int main(int argc, char *argv[]) { argc--, argv++; bool phase = argc > 0 && strcmp(*argv, "1") == 0; bool isJIT = (argc > 1); fprintf(stderr, "phase:%c %s\n", phase ? '1' : '2', isJIT ? "jit" : "asm"); if (phase) { fprintf(stderr, "32bit reg\n"); static const char reg32Tbl[][5] = { "eax", "ecx", "edx", "ebx", "esp", "ebp", "esi", "edi", #ifdef XBYAK64 "r9d", "r10d", "r11d", "r12d", "r13d", "r14d", "r15d", #endif }; genAddress(isJIT, reg32Tbl, NUM_OF_ARRAY(reg32Tbl)); } else { #ifdef XBYAK64 fprintf(stderr, "64bit reg\n"); static const char reg64Tbl[][5] = { "rax", "rcx", "rdx", "rbx", "rsp", "rbp", "rsi", "rdi", "r9", "r10", "r11", "r12", "r13", "r14", "r15", }; genAddress(isJIT, reg64Tbl, NUM_OF_ARRAY(reg64Tbl)); #endif } }
static int genconf() { uint8_t password[32]; randomBase32(password); uint8_t adminPassword[32]; randomBase32(adminPassword); uint16_t port; randombytes((uint8_t*) &port, 2); uint8_t publicKeyBase32[53]; uint8_t address[40]; uint8_t privateKeyHex[65]; genAddress(address, privateKeyHex, publicKeyBase32); printf("{\n" " // Private key:\n" " // This key corresponds to the public key: %s.k\n", publicKeyBase32); printf(" // And the ipv6 address: %s\n", address); printf(" // Your confidentiality and data integrity depend on this key, keep it secret!\n" " //\n" " \"privateKey\": \"%s\",\n", privateKeyHex); printf("\n" " // Anyone connecting and offering these passwords on connection will be allowed.\n" " //\n" " // WARNING: Currently there is no key derivation done on the password field,\n" " // DO NOT USE A PASSWORD HERE use something which is truly random and\n" " // cannot be guessed.\n" " // Including a username in the beginning of the password string is encouraged\n" " // to aid in remembering which users are who.\n" " //\n" " \"authorizedPasswords\":\n" " [\n" " {\n" " // A unique string which is known to the client and server.\n" " \"password\": \"%s\",\n", password); printf("\n" " // the authentication type, currently only 1 is supported.\n" " \"authType\": 1,\n" "\n" " // How much anti-flood trust to give a client\n" " // who connects with this password.\n" " \"trust\": 5000\n" " }\n" "\n" " /* These are your connection credentials\n" " for people connecting to you with your default password.\n" " adding more passwords for different users is advisable\n" " so that leaks can be isolated.\n" "\n" " \"your.external.ip.goes.here:%u\":\n", port); printf(" {\n" " \"password\": \"%s\",\n", password); printf(" \"authType\": 1,\n" " \"publicKey\": \"%s.k\",\n", publicKeyBase32); printf(" \"trust\": 10000\n" " }\n" " */\n" " ],\n" "\n" " // Settings for administering and extracting information from your router.\n" " // This interface provides API functions which can be called through a TCP socket.\n" " \"admin\":\n" " {\n" " // Port to bind the admin RPC server to.\n" " \"bind\": \"127.0.0.1:11234\",\n" "\n" " // Password for admin RPC server.\n" " \"password\": \"%s\"\n", adminPassword); printf(" },\n" "\n" "\n\n" // TODO: Why is this needed and where are these newlines going?!! "\n" " // Interfaces to connect to the switch core.\n" " \"interfaces\":\n" " {\n" " // The interface which connects over UDP/IP based VPN tunnel.\n" " \"UDPInterface\":\n" " {\n" " // Bind to this port.\n" " \"bind\": \"0.0.0.0:%u\",\n", port); printf("\n" " // Nodes to connect to.\n" " \"connectTo\":\n" " {\n" " // Add connection credentials here to join the network\n" " // Ask somebody who is already connected.