zec
/
librustzcash
mirror of https://github.com/zcash/librustzcash.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #625 from nuttycom/wallet/usk_encoding 

Add a binary encoding format for unified spending keys.
This commit is contained in:
Kris Nuttycombe 2022-09-08 12:22:18 -06:00 committed by GitHub
parent 980f6b4e6c 7b7288c750
commit 7455808adc
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
10 changed files with 433 additions and 58 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
components/zcash_address/CHANGELOG.md
View File

@ -11,6 +11,7 @@ and this library adheres to Rust's notion of
- `zcash_address::TryFromAddress`
- `zcash_address::TryFromRawAddress`
- `zcash_address::ZcashAddress::convert_if_network`
- A `TryFrom<Typecode>` implementation for `usize`.
### Changed
- MSRV is now 1.52

2
components/zcash_address/src/convert.rs
View File

@ -104,7 +104,7 @@ impl<E: Error + 'static> Error for ConversionError<E> {
/// ```
pub trait TryFromRawAddress: Sized {
/// Conversion errors for the user type (e.g. failing to parse the data passed to
/// [`Self::try_from_sapling`] as a valid Sapling address).
/// [`Self::try_from_raw_sapling`] as a valid Sapling address).
type Error;
fn try_from_raw_sprout(data: sprout::Data) -> Result<Self, ConversionError<Self::Error>> {

10
components/zcash_address/src/kind/unified.rs
View File

@ -1,8 +1,9 @@
use bech32::{self, FromBase32, ToBase32, Variant};
use std::cmp;
use std::convert::TryFrom;
use std::convert::{TryFrom, TryInto};
use std::error::Error;
use std::fmt;
use std::num::TryFromIntError;
use crate::Network;
@ -88,6 +89,13 @@ impl From<Typecode> for u32 {
}
}
impl TryFrom<Typecode> for usize {
type Error = TryFromIntError;
fn try_from(t: Typecode) -> Result<Self, Self::Error> {
u32::from(t).try_into()
}
}
impl Typecode {
fn is_transparent(&self) -> bool {
// Unknown typecodes are treated as not transparent for the purpose of disallowing

2
zcash_client_backend/CHANGELOG.md
View File

@ -45,7 +45,7 @@ and this library adheres to Rust's notion of
likely to be modified and/or moved to a different module in a future
release:
- `zcash_client_backend::address::UnifiedAddress`
- `zcash_client_backend::keys::{UnifiedSpendingKey`, `UnifiedFullViewingKey`}
- `zcash_client_backend::keys::{UnifiedSpendingKey`, `UnifiedFullViewingKey`, `Era`, `DecodingError`}
- `zcash_client_backend::encoding::AddressCodec`
- `zcash_client_backend::encoding::encode_payment_address`
- `zcash_client_backend::encoding::encode_transparent_address`

5
zcash_client_backend/Cargo.toml
View File

@ -18,6 +18,7 @@ base64 = "0.13"
bech32 = "0.8"
bls12_381 = "0.7"
bs58 = { version = "0.4", features = ["check"] }
byteorder = { version = "1", optional = true }
crossbeam-channel = "0.5"
ff = "0.12"
group = "0.12"
@ -39,6 +40,7 @@ subtle = "2.2.3"
time = "0.2"
tracing = "0.1"
zcash_address = { version = "0.1", path = "../components/zcash_address" }
zcash_encoding = { version = "0.1", path = "../components/zcash_encoding" }
zcash_note_encryption = { version = "0.1", path = "../components/zcash_note_encryption" }
zcash_primitives = { version = "0.7", path = "../zcash_primitives" }
@ -47,6 +49,7 @@ protobuf-codegen-pure = "~2.27.1" # MSRV 1.52.1
[dev-dependencies]
gumdrop = "0.8"
proptest = "1.0.0"
rand_xorshift = "0.3"
tempfile = "3.1.0"
zcash_proofs = { version = "0.7", path = "../zcash_proofs" }
@ -58,7 +61,7 @@ test-dependencies = [
"orchard/test-dependencies",
"zcash_primitives/test-dependencies",
]
unstable = []
unstable = ["byteorder"]
[lib]
bench = false

