From 6f9a57740f8ace0481160bb1c647f9ba84a48195 Mon Sep 17 00:00:00 2001 From: Adam Ierymenko Date: Thu, 23 Feb 2023 10:23:05 -0500 Subject: [PATCH] Add MPL to utils and other stuff. --- utils/src/arrayvec.rs | 8 +++++- utils/src/blob.rs | 8 +++++- utils/src/buffer.rs | 8 +++++- utils/src/defer.rs | 12 ++++++++- utils/src/dictionary.rs | 8 +++++- utils/src/error.rs | 8 +++++- utils/src/exitcode.rs | 8 +++++- utils/src/gate.rs | 10 +++++--- utils/src/gatherarray.rs | 8 +++++- utils/src/hex.rs | 8 +++++- utils/src/io.rs | 8 +++++- utils/src/json.rs | 8 ++++++ utils/src/lib.rs | 8 +++++- utils/src/marshalable.rs | 8 +++++- utils/src/memory.rs | 8 +++++- utils/src/pool.rs | 8 +++++- utils/src/reaper.rs | 8 ++++++ utils/src/ringbuffer.rs | 8 +++++- utils/src/ringbuffermap.rs | 8 +++++- utils/src/sync.rs | 8 ++++++ utils/src/thing.rs | 8 +++++- utils/src/varint.rs | 8 +++++- zssp/src/error.rs | 4 --- zssp/src/zssp.rs | 52 ++++++++++++++++++++++++++++++-------- 24 files changed, 203 insertions(+), 35 deletions(-) diff --git a/utils/src/arrayvec.rs b/utils/src/arrayvec.rs index db76c5ebf..1018d6c8b 100644 --- a/utils/src/arrayvec.rs +++ b/utils/src/arrayvec.rs @@ -1,4 +1,10 @@ -// (c) 2020-2022 ZeroTier, Inc. -- currently proprietary pending actual release and licensing. See LICENSE.md. +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at https://mozilla.org/MPL/2.0/. + * + * (c) ZeroTier, Inc. + * https://www.zerotier.com/ + */ use std::fmt::Debug; use std::io::Write; diff --git a/utils/src/blob.rs b/utils/src/blob.rs index 0ad7b477e..b02f7902b 100644 --- a/utils/src/blob.rs +++ b/utils/src/blob.rs @@ -1,4 +1,10 @@ -// (c) 2020-2022 ZeroTier, Inc. -- currently proprietary pending actual release and licensing. See LICENSE.md. +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at https://mozilla.org/MPL/2.0/. + * + * (c) ZeroTier, Inc. + * https://www.zerotier.com/ + */ use std::fmt::Debug; diff --git a/utils/src/buffer.rs b/utils/src/buffer.rs index d7dfbf96d..cfffef323 100644 --- a/utils/src/buffer.rs +++ b/utils/src/buffer.rs @@ -1,4 +1,10 @@ -// (c) 2020-2022 ZeroTier, Inc. -- currently proprietary pending actual release and licensing. See LICENSE.md. +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at https://mozilla.org/MPL/2.0/. + * + * (c) ZeroTier, Inc. + * https://www.zerotier.com/ + */ use std::error::Error; use std::fmt::{Debug, Display}; diff --git a/utils/src/defer.rs b/utils/src/defer.rs index b66b983b4..da8e224e0 100644 --- a/utils/src/defer.rs +++ b/utils/src/defer.rs @@ -1,4 +1,11 @@ -/// Defer execution of a closure until dropped. +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at https://mozilla.org/MPL/2.0/. + * + * (c) ZeroTier, Inc. + * https://www.zerotier.com/ + */ + struct Defer(Option); impl Drop for Defer { @@ -8,6 +15,9 @@ impl Drop for Defer { } /// Defer execution of a closure until the return value is dropped. +/// +/// This mimics the defer statement in Go, allowing you to always do some cleanup at +/// the end of a function no matter where it exits. pub fn defer(f: F) -> impl Drop { Defer(Some(f)) } diff --git a/utils/src/dictionary.rs b/utils/src/dictionary.rs index d54c809c8..f9dd18b73 100644 --- a/utils/src/dictionary.rs +++ b/utils/src/dictionary.rs @@ -1,4 +1,10 @@ -// (c) 2020-2022 ZeroTier, Inc. -- currently proprietary pending actual release and licensing. See LICENSE.md. +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at https://mozilla.org/MPL/2.0/. + * + * (c) ZeroTier, Inc. + * https://www.zerotier.com/ + */ use std::collections::BTreeMap; use std::io::Write; diff --git a/utils/src/error.rs b/utils/src/error.rs index 