void/ZeroTierOne
2
0
Fork 0
mirror of https://github.com/zerotier/ZeroTierOne.git synced 2025-06-06 20:43:44 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Interim commit of some cert and cert testing work, also other cleanup in Utils.

Browse source
This commit is contained in:
Adam Ierymenko 2020-06-26 13:09:24 -07:00
parent 5e1b7f2ba6
commit 73d0e2e7e0
No known key found for this signature in database
GPG key ID: C8877CF2D7A5D7F3
11 changed files with 743 additions and 440 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
cmd/zerotier/cli/help.go
View file

@ -80,6 +80,14 @@ Commands:
sign <identity> <file> Sign a file with an identity's key
verify <identity> <file> <sig> Verify a signature
certificate <command> [args] - Certificate commands
newid Create a new unique subject ID
newcsr <settings> Create a new CSR (signing request)
sign <crl path> <identity path> Sign a CRL and create a certificate
verify <certificate> Verify a certificate
show List certificate for current node
import <certificate> [<trust>] Import certificate into this node
export <serial> Export a certificate from this node
delete <serial> Delete certificate from this node
An <address> may be specified as a 10-digit short ZeroTier address, a
fingerprint containing both an address and a SHA384 hash, or an identity.

163
core/Certificate.cpp
View file

@ -30,6 +30,7 @@ void Certificate::clear()
m_subjectNetworks.clear();
m_updateUrls.clear();
m_subjectCertificates.clear();
m_extendedAttributes.clear();
}
Certificate &Certificate::operator=(const ZT_Certificate &apiCert)
@ -45,16 +46,23 @@ Certificate &Certificate::operator=(const Certificate &cert)
// Zero these since we must explicitly attach all the objects from
// the other certificate to copy them into our containers.
this->subject.identities = nullptr;
this->subject.identityCount = 0;
this->subject.networks = nullptr;
this->subject.networkCount = 0;
this->subject.certificates = nullptr;
this->subject.certificateCount = 0;
this->subject.updateUrls = nullptr;
this->subject.updateUrlCount = 0;
this->extendedAttributes = nullptr;
this->extendedAttributesSize = 0;
this->issuer = nullptr;
for (unsigned int i = 0; i < cert.subject.identityCount; ++i) {
if (cert.subject.identities[i].identity) {
if (cert.subject.identities[i].locator)
addSubjectNode(*reinterpret_cast<const Identity *>(cert.subject.identities[i].identity), *reinterpret_cast<const Locator *>(cert.subject.identities[i].locator));
else addSubjectNode(*reinterpret_cast<const Identity *>(cert.subject.identities[i].identity));
addSubjectIdentity(*reinterpret_cast<const Identity *>(cert.subject.identities[i].identity), *reinterpret_cast<const Locator *>(cert.subject.identities[i].locator));
else addSubjectIdentity(*reinterpret_cast<const Identity *>(cert.subject.identities[i].identity));
}
}
@ -71,10 +79,16 @@ Certificate &Certificate::operator=(const Certificate &cert)
if (cert.subject.updateUrls) {
for (unsigned int i = 0; i < cert.subject.updateUrlCount; ++i) {
if (cert.subject.updateUrls[i])
addUpdateUrl(cert.subject.updateUrls[i]);
addSubjectUpdateUrl(cert.subject.updateUrls[i]);
}
}
if ((cert.extendedAttributes) && (cert.extendedAttributesSize > 0)) {
m_extendedAttributes.assign(cert.extendedAttributes, cert.extendedAttributes + cert.extendedAttributesSize);
this->extendedAttributes = m_extendedAttributes.data();
this->extendedAttributesSize = (unsigned int)m_extendedAttributes.size();
}
if (cert.issuer) {
m_identities.push_back(*reinterpret_cast<const Identity *>(cert.issuer));
this->issuer = &(m_identities.back());
@ -83,7 +97,7 @@ Certificate &Certificate::operator=(const Certificate &cert)
return *this;
}
ZT_Certificate_Identity *Certificate::addSubjectNode(const Identity &id)
ZT_Certificate_Identity *Certificate::addSubjectIdentity(const Identity &id)
{
// Enlarge array of ZT_Certificate_Identity structs and set pointer to potentially reallocated array.
m_subjectIdentities.resize(++this->subject.identityCount);
@ -99,10 +113,10 @@ ZT_Certificate_Identity *Certificate::addSubjectNode(const Identity &id)
return &(m_subjectIdentities.back());
}
ZT_Certificate_Identity *Certificate::addSubjectNode(const Identity &id, const Locator &loc)
ZT_Certificate_Identity *Certificate::addSubjectIdentity(const Identity &id, const Locator &loc)
{
// Add identity as above.
ZT_Certificate_Identity *const n = addSubjectNode(id);
ZT_Certificate_Identity *const n = addSubjectIdentity(id);
// Store local copy of locator.
m_locators.push_back(loc);
@ -138,7 +152,7 @@ void Certificate::addSubjectCertificate(const uint8_t serialNo[ZT_SHA384_DIGEST_
this->subject.certificates = m_subjectCertificates.data();
}
void Certificate::addUpdateUrl(const char *url)
void Certificate::addSubjectUpdateUrl(const char *url)
{
// Store local copy of URL.
m_strings.push_back(url);
@ -159,28 +173,44 @@ Vector< uint8_t > Certificate::encode(const bool omitSignature) const
// format. Custom packed formats are used for credentials as these are smaller
// and faster to marshal/unmarshal.
if (this->flags != 0)
d.add("f", this->flags);
d.add("t", (uint64_t)this->timestamp);
d.add("v0", (uint64_t)this->validity[0]);
d.add("v1", (uint64_t)this->validity[1]);
if ((this->extendedAttributes) && (this->extendedAttributesSize > 0))
d["x"].assign(this->extendedAttributes, this->extendedAttributes + this->extendedAttributesSize);
d.add("mP", (uint64_t)this->maxPathLength);
m_encodeSubject(d, false);
m_encodeSubject(this->subject, d, false);
if (this->issuer)
d.addO("i", *reinterpret_cast<const Identity *>(this->issuer));
if (this->issuerName.country[0])
d.add("iN.c", this->issuerName.country);
if (this->issuerName.organization[0])
d.add("iN.o", this->issuerName.organization);
if (this->issuerName.unit[0])
d.add("iN.u", this->issuerName.unit);
if (this->issuerName.locality[0])
d.add("iN.l", this->issuerName.locality);
if (this->issuerName.province[0])
d.add("iN.p", this->issuerName.province);
if (this->issuerName.streetAddress[0])
d.add("iN.sA", this->issuerName.streetAddress);
if (this->issuerName.postalCode[0])
d.add("iN.pC", this->issuerName.postalCode);
if (this->issuerName.commonName[0])
d.add("iN.cN", this->issuerName.commonName);
if (this->issuerName.serialNo[0])
d.add("iN.sN", this->issuerName.serialNo);
if (this->issuerName.email[0])
d.add("iN.e", this->issuerName.email);
if (this->issuerName.url[0])
d.add("iN.ur", this->issuerName.url);
if (this->issuerName.host[0])
d.add("iN.h", this->issuerName.host);
if ((!omitSignature) && (this->signatureSize > 0) && (this->signatureSize <= sizeof(this->signature)))
d["si"].assign(this->signature, this->signature + this->signatureSize);
@ -204,7 +234,11 @@ bool Certificate::decode(const Vector< uint8_t > &data)
this->validity[0] = (int64_t)d.getUI("v0");
this->validity[1] = (int64_t)d.getUI("v1");
this->maxPathLength = (unsigned int)d.getUI("mP");
m_extendedAttributes = d["x"];
if (!m_extendedAttributes.empty()) {
this->extendedAttributes = m_extendedAttributes.data();
this->extendedAttributesSize = (unsigned int)m_extendedAttributes.size();
}
this->subject.timestamp = (int64_t)d.getUI("s.t");
unsigned int cnt = (unsigned int)d.getUI("s.i$");
@ -220,9 +254,9 @@ bool Certificate::decode(const Vector< uint8_t > &data)
Locator loc;
if (loc.unmarshal(locatorData.data(), (unsigned int)locatorData.size()) <= 0)
return false;
this->addSubjectNode(id, loc);
this->addSubjectIdentity(id, loc);
} else {
this->addSubjectNode(id);
this->addSubjectIdentity(id);
}
}
@ -257,6 +291,7 @@ bool Certificate::decode(const Vector< uint8_t > &data)
d.getS("s.n.pC", this->subject.name.postalCode, sizeof(this->subject.name.postalCode));
d.getS("s.n.e", this->subject.name.email, sizeof(this->subject.name.email));
d.getS("s.n.ur", this->subject.name.url, sizeof(this->subject.name.url));
d.getS("s.n.h", this->subject.name.host, sizeof(this->subject.name.host));
const Vector< uint8_t > &issuerData = d["i"];
if (!issuerData.empty()) {
@ -278,12 +313,13 @@ bool Certificate::decode(const Vector< uint8_t > &data)
d.getS("iN.pC", this->issuerName.postalCode, sizeof(this->issuerName.postalCode));
d.getS("iN.e", this->issuerName.email, sizeof(this->issuerName.email));
d.getS("iN.ur", this->issuerName.url, sizeof(this->issuerName.url));
d.getS("iN.h", this->issuerName.host, sizeof(this->issuerName.host));
cnt = (unsigned int)d.getUI("u$");
for (unsigned int i = 0; i < cnt; ++i) {
const char *const url = d.getS(Dictionary::arraySubscript(tmp, "u$", i), tmp2, sizeof(tmp2));
if (url)
addUpdateUrl(tmp2);
addSubjectUpdateUrl(tmp2);
else return false;
}
@ -326,7 +362,7 @@ ZT_CertificateError Certificate::verify() const
(this->subject.uniqueId[0] != ZT_CERTIFICATE_UNIQUE_ID_PUBLIC_KEY_TYPE_NIST_P_384))
return ZT_CERTIFICATE_ERROR_INVALID_UNIQUE_ID_PROOF;
Dictionary tmp;
m_encodeSubject(tmp, true);
m_encodeSubject(this->subject, tmp, true);
Vector< uint8_t > enc;
tmp.encode(enc);
uint8_t h[ZT_SHA384_DIGEST_SIZE];
@ -368,55 +404,86 @@ ZT_CertificateError Certificate::verify() const
return ZT_CERTIFICATE_ERROR_NONE;
}
void Certificate::m_encodeSubject(Dictionary &d, bool omitUniqueIdProofSignature) const
bool Certificate::setSubjectUniqueId(ZT_Certificate_Subject &s, const uint8_t uniqueId[ZT_CERTIFICATE_UNIQUE_ID_SIZE_TYPE_NIST_P_384], const uint8_t uniqueIdPrivate[ZT_CERTIFICATE_UNIQUE_ID_PRIVATE_KEY_SIZE_TYPE_NIST_P_384])
{
Utils::copy<ZT_CERTIFICATE_UNIQUE_ID_SIZE_TYPE_NIST_P_384>(s.uniqueId, uniqueId);
s.uniqueIdSize = ZT_CERTIFICATE_UNIQUE_ID_SIZE_TYPE_NIST_P_384;
Dictionary d;
m_encodeSubject(s, d, true);
Vector< uint8_t > enc;
d.encode(enc);
uint8_t h[ZT_ECC384_SIGNATURE_HASH_SIZE];
SHA384(h, enc.data(), (unsigned int)enc.size());
ECC384ECDSASign(uniqueIdPrivate, h, s.uniqueIdProofSignature);
s.uniqueIdProofSignatureSize = ZT_ECC384_SIGNATURE_SIZE;
return true;
}
void Certificate::m_encodeSubject(const ZT_Certificate_Subject &s, Dictionary &d, bool omitUniqueIdProofSignature)
{
char tmp[256];
d.add("s.t", (uint64_t)this->subject.timestamp);
d.add("s.t", (uint64_t)s.timestamp);
d.add("s.i$", (uint64_t)this->subject.identityCount);
for (unsigned int i = 0; i < this->subject.identityCount; ++i) {
if (this->subject.identities[i].identity)
d.addO(Dictionary::arraySubscript(tmp, "s.i$.i", i), *reinterpret_cast<const Identity *>(this->subject.identities[i].identity));
if (this->subject.identities[i].locator)
d.addO(Dictionary::arraySubscript(tmp, "s.i$.l", i), *reinterpret_cast<const Locator *>(this->subject.identities[i].locator));
d.add("s.i$", (uint64_t)s.identityCount);
for (unsigned int i = 0; i < s.identityCount; ++i) {
if (s.identities[i].identity)
d.addO(Dictionary::arraySubscript(tmp, "s.i$.i", i), *reinterpret_cast<const Identity *>(s.identities[i].identity));
if (s.identities[i].locator)
d.addO(Dictionary::arraySubscript(tmp, "s.i$.l", i), *reinterpret_cast<const Locator *>(s.identities[i].locator));
}
d.add("s.n$", (uint64_t)this->subject.networkCount);
for (unsigned int i = 0; i < this->subject.networkCount; ++i) {
d.add(Dictionary::arraySubscript(tmp, "s.n$.i", i), this->subject.networks[i].id);
Fingerprint fp(this->subject.networks[i].controller);
d.add("s.n$", (uint64_t)s.networkCount);
for (unsigned int i = 0; i < s.networkCount; ++i) {
d.add(Dictionary::arraySubscript(tmp, "s.n$.i", i), s.networks[i].id);
Fingerprint fp(s.networks[i].controller);
d.addO(Dictionary::arraySubscript(tmp, "s.n$.c", i), fp);
}
d.add("s.c$", (uint64_t)this->subject.certificateCount);
for (unsigned int i = 0; i < this->subject.certificateCount; ++i) {
if (this->subject.certificates[i])
d[Dictionary::arraySubscript(tmp, "s.c$", i)].assign(this->subject.certificates[i], this->subject.certificates[i] + ZT_SHA384_DIGEST_SIZE);
d.add("s.c$", (uint64_t)s.certificateCount);
for (unsigned int i = 0; i < s.certificateCount; ++i) {
if (s.certificates[i])
d[Dictionary::arraySubscript(tmp, "s.c$", i)].assign(s.certificates[i], s.certificates[i] + ZT_SHA384_DIGEST_SIZE);
}
d.add("s.u$", (uint64_t)this->subject.updateUrlCount);
if (this->subject.updateUrls) {
for (unsigned int i = 0; i < this->subject.updateUrlCount; ++i)
d.add(Dictionary::arraySubscript(tmp, "s.u$", i), this->subject.updateUrls[i]);
d.add("s.u$", (uint64_t)s.updateUrlCount);
if (s.updateUrls) {
for (unsigned int i = 0; i < s.updateUrlCount; ++i)
d.add(Dictionary::arraySubscript(tmp, "s.u$", i), s.updateUrls[i]);
}
d.add("s.n.c", this->subject.name.country);
d.add("s.n.o", this->subject.name.organization);
d.add("s.n.u", this->subject.name.unit);
d.add("s.n.l", this->subject.name.locality);
d.add("s.n.p", this->subject.name.province);
d.add("s.n.sA", this->subject.name.streetAddress);
d.add("s.n.pC", this->subject.name.postalCode);
d.add("s.n.cN", this->subject.name.commonName);
d.add("s.n.sN", this->subject.name.serialNo);
d.add("s.n.e", this->subject.name.email);
d.add("s.n.ur", this->subject.name.url);
if (s.name.country[0])
d.add("s.n.c", s.name.country);
if (s.name.organization[0])
d.add("s.n.o", s.name.organization);
if (s.name.unit[0])
d.add("s.n.u", s.name.unit);
if (s.name.locality[0])
d.add("s.n.l", s.name.locality);
if (s.name.province[0])
d.add("s.n.p", s.name.province);
if (s.name.streetAddress[0])
d.add("s.n.sA", s.name.streetAddress);
if (s.name.postalCode[0])
d.add("s.n.pC", s.name.postalCode);
if (s.name.commonName[0])
d.add("s.n.cN", s.name.commonName);
if (s.name.serialNo[0])
d.add("s.n.sN", s.name.serialNo);
if (s.name.email[0])
d.add("s.n.e", s.name.email);
if (s.name.url[0])
d.add("s.n.ur", s.name.url);
if (s.name.host[0])
d.add("s.n.h", s.name.host);
if ((this->subject.uniqueIdSize > 0) && (this->subject.uniqueIdSize <= ZT_CERTIFICATE_MAX_UNIQUE_ID_SIZE))
d["s.uI"].assign(this->subject.uniqueId, this->subject.uniqueId + this->subject.uniqueIdSize);
if ((!omitUniqueIdProofSignature) && (this->subject.uniqueIdProofSignatureSize > 0) && (this->subject.uniqueIdProofSignatureSize <= ZT_CERTIFICATE_MAX_SIGNATURE_SIZE))
d["s.uS"].assign(this->subject.uniqueIdProofSignature, this->subject.uniqueIdProofSignature + this->subject.uniqueIdProofSignatureSize);
if ((s.uniqueIdSize > 0) && (s.uniqueIdSize <= ZT_CERTIFICATE_MAX_UNIQUE_ID_SIZE))
d["s.uI"].assign(s.uniqueId, s.uniqueId + s.uniqueIdSize);
if ((!omitUniqueIdProofSignature) && (s.uniqueIdProofSignatureSize > 0) && (s.uniqueIdProofSignatureSize <= ZT_CERTIFICATE_MAX_SIGNATURE_SIZE))
d["s.uS"].assign(s.uniqueIdProofSignature, s.uniqueIdProofSignature + s.uniqueIdProofSignatureSize);
}
} // namespace ZeroTier

