int main(int argc, char *argv[])
{
argc--, argv++;
bool phase = argc > 0 && strcmp(*argv, "1") == 0;
bool isJIT = (argc > 1);
fprintf(stderr, "phase:%c %s\n", phase ? '1' : '2', isJIT ? "jit" : "asm");
if (phase) {
fprintf(stderr, "32bit reg\n");
static const char reg32Tbl[][5] = {
"eax", "ecx", "edx", "ebx", "esp", "ebp", "esi", "edi",
#ifdef XBYAK64
"r9d", "r10d", "r11d", "r12d", "r13d", "r14d", "r15d",
#endif
};
genAddress(isJIT, reg32Tbl, NUM_OF_ARRAY(reg32Tbl));
} else {
#ifdef XBYAK64
fprintf(stderr, "64bit reg\n");
static const char reg64Tbl[][5] = {
"rax", "rcx", "rdx", "rbx", "rsp", "rbp", "rsi", "rdi", "r9", "r10", "r11", "r12", "r13", "r14", "r15",
};
genAddress(isJIT, reg64Tbl, NUM_OF_ARRAY(reg64Tbl));
#endif
}
}
static int genconf()
{
uint8_t password[32];
randomBase32(password);
uint8_t adminPassword[32];
randomBase32(adminPassword);
uint16_t port;
randombytes((uint8_t*) &port, 2);
uint8_t publicKeyBase32[53];
uint8_t address[40];
uint8_t privateKeyHex[65];
genAddress(address, privateKeyHex, publicKeyBase32);
printf("{\n"
" // Private key:\n"
" // This key corresponds to the public key: %s.k\n", publicKeyBase32);
printf(" // And the ipv6 address: %s\n", address);
printf(" // Your confidentiality and data integrity depend on this key, keep it secret!\n"
" //\n"
" \"privateKey\": \"%s\",\n", privateKeyHex);
printf("\n"
" // Anyone connecting and offering these passwords on connection will be allowed.\n"
" //\n"
" // WARNING: Currently there is no key derivation done on the password field,\n"
" // DO NOT USE A PASSWORD HERE use something which is truly random and\n"
" // cannot be guessed.\n"
" // Including a username in the beginning of the password string is encouraged\n"
" // to aid in remembering which users are who.\n"
" //\n"
" \"authorizedPasswords\":\n"
" [\n"
" {\n"
" // A unique string which is known to the client and server.\n"
" \"password\": \"%s\",\n", password);
printf("\n"
" // the authentication type, currently only 1 is supported.\n"
" \"authType\": 1,\n"
"\n"
" // How much anti-flood trust to give a client\n"
" // who connects with this password.\n"
" \"trust\": 5000\n"
" }\n"
"\n"
" /* These are your connection credentials\n"
" for people connecting to you with your default password.\n"
" adding more passwords for different users is advisable\n"
" so that leaks can be isolated.\n"
"\n"
" \"your.external.ip.goes.here:%u\":\n", port);
printf(" {\n"
" \"password\": \"%s\",\n", password);
printf(" \"authType\": 1,\n"
" \"publicKey\": \"%s.k\",\n", publicKeyBase32);
printf(" \"trust\": 10000\n"
" }\n"
" */\n"
" ],\n"
"\n"
" // Settings for administering and extracting information from your router.\n"
" // This interface provides API functions which can be called through a TCP socket.\n"
" \"admin\":\n"
" {\n"
" // Port to bind the admin RPC server to.\n"
" \"bind\": \"127.0.0.1:11234\",\n"
"\n"
" // Password for admin RPC server.\n"
" \"password\": \"%s\"\n", adminPassword);
printf(" },\n"
"\n"
"\n\n" // TODO: Why is this needed and where are these newlines going?!!