\n" " }\n" " }\n" " },\n" "\n" " // Configuration for the router.\n" " \"router\":\n" " {\n" " // The interface which is used for connecting to the cjdns network.\n" " \"interface\":\n" " {\n" " // The type of interface (only TUNInterface is supported for now)\n" " \"type\": \"TUNInterface\",\n" "\n" " // The name of the TUN device to use.\n" " // This allows you to create a persistent TUN device with the cjdns user\n" " // authorized to use it so that cjdns does not need to run as root.\n" " // If this is commented out, cjdns will try to allocate a TUN on startup.\n" " // If it can't do that (because it's not root?) then it will run as a\n" " // pure router, unable to send or receive traffic.\n" " \"tunDevice\": \"" DEFAULT_TUN_DEV "\"\n" " }\n" " },\n" "\n" " // Tear down inactive CryptoAuth sessions after this number of seconds\n" " // to make them more forgiving in the event that they become desynchronized.\n" " \"resetAfterInactivitySeconds\": 30,\n" "\n" " // Save the pid of the running process to this file.\n" " // If this file cannot be opened for writing, the router will not start.\n" " //\"pidFile\": \"cjdroute.pid\",\n" "\n" " // Dropping permissions.\n" " \"security\":\n" " [\n" " // Set number of open files to zero, in Linux, this will succeed even if\n" " // files are already open and will not allow any files to be opened for the\n" " // duration of the program's operation.\n" " // Most security exploits require the use of files.\n" " \"nofiles\",\n" "\n" " // Change the user id to this user after starting up and getting resources.\n" " {\"setuser\": \"nobody\"}\n" " ],\n" "\n" " // Version of the config file, used internally for migration.\n" " \"version\": 1\n" "}\n"); return 0; }
static int genconf(struct Random* rand) { uint8_t password[32]; uint8_t password2[32]; uint8_t password3[32]; uint8_t password4[32]; Random_base32(rand, password, 32); Random_base32(rand, password2, 32); Random_base32(rand, password3, 32); Random_base32(rand, password4, 32); uint8_t adminPassword[32]; Random_base32(rand, adminPassword, 32); uint16_t port = 0; while (port <= 1024) { port = Random_uint16(rand); } uint8_t publicKeyBase32[53]; uint8_t address[40]; uint8_t privateKeyHex[65]; genAddress(address, privateKeyHex, publicKeyBase32, rand); printf("{\n"); printf(" // Private key:\n" " // Your confidentiality and data integrity depend on this key, keep it secret!\n" " \"privateKey\": \"%s\",\n\n", privateKeyHex); printf(" // This key corresponds to the public key and ipv6 address:\n" " \"publicKey\": \"%s.k\",\n", publicKeyBase32); printf(" \"ipv6\": \"%s\",\n", address); printf("\n" " // Anyone connecting and offering these passwords on connection will be allowed.\n" " //\n" " // WARNING: Currently there is no key derivation done on the password field,\n" " // DO NOT USE A PASSWORD HERE use something which is truly random and\n" " // cannot be guessed.\n" " // Including a username in the beginning of the password string is encouraged\n" " // to aid in remembering which users are who.\n" " //\n" " \"authorizedPasswords\":\n" " [\n" " // A unique string which is known to the client and server.\n" " {\"password\": \"%s\"}\n", password); printf("\n" " // More passwords should look like this.