271
zcash_client_backend/src/keys.rs
View File

@ -1,19 +1,35 @@
//! Helper functions for managing light client key material.
use orchard;
use zcash_address::unified::{self, Container, Encoding};
use zcash_primitives::{
consensus,
sapling::keys as sapling_keys,
zip32::{AccountId, DiversifierIndex},
};
use crate::address::UnifiedAddress;
#[cfg(feature = "transparent-inputs")]
use zcash_primitives::legacy::keys::{self as legacy, IncomingViewingKey};
use {
std::convert::TryInto,
zcash_primitives::legacy::keys::{self as legacy, IncomingViewingKey},
};
#[cfg(feature = "unstable")]
use {
byteorder::{LittleEndian, ReadBytesExt, WriteBytesExt},
std::convert::TryFrom,
std::io::{Read, Write},
zcash_address::unified::Typecode,
zcash_encoding::CompactSize,
zcash_primitives::consensus::BranchId,
};
pub mod sapling {
use zcash_primitives::zip32::{AccountId, ChildIndex};
pub use zcash_primitives::zip32::{ExtendedFullViewingKey, ExtendedSpendingKey};
pub use zcash_primitives::{
sapling::keys::DiversifiableFullViewingKey,
zip32::{ExtendedFullViewingKey, ExtendedSpendingKey},
};
/// Derives the ZIP 32 [`ExtendedSpendingKey`] for a given coin type and account from the
/// given seed.
@ -71,12 +87,58 @@ pub enum DerivationError {
Transparent(hdwallet::error::Error),
}
/// A version identifier for the encoding of unified spending keys.
///
/// Each era corresponds to a range of block heights. During an era, the unified spending key
/// parsed from an encoded form tagged with that era's identifier is expected to provide
/// sufficient spending authority to spend any non-Sprout shielded note created in a transaction
/// within the era's block range.
#[cfg(feature = "unstable")]
#[derive(Debug, PartialEq, Eq)]
pub enum Era {
/// The Orchard era begins at Orchard activation, and will end if a new pool that requires a
/// change to unified spending keys is introduced.
Orchard,
}
/// A type for errors that can occur when decoding keys from their serialized representations.
#[cfg(feature = "unstable")]
#[derive(Debug, PartialEq, Eq)]
pub enum DecodingError {
ReadError(&'static str),
EraInvalid,
EraMismatch(Era),
TypecodeInvalid,
LengthInvalid,
LengthMismatch(Typecode, u32),
InsufficientData(Typecode),
KeyDataInvalid(Typecode),
}
#[cfg(feature = "unstable")]
impl Era {
/// Returns the unique identifier for the era.
fn id(&self) -> u32 {
// We use the consensus branch id of the network upgrade that introduced a
// new USK format as the identifier for the era.
match self {
Era::Orchard => u32::from(BranchId::Nu5),
}
}
fn try_from_id(id: u32) -> Option<Self> {
BranchId::try_from(id).ok().and_then(|b| match b {
BranchId::Nu5 => Some(Era::Orchard),
_ => None,
})
}
}
/// A set of viewing keys that are all associated with a single
/// ZIP-0032 account identifier.
#[derive(Clone, Debug)]
#[doc(hidden)]
pub struct UnifiedSpendingKey {
account: AccountId,
#[cfg(feature = "transparent-inputs")]
transparent: legacy::AccountPrivKey,
sapling: sapling::ExtendedSpendingKey,
@ -103,7 +165,6 @@ impl UnifiedSpendingKey {
.map_err(DerivationError::Transparent)?;
Ok(UnifiedSpendingKey {
account,
#[cfg(feature = "transparent-inputs")]
transparent,
sapling: sapling::spending_key(seed, params.coin_type(), account),
@ -121,10 +182,6 @@ impl UnifiedSpendingKey {
}
}
pub fn account(&self) -> AccountId {
self.account
}
/// Returns the transparent component of the unified key at the
/// BIP44 path `m/44'/<coin_type>'/<account>'`.
#[cfg(feature = "transparent-inputs")]
@ -141,16 +198,154 @@ impl UnifiedSpendingKey {
pub fn orchard(&self) -> &orchard::keys::SpendingKey {
&self.orchard
}
/// Returns a binary encoding of this key suitable for decoding with [`decode`].
///
/// The encoded form of a unified spending key is only intended for use
/// within wallets when required for storage and/or crossing FFI boundaries;
