[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-anastasis] branch master updated: add additional per-challenge/tr
From: |
gnunet |
Subject: |
[taler-anastasis] branch master updated: add additional per-challenge/truth salt to obscure answer to security question against brute-force attacks |
Date: |
Sat, 06 Mar 2021 23:48:02 +0100 |
This is an automated email from the git hooks/post-receive script.
grothoff pushed a commit to branch master
in repository anastasis.
The following commit(s) were added to refs/heads/master by this push:
new f5f19df add additional per-challenge/truth salt to obscure answer to
security question against brute-force attacks
f5f19df is described below
commit f5f19dfe5b47c160f344621d685a80c56b800b4e
Author: Christian Grothoff <christian@grothoff.org>
AuthorDate: Sat Mar 6 23:47:59 2021 +0100
add additional per-challenge/truth salt to obscure answer to security
question against brute-force attacks
---
src/include/anastasis.h | 4 +--
src/lib/anastasis_backup.c | 58 +++++++++++++++++++++++++++++---
src/lib/anastasis_recovery.c | 47 +++++++++++++++++++-------
src/reducer/anastasis_api_backup_redux.c | 4 ++-
4 files changed, 93 insertions(+), 20 deletions(-)
diff --git a/src/include/anastasis.h b/src/include/anastasis.h
index aa61823..5a9f7e0 100644
--- a/src/include/anastasis.h
+++ b/src/include/anastasis.h
@@ -575,7 +575,7 @@ typedef void
* @param type defines the type of the challenge (secure question, sms, email)
* @param instructions depending on @a type! usually only for security
question/answer!
* @param mime_type format of the challenge
- * @param salt the server salt
+ * @param provider_salt the providers salt
* @param truth_data contains the truth for this challenge i.e. phone number,
email address
* @param truth_data_size size of the data
* @param payment_requested true if the client wants to pay more for the
account now
@@ -590,7 +590,7 @@ ANASTASIS_truth_upload (struct GNUNET_CURL_Context *ctx,
const char *type,
const char *instructions,
const char *mime_type,
- const struct ANASTASIS_CRYPTO_PowSalt *salt,
+ const struct ANASTASIS_CRYPTO_PowSalt *provider_salt,
const void *truth_data,
size_t truth_data_size,
bool payment_requested,
diff --git a/src/lib/anastasis_backup.c b/src/lib/anastasis_backup.c
index 9d0be85..8caaf80 100644
--- a/src/lib/anastasis_backup.c
+++ b/src/lib/anastasis_backup.c
@@ -45,6 +45,11 @@ struct ANASTASIS_Truth
/**
* Server salt used to derive user identifier
*/
+ struct ANASTASIS_CRYPTO_PowSalt provider_salt;
+
+ /**
+ * Server salt used to derive hash from security answer
+ */
struct ANASTASIS_CRYPTO_PowSalt salt;
/**
@@ -104,6 +109,8 @@ ANASTASIS_truth_from_json (const json_t *json)
&t->truth_key),
GNUNET_JSON_spec_fixed_auto ("salt",
&t->salt),
+ GNUNET_JSON_spec_fixed_auto ("provider_salt",
+ &t->provider_salt),
GNUNET_JSON_spec_end ()
};
@@ -138,7 +145,7 @@ json_t *
ANASTASIS_truth_to_json (const struct ANASTASIS_Truth *t)
{
return json_pack (
- "{s:o,s:o,s:o,s:o"
