[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-anastasis] branch master updated: use POW hash when hashing secur
|
From: |
gnunet |
|
Subject: |
[taler-anastasis] branch master updated: use POW hash when hashing security answer, also deduplicate code |
|
Date: |
Fri, 19 Mar 2021 18:14:21 +0100 |
This is an automated email from the git hooks/post-receive script.
grothoff pushed a commit to branch master
in repository anastasis.
The following commit(s) were added to refs/heads/master by this push:
new cc9d5f9 use POW hash when hashing security answer, also deduplicate
code
cc9d5f9 is described below
commit cc9d5f9f5cf1d4d98cbea28ab9a759be2d4e9d30
Author: Christian Grothoff <grothoff@gnunet.org>
AuthorDate: Fri Mar 19 18:14:10 2021 +0100
use POW hash when hashing security answer, also deduplicate code
---
src/include/anastasis_crypto_lib.h | 20 +++++++++++++++++++-
src/lib/anastasis_backup.c | 19 ++++---------------
src/lib/anastasis_recovery.c | 18 ++++--------------
src/util/anastasis_crypto.c | 28 ++++++++++++++++++++++++++++
4 files changed, 55 insertions(+), 30 deletions(-)
diff --git a/src/include/anastasis_crypto_lib.h
b/src/include/anastasis_crypto_lib.h
index 57f4841..97103fa 100644
--- a/src/include/anastasis_crypto_lib.h
+++ b/src/include/anastasis_crypto_lib.h
@@ -103,7 +103,8 @@ struct ANASTASIS_CRYPTO_MasterSaltP
*/
struct ANASTASIS_CRYPTO_QuestionSaltP
{
- struct GNUNET_ShortHashCode salt GNUNET_PACKED;
+ struct GNUNET_ShortHashCode key GNUNET_PACKED;
+ // struct GNUNET_CRYPTO_PowSalt pow_salt;
};
@@ -320,6 +321,23 @@ ANASTASIS_CRYPTO_account_private_key_derive (
struct ANASTASIS_CRYPTO_AccountPrivateKeyP *priv_key);
+/**
+ * Hash @a answer to security question with @a salt and @a uuid to compute
+ * @a result that would be sent to the service for authorization.
+ *
+ * @param answer human answer to a security question
+ * @param uuid the truth UUID (known to the service)
+ * @param salt random salt value, unknown to the service
+ * @param[out] result where to write the resulting hash
+ */
+void
+ANASTASIS_CRYPTO_secure_answer_hash (
+ const char *answer,
+ const struct ANASTASIS_CRYPTO_TruthUUIDP *uuid,
+ const struct ANASTASIS_CRYPTO_QuestionSaltP *salt,
+ struct GNUNET_HashCode *result);
+
+
/**
* Encrypt and signs the recovery document with AES256, the recovery
* document is encrypted with a derivation from the user identifier
diff --git a/src/lib/anastasis_backup.c b/src/lib/anastasis_backup.c
index bfd0b26..f5c0693 100644
--- a/src/lib/anastasis_backup.c
+++ b/src/lib/anastasis_backup.c
@@ -285,21 +285,10 @@ ANASTASIS_truth_upload3 (struct GNUNET_CURL_Context *ctx,
answer = GNUNET_strndup (truth_data,
truth_data_size);
- // FIXME: deduplicate this call with anastasis_recovery.c!
- GNUNET_assert (GNUNET_YES ==
- GNUNET_CRYPTO_kdf (
- &nt,
- sizeof (nt),
- "Anastasis-secure-question-uuid-salting",
- strlen ("Anastasis-secure-question-uuid-salting"),
- answer,
- strlen (answer),
- &t->uuid,
- sizeof (t->uuid),
- &t->salt,
- sizeof (t->salt),
- NULL,
- 0));
+ ANASTASIS_CRYPTO_secure_answer_hash (answer,
+ &t->uuid,
+ &t->salt,
+ &nt);
GNUNET_free (answer);
truth_data = &nt;
truth_data_size = sizeof (nt);
diff --git a/src/lib/anastasis_recovery.c b/src/lib/anastasis_recovery.c
index c4a52e5..1104d4a 100644
--- a/src/lib/anastasis_recovery.c
+++ b/src/lib/anastasis_recovery.c
@@ -464,20 +464,10 @@ ANASTASIS_challenge_answer (
{
struct GNUNET_HashCode hashed_answer;
- GNUNET_assert (GNUNET_YES ==
- GNUNET_CRYPTO_kdf (
- &hashed_answer,
- sizeof (hashed_answer),
- "Anastasis-secure-question-uuid-salting",
- strlen ("Anastasis-secure-question-uuid-salting"),
- answer_str,
- strlen (answer_str),
- &c->ci.uuid,
- sizeof (c->ci.uuid),
- &c->salt,
- sizeof (c->salt),
- NULL,
- 0));
+ ANASTASIS_CRYPTO_secure_answer_hash (answer_str,
+ &c->ci.uuid,
+ &c->salt,
+ &hashed_answer);
return ANASTASIS_challenge_start (c,
psp,
timeout,
diff --git a/src/util/anastasis_crypto.c b/src/util/anastasis_crypto.c
index 1b8b4b9..35e0761 100644
--- a/src/util/anastasis_crypto.c
+++ b/src/util/anastasis_crypto.c
@@ -52,6 +52,34 @@ ANASTASIS_hash_answer (uint64_t code,
}
+void
+ANASTASIS_CRYPTO_secure_answer_hash (
+ const char *answer,
+ const struct ANASTASIS_CRYPTO_TruthUUIDP *uuid,
+ const struct ANASTASIS_CRYPTO_QuestionSaltP *salt,
+ struct GNUNET_HashCode *result)
+{
+ struct GNUNET_HashCode pow;
+
+ GNUNET_CRYPTO_pow_hash (&salt->pow_salt,
+ answer,
+ strlen (answer),
+ &pow);
+ GNUNET_assert (GNUNET_YES ==
+ GNUNET_CRYPTO_kdf (
+ result,
+ sizeof (*result),
+ "Anastasis-secure-question-uuid-salting",
+ strlen ("Anastasis-secure-question-uuid-salting"),
+ &pow,
+ sizeof (pow),
+ uuid,
+ sizeof (*uuid),
+ NULL,
+ 0));
+}
+
+
/**
* Compute @a key and @a iv.
*
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [taler-anastasis] branch master updated: use POW hash when hashing security answer, also deduplicate code,
gnunet <=