1a23ea274..a958e77cd 100644 --- a/utils/src/error.rs +++ b/utils/src/error.rs @@ -1,4 +1,10 @@ -// (c) 2020-2022 ZeroTier, Inc. -- currently proprietary pending actual release and licensing. See LICENSE.md. +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at https://mozilla.org/MPL/2.0/. + * + * (c) ZeroTier, Inc. + * https://www.zerotier.com/ + */ use std::error::Error; use std::fmt::{Debug, Display}; diff --git a/utils/src/exitcode.rs b/utils/src/exitcode.rs index ad9c8e4ba..7cb96c3fa 100644 --- a/utils/src/exitcode.rs +++ b/utils/src/exitcode.rs @@ -1,4 +1,10 @@ -// (c) 2020-2022 ZeroTier, Inc. -- currently proprietary pending actual release and licensing. See LICENSE.md. +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at https://mozilla.org/MPL/2.0/. + * + * (c) ZeroTier, Inc. + * https://www.zerotier.com/ + */ // These were taken from BSD sysexits.h to provide some standard for process exit codes. diff --git a/utils/src/gate.rs b/utils/src/gate.rs index f869507f0..037edcc26 100644 --- a/utils/src/gate.rs +++ b/utils/src/gate.rs @@ -1,6 +1,10 @@ -// (c) 2020-2022 ZeroTier, Inc. -- currently proprietary pending actual release and licensing. See LICENSE.md. - -//use std::sync::atomic::{AtomicI64, Ordering}; +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at https://mozilla.org/MPL/2.0/. + * + * (c) ZeroTier, Inc. + * https://www.zerotier.com/ + */ /// Boolean rate limiter with normal (non-atomic) semantics. #[repr(transparent)] diff --git a/utils/src/gatherarray.rs b/utils/src/gatherarray.rs index 4442322b8..091a77354 100644 --- a/utils/src/gatherarray.rs +++ b/utils/src/gatherarray.rs @@ -1,4 +1,10 @@ -// (c) 2020-2022 ZeroTier, Inc. -- currently proprietary pending actual release and licensing. See LICENSE.md. +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at https://mozilla.org/MPL/2.0/. + * + * (c) ZeroTier, Inc. + * https://www.zerotier.com/ + */ use std::mem::{size_of, MaybeUninit}; use std::ptr::copy_nonoverlapping; diff --git a/utils/src/hex.rs b/utils/src/hex.rs index 7c3ace132..d9438e0c9 100644 --- a/utils/src/hex.rs +++ b/utils/src/hex.rs @@ -1,4 +1,10 @@ -// (c) 2020-2022 ZeroTier, Inc. -- currently proprietary pending actual release and licensing. See LICENSE.md. +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at https://mozilla.org/MPL/2.0/. + * + * (c) ZeroTier, Inc. + * https://www.zerotier.com/ + */ pub const HEX_CHARS: [u8; 16] = [ b'0', b'1', b'2', b'3', b'4', b'5', b'6', b'7', b'8', b'9', b'a', b'b', b'c', b'd', b'e', b'f', diff --git a/utils/src/io.rs b/utils/src/io.rs index 89520ccda..a67f83b4a 100644 --- a/utils/src/io.rs +++ b/utils/src/io.rs @@ -1,4 +1,10 @@ -// (c) 2020-2022 ZeroTier, Inc. -- currently proprietary pending actual release and licensing. See LICENSE.md. +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at https://mozilla.org/MPL/2.0/. + * + * (c) ZeroTier, Inc. + * https://www.zerotier.com/ + */ use std::fs::File; use std::io::Read; diff --git a/utils/src/json.rs b/utils/src/json.rs index 71c825290..8b76fd10e 100644 --- a/utils/src/json.rs +++ b/utils/src/json.rs @@ -1,3 +1,11 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at https://mozilla.org/MPL/2.0/. + * + * (c) ZeroTier, Inc. + * https://www.zerotier.com/ + */ + use serde::de::DeserializeOwned; use serde::Serialize; use serde_json::ser::Formatter; diff --git a/utils/src/lib.rs b/utils/src/lib.rs index 0ddab812b..c9dc4da25 100644 --- a/utils/src/lib.rs +++ b/utils/src/lib.rs @@ -1,4 +1,10 @@ -// (c) 2020-2022 ZeroTier, Inc. -- currently proprietary pending actual release and licensing. See LICENSE.md. +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at