Add `no_std` implementations of Sapling key encoding & decoding.
This commit is contained in:
parent
980f6b4e6c
commit
f15a6d8e80
|
@ -7,9 +7,19 @@ and this library adheres to Rust's notion of
|
||||||
|
|
||||||
## [Unreleased]
|
## [Unreleased]
|
||||||
### Added
|
### Added
|
||||||
- `zcash_primitives::sapling::keys::DiversifiableFullViewingKey`
|
- `zcash_primitives::legacy::AccountPrivKey::{to_bytes, from_bytes}`
|
||||||
- `zcash_primitives::sapling::keys::Scope`
|
|
||||||
- `zcash_primitives::sapling::NullifierDerivingKey`
|
- `zcash_primitives::sapling::NullifierDerivingKey`
|
||||||
|
- Added in `zcash_primitives::sapling::keys`
|
||||||
|
- `DecodingError`
|
||||||
|
- `DiversifiableFullViewingKey`
|
||||||
|
- `Scope`
|
||||||
|
- `ExpandedSpendingKey::from_bytes`
|
||||||
|
- `ExtendedSpendingKey::{from_bytes, to_bytes}`
|
||||||
|
- Added in `zcash_primitives::zip32`
|
||||||
|
- `ChainCode::as_bytes`
|
||||||
|
- `DiversifierIndex::as_bytes`
|
||||||
|
- `ExtendedSpendingKey::{from_bytes, to_bytes}`
|
||||||
|
- Implementations of `From<u32>` and `From<u64>` for `DiversifierIndex`
|
||||||
|
|
||||||
### Changed
|
### Changed
|
||||||
- `zcash_primitives::sapling::ViewingKey` now stores `nk` as a
|
- `zcash_primitives::sapling::ViewingKey` now stores `nk` as a
|
||||||
|
|
|
@ -1,4 +1,7 @@
|
||||||
use hdwallet::{ExtendedPrivKey, ExtendedPubKey, KeyIndex};
|
use hdwallet::{
|
||||||
|
traits::{Deserialize, Serialize},
|
||||||
|
ExtendedPrivKey, ExtendedPubKey, KeyIndex,
|
||||||
|
};
|
||||||
use ripemd::Digest as RipemdDigest;
|
use ripemd::Digest as RipemdDigest;
|
||||||
use secp256k1::PublicKey;
|
use secp256k1::PublicKey;
|
||||||
use sha2::{Digest as Sha2Digest, Sha256};
|
use sha2::{Digest as Sha2Digest, Sha256};
|
||||||
|
@ -63,6 +66,20 @@ impl AccountPrivKey {
|
||||||
.derive_private_key(KeyIndex::Normal(child_index))
|
.derive_private_key(KeyIndex::Normal(child_index))
|
||||||
.map(|k| k.private_key)
|
.map(|k| k.private_key)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/// Returns the `AccountPrivKey` serialized using the encoding for a
|
||||||
|
/// [BIP 32](https://en.bitcoin.it/wiki/BIP_0032) ExtendedPrivKey
|
||||||
|
pub fn to_bytes(&self) -> Vec<u8> {
|
||||||
|
self.0.serialize()
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Decodes the `AccountPrivKey` from the encoding specified for a
|
||||||
|
/// [BIP 32](https://en.bitcoin.it/wiki/BIP_0032) ExtendedPrivKey
|
||||||
|
pub fn from_bytes(b: &[u8]) -> Option<Self> {
|
||||||
|
ExtendedPrivKey::deserialize(b)
|
||||||
|
.map(AccountPrivKey::from_extended_privkey)
|
||||||
|
.ok()
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/// A type representing a BIP-44 public key at the account path level
|
/// A type representing a BIP-44 public key at the account path level
|
||||||
|
|
|
@ -17,6 +17,16 @@ use subtle::CtOption;
|
||||||
|
|
||||||
use super::{NullifierDerivingKey, PaymentAddress, ProofGenerationKey, SaplingIvk, ViewingKey};
|
use super::{NullifierDerivingKey, PaymentAddress, ProofGenerationKey, SaplingIvk, ViewingKey};
|
||||||
|
|
||||||
|
/// Errors that can occur in the decoding of Sapling spending keys.
