mirror
/
devilutionX-ZeroTierOne
mirror of https://github.com/diasurgical/ZeroTierOne.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Revert "Use a faster method of fingerprinting identities." 

This reverts commit b72e5e8386.
pull/2/head
Adam Ierymenko 5 years ago
parent
b72e5e8386
commit
a0239e17e9
No known key found for this signature in database
GPG Key ID: C8877CF2D7A5D7F3
2 changed files with 15 additions and 17 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 6
      node/CertificateOfMembership.cpp
  2. 26
      node/Identity.hpp

6
node/CertificateOfMembership.cpp
Unescape View File

@ -34,8 +34,8 @@ CertificateOfMembership::CertificateOfMembership(uint64_t timestamp,uint64_t tim
// Include hash of full identity public key in COM for hardening purposes. Pack it in
// using the original COM format. Format may be revised in the future to make this cleaner.
uint64_t idHash[4];
issuedTo.keyFingerprint(idHash);
uint64_t idHash[6];
issuedTo.publicKeyHash(idHash);
for(unsigned long i=0;i<4;++i) {
_qualifiers[i + 3].id = (uint64_t)(i + 3);
_qualifiers[i + 3].value = Utils::ntoh(idHash[i]);
@ -73,7 +73,7 @@ bool CertificateOfMembership::agreesWith(const CertificateOfMembership &other, c
// Otherwise we are on a controller that does not incorporate these.
if (fullIdentityVerification) {
uint64_t idHash[6];
otherIdentity.keyFingerprint(idHash);
otherIdentity.publicKeyHash(idHash);
for(unsigned long i=0;i<4;++i) {
std::map< uint64_t, uint64_t >::iterator otherQ(otherFields.find((uint64_t)(i + 3)));
if (otherQ == otherFields.end())

26
node/Identity.hpp
Unescape View File

@ -23,7 +23,6 @@
#include "C25519.hpp"
#include "Buffer.hpp"
#include "SHA512.hpp"
#include "AES.hpp"
#define ZT_IDENTITY_STRING_BUFFER_LENGTH 384
@ -110,6 +109,18 @@ public:
*/
inline bool hasPrivate() const { return (_privateKey != (C25519::Private *)0); }
/**
* Compute a SHA384 hash of this identity's address and public key(s).
*
* @param sha384buf Buffer with 48 bytes of space to receive hash
*/
inline void publicKeyHash(void *sha384buf) const
{
uint8_t address[ZT_ADDRESS_LENGTH];
_address.copyTo(address, ZT_ADDRESS_LENGTH);
SHA384(sha384buf, address, ZT_ADDRESS_LENGTH, _publicKey.data, ZT_C25519_PUBLIC_KEY_LEN);
}
/**
* Compute the SHA512 hash of our private key (if we have one)
*
@ -125,19 +136,6 @@ public:
return false;
}
/**
* Get a 256-bit hash of this identity's public key(s)
*
* @param buf 256-bit (32-byte) buffer
*/
inline void keyFingerprint(void *buf) const
{
// This is much faster than SHA384, which matters on heavily loaded controllers.
AES c(_publicKey.data);
c.encrypt(_publicKey.data + 32, buf);
c.encrypt(_publicKey.data + 48, reinterpret_cast<uint8_t *>(buf) + 16);
}
/**
* Sign a message with this identity (private key required)
*

Write Preview
Loading…
Cancel
Save