[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[gnunet] 03/03: - include h in expanded key as defined in lsd0001
From: |
gnunet |
Subject: |
[gnunet] 03/03: - include h in expanded key as defined in lsd0001 |
Date: |
Mon, 10 May 2021 21:51:04 +0200 |
This is an automated email from the git hooks/post-receive script.
martin-schanzenbach pushed a commit to branch master
in repository gnunet.
commit 78ad9a3344f8e833cf2c60d61b80dd2c8c6bd268
Author: Martin Schanzenbach <mschanzenbach@posteo.de>
AuthorDate: Mon May 10 21:48:40 2021 +0200
- include h in expanded key as defined in lsd0001
---
src/util/crypto_ecc_gnsrecord.c | 15 ++++++++++-----
1 file changed, 10 insertions(+), 5 deletions(-)
diff --git a/src/util/crypto_ecc_gnsrecord.c b/src/util/crypto_ecc_gnsrecord.c
index a78511105..ce41a4699 100644
--- a/src/util/crypto_ecc_gnsrecord.c
+++ b/src/util/crypto_ecc_gnsrecord.c
@@ -351,12 +351,17 @@ GNUNET_CRYPTO_eddsa_private_key_derive (
gcry_ctx_release (ctx);
GNUNET_CRYPTO_mpi_print_unsigned (dc, sizeof(dc), d);
/**
- * Note that we copy all of SHA512(d) into the result and
- * then overwrite the derived private scalar.
- * This means that we re-use SHA512(d)[32..63]
- * FIXME: Do we want to derive this part as well??
+ * We hash the derived "h" parameter with the
+ * other half of the expanded private key. This ensures
+ * that for signature generation, the "R" is derived from
+ * the same derivation path as "h" and is not reused.
*/
- memcpy (result->s, sk, sizeof (sk));
+ crypto_hash_sha256_state hs;
+ crypto_hash_sha256_init (&hs);
+ crypto_hash_sha256_update (&hs, sk + 32, 32);
+ crypto_hash_sha256_update (&hs, (unsigned char*) &hc, sizeof (hc));
+ crypto_hash_sha256_final (&hs, result->s + 32);
+ //memcpy (result->s, sk, sizeof (sk));
/* Convert to little endian for libsodium */
for (size_t i = 0; i < 32; i++)
result->s[i] = dc[31 - i];
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.