fix(core): use domain-separated kdf for encrypted value (#4421)

tari-project · Aug 8, 2022 · c5a0aef · c5a0aef
1 parent 13231ef
commit c5a0aef
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 13 deletions.
diff --git a/base_layer/core/src/transactions/mod.rs b/base_layer/core/src/transactions/mod.rs
@@ -28,3 +28,4 @@ pub mod weight;
 pub mod test_helpers;
 
 hash_domain!(TransactionHashDomain, "com.tari.base_layer.core.transactions", 0);
+hash_domain!(TransactionKdfDomain, "com.tari.base_layer.core.transactions.kdf", 0);
diff --git a/base_layer/core/src/transactions/transaction_components/encrypted_value.rs b/base_layer/core/src/transactions/transaction_components/encrypted_value.rs
@@ -25,7 +25,6 @@
 
 use std::io::{self, Read, Write};
 
-use blake2::Digest;
 use chacha20poly1305::{
     aead::{Aead, Error, NewAead, Payload},
     ChaCha20Poly1305,
@@ -34,13 +33,13 @@ use chacha20poly1305::{
 };
 use serde::{Deserialize, Serialize};
 use tari_common_types::types::{Commitment, PrivateKey};
-use tari_crypto::hash::{blake2::Blake256, error::HashError};
+use tari_crypto::{hash::blake2::Blake256, hashing::DomainSeparatedHasher};
 use tari_utilities::{ByteArray, ByteArrayError};
 use thiserror::Error;
 
 use crate::{
     consensus::{ConsensusDecoding, ConsensusEncoding, ConsensusEncodingSized},
-    transactions::tari_amount::MicroTari,
+    transactions::{tari_amount::MicroTari, TransactionKdfDomain},
 };
 
 const SIZE: usize = 24;
@@ -69,8 +68,6 @@ impl ByteArray for EncryptedValue {
 pub enum EncryptionError {
     #[error("Encryption failed: {0}")]
     EncryptionFailed(Error),
-    #[error("Hash error: {0}")]
-    HashError(#[from] HashError),
 }
 
 // chacha error is not StdError compatible
@@ -88,7 +85,7 @@ impl EncryptedValue {
         commitment: &Commitment,
         value: MicroTari,
     ) -> Result<EncryptedValue, EncryptionError> {
-        let aead_key = kdf_aead(encryption_key, commitment)?;
+        let aead_key = kdf_aead(encryption_key, commitment);
         // Encrypt the value (with fixed length) using ChaCha20-Poly1305 with a fixed zero nonce
         let aead_payload = Payload {
             msg: &value.as_u64().to_le_bytes(),
@@ -106,7 +103,7 @@ impl EncryptedValue {
         commitment: &Commitment,
         value: &EncryptedValue,
     ) -> Result<MicroTari, EncryptionError> {
-        let aead_key = kdf_aead(encryption_key, commitment)?;
+        let aead_key = kdf_aead(encryption_key, commitment);
         // Authenticate and decrypt the value
         let aead_payload = Payload {
             msg: value.as_bytes(),
@@ -120,13 +117,14 @@ impl EncryptedValue {
 }
 
 // Generate a ChaCha20-Poly1305 key from an ECDH shared secret and commitment using Blake2b
-fn kdf_aead(shared_secret: &PrivateKey, commitment: &Commitment) -> Result<Key, HashError> {
+fn kdf_aead(shared_secret: &PrivateKey, commitment: &Commitment) -> Key {
     const AEAD_KEY_LENGTH: usize = 32; // The length in bytes of a ChaCha20-Poly1305 AEAD key
-    let mut hasher = Blake256::with_params(&[], b"SCAN_AEAD".as_ref(), b"TARI_KDF".as_ref())?;
-    hasher.update(shared_secret.as_bytes());
-    hasher.update(commitment.as_bytes());
-    let output = hasher.finalize();
-    Ok(*Key::from_slice(&output[..AEAD_KEY_LENGTH]))
+    let output = DomainSeparatedHasher::<Blake256, TransactionKdfDomain>::new_with_label("encrypted_value")
+        .chain(shared_secret.as_bytes())
+        .chain(commitment.as_bytes())
+        .finalize();
+
+    *Key::from_slice(&output.as_ref()[..AEAD_KEY_LENGTH])
 }
 
 impl ConsensusEncoding for EncryptedValue {