44
core/Certificate.hpp
View file

@ -74,7 +74,7 @@ public:
* @param id Identity
* @return Pointer to C struct
*/
ZT_Certificate_Identity *addSubjectNode(const Identity &id);
ZT_Certificate_Identity *addSubjectIdentity(const Identity &id);
/**
* Add a subject node/identity with a locator
@ -83,7 +83,7 @@ public:
* @param loc Locator signed by identity (signature is NOT checked here)
* @return Pointer to C struct
*/
ZT_Certificate_Identity *addSubjectNode(const Identity &id, const Locator &loc);
ZT_Certificate_Identity *addSubjectIdentity(const Identity &id, const Locator &loc);
/**
* Add a subject network
@ -106,7 +106,20 @@ public:
*
* @param url Update URL
*/
void addUpdateUrl(const char *url);
void addSubjectUpdateUrl(const char *url);
/**
* Set the extended attributes of this certificate
*
* @param x Extended attributes (set by issuer)
*/
ZT_INLINE void setExtendedAttributes(const Dictionary &x)
{
m_extendedAttributes.clear();
x.encode(m_extendedAttributes);
this->extendedAttributes = m_extendedAttributes.data();
this->extendedAttributesSize = (unsigned int)m_extendedAttributes.size();
}
/**
* Marshal this certificate in binary form
@ -145,6 +158,28 @@ public:
*/
ZT_CertificateError verify() const;
/**
* Create a subject unique ID and corresponding private key required for use
*
* @param uniqueId Buffer to receive unique ID
* @param uniqueIdPrivate Buffer to receive private key
*/
static ZT_INLINE void createSubjectUniqueId(uint8_t uniqueId[ZT_CERTIFICATE_UNIQUE_ID_SIZE_TYPE_NIST_P_384], uint8_t uniqueIdPrivate[ZT_CERTIFICATE_UNIQUE_ID_PRIVATE_KEY_SIZE_TYPE_NIST_P_384])
{
uniqueId[0] = ZT_CERTIFICATE_UNIQUE_ID_PUBLIC_KEY_TYPE_NIST_P_384;
ECC384GenerateKey(uniqueId + 1, uniqueIdPrivate);
}
/**
* Set the unique ID and unique ID proof signature fields in a subject.
*
* @param s Subject to set
* @param uniqueId Unique ID (public)
* @param uniqueIdPrivate Unique ID private key
* @return True on success
*/
static bool setSubjectUniqueId(ZT_Certificate_Subject &s, const uint8_t uniqueId[ZT_CERTIFICATE_UNIQUE_ID_SIZE_TYPE_NIST_P_384], const uint8_t uniqueIdPrivate[ZT_CERTIFICATE_UNIQUE_ID_PRIVATE_KEY_SIZE_TYPE_NIST_P_384]);
ZT_INLINE unsigned long hashCode() const noexcept
{ return (unsigned long)Utils::loadAsIsEndian< uint32_t >(this->serialNo); }
@ -162,7 +197,7 @@ public:
{ return memcmp(this->serialNo, c.serialNo, ZT_SHA384_DIGEST_SIZE) >= 0; }
private:
void m_encodeSubject(Dictionary &d, bool omitUniqueIdProofSignature) const;
static void m_encodeSubject(const ZT_Certificate_Subject &s, Dictionary &d, bool omitUniqueIdProofSignature);
// These hold any identity or locator objects that are owned by and should
// be deleted with this certificate. Lists are used so the pointers never
@ -177,6 +212,7 @@ private:
Vector< ZT_Certificate_Network > m_subjectNetworks;
Vector< const uint8_t * > m_subjectCertificates;
Vector< const char * > m_updateUrls;
Vector< uint8_t > m_extendedAttributes;
std::atomic<int> __refCount;
};

6
core/Credential.cpp
View file

@ -36,8 +36,8 @@
#if ZT_CERTIFICATEOFOWNERSHIP_MARSHAL_SIZE_MAX > ZT_BUF_MEM_SIZE
#error ZT_CERTIFICATEOFOWNERSHIP_MARSHAL_SIZE_MAX exceeds maximum buffer size
#endif
#if ZT_CERTIFICATEOFMEMBERSHIP_MARSHAL_SIZE_MAX > ZT_BUF_MEM_SIZE
#error ZT_CERTIFICATEOFMEMBERSHIP_MARSHAL_SIZE_MAX exceeds maximum buffer size
#if ZT_MEMBERSHIP_CREDENTIAL_MARSHAL_SIZE_MAX > ZT_BUF_MEM_SIZE
#error ZT_MEMBERSHIP_CREDENTIAL_MARSHAL_SIZE_MAX exceeds maximum buffer size
#endif
namespace ZeroTier {
@ -83,7 +83,7 @@ Credential::VerifyResult Credential::_verify(const RuntimeEnvironment *const RR,
return Credential::VERIFY_NEED_IDENTITY;
// Now verify the controller's signature.
uint64_t buf[ZT_CERTIFICATEOFMEMBERSHIP_MARSHAL_SIZE_MAX / 8];
uint64_t buf[ZT_MEMBERSHIP_CREDENTIAL_MARSHAL_SIZE_MAX / 8];
const unsigned int bufSize = credential.m_fillSigningBuf(buf);
return peer->identity().verify(buf, bufSize, credential.m_signature, credential.m_signatureLength) ? Credential::VERIFY_OK : Credential::VERIFY_BAD_SIGNATURE;
}

