Merge pull request #625 from nuttycom/wallet/usk_encoding
Add a binary encoding format for unified spending keys.
This commit is contained in:
commit
7455808adc
|
@ -11,6 +11,7 @@ and this library adheres to Rust's notion of
|
|||
- `zcash_address::TryFromAddress`
|
||||
- `zcash_address::TryFromRawAddress`
|
||||
- `zcash_address::ZcashAddress::convert_if_network`
|
||||
- A `TryFrom<Typecode>` implementation for `usize`.
|
||||
|
||||
### Changed
|
||||
- MSRV is now 1.52
|
||||
|
|
|
@ -104,7 +104,7 @@ impl<E: Error + 'static> Error for ConversionError<E> {
|
|||
/// ```
|
||||
pub trait TryFromRawAddress: Sized {
|
||||
/// Conversion errors for the user type (e.g. failing to parse the data passed to
|
||||
/// [`Self::try_from_sapling`] as a valid Sapling address).
|
||||
/// [`Self::try_from_raw_sapling`] as a valid Sapling address).
|
||||
type Error;
|
||||
|
||||
fn try_from_raw_sprout(data: sprout::Data) -> Result<Self, ConversionError<Self::Error>> {
|
||||
|
|
|
@ -1,8 +1,9 @@
|
|||
use bech32::{self, FromBase32, ToBase32, Variant};
|
||||
use std::cmp;
|
||||
use std::convert::TryFrom;
|
||||
use std::convert::{TryFrom, TryInto};
|
||||
use std::error::Error;
|
||||
use std::fmt;
|
||||
use std::num::TryFromIntError;
|
||||
|
||||
use crate::Network;
|
||||
|
||||
|
@ -88,6 +89,13 @@ impl From<Typecode> for u32 {
|
|||
}
|
||||
}
|
||||
|
||||
impl TryFrom<Typecode> for usize {
|
||||
type Error = TryFromIntError;
|
||||
fn try_from(t: Typecode) -> Result<Self, Self::Error> {
|
||||
u32::from(t).try_into()
|
||||
}
|
||||
}
|
||||
|
||||
impl Typecode {
|
||||
fn is_transparent(&self) -> bool {
|
||||
// Unknown typecodes are treated as not transparent for the purpose of disallowing
|
||||
|
|
|
@ -45,7 +45,7 @@ and this library adheres to Rust's notion of
|
|||
likely to be modified and/or moved to a different module in a future
|
||||
release:
|
||||
- `zcash_client_backend::address::UnifiedAddress`
|
||||
- `zcash_client_backend::keys::{UnifiedSpendingKey`, `UnifiedFullViewingKey`}
|
||||
- `zcash_client_backend::keys::{UnifiedSpendingKey`, `UnifiedFullViewingKey`, `Era`, `DecodingError`}
|
||||
- `zcash_client_backend::encoding::AddressCodec`
|
||||
- `zcash_client_backend::encoding::encode_payment_address`
|
||||
- `zcash_client_backend::encoding::encode_transparent_address`
|
||||
|
|
|
@ -18,6 +18,7 @@ base64 = "0.13"
|
|||
bech32 = "0.8"
|
||||
bls12_381 = "0.7"
|
||||
bs58 = { version = "0.4", features = ["check"] }
|
||||
byteorder = { version = "1", optional = true }
|
||||
crossbeam-channel = "0.5"
|
||||
ff = "0.12"
|
||||
group = "0.12"
|
||||
|
@ -39,6 +40,7 @@ subtle = "2.2.3"
|
|||
time = "0.2"
|
||||
tracing = "0.1"
|
||||
zcash_address = { version = "0.1", path = "../components/zcash_address" }
|
||||
zcash_encoding = { version = "0.1", path = "../components/zcash_encoding" }
|
||||
zcash_note_encryption = { version = "0.1", path = "../components/zcash_note_encryption" }
|
||||
zcash_primitives = { version = "0.7", path = "../zcash_primitives" }
|
||||
|
||||
|
@ -47,6 +49,7 @@ protobuf-codegen-pure = "~2.27.1" # MSRV 1.52.1
|
|||
|
||||
[dev-dependencies]
|
||||
gumdrop = "0.8"
|
||||
proptest = "1.0.0"
|
||||
rand_xorshift = "0.3"
|
||||
tempfile = "3.1.0"
|
||||
zcash_proofs = { version = "0.7", path = "../zcash_proofs" }
|
||||
|
@ -58,7 +61,7 @@ test-dependencies = [
|
|||
"orchard/test-dependencies",
|
||||
"zcash_primitives/test-dependencies",
|
||||
]
|
||||
unstable = []
|
||||
unstable = ["byteorder"]
|
||||
|
||||
[lib]
|
||||
bench = false
|
||||
|
|
|
@ -1,19 +1,35 @@
|
|||
//! Helper functions for managing light client key material.
