
if (as.ss.ss_family == AF_INET6)
return ((as.sa_in6.sin6_port == a.as.sa_in6.sin6_port) && (memcmp(as.sa_in6.sin6_addr.s6_addr, a.as.sa_in6.sin6_addr.s6_addr, 16) == 0));
return (
(as.sa_in6.sin6_port == a.as.sa_in6.sin6_port)
&& (memcmp(as.sa_in6.sin6_addr.s6_addr, a.as.sa_in6.sin6_addr.s6_addr, 16) == 0));
return memcmp(this, &a, sizeof(InetAddress)) == 0;
}
return false;
@ -501,7 +443,8 @@ struct InetAddress : public TriviallyCopyable {
const uint16_t p0 = Utils::ntoh((uint16_t)as.sa_in.sin_port);
const uint16_t p1 = Utils::ntoh((uint16_t)a.as.sa_in.sin_port);
if (p0 == p1)
return Utils::ntoh((uint32_t)as.sa_in.sin_addr.s_addr) < Utils::ntoh((uint32_t)a.as.sa_in.sin_addr.s_addr);
return Utils::ntoh((uint32_t)as.sa_in.sin_addr.s_addr)
< Utils::ntoh((uint32_t)a.as.sa_in.sin_addr.s_addr);
return p0 < p1;
}
if (as.ss.ss_family == AF_INET6) {
@ -516,25 +459,13 @@ struct InetAddress : public TriviallyCopyable {
return as.ss.ss_family < a.as.ss.ss_family;
}
ZT_INLINE bool operator!=(const InetAddress& a) const noexcept
{
return ! (*this == a);
}
ZT_INLINE bool operator!=(const InetAddress &a) const noexcept { return !(*this == a); }
ZT_INLINE bool operator>(const InetAddress& a) const noexcept
{
return (a < *this);
}
ZT_INLINE bool operator>(const InetAddress &a) const noexcept { return (a < *this); }
ZT_INLINE bool operator<=(const InetAddress& a) const noexcept
{
return ! (a < *this);
}
ZT_INLINE bool operator<=(const InetAddress &a) const noexcept { return !(a < *this); }
ZT_INLINE bool operator>=(const InetAddress& a) const noexcept
{
return ! (*this < a);
}
ZT_INLINE bool operator>=(const InetAddress &a) const noexcept { return !(*this < a); }
/**
* Compute an IPv6 link-local address
@ -613,10 +544,7 @@ static ZT_INLINE InetAddress* asInetAddress(sockaddr_in6* const p) noexcept
return reinterpret_cast<InetAddress *>(p);
}
static ZT_INLINE InetAddress* asInetAddress(sockaddr* const p) noexcept
{
return reinterpret_cast<InetAddress*>(p);
}
static ZT_INLINE InetAddress *asInetAddress(sockaddr *const p) noexcept { return reinterpret_cast<InetAddress *>(p); }
static ZT_INLINE InetAddress *asInetAddress(sockaddr_storage *const p) noexcept
{
@ -653,30 +581,18 @@ static ZT_INLINE const InetAddress* asInetAddress(const ZT_InetAddress* const p)
return reinterpret_cast<const InetAddress *>(p);
}
static ZT_INLINE InetAddress& asInetAddress(sockaddr_in& p) noexcept
{
return *reinterpret_cast<InetAddress*>(&p);
}
static ZT_INLINE InetAddress &asInetAddress(sockaddr_in &p) noexcept { return *reinterpret_cast<InetAddress *>(&p); }
static ZT_INLINE InetAddress& asInetAddress(sockaddr_in6& p) noexcept
{
return *reinterpret_cast<InetAddress*>(&p);
}
static ZT_INLINE InetAddress &asInetAddress(sockaddr_in6 &p) noexcept { return *reinterpret_cast<InetAddress *>(&p); }
static ZT_INLINE InetAddress& asInetAddress(sockaddr& p) noexcept
{
return *reinterpret_cast<InetAddress*>(&p);
}
static ZT_INLINE InetAddress &asInetAddress(sockaddr &p) noexcept { return *reinterpret_cast<InetAddress *>(&p); }
static ZT_INLINE InetAddress &asInetAddress(sockaddr_storage &p) noexcept
{
return *reinterpret_cast<InetAddress *>(&p);
}
static ZT_INLINE InetAddress& asInetAddress(ZT_InetAddress& p) noexcept
{
return *reinterpret_cast<InetAddress*>(&p);
}
static ZT_INLINE InetAddress &asInetAddress(ZT_InetAddress &p) noexcept { return *reinterpret_cast<InetAddress *>(&p); }
static ZT_INLINE const InetAddress &asInetAddress(const sockaddr_in &p) noexcept
{

134
core/LZ4.cpp
View file

@ -129,30 +129,15 @@ typedef uintptr_t reg_t;
#endif
#if defined(LZ4_FORCE_MEMORY_ACCESS) && (LZ4_FORCE_MEMORY_ACCESS == 2)
FORCE_INLINE U16 LZ4_read16(const void* memPtr)
{
return *(const U16*)memPtr;
}
FORCE_INLINE U16 LZ4_read16(const void *memPtr) { return *(const U16 *)memPtr; }
FORCE_INLINE U32 LZ4_read32(const void* memPtr)
{
return *(const U32*)memPtr;
}
FORCE_INLINE U32 LZ4_read32(const void *memPtr) { return *(const U32 *)memPtr; }
FORCE_INLINE reg_t LZ4_read_ARCH(const void* memPtr)
{
return *(const reg_t*)memPtr;
}
FORCE_INLINE reg_t LZ4_read_ARCH(const void *memPtr) { return *(const reg_t *)memPtr; }
FORCE_INLINE void LZ4_write16(void* memPtr, U16 value)
{
*(U16*)memPtr = value;
}
FORCE_INLINE void LZ4_write16(void *memPtr, U16 value) { *(U16 *)memPtr = value; }
FORCE_INLINE void LZ4_write32(void* memPtr, U32 value)
{
*(U32*)memPtr = value;
}
FORCE_INLINE void LZ4_write32(void *memPtr, U32 value) { *(U32 *)memPtr = value; }
#elif defined(LZ4_FORCE_MEMORY_ACCESS) && (LZ4_FORCE_MEMORY_ACCESS == 1)
typedef union {
@ -160,26 +145,11 @@ typedef union {
U32 u32;
reg_t uArch;
} __attribute__((packed)) unalign;
FORCE_INLINE U16 LZ4_read16(const void* ptr)
{
return ((const unalign*)ptr)->u16;
}
FORCE_INLINE U32 LZ4_read32(const void* ptr)
{
return ((const unalign*)ptr)->u32;
}
FORCE_INLINE reg_t LZ4_read_ARCH(const void* ptr)
{
return ((const unalign*)ptr)->uArch;
}
FORCE_INLINE void LZ4_write16(void* memPtr, U16 value)
{
((unalign*)memPtr)->u16 = value;
}
FORCE_INLINE void LZ4_write32(void* memPtr, U32 value)
{
((unalign*)memPtr)->u32 = value;
}
FORCE_INLINE U16 LZ4_read16(const void *ptr) { return ((const unalign *)ptr)->u16; }
FORCE_INLINE U32 LZ4_read32(const void *ptr) { return ((const unalign *)ptr)->u32; }
FORCE_INLINE reg_t LZ4_read_ARCH(const void *ptr) { return ((const unalign *)ptr)->uArch; }
FORCE_INLINE void LZ4_write16(void *memPtr, U16 value) { ((unalign *)memPtr)->u16 = value; }
FORCE_INLINE void LZ4_write32(void *memPtr, U32 value) { ((unalign *)memPtr)->u32 = value; }
#else /* safe and portable */
FORCE_INLINE U16 LZ4_read16(const void *memPtr)
{
@ -199,14 +169,8 @@ FORCE_INLINE reg_t LZ4_read_ARCH(const void* memPtr)
Utils::copy(&val, memPtr, sizeof(val));
return val;
}
FORCE_INLINE void LZ4_write16(void* memPtr, U16 value)
{
Utils::copy(memPtr, &value, sizeof(value));
}
FORCE_INLINE void LZ4_write32(void* memPtr, U32 value)
{
Utils::copy(memPtr, &value, sizeof(value));
}
FORCE_INLINE void LZ4_write16(void *memPtr, U16 value) { Utils::copy(memPtr, &value, sizeof(value)); }
FORCE_INLINE void LZ4_write32(void *memPtr, U32 value) { Utils::copy(memPtr, &value, sizeof(value)); }
#endif /* LZ4_FORCE_MEMORY_ACCESS */
FORCE_INLINE U16 LZ4_readLE16(const void *memPtr)
@ -232,10 +196,7 @@ FORCE_INLINE void LZ4_writeLE16(void* memPtr, U16 value)
}
}
FORCE_INLINE void LZ4_copy8(void* dst, const void* src)
{
Utils::copy<8>(dst, src);
}
FORCE_INLINE void LZ4_copy8(void *dst, const void *src) { Utils::copy<8>(dst, src); }
FORCE_INLINE void LZ4_wildCopy(void *dstPtr, const void *srcPtr, void *dstEnd)
{
@ -282,8 +243,9 @@ FORCE_INLINE unsigned LZ4_NbCommonBytes(reg_t val)
#elif (defined(__clang__) || (defined(__GNUC__) && (__GNUC__ >= 3))) && !defined(LZ4_FORCE_SW_BITCOUNT)
return (__builtin_ctzll((U64)val) >> 3);
#else
static const int DeBruijnBytePos[64] = { 0, 0, 0, 0, 0, 1, 1, 2, 0, 3, 1, 3, 1, 4, 2, 7, 0, 2, 3, 6, 1, 5, 3, 5, 1, 3, 4, 4, 2, 5, 6, 7,
7, 0, 1, 2, 3, 3, 4, 6, 2, 6, 5, 5, 3, 4, 5, 6, 7, 1, 2, 4, 6, 4, 4, 5, 7, 2, 6, 5, 7, 6, 7, 7 };
static const int DeBruijnBytePos[64] = { 0, 0, 0, 0, 0, 1, 1, 2, 0, 3, 1, 3, 1, 4, 2, 7, 0, 2, 3, 6, 1, 5,
3, 5, 1, 3, 4, 4, 2, 5, 6, 7, 7, 0, 1, 2, 3, 3, 4, 6, 2, 6, 5, 5,
3, 4, 5, 6, 7, 1, 2, 4, 6, 4, 4, 5, 7, 2, 6, 5, 7, 6, 7, 7 };
return DeBruijnBytePos[((U64)((val & -(long long)val) * 0x0218A392CDABBD3FULL)) >> 58];
#endif
}
@ -295,7 +257,8 @@ FORCE_INLINE unsigned LZ4_NbCommonBytes(reg_t val)
#elif (defined(__clang__) || (defined(__GNUC__) && (__GNUC__ >= 3))) && !defined(LZ4_FORCE_SW_BITCOUNT)
return (__builtin_ctz((U32)val) >> 3);
#else
static const int DeBruijnBytePos[32] = { 0, 0, 3, 0, 3, 1, 3, 0, 3, 2, 2, 1, 3, 2, 0, 1, 3, 3, 1, 2, 2, 2, 2, 0, 3, 1, 2, 0, 1, 0, 1, 1 };
static const int DeBruijnBytePos[32] = { 0, 0, 3, 0, 3, 1, 3, 0, 3, 2, 2, 1, 3, 2, 0, 1,
3, 3, 1, 2, 2, 2, 2, 0, 3, 1, 2, 0, 1, 0, 1, 1 };
return DeBruijnBytePos[((U32)((val & -(S32)val) * 0x077CB531U)) >> 27];
#endif
}
@ -393,10 +356,7 @@ typedef enum { noDictIssue = 0, dictSmall } dictIssue_directive;
typedef enum { endOnOutputSize = 0, endOnInputSize = 1 } endCondition_directive;
typedef enum { full = 0, partial = 1 } earlyEnd_directive;
FORCE_INLINE int LZ4_compressBound(int isize)
{
return LZ4_COMPRESSBOUND(isize);
}
FORCE_INLINE int LZ4_compressBound(int isize) { return LZ4_COMPRESSBOUND(isize); }
FORCE_INLINE U32 LZ4_hash4(U32 sequence, tableType_t const tableType)
{
@ -424,7 +384,8 @@ FORCE_INLINE U32 LZ4_hashPosition(const void* const p, tableType_t const tableTy
return LZ4_hash4(LZ4_read32(p), tableType);
}
FORCE_INLINE void LZ4_putPositionOnHash(const BYTE* p, U32 h, void* tableBase, tableType_t const tableType, const BYTE* srcBase)
FORCE_INLINE void
LZ4_putPositionOnHash(const BYTE *p, U32 h, void *tableBase, tableType_t const tableType, const BYTE *srcBase)
{
switch (tableType) {
case byPtr: {
@ -474,16 +435,9 @@ FORCE_INLINE const BYTE* LZ4_getPosition(const BYTE* p, void* tableBase, tableTy
}
FORCE_INLINE int LZ4_compress_generic(
LZ4_stream_t_internal* const cctx,
const char* const source,
char* const dest,
const int inputSize,
const int maxOutputSize,
const limitedOutput_directive outputLimited,
const tableType_t tableType,
const dict_directive dict,
const dictIssue_directive dictIssue,
const U32 acceleration)
LZ4_stream_t_internal *const cctx, const char *const source, char *const dest, const int inputSize,
const int maxOutputSize, const limitedOutput_directive outputLimited, const tableType_t tableType,
const dict_directive dict, const dictIssue_directive dictIssue, const U32 acceleration)
{
const BYTE *ip = (const BYTE *)source;
const BYTE *base;
@ -564,7 +518,9 @@ FORCE_INLINE int LZ4_compress_generic(
forwardH = LZ4_hashPosition(forwardIp, tableType);
LZ4_putPositionOnHash(ip, h, cctx->hashTable, tableType, base);
} while (((dictIssue == dictSmall) ? (match < lowRefLimit) : 0) || ((tableType == byU16) ? 0 : (match + MAX_DISTANCE < ip)) || (LZ4_read32(match + refDelta) != LZ4_read32(ip)));
} while (((dictIssue == dictSmall) ? (match < lowRefLimit) : 0)
|| ((tableType == byU16) ? 0 : (match + MAX_DISTANCE < ip))
|| (LZ4_read32(match + refDelta) != LZ4_read32(ip)));
}
/* Catch up */
@ -661,7 +617,8 @@ FORCE_INLINE int LZ4_compress_generic(
}
}
LZ4_putPosition(ip, cctx->hashTable, tableType, base);
if (((dictIssue == dictSmall) ? (match >= lowRefLimit) : 1) && (match + MAX_DISTANCE >= ip) && (LZ4_read32(match + refDelta) == LZ4_read32(ip))) {
if (((dictIssue == dictSmall) ? (match >= lowRefLimit) : 1) && (match + MAX_DISTANCE >= ip)
&& (LZ4_read32(match + refDelta) == LZ4_read32(ip))) {
token = op++;
*token = 0;
goto _next_match;
@ -696,7 +653,8 @@ _last_literals:
return (int)(((char *)op) - dest);
}
ZT_INLINE int LZ4_compress_fast_extState(void* state, const char* source, char* dest, int inputSize, int maxOutputSize, int acceleration)
ZT_INLINE int LZ4_compress_fast_extState(
void *state, const char *source, char *dest, int inputSize, int maxOutputSize, int acceleration)
{
LZ4_stream_t_internal *ctx = &((LZ4_stream_t *)state)->internal_donotuse;
LZ4_resetStream((LZ4_stream_t *)state);
@ -704,27 +662,28 @@ ZT_INLINE int LZ4_compress_fast_extState(void* state, const char* source, char*
if (maxOutputSize >= LZ4_compressBound(inputSize)) {
if (inputSize < LZ4_64Klimit)
return LZ4_compress_generic(ctx, source, dest, inputSize, 0, notLimited, byU16, noDict, noDictIssue, acceleration);
return LZ4_compress_generic(
ctx, source, dest, inputSize, 0, notLimited, byU16, noDict, noDictIssue, acceleration);
else
return LZ4_compress_generic(ctx, source, dest, inputSize, 0, notLimited, (sizeof(void*) == 8) ? byU32 : byPtr, noDict, noDictIssue, acceleration);
return LZ4_compress_generic(
ctx, source, dest, inputSize, 0, notLimited, (sizeof(void *) == 8) ? byU32 : byPtr, noDict, noDictIssue,
acceleration);
}
else {
if (inputSize < LZ4_64Klimit)
return LZ4_compress_generic(ctx, source, dest, inputSize, maxOutputSize, limitedOutput, byU16, noDict, noDictIssue, acceleration);
return LZ4_compress_generic(
ctx, source, dest, inputSize, maxOutputSize, limitedOutput, byU16, noDict, noDictIssue, acceleration);
else
return LZ4_compress_generic(ctx, source, dest, inputSize, maxOutputSize, limitedOutput, (sizeof(void*) == 8) ? byU32 : byPtr, noDict, noDictIssue, acceleration);
return LZ4_compress_generic(
ctx, source, dest, inputSize, maxOutputSize, limitedOutput, (sizeof(void *) == 8) ? byU32 : byPtr,
noDict, noDictIssue, acceleration);
}
}
FORCE_INLINE void LZ4_resetStream(LZ4_stream_t* LZ4_stream)
{
Utils::zero<sizeof(LZ4_stream_t)>(LZ4_stream);
}
FORCE_INLINE void LZ4_resetStream(LZ4_stream_t *LZ4_stream) { Utils::zero<sizeof(LZ4_stream_t)>(LZ4_stream); }
FORCE_INLINE int LZ4_decompress_generic(
const char* const source,
char* const dest,
int inputSize,
const char *const source, char *const dest, int inputSize,
int outputSize, /* If endOnInput==endOnInputSize, this value is the max size of Output Buffer. */
int endOnInput, /* endOnOutputSize, endOnInputSize */
@ -783,7 +742,9 @@ FORCE_INLINE int LZ4_decompress_generic(
/* copy literals */
cpy = op + length;
if (((endOnInput) && ((cpy > (partialDecoding ? oexit : oend - MFLIMIT)) || (ip + length > iend - (2 + 1 + LASTLITERALS)))) || ((! endOnInput) && (cpy > oend - WILDCOPYLENGTH))) {
if (((endOnInput)
&& ((cpy > (partialDecoding ? oexit : oend - MFLIMIT)) || (ip + length > iend - (2 + 1 + LASTLITERALS))))
|| ((!endOnInput) && (cpy > oend - WILDCOPYLENGTH))) {
if (partialDecoding) {
if (cpy > oend)
goto _output_error; /* Error : write attempt beyond end of output buffer */
@ -928,7 +889,8 @@ int LZ4_compress_fast(const char* source, char* dest, int inputSize, int maxOutp
int LZ4_decompress_safe(const char *source, char *dest, int compressedSize, int maxDecompressedSize) noexcept
{
return LZ4_decompress_generic(source, dest, compressedSize, maxDecompressedSize, endOnInputSize, full, 0, noDict, (BYTE*)dest, NULL, 0);
return LZ4_decompress_generic(
source, dest, compressedSize, maxDecompressedSize, endOnInputSize, full, 0, noDict, (BYTE *)dest, NULL, 0);
}
} // namespace ZeroTier

29
core/Locator.cpp
View file

@ -19,7 +19,8 @@
namespace ZeroTier {
const SharedPtr<const Locator::EndpointAttributes> Locator::EndpointAttributes::DEFAULT(new Locator::EndpointAttributes());
const SharedPtr<const Locator::EndpointAttributes>
Locator::EndpointAttributes::DEFAULT(new Locator::EndpointAttributes());
Locator::Locator(const char *const str) noexcept : __refCount(0)
{
@ -33,14 +34,16 @@ Locator::Locator(const char* const str) noexcept : __refCount(0)
bool Locator::add(const Endpoint &ep, const SharedPtr<const EndpointAttributes> &a)
{
for (Vector<std::pair<Endpoint, SharedPtr<const EndpointAttributes> > >::iterator i(m_endpoints.begin()); i != m_endpoints.end(); ++i) {
for (Vector<std::pair<Endpoint, SharedPtr<const EndpointAttributes>>>::iterator i(m_endpoints.begin());
i != m_endpoints.end(); ++i) {
if (i->first == ep) {
i->second = ((a) && (a->data[0] != 0)) ? a : EndpointAttributes::DEFAULT;
return true;
}
}
if (m_endpoints.size() < ZT_LOCATOR_MAX_ENDPOINTS) {
m_endpoints.push_back(std::pair<Endpoint, SharedPtr<const EndpointAttributes> >(ep, ((a) && (a->data[0] != 0)) ? a : EndpointAttributes::DEFAULT));
m_endpoints.push_back(std::pair<Endpoint, SharedPtr<const EndpointAttributes>>(
ep, ((a) && (a->data[0] != 0)) ? a : EndpointAttributes::DEFAULT));
return true;
}
return false;
@ -80,11 +83,15 @@ bool Locator::verify(const Identity& id) const noexcept
char *Locator::toString(char s[ZT_LOCATOR_STRING_SIZE_MAX]) const noexcept
{
static_assert(ZT_LOCATOR_STRING_SIZE_MAX > ((((ZT_LOCATOR_MARSHAL_SIZE_MAX / 5) + 1) * 8) + ZT_ADDRESS_LENGTH_HEX + 1), "overflow");
static_assert(
ZT_LOCATOR_STRING_SIZE_MAX > ((((ZT_LOCATOR_MARSHAL_SIZE_MAX / 5) + 1) * 8) + ZT_ADDRESS_LENGTH_HEX + 1),
"overflow");
uint8_t bin[ZT_LOCATOR_MARSHAL_SIZE_MAX];
m_signer.toString(s);
s[ZT_ADDRESS_LENGTH_HEX] = '@';
Utils::b32e(bin, marshal(bin, false), s + (ZT_ADDRESS_LENGTH_HEX + 1), ZT_LOCATOR_STRING_SIZE_MAX - (ZT_ADDRESS_LENGTH_HEX + 1));
Utils::b32e(
bin, marshal(bin, false), s + (ZT_ADDRESS_LENGTH_HEX + 1),
ZT_LOCATOR_STRING_SIZE_MAX - (ZT_ADDRESS_LENGTH_HEX + 1));
return s;
}
@ -109,7 +116,8 @@ int Locator::marshal(uint8_t data[ZT_LOCATOR_MARSHAL_SIZE_MAX], const bool exclu
Utils::storeBigEndian<uint16_t>(data + p, (uint16_t)m_endpoints.size());
p += 2;
for (Vector<std::pair<Endpoint, SharedPtr<const EndpointAttributes> > >::const_iterator e(m_endpoints.begin()); e != m_endpoints.end(); ++e) {
for (Vector<std::pair<Endpoint, SharedPtr<const EndpointAttributes>>>::const_iterator e(m_endpoints.begin());
e != m_endpoints.end(); ++e) {
int l = e->first.marshal(data + p);
if (l <= 0)
return -1;
@ -198,15 +206,14 @@ int Locator::unmarshal(const uint8_t* data, const int len) noexcept
struct p_SortByEndpoint {
// There can't be more than one of the same endpoint, so only need to sort
// by endpoint.
ZT_INLINE bool operator()(const std::pair<Endpoint, SharedPtr<const Locator::EndpointAttributes> >& a, const std::pair<Endpoint, SharedPtr<const Locator::EndpointAttributes> >& b) const noexcept
ZT_INLINE bool operator()(
const std::pair<Endpoint, SharedPtr<const Locator::EndpointAttributes>> &a,
const std::pair<Endpoint, SharedPtr<const Locator::EndpointAttributes>> &b) const noexcept
{
return a.first < b.first;
}
};
void Locator::m_sortEndpoints() noexcept
{
std::sort(m_endpoints.begin(), m_endpoints.end(), p_SortByEndpoint());
}
void Locator::m_sortEndpoints() noexcept { std::sort(m_endpoints.begin(), m_endpoints.end(), p_SortByEndpoint()); }
} // namespace ZeroTier

67
core/Locator.hpp
View file

@ -35,7 +35,10 @@
*/
#define ZT_LOCATOR_MAX_ENDPOINTS 16
#define ZT_LOCATOR_MARSHAL_SIZE_MAX (8 + ZT_ADDRESS_LENGTH + 2 + (ZT_LOCATOR_MAX_ENDPOINTS * (ZT_ENDPOINT_MARSHAL_SIZE_MAX + ZT_LOCATOR_MAX_ENDPOINT_ATTRIBUTES_SIZE)) + 2 + 2 + ZT_SIGNATURE_BUFFER_SIZE)
#define ZT_LOCATOR_MARSHAL_SIZE_MAX \
(8 + ZT_ADDRESS_LENGTH + 2 \
+ (ZT_LOCATOR_MAX_ENDPOINTS * (ZT_ENDPOINT_MARSHAL_SIZE_MAX + ZT_LOCATOR_MAX_ENDPOINT_ATTRIBUTES_SIZE)) + 2 + 2 \
+ ZT_SIGNATURE_BUFFER_SIZE)
/**
* Maximum size of a string format Locator (this is way larger than needed)
@ -78,10 +81,7 @@ class Locator {
*/
uint8_t data[ZT_LOCATOR_MAX_ENDPOINT_ATTRIBUTES_SIZE];
ZT_INLINE EndpointAttributes() noexcept
{
Utils::zero<ZT_LOCATOR_MAX_ENDPOINT_ATTRIBUTES_SIZE>(data);
}
ZT_INLINE EndpointAttributes() noexcept { Utils::zero<ZT_LOCATOR_MAX_ENDPOINT_ATTRIBUTES_SIZE>(data); }
ZT_INLINE bool operator==(const EndpointAttributes &a) const noexcept
{
@ -93,33 +93,19 @@ class Locator {
return ((data[0] < a.data[0]) || ((data[0] == a.data[0]) && (memcmp(data, a.data, data[0]) < 0)));
}
ZT_INLINE bool operator!=(const EndpointAttributes& a) const noexcept
{
return ! (*this == a);
}
ZT_INLINE bool operator!=(const EndpointAttributes &a) const noexcept { return !(*this == a); }
ZT_INLINE bool operator>(const EndpointAttributes& a) const noexcept
{
return (a < *this);
}
ZT_INLINE bool operator>(const EndpointAttributes &a) const noexcept { return (a < *this); }
ZT_INLINE bool operator<=(const EndpointAttributes& a) const noexcept
{
return ! (a < *this);
}
ZT_INLINE bool operator<=(const EndpointAttributes &a) const noexcept { return !(a < *this); }
ZT_INLINE bool operator>=(const EndpointAttributes& a) const noexcept
{
return ! (*this < a);
}
ZT_INLINE bool operator>=(const EndpointAttributes &a) const noexcept { return !(*this < a); }
private:
std::atomic<int> __refCount;
};
ZT_INLINE Locator() noexcept : m_revision(0)
{
}
ZT_INLINE Locator() noexcept : m_revision(0) {}
ZT_INLINE Locator(const Locator &l) noexcept
: m_revision(l.m_revision)
@ -135,18 +121,12 @@ class Locator {
/**
* @return Timestamp (a.k.a. revision number) set by Location signer
*/
ZT_INLINE int64_t revision() const noexcept
{
return m_revision;
}
ZT_INLINE int64_t revision() const noexcept { return m_revision; }
/**
* @return ZeroTier address of signer
*/
ZT_INLINE Address signer() const noexcept
{
return m_signer;
}
ZT_INLINE Address signer() const noexcept { return m_signer; }
/**
* @return Endpoints specified in locator
@ -159,10 +139,7 @@ class Locator {
/**
* @return Signature data
*/
ZT_INLINE const FCV<uint8_t, ZT_SIGNATURE_BUFFER_SIZE>& signature() const noexcept
{
return m_signature;
}
ZT_INLINE const FCV<uint8_t, ZT_SIGNATURE_BUFFER_SIZE> &signature() const noexcept { return m_signature; }
/**
* Add an endpoint to this locator
@ -217,15 +194,9 @@ class Locator {
*/
bool fromString(const char *s) noexcept;
explicit ZT_INLINE operator bool() const noexcept
{
return m_revision > 0;
}
explicit ZT_INLINE operator bool() const noexcept { return m_revision > 0; }
static constexpr int marshalSizeMax() noexcept
{
return ZT_LOCATOR_MARSHAL_SIZE_MAX;
}
static constexpr int marshalSizeMax() noexcept { return ZT_LOCATOR_MARSHAL_SIZE_MAX; }
int marshal(uint8_t data[ZT_LOCATOR_MARSHAL_SIZE_MAX], bool excludeSignature = false) const noexcept;
int unmarshal(const uint8_t *data, int len) noexcept;
@ -233,7 +204,8 @@ class Locator {
ZT_INLINE bool operator==(const Locator &l) const noexcept
{
const unsigned long es = (unsigned long)m_endpoints.size();
if ((m_revision == l.m_revision) && (m_signer == l.m_signer) && (es == (unsigned long)l.m_endpoints.size()) && (m_signature == l.m_signature)) {
if ((m_revision == l.m_revision) && (m_signer == l.m_signer) && (es == (unsigned long)l.m_endpoints.size())
&& (m_signature == l.m_signature)) {
for (unsigned long i = 0; i < es; ++i) {
if (m_endpoints[i].first != l.m_endpoints[i].first)
return false;
@ -251,10 +223,7 @@ class Locator {
return false;
}
ZT_INLINE bool operator!=(const Locator& l) const noexcept
{
return ! (*this == l);
}
ZT_INLINE bool operator!=(const Locator &l) const noexcept { return !(*this == l); }
private:
void m_sortEndpoints() noexcept;

136
core/MAC.hpp
View file

@ -27,44 +27,31 @@ namespace ZeroTier {
*/
class MAC : public TriviallyCopyable {
public:
ZT_INLINE MAC() noexcept : m_mac(0ULL)
ZT_INLINE MAC() noexcept : m_mac(0ULL) {}
ZT_INLINE
MAC(const uint8_t a, const uint8_t b, const uint8_t c, const uint8_t d, const uint8_t e, const uint8_t f) noexcept
: m_mac(
(((uint64_t)a) << 40U) | (((uint64_t)b) << 32U) | (((uint64_t)c) << 24U) | (((uint64_t)d) << 16U)
| (((uint64_t)e) << 8U) | ((uint64_t)f))
{
}
ZT_INLINE MAC(const uint8_t a, const uint8_t b, const uint8_t c, const uint8_t d, const uint8_t e, const uint8_t f) noexcept
: m_mac((((uint64_t)a) << 40U) | (((uint64_t)b) << 32U) | (((uint64_t)c) << 24U) | (((uint64_t)d) << 16U) | (((uint64_t)e) << 8U) | ((uint64_t)f))
{
}
explicit ZT_INLINE MAC(const uint64_t m) noexcept : m_mac(m) {}
explicit ZT_INLINE MAC(const uint64_t m) noexcept : m_mac(m)
{
}
explicit ZT_INLINE MAC(const uint8_t b[6]) noexcept { setTo(b); }
explicit ZT_INLINE MAC(const uint8_t b[6]) noexcept
{
setTo(b);
}
ZT_INLINE MAC(const Address& ztaddr, const uint64_t nwid) noexcept
{
fromAddress(ztaddr, nwid);
}
ZT_INLINE MAC(const Address &ztaddr, const uint64_t nwid) noexcept { fromAddress(ztaddr, nwid); }
/**
* @return MAC in 64-bit integer
*/
ZT_INLINE uint64_t toInt() const noexcept
{
return m_mac;
}
ZT_INLINE uint64_t toInt() const noexcept { return m_mac; }
/**
* Set MAC to zero
*/
ZT_INLINE void zero() noexcept
{
m_mac = 0ULL;
}
ZT_INLINE void zero() noexcept { m_mac = 0ULL; }
/**
* @param bits Raw MAC in big-endian byte order
@ -72,7 +59,8 @@ class MAC : public TriviallyCopyable {
*/
ZT_INLINE void setTo(const uint8_t b[6]) noexcept
{
m_mac = ((uint64_t)b[0] << 40U) | ((uint64_t)b[1] << 32U) | ((uint64_t)b[2] << 24U) | ((uint64_t)b[3] << 16U) | ((uint64_t)b[4] << 8U) | (uint64_t)b[5];
m_mac = ((uint64_t)b[0] << 40U) | ((uint64_t)b[1] << 32U) | ((uint64_t)b[2] << 24U) | ((uint64_t)b[3] << 16U)
| ((uint64_t)b[4] << 8U) | (uint64_t)b[5];
}
/**
@ -92,18 +80,12 @@ class MAC : public TriviallyCopyable {
/**
* @return True if this is broadcast (all 0xff)
*/
ZT_INLINE bool isBroadcast() const noexcept
{
return m_mac;
}
ZT_INLINE bool isBroadcast() const noexcept { return m_mac; }
/**
* @return True if this is a multicast MAC
*/
ZT_INLINE bool isMulticast() const noexcept
{
return ((m_mac & 0x010000000000ULL) != 0ULL);
}
ZT_INLINE bool isMulticast() const noexcept { return ((m_mac & 0x010000000000ULL) != 0ULL); }
/**
* Set this MAC to a MAC derived from an address and a network ID
@ -133,7 +115,8 @@ class MAC : public TriviallyCopyable {
ZT_INLINE Address toAddress(uint64_t nwid) const noexcept
{
uint64_t a = m_mac & 0xffffffffffULL; // least significant 40 bits of MAC are formed from address
a ^= ((nwid >> 8U) & 0xffU) << 32U; // ... XORed with bits 8-48 of the nwid in little-endian byte order, so unmask it
a ^= ((nwid >> 8U) & 0xffU)
<< 32U; // ... XORed with bits 8-48 of the nwid in little-endian byte order, so unmask it
a ^= ((nwid >> 16U) & 0xffU) << 24U;
a ^= ((nwid >> 24U) & 0xffU) << 16U;
a ^= ((nwid >> 32U) & 0xffU) << 8U;
@ -147,7 +130,8 @@ class MAC : public TriviallyCopyable {
*/
static ZT_INLINE unsigned char firstOctetForNetwork(uint64_t nwid) noexcept
{
const uint8_t a = ((uint8_t)(nwid & 0xfeU) | 0x02U); // locally administered, not multicast, from LSB of network ID
const uint8_t a =
((uint8_t)(nwid & 0xfeU) | 0x02U); // locally administered, not multicast, from LSB of network ID
return ((a == 0x52) ? 0x32 : a); // blacklist 0x52 since it's used by KVM, libvirt, and other popular
// virtualization engines... seems de-facto standard on Linux
}
@ -164,25 +148,13 @@ class MAC : public TriviallyCopyable {
/**
* @return 6, which is the number of bytes in a MAC, for container compliance
*/
ZT_INLINE unsigned int size() const noexcept
{
return 6;
}
ZT_INLINE unsigned int size() const noexcept { return 6; }
ZT_INLINE unsigned long hashCode() const noexcept
{
return (unsigned long)Utils::hash64(m_mac);
}
ZT_INLINE unsigned long hashCode() const noexcept { return (unsigned long)Utils::hash64(m_mac); }
ZT_INLINE operator bool() const noexcept
{
return (m_mac != 0ULL);
}
ZT_INLINE operator bool() const noexcept { return (m_mac != 0ULL); }
ZT_INLINE operator uint64_t() const noexcept
{
return m_mac;
}
ZT_INLINE operator uint64_t() const noexcept { return m_mac; }
/**
* Convert this MAC to a standard format colon-separated hex string
@ -251,65 +223,29 @@ class MAC : public TriviallyCopyable {
return *this;
}
ZT_INLINE bool operator==(const MAC& m) const noexcept
{
return (m_mac == m.m_mac);
}
ZT_INLINE bool operator==(const MAC &m) const noexcept { return (m_mac == m.m_mac); }
ZT_INLINE bool operator!=(const MAC& m) const noexcept
{
return (m_mac != m.m_mac);
}
ZT_INLINE bool operator!=(const MAC &m) const noexcept { return (m_mac != m.m_mac); }
ZT_INLINE bool operator<(const MAC& m) const noexcept
{
return (m_mac < m.m_mac);
}
ZT_INLINE bool operator<(const MAC &m) const noexcept { return (m_mac < m.m_mac); }
ZT_INLINE bool operator<=(const MAC& m) const noexcept
{
return (m_mac <= m.m_mac);
}
ZT_INLINE bool operator<=(const MAC &m) const noexcept { return (m_mac <= m.m_mac); }
ZT_INLINE bool operator>(const MAC& m) const noexcept
{
return (m_mac > m.m_mac);
}
ZT_INLINE bool operator>(const MAC &m) const noexcept { return (m_mac > m.m_mac); }
ZT_INLINE bool operator>=(const MAC& m) const noexcept
{
return (m_mac >= m.m_mac);
}
ZT_INLINE bool operator>=(const MAC &m) const noexcept { return (m_mac >= m.m_mac); }
ZT_INLINE bool operator==(const uint64_t m) const noexcept
{
return (m_mac == m);
}
ZT_INLINE bool operator==(const uint64_t m) const noexcept { return (m_mac == m); }
ZT_INLINE bool operator!=(const uint64_t m) const noexcept
{
return (m_mac != m);
}
ZT_INLINE bool operator!=(const uint64_t m) const noexcept { return (m_mac != m); }
ZT_INLINE bool operator<(const uint64_t m) const noexcept
{
return (m_mac < m);
}
ZT_INLINE bool operator<(const uint64_t m) const noexcept { return (m_mac < m); }
ZT_INLINE bool operator<=(const uint64_t m) const noexcept
{
return (m_mac <= m);
}
ZT_INLINE bool operator<=(const uint64_t m) const noexcept { return (m_mac <= m); }
ZT_INLINE bool operator>(const uint64_t m) const noexcept
{
return (m_mac > m);
}
ZT_INLINE bool operator>(const uint64_t m) const noexcept { return (m_mac > m); }
ZT_INLINE bool operator>=(const uint64_t m) const noexcept
{
return (m_mac >= m);
}
ZT_INLINE bool operator>=(const uint64_t m) const noexcept { return (m_mac >= m); }
private:
uint64_t m_mac;

