Warning removal, Go work...

cmd/zerotier/cli/cert.go

@@ -20,7 +20,7 @@ import (
 	"zerotier/pkg/zerotier"
 )
 
-func Cert(basePath, authToken string, args []string, jsonOutput bool) int {
+func Cert(basePath string, authTokenGenerator func() string, args []string, jsonOutput bool) int {
 	if len(args) < 1 {
 		Help()
 		return 1

cmd/zerotier/cli/controller.go

@@ -13,7 +13,7 @@
 
 package cli
 
-func Controller(basePath, authToken string, args []string, jsonOutput bool) int {
+func Controller(basePath string, authTokenGenerator func() string, args []string, jsonOutput bool) int {
 	if len(args) < 1 {
 		Help()
 		return 1

cmd/zerotier/cli/help.go

@@ -39,12 +39,19 @@ Common Operations:
 
   status                                 Show node status and configuration
 
-  join [-options] <network>              Join a virtual network
-    -a <token>                           Token to submit to controller
-    -c <identity | fingerprint>          Controller identity or fingerprint
-  leave <network>                        Leave a virtual network
+  set [option] [value]                 - Get or set node configuration
+    port <port>                          Primary P2P port
+    secondaryport <port/0>               Secondary P2P port (0 to disable)
+    blacklist cidr <IP/bits> <boolean>   Toggle physical path blacklisting
+    blacklist if <prefix> <boolean>      Toggle interface prefix blacklisting
+    portmap <boolean>                    Toggle use of uPnP or NAT-PMP
+
+  peer list                              List VL1 peers
+  peer <address> [command] [option]    - Peer management commands
+    show                                 Show peer details (default)
+    try <endpoint> [...]                 Try peer at explicit endpoint
 
-  networks                               List VL2 virtual networks
+  network list                           List VL2 networks
   network <network> [command] [option] - Network management commands
     show                                 Show network details (default)
     set [option] [value]               - Get or set network options
@@ -54,24 +61,17 @@ Common Operations:
       globalroutes <boolean>             Can global IP space routes be set?
       defaultroute <boolean>             Can default route be overridden?
 
-  peers                                  List VL1 peers
-  peer <address> [command] [option]    - Peer management commands
-    show                                 Show peer details (default)
-    try <endpoint> [...]                 Try peer at explicit endpoint
-
-  set [option] [value]                 - Get or set node configuration
-    port <port>                          Primary P2P port
-    secondaryport <port/0>               Secondary P2P port (0 to disable)
-    blacklist cidr <IP/bits> <boolean>   Toggle physical path blacklisting
-    blacklist if <prefix> <boolean>      Toggle interface prefix blacklisting
-    portmap <boolean>                    Toggle use of uPnP or NAT-PMP
+  join [-options] <network>              Join a virtual network
+    -a <token>                           Token to submit to controller
+    -c <identity | fingerprint>          Controller identity or fingerprint
+  leave <network>                        Leave a virtual network
 
 Advanced Operations:
 
   service                                Start node (seldom used from CLI)
 
   controller <command> [option]        - Local controller management commands
-    networks                             List networks run by local controller
+    list                                 List networks run by local controller
     new                                  Create a new network
     set <network> [setting] [value]      Show or modify network settings
     members <network>                    List members of a network
@@ -92,8 +92,8 @@ Advanced Operations:
     verify <identity> <locator>          Verify locator signature
     show <locator>                       Show contents of a locator
 
-  certs                                  List certificates
   cert <command> [args]                - Certificate management
+    list                                 List certificates in local node store
     show [serial]                        List or show details of a certificate
     newsid <secret out>                  Create a new subject unique ID
     newcsr <subject> <secret> <csr out>  Create a subject CSR

cmd/zerotier/cli/join.go

@@ -23,7 +23,9 @@ import (
 	"zerotier/pkg/zerotier"
 )
 
