age restriction: make seed a HashCode due to endianess and security level concerns

author: Florian Dold <florian@dold.me> 2022-04-26 23:34:14 +0200
committer: Florian Dold <florian@dold.me> 2022-04-26 23:34:14 +0200
commit: 17a00ef22dadd10c97fea188c75a8aaeb1e64442 (patch)
tree: 838efd9d5c6ba577f4735b9da57a9d38489b007b /src/util
parent: 47e276e11a5d1d92bbfc3c8c2e940902af3003dd (diff)
download: exchange-17a00ef22dadd10c97fea188c75a8aaeb1e64442.tar.gz
exchange-17a00ef22dadd10c97fea188c75a8aaeb1e64442.tar.bz2
exchange-17a00ef22dadd10c97fea188c75a8aaeb1e64442.zip
3 files changed, 13 insertions, 7 deletions
diff --git a/src/util/age_restriction.c b/src/util/age_restriction.c
index 45ebc03c4..65c1574b3 100644
--- a/src/util/age_restriction.c
+++ b/src/util/age_restriction.c
@@ -173,7 +173,7 @@ FAIL:
 enum GNUNET_GenericReturnValue
 TALER_age_commitment_derive (
   const struct TALER_AgeCommitmentProof *orig,
-  const uint64_t salt,
+  const struct GNUNET_HashCode *salt,
   struct TALER_AgeCommitmentProof *newacp)
 {
   GNUNET_assert (NULL != newacp);
@@ -211,8 +211,8 @@ TALER_age_commitment_derive (
   {
     GNUNET_CRYPTO_edx25519_private_key_derive (
       &orig->proof.keys[i].priv,
-      &salt,
-      sizeof(salt),
+      salt,
+      sizeof(*salt),
       &newacp->proof.keys[i].priv);
   }
 #else
diff --git a/src/util/test_age_restriction.c b/src/util/test_age_restriction.c
index 9b8c6dfe5..847ab4e98 100644
--- a/src/util/test_age_restriction.c
+++ b/src/util/test_age_restriction.c
@@ -170,11 +170,13 @@ test_attestation (void)
     /* Also derive two more commitments right away */
     for (uint8_t i = 0; i<2; i++)
     {
-      uint64_t salt = GNUNET_CRYPTO_random_u64 (GNUNET_CRYPTO_QUALITY_WEAK,
-                                                UINT64_MAX);
+      struct GNUNET_HashCode salt;
+      GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK,
+                                  &salt,
+                                  sizeof (salt));
       GNUNET_assert (GNUNET_OK ==
                      TALER_age_commitment_derive (&acp[i],
-                                                  salt,
+                                                  &salt,
                                                   &acp[i + 1]));
     }
 
diff --git a/src/util/tv_age_restriction.c b/src/util/tv_age_restriction.c
index ffb144ec5..2bddb9d1b 100644
--- a/src/util/tv_age_restriction.c
+++ b/src/util/tv_age_restriction.c
@@ -175,11 +175,15 @@ generate (
     /* Also derive two more commitments right away */
     for (uint8_t i = 0; i<2; i++)
     {
+      struct GNUNET_HashCode salt;
+      GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK,
+                                  &salt,
+                                  sizeof (salt));
       uint64_t salt = GNUNET_CRYPTO_random_u64 (GNUNET_CRYPTO_QUALITY_WEAK,
                                                 UINT64_MAX / 2);
       GNUNET_assert (GNUNET_OK ==
                      TALER_age_commitment_derive (&acp[i],
-                                                  salt,
+                                                  &salt,
                                                   &acp[i + 1]));
     }
author	Florian Dold <florian@dold.me>	2022-04-26 23:34:14 +0200
committer	Florian Dold <florian@dold.me>	2022-04-26 23:34:14 +0200
commit	17a00ef22dadd10c97fea188c75a8aaeb1e64442 (patch)
tree	838efd9d5c6ba577f4735b9da57a9d38489b007b /src/util
parent	47e276e11a5d1d92bbfc3c8c2e940902af3003dd (diff)
download	exchange-17a00ef22dadd10c97fea188c75a8aaeb1e64442.tar.gz exchange-17a00ef22dadd10c97fea188c75a8aaeb1e64442.tar.bz2 exchange-17a00ef22dadd10c97fea188c75a8aaeb1e64442.zip