mirror of
https://github.com/zerotier/ZeroTierOne.git
synced 2024-12-20 21:43:08 +00:00
Revert "Use a faster method of fingerprinting identities."
This reverts commit b72e5e8386
.
This commit is contained in:
parent
30d5d5a892
commit
b403f106fb
@ -34,8 +34,8 @@ CertificateOfMembership::CertificateOfMembership(uint64_t timestamp,uint64_t tim
|
||||
|
||||
// Include hash of full identity public key in COM for hardening purposes. Pack it in
|
||||
// using the original COM format. Format may be revised in the future to make this cleaner.
|
||||
uint64_t idHash[4];
|
||||
issuedTo.keyFingerprint(idHash);
|
||||
uint64_t idHash[6];
|
||||
issuedTo.publicKeyHash(idHash);
|
||||
for(unsigned long i=0;i<4;++i) {
|
||||
_qualifiers[i + 3].id = (uint64_t)(i + 3);
|
||||
_qualifiers[i + 3].value = Utils::ntoh(idHash[i]);
|
||||
@ -73,7 +73,7 @@ bool CertificateOfMembership::agreesWith(const CertificateOfMembership &other, c
|
||||
// Otherwise we are on a controller that does not incorporate these.
|
||||
if (fullIdentityVerification) {
|
||||
uint64_t idHash[6];
|
||||
otherIdentity.keyFingerprint(idHash);
|
||||
otherIdentity.publicKeyHash(idHash);
|
||||
for(unsigned long i=0;i<4;++i) {
|
||||
std::map< uint64_t, uint64_t >::iterator otherQ(otherFields.find((uint64_t)(i + 3)));
|
||||
if (otherQ == otherFields.end())
|
||||
|
@ -23,7 +23,6 @@
|
||||
#include "C25519.hpp"
|
||||
#include "Buffer.hpp"
|
||||
#include "SHA512.hpp"
|
||||
#include "AES.hpp"
|
||||
|
||||
#define ZT_IDENTITY_STRING_BUFFER_LENGTH 384
|
||||
|
||||
@ -110,6 +109,18 @@ public:
|
||||
*/
|
||||
inline bool hasPrivate() const { return (_privateKey != (C25519::Private *)0); }
|
||||
|
||||
/**
|
||||
* Compute a SHA384 hash of this identity's address and public key(s).
|
||||
*
|
||||
* @param sha384buf Buffer with 48 bytes of space to receive hash
|
||||
*/
|
||||
inline void publicKeyHash(void *sha384buf) const
|
||||
{
|
||||
uint8_t address[ZT_ADDRESS_LENGTH];
|
||||
_address.copyTo(address, ZT_ADDRESS_LENGTH);
|
||||
SHA384(sha384buf, address, ZT_ADDRESS_LENGTH, _publicKey.data, ZT_C25519_PUBLIC_KEY_LEN);
|
||||
}
|
||||
|
||||
/**
|
||||
* Compute the SHA512 hash of our private key (if we have one)
|
||||
*
|
||||
@ -125,19 +136,6 @@ public:
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* Get a 256-bit hash of this identity's public key(s)
|
||||
*
|
||||
* @param buf 256-bit (32-byte) buffer
|
||||
*/
|
||||
inline void keyFingerprint(void *buf) const
|
||||
{
|
||||
// This is much faster than SHA384, which matters on heavily loaded controllers.
|
||||
AES c(_publicKey.data);
|
||||
c.encrypt(_publicKey.data + 32, buf);
|
||||
c.encrypt(_publicKey.data + 48, reinterpret_cast<uint8_t *>(buf) + 16);
|
||||
}
|
||||
|
||||
/**
|
||||
* Sign a message with this identity (private key required)
|
||||
*
|
||||
|
Loading…
Reference in New Issue
Block a user