-func Join(basePath, authToken string, args []string) int {
+func Join(basePath string, authTokenGenerator func() string, args []string) int {
+	authToken := authTokenGenerator()
+
 	joinOpts := flag.NewFlagSet("join", flag.ContinueOnError)
 	controllerAuthToken := joinOpts.String("a", "", "")
 	controllerFingerprint := joinOpts.String("c", "", "")

cmd/zerotier/cli/leave.go

@@ -19,7 +19,9 @@ import (
 	"zerotier/pkg/zerotier"
 )
 
-func Leave(basePath, authToken string, args []string) int {
+func Leave(basePath string, authTokenGenerator func() string, args []string) int {
+	authToken := authTokenGenerator()
+
 	if len(args) != 1 {
 		Help()
 		return 1

cmd/zerotier/cli/network.go

@@ -84,7 +84,9 @@ func showNetwork(nwids string, network *zerotier.APINetwork, jsonOutput bool) {
 	}
 }
 
-func Network(basePath, authToken string, args []string, jsonOutput bool) int {
+func Network(basePath string, authTokenGenerator func() string, args []string, jsonOutput bool) int {
+	authToken := authTokenGenerator()
+
 	if len(args) < 1 {
 		Help()
 		return 1

cmd/zerotier/cli/networks.go

@@ -18,9 +18,9 @@ import (
 	"zerotier/pkg/zerotier"
 )
 
-func Networks(basePath, authToken string, args []string, jsonOutput bool) int {
+func Networks(basePath string, authTokenGenerator func() string, args []string, jsonOutput bool) int {
 	var networks []zerotier.APINetwork
-	apiGet(basePath, authToken, "/network", &networks)
+	apiGet(basePath, authTokenGenerator(), "/network", &networks)
 
 	if jsonOutput {
 		fmt.Println(jsonDump(networks))

cmd/zerotier/cli/peer.go

@@ -13,7 +13,7 @@
 
 package cli
 
-func Peer(basePath, authToken string, args []string, jsonOutput bool) int {
+func Peer(basePath string, authTokenGenerator func() string, args []string, jsonOutput bool) int {
 	if len(args) < 1 {
 		Help()
 		return 1

cmd/zerotier/cli/peers.go

@@ -20,9 +20,9 @@ import (
 	"zerotier/pkg/zerotier"
 )
 
-func Peers(basePath, authToken string, args []string, jsonOutput bool, rootsOnly bool) int {
+func Peers(basePath string, authTokenGenerator func() string, args []string, jsonOutput bool, rootsOnly bool) int {
 	var peers []zerotier.Peer
-	apiGet(basePath, authToken, "/peer", &peers)
+	apiGet(basePath, authTokenGenerator(), "/peer", &peers)
 
 	if rootsOnly {
 		roots := make([]zerotier.Peer, 0, len(peers))

cmd/zerotier/cli/set.go

@@ -13,6 +13,6 @@
 
 package cli
 
-func Set(basePath, authToken string, args []string) int {
+func Set(basePath string, authTokenGenerator func() string, args []string) int {
 	return 0
 }

cmd/zerotier/cli/status.go

@@ -18,9 +18,9 @@ import (
 	"zerotier/pkg/zerotier"
 )
 
-func Status(basePath, authToken string, args []string, jsonOutput bool) int {
+func Status(basePath string, authTokenGenerator func() string, args []string, jsonOutput bool) int {
 	var status zerotier.APIStatus
-	apiGet(basePath, authToken, "/status", &status)
+	apiGet(basePath, authTokenGenerator(), "/status", &status)
 
 	if jsonOutput {
 		fmt.Println(jsonDump(&status))

cmd/zerotier/zerotier.go

@@ -27,65 +27,74 @@ import (
 	"zerotier/pkg/zerotier"
 )
 