|
||||
use orchard;
|
||||
use zcash_address::unified::{self, Container, Encoding};
|
||||
use zcash_primitives::{
|
||||
consensus,
|
||||
sapling::keys as sapling_keys,
|
||||
zip32::{AccountId, DiversifierIndex},
|
||||
};
|
||||
|
||||
use crate::address::UnifiedAddress;
|
||||
|
||||
#[cfg(feature = "transparent-inputs")]
|
||||
use zcash_primitives::legacy::keys::{self as legacy, IncomingViewingKey};
|
||||
use {
|
||||
std::convert::TryInto,
|
||||
zcash_primitives::legacy::keys::{self as legacy, IncomingViewingKey},
|
||||
};
|
||||
|
||||
#[cfg(feature = "unstable")]
|
||||
use {
|
||||
byteorder::{LittleEndian, ReadBytesExt, WriteBytesExt},
|
||||
std::convert::TryFrom,
|
||||
std::io::{Read, Write},
|
||||
zcash_address::unified::Typecode,
|
||||
zcash_encoding::CompactSize,
|
||||
zcash_primitives::consensus::BranchId,
|
||||
};
|
||||
|
||||
pub mod sapling {
|
||||
use zcash_primitives::zip32::{AccountId, ChildIndex};
|
||||
pub use zcash_primitives::zip32::{ExtendedFullViewingKey, ExtendedSpendingKey};
|
||||
pub use zcash_primitives::{
|
||||
sapling::keys::DiversifiableFullViewingKey,
|
||||
zip32::{ExtendedFullViewingKey, ExtendedSpendingKey},
|
||||
};
|
||||
|
||||
/// Derives the ZIP 32 [`ExtendedSpendingKey`] for a given coin type and account from the
|
||||
/// given seed.
|
||||
|
@ -71,12 +87,58 @@ pub enum DerivationError {
|
|||
Transparent(hdwallet::error::Error),
|
||||
}
|
||||
|
||||
/// A version identifier for the encoding of unified spending keys.
|
||||
///
|
||||
/// Each era corresponds to a range of block heights. During an era, the unified spending key
|
||||
/// parsed from an encoded form tagged with that era's identifier is expected to provide
|
||||
/// sufficient spending authority to spend any non-Sprout shielded note created in a transaction
|
||||
/// within the era's block range.
|
||||
#[cfg(feature = "unstable")]
|
||||
#[derive(Debug, PartialEq, Eq)]
|
||||
pub enum Era {
|
||||
/// The Orchard era begins at Orchard activation, and will end if a new pool that requires a
|
||||
/// change to unified spending keys is introduced.
|
||||
Orchard,
|
||||
}
|
||||
|
||||
/// A type for errors that can occur when decoding keys from their serialized representations.
|
||||
#[cfg(feature = "unstable")]
|
||||
#[derive(Debug, PartialEq, Eq)]
|
||||
pub enum DecodingError {
|
||||
ReadError(&'static str),
|
||||
EraInvalid,
|
||||
EraMismatch(Era),
|
||||
TypecodeInvalid,
|
||||
LengthInvalid,
|
||||
LengthMismatch(Typecode, u32),
|
||||
InsufficientData(Typecode),
|
||||
KeyDataInvalid(Typecode),
|
||||
}
|
||||
|
||||
#[cfg(feature = "unstable")]
|
||||
impl Era {
|
||||
/// Returns the unique identifier for the era.
|
||||
fn id(&self) -> u32 {
|
||||
// We use the consensus branch id of the network upgrade that introduced a
|
||||
// new USK format as the identifier for the era.
|
||||
match self {
|
||||
Era::Orchard => u32::from(BranchId::Nu5),
|
||||
}
|
||||
}
|
||||
|
||||
fn try_from_id(id: u32) -> Option<Self> {
|
||||
BranchId::try_from(id).ok().and_then(|b| match b {
|
||||
BranchId::Nu5 => Some(Era::Orchard),
|
||||
_ => None,
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
/// A set of viewing keys that are all associated with a single
|
||||
/// ZIP-0032 account identifier.
|
||||
#[derive(Clone, Debug)]
|
||||
#[doc(hidden)]
|
||||
pub struct UnifiedSpendingKey {
|
||||
account: AccountId,
|
||||
#[cfg(feature = "transparent-inputs")]
|
||||
transparent: legacy::AccountPrivKey,
|
||||
sapling: sapling::ExtendedSpendingKey,
|
||||
|
@ -103,7 +165,6 @@ impl UnifiedSpendingKey {
|
|||
.map_err(DerivationError::Transparent)?;
|
||||
|
||||
Ok(UnifiedSpendingKey {
|
||||
account,
|
||||
#[cfg(feature = "transparent-inputs")]
|
||||
transparent,
|
||||
sapling: sapling::spending_key(seed, params.coin_type(), account),
|
||||
|
@ -121,10 +182,6 @@ impl UnifiedSpendingKey {
|
|||
}
|
||||
}
|
||||
|
||||
pub fn account(&self) -> AccountId {
|
||||
self.account
|
||||
}
|
||||
|
||||
/// Returns the transparent component of the unified key at the
|
||||
/// BIP44 path `m/44'/<coin_type>'/<account>'`.