"\n"
" // Interfaces to connect to the switch core.\n"
" \"interfaces\":\n"
" {\n"
" // The interface which connects over UDP/IP based VPN tunnel.\n"
" \"UDPInterface\":\n"
" {\n"
" // Bind to this port.\n"
" \"bind\": \"0.0.0.0:%u\",\n", port);
printf("\n"
" // Nodes to connect to.\n"
" \"connectTo\":\n"
" {\n"
" // Add connection credentials here to join the network\n"
" // Ask somebody who is already connected.\n"
" }\n"
" }\n"
" },\n"
"\n"
" // Configuration for the router.\n"
" \"router\":\n"
" {\n"
" // The interface which is used for connecting to the cjdns network.\n"
" \"interface\":\n"
" {\n"
" // The type of interface (only TUNInterface is supported for now)\n"
" \"type\": \"TUNInterface\",\n"
"\n"
" // The name of the TUN device to use.\n"
" // This allows you to create a persistent TUN device with the cjdns user\n"
" // authorized to use it so that cjdns does not need to run as root.\n"
" // If this is commented out, cjdns will try to allocate a TUN on startup.\n"
" // If it can't do that (because it's not root?) then it will run as a\n"
" // pure router, unable to send or receive traffic.\n"
" \"tunDevice\": \"" DEFAULT_TUN_DEV "\"\n"
" }\n"
" },\n"
"\n"
" // Tear down inactive CryptoAuth sessions after this number of seconds\n"
" // to make them more forgiving in the event that they become desynchronized.\n"
" \"resetAfterInactivitySeconds\": 30,\n"
"\n"
" // Save the pid of the running process to this file.\n"
" // If this file cannot be opened for writing, the router will not start.\n"
" //\"pidFile\": \"cjdroute.pid\",\n"
"\n"
" // Dropping permissions.\n"
" \"security\":\n"
" [\n"
" // Set number of open files to zero, in Linux, this will succeed even if\n"
" // files are already open and will not allow any files to be opened for the\n"
" // duration of the program's operation.\n"
" // Most security exploits require the use of files.\n"
" \"nofiles\",\n"
"\n"
" // Change the user id to this user after starting up and getting resources.\n"
" {\"setuser\": \"nobody\"}\n"
" ],\n"
"\n"
" // Version of the config file, used internally for migration.\n"
" \"version\": 1\n"
"}\n");
return 0;
}
static int genconf(struct Random* rand)
{
uint8_t password[32];
uint8_t password2[32];
uint8_t password3[32];
uint8_t password4[32];
Random_base32(rand, password, 32);
Random_base32(rand, password2, 32);
Random_base32(rand, password3, 32);
Random_base32(rand, password4, 32);
uint8_t adminPassword[32];
Random_base32(rand, adminPassword, 32);
uint16_t port = 0;
while (port <= 1024) {
port = Random_uint16(rand);
}
uint8_t publicKeyBase32[53];
uint8_t address[40];
uint8_t privateKeyHex[65];
genAddress(address, privateKeyHex, publicKeyBase32, rand);
printf("{\n");
printf(" // Private key:\n"
" // Your confidentiality and data integrity depend on this key, keep it secret!\n"
" \"privateKey\": \"%s\",\n\n", privateKeyHex);
printf(" // This key corresponds to the public key and ipv6 address:\n"
" \"publicKey\": \"%s.k\",\n", publicKeyBase32);
printf(" \"ipv6\": \"%s\",\n", address);
printf("\n"
" // Anyone connecting and offering these passwords on connection will be allowed.\n"
" //\n"
" // WARNING: Currently there is no key derivation done on the password field,\n"
" // DO NOT USE A PASSWORD HERE use something which is truly random and\n"
" // cannot be guessed.\n"
" // Including a username in the beginning of the password string is encouraged\n"
" // to aid in remembering which users are who.\n"
" //\n"
" \"authorizedPasswords\":\n"
" [\n"
" // A unique string which is known to the client and server.\n"
" {\"password\": \"%s\"}\n", password);
printf("\n"
" // More passwords should look like this.\n"
" // {\"password\": \"%s\"},\n", password2);
printf(" // {\"password\": \"%s\"},\n", password3);
printf(" // {\"password\": \"%s\"},\n", password4);
printf("\n"
" // Below is an example of your connection credentials\n"
" // that you can give to other people so they can connect\n"
" // to you using your default password (from above) \n"
" // Adding a unique password for each user is advisable\n"
" // so that leaks can be isolated. \n"
" //\n"
" // \"your.external.ip.goes.here:%u\":{", port);
printf("\"password\":\"%s\",", password);
printf("\"publicKey\":\"%s.k\"}\n", publicKeyBase32);
printf(" ],\n"
"\n"
" // Settings for administering and extracting information from your router.\n"
" // This interface provides functions which can be called through a UDP socket.\n"
" // See admin/Readme.md for more information about the API and try:\n"
" // ./contrib/python/cexec 'functions'\n"
" // For a list of functions which can be called.\n"
" // For example: ./contrib/python/cexec 'memory()'\n"
" // will call a function which gets the core's current memory consumption.\n"
" // ./contrib/python/cjdnslog\n"
" // is a tool which uses this admin interface to get logs from cjdns.\n"
" \"admin\":\n"
" {\n"
" // Port to bind the admin RPC server to.\n"
" \"bind\": \"127.0.0.1:11234\",\n"
"\n"
" // Password for admin RPC server.\n"
" \"password\": \"%s\"\n", adminPassword);
printf(" },\n"
"\n"
"\n\n" // TODO: Why is this needed and where are these newlines going?!!
