ExternalVendorCode/ZeroTierOne
1
0
Fork 0
mirror of https://github.com/zerotier/ZeroTierOne.git synced 2024-12-18 20:47:53 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Revert "Use a faster method of fingerprinting identities."

Browse Source 
This reverts commit b72e5e8386.
This commit is contained in:
Adam Ierymenko 2021-09-20 22:05:39 -04:00 committed by Grant Limberg
parent 30d5d5a892
commit b403f106fb
No known key found for this signature in database
GPG Key ID: 2BA62CCABBB4095A
2 changed files with 15 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
node/CertificateOfMembership.cpp
View File

@ -34,8 +34,8 @@ CertificateOfMembership::CertificateOfMembership(uint64_t timestamp,uint64_t tim
// Include hash of full identity public key in COM for hardening purposes. Pack it in
// using the original COM format. Format may be revised in the future to make this cleaner.
uint64_t idHash[4];
issuedTo.keyFingerprint(idHash);
uint64_t idHash[6];
issuedTo.publicKeyHash(idHash);
for(unsigned long i=0;i<4;++i) {
_qualifiers[i + 3].id = (uint64_t)(i + 3);
_qualifiers[i + 3].value = Utils::ntoh(idHash[i]);
@ -73,7 +73,7 @@ bool CertificateOfMembership::agreesWith(const CertificateOfMembership &other, c
// Otherwise we are on a controller that does not incorporate these.
if (fullIdentityVerification) {
uint64_t idHash[6];
otherIdentity.keyFingerprint(idHash);
otherIdentity.publicKeyHash(idHash);
for(unsigned long i=0;i<4;++i) {
std::map< uint64_t, uint64_t >::iterator otherQ(otherFields.find((uint64_t)(i + 3)));
if (otherQ == otherFields.end())

26
node/Identity.hpp
View File

@ -23,7 +23,6 @@
#include "C25519.hpp"
#include "Buffer.hpp"
#include "SHA512.hpp"
#include "AES.hpp"
#define ZT_IDENTITY_STRING_BUFFER_LENGTH 384
@ -110,6 +109,18 @@ public:
*/
inline bool hasPrivate() const { return (_privateKey != (C25519::Private *)0); }
/**
* Compute a SHA384 hash of this identity's address and public key(s).
*
* @param sha384buf Buffer with 48 bytes of space to receive hash
*/
inline void publicKeyHash(void *sha384buf) const
{
uint8_t address[ZT_ADDRESS_LENGTH];
_address.copyTo(address, ZT_ADDRESS_LENGTH);
SHA384(sha384buf, address, ZT_ADDRESS_LENGTH, _publicKey.data, ZT_C25519_PUBLIC_KEY_LEN);
}
/**
* Compute the SHA512 hash of our private key (if we have one)
*
@ -125,19 +136,6 @@ public:
return false;
}
/**
* Get a 256-bit hash of this identity's public key(s)
*
* @param buf 256-bit (32-byte) buffer
*/
inline void keyFingerprint(void *buf) const
{
// This is much faster than SHA384, which matters on heavily loaded controllers.
AES c(_publicKey.data);
c.encrypt(_publicKey.data + 32, buf);
c.encrypt(_publicKey.data + 48, reinterpret_cast<uint8_t *>(buf) + 16);
}
/**
* Sign a message with this identity (private key required)
*