mirror of
https://github.com/zerotier/ZeroTierOne.git
synced 2025-06-05 20:13:44 +02:00
Build fix for 32-bit Linux and tweaks to address derivation algorithm.
This commit is contained in:
parent
e376c6f6a9
commit
4f53d09c7e
3 changed files with 27 additions and 27 deletions
|
@ -6,21 +6,16 @@ ARCH=$(shell uname -m)
|
||||||
DEFS=-DZT_ARCH="$(ARCH)" -DZT_OSNAME="linux" -DZT_TRACE
|
DEFS=-DZT_ARCH="$(ARCH)" -DZT_OSNAME="linux" -DZT_TRACE
|
||||||
|
|
||||||
# Uncomment for a release optimized build
|
# Uncomment for a release optimized build
|
||||||
#CFLAGS=-Wall -O3 -fno-unroll-loops -fstack-protector -pthread $(INCLUDES) -DNDEBUG $(DEFS)
|
CFLAGS=-Wall -O3 -fno-unroll-loops -fstack-protector -pthread $(INCLUDES) -DNDEBUG $(DEFS)
|
||||||
#STRIP=strip --strip-all
|
STRIP=strip --strip-all
|
||||||
|
|
||||||
# Uncomment for a debug build
|
# Uncomment for a debug build
|
||||||
CFLAGS=-Wall -g -pthread $(INCLUDES) -DZT_TRACE $(DEFS)
|
#CFLAGS=-Wall -g -pthread $(INCLUDES) -DZT_TRACE $(DEFS)
|
||||||
STRIP=echo
|
#STRIP=echo
|
||||||
|
|
||||||
CXXFLAGS=$(CFLAGS) -fno-rtti
|
CXXFLAGS=$(CFLAGS) -fno-rtti
|
||||||
|
|
||||||
# We statically link against libcrypto because RedHat-derived distributions do
|
LIBS=-lm
|
||||||
# not ship the elliptic curve algorithms. If we didn't we'd have to build
|
|
||||||
# separate binaries for the RedHat and Debian universes to distribute via
|
|
||||||
# auto-update. This way we get one Linux binary for all systems of a given
|
|
||||||
# architecture.
|
|
||||||
LIBS=ext/bin/libcrypto/linux-$(ARCH)/libcrypto.a -lm -ldl
|
|
||||||
|
|
||||||
include objects.mk
|
include objects.mk
|
||||||
|
|
||||||
|
|
|
@ -32,6 +32,7 @@
|
||||||
|
|
||||||
#include "Identity.hpp"
|
#include "Identity.hpp"
|
||||||
#include "SHA512.hpp"
|
#include "SHA512.hpp"
|
||||||
|
#include "Salsa20.hpp"
|
||||||
|
|
||||||
namespace ZeroTier {
|
namespace ZeroTier {
|
||||||
|
|
||||||
|
@ -130,8 +131,8 @@ bool Identity::fromString(const char *str)
|
||||||
|
|
||||||
// These are fixed parameters and can't be changed without a new
|
// These are fixed parameters and can't be changed without a new
|
||||||
// identity type.
|
// identity type.
|
||||||
#define ZT_IDENTITY_DERIVEADDRESS_DIGESTS 2048
|
#define ZT_IDENTITY_DERIVEADDRESS_MEMORY 16777216
|
||||||
#define ZT_IDENTITY_DERIVEADDRESS_ROUNDS 8
|
#define ZT_IDENTITY_DERIVEADDRESS_ROUNDS 32
|
||||||
|
|
||||||
Address Identity::deriveAddress(const void *keyBytes,unsigned int keyLen)
|
Address Identity::deriveAddress(const void *keyBytes,unsigned int keyLen)
|
||||||
{
|
{
|
||||||
|
@ -149,24 +150,26 @@ Address Identity::deriveAddress(const void *keyBytes,unsigned int keyLen)
|
||||||
* to similar concepts.
