taler/exchange
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

age restriction: make seed a HashCode due to endianess and security level concerns

Browse Source
This commit is contained in:
Florian Dold 2022-04-26 23:34:14 +02:00
parent 47e276e11a
commit 17a00ef22d
No known key found for this signature in database
GPG Key ID: D2E4F00F29D02A4B
8 changed files with 18 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
contrib/gana

@ -1 +1 @@
Subproject commit fbd5974fba30cab15ef1b7454a5a609286c71508 Subproject commit 0172bed41a8fdfc4ef2511e311441120a3d2572d

4
src/exchange/taler-exchange-httpd_refreshes_reveal.c
View File

@ -297,8 +297,6 @@ check_commitment (struct RevealContext *rctx,
* the transfer_secret and the old age commitment. */ * the transfer_secret and the old age commitment. */
if (NULL != rctx->old_age_commitment) if (NULL != rctx->old_age_commitment)
{ {
uint64_t seed = (uint64_t) ts.key.bits[0]
| (uint64_t) ts.key.bits[1] << 32;
struct TALER_AgeCommitmentProof acp = { struct TALER_AgeCommitmentProof acp = {
/* we only need the commitment, not the proof, for the call to /* we only need the commitment, not the proof, for the call to
* TALER_age_commitment_derive. */ * TALER_age_commitment_derive. */
@ -310,7 +308,7 @@ check_commitment (struct RevealContext *rctx,
GNUNET_assert (GNUNET_OK == GNUNET_assert (GNUNET_OK ==
TALER_age_commitment_derive ( TALER_age_commitment_derive (
&acp, &acp,
seed, &ts.key,
&nacp)); &nacp));
TALER_age_commitment_hash (&nacp.commitment, &h); TALER_age_commitment_hash (&nacp.commitment, &h);

2
src/include/taler_crypto_lib.h
View File

@ -4819,7 +4819,7 @@ TALER_age_restriction_commit (
enum GNUNET_GenericReturnValue enum GNUNET_GenericReturnValue
TALER_age_commitment_derive ( TALER_age_commitment_derive (
const struct TALER_AgeCommitmentProof *orig, const struct TALER_AgeCommitmentProof *orig,
const uint64_t salt, const struct GNUNET_HashCode *salt,
struct TALER_AgeCommitmentProof *derived); struct TALER_AgeCommitmentProof *derived);

4
src/lib/exchange_api_link.c
View File

@ -148,15 +148,13 @@ parse_link_coin (const struct TALER_EXCHANGE_LinkHandle *lh,
/* Derive the age commitment and calculate the hash */ /* Derive the age commitment and calculate the hash */
if (NULL != lh->age_commitment_proof) if (NULL != lh->age_commitment_proof)
{ {
uint64_t seed = (uint64_t) secret.key.bits[0]
| (uint64_t) secret.key.bits[1] << 32;
lci->age_commitment_proof = GNUNET_new (struct TALER_AgeCommitmentProof); lci->age_commitment_proof = GNUNET_new (struct TALER_AgeCommitmentProof);
lci->h_age_commitment = GNUNET_new (struct TALER_AgeCommitmentHash); lci->h_age_commitment = GNUNET_new (struct TALER_AgeCommitmentHash);
GNUNET_assert (GNUNET_OK == GNUNET_assert (GNUNET_OK ==
TALER_age_commitment_derive ( TALER_age_commitment_derive (
lh->age_commitment_proof, lh->age_commitment_proof,
seed, &secret.key,
lci->age_commitment_proof)); lci->age_commitment_proof));
TALER_age_commitment_hash ( TALER_age_commitment_hash (

7
src/lib/exchange_api_refresh_common.c
View File

@ -185,11 +185,6 @@ TALER_EXCHANGE_get_melt_data_ (
/* Handle age commitment, if present */ /* Handle age commitment, if present */
if (NULL != md->melted_coin.age_commitment_proof) if (NULL != md->melted_coin.age_commitment_proof)
{ {
/* We use the first 8 bytes of the trans_sec to generate a new age
* commitment */
uint64_t age_seed = (uint64_t) trans_sec.key.bits[0]
| (uint64_t) trans_sec.key.bits[1] << 32;
fcd->age_commitment_proof[i] = GNUNET_new (struct fcd->age_commitment_proof[i] = GNUNET_new (struct
TALER_AgeCommitmentProof); TALER_AgeCommitmentProof);
ach = GNUNET_new (struct TALER_AgeCommitmentHash); ach = GNUNET_new (struct TALER_AgeCommitmentHash);
@ -197,7 +192,7 @@ TALER_EXCHANGE_get_melt_data_ (
GNUNET_assert (GNUNET_OK == GNUNET_assert (GNUNET_OK ==
TALER_age_commitment_derive ( TALER_age_commitment_derive (
md->melted_coin.age_commitment_proof, md->melted_coin.age_commitment_proof,
age_seed, &trans_sec.key,
fcd->age_commitment_proof[i])); fcd->age_commitment_proof[i]));
TALER_age_commitment_hash ( TALER_age_commitment_hash (

6
src/util/age_restriction.c
View File

@ -173,7 +173,7 @@ FAIL:
enum GNUNET_GenericReturnValue enum GNUNET_GenericReturnValue
TALER_age_commitment_derive ( TALER_age_commitment_derive (
const struct TALER_AgeCommitmentProof *orig, const struct TALER_AgeCommitmentProof *orig,
const uint64_t salt, const struct GNUNET_HashCode *salt,
struct TALER_AgeCommitmentProof *newacp) struct TALER_AgeCommitmentProof *newacp)
{ {
GNUNET_assert (NULL != newacp); GNUNET_assert (NULL != newacp);
@ -211,8 +211,8 @@ TALER_age_commitment_derive (
{ {
GNUNET_CRYPTO_edx25519_private_key_derive ( GNUNET_CRYPTO_edx25519_private_key_derive (
&orig->proof.keys[i].priv, &orig->proof.keys[i].priv,
&salt, salt,
sizeof(salt), sizeof(*salt),
&newacp->proof.keys[i].priv); &newacp->proof.keys[i].priv);
} }
#else #else

8
src/util/test_age_restriction.c
View File

@ -170,11 +170,13 @@ test_attestation (void)
/* Also derive two more commitments right away */ /* Also derive two more commitments right away */
for (uint8_t i = 0; i<2; i++) for (uint8_t i = 0; i<2; i++)
{ {
uint64_t salt = GNUNET_CRYPTO_random_u64 (GNUNET_CRYPTO_QUALITY_WEAK, struct GNUNET_HashCode salt;
UINT64_MAX); GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK,
&salt,
sizeof (salt));
GNUNET_assert (GNUNET_OK == GNUNET_assert (GNUNET_OK ==
TALER_age_commitment_derive (&acp[i], TALER_age_commitment_derive (&acp[i],
salt, &salt,
&acp[i + 1])); &acp[i + 1]));
} }

6
src/util/tv_age_restriction.c
View File

@ -175,11 +175,15 @@ generate (
/* Also derive two more commitments right away */ /* Also derive two more commitments right away */
for (uint8_t i = 0; i<2; i++) for (uint8_t i = 0; i<2; i++)
{ {
struct GNUNET_HashCode salt;
GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK,
&salt,
sizeof (salt));
uint64_t salt = GNUNET_CRYPTO_random_u64 (GNUNET_CRYPTO_QUALITY_WEAK, uint64_t salt = GNUNET_CRYPTO_random_u64 (GNUNET_CRYPTO_QUALITY_WEAK,
UINT64_MAX / 2); UINT64_MAX / 2);
GNUNET_assert (GNUNET_OK == GNUNET_assert (GNUNET_OK ==
TALER_age_commitment_derive (&acp[i], TALER_age_commitment_derive (&acp[i],
salt, &salt,
&acp[i + 1])); &acp[i + 1]));
} }