+ "{s:o,s:o,s:o,s:o,s:o"
",s:s,s:s,s:s,s:s?}",
"uuid",
GNUNET_JSON_from_data_auto (&t->uuid),
@@ -148,6 +155,8 @@ ANASTASIS_truth_to_json (const struct ANASTASIS_Truth *t)
GNUNET_JSON_from_data_auto (&t->truth_key),
"salt",
GNUNET_JSON_from_data_auto (&t->salt),
+ "provider_salt",
+ GNUNET_JSON_from_data_auto (&t->provider_salt),
"url",
t->url,
"type",
@@ -234,7 +243,7 @@ ANASTASIS_truth_upload (struct GNUNET_CURL_Context *ctx,
const char *type,
const char *instructions,
const char *mime_type,
- const struct ANASTASIS_CRYPTO_PowSalt *salt,
+ const struct ANASTASIS_CRYPTO_PowSalt *provider_salt,
const void *truth_data,
size_t truth_data_size,
bool payment_requested,
@@ -245,6 +254,7 @@ ANASTASIS_truth_upload (struct GNUNET_CURL_Context *ctx,
struct ANASTASIS_TruthUpload *tu;
struct ANASTASIS_Truth *t;
struct ANASTASIS_CRYPTO_EncryptedKeyShareP encrypted_key_share;
+ struct GNUNET_HashCode nt;
void *encrypted_truth;
size_t encrypted_truth_size;
@@ -264,18 +274,56 @@ ANASTASIS_truth_upload (struct GNUNET_CURL_Context *ctx,
t->mime_type = (NULL != mime_type)
? GNUNET_strdup (mime_type)
: NULL;
- t->salt = *salt;
+ t->provider_salt = *provider_salt;
+ GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE,
+ &t->salt,
+ sizeof (t->salt));
tu->t = t;
GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE,
&t->uuid,
- sizeof (struct ANASTASIS_CRYPTO_TruthUUIDP));
+ sizeof (t->uuid));
ANASTASIS_CRYPTO_keyshare_create (&t->key_share);
ANASTASIS_CRYPTO_keyshare_encrypt (&t->key_share,
&tu->id,
&encrypted_key_share);
GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_STRONG,
&t->truth_key,
- sizeof (struct ANASTASIS_CRYPTO_TruthKeyP));
+ sizeof (t->truth_key));
+ if (0 == strcmp ("question",
+ type))
+ {
+ char *answer;
+
+ answer = GNUNET_STRINGS_data_to_string_alloc (truth_data,
+ truth_data_size);
+ if (NULL == answer)
+ {
+ GNUNET_break (0);
+ GNUNET_free (t->mime_type);
+ GNUNET_free (t->url);
+ GNUNET_free (t->type);
+ GNUNET_free (t->instructions);
+ GNUNET_free (t);
+ GNUNET_free (tu);
+ return NULL;
+ }
+ GNUNET_assert (GNUNET_YES ==
+ GNUNET_CRYPTO_kdf (
+ &nt,
+ sizeof (nt),
+ "Anastasis-secure-question-uuid-salting",
+ strlen ("Anastasis-secure-question-uuid-salting"),
+ answer,
+ strlen (answer),
+ &t->uuid,
+ sizeof (t->uuid),
+ &t->salt,
+ sizeof (t->salt),
+ NULL,
+ 0));
+ truth_data = &nt;
+ truth_data_size = sizeof (nt);
+ }
ANASTASIS_CRYPTO_truth_encrypt (&t->truth_key,
truth_data,
truth_data_size,
diff --git a/src/lib/anastasis_recovery.c b/src/lib/anastasis_recovery.c
index 7b3fdf9..1865c30 100644
--- a/src/lib/anastasis_recovery.c
+++ b/src/lib/anastasis_recovery.c
@@ -45,9 +45,15 @@ struct ANASTASIS_Challenge
struct ANASTASIS_CRYPTO_TruthKeyP truth_key;
/**
- * Salt used to encrypt the truth
+ * Salt; used to derive hash from security question answers.
*/
- struct ANASTASIS_CRYPTO_PowSalt truth_salt;
+ struct ANASTASIS_CRYPTO_PowSalt salt;
+
+ /**
+ * Provider salt; used to derive our key material from our identity
+ * key.
