Replace leadByte in SaplingNote with is_zip_212
This commit is contained in:
parent
7a1d119170
commit
f24e706079
|
@ -223,7 +223,7 @@ def initialize_chain(test_dir):
|
|||
print("initialize_chain: bitcoind started, waiting for RPC to come up")
|
||||
wait_for_bitcoind_start(bitcoind_processes[i], rpc_url(i), i)
|
||||
if os.getenv("PYTHON_DEBUG", ""):
|
||||
print("initialize_chain: RPC succesfully started")
|
||||
print("initialize_chain: RPC successfully started")
|
||||
|
||||
rpcs = []
|
||||
for i in range(4):
|
||||
|
@ -313,7 +313,7 @@ def start_node(i, dirname, extra_args=None, rpchost=None, timewait=None, binary=
|
|||
url = rpc_url(i, rpchost)
|
||||
wait_for_bitcoind_start(bitcoind_processes[i], url, i)
|
||||
if os.getenv("PYTHON_DEBUG", ""):
|
||||
print("start_node: RPC succesfully started")
|
||||
print("start_node: RPC successfully started")
|
||||
proxy = get_rpc_proxy(url, i, timeout=timewait)
|
||||
|
||||
if COVERAGE_DIR:
|
||||
|
|
|
@ -1134,7 +1134,7 @@ TEST(CheckTransaction, HeartwoodAcceptsShieldedCoinbase) {
|
|||
|
||||
uint256 ovk;
|
||||
auto note = libzcash::SaplingNote(
|
||||
libzcash::SaplingSpendingKey::random().default_address(), CAmount(123456), 0x01);
|
||||
libzcash::SaplingSpendingKey::random().default_address(), CAmount(123456), false);
|
||||
auto output = OutputDescriptionInfo(ovk, note, {{0xF6}});
|
||||
|
||||
auto ctx = librustzcash_sapling_proving_ctx_init();
|
||||
|
@ -1217,7 +1217,7 @@ TEST(CheckTransaction, HeartwoodEnforcesSaplingRulesOnShieldedCoinbase) {
|
|||
|
||||
uint256 ovk;
|
||||
auto note = libzcash::SaplingNote(
|
||||
libzcash::SaplingSpendingKey::random().default_address(), CAmount(123456), 0x01);
|
||||
libzcash::SaplingSpendingKey::random().default_address(), CAmount(123456), false);
|
||||
auto output = OutputDescriptionInfo(ovk, note, {{0xF6}});
|
||||
|
||||
CMutableTransaction mtx = GetValidTransaction();
|
||||
|
@ -1294,7 +1294,7 @@ TEST(CheckTransaction, CanopyEnforcesSaplingRulesOnShieldedCoinbase) {
|
|||
|
||||
uint256 ovk;
|
||||
auto note = libzcash::SaplingNote(
|
||||
libzcash::SaplingSpendingKey::random().default_address(), CAmount(123456), 0x02);
|
||||
libzcash::SaplingSpendingKey::random().default_address(), CAmount(123456), true);
|
||||
auto output = OutputDescriptionInfo(ovk, note, {{0xF6}});
|
||||
|
||||
CMutableTransaction mtx = GetValidTransaction();
|
||||
|
|
|
@ -33,7 +33,7 @@ TEST(NoteEncryption, NotePlaintext)
|
|||
UpdateNetworkUpgradeParameters(Consensus::UPGRADE_CANOPY, canopyActivationHeight);
|
||||
auto params = Params().GetConsensus();
|
||||
|
||||
unsigned char leadBytes[] = {0x01, 0x02};
|
||||
bool is_zip_212[] = {false, true};
|
||||
int decryptionHeights[] = {saplingActivationHeight, canopyActivationHeight};
|
||||
|
||||
using namespace libzcash;
|
||||
|
@ -48,8 +48,8 @@ TEST(NoteEncryption, NotePlaintext)
|
|||
memo[i] = (unsigned char) i;
|
||||
}
|
||||
|
||||
for (int ver = 0; ver < sizeof(leadBytes); ver++){
|
||||
SaplingNote note(addr, 39393, leadBytes[ver]);
|
||||
for (int ver = 0; ver < sizeof(is_zip_212); ver++){
|
||||
SaplingNote note(addr, 39393, is_zip_212[ver]);
|
||||
auto cmu_opt = note.cmu();
|
||||
if (!cmu_opt) {
|
||||
FAIL();
|
||||
|
@ -212,7 +212,7 @@ TEST(NoteEncryption, RejectsInvalidNotePlaintextVersion)
|
|||
|
||||
{
|
||||
// non-0x01 received before Canopy activation height
|
||||
SaplingNote note(addr, 39393, 0x02);
|
