From 65f3e6ec3274a5c2fa0c3477adc873c9674498c4 Mon Sep 17 00:00:00 2001
From: Jack Grigg <jack@electriccoin.co>
Date: Mon, 21 Feb 2022 14:41:47 +0000
Subject: [PATCH] Add `FullViewingKey::derive_internal`

This is identical to the changes introduced in zcash/orchard#270, except
that the output is non-optional (since the derivation is non-fallible).
---
 src/keys.rs            | 26 +++++++++++++++++++++++++-
 src/spec/prf_expand.rs |  2 ++
 2 files changed, 27 insertions(+), 1 deletion(-)

diff --git a/src/keys.rs b/src/keys.rs
index 8b028edb..66232108 100644
--- a/src/keys.rs
+++ b/src/keys.rs
@@ -7,7 +7,11 @@ use std::mem;
 use aes::Aes256;
 use blake2b_simd::{Hash as Blake2bHash, Params};
 use fpe::ff1::{BinaryNumeralString, FF1};
-use group::{ff::Field, prime::PrimeCurveAffine, Curve, GroupEncoding};
+use group::{
+    ff::{Field, PrimeField},
+    prime::PrimeCurveAffine,
+    Curve, GroupEncoding,
+};
 use halo2::arithmetic::FieldExt;
 use pasta_curves::pallas;
 use rand::RngCore;
@@ -320,6 +324,15 @@ impl FullViewingKey {
         &self.rivk
     }
 
+    pub(crate) fn rivk_internal(&self) -> CommitIvkRandomness {
+        let k = self.rivk.0.to_repr();
+        let ak = self.ak.to_bytes();
+        let nk = self.nk.to_bytes();
+        CommitIvkRandomness(to_scalar(
+            PrfExpand::OrchardRivkInternal.with_ad_slices(&k, &[&ak, &nk]),
+        ))
+    }
+
     /// Defined in [Zcash Protocol Spec § 4.2.3: Orchard Key Components][orchardkeycomponents].
     ///
     /// [orchardkeycomponents]: https://zips.z.cash/protocol/nu5.pdf#orchardkeycomponents
@@ -391,6 +404,17 @@ impl FullViewingKey {
 
         Some(FullViewingKey { ak, nk, rivk })
     }
+
+    /// Derives an internal full viewing key from a full viewing key, as specified in [ZIP32][orchardinternalfullviewingkey]
+    ///
+    /// [orchardinternalfullviewingkey]: https://zips.z.cash/zip-0032#orchard-internal-key-derivation
+    pub fn derive_internal(&self) -> Self {
+        FullViewingKey {
+            ak: self.ak.clone(),
+            nk: self.nk,
+            rivk: self.rivk_internal(),
+        }
+    }
 }
 
 /// A key that provides the capability to derive a sequence of diversifiers.
diff --git a/src/spec/prf_expand.rs b/src/spec/prf_expand.rs
index d00c5610..e2f95e7f 100644
--- a/src/spec/prf_expand.rs
+++ b/src/spec/prf_expand.rs
@@ -12,6 +12,7 @@ pub(crate) enum PrfExpand {
     Psi,
     OrchardZip32Child,
     OrchardDkOvk,
+    OrchardRivkInternal,
 }
 
 impl PrfExpand {
@@ -25,6 +26,7 @@ impl PrfExpand {
             Self::Psi => 0x09,
             Self::OrchardZip32Child => 0x81,
             Self::OrchardDkOvk => 0x82,
+            Self::OrchardRivkInternal => 0x83,
         }
     }