168
core/MIMC52.cpp
View file

@ -21,60 +21,120 @@ namespace {
// Largest 1024 primes of form 6k + 5 and less than 2^52. Only the least significant 32
// bits need to be here, as the most significant bits are all 1.
const uint32_t ZT_MIMC52_PRIMES[1024] = {
4294895267, 4294895477, 4294895513, 4294895519, 4294895543, 4294895567, 4294895657, 4294895711, 4294895777, 4294895861, 4294895909, 4294895921, 4294895969, 4294896011, 4294896149, 4294896227, 4294896401, 4294896473, 4294896527,
4294896563, 4294896653, 4294896731, 4294896863, 4294896899, 4294896983, 4294897037, 4294897103, 4294897331, 4294897349, 4294897451, 4294897571, 4294897661, 4294897703, 4294897757, 4294897793, 4294897811, 4294897817, 4294897829,
4294897877, 4294897919, 4294897991, 4294898027, 4294898129, 4294898153, 4294898231, 4294898273, 4294898279, 4294898291, 4294898363, 4294898369, 4294898417, 4294898423, 4294898453, 4294898489, 4294898573, 4294898579, 4294898639,
4294898693, 4294898747, 4294898759, 4294898867, 4294898879, 4294898909, 4294898921, 4294898933, 4294899011, 4294899041, 4294899047, 4294899203, 4294899221, 4294899227, 4294899287, 4294899341, 4294899431, 4294899509, 4294899533,
4294899539, 4294899551, 4294899629, 4294899791, 4294899809, 4294899971, 4294900001, 4294900007, 4294900013, 4294900307, 4294900331, 4294900427, 4294900469, 4294900481, 4294900541, 4294900583, 4294900781, 4294900853, 4294900931,
4294900991, 4294901033, 4294901087, 4294901159, 4294901267, 4294901393, 4294901411, 4294901489, 4294901657, 4294902011, 4294902071, 4294902101, 4294902107, 4294902353, 4294902377, 4294902599, 4294902647, 4294902743, 4294902869,
4294902977, 4294903067, 4294903103, 4294903259, 4294903289, 4294903397, 4294903421, 4294903493, 4294903577, 4294903631, 4294903637, 4294903733, 4294903799, 4294903823, 4294904003, 4294904033, 4294904081, 4294904129, 4294904279,
4294904297, 4294904303, 4294904333, 4294904351, 4294904381, 4294904453, 4294904519, 4294904561, 4294904639, 4294904657, 4294904747, 4294904807, 4294904843, 4294905089, 4294905149, 4294905293, 4294905299, 4294905311, 4294905443,
4294905479, 4294905539, 4294905623, 4294905641, 4294905671, 4294905707, 4294905887, 4294905977, 4294906091, 4294906103, 4294906139, 4294906157, 4294906223, 4294906259, 4294906487, 4294906493, 4294906523, 4294906547, 4294906553,
4294906571, 4294906577, 4294906589, 4294906703, 4294906733, 4294906763, 4294906841, 4294906859, 4294906937, 4294907057, 4294907063, 4294907141, 4294907231, 4294907249, 4294907261, 4294907267, 4294907387, 4294907417, 4294907567,
4294907603, 4294907699, 4294907789, 4294907849, 4294907873, 4294907879, 4294908023, 4294908071, 4294908119, 4294908209, 4294908227, 4294908329, 4294908491, 4294908503, 4294908569, 4294908653, 4294908713, 4294908719, 4294908791,
4294908839, 4294908869, 4294908989, 4294909031, 4294909067, 4294909109, 4294909253, 4294909529, 4294909589, 4294909643, 4294909739, 4294909799, 4294909811, 4294909853, 4294910003, 4294910039, 4294910189, 4294910201, 4294910219,
4294910273, 4294910333, 4294910369, 4294910393, 4294910471, 4294910549, 4294910651, 4294910669, 4294910681, 4294910711, 4294910753, 4294910801, 4294910981, 4294911053, 4294911143, 4294911227, 4294911239, 4294911359, 4294911383,
4294911407, 4294911521, 4294911551, 4294911611, 4294911641, 4294911689, 4294911719, 4294911869, 4294912109, 4294912133, 4294912151, 4294912187, 4294912223, 4294912331, 4294912439, 4294912607, 4294912703, 4294912859, 4294912871,
4294912907, 4294912961, 4294913003, 4294913111, 4294913309, 4294913333, 4294913357, 4294913399, 4294913411, 4294913459, 4294913501, 4294913531, 4294913591, 4294913609, 4294913663, 4294913783, 4294913819, 4294913903, 4294914137,
4294914413, 4294914473, 4294914497, 4294914527, 4294914551, 4294914593, 4294914611, 4294914659, 4294914671, 4294914743, 4294914863, 4294914917, 4294915061, 4294915103, 4294915139, 4294915217, 4294915223, 4294915253, 4294915283,
4294915373, 4294915433, 4294915607, 4294916069, 4294916213, 4294916267, 4294916303, 4294916393, 4294916441, 4294916477, 4294916507, 4294916573, 4294916633, 4294916687, 4294916783, 4294916837, 4294916897, 4294916921, 4294917029,
4294917047, 4294917101, 4294917203, 4294917287, 4294917299, 4294917389, 4294917437, 4294917527, 4294917557, 4294917611, 4294917617, 4294917689, 4294917821, 4294917857, 4294917917, 4294917941, 4294918169, 4294918187, 4294918307,
4294918409, 4294918433, 4294918481, 4294918703, 4294918709, 4294918733, 4294918799, 4294918871, 4294919009, 4294919249, 4294919279, 4294919291, 4294919363, 4294919381, 4294919441, 4294919447, 4294919549, 4294919579, 4294919633,
4294919657, 4294919669, 4294919693, 4294919711, 4294920029, 4294920059, 4294920089, 4294920197, 4294920239, 4294920257, 4294920263, 4294920269, 4294920341, 4294920353, 4294920407, 4294920503, 4294920599, 4294920647, 4294920743,
4294920803, 4294920809, 4294920881, 4294920899, 4294920983, 4294921043, 4294921139, 4294921151, 4294921181, 4294921229, 4294921289, 4294921331, 4294921343, 4294921391, 4294921469, 4294921709, 4294921721, 4294921823, 4294921847,
4294921889, 4294922057, 4294922171, 4294922201, 4294922237, 4294922309, 4294922399, 4294922447, 4294922507, 4294922513, 4294922549, 4294922609, 4294922663, 4294922861, 4294922933, 4294923101, 4294923191, 4294923209, 4294923221,
4294923251, 4294923263, 4294923359, 4294923371, 4294923377, 4294923461, 4294923521, 4294923953, 4294924001, 4294924091, 4294924121, 4294924319, 4294924397, 4294924571, 4294924583, 4294924751, 4294924817, 4294924823, 4294924847,
4294924877, 4294925003, 4294925027, 4294925117, 4294925237, 4294925243, 4294925297, 4294925369, 4294925627, 4294925639, 4294925729, 4294925747, 4294925873, 4294925891, 4294925933, 4294926047, 4294926059, 4294926209, 4294926221,
4294926233, 4294926257, 4294926329, 4294926371, 4294926401, 4294926413, 4294926437, 4294926563, 4294926569, 4294926917, 4294926923, 4294926947, 4294926971, 4294927067, 4294927073, 4294927151, 4294927349, 4294927367, 4294927403,
4294927481, 4294927523, 4294927553, 4294927589, 4294927649, 4294927673, 4294927727, 4294927739, 4294927763, 4294927889, 4294928183, 4294928207, 4294928249, 4294928327, 4294928351, 4294928399, 4294928483, 4294928489, 4294928543,
4294928597, 4294928951, 4294928963, 4294928981, 4294929017, 4294929059, 4294929161, 4294929197, 4294929233, 4294929269, 4294929311, 4294929323, 4294929341, 4294929383, 4294929401, 4294929497, 4294929509, 4294929581, 4294929707,
4294929743, 4294930043, 4294930121, 4294930193, 4294930223, 4294930349, 4294930403, 4294930571, 4294930613, 4294930721, 4294930751, 4294930877, 4294930931, 4294930961, 4294930967, 4294930973, 4294931021, 4294931051, 4294931057,
4294931063, 4294931219, 4294931273, 4294931339, 4294931423, 4294931441, 4294931453, 4294931567, 4294931639, 4294931717, 4294931897, 4294931969, 4294932023, 4294932053, 4294932239, 4294932299, 4294932443, 4294932671, 4294932677,
4294932731, 4294932743, 4294932767, 4294932773, 4294932779, 4294932881, 4294932899, 4294932929, 4294933067, 4294933277, 4294933307, 4294933343, 4294933451, 4294933523, 4294933763, 4294933793, 4294933829, 4294933847, 4294933871,
4294933997, 4294934033, 4294934111, 4294934207, 4294934243, 4294934267, 4294934279, 4294934291, 4294934327, 4294934363, 4294934423, 4294934489, 4294934561, 4294934867, 4294934921, 4294934969, 4294935137, 4294935239, 4294935299,
4294935431, 4294935539, 4294935629, 4294935701, 4294935791, 4294935797, 4294935803, 4294935959, 4294936001, 4294936007, 4294936037, 4294936079, 4294936127, 4294936163, 4294936247, 4294936307, 4294936331, 4294936409, 4294936451,
4294936601, 4294936607, 4294936619, 4294936667, 4294936709, 4294936733, 4294936751, 4294936763, 4294936829, 4294936937, 4294936997, 4294937027, 4294937051, 4294937093, 4294937177, 4294937213, 4294937291, 4294937381, 4294937417,
4294937429, 4294937681, 4294937693, 4294937753, 4294937771, 4294937813, 4294937837, 4294937891, 4294937969, 4294938071, 4294938101, 4294938323, 4294938371, 4294938401, 4294938467, 4294938473, 4294938521, 4294938599, 4294938731,
4294938779, 4294938833, 4294938899, 4294938977, 4294938983, 4294939067, 4294939127, 4294939223, 4294939277, 4294939331, 4294939337, 4294939391, 4294939457, 4294939559, 4294939673, 4294939691, 4294939901, 4294939991, 4294940087,
4294940093, 4294940189, 4294940213, 4294940417, 4294940657, 4294940699, 4294940753, 4294940801, 4294940873, 4294940951, 4294941047, 4294941143, 4294941161, 4294941227, 4294941281, 4294941377, 4294941509, 4294941551, 4294941701,
4294941731, 4294941767, 4294941911, 4294941923, 4294942043, 4294942139, 4294942313, 4294942343, 4294942373, 4294942427, 4294942529, 4294942601, 4294942649, 4294942673, 4294942679, 4294942733, 4294942769, 4294942811, 4294942961,
4294943129, 4294943141, 4294943219, 4294943369, 4294943423, 4294943471, 4294943651, 4294943687, 4294943717, 4294943729, 4294943747, 4294943759, 4294943813, 4294943819, 4294943891, 4294944077, 4294944191, 4294944233, 4294944239,
4294944353, 4294944389, 4294944581, 4294944623, 4294944629, 4294944659, 4294944821, 4294945031, 4294945157, 4294945211, 4294945229, 4294945301, 4294945337, 4294945343, 4294945511, 4294945547, 4294945667, 4294945709, 4294945757,
4294945841, 4294945991, 4294946033, 4294946099, 4294946153, 4294946477, 4294946687, 4294946747, 4294946957, 4294946993, 4294947023, 4294947131, 4294947167, 4294947287, 4294947311, 4294947413, 4294947581, 4294947599, 4294947671,
4294947851, 4294947959, 4294948067, 4294948073, 4294948193, 4294948259, 4294948421, 4294948451, 4294948613, 4294948673, 4294948883, 4294949027, 4294949057, 4294949069, 4294949519, 4294949531, 4294949603, 4294949609, 4294949627,
4294949693, 4294949729, 4294949741, 4294949807, 4294949921, 4294949939, 4294949981, 4294949993, 4294950083, 4294950173, 4294950197, 4294950251, 4294950287, 4294950317, 4294950323, 4294950329, 4294950581, 4294950593, 4294950617,
4294950629, 4294950713, 4294950929, 4294951151, 4294951163, 4294951169, 4294951379, 4294951583, 4294951613, 4294951853, 4294951907, 4294951913, 4294951937, 4294951961, 4294952063, 4294952183, 4294952393, 4294952543, 4294952549,
4294952597, 4294952627, 4294952687, 4294952723, 4294952729, 4294952789, 4294952819, 4294952873, 4294952891, 4294952903, 4294952969, 4294952999, 4294953023, 4294953107, 4294953173, 4294953281, 4294953341, 4294953431, 4294953599,
4294953689, 4294953719, 4294953827, 4294953887, 4294953977, 4294954073, 4294954079, 4294954157, 4294954217, 4294954283, 4294954607, 4294954667, 4294954859, 4294954901, 4294954973, 4294955081, 4294955237, 4294955273, 4294955327,
4294955441, 4294955507, 4294955591, 4294955789, 4294955831, 4294955837, 4294955927, 4294955963, 4294955969, 4294955987, 4294956041, 4294956047, 4294956197, 4294956323, 4294956359, 4294956551, 4294956593, 4294956623, 4294956629,
4294956641, 4294956719, 4294956761, 4294956767, 4294956797, 4294956821, 4294956833, 4294957037, 4294957079, 4294957103, 4294957181, 4294957349, 4294957379, 4294957433, 4294957463, 4294957511, 4294957577, 4294957727, 4294957859,
4294957877, 4294958039, 4294958153, 4294958309, 4294958417, 4294958441, 4294958693, 4294958717, 4294958753, 4294958903, 4294958909, 4294959017, 4294959071, 4294959107, 4294959161, 4294959257, 4294959299, 4294959329, 4294959431,
4294959593, 4294959599, 4294959659, 4294959893, 4294959917, 4294959983, 4294960001, 4294960031, 4294960061, 4294960079, 4294960097, 4294960271, 4294960283, 4294960349, 4294960367, 4294960421, 4294960529, 4294960541, 4294960583,
4294960613, 4294960673, 4294960691, 4294960697, 4294960787, 4294960919, 4294961003, 4294961039, 4294961153, 4294961159, 4294961171, 4294961321, 4294961411, 4294961471, 4294961507, 4294961537, 4294961669, 4294961717, 4294961741,
4294961873, 4294962059, 4294962137, 4294962167, 4294962263, 4294962281, 4294962311, 4294962341, 4294962413, 4294962521, 4294962563, 4294962761, 4294962893, 4294963103, 4294963163, 4294963223, 4294963313, 4294963349, 4294963427,
4294963547, 4294963559, 4294963721, 4294963799, 4294963817, 4294963901, 4294963919, 4294964021, 4294964279, 4294964297, 4294964363, 4294964387, 4294964411, 4294964567, 4294964603, 4294964687, 4294964777, 4294965041, 4294965071,
4294965119, 4294965221, 4294965251, 4294965287, 4294965413, 4294965569, 4294965647, 4294965671, 4294965689, 4294965779, 4294965839, 4294965893, 4294966091, 4294966109, 4294966127, 4294966157, 4294966187, 4294966199, 4294966211,
4294966403, 4294966457, 4294966499, 4294966541, 4294966637, 4294966661, 4294966739, 4294966823, 4294966883, 4294966901, 4294966961, 4294967027, 4294967087, 4294967099, 4294967123, 4294967153, 4294967249
4294895267, 4294895477, 4294895513, 4294895519, 4294895543, 4294895567, 4294895657, 4294895711, 4294895777,
4294895861, 4294895909, 4294895921, 4294895969, 4294896011, 4294896149, 4294896227, 4294896401, 4294896473,
4294896527, 4294896563, 4294896653, 4294896731, 4294896863, 4294896899, 4294896983, 4294897037, 4294897103,
4294897331, 4294897349, 4294897451, 4294897571, 4294897661, 4294897703, 4294897757, 4294897793, 4294897811,
4294897817, 4294897829, 4294897877, 4294897919, 4294897991, 4294898027, 4294898129, 4294898153, 4294898231,
4294898273, 4294898279, 4294898291, 4294898363, 4294898369, 4294898417, 4294898423, 4294898453, 4294898489,
4294898573, 4294898579, 4294898639, 4294898693, 4294898747, 4294898759, 4294898867, 4294898879, 4294898909,
4294898921, 4294898933, 4294899011, 4294899041, 4294899047, 4294899203, 4294899221, 4294899227, 4294899287,
4294899341, 4294899431, 4294899509, 4294899533, 4294899539, 4294899551, 4294899629, 4294899791, 4294899809,
4294899971, 4294900001, 4294900007, 4294900013, 4294900307, 4294900331, 4294900427, 4294900469, 4294900481,
4294900541, 4294900583, 4294900781, 4294900853, 4294900931, 4294900991, 4294901033, 4294901087, 4294901159,
4294901267, 4294901393, 4294901411, 4294901489, 4294901657, 4294902011, 4294902071, 4294902101, 4294902107,
4294902353, 4294902377, 4294902599, 4294902647, 4294902743, 4294902869, 4294902977, 4294903067, 4294903103,
4294903259, 4294903289, 4294903397, 4294903421, 4294903493, 4294903577, 4294903631, 4294903637, 4294903733,
4294903799, 4294903823, 4294904003, 4294904033, 4294904081, 4294904129, 4294904279, 4294904297, 4294904303,
4294904333, 4294904351, 4294904381, 4294904453, 4294904519, 4294904561, 4294904639, 4294904657, 4294904747,
4294904807, 4294904843, 4294905089, 4294905149, 4294905293, 4294905299, 4294905311, 4294905443, 4294905479,
4294905539, 4294905623, 4294905641, 4294905671, 4294905707, 4294905887, 4294905977, 4294906091, 4294906103,
4294906139, 4294906157, 4294906223, 4294906259, 4294906487, 4294906493, 4294906523, 4294906547, 4294906553,
4294906571, 4294906577, 4294906589, 4294906703, 4294906733, 4294906763, 4294906841, 4294906859, 4294906937,
4294907057, 4294907063, 4294907141, 4294907231, 4294907249, 4294907261, 4294907267, 4294907387, 4294907417,
4294907567, 4294907603, 4294907699, 4294907789, 4294907849, 4294907873, 4294907879, 4294908023, 4294908071,
4294908119, 4294908209, 4294908227, 4294908329, 4294908491, 4294908503, 4294908569, 4294908653, 4294908713,
4294908719, 4294908791, 4294908839, 4294908869, 4294908989, 4294909031, 4294909067, 4294909109, 4294909253,
4294909529, 4294909589, 4294909643, 4294909739, 4294909799, 4294909811, 4294909853, 4294910003, 4294910039,
4294910189, 4294910201, 4294910219, 4294910273, 4294910333, 4294910369, 4294910393, 4294910471, 4294910549,
4294910651, 4294910669, 4294910681, 4294910711, 4294910753, 4294910801, 4294910981, 4294911053, 4294911143,
4294911227, 4294911239, 4294911359, 4294911383, 4294911407, 4294911521, 4294911551, 4294911611, 4294911641,
4294911689, 4294911719, 4294911869, 4294912109, 4294912133, 4294912151, 4294912187, 4294912223, 4294912331,
4294912439, 4294912607, 4294912703, 4294912859, 4294912871, 4294912907, 4294912961, 4294913003, 4294913111,
4294913309, 4294913333, 4294913357, 4294913399, 4294913411, 4294913459, 4294913501, 4294913531, 4294913591,
4294913609, 4294913663, 4294913783, 4294913819, 4294913903, 4294914137, 4294914413, 4294914473, 4294914497,
4294914527, 4294914551, 4294914593, 4294914611, 4294914659, 4294914671, 4294914743, 4294914863, 4294914917,
4294915061, 4294915103, 4294915139, 4294915217, 4294915223, 4294915253, 4294915283, 4294915373, 4294915433,
4294915607, 4294916069, 4294916213, 4294916267, 4294916303, 4294916393, 4294916441, 4294916477, 4294916507,
4294916573, 4294916633, 4294916687, 4294916783, 4294916837, 4294916897, 4294916921, 4294917029, 4294917047,
4294917101, 4294917203, 4294917287, 4294917299, 4294917389, 4294917437, 4294917527, 4294917557, 4294917611,
4294917617, 4294917689, 4294917821, 4294917857, 4294917917, 4294917941, 4294918169, 4294918187, 4294918307,
4294918409, 4294918433, 4294918481, 4294918703, 4294918709, 4294918733, 4294918799, 4294918871, 4294919009,
4294919249, 4294919279, 4294919291, 4294919363, 4294919381, 4294919441, 4294919447, 4294919549, 4294919579,
4294919633, 4294919657, 4294919669, 4294919693, 4294919711, 4294920029, 4294920059, 4294920089, 4294920197,
4294920239, 4294920257, 4294920263, 4294920269, 4294920341, 4294920353, 4294920407, 4294920503, 4294920599,
4294920647, 4294920743, 4294920803, 4294920809, 4294920881, 4294920899, 4294920983, 4294921043, 4294921139,
4294921151, 4294921181, 4294921229, 4294921289, 4294921331, 4294921343, 4294921391, 4294921469, 4294921709,
4294921721, 4294921823, 4294921847, 4294921889, 4294922057, 4294922171, 4294922201, 4294922237, 4294922309,
4294922399, 4294922447, 4294922507, 4294922513, 4294922549, 4294922609, 4294922663, 4294922861, 4294922933,
4294923101, 4294923191, 4294923209, 4294923221, 4294923251, 4294923263, 4294923359, 4294923371, 4294923377,
4294923461, 4294923521, 4294923953, 4294924001, 4294924091, 4294924121, 4294924319, 4294924397, 4294924571,
4294924583, 4294924751, 4294924817, 4294924823, 4294924847, 4294924877, 4294925003, 4294925027, 4294925117,
4294925237, 4294925243, 4294925297, 4294925369, 4294925627, 4294925639, 4294925729, 4294925747, 4294925873,
4294925891, 4294925933, 4294926047, 4294926059, 4294926209, 4294926221, 4294926233, 4294926257, 4294926329,
4294926371, 4294926401, 4294926413, 4294926437, 4294926563, 4294926569, 4294926917, 4294926923, 4294926947,
4294926971, 4294927067, 4294927073, 4294927151, 4294927349, 4294927367, 4294927403, 4294927481, 4294927523,
4294927553, 4294927589, 4294927649, 4294927673, 4294927727, 4294927739, 4294927763, 4294927889, 4294928183,
4294928207, 4294928249, 4294928327, 4294928351, 4294928399, 4294928483, 4294928489, 4294928543, 4294928597,
4294928951, 4294928963, 4294928981, 4294929017, 4294929059, 4294929161, 4294929197, 4294929233, 4294929269,
4294929311, 4294929323, 4294929341, 4294929383, 4294929401, 4294929497, 4294929509, 4294929581, 4294929707,
4294929743, 4294930043, 4294930121, 4294930193, 4294930223, 4294930349, 4294930403, 4294930571, 4294930613,
4294930721, 4294930751, 4294930877, 4294930931, 4294930961, 4294930967, 4294930973, 4294931021, 4294931051,
4294931057, 4294931063, 4294931219, 4294931273, 4294931339, 4294931423, 4294931441, 4294931453, 4294931567,
4294931639, 4294931717, 4294931897, 4294931969, 4294932023, 4294932053, 4294932239, 4294932299, 4294932443,
4294932671, 4294932677, 4294932731, 4294932743, 4294932767, 4294932773, 4294932779, 4294932881, 4294932899,
4294932929, 4294933067, 4294933277, 4294933307, 4294933343, 4294933451, 4294933523, 4294933763, 4294933793,
4294933829, 4294933847, 4294933871, 4294933997, 4294934033, 4294934111, 4294934207, 4294934243, 4294934267,
4294934279, 4294934291, 4294934327, 4294934363, 4294934423, 4294934489, 4294934561, 4294934867, 4294934921,
4294934969, 4294935137, 4294935239, 4294935299, 4294935431, 4294935539, 4294935629, 4294935701, 4294935791,
4294935797, 4294935803, 4294935959, 4294936001, 4294936007, 4294936037, 4294936079, 4294936127, 4294936163,
4294936247, 4294936307, 4294936331, 4294936409, 4294936451, 4294936601, 4294936607, 4294936619, 4294936667,
4294936709, 4294936733, 4294936751, 4294936763, 4294936829, 4294936937, 4294936997, 4294937027, 4294937051,
4294937093, 4294937177, 4294937213, 4294937291, 4294937381, 4294937417, 4294937429, 4294937681, 4294937693,
4294937753, 4294937771, 4294937813, 4294937837, 4294937891, 4294937969, 4294938071, 4294938101, 4294938323,
4294938371, 4294938401, 4294938467, 4294938473, 4294938521, 4294938599, 4294938731, 4294938779, 4294938833,
4294938899, 4294938977, 4294938983, 4294939067, 4294939127, 4294939223, 4294939277, 4294939331, 4294939337,
4294939391, 4294939457, 4294939559, 4294939673, 4294939691, 4294939901, 4294939991, 4294940087, 4294940093,
4294940189, 4294940213, 4294940417, 4294940657, 4294940699, 4294940753, 4294940801, 4294940873, 4294940951,
4294941047, 4294941143, 4294941161, 4294941227, 4294941281, 4294941377, 4294941509, 4294941551, 4294941701,
4294941731, 4294941767, 4294941911, 4294941923, 4294942043, 4294942139, 4294942313, 4294942343, 4294942373,
4294942427, 4294942529, 4294942601, 4294942649, 4294942673, 4294942679, 4294942733, 4294942769, 4294942811,
4294942961, 4294943129, 4294943141, 4294943219, 4294943369, 4294943423, 4294943471, 4294943651, 4294943687,
4294943717, 4294943729, 4294943747, 4294943759, 4294943813, 4294943819, 4294943891, 4294944077, 4294944191,
4294944233, 4294944239, 4294944353, 4294944389, 4294944581, 4294944623, 4294944629, 4294944659, 4294944821,
4294945031, 4294945157, 4294945211, 4294945229, 4294945301, 4294945337, 4294945343, 4294945511, 4294945547,
4294945667, 4294945709, 4294945757, 4294945841, 4294945991, 4294946033, 4294946099, 4294946153, 4294946477,
4294946687, 4294946747, 4294946957, 4294946993, 4294947023, 4294947131, 4294947167, 4294947287, 4294947311,
4294947413, 4294947581, 4294947599, 4294947671, 4294947851, 4294947959, 4294948067, 4294948073, 4294948193,
4294948259, 4294948421, 4294948451, 4294948613, 4294948673, 4294948883, 4294949027, 4294949057, 4294949069,
4294949519, 4294949531, 4294949603, 4294949609, 4294949627, 4294949693, 4294949729, 4294949741, 4294949807,
4294949921, 4294949939, 4294949981, 4294949993, 4294950083, 4294950173, 4294950197, 4294950251, 4294950287,
4294950317, 4294950323, 4294950329, 4294950581, 4294950593, 4294950617, 4294950629, 4294950713, 4294950929,
4294951151, 4294951163, 4294951169, 4294951379, 4294951583, 4294951613, 4294951853, 4294951907, 4294951913,
4294951937, 4294951961, 4294952063, 4294952183, 4294952393, 4294952543, 4294952549, 4294952597, 4294952627,
4294952687, 4294952723, 4294952729, 4294952789, 4294952819, 4294952873, 4294952891, 4294952903, 4294952969,
4294952999, 4294953023, 4294953107, 4294953173, 4294953281, 4294953341, 4294953431, 4294953599, 4294953689,
4294953719, 4294953827, 4294953887, 4294953977, 4294954073, 4294954079, 4294954157, 4294954217, 4294954283,
4294954607, 4294954667, 4294954859, 4294954901, 4294954973, 4294955081, 4294955237, 4294955273, 4294955327,
4294955441, 4294955507, 4294955591, 4294955789, 4294955831, 4294955837, 4294955927, 4294955963, 4294955969,
4294955987, 4294956041, 4294956047, 4294956197, 4294956323, 4294956359, 4294956551, 4294956593, 4294956623,
4294956629, 4294956641, 4294956719, 4294956761, 4294956767, 4294956797, 4294956821, 4294956833, 4294957037,
4294957079, 4294957103, 4294957181, 4294957349, 4294957379, 4294957433, 4294957463, 4294957511, 4294957577,
4294957727, 4294957859, 4294957877, 4294958039, 4294958153, 4294958309, 4294958417, 4294958441, 4294958693,
4294958717, 4294958753, 4294958903, 4294958909, 4294959017, 4294959071, 4294959107, 4294959161, 4294959257,
4294959299, 4294959329, 4294959431, 4294959593, 4294959599, 4294959659, 4294959893, 4294959917, 4294959983,
4294960001, 4294960031, 4294960061, 4294960079, 4294960097, 4294960271, 4294960283, 4294960349, 4294960367,
4294960421, 4294960529, 4294960541, 4294960583, 4294960613, 4294960673, 4294960691, 4294960697, 4294960787,
4294960919, 4294961003, 4294961039, 4294961153, 4294961159, 4294961171, 4294961321, 4294961411, 4294961471,
4294961507, 4294961537, 4294961669, 4294961717, 4294961741, 4294961873, 4294962059, 4294962137, 4294962167,
4294962263, 4294962281, 4294962311, 4294962341, 4294962413, 4294962521, 4294962563, 4294962761, 4294962893,
4294963103, 4294963163, 4294963223, 4294963313, 4294963349, 4294963427, 4294963547, 4294963559, 4294963721,
4294963799, 4294963817, 4294963901, 4294963919, 4294964021, 4294964279, 4294964297, 4294964363, 4294964387,
4294964411, 4294964567, 4294964603, 4294964687, 4294964777, 4294965041, 4294965071, 4294965119, 4294965221,
4294965251, 4294965287, 4294965413, 4294965569, 4294965647, 4294965671, 4294965689, 4294965779, 4294965839,
4294965893, 4294966091, 4294966109, 4294966127, 4294966157, 4294966187, 4294966199, 4294966211, 4294966403,
4294966457, 4294966499, 4294966541, 4294966637, 4294966661, 4294966739, 4294966823, 4294966883, 4294966901,
4294966961, 4294967027, 4294967087, 4294967099, 4294967123, 4294967153, 4294967249
};
#ifdef ZT_NO_IEEE_DOUBLE

91
core/Member.cpp
View file

@ -21,11 +21,16 @@
namespace ZeroTier {
Member::Member() : m_comRevocationThreshold(0), m_lastPushedCredentials(0), m_comAgreementLocalTimestamp(0), m_comAgreementRemoteTimestamp(0)
Member::Member()
: m_comRevocationThreshold(0)
, m_lastPushedCredentials(0)
, m_comAgreementLocalTimestamp(0)
, m_comAgreementRemoteTimestamp(0)
{
}
void Member::pushCredentials(const Context& ctx, const CallContext& cc, const SharedPtr<Peer>& to, const NetworkConfig& nconf)
void Member::pushCredentials(
const Context &ctx, const CallContext &cc, const SharedPtr<Peer> &to, const NetworkConfig &nconf)
{
if (!nconf.com) // sanity check
return;
@ -119,17 +124,23 @@ void Member::clean(const NetworkConfig& nconf)
m_cleanCredImpl<OwnershipCredential>(nconf, m_remoteCoos);
}
Member::AddCredentialResult Member::addCredential(const Context& ctx, const CallContext& cc, const Identity& sourcePeerIdentity, const NetworkConfig& nconf, const MembershipCredential& com)
Member::AddCredentialResult Member::addCredential(
const Context &ctx, const CallContext &cc, const Identity &sourcePeerIdentity, const NetworkConfig &nconf,
const MembershipCredential &com)
{
const int64_t newts = com.timestamp();
if (newts <= m_comRevocationThreshold) {
ctx.t->credentialRejected(cc, 0xd9992121, com.networkId(), sourcePeerIdentity, com.id(), com.timestamp(), ZT_CREDENTIAL_TYPE_COM, ZT_TRACE_CREDENTIAL_REJECTION_REASON_REVOKED);
ctx.t->credentialRejected(
cc, 0xd9992121, com.networkId(), sourcePeerIdentity, com.id(), com.timestamp(), ZT_CREDENTIAL_TYPE_COM,
ZT_TRACE_CREDENTIAL_REJECTION_REASON_REVOKED);
return ADD_REJECTED;
}
const int64_t oldts = m_com.timestamp();
if (newts < oldts) {
ctx.t->credentialRejected(cc, 0xd9928192, com.networkId(), sourcePeerIdentity, com.id(), com.timestamp(), ZT_CREDENTIAL_TYPE_COM, ZT_TRACE_CREDENTIAL_REJECTION_REASON_OLDER_THAN_LATEST);
ctx.t->credentialRejected(
cc, 0xd9928192, com.networkId(), sourcePeerIdentity, com.id(), com.timestamp(), ZT_CREDENTIAL_TYPE_COM,
ZT_TRACE_CREDENTIAL_REJECTION_REASON_OLDER_THAN_LATEST);
return ADD_REJECTED;
}
if ((newts == oldts) && (m_com == com))
@ -137,74 +148,92 @@ Member::AddCredentialResult Member::addCredential(const Context& ctx, const Call
switch (com.verify(ctx, cc)) {
default:
ctx.t->credentialRejected(cc, 0x0f198241, com.networkId(), sourcePeerIdentity, com.id(), com.timestamp(), ZT_CREDENTIAL_TYPE_COM, ZT_TRACE_CREDENTIAL_REJECTION_REASON_INVALID);
ctx.t->credentialRejected(
cc, 0x0f198241, com.networkId(), sourcePeerIdentity, com.id(), com.timestamp(), ZT_CREDENTIAL_TYPE_COM,
ZT_TRACE_CREDENTIAL_REJECTION_REASON_INVALID);
return Member::ADD_REJECTED;
case Credential::VERIFY_OK:
m_com = com;
return ADD_ACCEPTED_NEW;
case Credential::VERIFY_OK: m_com = com; return ADD_ACCEPTED_NEW;
case Credential::VERIFY_BAD_SIGNATURE:
ctx.t->credentialRejected(cc, 0xbaf0aaaa, com.networkId(), sourcePeerIdentity, com.id(), com.timestamp(), ZT_CREDENTIAL_TYPE_COM, ZT_TRACE_CREDENTIAL_REJECTION_REASON_SIGNATURE_VERIFICATION_FAILED);
ctx.t->credentialRejected(
cc, 0xbaf0aaaa, com.networkId(), sourcePeerIdentity, com.id(), com.timestamp(), ZT_CREDENTIAL_TYPE_COM,
ZT_TRACE_CREDENTIAL_REJECTION_REASON_SIGNATURE_VERIFICATION_FAILED);
return ADD_REJECTED;
case Credential::VERIFY_NEED_IDENTITY:
return ADD_DEFERRED_FOR_WHOIS;
case Credential::VERIFY_NEED_IDENTITY: return ADD_DEFERRED_FOR_WHOIS;
}
}
// 3/5 of the credential types have identical addCredential() code
template <typename C>
static ZT_INLINE Member::AddCredentialResult
_addCredImpl(Map<uint32_t, C>& remoteCreds, const Map<uint64_t, int64_t>& revocations, const Context& ctx, const CallContext& cc, const Identity& sourcePeerIdentity, const NetworkConfig& nconf, const C& cred)
static ZT_INLINE Member::AddCredentialResult _addCredImpl(
Map<uint32_t, C> &remoteCreds, const Map<uint64_t, int64_t> &revocations, const Context &ctx, const CallContext &cc,
const Identity &sourcePeerIdentity, const NetworkConfig &nconf, const C &cred)
{
typename Map<uint32_t, C>::const_iterator rc(remoteCreds.find(cred.id()));
if (rc != remoteCreds.end()) {
if (rc->second.revision() > cred.revision()) {
ctx.t->credentialRejected(cc, 0x40000001, nconf.networkId, sourcePeerIdentity, cred.id(), cred.revision(), C::credentialType(), ZT_TRACE_CREDENTIAL_REJECTION_REASON_OLDER_THAN_LATEST);
ctx.t->credentialRejected(
cc, 0x40000001, nconf.networkId, sourcePeerIdentity, cred.id(), cred.revision(), C::credentialType(),
ZT_TRACE_CREDENTIAL_REJECTION_REASON_OLDER_THAN_LATEST);
return Member::ADD_REJECTED;
}
if (rc->second == cred)
return Member::ADD_ACCEPTED_REDUNDANT;
}
typename Map<uint64_t, int64_t>::const_iterator rt(revocations.find(Member::credentialKey(C::credentialType(), cred.id())));
typename Map<uint64_t, int64_t>::const_iterator rt(
revocations.find(Member::credentialKey(C::credentialType(), cred.id())));
if ((rt != revocations.end()) && (rt->second >= cred.revision())) {
ctx.t->credentialRejected(cc, 0x24248124, nconf.networkId, sourcePeerIdentity, cred.id(), cred.revision(), C::credentialType(), ZT_TRACE_CREDENTIAL_REJECTION_REASON_REVOKED);
ctx.t->credentialRejected(
cc, 0x24248124, nconf.networkId, sourcePeerIdentity, cred.id(), cred.revision(), C::credentialType(),
ZT_TRACE_CREDENTIAL_REJECTION_REASON_REVOKED);
return Member::ADD_REJECTED;
}
switch (cred.verify(ctx, cc)) {
default:
ctx.t->credentialRejected(cc, 0x01feba012, nconf.networkId, sourcePeerIdentity, cred.id(), cred.revision(), C::credentialType(), ZT_TRACE_CREDENTIAL_REJECTION_REASON_INVALID);
ctx.t->credentialRejected(
cc, 0x01feba012, nconf.networkId, sourcePeerIdentity, cred.id(), cred.revision(), C::credentialType(),
ZT_TRACE_CREDENTIAL_REJECTION_REASON_INVALID);
return Member::ADD_REJECTED;
case 0:
if (rc == remoteCreds.end())
remoteCreds[cred.id()] = cred;
return Member::ADD_ACCEPTED_NEW;
case 1:
return Member::ADD_DEFERRED_FOR_WHOIS;
case 1: return Member::ADD_DEFERRED_FOR_WHOIS;
}
}
Member::AddCredentialResult Member::addCredential(const Context& ctx, const CallContext& cc, const Identity& sourcePeerIdentity, const NetworkConfig& nconf, const TagCredential& tag)
Member::AddCredentialResult Member::addCredential(
const Context &ctx, const CallContext &cc, const Identity &sourcePeerIdentity, const NetworkConfig &nconf,
const TagCredential &tag)
{
return _addCredImpl<TagCredential>(m_remoteTags, m_revocations, ctx, cc, sourcePeerIdentity, nconf, tag);
}
Member::AddCredentialResult Member::addCredential(const Context& ctx, const CallContext& cc, const Identity& sourcePeerIdentity, const NetworkConfig& nconf, const CapabilityCredential& cap)
Member::AddCredentialResult Member::addCredential(
const Context &ctx, const CallContext &cc, const Identity &sourcePeerIdentity, const NetworkConfig &nconf,
const CapabilityCredential &cap)
{
return _addCredImpl<CapabilityCredential>(m_remoteCaps, m_revocations, ctx, cc, sourcePeerIdentity, nconf, cap);
}
Member::AddCredentialResult Member::addCredential(const Context& ctx, const CallContext& cc, const Identity& sourcePeerIdentity, const NetworkConfig& nconf, const OwnershipCredential& coo)
Member::AddCredentialResult Member::addCredential(
const Context &ctx, const CallContext &cc, const Identity &sourcePeerIdentity, const NetworkConfig &nconf,
const OwnershipCredential &coo)
{
return _addCredImpl<OwnershipCredential>(m_remoteCoos, m_revocations, ctx, cc, sourcePeerIdentity, nconf, coo);
}
Member::AddCredentialResult Member::addCredential(const Context& ctx, const CallContext& cc, const Identity& sourcePeerIdentity, const NetworkConfig& nconf, const RevocationCredential& rev)
Member::AddCredentialResult Member::addCredential(
const Context &ctx, const CallContext &cc, const Identity &sourcePeerIdentity, const NetworkConfig &nconf,
const RevocationCredential &rev)
{
int64_t *rt;
switch (rev.verify(ctx, cc)) {
default:
ctx.t->credentialRejected(cc, 0x938ff009, nconf.networkId, sourcePeerIdentity, rev.id(), 0, ZT_CREDENTIAL_TYPE_REVOCATION, ZT_TRACE_CREDENTIAL_REJECTION_REASON_INVALID);
ctx.t->credentialRejected(
cc, 0x938ff009, nconf.networkId, sourcePeerIdentity, rev.id(), 0, ZT_CREDENTIAL_TYPE_REVOCATION,
ZT_TRACE_CREDENTIAL_REJECTION_REASON_INVALID);
return ADD_REJECTED;
case 0: {
const ZT_CredentialType ct = rev.typeBeingRevoked();
@ -226,18 +255,22 @@ Member::AddCredentialResult Member::addCredential(const Context& ctx, const Call
}
return ADD_ACCEPTED_REDUNDANT;
default:
ctx.t->credentialRejected(cc, 0x0bbbb1a4, nconf.networkId, sourcePeerIdentity, rev.id(), 0, ZT_CREDENTIAL_TYPE_REVOCATION, ZT_TRACE_CREDENTIAL_REJECTION_REASON_INVALID);
ctx.t->credentialRejected(
cc, 0x0bbbb1a4, nconf.networkId, sourcePeerIdentity, rev.id(), 0, ZT_CREDENTIAL_TYPE_REVOCATION,
ZT_TRACE_CREDENTIAL_REJECTION_REASON_INVALID);
return ADD_REJECTED;
}
}
case 1:
return ADD_DEFERRED_FOR_WHOIS;
case 1: return ADD_DEFERRED_FOR_WHOIS;
}
}
bool Member::m_isUnspoofableAddress(const NetworkConfig &nconf, const InetAddress &ip) const noexcept
{
return (ip.isV6() && nconf.ndpEmulation() && ((ip == InetAddress::makeIpv66plane(nconf.networkId, m_com.issuedTo().address)) || (ip == InetAddress::makeIpv6rfc4193(nconf.networkId, m_com.issuedTo().address))));
return (
ip.isV6() && nconf.ndpEmulation()
&& ((ip == InetAddress::makeIpv66plane(nconf.networkId, m_com.issuedTo().address))
|| (ip == InetAddress::makeIpv6rfc4193(nconf.networkId, m_com.issuedTo().address))));
}
} // namespace ZeroTier

49
core/Member.hpp
View file

@ -48,15 +48,13 @@ class Member {
* @param to Peer identity
* @param nconf My network config
*/
void pushCredentials(const Context& ctx, const CallContext& cc, const SharedPtr<Peer>& to, const NetworkConfig& nconf);
void
pushCredentials(const Context &ctx, const CallContext &cc, const SharedPtr<Peer> &to, const NetworkConfig &nconf);
/**
* @return Time we last pushed credentials to this member
*/
ZT_INLINE int64_t lastPushedCredentials() const noexcept
{
return m_lastPushedCredentials;
}
ZT_INLINE int64_t lastPushedCredentials() const noexcept { return m_lastPushedCredentials; }
/**
* Get a remote member's tag (if we have it)
@ -68,7 +66,9 @@ class Member {
ZT_INLINE const TagCredential *getTag(const NetworkConfig &nconf, const uint32_t id) const noexcept
{
Map<uint32_t, TagCredential>::const_iterator t(m_remoteTags.find(id));
return (((t != m_remoteTags.end()) && (m_isCredentialTimestampValid(nconf, t->second))) ? &(t->second) : (TagCredential*)0);
return (
((t != m_remoteTags.end()) && (m_isCredentialTimestampValid(nconf, t->second))) ? &(t->second)
: (TagCredential *)0);
}
/**
@ -112,7 +112,8 @@ class Member {
*/
ZT_INLINE bool certificateOfMembershipAgress(const MembershipCredential &localCom, const Identity &remoteIdentity)
{
if ((m_comAgreementLocalTimestamp == localCom.timestamp()) && (m_comAgreementRemoteTimestamp == m_com.timestamp()))
if ((m_comAgreementLocalTimestamp == localCom.timestamp())
&& (m_comAgreementRemoteTimestamp == m_com.timestamp()))
return true;
if (m_com.agreesWith(localCom)) {
// SECURITY: newer network controllers embed the full fingerprint into the COM. If we are
@ -142,30 +143,40 @@ class Member {
return false;
}
AddCredentialResult addCredential(const Context& ctx, const CallContext& cc, const Identity& sourcePeerIdentity, const NetworkConfig& nconf, const MembershipCredential& com);
AddCredentialResult addCredential(const Context& ctx, const CallContext& cc, const Identity& sourcePeerIdentity, const NetworkConfig& nconf, const TagCredential& tag);
AddCredentialResult addCredential(const Context& ctx, const CallContext& cc, const Identity& sourcePeerIdentity, const NetworkConfig& nconf, const CapabilityCredential& cap);
AddCredentialResult addCredential(const Context& ctx, const CallContext& cc, const Identity& sourcePeerIdentity, const NetworkConfig& nconf, const OwnershipCredential& coo);
AddCredentialResult addCredential(const Context& ctx, const CallContext& cc, const Identity& sourcePeerIdentity, const NetworkConfig& nconf, const RevocationCredential& rev);
AddCredentialResult addCredential(
const Context &ctx, const CallContext &cc, const Identity &sourcePeerIdentity, const NetworkConfig &nconf,
const MembershipCredential &com);
AddCredentialResult addCredential(
const Context &ctx, const CallContext &cc, const Identity &sourcePeerIdentity, const NetworkConfig &nconf,
const TagCredential &tag);
AddCredentialResult addCredential(
const Context &ctx, const CallContext &cc, const Identity &sourcePeerIdentity, const NetworkConfig &nconf,
const CapabilityCredential &cap);
AddCredentialResult addCredential(
const Context &ctx, const CallContext &cc, const Identity &sourcePeerIdentity, const NetworkConfig &nconf,
const OwnershipCredential &coo);
AddCredentialResult addCredential(
const Context &ctx, const CallContext &cc, const Identity &sourcePeerIdentity, const NetworkConfig &nconf,
const RevocationCredential &rev);
private:
// This returns true if a resource is an IPv6 NDP-emulated address. These embed the ZT
// address of the peer and therefore cannot be spoofed, causing peerOwnsAddress() to
// always return true for them. A certificate is not required for these.
ZT_INLINE bool m_isUnspoofableAddress(const NetworkConfig& nconf, const MAC& m) const noexcept
{
return false;
}
ZT_INLINE bool m_isUnspoofableAddress(const NetworkConfig &nconf, const MAC &m) const noexcept { return false; }
bool m_isUnspoofableAddress(const NetworkConfig &nconf, const InetAddress &ip) const noexcept;
// This compares the remote credential's timestamp to the timestamp in our network config
// plus or minus the permitted maximum timestamp delta.
template <typename C> ZT_INLINE bool m_isCredentialTimestampValid(const NetworkConfig& nconf, const C& remoteCredential) const noexcept
template <typename C>
ZT_INLINE bool m_isCredentialTimestampValid(const NetworkConfig &nconf, const C &remoteCredential) const noexcept
{
const int64_t ts = remoteCredential.revision();
if (((ts >= nconf.timestamp) ? (ts - nconf.timestamp) : (nconf.timestamp - ts)) <= nconf.credentialTimeMaxDelta) {
Map<uint64_t, int64_t>::const_iterator threshold(m_revocations.find(credentialKey(C::credentialType(), remoteCredential.id())));
if (((ts >= nconf.timestamp) ? (ts - nconf.timestamp) : (nconf.timestamp - ts))
<= nconf.credentialTimeMaxDelta) {
Map<uint64_t, int64_t>::const_iterator threshold(
m_revocations.find(credentialKey(C::credentialType(), remoteCredential.id())));
return ((threshold == m_revocations.end()) || (ts > threshold->second));
}
return false;

55
core/MembershipCredential.cpp
View file

@ -16,9 +16,7 @@
namespace ZeroTier {
MembershipCredential::MembershipCredential(
const int64_t timestamp,
const int64_t timestampMaxDelta,
const uint64_t nwid,
const int64_t timestamp, const int64_t timestampMaxDelta, const uint64_t nwid,
const Identity &issuedTo) noexcept
: // NOLINT(cppcoreguidelines-pro-type-member-init,hicpp-member-init)
m_timestamp(timestamp)
@ -44,10 +42,14 @@ bool MembershipCredential::agreesWith(const MembershipCredential& other) const n
}
// us <> them
for (FCV<p_Qualifier, ZT_MEMBERSHIP_CREDENTIAL_MAX_ADDITIONAL_QUALIFIERS>::const_iterator i(m_additionalQualifiers.begin()); i != m_additionalQualifiers.end(); ++i) {
for (FCV<p_Qualifier, ZT_MEMBERSHIP_CREDENTIAL_MAX_ADDITIONAL_QUALIFIERS>::const_iterator i(
m_additionalQualifiers.begin());
i != m_additionalQualifiers.end(); ++i) {
if (i->delta != 0xffffffffffffffffULL) {
const uint64_t *v2 = nullptr;
for (FCV<p_Qualifier, ZT_MEMBERSHIP_CREDENTIAL_MAX_ADDITIONAL_QUALIFIERS>::const_iterator j(other.m_additionalQualifiers.begin()); j != other.m_additionalQualifiers.end(); ++i) {
for (FCV<p_Qualifier, ZT_MEMBERSHIP_CREDENTIAL_MAX_ADDITIONAL_QUALIFIERS>::const_iterator j(
other.m_additionalQualifiers.begin());
j != other.m_additionalQualifiers.end(); ++i) {
if (j->id == i->id) {
v2 = &(j->value);
break;
@ -67,10 +69,14 @@ bool MembershipCredential::agreesWith(const MembershipCredential& other) const n
}
// them <> us (we need a second pass in case they have qualifiers we don't or vice versa)
for (FCV<p_Qualifier, ZT_MEMBERSHIP_CREDENTIAL_MAX_ADDITIONAL_QUALIFIERS>::const_iterator i(other.m_additionalQualifiers.begin()); i != other.m_additionalQualifiers.end(); ++i) {
for (FCV<p_Qualifier, ZT_MEMBERSHIP_CREDENTIAL_MAX_ADDITIONAL_QUALIFIERS>::const_iterator i(
other.m_additionalQualifiers.begin());
i != other.m_additionalQualifiers.end(); ++i) {
if (i->delta != 0xffffffffffffffffULL) {
const uint64_t *v2 = nullptr;
for (FCV<p_Qualifier, ZT_MEMBERSHIP_CREDENTIAL_MAX_ADDITIONAL_QUALIFIERS>::const_iterator j(m_additionalQualifiers.begin()); j != m_additionalQualifiers.end(); ++i) {
for (FCV<p_Qualifier, ZT_MEMBERSHIP_CREDENTIAL_MAX_ADDITIONAL_QUALIFIERS>::const_iterator j(
m_additionalQualifiers.begin());
j != m_additionalQualifiers.end(); ++i) {
if (j->id == i->id) {
v2 = &(j->value);
break;
@ -132,7 +138,8 @@ int MembershipCredential::marshal(uint8_t data[ZT_MEMBERSHIP_CREDENTIAL_MARSHAL_
Utils::storeBigEndian<uint16_t>(data + 1, 9);
for (int k = 0; k < 6; ++k) {
Utils::storeBigEndian<uint64_t>(data + p, (uint64_t)k + 3);
Utils::storeMachineEndian<uint64_t>(data + p + 8, Utils::loadMachineEndian<uint64_t>(m_issuedTo.hash + (k * 8)));
Utils::storeMachineEndian<uint64_t>(
data + p + 8, Utils::loadMachineEndian<uint64_t>(m_issuedTo.hash + (k * 8)));
Utils::storeMachineEndian<uint64_t>(data + p + 16, 0xffffffffffffffffULL);
p += 24;
}
@ -182,32 +189,18 @@ int MembershipCredential::unmarshal(const uint8_t* data, int len) noexcept
m_timestamp = (int64_t)value;
m_timestampMaxDelta = (int64_t)delta;
break;
case 1:
m_networkId = value;
break;
case 1: m_networkId = value; break;
case 2:
m_issuedTo.address = value;
break;
// V1 nodes will pack the hash into qualifier tuples.
case 3:
Utils::storeBigEndian<uint64_t>(m_issuedTo.hash, value);
break;
case 4:
Utils::storeBigEndian<uint64_t>(m_issuedTo.hash + 8, value);
break;
case 5:
Utils::storeBigEndian<uint64_t>(m_issuedTo.hash + 16, value);
break;
case 6:
Utils::storeBigEndian<uint64_t>(m_issuedTo.hash + 24, value);
break;
case 7:
Utils::storeBigEndian<uint64_t>(m_issuedTo.hash + 32, value);
break;
case 8:
Utils::storeBigEndian<uint64_t>(m_issuedTo.hash + 40, value);
break;
case 3: Utils::storeBigEndian<uint64_t>(m_issuedTo.hash, value); break;
case 4: Utils::storeBigEndian<uint64_t>(m_issuedTo.hash + 8, value); break;
case 5: Utils::storeBigEndian<uint64_t>(m_issuedTo.hash + 16, value); break;
case 6: Utils::storeBigEndian<uint64_t>(m_issuedTo.hash + 24, value); break;
case 7: Utils::storeBigEndian<uint64_t>(m_issuedTo.hash + 32, value); break;
case 8: Utils::storeBigEndian<uint64_t>(m_issuedTo.hash + 40, value); break;
default:
if (m_additionalQualifiers.size() >= ZT_MEMBERSHIP_CREDENTIAL_MAX_ADDITIONAL_QUALIFIERS)
@ -289,7 +282,9 @@ unsigned int MembershipCredential::m_fillSigningBuf(uint64_t* buf) const noexcep
buf[p++] = informational;
}
for (FCV<p_Qualifier, ZT_MEMBERSHIP_CREDENTIAL_MAX_ADDITIONAL_QUALIFIERS>::const_iterator i(m_additionalQualifiers.begin()); i != m_additionalQualifiers.end(); ++i) { // NOLINT(modernize-loop-convert)
for (FCV<p_Qualifier, ZT_MEMBERSHIP_CREDENTIAL_MAX_ADDITIONAL_QUALIFIERS>::const_iterator i(
m_additionalQualifiers.begin());
i != m_additionalQualifiers.end(); ++i) { // NOLINT(modernize-loop-convert)
buf[p++] = Utils::hton(i->id);
buf[p++] = Utils::hton(i->value);
buf[p++] = Utils::hton(i->delta);

68
core/MembershipCredential.hpp
View file

@ -30,7 +30,8 @@
#define ZT_MEMBERSHIP_CREDENTIAL_MAX_ADDITIONAL_QUALIFIERS 8
// version + qualifier count + three required qualifiers + additional qualifiers +
#define ZT_MEMBERSHIP_CREDENTIAL_MARSHAL_SIZE_MAX (1 + 2 + (3 * 3 * 8) + (ZT_MEMBERSHIP_CREDENTIAL_MAX_ADDITIONAL_QUALIFIERS * 3 * 8) + 144 + 5 + 2 + 96)
#define ZT_MEMBERSHIP_CREDENTIAL_MARSHAL_SIZE_MAX \
(1 + 2 + (3 * 3 * 8) + (ZT_MEMBERSHIP_CREDENTIAL_MAX_ADDITIONAL_QUALIFIERS * 3 * 8) + 144 + 5 + 2 + 96)
namespace ZeroTier {
@ -100,18 +101,12 @@ class MembershipCredential : public Credential {
friend class Credential;
public:
static constexpr ZT_CredentialType credentialType() noexcept
{
return ZT_CREDENTIAL_TYPE_COM;
}
static constexpr ZT_CredentialType credentialType() noexcept { return ZT_CREDENTIAL_TYPE_COM; }
/**
* Create an empty certificate of membership
*/
ZT_INLINE MembershipCredential() noexcept
{
memoryZero(this);
}
ZT_INLINE MembershipCredential() noexcept { memoryZero(this); }
/**
* Create from required fields common to all networks
@ -121,60 +116,40 @@ class MembershipCredential : public Credential {
* @param nwid Network ID
* @param issuedTo Certificate recipient
*/
MembershipCredential(int64_t timestamp, int64_t timestampMaxDelta, uint64_t nwid, const Identity& issuedTo) noexcept;
MembershipCredential(
int64_t timestamp, int64_t timestampMaxDelta, uint64_t nwid, const Identity &issuedTo) noexcept;
/**
* @return True if there's something here
*/
ZT_INLINE operator bool() const noexcept
{
return (m_networkId != 0);
}
ZT_INLINE operator bool() const noexcept { return (m_networkId != 0); }
/**
* @return Credential ID, always 0 for COMs
*/
ZT_INLINE uint32_t id() const noexcept
{
return 0;
}
ZT_INLINE uint32_t id() const noexcept { return 0; }
/**
* @return Timestamp for this cert and maximum delta for timestamp
*/
ZT_INLINE int64_t timestamp() const noexcept
{
return m_timestamp;
}
ZT_INLINE int64_t timestamp() const noexcept { return m_timestamp; }
ZT_INLINE int64_t revision() const noexcept
{
return m_timestamp;
}
ZT_INLINE int64_t revision() const noexcept { return m_timestamp; }
/**
* @return Maximum allowed difference between timestamps
*/
ZT_INLINE int64_t timestampMaxDelta() const noexcept
{
return m_timestampMaxDelta;
}
ZT_INLINE int64_t timestampMaxDelta() const noexcept { return m_timestampMaxDelta; }
/**
* @return Fingerprint of identity to which this cert was issued
*/
ZT_INLINE const Fingerprint& issuedTo() const noexcept
{
return m_issuedTo;
}
ZT_INLINE const Fingerprint &issuedTo() const noexcept { return m_issuedTo; }
/**
* @return Network ID for which this cert was issued
*/
ZT_INLINE uint64_t networkId() const noexcept
{
return m_networkId;
}
ZT_INLINE uint64_t networkId() const noexcept { return m_networkId; }
/**
* Compare two certificates for parameter agreement
@ -210,10 +185,7 @@ class MembershipCredential : public Credential {
return s_verify(ctx, cc, *this);
}
static constexpr int marshalSizeMax() noexcept
{
return ZT_MEMBERSHIP_CREDENTIAL_MARSHAL_SIZE_MAX;
}
static constexpr int marshalSizeMax() noexcept { return ZT_MEMBERSHIP_CREDENTIAL_MARSHAL_SIZE_MAX; }
int marshal(uint8_t data[ZT_MEMBERSHIP_CREDENTIAL_MARSHAL_SIZE_MAX], bool v2 = false) const noexcept;
int unmarshal(const uint8_t *data, int len) noexcept;
@ -222,12 +194,7 @@ class MembershipCredential : public Credential {
unsigned int m_fillSigningBuf(uint64_t *buf) const noexcept;
struct p_Qualifier {
ZT_INLINE p_Qualifier() noexcept
: id(0)
, value(0)
, delta(0)
{
}
ZT_INLINE p_Qualifier() noexcept : id(0), value(0), delta(0) {}
ZT_INLINE p_Qualifier(const uint64_t id_, const uint64_t value_, const uint64_t delta_) noexcept
: id(id_)
@ -239,10 +206,7 @@ class MembershipCredential : public Credential {
uint64_t id;
uint64_t value;
uint64_t delta;
ZT_INLINE bool operator<(const p_Qualifier& q) const noexcept
{
return (id < q.id);
} // sort order
ZT_INLINE bool operator<(const p_Qualifier &q) const noexcept { return (id < q.id); } // sort order
};
FCV<p_Qualifier, ZT_MEMBERSHIP_CREDENTIAL_MAX_ADDITIONAL_QUALIFIERS> m_additionalQualifiers;

7
core/Meter.hpp
View file

@ -41,9 +41,7 @@ template <int64_t TUNIT = 1000, unsigned long LSIZE = 10> class Meter {
*
* @param now Start time
*/
ZT_INLINE Meter() noexcept
{
}
ZT_INLINE Meter() noexcept {}
/**
* Add a measurement
@ -58,7 +56,8 @@ template <int64_t TUNIT = 1000, unsigned long LSIZE = 10> class Meter {
// to it.
const unsigned long bucket = ((unsigned long)(ts / TUNIT)) % LSIZE;
if (unlikely(m_bucket.exchange(bucket, std::memory_order_relaxed) != bucket)) {
m_totalExclCounts.fetch_add(m_counts[bucket].exchange(count, std::memory_order_relaxed), std::memory_order_relaxed);
m_totalExclCounts.fetch_add(
m_counts[bucket].exchange(count, std::memory_order_relaxed), std::memory_order_relaxed);
}
else {
m_counts[bucket].fetch_add(count, std::memory_order_relaxed);

