mirror of
https://github.com/zerotier/ZeroTierOne.git
synced 2025-06-07 21:13:44 +02:00
finished testing new counter window
This commit is contained in:
mamoniot
parent
fea866ca39
commit
eee16167df
4 changed files with 97 additions and 27 deletions
|
|
@ -79,6 +79,7 @@ pub(crate) const KEY_HISTORY_SIZE: usize = 3;
|
|||
|
||||
/// Maximum difference between out-of-order incoming packet counters, and size of deduplication buffer.
|
||||
pub(crate) const COUNTER_MAX_DELTA: u32 = 16;
|
||||
pub(crate) const COUNTER_MAX_ALLOWED_OOO: usize = 16;
|
||||
|
||||
// Packet types can range from 0 to 15 (4 bits) -- 0-3 are defined and 4-15 are reserved for future use
|
||||
pub(crate) const PACKET_TYPE_DATA: u8 = 0;
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@ use std::sync::{
|
|||
|
||||
use zerotier_crypto::random;
|
||||
|
||||
use crate::constants::COUNTER_MAX_DELTA;
|
||||
use crate::constants::{COUNTER_MAX_DELTA, COUNTER_MAX_ALLOWED_OOO};
|
||||
|
||||
/// Outgoing packet counter with strictly ordered atomic semantics.
|
||||
///
|
||||
|
|
@ -114,34 +114,56 @@ impl CounterWindowAlt {
|
|||
}
|
||||
}
|
||||
|
||||
pub(crate) struct CounterWindow(Mutex<(usize, [u64; COUNTER_MAX_DELTA as usize])>);
|
||||
pub(crate) struct CounterWindow(Mutex<(usize, [u64; COUNTER_MAX_ALLOWED_OOO as usize])>);
|
||||
|
||||
impl CounterWindow {
|
||||
#[inline(always)]
|
||||
pub fn new(initial: u32) -> Self {
|
||||
// we want our nonces to wrap at the exact same time that the counter wraps, so we shift them up to the u64 boundary
|
||||
let initial_nonce = (initial as u64).wrapping_shl(32);
|
||||
Self(Mutex::new((0, std::array::from_fn(|_| initial_nonce))))
|
||||
Self(Mutex::new((0, [initial_nonce; COUNTER_MAX_ALLOWED_OOO as usize])))
|
||||
}
|
||||
#[inline(always)]
|
||||
pub fn new_uninit() -> Self {
|
||||
Self(Mutex::new((usize::MAX, [0; COUNTER_MAX_ALLOWED_OOO as usize])))
|
||||
}
|
||||
#[inline(always)]
|
||||
pub fn init(&self, initial: u32) {
|
||||
let initial_nonce = (initial as u64).wrapping_shl(6);
|
||||
let mut data = self.0.lock().unwrap();
|
||||
data.0 = 0;
|
||||
data.1 = [initial_nonce; COUNTER_MAX_ALLOWED_OOO as usize];
|
||||
}
|
||||
|
||||
|
||||
#[inline(always)]
|
||||
pub fn message_received(&self, received_counter_value: u32, received_fragment_no: u8) -> bool {
|
||||
let fragment_nonce = (received_counter_value as u64).wrapping_shl(6) | (received_fragment_no as u64);
|
||||
let fragment_nonce = (received_counter_value as u64).wrapping_shl(32) | (received_fragment_no as u64);
|
||||
//everything past this point must be atomic, i.e. these instructions must be run mutually exclusive to completion;
|
||||
//atomic instructions are only ever atomic within themselves;
|
||||
//sequentially consistent atomics do not guarantee that the thread is not preempted between individual atomic instructions
|
||||
let mut data = self.0.lock().unwrap();
|
||||
if data.0 == usize::MAX {
|
||||
return true
|
||||
} else {
|
||||
const NONCE_MAX_DELTA: i64 = (2*COUNTER_MAX_ALLOWED_OOO as i64).wrapping_shl(32);
|
||||
let mut is_in = false;
|
||||
let mut is_gt_min = false;
|
||||
for nonce in data.1 {
|
||||
let mut idx = 0;
|
||||
let mut smallest = fragment_nonce;
|
||||
for i in 0..data.1.len() {
|
||||
let nonce = data.1[i];
|
||||
is_in |= nonce == fragment_nonce;
|
||||
is_gt_min |= nonce.wrapping_sub(fragment_nonce) > 0;
|
||||
let delta = (smallest as i64).wrapping_sub(nonce as i64);
|
||||
if delta > 0 {
|
||||
smallest = nonce;
|
||||
idx = i;
|
||||
}
|
||||
if !is_in & is_gt_min {
|
||||
let idx = data.0;
|
||||
}
|
||||
if !is_in & (smallest != fragment_nonce) & ((fragment_nonce as i64).wrapping_sub(smallest as i64) < NONCE_MAX_DELTA) {
|
||||
data.1[idx] = fragment_nonce;
|
||||
data.0 = (idx + 1) % (COUNTER_MAX_DELTA as usize);
|
||||
return true;
|
||||
return true
|
||||
}
|
||||
return false
|
||||
}
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -218,14 +218,62 @@ mod tests {
|
|||
}
|
||||
}
|
||||
|
||||
|
||||
#[inline(always)]
|
||||
pub fn xorshift64(x: &mut u64) -> u32 {
|
||||