|
||||
#[cfg(feature = "transparent-inputs")]
|
||||
|
@ -141,16 +198,154 @@ impl UnifiedSpendingKey {
|
|||
pub fn orchard(&self) -> &orchard::keys::SpendingKey {
|
||||
&self.orchard
|
||||
}
|
||||
|
||||
/// Returns a binary encoding of this key suitable for decoding with [`decode`].
|
||||
///
|
||||
/// The encoded form of a unified spending key is only intended for use
|
||||
/// within wallets when required for storage and/or crossing FFI boundaries;
|
||||
/// unified spending keys should not be exposed to users, and consequently
|
||||
/// no string-based encoding is defined. This encoding does not include any
|
||||
/// internal validation metadata (such as checksums) as keys decoded from
|
||||
/// this form will necessarily be validated when the attempt is made to
|
||||
/// spend a note that they have authority for.
|
||||
#[cfg(feature = "unstable")]
|
||||
pub fn to_bytes(&self, era: Era) -> Vec<u8> {
|
||||
let mut result = vec![];
|
||||
result.write_u32::<LittleEndian>(era.id()).unwrap();
|
||||
|
||||
// orchard
|
||||
let orchard_key = self.orchard();
|
||||
CompactSize::write(&mut result, usize::try_from(Typecode::Orchard).unwrap()).unwrap();
|
||||
|
||||
let orchard_key_bytes = orchard_key.to_bytes();
|
||||
CompactSize::write(&mut result, orchard_key_bytes.len()).unwrap();
|
||||
result.write_all(orchard_key_bytes).unwrap();
|
||||
|
||||
// sapling
|
||||
let sapling_key = self.sapling();
|
||||
CompactSize::write(&mut result, usize::try_from(Typecode::Sapling).unwrap()).unwrap();
|
||||
|
||||
let sapling_key_bytes = sapling_key.to_bytes();
|
||||
CompactSize::write(&mut result, sapling_key_bytes.len()).unwrap();
|
||||
result.write_all(&sapling_key_bytes).unwrap();
|
||||
|
||||
// transparent
|
||||
#[cfg(feature = "transparent-inputs")]
|
||||
{
|
||||
let account_tkey = self.transparent();
|
||||
CompactSize::write(&mut result, usize::try_from(Typecode::P2pkh).unwrap()).unwrap();
|
||||
|
||||
let account_tkey_bytes = account_tkey.to_bytes();
|
||||
CompactSize::write(&mut result, account_tkey_bytes.len()).unwrap();
|
||||
result.write_all(&account_tkey_bytes).unwrap();
|
||||
}
|
||||
|
||||
result
|
||||
}
|
||||
|
||||
/// Decodes a [`UnifiedSpendingKey`] value from its serialized representation.
|
||||
///
|
||||
/// See [`to_bytes`] for additional detail about the encoded form.
|
||||
#[allow(clippy::unnecessary_unwrap)]
|
||||
#[cfg(feature = "unstable")]
|
||||
pub fn from_bytes(era: Era, encoded: &[u8]) -> Result<Self, DecodingError> {
|
||||
let mut source = std::io::Cursor::new(encoded);
|
||||
let decoded_era = source
|
||||
.read_u32::<LittleEndian>()
|
||||
.map_err(|_| DecodingError::ReadError("era"))
|
||||
.and_then(|id| Era::try_from_id(id).ok_or(DecodingError::EraInvalid))?;
|
||||
|
||||
if decoded_era != era {
|
||||
return Err(DecodingError::EraMismatch(decoded_era));
|
||||
}
|
||||
|
||||
let mut orchard = None;
|
||||
let mut sapling = None;
|
||||
#[cfg(feature = "transparent-inputs")]
|
||||
let mut transparent = None;
|
||||
loop {
|
||||
let tc = CompactSize::read_t::<_, u32>(&mut source)
|
||||
.map_err(|_| DecodingError::ReadError("typecode"))
|
||||
.and_then(|v| Typecode::try_from(v).map_err(|_| DecodingError::TypecodeInvalid))?;
|
||||
|
||||
let len = CompactSize::read_t::<_, u32>(&mut source)
|
||||
.map_err(|_| DecodingError::ReadError("key length"))?;
|
||||
|
||||
match tc {
|
||||
Typecode::Orchard => {
|
||||
if len != 32 {
|
||||
return Err(DecodingError::LengthMismatch(Typecode::Orchard, len));
|
||||
}
|
||||
|
||||
