void/ZeroTierOne
2
0
Fork 0
mirror of https://github.com/zerotier/ZeroTierOne.git synced 2025-06-06 20:43:44 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

AES works! Only with this or newer nodes. Uses salsa with older ones as usual.

Browse source
This commit is contained in:
Adam Ierymenko 2020-09-14 20:44:21 -04:00
parent 1c9407e016
commit 7219ca0c0f
7 changed files with 20 additions and 28 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
node/AES.hpp
View file

@ -376,9 +376,8 @@ public:
*/ */
ZT_INLINE void finish1() noexcept ZT_INLINE void finish1() noexcept
{ {
uint64_t tmp[2];
// Compute 128-bit GMAC tag. // Compute 128-bit GMAC tag.
uint64_t tmp[2];
_gmac.finish(reinterpret_cast<uint8_t *>(tmp)); _gmac.finish(reinterpret_cast<uint8_t *>(tmp));
// Shorten to 64 bits, concatenate with message IV, and encrypt with AES to // Shorten to 64 bits, concatenate with message IV, and encrypt with AES to

5
node/Constants.hpp
View file

@ -201,11 +201,6 @@
*/ */
#define ZT_TX_QUEUE_SIZE 32 #define ZT_TX_QUEUE_SIZE 32
/**
* Length of secret key in bytes -- 256-bit -- do not change
*/
#define ZT_PEER_SECRET_KEY_LENGTH 32
/** /**
* Minimum delay between timer task checks to prevent thrashing * Minimum delay between timer task checks to prevent thrashing
*/ */

5
node/Identity.hpp
View file

@ -173,13 +173,12 @@ public:
* *
* @param id Identity to agree with * @param id Identity to agree with
* @param key Result parameter to fill with key bytes * @param key Result parameter to fill with key bytes
* @param klen Length of key in bytes
* @return Was agreement successful? * @return Was agreement successful?
*/ */
inline bool agree(const Identity &id,void *key,unsigned int klen) const inline bool agree(const Identity &id,void *const key) const
{ {
if (_privateKey) { if (_privateKey) {
C25519::agree(*_privateKey,id._publicKey,key,klen); C25519::agree(*_privateKey,id._publicKey,key,ZT_SYMMETRIC_KEY_SIZE);
return true; return true;
} }
return false; return false;

4
node/IncomingPacket.cpp
View file

@ -286,8 +286,8 @@ bool IncomingPacket::_doHELLO(const RuntimeEnvironment *RR,void *tPtr,const bool
if (!RR->node->rateGateIdentityVerification(now,_path->address())) if (!RR->node->rateGateIdentityVerification(now,_path->address()))
return true; return true;
uint8_t key[ZT_PEER_SECRET_KEY_LENGTH]; uint8_t key[ZT_SYMMETRIC_KEY_SIZE];
if (RR->identity.agree(id,key,ZT_PEER_SECRET_KEY_LENGTH)) { if (RR->identity.agree(id,key)) {
if (dearmor(key, peer->aesKeysIfSupported())) { // ensure packet is authentic, otherwise drop if (dearmor(key, peer->aesKeysIfSupported())) { // ensure packet is authentic, otherwise drop
RR->t->incomingPacketDroppedHELLO(tPtr,_path,pid,fromAddress,"address collision"); RR->t->incomingPacketDroppedHELLO(tPtr,_path,pid,fromAddress,"address collision");
Packet outp(id.address(),RR->identity.address(),Packet::VERB_ERROR); Packet outp(id.address(),RR->identity.address(),Packet::VERB_ERROR);

