remove argon2 dependency. Use limited libsodium argon2id function for GNS and NSE

author: Martin Schanzenbach <mschanzenbach@posteo.de> 2020-05-26 11:49:50 +0200
committer: Martin Schanzenbach <mschanzenbach@posteo.de> 2020-05-26 11:49:50 +0200
commit: 755cb5c76a53a8fd04408bcc080b1796e77162f5 (patch)
tree: dade5b7c84f74c76d85e226f7fbd0982494a0046
parent: 870c6d65864ff8265c5e4863529df4a44f99e1b1 (diff)
download: gnunet-755cb5c76a53a8fd04408bcc080b1796e77162f5.tar.gz
gnunet-755cb5c76a53a8fd04408bcc080b1796e77162f5.zip
9 files changed, 21 insertions, 33 deletions
diff --git a/README b/README
index 34f573d4d..d95022de2 100644
--- a/README
+++ b/README
@@ -96,8 +96,6 @@ These are the direct dependencies for running GNUnet:
 - which                             (contrib/apparmor(?), gnunet-bugreport,
                                     and possibly more)
 - zlib
- argon2             >= 20190702    (for proof-of-work calculations in
-                                     revocation)
 - libsodium          >= 1.0.11      (for elliptic curve cryptography)
 These are the dependencies for GNUnet's testsuite:
diff --git a/configure.ac b/configure.ac
index 1c732a152..6dc914c12 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1033,20 +1033,10 @@ AS_IF([test x$nss = xfalse],
 AC_CHECK_LIB([kvm],[kvm_open])
 AC_CHECK_LIB([kstat],[kstat_open])
-argon=0
-# test for argon2 (for POW)
-AC_CHECK_LIB([argon2],[argon2d_hash_raw], argon=1, argon=0)
-AS_IF([test x$argon = x1],
-[
- AC_MSG_RESULT([argon2 found])
-],[
- AC_MSG_ERROR([GNUnet requires argon2.])
-])
 libsodium=0
 # test for libsodium
 AC_CHECK_HEADER([sodium.h],
-                [AC_CHECK_LIB([sodium], [sodium_init],
+                [AC_CHECK_LIB([sodium], [crypto_pwhash_argon2id],
                              [libsodium=1])])
 AS_IF([test x$libsodium = x0],
diff --git a/src/include/gnunet_crypto_lib.h b/src/include/gnunet_crypto_lib.h
index e880bd887..437a1283f 100644
--- a/src/include/gnunet_crypto_lib.h
+++ b/src/include/gnunet_crypto_lib.h
@@ -659,7 +659,7 @@ GNUNET_CRYPTO_hash (const void *block,
 /**
 * Calculate the 'proof-of-work' hash (an expensive hash).
 *
- * @param salt salt to use in pow calculation
+ * @param salt salt for the hash. Must be crypto_pwhash_argon2id_SALTBYTES long.
 * @param buf data to hash
 * @param buf_len number of bytes in @a buf
 * @param result where to write the resulting hash
diff --git a/src/nse/gnunet-service-nse.c b/src/nse/gnunet-service-nse.c
index 461d55a7f..ebf39585e 100644
--- a/src/nse/gnunet-service-nse.c
+++ b/src/nse/gnunet-service-nse.c
@@ -806,7 +806,7 @@ check_proof_of_work (const struct GNUNET_CRYPTO_EddsaPublicKey *pkey,
  GNUNET_memcpy (&buf[sizeof(val)],
                 pkey,
                 sizeof(struct GNUNET_CRYPTO_EddsaPublicKey));
-  GNUNET_CRYPTO_pow_hash ("gnunet-nse-proof-of-work",
+  GNUNET_CRYPTO_pow_hash ("gnunet-nse-proof",
                          buf,
                          sizeof(buf),
                          &result);
@@ -861,7 +861,7 @@ find_proof (void *cls)
  while ((counter != UINT64_MAX) && (i < ROUND_SIZE))
  {
    GNUNET_memcpy (buf, &counter, sizeof(uint64_t));
-    GNUNET_CRYPTO_pow_hash ("gnunet-nse-proof-of-work",
+    GNUNET_CRYPTO_pow_hash ("gnunet-nse-proof",
                            buf,
                            sizeof(buf),
                            &result);
diff --git a/src/nse/perf_kdf.c b/src/nse/perf_kdf.c
index c5975aaf2..89b70903a 100644
--- a/src/nse/perf_kdf.c
+++ b/src/nse/perf_kdf.c
@@ -37,7 +37,7 @@ perfHash ()
  memset (buf, 1, sizeof(buf));
  for (unsigned int i = 0; i < 1024; i++)
-    GNUNET_CRYPTO_pow_hash ("gnunet-proof-of-work",
+    GNUNET_CRYPTO_pow_hash ("gnunet-nse-proof",
                            buf,
                            sizeof(buf),
                            &hc);
diff --git a/src/revocation/revocation_api.c b/src/revocation/revocation_api.c
index 33c67d005..3815e47b0 100644
--- a/src/revocation/revocation_api.c
+++ b/src/revocation/revocation_api.c
@@ -483,7 +483,7 @@ GNUNET_REVOCATION_check_pow (const struct GNUNET_REVOCATION_PowP *pow,