/// unified spending keys should not be exposed to users, and consequently
/// no string-based encoding is defined. This encoding does not include any
/// internal validation metadata (such as checksums) as keys decoded from
/// this form will necessarily be validated when the attempt is made to
/// spend a note that they have authority for.
#[cfg(feature = "unstable")]
pub fn to_bytes(&self, era: Era) -> Vec<u8> {
let mut result = vec![];
result.write_u32::<LittleEndian>(era.id()).unwrap();
// orchard
let orchard_key = self.orchard();
CompactSize::write(&mut result, usize::try_from(Typecode::Orchard).unwrap()).unwrap();
let orchard_key_bytes = orchard_key.to_bytes();
CompactSize::write(&mut result, orchard_key_bytes.len()).unwrap();
result.write_all(orchard_key_bytes).unwrap();
// sapling
let sapling_key = self.sapling();
CompactSize::write(&mut result, usize::try_from(Typecode::Sapling).unwrap()).unwrap();
let sapling_key_bytes = sapling_key.to_bytes();
CompactSize::write(&mut result, sapling_key_bytes.len()).unwrap();
result.write_all(&sapling_key_bytes).unwrap();
// transparent
#[cfg(feature = "transparent-inputs")]
{
let account_tkey = self.transparent();
CompactSize::write(&mut result, usize::try_from(Typecode::P2pkh).unwrap()).unwrap();
let account_tkey_bytes = account_tkey.to_bytes();
CompactSize::write(&mut result, account_tkey_bytes.len()).unwrap();
result.write_all(&account_tkey_bytes).unwrap();
}
result
}
/// Decodes a [`UnifiedSpendingKey`] value from its serialized representation.
///
/// See [`to_bytes`] for additional detail about the encoded form.
#[allow(clippy::unnecessary_unwrap)]
#[cfg(feature = "unstable")]
pub fn from_bytes(era: Era, encoded: &[u8]) -> Result<Self, DecodingError> {
let mut source = std::io::Cursor::new(encoded);
let decoded_era = source
.read_u32::<LittleEndian>()
.map_err(|_| DecodingError::ReadError("era"))
.and_then(|id| Era::try_from_id(id).ok_or(DecodingError::EraInvalid))?;
if decoded_era != era {
return Err(DecodingError::EraMismatch(decoded_era));
}
let mut orchard = None;
let mut sapling = None;
#[cfg(feature = "transparent-inputs")]
let mut transparent = None;
loop {
let tc = CompactSize::read_t::<_, u32>(&mut source)
.map_err(|_| DecodingError::ReadError("typecode"))
.and_then(|v| Typecode::try_from(v).map_err(|_| DecodingError::TypecodeInvalid))?;
let len = CompactSize::read_t::<_, u32>(&mut source)
.map_err(|_| DecodingError::ReadError("key length"))?;
match tc {
Typecode::Orchard => {
if len != 32 {
return Err(DecodingError::LengthMismatch(Typecode::Orchard, len));
}
let mut key = [0u8; 32];
source
.read_exact(&mut key)
.map_err(|_| DecodingError::InsufficientData(Typecode::Orchard))?;
orchard = Some(
Option::<orchard::keys::SpendingKey>::from(
orchard::keys::SpendingKey::from_bytes(key),
)
.ok_or(DecodingError::KeyDataInvalid(Typecode::Orchard))?,
);
}
Typecode::Sapling => {
if len != 169 {
return Err(DecodingError::LengthMismatch(Typecode::Sapling, len));
}
let mut key = [0u8; 169];
source
.read_exact(&mut key)
.map_err(|_| DecodingError::InsufficientData(Typecode::Sapling))?;
sapling = Some(
sapling::ExtendedSpendingKey::from_bytes(&key)
.map_err(|_| DecodingError::KeyDataInvalid(Typecode::Sapling))?,
);
}
#[cfg(feature = "transparent-inputs")]
Typecode::P2pkh => {
if len != 64 {
return Err(DecodingError::LengthMismatch(Typecode::P2pkh, len));
}
let mut key = [0u8; 64];
source
.read_exact(&mut key)
.map_err(|_| DecodingError::InsufficientData(Typecode::P2pkh))?;
transparent = Some(
legacy::AccountPrivKey::from_bytes(&key)
.ok_or(DecodingError::KeyDataInvalid(Typecode::P2pkh))?,
);
}
_ => {
return Err(DecodingError::TypecodeInvalid);
}
}
#[cfg(feature = "transparent-inputs")]
let has_transparent = transparent.is_some();
#[cfg(not(feature = "transparent-inputs"))]
let has_transparent = true;
