diff options
author | Martin Schanzenbach <mschanzenbach@posteo.de> | 2020-05-26 11:49:50 +0200 |
---|---|---|
committer | Martin Schanzenbach <mschanzenbach@posteo.de> | 2020-05-26 11:49:50 +0200 |
commit | 755cb5c76a53a8fd04408bcc080b1796e77162f5 (patch) | |
tree | dade5b7c84f74c76d85e226f7fbd0982494a0046 | |
parent | 870c6d65864ff8265c5e4863529df4a44f99e1b1 (diff) | |
download | gnunet-755cb5c76a53a8fd04408bcc080b1796e77162f5.tar.gz gnunet-755cb5c76a53a8fd04408bcc080b1796e77162f5.zip |
remove argon2 dependency. Use limited libsodium argon2id function for GNS and NSE
-rw-r--r-- | README | 2 | ||||
-rw-r--r-- | configure.ac | 12 | ||||
-rw-r--r-- | src/include/gnunet_crypto_lib.h | 2 | ||||
-rw-r--r-- | src/nse/gnunet-service-nse.c | 4 | ||||
-rw-r--r-- | src/nse/perf_kdf.c | 2 | ||||
-rw-r--r-- | src/revocation/revocation_api.c | 4 | ||||
-rw-r--r-- | src/util/Makefile.am | 1 | ||||
-rw-r--r-- | src/util/crypto_pow.c | 25 | ||||
-rw-r--r-- | src/util/gnunet-scrypt.c | 2 |
9 files changed, 21 insertions, 33 deletions
@@ -96,8 +96,6 @@ These are the direct dependencies for running GNUnet: | |||
96 | - which (contrib/apparmor(?), gnunet-bugreport, | 96 | - which (contrib/apparmor(?), gnunet-bugreport, |
97 | and possibly more) | 97 | and possibly more) |
98 | - zlib | 98 | - zlib |
99 | - argon2 >= 20190702 (for proof-of-work calculations in | ||
100 | revocation) | ||
101 | - libsodium >= 1.0.11 (for elliptic curve cryptography) | 99 | - libsodium >= 1.0.11 (for elliptic curve cryptography) |
102 | 100 | ||
103 | These are the dependencies for GNUnet's testsuite: | 101 | These are the dependencies for GNUnet's testsuite: |
diff --git a/configure.ac b/configure.ac index 1c732a152..6dc914c12 100644 --- a/configure.ac +++ b/configure.ac | |||
@@ -1033,20 +1033,10 @@ AS_IF([test x$nss = xfalse], | |||
1033 | AC_CHECK_LIB([kvm],[kvm_open]) | 1033 | AC_CHECK_LIB([kvm],[kvm_open]) |
1034 | AC_CHECK_LIB([kstat],[kstat_open]) | 1034 | AC_CHECK_LIB([kstat],[kstat_open]) |
1035 | 1035 | ||
1036 | argon=0 | ||
1037 | # test for argon2 (for POW) | ||
1038 | AC_CHECK_LIB([argon2],[argon2d_hash_raw], argon=1, argon=0) | ||
1039 | AS_IF([test x$argon = x1], | ||
1040 | [ | ||
1041 | AC_MSG_RESULT([argon2 found]) | ||
1042 | ],[ | ||
1043 | AC_MSG_ERROR([GNUnet requires argon2.]) | ||
1044 | ]) | ||
1045 | |||
1046 | libsodium=0 | 1036 | libsodium=0 |
1047 | # test for libsodium | 1037 | # test for libsodium |
1048 | AC_CHECK_HEADER([sodium.h], | 1038 | AC_CHECK_HEADER([sodium.h], |
1049 | [AC_CHECK_LIB([sodium], [sodium_init], | 1039 | [AC_CHECK_LIB([sodium], [crypto_pwhash_argon2id], |
1050 | [libsodium=1])]) | 1040 | [libsodium=1])]) |
1051 | 1041 | ||
1052 | AS_IF([test x$libsodium = x0], | 1042 | AS_IF([test x$libsodium = x0], |
diff --git a/src/include/gnunet_crypto_lib.h b/src/include/gnunet_crypto_lib.h index e880bd887..437a1283f 100644 --- a/src/include/gnunet_crypto_lib.h +++ b/src/include/gnunet_crypto_lib.h | |||
@@ -659,7 +659,7 @@ GNUNET_CRYPTO_hash (const void *block, | |||
659 | /** | 659 | /** |
660 | * Calculate the 'proof-of-work' hash (an expensive hash). | 660 | * Calculate the 'proof-of-work' hash (an expensive hash). |
661 | * | 661 | * |
662 | * @param salt salt to use in pow calculation | 662 | * @param salt salt for the hash. Must be crypto_pwhash_argon2id_SALTBYTES long. |
