switch back to Sha512 for ed25519 compliance. add domain separation for signing and crypt

This commit is contained in:
John Smith 2023-08-20 11:47:29 -04:00
parent 76e7c74cc7
commit c1cbcbe7c1
2 changed files with 23 additions and 8 deletions

View File

@ -1,3 +1,11 @@
**Changes in Veilid 0.1.10**
- BREAKING CHANGE: ALL MUST UPDATE
* VLD0 now adds a BLAKE3 hash round on the DH output to further separate it from the raw key exchange
* Bootstraps are fixed now due to DH issue
- Windows crate update caused build and nul termination issues for DNS resolver
- Fix for network key on the veilid-server command line
- Strict verification for Ed25519 enabled
**Changes in Veilid 0.1.9**
- SECURITY FIX
* DESCRIPTION: Decompression was occurring in an unbounded way upon envelope receipt.

View File

@ -13,6 +13,9 @@ use curve25519_dalek::digest::Digest;
use ed25519_dalek as ed;
use x25519_dalek as xd;
const VEILID_DOMAIN_SIGN: &[u8] = b"VLD0_SIGN";
const VEILID_DOMAIN_CRYPT: &[u8] = b"VLD0_CRYPT";
const AEAD_OVERHEAD: usize = 16;
pub const CRYPTO_KIND_VLD0: CryptoKind = FourCC(*b"VLD0");
@ -134,11 +137,14 @@ impl CryptoSystem for CryptoSystemVLD0 {
let pk_xd = public_to_x25519_pk(&key)?;
let sk_xd = secret_to_x25519_sk(&secret)?;
let output = self
.generate_hash(&sk_xd.diffie_hellman(&pk_xd).to_bytes())
.bytes;
let dh_bytes = sk_xd.diffie_hellman(&pk_xd).to_bytes();
Ok(SharedSecret::new(output))
let mut hasher = blake3::Hasher::new();
hasher.update(VEILID_DOMAIN_CRYPT);
hasher.update(&dh_bytes);
let output = hasher.finalize();
Ok(SharedSecret::new(*output.as_bytes()))
}
fn generate_keypair(&self) -> KeyPair {
vld0_generate_keypair()
@ -204,11 +210,11 @@ impl CryptoSystem for CryptoSystemVLD0 {
let keypair = ed::SigningKey::from_keypair_bytes(&kpb)
.map_err(|e| VeilidAPIError::parse_error("Keypair is invalid", e))?;
let mut dig = Blake3Digest512::new();
let mut dig: ed::Sha512 = ed::Sha512::default();
dig.update(data);
let sig_bytes = keypair
.sign_prehashed(dig, None)
.sign_prehashed(dig, Some(VEILID_DOMAIN_SIGN))
.map_err(VeilidAPIError::internal)?;
let sig = Signature::new(sig_bytes.to_bytes());
@ -226,10 +232,11 @@ impl CryptoSystem for CryptoSystemVLD0 {
let pk = ed::VerifyingKey::from_bytes(&dht_key.bytes)
.map_err(|e| VeilidAPIError::parse_error("Public key is invalid", e))?;
let sig = ed::Signature::from_bytes(&signature.bytes);
let mut dig = Blake3Digest512::new();
let mut dig: ed::Sha512 = ed::Sha512::default();
dig.update(data);
pk.verify_prehashed_strict(dig, None, &sig)
pk.verify_prehashed_strict(dig, Some(VEILID_DOMAIN_SIGN), &sig)
.map_err(|e| VeilidAPIError::parse_error("Verification failed", e))?;
Ok(())
}