13
core/Dictionary.cpp
View file

@ -115,15 +115,22 @@ char *Dictionary::getS(const char *k, char *v, const unsigned int cap) const
if (cap == 0) // sanity check
return v;
const Vector< uint8_t > &e = (*this)[k];
if (e.empty()) {
v[0] = 0;
return v;
}
unsigned int i = 0;
const unsigned int last = cap - 1;
for (;;) {
if ((i == last) || (i >= (unsigned int)e.size()))
if ((i >= last) || (i >= (unsigned int)e.size())) {
v[i] = 0;
break;
v[i] = (char)e[i];
}
if ((v[i] = (char)e[i]) == 0) {
break;
}
++i;
}
v[i] = 0;
return v;
}

11
core/Locator.hpp
View file

@ -134,6 +134,17 @@ public:
int marshal(uint8_t data[ZT_LOCATOR_MARSHAL_SIZE_MAX], bool excludeSignature = false) const noexcept;
int unmarshal(const uint8_t *data, int len) noexcept;
ZT_INLINE bool operator==(const Locator &l) const noexcept
{
return (
(m_ts == l.m_ts) &&
(m_signer == l.m_signer) &&
(m_endpoints == l.m_endpoints) &&
(m_signature == l.m_signature));
}
ZT_INLINE bool operator!=(const Locator &l) const noexcept
{ return !(*this == l); }
private:
int64_t m_ts;
Fingerprint m_signer;

18
core/MembershipCredential.cpp
View file

@ -37,10 +37,10 @@ bool MembershipCredential::agreesWith(const MembershipCredential &other) const n
}
// us <> them
for (FCV<p_Qualifier, ZT_CERTIFICATEOFMEMBERSHIP_MAX_ADDITIONAL_QUALIFIERS>::const_iterator i(m_additionalQualifiers.begin());i != m_additionalQualifiers.end();++i) {
for (FCV<p_Qualifier, ZT_MEMBERSHIP_CREDENTIAL_MAX_ADDITIONAL_QUALIFIERS>::const_iterator i(m_additionalQualifiers.begin()); i != m_additionalQualifiers.end(); ++i) {
if (i->delta != 0xffffffffffffffffULL) {
const uint64_t *v2 = nullptr;
for (FCV<p_Qualifier, ZT_CERTIFICATEOFMEMBERSHIP_MAX_ADDITIONAL_QUALIFIERS>::const_iterator j(other.m_additionalQualifiers.begin());j != other.m_additionalQualifiers.end();++i) {
for (FCV<p_Qualifier, ZT_MEMBERSHIP_CREDENTIAL_MAX_ADDITIONAL_QUALIFIERS>::const_iterator j(other.m_additionalQualifiers.begin()); j != other.m_additionalQualifiers.end(); ++i) {
if (j->id == i->id) {
v2 = &(j->value);
break;
@ -59,10 +59,10 @@ bool MembershipCredential::agreesWith(const MembershipCredential &other) const n
}
// them <> us (we need a second pass in case they have qualifiers we don't or vice versa)
for (FCV<p_Qualifier, ZT_CERTIFICATEOFMEMBERSHIP_MAX_ADDITIONAL_QUALIFIERS>::const_iterator i(other.m_additionalQualifiers.begin());i != other.m_additionalQualifiers.end();++i) {
for (FCV<p_Qualifier, ZT_MEMBERSHIP_CREDENTIAL_MAX_ADDITIONAL_QUALIFIERS>::const_iterator i(other.m_additionalQualifiers.begin()); i != other.m_additionalQualifiers.end(); ++i) {
if (i->delta != 0xffffffffffffffffULL) {
const uint64_t *v2 = nullptr;
for (FCV<p_Qualifier, ZT_CERTIFICATEOFMEMBERSHIP_MAX_ADDITIONAL_QUALIFIERS>::const_iterator j(m_additionalQualifiers.begin());j != m_additionalQualifiers.end();++i) {
for (FCV<p_Qualifier, ZT_MEMBERSHIP_CREDENTIAL_MAX_ADDITIONAL_QUALIFIERS>::const_iterator j(m_additionalQualifiers.begin()); j != m_additionalQualifiers.end(); ++i) {
if (j->id == i->id) {
v2 = &(j->value);
break;
@ -88,13 +88,13 @@ bool MembershipCredential::agreesWith(const MembershipCredential &other) const n
bool MembershipCredential::sign(const Identity &with) noexcept
{
m_signedBy = with.address();
uint64_t buf[ZT_CERTIFICATEOFMEMBERSHIP_MARSHAL_SIZE_MAX / 8];
uint64_t buf[ZT_MEMBERSHIP_CREDENTIAL_MARSHAL_SIZE_MAX / 8];
const unsigned int bufSize = m_fillSigningBuf(buf);
m_signatureLength = with.sign(buf, bufSize, m_signature, sizeof(m_signature));
return m_signatureLength > 0;
}
int MembershipCredential::marshal(uint8_t data[ZT_CERTIFICATEOFMEMBERSHIP_MARSHAL_SIZE_MAX], const bool v2) const noexcept
int MembershipCredential::marshal(uint8_t data[ZT_MEMBERSHIP_CREDENTIAL_MARSHAL_SIZE_MAX], const bool v2) const noexcept
{
data[0] = v2 ? 2 : 1;
@ -164,7 +164,7 @@ int MembershipCredential::unmarshal(const uint8_t *data, int len) noexcept
TriviallyCopyable::memoryZero(this);
const unsigned int numq = Utils::loadBigEndian<uint16_t>(data + 1);
if ((numq < 3) || (numq > (ZT_CERTIFICATEOFMEMBERSHIP_MAX_ADDITIONAL_QUALIFIERS + 3)))
if ((numq < 3) || (numq > (ZT_MEMBERSHIP_CREDENTIAL_MAX_ADDITIONAL_QUALIFIERS + 3)))
return -1;
int p = 3;
for (unsigned int q = 0;q < numq;++q) {
@ -209,7 +209,7 @@ int MembershipCredential::unmarshal(const uint8_t *data, int len) noexcept
break;
default:
if (m_additionalQualifiers.size() >= ZT_CERTIFICATEOFMEMBERSHIP_MAX_ADDITIONAL_QUALIFIERS)
if (m_additionalQualifiers.size() >= ZT_MEMBERSHIP_CREDENTIAL_MAX_ADDITIONAL_QUALIFIERS)
return -1;
m_additionalQualifiers.push_back(p_Qualifier(id, value, delta));
break;
@ -287,7 +287,7 @@ unsigned int MembershipCredential::m_fillSigningBuf(uint64_t *buf) const noexcep
buf[p++] = informational;
}
for (FCV<p_Qualifier, ZT_CERTIFICATEOFMEMBERSHIP_MAX_ADDITIONAL_QUALIFIERS>::const_iterator i(m_additionalQualifiers.begin());i != m_additionalQualifiers.end();++i) { // NOLINT(modernize-loop-convert)
for (FCV<p_Qualifier, ZT_MEMBERSHIP_CREDENTIAL_MAX_ADDITIONAL_QUALIFIERS>::const_iterator i(m_additionalQualifiers.begin()); i != m_additionalQualifiers.end(); ++i) { // NOLINT(modernize-loop-convert)
buf[p++] = Utils::hton(i->id);
buf[p++] = Utils::hton(i->value);
buf[p++] = Utils::hton(i->delta);

10
core/MembershipCredential.hpp
View file

@ -32,10 +32,10 @@
#include "FCV.hpp"
// Maximum number of additional tuples beyond the standard always-present three.
#define ZT_CERTIFICATEOFMEMBERSHIP_MAX_ADDITIONAL_QUALIFIERS 8
#define ZT_MEMBERSHIP_CREDENTIAL_MAX_ADDITIONAL_QUALIFIERS 8
// version + qualifier count + three required qualifiers + additional qualifiers +
#define ZT_CERTIFICATEOFMEMBERSHIP_MARSHAL_SIZE_MAX (1 + 2 + (3 * 3 * 8) + (ZT_CERTIFICATEOFMEMBERSHIP_MAX_ADDITIONAL_QUALIFIERS * 3 * 8) + 144 + 5 + 2 + 96)
#define ZT_MEMBERSHIP_CREDENTIAL_MARSHAL_SIZE_MAX (1 + 2 + (3 * 3 * 8) + (ZT_MEMBERSHIP_CREDENTIAL_MAX_ADDITIONAL_QUALIFIERS * 3 * 8) + 144 + 5 + 2 + 96)
namespace ZeroTier {
@ -186,8 +186,8 @@ public:
// NOTE: right now we use v1 serialization format which works with both ZeroTier 1.x and 2.x. V2 format
// will be switched on once 1.x is pretty much dead and out of support.
static constexpr int marshalSizeMax() noexcept { return ZT_CERTIFICATEOFMEMBERSHIP_MARSHAL_SIZE_MAX; }
int marshal(uint8_t data[ZT_CERTIFICATEOFMEMBERSHIP_MARSHAL_SIZE_MAX],bool v2 = false) const noexcept;
static constexpr int marshalSizeMax() noexcept { return ZT_MEMBERSHIP_CREDENTIAL_MARSHAL_SIZE_MAX; }
int marshal(uint8_t data[ZT_MEMBERSHIP_CREDENTIAL_MARSHAL_SIZE_MAX], bool v2 = false) const noexcept;
int unmarshal(const uint8_t *data,int len) noexcept;
private:
@ -203,7 +203,7 @@ private:
ZT_INLINE bool operator<(const p_Qualifier &q) const noexcept { return (id < q.id); } // sort order
};
FCV<p_Qualifier,ZT_CERTIFICATEOFMEMBERSHIP_MAX_ADDITIONAL_QUALIFIERS> m_additionalQualifiers;
FCV<p_Qualifier,ZT_MEMBERSHIP_CREDENTIAL_MAX_ADDITIONAL_QUALIFIERS> m_additionalQualifiers;
int64_t m_timestamp;
int64_t m_timestampMaxDelta;
uint64_t m_networkId;