"\n"
" // Interfaces to connect to the switch core.\n"
" \"interfaces\":\n"
" {\n"
" // The interface which connects over UDP/IP based VPN tunnel.\n"
" \"UDPInterface\":\n"
" [\n"
" {\n"
" // Bind to this port.\n"
" \"bind\": \"0.0.0.0:%u\",\n", port);
printf("\n"
" // Nodes to connect to.\n"
" \"connectTo\":\n"
" {\n"
" // Add connection credentials here to join the network\n"
" // Ask somebody who is already connected.\n"
" }\n"
" }\n"
" ]\n");
#ifdef HAS_ETH_INTERFACE
printf("\n"
" /*\n"
" \"ETHInterface\":\n"
" [\n"
" {\n"
" // Bind to this device (interface name, not MAC etc.)\n"
" \"bind\": \"eth0\",\n"
"\n"
" // Auto-connect to other cjdns nodes on the same network.\n"
" // Options:\n"
" //\n"
" // 0 -- Disabled.\n"
" //\n"
" // 1 -- Accept beacons, this will cause cjdns to accept incoming\n"
" // beacon messages and try connecting to the sender.\n"
" //\n"
" // 2 -- Accept and send beacons, this will cause cjdns to broadcast\n"
" // messages on the local network which contain a randomly\n"
" // generated per-session password, other nodes which have this\n"
" // set to 1 or 2 will hear the beacon messages and connect\n"
" // automatically.\n"
" //\n"
" \"beacon\": 2,\n"
"\n"
" // Node(s) to connect to manually.\n"
" \"connectTo\":\n"
" {\n"
" // Credentials for connecting look similar to UDP credientials\n"
" // except they begin with the mac address, for example:\n"
" // \"01:02:03:04:05:06\":{\"password\":\"a\",\"publicKey\":\"b\"}\n"
" }\n"
" }\n"
" ]\n"
" */\n"
"\n");
#endif
printf(" },\n"
"\n"
" // Configuration for the router.\n"
" \"router\":\n"
" {\n"
" // The interface which is used for connecting to the cjdns network.\n"
" \"interface\":\n"
" {\n"
" // The type of interface (only TUNInterface is supported for now)\n"
" \"type\": \"TUNInterface\"\n"
#ifndef __APPLE__
"\n"
" // The name of a persistent TUN device to use.\n"
" // This for starting cjdroute as its own user.\n"
" // *MOST USERS DON'T NEED THIS*\n"
" //\"tunDevice\": \"" DEFAULT_TUN_DEV "\"\n"
#endif
" },\n"
"\n"
" // System for tunneling IPv4 and ICANN IPv6 through cjdns.\n"
" // This is using the cjdns switch layer as a VPN carrier.\n"
" \"ipTunnel\":\n"
" {\n"
" // Nodes allowed to connect to us.\n"
" // When a node with the given public key connects, give them the\n"
" // ip4 and/or ip6 addresses listed.\n"
" \"allowedConnections\":\n"
" [\n"
" // {\n"
" // \"publicKey\": "
"\"f64hfl7c4uxt6krmhPutTheRealAddressOfANodeHere7kfm5m0.k\",\n"
" // \"ip4Address\": \"192.168.1.24\",\n"
" // \"ip6Address\": \"2001:123:ab::10\"\n"
" // },\n"
"\n"
" // It's ok to only specify one address.\n"
" // {\n"
" // \"publicKey\": "
"\"ydq8csdk8p8ThisIsJustAnExampleAddresstxuyqdf27hvn2z0.k\",\n"
" // \"ip4Address\": \"192.168.1.24\",\n"
" // \"ip6Address\": \"2001:123:ab::10\"\n"
" // }\n"
" ],\n"
"\n"
" \"outgoingConnections\":\n"
" [\n"
" // Connect to one or more machines and ask them for IP addresses.\n"
" // \"6743gf5tw80ExampleExampleExampleExamplevlyb23zfnuzv0.k\",\n"
" // \"pw9tfmr8pcrExampleExampleExampleExample8rhg1pgwpwf80.k\",\n"
" // \"g91lxyxhq0kExampleExampleExampleExample6t0mknuhw75l0.k\"\n"
