mirror of https://github.com/zcash/orchard.git
Check that the internal IVK can be derived from a spending key
Co-authored-by: Jack Grigg <jack@electriccoin.co> Co-authored-by: Daira Hopwood <daira@jacaranda.org>
This commit is contained in:
parent
e550c3d536
commit
eaa0cfdbf6
15
src/keys.rs
15
src/keys.rs
|
@ -73,9 +73,14 @@ impl SpendingKey {
|
|||
// whether ask = 0; the adjustment to potentially negate ask is not
|
||||
// needed. Also, `from` would panic on ask = 0.
|
||||
let ask = SpendAuthorizingKey::derive_inner(&sk);
|
||||
// If ivk = ⊥, discard this key.
|
||||
let ivk = KeyAgreementPrivateKey::derive_inner(&(&sk).into());
|
||||
CtOption::new(sk, !(ask.is_zero() | ivk.is_none()))
|
||||
// If ivk is 0 or ⊥, discard this key.
|
||||
let fvk = (&sk).into();
|
||||
let external_ivk = KeyAgreementPrivateKey::derive_inner(&fvk);
|
||||
let internal_ivk = KeyAgreementPrivateKey::derive_inner(&fvk.derive_internal());
|
||||
CtOption::new(
|
||||
sk,
|
||||
!(ask.is_zero() | external_ivk.is_none() | internal_ivk.is_none()),
|
||||
)
|
||||
}
|
||||
|
||||
/// Returns the raw bytes of the spending key.
|
||||
|
@ -435,8 +440,10 @@ impl FullViewingKey {
|
|||
|
||||
let fvk = FullViewingKey { ak, nk, rivk };
|
||||
|
||||
// If ivk is 0 or ⊥, this FVK is invalid.
|
||||
// If either ivk is 0 or ⊥, this FVK is invalid.
|
||||
let _: NonZeroPallasBase = Option::from(KeyAgreementPrivateKey::derive_inner(&fvk))?;
|
||||
let _: NonZeroPallasBase =
|
||||
Option::from(KeyAgreementPrivateKey::derive_inner(&fvk.derive_internal()))?;
|
||||
|
||||
Some(fvk)
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue