From f6f5096ae4a1199cd4b19534f955badc0e570994 Mon Sep 17 00:00:00 2001
From: therealyingtong <yingtong@z.cash>
Date: Thu, 6 Jan 2022 22:34:03 +0800
Subject: [PATCH] Derive Sapling internal full viewing key.

Co-authored-by: Daira Hopwood <daira@jacaranda.org>
---
 zcash_primitives/src/zip32.rs | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)

diff --git a/zcash_primitives/src/zip32.rs b/zcash_primitives/src/zip32.rs
index 3bf7d2328..9753f31e7 100644
--- a/zcash_primitives/src/zip32.rs
+++ b/zcash_primitives/src/zip32.rs
@@ -544,6 +544,35 @@ impl ExtendedFullViewingKey {
     pub fn default_address(&self) -> (DiversifierIndex, PaymentAddress) {
         sapling_default_address(&self.fvk, &self.dk)
     }
+
+    pub fn derive_internal(&self) -> Self {
+        let i = Blake2bParams::new()
+            .hash_length(64)
+            .personal(crate::zip32::ZIP32_SAPLING_INT_PERSONALIZATION)
+            .hash(&self.fvk.to_bytes());
+        let i_nsk = jubjub::Fr::from_bytes_wide(prf_expand(i.as_bytes(), &[0x17]).as_array());
+        let r = prf_expand(i.as_bytes(), &[0x18]);
+        let r = r.as_bytes();
+        // PROOF_GENERATION_KEY_GENERATOR = \mathcal{H}^Sapling
+        let nk_internal = PROOF_GENERATION_KEY_GENERATOR * i_nsk + self.fvk.vk.nk;
+        let dk_internal = DiversifierKey(r[..32].try_into().unwrap());
+        let ovk_internal = OutgoingViewingKey(r[32..].try_into().unwrap());
+
+        ExtendedFullViewingKey {
+            depth: self.depth,
+            parent_fvk_tag: self.parent_fvk_tag,
+            child_index: self.child_index,
+            chain_code: self.chain_code,
+            fvk: FullViewingKey {
+                vk: ViewingKey {
+                    ak: self.fvk.vk.ak,
+                    nk: nk_internal,
+                },
+                ovk: ovk_internal,
+            },
+            dk: dk_internal,
+        }
+    }
 }
 
 #[cfg(test)]