diff --git a/node/C25519.hpp b/node/C25519.hpp index 8d6a58ba6..79edfa065 100644 --- a/node/C25519.hpp +++ b/node/C25519.hpp @@ -101,7 +101,8 @@ public: Utils::getSecureRandom(priv,kp.priv.size()); _calcPubED(kp); // do Ed25519 key -- bytes 32-63 of pub and priv do { - ++*((uint64_t *)priv); + ++(((uint64_t *)priv)[1]); + --(((uint64_t *)priv)[2]); _calcPubDH(kp); // keep regenerating bytes 0-31 until satisfied } while (!cond(kp)); return kp; diff --git a/node/Defaults.cpp b/node/Defaults.cpp index 9ce72b301..d3d6f0498 100644 --- a/node/Defaults.cpp +++ b/node/Defaults.cpp @@ -53,6 +53,7 @@ static inline std::map< Identity,std::vector > _mkSupernodeMap() // designated as such and trusted to provide WHOIS lookup. // cthulhu.zerotier.com - New York, New York, USA +#if 0 addrs.clear(); if (!id.fromString("a0fa79d81c:2:0bb348bb38883a29054659a37c204f2c0b082985cb51b36fad31366dfedd616c20aacc5e33ceee2b054670639563238c4fe50bb8716c1ac7996762c0eaefbb23:b7e91f4c77815327c59ff0979f33861e665d002a357448572954c85919be61f768ee6a4d4e42318ffd9cfcc08cadedcd0277a33a950e316a1d7b5bf082919400c44cad1e725fc2035e2d7087d0c8bf51adc5875b643d759a475f899cfbf3e1a4")) throw std::runtime_error("invalid identity in Defaults"); @@ -72,6 +73,7 @@ static inline std::map< Identity,std::vector > _mkSupernodeMap() throw std::runtime_error("invalid identity in Defaults"); addrs.push_back(InetAddress("198.211.127.172",ZT_DEFAULT_UDP_PORT)); sn[id] = addrs; +#endif return sn; } diff --git a/node/Identity.cpp b/node/Identity.cpp index 93d5024b3..e897a42ca 100644 --- a/node/Identity.cpp +++ b/node/Identity.cpp @@ -34,37 +34,50 @@ #include "Identity.hpp" #include "SHA512.hpp" #include "Salsa20.hpp" +#include "Utils.hpp" namespace ZeroTier { +/* + * This is the hashcash criterion + */ +struct _Identity_generate_cond +{ + _Identity_generate_cond() throw() {} + _Identity_generate_cond(char *sb) throw() : sha512buf(sb) {} + + inline bool operator()(const C25519::Pair &kp) const + throw() + { + SHA512::hash(sha512buf,kp.pub.data,kp.pub.size()); + + if ((!sha512buf[0])&&(!(sha512buf[1] & 0xf0))) + return true; + + return false; + } + + char *sha512buf; +}; + void Identity::generate() { + char sha512buf[64]; + C25519::Pair kp; do { - kp = C25519::generate(); - _address = deriveAddress(kp.pub.data,kp.pub.size()); + kp = C25519::generateSatisfying(_Identity_generate_cond(sha512buf)); + _address.setTo(sha512buf + 59,ZT_ADDRESS_LENGTH); // last 5 bytes are address } while (_address.isReserved()); _publicKey = kp.pub; if (!_privateKey) _privateKey = new C25519::Private(); *_privateKey = kp.priv; - - unsigned char tmp[ZT_ADDRESS_LENGTH + ZT_C25519_PUBLIC_KEY_LEN]; - _address.copyTo(tmp,ZT_ADDRESS_LENGTH); - memcpy(tmp + ZT_ADDRESS_LENGTH,_publicKey.data,ZT_C25519_PUBLIC_KEY_LEN); - _signature = C25519::sign(kp,tmp,sizeof(tmp)); } bool Identity::locallyValidate(bool doAddressDerivationCheck) const { - unsigned char tmp[ZT_ADDRESS_LENGTH + ZT_C25519_PUBLIC_KEY_LEN]; - _address.copyTo(tmp,ZT_ADDRESS_LENGTH); - memcpy(tmp + ZT_ADDRESS_LENGTH,_publicKey.data,ZT_C25519_PUBLIC_KEY_LEN); - if (!C25519::verify(_publicKey,tmp,sizeof(tmp),_signature)) - return false; - if ((doAddressDerivationCheck)&&(deriveAddress(_publicKey.data,_publicKey.size()) != _address)) - return false; return true; } @@ -73,10 +86,8 @@ std::string Identity::toString(bool includePrivate) const std::string r; r.append(_address.toString()); - r.append(":2:"); // 2 == IDENTITY_TYPE_C25519 + r.append(":0:"); // 0 == IDENTITY_TYPE_C25519 