|
||||||
|
pub enum DecodingError {
|
||||||
|
/// The length of the byte slice provided for decoding was incorrect.
|
||||||
|
LengthInvalid { expected: usize, actual: usize },
|
||||||
|
/// Could not decode the `ask` bytes to a jubjub field element.
|
||||||
|
InvalidAsk,
|
||||||
|
/// Could not decode the `nsk` bytes to a jubjub field element.
|
||||||
|
InvalidNsk,
|
||||||
|
}
|
||||||
|
|
||||||
/// A Sapling expanded spending key
|
/// A Sapling expanded spending key
|
||||||
#[derive(Clone)]
|
#[derive(Clone)]
|
||||||
pub struct ExpandedSpendingKey {
|
pub struct ExpandedSpendingKey {
|
||||||
|
@ -49,39 +59,52 @@ impl ExpandedSpendingKey {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/// Decodes the expanded spending key from its serialized representation
|
||||||
|
/// as part of the encoding of the extended spending key as defined in
|
||||||
|
/// [ZIP 32](https://zips.z.cash/zip-0032)
|
||||||
|
pub fn from_bytes(b: &[u8]) -> Result<Self, DecodingError> {
|
||||||
|
if b.len() != 96 {
|
||||||
|
return Err(DecodingError::LengthInvalid {
|
||||||
|
expected: 96,
|
||||||
|
actual: b.len(),
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
let ask = Option::from(jubjub::Fr::from_repr(b[0..32].try_into().unwrap()))
|
||||||
|
.ok_or(DecodingError::InvalidAsk)?;
|
||||||
|
let nsk = Option::from(jubjub::Fr::from_repr(b[32..64].try_into().unwrap()))
|
||||||
|
.ok_or(DecodingError::InvalidNsk)?;
|
||||||
|
let ovk = OutgoingViewingKey(b[64..96].try_into().unwrap());
|
||||||
|
|
||||||
|
Ok(ExpandedSpendingKey { ask, nsk, ovk })
|
||||||
|
}
|
||||||
|
|
||||||
pub fn read<R: Read>(mut reader: R) -> io::Result<Self> {
|
pub fn read<R: Read>(mut reader: R) -> io::Result<Self> {
|
||||||
let mut ask_repr = [0u8; 32];
|
let mut repr = [0u8; 96];
|
||||||
reader.read_exact(ask_repr.as_mut())?;
|
reader.read_exact(repr.as_mut())?;
|
||||||
let ask = Option::from(jubjub::Fr::from_repr(ask_repr))
|
Self::from_bytes(&repr).map_err(|e| match e {
|
||||||
.ok_or_else(|| io::Error::new(io::ErrorKind::InvalidData, "ask not in field"))?;
|
DecodingError::InvalidAsk => {
|
||||||
|
io::Error::new(io::ErrorKind::InvalidData, "ask not in field")
|
||||||
let mut nsk_repr = [0u8; 32];
|
}
|
||||||
reader.read_exact(nsk_repr.as_mut())?;
|
DecodingError::InvalidNsk => {
|
||||||
let nsk = Option::from(jubjub::Fr::from_repr(nsk_repr))
|
io::Error::new(io::ErrorKind::InvalidData, "nsk not in field")
|
||||||
.ok_or_else(|| io::Error::new(io::ErrorKind::InvalidData, "nsk not in field"))?;
|
}
|
||||||
|
DecodingError::LengthInvalid { .. } => unreachable!(),
|
||||||
let mut ovk = [0u8; 32];
|
|
||||||
reader.read_exact(&mut ovk)?;
|
|
||||||
|
|
||||||
Ok(ExpandedSpendingKey {
|
|
||||||
ask,
|
|
||||||
nsk,
|
|
||||||
ovk: OutgoingViewingKey(ovk),
|
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
pub fn write<W: Write>(&self, mut writer: W) -> io::Result<()> {
|
pub fn write<W: Write>(&self, mut writer: W) -> io::Result<()> {
|
||||||
writer.write_all(self.ask.to_repr().as_ref())?;
|
writer.write_all(&self.to_bytes())
|
||||||
writer.write_all(self.nsk.to_repr().as_ref())?;
|
|
||||||
writer.write_all(&self.ovk.0)?;
|
|
||||||
|
|
||||||
Ok(())
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/// Encodes the expanded spending key to the its seralized representation
|
||||||
|
/// as part of the encoding of the extended spending key as defined in
|
||||||
|
/// [ZIP 32](https://zips.z.cash/zip-0032)
|
||||||
pub fn to_bytes(&self) -> [u8; 96] {
|
pub fn to_bytes(&self) -> [u8; 96] {
|
||||||
let mut result = [0u8; 96];
|
let mut result = [0u8; 96];
|
||||||
self.write(&mut result[..])
