void/ZeroTierOne
2
0
Fork 0
mirror of https://github.com/zerotier/ZeroTierOne.git synced 2025-06-03 19:13:43 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Move crypto glue into its own crate, and start the sync crate.

Browse source
This commit is contained in:
Adam Ierymenko 2021-10-01 11:44:51 -04:00
parent a23bd89202
commit 110df67697
No known key found for this signature in database
GPG key ID: C8877CF2D7A5D7F3
21 changed files with 109 additions and 75 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
cumberland/Cargo.toml Normal file
View file

@ -0,0 +1,6 @@
[package]
name = "cumberland"
version = "0.1.0"
edition = "2018"
[dependencies]

7
cumberland/src/lib.rs Normal file
View file

@ -0,0 +1,7 @@
#[cfg(test)]
mod tests {
#[test]
fn it_works() {
assert_eq!(2 + 2, 4);
}
}

87
network-hypervisor/Cargo.lock generated
View file

@ -45,9 +45,9 @@ checksum = "14c189c53d098945499cdfa7ecc63567cf3886b3332b312a5b4585d8d3a6a610"
[[package]]
name = "cc"
version = "1.0.69"
version = "1.0.70"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e70cc2f62c6ce1868963827bd677764c62d07c3d9a3e1fb1177ee1a9ab199eb2"
checksum = "d26a6ce4b6a484fa3edb70f7efa6fc430fd2b87285fe8b84304fd0936faa0dc0"
[[package]]
name = "cfg-if"
@ -74,9 +74,9 @@ dependencies = [
[[package]]
name = "cpufeatures"
version = "0.1.5"
version = "0.2.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "66c99696f6c9dd7f35d486b9d04d7e6e202aa3e8c40d553f2fdf5e7e0c6a71ef"
checksum = "95059428f66df56b63431fdb4e1947ed2190586af5c5a8a8b71122bdf5a7f469"
dependencies = [
"libc",
]
@ -93,13 +93,13 @@ dependencies = [
[[package]]
name = "curve25519-dalek"
version = "3.1.0"
version = "3.2.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "639891fde0dbea823fc3d798a0fdf9d2f9440a42d64a78ab3488b0ca025117b3"
checksum = "0b9fdf9972b2bd6af2d913799d9ebc165ea4d2e65878e329d9c6b372c4491b61"
dependencies = [
"byteorder",
"digest",
"rand_core",
"rand_core 0.5.1",
"subtle",
"zeroize",
]
@ -125,9 +125,9 @@ dependencies = [
[[package]]
name = "ed25519"
version = "1.1.1"
version = "1.2.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8d0860415b12243916284c67a9be413e044ee6668247b99ba26d94b2bc06c8f6"
checksum = "4620d40f6d2601794401d6dd95a5cf69b6c157852539470eeda433a99b3c0efc"
dependencies = [
"signature",
]
@ -225,9 +225,9 @@ dependencies = [
[[package]]
name = "libc"
version = "0.2.98"
version = "0.2.103"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "320cfe77175da3a483efed4bc0adc1968ca050b098ce4f2f1c13a56626128790"
checksum = "dd8f7255a17a627354f321ef0055d63b898c6fb27eff628af4d1b66b7331edf6"
[[package]]
name = "libgcrypt-sys"
@ -271,9 +271,9 @@ dependencies = [
[[package]]
name = "memchr"
version = "2.4.0"
version = "2.4.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b16bd47d9e329435e309c58469fe0791c2d0d1ba96ec0954152a5ae2b04387dc"
checksum = "308cc39be01b73d0d18f82a0e7b2a3df85245f84af96fdddc5d202d27e47b86a"
[[package]]
name = "num_cpus"
@ -299,9 +299,9 @@ checksum = "624a8340c38c1b80fd549087862da4ba43e08858af025b236e509b6649fc13d5"
[[package]]
name = "openssl"
version = "0.10.35"
version = "0.10.36"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "549430950c79ae24e6d02e0b7404534ecf311d94cc9f861e9e4020187d13d885"
checksum = "8d9facdb76fec0b73c406f125d44d86fdad818d66fef0531eec9233ca425ff4a"
dependencies = [
"bitflags",
"cfg-if 1.0.0",
@ -313,9 +313,9 @@ dependencies = [
[[package]]
name = "openssl-sys"
version = "0.9.65"
version = "0.9.67"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7a7907e3bfa08bb85105209cdfcb6c63d109f8f6c1ed6ca318fff5c1853fbc1d"
checksum = "69df2d8dfc6ce3aaf44b40dec6f487d5a886516cf6879c49e98e0710f310a058"
dependencies = [
