zecfoundation
/
zcashd
mirror of https://github.com/ZcashFoundation/zcashd.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

assert(leadbyte == 0x02) after every if(leadbyte != 0x01)

This commit is contained in:
therealyingtong 2020-08-19 23:35:43 +08:00
parent 952c7f7c70
commit edcecc8a31
No known key found for this signature in database
GPG Key ID: 179F32A1503D607E
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/zcash/Note.cpp
View File

@ -173,6 +173,7 @@ boost::optional<SaplingNote> SaplingNotePlaintext::note(const SaplingIncomingVie
if (addr) { if (addr) {
Zip212Enabled zip_212_enabled = Zip212Enabled::BeforeZip212; Zip212Enabled zip_212_enabled = Zip212Enabled::BeforeZip212;
if (leadbyte != 0x01) { if (leadbyte != 0x01) {
assert(leadbyte == 0x02);
zip_212_enabled = Zip212Enabled::AfterZip212; zip_212_enabled = Zip212Enabled::AfterZip212;
}; };
auto tmp = SaplingNote(d, addr.get().pk_d, value_, rseed, zip_212_enabled); auto tmp = SaplingNote(d, addr.get().pk_d, value_, rseed, zip_212_enabled);
@ -292,6 +293,7 @@ boost::optional<SaplingNotePlaintext> SaplingNotePlaintext::plaintext_checks_wit
} }
if (plaintext.get_leadbyte() != 0x01) { if (plaintext.get_leadbyte() != 0x01) {
assert(plaintext.get_leadbyte() == 0x02);
// ZIP 212: Check that epk is consistent to guard against linkability // ZIP 212: Check that epk is consistent to guard against linkability
// attacks without relying on the soundness of the SNARK. // attacks without relying on the soundness of the SNARK.
uint256 expected_epk; uint256 expected_epk;
@ -370,6 +372,7 @@ boost::optional<SaplingNotePlaintext> SaplingNotePlaintext::plaintext_checks_wit
) )
{ {
if (plaintext.get_leadbyte() != 0x01) { if (plaintext.get_leadbyte() != 0x01) {
assert(plaintext.get_leadbyte() == 0x02);
// ZIP 212: Additionally check that the esk provided to this function // ZIP 212: Additionally check that the esk provided to this function
// is consistent with the esk we can derive // is consistent with the esk we can derive
if (esk != plaintext.generate_or_derive_esk()) { if (esk != plaintext.generate_or_derive_esk()) {
@ -451,6 +454,7 @@ SaplingOutCiphertext SaplingOutgoingPlaintext::encrypt(
uint256 SaplingNotePlaintext::rcm() const { uint256 SaplingNotePlaintext::rcm() const {
if (leadbyte != 0x01) { if (leadbyte != 0x01) {
assert(leadbyte == 0x02);
return PRF_rcm(rseed); return PRF_rcm(rseed);
} else { } else {
return rseed; return rseed;
@ -467,6 +471,7 @@ uint256 SaplingNote::rcm() const {
uint256 SaplingNotePlaintext::generate_or_derive_esk() const { uint256 SaplingNotePlaintext::generate_or_derive_esk() const {
if (leadbyte != 0x01) { if (leadbyte != 0x01) {
assert(leadbyte == 0x02);
return PRF_esk(rseed); return PRF_esk(rseed);
} else { } else {
uint256 esk; uint256 esk;