void/ZeroTierOne
2
0
Fork 0
mirror of https://github.com/zerotier/ZeroTierOne.git synced 2025-06-07 04:53:44 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

More refactor

Browse source
This commit is contained in:
Adam Ierymenko 2019-08-14 15:00:18 -07:00
parent e6b4006c70
commit 4da8036222
No known key found for this signature in database
GPG key ID: 1657198823E52A61
6 changed files with 40 additions and 79 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
node/CMakeLists.txt
View file

@ -51,7 +51,6 @@ set(core_headers
set(core_src set(core_src
AES.cpp AES.cpp
C25519.cpp C25519.cpp
Capability.cpp
Credential.cpp Credential.cpp
ECC384.cpp ECC384.cpp
Identity.cpp Identity.cpp

74
node/Capability.cpp
View file

@ -1,74 +0,0 @@
/*
* ZeroTier One - Network Virtualization Everywhere
* Copyright (C) 2011-2019 ZeroTier, Inc. https://www.zerotier.com/
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* --
*
* You can be released from the requirements of the license by purchasing
* a commercial license. Buying such a license is mandatory as soon as you
* develop commercial closed-source software that incorporates or links
* directly against ZeroTier software without disclosing the source code
* of your own application.
*/
#include "Capability.hpp"
#include "RuntimeEnvironment.hpp"
#include "Identity.hpp"
#include "Topology.hpp"
#include "Switch.hpp"
#include "Network.hpp"
#include "Node.hpp"
namespace ZeroTier {
int Capability::verify(const RuntimeEnvironment *RR,void *tPtr) const
{
try {
// There must be at least one entry, and sanity check for bad chain max length
if ((_maxCustodyChainLength < 1)||(_maxCustodyChainLength > ZT_MAX_CAPABILITY_CUSTODY_CHAIN_LENGTH))
return -1;
// Validate all entries in chain of custody
Buffer<(sizeof(Capability) * 2)> tmp;
this->serialize(tmp,true);
for(unsigned int c=0;c<_maxCustodyChainLength;++c) {
if (c == 0) {
if ((!_custody[c].to)||(!_custody[c].from)||(_custody[c].from != Network::controllerFor(_nwid)))
return -1; // the first entry must be present and from the network's controller
} else {
if (!_custody[c].to)
return 0; // all previous entries were valid, so we are valid
else if ((!_custody[c].from)||(_custody[c].from != _custody[c-1].to))
return -1; // otherwise if we have another entry it must be from the previous holder in the chain
}
const Identity id(RR->topology->getIdentity(tPtr,_custody[c].from));
if (id) {
if (!id.verify(tmp.data(),tmp.size(),_custody[c].signature,_custody[c].signatureLength))
return -1;
} else {
RR->sw->requestWhois(tPtr,RR->node->now(),_custody[c].from);
return 1;
}
}
// We reached max custody chain length and everything was valid
return 0;
} catch ( ... ) {}
return -1;
}
} // namespace ZeroTier

5
node/Capability.hpp
View file

@ -177,10 +177,9 @@ public:
* Verify this capability's chain of custody and signatures * Verify this capability's chain of custody and signatures
* *
* @param RR Runtime environment to provide for peer lookup, etc. * @param RR Runtime environment to provide for peer lookup, etc.
* @return 0 == OK, 1 == waiting for WHOIS, -1 == BAD signature or chain
*/ */
int verify(const RuntimeEnvironment *RR,void *tPtr) const; inline Credential::VerifyResult verify(const RuntimeEnvironment *RR,void *tPtr) const { return _verify(RR,tPtr,*this); }
template<unsigned int C> template<unsigned int C>
static inline void serializeRules(Buffer<C> &b,const ZT_VirtualNetworkRule *rules,unsigned int ruleCount) static inline void serializeRules(Buffer<C> &b,const ZT_VirtualNetworkRule *rules,unsigned int ruleCount)
{ {