" ]\n"
" }\n"
" },\n"
"\n"
" // Tear down inactive CryptoAuth sessions after this number of seconds\n"
" // to make them more forgiving in the event that they become desynchronized.\n"
" \"resetAfterInactivitySeconds\": 100,\n"
"\n"
" // Save the pid of the running process to this file.\n"
" // If this file cannot be opened for writing, the router will not start.\n"
" //\"pidFile\": \"cjdroute.pid\",\n"
"\n"
" // Dropping permissions.\n"
" \"security\":\n"
" [\n"
" // Set number of open files to zero, in Linux, this will succeed even if\n"
" // files are already open and will not allow any files to be opened for the\n"
" // duration of the program's operation.\n"
" // Most security exploits require the use of files.\n"
" \"nofiles\",\n"
"\n"
" // Change the user id to this user after starting up and getting resources.\n"
" {\n"
" \"setuser\": \"nobody\",\n"
"\n"
" // Exempt the Angel process from setting userId, the Angel is a small\n"
" // isolated piece of code which exists outside of the core's strict\n"
" // sandbox but does not handle network traffic.\n"
" // This must be enabled for IpTunnel to automatically set IP addresses\n"
" // for the TUN device.\n"
" \"exemptAngel\": 1\n"
" }\n"
" ],\n"
"\n"
" // Version of the config file, used internally for migration.\n"
" \"version\": 1\n"
"}\n");
return 0;
}
static int genconf(struct Random* rand)
{
uint8_t password[32];
uint8_t password2[32];
uint8_t password3[32];
uint8_t password4[32];
Random_base32(rand, password, 32);
Random_base32(rand, password2, 32);
Random_base32(rand, password3, 32);
Random_base32(rand, password4, 32);
uint8_t adminPassword[32];
Random_base32(rand, adminPassword, 32);
uint16_t port = 0;
while (port <= 1024) {
port = Random_uint16(rand);
}
uint8_t publicKeyBase32[53];
uint8_t address[40];
uint8_t privateKeyHex[65];
genAddress(address, privateKeyHex, publicKeyBase32, rand);
printf("{\n");
printf(" // Private key:\n"
" // Your confidentiality and data integrity depend on this key, keep it secret!\n"
" \"privateKey\": \"%s\",\n\n", privateKeyHex);
printf(" // This key corresponds to the public key and ipv6 address:\n"
" \"publicKey\": \"%s.k\",\n", publicKeyBase32);
printf(" \"ipv6\": \"%s\",\n", address);
printf("\n"
" // Anyone connecting and offering these passwords on connection will be allowed.\n"
" //\n"
" // WARNING: Currently there is no key derivation done on the password field,\n"
" // DO NOT USE A PASSWORD HERE use something which is truly random and\n"
" // cannot be guessed.\n"
" // Including a username in the beginning of the password string is encouraged\n"
" // to aid in remembering which users are who.\n"
" //\n"
" \"authorizedPasswords\":\n"
" [\n"
" // A unique string which is known to the client and server.\n"
" {\"password\": \"%s\"}\n", password);
printf("\n"
" // More passwords should look like this.\n"
" // {\"password\": \"%s\"},\n", password2);
printf(" // {\"password\": \"%s\"},\n", password3);
printf(" // {\"password\": \"%s\"},\n", password4);
printf("\n"
" // Below is an example of your connection credentials\n"
" // that you can give to other people so they can connect\n"
