From 9db4026c9adf6a8acb31b5df52ef3ea96ac350db Mon Sep 17 00:00:00 2001
From: Jono Wenger <jono@elixxir.io>
Date: Tue, 4 May 2021 13:45:55 -0700
Subject: [PATCH] Replace usages of MD5 with blake2b

---
 storage/partition/store.go                  | 12 +++++++++--
 storage/reception/store.go                  |  7 +++----
 storage/utility/cmixMessageBuffer.go        | 12 ++++++++---
 storage/utility/e2eMessageBuffer.go         | 18 +++++++++--------
 storage/utility/messageBuffer_test.go       | 22 +++++++++++++++------
 storage/utility/meteredCmixMessageBuffer.go | 11 ++++++++---
 6 files changed, 56 insertions(+), 26 deletions(-)

diff --git a/storage/partition/store.go b/storage/partition/store.go
index de6016938..52f7f330f 100644
--- a/storage/partition/store.go
+++ b/storage/partition/store.go
@@ -8,11 +8,11 @@
 package partition
 
 import (
-	"crypto/md5"
 	"encoding/binary"
 	"gitlab.com/elixxir/client/interfaces/message"
 	"gitlab.com/elixxir/client/storage/versioned"
 	"gitlab.com/xx_network/primitives/id"
+	"golang.org/x/crypto/blake2b"
 	"sync"
 	"time"
 )
@@ -69,7 +69,15 @@ func (s *Store) load(partner *id.ID, messageID uint64) *multiPartMessage {
 }
 
 func getMultiPartID(partner *id.ID, messageID uint64) multiPartID {
+	h, _ := blake2b.New256(nil)
+
+	h.Write(partner.Bytes())
 	b := make([]byte, 8)
 	binary.BigEndian.PutUint64(b, messageID)
-	return md5.Sum(append(partner[:], b...))
+	h.Write(b)
+
+	var mpID multiPartID
+	copy(mpID[:], h.Sum(nil))
+
+	return mpID
 }
diff --git a/storage/reception/store.go b/storage/reception/store.go
index bd78f0b76..08498aa5c 100644
--- a/storage/reception/store.go
+++ b/storage/reception/store.go
@@ -2,7 +2,6 @@ package reception
 
 import (
 	"bytes"
-	"crypto/md5"
 	"encoding/json"
 	"github.com/pkg/errors"
 	jww "github.com/spf13/jwalterweatherman"
@@ -11,6 +10,7 @@ import (
 	"gitlab.com/xx_network/primitives/id"
 	"gitlab.com/xx_network/primitives/id/ephemeral"
 	"gitlab.com/xx_network/primitives/netTime"
+	"golang.org/x/crypto/blake2b"
 	"io"
 	"strconv"
 	"sync"
@@ -46,12 +46,11 @@ type storedReference struct {
 type idHash [16]byte
 
 func makeIdHash(ephID ephemeral.Id, source *id.ID) idHash {
-	h := md5.New()
+	h, _ := blake2b.New256(nil)
 	h.Write(ephID[:])
 	h.Write(source.Bytes())
-	idHashBytes := h.Sum(nil)
 	idH := idHash{}
-	copy(idH[:], idHashBytes)
+	copy(idH[:], h.Sum(nil))
 	return idH
 }
 
diff --git a/storage/utility/cmixMessageBuffer.go b/storage/utility/cmixMessageBuffer.go
index 6091c65bc..8c6765893 100644
--- a/storage/utility/cmixMessageBuffer.go
+++ b/storage/utility/cmixMessageBuffer.go
@@ -8,7 +8,6 @@
 package utility
 
 import (
-	"crypto/md5"
 	"encoding/json"
 	"github.com/pkg/errors"
 	jww "github.com/spf13/jwalterweatherman"
@@ -16,6 +15,7 @@ import (
 	"gitlab.com/elixxir/primitives/format"
 	"gitlab.com/xx_network/primitives/id"
 	"gitlab.com/xx_network/primitives/netTime"
+	"golang.org/x/crypto/blake2b"
 )
 
 const currentCmixMessageVersion = 0
@@ -80,8 +80,14 @@ func (cmh *cmixMessageHandler) DeleteMessage(kv *versioned.KV, key string) error
 
 // HashMessage generates a hash of the message.
 func (cmh *cmixMessageHandler) HashMessage(m interface{}) MessageHash {
-	sm := m.(storedMessage)
-	return md5.Sum(sm.Marshal())
+	h, _ := blake2b.New256(nil)
+
+	h.Write(m.(storedMessage).Marshal())
+
+	var messageHash MessageHash
+	copy(messageHash[:], h.Sum(nil))
+
+	return messageHash
 }
 
