From ae43e6c074dae82e9a2c8a578b57ef61091c9b1d Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Fri, 28 May 2021 23:14:48 +0100 Subject: [PATCH] zcash_note_encryption: Pass cmstar_bytes to Domain::derive_ock PRF^ock in the spec takes cm* as a byte array. --- components/zcash_note_encryption/src/lib.rs | 4 ++-- zcash_primitives/src/sapling/note_encryption.rs | 16 ++++++++-------- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/components/zcash_note_encryption/src/lib.rs b/components/zcash_note_encryption/src/lib.rs index 7855349e9..eba324f77 100644 --- a/components/zcash_note_encryption/src/lib.rs +++ b/components/zcash_note_encryption/src/lib.rs @@ -110,7 +110,7 @@ pub trait Domain { fn derive_ock( ovk: &Self::OutgoingViewingKey, cv: &Self::ValueCommitment, - cmstar: &Self::ExtractedCommitment, + cmstar_bytes: &Self::ExtractedCommitmentBytes, ephemeral_key: &EphemeralKeyBytes, ) -> OutgoingCipherKey; @@ -291,7 +291,7 @@ impl NoteEncryption { rng: &mut R, ) -> [u8; OUT_CIPHERTEXT_SIZE] { let (ock, input) = if let Some(ovk) = &self.ovk { - let ock = D::derive_ock(ovk, &cv, &cmstar, &D::epk_bytes(&self.epk)); + let ock = D::derive_ock(ovk, &cv, &cmstar.into(), &D::epk_bytes(&self.epk)); let input = D::outgoing_plaintext_bytes(&self.note, &self.esk); (ock, input) diff --git a/zcash_primitives/src/sapling/note_encryption.rs b/zcash_primitives/src/sapling/note_encryption.rs index f50e2416d..8ca78bacd 100644 --- a/zcash_primitives/src/sapling/note_encryption.rs +++ b/zcash_primitives/src/sapling/note_encryption.rs @@ -54,7 +54,7 @@ fn kdf_sapling(dhsecret: jubjub::SubgroupPoint, ephemeral_key: &EphemeralKeyByte pub fn prf_ock( ovk: &OutgoingViewingKey, cv: &jubjub::ExtendedPoint, - cmu: &bls12_381::Scalar, + cmu_bytes: &[u8; 32], ephemeral_key: &EphemeralKeyBytes, ) -> OutgoingCipherKey { OutgoingCipherKey( @@ -64,7 +64,7 @@ pub fn prf_ock( .to_state() .update(&ovk.0) .update(&cv.to_bytes()) - .update(&cmu.to_repr()) + .update(cmu_bytes) .update(ephemeral_key.as_ref()) .finalize() .as_bytes() @@ -209,10 +209,10 @@ impl Domain for SaplingDomain

{ fn derive_ock( ovk: &Self::OutgoingViewingKey, cv: &Self::ValueCommitment, - cmu: &Self::ExtractedCommitment, + cmu_bytes: &Self::ExtractedCommitmentBytes, epk: &EphemeralKeyBytes, ) -> OutgoingCipherKey { - prf_ock(ovk, cv, cmu, epk) + prf_ock(ovk, cv, cmu_bytes, epk) } fn outgoing_plaintext_bytes( @@ -413,7 +413,7 @@ pub fn try_sapling_output_recovery( &prf_ock( &ovk, &output.cv, - &output.cmu, + &output.cmu.to_repr(), &epk_bytes(&output.ephemeral_key), ), output, @@ -524,7 +524,7 @@ mod tests { &mut rng, ); let epk = *ne.epk(); - let ock = prf_ock(&ovk, &cv, &cmu, &epk_bytes(&epk)); + let ock = prf_ock(&ovk, &cv, &cmu.to_repr(), &epk_bytes(&epk)); let output = OutputDescription { cv, @@ -547,7 +547,7 @@ mod tests { out_ciphertext: &[u8; OUT_CIPHERTEXT_SIZE], modify_plaintext: impl Fn(&mut [u8; NOTE_PLAINTEXT_SIZE]), ) { - let ock = prf_ock(&ovk, &cv, &cmu, &epk_bytes(epk)); + let ock = prf_ock(&ovk, &cv, &cmu.to_repr(), &epk_bytes(epk)); let mut op = [0; OUT_CIPHERTEXT_SIZE]; assert_eq!( @@ -1279,7 +1279,7 @@ mod tests { assert_eq!(k_enc.as_bytes(), tv.k_enc); let ovk = OutgoingViewingKey(tv.ovk); - let ock = prf_ock(&ovk, &cv, &cmu, &epk_bytes(&epk)); + let ock = prf_ock(&ovk, &cv, &cmu.to_repr(), &epk_bytes(&epk)); assert_eq!(ock.as_ref(), tv.ock); let to = PaymentAddress::from_parts(Diversifier(tv.default_d), pk_d).unwrap();