|
(&mut result[0..32]).copy_from_slice(&self.ask.to_repr());
|
||||||
.expect("should be able to serialize an ExpandedSpendingKey");
|
(&mut result[32..64]).copy_from_slice(&self.nsk.to_repr());
|
||||||
|
(&mut result[64..96]).copy_from_slice(&self.ovk.0);
|
||||||
result
|
result
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -18,7 +18,7 @@ use std::io::{self, Read, Write};
|
||||||
use crate::{
|
use crate::{
|
||||||
keys::{prf_expand, prf_expand_vec, OutgoingViewingKey},
|
keys::{prf_expand, prf_expand_vec, OutgoingViewingKey},
|
||||||
sapling::{
|
sapling::{
|
||||||
keys::{ExpandedSpendingKey, FullViewingKey},
|
keys::{DecodingError, ExpandedSpendingKey, FullViewingKey},
|
||||||
NullifierDerivingKey,
|
NullifierDerivingKey,
|
||||||
},
|
},
|
||||||
};
|
};
|
||||||
|
@ -91,6 +91,10 @@ impl FvkTag {
|
||||||
fn master() -> Self {
|
fn master() -> Self {
|
||||||
FvkTag([0u8; 4])
|
FvkTag([0u8; 4])
|
||||||
}
|
}
|
||||||
|
|
||||||
|
fn as_bytes(&self) -> &[u8; 4] {
|
||||||
|
&self.0
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/// A child index for a derived key
|
/// A child index for a derived key
|
||||||
|
@ -124,6 +128,14 @@ impl ChildIndex {
|
||||||
#[derive(Clone, Copy, Debug, PartialEq)]
|
#[derive(Clone, Copy, Debug, PartialEq)]
|
||||||
pub struct ChainCode([u8; 32]);
|
pub struct ChainCode([u8; 32]);
|
||||||
|
|
||||||
|
impl ChainCode {
|
||||||
|
/// Returns byte representation of the chain code, as required for
|
||||||
|
/// [ZIP 32](https://zips.z.cash/zip-0032) encoding.
|
||||||
|
fn as_bytes(&self) -> &[u8; 32] {
|
||||||
|
&self.0
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
#[derive(Clone, Copy, Debug, PartialEq)]
|
#[derive(Clone, Copy, Debug, PartialEq)]
|
||||||
pub struct DiversifierIndex(pub [u8; 11]);
|
pub struct DiversifierIndex(pub [u8; 11]);
|
||||||
|
|
||||||
|
@ -176,6 +188,16 @@ impl DiversifierKey {
|
||||||
DiversifierKey(dk_m)
|
DiversifierKey(dk_m)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/// Constructs the diversifier key from its constituent bytes.
|
||||||
|
pub fn from_bytes(key: [u8; 32]) -> Self {
|
||||||
|
DiversifierKey(key)
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Returns the byte representation of the diversifier key.
