[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-anastasis] branch master updated: Fix account key derivation.
From: |
gnunet |
Subject: |
[taler-anastasis] branch master updated: Fix account key derivation. |
Date: |
Tue, 19 Oct 2021 13:22:28 +0200 |
This is an automated email from the git hooks/post-receive script.
dold pushed a commit to branch master
in repository anastasis.
The following commit(s) were added to refs/heads/master by this push:
new f9b3f95 Fix account key derivation.
f9b3f95 is described below
commit f9b3f95b133dd98289ccd165966896fc0af5860d
Author: Florian Dold <florian@dold.me>
AuthorDate: Tue Oct 19 13:20:03 2021 +0200
Fix account key derivation.
In Ed25519, the secret key is just a seed and not a scalar. It is used
both when hashing the message and used to derive the scalar "d" via
hashing. Only the scalar "d" needs bit-twiddling. Bit-twiddling the
seed doesn't make sense.
---
doc/sphinx/cryptography.rst | 10 +---------
doc/system-documentation/design.tex | 9 +--------
src/util/anastasis_crypto.c | 5 -----
3 files changed, 2 insertions(+), 22 deletions(-)
diff --git a/doc/sphinx/cryptography.rst b/doc/sphinx/cryptography.rst
index 194b311..6c25fc0 100644
--- a/doc/sphinx/cryptography.rst
+++ b/doc/sphinx/cryptography.rst
@@ -116,7 +116,7 @@ HKDF to ensure that the result differs from other cases
where we hash
.. code-block:: none
ver_secret := HKDF(kdf_id, "ver", keysize)
- eddsa_priv := eddsa_d_to_a(ver_secret)
+ eddsa_priv := ver_secret
eddsa_pub := get_EdDSA_Pub(eddsa_priv)
@@ -128,14 +128,6 @@ HKDF to ensure that the result differs from other cases
where we hash
**ver_secret**: Derived key from the ``kdf_id``, serves as intermediate step
for the generation of the private key.
-**eddsa_d_to_a()**: Function which converts the ver_key to a valid EdDSA
private key. Specifically, assuming the value ``eddsa_priv`` is in a 32-byte
array "digest", the function clears and sets certain bits as follows:
-
-.. code-block:: c
-
- digest[0] &= 0xf8;
- digest[31] &= 0x7f;
- digest[31] |= 0x40;
-
**eddsa_priv**: The generated EdDSA private key.
**eddsa_pub**: The generated EdDSA public key.
diff --git a/doc/system-documentation/design.tex
b/doc/system-documentation/design.tex
index 0883e7a..1fe9134 100644
--- a/doc/system-documentation/design.tex
+++ b/doc/system-documentation/design.tex
@@ -357,7 +357,7 @@ that the result differs from other cases where we hash {\em
kdf id}:
eddsa_keys_create (kdf_id, salt, keysize)
{
ver_secret = HKDF(kdf_id, salt, keysize)
- eddsa_priv = eddsa_d_to_a(ver_secret)
+ eddsa_priv = ver_secret
eddsa_pub = get_eddsa_pub(eddsa_priv)
return eddsa_priv, eddsa_pub
}
@@ -369,15 +369,8 @@ eddsa_keys_create (kdf_id, salt, keysize)
\item[salt] {Is used that different keys are generated, the salt here
is "ver".}
\item[key\_size] {Size of the output, here 32 bytes.}
\item[ver\_secret] {Derived key from the kdf\_id, serves as
intermediate step for the generation of the private key.}
- \item[eddsa\_d\_to\_a()] {Function which converts the ver\_key to a
valid EdDSA private key. Specifically, assuming the value eddsa\_priv is in a
32-byte array “digest”, the function clears and sets certain bits as follows:}
\end{description}
-\begin{lstlisting}
-digest[0] &= 0xf8;
-digest[31] &= 0x7f;
-digest[31] |= 0x40;
-\end{lstlisting}
-
\begin{description}
\item[eddsa\_priv] {The generated EdDSA private key.}
\item[eddsa\_pub] {The generated EdDSA public key.}
diff --git a/src/util/anastasis_crypto.c b/src/util/anastasis_crypto.c
index 9231fc1..e122c07 100644
--- a/src/util/anastasis_crypto.c
+++ b/src/util/anastasis_crypto.c
@@ -240,11 +240,6 @@ ANASTASIS_CRYPTO_account_private_key_derive (
GNUNET_break (0);
return;
}
- /* go from ver_secret to proper private key (eddsa_d_to_a() in spec) */
-
- priv_key->priv.d[0] &= 0xf8;
- priv_key->priv.d[31] &= 0x7f;
- priv_key->priv.d[31] |= 0x40;
}
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [taler-anastasis] branch master updated: Fix account key derivation.,
gnunet <=