From b403f106fb8e078766643ba8f0d2719b3880a954 Mon Sep 17 00:00:00 2001
From: Adam Ierymenko <adam.ierymenko@zerotier.com>
Date: Mon, 20 Sep 2021 22:05:39 -0400
Subject: [PATCH] Revert "Use a faster method of fingerprinting identities."

This reverts commit b72e5e8386b73425f425b64cd81a7c53983d7fcf.
---
 node/CertificateOfMembership.cpp |  6 +++---
 node/Identity.hpp                | 26 ++++++++++++--------------
 2 files changed, 15 insertions(+), 17 deletions(-)

diff --git a/node/CertificateOfMembership.cpp b/node/CertificateOfMembership.cpp
index 63a8efeca..dbda9939f 100644
--- a/node/CertificateOfMembership.cpp
+++ b/node/CertificateOfMembership.cpp
@@ -34,8 +34,8 @@ CertificateOfMembership::CertificateOfMembership(uint64_t timestamp,uint64_t tim
 
 	// Include hash of full identity public key in COM for hardening purposes. Pack it in
 	// using the original COM format. Format may be revised in the future to make this cleaner.
-	uint64_t idHash[4];
-	issuedTo.keyFingerprint(idHash);
+	uint64_t idHash[6];
+	issuedTo.publicKeyHash(idHash);
 	for(unsigned long i=0;i<4;++i) {
 		_qualifiers[i + 3].id = (uint64_t)(i + 3);
 		_qualifiers[i + 3].value = Utils::ntoh(idHash[i]);
@@ -73,7 +73,7 @@ bool CertificateOfMembership::agreesWith(const CertificateOfMembership &other, c
 	// Otherwise we are on a controller that does not incorporate these.
 	if (fullIdentityVerification) {
 		uint64_t idHash[6];
-		otherIdentity.keyFingerprint(idHash);
+		otherIdentity.publicKeyHash(idHash);
 		for(unsigned long i=0;i<4;++i) {
 			std::map< uint64_t, uint64_t >::iterator otherQ(otherFields.find((uint64_t)(i + 3)));
 			if (otherQ == otherFields.end())
diff --git a/node/Identity.hpp b/node/Identity.hpp
index ae31e3963..cc8de5126 100644
--- a/node/Identity.hpp
+++ b/node/Identity.hpp
@@ -23,7 +23,6 @@
 #include "C25519.hpp"
 #include "Buffer.hpp"
 #include "SHA512.hpp"
-#include "AES.hpp"
 
 #define ZT_IDENTITY_STRING_BUFFER_LENGTH 384
 
@@ -110,6 +109,18 @@ public:
 	 */
 	inline bool hasPrivate() const { return (_privateKey != (C25519::Private *)0); }
 
+	/**
+	 * Compute a SHA384 hash of this identity's address and public key(s).
+	 * 
+	 * @param sha384buf Buffer with 48 bytes of space to receive hash
+	 */
+	inline void publicKeyHash(void *sha384buf) const
+	{
+		uint8_t address[ZT_ADDRESS_LENGTH];
+		_address.copyTo(address, ZT_ADDRESS_LENGTH);
+		SHA384(sha384buf, address, ZT_ADDRESS_LENGTH, _publicKey.data, ZT_C25519_PUBLIC_KEY_LEN);
+	}
+
 	/**
 	 * Compute the SHA512 hash of our private key (if we have one)
 	 *
@@ -125,19 +136,6 @@ public:
 		return false;
 	}
 
-	/**
-	 * Get a 256-bit hash of this identity's public key(s)
-	 * 
-	 * @param buf 256-bit (32-byte) buffer
-	 */
-	inline void keyFingerprint(void *buf) const
-	{
-		// This is much faster than SHA384, which matters on heavily loaded controllers.
-		AES c(_publicKey.data);
-		c.encrypt(_publicKey.data + 32, buf);
-		c.encrypt(_publicKey.data + 48, reinterpret_cast<uint8_t *>(buf) + 16);
-	}
-
 	/**
 	 * Sign a message with this identity (private key required)
 	 *