663 | * @param buf data to hash | 663 | * @param buf data to hash |
664 | * @param buf_len number of bytes in @a buf | 664 | * @param buf_len number of bytes in @a buf |
665 | * @param result where to write the resulting hash | 665 | * @param result where to write the resulting hash |
diff --git a/src/nse/gnunet-service-nse.c b/src/nse/gnunet-service-nse.c index 461d55a7f..ebf39585e 100644 --- a/src/nse/gnunet-service-nse.c +++ b/src/nse/gnunet-service-nse.c | |||
@@ -806,7 +806,7 @@ check_proof_of_work (const struct GNUNET_CRYPTO_EddsaPublicKey *pkey, | |||
806 | GNUNET_memcpy (&buf[sizeof(val)], | 806 | GNUNET_memcpy (&buf[sizeof(val)], |
807 | pkey, | 807 | pkey, |
808 | sizeof(struct GNUNET_CRYPTO_EddsaPublicKey)); | 808 | sizeof(struct GNUNET_CRYPTO_EddsaPublicKey)); |
809 | GNUNET_CRYPTO_pow_hash ("gnunet-nse-proof-of-work", | 809 | GNUNET_CRYPTO_pow_hash ("gnunet-nse-proof", |
810 | buf, | 810 | buf, |
811 | sizeof(buf), | 811 | sizeof(buf), |
812 | &result); | 812 | &result); |
@@ -861,7 +861,7 @@ find_proof (void *cls) | |||
861 | while ((counter != UINT64_MAX) && (i < ROUND_SIZE)) | 861 | while ((counter != UINT64_MAX) && (i < ROUND_SIZE)) |
862 | { | 862 | { |
863 | GNUNET_memcpy (buf, &counter, sizeof(uint64_t)); | 863 | GNUNET_memcpy (buf, &counter, sizeof(uint64_t)); |
864 | GNUNET_CRYPTO_pow_hash ("gnunet-nse-proof-of-work", | 864 | GNUNET_CRYPTO_pow_hash ("gnunet-nse-proof", |
865 | buf, | 865 | buf, |
866 | sizeof(buf), | 866 | sizeof(buf), |
867 | &result); | 867 | &result); |
diff --git a/src/nse/perf_kdf.c b/src/nse/perf_kdf.c index c5975aaf2..89b70903a 100644 --- a/src/nse/perf_kdf.c +++ b/src/nse/perf_kdf.c | |||
@@ -37,7 +37,7 @@ perfHash () | |||
37 | 37 | ||
38 | memset (buf, 1, sizeof(buf)); | 38 | memset (buf, 1, sizeof(buf)); |
39 | for (unsigned int i = 0; i < 1024; i++) | 39 | for (unsigned int i = 0; i < 1024; i++) |
40 | GNUNET_CRYPTO_pow_hash ("gnunet-proof-of-work", | 40 | GNUNET_CRYPTO_pow_hash ("gnunet-nse-proof", |
41 | buf, | 41 | buf, |
42 | sizeof(buf), | 42 | sizeof(buf), |
43 | &hc); | 43 | &hc); |
diff --git a/src/revocation/revocation_api.c b/src/revocation/revocation_api.c index 33c67d005..3815e47b0 100644 --- a/src/revocation/revocation_api.c +++ b/src/revocation/revocation_api.c | |||
@@ -483,7 +483,7 @@ GNUNET_REVOCATION_check_pow (const struct GNUNET_REVOCATION_PowP *pow, | |||
483 | { | 483 | { |
484 | pow_val = GNUNET_ntohll (pow->pow[i]); | 484 | pow_val = GNUNET_ntohll (pow->pow[i]); |
485 | GNUNET_memcpy (buf, &pow->pow[i], sizeof(uint64_t)); | 485 | GNUNET_memcpy (buf, &pow->pow[i], sizeof(uint64_t)); |
486 | GNUNET_CRYPTO_pow_hash ("gnunet-revocation-proof-of-work", | 486 | GNUNET_CRYPTO_pow_hash ("GnsRevocationPow", |
487 | buf, | 487 | buf, |
488 | sizeof(buf), | 488 | sizeof(buf), |
489 | &result); | 489 | &result); |
@@ -642,7 +642,7 @@ GNUNET_REVOCATION_pow_round (struct GNUNET_REVOCATION_PowCalculationHandle *pc) | |||
642 | GNUNET_memcpy (&buf[sizeof(uint64_t) * 2], | 642 | GNUNET_memcpy (&buf[sizeof(uint64_t) * 2], |
643 | &pc->pow->key, | 643 | &pc->pow->key, |
644 | sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)); | 644 | sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)); |
645 | GNUNET_CRYPTO_pow_hash ("gnunet-revocation-proof-of-work", | 645 | GNUNET_CRYPTO_pow_hash ("GnsRevocationPow", |
646 | buf, | 646 | buf, |