45
core/MulticastGroup.hpp
View file

@ -39,17 +39,9 @@ namespace ZeroTier {
*/
class MulticastGroup : public TriviallyCopyable {
public:
ZT_INLINE MulticastGroup() noexcept
: m_mac()
, m_adi(0)
{
}
ZT_INLINE MulticastGroup() noexcept : m_mac(), m_adi(0) {}
ZT_INLINE MulticastGroup(const MAC& m, uint32_t a) noexcept
: m_mac(m)
, m_adi(a)
{
}
ZT_INLINE MulticastGroup(const MAC &m, uint32_t a) noexcept : m_mac(m), m_adi(a) {}
/**
* Derive the multicast group used for address resolution (ARP/NDP) for an IP
@ -71,7 +63,8 @@ class MulticastGroup : public TriviallyCopyable {
// multicast address directly from the IP address, and it gives us
// 24 bits of uniqueness. Collisions aren't likely to be common enough
// to care about.
const uint8_t* const a = reinterpret_cast<const uint8_t*>(ip.rawIpData()); // NOLINT(hicpp-use-auto,modernize-use-auto)
const uint8_t *const a =
reinterpret_cast<const uint8_t *>(ip.rawIpData()); // NOLINT(hicpp-use-auto,modernize-use-auto)
return MulticastGroup(MAC(0x33, 0x33, 0xff, a[13], a[14], a[15]), 0);
}
return MulticastGroup(); // NOLINT(modernize-return-braced-init-list)
@ -80,19 +73,13 @@ class MulticastGroup : public TriviallyCopyable {
/**
* @return Ethernet MAC portion of multicast group
*/
ZT_INLINE const MAC& mac() const noexcept
{
return m_mac;
}
ZT_INLINE const MAC &mac() const noexcept { return m_mac; }
/**
* @return Additional distinguishing information, which is normally zero except for IPv4 ARP where it's the IPv4
* address
*/
ZT_INLINE uint32_t adi() const
{
return m_adi;
}
ZT_INLINE uint32_t adi() const { return m_adi; }
ZT_INLINE bool operator==(const MulticastGroup &g) const noexcept
{
@ -113,25 +100,13 @@ class MulticastGroup : public TriviallyCopyable {
return false;
}
ZT_INLINE bool operator>(const MulticastGroup& g) const noexcept
{
return (g < *this);
}
ZT_INLINE bool operator>(const MulticastGroup &g) const noexcept { return (g < *this); }
ZT_INLINE bool operator<=(const MulticastGroup& g) const noexcept
{
return ! (g < *this);
}
ZT_INLINE bool operator<=(const MulticastGroup &g) const noexcept { return !(g < *this); }
ZT_INLINE bool operator>=(const MulticastGroup& g) const noexcept
{
return ! (*this < g);
}
ZT_INLINE bool operator>=(const MulticastGroup &g) const noexcept { return !(*this < g); }
ZT_INLINE unsigned long hashCode() const noexcept
{
return (m_mac.hashCode() + (unsigned long)m_adi);
}
ZT_INLINE unsigned long hashCode() const noexcept { return (m_mac.hashCode() + (unsigned long)m_adi); }
private:
MAC m_mac;

167
core/Mutex.hpp
View file

@ -39,63 +39,29 @@ namespace ZeroTier {
class Mutex {
public:
#ifdef ZT_USE_PTHREADS
ZT_INLINE Mutex() noexcept
{
pthread_mutex_init(&_mh, nullptr);
}
ZT_INLINE ~Mutex() noexcept
{
pthread_mutex_destroy(&_mh);
}
ZT_INLINE void lock() const noexcept
{
pthread_mutex_lock(&((const_cast<Mutex*>(this))->_mh));
}
ZT_INLINE void unlock() const noexcept
{
pthread_mutex_unlock(&((const_cast<Mutex*>(this))->_mh));
}
ZT_INLINE Mutex() noexcept { pthread_mutex_init(&_mh, nullptr); }
ZT_INLINE ~Mutex() noexcept { pthread_mutex_destroy(&_mh); }
ZT_INLINE void lock() const noexcept { pthread_mutex_lock(&((const_cast<Mutex *>(this))->_mh)); }
ZT_INLINE void unlock() const noexcept { pthread_mutex_unlock(&((const_cast<Mutex *>(this))->_mh)); }
#else
ZT_INLINE Mutex() noexcept : _m()
{
}
ZT_INLINE void lock() const noexcept
{
const_cast<Mutex*>(this)->_m.lock();
}
ZT_INLINE void unlock() const noexcept
{
const_cast<Mutex*>(this)->_m.unlock();
}
ZT_INLINE Mutex() noexcept : _m() {}
ZT_INLINE void lock() const noexcept { const_cast<Mutex *>(this)->_m.lock(); }
ZT_INLINE void unlock() const noexcept { const_cast<Mutex *>(this)->_m.unlock(); }
#endif
class Lock {
public:
explicit ZT_INLINE Lock(Mutex& m) noexcept : _m(&m)
{
m.lock();
}
explicit ZT_INLINE Lock(const Mutex& m) noexcept : _m(const_cast<Mutex*>(&m))
{
_m->lock();
}
ZT_INLINE ~Lock()
{
_m->unlock();
}
explicit ZT_INLINE Lock(Mutex &m) noexcept : _m(&m) { m.lock(); }
explicit ZT_INLINE Lock(const Mutex &m) noexcept : _m(const_cast<Mutex *>(&m)) { _m->lock(); }
ZT_INLINE ~Lock() { _m->unlock(); }
private:
Mutex *const _m;
};
private:
ZT_INLINE Mutex(const Mutex&) noexcept
{
}
ZT_INLINE const Mutex& operator=(const Mutex&) noexcept
{
return *this;
}
ZT_INLINE Mutex(const Mutex &) noexcept {}
ZT_INLINE const Mutex &operator=(const Mutex &) noexcept { return *this; }
#ifdef ZT_USE_PTHREADS
pthread_mutex_t _mh;
@ -110,50 +76,18 @@ class Mutex {
class RWMutex {
public:
#ifdef ZT_USE_PTHREADS
ZT_INLINE RWMutex() noexcept
{
pthread_rwlock_init(&_mh, nullptr);
}
ZT_INLINE ~RWMutex() noexcept
{
pthread_rwlock_destroy(&_mh);
}
ZT_INLINE void lock() const noexcept
{
pthread_rwlock_wrlock(&((const_cast<RWMutex*>(this))->_mh));
}
ZT_INLINE void rlock() const noexcept
{
pthread_rwlock_rdlock(&((const_cast<RWMutex*>(this))->_mh));
}
ZT_INLINE void unlock() const noexcept
{
pthread_rwlock_unlock(&((const_cast<RWMutex*>(this))->_mh));
}
ZT_INLINE void runlock() const noexcept
{
pthread_rwlock_unlock(&((const_cast<RWMutex*>(this))->_mh));
}
ZT_INLINE RWMutex() noexcept { pthread_rwlock_init(&_mh, nullptr); }
ZT_INLINE ~RWMutex() noexcept { pthread_rwlock_destroy(&_mh); }
ZT_INLINE void lock() const noexcept { pthread_rwlock_wrlock(&((const_cast<RWMutex *>(this))->_mh)); }
ZT_INLINE void rlock() const noexcept { pthread_rwlock_rdlock(&((const_cast<RWMutex *>(this))->_mh)); }
ZT_INLINE void unlock() const noexcept { pthread_rwlock_unlock(&((const_cast<RWMutex *>(this))->_mh)); }
ZT_INLINE void runlock() const noexcept { pthread_rwlock_unlock(&((const_cast<RWMutex *>(this))->_mh)); }
#else
ZT_INLINE RWMutex() noexcept : _m()
{
}
ZT_INLINE void lock() const noexcept
{
const_cast<RWMutex*>(this)->_m.lock();
}
ZT_INLINE void rlock() const noexcept
{
const_cast<RWMutex*>(this)->_m.lock_shared();
}
ZT_INLINE void unlock() const noexcept
{
const_cast<RWMutex*>(this)->_m.unlock();
}
ZT_INLINE void runlock() const noexcept
{
const_cast<RWMutex*>(this)->_m.unlock_shared();
}
ZT_INLINE RWMutex() noexcept : _m() {}
ZT_INLINE void lock() const noexcept { const_cast<RWMutex *>(this)->_m.lock(); }
ZT_INLINE void rlock() const noexcept { const_cast<RWMutex *>(this)->_m.lock_shared(); }
ZT_INLINE void unlock() const noexcept { const_cast<RWMutex *>(this)->_m.unlock(); }
ZT_INLINE void runlock() const noexcept { const_cast<RWMutex *>(this)->_m.unlock_shared(); }
#endif
/**
@ -161,18 +95,9 @@ class RWMutex {
*/
class RLock {
public:
explicit ZT_INLINE RLock(RWMutex& m) noexcept : _m(&m)
{
m.rlock();
}
explicit ZT_INLINE RLock(const RWMutex& m) noexcept : _m(const_cast<RWMutex*>(&m))
{
_m->rlock();
}
ZT_INLINE ~RLock()
{
_m->runlock();
}
explicit ZT_INLINE RLock(RWMutex &m) noexcept : _m(&m) { m.rlock(); }
explicit ZT_INLINE RLock(const RWMutex &m) noexcept : _m(const_cast<RWMutex *>(&m)) { _m->rlock(); }
ZT_INLINE ~RLock() { _m->runlock(); }
private:
RWMutex *const _m;
@ -183,18 +108,9 @@ class RWMutex {
*/
class Lock {
public:
explicit ZT_INLINE Lock(RWMutex& m) noexcept : _m(&m)
{
m.lock();
}
explicit ZT_INLINE Lock(const RWMutex& m) noexcept : _m(const_cast<RWMutex*>(&m))
{
_m->lock();
}
ZT_INLINE ~Lock()
{
_m->unlock();
}
explicit ZT_INLINE Lock(RWMutex &m) noexcept : _m(&m) { m.lock(); }
explicit ZT_INLINE Lock(const RWMutex &m) noexcept : _m(const_cast<RWMutex *>(&m)) { _m->lock(); }
ZT_INLINE ~Lock() { _m->unlock(); }
private:
RWMutex *const _m;
@ -211,15 +127,8 @@ class RWMutex {
*/
class RMaybeWLock {
public:
explicit ZT_INLINE RMaybeWLock(RWMutex& m) noexcept
: _m(&m)
, _w(false)
{
m.rlock();
}
explicit ZT_INLINE RMaybeWLock(const RWMutex& m) noexcept
: _m(const_cast<RWMutex*>(&m))
, _w(false)
explicit ZT_INLINE RMaybeWLock(RWMutex &m) noexcept : _m(&m), _w(false) { m.rlock(); }
explicit ZT_INLINE RMaybeWLock(const RWMutex &m) noexcept : _m(const_cast<RWMutex *>(&m)), _w(false)
{
_m->rlock();
}
@ -239,10 +148,7 @@ class RWMutex {
_m->rlock();
}
}
ZT_INLINE bool isWriting() const noexcept
{
return _w;
}
ZT_INLINE bool isWriting() const noexcept { return _w; }
ZT_INLINE ~RMaybeWLock()
{
if (_w)
@ -257,13 +163,8 @@ class RWMutex {
};
private:
ZT_INLINE RWMutex(const RWMutex&) noexcept
{
}
ZT_INLINE const RWMutex& operator=(const RWMutex&) noexcept
{
return *this;
}
ZT_INLINE RWMutex(const RWMutex &) noexcept {}
ZT_INLINE const RWMutex &operator=(const RWMutex &) noexcept { return *this; }
#ifdef ZT_USE_PTHREADS
pthread_rwlock_t _mh;

263
core/Network.cpp
View file

@ -54,29 +54,27 @@ bool _ipv6GetPayload(const uint8_t* frameData, unsigned int frameLen, unsigned i
// case 44: // fragment -- we currently can't parse these and they are deprecated in IPv6 anyway
// case 50:
// case 51: // IPSec ESP and AH -- we have to stop here since this is encrypted stuff
default:
return true;
default: return true;
}
}
return false; // overflow == invalid
}
enum _doZtFilterResult { DOZTFILTER_NO_MATCH, DOZTFILTER_DROP, DOZTFILTER_REDIRECT, DOZTFILTER_ACCEPT, DOZTFILTER_SUPER_ACCEPT };
enum _doZtFilterResult {
DOZTFILTER_NO_MATCH,
DOZTFILTER_DROP,
DOZTFILTER_REDIRECT,
DOZTFILTER_ACCEPT,
DOZTFILTER_SUPER_ACCEPT
};
ZT_INLINE _doZtFilterResult _doZtFilter(
const Context& ctx,
Trace::RuleResultLog& rrl,
const NetworkConfig& nconf,
const Context &ctx, Trace::RuleResultLog &rrl, const NetworkConfig &nconf,
const Member *membership, // can be NULL
const bool inbound,
const Address& ztSource,
const bool inbound, const Address &ztSource,
Address &ztDest, // MUTABLE -- is changed on REDIRECT actions
const MAC& macSource,
const MAC& macDest,
const uint8_t* const frameData,
const unsigned int frameLen,
const unsigned int etherType,
const unsigned int vlanId,
const MAC &macSource, const MAC &macDest, const uint8_t *const frameData, const unsigned int frameLen,
const unsigned int etherType, const unsigned int vlanId,
const ZT_VirtualNetworkRule *rules, // cannot be NULL
const unsigned int ruleCount,
Address &cc, // MUTABLE -- set to TEE destination if TEE action is taken or left alone otherwise
@ -101,11 +99,12 @@ ZT_INLINE _doZtFilterResult _doZtFilter(
if (thisSetMatches) {
switch (rt) {
case ZT_NETWORK_RULE_ACTION_PRIORITY:
qosBucket = (rules[rn].v.qosBucket >= 0 && rules[rn].v.qosBucket <= 8) ? rules[rn].v.qosBucket : 4; // 4 = default bucket (no priority)
qosBucket = (rules[rn].v.qosBucket >= 0 && rules[rn].v.qosBucket <= 8)
? rules[rn].v.qosBucket
: 4; // 4 = default bucket (no priority)
return DOZTFILTER_ACCEPT;
case ZT_NETWORK_RULE_ACTION_DROP:
return DOZTFILTER_DROP;
case ZT_NETWORK_RULE_ACTION_DROP: return DOZTFILTER_DROP;
case ZT_NETWORK_RULE_ACTION_ACCEPT:
return (superAccept ? DOZTFILTER_SUPER_ACCEPT : DOZTFILTER_ACCEPT); // match, accept packet
@ -134,7 +133,11 @@ ZT_INLINE _doZtFilterResult _doZtFilter(
}
else {
cc = fwdAddr;
ccLength = (rules[rn].v.fwd.length != 0) ? ((frameLen < (unsigned int)rules[rn].v.fwd.length) ? frameLen : (unsigned int)rules[rn].v.fwd.length) : frameLen;
ccLength = (rules[rn].v.fwd.length != 0)
? ((frameLen < (unsigned int)rules[rn].v.fwd.length)
? frameLen
: (unsigned int)rules[rn].v.fwd.length)
: frameLen;
ccWatch = (rt == ZT_NETWORK_RULE_ACTION_WATCH);
}
}
@ -145,8 +148,7 @@ ZT_INLINE _doZtFilterResult _doZtFilter(
return DOZTFILTER_NO_MATCH;
// Unrecognized ACTIONs are ignored as no-ops
default:
continue;
default: continue;
}
}
else {
@ -161,8 +163,7 @@ ZT_INLINE _doZtFilterResult _doZtFilter(
if (ctx.identity.address().toInt() == rules[rn].v.fwd.address)
superAccept = true;
break;
default:
break;
default: break;
}
}
@ -180,7 +181,8 @@ ZT_INLINE _doZtFilterResult _doZtFilter(
// If this was not an ACTION evaluate next MATCH and update thisSetMatches with (AND [result])
uint8_t thisRuleMatches = 0;
uint64_t ownershipVerificationMask = 1; // this magic value means it hasn't been computed yet -- this is done lazily the first time it's needed
uint64_t ownershipVerificationMask =
1; // this magic value means it hasn't been computed yet -- this is done lazily the first time it's needed
switch (rt) {
case ZT_NETWORK_RULE_MATCH_SOURCE_ZEROTIER_ADDRESS:
thisRuleMatches = (uint8_t)(rules[rn].v.zt == ztSource.toInt());
@ -202,12 +204,12 @@ ZT_INLINE _doZtFilterResult _doZtFilter(
case ZT_NETWORK_RULE_MATCH_MAC_SOURCE:
thisRuleMatches = (uint8_t)(MAC(rules[rn].v.mac) == macSource);
break;
case ZT_NETWORK_RULE_MATCH_MAC_DEST:
thisRuleMatches = (uint8_t)(MAC(rules[rn].v.mac) == macDest);
break;
case ZT_NETWORK_RULE_MATCH_MAC_DEST: thisRuleMatches = (uint8_t)(MAC(rules[rn].v.mac) == macDest); break;
case ZT_NETWORK_RULE_MATCH_IPV4_SOURCE:
if ((etherType == ZT_ETHERTYPE_IPV4) && (frameLen >= 20)) {
thisRuleMatches = (uint8_t)(InetAddress((const void*)&(rules[rn].v.ipv4.ip), 4, rules[rn].v.ipv4.mask).containsAddress(InetAddress((const void*)(frameData + 12), 4, 0)));
thisRuleMatches =
(uint8_t)(InetAddress((const void *)&(rules[rn].v.ipv4.ip), 4, rules[rn].v.ipv4.mask)
.containsAddress(InetAddress((const void *)(frameData + 12), 4, 0)));
}
else {
thisRuleMatches = 0;
@ -215,7 +217,9 @@ ZT_INLINE _doZtFilterResult _doZtFilter(
break;
case ZT_NETWORK_RULE_MATCH_IPV4_DEST:
if ((etherType == ZT_ETHERTYPE_IPV4) && (frameLen >= 20)) {
thisRuleMatches = (uint8_t)(InetAddress((const void*)&(rules[rn].v.ipv4.ip), 4, rules[rn].v.ipv4.mask).containsAddress(InetAddress((const void*)(frameData + 16), 4, 0)));
thisRuleMatches =
(uint8_t)(InetAddress((const void *)&(rules[rn].v.ipv4.ip), 4, rules[rn].v.ipv4.mask)
.containsAddress(InetAddress((const void *)(frameData + 16), 4, 0)));
}
else {
thisRuleMatches = 0;
@ -223,7 +227,9 @@ ZT_INLINE _doZtFilterResult _doZtFilter(
break;
case ZT_NETWORK_RULE_MATCH_IPV6_SOURCE:
if ((etherType == ZT_ETHERTYPE_IPV6) && (frameLen >= 40)) {
thisRuleMatches = (uint8_t)(InetAddress((const void*)rules[rn].v.ipv6.ip, 16, rules[rn].v.ipv6.mask).containsAddress(InetAddress((const void*)(frameData + 8), 16, 0)));
thisRuleMatches =
(uint8_t)(InetAddress((const void *)rules[rn].v.ipv6.ip, 16, rules[rn].v.ipv6.mask)
.containsAddress(InetAddress((const void *)(frameData + 8), 16, 0)));
}
else {
thisRuleMatches = 0;
@ -231,7 +237,9 @@ ZT_INLINE _doZtFilterResult _doZtFilter(
break;
case ZT_NETWORK_RULE_MATCH_IPV6_DEST:
if ((etherType == ZT_ETHERTYPE_IPV6) && (frameLen >= 40)) {
thisRuleMatches = (uint8_t)(InetAddress((const void*)rules[rn].v.ipv6.ip, 16, rules[rn].v.ipv6.mask).containsAddress(InetAddress((const void*)(frameData + 24), 16, 0)));
thisRuleMatches =
(uint8_t)(InetAddress((const void *)rules[rn].v.ipv6.ip, 16, rules[rn].v.ipv6.mask)
.containsAddress(InetAddress((const void *)(frameData + 24), 16, 0)));
}
else {
thisRuleMatches = 0;
@ -240,11 +248,14 @@ ZT_INLINE _doZtFilterResult _doZtFilter(
case ZT_NETWORK_RULE_MATCH_IP_TOS:
if ((etherType == ZT_ETHERTYPE_IPV4) && (frameLen >= 20)) {
const uint8_t tosMasked = frameData[1] & rules[rn].v.ipTos.mask;
thisRuleMatches = (uint8_t)((tosMasked >= rules[rn].v.ipTos.value[0]) && (tosMasked <= rules[rn].v.ipTos.value[1]));
thisRuleMatches =
(uint8_t)((tosMasked >= rules[rn].v.ipTos.value[0]) && (tosMasked <= rules[rn].v.ipTos.value[1]));
}
else if ((etherType == ZT_ETHERTYPE_IPV6) && (frameLen >= 40)) {
const uint8_t tosMasked = (((frameData[0] << 4U) & 0xf0U) | ((frameData[1] >> 4U) & 0x0fU)) & rules[rn].v.ipTos.mask;
thisRuleMatches = (uint8_t)((tosMasked >= rules[rn].v.ipTos.value[0]) && (tosMasked <= rules[rn].v.ipTos.value[1]));
const uint8_t tosMasked =
(((frameData[0] << 4U) & 0xf0U) | ((frameData[1] >> 4U) & 0x0fU)) & rules[rn].v.ipTos.mask;
thisRuleMatches =
(uint8_t)((tosMasked >= rules[rn].v.ipTos.value[0]) && (tosMasked <= rules[rn].v.ipTos.value[1]));
}
else {
thisRuleMatches = 0;
@ -335,14 +346,17 @@ ZT_INLINE _doZtFilterResult _doZtFilter(
case 0x84: // SCTP
case 0x88: // UDPLite
if (frameLen > (headerLen + 4)) {
unsigned int pos = headerLen + ((rt == ZT_NETWORK_RULE_MATCH_IP_DEST_PORT_RANGE) ? 2 : 0);
unsigned int pos =
headerLen + ((rt == ZT_NETWORK_RULE_MATCH_IP_DEST_PORT_RANGE) ? 2 : 0);
p = (int)(frameData[pos++] << 8U);
p |= (int)frameData[pos];
}
break;
}
thisRuleMatches = (p >= 0) ? (uint8_t)((p >= (int)rules[rn].v.port[0]) && (p <= (int)rules[rn].v.port[1])) : (uint8_t)0;
thisRuleMatches =
(p >= 0) ? (uint8_t)((p >= (int)rules[rn].v.port[0]) && (p <= (int)rules[rn].v.port[1]))
: (uint8_t)0;
}
else if (etherType == ZT_ETHERTYPE_IPV6) {
unsigned int pos = 0, proto = 0;
@ -362,7 +376,9 @@ ZT_INLINE _doZtFilterResult _doZtFilter(
}
break;
}
thisRuleMatches = (p > 0) ? (uint8_t)((p >= (int)rules[rn].v.port[0]) && (p <= (int)rules[rn].v.port[1])) : (uint8_t)0;
thisRuleMatches =
(p > 0) ? (uint8_t)((p >= (int)rules[rn].v.port[0]) && (p <= (int)rules[rn].v.port[1]))
: (uint8_t)0;
}
else {
thisRuleMatches = 0;
@ -387,7 +403,8 @@ ZT_INLINE _doZtFilterResult _doZtFilter(
else if ((etherType == ZT_ETHERTYPE_IPV6) && (frameLen >= 40)) {
// IPv6 NDP requires special handling, since the src and dest IPs in the packet are empty or
// link-local.
if ((frameLen >= (40 + 8 + 16)) && (frameData[6] == 0x3a) && ((frameData[40] == 0x87) || (frameData[40] == 0x88))) {
if ((frameLen >= (40 + 8 + 16)) && (frameData[6] == 0x3a)
&& ((frameData[40] == 0x87) || (frameData[40] == 0x88))) {
if (frameData[40] == 0x87) {
// Neighbor solicitations contain no reliable source address, so we implement a small
// hack by considering them authenticated. Otherwise you would pretty much have to do
@ -445,16 +462,20 @@ ZT_INLINE _doZtFilterResult _doZtFilter(
thisRuleMatches = (uint8_t)((frameLen >= (unsigned int)rules[rn].v.frameSize[0]) && (frameLen <= (unsigned int)rules[rn].v.frameSize[1]));
break;
case ZT_NETWORK_RULE_MATCH_RANDOM:
thisRuleMatches = (uint8_t)((uint32_t)(Utils::random() & 0xffffffffULL) <= rules[rn].v.randomProbability);
thisRuleMatches =
(uint8_t)((uint32_t)(Utils::random() & 0xffffffffULL) <= rules[rn].v.randomProbability);
break;
case ZT_NETWORK_RULE_MATCH_TAGS_DIFFERENCE:
case ZT_NETWORK_RULE_MATCH_TAGS_BITWISE_AND:
case ZT_NETWORK_RULE_MATCH_TAGS_BITWISE_OR:
case ZT_NETWORK_RULE_MATCH_TAGS_BITWISE_XOR:
case ZT_NETWORK_RULE_MATCH_TAGS_EQUAL: {
const TagCredential* const localTag = std::lower_bound(&(nconf.tags[0]), &(nconf.tags[nconf.tagCount]), rules[rn].v.tag.id, TagCredential::IdComparePredicate());
const TagCredential *const localTag = std::lower_bound(
&(nconf.tags[0]), &(nconf.tags[nconf.tagCount]), rules[rn].v.tag.id,
TagCredential::IdComparePredicate());
if ((localTag != &(nconf.tags[nconf.tagCount])) && (localTag->id() == rules[rn].v.tag.id)) {
const TagCredential* const remoteTag = ((membership) ? membership->getTag(nconf, rules[rn].v.tag.id) : (const TagCredential*)0);
const TagCredential *const remoteTag =
((membership) ? membership->getTag(nconf, rules[rn].v.tag.id) : (const TagCredential *)0);
if (remoteTag) {
const uint32_t ltv = localTag->value();
const uint32_t rtv = remoteTag->value();
@ -472,7 +493,8 @@ ZT_INLINE _doZtFilterResult _doZtFilter(
thisRuleMatches = (uint8_t)((ltv ^ rtv) == rules[rn].v.tag.value);
}
else if (rt == ZT_NETWORK_RULE_MATCH_TAGS_EQUAL) {
thisRuleMatches = (uint8_t)((ltv == rules[rn].v.tag.value) && (rtv == rules[rn].v.tag.value));
thisRuleMatches =
(uint8_t)((ltv == rules[rn].v.tag.value) && (rtv == rules[rn].v.tag.value));
}
else { // sanity check, can't really happen
thisRuleMatches = 0;
@ -501,8 +523,11 @@ ZT_INLINE _doZtFilterResult _doZtFilter(
if (superAccept) {
thisRuleMatches = 1;
}
else if (((rt == ZT_NETWORK_RULE_MATCH_TAG_SENDER) && (inbound)) || ((rt == ZT_NETWORK_RULE_MATCH_TAG_RECEIVER) && (! inbound))) {
const TagCredential* const remoteTag = ((membership) ? membership->getTag(nconf, rules[rn].v.tag.id) : (const TagCredential*)0);
else if (
((rt == ZT_NETWORK_RULE_MATCH_TAG_SENDER) && (inbound))
|| ((rt == ZT_NETWORK_RULE_MATCH_TAG_RECEIVER) && (!inbound))) {
const TagCredential *const remoteTag =
((membership) ? membership->getTag(nconf, rules[rn].v.tag.id) : (const TagCredential *)0);
if (remoteTag) {
thisRuleMatches = (uint8_t)(remoteTag->value() == rules[rn].v.tag.value);
}
@ -518,7 +543,9 @@ ZT_INLINE _doZtFilterResult _doZtFilter(
}
}
else { // sender and outbound or receiver and inbound
const TagCredential* const localTag = std::lower_bound(&(nconf.tags[0]), &(nconf.tags[nconf.tagCount]), rules[rn].v.tag.id, TagCredential::IdComparePredicate());
const TagCredential *const localTag = std::lower_bound(
&(nconf.tags[0]), &(nconf.tags[nconf.tagCount]), rules[rn].v.tag.id,
TagCredential::IdComparePredicate());
if ((localTag != &(nconf.tags[nconf.tagCount])) && (localTag->id() == rules[rn].v.tag.id)) {
thisRuleMatches = (uint8_t)(localTag->value() == rules[rn].v.tag.value);
}
@ -561,7 +588,8 @@ ZT_INLINE _doZtFilterResult _doZtFilter(
// The result of an unsupported MATCH is configurable at the network
// level via a flag.
default:
thisRuleMatches = (uint8_t)((nconf.flags & ZT_NETWORKCONFIG_FLAG_RULES_RESULT_OF_UNSUPPORTED_MATCH) != 0);
thisRuleMatches =
(uint8_t)((nconf.flags & ZT_NETWORKCONFIG_FLAG_RULES_RESULT_OF_UNSUPPORTED_MATCH) != 0);
break;
}
@ -580,7 +608,9 @@ ZT_INLINE _doZtFilterResult _doZtFilter(
const ZeroTier::MulticastGroup Network::BROADCAST(ZeroTier::MAC(0xffffffffffffULL), 0);
Network::Network(const Context& ctx, const CallContext& cc, uint64_t nwid, const Fingerprint& controllerFingerprint, void* uptr, const NetworkConfig* nconf)
Network::Network(
const Context &ctx, const CallContext &cc, uint64_t nwid, const Fingerprint &controllerFingerprint, void *uptr,
const NetworkConfig *nconf)
: m_ctx(ctx)
, m_uPtr(uptr)
, m_id(nwid)
@ -632,7 +662,9 @@ Network::Network(const Context& ctx, const CallContext& cc, uint64_t nwid, const
if (!m_portInitialized) {
ZT_VirtualNetworkConfig ctmp;
m_externalConfig(&ctmp);
m_ctx.cb.virtualNetworkConfigFunction(reinterpret_cast<ZT_Node*>(m_ctx.node), m_ctx.uPtr, cc.tPtr, m_id, &m_uPtr, ZT_VIRTUAL_NETWORK_CONFIG_OPERATION_UP, &ctmp);
m_ctx.cb.virtualNetworkConfigFunction(
reinterpret_cast<ZT_Node *>(m_ctx.node), m_ctx.uPtr, cc.tPtr, m_id, &m_uPtr,
ZT_VIRTUAL_NETWORK_CONFIG_OPERATION_UP, &ctmp);
m_portInitialized = true;
}
}
@ -653,22 +685,16 @@ Network::~Network()
// *)0,_id,&_uPtr,ZT_VIRTUAL_NETWORK_CONFIG_OPERATION_DESTROY,&ctmp);
}
else {
m_ctx.cb.virtualNetworkConfigFunction(reinterpret_cast<ZT_Node*>(m_ctx.node), m_ctx.uPtr, nullptr, m_id, &m_uPtr, ZT_VIRTUAL_NETWORK_CONFIG_OPERATION_DOWN, &ctmp);
m_ctx.cb.virtualNetworkConfigFunction(
reinterpret_cast<ZT_Node *>(m_ctx.node), m_ctx.uPtr, nullptr, m_id, &m_uPtr,
ZT_VIRTUAL_NETWORK_CONFIG_OPERATION_DOWN, &ctmp);
}
}
bool Network::filterOutgoingPacket(
const CallContext& cc,
const bool noTee,
const Address& ztSource,
const Address& ztDest,
const MAC& macSource,
const MAC& macDest,
const uint8_t* frameData,
const unsigned int frameLen,
const unsigned int etherType,
const unsigned int vlanId,
uint8_t& qosBucket)
const CallContext &cc, const bool noTee, const Address &ztSource, const Address &ztDest, const MAC &macSource,
const MAC &macDest, const uint8_t *frameData, const unsigned int frameLen, const unsigned int etherType,
const unsigned int vlanId, uint8_t &qosBucket)
{
Trace::RuleResultLog rrl, crrl;
Address ztFinalDest(ztDest);
@ -690,7 +716,9 @@ bool Network::filterOutgoingPacket(
membership = nullptr;
}
switch (_doZtFilter(m_ctx, rrl, m_config, membership, false, ztSource, ztFinalDest, macSource, macDest, frameData, frameLen, etherType, vlanId, m_config.rules, m_config.ruleCount, ccNodeAddress, ccLength, ccWatch, qosBucket)) {
switch (_doZtFilter(
m_ctx, rrl, m_config, membership, false, ztSource, ztFinalDest, macSource, macDest, frameData, frameLen,
etherType, vlanId, m_config.rules, m_config.ruleCount, ccNodeAddress, ccLength, ccWatch, qosBucket)) {
case DOZTFILTER_NO_MATCH: {
for (unsigned int c = 0; c < m_config.capabilityCount; ++c) {
ztFinalDest = ztDest; // sanity check, shouldn't be possible if there was no match
@ -698,25 +726,9 @@ bool Network::filterOutgoingPacket(
unsigned int ccLength2 = 0;
bool ccWatch2 = false;
switch (_doZtFilter(
m_ctx,
crrl,
m_config,
membership,
false,
ztSource,
ztFinalDest,
macSource,
macDest,
frameData,
frameLen,
etherType,
vlanId,
m_config.capabilities[c].rules(),
m_config.capabilities[c].ruleCount(),
cc2,
ccLength2,
ccWatch2,
qosBucket)) {
m_ctx, crrl, m_config, membership, false, ztSource, ztFinalDest, macSource, macDest, frameData,
frameLen, etherType, vlanId, m_config.capabilities[c].rules(), m_config.capabilities[c].ruleCount(),
cc2, ccLength2, ccWatch2, qosBucket)) {
case DOZTFILTER_NO_MATCH:
case DOZTFILTER_DROP: // explicit DROP in a capability just terminates its evaluation and is an
// anti-pattern
@ -752,17 +764,15 @@ bool Network::filterOutgoingPacket(
} break;
case DOZTFILTER_DROP:
m_ctx.t->networkFilter(cc, 0xadea5a2a, m_id, rrl.l, nullptr, 0, 0, ztSource, ztDest, macSource, macDest, (uint16_t)frameLen, frameData, (uint16_t)etherType, (uint16_t)vlanId, noTee, false, 0);
m_ctx.t->networkFilter(
cc, 0xadea5a2a, m_id, rrl.l, nullptr, 0, 0, ztSource, ztDest, macSource, macDest, (uint16_t)frameLen,
frameData, (uint16_t)etherType, (uint16_t)vlanId, noTee, false, 0);
return false;
case DOZTFILTER_REDIRECT: // interpreted as ACCEPT but ztFinalDest will have been changed in _doZtFilter()
case DOZTFILTER_ACCEPT:
accept = 1;
break;
case DOZTFILTER_ACCEPT: accept = 1; break;
case DOZTFILTER_SUPER_ACCEPT:
accept = 2;
break;
case DOZTFILTER_SUPER_ACCEPT: accept = 2; break;
}
if (accept != 0) {
@ -802,24 +812,22 @@ bool Network::filterOutgoingPacket(
if (localCapabilityIndex >= 0) {
const CapabilityCredential &cap = m_config.capabilities[localCapabilityIndex];
m_ctx.t->networkFilter(cc, 0x56ff1a93, m_id, rrl.l, crrl.l, cap.id(), cap.timestamp(), ztSource, ztDest, macSource, macDest, (uint16_t)frameLen, frameData, (uint16_t)etherType, (uint16_t)vlanId, noTee, false, accept);
m_ctx.t->networkFilter(
cc, 0x56ff1a93, m_id, rrl.l, crrl.l, cap.id(), cap.timestamp(), ztSource, ztDest, macSource, macDest,
(uint16_t)frameLen, frameData, (uint16_t)etherType, (uint16_t)vlanId, noTee, false, accept);
}
else {
m_ctx.t->networkFilter(cc, 0x112fbbab, m_id, rrl.l, nullptr, 0, 0, ztSource, ztDest, macSource, macDest, (uint16_t)frameLen, frameData, (uint16_t)etherType, (uint16_t)vlanId, noTee, false, accept);
m_ctx.t->networkFilter(
cc, 0x112fbbab, m_id, rrl.l, nullptr, 0, 0, ztSource, ztDest, macSource, macDest, (uint16_t)frameLen,
frameData, (uint16_t)etherType, (uint16_t)vlanId, noTee, false, accept);
}
return (accept != 0);
}
int Network::filterIncomingPacket(
const CallContext& cc,
const SharedPtr<Peer>& sourcePeer,
const Address& ztDest,
const MAC& macSource,
const MAC& macDest,
const uint8_t* frameData,
const unsigned int frameLen,
const unsigned int etherType,
const CallContext &cc, const SharedPtr<Peer> &sourcePeer, const Address &ztDest, const MAC &macSource,
const MAC &macDest, const uint8_t *frameData, const unsigned int frameLen, const unsigned int etherType,
const unsigned int vlanId)
{
Address ztFinalDest(ztDest);
@ -837,8 +845,9 @@ int Network::filterIncomingPacket(
Member &membership = m_memberships[sourcePeer->address()];
switch (
_doZtFilter(m_ctx, rrl, m_config, &membership, true, sourcePeer->address(), ztFinalDest, macSource, macDest, frameData, frameLen, etherType, vlanId, m_config.rules, m_config.ruleCount, ccNodeAddress, ccLength, ccWatch, qosBucket)) {
switch (_doZtFilter(
m_ctx, rrl, m_config, &membership, true, sourcePeer->address(), ztFinalDest, macSource, macDest, frameData,
frameLen, etherType, vlanId, m_config.rules, m_config.ruleCount, ccNodeAddress, ccLength, ccWatch, qosBucket)) {
case DOZTFILTER_NO_MATCH: {
Member::CapabilityIterator mci(membership, m_config);
while ((c = mci.next())) {
@ -846,8 +855,10 @@ int Network::filterIncomingPacket(
Address cc2;
unsigned int ccLength2 = 0;
bool ccWatch2 = false;
switch (
_doZtFilter(m_ctx, crrl, m_config, &membership, true, sourcePeer->address(), ztFinalDest, macSource, macDest, frameData, frameLen, etherType, vlanId, c->rules(), c->ruleCount(), cc2, ccLength2, ccWatch2, qosBucket)) {
switch (_doZtFilter(
m_ctx, crrl, m_config, &membership, true, sourcePeer->address(), ztFinalDest, macSource, macDest,
frameData, frameLen, etherType, vlanId, c->rules(), c->ruleCount(), cc2, ccLength2, ccWatch2,
qosBucket)) {
case DOZTFILTER_NO_MATCH:
case DOZTFILTER_DROP: // explicit DROP in a capability just terminates its evaluation and is an
// anti-pattern
@ -958,7 +969,8 @@ void Network::multicastUnsubscribe(const MulticastGroup& mg)
m_myMulticastGroups.erase(i);
}
uint64_t Network::handleConfigChunk(const CallContext& cc, uint64_t packetId, const SharedPtr<Peer>& source, const Buf& chunk, int ptr, int size)
uint64_t Network::handleConfigChunk(
const CallContext &cc, uint64_t packetId, const SharedPtr<Peer> &source, const Buf &chunk, int ptr, int size)
{
// If the controller's full fingerprint is known or was explicitly specified on join(),
// require that the controller's identity match. Otherwise learn it.
@ -1112,7 +1124,9 @@ int Network::setConfiguration(const CallContext& cc, const NetworkConfig& nconf,
try {
if ((nconf.issuedTo != m_ctx.identity.address()) || (nconf.networkId != m_id))
return 0; // invalid config that is not for us or not for this network
if ((! Utils::allZero(nconf.issuedToFingerprintHash, ZT_FINGERPRINT_HASH_SIZE)) && (memcmp(nconf.issuedToFingerprintHash, m_ctx.identity.fingerprint().hash, ZT_FINGERPRINT_HASH_SIZE) != 0))
if ((!Utils::allZero(nconf.issuedToFingerprintHash, ZT_FINGERPRINT_HASH_SIZE))
&& (memcmp(nconf.issuedToFingerprintHash, m_ctx.identity.fingerprint().hash, ZT_FINGERPRINT_HASH_SIZE)
!= 0))
return 0; // full identity hash is present and does not match
if (m_config == nconf)
@ -1134,12 +1148,9 @@ int Network::setConfiguration(const CallContext& cc, const NetworkConfig& nconf,
}
m_ctx.cb.virtualNetworkConfigFunction(
reinterpret_cast<ZT_Node*>(m_ctx.node),
m_ctx.uPtr,
cc.tPtr,
nconf.networkId,
&m_uPtr,
(oldPortInitialized) ? ZT_VIRTUAL_NETWORK_CONFIG_OPERATION_CONFIG_UPDATE : ZT_VIRTUAL_NETWORK_CONFIG_OPERATION_UP,
reinterpret_cast<ZT_Node *>(m_ctx.node), m_ctx.uPtr, cc.tPtr, nconf.networkId, &m_uPtr,
(oldPortInitialized) ? ZT_VIRTUAL_NETWORK_CONFIG_OPERATION_CONFIG_UPDATE
: ZT_VIRTUAL_NETWORK_CONFIG_OPERATION_UP,
&ctmp);
if (saveToDisk) {
@ -1247,7 +1258,8 @@ void Network::learnBridgeRoute(const MAC& mac, const Address& addr)
}
}
Member::AddCredentialResult Network::addCredential(const CallContext& cc, const Identity& sourcePeerIdentity, const MembershipCredential& com)
Member::AddCredentialResult
Network::addCredential(const CallContext &cc, const Identity &sourcePeerIdentity, const MembershipCredential &com)
{
if (com.networkId() != m_id)
return Member::ADD_REJECTED;
@ -1255,7 +1267,8 @@ Member::AddCredentialResult Network::addCredential(const CallContext& cc, const
return m_memberships[com.issuedTo().address].addCredential(m_ctx, cc, sourcePeerIdentity, m_config, com);
}
Member::AddCredentialResult Network::addCredential(const CallContext& cc, const Identity& sourcePeerIdentity, const CapabilityCredential& cap)
Member::AddCredentialResult
Network::addCredential(const CallContext &cc, const Identity &sourcePeerIdentity, const CapabilityCredential &cap)
{
if (cap.networkId() != m_id)
return Member::ADD_REJECTED;
@ -1263,7 +1276,8 @@ Member::AddCredentialResult Network::addCredential(const CallContext& cc, const
return m_memberships[cap.issuedTo()].addCredential(m_ctx, cc, sourcePeerIdentity, m_config, cap);
}
Member::AddCredentialResult Network::addCredential(const CallContext& cc, const Identity& sourcePeerIdentity, const TagCredential& tag)
Member::AddCredentialResult
Network::addCredential(const CallContext &cc, const Identity &sourcePeerIdentity, const TagCredential &tag)
{
if (tag.networkId() != m_id)
return Member::ADD_REJECTED;
@ -1271,7 +1285,8 @@ Member::AddCredentialResult Network::addCredential(const CallContext& cc, const
return m_memberships[tag.issuedTo()].addCredential(m_ctx, cc, sourcePeerIdentity, m_config, tag);
}
Member::AddCredentialResult Network::addCredential(const CallContext& cc, const Identity& sourcePeerIdentity, const RevocationCredential& rev)
Member::AddCredentialResult
Network::addCredential(const CallContext &cc, const Identity &sourcePeerIdentity, const RevocationCredential &rev)
{
if (rev.networkId() != m_id)
return Member::ADD_REJECTED;
@ -1305,7 +1320,8 @@ Member::AddCredentialResult Network::addCredential(const CallContext& cc, const
return result;
}
Member::AddCredentialResult Network::addCredential(const CallContext& cc, const Identity& sourcePeerIdentity, const OwnershipCredential& coo)
Member::AddCredentialResult
Network::addCredential(const CallContext &cc, const Identity &sourcePeerIdentity, const OwnershipCredential &coo)
{
if (coo.networkId() != m_id)
return Member::ADD_REJECTED;
@ -1478,7 +1494,8 @@ void Network::m_requestConfiguration(const CallContext& cc)
const Address ctrl(controller());
Dictionary rmd;
rmd.add(ZT_NETWORKCONFIG_REQUEST_METADATA_KEY_NODE_VENDOR,
rmd.add(
ZT_NETWORKCONFIG_REQUEST_METADATA_KEY_NODE_VENDOR,
(uint64_t)1); // 1 == ZeroTier, no other vendors at the moment
rmd.add(ZT_NETWORKCONFIG_REQUEST_METADATA_KEY_PROTOCOL_VERSION, (uint64_t)ZT_PROTO_VERSION);
rmd.add(ZT_NETWORKCONFIG_REQUEST_METADATA_KEY_NODE_MAJOR_VERSION, (uint64_t)ZEROTIER_VERSION_MAJOR);
@ -1525,14 +1542,11 @@ void Network::m_requestConfiguration(const CallContext& cc)
ZT_VirtualNetworkStatus Network::m_status() const
{
switch (_netconfFailure) {
case NETCONF_FAILURE_ACCESS_DENIED:
return ZT_NETWORK_STATUS_ACCESS_DENIED;
case NETCONF_FAILURE_NOT_FOUND:
return ZT_NETWORK_STATUS_NOT_FOUND;
case NETCONF_FAILURE_ACCESS_DENIED: return ZT_NETWORK_STATUS_ACCESS_DENIED;
case NETCONF_FAILURE_NOT_FOUND: return ZT_NETWORK_STATUS_NOT_FOUND;
case NETCONF_FAILURE_NONE:
return ((m_config) ? ZT_NETWORK_STATUS_OK : ZT_NETWORK_STATUS_REQUESTING_CONFIGURATION);
default:
return ZT_NETWORK_STATUS_REQUESTING_CONFIGURATION;
default: return ZT_NETWORK_STATUS_REQUESTING_CONFIGURATION;
}
}
@ -1546,7 +1560,8 @@ void Network::m_externalConfig(ZT_VirtualNetworkConfig* ec) const
else
ec->name[0] = (char)0;
ec->status = m_status();
ec->type = (m_config) ? (m_config.isPrivate() ? ZT_NETWORK_TYPE_PRIVATE : ZT_NETWORK_TYPE_PUBLIC) : ZT_NETWORK_TYPE_PRIVATE;
ec->type = (m_config) ? (m_config.isPrivate() ? ZT_NETWORK_TYPE_PRIVATE : ZT_NETWORK_TYPE_PUBLIC)
: ZT_NETWORK_TYPE_PRIVATE;
ec->mtu = (m_config) ? m_config.mtu : ZT_DEFAULT_MTU;
Vector<Address> ab;
for (unsigned int i = 0; i < m_config.specialistCount; ++i) {
@ -1599,7 +1614,8 @@ push time if ((!announce)&&(force)) announce = true; if ((announce)&&(m->isAllow
*/
}
void Network::m_announceMulticastGroupsTo(void* tPtr, const Address& peer, const Vector<MulticastGroup>& allMulticastGroups)
void Network::m_announceMulticastGroupsTo(
void *tPtr, const Address &peer, const Vector<MulticastGroup> &allMulticastGroups)
{
#if 0
// Assumes _myMulticastGroups_l and _memberships_l are locked
@ -1631,7 +1647,8 @@ Vector<MulticastGroup> Network::m_allMulticastGroups() const
Vector<MulticastGroup> mgs;
mgs.reserve(m_myMulticastGroups.size() + m_multicastGroupsBehindMe.size() + 1);
mgs.insert(mgs.end(), m_myMulticastGroups.begin(), m_myMulticastGroups.end());
for (Map<MulticastGroup, int64_t>::const_iterator i(m_multicastGroupsBehindMe.begin()); i != m_multicastGroupsBehindMe.end(); ++i)
for (Map<MulticastGroup, int64_t>::const_iterator i(m_multicastGroupsBehindMe.begin());
i != m_multicastGroupsBehindMe.end(); ++i)
mgs.push_back(i->first);
if ((m_config) && (m_config.enableBroadcast()))
mgs.push_back(Network::BROADCAST);

116
core/Network.hpp
View file

@ -51,10 +51,7 @@ class Network {
/**
* Compute primary controller device ID from network ID
*/
static ZT_INLINE Address controllerFor(uint64_t nwid) noexcept
{
return Address(nwid >> 24U);
}
static ZT_INLINE Address controllerFor(uint64_t nwid) noexcept { return Address(nwid >> 24U); }
/**
* Construct a new network
@ -67,49 +64,27 @@ class Network {
* @param uptr Arbitrary pointer used by externally-facing API (for user use)
* @param nconf Network config, if known
*/
Network(const Context& ctx, const CallContext& cc, uint64_t nwid, const Fingerprint& controllerFingerprint, void* uptr, const NetworkConfig* nconf);
Network(
const Context &ctx, const CallContext &cc, uint64_t nwid, const Fingerprint &controllerFingerprint, void *uptr,
const NetworkConfig *nconf);
~Network();
ZT_INLINE uint64_t id() const noexcept
{
return m_id;
}
ZT_INLINE uint64_t id() const noexcept { return m_id; }
ZT_INLINE Address controller() const noexcept
{
return Address(m_id >> 24U);
}
ZT_INLINE Address controller() const noexcept { return Address(m_id >> 24U); }
ZT_INLINE bool multicastEnabled() const noexcept
{
return (m_config.multicastLimit > 0);
}
ZT_INLINE bool multicastEnabled() const noexcept { return (m_config.multicastLimit > 0); }
ZT_INLINE bool hasConfig() const noexcept
{
return (m_config);
}
ZT_INLINE bool hasConfig() const noexcept { return (m_config); }
ZT_INLINE uint64_t lastConfigUpdate() const noexcept
{
return m_lastConfigUpdate;
}
ZT_INLINE uint64_t lastConfigUpdate() const noexcept { return m_lastConfigUpdate; }
ZT_INLINE ZT_VirtualNetworkStatus status() const noexcept
{
return m_status();
}
ZT_INLINE ZT_VirtualNetworkStatus status() const noexcept { return m_status(); }
ZT_INLINE const NetworkConfig& config() const noexcept
{
return m_config;
}
ZT_INLINE const NetworkConfig &config() const noexcept { return m_config; }
ZT_INLINE const MAC& mac() const noexcept
{
return m_mac;
}
ZT_INLINE const MAC &mac() const noexcept { return m_mac; }
/**
* Apply filters to an outgoing packet
@ -131,17 +106,9 @@ class Network {
* @return True if packet should be sent, false if dropped or redirected
*/
bool filterOutgoingPacket(
const CallContext& cc,
bool noTee,
const Address& ztSource,
const Address& ztDest,
const MAC& macSource,
const MAC& macDest,
const uint8_t* frameData,
unsigned int frameLen,
unsigned int etherType,
unsigned int vlanId,
uint8_t& qosBucket);
const CallContext &cc, bool noTee, const Address &ztSource, const Address &ztDest, const MAC &macSource,
const MAC &macDest, const uint8_t *frameData, unsigned int frameLen, unsigned int etherType,
unsigned int vlanId, uint8_t &qosBucket);
/**
* Apply filters to an incoming packet
@ -162,14 +129,8 @@ class Network {
* @return 0 == drop, 1 == accept, 2 == accept even if bridged
*/
int filterIncomingPacket(
const CallContext& cc,
const SharedPtr<Peer>& sourcePeer,
const Address& ztDest,
const MAC& macSource,
const MAC& macDest,
const uint8_t* frameData,
unsigned int frameLen,
unsigned int etherType,
const CallContext &cc, const SharedPtr<Peer> &sourcePeer, const Address &ztDest, const MAC &macSource,
const MAC &macDest, const uint8_t *frameData, unsigned int frameLen, unsigned int etherType,
unsigned int vlanId);
/**
@ -201,7 +162,8 @@ class Network {
* @param size Size of data in chunk buffer (total, not relative to ptr)
* @return Update ID if update was fully assembled and accepted or 0 otherwise
*/
uint64_t handleConfigChunk(const CallContext& cc, uint64_t packetId, const SharedPtr<Peer>& source, const Buf& chunk, int ptr, int size);
uint64_t handleConfigChunk(
const CallContext &cc, uint64_t packetId, const SharedPtr<Peer> &source, const Buf &chunk, int ptr, int size);
/**
* Set network configuration
@ -219,18 +181,12 @@ class Network {
/**
* Set netconf failure to 'access denied' -- called in IncomingPacket when controller reports this
*/
ZT_INLINE void setAccessDenied() noexcept
{
_netconfFailure = NETCONF_FAILURE_ACCESS_DENIED;
}
ZT_INLINE void setAccessDenied() noexcept { _netconfFailure = NETCONF_FAILURE_ACCESS_DENIED; }
/**
* Set netconf failure to 'not found' -- called by IncomingPacket when controller reports this
*/
ZT_INLINE void setNotFound() noexcept
{
_netconfFailure = NETCONF_FAILURE_NOT_FOUND;
}
ZT_INLINE void setNotFound() noexcept { _netconfFailure = NETCONF_FAILURE_NOT_FOUND; }
/**
* Determine whether this peer is permitted to communicate on this network
@ -282,27 +238,32 @@ class Network {
/**
* Validate a credential and learn it if it passes certificate and other checks
*/
Member::AddCredentialResult addCredential(const CallContext& cc, const Identity& sourcePeerIdentity, const MembershipCredential& com);
Member::AddCredentialResult
addCredential(const CallContext &cc, const Identity &sourcePeerIdentity, const MembershipCredential &com);
/**
* Validate a credential and learn it if it passes certificate and other checks
*/
Member::AddCredentialResult addCredential(const CallContext& cc, const Identity& sourcePeerIdentity, const CapabilityCredential& cap);
Member::AddCredentialResult
addCredential(const CallContext &cc, const Identity &sourcePeerIdentity, const CapabilityCredential &cap);
/**
* Validate a credential and learn it if it passes certificate and other checks
*/
Member::AddCredentialResult addCredential(const CallContext& cc, const Identity& sourcePeerIdentity, const TagCredential& tag);
Member::AddCredentialResult
addCredential(const CallContext &cc, const Identity &sourcePeerIdentity, const TagCredential &tag);
/**
* Validate a credential and learn it if it passes certificate and other checks
*/
Member::AddCredentialResult addCredential(const CallContext& cc, const Identity& sourcePeerIdentity, const RevocationCredential& rev);
Member::AddCredentialResult
addCredential(const CallContext &cc, const Identity &sourcePeerIdentity, const RevocationCredential &rev);
/**
* Validate a credential and learn it if it passes certificate and other checks
*/
Member::AddCredentialResult addCredential(const CallContext& cc, const Identity& sourcePeerIdentity, const OwnershipCredential& coo);
Member::AddCredentialResult
addCredential(const CallContext &cc, const Identity &sourcePeerIdentity, const OwnershipCredential &coo);
/**
* Push credentials to a peer if timeouts indicate that we should do so
@ -334,7 +295,8 @@ class Network {
template <typename F> ZT_INLINE void eachMember(F f)
{
Mutex::Lock ml(m_memberships_l);
for (Map<Address, Member>::iterator i(m_memberships.begin()); i != m_memberships.end(); ++i) { // NOLINT(modernize-loop-convert,hicpp-use-auto,modernize-use-auto)
for (Map<Address, Member>::iterator i(m_memberships.begin()); i != m_memberships.end();
++i) { // NOLINT(modernize-loop-convert,hicpp-use-auto,modernize-use-auto)
if (!f(i->first, i->second))
break;
}
@ -343,10 +305,7 @@ class Network {
/**
* @return Externally usable pointer-to-pointer exported via the core API
*/
ZT_INLINE void** userPtr() noexcept
{
return &m_uPtr;
}
ZT_INLINE void **userPtr() noexcept { return &m_uPtr; }
private:
void m_requestConfiguration(const CallContext &cc);
@ -373,7 +332,12 @@ class Network {
NetworkConfig m_config;
std::atomic<int64_t> m_lastConfigUpdate;
volatile enum { NETCONF_FAILURE_NONE, NETCONF_FAILURE_ACCESS_DENIED, NETCONF_FAILURE_NOT_FOUND, NETCONF_FAILURE_INIT_FAILED } _netconfFailure;
volatile enum {
NETCONF_FAILURE_NONE,
NETCONF_FAILURE_ACCESS_DENIED,
NETCONF_FAILURE_NOT_FOUND,
NETCONF_FAILURE_INIT_FAILED
} _netconfFailure;
Map<Address, Member> m_memberships;

20
core/NetworkConfig.cpp
View file

@ -32,7 +32,8 @@ bool NetworkConfig::toDictionary(Dictionary& d) const
d.add(ZT_NETWORKCONFIG_DICT_KEY_CREDENTIAL_TIME_MAX_DELTA, this->credentialTimeMaxDelta);
d.add(ZT_NETWORKCONFIG_DICT_KEY_REVISION, this->revision);
d.add(ZT_NETWORKCONFIG_DICT_KEY_ISSUED_TO, this->issuedTo.toString((char *)tmp));
d.add(ZT_NETWORKCONFIG_DICT_KEY_ISSUED_TO_IDENTITY_HASH, this->issuedToFingerprintHash, ZT_FINGERPRINT_HASH_SIZE);
d.add(
ZT_NETWORKCONFIG_DICT_KEY_ISSUED_TO_IDENTITY_HASH, this->issuedToFingerprintHash, ZT_FINGERPRINT_HASH_SIZE);
d.add(ZT_NETWORKCONFIG_DICT_KEY_FLAGS, this->flags);
d.add(ZT_NETWORKCONFIG_DICT_KEY_MULTICAST_LIMIT, (uint64_t)this->multicastLimit);
d.add(ZT_NETWORKCONFIG_DICT_KEY_TYPE, (uint64_t)this->type);
@ -145,7 +146,8 @@ bool NetworkConfig::fromDictionary(const Dictionary& d)
}
else {
this->flags = d.getUI(ZT_NETWORKCONFIG_DICT_KEY_FLAGS, 0);
this->type = (ZT_VirtualNetworkType)d.getUI(ZT_NETWORKCONFIG_DICT_KEY_TYPE, (uint64_t)ZT_NETWORK_TYPE_PRIVATE);
this->type =
(ZT_VirtualNetworkType)d.getUI(ZT_NETWORKCONFIG_DICT_KEY_TYPE, (uint64_t)ZT_NETWORK_TYPE_PRIVATE);
blob = &(d[ZT_NETWORKCONFIG_DICT_KEY_COM]);
if (!blob->empty()) {
@ -207,7 +209,9 @@ bool NetworkConfig::fromDictionary(const Dictionary& d)
}
catch (...) {
}
std::sort(&(this->certificatesOfOwnership[0]), &(this->certificatesOfOwnership[this->certificateOfOwnershipCount]));
std::sort(
&(this->certificatesOfOwnership[0]),
&(this->certificatesOfOwnership[this->certificateOfOwnershipCount]));
}
blob = &(d[ZT_NETWORKCONFIG_DICT_KEY_SPECIALISTS]);
@ -223,13 +227,15 @@ bool NetworkConfig::fromDictionary(const Dictionary& d)
if (!blob->empty()) {
unsigned int p = 0;
while ((p < blob->size()) && (routeCount < ZT_MAX_NETWORK_ROUTES)) {
int l = asInetAddress(this->routes[this->routeCount].target).unmarshal(blob->data(), (int)(blob->size() - p));
int l = asInetAddress(this->routes[this->routeCount].target)
.unmarshal(blob->data(), (int)(blob->size() - p));
if (l < 0)
return false;
p += l;
if (p >= blob->size())
return false;
l = asInetAddress(this->routes[this->routeCount].via).unmarshal(blob->data(), (int)(blob->size() - p));
l = asInetAddress(this->routes[this->routeCount].via)
.unmarshal(blob->data(), (int)(blob->size() - p));
if (l < 0)
return false;
p += l;
@ -258,7 +264,9 @@ bool NetworkConfig::fromDictionary(const Dictionary& d)
blob = &(d[ZT_NETWORKCONFIG_DICT_KEY_RULES]);
if (!blob->empty()) {
this->ruleCount = 0;
if (CapabilityCredential::unmarshalVirtualNetworkRules(blob->data(), (int)blob->size(), this->rules, this->ruleCount, ZT_MAX_NETWORK_RULES) < 0)
if (CapabilityCredential::unmarshalVirtualNetworkRules(
blob->data(), (int)blob->size(), this->rules, this->ruleCount, ZT_MAX_NETWORK_RULES)
< 0)
return false;
}
}

18
core/NetworkConfig.hpp
View file

@ -185,18 +185,12 @@ struct NetworkConfig : TriviallyCopyable {
/**
* @return Network type is public (no access control)
*/
ZT_INLINE bool isPublic() const noexcept
{
return (this->type == ZT_NETWORK_TYPE_PUBLIC);
}
ZT_INLINE bool isPublic() const noexcept { return (this->type == ZT_NETWORK_TYPE_PUBLIC); }
/**
* @return Network type is private (certificate access control)
*/
ZT_INLINE bool isPrivate() const noexcept
{
return (this->type == ZT_NETWORK_TYPE_PRIVATE);
}
ZT_INLINE bool isPrivate() const noexcept { return (this->type == ZT_NETWORK_TYPE_PRIVATE); }
/**
* @param fromPeer Peer attempting to bridge other Ethernet peers onto network
@ -205,7 +199,8 @@ struct NetworkConfig : TriviallyCopyable {
ZT_INLINE bool permitsBridging(const Address &fromPeer) const noexcept
{
for (unsigned int i = 0; i < specialistCount; ++i) {
if ((fromPeer.toInt() == (specialists[i] & ZT_ADDRESS_MASK)) && ((specialists[i] & ZT_NETWORKCONFIG_SPECIALIST_TYPE_ACTIVE_BRIDGE) != 0))
if ((fromPeer.toInt() == (specialists[i] & ZT_ADDRESS_MASK))
&& ((specialists[i] & ZT_NETWORKCONFIG_SPECIALIST_TYPE_ACTIVE_BRIDGE) != 0))
return true;
}
return false;
@ -220,10 +215,7 @@ struct NetworkConfig : TriviallyCopyable {
return (memcmp(this, &nc, sizeof(NetworkConfig)) == 0);
}
ZT_INLINE bool operator!=(const NetworkConfig& nc) const noexcept
{
return (! (*this == nc));
}
ZT_INLINE bool operator!=(const NetworkConfig &nc) const noexcept { return (!(*this == nc)); }
/**
* Add a specialist or mask flags if already present

30
core/NetworkController.hpp
View file

@ -30,7 +30,12 @@ struct InetAddress;
*/
class NetworkController {
public:
enum ErrorCode { NC_ERROR_NONE = 0, NC_ERROR_OBJECT_NOT_FOUND = 1, NC_ERROR_ACCESS_DENIED = 2, NC_ERROR_INTERNAL_SERVER_ERROR = 3 };
enum ErrorCode {
NC_ERROR_NONE = 0,
NC_ERROR_OBJECT_NOT_FOUND = 1,
NC_ERROR_ACCESS_DENIED = 2,
NC_ERROR_INTERNAL_SERVER_ERROR = 3
};
/**
* Interface for sender used to send pushes and replies
@ -47,7 +52,9 @@ class NetworkController {
* @param nc Network configuration to send
* @param sendLegacyFormatConfig If true, send an old-format network config
*/
virtual void ncSendConfig(void* tPtr, int64_t clock, int64_t ticks, uint64_t nwid, uint64_t requestPacketId, const Address& destination, const NetworkConfig& nc, bool sendLegacyFormatConfig) = 0;
virtual void ncSendConfig(
void *tPtr, int64_t clock, int64_t ticks, uint64_t nwid, uint64_t requestPacketId,
const Address &destination, const NetworkConfig &nc, bool sendLegacyFormatConfig) = 0;
/**
* Send revocation to a node
@ -55,7 +62,8 @@ class NetworkController {
* @param destination Destination node address
* @param rev Revocation to send
*/
virtual void ncSendRevocation(void* tPtr, int64_t clock, int64_t ticks, const Address& destination, const RevocationCredential& rev) = 0;
virtual void ncSendRevocation(
void *tPtr, int64_t clock, int64_t ticks, const Address &destination, const RevocationCredential &rev) = 0;
/**
* Send a network configuration request error
@ -65,15 +73,13 @@ class NetworkController {
* @param destination Destination peer Address
* @param errorCode Error code
*/
virtual void ncSendError(void* tPtr, int64_t clock, int64_t ticks, uint64_t nwid, uint64_t requestPacketId, const Address& destination, NetworkController::ErrorCode errorCode) = 0;
virtual void ncSendError(
void *tPtr, int64_t clock, int64_t ticks, uint64_t nwid, uint64_t requestPacketId,
const Address &destination, NetworkController::ErrorCode errorCode) = 0;
};
NetworkController()
{
}
virtual ~NetworkController()
{
}
NetworkController() {}
virtual ~NetworkController() {}
/**
* Called when this is added to a Node to initialize and supply info
@ -93,7 +99,9 @@ class NetworkController {
* @param metaData Meta-data bundled with request (if any)
* @return Returns NETCONF_QUERY_OK if result 'nc' is valid, or an error code on error
*/
virtual void request(uint64_t nwid, const InetAddress& fromAddr, uint64_t requestPacketId, const Identity& identity, const Dictionary& metaData) = 0;
virtual void request(
uint64_t nwid, const InetAddress &fromAddr, uint64_t requestPacketId, const Identity &identity,
const Dictionary &metaData) = 0;
};
} // namespace ZeroTier

99
core/Node.cpp
View file

@ -35,7 +35,15 @@ namespace ZeroTier {
namespace {
struct _NodeObjects {
ZT_INLINE _NodeObjects(Context& ctx, const CallContext& cc) : networks(), t(ctx), expect(), vl2(ctx), vl1(ctx), topology(ctx, cc), sa(ctx), ts()
ZT_INLINE _NodeObjects(Context &ctx, const CallContext &cc)
: networks()
, t(ctx)
, expect()
, vl2(ctx)
, vl1(ctx)
, topology(ctx, cc)
, sa(ctx)
, ts()
{
ctx.networks = &networks;
ctx.t = &t;
@ -91,14 +99,20 @@ Node::Node(void* uPtr, const struct ZT_Node_Callbacks* callbacks, const CallCont
m_ctx.identity.generate(Identity::C25519);
m_ctx.identity.toString(false, m_ctx.publicIdentityStr);
m_ctx.identity.toString(true, m_ctx.secretIdentityStr);
m_store.put(cc, ZT_STATE_OBJECT_IDENTITY_SECRET, Utils::ZERO256, 0, m_ctx.secretIdentityStr, (unsigned int)strlen(m_ctx.secretIdentityStr));
m_store.put(cc, ZT_STATE_OBJECT_IDENTITY_PUBLIC, Utils::ZERO256, 0, m_ctx.publicIdentityStr, (unsigned int)strlen(m_ctx.publicIdentityStr));
m_store.put(
cc, ZT_STATE_OBJECT_IDENTITY_SECRET, Utils::ZERO256, 0, m_ctx.secretIdentityStr,
(unsigned int)strlen(m_ctx.secretIdentityStr));
m_store.put(
cc, ZT_STATE_OBJECT_IDENTITY_PUBLIC, Utils::ZERO256, 0, m_ctx.publicIdentityStr,
(unsigned int)strlen(m_ctx.publicIdentityStr));
ZT_SPEW("no pre-existing identity found, created %s", m_ctx.identity.toString().c_str());
}
else {
data = m_store.get(cc, ZT_STATE_OBJECT_IDENTITY_PUBLIC, Utils::ZERO256, 0);
if ((data.empty()) || (memcmp(data.data(), m_ctx.publicIdentityStr, strlen(m_ctx.publicIdentityStr)) != 0))
m_store.put(cc, ZT_STATE_OBJECT_IDENTITY_PUBLIC, Utils::ZERO256, 0, m_ctx.publicIdentityStr, (unsigned int)strlen(m_ctx.publicIdentityStr));
m_store.put(
cc, ZT_STATE_OBJECT_IDENTITY_PUBLIC, Utils::ZERO256, 0, m_ctx.publicIdentityStr,
(unsigned int)strlen(m_ctx.publicIdentityStr));
}
uint8_t localSecretCipherKey[ZT_FINGERPRINT_HASH_SIZE];
@ -204,7 +218,9 @@ ZT_ResultCode Node::processBackgroundTasks(const CallContext& cc, volatile int64
for (Vector<SharedPtr<Peer>>::iterator p(allPeers.begin()); p != allPeers.end(); ++p) {
(*p)->pulse(m_ctx, cc);
if (!online) {
online = ((std::binary_search(rootPeers.begin(), rootPeers.end(), *p) || rootPeers.empty()) && (*p)->directlyConnected());
online =
((std::binary_search(rootPeers.begin(), rootPeers.end(), *p) || rootPeers.empty())
&& (*p)->directlyConnected());
}
}
@ -278,7 +294,9 @@ ZT_ResultCode Node::leave(uint64_t nwid, void** uptr, const CallContext& cc)
if (uptr)
*uptr = *network->userPtr();
network->externalConfig(&ctmp);
m_ctx.cb.virtualNetworkConfigFunction(reinterpret_cast<ZT_Node*>(this), m_ctx.uPtr, cc.tPtr, nwid, network->userPtr(), ZT_VIRTUAL_NETWORK_CONFIG_OPERATION_DESTROY, &ctmp);
m_ctx.cb.virtualNetworkConfigFunction(
reinterpret_cast<ZT_Node *>(this), m_ctx.uPtr, cc.tPtr, nwid, network->userPtr(),
ZT_VIRTUAL_NETWORK_CONFIG_OPERATION_DESTROY, &ctmp);
network->destroy();
return ZT_RESULT_OK;
}
@ -287,7 +305,8 @@ ZT_ResultCode Node::leave(uint64_t nwid, void** uptr, const CallContext& cc)
}
}
ZT_ResultCode Node::multicastSubscribe(const CallContext& cc, uint64_t nwid, uint64_t multicastGroup, unsigned long multicastAdi)
ZT_ResultCode
Node::multicastSubscribe(const CallContext &cc, uint64_t nwid, uint64_t multicastGroup, unsigned long multicastAdi)
{
ZT_SPEW("multicast subscribe to %s:%lu", MAC(multicastGroup).toString().c_str(), multicastAdi);
const SharedPtr<Network> nw(m_ctx.networks->get(nwid));
@ -300,7 +319,8 @@ ZT_ResultCode Node::multicastSubscribe(const CallContext& cc, uint64_t nwid, uin
}
}
ZT_ResultCode Node::multicastUnsubscribe(const CallContext& cc, uint64_t nwid, uint64_t multicastGroup, unsigned long multicastAdi)
ZT_ResultCode
Node::multicastUnsubscribe(const CallContext &cc, uint64_t nwid, uint64_t multicastGroup, unsigned long multicastAdi)
{
ZT_SPEW("multicast unsubscribe from %s:%lu", MAC(multicastGroup).toString().c_str(), multicastAdi);
const SharedPtr<Network> nw(m_ctx.networks->get(nwid));
@ -448,7 +468,8 @@ ZT_VirtualNetworkList* Node::networks() const
{
Mutex::Lock l(m_allNetworks_l);
char* const buf = (char*)::malloc(sizeof(ZT_VirtualNetworkList) + (sizeof(ZT_VirtualNetworkConfig) * m_allNetworks.size()));
char *const buf =
(char *)::malloc(sizeof(ZT_VirtualNetworkList) + (sizeof(ZT_VirtualNetworkConfig) * m_allNetworks.size()));
if (!buf)
return nullptr;
ZT_VirtualNetworkList *nl = (ZT_VirtualNetworkList *)buf;
@ -479,7 +500,8 @@ void Node::setInterfaceAddresses(const ZT_InterfaceAddress* addrs, unsigned int
for (unsigned int i = 0; i < addrCount; ++i) {
bool dupe = false;
for (unsigned int j = 0; j < i; ++j) {
if (*(reinterpret_cast<const InetAddress*>(&addrs[j].address)) == *(reinterpret_cast<const InetAddress*>(&addrs[i].address))) {
if (*(reinterpret_cast<const InetAddress *>(&addrs[j].address))
== *(reinterpret_cast<const InetAddress *>(&addrs[i].address))) {
dupe = true;
break;
}
@ -489,7 +511,9 @@ void Node::setInterfaceAddresses(const ZT_InterfaceAddress* addrs, unsigned int
}
}
ZT_CertificateError Node::addCertificate(const CallContext& cc, unsigned int localTrust, const ZT_Certificate* cert, const void* certData, unsigned int certSize)
ZT_CertificateError Node::addCertificate(
const CallContext &cc, unsigned int localTrust, const ZT_Certificate *cert, const void *certData,
unsigned int certSize)
{
Certificate c;
if (cert) {
@ -504,7 +528,8 @@ ZT_CertificateError Node::addCertificate(const CallContext& cc, unsigned int loc
m_ctx.ts->add(c, localTrust);
m_ctx.ts->update(cc.clock, nullptr);
SharedPtr<TrustStore::Entry> ent(m_ctx.ts->get(c.getSerialNo()));
return (ent) ? ent->error() : ZT_CERTIFICATE_ERROR_INVALID_FORMAT; // should never be null, but if so it means invalid
return (ent) ? ent->error()
: ZT_CERTIFICATE_ERROR_INVALID_FORMAT; // should never be null, but if so it means invalid
}
ZT_ResultCode Node::deleteCertificate(const CallContext &cc, const void *serialNo)
@ -525,24 +550,29 @@ struct p_certificateListInternal {
static void p_freeCertificateList(const void *cl)
{
if (cl) {
reinterpret_cast<const p_certificateListInternal*>(reinterpret_cast<const uint8_t*>(cl) + sizeof(ZT_CertificateList))->~p_certificateListInternal();
reinterpret_cast<const p_certificateListInternal *>(
reinterpret_cast<const uint8_t *>(cl) + sizeof(ZT_CertificateList))
->~p_certificateListInternal();
free(const_cast<void *>(cl));
}
}
ZT_CertificateList *Node::listCertificates()
{
ZT_CertificateList* const cl = (ZT_CertificateList*)malloc(sizeof(ZT_CertificateList) + sizeof(p_certificateListInternal));
ZT_CertificateList *const cl =
(ZT_CertificateList *)malloc(sizeof(ZT_CertificateList) + sizeof(p_certificateListInternal));
if (!cl)
return nullptr;
p_certificateListInternal* const clint = reinterpret_cast<p_certificateListInternal*>(reinterpret_cast<uint8_t*>(cl) + sizeof(ZT_CertificateList));
p_certificateListInternal *const clint =
reinterpret_cast<p_certificateListInternal *>(reinterpret_cast<uint8_t *>(cl) + sizeof(ZT_CertificateList));
new (clint) p_certificateListInternal;
clint->entries = m_ctx.ts->all(false);
clint->c.reserve(clint->entries.size());
clint->t.reserve(clint->entries.size());
for (Vector<SharedPtr<TrustStore::Entry> >::const_iterator i(clint->entries.begin()); i != clint->entries.end(); ++i) {
for (Vector<SharedPtr<TrustStore::Entry>>::const_iterator i(clint->entries.begin()); i != clint->entries.end();
++i) {
clint->c.push_back(&((*i)->certificate()));
clint->t.push_back((*i)->localTrust());
}
@ -555,7 +585,8 @@ ZT_CertificateList* Node::listCertificates()
return cl;
}
int Node::sendUserMessage(const CallContext& cc, uint64_t dest, uint64_t /*typeId*/, const void* /*data*/, unsigned int /*len*/)
int Node::sendUserMessage(
const CallContext &cc, uint64_t dest, uint64_t /*typeId*/, const void * /*data*/, unsigned int /*len*/)
{
try {
if (m_ctx.identity.address().toInt() != dest) {
@ -595,7 +626,11 @@ bool Node::filterPotentialPath(void* tPtr, const Identity& id, int64_t localSock
}
if (m_ctx.cb.pathCheckFunction) {
return (m_ctx.cb.pathCheckFunction(reinterpret_cast<ZT_Node*>(this), m_ctx.uPtr, tPtr, id.address().toInt(), (const ZT_Identity*)&id, localSocket, reinterpret_cast<const ZT_InetAddress*>(&remoteAddress)) != 0);
return (
m_ctx.cb.pathCheckFunction(
reinterpret_cast<ZT_Node *>(this), m_ctx.uPtr, tPtr, id.address().toInt(), (const ZT_Identity *)&id,
localSocket, reinterpret_cast<const ZT_InetAddress *>(&remoteAddress))
!= 0);
}
return true;
@ -604,14 +639,20 @@ bool Node::filterPotentialPath(void* tPtr, const Identity& id, int64_t localSock
bool Node::externalPathLookup(void *tPtr, const Identity &id, int family, InetAddress &addr)
{
if (m_ctx.cb.pathLookupFunction) {
return (m_ctx.cb.pathLookupFunction(reinterpret_cast<ZT_Node*>(this), m_ctx.uPtr, tPtr, id.address().toInt(), reinterpret_cast<const ZT_Identity*>(&id), family, reinterpret_cast<ZT_InetAddress*>(&addr)) == ZT_RESULT_OK);
return (
m_ctx.cb.pathLookupFunction(
reinterpret_cast<ZT_Node *>(this), m_ctx.uPtr, tPtr, id.address().toInt(),
reinterpret_cast<const ZT_Identity *>(&id), family, reinterpret_cast<ZT_InetAddress *>(&addr))
== ZT_RESULT_OK);
}
return false;
}
// Implementation of NetworkController::Sender ------------------------------------------------------------------------
void Node::ncSendConfig(void* tPtr, int64_t clock, int64_t ticks, uint64_t nwid, uint64_t requestPacketId, const Address& destination, const NetworkConfig& nc, bool sendLegacyFormatConfig)
void Node::ncSendConfig(
void *tPtr, int64_t clock, int64_t ticks, uint64_t nwid, uint64_t requestPacketId, const Address &destination,
const NetworkConfig &nc, bool sendLegacyFormatConfig)
{
if (destination == m_ctx.identity.address()) {
SharedPtr<Network> n(m_ctx.networks->get(nwid));
@ -663,7 +704,8 @@ void Node::ncSendConfig(void* tPtr, int64_t clock, int64_t ticks, uint64_t nwid,
}
}
void Node::ncSendRevocation(void* tPtr, int64_t clock, int64_t ticks, const Address& destination, const RevocationCredential& rev)
void Node::ncSendRevocation(
void *tPtr, int64_t clock, int64_t ticks, const Address &destination, const RevocationCredential &rev)
{
if (destination == m_ctx.identity.address()) {
SharedPtr<Network> n(m_ctx.networks->get(rev.networkId()));
@ -687,7 +729,9 @@ void Node::ncSendRevocation(void* tPtr, int64_t clock, int64_t ticks, const Addr
}
}
void Node::ncSendError(void* tPtr, int64_t clock, int64_t ticks, uint64_t nwid, uint64_t requestPacketId, const Address& destination, NetworkController::ErrorCode errorCode)
void Node::ncSendError(
void *tPtr, int64_t clock, int64_t ticks, uint64_t nwid, uint64_t requestPacketId, const Address &destination,
NetworkController::ErrorCode errorCode)
{
if (destination == m_ctx.identity.address()) {
SharedPtr<Network> n(m_ctx.networks->get(nwid));
@ -695,15 +739,10 @@ void Node::ncSendError(void* tPtr, int64_t clock, int64_t ticks, uint64_t nwid,
return;
switch (errorCode) {
case NetworkController::NC_ERROR_OBJECT_NOT_FOUND:
case NetworkController::NC_ERROR_INTERNAL_SERVER_ERROR:
n->setNotFound();
break;
case NetworkController::NC_ERROR_ACCESS_DENIED:
n->setAccessDenied();
break;
case NetworkController::NC_ERROR_INTERNAL_SERVER_ERROR: n->setNotFound(); break;
case NetworkController::NC_ERROR_ACCESS_DENIED: n->setAccessDenied(); break;
default:
break;
default: break;
}
}
else if (requestPacketId) {

44
core/Node.hpp
View file

@ -39,14 +39,8 @@ class Node : public NetworkController::Sender {
public:
// Get rid of alignment warnings on 32-bit Windows
#ifdef __WINDOWS__
void* operator new(size_t i)
{
return _mm_malloc(i, 16);
}
void operator delete(void* p)
{
_mm_free(p);
}
void *operator new(size_t i) { return _mm_malloc(i, 16); }
void operator delete(void *p) { _mm_free(p); }
#endif
Node(void *uPtr, const struct ZT_Node_Callbacks *callbacks, const CallContext &cc);
@ -61,9 +55,11 @@ class Node : public NetworkController::Sender {
ZT_ResultCode leave(uint64_t nwid, void **uptr, const CallContext &cc);
ZT_ResultCode multicastSubscribe(const CallContext& cc, uint64_t nwid, uint64_t multicastGroup, unsigned long multicastAdi);
ZT_ResultCode
multicastSubscribe(const CallContext &cc, uint64_t nwid, uint64_t multicastGroup, unsigned long multicastAdi);
ZT_ResultCode multicastUnsubscribe(const CallContext& cc, uint64_t nwid, uint64_t multicastGroup, unsigned long multicastAdi);
ZT_ResultCode
multicastUnsubscribe(const CallContext &cc, uint64_t nwid, uint64_t multicastGroup, unsigned long multicastAdi);
void status(ZT_NodeStatus *status) const;
@ -77,7 +73,9 @@ class Node : public NetworkController::Sender {
void setInterfaceAddresses(const ZT_InterfaceAddress *addrs, unsigned int addrCount);
ZT_CertificateError addCertificate(const CallContext& cc, unsigned int localTrust, const ZT_Certificate* cert, const void* certData, unsigned int certSize);
ZT_CertificateError addCertificate(
const CallContext &cc, unsigned int localTrust, const ZT_Certificate *cert, const void *certData,
unsigned int certSize);
ZT_ResultCode deleteCertificate(const CallContext &cc, const void *serialNo);
@ -95,7 +93,8 @@ class Node : public NetworkController::Sender {
* @param md Event data or NULL if none
* @param mdSize Size of event data
*/
ZT_INLINE void postEvent(void* const tPtr, const ZT_Event ev, const void* const md = nullptr, const unsigned int mdSize = 0) noexcept
ZT_INLINE void postEvent(
void *const tPtr, const ZT_Event ev, const void *const md = nullptr, const unsigned int mdSize = 0) noexcept
{
m_ctx.cb.eventCallback(reinterpret_cast<ZT_Node *>(this), m_ctx.uPtr, tPtr, ev, md, mdSize);
}
@ -124,20 +123,19 @@ class Node : public NetworkController::Sender {
*/
bool externalPathLookup(void *tPtr, const Identity &id, int family, InetAddress &addr);
ZT_INLINE const Identity& identity() const noexcept
{
return m_ctx.identity;
}
ZT_INLINE const Identity &identity() const noexcept { return m_ctx.identity; }
ZT_INLINE const Context& context() const noexcept
{
return m_ctx;
}
ZT_INLINE const Context &context() const noexcept { return m_ctx; }
// Implementation of NetworkController::Sender interface
virtual void ncSendConfig(void* tPtr, int64_t clock, int64_t ticks, uint64_t nwid, uint64_t requestPacketId, const Address& destination, const NetworkConfig& nc, bool sendLegacyFormatConfig);
virtual void ncSendRevocation(void* tPtr, int64_t clock, int64_t ticks, const Address& destination, const RevocationCredential& rev);
virtual void ncSendError(void* tPtr, int64_t clock, int64_t ticks, uint64_t nwid, uint64_t requestPacketId, const Address& destination, NetworkController::ErrorCode errorCode);
virtual void ncSendConfig(
void *tPtr, int64_t clock, int64_t ticks, uint64_t nwid, uint64_t requestPacketId, const Address &destination,
const NetworkConfig &nc, bool sendLegacyFormatConfig);
virtual void ncSendRevocation(
void *tPtr, int64_t clock, int64_t ticks, const Address &destination, const RevocationCredential &rev);
virtual void ncSendError(
void *tPtr, int64_t clock, int64_t ticks, uint64_t nwid, uint64_t requestPacketId, const Address &destination,
NetworkController::ErrorCode errorCode);
private:
Context m_ctx;

16
core/OS.hpp
View file

@ -17,7 +17,9 @@
/* Uncomment this to force a whole lot of debug output. */
#define ZT_DEBUG_SPEW
#if ! defined(__GNUC__) && (defined(__GCC_HAVE_SYNC_COMPARE_AND_SWAP_1) || defined(__GCC_HAVE_SYNC_COMPARE_AND_SWAP_2) || defined(__GCC_HAVE_SYNC_COMPARE_AND_SWAP_4) || defined(__INTEL_COMPILER) || defined(__clang__))
#if !defined(__GNUC__) \
&& (defined(__GCC_HAVE_SYNC_COMPARE_AND_SWAP_1) || defined(__GCC_HAVE_SYNC_COMPARE_AND_SWAP_2) \
|| defined(__GCC_HAVE_SYNC_COMPARE_AND_SWAP_4) || defined(__INTEL_COMPILER) || defined(__clang__))
#define __GNUC__ 3
#endif
@ -70,14 +72,17 @@
#include <stdlib.h>
#include <string.h>
#if (defined(__amd64) || defined(__amd64__) || defined(__x86_64) || defined(__x86_64__) || defined(__AMD64) || defined(__AMD64__) || defined(_M_X64))
#if ( \
defined(__amd64) || defined(__amd64__) || defined(__x86_64) || defined(__x86_64__) || defined(__AMD64) \
|| defined(__AMD64__) || defined(_M_X64))
#define ZT_ARCH_X64 1
#include <emmintrin.h>
#include <immintrin.h>
#include <xmmintrin.h>
#endif
#if defined(ZT_ARCH_X64) || defined(i386) || defined(__i386) || defined(__i386__) || defined(__i486__) || defined(__i586__) || defined(__i686__) || defined(_M_IX86) || defined(__X86__) || defined(_X86_) || defined(__I86__) \
|| defined(__INTEL__) || defined(__386)
#if defined(ZT_ARCH_X64) || defined(i386) || defined(__i386) || defined(__i386__) || defined(__i486__) \
|| defined(__i586__) || defined(__i686__) || defined(_M_IX86) || defined(__X86__) || defined(_X86_) \
|| defined(__I86__) || defined(__INTEL__) || defined(__386)
#define ZT_ARCH_X86 1
#endif
@ -269,7 +274,8 @@ typedef unsigned uint128_t __attribute__((mode(TI)));
#define ZT_VA_ARGS(...) , ##__VA_ARGS__
#ifdef ZT_DEBUG_SPEW
#define ZT_SPEW(f, ...) fprintf(stderr, "%s:%d(%s): " f ZT_EOL_S, __FILE__, __LINE__, __FUNCTION__ ZT_VA_ARGS(__VA_ARGS__))
#define ZT_SPEW(f, ...) \
fprintf(stderr, "%s:%d(%s): " f ZT_EOL_S, __FILE__, __LINE__, __FUNCTION__ ZT_VA_ARGS(__VA_ARGS__))
#else
#define ZT_SPEW(f, ...)
#endif

6
core/OwnershipCredential.cpp
View file

@ -21,12 +21,14 @@ void OwnershipCredential::addThing(const InetAddress& ip)
return;
if (ip.as.sa.sa_family == AF_INET) {
m_thingTypes[m_thingCount] = THING_IPV4_ADDRESS;
Utils::copy<4>(m_thingValues[m_thingCount], &(reinterpret_cast<const struct sockaddr_in*>(&ip)->sin_addr.s_addr));
Utils::copy<4>(
m_thingValues[m_thingCount], &(reinterpret_cast<const struct sockaddr_in *>(&ip)->sin_addr.s_addr));
++m_thingCount;
}
else if (ip.as.sa.sa_family == AF_INET6) {
m_thingTypes[m_thingCount] = THING_IPV6_ADDRESS;
Utils::copy<16>(m_thingValues[m_thingCount], reinterpret_cast<const struct sockaddr_in6*>(&ip)->sin6_addr.s6_addr);
Utils::copy<16>(
m_thingValues[m_thingCount], reinterpret_cast<const struct sockaddr_in6 *>(&ip)->sin6_addr.s6_addr);
++m_thingCount;
}
}

85
core/OwnershipCredential.hpp
View file

@ -28,7 +28,9 @@
// Maximum size of a thing's value field in bytes
#define ZT_CERTIFICATEOFOWNERSHIP_MAX_THING_VALUE_SIZE 16
#define ZT_CERTIFICATEOFOWNERSHIP_MARSHAL_SIZE_MAX (8 + 8 + 8 + 4 + 2 + ((1 + ZT_CERTIFICATEOFOWNERSHIP_MAX_THING_VALUE_SIZE) * ZT_CERTIFICATEOFOWNERSHIP_MAX_THINGS) + 5 + 5 + 1 + 2 + ZT_SIGNATURE_BUFFER_SIZE + 2)
#define ZT_CERTIFICATEOFOWNERSHIP_MARSHAL_SIZE_MAX \
(8 + 8 + 8 + 4 + 2 + ((1 + ZT_CERTIFICATEOFOWNERSHIP_MAX_THING_VALUE_SIZE) * ZT_CERTIFICATEOFOWNERSHIP_MAX_THINGS) \
+ 5 + 5 + 1 + 2 + ZT_SIGNATURE_BUFFER_SIZE + 2)
namespace ZeroTier {
@ -44,17 +46,11 @@ class OwnershipCredential : public Credential {
friend class Credential;
public:
static constexpr ZT_CredentialType credentialType() noexcept
{
return ZT_CREDENTIAL_TYPE_COO;
}
static constexpr ZT_CredentialType credentialType() noexcept { return ZT_CREDENTIAL_TYPE_COO; }
enum Thing { THING_NULL = 0, THING_MAC_ADDRESS = 1, THING_IPV4_ADDRESS = 2, THING_IPV6_ADDRESS = 3 };
ZT_INLINE OwnershipCredential() noexcept
{
memoryZero(this);
}
ZT_INLINE OwnershipCredential() noexcept { memoryZero(this); }
ZT_INLINE
OwnershipCredential(const uint64_t nwid, const int64_t ts, const Address &issuedTo, const uint32_t id) noexcept
@ -66,67 +62,36 @@ class OwnershipCredential : public Credential {
m_issuedTo = issuedTo;
}
ZT_INLINE uint64_t networkId() const noexcept
{
return m_networkId;
}
ZT_INLINE uint64_t networkId() const noexcept { return m_networkId; }
ZT_INLINE int64_t timestamp() const noexcept
{
return m_ts;
}
ZT_INLINE int64_t timestamp() const noexcept { return m_ts; }
ZT_INLINE int64_t revision() const noexcept
{
return m_ts;
}
ZT_INLINE int64_t revision() const noexcept { return m_ts; }
ZT_INLINE uint32_t id() const noexcept
{
return m_id;
}
ZT_INLINE uint32_t id() const noexcept { return m_id; }
ZT_INLINE const Address& issuedTo() const noexcept
{
return m_issuedTo;
}
ZT_INLINE const Address &issuedTo() const noexcept { return m_issuedTo; }
ZT_INLINE const Address& signer() const noexcept
{
return m_signedBy;
}
ZT_INLINE const Address &signer() const noexcept { return m_signedBy; }
ZT_INLINE const uint8_t* signature() const noexcept
{
return m_signature;
}
ZT_INLINE const uint8_t *signature() const noexcept { return m_signature; }
ZT_INLINE unsigned int signatureLength() const noexcept
{
return m_signatureLength;
}
ZT_INLINE unsigned int signatureLength() const noexcept { return m_signatureLength; }
ZT_INLINE unsigned int thingCount() const noexcept
{
return (unsigned int)m_thingCount;
}
ZT_INLINE unsigned int thingCount() const noexcept { return (unsigned int)m_thingCount; }
ZT_INLINE Thing thingType(const unsigned int i) const noexcept
{
return (Thing)m_thingTypes[i];
}
ZT_INLINE Thing thingType(const unsigned int i) const noexcept { return (Thing)m_thingTypes[i]; }
ZT_INLINE const uint8_t* thingValue(const unsigned int i) const noexcept
{
return m_thingValues[i];
}
ZT_INLINE const uint8_t *thingValue(const unsigned int i) const noexcept { return m_thingValues[i]; }
ZT_INLINE bool owns(const InetAddress &ip) const noexcept
{
if (ip.as.sa.sa_family == AF_INET)
return this->_owns(THING_IPV4_ADDRESS, &(reinterpret_cast<const struct sockaddr_in*>(&ip)->sin_addr.s_addr), 4);
return this->_owns(
THING_IPV4_ADDRESS, &(reinterpret_cast<const struct sockaddr_in *>(&ip)->sin_addr.s_addr), 4);
else if (ip.as.sa.sa_family == AF_INET6)
return this->_owns(THING_IPV6_ADDRESS, reinterpret_cast<const struct sockaddr_in6*>(&ip)->sin6_addr.s6_addr, 16);
return this->_owns(
THING_IPV6_ADDRESS, reinterpret_cast<const struct sockaddr_in6 *>(&ip)->sin6_addr.s6_addr, 16);
else
return false;
}
@ -174,19 +139,13 @@ class OwnershipCredential : public Credential {
return s_verify(ctx, cc, *this);
}
static constexpr int marshalSizeMax() noexcept
{
return ZT_CERTIFICATEOFOWNERSHIP_MARSHAL_SIZE_MAX;
}
static constexpr int marshalSizeMax() noexcept { return ZT_CERTIFICATEOFOWNERSHIP_MARSHAL_SIZE_MAX; }
int marshal(uint8_t data[ZT_CERTIFICATEOFOWNERSHIP_MARSHAL_SIZE_MAX], bool forSign = false) const noexcept;
int unmarshal(const uint8_t *data, int len) noexcept;
// Provides natural sort order by ID
ZT_INLINE bool operator<(const OwnershipCredential& coo) const noexcept
{
return (m_id < coo.m_id);
}
ZT_INLINE bool operator<(const OwnershipCredential &coo) const noexcept { return (m_id < coo.m_id); }
ZT_INLINE bool operator==(const OwnershipCredential &coo) const noexcept
{

6
core/Path.cpp
View file

@ -20,7 +20,11 @@ namespace ZeroTier {
bool Path::send(const Context &ctx, const CallContext &cc, const void *const data, const unsigned int len) noexcept
{
if (likely(ctx.cb.wirePacketSendFunction(reinterpret_cast<ZT_Node*>(ctx.node), ctx.uPtr, cc.tPtr, m_localSocket, reinterpret_cast<const ZT_InetAddress*>(&m_addr), data, len, 0) == 0)) {
if (likely(
ctx.cb.wirePacketSendFunction(
reinterpret_cast<ZT_Node *>(ctx.node), ctx.uPtr, cc.tPtr, m_localSocket,
reinterpret_cast<const ZT_InetAddress *>(&m_addr), data, len, 0)
== 0)) {
m_lastOut = cc.ticks;
m_outMeter.log(cc.ticks, len);
return true;

66
core/Path.hpp
View file

@ -36,7 +36,8 @@ class Path {
friend class SharedPtr<Path>;
// Allow defragmenter to access fragment-in-flight info stored in Path for performance reasons.
template <unsigned int MF, unsigned int MFP, unsigned int GCT, unsigned int GCS, typename P> friend class Defragmenter;
template <unsigned int MF, unsigned int MFP, unsigned int GCT, unsigned int GCS, typename P>
friend class Defragmenter;
public:
/**
@ -44,23 +45,24 @@ class Path {
*/
class Key {
public:
ZT_INLINE Key() noexcept
{
}
ZT_INLINE Key() noexcept {}
ZT_INLINE Key(const InetAddress &ip) noexcept
{
const unsigned int family = ip.as.sa.sa_family;
if (family == AF_INET) {
const uint16_t p = (uint16_t)ip.as.sa_in.sin_port;
m_hashCode = Utils::hash64((((uint64_t)ip.as.sa_in.sin_addr.s_addr) << 16U) ^ ((uint64_t)p) ^ Utils::s_mapNonce);
m_hashCode =
Utils::hash64((((uint64_t)ip.as.sa_in.sin_addr.s_addr) << 16U) ^ ((uint64_t)p) ^ Utils::s_mapNonce);
m_ipv6Net64 = 0; // 0 for IPv4, never 0 for IPv6
m_port = p;
}
else {
if (likely(family == AF_INET6)) {
const uint64_t a = Utils::loadMachineEndian<uint64_t>(reinterpret_cast<const uint8_t*>(ip.as.sa_in6.sin6_addr.s6_addr));
const uint64_t b = Utils::loadMachineEndian<uint64_t>(reinterpret_cast<const uint8_t*>(ip.as.sa_in6.sin6_addr.s6_addr) + 8);
const uint64_t a = Utils::loadMachineEndian<uint64_t>(
reinterpret_cast<const uint8_t *>(ip.as.sa_in6.sin6_addr.s6_addr));
const uint64_t b = Utils::loadMachineEndian<uint64_t>(
reinterpret_cast<const uint8_t *>(ip.as.sa_in6.sin6_addr.s6_addr) + 8);
const uint16_t p = ip.as.sa_in6.sin6_port;
m_hashCode = Utils::hash64(a ^ b ^ ((uint64_t)p) ^ Utils::s_mapNonce);
m_ipv6Net64 = a; // IPv6 /64
@ -75,20 +77,14 @@ class Path {
}
}
ZT_INLINE unsigned long hashCode() const noexcept
{
return (unsigned long)m_hashCode;
}
ZT_INLINE unsigned long hashCode() const noexcept { return (unsigned long)m_hashCode; }
ZT_INLINE bool operator==(const Key &k) const noexcept
{
return (m_hashCode == k.m_hashCode) && (m_ipv6Net64 == k.m_ipv6Net64) && (m_port == k.m_port);
}
ZT_INLINE bool operator!=(const Key& k) const noexcept
{
return (! (*this == k));
}
ZT_INLINE bool operator!=(const Key &k) const noexcept { return (!(*this == k)); }
ZT_INLINE bool operator<(const Key &k) const noexcept
{
@ -106,20 +102,11 @@ class Path {
return false;
}
ZT_INLINE bool operator>(const Key& k) const noexcept
{
return (k < *this);
}
ZT_INLINE bool operator>(const Key &k) const noexcept { return (k < *this); }
ZT_INLINE bool operator<=(const Key& k) const noexcept
{
return ! (k < *this);
}
ZT_INLINE bool operator<=(const Key &k) const noexcept { return !(k < *this); }
ZT_INLINE bool operator>=(const Key& k) const noexcept
{
return ! (*this < k);
}
ZT_INLINE bool operator>=(const Key &k) const noexcept { return !(*this < k); }
private:
uint64_t m_hashCode;
@ -188,10 +175,7 @@ class Path {
/**
* @return Latency in milliseconds or -1 if unknown
*/
ZT_INLINE int latency() const noexcept
{
return m_latency.load(std::memory_order_relaxed);
}
ZT_INLINE int latency() const noexcept { return m_latency.load(std::memory_order_relaxed); }
/**
* Check path aliveness
@ -206,34 +190,22 @@ class Path {
/**
* @return Physical address
*/
ZT_INLINE const InetAddress& address() const noexcept
{
return m_addr;
}
ZT_INLINE const InetAddress &address() const noexcept { return m_addr; }
/**
* @return Local socket as specified by external code
*/
ZT_INLINE int64_t localSocket() const noexcept
{
return m_localSocket;
}
ZT_INLINE int64_t localSocket() const noexcept { return m_localSocket; }
/**
* @return Last time we received anything
*/
ZT_INLINE int64_t lastIn() const noexcept
{
return m_lastIn.load(std::memory_order_relaxed);
}
ZT_INLINE int64_t lastIn() const noexcept { return m_lastIn.load(std::memory_order_relaxed); }
/**
* @return Last time we sent something
*/
ZT_INLINE int64_t lastOut() const noexcept
{
return m_lastOut.load(std::memory_order_relaxed);
}
ZT_INLINE int64_t lastOut() const noexcept { return m_lastOut.load(std::memory_order_relaxed); }
private:
const int64_t m_localSocket;

