arian/anubis-mirror
1
0
Fork 0
mirror of https://github.com/TecharoHQ/anubis.git synced 2026-06-10 06:18:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

perf(challenge/proofofwork): stream sha256 into stack buffer in Validate (#1653)

Browse Source 
Signed-off-by: jvoisin <julien.voisin@dustri.org>
Co-authored-by: Jason Cameron <git@jasoncameron.dev>
This commit is contained in:
Julien Voisin
2026-06-03 17:35:28 +02:00
committed by GitHub
parent a08b0f4262
commit ef3ea08b79
2 changed files with 16 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docs/docs/CHANGELOG.md
+1
View File
@@ -41,6 +41,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
- Marginally improve the performances of PoW validation - Marginally improve the performances of PoW validation
- Marginally improve the performances of challenges generation/display - Marginally improve the performances of challenges generation/display
- Significantly improve the performances of the gzip middleware - Significantly improve the performances of the gzip middleware
- Significantly improve the performances of the PoW validation
## v1.25.0: Necron ## v1.25.0: Necron
lib/challenge/proofofwork/proofofwork.go
+15 -5
View File
@@ -1,14 +1,15 @@
package proofofwork package proofofwork
import ( import (
"crypto/sha256"
"crypto/subtle" "crypto/subtle"
"encoding/hex"
"fmt" "fmt"
"log/slog" "log/slog"
"net/http" "net/http"
"strconv" "strconv"
"strings" "strings"
"github.com/TecharoHQ/anubis/internal"
chall "github.com/TecharoHQ/anubis/lib/challenge" chall "github.com/TecharoHQ/anubis/lib/challenge"
"github.com/TecharoHQ/anubis/lib/localization" "github.com/TecharoHQ/anubis/lib/localization"
"github.com/a-h/templ" "github.com/a-h/templ"
@@ -66,11 +67,20 @@ func (i *Impl) Validate(r *http.Request, lg *slog.Logger, in *chall.ValidateInpu
return chall.NewError("validate", "invalid response", fmt.Errorf("%w response", chall.ErrMissingField)) return chall.NewError("validate", "invalid response", fmt.Errorf("%w response", chall.ErrMissingField))
} }
calcString := challenge + nonceStr // Stream the challenge and nonce into a single sha256 hasher to avoid
calculated := internal.SHA256sum(calcString) // the intermediate "challenge + nonceStr" concatenation. Hex-encode
// the digest into a stack buffer so the comparison runs without
// allocating a heap string.
h := sha256.New()
h.Write([]byte(challenge))
h.Write([]byte(nonceStr))
var sumBuf [sha256.Size]byte
sum := h.Sum(sumBuf[:0])
var hexBuf [sha256.Size * 2]byte
hex.Encode(hexBuf[:], sum)
if subtle.ConstantTimeCompare([]byte(response), []byte(calculated)) != 1 { if subtle.ConstantTimeCompare([]byte(response), hexBuf[:]) != 1 {
return chall.NewError("validate", "invalid response", fmt.Errorf("%w: wanted response %s but got %s", chall.ErrFailed, calculated, response)) return chall.NewError("validate", "invalid response", fmt.Errorf("%w: wanted response %s but got %s", chall.ErrFailed, string(hexBuf[:]), response))
} }
// compare the leading zeroes // compare the leading zeroes