if orchard.is_some() && sapling.is_some() && has_transparent {
return Ok(UnifiedSpendingKey {
orchard: orchard.unwrap(),
sapling: sapling.unwrap(),
#[cfg(feature = "transparent-inputs")]
transparent: transparent.unwrap(),
});
}
}
}
}
/// A set of viewing keys that are all associated with a single
/// ZIP-0032 account identifier.
/// A [ZIP 316](https://zips.z.cash/zip-0316) unified full viewing key.
#[derive(Clone, Debug)]
#[doc(hidden)]
pub struct UnifiedFullViewingKey {
#[cfg(feature = "transparent-inputs")]
transparent: Option<legacy::AccountPubKey>,
sapling: Option<sapling_keys::DiversifiableFullViewingKey>,
sapling: Option<sapling::DiversifiableFullViewingKey>,
orchard: Option<orchard::keys::FullViewingKey>,
unknown: Vec<(u32, Vec<u8>)>,
}
@ -160,7 +355,7 @@ impl UnifiedFullViewingKey {
/// Construct a new unified full viewing key, if the required components are present.
pub fn new(
#[cfg(feature = "transparent-inputs")] transparent: Option<legacy::AccountPubKey>,
sapling: Option<sapling_keys::DiversifiableFullViewingKey>,
sapling: Option<sapling::DiversifiableFullViewingKey>,
orchard: Option<orchard::keys::FullViewingKey>,
) -> Option<UnifiedFullViewingKey> {
if sapling.is_none() {
@ -210,7 +405,7 @@ impl UnifiedFullViewingKey {
})
.transpose(),
unified::Fvk::Sapling(data) => {
sapling_keys::DiversifiableFullViewingKey::from_bytes(data)
sapling::DiversifiableFullViewingKey::from_bytes(data)
.ok_or("Invalid Sapling FVK in Unified FVK")
.map(|pa| {
sapling = Some(pa);
@ -287,7 +482,7 @@ impl UnifiedFullViewingKey {
}
/// Returns the Sapling diversifiable full viewing key component of this unified key.
pub fn sapling(&self) -> Option<&sapling_keys::DiversifiableFullViewingKey> {
pub fn sapling(&self) -> Option<&sapling::DiversifiableFullViewingKey> {
self.sapling.as_ref()
}
@ -366,8 +561,29 @@ impl UnifiedFullViewingKey {
}
}
#[cfg(any(test, feature = "test-dependencies"))]
pub mod testing {
use proptest::prelude::*;
use super::UnifiedSpendingKey;
use zcash_primitives::{consensus::Network, zip32::AccountId};
pub fn arb_unified_spending_key(params: Network) -> impl Strategy<Value = UnifiedSpendingKey> {
prop::array::uniform32(prop::num::u8::ANY).prop_flat_map(move |seed| {
prop::num::u32::ANY
.prop_map(move |account| {
UnifiedSpendingKey::from_seed(&params, &seed, AccountId::from(account))
})
.prop_filter("seeds must generate valid USKs", |v| v.is_ok())
.prop_map(|v| v.unwrap())
})
}
}
#[cfg(test)]
mod tests {
use proptest::prelude::proptest;
use super::{sapling, UnifiedFullViewingKey};
use zcash_primitives::{
consensus::MAIN_NETWORK,
@ -383,6 +599,13 @@ mod tests {
},
};
#[cfg(feature = "unstable")]
use {
super::{testing::arb_unified_spending_key, Era, UnifiedSpendingKey},
subtle::ConstantTimeEq,
zcash_primitives::consensus::Network,
};
#[cfg(feature = "transparent-inputs")]
fn seed() -> Vec<u8> {
let seed_hex = "6ef5f84def6f4b9d38f466586a8380a38593bd47c8cda77f091856176da47f26b5bd1c8d097486e5635df5a66e820d28e1d73346f499801c86228d43f390304f";
@ -476,4 +699,22 @@ mod tests {
#[cfg(not(feature = "transparent-inputs"))]
assert_eq!(decoded_with_t.unknown.len(), 1);
}
proptest! {
#[test]
#[cfg(feature = "unstable")]
fn prop_usk_roundtrip(usk in arb_unified_spending_key(Network::MainNetwork)) {
let encoded = usk.to_bytes(Era::Orchard);
#[cfg(not(feature = "transparent-inputs"))]
assert_eq!(encoded.len(), 4 + 2 + 32 + 2 + 169);
#[cfg(feature = "transparent-inputs")]
assert_eq!(encoded.len(), 4 + 2 + 32 + 2 + 169 + 2 + 64);
let decoded = UnifiedSpendingKey::from_bytes(Era::Orchard, &encoded);
let decoded = decoded.unwrap_or_else(|e| panic!("Error decoding USK: {:?}", e));
assert!(bool::from(decoded.orchard().ct_eq(usk.orchard())));
assert_eq!(decoded.sapling(), usk.sapling());
#[cfg(feature = "transparent-inputs")]
assert_eq!(decoded.transparent().to_bytes(), usk.transparent().to_bytes());
}
}
}