\n" " // {\"password\": \"%s\"},\n", password2); printf(" // {\"password\": \"%s\"},\n", password3); printf(" // {\"password\": \"%s\"},\n", password4); printf("\n" " // Below is an example of your connection credentials\n" " // that you can give to other people so they can connect\n" " // to you using your default password (from above) \n" " // Adding a unique password for each user is advisable\n" " // so that leaks can be isolated. \n" " //\n" " // \"your.external.ip.goes.here:%u\":{", port); printf("\"password\":\"%s\",", password); printf("\"publicKey\":\"%s.k\"}\n", publicKeyBase32); printf(" ],\n" "\n" " // Settings for administering and extracting information from your router.\n" " // This interface provides functions which can be called through a UDP socket.\n" " // See admin/Readme.md for more information about the API and try:\n" " // ./contrib/python/cexec 'functions'\n" " // For a list of functions which can be called.\n" " // For example: ./contrib/python/cexec 'memory()'\n" " // will call a function which gets the core's current memory consumption.\n" " // ./contrib/python/cjdnslog\n" " // is a tool which uses this admin interface to get logs from cjdns.\n" " \"admin\":\n" " {\n" " // Port to bind the admin RPC server to.\n" " \"bind\": \"127.0.0.1:11234\",\n" "\n" " // Password for admin RPC server.\n" " \"password\": \"%s\"\n", adminPassword); printf(" },\n" "\n" "\n\n" // TODO: Why is this needed and where are these newlines going?!! "\n" " // Interfaces to connect to the switch core.\n" " \"interfaces\":\n" " {\n" " // The interface which connects over UDP/IP based VPN tunnel.\n" " \"UDPInterface\":\n" " [\n" " {\n" " // Bind to this port.\n" " \"bind\": \"0.0.0.0:%u\",\n", port); printf("\n" " // Nodes to connect to.\n" " \"connectTo\":\n" " {\n" " // Add connection credentials here to join the network\n" " // Ask somebody who is already connected.\n" " }\n" " }\n" " ]\n"); #ifdef HAS_ETH_INTERFACE printf("\n" " /*\n" " \"ETHInterface\":\n" " [\n" " {\n" " // Bind to this device (interface name, not MAC etc.)\n" " \"bind\": \"eth0\",\n" "\n" " // Auto-connect to other cjdns nodes on the same network.\n" " // Options:\n" " //\n" " // 0 -- Disabled.\n" " //\n" " // 1 -- Accept beacons, this will cause cjdns to accept incoming\n" " // beacon messages and try connecting to the sender.\n" " //\n" " // 2 -- Accept and send beacons, this will cause cjdns to broadcast\n" " // messages on the local network which contain a randomly\n" " // generated per-session password, other nodes which have this\n" " // set to 1 or 2 will hear the beacon messages and connect\n" " // automatically.\n" " //\n" " \"beacon\": 2,\n" "\n" " // Node(s) to connect to manually.\n" " \"connectTo\":\n" " {\n" " // Credentials for connecting look similar to UDP credientials\n" " // except they begin with the mac address, for example:\n" " // \"01:02:03:04:05:06\":{\"password\":\"a\",\"publicKey\":\"b\"}\n" " }\n" " }\n" " ]\n" " */\n" "\n"); #endif printf(" },\n" "\n" " // Configuration for the router.\n" " \"router\":\n" " {\n" " // The interface which is used for connecting to the cjdns network.\n" " \"interface\":\n" " {\n" " // The type of interface (only TUNInterface is supported for now)\n" " \"type\": \"TUNInterface\"\n" #ifndef __APPLE__ "\n" " // The name of a persistent TUN device to use.\n" " // This for starting cjdroute as its own user.\n" " // *MOST USERS DON'T NEED THIS*\n" " //\"tunDevice\": \"" DEFAULT_TUN_DEV "\"\n" #endif " },\n" "\n" " // System for tunneling IPv4 and ICANN IPv6 through cjdns.\n" " // This is using the cjdns switch layer as a VPN carrier.