summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMartin Schanzenbach <mschanzenbach@posteo.de>2020-05-26 11:49:50 +0200
committerMartin Schanzenbach <mschanzenbach@posteo.de>2020-05-26 11:49:50 +0200
commit755cb5c76a53a8fd04408bcc080b1796e77162f5 (patch)
treedade5b7c84f74c76d85e226f7fbd0982494a0046
parent870c6d65864ff8265c5e4863529df4a44f99e1b1 (diff)
remove argon2 dependency. Use limited libsodium argon2id function for GNS and NSE
-rw-r--r--README2
-rw-r--r--configure.ac12
-rw-r--r--src/include/gnunet_crypto_lib.h2
-rw-r--r--src/nse/gnunet-service-nse.c4
-rw-r--r--src/nse/perf_kdf.c2
-rw-r--r--src/revocation/revocation_api.c4
-rw-r--r--src/util/Makefile.am1
-rw-r--r--src/util/crypto_pow.c25
-rw-r--r--src/util/gnunet-scrypt.c2
9 files changed, 21 insertions, 33 deletions
diff --git a/README b/README
index 34f573d4d..d95022de2 100644
--- a/README
+++ b/README
@@ -96,8 +96,6 @@ These are the direct dependencies for running GNUnet:
- which (contrib/apparmor(?), gnunet-bugreport,
and possibly more)
- zlib
-- argon2 >= 20190702 (for proof-of-work calculations in
- revocation)
- libsodium >= 1.0.11 (for elliptic curve cryptography)
These are the dependencies for GNUnet's testsuite:
diff --git a/configure.ac b/configure.ac
index 1c732a152..6dc914c12 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1033,20 +1033,10 @@ AS_IF([test x$nss = xfalse],
AC_CHECK_LIB([kvm],[kvm_open])
AC_CHECK_LIB([kstat],[kstat_open])
-argon=0
-# test for argon2 (for POW)
-AC_CHECK_LIB([argon2],[argon2d_hash_raw], argon=1, argon=0)
-AS_IF([test x$argon = x1],
-[
- AC_MSG_RESULT([argon2 found])
-],[
- AC_MSG_ERROR([GNUnet requires argon2.])
-])
-
libsodium=0
# test for libsodium
AC_CHECK_HEADER([sodium.h],
- [AC_CHECK_LIB([sodium], [sodium_init],
+ [AC_CHECK_LIB([sodium], [crypto_pwhash_argon2id],
[libsodium=1])])
AS_IF([test x$libsodium = x0],
diff --git a/src/include/gnunet_crypto_lib.h b/src/include/gnunet_crypto_lib.h
index e880bd887..437a1283f 100644
--- a/src/include/gnunet_crypto_lib.h
+++ b/src/include/gnunet_crypto_lib.h
@@ -659,7 +659,7 @@ GNUNET_CRYPTO_hash (const void *block,
/**
* Calculate the 'proof-of-work' hash (an expensive hash).
*
- * @param salt salt to use in pow calculation
+ * @param salt salt for the hash. Must be crypto_pwhash_argon2id_SALTBYTES long.
* @param buf data to hash
* @param buf_len number of bytes in @a buf
* @param result where to write the resulting hash
diff --git a/src/nse/gnunet-service-nse.c b/src/nse/gnunet-service-nse.c
index 461d55a7f..ebf39585e 100644
--- a/src/nse/gnunet-service-nse.c
+++ b/src/nse/gnunet-service-nse.c
@@ -806,7 +806,7 @@ check_proof_of_work (const struct GNUNET_CRYPTO_EddsaPublicKey *pkey,
GNUNET_memcpy (&buf[sizeof(val)],
pkey,
sizeof(struct GNUNET_CRYPTO_EddsaPublicKey));
- GNUNET_CRYPTO_pow_hash ("gnunet-nse-proof-of-work",
+ GNUNET_CRYPTO_pow_hash ("gnunet-nse-proof",
buf,
sizeof(buf),
&result);
@@ -861,7 +861,7 @@ find_proof (void *cls)
while ((counter != UINT64_MAX) && (i < ROUND_SIZE))
{
GNUNET_memcpy (buf, &counter, sizeof(uint64_t));
- GNUNET_CRYPTO_pow_hash ("gnunet-nse-proof-of-work",
+ GNUNET_CRYPTO_pow_hash ("gnunet-nse-proof",
buf,
sizeof(buf),
&result);
diff --git a/src/nse/perf_kdf.c b/src/nse/perf_kdf.c
