You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
176 lines
5.1 KiB
176 lines
5.1 KiB
/* |
|
* ZeroTier One - Global Peer to Peer Ethernet |
|
* Copyright (C) 2012-2013 ZeroTier Networks LLC |
|
* |
|
* This program is free software: you can redistribute it and/or modify |
|
* it under the terms of the GNU General Public License as published by |
|
* the Free Software Foundation, either version 3 of the License, or |
|
* (at your option) any later version. |
|
* |
|
* This program is distributed in the hope that it will be useful, |
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
* GNU General Public License for more details. |
|
* |
|
* You should have received a copy of the GNU General Public License |
|
* along with this program. If not, see <http://www.gnu.org/licenses/>. |
|
* |
|
* -- |
|
* |
|
* ZeroTier may be used and distributed under the terms of the GPLv3, which |
|
* are available at: http://www.gnu.org/licenses/gpl-3.0.html |
|
* |
|
* If you would like to embed ZeroTier into a commercial application or |
|
* redistribute it in a modified binary form, please contact ZeroTier Networks |
|
* LLC. Start here: http://www.zerotier.com/ |
|
*/ |
|
|
|
#include <stdio.h> |
|
#include <stdlib.h> |
|
#include <string.h> |
|
#include <stdint.h> |
|
|
|
#include "Identity.hpp" |
|
#include "SHA512.hpp" |
|
#include "Salsa20.hpp" |
|
|
|
namespace ZeroTier { |
|
|
|
void Identity::generate() |
|
{ |
|
C25519::Pair kp; |
|
do { |
|
kp = C25519::generate(); |
|
_address = deriveAddress(kp.pub.data,kp.pub.size()); |
|
} while (_address.isReserved()); |
|
|
|
_publicKey = kp.pub; |
|
if (!_privateKey) |
|
_privateKey = new C25519::Private(); |
|
*_privateKey = kp.priv; |
|
|
|
unsigned char tmp[ZT_ADDRESS_LENGTH + ZT_C25519_PUBLIC_KEY_LEN]; |
|
_address.copyTo(tmp,ZT_ADDRESS_LENGTH); |
|
memcpy(tmp + ZT_ADDRESS_LENGTH,_publicKey.data,ZT_C25519_PUBLIC_KEY_LEN); |
|
_signature = C25519::sign(kp,tmp,sizeof(tmp)); |
|
} |
|
|
|
bool Identity::locallyValidate(bool doAddressDerivationCheck) const |
|
{ |
|
unsigned char tmp[ZT_ADDRESS_LENGTH + ZT_C25519_PUBLIC_KEY_LEN]; |
|
_address.copyTo(tmp,ZT_ADDRESS_LENGTH); |
|
memcpy(tmp + ZT_ADDRESS_LENGTH,_publicKey.data,ZT_C25519_PUBLIC_KEY_LEN); |
|
if (!C25519::verify(_publicKey,tmp,sizeof(tmp),_signature)) |
|
return false; |
|
if ((doAddressDerivationCheck)&&(deriveAddress(_publicKey.data,_publicKey.size()) != _address)) |
|
return false; |
|
return true; |
|
} |
|
|
|
std::string Identity::toString(bool includePrivate) const |
|
{ |
|
std::string r; |
|
|
|
r.append(_address.toString()); |
|
r.append(":2:"); // 2 == IDENTITY_TYPE_C25519 |
|
r.append(Utils::hex(_publicKey.data,_publicKey.size())); |
|
r.push_back(':'); |
|
r.append(Utils::hex(_signature.data,_signature.size())); |
|
if ((_privateKey)&&(includePrivate)) { |
|
r.push_back(':'); |
|
r.append(Utils::hex(_privateKey->data,_privateKey->size())); |
|
} |
|
|
|
return r; |
|
} |
|
|
|
bool Identity::fromString(const char *str) |
|
{ |
|
char *saveptr = (char *)0; |
|
char tmp[4096]; |
|
if (!Utils::scopy(tmp,sizeof(tmp),str)) |
|
return false; |
|
|
|
delete _privateKey; |
|
_privateKey = (C25519::Private *)0; |
|
|
|
int fno = 0; |
|
for(char *f=Utils::stok(tmp,":",&saveptr);(f);f=Utils::stok((char *)0,":",&saveptr)) { |
|
switch(fno++) { |
|
case 0: |
|
_address = Address(f); |
|
if (_address.isReserved()) |
|
return false; |
|
break; |
|
case 1: |
|
if (strcmp(f,"2")) |
|
return false; |
|
break; |
|
case 2: |
|
if (Utils::unhex(f,_publicKey.data,_publicKey.size()) != _publicKey.size()) |
|
return false; |
|
break; |
|
case 3: |
|
if (Utils::unhex(f,_signature.data,_signature.size()) != _signature.size()) |
|
return false; |
|
break; |
|
case 4: |
|
_privateKey = new C25519::Private(); |
|
if (Utils::unhex(f,_privateKey->data,_privateKey->size()) != _privateKey->size()) |
|
return false; |
|
break; |
|
default: |
|
return false; |
|
} |
|
} |
|
if (fno < 4) |
|
return false; |
|
|
|
return true; |
|
} |
|
|
|
// These are fixed parameters and can't be changed without a new |
|
// identity type. |
|
#define ZT_IDENTITY_DERIVEADDRESS_MEMORY 16777216 |
|
#define ZT_IDENTITY_DERIVEADDRESS_ROUNDS 32 |
|
|
|
Address Identity::deriveAddress(const void *keyBytes,unsigned int keyLen) |
|
{ |
|
/* |
|
* Sequential memory-hard algorithm wedding address to public key |
|
* |
|
* Conventional hashcash with long computations and quick verifications |
|
* unfortunately cannot be used here. If that were used, it would be |
|
* equivalently costly to simply increment/vary the public key and find |
|
* a collision as it would be to find the address. We need something |
|
* that creates a costly 1:~1 mapping from key to address, hence this |
|
* algorithm. |
|
* |
|
* Search for "sequential memory hard algorithm" for academic references |
|
* to similar concepts. |
|
*/ |
|
|
|
unsigned char *ram = new unsigned char[ZT_IDENTITY_DERIVEADDRESS_MEMORY]; |
|
for(unsigned int i=0;i<ZT_IDENTITY_DERIVEADDRESS_MEMORY;++i) |
|
ram[i] = ((const unsigned char *)keyBytes)[i % keyLen]; |
|
|
|
unsigned char salsaKey[ZT_SHA512_DIGEST_LEN]; |
|
SHA512::hash(salsaKey,keyBytes,keyLen); |
|
|
|
uint64_t nonce = 0; |
|
for(unsigned int r=0;r<ZT_IDENTITY_DERIVEADDRESS_ROUNDS;++r) { |
|
nonce = Utils::crc64(nonce,ram,ZT_IDENTITY_DERIVEADDRESS_MEMORY); |
|
Salsa20 s20(salsaKey,256,&nonce); |
|
s20.encrypt(ram,ram,ZT_IDENTITY_DERIVEADDRESS_MEMORY); |
|
} |
|
|
|
unsigned char finalDigest[ZT_SHA512_DIGEST_LEN]; |
|
SHA512::hash(finalDigest,ram,ZT_IDENTITY_DERIVEADDRESS_MEMORY); |
|
|
|
delete [] ram; |
|
|
|
return Address(finalDigest,ZT_ADDRESS_LENGTH); |
|
} |
|
|
|
} // namespace ZeroTier |
|
|
|
|