https://mozilla.org/MPL/2.0/. + * + * (c) ZeroTier, Inc. + * https://www.zerotier.com/ + */ pub mod arrayvec; pub mod blob; diff --git a/utils/src/marshalable.rs b/utils/src/marshalable.rs index 520ee1ec2..ffe6c8dcf 100644 --- a/utils/src/marshalable.rs +++ b/utils/src/marshalable.rs @@ -1,4 +1,10 @@ -// (c) 2020-2022 ZeroTier, Inc. -- currently proprietary pending actual release and licensing. See LICENSE.md. +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at https://mozilla.org/MPL/2.0/. + * + * (c) ZeroTier, Inc. + * https://www.zerotier.com/ + */ use std::error::Error; use std::fmt::{Debug, Display}; diff --git a/utils/src/memory.rs b/utils/src/memory.rs index 281c86c12..9710a9eb8 100644 --- a/utils/src/memory.rs +++ b/utils/src/memory.rs @@ -1,4 +1,10 @@ -// (c) 2020-2022 ZeroTier, Inc. -- currently proprietary pending actual release and licensing. See LICENSE.md. +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at https://mozilla.org/MPL/2.0/. + * + * (c) ZeroTier, Inc. + * https://www.zerotier.com/ + */ #[allow(unused_imports)] use std::mem::{needs_drop, size_of, MaybeUninit}; diff --git a/utils/src/pool.rs b/utils/src/pool.rs index 2ed8df323..08ab98464 100644 --- a/utils/src/pool.rs +++ b/utils/src/pool.rs @@ -1,4 +1,10 @@ -// (c) 2020-2022 ZeroTier, Inc. -- currently proprietary pending actual release and licensing. See LICENSE.md. +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at https://mozilla.org/MPL/2.0/. + * + * (c) ZeroTier, Inc. + * https://www.zerotier.com/ + */ use std::ops::{Deref, DerefMut}; use std::ptr::NonNull; diff --git a/utils/src/reaper.rs b/utils/src/reaper.rs index ecfbe0b44..60624c20a 100644 --- a/utils/src/reaper.rs +++ b/utils/src/reaper.rs @@ -1,3 +1,11 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at https://mozilla.org/MPL/2.0/. + * + * (c) ZeroTier, Inc. + * https://www.zerotier.com/ + */ + use std::collections::VecDeque; use std::sync::Arc; diff --git a/utils/src/ringbuffer.rs b/utils/src/ringbuffer.rs index 27c3d1a2d..225fbf58d 100644 --- a/utils/src/ringbuffer.rs +++ b/utils/src/ringbuffer.rs @@ -1,4 +1,10 @@ -// (c) 2020-2022 ZeroTier, Inc. -- currently proprietary pending actual release and licensing. See LICENSE.md. +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at https://mozilla.org/MPL/2.0/. + * + * (c) ZeroTier, Inc. + * https://www.zerotier.com/ + */ use std::mem::MaybeUninit; diff --git a/utils/src/ringbuffermap.rs b/utils/src/ringbuffermap.rs index aa1b2482d..b6a6882af 100644 --- a/utils/src/ringbuffermap.rs +++ b/utils/src/ringbuffermap.rs @@ -1,4 +1,10 @@ -// (c) 2020-2022 ZeroTier, Inc. -- currently proprietary pending actual release and licensing. See LICENSE.md. +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at https://mozilla.org/MPL/2.0/. + * + * (c) ZeroTier, Inc. + * https://www.zerotier.com/ + */ use std::hash::{Hash, Hasher}; use std::mem::MaybeUninit; diff --git a/utils/src/sync.rs b/utils/src/sync.rs index edebd1f46..baf63e339 100644 --- a/utils/src/sync.rs +++ b/utils/src/sync.rs @@ -1,3 +1,11 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at https://mozilla.org/MPL/2.0/. + * + * (c) ZeroTier, Inc. + * https://www.zerotier.com/ + */ + use std::sync::{RwLock, RwLockReadGuard, RwLockWriteGuard}; /// Variant version of lock for RwLock with automatic conversion to a write lock as needed. diff --git a/utils/src/thing.rs b/utils/src/thing.rs index 7415b96e1..ff11d0ec5 100644 --- a/utils/src/thing.rs +++ b/utils/src/thing.rs @@ -1,4 +1,10 @@ -// (c) 2020-2022 ZeroTier, Inc. -- currently proprietary pending actual release and licensing. See LICENSE.md. +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at