82
core/Peer.cpp
View file

@ -46,10 +46,7 @@ Peer::Peer()
{
}
Peer::~Peer()
{
Utils::burn(m_helloMacKey, sizeof(m_helloMacKey));
}
Peer::~Peer() { Utils::burn(m_helloMacKey, sizeof(m_helloMacKey)); }
bool Peer::init(const Context &ctx, const CallContext &cc, const Identity &peerIdentity)
{
@ -68,7 +65,10 @@ bool Peer::init(const Context& ctx, const CallContext& cc, const Identity& peerI
return true;
}
void Peer::received(const Context& ctx, const CallContext& cc, const SharedPtr<Path>& path, const unsigned int hops, const uint64_t packetId, const unsigned int payloadLength, const Protocol::Verb verb, const Protocol::Verb /*inReVerb*/)
void Peer::received(
const Context &ctx, const CallContext &cc, const SharedPtr<Path> &path, const unsigned int hops,
const uint64_t packetId, const unsigned int payloadLength, const Protocol::Verb verb,
const Protocol::Verb /*inReVerb*/)
{
m_lastReceive.store(cc.ticks, std::memory_order_relaxed);
m_inMeter.log(cc.ticks, payloadLength);
@ -118,14 +118,16 @@ void Peer::received(const Context& ctx, const CallContext& cc, const SharedPtr<P
m_prioritizePaths(cc);
ctx.t->learnedNewPath(cc, 0x582fabdd, packetId, m_id, path->address(), (old) ? old->address() : InetAddress());
ctx.t->learnedNewPath(
cc, 0x582fabdd, packetId, m_id, path->address(), (old) ? old->address() : InetAddress());
}
else {
int64_t &lt = m_lastTried[Endpoint(path->address())];
if ((cc.ticks - lt) < ZT_PATH_MIN_TRY_INTERVAL) {
lt = cc.ticks;
path->sent(cc, m_hello(ctx, cc, path->localSocket(), path->address(), false));
ctx.t->tryingNewPath(cc, 0xb7747ddd, m_id, path->address(), path->address(), packetId, (uint8_t)verb, m_id);
ctx.t->tryingNewPath(
cc, 0xb7747ddd, m_id, path->address(), path->address(), packetId, (uint8_t)verb, m_id);
}
}
}
@ -164,7 +166,10 @@ void Peer::pulse(const Context& ctx, const CallContext& cc)
// to be sent. The latter happens every ZT_PEER_HELLO_INTERVAL or if a new
// ephemeral key pair is generated.
bool needHello =
(((m_vProto >= 20) && (m_keyRenegotiationNeeded || (key == &m_identityKey) || ((cc.ticks - key->timestamp()) >= (ZT_SYMMETRIC_KEY_TTL / 2)) || (key->odometer() > (ZT_SYMMETRIC_KEY_TTL_MESSAGES / 2))))
(((m_vProto >= 20)
&& (m_keyRenegotiationNeeded || (key == &m_identityKey)
|| ((cc.ticks - key->timestamp()) >= (ZT_SYMMETRIC_KEY_TTL / 2))
|| (key->odometer() > (ZT_SYMMETRIC_KEY_TTL_MESSAGES / 2))))
|| ((cc.ticks - m_lastSentHello) >= ZT_PEER_HELLO_INTERVAL));
// Prioritize paths and more importantly for here forget dead ones.
@ -177,13 +182,16 @@ void Peer::pulse(const Context& ctx, const CallContext& cc)
// callback (if one was supplied).
if (m_locator) {
for (Vector<std::pair<Endpoint, SharedPtr<const Locator::EndpointAttributes> > >::const_iterator ep(m_locator->endpoints().begin()); ep != m_locator->endpoints().end(); ++ep) {
for (Vector<std::pair<Endpoint, SharedPtr<const Locator::EndpointAttributes>>>::const_iterator ep(
m_locator->endpoints().begin());
ep != m_locator->endpoints().end(); ++ep) {
if (ep->first.type == ZT_ENDPOINT_TYPE_IP_UDP) {
if (ctx.node->filterPotentialPath(cc.tPtr, m_id, -1, ep->first.ip())) {
int64_t &lt = m_lastTried[ep->first];
if ((cc.ticks - lt) > ZT_PATH_MIN_TRY_INTERVAL) {
lt = cc.ticks;
ctx.t->tryingNewPath(cc, 0x84b22322, m_id, ep->first.ip(), InetAddress::NIL, 0, 0, Identity::NIL);
ctx.t->tryingNewPath(
cc, 0x84b22322, m_id, ep->first.ip(), InetAddress::NIL, 0, 0, Identity::NIL);
sent(cc, m_sendProbe(ctx, cc, -1, ep->first.ip(), nullptr, 0));
}
}
@ -290,7 +298,8 @@ void Peer::pulse(const Context& ctx, const CallContext& cc)
for (unsigned int i = 0; i < m_alivePathCount; ++i) {
if (needHello) {
needHello = false;
const unsigned int bytes = m_hello(ctx, cc, m_paths[i]->localSocket(), m_paths[i]->address(), m_keyRenegotiationNeeded);
const unsigned int bytes =
m_hello(ctx, cc, m_paths[i]->localSocket(), m_paths[i]->address(), m_keyRenegotiationNeeded);
if (bytes) {
m_paths[i]->sent(cc, bytes);
sent(cc, bytes);
@ -311,7 +320,8 @@ void Peer::pulse(const Context& ctx, const CallContext& cc)
if (root) {
const SharedPtr<Path> via(root->path(cc));
if (via) {
const unsigned int bytes = m_hello(ctx, cc, via->localSocket(), via->address(), m_keyRenegotiationNeeded);
const unsigned int bytes =
m_hello(ctx, cc, via->localSocket(), via->address(), m_keyRenegotiationNeeded);
if (bytes) {
via->sent(cc, bytes);
root->relayed(cc, bytes);
@ -353,7 +363,9 @@ void Peer::contact(const Context& ctx, const CallContext& cc, const Endpoint& ep
// For IPv4 addresses we send a tiny packet with a low TTL, which helps to
// traverse some NAT types. It has no effect otherwise.
if (ep.isInetAddr() && ep.ip().isV4()) {
ctx.cb.wirePacketSendFunction(reinterpret_cast<ZT_Node*>(ctx.node), ctx.uPtr, cc.tPtr, -1, reinterpret_cast<const ZT_InetAddress*>(&ep.ip()), &s_arbitraryByte, 1, 2);
ctx.cb.wirePacketSendFunction(
reinterpret_cast<ZT_Node *>(ctx.node), ctx.uPtr, cc.tPtr, -1,
reinterpret_cast<const ZT_InetAddress *>(&ep.ip()), &s_arbitraryByte, 1, 2);
++s_arbitraryByte;
}
@ -369,13 +381,17 @@ void Peer::contact(const Context& ctx, const CallContext& cc, const Endpoint& ep
m_tryQueue.push_back(p_TryQueueItem(ep, -tries));
}
void Peer::resetWithinScope(const Context& ctx, const CallContext& cc, InetAddress::IpScope scope, int inetAddressFamily)
void Peer::resetWithinScope(
const Context &ctx, const CallContext &cc, InetAddress::IpScope scope, int inetAddressFamily)
{
RWMutex::Lock l(m_lock);
unsigned int pc = 0;
for (unsigned int i = 0; i < m_alivePathCount; ++i) {
if ((m_paths[i]) && (((int)m_paths[i]->address().as.sa.sa_family == inetAddressFamily) && (m_paths[i]->address().ipScope() == scope))) {
const unsigned int bytes = m_sendProbe(ctx, cc, m_paths[i]->localSocket(), m_paths[i]->address(), nullptr, 0);
if ((m_paths[i])
&& (((int)m_paths[i]->address().as.sa.sa_family == inetAddressFamily)
&& (m_paths[i]->address().ipScope() == scope))) {
const unsigned int bytes =
m_sendProbe(ctx, cc, m_paths[i]->localSocket(), m_paths[i]->address(), nullptr, 0);
m_paths[i]->sent(cc, bytes);
sent(cc, bytes);
}
@ -470,7 +486,9 @@ int Peer::unmarshal(const Context& ctx, const int64_t ticks, const uint8_t* rest
bool identityKeyRestored = false;
if (Address(data + 1) == ctx.identity.address()) {
uint8_t k[ZT_SYMMETRIC_KEY_SIZE];
static_assert(ZT_SYMMETRIC_KEY_SIZE == 48, "marshal() and unmarshal() must be revisited if ZT_SYMMETRIC_KEY_SIZE is changed");
static_assert(
ZT_SYMMETRIC_KEY_SIZE == 48,
"marshal() and unmarshal() must be revisited if ZT_SYMMETRIC_KEY_SIZE is changed");
ctx.localSecretCipher.decrypt(data + 1 + ZT_ADDRESS_LENGTH, k);
ctx.localSecretCipher.decrypt(data + 1 + ZT_ADDRESS_LENGTH + 16, k + 16);
ctx.localSecretCipher.decrypt(data + 1 + ZT_ADDRESS_LENGTH + 32, k + 32);
@ -573,7 +591,9 @@ void Peer::m_prioritizePaths(const CallContext& cc)
m_bestPath.store((m_alivePathCount != 0) ? (uintptr_t)m_paths[0].ptr() : (uintptr_t)0, std::memory_order_release);
}
unsigned int Peer::m_sendProbe(const Context& ctx, const CallContext& cc, int64_t localSocket, const InetAddress& atAddress, const uint16_t* ports, const unsigned int numPorts)
unsigned int Peer::m_sendProbe(
const Context &ctx, const CallContext &cc, int64_t localSocket, const InetAddress &atAddress, const uint16_t *ports,
const unsigned int numPorts)
{
// Assumes m_lock is locked
@ -582,7 +602,8 @@ unsigned int Peer::m_sendProbe(const Context& ctx, const CallContext& cc, int64_
// some future attacker compromises it.
uint8_t p[ZT_PROTO_MIN_PACKET_LENGTH];
Utils::storeMachineEndian<uint64_t>(p + ZT_PROTO_PACKET_ID_INDEX, m_identityKey.nextMessage(ctx.identity.address(), m_id.address()));
Utils::storeMachineEndian<uint64_t>(
p + ZT_PROTO_PACKET_ID_INDEX, m_identityKey.nextMessage(ctx.identity.address(), m_id.address()));
m_id.address().copyTo(p + ZT_PROTO_PACKET_DESTINATION_INDEX);
ctx.identity.address().copyTo(p + ZT_PROTO_PACKET_SOURCE_INDEX);
p[ZT_PROTO_PACKET_FLAGS_INDEX] = 0;
@ -594,12 +615,16 @@ unsigned int Peer::m_sendProbe(const Context& ctx, const CallContext& cc, int64_
InetAddress tmp(atAddress);
for (unsigned int i = 0; i < numPorts; ++i) {
tmp.setPort(ports[i]);
ctx.cb.wirePacketSendFunction(reinterpret_cast<ZT_Node*>(ctx.node), ctx.uPtr, cc.tPtr, -1, reinterpret_cast<const ZT_InetAddress*>(&tmp), p, ZT_PROTO_MIN_PACKET_LENGTH, 0);
ctx.cb.wirePacketSendFunction(
reinterpret_cast<ZT_Node *>(ctx.node), ctx.uPtr, cc.tPtr, -1,
reinterpret_cast<const ZT_InetAddress *>(&tmp), p, ZT_PROTO_MIN_PACKET_LENGTH, 0);
}
return ZT_PROTO_MIN_PACKET_LENGTH * numPorts;
}
else {
ctx.cb.wirePacketSendFunction(reinterpret_cast<ZT_Node*>(ctx.node), ctx.uPtr, cc.tPtr, -1, reinterpret_cast<const ZT_InetAddress*>(&atAddress), p, ZT_PROTO_MIN_PACKET_LENGTH, 0);
ctx.cb.wirePacketSendFunction(
reinterpret_cast<ZT_Node *>(ctx.node), ctx.uPtr, cc.tPtr, -1,
reinterpret_cast<const ZT_InetAddress *>(&atAddress), p, ZT_PROTO_MIN_PACKET_LENGTH, 0);
return ZT_PROTO_MIN_PACKET_LENGTH;
}
}
@ -618,7 +643,9 @@ void Peer::m_deriveSecondaryIdentityKeys() noexcept
KBKDFHMACSHA384(m_identityKey.key(), ZT_KBKDF_LABEL_PACKET_HMAC, 0, 0, m_helloMacKey);
}
unsigned int Peer::m_hello(const Context& ctx, const CallContext& cc, int64_t localSocket, const InetAddress& atAddress, const bool forceNewKey)
unsigned int Peer::m_hello(
const Context &ctx, const CallContext &cc, int64_t localSocket, const InetAddress &atAddress,
const bool forceNewKey)
{
// assumes m_lock is at least locked for reading
@ -719,12 +746,19 @@ unsigned int Peer::m_hello(const Context& ctx, const CallContext& cc, int64_t lo
Protocol::salsa2012DeriveKey(m_identityKey.key(), perPacketKey, outp, ii);
Salsa20(perPacketKey, &packetId).crypt12(Utils::ZERO256, polyKey, sizeof(polyKey));
Poly1305 p1305(polyKey);
p1305.update(outp.unsafeData + ZT_PROTO_PACKET_ENCRYPTED_SECTION_START, ii - ZT_PROTO_PACKET_ENCRYPTED_SECTION_START);
p1305.update(
outp.unsafeData + ZT_PROTO_PACKET_ENCRYPTED_SECTION_START, ii - ZT_PROTO_PACKET_ENCRYPTED_SECTION_START);
uint64_t polyMac[2];
p1305.finish(polyMac);
Utils::storeMachineEndian<uint64_t>(outp.unsafeData + ZT_PROTO_PACKET_MAC_INDEX, polyMac[0]);
return (likely(ctx.cb.wirePacketSendFunction(reinterpret_cast<ZT_Node*>(ctx.node), ctx.uPtr, cc.tPtr, localSocket, reinterpret_cast<const ZT_InetAddress*>(&atAddress), outp.unsafeData, ii, 0) == 0)) ? (unsigned int)ii : 0U;
return (likely(
ctx.cb.wirePacketSendFunction(
reinterpret_cast<ZT_Node *>(ctx.node), ctx.uPtr, cc.tPtr, localSocket,
reinterpret_cast<const ZT_InetAddress *>(&atAddress), outp.unsafeData, ii, 0)
== 0))
? (unsigned int)ii
: 0U;
}
} // namespace ZeroTier

94
core/Peer.hpp
View file

@ -31,7 +31,9 @@
#include "SymmetricKey.hpp"
#include "Utils.hpp"
#define ZT_PEER_MARSHAL_SIZE_MAX (1 + ZT_ADDRESS_LENGTH + ZT_SYMMETRIC_KEY_SIZE + ZT_IDENTITY_MARSHAL_SIZE_MAX + 1 + ZT_LOCATOR_MARSHAL_SIZE_MAX + (2 * 4) + 2)
#define ZT_PEER_MARSHAL_SIZE_MAX \
(1 + ZT_ADDRESS_LENGTH + ZT_SYMMETRIC_KEY_SIZE + ZT_IDENTITY_MARSHAL_SIZE_MAX + 1 + ZT_LOCATOR_MARSHAL_SIZE_MAX \
+ (2 * 4) + 2)
#define ZT_PEER_DEDUP_BUFFER_SIZE 1024
#define ZT_PEER_DEDUP_BUFFER_MASK 1023U
@ -71,18 +73,12 @@ class Peer {
/**
* @return This peer's ZT address (short for identity().address())
*/
ZT_INLINE Address address() const noexcept
{
return m_id.address();
}
ZT_INLINE Address address() const noexcept { return m_id.address(); }
/**
* @return This peer's identity
*/
ZT_INLINE const Identity& identity() const noexcept
{
return m_id;
}
ZT_INLINE const Identity &identity() const noexcept { return m_id; }
/**
* @return Current locator or NULL if no locator is known
@ -125,7 +121,9 @@ class Peer {
* @param verb Packet verb
* @param inReVerb In-reply verb for OK or ERROR verbs
*/
void received(const Context& ctx, const CallContext& cc, const SharedPtr<Path>& path, unsigned int hops, uint64_t packetId, unsigned int payloadLength, Protocol::Verb verb, Protocol::Verb inReVerb);
void received(
const Context &ctx, const CallContext &cc, const SharedPtr<Path> &path, unsigned int hops, uint64_t packetId,
unsigned int payloadLength, Protocol::Verb verb, Protocol::Verb inReVerb);
/**
* Log sent data
@ -165,7 +163,9 @@ class Peer {
* @param len Length in bytes
* @param via Path over which to send data (may or may not be an already-learned path for this peer)
*/
ZT_INLINE void send(const Context& ctx, const CallContext& cc, const void* data, unsigned int len, const SharedPtr<Path>& via) noexcept
ZT_INLINE void send(
const Context &ctx, const CallContext &cc, const void *data, unsigned int len,
const SharedPtr<Path> &via) noexcept
{
via->send(ctx, cc, data, len);
sent(cc, len);
@ -214,10 +214,7 @@ class Peer {
/**
* @return Time of last receive of anything, whether direct or relayed
*/
ZT_INLINE int64_t lastReceive() const noexcept
{
return m_lastReceive.load(std::memory_order_relaxed);
}
ZT_INLINE int64_t lastReceive() const noexcept { return m_lastReceive.load(std::memory_order_relaxed); }
/**
* @return Average latency of all direct paths or -1 if no direct paths or unknown
@ -250,34 +247,22 @@ class Peer {
/**
* @return The permanent shared key for this peer computed by simple identity agreement
*/
ZT_INLINE SymmetricKey& identityKey() noexcept
{
return m_identityKey;
}
ZT_INLINE SymmetricKey &identityKey() noexcept { return m_identityKey; }
/**
* @return AES instance for HELLO dictionary / encrypted section encryption/decryption
*/
ZT_INLINE const AES& identityHelloDictionaryEncryptionCipher() const noexcept
{
return m_helloCipher;
}
ZT_INLINE const AES &identityHelloDictionaryEncryptionCipher() const noexcept { return m_helloCipher; }
/**
* @return Key for HMAC on HELLOs
*/
ZT_INLINE const uint8_t* identityHelloHmacKey() const noexcept
{
return m_helloMacKey;
}
ZT_INLINE const uint8_t *identityHelloHmacKey() const noexcept { return m_helloMacKey; }
/**
* @return Raw identity key bytes
*/
ZT_INLINE const uint8_t* rawIdentityKey() const noexcept
{
return m_identityKey.key();
}
ZT_INLINE const uint8_t *rawIdentityKey() const noexcept { return m_identityKey.key(); }
/**
* @return Current best key: either the latest ephemeral or the identity key
@ -298,7 +283,8 @@ class Peer {
* @param notYetTried All keys known (long lived or session) other than alreadyTried
* @return Number of pointers written to notYetTried[]
*/
ZT_INLINE int getOtherKeys(const SymmetricKey* const alreadyTried, SymmetricKey* notYetTried[ZT_PEER_EPHEMERAL_KEY_COUNT_MAX]) noexcept
ZT_INLINE int getOtherKeys(
const SymmetricKey *const alreadyTried, SymmetricKey *notYetTried[ZT_PEER_EPHEMERAL_KEY_COUNT_MAX]) noexcept
{
RWMutex::RLock l(m_lock);
int cnt = 0;
@ -334,7 +320,8 @@ class Peer {
* @param vmin Minor version
* @param vrev Revision
*/
ZT_INLINE void setRemoteVersion(unsigned int vproto, unsigned int vmaj, unsigned int vmin, unsigned int vrev) noexcept
ZT_INLINE void
setRemoteVersion(unsigned int vproto, unsigned int vmaj, unsigned int vmin, unsigned int vrev) noexcept
{
RWMutex::Lock l(m_lock);
m_vProto = (uint16_t)vproto;
@ -386,10 +373,7 @@ class Peer {
*/
void save(const Context &ctx, const CallContext &cc) const;
static constexpr int marshalSizeMax() noexcept
{
return ZT_PEER_MARSHAL_SIZE_MAX;
}
static constexpr int marshalSizeMax() noexcept { return ZT_PEER_MARSHAL_SIZE_MAX; }
int marshal(const Context &ctx, uint8_t data[ZT_PEER_MARSHAL_SIZE_MAX]) const noexcept;
int unmarshal(const Context &ctx, int64_t ticks, const uint8_t *restrict data, int len) noexcept;
@ -441,7 +425,9 @@ class Peer {
*/
ZT_INLINE bool deduplicateIncomingPacket(const uint64_t packetId) noexcept
{
return m_dedup[Utils::hash32((uint32_t)packetId) & ZT_PEER_DEDUP_BUFFER_MASK].exchange(packetId, std::memory_order_relaxed) == packetId;
return m_dedup[Utils::hash32((uint32_t)packetId) & ZT_PEER_DEDUP_BUFFER_MASK].exchange(
packetId, std::memory_order_relaxed)
== packetId;
}
private:
@ -451,17 +437,14 @@ class Peer {
uint8_t p384Public[ZT_ECC384_PUBLIC_KEY_SIZE];
};
static_assert(sizeof(p_EphemeralPublic) == (1 + ZT_C25519_ECDH_PUBLIC_KEY_SIZE + ZT_ECC384_PUBLIC_KEY_SIZE), "p_EphemeralPublic has extra padding");
static_assert(
sizeof(p_EphemeralPublic) == (1 + ZT_C25519_ECDH_PUBLIC_KEY_SIZE + ZT_ECC384_PUBLIC_KEY_SIZE),
"p_EphemeralPublic has extra padding");
struct p_EphemeralPrivate {
ZT_INLINE p_EphemeralPrivate() noexcept : creationTime(-1)
{
}
ZT_INLINE p_EphemeralPrivate() noexcept : creationTime(-1) {}
ZT_INLINE ~p_EphemeralPrivate()
{
Utils::burn(this, sizeof(p_EphemeralPublic));
}
ZT_INLINE ~p_EphemeralPrivate() { Utils::burn(this, sizeof(p_EphemeralPublic)); }
int64_t creationTime;
uint64_t sha384OfPublic[6];
@ -471,9 +454,7 @@ class Peer {
};
struct p_EphemeralSession {
ZT_INLINE p_EphemeralSession() noexcept : established(false)
{
}
ZT_INLINE p_EphemeralSession() noexcept : established(false) {}
uint64_t sha384OfPeerPublic[6];
SymmetricKey key;
@ -481,9 +462,12 @@ class Peer {
};
void m_prioritizePaths(const CallContext &cc);
unsigned int m_sendProbe(const Context& ctx, const CallContext& cc, int64_t localSocket, const InetAddress& atAddress, const uint16_t* ports, unsigned int numPorts);
unsigned int m_sendProbe(
const Context &ctx, const CallContext &cc, int64_t localSocket, const InetAddress &atAddress,
const uint16_t *ports, unsigned int numPorts);
void m_deriveSecondaryIdentityKeys() noexcept;
unsigned int m_hello(const Context& ctx, const CallContext& cc, int64_t localSocket, const InetAddress& atAddress, bool forceNewKey);
unsigned int m_hello(
const Context &ctx, const CallContext &cc, int64_t localSocket, const InetAddress &atAddress, bool forceNewKey);
// Guards all fields except those otherwise indicated (and atomics of course).
RWMutex m_lock;
@ -552,13 +536,9 @@ class Peer {
std::atomic<int> __refCount;
struct p_TryQueueItem {
ZT_INLINE p_TryQueueItem() : target(), iteration(0)
{
}
ZT_INLINE p_TryQueueItem() : target(), iteration(0) {}
ZT_INLINE p_TryQueueItem(const Endpoint& t, int iter) : target(t), iteration(iter)
{
}
ZT_INLINE p_TryQueueItem(const Endpoint &t, int iter) : target(t), iteration(iter) {}
Endpoint target;
int iteration;

23
core/Poly1305.cpp
View file

@ -309,11 +309,21 @@ void poly1305_blocks(poly1305_state_internal_t* st, const unsigned char* m, size
h4 += (U8TO32(m + 12) >> 8) | hibit;
/* h *= r */
unsigned long long d0 = ((unsigned long long)h0 * r0) + ((unsigned long long)h1 * s4) + ((unsigned long long)h2 * s3) + ((unsigned long long)h3 * s2) + ((unsigned long long)h4 * s1);
unsigned long long d1 = ((unsigned long long)h0 * r1) + ((unsigned long long)h1 * r0) + ((unsigned long long)h2 * s4) + ((unsigned long long)h3 * s3) + ((unsigned long long)h4 * s2);
unsigned long long d2 = ((unsigned long long)h0 * r2) + ((unsigned long long)h1 * r1) + ((unsigned long long)h2 * r0) + ((unsigned long long)h3 * s4) + ((unsigned long long)h4 * s3);
unsigned long long d3 = ((unsigned long long)h0 * r3) + ((unsigned long long)h1 * r2) + ((unsigned long long)h2 * r1) + ((unsigned long long)h3 * r0) + ((unsigned long long)h4 * s4);
unsigned long long d4 = ((unsigned long long)h0 * r4) + ((unsigned long long)h1 * r3) + ((unsigned long long)h2 * r2) + ((unsigned long long)h3 * r1) + ((unsigned long long)h4 * r0);
unsigned long long d0 = ((unsigned long long)h0 * r0) + ((unsigned long long)h1 * s4)
+ ((unsigned long long)h2 * s3) + ((unsigned long long)h3 * s2)
+ ((unsigned long long)h4 * s1);
unsigned long long d1 = ((unsigned long long)h0 * r1) + ((unsigned long long)h1 * r0)
+ ((unsigned long long)h2 * s4) + ((unsigned long long)h3 * s3)
+ ((unsigned long long)h4 * s2);
unsigned long long d2 = ((unsigned long long)h0 * r2) + ((unsigned long long)h1 * r1)
+ ((unsigned long long)h2 * r0) + ((unsigned long long)h3 * s4)
+ ((unsigned long long)h4 * s3);
unsigned long long d3 = ((unsigned long long)h0 * r3) + ((unsigned long long)h1 * r2)
+ ((unsigned long long)h2 * r1) + ((unsigned long long)h3 * r0)
+ ((unsigned long long)h4 * s4);
unsigned long long d4 = ((unsigned long long)h0 * r4) + ((unsigned long long)h1 * r3)
+ ((unsigned long long)h2 * r2) + ((unsigned long long)h3 * r1)
+ ((unsigned long long)h4 * r0);
/* (partial) h %= p */
unsigned long c = (unsigned long)(d0 >> 26);
@ -503,7 +513,8 @@ void Poly1305::init(const void* key) noexcept
void Poly1305::update(const void *data, unsigned int len) noexcept
{
poly1305_update(reinterpret_cast<poly1305_context*>(&ctx), reinterpret_cast<const unsigned char*>(data), (size_t)len);
poly1305_update(
reinterpret_cast<poly1305_context *>(&ctx), reinterpret_cast<const unsigned char *>(data), (size_t)len);
}
void Poly1305::finish(void *auth) noexcept

12
core/Poly1305.hpp
View file

@ -26,20 +26,16 @@ namespace ZeroTier {
*/
class Poly1305 {
public:
ZT_INLINE Poly1305()
{
}
ZT_INLINE Poly1305() {}
ZT_INLINE Poly1305(const void* key)
{
this->init(key);
}
ZT_INLINE Poly1305(const void *key) { this->init(key); }
void init(const void *key) noexcept;
void update(const void *data, unsigned int len) noexcept;
void finish(void *auth) noexcept;
static ZT_INLINE void compute(void* const auth, const void* const data, const unsigned int len, const void* const key) noexcept
static ZT_INLINE void
compute(void *const auth, const void *const data, const unsigned int len, const void *const key) noexcept
{
Poly1305 p(key);
p.update(data, len);

85
core/Protocol.hpp
View file

@ -253,7 +253,9 @@
#define ZT_PROTO_HELLO_NODE_META_EPHEMERAL_ACK "E"
static_assert(ZT_PROTO_MAX_PACKET_LENGTH < ZT_BUF_MEM_SIZE, "maximum packet length won't fit in Buf");
static_assert(ZT_PROTO_PACKET_ENCRYPTED_SECTION_START == (ZT_PROTO_MIN_PACKET_LENGTH - 1), "encrypted packet section must start right before protocol verb at one less than minimum packet size");
static_assert(
ZT_PROTO_PACKET_ENCRYPTED_SECTION_START == (ZT_PROTO_MIN_PACKET_LENGTH - 1),
"encrypted packet section must start right before protocol verb at one less than minimum packet size");
namespace ZeroTier {
namespace Protocol {
@ -687,46 +689,26 @@ enum Verb {
static ZT_INLINE const char *verbName(const Verb v) noexcept
{
switch (v) {
case VERB_NOP:
return "NOP";
case VERB_HELLO:
return "HELLO";
case VERB_ERROR:
return "ERROR";
case VERB_OK:
return "OK";
case VERB_WHOIS:
return "WHOIS";
case VERB_RENDEZVOUS:
return "RENDEZVOUS";
case VERB_FRAME:
return "FRAME";
case VERB_EXT_FRAME:
return "EXT_FRAME";
case VERB_ECHO:
return "ECHO";
case VERB_MULTICAST_LIKE:
return "MULTICAST_LIKE";
case VERB_NETWORK_CREDENTIALS:
return "NETWORK_CREDENTIALS";
case VERB_NETWORK_CONFIG_REQUEST:
return "NETWORK_CONFIG_REQUEST";
case VERB_NETWORK_CONFIG:
return "NETWORK_CONFIG";
case VERB_MULTICAST_GATHER:
return "MULTICAST_GATHER";
case VERB_MULTICAST_FRAME_deprecated:
return "MULTICAST_FRAME_deprecated";
case VERB_PUSH_DIRECT_PATHS:
return "PUSH_DIRECT_PATHS";
case VERB_USER_MESSAGE:
return "USER_MESSAGE";
case VERB_MULTICAST:
return "MULTICAST";
case VERB_ENCAP:
return "ENCAP";
default:
return "(unknown)";
case VERB_NOP: return "NOP";
case VERB_HELLO: return "HELLO";
case VERB_ERROR: return "ERROR";
case VERB_OK: return "OK";
case VERB_WHOIS: return "WHOIS";
case VERB_RENDEZVOUS: return "RENDEZVOUS";
case VERB_FRAME: return "FRAME";
case VERB_EXT_FRAME: return "EXT_FRAME";
case VERB_ECHO: return "ECHO";
case VERB_MULTICAST_LIKE: return "MULTICAST_LIKE";
case VERB_NETWORK_CREDENTIALS: return "NETWORK_CREDENTIALS";
case VERB_NETWORK_CONFIG_REQUEST: return "NETWORK_CONFIG_REQUEST";
case VERB_NETWORK_CONFIG: return "NETWORK_CONFIG";
case VERB_MULTICAST_GATHER: return "MULTICAST_GATHER";
case VERB_MULTICAST_FRAME_deprecated: return "MULTICAST_FRAME_deprecated";
case VERB_PUSH_DIRECT_PATHS: return "PUSH_DIRECT_PATHS";
case VERB_USER_MESSAGE: return "USER_MESSAGE";
case VERB_MULTICAST: return "MULTICAST";
case VERB_ENCAP: return "ENCAP";
default: return "(unknown)";
}
}
@ -811,7 +793,8 @@ enum NetworkConfigFlag {
* @param in Input key (32 bytes)
* @param out Output buffer (32 bytes)
*/
static ZT_INLINE void salsa2012DeriveKey(const uint8_t* const in, uint8_t* const out, const Buf& packet, const unsigned int packetSize) noexcept
static ZT_INLINE void salsa2012DeriveKey(
const uint8_t *const in, uint8_t *const out, const Buf &packet, const unsigned int packetSize) noexcept
{
// IV and source/destination addresses. Using the addresses divides the
// key space into two halves-- A->B and B->A (since order will change).
@ -819,9 +802,12 @@ static ZT_INLINE void salsa2012DeriveKey(const uint8_t* const in, uint8_t* const
for (int i = 0; i < 18; ++i)
out[i] = in[i] ^ packet.unsafeData[i];
#else
*reinterpret_cast<uint64_t*>(out) = *reinterpret_cast<const uint64_t*>(in) ^ *reinterpret_cast<const uint64_t*>(packet.unsafeData);
*reinterpret_cast<uint64_t*>(out + 8) = *reinterpret_cast<const uint64_t*>(in + 8) ^ *reinterpret_cast<const uint64_t*>(packet.unsafeData + 8);
*reinterpret_cast<uint16_t*>(out + 16) = *reinterpret_cast<const uint16_t*>(in + 16) ^ *reinterpret_cast<const uint16_t*>(packet.unsafeData + 16);
*reinterpret_cast<uint64_t *>(out) =
*reinterpret_cast<const uint64_t *>(in) ^ *reinterpret_cast<const uint64_t *>(packet.unsafeData);
*reinterpret_cast<uint64_t *>(out + 8) =
*reinterpret_cast<const uint64_t *>(in + 8) ^ *reinterpret_cast<const uint64_t *>(packet.unsafeData + 8);
*reinterpret_cast<uint16_t *>(out + 16) =
*reinterpret_cast<const uint16_t *>(in + 16) ^ *reinterpret_cast<const uint16_t *>(packet.unsafeData + 16);
#endif
// Flags, but with hop count masked off. Hop count is altered by forwarding
@ -854,7 +840,8 @@ static ZT_INLINE void salsa2012DeriveKey(const uint8_t* const in, uint8_t* const
* @param verb Protocol verb
* @return Index of packet start
*/
static ZT_INLINE int newPacket(uint8_t pkt[28], const uint64_t packetId, const Address destination, const Address source, const Verb verb) noexcept
static ZT_INLINE int newPacket(
uint8_t pkt[28], const uint64_t packetId, const Address destination, const Address source, const Verb verb) noexcept
{
Utils::storeMachineEndian<uint64_t>(pkt + ZT_PROTO_PACKET_ID_INDEX, packetId);
destination.copyTo(pkt + ZT_PROTO_PACKET_DESTINATION_INDEX);
@ -865,7 +852,8 @@ static ZT_INLINE int newPacket(uint8_t pkt[28], const uint64_t packetId, const A
return ZT_PROTO_PACKET_VERB_INDEX + 1;
}
static ZT_INLINE int newPacket(Buf& pkt, const uint64_t packetId, const Address destination, const Address source, const Verb verb) noexcept
static ZT_INLINE int
newPacket(Buf &pkt, const uint64_t packetId, const Address destination, const Address source, const Verb verb) noexcept
{
return newPacket(pkt.unsafeData, packetId, destination, source, verb);
}
@ -879,7 +867,8 @@ static ZT_INLINE int newPacket(Buf& pkt, const uint64_t packetId, const Address
* @param cipherSuite Cipher suite to use for AEAD encryption or just MAC
* @return Packet ID of packet (which may change!)
*/
static ZT_INLINE uint64_t armor(uint8_t* const pkt, const int packetSize, const SymmetricKey& key, const uint8_t cipherSuite) noexcept
static ZT_INLINE uint64_t
armor(uint8_t *const pkt, const int packetSize, const SymmetricKey &key, const uint8_t cipherSuite) noexcept
{
// TODO
#if 0

71
core/RevocationCredential.hpp
View file

@ -39,15 +39,9 @@ class RevocationCredential : public Credential {
friend class Credential;
public:
static constexpr ZT_CredentialType credentialType() noexcept
{
return ZT_CREDENTIAL_TYPE_REVOCATION;
}
static constexpr ZT_CredentialType credentialType() noexcept { return ZT_CREDENTIAL_TYPE_REVOCATION; }
ZT_INLINE RevocationCredential() noexcept
{
memoryZero(this);
}
ZT_INLINE RevocationCredential() noexcept { memoryZero(this); }
/**
* @param i ID (arbitrary for revocations, currently random)
@ -59,11 +53,7 @@ class RevocationCredential : public Credential {
* @param ct Credential type being revoked
*/
ZT_INLINE RevocationCredential(
const uint32_t i,
const uint64_t nwid,
const uint32_t cid,
const uint64_t thr,
const uint64_t fl,
const uint32_t i, const uint64_t nwid, const uint32_t cid, const uint64_t thr, const uint64_t fl,
const Address &tgt,
const ZT_CredentialType ct) noexcept
: // NOLINT(cppcoreguidelines-pro-type-member-init,hicpp-member-init)
@ -79,55 +69,25 @@ class RevocationCredential : public Credential {
{
}
ZT_INLINE uint32_t id() const noexcept
{
return m_id;
}
ZT_INLINE uint32_t id() const noexcept { return m_id; }
ZT_INLINE uint32_t credentialId() const noexcept
{
return m_credentialId;
}
ZT_INLINE uint32_t credentialId() const noexcept { return m_credentialId; }
ZT_INLINE uint64_t networkId() const noexcept
{
return m_networkId;
}
ZT_INLINE uint64_t networkId() const noexcept { return m_networkId; }
ZT_INLINE int64_t threshold() const noexcept
{
return m_threshold;
}
ZT_INLINE int64_t threshold() const noexcept { return m_threshold; }
ZT_INLINE const Address& target() const noexcept
{
return m_target;
}
ZT_INLINE const Address &target() const noexcept { return m_target; }
ZT_INLINE const Address& signer() const noexcept
{
return m_signedBy;
}
ZT_INLINE const Address &signer() const noexcept { return m_signedBy; }
ZT_INLINE ZT_CredentialType typeBeingRevoked() const noexcept
{
return m_type;
}
ZT_INLINE ZT_CredentialType typeBeingRevoked() const noexcept { return m_type; }
ZT_INLINE const uint8_t* signature() const noexcept
{
return m_signature;
}
ZT_INLINE const uint8_t *signature() const noexcept { return m_signature; }
ZT_INLINE unsigned int signatureLength() const noexcept
{
return m_signatureLength;
}
ZT_INLINE unsigned int signatureLength() const noexcept { return m_signatureLength; }
ZT_INLINE bool fastPropagate() const noexcept
{
return ((m_flags & ZT_REVOCATION_FLAG_FAST_PROPAGATE) != 0);
}
ZT_INLINE bool fastPropagate() const noexcept { return ((m_flags & ZT_REVOCATION_FLAG_FAST_PROPAGATE) != 0); }
/**
* @param signer Signing identity, must have private key
@ -146,10 +106,7 @@ class RevocationCredential : public Credential {
return s_verify(ctx, cc, *this);
}
static constexpr int marshalSizeMax() noexcept
{
return ZT_REVOCATION_MARSHAL_SIZE_MAX;
}
static constexpr int marshalSizeMax() noexcept { return ZT_REVOCATION_MARSHAL_SIZE_MAX; }
int marshal(uint8_t data[ZT_REVOCATION_MARSHAL_SIZE_MAX], bool forSign = false) const noexcept;
int unmarshal(const uint8_t *restrict data, int len) noexcept;

31
core/SHA512.cpp
View file

@ -16,15 +16,24 @@ struct sha512_state {
uint8_t buf[128];
};
static const uint64_t K[80] = { 0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL, 0xb5c0fbcfec4d3b2fULL, 0xe9b5dba58189dbbcULL, 0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL, 0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL, 0xd807aa98a3030242ULL,
0x12835b0145706fbeULL, 0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL, 0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL, 0x9bdc06a725c71235ULL, 0xc19bf174cf692694ULL, 0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL,
0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL, 0x2de92c6f592b0275ULL, 0x4a7484aa6ea6e483ULL, 0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL, 0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL, 0xb00327c898fb213fULL,
0xbf597fc7beef0ee4ULL, 0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL, 0x06ca6351e003826fULL, 0x142929670a0e6e70ULL, 0x27b70a8546d22ffcULL, 0x2e1b21385c26c926ULL, 0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL,
0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL, 0x81c2c92e47edaee6ULL, 0x92722c851482353bULL, 0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL, 0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL, 0xd192e819d6ef5218ULL,
0xd69906245565a910ULL, 0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL, 0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL, 0x2748774cdf8eeb99ULL, 0x34b0bcb5e19b48a8ULL, 0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL,
0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL, 0x748f82ee5defb2fcULL, 0x78a5636f43172f60ULL, 0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL, 0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL, 0xbef9a3f7b2c67915ULL,
0xc67178f2e372532bULL, 0xca273eceea26619cULL, 0xd186b8c721c0c207ULL, 0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL, 0x06f067aa72176fbaULL, 0x0a637dc5a2c898a6ULL, 0x113f9804bef90daeULL, 0x1b710b35131c471bULL,
0x28db77f523047d84ULL, 0x32caab7b40c72493ULL, 0x3c9ebe0a15c9bebcULL, 0x431d67c49c100d4cULL, 0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL, 0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL };
static const uint64_t K[80] = {
0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL, 0xb5c0fbcfec4d3b2fULL, 0xe9b5dba58189dbbcULL, 0x3956c25bf348b538ULL,
0x59f111f1b605d019ULL, 0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL, 0xd807aa98a3030242ULL, 0x12835b0145706fbeULL,
0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL, 0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL, 0x9bdc06a725c71235ULL,
0xc19bf174cf692694ULL, 0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL, 0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL,
0x2de92c6f592b0275ULL, 0x4a7484aa6ea6e483ULL, 0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL, 0x983e5152ee66dfabULL,
0xa831c66d2db43210ULL, 0xb00327c898fb213fULL, 0xbf597fc7beef0ee4ULL, 0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL,
0x06ca6351e003826fULL, 0x142929670a0e6e70ULL, 0x27b70a8546d22ffcULL, 0x2e1b21385c26c926ULL, 0x4d2c6dfc5ac42aedULL,
0x53380d139d95b3dfULL, 0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL, 0x81c2c92e47edaee6ULL, 0x92722c851482353bULL,
0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL, 0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL, 0xd192e819d6ef5218ULL,
0xd69906245565a910ULL, 0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL, 0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL,
0x2748774cdf8eeb99ULL, 0x34b0bcb5e19b48a8ULL, 0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL, 0x5b9cca4f7763e373ULL,
0x682e6ff3d6b2b8a3ULL, 0x748f82ee5defb2fcULL, 0x78a5636f43172f60ULL, 0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL,
0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL, 0xbef9a3f7b2c67915ULL, 0xc67178f2e372532bULL, 0xca273eceea26619cULL,
0xd186b8c721c0c207ULL, 0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL, 0x06f067aa72176fbaULL, 0x0a637dc5a2c898a6ULL,
0x113f9804bef90daeULL, 0x1b710b35131c471bULL, 0x28db77f523047d84ULL, 0x32caab7b40c72493ULL, 0x3c9ebe0a15c9bebcULL,
0x431d67c49c100d4cULL, 0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL, 0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL
};
#define STORE64H(x, y) Utils::storeBigEndian<uint64_t>(y, x)
#define LOAD64H(x, y) x = Utils::loadBigEndian<uint64_t>(y)
@ -237,7 +246,9 @@ void HMACSHA384(const uint8_t key[ZT_SYMMETRIC_KEY_SIZE], const void* msg, const
SHA384(mac, outer, 176);
}
void KBKDFHMACSHA384(const uint8_t key[ZT_SYMMETRIC_KEY_SIZE], const char label, const char context, const uint32_t iter, uint8_t out[ZT_SYMMETRIC_KEY_SIZE])
void KBKDFHMACSHA384(
const uint8_t key[ZT_SYMMETRIC_KEY_SIZE], const char label, const char context, const uint32_t iter,
uint8_t out[ZT_SYMMETRIC_KEY_SIZE])
{
uint8_t kbkdfMsg[13];

4
core/SHA512.hpp
View file

@ -81,7 +81,9 @@ void HMACSHA384(const uint8_t key[ZT_SYMMETRIC_KEY_SIZE], const void* msg, unsig
* @param iter Key iteration for generation of multiple keys for the same label/context
* @param out Output to receive derived key
*/
void KBKDFHMACSHA384(const uint8_t key[ZT_SYMMETRIC_KEY_SIZE], char label, char context, uint32_t iter, uint8_t out[ZT_SYMMETRIC_KEY_SIZE]);
void KBKDFHMACSHA384(
const uint8_t key[ZT_SYMMETRIC_KEY_SIZE], char label, char context, uint32_t iter,
uint8_t out[ZT_SYMMETRIC_KEY_SIZE]);
} // namespace ZeroTier

33
core/Salsa20.cpp
View file

@ -19,7 +19,8 @@
#if __BYTE_ORDER == __LITTLE_ENDIAN
#ifdef ZT_NO_UNALIGNED_ACCESS
// Slower version that does not use type punning
#define U8TO32_LITTLE(p) (((uint32_t)(p)[0]) | ((uint32_t)(p)[1] << 8) | ((uint32_t)(p)[2] << 16) | ((uint32_t)(p)[3] << 24))
#define U8TO32_LITTLE(p) \
(((uint32_t)(p)[0]) | ((uint32_t)(p)[1] << 8) | ((uint32_t)(p)[2] << 16) | ((uint32_t)(p)[3] << 24))
static ZT_INLINE void U32TO8_LITTLE(uint8_t *const c, const uint32_t v)
{
c[0] = (uint8_t)v;
@ -39,7 +40,8 @@ static ZT_INLINE void U32TO8_LITTLE(uint8_t* const c, const uint32_t v)
#define U32TO8_LITTLE(c, v) *((uint32_t *)((void *)(c))) = __builtin_bswap32((v))
#else // no __GNUC__
// Otherwise do it the slow, manual way on BE machines
#define U8TO32_LITTLE(p) (((uint32_t)(p)[0]) | ((uint32_t)(p)[1] << 8) | ((uint32_t)(p)[2] << 16) | ((uint32_t)(p)[3] << 24))
#define U8TO32_LITTLE(p) \
(((uint32_t)(p)[0]) | ((uint32_t)(p)[1] << 8) | ((uint32_t)(p)[2] << 16) | ((uint32_t)(p)[3] << 24))
static ZT_INLINE void U32TO8_LITTLE(uint8_t *const c, const uint32_t v)
{
c[0] = (uint8_t)v;
@ -115,7 +117,8 @@ union p_SalsaState {
uint32_t i[16];
};
template <unsigned int R> static ZT_INLINE void p_salsaCrypt(p_SalsaState* const state, const uint8_t* m, uint8_t* c, unsigned int bytes) noexcept
template <unsigned int R>
static ZT_INLINE void p_salsaCrypt(p_SalsaState *const state, const uint8_t *m, uint8_t *c, unsigned int bytes) noexcept
{
if (unlikely(bytes == 0))
return;
@ -205,10 +208,18 @@ template <unsigned int R> static ZT_INLINE void p_salsaCrypt(p_SalsaState* const
k02 = _mm_shuffle_epi32(k02, _MM_SHUFFLE(0, 1, 2, 3));
k13 = _mm_shuffle_epi32(k13, _MM_SHUFFLE(0, 1, 2, 3));
_mm_storeu_si128(reinterpret_cast<__m128i*>(c), _mm_xor_si128(_mm_unpackhi_epi64(k02, k20), _mm_loadu_si128(reinterpret_cast<const __m128i*>(m))));
_mm_storeu_si128(reinterpret_cast<__m128i*>(c) + 1, _mm_xor_si128(_mm_unpackhi_epi64(k13, k31), _mm_loadu_si128(reinterpret_cast<const __m128i*>(m) + 1)));
_mm_storeu_si128(reinterpret_cast<__m128i*>(c) + 2, _mm_xor_si128(_mm_unpacklo_epi64(k20, k02), _mm_loadu_si128(reinterpret_cast<const __m128i*>(m) + 2)));
_mm_storeu_si128(reinterpret_cast<__m128i*>(c) + 3, _mm_xor_si128(_mm_unpacklo_epi64(k31, k13), _mm_loadu_si128(reinterpret_cast<const __m128i*>(m) + 3)));
_mm_storeu_si128(
reinterpret_cast<__m128i *>(c),
_mm_xor_si128(_mm_unpackhi_epi64(k02, k20), _mm_loadu_si128(reinterpret_cast<const __m128i *>(m))));
_mm_storeu_si128(
reinterpret_cast<__m128i *>(c) + 1,
_mm_xor_si128(_mm_unpackhi_epi64(k13, k31), _mm_loadu_si128(reinterpret_cast<const __m128i *>(m) + 1)));
_mm_storeu_si128(
reinterpret_cast<__m128i *>(c) + 2,
_mm_xor_si128(_mm_unpacklo_epi64(k20, k02), _mm_loadu_si128(reinterpret_cast<const __m128i *>(m) + 2)));
_mm_storeu_si128(
reinterpret_cast<__m128i *>(c) + 3,
_mm_xor_si128(_mm_unpacklo_epi64(k31, k13), _mm_loadu_si128(reinterpret_cast<const __m128i *>(m) + 3)));
X0 = X0s;
X1 = X1s;
@ -329,12 +340,16 @@ template <unsigned int R> static ZT_INLINE void p_salsaCrypt(p_SalsaState* const
void Salsa20::crypt12(const void *in, void *out, unsigned int bytes) noexcept
{
p_salsaCrypt<12>(reinterpret_cast<p_SalsaState*>(&_state), reinterpret_cast<const uint8_t*>(in), reinterpret_cast<uint8_t*>(out), bytes);
p_salsaCrypt<12>(
reinterpret_cast<p_SalsaState *>(&_state), reinterpret_cast<const uint8_t *>(in),
reinterpret_cast<uint8_t *>(out), bytes);
}
void Salsa20::crypt20(const void *in, void *out, unsigned int bytes) noexcept
{
p_salsaCrypt<20>(reinterpret_cast<p_SalsaState*>(&_state), reinterpret_cast<const uint8_t*>(in), reinterpret_cast<uint8_t*>(out), bytes);
p_salsaCrypt<20>(
reinterpret_cast<p_SalsaState *>(&_state), reinterpret_cast<const uint8_t *>(in),
reinterpret_cast<uint8_t *>(out), bytes);
}
} // namespace ZeroTier