-func authToken(basePath, tflag, tTflag string) string {
-	var authToken string
-	if len(tflag) > 0 {
-		at, err := ioutil.ReadFile(tflag)
-		if err != nil || len(at) == 0 {
-			fmt.Println("FATAL: unable to read local service API authorization token from " + tflag)
-			return ""
+// authToken returns a function that reads the authorization token if needed.
+// If the authorization token can't be read, the function terminates the program with a fatal error.
+func authToken(basePath, tflag, tTflag string) func () string {
+	savedAuthToken := new(string)
+	return func() string {
+		authToken := *savedAuthToken
+		if len(authToken) > 0 {
+			return authToken
 		}
-		authToken = string(at)
-	} else if len(tTflag) > 0 {
-		authToken = tTflag
-	} else {
-		var authTokenPaths []string
-		authTokenPaths = append(authTokenPaths, path.Join(basePath, "authtoken.secret"))
-		userHome, _ := os.UserHomeDir()
-		if len(userHome) > 0 {
-			if runtime.GOOS == "darwin" {
-				authTokenPaths = append(authTokenPaths, path.Join(userHome, "Library", "Application Support", "ZeroTier", "authtoken.secret"))
-				authTokenPaths = append(authTokenPaths, path.Join(userHome, "Library", "Application Support", "ZeroTier", "One", "authtoken.secret"))
+
+		if len(tflag) > 0 {
+			at, err := ioutil.ReadFile(tflag)
+			if err != nil || len(at) == 0 {
+				fmt.Println("FATAL: unable to read local service API authorization token from " + tflag)
+				os.Exit(1)
+				return ""
+			}
+			authToken = string(at)
+		} else if len(tTflag) > 0 {
+			authToken = tTflag
+		} else {
+			var authTokenPaths []string
+			authTokenPaths = append(authTokenPaths, path.Join(basePath, "authtoken.secret"))
+			userHome, _ := os.UserHomeDir()
+			if len(userHome) > 0 {
+				if runtime.GOOS == "darwin" {
+					authTokenPaths = append(authTokenPaths, path.Join(userHome, "Library", "Application Support", "ZeroTier", "authtoken.secret"))
+					authTokenPaths = append(authTokenPaths, path.Join(userHome, "Library", "Application Support", "ZeroTier", "One", "authtoken.secret"))
+				}
+				authTokenPaths = append(authTokenPaths, path.Join(userHome, ".zerotierauth"))
+				authTokenPaths = append(authTokenPaths, path.Join(userHome, ".zeroTierOneAuthToken"))
+			}
+
+			for _, p := range authTokenPaths {
+				tmp, _ := ioutil.ReadFile(p)
+				if len(tmp) > 0 {
+					authToken = string(tmp)
+					break
+				}
 			}
-			authTokenPaths = append(authTokenPaths, path.Join(userHome, ".zerotierauth"))
-			authTokenPaths = append(authTokenPaths, path.Join(userHome, ".zeroTierOneAuthToken"))
-		}
 
-		for _, p := range authTokenPaths {
-			tmp, _ := ioutil.ReadFile(p)
-			if len(tmp) > 0 {
-				authToken = string(tmp)
-				break
+			if len(authToken) == 0 {
+				fmt.Println("FATAL: unable to read local service API authorization token from any of:")
+				for _, p := range authTokenPaths {
+					fmt.Println("  " + p)
+				}
+				os.Exit(1)
+				return ""
 			}
 		}
 
+		authToken = strings.TrimSpace(authToken)
 		if len(authToken) == 0 {
-			fmt.Println("FATAL: unable to read local service API authorization token from any of:")
-			for _, p := range authTokenPaths {
-				fmt.Println("  " + p)
-			}
+			fmt.Println("FATAL: unable to read API authorization token from command line or any filesystem location.")
+			os.Exit(1)
 			return ""
 		}
-	}
 