"autocfg",
"cc",
@ -351,9 +351,9 @@ dependencies = [
[[package]]
name = "pkg-config"
version = "0.3.19"
version = "0.3.20"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "3831453b3449ceb48b6d9c7ad7c96d5ea673e9b470a1dc578c2ce6521230884c"
checksum = "7c9b1041b4387893b91ee6746cddfc28516aff326a3519fb2adf820932c5e6cb"
[[package]]
name = "ppv-lite86"
@ -388,7 +388,7 @@ dependencies = [
"getrandom",
"libc",
"rand_chacha",
"rand_core",
"rand_core 0.5.1",
"rand_hc",
]
@ -399,7 +399,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f4c8ed856279c9737206bf725bf36935d8666ead7aa69b52be55af369d193402"
dependencies = [
"ppv-lite86",
"rand_core",
"rand_core 0.5.1",
]
[[package]]
@ -411,13 +411,19 @@ dependencies = [
"getrandom",
]
[[package]]
name = "rand_core"
version = "0.6.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d34f1408f55294453790c48b2f1ebbb1c5b4b7563eb1f418bcfcfdbb06ebb4e7"
[[package]]
name = "rand_hc"
version = "0.2.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ca3129af7b92a17112d59ad498c6f81eaf463253766b90396d39ea7a39d6613c"
dependencies = [
"rand_core",
"rand_core 0.5.1",
]
[[package]]
@ -437,15 +443,15 @@ checksum = "d29ab0c6d3fc0ee92fe66e2d99f700eab17a8d57d1c1d3b748380fb20baa78cd"
[[package]]
name = "serde"
version = "1.0.126"
version = "1.0.130"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ec7505abeacaec74ae4778d9d9328fe5a5d04253220a85c4ee022239fc996d03"
checksum = "f12d06de37cf59146fbdecab66aa99f9fe4f78722e3607577a5375d66bd0c913"
[[package]]
name = "sha2"
version = "0.9.5"
version = "0.9.8"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b362ae5752fd2137731f9fa25fd4d9058af34666ca1966fb969119cc35719f12"
checksum = "b69f9a4c9740d74c5baa3fd2e547f9525fa8088a8a958e0ca2409a514e33f5fa"
dependencies = [
"block-buffer",
"cfg-if 1.0.0",
@ -513,9 +519,9 @@ dependencies = [
[[package]]
name = "typenum"
version = "1.13.0"
version = "1.14.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "879f6906492a7cd215bfa4cf595b600146ccfac0c79bcbd1f3000162af5e8b06"
checksum = "b63708a265f51345575b27fe43f9500ad611579e764c79edbc2037b1121959ec"
[[package]]
name = "unicode-xid"
@ -580,12 +586,12 @@ dependencies = [
[[package]]
name = "x25519-dalek"
version = "1.1.1"
version = "1.2.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5a0c105152107e3b96f6a00a65e86ce82d9b125230e1c4302940eca58ff71f4f"
checksum = "2392b6b94a576b4e2bf3c5b2757d63f10ada8020a2e4d08ac849ebcf6ea8e077"
dependencies = [
"curve25519-dalek",
"rand_core",
"rand_core 0.5.1",
"zeroize",
]
@ -600,9 +606,9 @@ dependencies = [
[[package]]
name = "zeroize_derive"
version = "1.1.0"
version = "1.2.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a2c1e130bebaeab2f23886bf9acbaca14b092408c452543c857f66399cd6dab1"
checksum = "bdff2024a851a322b08f179173ae2ba620445aef1e838f0c196820eade4ae0c7"
dependencies = [
"proc-macro2",
"quote",
@ -614,17 +620,24 @@ dependencies = [
name = "zerotier-network-hypervisor"
version = "2.0.0"
dependencies = [
"aes-gmac-siv",
"base64",
"concat-arrays",
"dashmap",
"ed25519-dalek",
"gcrypt",
"libc",
"lz4_flex",
"parking_lot",
"rand_core",
"urlencoding",
"winapi",
"ztcrypto",
]
[[package]]
name = "ztcrypto"
version = "0.1.0"
dependencies = [
"aes-gmac-siv",
"ed25519-dalek",
"gcrypt",
"rand_core 0.6.3",
"x25519-dalek",
]

6
network-hypervisor/Cargo.toml
View file

@ -10,11 +10,7 @@ codegen-units = 1
panic = 'abort'
[dependencies]
rand_core = "^0"
aes-gmac-siv = { path = "../aes-gmac-siv" }
x25519-dalek = "^1"
ed25519-dalek = "^1"
gcrypt = "^0"
ztcrypto = { path = "../ztcrypto" }
base64 = "^0"
urlencoding = "^2"
lz4_flex = { version = "^0", features = ["safe-encode", "safe-decode", "checked-decode"] }