  {
    pow_val = GNUNET_ntohll (pow->pow[i]);
    GNUNET_memcpy (buf, &pow->pow[i], sizeof(uint64_t));
-    GNUNET_CRYPTO_pow_hash ("gnunet-revocation-proof-of-work",
+    GNUNET_CRYPTO_pow_hash ("GnsRevocationPow",
                            buf,
                            sizeof(buf),
                            &result);
@@ -642,7 +642,7 @@ GNUNET_REVOCATION_pow_round (struct GNUNET_REVOCATION_PowCalculationHandle *pc)
  GNUNET_memcpy (&buf[sizeof(uint64_t) * 2],
                 &pc->pow->key,
                 sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey));
-  GNUNET_CRYPTO_pow_hash ("gnunet-revocation-proof-of-work",
+  GNUNET_CRYPTO_pow_hash ("GnsRevocationPow",
                          buf,
                          sizeof(buf),
                          &result);
diff --git a/src/util/Makefile.am b/src/util/Makefile.am
index f3373fc38..83b3b9c3d 100644
--- a/src/util/Makefile.am
+++ b/src/util/Makefile.am
@@ -131,7 +131,6 @@ libgnunetutil_la_LIBADD = \
  $(LIBIDN) $(LIBIDN2) \
  $(Z_LIBS) \
  -lunistring \
-  -largon2 \
  -lsodium \
  $(XLIB) \
  $(PTHREAD)
diff --git a/src/util/crypto_pow.c b/src/util/crypto_pow.c
index 6176afc33..cfa0676d0 100644
--- a/src/util/crypto_pow.c
+++ b/src/util/crypto_pow.c
@@ -25,14 +25,14 @@
 */
 #include "platform.h"
 #include "gnunet_crypto_lib.h"
-#include <argon2.h>
+#include <sodium.h>
 /**
 * Calculate the 'proof-of-work' hash (an expensive hash).
 * We're using a non-standard formula to avoid issues with
 * ASICs appearing (see #3795).
 *
- * @param salt salt for the hash
+ * @param salt salt for the hash. Must be crypto_pwhash_argon2id_SALTBYTES long.
 * @param buf data to hash
 * @param buf_len number of bytes in @a buf
 * @param result where to write the resulting hash
@@ -43,16 +43,17 @@ GNUNET_CRYPTO_pow_hash (const char *salt,
                        size_t buf_len,
                        struct GNUNET_HashCode *result)
 {
-  GNUNET_break (ARGON2_OK ==
+  GNUNET_assert (strlen (salt) == crypto_pwhash_argon2id_SALTBYTES);
-                argon2id_hash_raw (3, /* iterations */
+  /* Threads hardcoded at 1 in libsodium */
-                                   1024,              /* memory (1 MiB) */
+  GNUNET_break (0 ==
-                                   1,              /* threads */
+                crypto_pwhash_argon2id ((unsigned char *) result,
-                                   buf,
+                                        sizeof (struct GNUNET_HashCode),
-                                   buf_len,
+                                        buf,
-                                   salt,
+                                        buf_len,
-                                   strlen (salt),
+                                        (unsigned char*) salt,
-                                   result,
+                                        3, /* iterations */
-                                   sizeof (struct GNUNET_HashCode)));
+                                        1024 * 1024, /* memory (1 MiB) */
+                                        crypto_pwhash_argon2id_ALG_ARGON2ID13));
 }
diff --git a/src/util/gnunet-scrypt.c b/src/util/gnunet-scrypt.c
index 9bb766595..7d13ce469 100644
--- a/src/util/gnunet-scrypt.c
+++ b/src/util/gnunet-scrypt.c
@@ -117,7 +117,7 @@ find_proof (void *cls)
  while ((counter != UINT64_MAX) && (i < ROUND_SIZE))
  {
    GNUNET_memcpy (buf, &counter, sizeof(uint64_t));
-    GNUNET_CRYPTO_pow_hash ("gnunet-nse-proof-of-work",
+    GNUNET_CRYPTO_pow_hash ("gnunet-nse-proof",
                            buf,
                            sizeof(buf),
                            &result);
author	Martin Schanzenbach <mschanzenbach@posteo.de>	2020-05-26 11:49:50 +0200
committer	Martin Schanzenbach <mschanzenbach@posteo.de>	2020-05-26 11:49:50 +0200
commit	755cb5c76a53a8fd04408bcc080b1796e77162f5 (patch)
tree	dade5b7c84f74c76d85e226f7fbd0982494a0046
parent	870c6d65864ff8265c5e4863529df4a44f99e1b1 (diff)
download	gnunet-755cb5c76a53a8fd04408bcc080b1796e77162f5.tar.gz gnunet-755cb5c76a53a8fd04408bcc080b1796e77162f5.zip