let mut key = [0u8; 32];
|
||||
source
|
||||
.read_exact(&mut key)
|
||||
.map_err(|_| DecodingError::InsufficientData(Typecode::Orchard))?;
|
||||
orchard = Some(
|
||||
Option::<orchard::keys::SpendingKey>::from(
|
||||
orchard::keys::SpendingKey::from_bytes(key),
|
||||
)
|
||||
.ok_or(DecodingError::KeyDataInvalid(Typecode::Orchard))?,
|
||||
);
|
||||
}
|
||||
Typecode::Sapling => {
|
||||
if len != 169 {
|
||||
return Err(DecodingError::LengthMismatch(Typecode::Sapling, len));
|
||||
}
|
||||
|
||||
let mut key = [0u8; 169];
|
||||
source
|
||||
.read_exact(&mut key)
|
||||
.map_err(|_| DecodingError::InsufficientData(Typecode::Sapling))?;
|
||||
sapling = Some(
|
||||
sapling::ExtendedSpendingKey::from_bytes(&key)
|
||||
.map_err(|_| DecodingError::KeyDataInvalid(Typecode::Sapling))?,
|
||||
);
|
||||
}
|
||||
#[cfg(feature = "transparent-inputs")]
|
||||
Typecode::P2pkh => {
|
||||
if len != 64 {
|
||||
return Err(DecodingError::LengthMismatch(Typecode::P2pkh, len));
|
||||
}
|
||||
|
||||
let mut key = [0u8; 64];
|
||||
source
|
||||
.read_exact(&mut key)
|
||||
.map_err(|_| DecodingError::InsufficientData(Typecode::P2pkh))?;
|
||||
transparent = Some(
|
||||
legacy::AccountPrivKey::from_bytes(&key)
|
||||
.ok_or(DecodingError::KeyDataInvalid(Typecode::P2pkh))?,
|
||||
);
|
||||
}
|
||||
_ => {
|
||||
return Err(DecodingError::TypecodeInvalid);
|
||||
}
|
||||
}
|
||||
|
||||
#[cfg(feature = "transparent-inputs")]
|
||||
let has_transparent = transparent.is_some();
|
||||
#[cfg(not(feature = "transparent-inputs"))]
|
||||
let has_transparent = true;
|
||||
|
||||
if orchard.is_some() && sapling.is_some() && has_transparent {
|
||||
return Ok(UnifiedSpendingKey {
|
||||
orchard: orchard.unwrap(),
|
||||
sapling: sapling.unwrap(),
|
||||
#[cfg(feature = "transparent-inputs")]
|
||||
transparent: transparent.unwrap(),
|
||||
});
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/// A set of viewing keys that are all associated with a single
|
||||
/// ZIP-0032 account identifier.
|
||||
/// A [ZIP 316](https://zips.z.cash/zip-0316) unified full viewing key.
|
||||
#[derive(Clone, Debug)]
|
||||
#[doc(hidden)]
|
||||
pub struct UnifiedFullViewingKey {
|
||||
#[cfg(feature = "transparent-inputs")]
|
||||
transparent: Option<legacy::AccountPubKey>,
|
||||
sapling: Option<sapling_keys::DiversifiableFullViewingKey>,
|
||||
sapling: Option<sapling::DiversifiableFullViewingKey>,
|
||||
orchard: Option<orchard::keys::FullViewingKey>,
|
||||
unknown: Vec<(u32, Vec<u8>)>,
|
||||
}
|
||||
|
@ -160,7 +355,7 @@ impl UnifiedFullViewingKey {
|
|||
/// Construct a new unified full viewing key, if the required components are present.
|
||||
pub fn new(
|
||||
#[cfg(feature = "transparent-inputs")] transparent: Option<legacy::AccountPubKey>,
|
||||
sapling: Option<sapling_keys::DiversifiableFullViewingKey>,
|
||||
sapling: Option<sapling::DiversifiableFullViewingKey>,
|
||||
orchard: Option<orchard::keys::FullViewingKey>,
|
||||
) -> Option<UnifiedFullViewingKey> {
|
||||
if sapling.is_none() {
|
||||
|
@ -210,7 +405,7 @@ impl UnifiedFullViewingKey {
|
|||
})
|
||||
.transpose(),
|
||||
unified::Fvk::Sapling(data) => {
|
||||
sapling_keys::DiversifiableFullViewingKey::from_bytes(data)
|
||||
sapling::DiversifiableFullViewingKey::from_bytes(data)
|
||||
.ok_or("Invalid Sapling FVK in Unified FVK")
|
||||
.map(|pa| {
|
||||
sapling = Some(pa);
|
||||
|
@ -287,7 +482,7 @@ impl UnifiedFullViewingKey {
|
|||
}
|
||||
|
||||
/// Returns the Sapling diversifiable full viewing key component of this unified key.