\n" " \"ipTunnel\":\n" " {\n" " // Nodes allowed to connect to us.\n" " // When a node with the given public key connects, give them the\n" " // ip4 and/or ip6 addresses listed.\n" " \"allowedConnections\":\n" " [\n" " // {\n" " // \"publicKey\": " "\"f64hfl7c4uxt6krmhPutTheRealAddressOfANodeHere7kfm5m0.k\",\n" " // \"ip4Address\": \"192.168.1.24\",\n" " // \"ip6Address\": \"2001:123:ab::10\"\n" " // },\n" "\n" " // It's ok to only specify one address.\n" " // {\n" " // \"publicKey\": " "\"ydq8csdk8p8ThisIsJustAnExampleAddresstxuyqdf27hvn2z0.k\",\n" " // \"ip4Address\": \"192.168.1.24\",\n" " // \"ip6Address\": \"2001:123:ab::10\"\n" " // }\n" " ],\n" "\n" " \"outgoingConnections\":\n" " [\n" " // Connect to one or more machines and ask them for IP addresses.\n" " // \"6743gf5tw80ExampleExampleExampleExamplevlyb23zfnuzv0.k\",\n" " // \"pw9tfmr8pcrExampleExampleExampleExample8rhg1pgwpwf80.k\",\n" " // \"g91lxyxhq0kExampleExampleExampleExample6t0mknuhw75l0.k\"\n" " ]\n" " }\n" " },\n" "\n" " // Tear down inactive CryptoAuth sessions after this number of seconds\n" " // to make them more forgiving in the event that they become desynchronized.\n" " \"resetAfterInactivitySeconds\": 100,\n" "\n" " // Save the pid of the running process to this file.\n" " // If this file cannot be opened for writing, the router will not start.\n" " //\"pidFile\": \"cjdroute.pid\",\n" "\n" " // Dropping permissions.\n" " \"security\":\n" " [\n" " // Set number of open files to zero, in Linux, this will succeed even if\n" " // files are already open and will not allow any files to be opened for the\n" " // duration of the program's operation.\n" " // Most security exploits require the use of files.\n" " \"nofiles\",\n" "\n" " // Change the user id to this user after starting up and getting resources.\n" " {\n" " \"setuser\": \"nobody\",\n" "\n" " // Exempt the Angel process from setting userId, the Angel is a small\n" " // isolated piece of code which exists outside of the core's strict\n" " // sandbox but does not handle network traffic.\n" " // This must be enabled for IpTunnel to automatically set IP addresses\n" " // for the TUN device.\n" " \"exemptAngel\": 1\n" " }\n" " ],\n" "\n" " // Version of the config file, used internally for migration.\n" " \"version\": 1\n" "}\n"); return 0; }
static int genconf(struct Random* rand) { uint8_t password[32]; uint8_t password2[32]; uint8_t password3[32]; uint8_t password4[32]; Random_base32(rand, password, 32); Random_base32(rand, password2, 32); Random_base32(rand, password3, 32); Random_base32(rand, password4, 32); uint8_t adminPassword[32]; Random_base32(rand, adminPassword, 32); uint16_t port = 0; while (port <= 1024) { port = Random_uint16(rand); } uint8_t publicKeyBase32[53]; uint8_t address[40]; uint8_t privateKeyHex[65]; genAddress(address, privateKeyHex, publicKeyBase32, rand); printf("{\n"); printf(" // Private key:\n" " // Your confidentiality and data integrity depend on this key, keep it secret!\n" " \"privateKey\": \"%s\",\n\n", privateKeyHex); printf(" // This key corresponds to the public key and ipv6 address:\n" " \"publicKey\": \"%s.k\",\n", publicKeyBase32); printf(" \"ipv6\": \"%s\",\n", address); printf("\n" " // Anyone connecting and offering these passwords on connection will be allowed.\n" " //\n" " // WARNING: Currently there is no key derivation done on the password field,\n" " // DO NOT USE A PASSWORD HERE use something which is truly random and\n" " // cannot be guessed.