r.append(Utils::hex(_publicKey.data,_publicKey.size())); - r.push_back(':'); - r.append(Utils::hex(_signature.data,_signature.size())); if ((_privateKey)&&(includePrivate)) { r.push_back(':'); r.append(Utils::hex(_privateKey->data,_privateKey->size())); @@ -104,7 +115,7 @@ bool Identity::fromString(const char *str) return false; break; case 1: - if (strcmp(f,"2")) + if (f[0] != '0') return false; break; case 2: @@ -112,10 +123,6 @@ bool Identity::fromString(const char *str) return false; break; case 3: - if (Utils::unhex(f,_signature.data,_signature.size()) != _signature.size()) - return false; - break; - case 4: _privateKey = new C25519::Private(); if (Utils::unhex(f,_privateKey->data,_privateKey->size()) != _privateKey->size()) return false; @@ -130,72 +137,5 @@ bool Identity::fromString(const char *str) return true; } -// These are fixed parameters and can't be changed without a new -// identity type. -#define ZT_IDENTITY_DERIVEADDRESS_MEMORY 33554432 -#define ZT_IDENTITY_DERIVEADDRESS_ROUNDS 50 - -Address Identity::deriveAddress(const void *keyBytes,unsigned int keyLen) -{ - /* - * Sequential memory-hard algorithm wedding address to public key - * - * Conventional hashcash with long computations and quick verifications - * unfortunately cannot be used here. If that were used, it would be - * equivalently costly to simply increment/vary the public key and find - * a collision as it would be to find the address. We need something - * that creates a costly 1:~1 mapping from key to address, hence this - * algorithm. - * - * Search for "sequential memory hard algorithm" for academic references - * to similar concepts. - */ - - unsigned char *ram = new unsigned char[ZT_IDENTITY_DERIVEADDRESS_MEMORY]; - for(unsigned int i=0;i> 8) | - ((nonce & 0x0000FF0000000000ULL) >> 24) | - ((nonce & 0x00FF000000000000ULL) >> 40) | - ((nonce & 0xFF00000000000000ULL) >> 56) - ); -#endif - Salsa20 s20(salsaKey,256,&nonce); -#if __BYTE_ORDER == __BIG_ENDIAN - nonce = ( // swap back to big endian - ((nonce & 0x00000000000000FFULL) << 56) | - ((nonce & 0x000000000000FF00ULL) << 40) | - ((nonce & 0x0000000000FF0000ULL) << 24) | - ((nonce & 0x00000000FF000000ULL) << 8) | - ((nonce & 0x000000FF00000000ULL) >> 8) | - ((nonce & 0x0000FF0000000000ULL) >> 24) | - ((nonce & 0x00FF000000000000ULL) >> 40) | - ((nonce & 0xFF00000000000000ULL) >> 56) - ); -#endif - s20.encrypt(ram,ram,ZT_IDENTITY_DERIVEADDRESS_MEMORY); - } - - unsigned char finalDigest[ZT_SHA512_DIGEST_LEN]; - SHA512::hash(finalDigest,ram,ZT_IDENTITY_DERIVEADDRESS_MEMORY); - - delete [] ram; - - return Address(finalDigest,ZT_ADDRESS_LENGTH); -} - } // namespace ZeroTier diff --git a/node/Identity.hpp b/node/Identity.hpp index b2a579416..2c02a5f19 100644 --- a/node/Identity.hpp +++ b/node/Identity.hpp @@ -61,8 +61,7 @@ public: */ enum Type { - IDENTITY_TYPE_NIST_P_521 = 1, // OBSOLETE -- only present in some early alpha versions - IDENTITY_TYPE_C25519 = 2 + IDENTITY_TYPE_C25519 = 0 }; Identity() : @@ -73,7 +72,6 @@ public: Identity(const Identity &id) : _address(id._address), _publicKey(id._publicKey), - _signature(id._signature), _privateKey((id._privateKey) ? new C25519::Private(*(id._privateKey)) : (C25519::Private *)0) { } @@ -111,7 +109,6 @@ public: { _address = id._address; _publicKey = id._publicKey; - _signature = id._signature; if (id._privateKey) { if (!