" // to you using your default password (from above)\n"
" // Adding a unique password for each user is advisable\n"
" // so that leaks can be isolated.\n"
" //\n"
" // \"your.external.ip.goes.here:%u\":{", port);
printf("\"password\":\"%s\",", password);
printf("\"publicKey\":\"%s.k\"}\n", publicKeyBase32);
printf(" ],\n"
"\n"
" // Settings for administering and extracting information from your router.\n"
" // This interface provides functions which can be called through a UDP socket.\n"
" // See admin/Readme.md for more information about the API and try:\n"
" // ./contrib/python/cexec 'functions'\n"
" // For a list of functions which can be called.\n"
" // For example: ./contrib/python/cexec 'memory()'\n"
" // will call a function which gets the core's current memory consumption.\n"
" // ./contrib/python/cjdnslog\n"
" // is a tool which uses this admin interface to get logs from cjdns.\n"
" \"admin\":\n"
" {\n"
" // Port to bind the admin RPC server to.\n"
" \"bind\": \"127.0.0.1:11234\",\n"
"\n"
" // Password for admin RPC server.\n"
" \"password\": \"%s\"\n", adminPassword);
printf(" },\n"
"\n"
" // Interfaces to connect to the switch core.\n"
" \"interfaces\":\n"
" {\n"
" // The interface which connects over UDP/IP based VPN tunnel.\n"
" \"UDPInterface\":\n"
" [\n"
" {\n"
" // Bind to this port.\n"
" \"bind\": \"0.0.0.0:%u\",\n", port);
printf("\n"
" // Nodes to connect to.\n"
" \"connectTo\":\n"
" {\n"
" // Add connection credentials here to join the network\n"
" // Ask somebody who is already connected.\n"
" }\n"
" }\n"
" ]\n");
#ifdef HAS_ETH_INTERFACE
printf("\n"
" /*\n"
" \"ETHInterface\":\n"
" [\n"
" {\n"
" // Bind to this device (interface name, not MAC etc.)\n"
" \"bind\": \"eth0\",\n"
"\n"
" // Auto-connect to other cjdns nodes on the same network.\n"
" // Options:\n"
" //\n"
" // 0 -- Disabled.\n"
" //\n"
" // 1 -- Accept beacons, this will cause cjdns to accept incoming\n"
" // beacon messages and try connecting to the sender.\n"
" //\n"
" // 2 -- Accept and send beacons, this will cause cjdns to broadcast\n"
" // messages on the local network which contain a randomly\n"
" // generated per-session password, other nodes which have this\n"
" // set to 1 or 2 will hear the beacon messages and connect\n"
" // automatically.\n"
" //\n"
" \"beacon\": 2,\n"
"\n"
" // Node(s) to connect to manually.\n"
" \"connectTo\":\n"
" {\n"
" // Credentials for connecting look similar to UDP credientials\n"
" // except they begin with the mac address, for example:\n"
" // \"01:02:03:04:05:06\":{\"password\":\"a\",\"publicKey\":\"b\"}\n"
" }\n"
" }\n"
" ]\n"
" */\n"
"\n");
#endif
printf(" },\n"
"\n"
" // Configuration for the router.\n"
" \"router\":\n"
" {\n"
" // The interface which is used for connecting to the cjdns network.\n"
" \"interface\":\n"
" {\n"
" // The type of interface (only TUNInterface is supported for now)\n"
" \"type\": \"TUNInterface\"\n"
#ifndef __APPLE__
"\n"
" // The name of a persistent TUN device to use.\n"
" // This for starting cjdroute as its own user.\n"
" // *MOST USERS DON'T NEED THIS*\n"
" //\"tunDevice\": \"" DEFAULT_TUN_DEV "\"\n"