193
core/Tests.cpp
View file

@ -42,11 +42,14 @@
#include "Containers.hpp"
#include "Endpoint.hpp"
#include "Locator.hpp"
#include "Certificate.hpp"
#ifdef __UNIX_LIKE__
#include <unistd.h>
#include <sys/time.h>
#include <sys/types.h>
#endif
using namespace ZeroTier;
@ -60,7 +63,7 @@ static int64_t now()
GetSystemTimeAsFileTime(&ft);
return (((LONGLONG)ft.dwLowDateTime + ((LONGLONG)(ft.dwHighDateTime) << 32)) / 10000LL) - 116444736000000000LL;
#else
timeval tv; // NOLINT(cppcoreguidelines-pro-type-member-init,hicpp-member-init)
timeval tv;
gettimeofday(&tv, nullptr);
return ((1000LL * (int64_t)tv.tv_sec) + (int64_t)(tv.tv_usec / 1000));
#endif
@ -71,7 +74,8 @@ static int64_t now()
static const uint8_t ECC384_TV0_PUBLIC[49] = {0x02, 0xed, 0xbc, 0xbb, 0x1f, 0x23, 0x9b, 0xbd, 0x9d, 0x3d, 0x7c, 0xef, 0x6b, 0x37, 0xa3, 0x26, 0x69, 0xe9, 0x4d, 0xf4, 0x26, 0x64, 0xfb, 0xac, 0x76, 0x40, 0xc2, 0x22, 0x21, 0xa6, 0xa3, 0xdf, 0x8c, 0x96, 0x81, 0x76, 0x0f, 0x0e, 0x67, 0xab, 0xd4, 0x51, 0x58, 0xb3, 0x15, 0x63, 0xfb, 0x49, 0x71};
static const uint8_t ECC384_TV0_PRIVATE[48] = {0x62, 0x93, 0x9b, 0x4a, 0x29, 0x3c, 0xc6, 0x86, 0x98, 0xc3, 0xd0, 0x7f, 0xb7, 0xff, 0x97, 0xa2, 0xfb, 0xc9, 0x36, 0x8a, 0x1d, 0xa5, 0x40, 0x8e, 0x49, 0x13, 0xd4, 0x15, 0x46, 0xcb, 0xb4, 0x08, 0xfa, 0x8c, 0xb2, 0x7f, 0xcc, 0x3f, 0x72, 0xf8, 0x0d, 0x16, 0x7b, 0xf0, 0xa4, 0xc3, 0x29, 0xd3};
static const uint8_t ECC384_TV0_DH_SELF_AGREE[48] = {0xf6, 0x96, 0xbd, 0x1b, 0xda, 0x5e, 0x52, 0x8c, 0x1d, 0x56, 0xa3, 0x6e, 0xd9, 0xba, 0xd7, 0x84, 0xdd, 0x20, 0x1b, 0x50, 0xc9, 0xd8, 0x68, 0xb9, 0x52, 0x93, 0x27, 0xab, 0x17, 0xed, 0xc6, 0xae, 0x89, 0x5e, 0x7f, 0xd9, 0x46, 0x15, 0x87, 0xf4, 0xc8, 0x47, 0x2e, 0xf7, 0x86, 0xf5, 0x87, 0x0b};
static const uint8_t ECC384_TV0_SIG[96] = { 0x98,0x93,0x5f,0x0a,0x05,0x2c,0xba,0x3a,0xd7,0xd2,0x08,0xde,0x64,0xe7,0x77,0x2c,0xbd,0xe6,0xd9,0x16,0x11,0xd2,0xef,0x03,0xba,0x12,0x9f,0x14,0x98,0x49,0x8c,0x2d,0x36,0x50,0xd9,0xcf,0xbb,0x2b,0xea,0xcb,0x28,0xe7,0x0b,0x90,0x43,0x9e,0x01,0x8b,0x52,0xdb,0x46,0xec,0xc7,0xf6,0xa9,0x56,0x88,0x00,0x3c,0xdb,0x4f,0xfe,0x04,0xa1,0xc7,0x4c,0x3f,0xfc,0xb8,0xc8,0x70,0x42,0x12,0xf4,0x37,0xfa,0xcd,0xb9,0x17,0x2f,0x60,0x8c,0xb6,0x05,0xc6,0xce,0x37,0xd6,0xc9,0xf0,0x0b,0x23,0x39,0x10,0x29,0x0d };
static const uint8_t ECC384_TV0_SIG[96] = {0x98, 0x93, 0x5f, 0x0a, 0x05, 0x2c, 0xba, 0x3a, 0xd7, 0xd2, 0x08, 0xde, 0x64, 0xe7, 0x77, 0x2c, 0xbd, 0xe6, 0xd9, 0x16, 0x11, 0xd2, 0xef, 0x03, 0xba, 0x12, 0x9f, 0x14, 0x98, 0x49, 0x8c, 0x2d, 0x36, 0x50, 0xd9, 0xcf, 0xbb, 0x2b, 0xea, 0xcb, 0x28, 0xe7, 0x0b, 0x90, 0x43, 0x9e, 0x01, 0x8b, 0x52, 0xdb, 0x46, 0xec, 0xc7, 0xf6, 0xa9, 0x56, 0x88, 0x00, 0x3c, 0xdb, 0x4f, 0xfe, 0x04, 0xa1, 0xc7, 0x4c, 0x3f, 0xfc, 0xb8, 0xc8, 0x70, 0x42, 0x12, 0xf4, 0x37, 0xfa, 0xcd, 0xb9, 0x17, 0x2f, 0x60, 0x8c, 0xb6, 0x05, 0xc6, 0xce, 0x37, 0xd6, 0xc9, 0xf0, 0x0b, 0x23, 0x39,
0x10, 0x29, 0x0d};
static const uint8_t SALSA20_TV0_KEY[32] = {0x0f, 0x62, 0xb5, 0x08, 0x5b, 0xae, 0x01, 0x54, 0xa7, 0xfa, 0x4d, 0xa0, 0xf3, 0x46, 0x99, 0xec, 0x3f, 0x92, 0xe5, 0x38, 0x8b, 0xde, 0x31, 0x84, 0xd7, 0x2a, 0x7d, 0xd0, 0x23, 0x76, 0xc9, 0x1c};
static const uint8_t SALSA20_TV0_IV[8] = {0x28, 0x8f, 0xf6, 0x5d, 0xc4, 0x2b, 0x92, 0xf9};
@ -103,7 +107,15 @@ static const uint8_t AES_CTR_TEST_VECTOR_0_IN[64] = { 0x6b,0xc1,0xbe,0xe2,0x2e,0
static const uint8_t AES_CTR_TEST_VECTOR_0_OUT[64] = {0x60, 0x1e, 0xc3, 0x13, 0x77, 0x57, 0x89, 0xa5, 0xb7, 0xa7, 0xf5, 0x04, 0xbb, 0xf3, 0xd2, 0x28, 0xf4, 0x43, 0xe3, 0xca, 0x4d, 0x62, 0xb5, 0x9a, 0xca, 0x84, 0xe9, 0x90, 0xca, 0xca, 0xf5, 0xc5, 0x2b, 0x09, 0x30, 0xda, 0xa2, 0x3d, 0xe9, 0x4c, 0xe8, 0x70, 0x17, 0xba, 0x2d, 0x84, 0x98, 0x8d, 0xdf, 0xc9, 0xc5, 0x8d, 0xb6, 0x7a, 0xad, 0xa6, 0x13, 0xc2, 0xdd, 0x08, 0x45, 0x79, 0x41, 0xa6};
// Key and IV are same as test vector 0, input is a buffer filled by iterating 0..777 and setting to these &0xff
static const uint8_t AES_CTR_TEST_VECTOR_1_OUT[777] = { 0x0b,0xde,0x7f,0xf2,0x5d,0x12,0x10,0x34,0x56,0x93,0x81,0x1e,0xc4,0x6d,0xcb,0x0d,0x4a,0x7f,0x7b,0x8e,0x47,0x74,0x0f,0x11,0x4c,0x2a,0x9c,0x27,0x93,0x78,0x65,0x8b,0x3b,0xe0,0x0e,0xbf,0x25,0x44,0x2b,0x7a,0x25,0xa2,0xfc,0x88,0x1b,0xa3,0xe4,0x4d,0x19,0x67,0xd3,0xfb,0x5d,0x00,0x00,0x86,0x86,0xd0,0xa6,0x48,0x9f,0x28,0x48,0x89,0xcb,0x36,0xbd,0xa3,0x9d,0x39,0x4f,0xd5,0x9f,0xbe,0x44,0x57,0xa5,0x82,0x8d,0xf8,0x1c,0xba,0x35,0xd1,0x34,0x53,0x5e,0xd4,0x34,0xfb,0x91,0x1e,0x79,0xc7,0xdb,0xf2,0x79,0xaf,0x31,0x9f,0x54,0x70,0xe7,0x15,0xbd,0x3e,0x76,0x2b,0x82,0x2c,0x37,0x07,0x44,0x1e,0x5b,0x7a,0xca,0xb8,0x17,0x74,0x1c,0x5e,0xa6,0xe0,0x57,0xaa,0x13,0x99,0x5e,0x3c,0x11,0xfe,0xce,0xeb,0x6b,0x8e,0x5e,0xc6,0x79,0xa2,0xa7,0x4c,0x00,0xff,0x0a,0x5d,0xbb,0x3b,0xc5,0x76,0xe7,0x9a,0x53,0x76,0x67,0xee,0x8e,0x73,0x80,0xa8,0x6d,0xad,0x38,0x73,0x62,0x71,0x76,0x8a,0x3d,0x5e,0x42,0xae,0xb8,0x7d,0x61,0xd3,0x1d,0x97,0xd7,0xda,0x51,0xf5,0x89,0x26,0xed,0x45,0x75,0x88,0x65,0x69,0x06,0xe8,0x3d,0x31,0x82,0xe0,0xa4,0x82,0x79,0xf0,0x44,0x7c,0x36,0x4a,0xd0,0x25,0x13,0x30,0x1a,0x1e,0x52,0x5c,0x0e,0xe4,0x68,0x93,0xbf,0x1e,0x5a,0x43,0xc1,0xe6,0x7f,0x8a,0xf7,0xff,0xb8,0x95,0x41,0x6b,0x28,0xbc,0x2a,0xac,0x9e,0x8e,0x7f,0x7c,0xc1,0xd9,0xed,0x0b,0x52,0x55,0x28,0x6c,0xb4,0x15,0x96,0xbe,0xfc,0xe9,0xfd,0x3a,0x84,0xc9,0xd6,0x4f,0x40,0xe4,0xe0,0x59,0xc4,0xfe,0x62,0x8a,0x2c,0xbb,0xcd,0xc2,0x5b,0x4b,0x53,0x67,0x0d,0xc3,0x6d,0x0f,0x67,0xfe,0x20,0x77,0x43,0x98,0x92,0x13,0x15,0x0f,0x9b,0x2c,0x4b,0xa9,0x53,0x2a,0xb2,0xd0,0x72,0x64,0x5e,0x92,0x7f,0x25,0xde,0x0a,0x93,0x46,0x03,0x33,0xdc,0x43,0x4f,0xfa,0x00,0x8a,0xfc,0xcb,0x42,0x3d,0x5f,0x25,0xbc,0xa2,0x78,0xdd,0x3d,0x0c,0x82,0x52,0xd8,0x0a,0x32,0xee,0xc7,0xd8,0x46,0x24,0x63,0xc3,0x33,0xba,0x66,0x0b,0x20,0x74,0xc6,0x06,0x5b,0x2c,0xea,0x06,0xed,0x36,0xda,0xbc,0x3f,0x0a,0xb0,0xa5,0xad,0xd0,0xd6,0x9a,0x33,0x49,0xbe,0xb6,0x94,0xa2,0xef,0x82,0xa4,0x1b,0x81,0x71,0xb9,0xea,0x37,0xfe,0x43,0x48,0xa1,0x30,0x92,0x6f,0x69,0x45,0xc6,0xf7,0xdd,0x0d,0x10,0x3b,0x71,0x59,0x8c,0xfc,0x18,0xf2,0x48,0x21,0xf3,0x6c,0xa8,0xaa,0x33,0xff,0xf4,0x38,0x96,0x5b,0x34,0x43,0x7f,0xcc,0x9c,0x87,0x36,0x3b,0x96,0x3e,0x1a,0xbf,0x6d,0xa1,0x89,0x42,0xb3,0xb9,0x64,0x9e,0xa3,0xef,0x36,0x4a,0x41,0xb9,0xa3,0xb9,0xad,0xa4,0xd9,0x33,0xad,0xa5,0xba,0x41,0x83,0x12,0xc5,0x92,0xf8,0x6a,0x10,0x20,0x1e,0xe0,0xfd,0xe8,0x6d,0xfc,0x4a,0x7c,0x72,0x7f,0x54,0x4d,0x00,0xd5,0x3e,0x6a,0x28,0x94,0x11,0x8a,0x38,0xef,0xb5,0xb6,0xf3,0xbf,0xd2,0xbe,0xf3,0x1e,0x8b,0xe8,0x0c,0xf2,0x9d,0xaf,0xff,0x90,0x4c,0x8a,0x44,0xad,0xd9,0x8b,0x99,0x47,0x65,0x31,0x74,0xb2,0x24,0xb3,0x6d,0xd3,0x4a,0x4c,0x19,0xf6,0x2f,0x53,0x2d,0xb8,0x05,0xd3,0x7d,0x53,0xc9,0xc7,0x7e,0x03,0xeb,0xfc,0x18,0x36,0xe2,0x4b,0xcf,0xfd,0xe8,0x97,0xde,0xd8,0x42,0x80,0x05,0x77,0x8c,0xec,0x15,0xae,0x23,0x13,0xe8,0xa5,0x1c,0xca,0x30,0x60,0x8c,0x20