Skip to content

Commit

Permalink
fix(core): use domain-separated kdf for encrypted value (#4421)
Browse files Browse the repository at this point in the history
  • Loading branch information
sdbondi authored Aug 8, 2022
1 parent 13231ef commit c5a0aef
Show file tree
Hide file tree
Showing 2 changed files with 12 additions and 13 deletions.
1 change: 1 addition & 0 deletions base_layer/core/src/transactions/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -28,3 +28,4 @@ pub mod weight;
pub mod test_helpers;

hash_domain!(TransactionHashDomain, "com.tari.base_layer.core.transactions", 0);
hash_domain!(TransactionKdfDomain, "com.tari.base_layer.core.transactions.kdf", 0);
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,6 @@

use std::io::{self, Read, Write};

use blake2::Digest;
use chacha20poly1305::{
aead::{Aead, Error, NewAead, Payload},
ChaCha20Poly1305,
Expand All @@ -34,13 +33,13 @@ use chacha20poly1305::{
};
use serde::{Deserialize, Serialize};
use tari_common_types::types::{Commitment, PrivateKey};
use tari_crypto::hash::{blake2::Blake256, error::HashError};
use tari_crypto::{hash::blake2::Blake256, hashing::DomainSeparatedHasher};
use tari_utilities::{ByteArray, ByteArrayError};
use thiserror::Error;

use crate::{
consensus::{ConsensusDecoding, ConsensusEncoding, ConsensusEncodingSized},
transactions::tari_amount::MicroTari,
transactions::{tari_amount::MicroTari, TransactionKdfDomain},
};

const SIZE: usize = 24;
Expand Down Expand Up @@ -69,8 +68,6 @@ impl ByteArray for EncryptedValue {
pub enum EncryptionError {
#[error("Encryption failed: {0}")]
EncryptionFailed(Error),
#[error("Hash error: {0}")]
HashError(#[from] HashError),
}

// chacha error is not StdError compatible
Expand All @@ -88,7 +85,7 @@ impl EncryptedValue {
commitment: &Commitment,
value: MicroTari,
) -> Result<EncryptedValue, EncryptionError> {
let aead_key = kdf_aead(encryption_key, commitment)?;
let aead_key = kdf_aead(encryption_key, commitment);
// Encrypt the value (with fixed length) using ChaCha20-Poly1305 with a fixed zero nonce
let aead_payload = Payload {
msg: &value.as_u64().to_le_bytes(),
Expand All @@ -106,7 +103,7 @@ impl EncryptedValue {
commitment: &Commitment,
value: &EncryptedValue,
) -> Result<MicroTari, EncryptionError> {
let aead_key = kdf_aead(encryption_key, commitment)?;
let aead_key = kdf_aead(encryption_key, commitment);
// Authenticate and decrypt the value
let aead_payload = Payload {
msg: value.as_bytes(),
Expand All @@ -120,13 +117,14 @@ impl EncryptedValue {
}

// Generate a ChaCha20-Poly1305 key from an ECDH shared secret and commitment using Blake2b
fn kdf_aead(shared_secret: &PrivateKey, commitment: &Commitment) -> Result<Key, HashError> {
fn kdf_aead(shared_secret: &PrivateKey, commitment: &Commitment) -> Key {
const AEAD_KEY_LENGTH: usize = 32; // The length in bytes of a ChaCha20-Poly1305 AEAD key
let mut hasher = Blake256::with_params(&[], b"SCAN_AEAD".as_ref(), b"TARI_KDF".as_ref())?;
hasher.update(shared_secret.as_bytes());
hasher.update(commitment.as_bytes());
let output = hasher.finalize();
Ok(*Key::from_slice(&output[..AEAD_KEY_LENGTH]))
let output = DomainSeparatedHasher::<Blake256, TransactionKdfDomain>::new_with_label("encrypted_value")
.chain(shared_secret.as_bytes())
.chain(commitment.as_bytes())
.finalize();

*Key::from_slice(&output.as_ref()[..AEAD_KEY_LENGTH])
}

impl ConsensusEncoding for EncryptedValue {
Expand Down

0 comments on commit c5a0aef

Please sign in to comment.