_privateKey) _privateKey = new C25519::Private(); @@ -236,7 +233,6 @@ public: _address.appendTo(b); b.append((unsigned char)IDENTITY_TYPE_C25519); b.append(_publicKey.data,_publicKey.size()); - b.append(_signature.data,_signature.size()); if ((_privateKey)&&(includePrivate)) { b.append((unsigned char)_privateKey->size()); b.append(_privateKey->data,_privateKey->size()); @@ -252,7 +248,7 @@ public: * @param b Buffer containing serialized data * @param startAt Index within buffer of serialized data (default: 0) * @return Length of serialized data read from buffer - * @throws std::out_of_range Buffer too small + * @throws std::out_of_range Serialized data invalid * @throws std::invalid_argument Serialized data invalid */ template @@ -272,8 +268,6 @@ public: memcpy(_publicKey.data,b.field(p,_publicKey.size()),_publicKey.size()); p += _publicKey.size(); - memcpy(_signature.data,b.field(p,_signature.size()),_signature.size()); - p += _signature.size(); unsigned int privateKeyLength = b[p++]; if ((privateKeyLength)&&(privateKeyLength == ZT_C25519_PRIVATE_KEY_LEN)) { @@ -318,12 +312,8 @@ public: inline bool operator>=(const Identity &id) const throw() { return !(*this < id); } private: - // Compute an address from public key bytes - static Address deriveAddress(const void *keyBytes,unsigned int keyLen); - Address _address; C25519::Public _publicKey; - C25519::Signature _signature; C25519::Private *_privateKey; }; diff --git a/node/SHA512.cpp b/node/SHA512.cpp index 9d6fbd955..7cec17414 100644 --- a/node/SHA512.cpp +++ b/node/SHA512.cpp @@ -121,7 +121,7 @@ static void store_bigendian(unsigned char *x,uint64 u) b = a; \ a = T1 + T2; -int crypto_hashblocks(unsigned char *statebytes,const unsigned char *in,unsigned long long inlen) +static inline int crypto_hashblocks(unsigned char *statebytes,const unsigned char *in,unsigned long long inlen) { uint64 state[8]; uint64 a; diff --git a/selftest.cpp b/selftest.cpp index 7789290c8..2ddfa226c 100644 --- a/selftest.cpp +++ b/selftest.cpp @@ -207,6 +207,7 @@ static int testIdentity() Identity id; Buffer<512> buf; +#if 0 std::cout << "[identity] Fully validate known-good identity... "; std::cout.flush(); if (!id.fromString("b487ffe552:2:9b121d26968a86eceea96d689dfb364a13f645aea9530c6d0c00c457569751340e8ff9ddf46be38190dcdd6178ff555cc48012a47280fbdece35799d8c445104:902474096fc914f0d6320a9d19b9e52d23bcf652e98b3930432d07a8271be0e19a813d1e77ee24db3454ce0c6c4a35e18a3adc0d06ee3bf086b38bd26ff95b085b4f1fd1d4ce423b15bc362cd5f13079b58252fd38b98b67b45203bb81423780:24f7ce86df8e242e4d7d04b657cf37eddc1aa7b34b6f38821c35fe393a4a381e0eef6e7b8b4ceab35a51e6ab0b6cbeb7c7282bc21c0c60cb6a512e454ecd45c5")) { std::cout << "FAIL (1)" << std::endl; @@ -217,18 +218,21 @@ static int testIdentity() return -1; } std::cout << "PASS" << std::endl; +#endif - std::cout << "[identity] Generate identity... "; std::cout.flush(); - uint64_t genstart = Utils::now(); - id.generate(); - uint64_t genend = Utils::now(); - std::cout << "(took " << (genend - genstart) << "ms): " << id.toString(true) << std::endl; - std::cout << "[identity] Locally validate identity: "; - if (id.locallyValidate(false)) { - std::cout << "PASS" << std::endl; - } else { - std::cout << "FAIL" << std::endl; - return -1; + for(unsigned int k=0;k<4;++k) { + std::cout << "[identity] Generate identity... "; std::cout.flush(); + uint64_t genstart = Utils::now(); + id.generate(); + uint64_t genend = Utils::now(); + std::cout << "(took " << (genend - genstart) << "ms): " << id.toString(true) << std::endl; + std::cout << "[identity] Locally validate identity: "; + if (id.locallyValidate(false)) { + std::cout << "PASS" << std::endl; + } else { + std::cout << "FAIL" << std::endl; + return -1; + } } {