|
||||||
|
pub fn as_bytes(&self) -> &[u8; 32] {
|
||||||
|
&self.0
|
||||||
|
}
|
||||||
|
|
||||||
fn derive_child(&self, i_l: &[u8]) -> Self {
|
fn derive_child(&self, i_l: &[u8]) -> Self {
|
||||||
let mut dk = [0u8; 32];
|
let mut dk = [0u8; 32];
|
||||||
dk.copy_from_slice(&prf_expand_vec(i_l, &[&[0x16], &self.0]).as_bytes()[..32]);
|
dk.copy_from_slice(&prf_expand_vec(i_l, &[&[0x16], &self.0]).as_bytes()[..32]);
|
||||||
|
@ -402,6 +424,45 @@ impl ExtendedSpendingKey {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/// Decodes the extended spending key from its serialized representation as defined in
|
||||||
|
/// [ZIP 32](https://zips.z.cash/zip-0032)
|
||||||
|
pub fn from_bytes(b: &[u8]) -> Result<Self, DecodingError> {
|
||||||
|
if b.len() != 169 {
|
||||||
|
return Err(DecodingError::LengthInvalid {
|
||||||
|
expected: 169,
|
||||||
|
actual: b.len(),
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
let depth = b[0];
|
||||||
|
|
||||||
|
let mut parent_fvk_tag = FvkTag([0; 4]);
|
||||||
|
(&mut parent_fvk_tag.0[..]).copy_from_slice(&b[1..5]);
|
||||||
|
|
||||||
|
let mut ci_bytes = [0u8; 4];
|
||||||
|
(&mut ci_bytes[..]).copy_from_slice(&b[5..9]);
|
||||||
|
let child_index = ChildIndex::from_index(u32::from_le_bytes(ci_bytes));
|
||||||
|
|
||||||
|
let mut chain_code = ChainCode([0u8; 32]);
|
||||||
|
(&mut chain_code.0[..]).copy_from_slice(&b[9..41]);
|
||||||
|
|
||||||
|
let expsk = ExpandedSpendingKey::from_bytes(&b[41..137])?;
|
||||||
|
|
||||||
|
let mut dk = DiversifierKey([0u8; 32]);
|
||||||
|
(&mut dk.0[..]).copy_from_slice(&b[137..169]);
|
||||||
|
|
||||||
|
Ok(ExtendedSpendingKey {
|
||||||
|
depth,
|
||||||
|
parent_fvk_tag,
|
||||||
|
child_index,
|
||||||
|
chain_code,
|
||||||
|
expsk,
|
||||||
|
dk,
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Reads and decodes the encoded form of the extended spending key as define in
|
||||||
|
/// [ZIP 32](https://zips.z.cash/zip-0032) from the provided reader.
|
||||||
pub fn read<R: Read>(mut reader: R) -> io::Result<Self> {
|
pub fn read<R: Read>(mut reader: R) -> io::Result<Self> {
|
||||||
let depth = reader.read_u8()?;
|
let depth = reader.read_u8()?;
|
||||||
let mut tag = [0; 4];
|
let mut tag = [0; 4];
|
||||||
|
@ -423,15 +484,23 @@ impl ExtendedSpendingKey {
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
pub fn write<W: Write>(&self, mut writer: W) -> io::Result<()> {
|
/// Encodes the extended spending key to the its seralized representation as defined in
|
||||||
writer.write_u8(self.depth)?;
|
/// [ZIP 32](https://zips.z.cash/zip-0032)
|
||||||
writer.write_all(&self.parent_fvk_tag.0)?;
|
pub fn to_bytes(&self) -> [u8; 169] {
|
||||||
writer.write_u32::<LittleEndian>(self.child_index.value())?;
|
let mut result = [0u8; 169];
|
||||||
writer.write_all(&self.chain_code.0)?;
|
result[0] = self.depth;
|
||||||
writer.write_all(&self.expsk.to_bytes())?;
|
(&mut result[1..5]).copy_from_slice(&self.parent_fvk_tag.as_bytes()[..]);
|
||||||
writer.write_all(&self.dk.0)?;
|
(&mut result[5..9]).copy_from_slice(&self.child_index.value().to_le_bytes()[..]);
|
||||||
|
(&mut result[9..41]).copy_from_slice(&self.chain_code.as_bytes()[..]);
|
||||||
|
(&mut result[41..137]).copy_from_slice(&self.expsk.to_bytes()[..]);
|
||||||
|
(&mut result[137..169]).copy_from_slice(&self.dk.as_bytes()[..]);
|
||||||
|
result
|
||||||
|
}
|
||||||
|
|
||||||
Ok(())
|
/// Writes the encoded form of the extended spending key as define in
|
||||||
|
/// [ZIP 32](https://zips.z.cash/zip-0032) to the provided writer.
|
||||||
|
pub fn write<W: Write>(&self, mut writer: W) -> io::Result<()> {
|
||||||
|
writer.write_all(&self.to_bytes())
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Returns the child key corresponding to the path derived from the master key
|
/// Returns the child key corresponding to the path derived from the master key
|
||||||
|
|
Loading…
Reference in New Issue