zec
/
orchard
mirror of https://github.com/zcash/orchard.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Check IVK derivations during FullViewingKey::from_bytes. 

Closes zcash/orchard#303

Co-authored-by: Jack Grigg <jack@electriccoin.co>
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
This commit is contained in:
therealyingtong 2022-03-30 20:16:45 +08:00
parent a0424984c6
commit e550c3d536
1 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/keys.rs
View File

@ -433,7 +433,12 @@ impl FullViewingKey {
let nk = NullifierDerivingKey::from_bytes(&bytes[32..64])?;
let rivk = CommitIvkRandomness::from_bytes(&bytes[64..])?;
Some(FullViewingKey { ak, nk, rivk })
let fvk = FullViewingKey { ak, nk, rivk };
// If ivk is 0 or ⊥, this FVK is invalid.
let _: NonZeroPallasBase = Option::from(KeyAgreementPrivateKey::derive_inner(&fvk))?;
Some(fvk)
}
/// Derives an internal full viewing key from a full viewing key, as specified in
@ -583,7 +588,7 @@ impl KeyAgreementPrivateKey {
///
/// [orchardkeycomponents]: https://zips.z.cash/protocol/protocol.pdf#orchardkeycomponents
fn from_fvk(fvk: &FullViewingKey) -> Self {
// KeyAgreementPrivateKey cannot be constructed such that this unwrap would fail.
// FullViewingKey cannot be constructed such that this unwrap would fail.
let ivk = KeyAgreementPrivateKey::derive_inner(fvk).unwrap();
KeyAgreementPrivateKey(ivk.into())
}