From f59b1acbaeb270fa5fefcfd4e8f981464d59e5a0 Mon Sep 17 00:00:00 2001 From: Stan Bondi Date: Mon, 8 Aug 2022 19:55:58 +0400 Subject: [PATCH] fix(core): use domain-separated kdf for encrypted value --- base_layer/core/src/transactions/mod.rs | 1 + .../transaction_components/encrypted_value.rs | 24 +++++++++---------- 2 files changed, 12 insertions(+), 13 deletions(-) diff --git a/base_layer/core/src/transactions/mod.rs b/base_layer/core/src/transactions/mod.rs index 16d31537a1..2d98e250f5 100644 --- a/base_layer/core/src/transactions/mod.rs +++ b/base_layer/core/src/transactions/mod.rs @@ -28,3 +28,4 @@ pub mod weight; pub mod test_helpers; hash_domain!(TransactionHashDomain, "com.tari.base_layer.core.transactions", 0); +hash_domain!(TransactionKdfDomain, "com.tari.base_layer.core.transactions.kdf", 0); diff --git a/base_layer/core/src/transactions/transaction_components/encrypted_value.rs b/base_layer/core/src/transactions/transaction_components/encrypted_value.rs index 6e2346250b..e28e23c2bf 100644 --- a/base_layer/core/src/transactions/transaction_components/encrypted_value.rs +++ b/base_layer/core/src/transactions/transaction_components/encrypted_value.rs @@ -25,7 +25,6 @@ use std::io::{self, Read, Write}; -use blake2::Digest; use chacha20poly1305::{ aead::{Aead, Error, NewAead, Payload}, ChaCha20Poly1305, @@ -34,13 +33,13 @@ use chacha20poly1305::{ }; use serde::{Deserialize, Serialize}; use tari_common_types::types::{Commitment, PrivateKey}; -use tari_crypto::hash::{blake2::Blake256, error::HashError}; +use tari_crypto::{hash::blake2::Blake256, hashing::DomainSeparatedHasher}; use tari_utilities::{ByteArray, ByteArrayError}; use thiserror::Error; use crate::{ consensus::{ConsensusDecoding, ConsensusEncoding, ConsensusEncodingSized}, - transactions::tari_amount::MicroTari, + transactions::{tari_amount::MicroTari, TransactionKdfDomain}, }; const SIZE: usize = 24; @@ -69,8 +68,6 @@ impl ByteArray for EncryptedValue { pub enum EncryptionError { #[error("Encryption failed: {0}")] EncryptionFailed(Error), - #[error("Hash error: {0}")] - HashError(#[from] HashError), } // chacha error is not StdError compatible @@ -88,7 +85,7 @@ impl EncryptedValue { commitment: &Commitment, value: MicroTari, ) -> Result { - let aead_key = kdf_aead(encryption_key, commitment)?; + let aead_key = kdf_aead(encryption_key, commitment); // Encrypt the value (with fixed length) using ChaCha20-Poly1305 with a fixed zero nonce let aead_payload = Payload { msg: &value.as_u64().to_le_bytes(), @@ -106,7 +103,7 @@ impl EncryptedValue { commitment: &Commitment, value: &EncryptedValue, ) -> Result { - let aead_key = kdf_aead(encryption_key, commitment)?; + let aead_key = kdf_aead(encryption_key, commitment); // Authenticate and decrypt the value let aead_payload = Payload { msg: value.as_bytes(), @@ -120,13 +117,14 @@ impl EncryptedValue { } // Generate a ChaCha20-Poly1305 key from an ECDH shared secret and commitment using Blake2b -fn kdf_aead(shared_secret: &PrivateKey, commitment: &Commitment) -> Result { +fn kdf_aead(shared_secret: &PrivateKey, commitment: &Commitment) -> Key { const AEAD_KEY_LENGTH: usize = 32; // The length in bytes of a ChaCha20-Poly1305 AEAD key - let mut hasher = Blake256::with_params(&[], b"SCAN_AEAD".as_ref(), b"TARI_KDF".as_ref())?; - hasher.update(shared_secret.as_bytes()); - hasher.update(commitment.as_bytes()); - let output = hasher.finalize(); - Ok(*Key::from_slice(&output[..AEAD_KEY_LENGTH])) + let output = DomainSeparatedHasher::::new_with_label("encrypted_value") + .chain(shared_secret.as_bytes()) + .chain(commitment.as_bytes()) + .finalize(); + + *Key::from_slice(&output.as_ref()[..AEAD_KEY_LENGTH]) } impl ConsensusEncoding for EncryptedValue {