From e6b5f8aabd5e0acec1a9735095eec590c7d94bd4 Mon Sep 17 00:00:00 2001
From: Adam Ierymenko <adam.ierymenko@zerotier.com>
Date: Thu, 10 Sep 2020 15:43:40 -0400
Subject: [PATCH] AES work... but disabled in this commit.

---
 node/Packet.cpp   |  3 +++
 node/Packet.hpp   |  5 +++--
 node/Peer.cpp     |  4 ++--
 node/Peer.hpp     |  8 ++++----
 node/Topology.cpp | 14 ++++++++------
 node/Utils.hpp    | 47 +++++++++++++++++++++++++++++++++++++++++++++++
 version.h         |  2 +-
 7 files changed, 68 insertions(+), 15 deletions(-)

diff --git a/node/Packet.cpp b/node/Packet.cpp
index 8cc0f47c7..94168a503 100644
--- a/node/Packet.cpp
+++ b/node/Packet.cpp
@@ -880,6 +880,8 @@ void Packet::armor(const void *key,bool encryptPayload,const AES aesKeys[2])
 {
 	uint8_t *const data = reinterpret_cast<uint8_t *>(unsafeData());
 	if ((aesKeys) && (encryptPayload)) {
+		char tmp0[16],tmp1[16];
+		printf("AES armor %.16llx %s -> %s %u\n",*reinterpret_cast<const uint64_t *>(data),Address(data + ZT_PACKET_IDX_SOURCE,5).toString(tmp0),Address(data + ZT_PACKET_IDX_DEST,5).toString(tmp1),size());
 		setCipher(ZT_PROTO_CIPHER_SUITE__AES_GMAC_SIV);
 
 		uint8_t *const payload = data + ZT_PACKET_IDX_VERB;
@@ -945,6 +947,7 @@ bool Packet::dearmor(const void *key,const AES aesKeys[2])
 
 	if (cs == ZT_PROTO_CIPHER_SUITE__AES_GMAC_SIV) {
 		if (aesKeys) {
+			printf("AES dearmor\n");
 			AES::GMACSIVDecryptor dec(aesKeys[0],aesKeys[1]);
 
 			uint64_t tag[2];
diff --git a/node/Packet.hpp b/node/Packet.hpp
index b12ca4b6e..78846ecdd 100644
--- a/node/Packet.hpp
+++ b/node/Packet.hpp
@@ -57,11 +57,12 @@
  *    + Inline push of CertificateOfMembership deprecated
  * 9  - 1.2.0 ... 1.2.14
  * 10 - 1.4.0 ... 1.4.6
- * 11 - 1.4.8 ... end of 1.4 series
+ * 11 - 1.4.7 ... 1.4.8
  *    + Multipath capability and load balancing (beta)
+ * 12 - 1.4.8 ... CURRENT (1.4 series)
  *    + AES-GMAC-SIV backported for faster peer-to-peer crypto
  */
-#define ZT_PROTO_VERSION 11
+#define ZT_PROTO_VERSION 12
 
 /**
  * Minimum supported protocol version
diff --git a/node/Peer.cpp b/node/Peer.cpp
index b2b04c17f..08b792bb3 100644
--- a/node/Peer.cpp
+++ b/node/Peer.cpp
@@ -62,12 +62,12 @@ Peer::Peer(const RuntimeEnvironment *renv,const Identity &myIdentity,const Ident
 		throw ZT_EXCEPTION_INVALID_ARGUMENT;
 	}
 
-	uint8_t ktmp[32];
+	uint8_t ktmp[48];
 	KBKDFHMACSHA384(_key,ZT_KBKDF_LABEL_AES_GMAC_SIV_K0,0,0,ktmp);
 	_aesKeys[0].init(ktmp);
 	KBKDFHMACSHA384(_key,ZT_KBKDF_LABEL_AES_GMAC_SIV_K1,0,0,ktmp);
 	_aesKeys[0].init(ktmp);
-	Utils::burn(ktmp, 32);
+	Utils::burn(ktmp, 48);
 }
 
 void Peer::received(
diff --git a/node/Peer.hpp b/node/Peer.hpp
index 63cbdbedc..cb7d8f314 100644
--- a/node/Peer.hpp
+++ b/node/Peer.hpp
@@ -533,11 +533,11 @@ public:
 	 */
 	inline int8_t bondingPolicy() { return _bondingPolicy; }
 