24
core/Salsa20.hpp
View file

@ -39,35 +39,21 @@ class Salsa20 : public TriviallyCopyable {
public:
#ifdef ZT_SALSA20_SSE
static constexpr bool accelerated() noexcept
{
return true;
}
static constexpr bool accelerated() noexcept { return true; }
#else
static constexpr bool accelerated() noexcept
{
return false;
}
static constexpr bool accelerated() noexcept { return false; }
#endif
ZT_INLINE Salsa20() noexcept
{
}
ZT_INLINE Salsa20() noexcept {}
ZT_INLINE ~Salsa20() noexcept
{
Utils::burn(&_state, sizeof(_state));
}
ZT_INLINE ~Salsa20() noexcept { Utils::burn(&_state, sizeof(_state)); }
/**
* @param key 256-bit (32 byte) key
* @param iv 64-bit initialization vector
*/
ZT_INLINE Salsa20(const void* key, const void* iv) noexcept
{
init(key, iv);
}
ZT_INLINE Salsa20(const void *key, const void *iv) noexcept { init(key, iv); }
/**
* Initialize cipher

67
core/ScopedPtr.hpp
View file

@ -26,29 +26,15 @@ namespace ZeroTier {
*/
template <typename T> class ScopedPtr : public TriviallyCopyable {
public:
explicit ZT_INLINE ScopedPtr(T* const p) noexcept : m_ptr(p)
{
}
explicit ZT_INLINE ScopedPtr(T *const p) noexcept : m_ptr(p) {}
ZT_INLINE ~ScopedPtr()
{
delete m_ptr;
}
ZT_INLINE ~ScopedPtr() { delete m_ptr; }
ZT_INLINE T* operator->() const noexcept
{
return m_ptr;
}
ZT_INLINE T *operator->() const noexcept { return m_ptr; }
ZT_INLINE T& operator*() const noexcept
{
return *m_ptr;
}
ZT_INLINE T &operator*() const noexcept { return *m_ptr; }
ZT_INLINE T* ptr() const noexcept
{
return m_ptr;
}
ZT_INLINE T *ptr() const noexcept { return m_ptr; }
ZT_INLINE void swap(const ScopedPtr &p) noexcept
{
@ -57,44 +43,22 @@ template <typename T> class ScopedPtr : public TriviallyCopyable {
p.m_ptr = tmp;
}
explicit ZT_INLINE operator bool() const noexcept
{
return (m_ptr != (T*)0);
}
explicit ZT_INLINE operator bool() const noexcept { return (m_ptr != (T *)0); }
ZT_INLINE bool operator==(const ScopedPtr& p) const noexcept
{
return (m_ptr == p.m_ptr);
}
ZT_INLINE bool operator==(const ScopedPtr &p) const noexcept { return (m_ptr == p.m_ptr); }
ZT_INLINE bool operator!=(const ScopedPtr& p) const noexcept
{
return (m_ptr != p.m_ptr);
}
ZT_INLINE bool operator!=(const ScopedPtr &p) const noexcept { return (m_ptr != p.m_ptr); }
ZT_INLINE bool operator==(T* const p) const noexcept
{
return (m_ptr == p);
}
ZT_INLINE bool operator==(T *const p) const noexcept { return (m_ptr == p); }
ZT_INLINE bool operator!=(T* const p) const noexcept
{
return (m_ptr != p);
}
ZT_INLINE bool operator!=(T *const p) const noexcept { return (m_ptr != p); }
private:
ZT_INLINE ScopedPtr() noexcept
{
}
ZT_INLINE ScopedPtr() noexcept {}
ZT_INLINE ScopedPtr(const ScopedPtr& p) noexcept : m_ptr(nullptr)
{
}
ZT_INLINE ScopedPtr(const ScopedPtr &p) noexcept : m_ptr(nullptr) {}
ZT_INLINE ScopedPtr& operator=(const ScopedPtr& p) noexcept
{
return *this;
}
ZT_INLINE ScopedPtr &operator=(const ScopedPtr &p) noexcept { return *this; }
T *const m_ptr;
};
@ -102,10 +66,7 @@ template <typename T> class ScopedPtr : public TriviallyCopyable {
} // namespace ZeroTier
namespace std {
template <typename T> ZT_INLINE void swap(ZeroTier::ScopedPtr<T>& a, ZeroTier::ScopedPtr<T>& b) noexcept
{
a.swap(b);
}
template <typename T> ZT_INLINE void swap(ZeroTier::ScopedPtr<T> &a, ZeroTier::ScopedPtr<T> &b) noexcept { a.swap(b); }
} // namespace std
#endif

20
core/SelfAwareness.cpp
View file

@ -25,21 +25,24 @@
namespace ZeroTier {
SelfAwareness::SelfAwareness(const Context& ctx) : m_ctx(ctx)
{
}
SelfAwareness::SelfAwareness(const Context &ctx) : m_ctx(ctx) {}
void SelfAwareness::iam(const CallContext& cc, const Identity& reporter, const int64_t receivedOnLocalSocket, const InetAddress& reporterPhysicalAddress, const InetAddress& myPhysicalAddress, bool trusted)
void SelfAwareness::iam(
const CallContext &cc, const Identity &reporter, const int64_t receivedOnLocalSocket,
const InetAddress &reporterPhysicalAddress, const InetAddress &myPhysicalAddress, bool trusted)
{
const InetAddress::IpScope scope = myPhysicalAddress.ipScope();
if ((scope != reporterPhysicalAddress.ipScope()) || (scope == ZT_IP_SCOPE_NONE) || (scope == ZT_IP_SCOPE_LOOPBACK) || (scope == ZT_IP_SCOPE_MULTICAST))
if ((scope != reporterPhysicalAddress.ipScope()) || (scope == ZT_IP_SCOPE_NONE) || (scope == ZT_IP_SCOPE_LOOPBACK)
|| (scope == ZT_IP_SCOPE_MULTICAST))
return;
Mutex::Lock l(m_phy_l);
p_PhySurfaceEntry& entry = m_phy[p_PhySurfaceKey(reporter.address(), receivedOnLocalSocket, reporterPhysicalAddress, scope)];
p_PhySurfaceEntry &entry =
m_phy[p_PhySurfaceKey(reporter.address(), receivedOnLocalSocket, reporterPhysicalAddress, scope)];
if ((trusted) && ((cc.ticks - entry.timestampTicks) < ZT_SELFAWARENESS_ENTRY_TIMEOUT) && (! entry.mySurface.ipsEqual(myPhysicalAddress))) {
if ((trusted) && ((cc.ticks - entry.timestampTicks) < ZT_SELFAWARENESS_ENTRY_TIMEOUT)
&& (!entry.mySurface.ipsEqual(myPhysicalAddress))) {
// Changes to external surface reported by trusted peers causes path reset in this scope
entry.mySurface = myPhysicalAddress;
entry.timestampTicks = cc.ticks;
@ -61,7 +64,8 @@ void SelfAwareness::iam(const CallContext& cc, const Identity& reporter, const i
for (Vector<SharedPtr<Peer>>::const_iterator p(peers.begin()); p != peers.end(); ++p)
(*p)->resetWithinScope(m_ctx, cc, (InetAddress::IpScope)scope, myPhysicalAddress.as.sa.sa_family);
m_ctx.t->resettingPathsInScope(cc, 0x9afff100, reporter, reporterPhysicalAddress, entry.mySurface, myPhysicalAddress, scope);
m_ctx.t->resettingPathsInScope(
cc, 0x9afff100, reporter, reporterPhysicalAddress, entry.mySurface, myPhysicalAddress, scope);
}
else {
// Otherwise just update DB to use to determine external surface info

24
core/SelfAwareness.hpp
View file

@ -44,7 +44,9 @@ class SelfAwareness {
* @param myPhysicalAddress Physical address that peer says we have
* @param trusted True if this peer is trusted as an authority to inform us of external address changes
*/
void iam(const CallContext& cc, const Identity& reporter, int64_t receivedOnLocalSocket, const InetAddress& reporterPhysicalAddress, const InetAddress& myPhysicalAddress, bool trusted);
void
iam(const CallContext &cc, const Identity &reporter, int64_t receivedOnLocalSocket,
const InetAddress &reporterPhysicalAddress, const InetAddress &myPhysicalAddress, bool trusted);
/**
* Clean up database periodically
@ -65,9 +67,7 @@ class SelfAwareness {
InetAddress reporterPhysicalAddress;
InetAddress::IpScope scope;
ZT_INLINE p_PhySurfaceKey() noexcept
{
}
ZT_INLINE p_PhySurfaceKey() noexcept {}
ZT_INLINE
p_PhySurfaceKey(const Address &r, const int64_t rol, const InetAddress &ra, InetAddress::IpScope s) noexcept
@ -85,13 +85,12 @@ class SelfAwareness {
ZT_INLINE bool operator==(const p_PhySurfaceKey &k) const noexcept
{
return ((reporter == k.reporter) && (receivedOnLocalSocket == k.receivedOnLocalSocket) && (reporterPhysicalAddress == k.reporterPhysicalAddress) && (scope == k.scope));
return (
(reporter == k.reporter) && (receivedOnLocalSocket == k.receivedOnLocalSocket)
&& (reporterPhysicalAddress == k.reporterPhysicalAddress) && (scope == k.scope));
}
ZT_INLINE bool operator!=(const p_PhySurfaceKey& k) const noexcept
{
return (! (*this == k));
}
ZT_INLINE bool operator!=(const p_PhySurfaceKey &k) const noexcept { return (!(*this == k)); }
ZT_INLINE bool operator<(const p_PhySurfaceKey &k) const noexcept
{
@ -120,12 +119,7 @@ class SelfAwareness {
int64_t timestampTicks;
bool trusted;
ZT_INLINE p_PhySurfaceEntry() noexcept
: mySurface()
, timestampTicks(0)
, trusted(false)
{
}
ZT_INLINE p_PhySurfaceEntry() noexcept : mySurface(), timestampTicks(0), trusted(false) {}
ZT_INLINE p_PhySurfaceEntry(const InetAddress &a, const int64_t t) noexcept
: mySurface(a)

46
core/SharedPtr.hpp
View file

@ -27,9 +27,7 @@ namespace ZeroTier {
*/
template <typename T> class SharedPtr : public TriviallyCopyable {
public:
ZT_INLINE SharedPtr() noexcept : m_ptr(nullptr)
{
}
ZT_INLINE SharedPtr() noexcept : m_ptr(nullptr) {}
explicit ZT_INLINE SharedPtr(T *obj) noexcept : m_ptr(obj)
{
@ -37,14 +35,9 @@ template <typename T> class SharedPtr : public TriviallyCopyable {
const_cast<std::atomic<int> *>(&(obj->__refCount))->fetch_add(1, std::memory_order_acquire);
}
ZT_INLINE SharedPtr(const SharedPtr& sp) noexcept : m_ptr(sp.m_acquire())
{
}
ZT_INLINE SharedPtr(const SharedPtr &sp) noexcept : m_ptr(sp.m_acquire()) {}
ZT_INLINE ~SharedPtr()
{
m_release();
}
ZT_INLINE ~SharedPtr() { m_release(); }
ZT_INLINE SharedPtr &operator=(const SharedPtr &sp)
{
@ -94,28 +87,16 @@ template <typename T> class SharedPtr : public TriviallyCopyable {
from.m_ptr = nullptr;
}
ZT_INLINE operator bool() const noexcept
{
return (m_ptr != nullptr);
}
ZT_INLINE operator bool() const noexcept { return (m_ptr != nullptr); }
ZT_INLINE T& operator*() const noexcept
{
return *m_ptr;
}
ZT_INLINE T &operator*() const noexcept { return *m_ptr; }
ZT_INLINE T* operator->() const noexcept
{
return m_ptr;
}
ZT_INLINE T *operator->() const noexcept { return m_ptr; }
/**
* @return Raw pointer to held object
*/
ZT_INLINE T* ptr() const noexcept
{
return m_ptr;
}
ZT_INLINE T *ptr() const noexcept { return m_ptr; }
/**
* Set this pointer to NULL
@ -159,15 +140,9 @@ template <typename T> class SharedPtr : public TriviallyCopyable {
return (unsigned long)((uintptr_t)m_ptr + (uintptr_t)Utils::hash32((uint32_t)m_ptr));
}
ZT_INLINE bool operator==(const SharedPtr& sp) const noexcept
{
return (m_ptr == sp.m_ptr);
}
ZT_INLINE bool operator==(const SharedPtr &sp) const noexcept { return (m_ptr == sp.m_ptr); }
ZT_INLINE bool operator!=(const SharedPtr& sp) const noexcept
{
return (m_ptr != sp.m_ptr);
}
ZT_INLINE bool operator!=(const SharedPtr &sp) const noexcept { return (m_ptr != sp.m_ptr); }
ZT_INLINE bool operator>(const SharedPtr &sp) const noexcept
{
@ -200,7 +175,8 @@ template <typename T> class SharedPtr : public TriviallyCopyable {
ZT_INLINE void m_release() const noexcept
{
if (likely(m_ptr != nullptr)) {
if (unlikely(const_cast<std::atomic<int>*>(&(m_ptr->__refCount))->fetch_sub(1, std::memory_order_release) <= 1))
if (unlikely(
const_cast<std::atomic<int> *>(&(m_ptr->__refCount))->fetch_sub(1, std::memory_order_release) <= 1))
delete m_ptr;
}
}

18
core/Spinlock.hpp
View file

@ -49,9 +49,7 @@ class Spinlock {
#endif
}
ZT_INLINE Spinlock() noexcept : m_locked(false)
{
}
ZT_INLINE Spinlock() noexcept : m_locked(false) {}
ZT_INLINE void lock() noexcept
{
@ -62,19 +60,11 @@ class Spinlock {
}
}
ZT_INLINE void unlock() noexcept
{
m_locked.clear(std::memory_order_release);
}
ZT_INLINE void unlock() noexcept { m_locked.clear(std::memory_order_release); }
private:
ZT_INLINE Spinlock(const Spinlock&) noexcept
{
}
ZT_INLINE const Spinlock& operator=(const Spinlock&) noexcept
{
return *this;
}
ZT_INLINE Spinlock(const Spinlock &) noexcept {}
ZT_INLINE const Spinlock &operator=(const Spinlock &) noexcept { return *this; }
std::atomic_flag m_locked;
};

23
core/Store.hpp
View file

@ -26,9 +26,7 @@ namespace ZeroTier {
*/
class Store {
public:
ZT_INLINE Store(const Context& ctx) : m_ctx(ctx)
{
}
ZT_INLINE Store(const Context &ctx) : m_ctx(ctx) {}
/**
* Get a state object
@ -38,12 +36,14 @@ class Store {
* @param idSize Size of object ID in qwords
* @return Data or empty vector if not found
*/
ZT_INLINE Vector<uint8_t> get(const CallContext& cc, ZT_StateObjectType type, const uint64_t* const id, unsigned int idSize) const
ZT_INLINE Vector<uint8_t>
get(const CallContext &cc, ZT_StateObjectType type, const uint64_t *const id, unsigned int idSize) const
{
Vector<uint8_t> dv;
void *data = nullptr;
void (*freeFunc)(void *) = nullptr;
const int r = m_ctx.cb.stateGetFunction(reinterpret_cast<ZT_Node*>(m_ctx.node), m_ctx.uPtr, cc.tPtr, type, id, idSize, &data, &freeFunc);
const int r = m_ctx.cb.stateGetFunction(
reinterpret_cast<ZT_Node *>(m_ctx.node), m_ctx.uPtr, cc.tPtr, type, id, idSize, &data, &freeFunc);
if (r > 0)
dv.assign(reinterpret_cast<const uint8_t *>(data), reinterpret_cast<const uint8_t *>(data) + r);
if ((data) && (freeFunc))
@ -60,9 +60,12 @@ class Store {
* @param data Data to store
* @param len Length of data
*/
ZT_INLINE void put(const CallContext& cc, ZT_StateObjectType type, const uint64_t* const id, const unsigned int idSize, const void* const data, const unsigned int len) noexcept
ZT_INLINE void
put(const CallContext &cc, ZT_StateObjectType type, const uint64_t *const id, const unsigned int idSize,
const void *const data, const unsigned int len) noexcept
{
m_ctx.cb.statePutFunction(reinterpret_cast<ZT_Node*>(this), m_ctx.uPtr, cc.tPtr, type, id, idSize, data, (int)len);
m_ctx.cb.statePutFunction(
reinterpret_cast<ZT_Node *>(this), m_ctx.uPtr, cc.tPtr, type, id, idSize, data, (int)len);
}
/**
@ -72,9 +75,11 @@ class Store {
* @param id Object ID
* @param idSize Size of object ID in qwords
*/
ZT_INLINE void erase(const CallContext& cc, ZT_StateObjectType type, const uint64_t* const id, const unsigned int idSize) noexcept
ZT_INLINE void
erase(const CallContext &cc, ZT_StateObjectType type, const uint64_t *const id, const unsigned int idSize) noexcept
{
m_ctx.cb.statePutFunction(reinterpret_cast<ZT_Node*>(this), m_ctx.uPtr, cc.tPtr, type, id, idSize, nullptr, -1);
m_ctx.cb.statePutFunction(
reinterpret_cast<ZT_Node *>(this), m_ctx.uPtr, cc.tPtr, type, id, idSize, nullptr, -1);
}
private:

29
core/SymmetricKey.hpp
View file

@ -29,9 +29,7 @@ class SymmetricKey {
/**
* Construct an uninitialized key (init() must be called)
*/
ZT_INLINE SymmetricKey() : m_secret(), m_ts(-1), m_initialNonce(0), m_cipher(), m_nonce(0)
{
}
ZT_INLINE SymmetricKey() : m_secret(), m_ts(-1), m_initialNonce(0), m_cipher(), m_nonce(0) {}
/**
* Construct a new symmetric key
@ -60,10 +58,7 @@ class SymmetricKey {
{
}
ZT_INLINE ~SymmetricKey() noexcept
{
Utils::burn(m_secret.data, ZT_SYMMETRIC_KEY_SIZE);
}
ZT_INLINE ~SymmetricKey() noexcept { Utils::burn(m_secret.data, ZT_SYMMETRIC_KEY_SIZE); }
ZT_INLINE SymmetricKey &operator=(const SymmetricKey &k) noexcept
{
@ -110,34 +105,22 @@ class SymmetricKey {
*
* @return Number of times nextMessage() has been called since object creation
*/
ZT_INLINE uint64_t odometer() const noexcept
{
return m_nonce.load(std::memory_order_relaxed) - m_initialNonce;
}
ZT_INLINE uint64_t odometer() const noexcept { return m_nonce.load(std::memory_order_relaxed) - m_initialNonce; }
/**
* @return Key creation timestamp or -1 if this is a long-lived key
*/
ZT_INLINE int64_t timestamp() const noexcept
{
return m_ts;
}
ZT_INLINE int64_t timestamp() const noexcept { return m_ts; }
/**
* @return 48-byte / 384-bit secret key
*/
ZT_INLINE const uint8_t* key() const noexcept
{
return m_secret.data;
}
ZT_INLINE const uint8_t *key() const noexcept { return m_secret.data; }
/**
* @return AES cipher (already initialized with secret key)
*/
ZT_INLINE const AES& aes() const noexcept
{
return m_cipher;
}
ZT_INLINE const AES &aes() const noexcept { return m_cipher; }
private:
Blob<ZT_SYMMETRIC_KEY_SIZE> m_secret;

94
core/TagCredential.hpp
View file

@ -47,15 +47,9 @@ class TagCredential : public Credential {
friend class Credential;
public:
static constexpr ZT_CredentialType credentialType() noexcept
{
return ZT_CREDENTIAL_TYPE_TAG;
}
static constexpr ZT_CredentialType credentialType() noexcept { return ZT_CREDENTIAL_TYPE_TAG; }
ZT_INLINE TagCredential() noexcept
{
memoryZero(this);
}
ZT_INLINE TagCredential() noexcept { memoryZero(this); }
/**
* @param nwid Network ID
@ -64,7 +58,9 @@ class TagCredential : public Credential {
* @param id Tag ID
* @param value Tag value
*/
ZT_INLINE TagCredential(const uint64_t nwid, const int64_t ts, const Address& issuedTo, const uint32_t id, const uint32_t value) noexcept
ZT_INLINE TagCredential(
const uint64_t nwid, const int64_t ts, const Address &issuedTo, const uint32_t id,
const uint32_t value) noexcept
: m_id(id)
, m_value(value)
, m_networkId(nwid)
@ -75,50 +71,23 @@ class TagCredential : public Credential {
{
}
ZT_INLINE uint32_t id() const noexcept
{
return m_id;
}
ZT_INLINE uint32_t id() const noexcept { return m_id; }
ZT_INLINE const uint32_t& value() const noexcept
{
return m_value;
}
ZT_INLINE const uint32_t &value() const noexcept { return m_value; }
ZT_INLINE uint64_t networkId() const noexcept
{
return m_networkId;
}
ZT_INLINE uint64_t networkId() const noexcept { return m_networkId; }
ZT_INLINE int64_t timestamp() const noexcept
{
return m_ts;
}
ZT_INLINE int64_t timestamp() const noexcept { return m_ts; }
ZT_INLINE int64_t revision() const noexcept
{
return m_ts;
}
ZT_INLINE int64_t revision() const noexcept { return m_ts; }
ZT_INLINE const Address& issuedTo() const noexcept
{
return m_issuedTo;
}
ZT_INLINE const Address &issuedTo() const noexcept { return m_issuedTo; }
ZT_INLINE const Address& signer() const noexcept
{
return m_signedBy;
}
ZT_INLINE const Address &signer() const noexcept { return m_signedBy; }
ZT_INLINE const uint8_t* signature() const noexcept
{
return m_signature;
}
ZT_INLINE const uint8_t *signature() const noexcept { return m_signature; }
ZT_INLINE unsigned int signatureLength() const noexcept
{
return m_signatureLength;
}
ZT_INLINE unsigned int signatureLength() const noexcept { return m_signatureLength; }
/**
* Sign this tag
@ -139,20 +108,14 @@ class TagCredential : public Credential {
return s_verify(ctx, cc, *this);
}
static constexpr int marshalSizeMax() noexcept
{
return ZT_TAG_MARSHAL_SIZE_MAX;
}
static constexpr int marshalSizeMax() noexcept { return ZT_TAG_MARSHAL_SIZE_MAX; }
int marshal(uint8_t data[ZT_TAG_MARSHAL_SIZE_MAX], bool forSign = false) const noexcept;
int unmarshal(const uint8_t *data, int len) noexcept;
// Provides natural sort order by ID
ZT_INLINE bool operator<(const TagCredential& t) const noexcept
{
return (m_id < t.m_id);
}
ZT_INLINE bool operator<(const TagCredential &t) const noexcept { return (m_id < t.m_id); }
ZT_INLINE bool operator==(const TagCredential &t) const noexcept
{
@ -171,15 +134,9 @@ class TagCredential : public Credential {
return (a.id() < b.id());
}
ZT_INLINE bool operator()(const uint32_t a, const TagCredential& b) const noexcept
{
return (a < b.id());
}
ZT_INLINE bool operator()(const uint32_t a, const TagCredential &b) const noexcept { return (a < b.id()); }
ZT_INLINE bool operator()(const TagCredential& a, const uint32_t b) const noexcept
{
return (a.id() < b);
}
ZT_INLINE bool operator()(const TagCredential &a, const uint32_t b) const noexcept { return (a.id() < b); }
ZT_INLINE bool operator()(const TagCredential *a, const TagCredential *b) const noexcept
{
@ -196,20 +153,11 @@ class TagCredential : public Credential {
return (a.id() < b->id());
}
ZT_INLINE bool operator()(const uint32_t a, const TagCredential* b) const noexcept
{
return (a < b->id());
}
ZT_INLINE bool operator()(const uint32_t a, const TagCredential *b) const noexcept { return (a < b->id()); }
ZT_INLINE bool operator()(const TagCredential* a, const uint32_t b) const noexcept
{
return (a->id() < b);
}
ZT_INLINE bool operator()(const TagCredential *a, const uint32_t b) const noexcept { return (a->id() < b); }
ZT_INLINE bool operator()(const uint32_t a, const uint32_t b) const noexcept
{
return (a < b);
}
ZT_INLINE bool operator()(const uint32_t a, const uint32_t b) const noexcept { return (a < b); }
};
private:

3
core/Tests.cpp
View file

@ -2378,7 +2378,8 @@ extern "C" const char *ZTT_crypto()
ZT_CERTIFICATE_PUBLIC_KEY_ALGORITHM_ECDSA_NIST_P_384, cert->publicKey, (int *)&cert->publicKeySize,
certPrivateKey, &certPrivateKeySize);
auto csr = Certificate::createCSR(cert->subject, certPrivateKey, certPrivateKeySize, uniqueIdPrivate, uniqueIdPrivateKeySize);
auto csr = Certificate::createCSR(
cert->subject, certPrivateKey, certPrivateKeySize, uniqueIdPrivate, uniqueIdPrivateKeySize);
if (csr.empty()) {
ZT_T_PRINTF("FAILED (create CSR failed)" ZT_EOL_S);
return "Create CSR";

18
core/TinyMap.hpp
View file

@ -41,14 +41,9 @@ template <typename V> class TinyMap {
typedef Vector<std::pair<uint64_t, V>> EV;
public:
ZT_INLINE TinyMap()
{
}
ZT_INLINE TinyMap() {}
ZT_INLINE ~TinyMap()
{
this->clear();
}
ZT_INLINE ~TinyMap() { this->clear(); }
ZT_INLINE void clear()
{
@ -76,7 +71,8 @@ template <typename V> class TinyMap {
const uintptr_t vptr = bucket.exchange(ZT_TINYMAP_LOCKED_POINTER, std::memory_order_acquire);
if (likely(vptr != ZT_TINYMAP_LOCKED_POINTER)) {
if (likely(vptr != 0)) {
for (typename EV::const_iterator n(reinterpret_cast<const EV*>(vptr)->begin()); n != reinterpret_cast<const EV*>(vptr)->end(); ++n) {
for (typename EV::const_iterator n(reinterpret_cast<const EV *>(vptr)->begin());
n != reinterpret_cast<const EV *>(vptr)->end(); ++n) {
if (likely(n->first == key)) {
tmp = n->second;
break;
@ -102,7 +98,8 @@ template <typename V> class TinyMap {
vptr = reinterpret_cast<uintptr_t>(new EV());
}
else {
for (typename EV::iterator n(reinterpret_cast<EV*>(vptr)->begin()); n != reinterpret_cast<EV*>(vptr)->end(); ++n) {
for (typename EV::iterator n(reinterpret_cast<EV *>(vptr)->begin());
n != reinterpret_cast<EV *>(vptr)->end(); ++n) {
if (n->first == key) {
n->second = value;
bucket.store(vptr, std::memory_order_release);
@ -127,7 +124,8 @@ template <typename V> class TinyMap {
uintptr_t vptr = bucket.exchange(ZT_TINYMAP_LOCKED_POINTER, std::memory_order_acquire);
if (likely(vptr != ZT_TINYMAP_LOCKED_POINTER)) {
if (likely(vptr != 0)) {
for (typename EV::iterator n(reinterpret_cast<EV*>(vptr)->begin()); n != reinterpret_cast<EV*>(vptr)->end(); ++n) {
for (typename EV::iterator n(reinterpret_cast<EV *>(vptr)->begin());
n != reinterpret_cast<EV *>(vptr)->end(); ++n) {
if (n->first == key) {
reinterpret_cast<EV *>(vptr)->erase(n);
break;

8
core/Topology.cpp
View file

@ -19,9 +19,7 @@
namespace ZeroTier {
Topology::Topology(const Context& ctx, const CallContext& cc) : m_ctx(ctx)
{
}
Topology::Topology(const Context &ctx, const CallContext &cc) : m_ctx(ctx) {}
SharedPtr<Peer> Topology::add(const CallContext &cc, const SharedPtr<Peer> &peer)
{
@ -74,7 +72,9 @@ void Topology::doPeriodicTasks(const CallContext& cc)
for (Map<Address, SharedPtr<Peer>>::iterator i(m_peers.begin()); i != m_peers.end(); ++i) {
// TODO: also delete if the peer has not exchanged meaningful communication in a while, such as a
// network frame or non-trivial control packet.
if (((cc.ticks - i->second->lastReceive()) > ZT_PEER_ALIVE_TIMEOUT) && (! std::binary_search(rootLookup.begin(), rootLookup.end(), reinterpret_cast<uintptr_t>(i->second.ptr()))))
if (((cc.ticks - i->second->lastReceive()) > ZT_PEER_ALIVE_TIMEOUT)
&& (!std::binary_search(
rootLookup.begin(), rootLookup.end(), reinterpret_cast<uintptr_t>(i->second.ptr()))))
toDelete.push_back(i->first);
}
}

80
core/Trace.cpp
View file

@ -23,9 +23,7 @@
namespace ZeroTier {
Trace::Trace(const Context& ctx) : m_ctx(ctx), m_traceFlags(0)
{
}
Trace::Trace(const Context &ctx) : m_ctx(ctx), m_traceFlags(0) {}
void Trace::unexpectedError(const CallContext &cc, uint32_t codeLocation, const char *message, ...)
{
@ -37,7 +35,9 @@ void Trace::unexpectedError(const CallContext& cc, uint32_t codeLocation, const
m_ctx.node->postEvent(cc.tPtr, ZT_EVENT_TRACE, buf.data());
}
void Trace::m_resettingPathsInScope(void* tPtr, uint32_t codeLocation, const Identity& reporter, const InetAddress& from, const InetAddress& oldExternal, const InetAddress& newExternal, ZT_InetAddress_IpScope scope)
void Trace::m_resettingPathsInScope(
void *tPtr, uint32_t codeLocation, const Identity &reporter, const InetAddress &from,
const InetAddress &oldExternal, const InetAddress &newExternal, ZT_InetAddress_IpScope scope)
{
FCV<uint8_t, 4096> buf;
Dictionary::append(buf, ZT_TRACE_FIELD_TYPE, ZT_TRACE_VL1_RESETTING_PATHS_IN_SCOPE);
@ -56,13 +56,8 @@ void Trace::m_resettingPathsInScope(void* tPtr, uint32_t codeLocation, const Ide
}
void Trace::m_tryingNewPath(
void* tPtr,
uint32_t codeLocation,
const Identity& trying,
const InetAddress& physicalAddress,
const InetAddress& triggerAddress,
uint64_t triggeringPacketId,
uint8_t triggeringPacketVerb,
void *tPtr, uint32_t codeLocation, const Identity &trying, const InetAddress &physicalAddress,
const InetAddress &triggerAddress, uint64_t triggeringPacketId, uint8_t triggeringPacketVerb,
const Identity &triggeringPeer)
{
if ((trying) && (physicalAddress)) {
@ -82,7 +77,9 @@ void Trace::m_tryingNewPath(
}
}
void Trace::m_learnedNewPath(void* tPtr, uint32_t codeLocation, uint64_t packetId, const Identity& peerIdentity, const InetAddress& physicalAddress, const InetAddress& replaced)
void Trace::m_learnedNewPath(
void *tPtr, uint32_t codeLocation, uint64_t packetId, const Identity &peerIdentity,
const InetAddress &physicalAddress, const InetAddress &replaced)
{
if (peerIdentity) {
FCV<uint8_t, 4096> buf;
@ -99,7 +96,9 @@ void Trace::m_learnedNewPath(void* tPtr, uint32_t codeLocation, uint64_t packetI
}
}
void Trace::m_incomingPacketDropped(void* tPtr, uint32_t codeLocation, uint64_t packetId, uint64_t networkId, const Identity& peerIdentity, const InetAddress& physicalAddress, uint8_t hops, uint8_t verb, ZT_TracePacketDropReason reason)
void Trace::m_incomingPacketDropped(
void *tPtr, uint32_t codeLocation, uint64_t packetId, uint64_t networkId, const Identity &peerIdentity,
const InetAddress &physicalAddress, uint8_t hops, uint8_t verb, ZT_TracePacketDropReason reason)
{
FCV<uint8_t, 4096> buf;
Dictionary::append(buf, ZT_TRACE_FIELD_TYPE, ZT_TRACE_VL1_INCOMING_PACKET_DROPPED);
@ -117,7 +116,9 @@ void Trace::m_incomingPacketDropped(void* tPtr, uint32_t codeLocation, uint64_t
m_ctx.node->postEvent(tPtr, ZT_EVENT_TRACE, buf.data());
}
void Trace::m_outgoingNetworkFrameDropped(void* tPtr, uint32_t codeLocation, uint64_t networkId, const MAC& sourceMac, const MAC& destMac, uint16_t etherType, uint16_t frameLength, const uint8_t* frameData, ZT_TraceFrameDropReason reason)
void Trace::m_outgoingNetworkFrameDropped(
void *tPtr, uint32_t codeLocation, uint64_t networkId, const MAC &sourceMac, const MAC &destMac, uint16_t etherType,
uint16_t frameLength, const uint8_t *frameData, ZT_TraceFrameDropReason reason)
{
FCV<uint8_t, 4096> buf;
Dictionary::append(buf, ZT_TRACE_FIELD_TYPE, ZT_TRACE_VL1_INCOMING_PACKET_DROPPED);
@ -128,26 +129,17 @@ void Trace::m_outgoingNetworkFrameDropped(void* tPtr, uint32_t codeLocation, uin
Dictionary::append(buf, ZT_TRACE_FIELD_ETHERTYPE, etherType);
Dictionary::append(buf, ZT_TRACE_FIELD_FRAME_LENGTH, frameLength);
if (frameData)
Dictionary::append(buf, ZT_TRACE_FIELD_FRAME_DATA, frameData, std::min((unsigned int)64, (unsigned int)frameLength));
Dictionary::append(
buf, ZT_TRACE_FIELD_FRAME_DATA, frameData, std::min((unsigned int)64, (unsigned int)frameLength));
Dictionary::append(buf, ZT_TRACE_FIELD_REASON, reason);
buf.push_back(0);
m_ctx.node->postEvent(tPtr, ZT_EVENT_TRACE, buf.data());
}
void Trace::m_incomingNetworkFrameDropped(
void* tPtr,
uint32_t codeLocation,
uint64_t networkId,
const MAC& sourceMac,
const MAC& destMac,
const uint16_t etherType,
const Identity& peerIdentity,
const InetAddress& physicalAddress,
uint8_t hops,
uint16_t frameLength,
const uint8_t* frameData,
uint8_t verb,
bool credentialRequestSent,
void *tPtr, uint32_t codeLocation, uint64_t networkId, const MAC &sourceMac, const MAC &destMac,
const uint16_t etherType, const Identity &peerIdentity, const InetAddress &physicalAddress, uint8_t hops,
uint16_t frameLength, const uint8_t *frameData, uint8_t verb, bool credentialRequestSent,
ZT_TraceFrameDropReason reason)
{
FCV<uint8_t, 4096> buf;
@ -164,7 +156,8 @@ void Trace::m_incomingNetworkFrameDropped(
Dictionary::append(buf, ZT_TRACE_FIELD_PACKET_VERB, verb);
Dictionary::append(buf, ZT_TRACE_FIELD_FRAME_LENGTH, frameLength);
if (frameData)
Dictionary::append(buf, ZT_TRACE_FIELD_FRAME_DATA, frameData, std::min((unsigned int)64, (unsigned int)frameLength));
Dictionary::append(
buf, ZT_TRACE_FIELD_FRAME_DATA, frameData, std::min((unsigned int)64, (unsigned int)frameLength));
Dictionary::append(buf, ZT_TRACE_FIELD_FLAG_CREDENTIAL_REQUEST_SENT, credentialRequestSent);
Dictionary::append(buf, ZT_TRACE_FIELD_REASON, reason);
buf.push_back(0);
@ -182,24 +175,10 @@ void Trace::m_networkConfigRequestSent(void* tPtr, uint32_t codeLocation, uint64
}
void Trace::m_networkFilter(
void* tPtr,
uint32_t codeLocation,
uint64_t networkId,
const uint8_t* primaryRuleSetLog,
const uint8_t* matchingCapabilityRuleSetLog,
uint32_t matchingCapabilityId,
int64_t matchingCapabilityTimestamp,
const Address& source,
const Address& dest,
const MAC& sourceMac,
const MAC& destMac,
uint16_t frameLength,
const uint8_t* frameData,
uint16_t etherType,
uint16_t vlanId,
bool noTee,
bool inbound,
int accept)
void *tPtr, uint32_t codeLocation, uint64_t networkId, const uint8_t *primaryRuleSetLog,
const uint8_t *matchingCapabilityRuleSetLog, uint32_t matchingCapabilityId, int64_t matchingCapabilityTimestamp,
const Address &source, const Address &dest, const MAC &sourceMac, const MAC &destMac, uint16_t frameLength,
const uint8_t *frameData, uint16_t etherType, uint16_t vlanId, bool noTee, bool inbound, int accept)
{
FCV<uint8_t, 4096> buf;
Dictionary::append(buf, ZT_TRACE_FIELD_TYPE, ZT_TRACE_VL2_NETWORK_FILTER);
@ -217,7 +196,8 @@ void Trace::m_networkFilter(
Dictionary::append(buf, ZT_TRACE_FIELD_DEST_MAC, destMac.toInt());
Dictionary::append(buf, ZT_TRACE_FIELD_FRAME_LENGTH, frameLength);
if (frameData)
Dictionary::append(buf, ZT_TRACE_FIELD_FRAME_DATA, frameData, std::min((unsigned int)64, (unsigned int)frameLength));
Dictionary::append(
buf, ZT_TRACE_FIELD_FRAME_DATA, frameData, std::min((unsigned int)64, (unsigned int)frameLength));
Dictionary::append(buf, ZT_TRACE_FIELD_ETHERTYPE, etherType);
Dictionary::append(buf, ZT_TRACE_FIELD_VLAN_ID, vlanId);
Dictionary::append(buf, ZT_TRACE_FIELD_RULE_FLAG_NOTEE, noTee);
@ -227,7 +207,9 @@ void Trace::m_networkFilter(
m_ctx.node->postEvent(tPtr, ZT_EVENT_TRACE, buf.data());
}
void Trace::m_credentialRejected(void* tPtr, uint32_t codeLocation, uint64_t networkId, const Identity& identity, uint32_t credentialId, int64_t credentialTimestamp, uint8_t credentialType, ZT_TraceCredentialRejectionReason reason)
void Trace::m_credentialRejected(
void *tPtr, uint32_t codeLocation, uint64_t networkId, const Identity &identity, uint32_t credentialId,
int64_t credentialTimestamp, uint8_t credentialType, ZT_TraceCredentialRejectionReason reason)
{
FCV<uint8_t, 4096> buf;
Dictionary::append(buf, ZT_TRACE_FIELD_TYPE, ZT_TRACE_VL2_NETWORK_CREDENTIAL_REJECTED);

193
core/Trace.hpp
View file

@ -71,91 +71,70 @@ class Trace {
l[rn >> 1U] |= (thisSetMatches + 1U) << ((rn & 1U) << 2U);
}
ZT_INLINE void clear() noexcept
{
memoryZero(this);
}
ZT_INLINE void clear() noexcept { memoryZero(this); }
};
explicit Trace(const Context &ctx);
void unexpectedError(const CallContext &cc, uint32_t codeLocation, const char *message, ...);
ZT_INLINE void
resettingPathsInScope(const CallContext& cc, const uint32_t codeLocation, const Identity& reporter, const InetAddress& from, const InetAddress& oldExternal, const InetAddress& newExternal, const InetAddress::IpScope scope)
ZT_INLINE void resettingPathsInScope(
const CallContext &cc, const uint32_t codeLocation, const Identity &reporter, const InetAddress &from,
const InetAddress &oldExternal, const InetAddress &newExternal, const InetAddress::IpScope scope)
{
if (unlikely((m_traceFlags & ZT_TRACE_F_VL1) != 0))
m_resettingPathsInScope(cc.tPtr, codeLocation, reporter, from, oldExternal, newExternal, scope);
}
ZT_INLINE void tryingNewPath(
const CallContext& cc,
const uint32_t codeLocation,
const Identity& trying,
const InetAddress& physicalAddress,
const InetAddress& triggerAddress,
uint64_t triggeringPacketId,
uint8_t triggeringPacketVerb,
const CallContext &cc, const uint32_t codeLocation, const Identity &trying, const InetAddress &physicalAddress,
const InetAddress &triggerAddress, uint64_t triggeringPacketId, uint8_t triggeringPacketVerb,
const Identity &triggeringPeer)
{
if (unlikely((m_traceFlags & ZT_TRACE_F_VL1) != 0))
m_tryingNewPath(cc.tPtr, codeLocation, trying, physicalAddress, triggerAddress, triggeringPacketId, triggeringPacketVerb, triggeringPeer);
m_tryingNewPath(
cc.tPtr, codeLocation, trying, physicalAddress, triggerAddress, triggeringPacketId,
triggeringPacketVerb, triggeringPeer);
}
ZT_INLINE void learnedNewPath(const CallContext& cc, const uint32_t codeLocation, uint64_t packetId, const Identity& peerIdentity, const InetAddress& physicalAddress, const InetAddress& replaced)
ZT_INLINE void learnedNewPath(
const CallContext &cc, const uint32_t codeLocation, uint64_t packetId, const Identity &peerIdentity,
const InetAddress &physicalAddress, const InetAddress &replaced)
{
if (unlikely((m_traceFlags & ZT_TRACE_F_VL1) != 0))
m_learnedNewPath(cc.tPtr, codeLocation, packetId, peerIdentity, physicalAddress, replaced);
}
ZT_INLINE void incomingPacketDropped(
const CallContext& cc,
const uint32_t codeLocation,
uint64_t packetId,
uint64_t networkId,
const Identity& peerIdentity,
const InetAddress& physicalAddress,
uint8_t hops,
uint8_t verb,
const CallContext &cc, const uint32_t codeLocation, uint64_t packetId, uint64_t networkId,
const Identity &peerIdentity, const InetAddress &physicalAddress, uint8_t hops, uint8_t verb,
const ZT_TracePacketDropReason reason)
{
if (unlikely((m_traceFlags & ZT_TRACE_F_VL1) != 0))
m_incomingPacketDropped(cc.tPtr, codeLocation, packetId, networkId, peerIdentity, physicalAddress, hops, verb, reason);
m_incomingPacketDropped(
cc.tPtr, codeLocation, packetId, networkId, peerIdentity, physicalAddress, hops, verb, reason);
}
ZT_INLINE void outgoingNetworkFrameDropped(
const CallContext& cc,
const uint32_t codeLocation,
uint64_t networkId,
const MAC& sourceMac,
const MAC& destMac,
uint16_t etherType,
uint16_t frameLength,
const uint8_t* frameData,
const CallContext &cc, const uint32_t codeLocation, uint64_t networkId, const MAC &sourceMac,
const MAC &destMac, uint16_t etherType, uint16_t frameLength, const uint8_t *frameData,
ZT_TraceFrameDropReason reason)
{
if (unlikely((m_traceFlags & ZT_TRACE_F_VL2) != 0))
m_outgoingNetworkFrameDropped(cc.tPtr, codeLocation, networkId, sourceMac, destMac, etherType, frameLength, frameData, reason);
m_outgoingNetworkFrameDropped(
cc.tPtr, codeLocation, networkId, sourceMac, destMac, etherType, frameLength, frameData, reason);
}
ZT_INLINE void incomingNetworkFrameDropped(
const CallContext& cc,
const uint32_t codeLocation,
uint64_t networkId,
const MAC& sourceMac,
const MAC& destMac,
const uint16_t etherType,
const Identity& peerIdentity,
const InetAddress& physicalAddress,
uint8_t hops,
uint16_t frameLength,
const uint8_t* frameData,
uint8_t verb,
bool credentialRequestSent,
const CallContext &cc, const uint32_t codeLocation, uint64_t networkId, const MAC &sourceMac,
const MAC &destMac, const uint16_t etherType, const Identity &peerIdentity, const InetAddress &physicalAddress,
uint8_t hops, uint16_t frameLength, const uint8_t *frameData, uint8_t verb, bool credentialRequestSent,
ZT_TraceFrameDropReason reason)
{
if (unlikely((m_traceFlags & ZT_TRACE_F_VL2) != 0))
m_incomingNetworkFrameDropped(cc.tPtr, codeLocation, networkId, sourceMac, destMac, etherType, peerIdentity, physicalAddress, hops, frameLength, frameData, verb, credentialRequestSent, reason);
m_incomingNetworkFrameDropped(
cc.tPtr, codeLocation, networkId, sourceMac, destMac, etherType, peerIdentity, physicalAddress, hops,
frameLength, frameData, verb, credentialRequestSent, reason);
}
ZT_INLINE void networkConfigRequestSent(const CallContext &cc, const uint32_t codeLocation, uint64_t networkId)
@ -165,113 +144,69 @@ class Trace {
}
ZT_INLINE void networkFilter(
const CallContext& cc,
const uint32_t codeLocation,
uint64_t networkId,
const uint8_t primaryRuleSetLog[512],
const uint8_t matchingCapabilityRuleSetLog[512],
uint32_t matchingCapabilityId,
int64_t matchingCapabilityTimestamp,
const Address& source,
const Address& dest,
const MAC& sourceMac,
const MAC& destMac,
uint16_t frameLength,
const uint8_t* frameData,
uint16_t etherType,
uint16_t vlanId,
bool noTee,
bool inbound,
int accept)
const CallContext &cc, const uint32_t codeLocation, uint64_t networkId, const uint8_t primaryRuleSetLog[512],
const uint8_t matchingCapabilityRuleSetLog[512], uint32_t matchingCapabilityId,
int64_t matchingCapabilityTimestamp, const Address &source, const Address &dest, const MAC &sourceMac,
const MAC &destMac, uint16_t frameLength, const uint8_t *frameData, uint16_t etherType, uint16_t vlanId,
bool noTee, bool inbound, int accept)
{
if (unlikely((m_traceFlags & ZT_TRACE_F_VL2_FILTER) != 0)) {
m_networkFilter(
cc.tPtr,
codeLocation,
networkId,
primaryRuleSetLog,
matchingCapabilityRuleSetLog,
matchingCapabilityId,
matchingCapabilityTimestamp,
source,
dest,
sourceMac,
destMac,
frameLength,
frameData,
etherType,
vlanId,
noTee,
inbound,
accept);
cc.tPtr, codeLocation, networkId, primaryRuleSetLog, matchingCapabilityRuleSetLog, matchingCapabilityId,
matchingCapabilityTimestamp, source, dest, sourceMac, destMac, frameLength, frameData, etherType,
vlanId, noTee, inbound, accept);
}
}
ZT_INLINE void
credentialRejected(const CallContext& cc, const uint32_t codeLocation, uint64_t networkId, const Identity& identity, uint32_t credentialId, int64_t credentialTimestamp, uint8_t credentialType, ZT_TraceCredentialRejectionReason reason)
ZT_INLINE void credentialRejected(
const CallContext &cc, const uint32_t codeLocation, uint64_t networkId, const Identity &identity,
uint32_t credentialId, int64_t credentialTimestamp, uint8_t credentialType,
ZT_TraceCredentialRejectionReason reason)
{
if (unlikely((m_traceFlags & ZT_TRACE_F_VL2) != 0))
m_credentialRejected(cc.tPtr, codeLocation, networkId, identity, credentialId, credentialTimestamp, credentialType, reason);
m_credentialRejected(
cc.tPtr, codeLocation, networkId, identity, credentialId, credentialTimestamp, credentialType, reason);
}
private:
void m_resettingPathsInScope(void* tPtr, uint32_t codeLocation, const Identity& reporter, const InetAddress& from, const InetAddress& oldExternal, const InetAddress& newExternal, InetAddress::IpScope scope);
void m_resettingPathsInScope(
void *tPtr, uint32_t codeLocation, const Identity &reporter, const InetAddress &from,
const InetAddress &oldExternal, const InetAddress &newExternal, InetAddress::IpScope scope);
void m_tryingNewPath(
void* tPtr,
uint32_t codeLocation,
const Identity& trying,
const InetAddress& physicalAddress,
const InetAddress& triggerAddress,
uint64_t triggeringPacketId,
uint8_t triggeringPacketVerb,
void *tPtr, uint32_t codeLocation, const Identity &trying, const InetAddress &physicalAddress,
const InetAddress &triggerAddress, uint64_t triggeringPacketId, uint8_t triggeringPacketVerb,
const Identity &triggeringPeer);
void m_learnedNewPath(void* tPtr, uint32_t codeLocation, uint64_t packetId, const Identity& peerIdentity, const InetAddress& physicalAddress, const InetAddress& replaced);
void m_learnedNewPath(
void *tPtr, uint32_t codeLocation, uint64_t packetId, const Identity &peerIdentity,
const InetAddress &physicalAddress, const InetAddress &replaced);
void m_incomingPacketDropped(void* tPtr, uint32_t codeLocation, uint64_t packetId, uint64_t networkId, const Identity& peerIdentity, const InetAddress& physicalAddress, uint8_t hops, uint8_t verb, ZT_TracePacketDropReason reason);
void m_incomingPacketDropped(
void *tPtr, uint32_t codeLocation, uint64_t packetId, uint64_t networkId, const Identity &peerIdentity,
const InetAddress &physicalAddress, uint8_t hops, uint8_t verb, ZT_TracePacketDropReason reason);
void m_outgoingNetworkFrameDropped(void* tPtr, uint32_t codeLocation, uint64_t networkId, const MAC& sourceMac, const MAC& destMac, uint16_t etherType, uint16_t frameLength, const uint8_t* frameData, ZT_TraceFrameDropReason reason);
void m_outgoingNetworkFrameDropped(
void *tPtr, uint32_t codeLocation, uint64_t networkId, const MAC &sourceMac, const MAC &destMac,
uint16_t etherType, uint16_t frameLength, const uint8_t *frameData, ZT_TraceFrameDropReason reason);
void m_incomingNetworkFrameDropped(
void* tPtr,
uint32_t codeLocation,
uint64_t networkId,
const MAC& sourceMac,
const MAC& destMac,
const uint16_t etherType,
const Identity& peerIdentity,
const InetAddress& physicalAddress,
uint8_t hops,
uint16_t frameLength,
const uint8_t* frameData,
uint8_t verb,
bool credentialRequestSent,
void *tPtr, uint32_t codeLocation, uint64_t networkId, const MAC &sourceMac, const MAC &destMac,
const uint16_t etherType, const Identity &peerIdentity, const InetAddress &physicalAddress, uint8_t hops,
uint16_t frameLength, const uint8_t *frameData, uint8_t verb, bool credentialRequestSent,
ZT_TraceFrameDropReason reason);
void m_networkConfigRequestSent(void *tPtr, uint32_t codeLocation, uint64_t networkId);
void m_networkFilter(
void* tPtr,
uint32_t codeLocation,
uint64_t networkId,
const uint8_t* primaryRuleSetLog,
const uint8_t* matchingCapabilityRuleSetLog,
uint32_t matchingCapabilityId,
int64_t matchingCapabilityTimestamp,
const Address& source,
const Address& dest,
const MAC& sourceMac,
const MAC& destMac,
uint16_t frameLength,
const uint8_t* frameData,
uint16_t etherType,
uint16_t vlanId,
bool noTee,
bool inbound,
int accept);
void *tPtr, uint32_t codeLocation, uint64_t networkId, const uint8_t *primaryRuleSetLog,
const uint8_t *matchingCapabilityRuleSetLog, uint32_t matchingCapabilityId, int64_t matchingCapabilityTimestamp,
const Address &source, const Address &dest, const MAC &sourceMac, const MAC &destMac, uint16_t frameLength,
const uint8_t *frameData, uint16_t etherType, uint16_t vlanId, bool noTee, bool inbound, int accept);
void m_credentialRejected(void* tPtr, uint32_t codeLocation, uint64_t networkId, const Identity& identity, uint32_t credentialId, int64_t credentialTimestamp, uint8_t credentialType, ZT_TraceCredentialRejectionReason reason);
void m_credentialRejected(
void *tPtr, uint32_t codeLocation, uint64_t networkId, const Identity &identity, uint32_t credentialId,
int64_t credentialTimestamp, uint8_t credentialType, ZT_TraceCredentialRejectionReason reason);
const Context &m_ctx;
volatile unsigned int m_traceFlags; // faster than atomic, but may not "instantly" change... should be okay