17
zcash_primitives/CHANGELOG.md
View File

@ -7,9 +7,20 @@ and this library adheres to Rust's notion of
## [Unreleased]
### Added
- `zcash_primitives::sapling::keys::DiversifiableFullViewingKey`
- `zcash_primitives::sapling::keys::Scope`
- `zcash_primitives::legacy::AccountPrivKey::{to_bytes, from_bytes}`
- `zcash_primitives::sapling::NullifierDerivingKey`
- Added in `zcash_primitives::sapling::keys`
- `DecodingError`
- `DiversifiableFullViewingKey`
- `Scope`
- `ExpandedSpendingKey::from_bytes`
- `ExtendedSpendingKey::{from_bytes, to_bytes}`
- Added in `zcash_primitives::zip32`
- `ChainCode::as_bytes`
- `DiversifierKey::{from_bytes, as_bytes}`
- `DiversifierIndex::{as_bytes}`
- `ExtendedSpendingKey::{from_bytes, to_bytes}`
- Implementations of `From<u32>` and `From<u64>` for `DiversifierIndex`
### Changed
- `zcash_primitives::sapling::ViewingKey` now stores `nk` as a
@ -17,6 +28,8 @@ and this library adheres to Rust's notion of
- The signature of `zcash_primitives::sapling::Note::nf` has changed to
take just a `NullifierDerivingKey` (the only capability it actually required)
rather than the full `ViewingKey` as its first argument.
- Made the internals of `zip32::DiversifierKey` private; use `from_bytes` and
`as_bytes` on this type instead.
## [0.7.0] - 2022-06-24
### Changed