||||
SaplingNote note(addr, 39393, true);
|
||||
auto cmu_opt = note.cmu();
|
||||
if (!cmu_opt) {
|
||||
FAIL();
|
||||
|
@ -241,46 +241,9 @@ TEST(NoteEncryption, RejectsInvalidNotePlaintextVersion)
|
|||
));
|
||||
}
|
||||
|
||||
{
|
||||
// non-{0x01,0x02} received after Canopy activation and before grace period has elapsed
|
||||
SaplingNote note(addr, 39393, 0x03);
|
||||
int height1 = canopyActivationHeight;
|
||||
int height2 = canopyActivationHeight + (ZIP212_GRACE_PERIOD) - 1;
|
||||
int heights[] = {height1, height2};
|
||||
|
||||
for (int j = 0; j < sizeof(heights) / sizeof(int); j++) {
|
||||
auto cmu_opt = note.cmu();
|
||||
if (!cmu_opt) {
|
||||
FAIL();
|
||||
}
|
||||
uint256 cmu = cmu_opt.get();
|
||||
SaplingNotePlaintext pt(note, memo);
|
||||
|
||||
auto res = pt.encrypt(addr.pk_d);
|
||||
if (!res) {
|
||||
FAIL();
|
||||
}
|
||||
|
||||
auto enc = res.get();
|
||||
|
||||
auto ct = enc.first;
|
||||
auto encryptor = enc.second;
|
||||
auto epk = encryptor.get_epk();
|
||||
|
||||
ASSERT_FALSE(SaplingNotePlaintext::decrypt(
|
||||
params,
|
||||
heights[j],
|
||||
ct,
|
||||
ivk,
|
||||
epk,
|
||||
cmu
|
||||
));
|
||||
}
|
||||
}
|
||||
|
||||
{
|
||||
// non-0x02 received past (Canopy activation height + grace period)
|
||||
SaplingNote note(addr, 39393, 0x01);
|
||||
SaplingNote note(addr, 39393, false);
|
||||
auto cmu_opt = note.cmu();
|
||||
if (!cmu_opt) {
|
||||
FAIL();
|
||||
|
@ -340,7 +303,7 @@ TEST(NoteEncryption, AcceptsValidNotePlaintextVersion)
|
|||
|
||||
{
|
||||
// 0x01 received before Canopy activation height
|
||||
SaplingNote note(addr, 39393, 0x01);
|
||||
SaplingNote note(addr, 39393, false);
|
||||
auto cmu_opt = note.cmu();
|
||||
if (!cmu_opt) {
|
||||
FAIL();
|
||||
|
@ -375,14 +338,14 @@ TEST(NoteEncryption, AcceptsValidNotePlaintextVersion)
|
|||
|
||||
{
|
||||
// {0x01,0x02} received after Canopy activation and before grace period has elapsed
|
||||
unsigned char leadBytes[] = {0x01, 0x02};
|
||||
bool is_zip_212[] = {false, true};
|
||||
int height1 = canopyActivationHeight;
|
||||
int height2 = canopyActivationHeight + (ZIP212_GRACE_PERIOD) - 1;
|
||||
int heights[] = {height1, height2};
|
||||
|
||||
for (int i = 0; i < sizeof(leadBytes); i++) {
|
||||
for (int i = 0; i < sizeof(is_zip_212); i++) {
|
||||
for (int j = 0; j < sizeof(heights) / sizeof(int); j++) {
|
||||
SaplingNote note(addr, 39393, leadBytes[i]);
|
||||
SaplingNote note(addr, 39393, is_zip_212[i]);
|
||||
auto cmu_opt = note.cmu();
|
||||
if (!cmu_opt) {
|
||||
FAIL();
|
||||
|
@ -419,7 +382,7 @@ TEST(NoteEncryption, AcceptsValidNotePlaintextVersion)
|
|||
|
||||
{
|
||||
// 0x02 received past (Canopy activation height + grace period)
|
||||
SaplingNote note(addr, 39393, 0x02);
|
||||
SaplingNote note(addr, 39393, true);
|
||||
auto cmu_opt = note.cmu();
|
||||
if (!cmu_opt) {
|
||||
FAIL();
|
||||
|
|
|
@ -57,8 +57,8 @@ TEST(SaplingNote, Random)
|
|||
{
|
||||
// Test creating random notes using the same spending key
|
||||
auto address = SaplingSpendingKey::random().default_address();
|
||||
SaplingNote note1(address, GetRand(MAX_MONEY), 0x01);
|
||||
SaplingNote note2(address, GetRand(MAX_MONEY), 0x01);
|
||||
SaplingNote note1(address, GetRand(MAX_MONEY), false);
|
||||
SaplingNote note2(address, GetRand(MAX_MONEY), false);
|
||||
|
||||
ASSERT_EQ(note1.d, note2.d);
|
||||
ASSERT_EQ(note1.pk_d, note2.pk_d);
|
||||
|
@ -66,7 +66,7 @@ TEST(SaplingNote, Random)
|
|||
ASSERT_NE(note1.rcm(), note2.rcm());
|
||||
|
||||
// Test diversifier and pk_d are not the same for different spending keys
|
||||
SaplingNote note3(SaplingSpendingKey::random().default_address(), GetRand(MAX_MONEY), 0x01);
|
||||
SaplingNote note3(SaplingSpendingKey::random().default_address(), GetRand(MAX_MONEY), false);
|
||||
ASSERT_NE(note1.d, note3.d);
|
||||
ASSERT_NE(note1.pk_d, note3.pk_d);
|
||||
}
|
||||
|
|
|
@ -483,7 +483,7 @@ TEST(TransactionBuilder, CheckSaplingTxVersion)
|
|||
}
|
||||
|
||||
// Cannot add Sapling spends to a non-Sapling transaction
|
||||
libzcash::SaplingNote note(pk, 50000, 0x01);
|
||||
libzcash::SaplingNote note(pk, 50000, false);
|
||||
SaplingMerkleTree tree;
|
||||
try {
|
||||
builder.AddSaplingSpend(expsk, note, uint256(), tree.witness());
|
||||
|
@ -517,7 +517,7 @@ TEST(TransactionBuilder, RejectsInvalidNotePlaintextVersion)
|
|||
{
|
||||
// non-0x01 received before Canopy activation height
|
||||
auto builder = TransactionBuilder(consensusParams, canopyActivationHeight - 1);
|
||||
libzcash::SaplingNote note(pk, 50000, 0x02);
|
||||
libzcash::SaplingNote note(pk, 50000, true);
|
||||
try {
|
||||
builder.AddSaplingSpend(expsk, note, uint256(), tree.witness());
|
||||
} catch (std::runtime_error const & err) {
|
||||
|
@ -527,29 +527,10 @@ TEST(TransactionBuilder, RejectsInvalidNotePlaintextVersion)
|
|||
}
|
||||
}
|
||||
|
||||
{
|
||||
// non-{0x01,0x02} received after Canopy activation and before grace period has elapsed
|
||||
libzcash::SaplingNote note(pk, 50000, 0x03);
|
||||
int height1 = canopyActivationHeight - 1;
|
||||
int height2 = canopyActivationHeight + (ZIP212_GRACE_PERIOD) - 2;
|
||||
int heights[] = {height1, height2};
|
||||
|
||||
for (int j = 0; j < sizeof(heights) / sizeof(int); j++) {
|
||||
auto builder = TransactionBuilder(consensusParams, heights[j]);
|
||||
try {
|
||||
builder.AddSaplingSpend(expsk, note, uint256(), tree.witness());
|
||||
} catch (std::runtime_error const & err) {
|
||||
EXPECT_EQ(err.what(), std::string("TransactionBuilder: invalid note plaintext version"));
|
||||
} catch(...) {
|
||||
FAIL() << "Expected std::runtime_error";
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
{
|
||||
// non-0x02 received past (Canopy activation height + grace period)
|
||||
auto builder = TransactionBuilder(consensusParams, canopyActivationHeight + ZIP212_GRACE_PERIOD);
|
||||
libzcash::SaplingNote note(pk, 50000, 0x01);
|
||||
libzcash::SaplingNote note(pk, 50000, false);
|
||||
try {
|
||||
builder.AddSaplingSpend(expsk, note, uint256(), tree.witness());
|
||||
} catch (std::runtime_error const & err) {
|
||||
|
@ -584,22 +565,21 @@ TEST(TransactionBuilder, AcceptsValidNotePlaintextVersion)
|
|||
{
|
||||
// 0x01 received before Canopy activation height
|
||||
auto builder = TransactionBuilder(consensusParams, canopyActivationHeight - 1);
|
||||
libzcash::SaplingNote note(pk, 50000, 0x01);
|
||||
libzcash::SaplingNote note(pk, 50000, false);
|
||||
ASSERT_NO_THROW(builder.AddSaplingSpend(expsk, note, uint256(), tree.witness()));
|
||||
}
|
||||
|
||||
{
|
||||
// {0x01,0x02} received after Canopy activation and before grace period has elapsed
|
||||
unsigned char leadBytes[] = {0x01, 0x02};
|
||||
unsigned char is_zip_212[] = {false, true};
|
||||
int height1 = canopyActivationHeight - 1;
|
||||
int height2 = canopyActivationHeight + (ZIP212_GRACE_PERIOD) - 2;
