void/ZeroTierOne
2
0
Fork 0
mirror of https://github.com/zerotier/ZeroTierOne.git synced 2025-06-08 21:43:44 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix for test errors on ZSSP.

Browse source
This commit is contained in:
Adam Ierymenko 2022-12-01 12:39:33 -05:00
parent 8041ebf90a
commit e772292d5e
3 changed files with 15 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
controller/src/controller.rs
View file

@ -374,7 +374,7 @@ impl Controller {
nc.multicast_like_expire = Some(protocol::VL2_DEFAULT_MULTICAST_LIKE_EXPIRE as u32); nc.multicast_like_expire = Some(protocol::VL2_DEFAULT_MULTICAST_LIKE_EXPIRE as u32);
nc.mtu = network.mtu.unwrap_or(ZEROTIER_VIRTUAL_NETWORK_DEFAULT_MTU as u16); nc.mtu = network.mtu.unwrap_or(ZEROTIER_VIRTUAL_NETWORK_DEFAULT_MTU as u16);
nc.routes = network.ip_routes; nc.routes = network.ip_routes;
nc.static_ips = member.ip_assignments.clone(); nc.static_ips = member.ip_assignments.iter().cloned().collect();
nc.rules = network.rules; nc.rules = network.rules;
nc.dns = network.dns; nc.dns = network.dns;

14
controller/src/model/member.rs
View file

@ -1,6 +1,6 @@
// (c) 2020-2022 ZeroTier, Inc. -- currently proprietary pending actual release and licensing. See LICENSE.md. // (c) 2020-2022 ZeroTier, Inc. -- currently proprietary pending actual release and licensing. See LICENSE.md.
use std::collections::{HashMap, HashSet}; use std::collections::{BTreeMap, BTreeSet};
use std::hash::Hash; use std::hash::Hash;
use serde::{Deserialize, Serialize}; use serde::{Deserialize, Serialize};
@ -43,10 +43,10 @@ pub struct Member {
pub last_deauthorized_time: Option<i64>, pub last_deauthorized_time: Option<i64>,
/// ZeroTier-managed IP assignments. /// ZeroTier-managed IP assignments.
#[serde(skip_serializing_if = "HashSet::is_empty")] #[serde(skip_serializing_if = "BTreeSet::is_empty")]
#[serde(rename = "ipAssignments")] #[serde(rename = "ipAssignments")]
#[serde(default)] #[serde(default)]
pub ip_assignments: HashSet<InetAddress>, pub ip_assignments: BTreeSet<InetAddress>,
/// If true, do not auto-assign IPs in the controller. /// If true, do not auto-assign IPs in the controller.
#[serde(skip_serializing_if = "Option::is_none")] #[serde(skip_serializing_if = "Option::is_none")]
@ -61,9 +61,9 @@ pub struct Member {
pub bridge: Option<bool>, pub bridge: Option<bool>,
/// Tags that can be used in rule evaluation for ACL-like behavior. /// Tags that can be used in rule evaluation for ACL-like behavior.
#[serde(skip_serializing_if = "HashMap::is_empty")] #[serde(skip_serializing_if = "BTreeMap::is_empty")]
#[serde(default)] #[serde(default)]
pub tags: HashMap<u32, u32>, pub tags: BTreeMap<u32, u32>,
/// Member is exempt from SSO, authorization managed conventionally. /// Member is exempt from SSO, authorization managed conventionally.
#[serde(skip_serializing_if = "Option::is_none")] #[serde(skip_serializing_if = "Option::is_none")]
@ -89,10 +89,10 @@ impl Member {
name: String::new(), name: String::new(),
last_authorized_time: None, last_authorized_time: None,
last_deauthorized_time: None, last_deauthorized_time: None,
ip_assignments: HashSet::new(), ip_assignments: BTreeSet::new(),
no_auto_assign_ips: None, no_auto_assign_ips: None,
bridge: None, bridge: None,
tags: HashMap::new(), tags: BTreeMap::new(),
sso_exempt: None, sso_exempt: None,
advertised: None, advertised: None,
} }

12
crypto/src/zssp.rs
View file

@ -875,7 +875,7 @@ impl<H: Host> ReceiveContext<H> {
canonical_header_bytes, canonical_header_bytes,
&kex_packet[HEADER_SIZE..hmac1_end], &kex_packet[HEADER_SIZE..hmac1_end],
) )
.eq(&kex_packet[hmac1_end..]) .eq(&kex_packet[hmac1_end..kex_packet_len])
{ {
return Err(Error::FailedAuthentication); return Err(Error::FailedAuthentication);
} }
@ -913,7 +913,7 @@ impl<H: Host> ReceiveContext<H> {
// Parse payload and get alice's session ID, alice's public blob, metadata, and (if present) Alice's Kyber1024 public. // Parse payload and get alice's session ID, alice's public blob, metadata, and (if present) Alice's Kyber1024 public.
let (offer_id, alice_session_id, alice_s_public, alice_metadata, alice_e1_public, alice_ratchet_key_fingerprint) = let (offer_id, alice_session_id, alice_s_public, alice_metadata, alice_e1_public, alice_ratchet_key_fingerprint) =
parse_key_offer_after_header(&kex_packet[(HEADER_SIZE + 1 + P384_PUBLIC_KEY_SIZE)..], packet_type)?; parse_key_offer_after_header(&kex_packet[(HEADER_SIZE + 1 + P384_PUBLIC_KEY_SIZE)..kex_packet_len], packet_type)?;
// We either have a session, in which case they should have supplied a ratchet key fingerprint, or // We either have a session, in which case they should have supplied a ratchet key fingerprint, or
// we don't and they should not have supplied one. // we don't and they should not have supplied one.
@ -1179,8 +1179,10 @@ impl<H: Host> ReceiveContext<H> {
// Alice has now completed Noise_IK with NIST P-384 and verified with GCM auth, but now for hybrid... // Alice has now completed Noise_IK with NIST P-384 and verified with GCM auth, but now for hybrid...
let (offer_id, bob_session_id, _, _, bob_e1_public, bob_ratchet_key_id) = let (offer_id, bob_session_id, _, _, bob_e1_public, bob_ratchet_key_id) = parse_key_offer_after_header(
parse_key_offer_after_header(&kex_packet[(HEADER_SIZE + 1 + P384_PUBLIC_KEY_SIZE)..], packet_type)?; &kex_packet[(HEADER_SIZE + 1 + P384_PUBLIC_KEY_SIZE)..kex_packet_len],
packet_type,
)?;
if !offer.id.eq(&offer_id) { if !offer.id.eq(&offer_id) {
return Ok(ReceiveResult::Ignored); return Ok(ReceiveResult::Ignored);
@ -1210,7 +1212,7 @@ impl<H: Host> ReceiveContext<H> {
canonical_header_bytes, canonical_header_bytes,
&kex_packet_saved_ciphertext[HEADER_SIZE..aes_gcm_tag_end], &kex_packet_saved_ciphertext[HEADER_SIZE..aes_gcm_tag_end],
) )
.eq(&kex_packet[aes_gcm_tag_end..kex_packet.len()]) .eq(&kex_packet[aes_gcm_tag_end..kex_packet_len])
{ {
return Err(Error::FailedAuthentication); return Err(Error::FailedAuthentication);
} }