19
zcash_primitives/src/legacy/keys.rs
View File

@ -1,4 +1,7 @@
use hdwallet::{ExtendedPrivKey, ExtendedPubKey, KeyIndex};
use hdwallet::{
traits::{Deserialize, Serialize},
ExtendedPrivKey, ExtendedPubKey, KeyIndex,
};
use ripemd::Digest as RipemdDigest;
use secp256k1::PublicKey;
use sha2::{Digest as Sha2Digest, Sha256};
@ -63,6 +66,20 @@ impl AccountPrivKey {
.derive_private_key(KeyIndex::Normal(child_index))
.map(|k| k.private_key)
}
/// Returns the `AccountPrivKey` serialized using the encoding for a
/// [BIP 32](https://en.bitcoin.it/wiki/BIP_0032) ExtendedPrivKey
pub fn to_bytes(&self) -> Vec<u8> {
self.0.serialize()
}
/// Decodes the `AccountPrivKey` from the encoding specified for a
/// [BIP 32](https://en.bitcoin.it/wiki/BIP_0032) ExtendedPrivKey
pub fn from_bytes(b: &[u8]) -> Option<Self> {
ExtendedPrivKey::deserialize(b)
.map(AccountPrivKey::from_extended_privkey)
.ok()
}
}
/// A type representing a BIP-44 public key at the account path level

