Página Principal Explorar Ajuda
Iniciar Sessão
cpp
/
ZeroTierOne
mirror de https://github.com/zerotier/ZeroTierOne
2
0
Fork 0
Ficheiros Problemas 0 Wiki
Ver Fonte

Revert "Use a faster method of fingerprinting identities."

This reverts commit b72e5e8386b73425f425b64cd81a7c53983d7fcf.
Adam Ierymenko há 3 anos atrás
pai
30d5d5a892
commit
b403f106fb
2 ficheiros alterados com 15 adições e 17 exclusões
Visão Unificada Mostrar Estatísticas Diff
  1. 3 3
      node/CertificateOfMembership.cpp
  2. 12 14
      node/Identity.hpp

+ 3 - 3
node/CertificateOfMembership.cpp
Ver Ficheiro 

@@ -34,8 +34,8 @@ CertificateOfMembership::CertificateOfMembership(uint64_t timestamp,uint64_t tim
 
 
 
 	// Include hash of full identity public key in COM for hardening purposes. Pack it in
 
 	// Include hash of full identity public key in COM for hardening purposes. Pack it in
 
 	// using the original COM format. Format may be revised in the future to make this cleaner.
 
 	// using the original COM format. Format may be revised in the future to make this cleaner.
 
-	uint64_t idHash[4];
 
-	issuedTo.keyFingerprint(idHash);
 
+	uint64_t idHash[6];
 
+	issuedTo.publicKeyHash(idHash);
 
 	for(unsigned long i=0;i<4;++i) {
 
 	for(unsigned long i=0;i<4;++i) {
 
 		_qualifiers[i + 3].id = (uint64_t)(i + 3);
 
 		_qualifiers[i + 3].id = (uint64_t)(i + 3);
 
 		_qualifiers[i + 3].value = Utils::ntoh(idHash[i]);
 
 		_qualifiers[i + 3].value = Utils::ntoh(idHash[i]);
 
@@ -73,7 +73,7 @@ bool CertificateOfMembership::agreesWith(const CertificateOfMembership &other, c
 
 	// Otherwise we are on a controller that does not incorporate these.
 
 	// Otherwise we are on a controller that does not incorporate these.
 
 	if (fullIdentityVerification) {
 
 	if (fullIdentityVerification) {
 
 		uint64_t idHash[6];
 
 		uint64_t idHash[6];
 
-		otherIdentity.keyFingerprint(idHash);
 
+		otherIdentity.publicKeyHash(idHash);
 
 		for(unsigned long i=0;i<4;++i) {
 
 		for(unsigned long i=0;i<4;++i) {
 
 			std::map< uint64_t, uint64_t >::iterator otherQ(otherFields.find((uint64_t)(i + 3)));
 
 			std::map< uint64_t, uint64_t >::iterator otherQ(otherFields.find((uint64_t)(i + 3)));
 
 			if (otherQ == otherFields.end())
 
 			if (otherQ == otherFields.end())

+ 12 - 14
node/Identity.hpp
Ver Ficheiro 

@@ -23,7 +23,6 @@
 
 #include "C25519.hpp"
 
 #include "C25519.hpp"
 
 #include "Buffer.hpp"
 
 #include "Buffer.hpp"
 
 #include "SHA512.hpp"
 
 #include "SHA512.hpp"
 
-#include "AES.hpp"
 
 
 
 #define ZT_IDENTITY_STRING_BUFFER_LENGTH 384
 
 #define ZT_IDENTITY_STRING_BUFFER_LENGTH 384
 
 
 
@@ -110,6 +109,18 @@ public:
 
 	 */
 
 	 */
 
 	inline bool hasPrivate() const { return (_privateKey != (C25519::Private *)0); }
 
 	inline bool hasPrivate() const { return (_privateKey != (C25519::Private *)0); }
 
 
 
+	/**
 
+	 * Compute a SHA384 hash of this identity's address and public key(s).
 
+	 * 
+	 * @param sha384buf Buffer with 48 bytes of space to receive hash
 
+	 */
 
+	inline void publicKeyHash(void *sha384buf) const
 
+	{
 
+		uint8_t address[ZT_ADDRESS_LENGTH];
 
+		_address.copyTo(address, ZT_ADDRESS_LENGTH);
 
+		SHA384(sha384buf, address, ZT_ADDRESS_LENGTH, _publicKey.data, ZT_C25519_PUBLIC_KEY_LEN);
 
+	}
 
+
 
 	/**
 
 	/**
 
 	 * Compute the SHA512 hash of our private key (if we have one)
 
 	 * Compute the SHA512 hash of our private key (if we have one)
 
 	 *
 
 	 *
 
@@ -125,19 +136,6 @@ public:
 
 		return false;
 
 		return false;
 
 	}
 
 	}
 
 
 
-	/**
 
-	 * Get a 256-bit hash of this identity's public key(s)
 
-	 * 
-	 * @param buf 256-bit (32-byte) buffer
 
-	 */
 
-	inline void keyFingerprint(void *buf) const
 
-	{
 
-		// This is much faster than SHA384, which matters on heavily loaded controllers.
 
-		AES c(_publicKey.data);
 
-		c.encrypt(_publicKey.data + 32, buf);
 
-		c.encrypt(_publicKey.data + 48, reinterpret_cast<uint8_t *>(buf) + 16);
 
-	}
 
-
 
 	/**
 
 	/**
 
 	 * Sign a message with this identity (private key required)
 
 	 * Sign a message with this identity (private key required)
 
 	 *
 
 	 *