|
||||
pub fn sapling(&self) -> Option<&sapling_keys::DiversifiableFullViewingKey> {
|
||||
pub fn sapling(&self) -> Option<&sapling::DiversifiableFullViewingKey> {
|
||||
self.sapling.as_ref()
|
||||
}
|
||||
|
||||
|
@ -366,8 +561,29 @@ impl UnifiedFullViewingKey {
|
|||
}
|
||||
}
|
||||
|
||||
#[cfg(any(test, feature = "test-dependencies"))]
|
||||
pub mod testing {
|
||||
use proptest::prelude::*;
|
||||
|
||||
use super::UnifiedSpendingKey;
|
||||
use zcash_primitives::{consensus::Network, zip32::AccountId};
|
||||
|
||||
pub fn arb_unified_spending_key(params: Network) -> impl Strategy<Value = UnifiedSpendingKey> {
|
||||
prop::array::uniform32(prop::num::u8::ANY).prop_flat_map(move |seed| {
|
||||
prop::num::u32::ANY
|
||||
.prop_map(move |account| {
|
||||
UnifiedSpendingKey::from_seed(¶ms, &seed, AccountId::from(account))
|
||||
})
|
||||
.prop_filter("seeds must generate valid USKs", |v| v.is_ok())
|
||||
.prop_map(|v| v.unwrap())
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
#[cfg(test)]
|
||||
mod tests {
|
||||
use proptest::prelude::proptest;
|
||||
|
||||
use super::{sapling, UnifiedFullViewingKey};
|
||||
use zcash_primitives::{
|
||||
consensus::MAIN_NETWORK,
|
||||
|
@ -383,6 +599,13 @@ mod tests {
|
|||
},
|
||||
};
|
||||
|
||||
#[cfg(feature = "unstable")]
|
||||
use {
|
||||
super::{testing::arb_unified_spending_key, Era, UnifiedSpendingKey},
|
||||
subtle::ConstantTimeEq,
|
||||
zcash_primitives::consensus::Network,
|
||||
};
|
||||
|
||||
#[cfg(feature = "transparent-inputs")]
|
||||
fn seed() -> Vec<u8> {
|
||||
let seed_hex = "6ef5f84def6f4b9d38f466586a8380a38593bd47c8cda77f091856176da47f26b5bd1c8d097486e5635df5a66e820d28e1d73346f499801c86228d43f390304f";
|
||||
|
@ -476,4 +699,22 @@ mod tests {
|
|||
#[cfg(not(feature = "transparent-inputs"))]
|
||||
assert_eq!(decoded_with_t.unknown.len(), 1);
|
||||
}
|
||||
|
||||
proptest! {
|
||||
#[test]
|
||||
#[cfg(feature = "unstable")]
|
||||
fn prop_usk_roundtrip(usk in arb_unified_spending_key(Network::MainNetwork)) {
|
||||
let encoded = usk.to_bytes(Era::Orchard);
|
||||
#[cfg(not(feature = "transparent-inputs"))]
|
||||
assert_eq!(encoded.len(), 4 + 2 + 32 + 2 + 169);
|
||||
#[cfg(feature = "transparent-inputs")]
|
||||
assert_eq!(encoded.len(), 4 + 2 + 32 + 2 + 169 + 2 + 64);
|
||||
let decoded = UnifiedSpendingKey::from_bytes(Era::Orchard, &encoded);
|
||||
let decoded = decoded.unwrap_or_else(|e| panic!("Error decoding USK: {:?}", e));
|
||||
assert!(bool::from(decoded.orchard().ct_eq(usk.orchard())));
|
||||
assert_eq!(decoded.sapling(), usk.sapling());
|
||||
#[cfg(feature = "transparent-inputs")]
|
||||
assert_eq!(decoded.transparent().to_bytes(), usk.transparent().to_bytes());
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -7,9 +7,20 @@ and this library adheres to Rust's notion of
|
|||
|
||||
## [Unreleased]
|
||||
### Added
|
||||
- `zcash_primitives::sapling::keys::DiversifiableFullViewingKey`
|
||||
- `zcash_primitives::sapling::keys::Scope`
|
||||
- `zcash_primitives::legacy::AccountPrivKey::{to_bytes, from_bytes}`
|
||||
- `zcash_primitives::sapling::NullifierDerivingKey`
|
||||
- Added in `zcash_primitives::sapling::keys`
|
||||
- `DecodingError`
|
||||
- `DiversifiableFullViewingKey`
|
||||
- `Scope`
|
||||
- `ExpandedSpendingKey::from_bytes`
|
||||
- `ExtendedSpendingKey::{from_bytes, to_bytes}`
|
||||
- Added in `zcash_primitives::zip32`
|
||||
- `ChainCode::as_bytes`
|
||||
- `DiversifierKey::{from_bytes, as_bytes}`
|
||||
- `DiversifierIndex::{as_bytes}`
|
||||
- `ExtendedSpendingKey::{from_bytes, to_bytes}`
|
||||
- Implementations of `From<u32>` and `From<u64>` for `DiversifierIndex`
|
||||
|
||||
### Changed
|
||||
- `zcash_primitives::sapling::ViewingKey` now stores `nk` as a
|
||||
|
@ -17,6 +28,8 @@ and this library adheres to Rust's notion of
|
|||
- The signature of `zcash_primitives::sapling::Note::nf` has changed to
|
||||
take just a `NullifierDerivingKey` (the only capability it actually required)
|
||||
rather than the full `ViewingKey` as its first argument.
|
||||
- Made the internals of `zip32::DiversifierKey` private; use `from_bytes` and
|
||||
`as_bytes` on this type instead.
