From 755cb5c76a53a8fd04408bcc080b1796e77162f5 Mon Sep 17 00:00:00 2001 From: Martin Schanzenbach Date: Tue, 26 May 2020 11:49:50 +0200 Subject: [PATCH] remove argon2 dependency. Use limited libsodium argon2id function for GNS and NSE --- README | 2 -- configure.ac | 12 +----------- src/include/gnunet_crypto_lib.h | 2 +- src/nse/gnunet-service-nse.c | 4 ++-- src/nse/perf_kdf.c | 2 +- src/revocation/revocation_api.c | 4 ++-- src/util/Makefile.am | 1 - src/util/crypto_pow.c | 25 +++++++++++++------------ src/util/gnunet-scrypt.c | 2 +- 9 files changed, 21 insertions(+), 33 deletions(-) diff --git a/README b/README index 34f573d4d..d95022de2 100644 --- a/README +++ b/README @@ -96,8 +96,6 @@ These are the direct dependencies for running GNUnet: - which (contrib/apparmor(?), gnunet-bugreport, and possibly more) - zlib -- argon2 >= 20190702 (for proof-of-work calculations in - revocation) - libsodium >= 1.0.11 (for elliptic curve cryptography) These are the dependencies for GNUnet's testsuite: diff --git a/configure.ac b/configure.ac index 1c732a152..6dc914c12 100644 --- a/configure.ac +++ b/configure.ac @@ -1033,20 +1033,10 @@ AS_IF([test x$nss = xfalse], AC_CHECK_LIB([kvm],[kvm_open]) AC_CHECK_LIB([kstat],[kstat_open]) -argon=0 -# test for argon2 (for POW) -AC_CHECK_LIB([argon2],[argon2d_hash_raw], argon=1, argon=0) -AS_IF([test x$argon = x1], -[ - AC_MSG_RESULT([argon2 found]) -],[ - AC_MSG_ERROR([GNUnet requires argon2.]) -]) - libsodium=0 # test for libsodium AC_CHECK_HEADER([sodium.h], - [AC_CHECK_LIB([sodium], [sodium_init], + [AC_CHECK_LIB([sodium], [crypto_pwhash_argon2id], [libsodium=1])]) AS_IF([test x$libsodium = x0], diff --git a/src/include/gnunet_crypto_lib.h b/src/include/gnunet_crypto_lib.h index e880bd887..437a1283f 100644 --- a/src/include/gnunet_crypto_lib.h +++ b/src/include/gnunet_crypto_lib.h @@ -659,7 +659,7 @@ GNUNET_CRYPTO_hash (const void *block, /** * Calculate the 'proof-of-work' hash (an expensive hash). * - * @param salt salt to use in pow calculation + * @param salt salt for the hash. Must be crypto_pwhash_argon2id_SALTBYTES long. * @param buf data to hash * @param buf_len number of bytes in @a buf * @param result where to write the resulting hash diff --git a/src/nse/gnunet-service-nse.c b/src/nse/gnunet-service-nse.c index 461d55a7f..ebf39585e 100644 --- a/src/nse/gnunet-service-nse.c +++ b/src/nse/gnunet-service-nse.c @@ -806,7 +806,7 @@ check_proof_of_work (const struct GNUNET_CRYPTO_EddsaPublicKey *pkey, GNUNET_memcpy (&buf[sizeof(val)], pkey, sizeof(struct GNUNET_CRYPTO_EddsaPublicKey)); - GNUNET_CRYPTO_pow_hash ("gnunet-nse-proof-of-work", + GNUNET_CRYPTO_pow_hash ("gnunet-nse-proof", buf, sizeof(buf), &result); @@ -861,7 +861,7 @@ find_proof (void *cls) while ((counter != UINT64_MAX) && (i < ROUND_SIZE)) { GNUNET_memcpy (buf, &counter, sizeof(uint64_t)); - GNUNET_CRYPTO_pow_hash ("gnunet-nse-proof-of-work", + GNUNET_CRYPTO_pow_hash ("gnunet-nse-proof", buf, sizeof(buf), &result); diff --git a/src/nse/perf_kdf.c b/src/nse/perf_kdf.c index c5975aaf2..89b70903a 100644 --- a/src/nse/perf_kdf.c +++ b/src/nse/perf_kdf.c @@ -37,7 +37,7 @@ perfHash () memset (buf, 1, sizeof(buf)); for (unsigned int i = 0; i < 1024; i++) - GNUNET_CRYPTO_pow_hash ("gnunet-proof-of-work", + GNUNET_CRYPTO_pow_hash ("gnunet-nse-proof", buf, sizeof(buf), &hc); diff --git a/src/revocation/revocation_api.c b/src/revocation/revocation_api.c index 33c67d005..3815e47b0 100644 --- a/src/revocation/revocation_api.c +++ b/src/revocation/revocation_api.c @@ -483,7 +483,7 @@ GNUNET_REVOCATION_check_pow (const struct GNUNET_REVOCATION_PowP *pow, { pow_val = GNUNET_ntohll (pow->pow[i]); GNUNET_memcpy (buf, &pow->pow[i], sizeof(uint64_t)); - GNUNET_CRYPTO_pow_hash ("gnunet-revocation-proof-of-work", + GNUNET_CRYPTO_pow_hash ("GnsRevocationPow", buf, sizeof(buf), &result); @@ -642,7 +642,7 @@ GNUNET_REVOCATION_pow_round (struct GNUNET_REVOCATION_PowCalculationHandle *pc) GNUNET_memcpy (&buf[sizeof(uint64_t) * 2], &pc->pow->key, sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)); - GNUNET_CRYPTO_pow_hash ("gnunet-revocation-proof-of-work", + GNUNET_CRYPTO_pow_hash ("GnsRevocationPow", buf, sizeof(buf), &result); diff --git a/src/util/Makefile.am b/src/util/Makefile.am index f3373fc38..83b3b9c3d 100644 --- a/src/util/Makefile.am +++ b/src/util/Makefile.am @@ -131,7 +131,6 @@ libgnunetutil_la_LIBADD = \ $(LIBIDN) $(LIBIDN2) \ $(Z_LIBS) \ -lunistring \ - -largon2 \ -lsodium \ $(XLIB) \ $(PTHREAD) diff --git a/src/util/crypto_pow.c b/src/util/crypto_pow.c index 6176afc33..cfa0676d0 100644 --- a/src/util/crypto_pow.c +++ b/src/util/crypto_pow.c @@ -25,14 +25,14 @@ */ #include "platform.h" #include "gnunet_crypto_lib.h" -#include +#include /** * Calculate the 'proof-of-work' hash (an expensive hash). * We're using a non-standard formula to avoid issues with * ASICs appearing (see #3795). * - * @param salt salt for the hash + * @param salt salt for the hash. Must be crypto_pwhash_argon2id_SALTBYTES long. * @param buf data to hash * @param buf_len number of bytes in @a buf * @param result where to write the resulting hash @@ -43,16 +43,17 @@ GNUNET_CRYPTO_pow_hash (const char *salt, size_t buf_len, struct GNUNET_HashCode *result) { - GNUNET_break (ARGON2_OK == - argon2id_hash_raw (3, /* iterations */ - 1024, /* memory (1 MiB) */ - 1, /* threads */ - buf, - buf_len, - salt, - strlen (salt), - result, - sizeof (struct GNUNET_HashCode))); + GNUNET_assert (strlen (salt) == crypto_pwhash_argon2id_SALTBYTES); + /* Threads hardcoded at 1 in libsodium */ + GNUNET_break (0 == + crypto_pwhash_argon2id ((unsigned char *) result, + sizeof (struct GNUNET_HashCode), + buf, + buf_len, + (unsigned char*) salt, + 3, /* iterations */ + 1024 * 1024, /* memory (1 MiB) */ + crypto_pwhash_argon2id_ALG_ARGON2ID13)); } diff --git a/src/util/gnunet-scrypt.c b/src/util/gnunet-scrypt.c index 9bb766595..7d13ce469 100644 --- a/src/util/gnunet-scrypt.c +++ b/src/util/gnunet-scrypt.c @@ -117,7 +117,7 @@ find_proof (void *cls) while ((counter != UINT64_MAX) && (i < ROUND_SIZE)) { GNUNET_memcpy (buf, &counter, sizeof(uint64_t)); - GNUNET_CRYPTO_pow_hash ("gnunet-nse-proof-of-work", + GNUNET_CRYPTO_pow_hash ("gnunet-nse-proof", buf, sizeof(buf), &result); -- 2.25.1