,0x86,0xdf,0xa0,0xd7,0x88,0x2c,0x27,0xa0,0x8f,0x99,0x23,0x9c,0x11,0xa9,0xe6,0x4a,0xfc,0x0a,0x89,0xa4,0x60,0x94,0xa9,0x2e,0x40,0x62,0x22,0xd2,0xae,0x31,0x4b,0x52,0x2c,0x5f,0x9a,0xd6,0x54,0x58,0x08,0xa1,0x97,0x1c,0x28,0xef,0x53,0x5d,0x6a,0x4b,0x07,0xe7,0x62,0x06,0xb2,0xa8,0xb4,0x12,0x9a,0x10,0x12,0xa2,0xe3,0x02,0xce,0xc3,0xa7,0x73,0x47,0xf1,0xfb,0xcb,0x77,0xb5,0x33,0x81,0xb9,0xf7,0x79,0x1d,0x93,0x2d,0x2e,0x14,0x94,0x05,0x36,0xe1,0x41,0xcd,0xdc,0x83,0x05,0xea,0xac,0x61,0xe9,0xe5,0xc2,0x7d,0x53,0x44,0x65,0x8a,0x25,0x0d,0xb4,0x66,0x43,0x5c,0xbf,0x6d,0x7f,0xc0,0x46,0xab,0xab,0xfb,0x0e,0xd2,0x33,0xdf,0x67,0x0a,0x1f,0x29,0x29,0x6c,0x1d,0x32,0x7d,0x3a,0xff,0x10,0x59,0x10,0x79,0x68,0x0a,0x04,0x0d,0x1c,0x4e,0xe0,0x6d,0x1b,0x59,0xfc,0x23,0x6b,0x9c,0x6a,0xde,0x1f,0x1c,0x9f,0x0c,0x1c,0x8f,0x5e,0xd1,0x64,0x7e,0x33,0x2f,0xae,0xdf,0x76,0x87,0xab,0x64,0x04,0xd2,0xc3,0xfe,0x4f,0x95,0x47,0xf2,0x16,0x11,0xdb,0x00,0x56,0xb4,0x96,0x0f,0x1e,0x18,0xc6,0xcd,0xa3,0x29,0x8e,0xd0,0xf3,0x0f,0x85,0x2f,0xa0,0xe7,0x8c,0x12,0x2c,0xdc,0x85,0x0b,0xef,0xb3,0x7d,0x59,0x87,0xaa,0x1d,0xfc,0xde,0xd0,0xbc,0x4c,0xe8,0x49,0x11,0x50,0xf5,0x7f };
static const uint8_t AES_CTR_TEST_VECTOR_1_OUT[777] = {0x0b, 0xde, 0x7f, 0xf2, 0x5d, 0x12, 0x10, 0x34, 0x56, 0x93, 0x81, 0x1e, 0xc4, 0x6d, 0xcb, 0x0d, 0x4a, 0x7f, 0x7b, 0x8e, 0x47, 0x74, 0x0f, 0x11, 0x4c, 0x2a, 0x9c, 0x27, 0x93, 0x78, 0x65, 0x8b, 0x3b, 0xe0, 0x0e, 0xbf, 0x25, 0x44, 0x2b, 0x7a, 0x25, 0xa2, 0xfc, 0x88, 0x1b, 0xa3, 0xe4, 0x4d, 0x19, 0x67, 0xd3, 0xfb, 0x5d, 0x00, 0x00, 0x86, 0x86, 0xd0, 0xa6, 0x48, 0x9f, 0x28, 0x48, 0x89, 0xcb, 0x36, 0xbd, 0xa3, 0x9d, 0x39, 0x4f, 0xd5, 0x9f, 0xbe, 0x44, 0x57, 0xa5, 0x82, 0x8d, 0xf8, 0x1c, 0xba, 0x35, 0xd1, 0x34, 0x53, 0x5e, 0xd4, 0x34, 0xfb, 0x91,
0x1e, 0x79, 0xc7, 0xdb, 0xf2, 0x79, 0xaf, 0x31, 0x9f, 0x54, 0x70, 0xe7, 0x15, 0xbd, 0x3e, 0x76, 0x2b, 0x82, 0x2c, 0x37, 0x07, 0x44, 0x1e, 0x5b, 0x7a, 0xca, 0xb8, 0x17, 0x74, 0x1c, 0x5e, 0xa6, 0xe0, 0x57, 0xaa, 0x13, 0x99, 0x5e, 0x3c, 0x11, 0xfe, 0xce, 0xeb, 0x6b, 0x8e, 0x5e, 0xc6, 0x79, 0xa2, 0xa7, 0x4c, 0x00, 0xff, 0x0a, 0x5d, 0xbb, 0x3b, 0xc5, 0x76, 0xe7, 0x9a, 0x53, 0x76, 0x67, 0xee, 0x8e, 0x73, 0x80, 0xa8, 0x6d, 0xad, 0x38, 0x73, 0x62, 0x71, 0x76, 0x8a, 0x3d, 0x5e, 0x42, 0xae, 0xb8, 0x7d, 0x61, 0xd3, 0x1d, 0x97, 0xd7, 0xda, 0x51, 0xf5,
0x89, 0x26, 0xed, 0x45, 0x75, 0x88, 0x65, 0x69, 0x06, 0xe8, 0x3d, 0x31, 0x82, 0xe0, 0xa4, 0x82, 0x79, 0xf0, 0x44, 0x7c, 0x36, 0x4a, 0xd0, 0x25, 0x13, 0x30, 0x1a, 0x1e, 0x52, 0x5c, 0x0e, 0xe4, 0x68, 0x93, 0xbf, 0x1e, 0x5a, 0x43, 0xc1, 0xe6, 0x7f, 0x8a, 0xf7, 0xff, 0xb8, 0x95, 0x41, 0x6b, 0x28, 0xbc, 0x2a, 0xac, 0x9e, 0x8e, 0x7f, 0x7c, 0xc1, 0xd9, 0xed, 0x0b, 0x52, 0x55, 0x28, 0x6c, 0xb4, 0x15, 0x96, 0xbe, 0xfc, 0xe9, 0xfd, 0x3a, 0x84, 0xc9, 0xd6, 0x4f, 0x40, 0xe4, 0xe0, 0x59, 0xc4, 0xfe, 0x62, 0x8a, 0x2c, 0xbb, 0xcd, 0xc2, 0x5b, 0x4b, 0x53,
0x67, 0x0d, 0xc3, 0x6d, 0x0f, 0x67, 0xfe, 0x20, 0x77, 0x43, 0x98, 0x92, 0x13, 0x15, 0x0f, 0x9b, 0x2c, 0x4b, 0xa9, 0x53, 0x2a, 0xb2, 0xd0, 0x72, 0x64, 0x5e, 0x92, 0x7f, 0x25, 0xde, 0x0a, 0x93, 0x46, 0x03, 0x33, 0xdc, 0x43, 0x4f, 0xfa, 0x00, 0x8a, 0xfc, 0xcb, 0x42, 0x3d, 0x5f, 0x25, 0xbc, 0xa2, 0x78, 0xdd, 0x3d, 0x0c, 0x82, 0x52, 0xd8, 0x0a, 0x32, 0xee, 0xc7, 0xd8, 0x46, 0x24, 0x63, 0xc3, 0x33, 0xba, 0x66, 0x0b, 0x20, 0x74, 0xc6, 0x06, 0x5b, 0x2c, 0xea, 0x06, 0xed, 0x36, 0xda, 0xbc, 0x3f, 0x0a, 0xb0, 0xa5, 0xad, 0xd0, 0xd6, 0x9a, 0x33, 0x49,
0xbe, 0xb6, 0x94, 0xa2, 0xef, 0x82, 0xa4, 0x1b, 0x81, 0x71, 0xb9, 0xea, 0x37, 0xfe, 0x43, 0x48, 0xa1, 0x30, 0x92, 0x6f, 0x69, 0x45, 0xc6, 0xf7, 0xdd, 0x0d, 0x10, 0x3b, 0x71, 0x59, 0x8c, 0xfc, 0x18, 0xf2, 0x48, 0x21, 0xf3, 0x6c, 0xa8, 0xaa, 0x33, 0xff, 0xf4, 0x38, 0x96, 0x5b, 0x34, 0x43, 0x7f, 0xcc, 0x9c, 0x87, 0x36, 0x3b, 0x96, 0x3e, 0x1a, 0xbf, 0x6d, 0xa1, 0x89, 0x42, 0xb3, 0xb9, 0x64, 0x9e, 0xa3, 0xef, 0x36, 0x4a, 0x41, 0xb9, 0xa3, 0xb9, 0xad, 0xa4, 0xd9, 0x33, 0xad, 0xa5, 0xba, 0x41, 0x83, 0x12, 0xc5, 0x92, 0xf8, 0x6a, 0x10, 0x20, 0x1e,
0xe0, 0xfd, 0xe8, 0x6d, 0xfc, 0x4a, 0x7c, 0x72, 0x7f, 0x54, 0x4d, 0x00, 0xd5, 0x3e, 0x6a, 0x28, 0x94, 0x11, 0x8a, 0x38, 0xef, 0xb5, 0xb6, 0xf3, 0xbf, 0xd2, 0xbe, 0xf3, 0x1e, 0x8b, 0xe8, 0x0c, 0xf2, 0x9d, 0xaf, 0xff, 0x90, 0x4c, 0x8a, 0x44, 0xad, 0xd9, 0x8b, 0x99, 0x47, 0x65, 0x31, 0x74, 0xb2, 0x24, 0xb3, 0x6d, 0xd3, 0x4a, 0x4c, 0x19, 0xf6, 0x2f, 0x53, 0x2d, 0xb8, 0x05, 0xd3, 0x7d, 0x53, 0xc9, 0xc7, 0x7e, 0x03, 0xeb, 0xfc, 0x18, 0x36, 0xe2, 0x4b, 0xcf, 0xfd, 0xe8, 0x97, 0xde, 0xd8, 0x42, 0x80, 0x05, 0x77, 0x8c, 0xec, 0x15, 0xae, 0x23, 0x13,
0xe8, 0xa5, 0x1c, 0xca, 0x30, 0x60, 0x8c, 0x20, 0x86, 0xdf, 0xa0, 0xd7, 0x88, 0x2c, 0x27, 0xa0, 0x8f, 0x99, 0x23, 0x9c, 0x11, 0xa9, 0xe6, 0x4a, 0xfc, 0x0a, 0x89, 0xa4, 0x60, 0x94, 0xa9, 0x2e, 0x40, 0x62, 0x22, 0xd2, 0xae, 0x31, 0x4b, 0x52, 0x2c, 0x5f, 0x9a, 0xd6, 0x54, 0x58, 0x08, 0xa1, 0x97, 0x1c, 0x28, 0xef, 0x53, 0x5d, 0x6a, 0x4b, 0x07, 0xe7, 0x62, 0x06, 0xb2, 0xa8, 0xb4, 0x12, 0x9a, 0x10, 0x12, 0xa2, 0xe3, 0x02, 0xce, 0xc3, 0xa7, 0x73, 0x47, 0xf1, 0xfb, 0xcb, 0x77, 0xb5, 0x33, 0x81, 0xb9, 0xf7, 0x79, 0x1d, 0x93, 0x2d, 0x2e, 0x14, 0x94,
0x05, 0x36, 0xe1, 0x41, 0xcd, 0xdc, 0x83, 0x05, 0xea, 0xac, 0x61, 0xe9, 0xe5, 0xc2, 0x7d, 0x53, 0x44, 0x65, 0x8a, 0x25, 0x0d, 0xb4, 0x66, 0x43, 0x5c, 0xbf, 0x6d, 0x7f, 0xc0, 0x46, 0xab, 0xab, 0xfb, 0x0e, 0xd2, 0x33, 0xdf, 0x67, 0x0a, 0x1f, 0x29, 0x29, 0x6c, 0x1d, 0x32, 0x7d, 0x3a, 0xff, 0x10, 0x59, 0x10, 0x79, 0x68, 0x0a, 0x04, 0x0d, 0x1c, 0x4e, 0xe0, 0x6d, 0x1b, 0x59, 0xfc, 0x23, 0x6b, 0x9c, 0x6a, 0xde, 0x1f, 0x1c, 0x9f, 0x0c, 0x1c, 0x8f, 0x5e, 0xd1, 0x64, 0x7e, 0x33, 0x2f, 0xae, 0xdf, 0x76, 0x87, 0xab, 0x64, 0x04, 0xd2, 0xc3, 0xfe, 0x4f,
0x95, 0x47, 0xf2, 0x16, 0x11, 0xdb, 0x00, 0x56, 0xb4, 0x96, 0x0f, 0x1e, 0x18, 0xc6, 0xcd, 0xa3, 0x29, 0x8e, 0xd0, 0xf3, 0x0f, 0x85, 0x2f, 0xa0, 0xe7, 0x8c, 0x12, 0x2c, 0xdc, 0x85, 0x0b, 0xef, 0xb3, 0x7d, 0x59, 0x87, 0xaa, 0x1d, 0xfc, 0xde, 0xd0, 0xbc, 0x4c, 0xe8, 0x49, 0x11, 0x50, 0xf5, 0x7f};
static const uint8_t AES_GMAC_VECTOR_0_KEY[32] = {0xbb, 0x10, 0x10, 0x06, 0x4f, 0xb8, 0x35, 0x23, 0xea, 0x9d, 0xf3, 0x2b, 0xad, 0x9f, 0x1f, 0x2a, 0x4f, 0xce, 0xfc, 0x0f, 0x21, 0x07, 0xc0, 0xaa, 0xba, 0xd9, 0xb7, 0x56, 0xd8, 0x09, 0x21, 0x9d};
static const uint8_t AES_GMAC_VECTOR_0_IV[12] = {0x2f, 0x9a, 0xd0, 0x12, 0xad, 0xfc, 0x12, 0x73, 0x43, 0xfb, 0xe0, 0x56};
@ -117,7 +129,12 @@ static const uint8_t AES_GMAC_VECTOR_1_OUT[16] = { 0x6E,0xE1,0x60,0xE8,0xFA,0xEC
static const uint8_t AES_GMAC_VECTOR_2_KEY[32] = {0x63, 0x2f, 0xd9, 0x48, 0xcf, 0x70, 0xe2, 0xee, 0x70, 0x63, 0xe8, 0x7a, 0x4a, 0x2a, 0x39, 0x9b, 0x67, 0x08, 0x64, 0x03, 0x68, 0x9d, 0xbc, 0x60, 0xea, 0x68, 0x4a, 0x7a, 0x83, 0x37, 0x00, 0xfe};
static const uint8_t AES_GMAC_VECTOR_2_IV[12] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b};
