Skip to content

Commit

Permalink
Revert "Use a faster method of fingerprinting identities."
Browse files Browse the repository at this point in the history 
This reverts commit b72e5e8.
  • Loading branch information
@adamierymenko @glimberg
adamierymenko authored and glimberg committed Sep 21, 2021
1 parent 30d5d5a commit b403f10
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 17 deletions.
6 changes: 3 additions & 3 deletions node/CertificateOfMembership.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,8 +34,8 @@ CertificateOfMembership::CertificateOfMembership(uint64_t timestamp,uint64_t tim

// Include hash of full identity public key in COM for hardening purposes. Pack it in
// using the original COM format. Format may be revised in the future to make this cleaner.
uint64_t idHash[4];
issuedTo.keyFingerprint(idHash);
uint64_t idHash[6];
issuedTo.publicKeyHash(idHash);
for(unsigned long i=0;i<4;++i) {
_qualifiers[i + 3].id = (uint64_t)(i + 3);
_qualifiers[i + 3].value = Utils::ntoh(idHash[i]);
Expand Down Expand Up @@ -73,7 +73,7 @@ bool CertificateOfMembership::agreesWith(const CertificateOfMembership &other, c
// Otherwise we are on a controller that does not incorporate these.
if (fullIdentityVerification) {
uint64_t idHash[6];
otherIdentity.keyFingerprint(idHash);
otherIdentity.publicKeyHash(idHash);
for(unsigned long i=0;i<4;++i) {
std::map< uint64_t, uint64_t >::iterator otherQ(otherFields.find((uint64_t)(i + 3)));
if (otherQ == otherFields.end())
Expand Down
26 changes: 12 additions & 14 deletions node/Identity.hpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,6 @@
#include "C25519.hpp"
#include "Buffer.hpp"
#include "SHA512.hpp"
#include "AES.hpp"

#define ZT_IDENTITY_STRING_BUFFER_LENGTH 384

Expand Down Expand Up @@ -110,6 +109,18 @@ class Identity
*/
inline bool hasPrivate() const { return (_privateKey != (C25519::Private *)0); }

/**
* Compute a SHA384 hash of this identity's address and public key(s).
*
* @param sha384buf Buffer with 48 bytes of space to receive hash
*/
inline void publicKeyHash(void *sha384buf) const
{
uint8_t address[ZT_ADDRESS_LENGTH];
_address.copyTo(address, ZT_ADDRESS_LENGTH);
SHA384(sha384buf, address, ZT_ADDRESS_LENGTH, _publicKey.data, ZT_C25519_PUBLIC_KEY_LEN);
}

/**
* Compute the SHA512 hash of our private key (if we have one)
*
Expand All @@ -125,19 +136,6 @@ class Identity
return false;
}

/**
* Get a 256-bit hash of this identity's public key(s)
*
* @param buf 256-bit (32-byte) buffer
*/
inline void keyFingerprint(void *buf) const
{
// This is much faster than SHA384, which matters on heavily loaded controllers.
AES c(_publicKey.data);
c.encrypt(_publicKey.data + 32, buf);
c.encrypt(_publicKey.data + 48, reinterpret_cast<uint8_t *>(buf) + 16);
}

/**
* Sign a message with this identity (private key required)
*
Expand Down

0 comments on commit b403f10

Please sign in to comment.