37
node/Credential.cpp
View file

@ -85,4 +85,41 @@ Credential::VerifyResult Credential::_verify(const RuntimeEnvironment *const RR,
return (id.verify(buf,ptr * sizeof(uint64_t),credential._signature,credential._signatureLength) ? Credential::VERIFY_OK : Credential::VERIFY_BAD_SIGNATURE); return (id.verify(buf,ptr * sizeof(uint64_t),credential._signature,credential._signatureLength) ? Credential::VERIFY_OK : Credential::VERIFY_BAD_SIGNATURE);
} }
Credential::VerifyResult Credential::_verify(const RuntimeEnvironment *RR,void *tPtr,const Capability &credential) const
{
try {
// There must be at least one entry, and sanity check for bad chain max length
if ((credential._maxCustodyChainLength < 1)||(credential._maxCustodyChainLength > ZT_MAX_CAPABILITY_CUSTODY_CHAIN_LENGTH))
return Credential::VERIFY_BAD_SIGNATURE;
// Validate all entries in chain of custody
Buffer<(sizeof(Capability) * 2)> tmp;
credential.serialize(tmp,true);
for(unsigned int c=0;c<credential._maxCustodyChainLength;++c) {
if (c == 0) {
if ((!credential._custody[c].to)||(!credential._custody[c].from)||(credential._custody[c].from != Network::controllerFor(credential._nwid)))
return Credential::VERIFY_BAD_SIGNATURE; // the first entry must be present and from the network's controller
} else {
if (!credential._custody[c].to)
return Credential::VERIFY_OK; // all previous entries were valid, so we are valid
else if ((!credential._custody[c].from)||(credential._custody[c].from != credential._custody[c-1].to))
return Credential::VERIFY_BAD_SIGNATURE; // otherwise if we have another entry it must be from the previous holder in the chain
}
const Identity id(RR->topology->getIdentity(tPtr,credential._custody[c].from));
if (id) {
if (!id.verify(tmp.data(),tmp.size(),credential._custody[c].signature,credential._custody[c].signatureLength))
return Credential::VERIFY_BAD_SIGNATURE;
} else {
RR->sw->requestWhois(tPtr,RR->node->now(),credential._custody[c].from);
return Credential::VERIFY_NEED_IDENTITY;
}
}
// We reached max custody chain length and everything was valid
return Credential::VERIFY_OK;
} catch ( ... ) {}
return Credential::VERIFY_BAD_SIGNATURE;
}
} // namespace ZeroTier } // namespace ZeroTier

1
node/Credential.hpp
View file

@ -81,6 +81,7 @@ protected:
VerifyResult _verify(const RuntimeEnvironment *const RR,void *tPtr,const Revocation &credential) const; VerifyResult _verify(const RuntimeEnvironment *const RR,void *tPtr,const Revocation &credential) const;
VerifyResult _verify(const RuntimeEnvironment *const RR,void *tPtr,const Tag &credential) const; VerifyResult _verify(const RuntimeEnvironment *const RR,void *tPtr,const Tag &credential) const;
VerifyResult _verify(const RuntimeEnvironment *const RR,void *tPtr,const CertificateOfOwnership &credential) const; VerifyResult _verify(const RuntimeEnvironment *const RR,void *tPtr,const CertificateOfOwnership &credential) const;
VerifyResult _verify(const RuntimeEnvironment *const RR,void *tPtr,const Capability &credential) const;
}; };
} // namespace ZeroTier } // namespace ZeroTier

1
objects.mk
View file

@ -1,7 +1,6 @@
CORE_OBJS=\ CORE_OBJS=\
node/AES.o \ node/AES.o \
node/C25519.o \ node/C25519.o \
node/Capability.o \
node/Credential.o \ node/Credential.o \
node/ECC384.o \ node/ECC384.o \
node/Identity.o \ node/Identity.o \