\n" " // Including a username in the beginning of the password string is encouraged\n" " // to aid in remembering which users are who.\n" " //\n" " \"authorizedPasswords\":\n" " [\n" " // A unique string which is known to the client and server.\n" " {\"password\": \"%s\"}\n", password); printf("\n" " // More passwords should look like this.\n" " // {\"password\": \"%s\"},\n", password2); printf(" // {\"password\": \"%s\"},\n", password3); printf(" // {\"password\": \"%s\"},\n", password4); printf("\n" " // Below is an example of your connection credentials\n" " // that you can give to other people so they can connect\n" " // to you using your default password (from above)\n" " // Adding a unique password for each user is advisable\n" " // so that leaks can be isolated.\n" " //\n" " // \"your.external.ip.goes.here:%u\":{", port); printf("\"password\":\"%s\",", password); printf("\"publicKey\":\"%s.k\"}\n", publicKeyBase32); printf(" ],\n" "\n" " // Settings for administering and extracting information from your router.\n" " // This interface provides functions which can be called through a UDP socket.\n" " // See admin/Readme.md for more information about the API and try:\n" " // ./contrib/python/cexec 'functions'\n" " // For a list of functions which can be called.\n" " // For example: ./contrib/python/cexec 'memory()'\n" " // will call a function which gets the core's current memory consumption.\n" " // ./contrib/python/cjdnslog\n" " // is a tool which uses this admin interface to get logs from cjdns.\n" " \"admin\":\n" " {\n" " // Port to bind the admin RPC server to.\n" " \"bind\": \"127.0.0.1:11234\",\n" "\n" " // Password for admin RPC server.\n" " \"password\": \"%s\"\n", adminPassword); printf(" },\n" "\n" " // Interfaces to connect to the switch core.\n" " \"interfaces\":\n" " {\n" " // The interface which connects over UDP/IP based VPN tunnel.\n" " \"UDPInterface\":\n" " [\n" " {\n" " // Bind to this port.\n" " \"bind\": \"0.0.0.0:%u\",\n", port); printf("\n" " // Nodes to connect to.\n" " \"connectTo\":\n" " {\n" " // Add connection credentials here to join the network\n" " // Ask somebody who is already connected.\n" " }\n" " }\n" " ]\n"); #ifdef HAS_ETH_INTERFACE printf("\n" " /*\n" " \"ETHInterface\":\n" " [\n" " {\n" " // Bind to this device (interface name, not MAC etc.)\n" " \"bind\": \"eth0\",\n" "\n" " // Auto-connect to other cjdns nodes on the same network.\n" " // Options:\n" " //\n" " // 0 -- Disabled.\n" " //\n" " // 1 -- Accept beacons, this will cause cjdns to accept incoming\n" " // beacon messages and try connecting to the sender.\n" " //\n" " // 2 -- Accept and send beacons, this will cause cjdns to broadcast\n" " // messages on the local network which contain a randomly\n" " // generated per-session password, other nodes which have this\n" " // set to 1 or 2 will hear the beacon messages and connect\n" " // automatically.\n" " //\n" " \"beacon\": 2,\n" "\n" " // Node(s) to connect to manually.\n" " \"connectTo\":\n" " {\n" " // Credentials for connecting look similar to UDP credientials\n" " // except they begin with the mac address, for example:\n" " // \"01:02:03:04:05:06\":{\"password\":\"a\",\"publicKey\":\"b\"}\n" " }\n" " }\n" " ]\n" " */\n" "\n"); #endif printf(" },\n" "\n" " // Configuration for the router.\n" " \"router\":\n" " {\n" " // The interface which is used for connecting to the cjdns network.