ExternalVendorCode/ZeroTierOne
1
0
Fork 0
mirror of https://github.com/zerotier/ZeroTierOne.git synced 2024-12-20 21:43:08 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Revert "Use a faster method of fingerprinting identities."

Browse Source 
This reverts commit b72e5e8386.
This commit is contained in:
Adam Ierymenko 2021-09-20 22:05:39 -04:00 committed by Grant Limberg
parent 30d5d5a892
commit b403f106fb
No known key found for this signature in database
GPG Key ID: 2BA62CCABBB4095A
2 changed files with 15 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
node/CertificateOfMembership.cpp
View File

@ -34,8 +34,8 @@ CertificateOfMembership::CertificateOfMembership(uint64_t timestamp,uint64_t tim
// Include hash of full identity public key in COM for hardening purposes. Pack it in // Include hash of full identity public key in COM for hardening purposes. Pack it in
// using the original COM format. Format may be revised in the future to make this cleaner. // using the original COM format. Format may be revised in the future to make this cleaner.
uint64_t idHash[4]; uint64_t idHash[6];
issuedTo.keyFingerprint(idHash); issuedTo.publicKeyHash(idHash);
for(unsigned long i=0;i<4;++i) { for(unsigned long i=0;i<4;++i) {
_qualifiers[i + 3].id = (uint64_t)(i + 3); _qualifiers[i + 3].id = (uint64_t)(i + 3);
_qualifiers[i + 3].value = Utils::ntoh(idHash[i]); _qualifiers[i + 3].value = Utils::ntoh(idHash[i]);
@ -73,7 +73,7 @@ bool CertificateOfMembership::agreesWith(const CertificateOfMembership &other, c
// Otherwise we are on a controller that does not incorporate these. // Otherwise we are on a controller that does not incorporate these.
if (fullIdentityVerification) { if (fullIdentityVerification) {
uint64_t idHash[6]; uint64_t idHash[6];
otherIdentity.keyFingerprint(idHash); otherIdentity.publicKeyHash(idHash);
for(unsigned long i=0;i<4;++i) { for(unsigned long i=0;i<4;++i) {
std::map< uint64_t, uint64_t >::iterator otherQ(otherFields.find((uint64_t)(i + 3))); std::map< uint64_t, uint64_t >::iterator otherQ(otherFields.find((uint64_t)(i + 3)));
if (otherQ == otherFields.end()) if (otherQ == otherFields.end())

26
node/Identity.hpp
View File

@ -23,7 +23,6 @@
#include "C25519.hpp" #include "C25519.hpp"
#include "Buffer.hpp" #include "Buffer.hpp"
#include "SHA512.hpp" #include "SHA512.hpp"
#include "AES.hpp"
#define ZT_IDENTITY_STRING_BUFFER_LENGTH 384 #define ZT_IDENTITY_STRING_BUFFER_LENGTH 384
@ -110,6 +109,18 @@ public:
*/ */
inline bool hasPrivate() const { return (_privateKey != (C25519::Private *)0); } inline bool hasPrivate() const { return (_privateKey != (C25519::Private *)0); }
/**
* Compute a SHA384 hash of this identity's address and public key(s).
*
* @param sha384buf Buffer with 48 bytes of space to receive hash
*/
inline void publicKeyHash(void *sha384buf) const
{
uint8_t address[ZT_ADDRESS_LENGTH];
_address.copyTo(address, ZT_ADDRESS_LENGTH);
SHA384(sha384buf, address, ZT_ADDRESS_LENGTH, _publicKey.data, ZT_C25519_PUBLIC_KEY_LEN);
}
/** /**
* Compute the SHA512 hash of our private key (if we have one) * Compute the SHA512 hash of our private key (if we have one)
* *
@ -125,19 +136,6 @@ public:
return false; return false;
} }
/**
* Get a 256-bit hash of this identity's public key(s)
*
* @param buf 256-bit (32-byte) buffer
*/
inline void keyFingerprint(void *buf) const
{
// This is much faster than SHA384, which matters on heavily loaded controllers.
AES c(_publicKey.data);
c.encrypt(_publicKey.data + 32, buf);
c.encrypt(_publicKey.data + 48, reinterpret_cast<uint8_t *>(buf) + 16);
}
/** /**
* Sign a message with this identity (private key required) * Sign a message with this identity (private key required)
* *