static const uint8_t AES_GMAC_VECTOR_2_IN[541] = { 0xc8,0x36,0x38,0xe8,0x53,0xc8,0x86,0xa3,0xe3,0xad,0x9e,0x2a,0x91,0x47,0xb9,0x51,0xad,0xf7,0x78,0x89,0x9a,0xeb,0x80,0x41,0x67,0xa9,0x16,0xc4,0x93,0xcc,0x77,0x3d,0x8c,0xcf,0x4d,0xb5,0x0b,0xda,0xfd,0xc2,0x8c,0x83,0x5d,0x66,0x43,0x74,0x21,0xbd,0xc4,0xab,0x41,0xd8,0x40,0x53,0x34,0xe8,0x05,0xcb,0x89,0x45,0x09,0xb0,0xa4,0xa6,0x04,0x95,0x19,0x2c,0xab,0x94,0xe1,0x8d,0x7b,0x59,0x8b,0xb9,0x31,0xae,0x3c,0x25,0xd3,0x23,0xab,0x8f,0x95,0xa3,0x8b,0xa5,0xc1,0x66,0x8b,0x57,0xe4,0x88,0x70,0xc9,0xe0,0xa1,0x16,0x39,0xf8,0x12,0xb3,0xe5,0x95,0x38,0x3a,0x01,0x1d,0xcc,0xc0,0xc3,0xa9,0x1c,0x72,0xa7,0x46,0x79,0x51,0x05,0xb2,0x85,0x5a,0x97,0x16,0x97,0xa6,0x85,0xa4,0xf2,0x0b,0x3c,0x90,0x52,0xa3,0xe0,0xbe,0xad,0x06,0x1b,0x8e,0x04,0x22,0xeb,0x3a,0x48,0xb9,0x84,0x24,0x0b,0x24,0x42,0xd9,0xed,0x6b,0x5c,0xc1,0xb6,0x2e,0xa5,0xc0,0x07,0xfe,0x3e,0xbc,0x9a,0x92,0x26,0xb5,0xa6,0x5f,0x09,0x13,0x85,0x5a,0xcf,0x61,0x56,0x65,0x0f,0x4c,0x64,0x79,0xfa,0x0a,0xcf,0xc0,0x95,0x8d,0x4d,0xc6,0xbe,0xee,0xb3,0x67,0xd8,0xa7,0x40,0x90,0x61,0xe3,0xba,0xcb,0x18,0xe0,0x61,0x7b,0x33,0x86,0xf7,0xef,0x64,0xe5,0x36,0xf0,0x9c,0xb6,0x34,0xb1,0xe1,0x2a,0xd8,0xd8,0x5e,0x6b,0x61,0x92,0xa0,0x8e,0x04,0x7b,0xbf,0xa5,0x84,0x39,0x3a,0xe0,0x27,0xc7,0xb0,0x83,0x88,0x4f,0x3e,0x49,0x14,0xaa,0x34,0xde,0xb4,0xbb,0x4c,0xe4,0xbf,0xae,0x9a,0xf9,0x88,0x7a,0x1f,0x18,0xa0,0x8c,0x60,0xc0,0x5c,0x46,0xa1,0xd1,0x36,0x99,0x60,0x9b,0x73,0xa2,0x9a,0x0b,0x8d,0x6e,0x2f,0xe1,0x58,0x7a,0x39,0x71,0xed,0xfc,0x34,0xe4,0x98,0x57,0x7e,0x86,0xf1,0xe5,0x00,0x7d,0x1b,0x6a,0xfa,0xf8,0x6e,0x7b,0x12,0x44,0x04,0x60,0x02,0x81,0x12,0x09,0x00,0xb4,0x35,0x9e,0x03,0x73,0x79,0x9b,0x13,0xc5,0xd7,0x0e,0xce,0x49,0x87,0x48,0x1a,0x67,0x89,0x93,0xef,0xd1,0xdf,0x2d,0x48,0x6d,0x30,0xd5,0xec,0x49,0xfe,0x15,0x1b,0xa6,0x2b,0x6c,0x08,0x8e,0x39,0x73,0x68,0x87,0xa7,0x43,0x28,0x16,0x77,0x86,0xd1,0xcb,0x13,0xe4,0xd3,0xda,0x63,0xcd,0x3a,0x2a,0x35,0xd5,0xfa,0x36,0x67,0xc8,0x4c,0x6b,0xa1,0x8a,0xaf,0x7b,0x4c,0x43,0xb0,0x2f,0x4a,0xcc,0xc0,0x11,0xc6,0x30,0x8e,0xa3,0xd2,0x4a,0x1b,0x2a,0x4f,0xec,0x97,0x83,0xa6,0x4c,0xee,0x51,0xaf,0x06,0x0a,0x1d,0x80,0xd9,0xcf,0xb7,0x69,0x23,0x15,0x3a,0x26,0x04,0x34,0x33,0x76,0x30,0x9f,0xfb,0x56,0xb4,0x26,0xee,0xfa,0x54,0x6c,0x18,0xf9,0xd5,0x32,0x5d,0x03,0xcb,0x2c,0x20,0x30,0x0c,0xa0,0xbb,0xde,0x01,0x77,0x65,0xb0,0x18,0x30,0xd2,0x55,0x9f,0x9b,0xcf,0xb8,0x9b,0xb4,0xbc,0x0b,0x49,0x52,0x53,0x30,0x48,0xa5,0x12,0xe5,0x3b,0x47,0x84,0xff,0xf1,0x53,0x5d,0x5c,0x04,0x70,0x63,0x91,0xc3,0xc0,0xf0,0xea,0xcb,0x44,0x4f,0x8c,0x85,0x42,0x6a,0xc7,0xfa,0xc7,0xb5,0x30,0x03,0x12,0x65,0xca,0xba,0x4f,0x67,0xbb,0xef,0xb6,0xc6,0x3f,0x19,0xe2,0xb5,0x4b,0x8c,0xfc,0x9e,0x18,0xb0,0x33,0x89,0x6e,0xde,0x61,0x0a,0xe3,0x5e,0xa3,0x5d,0x2e,0x80,0x3e,0x53,0x67,0xfb,0x7b,0x7a,0xbf,0xd5,0xf4,0x47 };
static const uint8_t AES_GMAC_VECTOR_2_IN[541] = {0xc8, 0x36, 0x38, 0xe8, 0x53, 0xc8, 0x86, 0xa3, 0xe3, 0xad, 0x9e, 0x2a, 0x91, 0x47, 0xb9, 0x51, 0xad, 0xf7, 0x78, 0x89, 0x9a, 0xeb, 0x80, 0x41, 0x67, 0xa9, 0x16, 0xc4, 0x93, 0xcc, 0x77, 0x3d, 0x8c, 0xcf, 0x4d, 0xb5, 0x0b, 0xda, 0xfd, 0xc2, 0x8c, 0x83, 0x5d, 0x66, 0x43, 0x74, 0x21, 0xbd, 0xc4, 0xab, 0x41, 0xd8, 0x40, 0x53, 0x34, 0xe8, 0x05, 0xcb, 0x89, 0x45, 0x09, 0xb0, 0xa4, 0xa6, 0x04, 0x95, 0x19, 0x2c, 0xab, 0x94, 0xe1, 0x8d, 0x7b, 0x59, 0x8b, 0xb9, 0x31, 0xae, 0x3c, 0x25, 0xd3, 0x23, 0xab, 0x8f, 0x95, 0xa3, 0x8b, 0xa5, 0xc1, 0x66, 0x8b,
0x57, 0xe4, 0x88, 0x70, 0xc9, 0xe0, 0xa1, 0x16, 0x39, 0xf8, 0x12, 0xb3, 0xe5, 0x95, 0x38, 0x3a, 0x01, 0x1d, 0xcc, 0xc0, 0xc3, 0xa9, 0x1c, 0x72, 0xa7, 0x46, 0x79, 0x51, 0x05, 0xb2, 0x85, 0x5a, 0x97, 0x16, 0x97, 0xa6, 0x85, 0xa4, 0xf2, 0x0b, 0x3c, 0x90, 0x52, 0xa3, 0xe0, 0xbe, 0xad, 0x06, 0x1b, 0x8e, 0x04, 0x22, 0xeb, 0x3a, 0x48, 0xb9, 0x84, 0x24, 0x0b, 0x24, 0x42, 0xd9, 0xed, 0x6b, 0x5c, 0xc1, 0xb6, 0x2e, 0xa5, 0xc0, 0x07, 0xfe, 0x3e, 0xbc, 0x9a, 0x92, 0x26, 0xb5, 0xa6, 0x5f, 0x09, 0x13, 0x85, 0x5a, 0xcf, 0x61, 0x56, 0x65, 0x0f, 0x4c, 0x64,
0x79, 0xfa, 0x0a, 0xcf, 0xc0, 0x95, 0x8d, 0x4d, 0xc6, 0xbe, 0xee, 0xb3, 0x67, 0xd8, 0xa7, 0x40, 0x90, 0x61, 0xe3, 0xba, 0xcb, 0x18, 0xe0, 0x61, 0x7b, 0x33, 0x86, 0xf7, 0xef, 0x64, 0xe5, 0x36, 0xf0, 0x9c, 0xb6, 0x34, 0xb1, 0xe1, 0x2a, 0xd8, 0xd8, 0x5e, 0x6b, 0x61, 0x92, 0xa0, 0x8e, 0x04, 0x7b, 0xbf, 0xa5, 0x84, 0x39, 0x3a, 0xe0, 0x27, 0xc7, 0xb0, 0x83, 0x88, 0x4f, 0x3e, 0x49, 0x14, 0xaa, 0x34, 0xde, 0xb4, 0xbb, 0x4c, 0xe4, 0xbf, 0xae, 0x9a, 0xf9, 0x88, 0x7a, 0x1f, 0x18, 0xa0, 0x8c, 0x60, 0xc0, 0x5c, 0x46, 0xa1, 0xd1, 0x36, 0x99, 0x60, 0x9b,
0x73, 0xa2, 0x9a, 0x0b, 0x8d, 0x6e, 0x2f, 0xe1, 0x58, 0x7a, 0x39, 0x71, 0xed, 0xfc, 0x34, 0xe4, 0x98, 0x57, 0x7e, 0x86, 0xf1, 0xe5, 0x00, 0x7d, 0x1b, 0x6a, 0xfa, 0xf8, 0x6e, 0x7b, 0x12, 0x44, 0x04, 0x60, 0x02, 0x81, 0x12, 0x09, 0x00, 0xb4, 0x35, 0x9e, 0x03, 0x73, 0x79, 0x9b, 0x13, 0xc5, 0xd7, 0x0e, 0xce, 0x49, 0x87, 0x48, 0x1a, 0x67, 0x89, 0x93, 0xef, 0xd1, 0xdf, 0x2d, 0x48, 0x6d, 0x30, 0xd5, 0xec, 0x49, 0xfe, 0x15, 0x1b, 0xa6, 0x2b, 0x6c, 0x08, 0x8e, 0x39, 0x73, 0x68, 0x87, 0xa7, 0x43, 0x28, 0x16, 0x77, 0x86, 0xd1, 0xcb, 0x13, 0xe4, 0xd3,
0xda, 0x63, 0xcd, 0x3a, 0x2a, 0x35, 0xd5, 0xfa, 0x36, 0x67, 0xc8, 0x4c, 0x6b, 0xa1, 0x8a, 0xaf, 0x7b, 0x4c, 0x43, 0xb0, 0x2f, 0x4a, 0xcc, 0xc0, 0x11, 0xc6, 0x30, 0x8e, 0xa3, 0xd2, 0x4a, 0x1b, 0x2a, 0x4f, 0xec, 0x97, 0x83, 0xa6, 0x4c, 0xee, 0x51, 0xaf, 0x06, 0x0a, 0x1d, 0x80, 0xd9, 0xcf, 0xb7, 0x69, 0x23, 0x15, 0x3a, 0x26, 0x04, 0x34, 0x33, 0x76, 0x30, 0x9f, 0xfb, 0x56, 0xb4, 0x26, 0xee, 0xfa, 0x54, 0x6c, 0x18, 0xf9, 0xd5, 0x32, 0x5d, 0x03, 0xcb, 0x2c, 0x20, 0x30, 0x0c, 0xa0, 0xbb, 0xde, 0x01, 0x77, 0x65, 0xb0, 0x18, 0x30, 0xd2, 0x55, 0x9f,
0x9b, 0xcf, 0xb8, 0x9b, 0xb4, 0xbc, 0x0b, 0x49, 0x52, 0x53, 0x30, 0x48, 0xa5, 0x12, 0xe5, 0x3b, 0x47, 0x84, 0xff, 0xf1, 0x53, 0x5d, 0x5c, 0x04, 0x70, 0x63, 0x91, 0xc3, 0xc0, 0xf0, 0xea, 0xcb, 0x44, 0x4f, 0x8c, 0x85, 0x42, 0x6a, 0xc7, 0xfa, 0xc7, 0xb5, 0x30, 0x03, 0x12, 0x65, 0xca, 0xba, 0x4f, 0x67, 0xbb, 0xef, 0xb6, 0xc6, 0x3f, 0x19, 0xe2, 0xb5, 0x4b, 0x8c, 0xfc, 0x9e, 0x18, 0xb0, 0x33, 0x89, 0x6e, 0xde, 0x61, 0x0a, 0xe3, 0x5e, 0xa3, 0x5d, 0x2e, 0x80, 0x3e, 0x53, 0x67, 0xfb, 0x7b, 0x7a, 0xbf, 0xd5, 0xf4, 0x47};
static const uint8_t AES_GMAC_VECTOR_2_OUT[16] = {0x67, 0x39, 0x4f, 0x00, 0x04, 0x28, 0xaf, 0xe9, 0xb4, 0x2e, 0xb5, 0x3c, 0x42, 0x24, 0x86, 0xa3};
struct C25519TestVector
@ -178,28 +195,27 @@ static const C25519TestVector C25519_TEST_VECTORS[ZT_NUM_C25519_TEST_VECTORS] =
#define ZT_ENDIAN_S "big"
#endif
#define ZT_SETSTR(s,v) Utils::scopy((s), sizeof(s), v)
// Increments and decrements a counter based on object create/destroy
class LifeCycleTracker
{
public:
ZT_INLINE LifeCycleTracker() :
cnt(nullptr)
{
}
{}
ZT_INLINE LifeCycleTracker(const LifeCycleTracker &ltc) :
cnt(ltc.cnt)
{
if (cnt) ++*cnt;
}
{ if (cnt) ++*cnt; }
