derive the age commitment from seed

2023-08-03 19:28:10 +02:00 · 2023-08-03 19:28:10 +02:00 · 2b9faf3d4e
commit 2b9faf3d4e
parent 5422f679b3
2 changed files with 26 additions and 7 deletions
--- a/packages/taler-util/src/taler-crypto.ts
+++ b/packages/taler-util/src/taler-crypto.ts
@ -1280,6 +1280,9 @@ export namespace AgeRestriction {
    };
  }

+  const PublishedAgeRestrictionBaseKey: Edx25519PublicKey = decodeCrock(
+    "CH0VKFDZ2GWRWHQBBGEK9MWV5YDQVJ0RXEE0KYT3NMB69F0R96TG");
+
  export async function restrictionCommitSeeded(
    ageMask: number,
    age: number,
@ -1292,19 +1295,32 @@ export namespace AgeRestriction {
    const pubs: Edx25519PublicKey[] = [];
    const privs: Edx25519PrivateKey[] = [];

-    for (let i = 0; i < numPubs; i++) {
+    for (let i = 0; i < numPrivs; i++) {
      const privSeed = await kdfKw({
        outputLength: 32,
        ikm: seed,
-        info: stringToBytes("age-restriction-commit"),
+        info: stringToBytes("age-commitment"),
        salt: bufferForUint32(i),
      });
+
      const priv = await Edx25519.keyCreateFromSeed(privSeed);
      const pub = await Edx25519.getPublic(priv);
      pubs.push(pub);
-      if (i < numPrivs) {
      privs.push(priv);
    }
+
+    for (let i = numPrivs; i < numPubs; i++) {
+      const deriveSeed = await kdfKw({
+        outputLength: 32,
+        ikm: seed,
+        info: stringToBytes("age-factor"),
+        salt: bufferForUint32(i),
+      });
+      const pub = await Edx25519.publicKeyDerive(
+        PublishedAgeRestrictionBaseKey,
+        deriveSeed,
+      );
+      pubs.push(pub);
    }

    return {
@ -1604,7 +1620,9 @@ export function amountToBuffer(amount: AmountLike): Uint8Array {
  return u8buf;
 }

-export function timestampRoundedToBuffer(ts: TalerProtocolTimestamp): Uint8Array {
+export function timestampRoundedToBuffer(
+  ts: TalerProtocolTimestamp,
+): Uint8Array {
  const b = new ArrayBuffer(8);
  const v = new DataView(b);
  // The buffer we sign over represents the timestamp in microseconds.
--- a/packages/taler-wallet-core/src/crypto/cryptoImplementation.ts
+++ b/packages/taler-wallet-core/src/crypto/cryptoImplementation.ts
@ -726,9 +726,10 @@ export const nativeCryptoR: TalerCryptoInterfaceR = {
      if (denomPub.age_mask) {
        const age = req.restrictAge || AgeRestriction.AGE_UNRESTRICTED;
        logger.info(`creating age-restricted planchet (age ${age})`);
-        maybeAcp = await AgeRestriction.restrictionCommit(
+        maybeAcp = await AgeRestriction.restrictionCommitSeeded(
          denomPub.age_mask,
          age,
+          stringToBytes(req.secretSeed)
        );
        maybeAgeCommitmentHash = AgeRestriction.hashCommitment(
          maybeAcp.commitment,