mirror of
https://github.com/zerotier/ZeroTierOne.git
synced 2024-12-30 01:38:53 +00:00
Revert "Use a faster method of fingerprinting identities."
This reverts commit b72e5e8386
.
This commit is contained in:
parent
30d5d5a892
commit
b403f106fb
@ -34,8 +34,8 @@ CertificateOfMembership::CertificateOfMembership(uint64_t timestamp,uint64_t tim
|
|||||||
|
|
||||||
// Include hash of full identity public key in COM for hardening purposes. Pack it in
|
// Include hash of full identity public key in COM for hardening purposes. Pack it in
|
||||||
// using the original COM format. Format may be revised in the future to make this cleaner.
|
// using the original COM format. Format may be revised in the future to make this cleaner.
|
||||||
uint64_t idHash[4];
|
uint64_t idHash[6];
|
||||||
issuedTo.keyFingerprint(idHash);
|
issuedTo.publicKeyHash(idHash);
|
||||||
for(unsigned long i=0;i<4;++i) {
|
for(unsigned long i=0;i<4;++i) {
|
||||||
_qualifiers[i + 3].id = (uint64_t)(i + 3);
|
_qualifiers[i + 3].id = (uint64_t)(i + 3);
|
||||||
_qualifiers[i + 3].value = Utils::ntoh(idHash[i]);
|
_qualifiers[i + 3].value = Utils::ntoh(idHash[i]);
|
||||||
@ -73,7 +73,7 @@ bool CertificateOfMembership::agreesWith(const CertificateOfMembership &other, c
|
|||||||
// Otherwise we are on a controller that does not incorporate these.
|
// Otherwise we are on a controller that does not incorporate these.
|
||||||
if (fullIdentityVerification) {
|
if (fullIdentityVerification) {
|
||||||
uint64_t idHash[6];
|
uint64_t idHash[6];
|
||||||
otherIdentity.keyFingerprint(idHash);
|
otherIdentity.publicKeyHash(idHash);
|
||||||
for(unsigned long i=0;i<4;++i) {
|
for(unsigned long i=0;i<4;++i) {
|
||||||
std::map< uint64_t, uint64_t >::iterator otherQ(otherFields.find((uint64_t)(i + 3)));
|
std::map< uint64_t, uint64_t >::iterator otherQ(otherFields.find((uint64_t)(i + 3)));
|
||||||
if (otherQ == otherFields.end())
|
if (otherQ == otherFields.end())
|
||||||
|
@ -23,7 +23,6 @@
|
|||||||
#include "C25519.hpp"
|
#include "C25519.hpp"
|
||||||
#include "Buffer.hpp"
|
#include "Buffer.hpp"
|
||||||
#include "SHA512.hpp"
|
#include "SHA512.hpp"
|
||||||
#include "AES.hpp"
|
|
||||||
|
|
||||||
#define ZT_IDENTITY_STRING_BUFFER_LENGTH 384
|
#define ZT_IDENTITY_STRING_BUFFER_LENGTH 384
|
||||||
|
|
||||||
@ -110,6 +109,18 @@ public:
|
|||||||
*/
|
*/
|
||||||
inline bool hasPrivate() const { return (_privateKey != (C25519::Private *)0); }
|
inline bool hasPrivate() const { return (_privateKey != (C25519::Private *)0); }
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Compute a SHA384 hash of this identity's address and public key(s).
|
||||||
|
*
|
||||||
|
* @param sha384buf Buffer with 48 bytes of space to receive hash
|
||||||
|
*/
|
||||||
|
inline void publicKeyHash(void *sha384buf) const
|
||||||
|
{
|
||||||
|
uint8_t address[ZT_ADDRESS_LENGTH];
|
||||||
|
_address.copyTo(address, ZT_ADDRESS_LENGTH);
|
||||||
|
SHA384(sha384buf, address, ZT_ADDRESS_LENGTH, _publicKey.data, ZT_C25519_PUBLIC_KEY_LEN);
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Compute the SHA512 hash of our private key (if we have one)
|
* Compute the SHA512 hash of our private key (if we have one)
|
||||||
*
|
*
|
||||||
@ -125,19 +136,6 @@ public:
|
|||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* Get a 256-bit hash of this identity's public key(s)
|
|
||||||
*
|
|
||||||
* @param buf 256-bit (32-byte) buffer
|
|
||||||
*/
|
|
||||||
inline void keyFingerprint(void *buf) const
|
|
||||||
{
|
|
||||||
// This is much faster than SHA384, which matters on heavily loaded controllers.
|
|
||||||
AES c(_publicKey.data);
|
|
||||||
c.encrypt(_publicKey.data + 32, buf);
|
|
||||||
c.encrypt(_publicKey.data + 48, reinterpret_cast<uint8_t *>(buf) + 16);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Sign a message with this identity (private key required)
|
* Sign a message with this identity (private key required)
|
||||||
*
|
*
|
||||||
|
Loading…
Reference in New Issue
Block a user