diff --git a/src/keys.rs b/src/keys.rs index 8b028edb..66232108 100644 --- a/src/keys.rs +++ b/src/keys.rs @@ -7,7 +7,11 @@ use std::mem; use aes::Aes256; use blake2b_simd::{Hash as Blake2bHash, Params}; use fpe::ff1::{BinaryNumeralString, FF1}; -use group::{ff::Field, prime::PrimeCurveAffine, Curve, GroupEncoding}; +use group::{ + ff::{Field, PrimeField}, + prime::PrimeCurveAffine, + Curve, GroupEncoding, +}; use halo2::arithmetic::FieldExt; use pasta_curves::pallas; use rand::RngCore; @@ -320,6 +324,15 @@ impl FullViewingKey { &self.rivk } + pub(crate) fn rivk_internal(&self) -> CommitIvkRandomness { + let k = self.rivk.0.to_repr(); + let ak = self.ak.to_bytes(); + let nk = self.nk.to_bytes(); + CommitIvkRandomness(to_scalar( + PrfExpand::OrchardRivkInternal.with_ad_slices(&k, &[&ak, &nk]), + )) + } + /// Defined in [Zcash Protocol Spec ยง 4.2.3: Orchard Key Components][orchardkeycomponents]. /// /// [orchardkeycomponents]: https://zips.z.cash/protocol/nu5.pdf#orchardkeycomponents @@ -391,6 +404,17 @@ impl FullViewingKey { Some(FullViewingKey { ak, nk, rivk }) } + + /// Derives an internal full viewing key from a full viewing key, as specified in [ZIP32][orchardinternalfullviewingkey] + /// + /// [orchardinternalfullviewingkey]: https://zips.z.cash/zip-0032#orchard-internal-key-derivation + pub fn derive_internal(&self) -> Self { + FullViewingKey { + ak: self.ak.clone(), + nk: self.nk, + rivk: self.rivk_internal(), + } + } } /// A key that provides the capability to derive a sequence of diversifiers. diff --git a/src/spec/prf_expand.rs b/src/spec/prf_expand.rs index d00c5610..e2f95e7f 100644 --- a/src/spec/prf_expand.rs +++ b/src/spec/prf_expand.rs @@ -12,6 +12,7 @@ pub(crate) enum PrfExpand { Psi, OrchardZip32Child, OrchardDkOvk, + OrchardRivkInternal, } impl PrfExpand { @@ -25,6 +26,7 @@ impl PrfExpand { Self::Psi => 0x09, Self::OrchardZip32Child => 0x81, Self::OrchardDkOvk => 0x82, + Self::OrchardRivkInternal => 0x83, } }