\n" " \"interface\":\n" " {\n" " // The type of interface (only TUNInterface is supported for now)\n" " \"type\": \"TUNInterface\"\n" #ifndef __APPLE__ "\n" " // The name of a persistent TUN device to use.\n" " // This for starting cjdroute as its own user.\n" " // *MOST USERS DON'T NEED THIS*\n" " //\"tunDevice\": \"" DEFAULT_TUN_DEV "\"\n" #endif " },\n" "\n" " // System for tunneling IPv4 and ICANN IPv6 through cjdns.\n" " // This is using the cjdns switch layer as a VPN carrier.\n" " \"ipTunnel\":\n" " {\n" " // Nodes allowed to connect to us.\n" " // When a node with the given public key connects, give them the\n" " // ip4 and/or ip6 addresses listed.\n" " \"allowedConnections\":\n" " [\n" " // {\n" " // \"publicKey\": " "\"f64hfl7c4uxt6krmhPutTheRealAddressOfANodeHere7kfm5m0.k\",\n" " // \"ip4Address\": \"192.168.1.24\",\n" " // \"ip6Address\": \"2001:123:ab::10\"\n" " // },\n" "\n" " // It's ok to only specify one address.\n" " // {\n" " // \"publicKey\": " "\"ydq8csdk8p8ThisIsJustAnExampleAddresstxuyqdf27hvn2z0.k\",\n" " // \"ip4Address\": \"192.168.1.24\",\n" " // \"ip6Address\": \"2001:123:ab::10\"\n" " // }\n" " ],\n" "\n" " \"outgoingConnections\":\n" " [\n" " // Connect to one or more machines and ask them for IP addresses.\n" " // \"6743gf5tw80ExampleExampleExampleExamplevlyb23zfnuzv0.k\",\n" " // \"pw9tfmr8pcrExampleExampleExampleExample8rhg1pgwpwf80.k\",\n" " // \"g91lxyxhq0kExampleExampleExampleExample6t0mknuhw75l0.k\"\n" " ]\n" " }\n" " },\n" "\n" " // Tear down inactive CryptoAuth sessions after this number of seconds\n" " // to make them more forgiving in the event that they become desynchronized.\n" " \"resetAfterInactivitySeconds\": 100,\n" "\n" " // Dropping permissions.\n" " \"security\":\n" " [\n" " // Change the user id to this user after starting up and getting resources.\n" " // exemptAngel exempts the Angel process from setting userId, the Angel is\n" " // a small isolated piece of code which exists outside of the core's strict\n" " // sandbox but does not handle network traffic.\n" " // This must be enabled for IpTunnel to automatically set IP addresses\n" " // for the TUN device.\n" " { \"setuser\": \"nobody\", \"exemptAngel\": 1 }\n" " ],\n" "\n" " // Logging\n" " \"logging\":\n" " {\n" " // Uncomment to have cjdns log to stdout rather than making logs available\n" " // via the admin socket.\n" " // \"logTo\":\"stdout\"\n" " },\n" "\n" " // If set to non-zero, cjdns will not fork to the background.\n" " // Recommended for use in conjunction with \"logTo\":\"stdout\".\n" " \"noBackground\":0,\n" "\n"); printf(" // DNS, this server will be available at address fc00::1\n" " \"dns\":\n" " {\n" " // Who to trust\n" " \"keys\": [\n" " \"7kuc3jcyql3cm8lx5zdj8vc0tkz8679kyx83utbm1ub5bxpf4mf1.mittens.h\",\n" " \"tvlxu5rbcj76rfdmsw9xd3kjn79fhv6kpvl2hzv98637j4rdj1b1.tom.h\",\n" " \"kkxfwnm3upf0jv35jq4lx0dn0z3m9bh71gv84cdjlcp68w1qckt1.maru.h\",\n" " \"02wmqfu7v0kdq17fwv68hk646bdvhcr8ybk2ycy7ddzv21n5nb60.scruffy.h\"\n" " ],\n" "\n" " // Who to ask, if a request fails the next one will be tried\n" " \"servers\": [\n" " \"[fc71:ec46:57a0:2bbc:537d:b680:3630:93e4]:9001\",\n" " \"[fc8e:9a1c:27c3:281b:29b1:1a04:3701:c125]:9001\",\n" " \"[fcad:0450:4a40:9778:14e2:e442:6678:3161]:9001\",\n" " \"[fc2f:baa8:4a89:2db5:6789:aa75:07e6:4cb2]:9001\"\n" " ],\n" "\n" " // At least this many of \"keys\" must agree or else the request will fail.\n" " \"minSignatures\":2\n" " }\n" "\n" "}\n"); return 0; }