|
||||
|
||||
## [0.7.0] - 2022-06-24
|
||||
### Changed
|
||||
|
|
|
@ -1,4 +1,7 @@
|
|||
use hdwallet::{ExtendedPrivKey, ExtendedPubKey, KeyIndex};
|
||||
use hdwallet::{
|
||||
traits::{Deserialize, Serialize},
|
||||
ExtendedPrivKey, ExtendedPubKey, KeyIndex,
|
||||
};
|
||||
use ripemd::Digest as RipemdDigest;
|
||||
use secp256k1::PublicKey;
|
||||
use sha2::{Digest as Sha2Digest, Sha256};
|
||||
|
@ -63,6 +66,20 @@ impl AccountPrivKey {
|
|||
.derive_private_key(KeyIndex::Normal(child_index))
|
||||
.map(|k| k.private_key)
|
||||
}
|
||||
|
||||
/// Returns the `AccountPrivKey` serialized using the encoding for a
|
||||
/// [BIP 32](https://en.bitcoin.it/wiki/BIP_0032) ExtendedPrivKey
|
||||
pub fn to_bytes(&self) -> Vec<u8> {
|
||||
self.0.serialize()
|
||||
}
|
||||
|
||||
/// Decodes the `AccountPrivKey` from the encoding specified for a
|
||||
/// [BIP 32](https://en.bitcoin.it/wiki/BIP_0032) ExtendedPrivKey
|
||||
pub fn from_bytes(b: &[u8]) -> Option<Self> {
|
||||
ExtendedPrivKey::deserialize(b)
|
||||
.map(AccountPrivKey::from_extended_privkey)
|
||||
.ok()
|
||||
}
|
||||
}
|
||||
|
||||
/// A type representing a BIP-44 public key at the account path level
|
||||
|
|
|
@ -17,6 +17,16 @@ use subtle::CtOption;
|
|||
|
||||
use super::{NullifierDerivingKey, PaymentAddress, ProofGenerationKey, SaplingIvk, ViewingKey};
|
||||
|
||||
/// Errors that can occur in the decoding of Sapling spending keys.
|
||||
pub enum DecodingError {
|
||||
/// The length of the byte slice provided for decoding was incorrect.
|
||||
LengthInvalid { expected: usize, actual: usize },
|
||||
/// Could not decode the `ask` bytes to a jubjub field element.
|
||||
InvalidAsk,
|
||||
/// Could not decode the `nsk` bytes to a jubjub field element.
|
||||
InvalidNsk,
|
||||
}
|
||||
|
||||
/// A Sapling expanded spending key
|
||||
#[derive(Clone)]
|
||||
pub struct ExpandedSpendingKey {
|
||||
|
@ -49,39 +59,52 @@ impl ExpandedSpendingKey {
|
|||
}
|
||||
}
|
||||
|
||||
/// Decodes the expanded spending key from its serialized representation
|
||||
/// as part of the encoding of the extended spending key as defined in
|
||||
/// [ZIP 32](https://zips.z.cash/zip-0032)
|
||||
pub fn from_bytes(b: &[u8]) -> Result<Self, DecodingError> {
|
||||
if b.len() != 96 {
|
||||
return Err(DecodingError::LengthInvalid {
|
||||
expected: 96,
|
||||
actual: b.len(),
|
||||
});
|
||||
}
|
||||
|
||||
let ask = Option::from(jubjub::Fr::from_repr(b[0..32].try_into().unwrap()))
|
||||
.ok_or(DecodingError::InvalidAsk)?;
|
||||
let nsk = Option::from(jubjub::Fr::from_repr(b[32..64].try_into().unwrap()))
|
||||
.ok_or(DecodingError::InvalidNsk)?;
|
||||
let ovk = OutgoingViewingKey(b[64..96].try_into().unwrap());
|
||||
|
||||
Ok(ExpandedSpendingKey { ask, nsk, ovk })
|
||||
}
|
||||
|
||||
pub fn read<R: Read>(mut reader: R) -> io::Result<Self> {
|
||||
let mut ask_repr = [0u8; 32];
|
||||
reader.read_exact(ask_repr.as_mut())?;
|
||||
let ask = Option::from(jubjub::Fr::from_repr(ask_repr))
|
||||
.ok_or_else(|| io::Error::new(io::ErrorKind::InvalidData, "ask not in field"))?;
|
||||
|
||||
let mut nsk_repr = [0u8; 32];
|
||||
reader.read_exact(nsk_repr.as_mut())?;
|
||||
let nsk = Option::from(jubjub::Fr::from_repr(nsk_repr))
|
||||
.ok_or_else(|| io::Error::new(io::ErrorKind::InvalidData, "nsk not in field"))?;
|
||||
|
||||
let mut ovk = [0u8; 32];
|
||||
reader.read_exact(&mut ovk)?;
|
||||
|
||||
Ok(ExpandedSpendingKey {
|
||||
ask,
|
||||
nsk,
|
||||
ovk: OutgoingViewingKey(ovk),
|
||||
let mut repr = [0u8; 96];
|
||||
reader.read_exact(repr.as_mut())?;
|
||||
Self::from_bytes(&repr).map_err(|e| match e {
|
||||
DecodingError::InvalidAsk => {
|
||||
io::Error::new(io::ErrorKind::InvalidData, "ask not in field")
|
||||
}
|
||||
DecodingError::InvalidNsk => {
|
||||
io::Error::new(io::ErrorKind::InvalidData, "nsk not in field")
|
||||
}
|
||||
DecodingError::LengthInvalid { .. } => unreachable!(),
|
||||
})
|
||||
}
|
||||
|
||||
pub fn write<W: Write>(&self, mut writer: W) -> io::Result<()> {
|
||||
writer.write_all(self.ask.to_repr().as_ref())?;
|
||||
writer.write_all(self.nsk.to_repr().as_ref())?;
|
||||
writer.write_all(&self.ovk.0)?;
|
||||
|
||||
Ok(())
|
||||
writer.write_all(&self.to_bytes())
|
||||
}
|
||||
|
||||
/// Encodes the expanded spending key to the its seralized representation
|
||||
/// as part of the encoding of the extended spending key as defined in
|
||||
/// [ZIP 32](https://zips.z.cash/zip-0032)
|
||||
pub fn to_bytes(&self) -> [u8; 96] {
|
||||
let mut result = [0u8; 96];
|
||||
self.write(&mut result[..])