*x ^= x.wrapping_shl(13);
|
||||
*x ^= x.wrapping_shr(7);
|
||||
*x ^= x.wrapping_shl(17);
|
||||
*x as u32
|
||||
}
|
||||
#[test]
|
||||
fn counter_window() {
|
||||
let w = CounterWindow::new(0xffffffff);
|
||||
assert!(!w.message_received(0xffffffff));
|
||||
assert!(w.message_received(0));
|
||||
assert!(w.message_received(1));
|
||||
assert!(w.message_received(COUNTER_MAX_DELTA * 2));
|
||||
assert!(!w.message_received(0xffffffff));
|
||||
assert!(w.message_received(0xfffffffe));
|
||||
let sqrt_out_of_order_max = (COUNTER_MAX_ALLOWED_OOO as f32).sqrt() as u32;
|
||||
let mut rng = 8234;
|
||||
let mut counter = u32::MAX - 16;
|
||||
let mut fragment_no: u8 = 0;
|
||||
let mut history = Vec::<(u32, u8)>::new();
|
||||
|
||||
let mut w = CounterWindow::new(counter.wrapping_sub(1));
|
||||
for i in 1..1000000 {
|
||||
let p = xorshift64(&mut rng)%1000;
|
||||
let c;
|
||||
let f;
|
||||
if p < 250 {
|
||||
let r = xorshift64(&mut rng);
|
||||
c = counter.wrapping_add(r%sqrt_out_of_order_max);
|
||||
f = fragment_no + 1 + ((r/sqrt_out_of_order_max)%sqrt_out_of_order_max) as u8;
|
||||
} else if p < 500 {
|
||||
if history.len() > 0 {
|
||||
let idx = xorshift64(&mut rng) as usize%history.len();
|
||||
let (c, f) = history[idx];
|
||||
assert!(!w.message_received(c, f));
|
||||
}
|
||||
continue;
|
||||
} else if p < 750 {
|
||||
fragment_no = u8::min(fragment_no + 1, 63);
|
||||
c = counter;
|
||||
f = fragment_no;
|
||||
} else if p < 999 {
|
||||
counter = counter.wrapping_add(1);
|
||||
fragment_no = 0;
|
||||
c = counter;
|
||||
f = fragment_no;
|
||||
} else {
|
||||
//simulate rekeying
|
||||
counter = xorshift64(&mut rng);
|
||||
fragment_no = 0;
|
||||
w = CounterWindow::new(counter.wrapping_sub(1));
|
||||
history = Vec::<(u32, u8)>::new();
|
||||
c = counter;
|
||||
f = fragment_no;
|
||||
}
|
||||
if history.contains(&(c, f)) {
|
||||
assert!(!w.message_received(c, f));
|
||||
} else {
|
||||
assert!(w.message_received(c, f));
|
||||
history.push((c, f));
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -254,6 +254,7 @@ impl<Application: ApplicationLayer> Session<Application> {
|
|||
id: local_session_id,
|
||||
application_data,
|
||||
send_counter,
|
||||
receive_window: CounterWindow::new_uninit(),//alice does not know bob's counter yet
|
||||
psk: psk.clone(),
|
||||
noise_ss,
|
||||
header_check_cipher,
|
||||
|
|
@ -879,6 +880,7 @@ impl<Application: ApplicationLayer> ReceiveContext<Application> {
|
|||
id: new_session_id,
|
||||
application_data: associated_object,
|
||||
send_counter: Counter::new(),
|
||||
receive_window: CounterWindow::new(counter),
|
||||
psk,
|
||||
noise_ss,
|
||||
header_check_cipher,
|
||||
|
|
@ -1030,7 +1032,6 @@ impl<Application: ApplicationLayer> ReceiveContext<Application> {
|
|||
Role::Bob,
|
||||
current_time,
|
||||
reply_counter,
|
||||
counter,
|
||||
last_ratchet_count + 1,
|
||||
hybrid_kk.is_some(),
|
||||
);
|
||||
|
|
@ -1154,10 +1155,10 @@ impl<Application: ApplicationLayer> ReceiveContext<Application> {
|
|||
Role::Alice,
|
||||
current_time,
|
||||
reply_counter,
|
||||
counter,
|
||||
last_ratchet_count + 1,
|
||||
hybrid_kk.is_some(),
|
||||
);
|
||||
session.receive_window.init(counter);
|
||||
|
||||
////////////////////////////////////////////////////////////////
|
||||
// packet encoding for post-noise session start ack
|
||||
|
|
@ -1497,7 +1498,6 @@ impl SessionKey {
|
|||
role: Role,
|
||||
current_time: i64,
|
||||
current_counter: CounterValue,
|
||||
remote_counter: u32,
|
||||
ratchet_count: u64,
|
||||
jedi: bool,
|
||||
) -> Self {
|
||||
|
|
@ -1511,7 +1511,6 @@ impl SessionKey {
|
|||
secret_fingerprint: public_fingerprint_of_secret(key.as_bytes())[..16].try_into().unwrap(),
|
||||
creation_time: current_time,
|
||||
creation_counter: current_counter,
|
||||
receive_window: CounterWindow::new(remote_counter),
|
||||
lifetime: KeyLifetime::new(current_counter, current_time),
|
||||
ratchet_key: kbkdf512(key.as_bytes(), KBKDF_KEY_USAGE_LABEL_RATCHETING),
|
||||
receive_key,
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue