derive the age commitment from seed

This commit is contained in:
Özgür Kesim 2023-08-03 19:28:10 +02:00
parent 5422f679b3
commit 2b9faf3d4e
Signed by: oec
GPG Key ID: 3D76A56D79EDD9D7
2 changed files with 26 additions and 7 deletions

View File

@ -1280,6 +1280,9 @@ export namespace AgeRestriction {
}; };
} }
const PublishedAgeRestrictionBaseKey: Edx25519PublicKey = decodeCrock(
"CH0VKFDZ2GWRWHQBBGEK9MWV5YDQVJ0RXEE0KYT3NMB69F0R96TG");
export async function restrictionCommitSeeded( export async function restrictionCommitSeeded(
ageMask: number, ageMask: number,
age: number, age: number,
@ -1292,19 +1295,32 @@ export namespace AgeRestriction {
const pubs: Edx25519PublicKey[] = []; const pubs: Edx25519PublicKey[] = [];
const privs: Edx25519PrivateKey[] = []; const privs: Edx25519PrivateKey[] = [];
for (let i = 0; i < numPubs; i++) { for (let i = 0; i < numPrivs; i++) {
const privSeed = await kdfKw({ const privSeed = await kdfKw({
outputLength: 32, outputLength: 32,
ikm: seed, ikm: seed,
info: stringToBytes("age-restriction-commit"), info: stringToBytes("age-commitment"),
salt: bufferForUint32(i), salt: bufferForUint32(i),
}); });
const priv = await Edx25519.keyCreateFromSeed(privSeed); const priv = await Edx25519.keyCreateFromSeed(privSeed);
const pub = await Edx25519.getPublic(priv); const pub = await Edx25519.getPublic(priv);
pubs.push(pub); pubs.push(pub);
if (i < numPrivs) { privs.push(priv);
privs.push(priv); }
}
for (let i = numPrivs; i < numPubs; i++) {
const deriveSeed = await kdfKw({
outputLength: 32,
ikm: seed,
info: stringToBytes("age-factor"),
salt: bufferForUint32(i),
});
const pub = await Edx25519.publicKeyDerive(
PublishedAgeRestrictionBaseKey,
deriveSeed,
);
pubs.push(pub);
} }
return { return {
@ -1604,7 +1620,9 @@ export function amountToBuffer(amount: AmountLike): Uint8Array {
return u8buf; return u8buf;
} }
export function timestampRoundedToBuffer(ts: TalerProtocolTimestamp): Uint8Array { export function timestampRoundedToBuffer(
ts: TalerProtocolTimestamp,
): Uint8Array {
const b = new ArrayBuffer(8); const b = new ArrayBuffer(8);
const v = new DataView(b); const v = new DataView(b);
// The buffer we sign over represents the timestamp in microseconds. // The buffer we sign over represents the timestamp in microseconds.

View File

@ -726,9 +726,10 @@ export const nativeCryptoR: TalerCryptoInterfaceR = {
if (denomPub.age_mask) { if (denomPub.age_mask) {
const age = req.restrictAge || AgeRestriction.AGE_UNRESTRICTED; const age = req.restrictAge || AgeRestriction.AGE_UNRESTRICTED;
logger.info(`creating age-restricted planchet (age ${age})`); logger.info(`creating age-restricted planchet (age ${age})`);
maybeAcp = await AgeRestriction.restrictionCommit( maybeAcp = await AgeRestriction.restrictionCommitSeeded(
denomPub.age_mask, denomPub.age_mask,
age, age,
stringToBytes(req.secretSeed)
); );
maybeAgeCommitmentHash = AgeRestriction.hashCommitment( maybeAgeCommitmentHash = AgeRestriction.hashCommitment(
maybeAcp.commitment, maybeAcp.commitment,