75
zcash_primitives/src/sapling/keys.rs
View File

@ -17,6 +17,16 @@ use subtle::CtOption;
use super::{NullifierDerivingKey, PaymentAddress, ProofGenerationKey, SaplingIvk, ViewingKey};
/// Errors that can occur in the decoding of Sapling spending keys.
pub enum DecodingError {
/// The length of the byte slice provided for decoding was incorrect.
LengthInvalid { expected: usize, actual: usize },
/// Could not decode the `ask` bytes to a jubjub field element.
InvalidAsk,
/// Could not decode the `nsk` bytes to a jubjub field element.
InvalidNsk,
}
/// A Sapling expanded spending key
#[derive(Clone)]
pub struct ExpandedSpendingKey {
@ -49,39 +59,52 @@ impl ExpandedSpendingKey {
}
}
/// Decodes the expanded spending key from its serialized representation
/// as part of the encoding of the extended spending key as defined in
/// [ZIP 32](https://zips.z.cash/zip-0032)
pub fn from_bytes(b: &[u8]) -> Result<Self, DecodingError> {
if b.len() != 96 {
return Err(DecodingError::LengthInvalid {
expected: 96,
actual: b.len(),
});
}
let ask = Option::from(jubjub::Fr::from_repr(b[0..32].try_into().unwrap()))
.ok_or(DecodingError::InvalidAsk)?;
let nsk = Option::from(jubjub::Fr::from_repr(b[32..64].try_into().unwrap()))
.ok_or(DecodingError::InvalidNsk)?;
let ovk = OutgoingViewingKey(b[64..96].try_into().unwrap());
Ok(ExpandedSpendingKey { ask, nsk, ovk })
}
pub fn read<R: Read>(mut reader: R) -> io::Result<Self> {
let mut ask_repr = [0u8; 32];
reader.read_exact(ask_repr.as_mut())?;
let ask = Option::from(jubjub::Fr::from_repr(ask_repr))
.ok_or_else(|| io::Error::new(io::ErrorKind::InvalidData, "ask not in field"))?;
let mut nsk_repr = [0u8; 32];
reader.read_exact(nsk_repr.as_mut())?;
let nsk = Option::from(jubjub::Fr::from_repr(nsk_repr))
.ok_or_else(|| io::Error::new(io::ErrorKind::InvalidData, "nsk not in field"))?;
let mut ovk = [0u8; 32];
reader.read_exact(&mut ovk)?;
Ok(ExpandedSpendingKey {
ask,
nsk,
ovk: OutgoingViewingKey(ovk),
let mut repr = [0u8; 96];
reader.read_exact(repr.as_mut())?;
Self::from_bytes(&repr).map_err(|e| match e {
DecodingError::InvalidAsk => {
io::Error::new(io::ErrorKind::InvalidData, "ask not in field")
}
DecodingError::InvalidNsk => {
io::Error::new(io::ErrorKind::InvalidData, "nsk not in field")
}
DecodingError::LengthInvalid { .. } => unreachable!(),
})
}
pub fn write<W: Write>(&self, mut writer: W) -> io::Result<()> {
writer.write_all(self.ask.to_repr().as_ref())?;
writer.write_all(self.nsk.to_repr().as_ref())?;
writer.write_all(&self.ovk.0)?;
Ok(())
writer.write_all(&self.to_bytes())
}
/// Encodes the expanded spending key to the its seralized representation
/// as part of the encoding of the extended spending key as defined in
/// [ZIP 32](https://zips.z.cash/zip-0032)
pub fn to_bytes(&self) -> [u8; 96] {
let mut result = [0u8; 96];
self.write(&mut result[..])
.expect("should be able to serialize an ExpandedSpendingKey");
(&mut result[0..32]).copy_from_slice(&self.ask.to_repr());
(&mut result[32..64]).copy_from_slice(&self.nsk.to_repr());
(&mut result[64..96]).copy_from_slice(&self.ovk.0);
result
}
}
@ -210,7 +233,7 @@ impl DiversifiableFullViewingKey {
pub fn from_bytes(bytes: &[u8; 128]) -> Option<Self> {
FullViewingKey::read(&bytes[..96]).ok().map(|fvk| Self {
fvk,
dk: zip32::DiversifierKey(bytes[96..].try_into().unwrap()),
dk: zip32::DiversifierKey::from_bytes(bytes[96..].try_into().unwrap()),
})
}
@ -220,7 +243,7 @@ impl DiversifiableFullViewingKey {
self.fvk
.write(&mut bytes[..96])
.expect("slice should be the correct length");
bytes[96..].copy_from_slice(&self.dk.0);
bytes[96..].copy_from_slice(&self.dk.as_bytes()[..]);
bytes
}