8
core/TriviallyCopyable.hpp
View file

@ -51,12 +51,8 @@ struct TriviallyCopyable {
}
private:
static ZT_INLINE void mustBeTriviallyCopyable(const TriviallyCopyable&) noexcept
{
}
static ZT_INLINE void mustBeTriviallyCopyable(const TriviallyCopyable*) noexcept
{
}
static ZT_INLINE void mustBeTriviallyCopyable(const TriviallyCopyable &) noexcept {}
static ZT_INLINE void mustBeTriviallyCopyable(const TriviallyCopyable *) noexcept {}
};
} // namespace ZeroTier

82
core/TrustStore.cpp
View file

@ -17,13 +17,9 @@
namespace ZeroTier {
TrustStore::TrustStore()
{
}
TrustStore::TrustStore() {}
TrustStore::~TrustStore()
{
}
TrustStore::~TrustStore() {}
SharedPtr<TrustStore::Entry> TrustStore::get(const H384 &serial) const
{
@ -39,17 +35,21 @@ Map<Identity, SharedPtr<const Locator> > TrustStore::roots()
// Iterate using m_bySubjectIdentity to only scan certificates with subject identities.
// This map also does not contian error or deprecated certificates.
for (Map<Fingerprint, Vector<SharedPtr<Entry> > >::const_iterator cv(m_bySubjectIdentity.begin()); cv != m_bySubjectIdentity.end(); ++cv) {
for (Map<Fingerprint, Vector<SharedPtr<Entry>>>::const_iterator cv(m_bySubjectIdentity.begin());
cv != m_bySubjectIdentity.end(); ++cv) {
for (Vector<SharedPtr<Entry>>::const_iterator c(cv->second.begin()); c != cv->second.end(); ++c) {
// A root set cert must be marked for this use and authorized to influence this node's config.
if ((((*c)->m_certificate.usageFlags & ZT_CERTIFICATE_USAGE_ZEROTIER_ROOT_SET) != 0) && (((*c)->m_localTrust & ZT_CERTIFICATE_LOCAL_TRUST_FLAG_CONFIG) != 0)) {
if ((((*c)->m_certificate.usageFlags & ZT_CERTIFICATE_USAGE_ZEROTIER_ROOT_SET) != 0)
&& (((*c)->m_localTrust & ZT_CERTIFICATE_LOCAL_TRUST_FLAG_CONFIG) != 0)) {
// Add all identities to the root set, and for each entry in the set make sure we have the latest
// locator if there's more than one cert with one.
for (unsigned int j = 0; j < (*c)->certificate().subject.identityCount; ++j) {
const Identity* const id = reinterpret_cast<const Identity*>((*c)->certificate().subject.identities[j].identity);
const Identity *const id =
reinterpret_cast<const Identity *>((*c)->certificate().subject.identities[j].identity);
if ((id) && (*id)) { // sanity check
SharedPtr<const Locator> &existingLoc = r[*id];
const Locator* const loc = reinterpret_cast<const Locator*>((*c)->certificate().subject.identities[j].locator);
const Locator *const loc =
reinterpret_cast<const Locator *>((*c)->certificate().subject.identities[j].locator);
if (loc) {
if ((!existingLoc) || (existingLoc->revision() < loc->revision()))
existingLoc.set(new Locator(*loc));
@ -109,8 +109,7 @@ bool TrustStore::update(const int64_t clock, Vector<SharedPtr<Entry> >* const pu
errorStateModified = true;
}
break;
default:
break;
default: break;
}
}
@ -157,33 +156,43 @@ bool TrustStore::update(const int64_t clock, Vector<SharedPtr<Entry> >* const pu
}
}
else {
if ((! c->second->m_onTrustPath) && ((c->second->m_localTrust & ZT_CERTIFICATE_LOCAL_TRUST_FLAG_ROOT_CA) == 0)) {
if ((!c->second->m_onTrustPath)
&& ((c->second->m_localTrust & ZT_CERTIFICATE_LOCAL_TRUST_FLAG_ROOT_CA) == 0)) {
// Trace the path of each certificate all the way back to a trusted CA.
unsigned int pathLength = 0;
Map<H384, SharedPtr<Entry>>::const_iterator current(c);
visited.clear();
for (;;) {
if (pathLength <= current->second->m_certificate.maxPathLength) {
// Check if this cert isn't a CA or already part of a valid trust path. If so then step upward
// toward CA.
if (((current->second->m_localTrust & ZT_CERTIFICATE_LOCAL_TRUST_FLAG_ROOT_CA) == 0) && (! current->second->m_onTrustPath)) {
// If the issuer (parent) certificiate is (1) valid, (2) not already visited (to prevent
// loops), and (3) has a public key that matches this cert's issuer public key (sanity
// check), proceed up the certificate graph toward a potential CA.
// Check if this cert isn't a CA or already part of a valid trust path. If so then step
// upward toward CA.
if (((current->second->m_localTrust & ZT_CERTIFICATE_LOCAL_TRUST_FLAG_ROOT_CA) == 0)
&& (!current->second->m_onTrustPath)) {
// If the issuer (parent) certificiate is (1) valid, (2) not already visited (to
// prevent loops), and (3) has a public key that matches this cert's issuer public
// key (sanity check), proceed up the certificate graph toward a potential CA.
visited.push_back(current->second.ptr());
const Map<H384, SharedPtr<Entry>>::const_iterator prevChild(current);
current = m_bySerial.find(H384(current->second->m_certificate.issuer));
if ((current != m_bySerial.end()) && (std::find(visited.begin(), visited.end(), current->second.ptr()) == visited.end()) && (current->second->m_error == ZT_CERTIFICATE_ERROR_NONE)
&& (current->second->m_certificate.publicKeySize == prevChild->second->m_certificate.issuerPublicKeySize)
&& (memcmp(current->second->m_certificate.publicKey, prevChild->second->m_certificate.issuerPublicKey, current->second->m_certificate.publicKeySize) == 0)) {
if ((current != m_bySerial.end())
&& (std::find(visited.begin(), visited.end(), current->second.ptr())
== visited.end())
&& (current->second->m_error == ZT_CERTIFICATE_ERROR_NONE)
&& (current->second->m_certificate.publicKeySize
== prevChild->second->m_certificate.issuerPublicKeySize)
&& (memcmp(
current->second->m_certificate.publicKey,
prevChild->second->m_certificate.issuerPublicKey,
current->second->m_certificate.publicKeySize)
== 0)) {
++pathLength;
continue;
}
}
else {
// If we've traced this to a root CA, flag its parents as also being on a trust path. Then
// break the loop without setting an error. We don't flag the current cert as being on a
// trust path since no other certificates depend on it.
// If we've traced this to a root CA, flag its parents as also being on a trust
// path. Then break the loop without setting an error. We don't flag the current
// cert as being on a trust path since no other certificates depend on it.
for (Vector<Entry *>::const_iterator v(visited.begin()); v != visited.end(); ++v) {
if (*v != c->second.ptr())
(*v)->m_onTrustPath = true;
@ -211,7 +220,8 @@ bool TrustStore::update(const int64_t clock, Vector<SharedPtr<Entry> >* const pu
if (c->second->m_error == ZT_CERTIFICATE_ERROR_NONE) {
const unsigned int uniqueIdSize = c->second->m_certificate.subject.uniqueIdSize;
if ((uniqueIdSize > 0) && (uniqueIdSize <= ZT_CERTIFICATE_MAX_PUBLIC_KEY_SIZE)) {
SharedPtr<Entry>& entry = m_bySubjectUniqueId[Blob<ZT_CERTIFICATE_MAX_PUBLIC_KEY_SIZE>(c->second->m_certificate.subject.uniqueId, uniqueIdSize)];
SharedPtr<Entry> &entry = m_bySubjectUniqueId[Blob<ZT_CERTIFICATE_MAX_PUBLIC_KEY_SIZE>(
c->second->m_certificate.subject.uniqueId, uniqueIdSize)];
if (entry) {
// If there's already an entry, see if there's a newer certificate for this subject.
if (c->second->m_certificate.subject.timestamp > entry->m_certificate.subject.timestamp) {
@ -223,7 +233,10 @@ bool TrustStore::update(const int64_t clock, Vector<SharedPtr<Entry> >* const pu
}
else {
// Equal timestamps should never happen, but handle it anyway by comparing serials.
if (memcmp(c->second->m_certificate.serialNo, entry->m_certificate.serialNo, ZT_CERTIFICATE_HASH_SIZE) > 0) {
if (memcmp(
c->second->m_certificate.serialNo, entry->m_certificate.serialNo,
ZT_CERTIFICATE_HASH_SIZE)
> 0) {
entry->m_subjectDeprecated = true;
entry = c->second;
}
@ -245,7 +258,8 @@ bool TrustStore::update(const int64_t clock, Vector<SharedPtr<Entry> >* const pu
for (Map<H384, SharedPtr<Entry>>::const_iterator c(m_bySerial.begin()); c != m_bySerial.end(); ++c) {
if ((c->second->m_error == ZT_CERTIFICATE_ERROR_NONE) && (!c->second->m_subjectDeprecated)) {
for (unsigned int i = 0; i < c->second->m_certificate.subject.identityCount; ++i) {
const Identity* const id = reinterpret_cast<const Identity*>(c->second->m_certificate.subject.identities[i].identity);
const Identity *const id =
reinterpret_cast<const Identity *>(c->second->m_certificate.subject.identities[i].identity);
if ((id) && (*id)) // sanity check
m_bySubjectIdentity[id->fingerprint()].push_back(c->second);
}
@ -255,7 +269,8 @@ bool TrustStore::update(const int64_t clock, Vector<SharedPtr<Entry> >* const pu
// If purge is set, erase and return error and deprecated certs (that are not on a trust path).
if (purge) {
for (Map<H384, SharedPtr<Entry>>::const_iterator c(m_bySerial.begin()); c != m_bySerial.end();) {
if ((c->second->error() != ZT_CERTIFICATE_ERROR_NONE) || ((c->second->m_subjectDeprecated) && (! c->second->m_onTrustPath))) {
if ((c->second->error() != ZT_CERTIFICATE_ERROR_NONE)
|| ((c->second->m_subjectDeprecated) && (!c->second->m_onTrustPath))) {
purge->push_back(c->second);
m_bySerial.erase(c++);
}
@ -299,7 +314,9 @@ Vector<uint8_t> TrustStore::save() const
b.push_back(0);
comp.resize((unsigned long)LZ4_COMPRESSBOUND(b.size()) + 8);
compSize = LZ4_compress_fast(reinterpret_cast<const char*>(b.data()), reinterpret_cast<char*>(comp.data() + 8), (int)b.size(), (int)(comp.size() - 8));
compSize = LZ4_compress_fast(
reinterpret_cast<const char *>(b.data()), reinterpret_cast<char *>(comp.data() + 8), (int)b.size(),
(int)(comp.size() - 8));
if (unlikely(compSize <= 0)) // shouldn't be possible
return Vector<uint8_t>();
@ -327,7 +344,10 @@ int TrustStore::load(const Vector<uint8_t>& data)
Vector<uint8_t> uncomp;
uncomp.resize(uncompSize);
if (LZ4_decompress_safe(reinterpret_cast<const char*>(data.data() + 8), reinterpret_cast<char*>(uncomp.data()), (int)(data.size() - 8), (int)uncompSize) != (int)uncompSize)
if (LZ4_decompress_safe(
reinterpret_cast<const char *>(data.data() + 8), reinterpret_cast<char *>(uncomp.data()),
(int)(data.size() - 8), (int)uncompSize)
!= (int)uncompSize)
return -1;
const uint8_t *b = uncomp.data();
if (Utils::fnv1a32(b, (unsigned int)uncompSize) != Utils::loadBigEndian<uint32_t>(data.data() + 4))

13
core/TrustStore.hpp
View file

@ -57,10 +57,7 @@ class TrustStore {
/**
* @return Reference to held certificate
*/
ZT_INLINE const Certificate& certificate() const noexcept
{
return m_certificate;
}
ZT_INLINE const Certificate &certificate() const noexcept { return m_certificate; }
/**
* Get the local trust for this certificate
@ -98,10 +95,7 @@ class TrustStore {
}
private:
Entry& operator=(const Entry&)
{
return *this;
}
Entry &operator=(const Entry &) { return *this; }
ZT_INLINE Entry(RWMutex &l, const Certificate &cert, const unsigned int lt) noexcept
: __refCount(0)
@ -210,7 +204,8 @@ class TrustStore {
private:
Map<H384, SharedPtr<Entry>> m_bySerial; // all certificates
Map<Blob<ZT_CERTIFICATE_MAX_PUBLIC_KEY_SIZE>, SharedPtr<Entry> > m_bySubjectUniqueId; // non-rejected certificates only
Map<Blob<ZT_CERTIFICATE_MAX_PUBLIC_KEY_SIZE>, SharedPtr<Entry>>
m_bySubjectUniqueId; // non-rejected certificates only
Map<Fingerprint, Vector<SharedPtr<Entry>>> m_bySubjectIdentity; // non-rejected certificates only
ForwardList<SharedPtr<Entry>> m_addQueue;
ForwardList<H384> m_deleteQueue;

50
core/Utils.hpp
View file

@ -37,8 +37,10 @@ namespace Utils {
#if __BYTE_ORDER == __LITTLE_ENDIAN
#define ZT_CONST_TO_BE_UINT16(x) ((uint16_t)((uint16_t)((uint16_t)(x) << 8U) | (uint16_t)((uint16_t)(x) >> 8U)))
#define ZT_CONST_TO_BE_UINT64(x) \
((((uint64_t)(x)&0x00000000000000ffULL) << 56U) | (((uint64_t)(x)&0x000000000000ff00ULL) << 40U) | (((uint64_t)(x)&0x0000000000ff0000ULL) << 24U) | (((uint64_t)(x)&0x00000000ff000000ULL) << 8U) \
| (((uint64_t)(x)&0x000000ff00000000ULL) >> 8U) | (((uint64_t)(x)&0x0000ff0000000000ULL) >> 24U) | (((uint64_t)(x)&0x00ff000000000000ULL) >> 40U) | (((uint64_t)(x)&0xff00000000000000ULL) >> 56U))
((((uint64_t)(x)&0x00000000000000ffULL) << 56U) | (((uint64_t)(x)&0x000000000000ff00ULL) << 40U) \
| (((uint64_t)(x)&0x0000000000ff0000ULL) << 24U) | (((uint64_t)(x)&0x00000000ff000000ULL) << 8U) \
| (((uint64_t)(x)&0x000000ff00000000ULL) >> 8U) | (((uint64_t)(x)&0x0000ff0000000000ULL) >> 24U) \
| (((uint64_t)(x)&0x00ff000000000000ULL) >> 40U) | (((uint64_t)(x)&0xff00000000000000ULL) >> 56U))
#else
#define ZT_CONST_TO_BE_UINT16(x) ((uint16_t)(x))
#define ZT_CONST_TO_BE_UINT64(x) ((uint64_t)(x))
@ -237,10 +239,7 @@ static ZT_INLINE char* stok(char* str, const char* delim, char** saveptr) noexce
#endif
}
static ZT_INLINE unsigned int strToUInt(const char* s) noexcept
{
return (unsigned int)strtoul(s, nullptr, 10);
}
static ZT_INLINE unsigned int strToUInt(const char *s) noexcept { return (unsigned int)strtoul(s, nullptr, 10); }
static ZT_INLINE unsigned long long hexStrToU64(const char *s) noexcept
{
@ -300,7 +299,8 @@ static ZT_INLINE uint64_t swapBytes(const uint64_t n) noexcept
return (uint64_t)_byteswap_uint64((unsigned __int64)n);
#else
return (
((n & 0x00000000000000ffULL) << 56) | ((n & 0x000000000000ff00ULL) << 40) | ((n & 0x0000000000ff0000ULL) << 24) | ((n & 0x00000000ff000000ULL) << 8) | ((n & 0x000000ff00000000ULL) >> 8) | ((n & 0x0000ff0000000000ULL) >> 24)
((n & 0x00000000000000ffULL) << 56) | ((n & 0x000000000000ff00ULL) << 40) | ((n & 0x0000000000ff0000ULL) << 24)
| ((n & 0x00000000ff000000ULL) << 8) | ((n & 0x000000ff00000000ULL) >> 8) | ((n & 0x0000ff0000000000ULL) >> 24)
| ((n & 0x00ff000000000000ULL) >> 40) | ((n & 0xff00000000000000ULL) >> 56));
#endif
#endif
@ -350,44 +350,29 @@ template <typename I, unsigned int S> class _swap_bytes_bysize;
template <typename I> class _swap_bytes_bysize<I, 1> {
public:
static ZT_INLINE I s(const I n) noexcept
{
return n;
}
static ZT_INLINE I s(const I n) noexcept { return n; }
};
template <typename I> class _swap_bytes_bysize<I, 2> {
public:
static ZT_INLINE I s(const I n) noexcept
{
return (I)swapBytes((uint16_t)n);
}
static ZT_INLINE I s(const I n) noexcept { return (I)swapBytes((uint16_t)n); }
};
template <typename I> class _swap_bytes_bysize<I, 4> {
public:
static ZT_INLINE I s(const I n) noexcept
{
return (I)swapBytes((uint32_t)n);
}
static ZT_INLINE I s(const I n) noexcept { return (I)swapBytes((uint32_t)n); }
};
template <typename I> class _swap_bytes_bysize<I, 8> {
public:
static ZT_INLINE I s(const I n) noexcept
{
return (I)swapBytes((uint64_t)n);
}
static ZT_INLINE I s(const I n) noexcept { return (I)swapBytes((uint64_t)n); }
};
template <typename I, unsigned int S> class _load_be_bysize;
template <typename I> class _load_be_bysize<I, 1> {
public:
static ZT_INLINE I l(const uint8_t* const p) noexcept
{
return p[0];
}
static ZT_INLINE I l(const uint8_t *const p) noexcept { return p[0]; }
};
template <typename I> class _load_be_bysize<I, 2> {
@ -410,7 +395,8 @@ template <typename I> class _load_be_bysize<I, 8> {
public:
static ZT_INLINE I l(const uint8_t *const p) noexcept
{
return (I)(((uint64_t)p[0] << 56U) | ((uint64_t)p[1] << 48U) | ((uint64_t)p[2] << 40U) | ((uint64_t)p[3] << 32U) | ((uint64_t)p[4] << 24U) | ((uint64_t)p[5] << 16U) | ((uint64_t)p[6] << 8U) | (uint64_t)p[7]);
return (
I)(((uint64_t)p[0] << 56U) | ((uint64_t)p[1] << 48U) | ((uint64_t)p[2] << 40U) | ((uint64_t)p[3] << 32U) | ((uint64_t)p[4] << 24U) | ((uint64_t)p[5] << 16U) | ((uint64_t)p[6] << 8U) | (uint64_t)p[7]);
}
};
@ -418,10 +404,7 @@ template <typename I, unsigned int S> class _load_le_bysize;
template <typename I> class _load_le_bysize<I, 1> {
public:
static ZT_INLINE I l(const uint8_t* const p) noexcept
{
return p[0];
}
static ZT_INLINE I l(const uint8_t *const p) noexcept { return p[0]; }
};
template <typename I> class _load_le_bysize<I, 2> {
@ -444,7 +427,8 @@ template <typename I> class _load_le_bysize<I, 8> {
public:
static ZT_INLINE I l(const uint8_t *const p) noexcept
{
return (I)((uint64_t)p[0] | ((uint64_t)p[1] << 8U) | ((uint64_t)p[2] << 16U) | ((uint64_t)p[3] << 24U) | ((uint64_t)p[4] << 32U) | ((uint64_t)p[5] << 40U) | ((uint64_t)p[6] << 48U) | ((uint64_t)p[7]) << 56U);
return (
I)((uint64_t)p[0] | ((uint64_t)p[1] << 8U) | ((uint64_t)p[2] << 16U) | ((uint64_t)p[3] << 24U) | ((uint64_t)p[4] << 32U) | ((uint64_t)p[5] << 40U) | ((uint64_t)p[6] << 48U) | ((uint64_t)p[7]) << 56U);
}
};

274
core/VL1.cpp
View file

@ -31,17 +31,17 @@ namespace ZeroTier {
namespace {
ZT_INLINE const Identity& identityFromPeerPtr(const SharedPtr<Peer>& p)
{
return (p) ? p->identity() : Identity::NIL;
}
ZT_INLINE const Identity &identityFromPeerPtr(const SharedPtr<Peer> &p) { return (p) ? p->identity() : Identity::NIL; }
struct p_SalsaPolyCopyFunction {
Salsa20 s20;
Poly1305 poly1305;
unsigned int hdrRemaining;
ZT_INLINE p_SalsaPolyCopyFunction(const void* salsaKey, const void* salsaIv) : s20(salsaKey, salsaIv), poly1305(), hdrRemaining(ZT_PROTO_PACKET_ENCRYPTED_SECTION_START)
ZT_INLINE p_SalsaPolyCopyFunction(const void *salsaKey, const void *salsaIv)
: s20(salsaKey, salsaIv)
, poly1305()
, hdrRemaining(ZT_PROTO_PACKET_ENCRYPTED_SECTION_START)
{
uint8_t macKey[ZT_POLY1305_KEY_SIZE];
s20.crypt12(Utils::ZERO256, macKey, ZT_POLY1305_KEY_SIZE);
@ -67,7 +67,9 @@ struct p_PolyCopyFunction {
Poly1305 poly1305;
unsigned int hdrRemaining;
ZT_INLINE p_PolyCopyFunction(const void* salsaKey, const void* salsaIv) : poly1305(), hdrRemaining(ZT_PROTO_PACKET_ENCRYPTED_SECTION_START)
ZT_INLINE p_PolyCopyFunction(const void *salsaKey, const void *salsaIv)
: poly1305()
, hdrRemaining(ZT_PROTO_PACKET_ENCRYPTED_SECTION_START)
{
uint8_t macKey[ZT_POLY1305_KEY_SIZE];
Salsa20(salsaKey, salsaIv).crypt12(Utils::ZERO256, macKey, ZT_POLY1305_KEY_SIZE);
@ -91,11 +93,11 @@ struct p_PolyCopyFunction {
} // anonymous namespace
VL1::VL1(const Context& ctx) : m_ctx(ctx)
{
}
VL1::VL1(const Context &ctx) : m_ctx(ctx) {}
void VL1::onRemotePacket(CallContext& cc, const int64_t localSocket, const InetAddress& fromAddr, SharedPtr<Buf>& data, const unsigned int len) noexcept
void VL1::onRemotePacket(
CallContext &cc, const int64_t localSocket, const InetAddress &fromAddr, SharedPtr<Buf> &data,
const unsigned int len) noexcept
{
const SharedPtr<Path> path(m_ctx.topology->path(localSocket, fromAddr));
@ -113,7 +115,8 @@ void VL1::onRemotePacket(CallContext& cc, const int64_t localSocket, const InetA
static_assert((ZT_PROTO_PACKET_ID_INDEX + sizeof(uint64_t)) < ZT_PROTO_MIN_FRAGMENT_LENGTH, "overflow");
const uint64_t packetId = Utils::loadMachineEndian<uint64_t>(data->unsafeData + ZT_PROTO_PACKET_ID_INDEX);
static_assert((ZT_PROTO_PACKET_DESTINATION_INDEX + ZT_ADDRESS_LENGTH) < ZT_PROTO_MIN_FRAGMENT_LENGTH, "overflow");
static_assert(
(ZT_PROTO_PACKET_DESTINATION_INDEX + ZT_ADDRESS_LENGTH) < ZT_PROTO_MIN_FRAGMENT_LENGTH, "overflow");
const Address destination(data->unsafeData + ZT_PROTO_PACKET_DESTINATION_INDEX);
if (destination != m_ctx.identity.address()) {
m_relay(cc, path, destination, data, len);
@ -132,9 +135,10 @@ void VL1::onRemotePacket(CallContext& cc, const int64_t localSocket, const InetA
static_assert(ZT_PROTO_PACKET_FRAGMENT_COUNTS < ZT_PROTO_MIN_FRAGMENT_LENGTH, "overflow");
const unsigned int totalFragments = (data->unsafeData[ZT_PROTO_PACKET_FRAGMENT_COUNTS] >> 4U) & 0x0fU;
const unsigned int fragmentNo = data->unsafeData[ZT_PROTO_PACKET_FRAGMENT_COUNTS] & 0x0fU;
switch (m_inputPacketAssembler.assemble(packetId, pktv, data, ZT_PROTO_PACKET_FRAGMENT_PAYLOAD_START_AT, len - ZT_PROTO_PACKET_FRAGMENT_PAYLOAD_START_AT, fragmentNo, totalFragments, cc.ticks, path)) {
case Defragmenter<ZT_MAX_PACKET_FRAGMENTS>::COMPLETE:
break;
switch (m_inputPacketAssembler.assemble(
packetId, pktv, data, ZT_PROTO_PACKET_FRAGMENT_PAYLOAD_START_AT,
len - ZT_PROTO_PACKET_FRAGMENT_PAYLOAD_START_AT, fragmentNo, totalFragments, cc.ticks, path)) {
case Defragmenter<ZT_MAX_PACKET_FRAGMENTS>::COMPLETE: break;
default:
// case Defragmenter<ZT_MAX_PACKET_FRAGMENTS>::OK:
// case Defragmenter<ZT_MAX_PACKET_FRAGMENTS>::ERR_DUPLICATE_FRAGMENT:
@ -151,17 +155,13 @@ void VL1::onRemotePacket(CallContext& cc, const int64_t localSocket, const InetA
if ((data->unsafeData[ZT_PROTO_PACKET_FLAGS_INDEX] & ZT_PROTO_FLAG_FRAGMENTED) != 0) {
// This is the head of a series of fragments that we may or may not already have.
switch (m_inputPacketAssembler.assemble(
packetId,
pktv,
data,
packetId, pktv, data,
0, // fragment index is 0 since this is the head
len,
0, // always the zero'eth fragment
0, // this is specified in fragments, not in the head
cc.ticks,
path)) {
case Defragmenter<ZT_MAX_PACKET_FRAGMENTS>::COMPLETE:
break;
cc.ticks, path)) {
case Defragmenter<ZT_MAX_PACKET_FRAGMENTS>::COMPLETE: break;
default:
// case Defragmenter<ZT_MAX_PACKET_FRAGMENTS>::OK:
// case Defragmenter<ZT_MAX_PACKET_FRAGMENTS>::ERR_DUPLICATE_FRAGMENT:
@ -195,16 +195,22 @@ void VL1::onRemotePacket(CallContext& cc, const int64_t localSocket, const InetA
int pktSize = 0;
static_assert(ZT_PROTO_PACKET_VERB_INDEX < ZT_PROTO_MIN_PACKET_LENGTH, "overflow");
if (unlikely(((cipher == ZT_PROTO_CIPHER_POLY1305_NONE) || (cipher == ZT_PROTO_CIPHER_NONE)) && ((hdr[ZT_PROTO_PACKET_VERB_INDEX] & ZT_PROTO_VERB_MASK) == Protocol::VERB_HELLO))) {
if (unlikely(
((cipher == ZT_PROTO_CIPHER_POLY1305_NONE) || (cipher == ZT_PROTO_CIPHER_NONE))
&& ((hdr[ZT_PROTO_PACKET_VERB_INDEX] & ZT_PROTO_VERB_MASK) == Protocol::VERB_HELLO))) {
// Handle unencrypted HELLO packets.
pktSize = pktv.mergeCopy(*pkt);
if (unlikely(pktSize < ZT_PROTO_MIN_PACKET_LENGTH)) {
ZT_SPEW("discarding packet %.16llx from %s(%s): assembled packet size: %d", packetId, source.toString().c_str(), fromAddr.toString().c_str(), pktSize);
ZT_SPEW(
"discarding packet %.16llx from %s(%s): assembled packet size: %d", packetId,
source.toString().c_str(), fromAddr.toString().c_str(), pktSize);
return;
}
const SharedPtr<Peer> peer(m_HELLO(cc, path, *pkt, pktSize));
if (likely(peer))
peer->received(m_ctx, cc, path, hops, packetId, pktSize - ZT_PROTO_PACKET_PAYLOAD_START, Protocol::VERB_HELLO, Protocol::VERB_NOP);
peer->received(
m_ctx, cc, path, hops, packetId, pktSize - ZT_PROTO_PACKET_PAYLOAD_START, Protocol::VERB_HELLO,
Protocol::VERB_NOP);
return;
}
@ -223,7 +229,9 @@ void VL1::onRemotePacket(CallContext& cc, const int64_t localSocket, const InetA
pktSize = pktv.mergeMap<p_PolyCopyFunction &>(*pkt, ZT_PROTO_PACKET_ENCRYPTED_SECTION_START, s20cf);
if (unlikely(pktSize < ZT_PROTO_MIN_PACKET_LENGTH)) {
ZT_SPEW("discarding packet %.16llx from %s(%s): assembled packet size: %d", packetId, source.toString().c_str(), fromAddr.toString().c_str(), pktSize);
ZT_SPEW(
"discarding packet %.16llx from %s(%s): assembled packet size: %d", packetId,
source.toString().c_str(), fromAddr.toString().c_str(), pktSize);
return;
}
@ -231,8 +239,12 @@ void VL1::onRemotePacket(CallContext& cc, const int64_t localSocket, const InetA
s20cf.poly1305.finish(mac);
static_assert((ZT_PROTO_PACKET_MAC_INDEX + 8) < ZT_PROTO_MIN_PACKET_LENGTH, "overflow");
if (unlikely(Utils::loadMachineEndian<uint64_t>(hdr + ZT_PROTO_PACKET_MAC_INDEX) != mac[0])) {
ZT_SPEW("discarding packet %.16llx from %s(%s): packet MAC failed (none/poly1305)", packetId, source.toString().c_str(), fromAddr.toString().c_str());
m_ctx.t->incomingPacketDropped(cc, 0xcc89c812, packetId, 0, peer->identity(), path->address(), hops, Protocol::VERB_NOP, ZT_TRACE_PACKET_DROP_REASON_MAC_FAILED);
ZT_SPEW(
"discarding packet %.16llx from %s(%s): packet MAC failed (none/poly1305)", packetId,
source.toString().c_str(), fromAddr.toString().c_str());
m_ctx.t->incomingPacketDropped(
cc, 0xcc89c812, packetId, 0, peer->identity(), path->address(), hops, Protocol::VERB_NOP,
ZT_TRACE_PACKET_DROP_REASON_MAC_FAILED);
return;
}
@ -244,9 +256,12 @@ void VL1::onRemotePacket(CallContext& cc, const int64_t localSocket, const InetA
Protocol::salsa2012DeriveKey(peer->rawIdentityKey(), perPacketKey, *pktv[0].b, pktv.totalSize());
p_SalsaPolyCopyFunction s20cf(perPacketKey, &packetId);
pktSize = pktv.mergeMap<p_SalsaPolyCopyFunction&>(*pkt, ZT_PROTO_PACKET_ENCRYPTED_SECTION_START, s20cf);
pktSize =
pktv.mergeMap<p_SalsaPolyCopyFunction &>(*pkt, ZT_PROTO_PACKET_ENCRYPTED_SECTION_START, s20cf);
if (unlikely(pktSize < ZT_PROTO_MIN_PACKET_LENGTH)) {
ZT_SPEW("discarding packet %.16llx from %s(%s): assembled packet size: %d", packetId, source.toString().c_str(), fromAddr.toString().c_str(), pktSize);
ZT_SPEW(
"discarding packet %.16llx from %s(%s): assembled packet size: %d", packetId,
source.toString().c_str(), fromAddr.toString().c_str(), pktSize);
return;
}
@ -254,8 +269,12 @@ void VL1::onRemotePacket(CallContext& cc, const int64_t localSocket, const InetA
s20cf.poly1305.finish(mac);
static_assert((ZT_PROTO_PACKET_MAC_INDEX + 8) < ZT_PROTO_MIN_PACKET_LENGTH, "overflow");
if (unlikely(Utils::loadMachineEndian<uint64_t>(hdr + ZT_PROTO_PACKET_MAC_INDEX) != mac[0])) {
ZT_SPEW("discarding packet %.16llx from %s(%s): packet MAC failed (salsa/poly1305)", packetId, source.toString().c_str(), fromAddr.toString().c_str());
m_ctx.t->incomingPacketDropped(cc, 0xcc89c812, packetId, 0, peer->identity(), path->address(), hops, Protocol::VERB_NOP, ZT_TRACE_PACKET_DROP_REASON_MAC_FAILED);
ZT_SPEW(
"discarding packet %.16llx from %s(%s): packet MAC failed (salsa/poly1305)", packetId,
source.toString().c_str(), fromAddr.toString().c_str());
m_ctx.t->incomingPacketDropped(
cc, 0xcc89c812, packetId, 0, peer->identity(), path->address(), hops, Protocol::VERB_NOP,
ZT_TRACE_PACKET_DROP_REASON_MAC_FAILED);
return;
}
@ -271,7 +290,9 @@ void VL1::onRemotePacket(CallContext& cc, const int64_t localSocket, const InetA
} break;
default:
m_ctx.t->incomingPacketDropped(cc, 0x5b001099, packetId, 0, identityFromPeerPtr(peer), path->address(), hops, Protocol::VERB_NOP, ZT_TRACE_PACKET_DROP_REASON_INVALID_OBJECT);
m_ctx.t->incomingPacketDropped(
cc, 0x5b001099, packetId, 0, identityFromPeerPtr(peer), path->address(), hops,
Protocol::VERB_NOP, ZT_TRACE_PACKET_DROP_REASON_INVALID_OBJECT);
return;
}
}
@ -283,16 +304,15 @@ void VL1::onRemotePacket(CallContext& cc, const int64_t localSocket, const InetA
ZT_SPEW(
"discarding packet %.16llx from %s(%s): assembled packet size %d is smaller than minimum packet "
"length",
packetId,
source.toString().c_str(),
fromAddr.toString().c_str(),
pktSize);
packetId, source.toString().c_str(), fromAddr.toString().c_str(), pktSize);
return;
}
// TODO: should take instance ID into account here once that is fully implemented.
if (unlikely(peer->deduplicateIncomingPacket(packetId))) {
ZT_SPEW("discarding packet %.16llx from %s(%s): duplicate!", packetId, source.toString().c_str(), fromAddr.toString().c_str());
ZT_SPEW(
"discarding packet %.16llx from %s(%s): duplicate!", packetId, source.toString().c_str(),
fromAddr.toString().c_str());
return;
}
@ -309,20 +329,25 @@ void VL1::onRemotePacket(CallContext& cc, const int64_t localSocket, const InetA
const int uncompressedLen = LZ4_decompress_safe(
reinterpret_cast<const char *>(pkt->unsafeData + ZT_PROTO_PACKET_PAYLOAD_START),
reinterpret_cast<char *>(dec->unsafeData + ZT_PROTO_PACKET_PAYLOAD_START),
pktSize - ZT_PROTO_PACKET_PAYLOAD_START,
ZT_BUF_MEM_SIZE - ZT_PROTO_PACKET_PAYLOAD_START);
if (likely((uncompressedLen >= 0) && (uncompressedLen <= (ZT_BUF_MEM_SIZE - ZT_PROTO_PACKET_PAYLOAD_START)))) {
pktSize - ZT_PROTO_PACKET_PAYLOAD_START, ZT_BUF_MEM_SIZE - ZT_PROTO_PACKET_PAYLOAD_START);
if (likely(
(uncompressedLen >= 0)
&& (uncompressedLen <= (ZT_BUF_MEM_SIZE - ZT_PROTO_PACKET_PAYLOAD_START)))) {
pkt.swap(dec);
ZT_SPEW("decompressed packet: %d -> %d", pktSize, ZT_PROTO_PACKET_PAYLOAD_START + uncompressedLen);
pktSize = ZT_PROTO_PACKET_PAYLOAD_START + uncompressedLen;
}
else {
m_ctx.t->incomingPacketDropped(cc, 0xee9e4392, packetId, 0, identityFromPeerPtr(peer), path->address(), hops, verb, ZT_TRACE_PACKET_DROP_REASON_INVALID_COMPRESSED_DATA);
m_ctx.t->incomingPacketDropped(
cc, 0xee9e4392, packetId, 0, identityFromPeerPtr(peer), path->address(), hops, verb,
ZT_TRACE_PACKET_DROP_REASON_INVALID_COMPRESSED_DATA);
return;
}
}
ZT_SPEW("%s from %s(%s) (%d bytes)", Protocol::verbName(verb), source.toString().c_str(), fromAddr.toString().c_str(), pktSize);
ZT_SPEW(
"%s from %s(%s) (%d bytes)", Protocol::verbName(verb), source.toString().c_str(),
fromAddr.toString().c_str(), pktSize);
// NOTE: HELLO is normally sent in the clear (in terms of our usual AEAD modes) and is handled
// above. We will try to process it here, but if so it'll still get re-authenticated via HELLO's
@ -332,32 +357,19 @@ void VL1::onRemotePacket(CallContext& cc, const int64_t localSocket, const InetA
Protocol::Verb inReVerb = Protocol::VERB_NOP;
bool ok = true;
switch (verb) {
case Protocol::VERB_NOP:
break;
case Protocol::VERB_HELLO:
ok = (bool)(m_HELLO(cc, path, *pkt, pktSize));
break;
case Protocol::VERB_ERROR:
ok = m_ERROR(cc, packetId, auth, path, peer, *pkt, pktSize, inReVerb);
break;
case Protocol::VERB_OK:
ok = m_OK(cc, packetId, auth, path, peer, *pkt, pktSize, inReVerb);
break;
case Protocol::VERB_WHOIS:
ok = m_WHOIS(cc, packetId, auth, path, peer, *pkt, pktSize);
break;
case Protocol::VERB_RENDEZVOUS:
ok = m_RENDEZVOUS(cc, packetId, auth, path, peer, *pkt, pktSize);
break;
case Protocol::VERB_NOP: break;
case Protocol::VERB_HELLO: ok = (bool)(m_HELLO(cc, path, *pkt, pktSize)); break;
case Protocol::VERB_ERROR: ok = m_ERROR(cc, packetId, auth, path, peer, *pkt, pktSize, inReVerb); break;
case Protocol::VERB_OK: ok = m_OK(cc, packetId, auth, path, peer, *pkt, pktSize, inReVerb); break;
case Protocol::VERB_WHOIS: ok = m_WHOIS(cc, packetId, auth, path, peer, *pkt, pktSize); break;
case Protocol::VERB_RENDEZVOUS: ok = m_RENDEZVOUS(cc, packetId, auth, path, peer, *pkt, pktSize); break;
case Protocol::VERB_FRAME:
ok = m_ctx.vl2->m_FRAME(cc, packetId, auth, path, peer, *pkt, pktSize);
break;
case Protocol::VERB_EXT_FRAME:
ok = m_ctx.vl2->m_EXT_FRAME(cc, packetId, auth, path, peer, *pkt, pktSize);
break;
case Protocol::VERB_ECHO:
ok = m_ECHO(cc, packetId, auth, path, peer, *pkt, pktSize);
break;
case Protocol::VERB_ECHO: ok = m_ECHO(cc, packetId, auth, path, peer, *pkt, pktSize); break;
case Protocol::VERB_MULTICAST_LIKE:
ok = m_ctx.vl2->m_MULTICAST_LIKE(cc, packetId, auth, path, peer, *pkt, pktSize);
break;
@ -385,16 +397,17 @@ void VL1::onRemotePacket(CallContext& cc, const int64_t localSocket, const InetA
case Protocol::VERB_MULTICAST:
ok = m_ctx.vl2->m_MULTICAST(cc, packetId, auth, path, peer, *pkt, pktSize);
break;
case Protocol::VERB_ENCAP:
ok = m_ENCAP(cc, packetId, auth, path, peer, *pkt, pktSize);
break;
case Protocol::VERB_ENCAP: ok = m_ENCAP(cc, packetId, auth, path, peer, *pkt, pktSize); break;
default:
m_ctx.t->incomingPacketDropped(cc, 0xeeeeeff0, packetId, 0, identityFromPeerPtr(peer), path->address(), hops, verb, ZT_TRACE_PACKET_DROP_REASON_UNRECOGNIZED_VERB);
m_ctx.t->incomingPacketDropped(
cc, 0xeeeeeff0, packetId, 0, identityFromPeerPtr(peer), path->address(), hops, verb,
ZT_TRACE_PACKET_DROP_REASON_UNRECOGNIZED_VERB);
break;
}
if (likely(ok))
peer->received(m_ctx, cc, path, hops, packetId, pktSize - ZT_PROTO_PACKET_PAYLOAD_START, verb, inReVerb);
peer->received(
m_ctx, cc, path, hops, packetId, pktSize - ZT_PROTO_PACKET_PAYLOAD_START, verb, inReVerb);
}
else {
// If decryption and authentication were not successful, try to look up identities.
@ -418,7 +431,9 @@ void VL1::onRemotePacket(CallContext& cc, const int64_t localSocket, const InetA
}
}
catch (...) {
m_ctx.t->unexpectedError(cc, 0xea1b6dea, "unexpected exception in onRemotePacket() parsing packet from %s", path->address().toString().c_str());
m_ctx.t->unexpectedError(
cc, 0xea1b6dea, "unexpected exception in onRemotePacket() parsing packet from %s",
path->address().toString().c_str());
}
}
@ -453,7 +468,8 @@ void VL1::m_sendPendingWhois(CallContext& cc)
Vector<Address>::iterator a(toSend.begin());
while (a != toSend.end()) {
const uint64_t packetId = key.nextMessage(m_ctx.identity.address(), root->address());
int p = Protocol::newPacket(outp, packetId, root->address(), m_ctx.identity.address(), Protocol::VERB_WHOIS);
int p =
Protocol::newPacket(outp, packetId, root->address(), m_ctx.identity.address(), Protocol::VERB_WHOIS);
while ((a != toSend.end()) && (p < (sizeof(outp) - ZT_ADDRESS_LENGTH))) {
a->copyTo(outp + p);
++a;
@ -473,7 +489,9 @@ SharedPtr<Peer> VL1::m_HELLO(CallContext& cc, const SharedPtr<Path>& path, Buf&
const uint8_t protoVersion = pkt.lI8<ZT_PROTO_PACKET_PAYLOAD_START>();
if (unlikely(protoVersion < ZT_PROTO_VERSION_MIN)) {
m_ctx.t->incomingPacketDropped(cc, 0x907a9891, packetId, 0, Identity::NIL, path->address(), hops, Protocol::VERB_HELLO, ZT_TRACE_PACKET_DROP_REASON_PEER_TOO_OLD);
m_ctx.t->incomingPacketDropped(
cc, 0x907a9891, packetId, 0, Identity::NIL, path->address(), hops, Protocol::VERB_HELLO,
ZT_TRACE_PACKET_DROP_REASON_PEER_TOO_OLD);
return SharedPtr<Peer>();
}
const unsigned int versionMajor = pkt.lI8<ZT_PROTO_PACKET_PAYLOAD_START + 1>();
@ -486,11 +504,15 @@ SharedPtr<Peer> VL1::m_HELLO(CallContext& cc, const SharedPtr<Path>& path, Buf&
// Get identity and verify that it matches the sending address in the packet.
Identity id;
if (unlikely(pkt.rO(ii, id) < 0)) {
m_ctx.t->incomingPacketDropped(cc, 0x707a9810, packetId, 0, Identity::NIL, path->address(), hops, Protocol::VERB_HELLO, ZT_TRACE_PACKET_DROP_REASON_INVALID_OBJECT);
m_ctx.t->incomingPacketDropped(
cc, 0x707a9810, packetId, 0, Identity::NIL, path->address(), hops, Protocol::VERB_HELLO,
ZT_TRACE_PACKET_DROP_REASON_INVALID_OBJECT);
return SharedPtr<Peer>();
}
if (unlikely(id.address() != Address(pkt.unsafeData + ZT_PROTO_PACKET_SOURCE_INDEX))) {
m_ctx.t->incomingPacketDropped(cc, 0x707a9010, packetId, 0, Identity::NIL, path->address(), hops, Protocol::VERB_HELLO, ZT_TRACE_PACKET_DROP_REASON_MAC_FAILED);
m_ctx.t->incomingPacketDropped(
cc, 0x707a9010, packetId, 0, Identity::NIL, path->address(), hops, Protocol::VERB_HELLO,
ZT_TRACE_PACKET_DROP_REASON_MAC_FAILED);
return SharedPtr<Peer>();
}
@ -498,22 +520,30 @@ SharedPtr<Peer> VL1::m_HELLO(CallContext& cc, const SharedPtr<Path>& path, Buf&
SharedPtr<Peer> peer(m_ctx.topology->peer(cc, id.address(), true));
if (peer) {
if (unlikely(peer->identity() != id)) {
m_ctx.t->incomingPacketDropped(cc, 0x707a9891, packetId, 0, identityFromPeerPtr(peer), path->address(), hops, Protocol::VERB_HELLO, ZT_TRACE_PACKET_DROP_REASON_MAC_FAILED);
m_ctx.t->incomingPacketDropped(
cc, 0x707a9891, packetId, 0, identityFromPeerPtr(peer), path->address(), hops, Protocol::VERB_HELLO,
ZT_TRACE_PACKET_DROP_REASON_MAC_FAILED);
return SharedPtr<Peer>();
}
if (unlikely(peer->deduplicateIncomingPacket(packetId))) {
ZT_SPEW("discarding packet %.16llx from %s(%s): duplicate!", packetId, id.address().toString().c_str(), path->address().toString().c_str());
ZT_SPEW(
"discarding packet %.16llx from %s(%s): duplicate!", packetId, id.address().toString().c_str(),
path->address().toString().c_str());
return SharedPtr<Peer>();
}
}
else {
if (unlikely(!id.locallyValidate())) {
m_ctx.t->incomingPacketDropped(cc, 0x707a9892, packetId, 0, identityFromPeerPtr(peer), path->address(), hops, Protocol::VERB_HELLO, ZT_TRACE_PACKET_DROP_REASON_INVALID_OBJECT);
m_ctx.t->incomingPacketDropped(
cc, 0x707a9892, packetId, 0, identityFromPeerPtr(peer), path->address(), hops, Protocol::VERB_HELLO,
ZT_TRACE_PACKET_DROP_REASON_INVALID_OBJECT);
return SharedPtr<Peer>();
}
peer.set(new Peer());
if (unlikely(!peer->init(m_ctx, cc, id))) {
m_ctx.t->incomingPacketDropped(cc, 0x707a9893, packetId, 0, identityFromPeerPtr(peer), path->address(), hops, Protocol::VERB_HELLO, ZT_TRACE_PACKET_DROP_REASON_UNSPECIFIED);
m_ctx.t->incomingPacketDropped(
cc, 0x707a9893, packetId, 0, identityFromPeerPtr(peer), path->address(), hops, Protocol::VERB_HELLO,
ZT_TRACE_PACKET_DROP_REASON_UNSPECIFIED);
return SharedPtr<Peer>();
}
peer = m_ctx.topology->add(cc, peer);
@ -529,7 +559,9 @@ SharedPtr<Peer> VL1::m_HELLO(CallContext& cc, const SharedPtr<Path>& path, Buf&
// field is ignored, and eventually it'll be undefined.
uint8_t hmac[ZT_HMACSHA384_LEN];
if (unlikely(packetSize < ZT_HMACSHA384_LEN)) {
m_ctx.t->incomingPacketDropped(cc, 0xab9c9891, packetId, 0, identityFromPeerPtr(peer), path->address(), hops, Protocol::VERB_HELLO, ZT_TRACE_PACKET_DROP_REASON_MAC_FAILED);
m_ctx.t->incomingPacketDropped(
cc, 0xab9c9891, packetId, 0, identityFromPeerPtr(peer), path->address(), hops, Protocol::VERB_HELLO,
ZT_TRACE_PACKET_DROP_REASON_MAC_FAILED);
return SharedPtr<Peer>();
}
packetSize -= ZT_HMACSHA384_LEN;
@ -537,7 +569,9 @@ SharedPtr<Peer> VL1::m_HELLO(CallContext& cc, const SharedPtr<Path>& path, Buf&
Utils::storeMachineEndian<uint64_t>(pkt.unsafeData + ZT_PROTO_PACKET_MAC_INDEX, 0); // set MAC field to 0
HMACSHA384(peer->identityHelloHmacKey(), pkt.unsafeData, packetSize, hmac);
if (unlikely(!Utils::secureEq(hmac, pkt.unsafeData + packetSize, ZT_HMACSHA384_LEN))) {
m_ctx.t->incomingPacketDropped(cc, 0x707a9891, packetId, 0, identityFromPeerPtr(peer), path->address(), hops, Protocol::VERB_HELLO, ZT_TRACE_PACKET_DROP_REASON_MAC_FAILED);
m_ctx.t->incomingPacketDropped(
cc, 0x707a9891, packetId, 0, identityFromPeerPtr(peer), path->address(), hops, Protocol::VERB_HELLO,
ZT_TRACE_PACKET_DROP_REASON_MAC_FAILED);
return SharedPtr<Peer>();
}
}
@ -549,16 +583,22 @@ SharedPtr<Peer> VL1::m_HELLO(CallContext& cc, const SharedPtr<Path>& path, Buf&
uint8_t macKey[ZT_POLY1305_KEY_SIZE];
Salsa20(perPacketKey, &packetId).crypt12(Utils::ZERO256, macKey, ZT_POLY1305_KEY_SIZE);
Poly1305 poly1305(macKey);
poly1305.update(pkt.unsafeData + ZT_PROTO_PACKET_ENCRYPTED_SECTION_START, packetSize - ZT_PROTO_PACKET_ENCRYPTED_SECTION_START);
poly1305.update(
pkt.unsafeData + ZT_PROTO_PACKET_ENCRYPTED_SECTION_START,
packetSize - ZT_PROTO_PACKET_ENCRYPTED_SECTION_START);
uint64_t polyMac[2];
poly1305.finish(polyMac);
if (unlikely(mac != polyMac[0])) {
m_ctx.t->incomingPacketDropped(cc, 0x11bfff82, packetId, 0, id, path->address(), hops, Protocol::VERB_NOP, ZT_TRACE_PACKET_DROP_REASON_MAC_FAILED);
m_ctx.t->incomingPacketDropped(
cc, 0x11bfff82, packetId, 0, id, path->address(), hops, Protocol::VERB_NOP,
ZT_TRACE_PACKET_DROP_REASON_MAC_FAILED);
return SharedPtr<Peer>();
}
}
else {
m_ctx.t->incomingPacketDropped(cc, 0x11bfff81, packetId, 0, id, path->address(), hops, Protocol::VERB_NOP, ZT_TRACE_PACKET_DROP_REASON_MAC_FAILED);
m_ctx.t->incomingPacketDropped(
cc, 0x11bfff81, packetId, 0, id, path->address(), hops, Protocol::VERB_NOP,
ZT_TRACE_PACKET_DROP_REASON_MAC_FAILED);
return SharedPtr<Peer>();
}
}
@ -569,7 +609,9 @@ SharedPtr<Peer> VL1::m_HELLO(CallContext& cc, const SharedPtr<Path>& path, Buf&
InetAddress sentTo;
if (unlikely(pkt.rO(ii, sentTo) < 0)) {
m_ctx.t->incomingPacketDropped(cc, 0x707a9811, packetId, 0, identityFromPeerPtr(peer), path->address(), hops, Protocol::VERB_HELLO, ZT_TRACE_PACKET_DROP_REASON_INVALID_OBJECT);
m_ctx.t->incomingPacketDropped(
cc, 0x707a9811, packetId, 0, identityFromPeerPtr(peer), path->address(), hops, Protocol::VERB_HELLO,
ZT_TRACE_PACKET_DROP_REASON_INVALID_OBJECT);
return SharedPtr<Peer>();
}
@ -589,12 +631,16 @@ SharedPtr<Peer> VL1::m_HELLO(CallContext& cc, const SharedPtr<Path>& path, Buf&
ii += 2; // skip reserved field
const unsigned int dictSize = pkt.rI16(ii);
if (unlikely((ii + dictSize) > packetSize)) {
m_ctx.t->incomingPacketDropped(cc, 0x707a9815, packetId, 0, identityFromPeerPtr(peer), path->address(), hops, Protocol::VERB_HELLO, ZT_TRACE_PACKET_DROP_REASON_INVALID_OBJECT);
m_ctx.t->incomingPacketDropped(
cc, 0x707a9815, packetId, 0, identityFromPeerPtr(peer), path->address(), hops, Protocol::VERB_HELLO,
ZT_TRACE_PACKET_DROP_REASON_INVALID_OBJECT);
return peer;
}
Dictionary md;
if (!md.decode(pkt.unsafeData + ii, dictSize)) {
m_ctx.t->incomingPacketDropped(cc, 0x707a9816, packetId, 0, identityFromPeerPtr(peer), path->address(), hops, Protocol::VERB_HELLO, ZT_TRACE_PACKET_DROP_REASON_INVALID_OBJECT);
m_ctx.t->incomingPacketDropped(
cc, 0x707a9816, packetId, 0, identityFromPeerPtr(peer), path->address(), hops, Protocol::VERB_HELLO,
ZT_TRACE_PACKET_DROP_REASON_INVALID_OBJECT);
return peer;
}
@ -604,7 +650,9 @@ SharedPtr<Peer> VL1::m_HELLO(CallContext& cc, const SharedPtr<Path>& path, Buf&
}
}
Protocol::newPacket(pkt, key.nextMessage(m_ctx.identity.address(), peer->address()), peer->address(), m_ctx.identity.address(), Protocol::VERB_OK);
Protocol::newPacket(
pkt, key.nextMessage(m_ctx.identity.address(), peer->address()), peer->address(), m_ctx.identity.address(),
Protocol::VERB_OK);
ii = ZT_PROTO_PACKET_PAYLOAD_START;
pkt.wI8(ii, Protocol::VERB_HELLO);
pkt.wI64(ii, packetId);
@ -633,7 +681,9 @@ SharedPtr<Peer> VL1::m_HELLO(CallContext& cc, const SharedPtr<Path>& path, Buf&
return peer;
}
bool VL1::m_ERROR(CallContext& cc, const uint64_t packetId, const unsigned int auth, const SharedPtr<Path>& path, const SharedPtr<Peer>& peer, Buf& pkt, int packetSize, Protocol::Verb& inReVerb)
bool VL1::m_ERROR(
CallContext &cc, const uint64_t packetId, const unsigned int auth, const SharedPtr<Path> &path,
const SharedPtr<Peer> &peer, Buf &pkt, int packetSize, Protocol::Verb &inReVerb)
{
#if 0
if (packetSize < (int)sizeof(Protocol::ERROR::Header)) {
@ -680,42 +730,48 @@ bool VL1::m_ERROR(CallContext& cc, const uint64_t packetId, const unsigned int a
#endif
}
bool VL1::m_OK(CallContext& cc, const uint64_t packetId, const unsigned int auth, const SharedPtr<Path>& path, const SharedPtr<Peer>& peer, Buf& pkt, int packetSize, Protocol::Verb& inReVerb)
bool VL1::m_OK(
CallContext &cc, const uint64_t packetId, const unsigned int auth, const SharedPtr<Path> &path,
const SharedPtr<Peer> &peer, Buf &pkt, int packetSize, Protocol::Verb &inReVerb)
{
int ii = ZT_PROTO_PACKET_PAYLOAD_START + 13;
inReVerb = (Protocol::Verb)pkt.rI8(ii);
const uint64_t inRePacketId = pkt.rI64(ii);
if (unlikely(Buf::readOverflow(ii, packetSize))) {
m_ctx.t->incomingPacketDropped(cc, 0x4c1f1ff7, packetId, 0, identityFromPeerPtr(peer), path->address(), 0, Protocol::VERB_OK, ZT_TRACE_PACKET_DROP_REASON_MALFORMED_PACKET);
m_ctx.t->incomingPacketDropped(
cc, 0x4c1f1ff7, packetId, 0, identityFromPeerPtr(peer), path->address(), 0, Protocol::VERB_OK,
ZT_TRACE_PACKET_DROP_REASON_MALFORMED_PACKET);
return false;
}
if (unlikely(!m_ctx.expect->expecting(inRePacketId, cc.ticks))) {
m_ctx.t->incomingPacketDropped(cc, 0x4c1f1ff8, packetId, 0, identityFromPeerPtr(peer), path->address(), 0, Protocol::VERB_OK, ZT_TRACE_PACKET_DROP_REASON_REPLY_NOT_EXPECTED);
m_ctx.t->incomingPacketDropped(
cc, 0x4c1f1ff8, packetId, 0, identityFromPeerPtr(peer), path->address(), 0, Protocol::VERB_OK,
ZT_TRACE_PACKET_DROP_REASON_REPLY_NOT_EXPECTED);
return false;
}
ZT_SPEW("got OK in-re %s (packet ID %.16llx) from %s(%s)", Protocol::verbName(inReVerb), inRePacketId, peer->address().toString().c_str(), path->address().toString().c_str());
ZT_SPEW(
"got OK in-re %s (packet ID %.16llx) from %s(%s)", Protocol::verbName(inReVerb), inRePacketId,
peer->address().toString().c_str(), path->address().toString().c_str());
switch (inReVerb) {
case Protocol::VERB_HELLO:
break;
case Protocol::VERB_HELLO: break;
case Protocol::VERB_WHOIS:
break;
case Protocol::VERB_WHOIS: break;
case Protocol::VERB_NETWORK_CONFIG_REQUEST:
break;
case Protocol::VERB_NETWORK_CONFIG_REQUEST: break;
case Protocol::VERB_MULTICAST_GATHER:
break;
case Protocol::VERB_MULTICAST_GATHER: break;
}
return true;
}
bool VL1::m_WHOIS(CallContext& cc, const uint64_t packetId, const unsigned int auth, const SharedPtr<Path>& path, const SharedPtr<Peer>& peer, Buf& pkt, int packetSize)
bool VL1::m_WHOIS(
CallContext &cc, const uint64_t packetId, const unsigned int auth, const SharedPtr<Path> &path,
const SharedPtr<Peer> &peer, Buf &pkt, int packetSize)
{
#if 0
if (packetSize < (int)sizeof(Protocol::OK::Header)) {
@ -769,7 +825,9 @@ bool VL1::m_WHOIS(CallContext& cc, const uint64_t packetId, const unsigned int a
#endif
}
bool VL1::m_RENDEZVOUS(CallContext& cc, const uint64_t packetId, const unsigned int auth, const SharedPtr<Path>& path, const SharedPtr<Peer>& peer, Buf& pkt, int packetSize)
bool VL1::m_RENDEZVOUS(
CallContext &cc, const uint64_t packetId, const unsigned int auth, const SharedPtr<Path> &path,
const SharedPtr<Peer> &peer, Buf &pkt, int packetSize)
{
#if 0
if (RR->topology->isRoot(peer->identity())) {
@ -817,7 +875,9 @@ bool VL1::m_RENDEZVOUS(CallContext& cc, const uint64_t packetId, const unsigned
#endif
}
bool VL1::m_ECHO(CallContext& cc, const uint64_t packetId, const unsigned int auth, const SharedPtr<Path>& path, const SharedPtr<Peer>& peer, Buf& pkt, int packetSize)
bool VL1::m_ECHO(
CallContext &cc, const uint64_t packetId, const unsigned int auth, const SharedPtr<Path> &path,
const SharedPtr<Peer> &peer, Buf &pkt, int packetSize)
{
#if 0
const uint64_t packetId = Protocol::packetId(pkt,packetSize);
@ -855,7 +915,9 @@ bool VL1::m_ECHO(CallContext& cc, const uint64_t packetId, const unsigned int au
#endif
}
bool VL1::m_PUSH_DIRECT_PATHS(CallContext& cc, const uint64_t packetId, const unsigned int auth, const SharedPtr<Path>& path, const SharedPtr<Peer>& peer, Buf& pkt, int packetSize)
bool VL1::m_PUSH_DIRECT_PATHS(
CallContext &cc, const uint64_t packetId, const unsigned int auth, const SharedPtr<Path> &path,
const SharedPtr<Peer> &peer, Buf &pkt, int packetSize)
{
#if 0
if (packetSize < (int)sizeof(Protocol::PUSH_DIRECT_PATHS)) {
@ -946,13 +1008,17 @@ bool VL1::m_PUSH_DIRECT_PATHS(CallContext& cc, const uint64_t packetId, const un
#endif
}
bool VL1::m_USER_MESSAGE(CallContext& cc, const uint64_t packetId, const unsigned int auth, const SharedPtr<Path>& path, const SharedPtr<Peer>& peer, Buf& pkt, int packetSize)
bool VL1::m_USER_MESSAGE(
CallContext &cc, const uint64_t packetId, const unsigned int auth, const SharedPtr<Path> &path,
const SharedPtr<Peer> &peer, Buf &pkt, int packetSize)
{
// TODO
return true;
}
bool VL1::m_ENCAP(CallContext& cc, const uint64_t packetId, const unsigned int auth, const SharedPtr<Path>& path, const SharedPtr<Peer>& peer, Buf& pkt, int packetSize)
bool VL1::m_ENCAP(
CallContext &cc, const uint64_t packetId, const unsigned int auth, const SharedPtr<Path> &path,
const SharedPtr<Peer> &peer, Buf &pkt, int packetSize)
{
// TODO: not implemented yet
return true;

