Build fix for 32-bit Linux and tweaks to address derivation algorithm.

Makefile.linux

@@ -6,21 +6,16 @@ ARCH=$(shell uname -m)
 DEFS=-DZT_ARCH="$(ARCH)" -DZT_OSNAME="linux" -DZT_TRACE
 
 # Uncomment for a release optimized build
-#CFLAGS=-Wall -O3 -fno-unroll-loops -fstack-protector -pthread $(INCLUDES) -DNDEBUG $(DEFS)
-#STRIP=strip --strip-all
+CFLAGS=-Wall -O3 -fno-unroll-loops -fstack-protector -pthread $(INCLUDES) -DNDEBUG $(DEFS)
+STRIP=strip --strip-all
 
 # Uncomment for a debug build
-CFLAGS=-Wall -g -pthread $(INCLUDES) -DZT_TRACE $(DEFS)
-STRIP=echo
+#CFLAGS=-Wall -g -pthread $(INCLUDES) -DZT_TRACE $(DEFS)
+#STRIP=echo
 
 CXXFLAGS=$(CFLAGS) -fno-rtti
 
-# We statically link against libcrypto because RedHat-derived distributions do
-# not ship the elliptic curve algorithms. If we didn't we'd have to build
-# separate binaries for the RedHat and Debian universes to distribute via
-# auto-update. This way we get one Linux binary for all systems of a given
-# architecture.
-LIBS=ext/bin/libcrypto/linux-$(ARCH)/libcrypto.a -lm -ldl
+LIBS=-lm
 
 include objects.mk
 

node/Identity.cpp

@@ -32,6 +32,7 @@
 
 #include "Identity.hpp"
 #include "SHA512.hpp"
+#include "Salsa20.hpp"
 
 namespace ZeroTier {
 
@@ -130,8 +131,8 @@ bool Identity::fromString(const char *str)
 
 // These are fixed parameters and can't be changed without a new
 // identity type.
-#define ZT_IDENTITY_DERIVEADDRESS_DIGESTS 2048
-#define ZT_IDENTITY_DERIVEADDRESS_ROUNDS 8
+#define ZT_IDENTITY_DERIVEADDRESS_MEMORY 16777216
+#define ZT_IDENTITY_DERIVEADDRESS_ROUNDS 32
 
 Address Identity::deriveAddress(const void *keyBytes,unsigned int keyLen)
 {
@@ -149,24 +150,26 @@ Address Identity::deriveAddress(const void *keyBytes,unsigned int keyLen)
 	 * to similar concepts.
 	 */
 
-	unsigned char finalDigest[ZT_SHA512_DIGEST_LEN];
-	unsigned char *digests = new unsigned char[ZT_SHA512_DIGEST_LEN * ZT_IDENTITY_DERIVEADDRESS_DIGESTS];
+	unsigned char *ram = new unsigned char[ZT_IDENTITY_DERIVEADDRESS_MEMORY];
+	for(unsigned int i=0;i<ZT_IDENTITY_DERIVEADDRESS_MEMORY;++i)
+		ram[i] = ((const unsigned char *)keyBytes)[i % keyLen];
 
-	SHA512::hash(finalDigest,keyBytes,keyLen);
-	for(unsigned int i=0;i<(unsigned int)sizeof(digests);++i)
-		digests[i] = ((const unsigned char *)keyBytes)[i % keyLen];
+	unsigned char salsaKey[ZT_SHA512_DIGEST_LEN];
+	SHA512::hash(salsaKey,keyBytes,keyLen);
 
+	uint64_t nonce = 0;
 	for(unsigned int r=0;r<ZT_IDENTITY_DERIVEADDRESS_ROUNDS;++r) {
-		for(unsigned int i=0;i<(ZT_SHA512_DIGEST_LEN * ZT_IDENTITY_DERIVEADDRESS_DIGESTS);++i)
-			digests[i] ^= finalDigest[i % ZT_SHA512_DIGEST_LEN];
-		for(unsigned int d=0;d<ZT_IDENTITY_DERIVEADDRESS_DIGESTS;++d)
-			SHA512::hash(digests + (ZT_SHA512_DIGEST_LEN * d),digests,ZT_SHA512_DIGEST_LEN * ZT_IDENTITY_DERIVEADDRESS_DIGESTS);
-		SHA512::hash(finalDigest,digests,ZT_SHA512_DIGEST_LEN * ZT_IDENTITY_DERIVEADDRESS_DIGESTS);
+		nonce = Utils::crc64(nonce,ram,ZT_IDENTITY_DERIVEADDRESS_MEMORY);
+		Salsa20 s20(salsaKey,256,&nonce);
+		s20.encrypt(ram,ram,ZT_IDENTITY_DERIVEADDRESS_MEMORY);
 	}
 
-	delete [] digests;
+	unsigned char finalDigest[ZT_SHA512_DIGEST_LEN];
+	SHA512::hash(finalDigest,ram,ZT_IDENTITY_DERIVEADDRESS_MEMORY);
+
+	delete [] ram;
 
-	return Address(finalDigest,ZT_ADDRESS_LENGTH); // first 5 bytes of dig[]
+	return Address(finalDigest,ZT_ADDRESS_LENGTH);
 }
 
 } // namespace ZeroTier

node/Multicaster.hpp

@@ -99,10 +99,11 @@ public:
 		throw(std::runtime_error)
 	{
 		char tmp[65536];
-		*((uint64_t *)tmp) = Utils::hton(nwid);
+		void *tmp2 = (void *)tmp;
+		*((uint64_t *)tmp2) = Utils::hton((uint64_t)nwid);
 		memcpy(tmp + 8,from.data,6);
 		memcpy(tmp + 14,to.mac().data,6);
-		*((uint32_t *)(tmp + 20)) = Utils::hton(to.adi());
+		*((uint32_t *)(tmp + 20)) = Utils::hton((uint32_t)to.adi());
 		*((uint16_t *)(tmp + 24)) = Utils::hton((uint16_t)etherType);
 		memcpy(tmp + 26,data,std::min((unsigned int)(sizeof(tmp) - 26),len)); // min() is a sanity check here, no packet is that big
 		return id.sign(tmp,len + 26);
@@ -125,7 +126,8 @@ public:
 	static bool verifyMulticastPacket(const Identity &id,uint64_t nwid,const MAC &from,const MulticastGroup &to,unsigned int etherType,const void *data,unsigned int len,const void *signature,unsigned int siglen)
 	{
 		char tmp[65536];
-		*((uint64_t *)tmp) = Utils::hton(nwid);
+		void *tmp2 = (void *)tmp;
+		*((uint64_t *)tmp2) = Utils::hton(nwid);
 		memcpy(tmp + 8,from.data,6);
 		memcpy(tmp + 14,to.mac().data,6);
 		*((uint32_t *)(tmp + 20)) = Utils::hton(to.adi());