-	authToken = strings.TrimSpace(authToken)
-	if len(authToken) == 0 {
-		fmt.Println("FATAL: unable to read API authorization token from command line or any filesystem location.")
-		return ""
+		*savedAuthToken = authToken
+		return authToken
 	}
-
-	return authToken
 }
 
 func main() {
 	// Reduce Go's thread and memory footprint. This would slow things down if the Go code
 	// were doing a lot, but it's not. It just manages the core and is not directly involved
 	// in pushing a lot of packets around. If that ever changes this should be adjusted.
-	if runtime.NumCPU() > 1 {
-		runtime.GOMAXPROCS(2)
-	} else {
-		runtime.GOMAXPROCS(1)
-	}
+	runtime.GOMAXPROCS(1)
 	debug.SetGCPercent(10)
 
 	globalOpts := flag.NewFlagSet("global", flag.ContinueOnError)

core/AES.cpp

@@ -18,12 +18,12 @@
 #pragma GCC diagnostic ignored "-Wstrict-aliasing"
 #endif
 
-#define Te1_r(x) ZT_ROR32(Te0[x], 8)
-#define Te2_r(x) ZT_ROR32(Te0[x], 16)
-#define Te3_r(x) ZT_ROR32(Te0[x], 24)
-#define Td1_r(x) ZT_ROR32(Td0[x], 8)
-#define Td2_r(x) ZT_ROR32(Td0[x], 16)
-#define Td3_r(x) ZT_ROR32(Td0[x], 24)
+#define Te1_r(x) ZT_ROR32(Te0[x], 8U)
+#define Te2_r(x) ZT_ROR32(Te0[x], 16U)
+#define Te3_r(x) ZT_ROR32(Te0[x], 24U)
+#define Td1_r(x) ZT_ROR32(Td0[x], 8U)
+#define Td2_r(x) ZT_ROR32(Td0[x], 16U)
+#define Td3_r(x) ZT_ROR32(Td0[x], 24U)
 
 namespace ZeroTier {
 
@@ -64,14 +64,14 @@ ZT_INLINE uint8x16_t s_clmul_armneon_crypto(uint8x16_t h, uint8x16_t y, const ui
 
 ZT_INLINE void s_bmul32(const uint32_t x, const uint32_t y, uint32_t &rh, uint32_t &rl) noexcept
 {
-	uint32_t x0 = x & 0x11111111;
-	uint32_t x1 = x & 0x22222222;
-	uint32_t x2 = x & 0x44444444;
-	uint32_t x3 = x & 0x88888888;
-	uint32_t y0 = y & 0x11111111;
-	uint32_t y1 = y & 0x22222222;
-	uint32_t y2 = y & 0x44444444;
-	uint32_t y3 = y & 0x88888888;
+	uint32_t x0 = x & 0x11111111U;
+	uint32_t x1 = x & 0x22222222U;
+	uint32_t x2 = x & 0x44444444U;
+	uint32_t x3 = x & 0x88888888U;
+	uint32_t y0 = y & 0x11111111U;
+	uint32_t y1 = y & 0x22222222U;
+	uint32_t y2 = y & 0x44444444U;
+	uint32_t y3 = y & 0x88888888U;
 	uint64_t z0 = (((uint64_t)x0 * y0) ^ ((uint64_t)x1 * y3) ^ ((uint64_t)x2 * y2) ^ ((uint64_t)x3 * y1)) & 0x1111111111111111ULL;
 	uint64_t z1 = (((uint64_t)x0 * y1) ^ ((uint64_t)x1 * y0) ^ ((uint64_t)x2 * y3) ^ ((uint64_t)x3 * y2)) & 0x2222222222222222ULL;
 	z0 |= z1;
@@ -83,42 +83,42 @@ ZT_INLINE void s_bmul32(const uint32_t x, const uint32_t y, uint32_t &rh, uint32
 	rl = (uint32_t)z;
 }
 