explicit ZT_INLINE LifeCycleTracker(long &c) :
cnt(&c)
{
++c;
}
{ ++c; }
ZT_INLINE ~LifeCycleTracker()
{
if (cnt) --*cnt;
}
{ if (cnt) --*cnt; }
ZT_INLINE LifeCycleTracker &operator=(const LifeCycleTracker &ltc)
{
if (&ltc != this) {
@ -209,9 +225,109 @@ public:
}
return *this;
}
long *cnt;
};
static bool ZTT_deepCompareCertificateIdentities(const ZT_Certificate_Identity *const a, const ZT_Certificate_Identity *const b)
{
if (a == nullptr)
return (b == nullptr);
if ( ((a->identity == nullptr) != (b->identity == nullptr)) || ((a->locator == nullptr) != (b->locator == nullptr)) )
return false;
if ((a->identity) && (*reinterpret_cast<const Identity *>(a->identity) != *reinterpret_cast<const Identity *>(b->identity)))
return false;
return !((a->locator) && (*reinterpret_cast<const Locator *>(a->locator) != *reinterpret_cast<const Locator *>(b->locator)));
}
static bool ZTT_deepCompareCertificateName(const ZT_Certificate_Name &a, const ZT_Certificate_Name &b)
{
return (
(strcmp(a.serialNo, b.serialNo) != 0) ||
(strcmp(a.streetAddress, b.streetAddress) != 0) ||
(strcmp(a.organization, b.organization) != 0) ||
(strcmp(a.country, b.country) != 0) ||
(strcmp(a.commonName, b.commonName) != 0) ||
(strcmp(a.email, b.email) != 0) ||
(strcmp(a.host, b.host) != 0) ||
(strcmp(a.locality, b.locality) != 0) ||
(strcmp(a.postalCode, b.postalCode) != 0) ||
(strcmp(a.province, b.province) != 0) ||
(strcmp(a.unit, b.unit) != 0) ||
(strcmp(a.url, b.url) != 0));
}
// This performs a detailed deep comparison of two certificates to catch any
// potential encode/decode errors that might not be caught by just testing
// for serial number (hash) equivalency... as the hash is computed from the
// decode output!
static bool ZTT_deepCompareCertificates(const Certificate &a, const Certificate &b)
{
if (a != b)
return false;
if (
(memcmp(a.serialNo, b.serialNo, sizeof(a.serialNo)) != 0) ||
(a.flags != b.flags) ||
(a.timestamp != b.timestamp) ||
(a.validity[0] != b.validity[0]) ||
(a.validity[1] != b.validity[1]) ||
(a.subject.timestamp != b.subject.timestamp) ||
(a.subject.identityCount != b.subject.identityCount) ||
(a.subject.networkCount != b.subject.networkCount) ||
(a.subject.updateUrlCount != b.subject.updateUrlCount) ||
(a.subject.uniqueIdSize != b.subject.uniqueIdSize) ||
(a.subject.uniqueIdProofSignatureSize != b.subject.uniqueIdProofSignatureSize) ||
(a.maxPathLength != b.maxPathLength) ||
(a.signatureSize != b.signatureSize)
) return false;
if (
(memcmp(a.subject.uniqueId, b.subject.uniqueId, a.subject.uniqueIdSize) != 0) ||
(memcmp(a.subject.uniqueIdProofSignature, b.subject.uniqueIdProofSignature, a.subject.uniqueIdProofSignatureSize) != 0) ||
(memcmp(a.signature, b.signature, a.signatureSize) != 0)
) return false;
if ((!ZTT_deepCompareCertificateName(a.subject.name, b.subject.name)) || (!ZTT_deepCompareCertificateName(a.issuerName, b.issuerName)))
return false;
if ((a.issuer == nullptr) != (b.issuer == nullptr))
return false;
if ((a.issuer != nullptr) && (*reinterpret_cast<const Identity *>(a.issuer) != *reinterpret_cast<const Identity *>(b.issuer)))
return false;
for(unsigned int i=0;i<a.subject.identityCount;++i) {
if (!ZTT_deepCompareCertificateIdentities(a.subject.identities + i, b.subject.identities + i))
return false;
}
for(unsigned int i=0;i<a.subject.networkCount;++i) {
if (a.subject.networks[i].id != b.subject.networks[i].id)
return false;
if (a.subject.networks[i].controller.address != b.subject.networks[i].controller.address)
return false;
if (memcmp(a.subject.networks[i].controller.hash, b.subject.networks[i].controller.hash, ZT_FINGERPRINT_HASH_SIZE) != 0)
return false;
}
for(unsigned int i=0;i<a.subject.certificateCount;++i) {
if ((!a.subject.certificates) || (!b.subject.certificates))
return false;
if ((!a.subject.certificates[i]) || (!b.subject.certificates[i]))
return false;
if (memcmp(a.subject.certificates[i], b.subject.certificates[i], ZT_SHA384_DIGEST_SIZE) != 0)
return false;
}
for(unsigned int i=0;i<a.subject.updateUrlCount;++i) {
if ((!a.subject.updateUrls) || (!b.subject.updateUrls))
return false;
if ((!a.subject.updateUrls[i]) || (!b.subject.updateUrls[i]))
return false;
if (strcmp(a.subject.updateUrls[i], b.subject.updateUrls[i]) != 0)
return false;
}
return true;
}
extern "C" const char *ZTT_general()
{
try {
@ -957,6 +1073,51 @@ extern "C" const char *ZTT_crypto()
}
ZT_T_PRINTF("OK" ZT_EOL_S);
}
{
char tmp[4096];
ZT_T_PRINTF("[crypto] Testing Certificate..." ZT_EOL_S);
Certificate cert;
ZT_T_PRINTF(" Create test subject and issuer identities... ");
Identity testSubjectId, testIssuerId;
testSubjectId.generate(Identity::C25519);
testSubjectId.generate(Identity::P384);
ZT_T_PRINTF("OK" ZT_EOL_S);
ZT_T_PRINTF(" Create subject unique ID... ");
uint8_t uniqueId[ZT_CERTIFICATE_UNIQUE_ID_SIZE_TYPE_NIST_P_384], uniqueIdPrivate[ZT_CERTIFICATE_UNIQUE_ID_PRIVATE_KEY_SIZE_TYPE_NIST_P_384];
Certificate::createSubjectUniqueId(uniqueId, uniqueIdPrivate);
Utils::b32e(uniqueId, ZT_CERTIFICATE_UNIQUE_ID_SIZE_TYPE_NIST_P_384, tmp, sizeof(tmp));
ZT_T_PRINTF("OK %s" ZT_EOL_S, tmp);
ZT_T_PRINTF(" Create and sign certificate... ");
cert.subject.timestamp = now();
cert.addSubjectIdentity(testSubjectId);
cert.addSubjectNetwork(12345, testSubjectId.fingerprint());
cert.addSubjectUpdateUrl("https://www.zerotier.com/");
ZT_SETSTR(cert.subject.name.serialNo, "serialNo");
ZT_SETSTR(cert.subject.name.commonName, "commonName");
ZT_SETSTR(cert.subject.name.country, "country");
ZT_SETSTR(cert.subject.name.organization, "organization");
ZT_SETSTR(cert.subject.name.unit, "unit");
ZT_SETSTR(cert.subject.name.locality, "locality");
ZT_SETSTR(cert.subject.name.province, "province");
ZT_SETSTR(cert.subject.name.streetAddress, "streetAddress");
ZT_SETSTR(cert.subject.name.postalCode, "postalCode");
ZT_SETSTR(cert.subject.name.email, "email");
ZT_SETSTR(cert.subject.name.url, "url");
ZT_SETSTR(cert.subject.name.host, "host");
cert.timestamp = cert.subject.timestamp;
cert.validity[0] = 0;
cert.validity[1] = 9223372036854775807LL;
Utils::copy<sizeof(ZT_Certificate_Subject)>(&cert.issuerName, &cert.subject.name);
Certificate::setSubjectUniqueId(cert.subject, uniqueId, uniqueIdPrivate);
cert.sign(testIssuerId);
Vector< uint8_t > enc(cert.encode());
ZT_T_PRINTF("OK (%d bytes)" ZT_EOL_S, (int)enc.size());
}
} catch (std::exception &e) {
ZT_T_PRINTF(ZT_EOL_S "[crypto] Unexpected exception: %s" ZT_EOL_S, e.what());
return e.what();
@ -1174,6 +1335,7 @@ extern "C" const char *ZTT_benchmarkCrypto()
}
#ifdef ZT_STANDALONE_TESTS
int main(int argc, char **argv)
{
bool ok = true;
@ -1187,6 +1349,7 @@ int main(int argc,char **argv)
}
return 0;
}
#endif
#endif // ZT_ENABLE_TESTS