12
node/Packet.cpp
View file

@ -881,7 +881,6 @@ void Packet::armor(const void *key,bool encryptPayload,const AES aesKeys[2])
uint8_t *const data = reinterpret_cast<uint8_t *>(unsafeData()); uint8_t *const data = reinterpret_cast<uint8_t *>(unsafeData());
if ((aesKeys) && (encryptPayload)) { if ((aesKeys) && (encryptPayload)) {
char tmp0[16],tmp1[16]; char tmp0[16],tmp1[16];
printf("AES armor %.16llx %s -> %s %u\n",*reinterpret_cast<const uint64_t *>(data),Address(data + ZT_PACKET_IDX_SOURCE,5).toString(tmp0),Address(data + ZT_PACKET_IDX_DEST,5).toString(tmp1),size());
setCipher(ZT_PROTO_CIPHER_SUITE__AES_GMAC_SIV); setCipher(ZT_PROTO_CIPHER_SUITE__AES_GMAC_SIV);
uint8_t *const payload = data + ZT_PACKET_IDX_VERB; uint8_t *const payload = data + ZT_PACKET_IDX_VERB;
@ -899,7 +898,7 @@ void Packet::armor(const void *key,bool encryptPayload,const AES aesKeys[2])
Utils::copy<8>(data,tag); Utils::copy<8>(data,tag);
Utils::copy<8>(data + ZT_PACKET_IDX_MAC,tag + 1); Utils::copy<8>(data + ZT_PACKET_IDX_MAC,tag + 1);
#else #else
*reinterpret_cast<uint64_t *>(data) = tag[0]; *reinterpret_cast<uint64_t *>(data + ZT_PACKET_IDX_IV) = tag[0];
*reinterpret_cast<uint64_t *>(data + ZT_PACKET_IDX_MAC) = tag[1]; *reinterpret_cast<uint64_t *>(data + ZT_PACKET_IDX_MAC) = tag[1];
#endif #endif
} else { } else {
@ -947,20 +946,21 @@ bool Packet::dearmor(const void *key,const AES aesKeys[2])
if (cs == ZT_PROTO_CIPHER_SUITE__AES_GMAC_SIV) { if (cs == ZT_PROTO_CIPHER_SUITE__AES_GMAC_SIV) {
if (aesKeys) { if (aesKeys) {
printf("AES dearmor\n");
AES::GMACSIVDecryptor dec(aesKeys[0],aesKeys[1]);
uint64_t tag[2]; uint64_t tag[2];
#ifdef ZT_NO_UNALIGNED_ACCESS #ifdef ZT_NO_UNALIGNED_ACCESS
Utils::copy<8>(tag, data); Utils::copy<8>(tag, data);
Utils::copy<8>(tag + 1, data + ZT_PACKET_IDX_MAC); Utils::copy<8>(tag + 1, data + ZT_PACKET_IDX_MAC);
#else #else
tag[0] = *reinterpret_cast<uint64_t *>(data); tag[0] = *reinterpret_cast<uint64_t *>(data + ZT_PACKET_IDX_IV);
tag[1] = *reinterpret_cast<uint64_t *>(data + ZT_PACKET_IDX_MAC); tag[1] = *reinterpret_cast<uint64_t *>(data + ZT_PACKET_IDX_MAC);
#endif #endif
AES::GMACSIVDecryptor dec(aesKeys[0],aesKeys[1]);
dec.init(tag, payload); dec.init(tag, payload);
const uint8_t oldFlags = data[ZT_PACKET_IDX_FLAGS];
data[ZT_PACKET_IDX_FLAGS] &= 0xf8;
dec.aad(data + ZT_PACKET_IDX_DEST,11); dec.aad(data + ZT_PACKET_IDX_DEST,11);
data[ZT_PACKET_IDX_FLAGS] = oldFlags;
dec.update(payload, payloadLen); dec.update(payload, payloadLen);
return dec.finish(); return dec.finish();
} }

9
node/Peer.cpp
View file

@ -58,16 +58,15 @@ Peer::Peer(const RuntimeEnvironment *renv,const Identity &myIdentity,const Ident
_bondingPolicy(0), _bondingPolicy(0),
_lastComputedAggregateMeanLatency(0) _lastComputedAggregateMeanLatency(0)
{ {
if (!myIdentity.agree(peerIdentity,_key,ZT_PEER_SECRET_KEY_LENGTH)) { if (!myIdentity.agree(peerIdentity,_key))
throw ZT_EXCEPTION_INVALID_ARGUMENT; throw ZT_EXCEPTION_INVALID_ARGUMENT;
}
uint8_t ktmp[48]; uint8_t ktmp[ZT_SYMMETRIC_KEY_SIZE];
KBKDFHMACSHA384(_key,ZT_KBKDF_LABEL_AES_GMAC_SIV_K0,0,0,ktmp); KBKDFHMACSHA384(_key,ZT_KBKDF_LABEL_AES_GMAC_SIV_K0,0,0,ktmp);
_aesKeys[0].init(ktmp); _aesKeys[0].init(ktmp);
KBKDFHMACSHA384(_key,ZT_KBKDF_LABEL_AES_GMAC_SIV_K1,0,0,ktmp); KBKDFHMACSHA384(_key,ZT_KBKDF_LABEL_AES_GMAC_SIV_K1,0,0,ktmp);
_aesKeys[0].init(ktmp); _aesKeys[1].init(ktmp);
Utils::burn(ktmp, 48); Utils::burn(ktmp,ZT_SYMMETRIC_KEY_SIZE);
} }
void Peer::received( void Peer::received(

10
node/Peer.hpp
View file

@ -533,11 +533,11 @@ public:
*/ */
inline int8_t bondingPolicy() { return _bondingPolicy; } inline int8_t bondingPolicy() { return _bondingPolicy; }
const AES *aesKeysIfSupported() const
{ return (const AES *)0; }
//const AES *aesKeysIfSupported() const //const AES *aesKeysIfSupported() const
//{ return (_vProto >= 12) ? _aesKeys : (const AES *)0; } //{ return (const AES *)0; }
const AES *aesKeysIfSupported() const
{ return (_vProto >= 12) ? _aesKeys : (const AES *)0; }
private: private:
struct _PeerPath struct _PeerPath
@ -548,7 +548,7 @@ private:
long priority; // >= 1, higher is better long priority; // >= 1, higher is better
}; };
uint8_t _key[ZT_PEER_SECRET_KEY_LENGTH]; uint8_t _key[ZT_SYMMETRIC_KEY_SIZE];
AES _aesKeys[2]; AES _aesKeys[2];
const RuntimeEnvironment *RR; const RuntimeEnvironment *RR;