89
zcash_primitives/src/zip32.rs
View File

@ -18,7 +18,7 @@ use std::io::{self, Read, Write};
use crate::{
keys::{prf_expand, prf_expand_vec, OutgoingViewingKey},
sapling::{
keys::{ExpandedSpendingKey, FullViewingKey},
keys::{DecodingError, ExpandedSpendingKey, FullViewingKey},
NullifierDerivingKey,
},
};
@ -91,6 +91,10 @@ impl FvkTag {
fn master() -> Self {
FvkTag([0u8; 4])
}
fn as_bytes(&self) -> &[u8; 4] {
&self.0
}
}
/// A child index for a derived key
@ -124,6 +128,14 @@ impl ChildIndex {
#[derive(Clone, Copy, Debug, PartialEq)]
pub struct ChainCode([u8; 32]);
impl ChainCode {
/// Returns byte representation of the chain code, as required for
/// [ZIP 32](https://zips.z.cash/zip-0032) encoding.
fn as_bytes(&self) -> &[u8; 32] {
&self.0
}
}
#[derive(Clone, Copy, Debug, PartialEq)]
pub struct DiversifierIndex(pub [u8; 11]);
@ -167,7 +179,7 @@ impl DiversifierIndex {
/// A key used to derive diversifiers for a particular child key
#[derive(Clone, Copy, Debug, PartialEq)]
pub struct DiversifierKey(pub [u8; 32]);
pub struct DiversifierKey([u8; 32]);
impl DiversifierKey {
pub fn master(sk_m: &[u8]) -> Self {
@ -176,6 +188,16 @@ impl DiversifierKey {
DiversifierKey(dk_m)
}
/// Constructs the diversifier key from its constituent bytes.
pub fn from_bytes(key: [u8; 32]) -> Self {
DiversifierKey(key)
}
/// Returns the byte representation of the diversifier key.
pub fn as_bytes(&self) -> &[u8; 32] {
&self.0
}
fn derive_child(&self, i_l: &[u8]) -> Self {
let mut dk = [0u8; 32];
dk.copy_from_slice(&prf_expand_vec(i_l, &[&[0x16], &self.0]).as_bytes()[..32]);
@ -402,6 +424,45 @@ impl ExtendedSpendingKey {
}
}
/// Decodes the extended spending key from its serialized representation as defined in
/// [ZIP 32](https://zips.z.cash/zip-0032)
pub fn from_bytes(b: &[u8]) -> Result<Self, DecodingError> {
if b.len() != 169 {
return Err(DecodingError::LengthInvalid {
expected: 169,
actual: b.len(),
});
}
let depth = b[0];
let mut parent_fvk_tag = FvkTag([0; 4]);
(&mut parent_fvk_tag.0[..]).copy_from_slice(&b[1..5]);
let mut ci_bytes = [0u8; 4];
(&mut ci_bytes[..]).copy_from_slice(&b[5..9]);
let child_index = ChildIndex::from_index(u32::from_le_bytes(ci_bytes));
let mut chain_code = ChainCode([0u8; 32]);
(&mut chain_code.0[..]).copy_from_slice(&b[9..41]);
let expsk = ExpandedSpendingKey::from_bytes(&b[41..137])?;
let mut dk = DiversifierKey([0u8; 32]);
(&mut dk.0[..]).copy_from_slice(&b[137..169]);
Ok(ExtendedSpendingKey {
depth,
parent_fvk_tag,
child_index,
chain_code,
expsk,
dk,
})
}
/// Reads and decodes the encoded form of the extended spending key as define in
/// [ZIP 32](https://zips.z.cash/zip-0032) from the provided reader.
pub fn read<R: Read>(mut reader: R) -> io::Result<Self> {
let depth = reader.read_u8()?;
let mut tag = [0; 4];
@ -423,15 +484,23 @@ impl ExtendedSpendingKey {
})
}
pub fn write<W: Write>(&self, mut writer: W) -> io::Result<()> {
writer.write_u8(self.depth)?;
writer.write_all(&self.parent_fvk_tag.0)?;
writer.write_u32::<LittleEndian>(self.child_index.value())?;
writer.write_all(&self.chain_code.0)?;
writer.write_all(&self.expsk.to_bytes())?;
writer.write_all(&self.dk.0)?;
/// Encodes the extended spending key to the its seralized representation as defined in
/// [ZIP 32](https://zips.z.cash/zip-0032)
pub fn to_bytes(&self) -> [u8; 169] {
let mut result = [0u8; 169];
result[0] = self.depth;
(&mut result[1..5]).copy_from_slice(&self.parent_fvk_tag.as_bytes()[..]);
(&mut result[5..9]).copy_from_slice(&self.child_index.value().to_le_bytes()[..]);
(&mut result[9..41]).copy_from_slice(&self.chain_code.as_bytes()[..]);
(&mut result[41..137]).copy_from_slice(&self.expsk.to_bytes()[..]);
(&mut result[137..169]).copy_from_slice(&self.dk.as_bytes()[..]);
result
}
Ok(())
/// Writes the encoded form of the extended spending key as define in
/// [ZIP 32](https://zips.z.cash/zip-0032) to the provided writer.
pub fn write<W: Write>(&self, mut writer: W) -> io::Result<()> {
writer.write_all(&self.to_bytes())
}
/// Returns the child key corresponding to the path derived from the master key