Replace manual address decoding with PaymentAddress::from_bytes

librustzcash/include/librustzcash.h

@@ -112,8 +112,7 @@ extern "C" {
     bool librustzcash_sapling_output_proof(
         void *ctx,
         const unsigned char *esk,
-        const unsigned char *diversifier,
-        const unsigned char *pk_d,
+        const unsigned char *payment_address,
         const unsigned char *rcm,
         const uint64_t value,
         unsigned char *cv,

librustzcash/src/rustzcash.rs

@@ -927,8 +927,7 @@ pub extern "system" fn librustzcash_sprout_verify(
 pub extern "system" fn librustzcash_sapling_output_proof(
     ctx: *mut SaplingProvingContext,
     esk: *const [c_uchar; 32],
-    diversifier: *const [c_uchar; 11],
-    pk_d: *const [c_uchar; 32],
+    payment_address: *const [c_uchar; 43],
     rcm: *const [c_uchar; 32],
     value: u64,
     cv: *mut [c_uchar; 32],
@@ -940,26 +939,12 @@ pub extern "system" fn librustzcash_sapling_output_proof(
         Err(_) => return false,
     };
 
-    // Grab the diversifier from the caller.
-    let diversifier = Diversifier(unsafe { *diversifier });
-
-    // Grab pk_d from the caller.
-    let pk_d = match edwards::Point::<Bls12, Unknown>::read(&(unsafe { &*pk_d })[..], &JUBJUB) {
-        Ok(p) => p,
-        Err(_) => return false,
-    };
-
-    // pk_d should be prime order.
-    let pk_d = match pk_d.as_prime_order(&JUBJUB) {
-        Some(p) => p,
-        None => return false,
-    };
-
-    // Construct a payment address
-    let payment_address = PaymentAddress {
-        pk_d: pk_d,
-        diversifier: diversifier,
-    };
+    // Grab the payment address from the caller
+    let payment_address =
+        match PaymentAddress::<Bls12>::from_bytes(unsafe { &*payment_address }, &JUBJUB) {
+            Some(pa) => pa,
+            None => return false,
+        };
 
     // The caller provides the commitment randomness for the output note
     let rcm = match Fs::from_repr(read_fs(&(unsafe { &*rcm })[..])) {

zcash_client_backend/src/encoding.rs

@@ -7,10 +7,7 @@ use bech32::{self, Error, FromBase32, ToBase32};
 use pairing::bls12_381::Bls12;
 use std::io::{self, Write};
 use zcash_primitives::{
-    jubjub::edwards,
-    primitives::{Diversifier, PaymentAddress},
-};
-use zcash_primitives::{
+    primitives::PaymentAddress,
     zip32::{ExtendedFullViewingKey, ExtendedSpendingKey},
     JUBJUB,
 };
@@ -168,17 +165,13 @@ pub fn encode_payment_address(hrp: &str, addr: &PaymentAddress<Bls12>) -> String
 /// ```
 pub fn decode_payment_address(hrp: &str, s: &str) -> Result<Option<PaymentAddress<Bls12>>, Error> {
     bech32_decode(hrp, s, |data| {
-        let mut diversifier = Diversifier([0; 11]);
-        diversifier.0.copy_from_slice(&data[0..11]);
-        // Check that the diversifier is valid
-        if diversifier.g_d::<Bls12>(&JUBJUB).is_none() {
+        if data.len() != 43 {
             return None;
         }
 
-        edwards::Point::<Bls12, _>::read(&data[11..], &JUBJUB)
-            .ok()?
-            .as_prime_order(&JUBJUB)
-            .map(|pk_d| PaymentAddress { pk_d, diversifier })
+        let mut bytes = [0; 43];
+        bytes.copy_from_slice(&data);
+        PaymentAddress::<Bls12>::from_bytes(&bytes, &JUBJUB)
     })
 }
 

zcash_primitives/src/primitives.rs

@@ -131,6 +131,30 @@ impl<E: JubjubEngine> PartialEq for PaymentAddress<E> {
 }
 
 impl<E: JubjubEngine> PaymentAddress<E> {
+    /// Parses a PaymentAddress from bytes.
+    pub fn from_bytes(bytes: &[u8; 43], params: &E::Params) -> Option<Self> {
+        let diversifier = {
+            let mut tmp = [0; 11];
+            tmp.copy_from_slice(&bytes[0..11]);
+            Diversifier(tmp)
+        };
+        // Check that the diversifier is valid
+        if diversifier.g_d::<E>(params).is_none() {
+            return None;
+        }
+
+        edwards::Point::<E, _>::read(&bytes[11..43], params)
+            .ok()?
+            .as_prime_order(params)
+            .and_then(|pk_d| {
+                if pk_d == edwards::Point::zero() {
+                    None
+                } else {
+                    Some(PaymentAddress { pk_d, diversifier })
+                }
+            })
+    }
+
     pub fn g_d(&self, params: &E::Params) -> Option<edwards::Point<E, PrimeOrder>> {
         self.diversifier.g_d(params)
     }