-void s_gfmul(const uint64_t hh,const uint64_t hl,uint64_t &y0,uint64_t &y1) noexcept
+void s_gfmul(const uint64_t hh, const uint64_t hl, uint64_t &y0, uint64_t &y1) noexcept
 {
 	uint32_t hhh = (uint32_t)(hh >> 32U);
 	uint32_t hhl = (uint32_t)hh;
 	uint32_t hlh = (uint32_t)(hl >> 32U);
 	uint32_t hll = (uint32_t)hl;
-	uint32_t hhXlh = hhh ^ hlh;
-	uint32_t hhXll = hhl ^ hll;
+	uint32_t hhXlh = hhh ^hlh;
+	uint32_t hhXll = hhl ^hll;
 	uint64_t yl = Utils::ntoh(y0);
 	uint64_t yh = Utils::ntoh(y1);
 	uint32_t cilh = (uint32_t)(yh >> 32U);
 	uint32_t cill = (uint32_t)yh;
 	uint32_t cihh = (uint32_t)(yl >> 32U);
 	uint32_t cihl = (uint32_t)yl;
-	uint32_t cihXlh = cihh ^ cilh;
-	uint32_t cihXll = cihl ^ cill;
-	uint32_t aah,aal,abh,abl,ach,acl;
-	s_bmul32(cihh,hhh,aah,aal);
-	s_bmul32(cihl,hhl,abh,abl);
-	s_bmul32(cihh ^ cihl,hhh ^ hhl,ach,acl);
+	uint32_t cihXlh = cihh ^cilh;
+	uint32_t cihXll = cihl ^cill;
+	uint32_t aah, aal, abh, abl, ach, acl;
+	s_bmul32(cihh, hhh, aah, aal);
+	s_bmul32(cihl, hhl, abh, abl);
+	s_bmul32(cihh ^ cihl, hhh ^ hhl, ach, acl);
 	ach ^= aah ^ abh;
 	acl ^= aal ^ abl;
 	aal ^= ach;
 	abh ^= acl;
-	uint32_t bah,bal,bbh,bbl,bch,bcl;
-	s_bmul32(cilh,hlh,bah,bal);
-	s_bmul32(cill,hll,bbh,bbl);
-	s_bmul32(cilh ^ cill,hlh ^ hll,bch,bcl);
+	uint32_t bah, bal, bbh, bbl, bch, bcl;
+	s_bmul32(cilh, hlh, bah, bal);
+	s_bmul32(cill, hll, bbh, bbl);
+	s_bmul32(cilh ^ cill, hlh ^ hll, bch, bcl);
 	bch ^= bah ^ bbh;
 	bcl ^= bal ^ bbl;
 	bal ^= bch;
 	bbh ^= bcl;
-	uint32_t cah,cal,cbh,cbl,cch,ccl;
-	s_bmul32(cihXlh,hhXlh,cah,cal);
-	s_bmul32(cihXll,hhXll,cbh,cbl);
-	s_bmul32(cihXlh ^ cihXll, hhXlh ^ hhXll,cch,ccl);
+	uint32_t cah, cal, cbh, cbl, cch, ccl;
+	s_bmul32(cihXlh, hhXlh, cah, cal);
+	s_bmul32(cihXll, hhXll, cbh, cbl);
+	s_bmul32(cihXlh ^ cihXll, hhXlh ^ hhXll, cch, ccl);
 	cch ^= cah ^ cbh;
 	ccl ^= cal ^ cbl;
 	cal ^= cch;
@@ -128,13 +128,13 @@ void s_gfmul(const uint64_t hh,const uint64_t hl,uint64_t &y0,uint64_t &y1) noex
 	cbh ^= bbh ^ abh;
 	cbl ^= bbl ^ abl;
 	uint64_t zhh = ((uint64_t)aah << 32U) | aal;
-	uint64_t zhl = (((uint64_t)abh << 32U) | abl) ^ (((uint64_t)cah << 32U) | cal);
-	uint64_t zlh = (((uint64_t)bah << 32U) | bal) ^ (((uint64_t)cbh << 32U) | cbl);
+	uint64_t zhl = (((uint64_t)abh << 32U) | abl) ^(((uint64_t)cah << 32U) | cal);
+	uint64_t zlh = (((uint64_t)bah << 32U) | bal) ^(((uint64_t)cbh << 32U) | cbl);
 	uint64_t zll = ((uint64_t)bbh << 32U) | bbl;
 	zhh = zhh << 1U | zhl >> 63U;
 	zhl = zhl << 1U | zlh >> 63U;
 	zlh = zlh << 1U | zll >> 63U;
-	zll <<= 1;
+	zll <<= 1U;
 	zlh ^= (zll << 63U) ^ (zll << 62U) ^ (zll << 57U);
 	zhh ^= zlh ^ (zlh >> 1U) ^ (zlh >> 2U) ^ (zlh >> 7U);
 	zhl ^= zll ^ (zll >> 1U) ^ (zll >> 2U) ^ (zll >> 7U) ^ (zlh << 63U) ^ (zlh << 62U) ^ (zlh << 57U);
@@ -1017,9 +1017,9 @@ void AES::CTR::crypt(const void *const input, unsigned int len) noexcept
 
