zcash_primitives: Reject non-canonical ZIP 32 Sapling master key encodings

2023-11-27 23:40:16 +00:00 · 2023-11-27 23:40:16 +00:00 · f7726141c3
parent 7badba29ea
commit f7726141c3
2 changed files with 8 additions and 6 deletions
--- a/zcash_primitives/src/sapling/keys.rs
+++ b/zcash_primitives/src/sapling/keys.rs
@ -33,7 +33,8 @@ pub enum DecodingError {
    InvalidAsk,
    /// Could not decode the `nsk` bytes to a jubjub field element.
    InvalidNsk,
-    /// A non-hardened extended spending key was found, which is unsupported.
+    /// An extended spending key had an unsupported child index: either a non-hardened
+    /// index, or a non-zero index at depth 0.
    UnsupportedChildIndex,
 }

--- a/zcash_primitives/src/sapling/zip32.rs
+++ b/zcash_primitives/src/sapling/zip32.rs
@ -242,9 +242,10 @@ enum KeyIndex {

 impl KeyIndex {
    fn new(depth: u8, i: u32) -> Option<Self> {
-        match i {
-            0 if depth == 0 => Some(KeyIndex::Master),
-            _ => ChildIndex::from_index(i).map(KeyIndex::Child),
+        match (depth == 0, i) {
+            (true, 0) => Some(KeyIndex::Master),
+            (false, _) => ChildIndex::from_index(i).map(KeyIndex::Child),
+            _ => None,
        }
    }

@ -359,7 +360,7 @@ impl ExtendedSpendingKey {
            KeyIndex::new(depth, i).ok_or_else(|| {
                io::Error::new(
                    io::ErrorKind::Unsupported,
-                    "Non-hardened keys are not supported",
+                    "Unsupported child index in encoding",
                )
            })
        })?;
@ -544,7 +545,7 @@ impl ExtendedFullViewingKey {
            KeyIndex::new(depth, i).ok_or_else(|| {
                io::Error::new(
                    io::ErrorKind::Unsupported,
-                    "Non-hardened keys are not supported",
+                    "Unsupported child index in encoding",
                )
            })
        })?;