From 17a00ef22dadd10c97fea188c75a8aaeb1e64442 Mon Sep 17 00:00:00 2001 From: Florian Dold Date: Tue, 26 Apr 2022 23:34:14 +0200 Subject: age restriction: make seed a HashCode due to endianess and security level concerns --- src/exchange/taler-exchange-httpd_refreshes_reveal.c | 4 +--- src/include/taler_crypto_lib.h | 2 +- src/lib/exchange_api_link.c | 4 +--- src/lib/exchange_api_refresh_common.c | 7 +------ src/util/age_restriction.c | 6 +++--- src/util/test_age_restriction.c | 8 +++++--- src/util/tv_age_restriction.c | 6 +++++- 7 files changed, 17 insertions(+), 20 deletions(-) (limited to 'src') diff --git a/src/exchange/taler-exchange-httpd_refreshes_reveal.c b/src/exchange/taler-exchange-httpd_refreshes_reveal.c index fbfbf8acb..19c126f7e 100644 --- a/src/exchange/taler-exchange-httpd_refreshes_reveal.c +++ b/src/exchange/taler-exchange-httpd_refreshes_reveal.c @@ -297,8 +297,6 @@ check_commitment (struct RevealContext *rctx, * the transfer_secret and the old age commitment. */ if (NULL != rctx->old_age_commitment) { - uint64_t seed = (uint64_t) ts.key.bits[0] - | (uint64_t) ts.key.bits[1] << 32; struct TALER_AgeCommitmentProof acp = { /* we only need the commitment, not the proof, for the call to * TALER_age_commitment_derive. */ @@ -310,7 +308,7 @@ check_commitment (struct RevealContext *rctx, GNUNET_assert (GNUNET_OK == TALER_age_commitment_derive ( &acp, - seed, + &ts.key, &nacp)); TALER_age_commitment_hash (&nacp.commitment, &h); diff --git a/src/include/taler_crypto_lib.h b/src/include/taler_crypto_lib.h index 2cf4c8f4b..3530f7367 100644 --- a/src/include/taler_crypto_lib.h +++ b/src/include/taler_crypto_lib.h @@ -4819,7 +4819,7 @@ TALER_age_restriction_commit ( enum GNUNET_GenericReturnValue TALER_age_commitment_derive ( const struct TALER_AgeCommitmentProof *orig, - const uint64_t salt, + const struct GNUNET_HashCode *salt, struct TALER_AgeCommitmentProof *derived); diff --git a/src/lib/exchange_api_link.c b/src/lib/exchange_api_link.c index ddc763c33..9e8625ed5 100644 --- a/src/lib/exchange_api_link.c +++ b/src/lib/exchange_api_link.c @@ -148,15 +148,13 @@ parse_link_coin (const struct TALER_EXCHANGE_LinkHandle *lh, /* Derive the age commitment and calculate the hash */ if (NULL != lh->age_commitment_proof) { - uint64_t seed = (uint64_t) secret.key.bits[0] - | (uint64_t) secret.key.bits[1] << 32; lci->age_commitment_proof = GNUNET_new (struct TALER_AgeCommitmentProof); lci->h_age_commitment = GNUNET_new (struct TALER_AgeCommitmentHash); GNUNET_assert (GNUNET_OK == TALER_age_commitment_derive ( lh->age_commitment_proof, - seed, + &secret.key, lci->age_commitment_proof)); TALER_age_commitment_hash ( diff --git a/src/lib/exchange_api_refresh_common.c b/src/lib/exchange_api_refresh_common.c index 94d0dc8cb..581e21152 100644 --- a/src/lib/exchange_api_refresh_common.c +++ b/src/lib/exchange_api_refresh_common.c @@ -185,11 +185,6 @@ TALER_EXCHANGE_get_melt_data_ ( /* Handle age commitment, if present */ if (NULL != md->melted_coin.age_commitment_proof) { - /* We use the first 8 bytes of the trans_sec to generate a new age - * commitment */ - uint64_t age_seed = (uint64_t) trans_sec.key.bits[0] - | (uint64_t) trans_sec.key.bits[1] << 32; - fcd->age_commitment_proof[i] = GNUNET_new (struct TALER_AgeCommitmentProof); ach = GNUNET_new (struct TALER_AgeCommitmentHash); @@ -197,7 +192,7 @@ TALER_EXCHANGE_get_melt_data_ ( GNUNET_assert (GNUNET_OK == TALER_age_commitment_derive ( md->melted_coin.age_commitment_proof, - age_seed, + &trans_sec.key, fcd->age_commitment_proof[i])); TALER_age_commitment_hash ( diff --git a/src/util/age_restriction.c b/src/util/age_restriction.c index 45ebc03c4..65c1574b3 100644 --- a/src/util/age_restriction.c +++ b/src/util/age_restriction.c @@ -173,7 +173,7 @@ FAIL: enum GNUNET_GenericReturnValue TALER_age_commitment_derive ( const struct TALER_AgeCommitmentProof *orig, - const uint64_t salt, + const struct GNUNET_HashCode *salt, struct TALER_AgeCommitmentProof *newacp) { GNUNET_assert (NULL != newacp); @@ -211,8 +211,8 @@ TALER_age_commitment_derive ( { GNUNET_CRYPTO_edx25519_private_key_derive ( &orig->proof.keys[i].priv, - &salt, - sizeof(salt), + salt, + sizeof(*salt), &newacp->proof.keys[i].priv); } #else diff --git a/src/util/test_age_restriction.c b/src/util/test_age_restriction.c index 9b8c6dfe5..847ab4e98 100644 --- a/src/util/test_age_restriction.c +++ b/src/util/test_age_restriction.c @@ -170,11 +170,13 @@ test_attestation (void) /* Also derive two more commitments right away */ for (uint8_t i = 0; i<2; i++) { - uint64_t salt = GNUNET_CRYPTO_random_u64 (GNUNET_CRYPTO_QUALITY_WEAK, - UINT64_MAX); + struct GNUNET_HashCode salt; + GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK, + &salt, + sizeof (salt)); GNUNET_assert (GNUNET_OK == TALER_age_commitment_derive (&acp[i], - salt, + &salt, &acp[i + 1])); } diff --git a/src/util/tv_age_restriction.c b/src/util/tv_age_restriction.c index ffb144ec5..2bddb9d1b 100644 --- a/src/util/tv_age_restriction.c +++ b/src/util/tv_age_restriction.c @@ -175,11 +175,15 @@ generate ( /* Also derive two more commitments right away */ for (uint8_t i = 0; i<2; i++) { + struct GNUNET_HashCode salt; + GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK, + &salt, + sizeof (salt)); uint64_t salt = GNUNET_CRYPTO_random_u64 (GNUNET_CRYPTO_QUALITY_WEAK, UINT64_MAX / 2); GNUNET_assert (GNUNET_OK == TALER_age_commitment_derive (&acp[i], - salt, + &salt, &acp[i + 1])); } -- cgit v1.2.3