[taler-anastasis] branch master updated: Fix account key derivation.

[gnunet]

This is an automated email from the git hooks/post-receive script.

dold pushed a commit to branch master
in repository anastasis.

The following commit(s) were added to refs/heads/master by this push:
     new f9b3f95  Fix account key derivation.
f9b3f95 is described below

commit f9b3f95b133dd98289ccd165966896fc0af5860d
Author: Florian Dold <florian@dold.me>
AuthorDate: Tue Oct 19 13:20:03 2021 +0200

    Fix account key derivation.
    
    In Ed25519, the secret key is just a seed and not a scalar.  It is used
    both when hashing the message and used to derive the scalar "d" via
    hashing.  Only the scalar "d" needs bit-twiddling.  Bit-twiddling the
    seed doesn't make sense.
---
 doc/sphinx/cryptography.rst         | 10 +---------
 doc/system-documentation/design.tex |  9 +--------
 src/util/anastasis_crypto.c         |  5 -----
 3 files changed, 2 insertions(+), 22 deletions(-)

diff --git a/doc/sphinx/cryptography.rst b/doc/sphinx/cryptography.rst
index 194b311..6c25fc0 100644
--- a/doc/sphinx/cryptography.rst
+++ b/doc/sphinx/cryptography.rst
@@ -116,7 +116,7 @@ HKDF to ensure that the result differs from other cases 
where we hash
 .. code-block:: none
 
     ver_secret := HKDF(kdf_id, "ver", keysize)
-    eddsa_priv := eddsa_d_to_a(ver_secret)
+    eddsa_priv := ver_secret
     eddsa_pub := get_EdDSA_Pub(eddsa_priv)
 
 
@@ -128,14 +128,6 @@ HKDF to ensure that the result differs from other cases 
where we hash
 
 **ver_secret**: Derived key from the ``kdf_id``, serves as intermediate step 
for the generation of the private key.
 
-**eddsa_d_to_a()**: Function which converts the ver_key to a valid EdDSA 
private key. Specifically, assuming the value ``eddsa_priv`` is in a 32-byte 
array "digest", the function clears and sets certain bits as follows:
-
-.. code-block:: c
-
-  digest[0] &= 0xf8;
-  digest[31] &= 0x7f;
-  digest[31] |= 0x40;
-
 **eddsa_priv**: The generated EdDSA private key.
 
 **eddsa_pub**: The generated EdDSA public key.
diff --git a/doc/system-documentation/design.tex 
b/doc/system-documentation/design.tex
index 0883e7a..1fe9134 100644
--- a/doc/system-documentation/design.tex
+++ b/doc/system-documentation/design.tex
@@ -357,7 +357,7 @@ that the result differs from other cases where we hash {\em 
kdf id}:
 eddsa_keys_create (kdf_id, salt, keysize)
 {
   ver_secret = HKDF(kdf_id, salt, keysize)
-  eddsa_priv = eddsa_d_to_a(ver_secret)
+  eddsa_priv = ver_secret
   eddsa_pub = get_eddsa_pub(eddsa_priv)
   return eddsa_priv, eddsa_pub
 }
@@ -369,15 +369,8 @@ eddsa_keys_create (kdf_id, salt, keysize)
        \item[salt] {Is used that different keys are generated, the salt here 
is "ver".}
        \item[key\_size] {Size of the output, here 32 bytes.}
        \item[ver\_secret] {Derived key from the kdf\_id, serves as 
intermediate step for the generation of the private key.}
-       \item[eddsa\_d\_to\_a()] {Function which converts the ver\_key to a 
valid EdDSA private key. Specifically, assuming the value eddsa\_priv is in a 
32-byte array “digest”, the function clears and sets certain bits as follows:}
 \end{description}
 
-\begin{lstlisting}
-digest[0] &= 0xf8;
-digest[31] &= 0x7f;
-digest[31] |= 0x40;
-\end{lstlisting}
-
 \begin{description}
        \item[eddsa\_priv] {The generated EdDSA private key.}
        \item[eddsa\_pub] {The generated EdDSA public key.}
diff --git a/src/util/anastasis_crypto.c b/src/util/anastasis_crypto.c
index 9231fc1..e122c07 100644
--- a/src/util/anastasis_crypto.c
+++ b/src/util/anastasis_crypto.c
@@ -240,11 +240,6 @@ ANASTASIS_CRYPTO_account_private_key_derive (
     GNUNET_break (0);
     return;
   }
-  /* go from ver_secret to proper private key (eddsa_d_to_a() in spec) */
-
-  priv_key->priv.d[0] &= 0xf8;
-  priv_key->priv.d[31] &= 0x7f;
-  priv_key->priv.d[31] |= 0x40;
 }
 
 

-- 
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.