40
core/VL1.hpp
View file

@ -61,20 +61,38 @@ class VL1 {
* @param data Packet data
* @param len Packet length
*/
void onRemotePacket(CallContext& cc, int64_t localSocket, const InetAddress& fromAddr, SharedPtr<Buf>& data, unsigned int len) noexcept;
void onRemotePacket(
CallContext &cc, int64_t localSocket, const InetAddress &fromAddr, SharedPtr<Buf> &data,
unsigned int len) noexcept;
private:
void m_relay(CallContext &cc, const SharedPtr<Path> &path, Address destination, SharedPtr<Buf> &pkt, int pktSize);
void m_sendPendingWhois(CallContext &cc);
SharedPtr<Peer> m_HELLO(CallContext &cc, const SharedPtr<Path> &path, Buf &pkt, int packetSize);
bool m_ERROR(CallContext& cc, uint64_t packetId, unsigned int auth, const SharedPtr<Path>& path, const SharedPtr<Peer>& peer, Buf& pkt, int packetSize, Protocol::Verb& inReVerb);
bool m_OK(CallContext& cc, uint64_t packetId, unsigned int auth, const SharedPtr<Path>& path, const SharedPtr<Peer>& peer, Buf& pkt, int packetSize, Protocol::Verb& inReVerb);
bool m_WHOIS(CallContext& cc, uint64_t packetId, unsigned int auth, const SharedPtr<Path>& path, const SharedPtr<Peer>& peer, Buf& pkt, int packetSize);
bool m_RENDEZVOUS(CallContext& cc, uint64_t packetId, unsigned int auth, const SharedPtr<Path>& path, const SharedPtr<Peer>& peer, Buf& pkt, int packetSize);
bool m_ECHO(CallContext& cc, uint64_t packetId, unsigned int auth, const SharedPtr<Path>& path, const SharedPtr<Peer>& peer, Buf& pkt, int packetSize);
bool m_PUSH_DIRECT_PATHS(CallContext& cc, uint64_t packetId, unsigned int auth, const SharedPtr<Path>& path, const SharedPtr<Peer>& peer, Buf& pkt, int packetSize);
bool m_USER_MESSAGE(CallContext& cc, uint64_t packetId, unsigned int auth, const SharedPtr<Path>& path, const SharedPtr<Peer>& peer, Buf& pkt, int packetSize);
bool m_ENCAP(CallContext& cc, uint64_t packetId, unsigned int auth, const SharedPtr<Path>& path, const SharedPtr<Peer>& peer, Buf& pkt, int packetSize);
bool m_ERROR(
CallContext &cc, uint64_t packetId, unsigned int auth, const SharedPtr<Path> &path, const SharedPtr<Peer> &peer,
Buf &pkt, int packetSize, Protocol::Verb &inReVerb);
bool m_OK(
CallContext &cc, uint64_t packetId, unsigned int auth, const SharedPtr<Path> &path, const SharedPtr<Peer> &peer,
Buf &pkt, int packetSize, Protocol::Verb &inReVerb);
bool m_WHOIS(
CallContext &cc, uint64_t packetId, unsigned int auth, const SharedPtr<Path> &path, const SharedPtr<Peer> &peer,
Buf &pkt, int packetSize);
bool m_RENDEZVOUS(
CallContext &cc, uint64_t packetId, unsigned int auth, const SharedPtr<Path> &path, const SharedPtr<Peer> &peer,
Buf &pkt, int packetSize);
bool m_ECHO(
CallContext &cc, uint64_t packetId, unsigned int auth, const SharedPtr<Path> &path, const SharedPtr<Peer> &peer,
Buf &pkt, int packetSize);
bool m_PUSH_DIRECT_PATHS(
CallContext &cc, uint64_t packetId, unsigned int auth, const SharedPtr<Path> &path, const SharedPtr<Peer> &peer,
Buf &pkt, int packetSize);
bool m_USER_MESSAGE(
CallContext &cc, uint64_t packetId, unsigned int auth, const SharedPtr<Path> &path, const SharedPtr<Peer> &peer,
Buf &pkt, int packetSize);
bool m_ENCAP(
CallContext &cc, uint64_t packetId, unsigned int auth, const SharedPtr<Path> &path, const SharedPtr<Peer> &peer,
Buf &pkt, int packetSize);
const Context &m_ctx;
@ -83,9 +101,7 @@ class VL1 {
// Queue of outbound WHOIS reqeusts and packets waiting on them.
struct p_WhoisQueueItem {
ZT_INLINE p_WhoisQueueItem() : lastRetry(0), retries(0), waitingPacketCount(0)
{
}
ZT_INLINE p_WhoisQueueItem() : lastRetry(0), retries(0), waitingPacketCount(0) {}
int64_t lastRetry;
unsigned int retries;

46
core/VL2.cpp
View file

@ -23,47 +23,65 @@
namespace ZeroTier {
VL2::VL2(const Context& ctx) : m_ctx(ctx)
VL2::VL2(const Context &ctx) : m_ctx(ctx) {}
void VL2::onLocalEthernet(
CallContext &cc, const SharedPtr<Network> &network, const MAC &from, const MAC &to, const unsigned int etherType,
unsigned int vlanId, SharedPtr<Buf> &data, unsigned int len)
{
}
void VL2::onLocalEthernet(CallContext& cc, const SharedPtr<Network>& network, const MAC& from, const MAC& to, const unsigned int etherType, unsigned int vlanId, SharedPtr<Buf>& data, unsigned int len)
bool VL2::m_FRAME(
CallContext &cc, const uint64_t packetId, const unsigned int auth, const SharedPtr<Path> &path,
SharedPtr<Peer> &peer, Buf &pkt, int packetSize)
{
}
bool VL2::m_FRAME(CallContext& cc, const uint64_t packetId, const unsigned int auth, const SharedPtr<Path>& path, SharedPtr<Peer>& peer, Buf& pkt, int packetSize)
bool VL2::m_EXT_FRAME(
CallContext &cc, const uint64_t packetId, const unsigned int auth, const SharedPtr<Path> &path,
SharedPtr<Peer> &peer, Buf &pkt, int packetSize)
{
}
bool VL2::m_EXT_FRAME(CallContext& cc, const uint64_t packetId, const unsigned int auth, const SharedPtr<Path>& path, SharedPtr<Peer>& peer, Buf& pkt, int packetSize)
bool VL2::m_MULTICAST_LIKE(
CallContext &cc, const uint64_t packetId, const unsigned int auth, const SharedPtr<Path> &path,
SharedPtr<Peer> &peer, Buf &pkt, int packetSize)
{
}
bool VL2::m_MULTICAST_LIKE(CallContext& cc, const uint64_t packetId, const unsigned int auth, const SharedPtr<Path>& path, SharedPtr<Peer>& peer, Buf& pkt, int packetSize)
bool VL2::m_NETWORK_CREDENTIALS(
CallContext &cc, const uint64_t packetId, const unsigned int auth, const SharedPtr<Path> &path,
SharedPtr<Peer> &peer, Buf &pkt, int packetSize)
{
}
bool VL2::m_NETWORK_CREDENTIALS(CallContext& cc, const uint64_t packetId, const unsigned int auth, const SharedPtr<Path>& path, SharedPtr<Peer>& peer, Buf& pkt, int packetSize)
bool VL2::m_NETWORK_CONFIG_REQUEST(
CallContext &cc, const uint64_t packetId, const unsigned int auth, const SharedPtr<Path> &path,
SharedPtr<Peer> &peer, Buf &pkt, int packetSize)
{
}
bool VL2::m_NETWORK_CONFIG_REQUEST(CallContext& cc, const uint64_t packetId, const unsigned int auth, const SharedPtr<Path>& path, SharedPtr<Peer>& peer, Buf& pkt, int packetSize)
bool VL2::m_NETWORK_CONFIG(
CallContext &cc, const uint64_t packetId, const unsigned int auth, const SharedPtr<Path> &path,
SharedPtr<Peer> &peer, Buf &pkt, int packetSize)
{
}
bool VL2::m_NETWORK_CONFIG(CallContext& cc, const uint64_t packetId, const unsigned int auth, const SharedPtr<Path>& path, SharedPtr<Peer>& peer, Buf& pkt, int packetSize)
bool VL2::m_MULTICAST_GATHER(
CallContext &cc, const uint64_t packetId, const unsigned int auth, const SharedPtr<Path> &path,
SharedPtr<Peer> &peer, Buf &pkt, int packetSize)
{
}
bool VL2::m_MULTICAST_GATHER(CallContext& cc, const uint64_t packetId, const unsigned int auth, const SharedPtr<Path>& path, SharedPtr<Peer>& peer, Buf& pkt, int packetSize)
bool VL2::m_MULTICAST_FRAME_deprecated(
CallContext &cc, const uint64_t packetId, const unsigned int auth, const SharedPtr<Path> &path,
SharedPtr<Peer> &peer, Buf &pkt, int packetSize)
{
}
bool VL2::m_MULTICAST_FRAME_deprecated(CallContext& cc, const uint64_t packetId, const unsigned int auth, const SharedPtr<Path>& path, SharedPtr<Peer>& peer, Buf& pkt, int packetSize)
{
}
bool VL2::m_MULTICAST(CallContext& cc, const uint64_t packetId, const unsigned int auth, const SharedPtr<Path>& path, SharedPtr<Peer>& peer, Buf& pkt, int packetSize)
bool VL2::m_MULTICAST(
CallContext &cc, const uint64_t packetId, const unsigned int auth, const SharedPtr<Path> &path,
SharedPtr<Peer> &peer, Buf &pkt, int packetSize)
{
}

40
core/VL2.hpp
View file

@ -49,18 +49,38 @@ class VL2 {
* @param data Ethernet payload
* @param len Frame length
*/
void onLocalEthernet(CallContext& cc, const SharedPtr<Network>& network, const MAC& from, const MAC& to, unsigned int etherType, unsigned int vlanId, SharedPtr<Buf>& data, unsigned int len);
void onLocalEthernet(
CallContext &cc, const SharedPtr<Network> &network, const MAC &from, const MAC &to, unsigned int etherType,
unsigned int vlanId, SharedPtr<Buf> &data, unsigned int len);
protected:
bool m_FRAME(CallContext& cc, uint64_t packetId, unsigned int auth, const SharedPtr<Path>& path, SharedPtr<Peer>& peer, Buf& pkt, int packetSize);
bool m_EXT_FRAME(CallContext& cc, uint64_t packetId, unsigned int auth, const SharedPtr<Path>& path, SharedPtr<Peer>& peer, Buf& pkt, int packetSize);
bool m_MULTICAST_LIKE(CallContext& cc, uint64_t packetId, unsigned int auth, const SharedPtr<Path>& path, SharedPtr<Peer>& peer, Buf& pkt, int packetSize);
bool m_NETWORK_CREDENTIALS(CallContext& cc, uint64_t packetId, unsigned int auth, const SharedPtr<Path>& path, SharedPtr<Peer>& peer, Buf& pkt, int packetSize);
bool m_NETWORK_CONFIG_REQUEST(CallContext& cc, uint64_t packetId, unsigned int auth, const SharedPtr<Path>& path, SharedPtr<Peer>& peer, Buf& pkt, int packetSize);
bool m_NETWORK_CONFIG(CallContext& cc, uint64_t packetId, unsigned int auth, const SharedPtr<Path>& path, SharedPtr<Peer>& peer, Buf& pkt, int packetSize);
bool m_MULTICAST_GATHER(CallContext& cc, uint64_t packetId, unsigned int auth, const SharedPtr<Path>& path, SharedPtr<Peer>& peer, Buf& pkt, int packetSize);
bool m_MULTICAST_FRAME_deprecated(CallContext& cc, uint64_t packetId, unsigned int auth, const SharedPtr<Path>& path, SharedPtr<Peer>& peer, Buf& pkt, int packetSize);
bool m_MULTICAST(CallContext& cc, uint64_t packetId, unsigned int auth, const SharedPtr<Path>& path, SharedPtr<Peer>& peer, Buf& pkt, int packetSize);
bool m_FRAME(
CallContext &cc, uint64_t packetId, unsigned int auth, const SharedPtr<Path> &path, SharedPtr<Peer> &peer,
Buf &pkt, int packetSize);
bool m_EXT_FRAME(
CallContext &cc, uint64_t packetId, unsigned int auth, const SharedPtr<Path> &path, SharedPtr<Peer> &peer,
Buf &pkt, int packetSize);
bool m_MULTICAST_LIKE(
CallContext &cc, uint64_t packetId, unsigned int auth, const SharedPtr<Path> &path, SharedPtr<Peer> &peer,
Buf &pkt, int packetSize);
bool m_NETWORK_CREDENTIALS(
CallContext &cc, uint64_t packetId, unsigned int auth, const SharedPtr<Path> &path, SharedPtr<Peer> &peer,
Buf &pkt, int packetSize);
bool m_NETWORK_CONFIG_REQUEST(
CallContext &cc, uint64_t packetId, unsigned int auth, const SharedPtr<Path> &path, SharedPtr<Peer> &peer,
Buf &pkt, int packetSize);
bool m_NETWORK_CONFIG(
CallContext &cc, uint64_t packetId, unsigned int auth, const SharedPtr<Path> &path, SharedPtr<Peer> &peer,
Buf &pkt, int packetSize);
bool m_MULTICAST_GATHER(
CallContext &cc, uint64_t packetId, unsigned int auth, const SharedPtr<Path> &path, SharedPtr<Peer> &peer,
Buf &pkt, int packetSize);
bool m_MULTICAST_FRAME_deprecated(
CallContext &cc, uint64_t packetId, unsigned int auth, const SharedPtr<Path> &path, SharedPtr<Peer> &peer,
Buf &pkt, int packetSize);
bool m_MULTICAST(
CallContext &cc, uint64_t packetId, unsigned int auth, const SharedPtr<Path> &path, SharedPtr<Peer> &peer,
Buf &pkt, int packetSize);
private:
const Context &m_ctx;

109
core/zerotier.h
View file

@ -796,7 +796,14 @@ typedef struct {
/**
* Credential type IDs
*/
enum ZT_CredentialType { ZT_CREDENTIAL_TYPE_NULL = 0, ZT_CREDENTIAL_TYPE_COM = 1, ZT_CREDENTIAL_TYPE_CAPABILITY = 2, ZT_CREDENTIAL_TYPE_TAG = 3, ZT_CREDENTIAL_TYPE_COO = 4, ZT_CREDENTIAL_TYPE_REVOCATION = 6 };
enum ZT_CredentialType {
ZT_CREDENTIAL_TYPE_NULL = 0,
ZT_CREDENTIAL_TYPE_COM = 1,
ZT_CREDENTIAL_TYPE_CAPABILITY = 2,
ZT_CREDENTIAL_TYPE_TAG = 3,
ZT_CREDENTIAL_TYPE_COO = 4,
ZT_CREDENTIAL_TYPE_REVOCATION = 6
};
/**
* Endpoint address and protocol types
@ -1340,7 +1347,8 @@ typedef struct {
uint64_t start; /* integer range start */
uint32_t end; /* end of integer range (relative to start, inclusive, 0 for equality w/start) */
uint16_t idx; /* index in packet of integer */
uint8_t format; /* bits in integer (range 1-64, ((format&63)+1)) and endianness (MSB 1 for little, 0 for big) */
uint8_t
format; /* bits in integer (range 1-64, ((format&63)+1)) and endianness (MSB 1 for little, 0 for big) */
} intRange;
/**
@ -2142,7 +2150,8 @@ ZT_SDK_API void ZT_freeQueryResult(const void* qr);
* @param callbacks Callback function configuration
* @return OK (0) or error code if a fatal error condition has occurred
*/
ZT_SDK_API enum ZT_ResultCode ZT_Node_new(ZT_Node** node, int64_t clock, int64_t ticks, void* tptr, void* uptr, const struct ZT_Node_Callbacks* callbacks);
ZT_SDK_API enum ZT_ResultCode ZT_Node_new(
ZT_Node **node, int64_t clock, int64_t ticks, void *tptr, void *uptr, const struct ZT_Node_Callbacks *callbacks);
/**
* Delete a node and free all resources it consumes
@ -2164,16 +2173,8 @@ ZT_SDK_API void ZT_Node_delete(ZT_Node* node, int64_t clock, int64_t ticks, void
* @return OK (0) or error code if a fatal error condition has occurred
*/
ZT_SDK_API enum ZT_ResultCode ZT_Node_processWirePacket(
ZT_Node* node,
int64_t clock,
int64_t ticks,
void* tptr,
int64_t localSocket,
const ZT_InetAddress* remoteAddress,
const void* packetData,
unsigned int packetLength,
int isZtBuffer,
volatile int64_t* nextBackgroundTaskDeadline);
ZT_Node *node, int64_t clock, int64_t ticks, void *tptr, int64_t localSocket, const ZT_InetAddress *remoteAddress,
const void *packetData, unsigned int packetLength, int isZtBuffer, volatile int64_t *nextBackgroundTaskDeadline);
/**
* Process a frame from a virtual network port (tap)
@ -2190,18 +2191,8 @@ ZT_SDK_API enum ZT_ResultCode ZT_Node_processWirePacket(
* @return OK (0) or error code if a fatal error condition has occurred
*/
ZT_SDK_API enum ZT_ResultCode ZT_Node_processVirtualNetworkFrame(
ZT_Node* node,
int64_t clock,
int64_t ticks,
void* tptr,
uint64_t nwid,
uint64_t sourceMac,
uint64_t destMac,
unsigned int etherType,
unsigned int vlanId,
const void* frameData,
unsigned int frameLength,
int isZtBuffer,
ZT_Node *node, int64_t clock, int64_t ticks, void *tptr, uint64_t nwid, uint64_t sourceMac, uint64_t destMac,
unsigned int etherType, unsigned int vlanId, const void *frameData, unsigned int frameLength, int isZtBuffer,
volatile int64_t *nextBackgroundTaskDeadline);
/**
@ -2211,7 +2202,8 @@ ZT_SDK_API enum ZT_ResultCode ZT_Node_processVirtualNetworkFrame(
* @param nextBackgroundTaskDeadline Value/result: set to deadline for next call to processBackgroundTasks()
* @return OK (0) or error code if a fatal error condition has occurred
*/
ZT_SDK_API enum ZT_ResultCode ZT_Node_processBackgroundTasks(ZT_Node* node, int64_t clock, int64_t ticks, void* tptr, volatile int64_t* nextBackgroundTaskDeadline);
ZT_SDK_API enum ZT_ResultCode ZT_Node_processBackgroundTasks(
ZT_Node *node, int64_t clock, int64_t ticks, void *tptr, volatile int64_t *nextBackgroundTaskDeadline);
/**
* Join a network
@ -2226,7 +2218,9 @@ ZT_SDK_API enum ZT_ResultCode ZT_Node_processBackgroundTasks(ZT_Node* node, int6
* @param fingerprintHash If non-NULL this is the full fingerprint of the controller
* @return OK (0) or error code if a fatal error condition has occurred
*/
ZT_SDK_API enum ZT_ResultCode ZT_Node_join(ZT_Node* node, int64_t clock, int64_t ticks, void* tptr, void* uptr, uint64_t nwid, const ZT_Fingerprint* controllerFingerprint);
ZT_SDK_API enum ZT_ResultCode ZT_Node_join(
ZT_Node *node, int64_t clock, int64_t ticks, void *tptr, void *uptr, uint64_t nwid,
const ZT_Fingerprint *controllerFingerprint);
/**
* Leave a network
@ -2240,7 +2234,8 @@ ZT_SDK_API enum ZT_ResultCode ZT_Node_join(ZT_Node* node, int64_t clock, int64_t
*
* @return OK (0) or error code if a fatal error condition has occurred
*/
ZT_SDK_API enum ZT_ResultCode ZT_Node_leave(ZT_Node* node, int64_t clock, int64_t ticks, void* tptr, void** uptr, uint64_t nwid);
ZT_SDK_API enum ZT_ResultCode
ZT_Node_leave(ZT_Node *node, int64_t clock, int64_t ticks, void *tptr, void **uptr, uint64_t nwid);
/**
* Subscribe to an Ethernet multicast group
@ -2266,7 +2261,9 @@ ZT_SDK_API enum ZT_ResultCode ZT_Node_leave(ZT_Node* node, int64_t clock, int64_
* @param multicastAdi Multicast ADI (least significant 32 bits only, use 0 if not needed)
* @return OK (0) or error code if a fatal error condition has occurred
*/
ZT_SDK_API enum ZT_ResultCode ZT_Node_multicastSubscribe(ZT_Node* node, int64_t clock, int64_t ticks, void* tptr, uint64_t nwid, uint64_t multicastGroup, unsigned long multicastAdi);
ZT_SDK_API enum ZT_ResultCode ZT_Node_multicastSubscribe(
ZT_Node *node, int64_t clock, int64_t ticks, void *tptr, uint64_t nwid, uint64_t multicastGroup,
unsigned long multicastAdi);
/**
* Unsubscribe from an Ethernet multicast group (or all groups)
@ -2281,7 +2278,9 @@ ZT_SDK_API enum ZT_ResultCode ZT_Node_multicastSubscribe(ZT_Node* node, int64_t
* @param multicastAdi Multicast ADI (least significant 32 bits only, use 0 if not needed)
* @return OK (0) or error code if a fatal error condition has occurred
*/
ZT_SDK_API enum ZT_ResultCode ZT_Node_multicastUnsubscribe(ZT_Node* node, int64_t clock, int64_t ticks, void* tptr, uint64_t nwid, uint64_t multicastGroup, unsigned long multicastAdi);
ZT_SDK_API enum ZT_ResultCode ZT_Node_multicastUnsubscribe(
ZT_Node *node, int64_t clock, int64_t ticks, void *tptr, uint64_t nwid, uint64_t multicastGroup,
unsigned long multicastAdi);
/**
* Get this node's 40-bit ZeroTier address
@ -2326,7 +2325,8 @@ ZT_SDK_API ZT_PeerList* ZT_Node_peers(ZT_Node* node, int64_t clock, int64_t tick
* @param nwid 64-bit network ID
* @return Network configuration or NULL if we are not a member of this network
*/
ZT_SDK_API ZT_VirtualNetworkConfig* ZT_Node_networkConfig(ZT_Node* node, int64_t clock, int64_t ticks, void* tptr, uint64_t nwid);
ZT_SDK_API ZT_VirtualNetworkConfig *
ZT_Node_networkConfig(ZT_Node *node, int64_t clock, int64_t ticks, void *tptr, uint64_t nwid);
/**
* Enumerate and get status of all networks
@ -2354,7 +2354,8 @@ ZT_SDK_API void ZT_Node_setNetworkUserPtr(ZT_Node* node, uint64_t nwid, void* pt
* @param addrs Addresses
* @param addrCount Number of items in addrs[]
*/
ZT_SDK_API void ZT_Node_setInterfaceAddresses(ZT_Node* node, int64_t clock, int64_t ticks, void* tptr, const ZT_InterfaceAddress* addrs, unsigned int addrCount);
ZT_SDK_API void ZT_Node_setInterfaceAddresses(
ZT_Node *node, int64_t clock, int64_t ticks, void *tptr, const ZT_InterfaceAddress *addrs, unsigned int addrCount);
/**
* Add a certificate to this node's certificate store
@ -2368,7 +2369,9 @@ ZT_SDK_API void ZT_Node_setInterfaceAddresses(ZT_Node* node, int64_t clock, int6
* @param certSize Size of certificate binary data, 0 if none
* @return Certificate error or ZT_CERTIFICATE_ERROR_NONE on success
*/
ZT_SDK_API enum ZT_CertificateError ZT_Node_addCertificate(ZT_Node* node, int64_t clock, int64_t ticks, void* tptr, unsigned int localTrust, const ZT_Certificate* cert, const void* certData, unsigned int certSize);
ZT_SDK_API enum ZT_CertificateError ZT_Node_addCertificate(
ZT_Node *node, int64_t clock, int64_t ticks, void *tptr, unsigned int localTrust, const ZT_Certificate *cert,
const void *certData, unsigned int certSize);
/**
* Delete a certificate from this node's certificate store
@ -2381,7 +2384,8 @@ ZT_SDK_API enum ZT_CertificateError ZT_Node_addCertificate(ZT_Node* node, int64_
* @param serialNo 48-byte / 384-bit serial number of certificate to delete
* @return OK (0) or error code
*/
ZT_SDK_API enum ZT_ResultCode ZT_Node_deleteCertificate(ZT_Node* node, int64_t clock, int64_t ticks, void* tptr, const void* serialNo);
ZT_SDK_API enum ZT_ResultCode
ZT_Node_deleteCertificate(ZT_Node *node, int64_t clock, int64_t ticks, void *tptr, const void *serialNo);
/**
* List certificates installed in this node's trust store
@ -2405,7 +2409,9 @@ ZT_SDK_API ZT_CertificateList* ZT_Node_listCertificates(ZT_Node* node, int64_t c
* @param len Length of data in bytes
* @return Boolean: non-zero on success, zero on failure
*/
ZT_SDK_API int ZT_Node_sendUserMessage(ZT_Node* node, int64_t clock, int64_t ticks, void* tptr, uint64_t dest, uint64_t typeId, const void* data, unsigned int len);
ZT_SDK_API int ZT_Node_sendUserMessage(
ZT_Node *node, int64_t clock, int64_t ticks, void *tptr, uint64_t dest, uint64_t typeId, const void *data,
unsigned int len);
/**
* Set a network controller instance for this node
@ -2475,7 +2481,8 @@ ZT_SDK_API int ZT_Identity_validate(const ZT_Identity* id);
* @param signatureBufferLength Length of buffer (must be at least 96 bytes)
* @return Length of signature in bytes or 0 on failure.
*/
ZT_SDK_API unsigned int ZT_Identity_sign(const ZT_Identity* id, const void* data, unsigned int len, void* signature, unsigned int signatureBufferLength);
ZT_SDK_API unsigned int ZT_Identity_sign(
const ZT_Identity *id, const void *data, unsigned int len, void *signature, unsigned int signatureBufferLength);
/**
* Verify a signature
@ -2487,7 +2494,8 @@ ZT_SDK_API unsigned int ZT_Identity_sign(const ZT_Identity* id, const void* data
* @param sigLen Length of signature in bytes
* @return Non-zero if signature is valid
*/
ZT_SDK_API int ZT_Identity_verify(const ZT_Identity* id, const void* data, unsigned int len, const void* signature, unsigned int sigLen);
ZT_SDK_API int ZT_Identity_verify(
const ZT_Identity *id, const void *data, unsigned int len, const void *signature, unsigned int sigLen);
/**
* Get identity type
@ -2601,7 +2609,9 @@ ZT_SDK_API int ZT_Endpoint_fromBytes(ZT_Endpoint* ep, const void* bytes, unsigne
* @param signer Identity to sign locator (must include private key)
* @return Locator or NULL on error (too many endpoints or identity does not have private key)
*/
ZT_SDK_API ZT_Locator* ZT_Locator_create(int64_t rev, const ZT_Endpoint* endpoints, const ZT_EndpointAttributes* endpointAttributes, unsigned int endpointCount, const ZT_Identity* signer);
ZT_SDK_API ZT_Locator *ZT_Locator_create(
int64_t rev, const ZT_Endpoint *endpoints, const ZT_EndpointAttributes *endpointAttributes,
unsigned int endpointCount, const ZT_Identity *signer);
/**
* Decode a serialized locator
@ -2725,8 +2735,9 @@ ZT_SDK_API void ZT_version(int* major, int* minor, int* revision, int* build);
* @param privateKeySize Result parameter: set to size of private key
* @return OK (0) or error
*/
ZT_SDK_API int
ZT_Certificate_newKeyPair(enum ZT_CertificatePublicKeyAlgorithm type, uint8_t publicKey[ZT_CERTIFICATE_MAX_PUBLIC_KEY_SIZE], int* const publicKeySize, uint8_t privateKey[ZT_CERTIFICATE_MAX_PRIVATE_KEY_SIZE], int* const privateKeySize);
ZT_SDK_API int ZT_Certificate_newKeyPair(
enum ZT_CertificatePublicKeyAlgorithm type, uint8_t publicKey[ZT_CERTIFICATE_MAX_PUBLIC_KEY_SIZE],
int *const publicKeySize, uint8_t privateKey[ZT_CERTIFICATE_MAX_PRIVATE_KEY_SIZE], int *const privateKeySize);
/**
* Create a new certificate signing request (CSR)
@ -2746,7 +2757,9 @@ ZT_Certificate_newKeyPair(enum ZT_CertificatePublicKeyAlgorithm type, uint8_t pu
* @param csrSize Value/result: size of buffer
* @return OK (0) or error
*/
ZT_SDK_API int ZT_Certificate_newCSR(const ZT_Certificate_Subject* subject, const void* certificatePrivateKey, int certificatePrivateKeySize, const void* uniqueIdPrivateKey, int uniqueIdPrivateKeySize, void* csr, int* csrSize);
ZT_SDK_API int ZT_Certificate_newCSR(
const ZT_Certificate_Subject *subject, const void *certificatePrivateKey, int certificatePrivateKeySize,
const void *uniqueIdPrivateKey, int uniqueIdPrivateKeySize, void *csr, int *csrSize);
/**
* Sign a CSR to generate a complete certificate.
@ -2763,7 +2776,9 @@ ZT_SDK_API int ZT_Certificate_newCSR(const ZT_Certificate_Subject* subject, cons
* @param issuerPrivateKeySize Size of private key in bytes
* @return Signed certificate or NULL on error
*/
ZT_SDK_API ZT_Certificate* ZT_Certificate_sign(const ZT_Certificate* cert, const uint8_t issuer[ZT_CERTIFICATE_HASH_SIZE], const void* issuerPrivateKey, int issuerPrivateKeySize);
ZT_SDK_API ZT_Certificate *ZT_Certificate_sign(
const ZT_Certificate *cert, const uint8_t issuer[ZT_CERTIFICATE_HASH_SIZE], const void *issuerPrivateKey,
int issuerPrivateKeySize);
/**
* Decode a certificate or CSR
@ -2780,7 +2795,8 @@ ZT_SDK_API ZT_Certificate* ZT_Certificate_sign(const ZT_Certificate* cert, const
* @param verify If non-zero, verify signatures and structure
* @return Certificate error, if any
*/
ZT_SDK_API enum ZT_CertificateError ZT_Certificate_decode(const ZT_Certificate** decodedCert, const void* cert, int certSize, int verify);
ZT_SDK_API enum ZT_CertificateError
ZT_Certificate_decode(const ZT_Certificate **decodedCert, const void *cert, int certSize, int verify);
/**
* Encode a certificate
@ -2913,7 +2929,8 @@ ZT_SDK_API void ZT_InetAddress_set(ZT_InetAddress* ia, const void* saddr);
* @param ipLen Length of IP: 4 or 16 for IPv4 or IPv6
* @param port IP port
*/
ZT_SDK_API void ZT_InetAddress_setIpBytes(ZT_InetAddress* ia, const void* ipBytes, unsigned int ipLen, unsigned int port);
ZT_SDK_API void
ZT_InetAddress_setIpBytes(ZT_InetAddress *ia, const void *ipBytes, unsigned int ipLen, unsigned int port);
/**
* Set IP port
@ -2982,7 +2999,9 @@ ZT_SDK_API const int ZT_AF_INET, ZT_AF_INET6;
* @param f Function to invoke with each key and (binary) value
* @return Non-zero if dictionary was valid
*/
ZT_SDK_API int ZT_Dictionary_parse(const void* dict, unsigned int len, void* arg, void (*f)(void*, const char*, unsigned int, const void*, unsigned int));
ZT_SDK_API int ZT_Dictionary_parse(
const void *dict, unsigned int len, void *arg,
void (*f)(void *, const char *, unsigned int, const void *, unsigned int));
/* ---------------------------------------------------------------------------------------------------------------- */