 	if (likely(len >= 16)) {
 		const uint32_t *const restrict rk = _aes._k.sw.ek;
-		const uint32_t ctr0rk0 = Utils::ntoh(reinterpret_cast<const uint32_t *>(_ctr)[0]) ^ rk[0];
-		const uint32_t ctr1rk1 = Utils::ntoh(reinterpret_cast<const uint32_t *>(_ctr)[1]) ^ rk[1];
-		const uint32_t ctr2rk2 = Utils::ntoh(reinterpret_cast<const uint32_t *>(_ctr)[2]) ^ rk[2];
+		const uint32_t ctr0rk0 = Utils::ntoh(reinterpret_cast<const uint32_t *>(_ctr)[0]) ^rk[0];
+		const uint32_t ctr1rk1 = Utils::ntoh(reinterpret_cast<const uint32_t *>(_ctr)[1]) ^rk[1];
+		const uint32_t ctr2rk2 = Utils::ntoh(reinterpret_cast<const uint32_t *>(_ctr)[2]) ^rk[2];
 		const uint32_t m8 = 0x000000ff;
 		const uint32_t m8_8 = 0x0000ff00;
 		const uint32_t m8_16 = 0x00ff0000;
@@ -1299,15 +1299,15 @@ void AES::_initSW(const uint8_t key[32]) noexcept
 void AES::_encryptSW(const uint8_t in[16], uint8_t out[16]) const noexcept
 {
 	const uint32_t *const restrict rk = _k.sw.ek;
-	const uint32_t m8 = 0xff;
-	const uint32_t m8_24 = 0xff000000;
-	const uint32_t m8_16 = 0x00ff0000;
+	const uint32_t m8 = 0x000000ff;
 	const uint32_t m8_8 = 0x0000ff00;
-	uint32_t s0, s1, s2, s3;
-	s0 = Utils::loadBigEndian< uint32_t >(in) ^ rk[0];
-	s1 = Utils::loadBigEndian< uint32_t >(in + 4) ^ rk[1];
-	s2 = Utils::loadBigEndian< uint32_t >(in + 8) ^ rk[2];
-	s3 = Utils::loadBigEndian< uint32_t >(in + 12) ^ rk[3];
+	const uint32_t m8_16 = 0x00ff0000;
+	const uint32_t m8_24 = 0xff000000;
+	uint32_t s0 = Utils::loadBigEndian< uint32_t >(in) ^rk[0];
+	uint32_t s1 = Utils::loadBigEndian< uint32_t >(in + 4) ^rk[1];
+	uint32_t s2 = Utils::loadBigEndian< uint32_t >(in + 8) ^rk[2];
+	uint32_t s3 = Utils::loadBigEndian< uint32_t >(in + 12) ^rk[3];
+
 	uint32_t t0, t1, t2, t3;
 	t0 = Te0[s0 >> 24U] ^ Te1_r((s1 >> 16U) & m8) ^ Te2_r((s2 >> 8U) & m8) ^ Te3_r(s3 & m8) ^ rk[4];
 	t1 = Te0[s1 >> 24U] ^ Te1_r((s2 >> 16U) & m8) ^ Te2_r((s3 >> 8U) & m8) ^ Te3_r(s0 & m8) ^ rk[5];
@@ -1365,6 +1365,7 @@ void AES::_encryptSW(const uint8_t in[16], uint8_t out[16]) const noexcept
 	s1 = (Te2_r(t1 >> 24U) & m8_24) ^ (Te3_r((t2 >> 16U) & m8) & m8_16) ^ (Te0[(t3 >> 8U) & m8] & m8_8) ^ (Te1_r(t0 & m8) & m8) ^ rk[57];
 	s2 = (Te2_r(t2 >> 24U) & m8_24) ^ (Te3_r((t3 >> 16U) & m8) & m8_16) ^ (Te0[(t0 >> 8U) & m8] & m8_8) ^ (Te1_r(t1 & m8) & m8) ^ rk[58];
 	s3 = (Te2_r(t3 >> 24U) & m8_24) ^ (Te3_r((t0 >> 16U) & m8) & m8_16) ^ (Te0[(t1 >> 8U) & m8] & m8_8) ^ (Te1_r(t2 & m8) & m8) ^ rk[59];
+
 	Utils::storeBigEndian< uint32_t >(out, s0);
 	Utils::storeBigEndian< uint32_t >(out + 4, s1);
 	Utils::storeBigEndian< uint32_t >(out + 8, s2);
@@ -1374,12 +1375,13 @@ void AES::_encryptSW(const uint8_t in[16], uint8_t out[16]) const noexcept
 void AES::_decryptSW(const uint8_t in[16], uint8_t out[16]) const noexcept
