Stop using OpenSSL for hashes.

diff --git a/src/Makefile.am b/src/Makefile.am
index 7e3523585cceb24d0d3ef78eebada45d081a9c7f..2682c4c147e857a6e67a0bc1dd87ff879f42b0a4 100644 (file)
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -30,6 +30,7 @@ chacha_poly1305_SOURCES = \
 
 sptps_test_SOURCES = \
        logger.c logger.h \
+       prf.c prf.h \
        sptps.c sptps.h \
        sptps_test.c \
        utils.c utils.h \
@@ -43,6 +44,7 @@ sptps_keypair_SOURCES = \
 
 sptps_speed_SOURCES = \
        logger.c logger.h \
+       prf.c prf.h \
        sptps.c sptps.h \
        sptps_speed.c \
        utils.c utils.h \
@@ -58,7 +60,6 @@ libmeshlink_la_SOURCES = \
        conf.c conf.h \
        connection.c connection.h \
        crypto.h \
-       digest.h \
        dropin.c dropin.h \
        ecdh.h \
        ecdsa.h \
@@ -102,13 +103,11 @@ libmeshlink_la_LIBADD = -lpthread
 
 libmeshlink_la_SOURCES += \
        openssl/crypto.c \
-       openssl/digest.c openssl/digest.h \
        ed25519/ecdh.c \
        ed25519/ecdsa.c \
        ed25519/ecdsagen.c
 sptps_test_SOURCES += \
        openssl/crypto.c \
-       openssl/digest.c openssl/digest.h \
        ed25519/ecdh.c \
        ed25519/ecdsa.c
 sptps_keypair_SOURCES += \
@@ -116,7 +115,6 @@ sptps_keypair_SOURCES += \
        ed25519/ecdsagen.c
 sptps_speed_SOURCES += \
        openssl/crypto.c \
-       openssl/digest.c openssl/digest.h \
        ed25519/ecdh.c \
        ed25519/ecdsa.c \
        ed25519/ecdsagen.c

diff --git a/src/invitation.c b/src/invitation.c
index 6c0b0afb825f75cd7846c42a2a715aa329eb8f45..d027e0d980f16c2f9a885cf3b1ba813cca98a34f 100644 (file)
--- a/src/invitation.c
+++ b/src/invitation.c
@@ -265,7 +265,7 @@ int cmd_invite(int argc, char *argv[]) {
                }
        }
 
-       char hash[25];
+       char hash[64];
 
        xasprintf(&filename, "%s" SLASH "invitations", confbase);
        if(mkdir(filename, 0700) && errno != EEXIST) {
@@ -361,10 +361,7 @@ int cmd_invite(int argc, char *argv[]) {
 
        // Create a hash of the key.
        char *fingerprint = ecdsa_get_base64_public_key(key);
-       digest_t *digest = digest_open_by_name("sha256", 18);
-       if(!digest)
-               abort();
-       digest_create(digest, fingerprint, strlen(fingerprint), hash);
+       sha512(fingerprint, strlen(fingerprint), hash);
        b64encode_urlsafe(hash, hash, 18);
 
        // Create a random cookie for this invitation.
@@ -373,10 +370,10 @@ int cmd_invite(int argc, char *argv[]) {
 
        // Create a filename that doesn't reveal the cookie itself
        char buf[18 + strlen(fingerprint)];
-       char cookiehash[25];
+       char cookiehash[64];
        memcpy(buf, cookie, 18);
        memcpy(buf + 18, fingerprint, sizeof buf - 18);
-       digest_create(digest, buf, sizeof buf, cookiehash);
+       sha512(buf, sizeof buf, cookiehash);
        b64encode_urlsafe(cookiehash, cookiehash, 18);
 
        b64encode_urlsafe(cookie, cookie, 18);
@@ -911,12 +908,9 @@ int cmd_join(int argc, char *argv[]) {
 
        // Check if the hash of the key he gave us matches the hash in the URL.
        char *fingerprint = line + 2;
-       digest_t *digest = digest_open_by_name("sha256", 18);
-       if(!digest)
-               abort();
-       char hishash[18];
-       if(!digest_create(digest, fingerprint, strlen(fingerprint), hishash)) {
-               fprintf(stderr, "Could not create digest\n%s\n", line + 2);
+       char hishash[64];
+       if(!sha512(fingerprint, strlen(fingerprint), hishash)) {
+               fprintf(stderr, "Could not create hash\n%s\n", line + 2);
                return 1;
        }
        if(memcmp(hishash, hash, 18)) {

diff --git a/src/protocol_auth.c b/src/protocol_auth.c
index 1255ff0862b68ebd286d482fc51d1329ab656d46..e667baf0bc43281888dd21f8a03ebcb0136f45a9 100644 (file)
--- a/src/protocol_auth.c
+++ b/src/protocol_auth.c
@@ -37,6 +37,7 @@
 #include "sptps.h"
 #include "utils.h"
 #include "xalloc.h"
+#include "ed25519/sha512.h"
 
 ecdsa_t *invitation_key = NULL;
 
@@ -182,17 +183,14 @@ static bool receive_invitation_sptps(void *handle, uint8_t type, const char *dat
                return false;
 
        // Recover the filename from the cookie and the key
-       digest_t *digest = digest_open_by_name("sha256", 18);
-       if(!digest)
-               abort();
        char *fingerprint = ecdsa_get_base64_public_key(invitation_key);
+       char hash[64];
        char hashbuf[18 + strlen(fingerprint)];
        char cookie[25];
        memcpy(hashbuf, data, 18);
        memcpy(hashbuf + 18, fingerprint, sizeof hashbuf - 18);
-       digest_create(digest, hashbuf, sizeof hashbuf, cookie);
-       b64encode_urlsafe(cookie, cookie, 18);
-       digest_close(digest);
+       sha512(hashbuf, sizeof hashbuf, hash);
+       b64encode_urlsafe(hash, cookie, 18);
        free(fingerprint);
 
        char filename[PATH_MAX], usedname[PATH_MAX];