https://mozilla.org/MPL/2.0/. + * + * (c) ZeroTier, Inc. + * https://www.zerotier.com/ + */ use std::any::TypeId; use std::mem::{forget, size_of, MaybeUninit}; diff --git a/utils/src/varint.rs b/utils/src/varint.rs index 76e4750f0..2445d38f3 100644 --- a/utils/src/varint.rs +++ b/utils/src/varint.rs @@ -1,4 +1,10 @@ -// (c) 2020-2022 ZeroTier, Inc. -- currently proprietary pending actual release and licensing. See LICENSE.md. +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at https://mozilla.org/MPL/2.0/. + * + * (c) ZeroTier, Inc. + * https://www.zerotier.com/ + */ use std::io::{Read, Write}; diff --git a/zssp/src/error.rs b/zssp/src/error.rs index 111084136..7fccd3017 100644 --- a/zssp/src/error.rs +++ b/zssp/src/error.rs @@ -23,9 +23,6 @@ pub enum Error { /// There is a safe way to reply if absolutely necessary, by sending the reply back after a constant amount of time, but this is difficult to get correct. FailedAuthentication, - /// New session was rejected by the application layer. - NewSessionRejected, - /// Rekeying failed and session secret has reached its hard usage count limit MaxKeyLifetimeExceeded, @@ -66,7 +63,6 @@ impl std::fmt::Display for Error { Self::InvalidPacket => f.write_str("InvalidPacket"), Self::InvalidParameter => f.write_str("InvalidParameter"), Self::FailedAuthentication => f.write_str("FailedAuthentication"), - Self::NewSessionRejected => f.write_str("NewSessionRejected"), Self::MaxKeyLifetimeExceeded => f.write_str("MaxKeyLifetimeExceeded"), Self::SessionNotEstablished => f.write_str("SessionNotEstablished"), Self::RateLimited => f.write_str("RateLimited"), diff --git a/zssp/src/zssp.rs b/zssp/src/zssp.rs index 2a765d31d..bea51742e 100644 --- a/zssp/src/zssp.rs +++ b/zssp/src/zssp.rs @@ -38,7 +38,7 @@ use crate::sessionid::SessionId; /// Each application using ZSSP must create an instance of this to own sessions and /// defragment incoming packets that are not yet associated with a session. pub struct Context { - initial_offer_defrag: Mutex, 1024, 256>>, + initial_offer_defrag: Mutex, 1024, 1024>>, sessions: RwLock>, } @@ -55,6 +55,9 @@ pub enum ReceiveResult<'b, Application: ApplicationLayer> { /// Packet appears valid but was ignored e.g. as a duplicate. Ignored, + + /// Packet appears valid but new session was rejected by application layer. + Rejected, } /// ZeroTier Secure Session Protocol (ZSSP) Session @@ -140,10 +143,9 @@ impl Context { } } - /// Perform periodic background service tasks. + /// Perform periodic background service and cleanup tasks. /// - /// This returns the number of milliseconds until it should be called again. It performs - /// tasks like cleaning up internal data structures. + /// This returns the number of milliseconds until it should be called again. pub fn service(&self, current_time: i64) -> i64 { let mut dead_active = Vec::new(); let mut dead_pending = Vec::new(); @@ -271,16 +273,33 @@ impl Context { /// Receive, authenticate, decrypt, and process a physical wire packet. /// + /// The send function may be called one or more times to send packets. If the packet is associated + /// wtth an active session this session is supplied, otherwise this parameter is None. The size + /// of packets to be sent will not exceed the supplied mtu. + /// + /// New sessions can be accepted or rejected at both the initial negotiation phase and the final + /// negotiation phase using the incoming session filter function. For the initial phase of Noise_XK + /// the function will be called with None as a parameter since we do not yet know the static identity + /// or meta-data associated with the connection attempt. In