 {
 	const uint32_t *restrict rk = _k.sw.dk;
-	uint32_t s0, s1, s2, s3, t0, t1, t2, t3;
-	const uint32_t m8 = 0xff;
-	s0 = Utils::loadBigEndian< uint32_t >(in) ^ rk[0];
-	s1 = Utils::loadBigEndian< uint32_t >(in + 4) ^ rk[1];
-	s2 = Utils::loadBigEndian< uint32_t >(in + 8) ^ rk[2];
-	s3 = Utils::loadBigEndian< uint32_t >(in + 12) ^ rk[3];
+	const uint32_t m8 = 0x000000ff;
+	uint32_t s0 = Utils::loadBigEndian< uint32_t >(in) ^rk[0];
+	uint32_t s1 = Utils::loadBigEndian< uint32_t >(in + 4) ^rk[1];
+	uint32_t s2 = Utils::loadBigEndian< uint32_t >(in + 8) ^rk[2];
+	uint32_t s3 = Utils::loadBigEndian< uint32_t >(in + 12) ^rk[3];
+
+	uint32_t t0, t1, t2, t3;
 	t0 = Td0[s0 >> 24U] ^ Td1_r((s3 >> 16U) & m8) ^ Td2_r((s2 >> 8U) & m8) ^ Td3_r(s1 & m8) ^ rk[4];
 	t1 = Td0[s1 >> 24U] ^ Td1_r((s0 >> 16U) & m8) ^ Td2_r((s3 >> 8U) & m8) ^ Td3_r(s2 & m8) ^ rk[5];
 	t2 = Td0[s2 >> 24U] ^ Td1_r((s1 >> 16U) & m8) ^ Td2_r((s0 >> 8U) & m8) ^ Td3_r(s3 & m8) ^ rk[6];
@@ -1432,11 +1434,15 @@ void AES::_decryptSW(const uint8_t in[16], uint8_t out[16]) const noexcept
 	t1 = Td0[s1 >> 24U] ^ Td1_r((s0 >> 16U) & m8) ^ Td2_r((s3 >> 8U) & m8) ^ Td3_r(s2 & m8) ^ rk[53];
 	t2 = Td0[s2 >> 24U] ^ Td1_r((s1 >> 16U) & m8) ^ Td2_r((s0 >> 8U) & m8) ^ Td3_r(s3 & m8) ^ rk[54];
 	t3 = Td0[s3 >> 24U] ^ Td1_r((s2 >> 16U) & m8) ^ Td2_r((s1 >> 8U) & m8) ^ Td3_r(s0 & m8) ^ rk[55];
-	rk += 56;
-	Utils::storeBigEndian< uint32_t >(out, (Td4[(t0 >> 24U)] << 24U) ^ (Td4[(t3 >> 16U) & m8] << 16U) ^ (Td4[(t2 >> 8U) & m8] << 8U) ^ (Td4[(t1) & m8]) ^ rk[0]);
-	Utils::storeBigEndian< uint32_t >(out + 4, (Td4[(t1 >> 24U)] << 24U) ^ (Td4[(t0 >> 16U) & m8] << 16U) ^ (Td4[(t3 >> 8U) & m8] << 8U) ^ (Td4[(t2) & m8]) ^ rk[1]);
-	Utils::storeBigEndian< uint32_t >(out + 8, (Td4[(t2 >> 24U)] << 24U) ^ (Td4[(t1 >> 16U) & m8] << 16U) ^ (Td4[(t0 >> 8U) & m8] << 8U) ^ (Td4[(t3) & m8]) ^ rk[2]);
-	Utils::storeBigEndian< uint32_t >(out + 12, (Td4[(t3 >> 24U)] << 24U) ^ (Td4[(t2 >> 16U) & m8] << 16U) ^ (Td4[(t1 >> 8U) & m8] << 8U) ^ (Td4[(t0) & m8]) ^ rk[3]);
+	s0 = (Td4[t0 >> 24U] << 24U) ^ (Td4[(t3 >> 16U) & m8] << 16U) ^ (Td4[(t2 >> 8U) & m8] << 8U) ^ (Td4[(t1) & m8]) ^ rk[56];
+	s1 = (Td4[t1 >> 24U] << 24U) ^ (Td4[(t0 >> 16U) & m8] << 16U) ^ (Td4[(t3 >> 8U) & m8] << 8U) ^ (Td4[(t2) & m8]) ^ rk[57];
+	s2 = (Td4[t2 >> 24U] << 24U) ^ (Td4[(t1 >> 16U) & m8] << 16U) ^ (Td4[(t0 >> 8U) & m8] << 8U) ^ (Td4[(t3) & m8]) ^ rk[58];
+	s3 = (Td4[t3 >> 24U] << 24U) ^ (Td4[(t2 >> 16U) & m8] << 16U) ^ (Td4[(t1 >> 8U) & m8] << 8U) ^ (Td4[(t0) & m8]) ^ rk[59];
+
+	Utils::storeBigEndian< uint32_t >(out, s0);
+	Utils::storeBigEndian< uint32_t >(out + 4, s1);
+	Utils::storeBigEndian< uint32_t >(out + 8, s2);
+	Utils::storeBigEndian< uint32_t >(out + 12, s3);
 }
 