-	//const AES *aesKeysIfSupported() const
-	//{ return (const AES *)0; }
-
 	const AES *aesKeysIfSupported() const
-	{ return (_vProto >= 10) ? _aesKeys : (const AES *)0; }
+	{ return (const AES *)0; }
+
+	//const AES *aesKeysIfSupported() const
+	//{ return (_vProto >= 12) ? _aesKeys : (const AES *)0; }
 
 private:
 	struct _PeerPath
diff --git a/node/Topology.cpp b/node/Topology.cpp
index 9933f35a2..c50fc060f 100644
--- a/node/Topology.cpp
+++ b/node/Topology.cpp
@@ -363,13 +363,15 @@ void Topology::_memoizeUpstreams(void *tPtr)
 	_amUpstream = false;
 
 	for(std::vector<World::Root>::const_iterator i(_planet.roots().begin());i!=_planet.roots().end();++i) {
-		if (i->identity == RR->identity) {
+		const Identity &id = i->identity;
+		if (id == RR->identity) {
 			_amUpstream = true;
-		} else if (std::find(_upstreamAddresses.begin(),_upstreamAddresses.end(),i->identity.address()) == _upstreamAddresses.end()) {
-			_upstreamAddresses.push_back(i->identity.address());
-			SharedPtr<Peer> &hp = _peers[i->identity.address()];
-			if (!hp)
-				hp = new Peer(RR,RR->identity,i->identity);
+		} else if (std::find(_upstreamAddresses.begin(),_upstreamAddresses.end(),id.address()) == _upstreamAddresses.end()) {
+			_upstreamAddresses.push_back(id.address());
+			SharedPtr<Peer> &hp = _peers[id.address()];
+			if (!hp) {
+				hp = new Peer(RR,RR->identity,id);
+			}
 		}
 	}
 
diff --git a/node/Utils.hpp b/node/Utils.hpp
index 26b848dcf..ec898fc0a 100644
--- a/node/Utils.hpp
+++ b/node/Utils.hpp
@@ -418,6 +418,53 @@ public:
 		return true;
 	}
 
+	/**
+	 * Unconditionally swap bytes regardless of host byte order
+	 *
+	 * @param n Integer to swap
+	 * @return Integer with bytes reversed
+	 */
+	static ZT_INLINE uint64_t swapBytes(const uint64_t n) noexcept
+	{
+	#ifdef __GNUC__
+		return __builtin_bswap64(n);
+	#else
+	#ifdef _MSC_VER
+		return (uint64_t)_byteswap_uint64((unsigned __int64)n);
+	#else
+		return (
+			((n & 0x00000000000000ffULL) << 56) |
+			((n & 0x000000000000ff00ULL) << 40) |
+			((n & 0x0000000000ff0000ULL) << 24) |
+			((n & 0x00000000ff000000ULL) <<  8) |
+			((n & 0x000000ff00000000ULL) >>  8) |
+			((n & 0x0000ff0000000000ULL) >> 24) |
+			((n & 0x00ff000000000000ULL) >> 40) |
+			((n & 0xff00000000000000ULL) >> 56)
+		);
+	#endif
+	#endif
+	}
+
+	/**
+	 * Unconditionally swap bytes regardless of host byte order
+	 *
+	 * @param n Integer to swap
+	 * @return Integer with bytes reversed
+	 */
+	static ZT_INLINE uint32_t swapBytes(const uint32_t n) noexcept
+	{
+	#if defined(__GNUC__)
+		return __builtin_bswap32(n);
+	#else
+	#ifdef _MSC_VER
+		return (uint32_t)_byteswap_ulong((unsigned long)n);
+	#else
+		return htonl(n);
+	#endif
+	#endif
+	}
+
 	/**
 	 * Unconditionally swap bytes regardless of host byte order
 	 *
diff --git a/version.h b/version.h
index ccfe7d2a1..9fcd25bdb 100644
--- a/version.h
+++ b/version.h
@@ -27,7 +27,7 @@
 /**
  * Revision
  */
-#define ZEROTIER_ONE_VERSION_REVISION 6
+#define ZEROTIER_ONE_VERSION_REVISION 8
 
 /**
  * Build version