|
* to similar concepts.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
unsigned char finalDigest[ZT_SHA512_DIGEST_LEN];
|
unsigned char *ram = new unsigned char[ZT_IDENTITY_DERIVEADDRESS_MEMORY];
|
||||||
unsigned char *digests = new unsigned char[ZT_SHA512_DIGEST_LEN * ZT_IDENTITY_DERIVEADDRESS_DIGESTS];
|
for(unsigned int i=0;i<ZT_IDENTITY_DERIVEADDRESS_MEMORY;++i)
|
||||||
|
ram[i] = ((const unsigned char *)keyBytes)[i % keyLen];
|
||||||
|
|
||||||
SHA512::hash(finalDigest,keyBytes,keyLen);
|
unsigned char salsaKey[ZT_SHA512_DIGEST_LEN];
|
||||||
for(unsigned int i=0;i<(unsigned int)sizeof(digests);++i)
|
SHA512::hash(salsaKey,keyBytes,keyLen);
|
||||||
digests[i] = ((const unsigned char *)keyBytes)[i % keyLen];
|
|
||||||
|
|
||||||
|
uint64_t nonce = 0;
|
||||||
for(unsigned int r=0;r<ZT_IDENTITY_DERIVEADDRESS_ROUNDS;++r) {
|
for(unsigned int r=0;r<ZT_IDENTITY_DERIVEADDRESS_ROUNDS;++r) {
|
||||||
for(unsigned int i=0;i<(ZT_SHA512_DIGEST_LEN * ZT_IDENTITY_DERIVEADDRESS_DIGESTS);++i)
|
nonce = Utils::crc64(nonce,ram,ZT_IDENTITY_DERIVEADDRESS_MEMORY);
|
||||||
digests[i] ^= finalDigest[i % ZT_SHA512_DIGEST_LEN];
|
Salsa20 s20(salsaKey,256,&nonce);
|
||||||
for(unsigned int d=0;d<ZT_IDENTITY_DERIVEADDRESS_DIGESTS;++d)
|
s20.encrypt(ram,ram,ZT_IDENTITY_DERIVEADDRESS_MEMORY);
|
||||||
SHA512::hash(digests + (ZT_SHA512_DIGEST_LEN * d),digests,ZT_SHA512_DIGEST_LEN * ZT_IDENTITY_DERIVEADDRESS_DIGESTS);
|
|
||||||
SHA512::hash(finalDigest,digests,ZT_SHA512_DIGEST_LEN * ZT_IDENTITY_DERIVEADDRESS_DIGESTS);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
delete [] digests;
|
unsigned char finalDigest[ZT_SHA512_DIGEST_LEN];
|
||||||
|
SHA512::hash(finalDigest,ram,ZT_IDENTITY_DERIVEADDRESS_MEMORY);
|
||||||
|
|
||||||
return Address(finalDigest,ZT_ADDRESS_LENGTH); // first 5 bytes of dig[]
|
delete [] ram;
|
||||||
|
|
||||||
|
return Address(finalDigest,ZT_ADDRESS_LENGTH);
|
||||||
}
|
}
|
||||||
|
|
||||||
} // namespace ZeroTier
|
} // namespace ZeroTier
|
||||||
|
|
|
@ -99,10 +99,11 @@ public:
|
||||||
throw(std::runtime_error)
|
throw(std::runtime_error)
|
||||||
{
|
{
|
||||||
char tmp[65536];
|
char tmp[65536];
|
||||||
*((uint64_t *)tmp) = Utils::hton(nwid);
|
void *tmp2 = (void *)tmp;
|
||||||
|
*((uint64_t *)tmp2) = Utils::hton((uint64_t)nwid);
|
||||||
memcpy(tmp + 8,from.data,6);
|
memcpy(tmp + 8,from.data,6);
|
||||||
memcpy(tmp + 14,to.mac().data,6);
|
memcpy(tmp + 14,to.mac().data,6);
|
||||||
*((uint32_t *)(tmp + 20)) = Utils::hton(to.adi());
|
*((uint32_t *)(tmp + 20)) = Utils::hton((uint32_t)to.adi());
|
||||||
*((uint16_t *)(tmp + 24)) = Utils::hton((uint16_t)etherType);
|
*((uint16_t *)(tmp + 24)) = Utils::hton((uint16_t)etherType);
|
||||||
memcpy(tmp + 26,data,std::min((unsigned int)(sizeof(tmp) - 26),len)); // min() is a sanity check here, no packet is that big
|
memcpy(tmp + 26,data,std::min((unsigned int)(sizeof(tmp) - 26),len)); // min() is a sanity check here, no packet is that big
|
||||||
return id.sign(tmp,len + 26);
|
return id.sign(tmp,len + 26);
|
||||||
|
@ -125,7 +126,8 @@ public:
|
||||||
static bool verifyMulticastPacket(const Identity &id,uint64_t nwid,const MAC &from,const MulticastGroup &to,unsigned int etherType,const void *data,unsigned int len,const void *signature,unsigned int siglen)
|
static bool verifyMulticastPacket(const Identity &id,uint64_t nwid,const MAC &from,const MulticastGroup &to,unsigned int etherType,const void *data,unsigned int len,const void *signature,unsigned int siglen)
|
||||||
{
|
{
|
||||||
char tmp[65536];
|
char tmp[65536];
|
||||||
*((uint64_t *)tmp) = Utils::hton(nwid);
|
void *tmp2 = (void *)tmp;
|
||||||
|
*((uint64_t *)tmp2) = Utils::hton(nwid);
|
||||||
memcpy(tmp + 8,from.data,6);
|
memcpy(tmp + 8,from.data,6);
|
||||||
memcpy(tmp + 14,to.mac().data,6);
|
memcpy(tmp + 14,to.mac().data,6);
|
||||||
*((uint32_t *)(tmp + 20)) = Utils::hton(to.adi());
|
*((uint32_t *)(tmp + 20)) = Utils::hton(to.adi());
|
||||||
|
|
Loading…
Add table
Reference in a new issue