1
network-hypervisor/src/lib.rs
View file

@ -1,4 +1,3 @@
pub mod crypto;
pub mod util;
pub mod error;
pub mod vl1;

12
network-hypervisor/src/vl1/identity.rs
View file

@ -8,12 +8,12 @@ use std::str::FromStr;
use concat_arrays::concat_arrays;
use crate::crypto::balloon;
use crate::crypto::c25519::*;
use crate::crypto::hash::*;
use crate::crypto::p521::*;
use crate::crypto::salsa::Salsa;
use crate::crypto::secret::Secret;
use ztcrypto::balloon;
use ztcrypto::c25519::*;
use ztcrypto::hash::*;
use ztcrypto::p521::*;
use ztcrypto::salsa::Salsa;
use ztcrypto::secret::Secret;
use crate::error::InvalidFormatError;
use crate::vl1::Address;
use crate::vl1::buffer::Buffer;

2
network-hypervisor/src/vl1/node.rs
View file

@ -5,7 +5,7 @@ use std::time::Duration;
use dashmap::DashMap;
use parking_lot::Mutex;
use crate::crypto::random::{SecureRandom, next_u64_secure};
use ztcrypto::random::{SecureRandom, next_u64_secure};
use crate::error::InvalidParameterError;
use crate::util::gate::IntervalGate;
use crate::util::pool::{Pool, Pooled};

18
network-hypervisor/src/vl1/peer.rs
View file

@ -6,17 +6,17 @@ use std::sync::atomic::{AtomicI64, AtomicU64, AtomicU8, Ordering};
use parking_lot::Mutex;
use aes_gmac_siv::{AesCtr, AesGmacSiv};
use ztcrypto::aes_gmac_siv::{AesCtr, AesGmacSiv};
use ztcrypto::c25519::C25519KeyPair;
use ztcrypto::hash::{SHA384, SHA384_HASH_SIZE};
use ztcrypto::kbkdf::zt_kbkdf_hmac_sha384;
use ztcrypto::p521::P521KeyPair;
use ztcrypto::poly1305::Poly1305;
use ztcrypto::random::next_u64_secure;
use ztcrypto::salsa::Salsa;
use ztcrypto::secret::Secret;
use crate::{VERSION_MAJOR, VERSION_MINOR, VERSION_PROTO, VERSION_REVISION};
use crate::crypto::c25519::C25519KeyPair;
use crate::crypto::hash::{SHA384, SHA384_HASH_SIZE};
use crate::crypto::kbkdf::zt_kbkdf_hmac_sha384;
use crate::crypto::p521::P521KeyPair;
use crate::crypto::poly1305::Poly1305;
use crate::crypto::random::next_u64_secure;
use crate::crypto::salsa::Salsa;
use crate::crypto::secret::Secret;
use crate::defaults::UDP_DEFAULT_MTU;
use crate::util::pool::{Pool, PoolFactory};
use crate::vl1::{Dictionary, Endpoint, Identity, InetAddress, Path};

3
network-hypervisor/src/vl1/protocol.rs
View file

@ -2,7 +2,6 @@ use std::mem::MaybeUninit;
use crate::vl1::Address;
use crate::vl1::buffer::{RawObject, Buffer};
use crate::crypto::hash::SHA384;
pub const VERB_VL1_NOP: u8 = 0x00;
pub const VERB_VL1_HELLO: u8 = 0x01;
@ -186,7 +185,7 @@ pub fn compress_packet(src: &[u8], dest: &mut Buffer<{ PACKET_SIZE_MAX }>) -> bo
/// Add HMAC-SHA384 to the end of a packet and set verb flag.
#[inline(always)]
pub fn add_extended_auth(pkt: &mut Buffer<{ PACKET_SIZE_MAX }>, hmac_secret_key: &[u8]) -> std::io::Result<()> {
pkt.append_bytes_fixed(&SHA384::hmac(hmac_secret_key, pkt.as_bytes_starting_at(PACKET_VERB_INDEX + 1)?))?;
pkt.append_bytes_fixed(&ztcrypto::hash::SHA384::hmac(hmac_secret_key, pkt.as_bytes_starting_at(PACKET_VERB_INDEX + 1)?))?;
pkt.as_bytes_mut()[PACKET_VERB_INDEX] |= VERB_FLAG_EXTENDED_AUTHENTICATION;
Ok(())
}

