From: Guus Sliepen Date: Thu, 17 Apr 2014 16:37:43 +0000 (+0200) Subject: Stop using OpenSSL for hashes. X-Git-Url: https://git.meshlink.io/?a=commitdiff_plain;h=70b9e071d137c4c9c9edc4e916fcddfed39aea7d;p=meshlink Stop using OpenSSL for hashes. --- diff --git a/src/Makefile.am b/src/Makefile.am index 7e352358..2682c4c1 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -30,6 +30,7 @@ chacha_poly1305_SOURCES = \ sptps_test_SOURCES = \ logger.c logger.h \ + prf.c prf.h \ sptps.c sptps.h \ sptps_test.c \ utils.c utils.h \ @@ -43,6 +44,7 @@ sptps_keypair_SOURCES = \ sptps_speed_SOURCES = \ logger.c logger.h \ + prf.c prf.h \ sptps.c sptps.h \ sptps_speed.c \ utils.c utils.h \ @@ -58,7 +60,6 @@ libmeshlink_la_SOURCES = \ conf.c conf.h \ connection.c connection.h \ crypto.h \ - digest.h \ dropin.c dropin.h \ ecdh.h \ ecdsa.h \ @@ -102,13 +103,11 @@ libmeshlink_la_LIBADD = -lpthread libmeshlink_la_SOURCES += \ openssl/crypto.c \ - openssl/digest.c openssl/digest.h \ ed25519/ecdh.c \ ed25519/ecdsa.c \ ed25519/ecdsagen.c sptps_test_SOURCES += \ openssl/crypto.c \ - openssl/digest.c openssl/digest.h \ ed25519/ecdh.c \ ed25519/ecdsa.c sptps_keypair_SOURCES += \ @@ -116,7 +115,6 @@ sptps_keypair_SOURCES += \ ed25519/ecdsagen.c sptps_speed_SOURCES += \ openssl/crypto.c \ - openssl/digest.c openssl/digest.h \ ed25519/ecdh.c \ ed25519/ecdsa.c \ ed25519/ecdsagen.c diff --git a/src/invitation.c b/src/invitation.c index 6c0b0afb..d027e0d9 100644 --- a/src/invitation.c +++ b/src/invitation.c @@ -265,7 +265,7 @@ int cmd_invite(int argc, char *argv[]) { } } - char hash[25]; + char hash[64]; xasprintf(&filename, "%s" SLASH "invitations", confbase); if(mkdir(filename, 0700) && errno != EEXIST) { @@ -361,10 +361,7 @@ int cmd_invite(int argc, char *argv[]) { // Create a hash of the key. char *fingerprint = ecdsa_get_base64_public_key(key); - digest_t *digest = digest_open_by_name("sha256", 18); - if(!digest) - abort(); - digest_create(digest, fingerprint, strlen(fingerprint), hash); + sha512(fingerprint, strlen(fingerprint), hash); b64encode_urlsafe(hash, hash, 18); // Create a random cookie for this invitation. @@ -373,10 +370,10 @@ int cmd_invite(int argc, char *argv[]) { // Create a filename that doesn't reveal the cookie itself char buf[18 + strlen(fingerprint)]; - char cookiehash[25]; + char cookiehash[64]; memcpy(buf, cookie, 18); memcpy(buf + 18, fingerprint, sizeof buf - 18); - digest_create(digest, buf, sizeof buf, cookiehash); + sha512(buf, sizeof buf, cookiehash); b64encode_urlsafe(cookiehash, cookiehash, 18); b64encode_urlsafe(cookie, cookie, 18); @@ -911,12 +908,9 @@ int cmd_join(int argc, char *argv[]) { // Check if the hash of the key he gave us matches the hash in the URL. char *fingerprint = line + 2; - digest_t *digest = digest_open_by_name("sha256", 18); - if(!digest) - abort(); - char hishash[18]; - if(!digest_create(digest, fingerprint, strlen(fingerprint), hishash)) { - fprintf(stderr, "Could not create digest\n%s\n", line + 2); + char hishash[64]; + if(!sha512(fingerprint, strlen(fingerprint), hishash)) { + fprintf(stderr, "Could not create hash\n%s\n", line + 2); return 1; } if(memcmp(hishash, hash, 18)) { diff --git a/src/protocol_auth.c b/src/protocol_auth.c index 1255ff08..e667baf0 100644 --- a/src/protocol_auth.c +++ b/src/protocol_auth.c @@ -37,6 +37,7 @@ #include "sptps.h" #include "utils.h" #include "xalloc.h" +#include "ed25519/sha512.h" ecdsa_t *invitation_key = NULL; @@ -182,17 +183,14 @@ static bool receive_invitation_sptps(void *handle, uint8_t type, const char *dat return false; // Recover the filename from the cookie and the key - digest_t *digest = digest_open_by_name("sha256", 18); - if(!digest) - abort(); char *fingerprint = ecdsa_get_base64_public_key(invitation_key); + char hash[64]; char hashbuf[18 + strlen(fingerprint)]; char cookie[25]; memcpy(hashbuf, data, 18); memcpy(hashbuf + 18, fingerprint, sizeof hashbuf - 18); - digest_create(digest, hashbuf, sizeof hashbuf, cookie); - b64encode_urlsafe(cookie, cookie, 18); - digest_close(digest); + sha512(hashbuf, sizeof hashbuf, hash); + b64encode_urlsafe(hash, cookie, 18); free(fingerprint); char filename[PATH_MAX], usedname[PATH_MAX];