 // CmixMessageBuffer wraps the message buffer to store and load raw cmix
diff --git a/storage/utility/e2eMessageBuffer.go b/storage/utility/e2eMessageBuffer.go
index b8de8f65d..259c6407a 100644
--- a/storage/utility/e2eMessageBuffer.go
+++ b/storage/utility/e2eMessageBuffer.go
@@ -8,7 +8,6 @@
 package utility
 
 import (
-	"crypto/md5"
 	"encoding/binary"
 	"encoding/json"
 	jww "github.com/spf13/jwalterweatherman"
@@ -17,6 +16,7 @@ import (
 	"gitlab.com/elixxir/client/storage/versioned"
 	"gitlab.com/xx_network/primitives/id"
 	"gitlab.com/xx_network/primitives/netTime"
+	"golang.org/x/crypto/blake2b"
 )
 
 const currentE2EMessageVersion = 0
@@ -80,17 +80,19 @@ func (emh *e2eMessageHandler) DeleteMessage(kv *versioned.KV, key string) error
 // Do not include the params in the hash so it is not needed to resubmit the
 // message into succeeded or failed
 func (emh *e2eMessageHandler) HashMessage(m interface{}) MessageHash {
-	msg := m.(e2eMessage)
-
-	var digest []byte
-	digest = append(digest, msg.Recipient...)
-	digest = append(digest, msg.Payload...)
+	h, _ := blake2b.New256(nil)
 
+	msg := m.(e2eMessage)
+	h.Write(msg.Recipient)
+	h.Write(msg.Payload)
 	mtBytes := make([]byte, 4)
 	binary.BigEndian.PutUint32(mtBytes, msg.MessageType)
-	digest = append(digest, mtBytes...)
+	h.Write(mtBytes)
+
+	var messageHash MessageHash
+	copy(messageHash[:], h.Sum(nil))
 
-	return md5.Sum(digest)
+	return messageHash
 }
 
 // E2eMessageBuffer wraps the message buffer to store and load raw e2eMessages.
diff --git a/storage/utility/messageBuffer_test.go b/storage/utility/messageBuffer_test.go
index fc4de8be8..5e30960f9 100644
--- a/storage/utility/messageBuffer_test.go
+++ b/storage/utility/messageBuffer_test.go
@@ -9,11 +9,11 @@ package utility
 
 import (
 	"bytes"
-	"crypto/md5"
 	"encoding/json"
 	"gitlab.com/elixxir/client/storage/versioned"
 	"gitlab.com/elixxir/ekv"
 	"gitlab.com/xx_network/primitives/netTime"
+	"golang.org/x/crypto/blake2b"
 	"math/rand"
 	"os"
 	"reflect"
@@ -48,10 +48,14 @@ func (th *testHandler) DeleteMessage(kv *versioned.KV, key string) error {
 }
 
 func (th *testHandler) HashMessage(m interface{}) MessageHash {
-	mBytes := m.([]byte)
-	// Sum returns a array that is the exact same size as the MessageHash and Go
-	// apparently automatically casts it
-	return md5.Sum(mBytes)
+	h, _ := blake2b.New256(nil)
+
+	h.Write(m.([]byte))
+
+	var messageHash MessageHash
+	copy(messageHash[:], h.Sum(nil))
+
+	return messageHash
 }
 
 func newTestHandler() *testHandler {
@@ -343,7 +347,13 @@ func makeTestMessages(n int) ([][]byte, map[MessageHash]struct{}) {
 	for i := range msgs {
 		msgs[i] = make([]byte, 256)
 		prng.Read(msgs[i])
-		mh[md5.Sum(msgs[i])] = struct{}{}
+
+		h, _ := blake2b.New256(nil)
+		h.Write(msgs[i])
+		var messageHash MessageHash
+		copy(messageHash[:], h.Sum(nil))
+
+		mh[messageHash] = struct{}{}
 	}
 
 	return msgs, mh
diff --git a/storage/utility/meteredCmixMessageBuffer.go b/storage/utility/meteredCmixMessageBuffer.go
index 719faa388..dd5ade5a3 100644
--- a/storage/utility/meteredCmixMessageBuffer.go
+++ b/storage/utility/meteredCmixMessageBuffer.go
@@ -8,13 +8,13 @@
 package utility
 
 import (
-	"crypto/md5"
 	"encoding/json"
 	"github.com/pkg/errors"
 	jww "github.com/spf13/jwalterweatherman"
 	"gitlab.com/elixxir/client/storage/versioned"
 	"gitlab.com/elixxir/primitives/format"
 	"gitlab.com/xx_network/primitives/netTime"
+	"golang.org/x/crypto/blake2b"
 	"time"
 )
 
@@ -77,9 +77,14 @@ func (*meteredCmixMessageHandler) DeleteMessage(kv *versioned.KV, key string) er
 
 // HashMessage generates a hash of the message.
 func (*meteredCmixMessageHandler) HashMessage(m interface{}) MessageHash {
-	msg := m.(meteredCmixMessage)
+	h, _ := blake2b.New256(nil)
+
+	h.Write(m.(meteredCmixMessage).M)
+
+	var messageHash MessageHash
+	copy(messageHash[:], h.Sum(nil))
 
-	return md5.Sum(msg.M)
+	return messageHash
 }
 
 // CmixMessageBuffer wraps the message buffer to store and load raw cmix
-- 
GitLab