647 | sizeof(buf), | 647 | sizeof(buf), |
648 | &result); | 648 | &result); |
diff --git a/src/util/Makefile.am b/src/util/Makefile.am index f3373fc38..83b3b9c3d 100644 --- a/src/util/Makefile.am +++ b/src/util/Makefile.am | |||
@@ -131,7 +131,6 @@ libgnunetutil_la_LIBADD = \ | |||
131 | $(LIBIDN) $(LIBIDN2) \ | 131 | $(LIBIDN) $(LIBIDN2) \ |
132 | $(Z_LIBS) \ | 132 | $(Z_LIBS) \ |
133 | -lunistring \ | 133 | -lunistring \ |
134 | -largon2 \ | ||
135 | -lsodium \ | 134 | -lsodium \ |
136 | $(XLIB) \ | 135 | $(XLIB) \ |
137 | $(PTHREAD) | 136 | $(PTHREAD) |
diff --git a/src/util/crypto_pow.c b/src/util/crypto_pow.c index 6176afc33..cfa0676d0 100644 --- a/src/util/crypto_pow.c +++ b/src/util/crypto_pow.c | |||
@@ -25,14 +25,14 @@ | |||
25 | */ | 25 | */ |
26 | #include "platform.h" | 26 | #include "platform.h" |
27 | #include "gnunet_crypto_lib.h" | 27 | #include "gnunet_crypto_lib.h" |
28 | #include <argon2.h> | 28 | #include <sodium.h> |
29 | 29 | ||
30 | /** | 30 | /** |
31 | * Calculate the 'proof-of-work' hash (an expensive hash). | 31 | * Calculate the 'proof-of-work' hash (an expensive hash). |
32 | * We're using a non-standard formula to avoid issues with | 32 | * We're using a non-standard formula to avoid issues with |
33 | * ASICs appearing (see #3795). | 33 | * ASICs appearing (see #3795). |
34 | * | 34 | * |
35 | * @param salt salt for the hash | 35 | * @param salt salt for the hash. Must be crypto_pwhash_argon2id_SALTBYTES long. |
36 | * @param buf data to hash | 36 | * @param buf data to hash |
37 | * @param buf_len number of bytes in @a buf | 37 | * @param buf_len number of bytes in @a buf |
38 | * @param result where to write the resulting hash | 38 | * @param result where to write the resulting hash |
@@ -43,16 +43,17 @@ GNUNET_CRYPTO_pow_hash (const char *salt, | |||
43 | size_t buf_len, | 43 | size_t buf_len, |
44 | struct GNUNET_HashCode *result) | 44 | struct GNUNET_HashCode *result) |
45 | { | 45 | { |
46 | GNUNET_break (ARGON2_OK == | 46 | GNUNET_assert (strlen (salt) == crypto_pwhash_argon2id_SALTBYTES); |
47 | argon2id_hash_raw (3, /* iterations */ | 47 | /* Threads hardcoded at 1 in libsodium */ |
48 | 1024, /* memory (1 MiB) */ | 48 | GNUNET_break (0 == |
49 | 1, /* threads */ | 49 | crypto_pwhash_argon2id ((unsigned char *) result, |
50 | buf, | 50 | sizeof (struct GNUNET_HashCode), |
51 | buf_len, | 51 | buf, |
52 | salt, | 52 | buf_len, |
53 | strlen (salt), | 53 | (unsigned char*) salt, |
54 | result, | 54 | 3, /* iterations */ |
55 | sizeof (struct GNUNET_HashCode))); | 55 | 1024 * 1024, /* memory (1 MiB) */ |
56 | crypto_pwhash_argon2id_ALG_ARGON2ID13)); | ||
56 | } | 57 | } |
57 | 58 | ||
58 | 59 | ||
diff --git a/src/util/gnunet-scrypt.c b/src/util/gnunet-scrypt.c index 9bb766595..7d13ce469 100644 --- a/src/util/gnunet-scrypt.c +++ b/src/util/gnunet-scrypt.c | |||
@@ -117,7 +117,7 @@ find_proof (void *cls) | |||
117 | while ((counter != UINT64_MAX) && (i < ROUND_SIZE)) | 117 | while ((counter != UINT64_MAX) && (i < ROUND_SIZE)) |
118 | { | 118 | { |
119 | GNUNET_memcpy (buf, &counter, sizeof(uint64_t)); | 119 | GNUNET_memcpy (buf, &counter, sizeof(uint64_t)); |
120 | GNUNET_CRYPTO_pow_hash ("gnunet-nse-proof-of-work", | 120 | GNUNET_CRYPTO_pow_hash ("gnunet-nse-proof", |
121 | buf, | 121 | buf, |
122 | sizeof(buf), | 122 | sizeof(buf), |
123 | &result); | 123 | &result); |