commit b523399e130305c521bd921fb19e1e41c57b9b79
parent dccd67f5ff147691f96e9b4dc4bc695a86918373
Author: Florian Dold <florian@dold.me>
Date: Wed, 8 Oct 2025 17:54:18 +0200
donau: update how donor ID is hashed
Diffstat:
1 file changed, 6 insertions(+), 8 deletions(-)
diff --git a/packages/taler-wallet-core/src/donau.ts b/packages/taler-wallet-core/src/donau.ts
@@ -45,7 +45,6 @@ import {
getRandomBytes,
HashCodeString,
j2s,
- kdfKw,
Logger,
SetDonauRequest,
SignedTokenEnvelope,
@@ -135,13 +134,14 @@ export async function handleGetDonauStatements(
const parsedDonauUrl = new URL(r0.donauBaseUrl);
const proto = parsedDonauUrl.protocol == "http:" ? "donau+http" : "donau";
const taxIdEnc = encodeURIComponent(r0.donorTaxId);
+ const saltEnc = encodeURIComponent(r0.donorHashSalt);
statements.push({
donationStatementSig: stmt.donation_statement_sig,
donauPub: stmt.donau_pub,
total: stmt.total,
// FIXME: Generate this using some helper
// FIXME: What about a donau not at the root path?
- uri: `${proto}://${parsedDonauUrl.host}/${r0.donationYear}/${taxIdEnc}?total=${stmt.total}&sig=ED25519:${stmt.donation_statement_sig}`,
+ uri: `${proto}://${parsedDonauUrl.host}/${r0.donationYear}/${taxIdEnc}/${saltEnc}?total=${stmt.total}&sig=ED25519:${stmt.donation_statement_sig}`,
});
}
}
@@ -163,12 +163,10 @@ export async function handleSetDonau(
// for same taxpayer ID.
const salt = getRandomBytes(32);
// FIXME: Where is the salted hashing for this specified?
- const saltedId = kdfKw({
- outputLength: 64,
- ikm: stringToBytes(req.taxPayerId),
- salt: salt,
- info: stringToBytes("tax-payer-id-hash"),
- });
+ const idHasher = createHashContext();
+ idHasher.update(stringToBytes(encodeCrock(salt) + "\0"));
+ idHasher.update(stringToBytes(req.taxPayerId + "\0"));
+ const saltedId = idHasher.finish();
await wex.db.runAllStoresReadWriteTx({}, async (tx) => {
await tx.config.put({
key: ConfigRecordKey.DonauConfig,