#endif
" },\n"
"\n"
" // System for tunneling IPv4 and ICANN IPv6 through cjdns.\n"
" // This is using the cjdns switch layer as a VPN carrier.\n"
" \"ipTunnel\":\n"
" {\n"
" // Nodes allowed to connect to us.\n"
" // When a node with the given public key connects, give them the\n"
" // ip4 and/or ip6 addresses listed.\n"
" \"allowedConnections\":\n"
" [\n"
" // {\n"
" // \"publicKey\": "
"\"f64hfl7c4uxt6krmhPutTheRealAddressOfANodeHere7kfm5m0.k\",\n"
" // \"ip4Address\": \"192.168.1.24\",\n"
" // \"ip6Address\": \"2001:123:ab::10\"\n"
" // },\n"
"\n"
" // It's ok to only specify one address.\n"
" // {\n"
" // \"publicKey\": "
"\"ydq8csdk8p8ThisIsJustAnExampleAddresstxuyqdf27hvn2z0.k\",\n"
" // \"ip4Address\": \"192.168.1.24\",\n"
" // \"ip6Address\": \"2001:123:ab::10\"\n"
" // }\n"
" ],\n"
"\n"
" \"outgoingConnections\":\n"
" [\n"
" // Connect to one or more machines and ask them for IP addresses.\n"
" // \"6743gf5tw80ExampleExampleExampleExamplevlyb23zfnuzv0.k\",\n"
" // \"pw9tfmr8pcrExampleExampleExampleExample8rhg1pgwpwf80.k\",\n"
" // \"g91lxyxhq0kExampleExampleExampleExample6t0mknuhw75l0.k\"\n"
" ]\n"
" }\n"
" },\n"
"\n"
" // Tear down inactive CryptoAuth sessions after this number of seconds\n"
" // to make them more forgiving in the event that they become desynchronized.\n"
" \"resetAfterInactivitySeconds\": 100,\n"
"\n"
" // Dropping permissions.\n"
" \"security\":\n"
" [\n"
" // Change the user id to this user after starting up and getting resources.\n"
" // exemptAngel exempts the Angel process from setting userId, the Angel is\n"
" // a small isolated piece of code which exists outside of the core's strict\n"
" // sandbox but does not handle network traffic.\n"
" // This must be enabled for IpTunnel to automatically set IP addresses\n"
" // for the TUN device.\n"
" { \"setuser\": \"nobody\", \"exemptAngel\": 1 }\n"
" ],\n"
"\n"
" // Logging\n"
" \"logging\":\n"
" {\n"
" // Uncomment to have cjdns log to stdout rather than making logs available\n"
" // via the admin socket.\n"
" // \"logTo\":\"stdout\"\n"
" },\n"
"\n"
" // If set to non-zero, cjdns will not fork to the background.\n"
" // Recommended for use in conjunction with \"logTo\":\"stdout\".\n"
" \"noBackground\":0,\n"
"\n");
printf(" // DNS, this server will be available at address fc00::1\n"
" \"dns\":\n"
" {\n"
" // Who to trust\n"
" \"keys\": [\n"
" \"7kuc3jcyql3cm8lx5zdj8vc0tkz8679kyx83utbm1ub5bxpf4mf1.mittens.h\",\n"
" \"tvlxu5rbcj76rfdmsw9xd3kjn79fhv6kpvl2hzv98637j4rdj1b1.tom.h\",\n"
" \"kkxfwnm3upf0jv35jq4lx0dn0z3m9bh71gv84cdjlcp68w1qckt1.maru.h\",\n"
" \"02wmqfu7v0kdq17fwv68hk646bdvhcr8ybk2ycy7ddzv21n5nb60.scruffy.h\"\n"
" ],\n"
"\n"
" // Who to ask, if a request fails the next one will be tried\n"
" \"servers\": [\n"
" \"[fc71:ec46:57a0:2bbc:537d:b680:3630:93e4]:9001\",\n"
" \"[fc8e:9a1c:27c3:281b:29b1:1a04:3701:c125]:9001\",\n"
" \"[fcad:0450:4a40:9778:14e2:e442:6678:3161]:9001\",\n"
" \"[fc2f:baa8:4a89:2db5:6789:aa75:07e6:4cb2]:9001\"\n"
" ],\n"
"\n"
" // At least this many of \"keys\" must agree or else the request will fail.\n"
" \"minSignatures\":2\n"
" }\n"
"\n"
"}\n");
return 0;
}