|
||||
.expect("should be able to serialize an ExpandedSpendingKey");
|
||||
(&mut result[0..32]).copy_from_slice(&self.ask.to_repr());
|
||||
(&mut result[32..64]).copy_from_slice(&self.nsk.to_repr());
|
||||
(&mut result[64..96]).copy_from_slice(&self.ovk.0);
|
||||
result
|
||||
}
|
||||
}
|
||||
|
@ -210,7 +233,7 @@ impl DiversifiableFullViewingKey {
|
|||
pub fn from_bytes(bytes: &[u8; 128]) -> Option<Self> {
|
||||
FullViewingKey::read(&bytes[..96]).ok().map(|fvk| Self {
|
||||
fvk,
|
||||
dk: zip32::DiversifierKey(bytes[96..].try_into().unwrap()),
|
||||
dk: zip32::DiversifierKey::from_bytes(bytes[96..].try_into().unwrap()),
|
||||
})
|
||||
}
|
||||
|
||||
|
@ -220,7 +243,7 @@ impl DiversifiableFullViewingKey {
|
|||
self.fvk
|
||||
.write(&mut bytes[..96])
|
||||
.expect("slice should be the correct length");
|
||||
bytes[96..].copy_from_slice(&self.dk.0);
|
||||
bytes[96..].copy_from_slice(&self.dk.as_bytes()[..]);
|
||||
bytes
|
||||
}
|
||||
|
||||
|
|
|
@ -18,7 +18,7 @@ use std::io::{self, Read, Write};
|
|||
use crate::{
|
||||
keys::{prf_expand, prf_expand_vec, OutgoingViewingKey},
|
||||
sapling::{
|
||||
keys::{ExpandedSpendingKey, FullViewingKey},
|
||||
keys::{DecodingError, ExpandedSpendingKey, FullViewingKey},
|
||||
NullifierDerivingKey,
|
||||
},
|
||||
};
|
||||
|
@ -91,6 +91,10 @@ impl FvkTag {
|
|||
fn master() -> Self {
|
||||
FvkTag([0u8; 4])
|
||||
}
|
||||
|
||||
fn as_bytes(&self) -> &[u8; 4] {
|
||||
&self.0
|
||||
}
|
||||
}
|
||||
|
||||
/// A child index for a derived key
|
||||
|
@ -124,6 +128,14 @@ impl ChildIndex {
|
|||
#[derive(Clone, Copy, Debug, PartialEq)]
|
||||
pub struct ChainCode([u8; 32]);
|
||||
|
||||
impl ChainCode {
|
||||
/// Returns byte representation of the chain code, as required for
|
||||
/// [ZIP 32](https://zips.z.cash/zip-0032) encoding.
|
||||
fn as_bytes(&self) -> &[u8; 32] {
|
||||
&self.0
|
||||
}
|
||||
}
|
||||
|
||||
#[derive(Clone, Copy, Debug, PartialEq)]
|
||||
pub struct DiversifierIndex(pub [u8; 11]);
|
||||
|
||||
|
@ -167,7 +179,7 @@ impl DiversifierIndex {
|
|||
|
||||
/// A key used to derive diversifiers for a particular child key
|
||||
#[derive(Clone, Copy, Debug, PartialEq)]
|
||||
pub struct DiversifierKey(pub [u8; 32]);
|
||||
pub struct DiversifierKey([u8; 32]);
|
||||
|
||||
impl DiversifierKey {
|
||||
pub fn master(sk_m: &[u8]) -> Self {
|
||||
|
@ -176,6 +188,16 @@ impl DiversifierKey {
|
|||
DiversifierKey(dk_m)
|
||||
}
|
||||
|
||||
/// Constructs the diversifier key from its constituent bytes.
