From 36e2e7cc3226cdd8718c347a1d13c6c70d22caa2 Mon Sep 17 00:00:00 2001
From: Simon <simon@bitcartel.com>
Date: Fri, 8 Jun 2018 15:25:15 -0700
Subject: [PATCH] Add SaplingNote class and test_sapling_note unit test.

---
 depends/packages/librustzcash.mk |  4 +-
 src/Makefile.gtest.include       |  1 +
 src/gtest/test_sapling_note.cpp  | 71 ++++++++++++++++++++++++++++++++
 src/zcash/Note.cpp               | 55 +++++++++++++++++++++++++
 src/zcash/Note.hpp               | 21 ++++++++++
 5 files changed, 150 insertions(+), 2 deletions(-)
 create mode 100644 src/gtest/test_sapling_note.cpp

diff --git a/depends/packages/librustzcash.mk b/depends/packages/librustzcash.mk
index bf9b80385..11ee085f4 100644
--- a/depends/packages/librustzcash.mk
+++ b/depends/packages/librustzcash.mk
@@ -3,8 +3,8 @@ $(package)_version=0.1
 $(package)_download_path=https://github.com/zcash/$(package)/archive/
 $(package)_file_name=$(package)-$($(package)_git_commit).tar.gz
 $(package)_download_file=$($(package)_git_commit).tar.gz
-$(package)_sha256_hash=b96a0646d4c4856bc6171dc26cce10644a6129ac92b73a91f94246fb6b7f3516
-$(package)_git_commit=18f4945d942cc53e336c40bf13080934179a9047
+$(package)_sha256_hash=5231145ea6abf61092c21b6770baf3af65994f83dff96b10118ba5dd53451f26
+$(package)_git_commit=0af1ce8bf121e1ad367db907c39d214581e270a6
 $(package)_dependencies=rust $(rust_crates)
 $(package)_patches=cargo.config
 
diff --git a/src/Makefile.gtest.include b/src/Makefile.gtest.include
index 647c89fe9..519fe1552 100644
--- a/src/Makefile.gtest.include
+++ b/src/Makefile.gtest.include
@@ -32,6 +32,7 @@ zcash_gtest_SOURCES += \
 	gtest/test_pow.cpp \
 	gtest/test_random.cpp \
 	gtest/test_rpc.cpp \
+	gtest/test_sapling_note.cpp \
 	gtest/test_transaction.cpp \
 	gtest/test_upgrades.cpp \
 	gtest/test_validation.cpp \
diff --git a/src/gtest/test_sapling_note.cpp b/src/gtest/test_sapling_note.cpp
new file mode 100644
index 000000000..596cd620a
--- /dev/null
+++ b/src/gtest/test_sapling_note.cpp
@@ -0,0 +1,71 @@
+#include <gtest/gtest.h>
+
+#include "zcash/Address.hpp"
+#include "zcash/Note.hpp"
+
+#include "librustzcash.h"
+
+#include <array>
+
+using namespace libzcash;
+
+// Test data from https://github.com/zcash-hackworks/zcash-test-vectors/blob/master/sapling_key_components.py
+TEST(SaplingNote, TestVectors)
+{
+    uint64_t v = 0;
+    uint64_t note_pos = 0;
+    std::array<uint8_t, 11> diversifier{0xf1, 0x9d, 0x9b, 0x79, 0x7e, 0x39, 0xf3, 0x37, 0x44, 0x58, 0x39};
+    std::vector<uint8_t> v_sk{
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00};
+    std::vector<uint8_t> v_pk_d{
+        0xdb, 0x4c, 0xd2, 0xb0, 0xaa, 0xc4, 0xf7, 0xeb, 0x8c, 0xa1, 0x31, 0xf1, 0x65, 0x67,
+        0xc4, 0x45, 0xa9, 0x55, 0x51, 0x26, 0xd3, 0xc2, 0x9f, 0x14, 0xe3, 0xd7, 0x76, 0xe8,
+        0x41, 0xae, 0x74, 0x15};
+    std::vector<uint8_t> v_r{
+        0x39, 0x17, 0x6d, 0xac, 0x39, 0xac, 0xe4, 0x98, 0x0e, 0xcc, 0x8d, 0x77, 0x8e, 0x89,
+        0x86, 0x02, 0x55, 0xec, 0x36, 0x15, 0x06, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00};
+    std::vector<uint8_t> v_cm{
+        0xcb, 0x3c, 0xf9, 0x15, 0x32, 0x70, 0xd5, 0x7e, 0xb9, 0x14, 0xc6, 0xc2, 0xbc, 0xc0,
+        0x18, 0x50, 0xc9, 0xfe, 0xd4, 0x4f, 0xce, 0x08, 0x06, 0x27, 0x8f, 0x08, 0x3e, 0xf2,
+        0xdd, 0x07, 0x64, 0x39};
+    std::vector<uint8_t> v_nf{
+        0x44, 0xfa, 0xd6, 0x56, 0x4f, 0xfd, 0xec, 0x9f, 0xa1, 0x9c, 0x43, 0xa2, 0x8f, 0x86,
+        0x1d, 0x5e, 0xbf, 0x60, 0x23, 0x46, 0x00, 0x7d, 0xe7, 0x62, 0x67, 0xd9, 0x75, 0x27,
+        0x47, 0xab, 0x40, 0x63};
+    uint256 sk(v_sk);
+    uint256 pk_d(v_pk_d);
+    uint256 r(v_r);
+    uint256 cm(v_cm);
+    uint256 nf(v_nf);
+
+    // Test commitment
+    SaplingNote note = SaplingNote(diversifier, pk_d, v, r);
+    ASSERT_EQ(note.cm(), cm);
+
+    // Test nullifier
+    SaplingSpendingKey spendingKey(sk);
+    ASSERT_EQ(note.nullifier(spendingKey, note_pos), nf);
+}
+
+
+TEST(SaplingNote, Random)
+{
+    // Test creating random notes using the same sk
+    auto sk = SaplingSpendingKey::random();
+    SaplingNote note1 = SaplingNote::random(sk);
+    SaplingNote note2 = SaplingNote::random(sk);
+
+    ASSERT_EQ(note1.d, note2.d);
+    ASSERT_EQ(note1.pk_d, note2.pk_d);
+    ASSERT_NE(note1.value(), note2.value());
+    ASSERT_NE(note1.r, note2.r);
+
+    // Test diversifier and pk_d are not the same for different spending keys
+    sk = SaplingSpendingKey::random();
+    SaplingNote note3 = SaplingNote::random(sk);
+    ASSERT_NE(note1.d, note3.d);
+    ASSERT_NE(note1.pk_d, note3.pk_d);
+}
diff --git a/src/zcash/Note.cpp b/src/zcash/Note.cpp
index 0addf4c18..428df6ca2 100644
--- a/src/zcash/Note.cpp
+++ b/src/zcash/Note.cpp
@@ -2,10 +2,12 @@
 #include "prf.h"
 #include "crypto/sha256.h"
 