82
core/Utils.hpp
View file

@ -702,56 +702,19 @@ static ZT_INLINE void storeLittleEndian(void *const p, const I i) noexcept
* @param dest Destination memory
* @param src Source memory
*/
template< unsigned int L >
static ZT_INLINE void copy(void *const dest, const void *const src) noexcept
template< unsigned long L >
static ZT_INLINE void copy(void *dest, const void *src) noexcept
{
#ifdef ZT_ARCH_X64
uint8_t *volatile d = reinterpret_cast<uint8_t *>(dest);
const uint8_t *s = reinterpret_cast<const uint8_t *>(src);
for (unsigned int i = 0; i < (L >> 6U); ++i) {
__m128i x0 = _mm_loadu_si128(reinterpret_cast<const __m128i *>(s));
__m128i x1 = _mm_loadu_si128(reinterpret_cast<const __m128i *>(s + 16));
__m128i x2 = _mm_loadu_si128(reinterpret_cast<const __m128i *>(s + 32));
__m128i x3 = _mm_loadu_si128(reinterpret_cast<const __m128i *>(s + 48));
s += 64;
_mm_storeu_si128(reinterpret_cast<__m128i *>(d), x0);
_mm_storeu_si128(reinterpret_cast<__m128i *>(d + 16), x1);
_mm_storeu_si128(reinterpret_cast<__m128i *>(d + 32), x2);
_mm_storeu_si128(reinterpret_cast<__m128i *>(d + 48), x3);
d += 64;
}
if ((L & 32U) != 0) {
__m128i x0 = _mm_loadu_si128(reinterpret_cast<const __m128i *>(s));
__m128i x1 = _mm_loadu_si128(reinterpret_cast<const __m128i *>(s + 16));
s += 32;
_mm_storeu_si128(reinterpret_cast<__m128i *>(d), x0);
_mm_storeu_si128(reinterpret_cast<__m128i *>(d + 16), x1);
d += 32;
}
if ((L & 16U) != 0) {
__m128i x0 = _mm_loadu_si128(reinterpret_cast<const __m128i *>(s));
s += 16;
_mm_storeu_si128(reinterpret_cast<__m128i *>(d), x0);
d += 16;
}
if ((L & 8U) != 0) {
*reinterpret_cast<volatile uint64_t *>(d) = *reinterpret_cast<const uint64_t *>(s);
s += 8;
d += 8;
}
if ((L & 4U) != 0) {
*reinterpret_cast<volatile uint32_t *>(d) = *reinterpret_cast<const uint32_t *>(s);
s += 4;
d += 4;
}
if ((L & 2U) != 0) {
*reinterpret_cast<volatile uint16_t *>(d) = *reinterpret_cast<const uint16_t *>(s);
s += 2;
d += 2;
}
if ((L & 1U) != 0) {
*d = *s;
}
#if defined(ZT_ARCH_X64) && defined(__GNUC__)
unsigned long l = L;
asm volatile ("rep movsb"
: "=D" (dest),
"=S" (src),
"=c" (l)
: "0" (dest),
"1" (src),
"2" (l)
: "memory");
#else
memcpy(dest, src, L);
#endif
@ -764,8 +727,21 @@ static ZT_INLINE void copy(void *const dest, const void *const src) noexcept
* @param src Source memory
* @param len Bytes to copy
*/
static ZT_INLINE void copy(void *const dest, const void *const src, unsigned int len) noexcept
{ memcpy(dest, src, len); }
static ZT_INLINE void copy(void *dest, const void *src, unsigned long len) noexcept
{
#if defined(ZT_ARCH_X64) && defined(__GNUC__)
asm volatile ("rep movsb"
: "=D" (dest),
"=S" (src),
"=c" (len)
: "0" (dest),
"1" (src),
"2" (len)
: "memory");
#else
memcpy(dest, src, len);
#endif
}
/**
* Zero memory block whose size is known at compile time
@ -773,7 +749,7 @@ static ZT_INLINE void copy(void *const dest, const void *const src, unsigned int
* @tparam L Size in bytes
* @param dest Memory to zero
*/
template< unsigned int L >
template< unsigned long L >
static ZT_INLINE void zero(void *const dest) noexcept
{ memset(dest, 0, L); }
@ -783,7 +759,7 @@ static ZT_INLINE void zero(void *const dest) noexcept
* @param dest Memory to zero
* @param len Size in bytes
*/
static ZT_INLINE void zero(void *const dest, const unsigned int len) noexcept
static ZT_INLINE void zero(void *const dest, const unsigned long len) noexcept
{ memset(dest, 0, len); }
/**

55
core/zerotier.h
View file

@ -323,6 +323,16 @@ typedef struct
*/
#define ZT_CERTIFICATE_UNIQUE_ID_PUBLIC_KEY_TYPE_NIST_P_384 1
/**
* Size of a unique ID of the given key type (with type prefix byte)
*/
#define ZT_CERTIFICATE_UNIQUE_ID_SIZE_TYPE_NIST_P_384 50
/**
* Size of the private key corresponding to a unique ID of the given type.
*/
#define ZT_CERTIFICATE_UNIQUE_ID_PRIVATE_KEY_SIZE_TYPE_NIST_P_384 48
/**
* Errors returned by functions that verify or handle certificates.
*/
@ -368,24 +378,22 @@ enum ZT_CertificateError
*/
ZT_CERTIFICATE_ERROR_INVALID_UNIQUE_ID_PROOF = -6,
/**
* Certificate is not appropriate for this use
*/
ZT_CERTIFICATE_ERROR_INAPPROPRIATE_FOR_USE = -7,
/**
* Certificate is missing a required field
*/
ZT_CERTIFICATE_ERROR_MISSING_REQUIRED_FIELDS = -8,
ZT_CERTIFICATE_ERROR_MISSING_REQUIRED_FIELDS = -7,
/**
* Certificate is expired or not yet in effect
*/
ZT_CERTIFICATE_ERROR_OUT_OF_VALID_TIME_WINDOW = -9
ZT_CERTIFICATE_ERROR_OUT_OF_VALID_TIME_WINDOW = -8
};
/**
* Information about a real world entity.
*
* These fields are all optional and are all taken from the
* most common fields present in X509 certificates.
*/
typedef struct
{
@ -400,6 +408,7 @@ typedef struct
char postalCode[ZT_CERTIFICATE_MAX_STRING_LENGTH + 1];
char email[ZT_CERTIFICATE_MAX_STRING_LENGTH + 1];
char url[ZT_CERTIFICATE_MAX_STRING_LENGTH + 1];
char host[ZT_CERTIFICATE_MAX_STRING_LENGTH + 1];
} ZT_Certificate_Name;
/**
@ -490,12 +499,28 @@ typedef struct
ZT_Certificate_Name name;
/**
* Unique ID, which can be a public key prefixed by a key type.
* Globally unique ID for this subject
*
* Unique IDs are actually public keys. Their size makes them globally
* unique (if generated from good randomness) to within ridiculous
* probability bounds. If a subject has a unique ID it must also have
* a unique ID proof signature, which is the signature of the subject
* with the private key corresponding to its unique ID.
*
* This allows subjects to "own" themselves and exist independent of
* CAs or delegated signers. It also allows a certificate for a given
* subject to be updated.
*
* Subject unique IDs are optional. If no unique ID is specified these
* and their corresponding size fields must be empty/zero.
*
* A subject is valid if it has no unique ID or has one with a valid
* proof signature.
*/
uint8_t uniqueId[ZT_CERTIFICATE_MAX_UNIQUE_ID_SIZE];
/**
* If unique ID is a public key, this can be a signature of the subject.
* Signature proving ownership of unique ID.
*/
uint8_t uniqueIdProofSignature[ZT_CERTIFICATE_MAX_SIGNATURE_SIZE];
@ -557,6 +582,16 @@ typedef struct
*/
ZT_Certificate_Name issuerName;
/**
* Extended attributes set by issuer (in Dictionary format, NULL if none)
*/
uint8_t *extendedAttributes;
/**
* Size of extended attributes field in bytes
*/
unsigned int extendedAttributesSize;
/**
* Maximum path length from this certificate toward further certificates.
*
@ -1627,7 +1662,7 @@ enum ZT_StateObjectType
ZT_STATE_OBJECT_NETWORK_CONFIG = 6,
/**
* List of certificates and their local trust, and locally added roots
* List of certificates, their local trust, and locally added roots
*
* Object ID: (none)
* Canonical path: <HOME>/trust