index c5975aaf2..89b70903a 100644
--- a/src/nse/perf_kdf.c
+++ b/src/nse/perf_kdf.c
@@ -37,7 +37,7 @@ perfHash ()
memset (buf, 1, sizeof(buf));
for (unsigned int i = 0; i < 1024; i++)
- GNUNET_CRYPTO_pow_hash ("gnunet-proof-of-work",
+ GNUNET_CRYPTO_pow_hash ("gnunet-nse-proof",
buf,
sizeof(buf),
&hc);
diff --git a/src/revocation/revocation_api.c b/src/revocation/revocation_api.c
index 33c67d005..3815e47b0 100644
--- a/src/revocation/revocation_api.c
+++ b/src/revocation/revocation_api.c
@@ -483,7 +483,7 @@ GNUNET_REVOCATION_check_pow (const struct GNUNET_REVOCATION_PowP *pow,
{
pow_val = GNUNET_ntohll (pow->pow[i]);
GNUNET_memcpy (buf, &pow->pow[i], sizeof(uint64_t));
- GNUNET_CRYPTO_pow_hash ("gnunet-revocation-proof-of-work",
+ GNUNET_CRYPTO_pow_hash ("GnsRevocationPow",
buf,
sizeof(buf),
&result);
@@ -642,7 +642,7 @@ GNUNET_REVOCATION_pow_round (struct GNUNET_REVOCATION_PowCalculationHandle *pc)
GNUNET_memcpy (&buf[sizeof(uint64_t) * 2],
&pc->pow->key,
sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey));
- GNUNET_CRYPTO_pow_hash ("gnunet-revocation-proof-of-work",
+ GNUNET_CRYPTO_pow_hash ("GnsRevocationPow",
buf,
sizeof(buf),
&result);
diff --git a/src/util/Makefile.am b/src/util/Makefile.am
index f3373fc38..83b3b9c3d 100644
--- a/src/util/Makefile.am
+++ b/src/util/Makefile.am
@@ -131,7 +131,6 @@ libgnunetutil_la_LIBADD = \
$(LIBIDN) $(LIBIDN2) \
$(Z_LIBS) \
-lunistring \
- -largon2 \
-lsodium \
$(XLIB) \
$(PTHREAD)
diff --git a/src/util/crypto_pow.c b/src/util/crypto_pow.c
index 6176afc33..cfa0676d0 100644
--- a/src/util/crypto_pow.c
+++ b/src/util/crypto_pow.c
@@ -25,14 +25,14 @@
*/
#include "platform.h"
#include "gnunet_crypto_lib.h"
-#include <argon2.h>
+#include <sodium.h>
/**
* Calculate the 'proof-of-work' hash (an expensive hash).
* We're using a non-standard formula to avoid issues with
* ASICs appearing (see #3795).
*
- * @param salt salt for the hash
+ * @param salt salt for the hash. Must be crypto_pwhash_argon2id_SALTBYTES long.
* @param buf data to hash
* @param buf_len number of bytes in @a buf
* @param result where to write the resulting hash
@@ -43,16 +43,17 @@ GNUNET_CRYPTO_pow_hash (const char *salt,
size_t buf_len,
struct GNUNET_HashCode *result)
{
- GNUNET_break (ARGON2_OK ==
- argon2id_hash_raw (3, /* iterations */
- 1024, /* memory (1 MiB) */
- 1, /* threads */
- buf,
- buf_len,
- salt,
- strlen (salt),
- result,
- sizeof (struct GNUNET_HashCode)));
+ GNUNET_assert (strlen (salt) == crypto_pwhash_argon2id_SALTBYTES);
+ /* Threads hardcoded at 1 in libsodium */
+ GNUNET_break (0 ==
+ crypto_pwhash_argon2id ((unsigned char *) result,
+ sizeof (struct GNUNET_HashCode),
+ buf,
+ buf_len,
+ (unsigned char*) salt,
+ 3, /* iterations */
+ 1024 * 1024, /* memory (1 MiB) */
+ crypto_pwhash_argon2id_ALG_ARGON2ID13));
}
diff --git a/src/util/gnunet-scrypt.c b/src/util/gnunet-scrypt.c
index 9bb766595..7d13ce469 100644
--- a/src/util/gnunet-scrypt.c
+++ b/src/util/gnunet-scrypt.c
@@ -117,7 +117,7 @@ find_proof (void *cls)
while ((counter != UINT64_MAX) && (i < ROUND_SIZE))
{
GNUNET_memcpy (buf, &counter, sizeof(uint64_t));
- GNUNET_CRYPTO_pow_hash ("gnunet-nse-proof-of-work",
+ GNUNET_CRYPTO_pow_hash ("gnunet-nse-proof",
buf,
sizeof(buf),
&result);