+#include "random.h"
 #include "version.h"
 #include "streams.h"
 
 #include "zcash/util.h"
+#include "librustzcash.h"
 
 namespace libzcash {
 
@@ -38,6 +40,59 @@ uint256 SproutNote::nullifier(const SproutSpendingKey& a_sk) const {
     return PRF_nf(a_sk, rho);
 }
 
+// Create a note based on a given spending key, with random r and value.  Useful for testing.
+SaplingNote SaplingNote::random(const SaplingSpendingKey& sk) {
+    auto addr = sk.default_address().get();
+    auto d = addr.d;
+    auto pk_d = addr.pk_d;
+    uint256 r;
+    librustzcash_sapling_generate_r(r.begin());
+    auto value = GetRand(10000);
+    return SaplingNote(d, pk_d, value, r);
+}
+
+// Call librustzcash to compute the commitment
+uint256 SaplingNote::cm() const {
+    uint256 result;
+    if (!librustzcash_sapling_compute_cm(
+            d.data(),
+            pk_d.begin(),
+            value(),
+            r.begin(),
+            result.begin()
+        ))
+    {
+        throw std::runtime_error("librustzcash_sapling_compute_cm returned false");
+    }
+
+    return result;
+}
+
+// Call librustzcash to compute the nullifier
+uint256 SaplingNote::nullifier(const SaplingSpendingKey& sk, const uint64_t position) const
+{
+    auto vk = sk.full_viewing_key();
+    auto ak = vk.ak;
+    auto nk = vk.nk;
+
+    uint256 result;
+    if (!librustzcash_sapling_compute_nf(
+            d.data(),
+            pk_d.begin(),
+            value(),
+            r.begin(),
+            ak.begin(),
+            nk.begin(),
+            position,
+            result.begin()
+    ))
+    {
+        throw std::runtime_error("librustzcash_sapling_compute_nf returned false");
+    }
+
+    return result;
+}
+
 SproutNotePlaintext::SproutNotePlaintext(
     const SproutNote& note,
     std::array<unsigned char, ZC_MEMO_SIZE> memo) : BaseNotePlaintext(note, memo)
diff --git a/src/zcash/Note.hpp b/src/zcash/Note.hpp
index 59327b2d6..31988dc62 100644
--- a/src/zcash/Note.hpp
+++ b/src/zcash/Note.hpp
@@ -40,6 +40,27 @@ public:
     uint256 nullifier(const SproutSpendingKey& a_sk) const;
 };
 
+
+class SaplingNote : public BaseNote {
+public:
+    diversifier_t d;
+    uint256 pk_d;
+    uint256 r;
+
+    SaplingNote(diversifier_t d, uint256 pk_d, uint64_t value, uint256 r)
+            : BaseNote(value), d(d), pk_d(pk_d), r(r) {}
+
+    SaplingNote() {};
+
+    virtual ~SaplingNote() {};
+
+    virtual uint256 cm() const override;
+
+    uint256 nullifier(const SaplingSpendingKey &sk, const uint64_t position) const;
+
+    static SaplingNote random(const SaplingSpendingKey &sk);
+};
+
 class BaseNotePlaintext {
 protected:
     uint64_t value_ = 0;