|
||||
pub fn from_bytes(key: [u8; 32]) -> Self {
|
||||
DiversifierKey(key)
|
||||
}
|
||||
|
||||
/// Returns the byte representation of the diversifier key.
|
||||
pub fn as_bytes(&self) -> &[u8; 32] {
|
||||
&self.0
|
||||
}
|
||||
|
||||
fn derive_child(&self, i_l: &[u8]) -> Self {
|
||||
let mut dk = [0u8; 32];
|
||||
dk.copy_from_slice(&prf_expand_vec(i_l, &[&[0x16], &self.0]).as_bytes()[..32]);
|
||||
|
@ -402,6 +424,45 @@ impl ExtendedSpendingKey {
|
|||
}
|
||||
}
|
||||
|
||||
/// Decodes the extended spending key from its serialized representation as defined in
|
||||
/// [ZIP 32](https://zips.z.cash/zip-0032)
|
||||
pub fn from_bytes(b: &[u8]) -> Result<Self, DecodingError> {
|
||||
if b.len() != 169 {
|
||||
return Err(DecodingError::LengthInvalid {
|
||||
expected: 169,
|
||||
actual: b.len(),
|
||||
});
|
||||
}
|
||||
|
||||
let depth = b[0];
|
||||
|
||||
let mut parent_fvk_tag = FvkTag([0; 4]);
|
||||
(&mut parent_fvk_tag.0[..]).copy_from_slice(&b[1..5]);
|
||||
|
||||
let mut ci_bytes = [0u8; 4];
|
||||
(&mut ci_bytes[..]).copy_from_slice(&b[5..9]);
|
||||
let child_index = ChildIndex::from_index(u32::from_le_bytes(ci_bytes));
|
||||
|
||||
let mut chain_code = ChainCode([0u8; 32]);
|
||||
(&mut chain_code.0[..]).copy_from_slice(&b[9..41]);
|
||||
|
||||
let expsk = ExpandedSpendingKey::from_bytes(&b[41..137])?;
|
||||
|
||||
let mut dk = DiversifierKey([0u8; 32]);
|
||||
(&mut dk.0[..]).copy_from_slice(&b[137..169]);
|
||||
|
||||
Ok(ExtendedSpendingKey {
|
||||
depth,
|
||||
parent_fvk_tag,
|
||||
child_index,
|
||||
chain_code,
|
||||
expsk,
|
||||
dk,
|
||||
})
|
||||
}
|
||||
|
||||
/// Reads and decodes the encoded form of the extended spending key as define in
|
||||
/// [ZIP 32](https://zips.z.cash/zip-0032) from the provided reader.
|
||||
pub fn read<R: Read>(mut reader: R) -> io::Result<Self> {
|
||||
let depth = reader.read_u8()?;
|
||||
let mut tag = [0; 4];
|
||||
|
@ -423,15 +484,23 @@ impl ExtendedSpendingKey {
|
|||
})
|
||||
}
|
||||
|
||||
pub fn write<W: Write>(&self, mut writer: W) -> io::Result<()> {
|
||||
writer.write_u8(self.depth)?;
|
||||
writer.write_all(&self.parent_fvk_tag.0)?;
|
||||
writer.write_u32::<LittleEndian>(self.child_index.value())?;
|
||||
writer.write_all(&self.chain_code.0)?;
|
||||
writer.write_all(&self.expsk.to_bytes())?;
|
||||
writer.write_all(&self.dk.0)?;
|
||||
/// Encodes the extended spending key to the its seralized representation as defined in
|
||||
/// [ZIP 32](https://zips.z.cash/zip-0032)
|
||||
pub fn to_bytes(&self) -> [u8; 169] {
|
||||
let mut result = [0u8; 169];
|
||||
result[0] = self.depth;
|
||||
(&mut result[1..5]).copy_from_slice(&self.parent_fvk_tag.as_bytes()[..]);
|
||||
(&mut result[5..9]).copy_from_slice(&self.child_index.value().to_le_bytes()[..]);
|
||||
(&mut result[9..41]).copy_from_slice(&self.chain_code.as_bytes()[..]);
|
||||
(&mut result[41..137]).copy_from_slice(&self.expsk.to_bytes()[..]);
|
||||
(&mut result[137..169]).copy_from_slice(&self.dk.as_bytes()[..]);
|
||||
result
|
||||
}
|
||||
|
||||
Ok(())
|
||||
/// Writes the encoded form of the extended spending key as define in
|
||||
/// [ZIP 32](https://zips.z.cash/zip-0032) to the provided writer.
|
||||
pub fn write<W: Write>(&self, mut writer: W) -> io::Result<()> {
|
||||
writer.write_all(&self.to_bytes())
|
||||
}
|
||||
|
||||
/// Returns the child key corresponding to the path derived from the master key
|
||||
|
|
Loading…
Reference in New Issue