+ */
+ struct ANASTASIS_CRYPTO_PowSalt provider_salt;
/**
* Decrypted key share for this challenge. Set once the
@@ -327,7 +333,7 @@ keyshare_lookup_cb (void *cls,
GNUNET_assert (NULL != dd);
ANASTASIS_CRYPTO_user_identifier_derive (recovery->id_data,
- &c->truth_salt,
+ &c->provider_salt,
&id);
ANASTASIS_CRYPTO_keyshare_decrypt (&dd->details.eks,
&id,
@@ -453,9 +459,20 @@ ANASTASIS_challenge_answer (
{
struct GNUNET_HashCode hashed_answer;
- GNUNET_CRYPTO_hash (answer_str,
- strlen (answer_str),
- &hashed_answer);
+ GNUNET_assert (GNUNET_YES ==
+ GNUNET_CRYPTO_kdf (
+ &hashed_answer,
+ sizeof (hashed_answer),
+ "Anastasis-secure-question-uuid-salting",
+ strlen ("Anastasis-secure-question-uuid-salting"),
+ answer_str,
+ strlen (answer_str),
+ &c->ci.uuid,
+ sizeof (c->ci.uuid),
+ &c->salt,
+ sizeof (c->salt),
+ NULL,
+ 0));
return ANASTASIS_challenge_start (c,
psp,
&hashed_answer,
@@ -691,7 +708,9 @@ policy_lookup_cb (void *cls,
GNUNET_JSON_spec_fixed_auto ("truth_key",
&cs->truth_key),
GNUNET_JSON_spec_fixed_auto ("salt",
- &cs->truth_salt),
+ &cs->salt),
+ GNUNET_JSON_spec_fixed_auto ("provider_salt",
+ &cs->provider_salt),
GNUNET_JSON_spec_string ("escrow_type",
&escrow_type),
GNUNET_JSON_spec_end ()
@@ -921,14 +940,16 @@ ANASTASIS_recovery_serialize (const struct
ANASTASIS_Recovery *r)
const struct ANASTASIS_Challenge *c = &r->cs[i];
json_t *cs;
- cs = json_pack ("{s:o,s:o,s:o,s:o?,"
+ cs = json_pack ("{s:o,s:o,s:o,s:o,s:o?,"
" s:s,s:s,s:s}",
"uuid",
GNUNET_JSON_from_data_auto (&c->ci.uuid),
"truth_key",
GNUNET_JSON_from_data_auto (&c->truth_key),
- "truth_salt",
- GNUNET_JSON_from_data_auto (&c->truth_salt),
+ "salt",
+ GNUNET_JSON_from_data_auto (&c->salt),
+ "provider_salt",
+ GNUNET_JSON_from_data_auto (&c->provider_salt),
"key_share",
c->ci.solved
? GNUNET_JSON_from_data_auto (&c->key_share)
@@ -1005,8 +1026,10 @@ parse_cs_array (struct ANASTASIS_Recovery *r,
&instructions),
GNUNET_JSON_spec_fixed_auto ("truth_key",
&c->truth_key),
- GNUNET_JSON_spec_fixed_auto ("truth_salt",
- &c->truth_salt),
+ GNUNET_JSON_spec_fixed_auto ("salt",
+ &c->salt),
+ GNUNET_JSON_spec_fixed_auto ("provider_salt",
+ &c->provider_salt),
GNUNET_JSON_spec_string ("type",
&escrow_type),
GNUNET_JSON_spec_mark_optional (
diff --git a/src/reducer/anastasis_api_backup_redux.c
b/src/reducer/anastasis_api_backup_redux.c
index eadb0c1..abf4efa 100644
--- a/src/reducer/anastasis_api_backup_redux.c
+++ b/src/reducer/anastasis_api_backup_redux.c
@@ -1999,7 +1999,9 @@ check_truth_upload (struct UploadContext *uc,
spec,
NULL, NULL))
{
- json_dumpf (auth_method, stderr, JSON_INDENT (2));
+ json_dumpf (auth_method,
+ stderr,
+ JSON_INDENT (2));
GNUNET_break (0);
GNUNET_free (tue);
return GNUNET_SYSERR;
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [taler-anastasis] branch master updated: add additional per-challenge/truth salt to obscure answer to security question against brute-force attacks,
gnunet <=