fix: stop leak of value of recovered output (#3558)

Description --- Updated the recovery of an output to not reuse the blinding factor to use as thescript_key, but rather generate a new key. Motivation and Context --- If the blinding factor is reused as the script_key, on spending you will reveal k.G, this makes guessing v.H trivial and this leaks the k.G value. How Has This Been Tested? ---
tari-project · Nov 11, 2021 · e0f2187 · e0f2187
1 parent 9f8e289
commit e0f2187
Showing 1 changed file with 13 additions and 5 deletions.
diff --git a/base_layer/wallet/src/output_manager_service/recovery/standard_outputs_recoverer.rs b/base_layer/wallet/src/output_manager_service/recovery/standard_outputs_recoverer.rs
@@ -23,13 +23,17 @@
 use std::sync::Arc;
 
 use log::*;
-use tari_crypto::{inputs, keys::PublicKey as PublicKeyTrait, tari_utilities::hex::Hex};
-
-use tari_common_types::types::PublicKey;
+use rand::rngs::OsRng;
+use tari_common_types::types::{PrivateKey, PublicKey};
 use tari_core::transactions::{
     transaction::{TransactionOutput, UnblindedOutput},
     CryptoFactories,
 };
+use tari_crypto::{
+    inputs,
+    keys::{PublicKey as PublicKeyTrait, SecretKey},
+    tari_utilities::hex::Hex,
+};
 
 use crate::output_manager_service::{
     error::{OutputManagerError, OutputManagerStorageError},
@@ -91,13 +95,17 @@ where TBackend: OutputManagerBackend + 'static
             })
             .map(
                 |(output, features, script, sender_offset_public_key, metadata_signature)| {
+                    // Todo we need to look here that we might want to fail a specific output and not recover it as this
+                    // will only work if the script is a Nop script. If this is not a Nop script the recovered input
+                    // will not be spendable.
+                    let script_key = PrivateKey::random(&mut OsRng);
                     UnblindedOutput::new(
                         output.committed_value,
                         output.blinding_factor.clone(),
                         features,
                         script,
-                        inputs!(PublicKey::from_secret_key(&output.blinding_factor)),
-                        output.blinding_factor,
+                        inputs!(PublicKey::from_secret_key(&script_key)),
+                        script_key,
                         sender_offset_public_key,
                         metadata_signature,
                     )