util: always hash blinding seed into refresh session - taler-typescript-core - Wallet core logic and WebUIs for various components

commit b4042c34bc9933071be192c4a87093d4260a2668
parent e1fe553756596224378f80bb630ef453c0a6e330
Author: Florian Dold <florian@dold.me>
Date:   Thu, 24 Apr 2025 15:48:57 +0200

util: always hash blinding seed into refresh session

Diffstat:
M packages/taler-wallet-core/src/crypto/cryptoImplementation.ts  | 5 ++++-

1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/packages/taler-wallet-core/src/crypto/cryptoImplementation.ts b/packages/taler-wallet-core/src/crypto/cryptoImplementation.ts
@@ -1499,11 +1499,14 @@ export const nativeCryptoR: TalerCryptoInterfaceR = {
     const sessionHc = createHashContext();
 
     sessionHc.update(decodeCrock(sessionPublicSeed));
-    // For CS, we'd need to also read the blinding_seed into sessionHc.
+    const blindingSeed = new Uint8Array(32);
+    // For CS, we'd need to also read th real blinding_seed into sessionHc.
+    sessionHc.update(blindingSeed);
     sessionHc.update(decodeCrock(meltCoinPub));
     sessionHc.update(bufferFromAmount(valueWithFee));
 
     if (debugDumpSigs) {
+      logger.info(`hashing blinding seed: ${toHexString(blindingSeed)}`);
       logger.info(
         `hashing session seed: ${toHexString(decodeCrock(sessionPublicSeed))}`,
       );

	taler-typescript-core Wallet core logic and WebUIs for various components
	Log \| Files \| Refs \| Submodules \| README \| LICENSE