the final phase the function will be called + /// again with the static public identity blob of the initiating endpoint and optionally any meta-data + /// that was supplied. In both cases a return value of false causes abandonment of the session. + /// /// * `app` - Interface to application using ZSSP - /// * `remote_address` - Remote physical address of source endpoint + /// * `incoming_session_filter` - Function to call to check whether new sessions should be accepted + /// * `send` - Function to call to send packets /// * `data_buf` - Buffer to receive decrypted and authenticated object data (an error is returned if too small) /// * `incoming_packet_buf` - Buffer containing incoming wire packet (receive() takes ownership) /// * `mtu` - Physical wire MTU for sending packets /// * `current_time` - Current monotonic time in milliseconds #[inline] - pub fn receive<'b, SendFunction: FnMut(&mut [u8])>( + pub fn receive< + 'b, + SendFunction: FnMut(Option<&Arc>>, &mut [u8]), + PermitIncomingSession: FnMut(Option<&[u8]>, Option<&[u8]>) -> bool, + >( &self, app: &Application, + mut incoming_session_filter: PermitIncomingSession, mut send: SendFunction, data_buf: &'b mut [u8], mut incoming_packet_buf: Application::IncomingPacketBuffer, @@ -311,6 +330,7 @@ impl Context { return self.receive_complete( app, &mut send, + &mut incoming_session_filter, data_buf, counter, assembled_packet.as_ref(), @@ -332,6 +352,7 @@ impl Context { return self.receive_complete( app, &mut send, + &mut incoming_session_filter, data_buf, counter, &[incoming_packet_buf], @@ -371,6 +392,7 @@ impl Context { return self.receive_complete( app, &mut send, + &mut incoming_session_filter, data_buf, counter, assembled_packet.as_ref(), @@ -386,6 +408,7 @@ impl Context { return self.receive_complete( app, &mut send, + &mut incoming_session_filter, data_buf, counter, &[incoming_packet_buf], @@ -405,10 +428,15 @@ impl Context { /// /// NOTE: header check codes will already have been validated on receipt of each fragment. AEAD authentication /// and decryption has NOT yet been performed, and is done here. - fn receive_complete<'b, SendFunction: FnMut(&mut [u8])>( + fn receive_complete< + 'b, + SendFunction: FnMut(Option<&Arc>>, &mut [u8]), + PermitIncomingSession: FnMut(Option<&[u8]>, Option<&[u8]>) -> bool, + >( &self, app: &Application, send: &mut SendFunction, + incoming_session_filter: &mut PermitIncomingSession, data_buf: &'b mut [u8], counter: u64, fragments: &[Application::IncomingPacketBuffer], @@ -560,6 +588,10 @@ impl Context { return Err(Error::FailedAuthentication); } + if !incoming_session_filter(None, None) { + return Ok(ReceiveResult::Rejected); + } + // Decrypt encrypted part of payload (already authenticated above). let mut ctr = AesCtr::new(kbkdf::(noise_es.as_bytes()).as_bytes()); ctr.reset_set_iv(&SHA384::hash(&pkt.alice_noise_e)[..AES_CTR_NONCE_SIZE]); @@ -649,7 +681,7 @@ impl Context { reply_buffer[BobNoiseXKAck::AUTH_START..].copy_from_slice(&reply_hmac); send_with_fragmentation( - send, + |b| send(None, b), &mut reply_buffer, mtu, PACKET_TYPE_BOB_NOISE_XK_ACK, @@ -810,7 +842,7 @@ impl Context { } send_with_fragmentation( - send, + |b| send(Some(&session), b), &mut reply_buffer[..reply_len], mtu, PACKET_TYPE_ALICE_NOISE_XK_ACK, @@ -1131,7 +1163,7 @@ fn create_message_nonce(packet_type: u8, counter: u64) -> [u8; AES_GCM_NONCE_SIZ /// Break a packet into fragments and send them all. /// The contents of packet[] are mangled during this operation, so it should be discarded after. fn send_with_fragmentation( - send: &mut SendFunction, + mut send: SendFunction, packet: &mut [u8], mtu: usize, packet_type: u8,