9
network-hypervisor/src/vl1/rootset.rs
View file

@ -3,10 +3,11 @@ use std::io::Write;
use concat_arrays::concat_arrays;
use crate::crypto::c25519::*;
use crate::crypto::hash::SHA384;
use crate::crypto::p521::*;
use crate::crypto::secret::Secret;
use ztcrypto::c25519::*;
use ztcrypto::hash::SHA384;
use ztcrypto::p521::*;
use ztcrypto::secret::Secret;
use crate::error::InvalidFormatError;
use crate::vl1::{Endpoint, Identity};
use crate::vl1::buffer::Buffer;

11
ztcrypto/Cargo.toml Normal file
View file

@ -0,0 +1,11 @@
[package]
name = "ztcrypto"
version = "0.1.0"
edition = "2018"
[dependencies]
rand_core = "^0"
aes-gmac-siv = { path = "../aes-gmac-siv" }
gcrypt = "^0"
x25519-dalek = "^1"
ed25519-dalek = "^1"

4
network-hypervisor/src/crypto/balloon.rs → ztcrypto/src/balloon.rs
View file

@ -1,10 +1,10 @@
use std::convert::TryInto;
use std::mem::MaybeUninit;
use crate::crypto::hash::{SHA384, SHA512};
use crate::hash::{SHA384, SHA512};
#[inline(always)]
fn hash_int_le(sha: &mut crate::crypto::hash::SHA512, i: u64) {
fn hash_int_le(sha: &mut SHA512, i: u64) {
#[cfg(target_endian = "big")] {
sha.update(&i.to_le_bytes());
}

4
network-hypervisor/src/crypto/c25519.rs → ztcrypto/src/c25519.rs
View file

@ -3,8 +3,8 @@ use std::io::Write;
use ed25519_dalek::Digest;
use crate::crypto::random::SecureRandom;
use crate::crypto::secret::Secret;
use crate::random::SecureRandom;
use crate::secret::Secret;
pub const C25519_PUBLIC_KEY_SIZE: usize = 32;
pub const C25519_SECRET_KEY_SIZE: usize = 32;

0
network-hypervisor/src/crypto/hash.rs → ztcrypto/src/hash.rs
View file

4
network-hypervisor/src/crypto/kbkdf.rs → ztcrypto/src/kbkdf.rs
View file

@ -1,5 +1,5 @@
use crate::crypto::hash::{SHA384, SHA384_HASH_SIZE};
use crate::crypto::secret::Secret;
use crate::hash::{SHA384, SHA384_HASH_SIZE};
use crate::secret::Secret;
/// Derive a key using KBKDF prefaced by the bytes 'ZT' for use in ZeroTier.
/// This is a fixed cost key derivation function used to derive sub-keys from a single original

1
network-hypervisor/src/crypto/mod.rs → ztcrypto/src/lib.rs
View file

@ -9,3 +9,4 @@ pub mod random;
pub mod secret;
pub use aes_gmac_siv;
pub use rand_core;

7
network-hypervisor/src/crypto/p521.rs → ztcrypto/src/p521.rs
View file

@ -1,8 +1,9 @@
use std::str::FromStr;
use std::convert::TryInto;
use std::str::FromStr;
use gcrypt::sexp::SExpression;
use crate::crypto::secret::Secret;
use crate::secret::Secret;
pub const P521_PUBLIC_KEY_SIZE: usize = 132;
pub const P521_SECRET_KEY_SIZE: usize = 66;
@ -218,7 +219,7 @@ impl Clone for P521PublicKey {
#[cfg(test)]
mod tests {
use crate::crypto::p521::P521KeyPair;
use crate::p521::P521KeyPair;
#[test]
fn generate_sign_verify_agree() {

0
network-hypervisor/src/crypto/poly1305.rs → ztcrypto/src/poly1305.rs
View file

0
network-hypervisor/src/crypto/random.rs → ztcrypto/src/random.rs
View file

0
network-hypervisor/src/crypto/salsa.rs → ztcrypto/src/salsa.rs
View file

2
network-hypervisor/src/crypto/secret.rs → ztcrypto/src/secret.rs
View file

@ -12,7 +12,7 @@ use std::ptr::write_volatile;
/// but it's still not a bad idea due to things like swap or obscure side channel
/// attacks that allow memory to be read.
#[derive(Clone, PartialEq, Eq)]
pub struct Secret<const L: usize>(pub(crate) [u8; L]);
pub struct Secret<const L: usize>(pub [u8; L]);
impl<const L: usize> Secret<L> {
#[inline(always)]