 #ifdef ZT_AES_AESNI
@@ -1584,8 +1590,8 @@ void AES::_decrypt_aesni(const void *in, void *out) const noexcept
 void AES::_init_armneon_crypto(const uint8_t key[32]) noexcept
 {
 	static const uint8_t s_sbox[256] = {0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5, 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76, 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0, 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0, 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc, 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15, 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a, 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75, 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0, 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84, 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b, 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c,
-	                                    0x58, 0xcf, 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85, 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8, 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5, 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2, 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17, 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73, 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88, 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb, 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c, 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79, 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9, 0x6c, 0x56, 0xf4, 0xea,
-	                                    0x65, 0x7a, 0xae, 0x08, 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6, 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a, 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e, 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e, 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94, 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf, 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68, 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16};
+																			0x58, 0xcf, 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85, 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8, 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5, 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2, 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17, 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73, 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88, 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb, 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c, 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79, 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9, 0x6c, 0x56, 0xf4, 0xea,
+																			0x65, 0x7a, 0xae, 0x08, 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6, 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a, 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e, 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e, 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94, 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf, 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68, 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16};
 
 	uint64_t h[2];
 	uint32_t *const w = reinterpret_cast<uint32_t *>(_k.neon.ek);

core/C25519.cpp

@@ -7,9 +7,6 @@ Derived from public domain code by D. J. Bernstein.
 // Modified slightly for ZeroTier but remains in the public domain as per
 // its original license.
 
-#include <cstdint>
-#include <cstring>
-
 #include "C25519.hpp"
 #include "SHA512.hpp"
 #include "Utils.hpp"