|
||||
int heights[] = {height1, height2};
|
||||
|
||||
for (int i = 0; i < sizeof(leadBytes); i++) {
|
||||
for (int i = 0; i < sizeof(is_zip_212); i++) {
|
||||
for (int j = 0; j < sizeof(heights) / sizeof(int); j++) {
|
||||
printf("height %d: %d\n", j, heights[j]);
|
||||
auto builder = TransactionBuilder(consensusParams, heights[j]);
|
||||
libzcash::SaplingNote note(pk, 50000, leadBytes[i]);
|
||||
libzcash::SaplingNote note(pk, 50000, is_zip_212[i]);
|
||||
ASSERT_NO_THROW(builder.AddSaplingSpend(expsk, note, uint256(), tree.witness()));
|
||||
}
|
||||
}
|
||||
|
@ -608,7 +588,7 @@ TEST(TransactionBuilder, AcceptsValidNotePlaintextVersion)
|
|||
{
|
||||
// 0x02 received past (Canopy activation height + grace period)
|
||||
auto builder = TransactionBuilder(consensusParams, canopyActivationHeight + ZIP212_GRACE_PERIOD - 1);
|
||||
libzcash::SaplingNote note(pk, 50000, 0x02);
|
||||
libzcash::SaplingNote note(pk, 50000, true);
|
||||
ASSERT_NO_THROW(builder.AddSaplingSpend(expsk, note, uint256(), tree.witness()));
|
||||
}
|
||||
|
||||
|
|
|
@ -938,7 +938,7 @@ bool ContextualCheckTransaction(
|
|||
|
||||
// ZIP 212: Check that the note plaintexts use the v2 note plaintext
|
||||
// version.
|
||||
if (canopyActive != (encPlaintext->get_lead_byte() == 0x02)) {
|
||||
if (canopyActive != (encPlaintext->get_leadbyte() == 0x02)) {
|
||||
return state.DoS(
|
||||
DOS_LEVEL_BLOCK,
|
||||
error("CheckTransaction(): coinbase output description has invalid note plaintext version"),
|
||||
|
|
|
@ -157,11 +157,7 @@ public:
|
|||
mtx.valueBalance = -value;
|
||||
|
||||
uint256 ovk;
|
||||
unsigned char leadByte = 0x01;
|
||||
if (Params().GetConsensus().NetworkUpgradeActive(nHeight, Consensus::UPGRADE_CANOPY)) {
|
||||
leadByte = 0x02;
|
||||
}
|
||||
auto note = libzcash::SaplingNote(pa, value, leadByte);
|
||||
auto note = libzcash::SaplingNote(pa, value, (Params().GetConsensus().NetworkUpgradeActive(nHeight, Consensus::UPGRADE_CANOPY)));
|
||||
auto output = OutputDescriptionInfo(ovk, note, {{0xF6}});
|
||||
|
||||
auto ctx = librustzcash_sapling_proving_ctx_init();
|
||||
|
|
|
@ -143,8 +143,13 @@ void TransactionBuilder::AddSaplingSpend(
|
|||
throw std::runtime_error("TransactionBuilder cannot add Sapling spend to pre-Sapling transaction");
|
||||
}
|
||||
|
||||
unsigned char leadbyte = 0x01;
|
||||
if (note.get_is_zip_212() == true) {
|
||||
leadbyte = 0x02;
|
||||
}
|
||||
|
||||
// ZIP212: check that note plaintext lead byte is valid at height
|
||||
if (!libzcash::plaintext_version_is_valid(consensusParams, nHeight + 1, note.get_lead_byte())) {
|
||||
if (!libzcash::plaintext_version_is_valid(consensusParams, nHeight + 1, leadbyte)) {
|
||||
throw std::runtime_error("TransactionBuilder: invalid note plaintext version");
|
||||
}
|
||||
|
||||
|
@ -168,11 +173,11 @@ void TransactionBuilder::AddSaplingOutput(
|
|||
throw std::runtime_error("TransactionBuilder cannot add Sapling output to pre-Sapling transaction");
|
||||
}
|
||||
|
||||
unsigned char leadByte = 0x01;
|
||||
bool is_zip_212 = false;
|
||||
if (Params().GetConsensus().NetworkUpgradeActive(nHeight + 1, Consensus::UPGRADE_CANOPY)) {
|
||||
leadByte = 0x02;
|
||||
is_zip_212 = true;
|
||||
}
|
||||
auto note = libzcash::SaplingNote(to, value, leadByte);
|
||||
auto note = libzcash::SaplingNote(to, value, is_zip_212);
|
||||
outputs.emplace_back(ovk, note, memo);
|
||||
mtx.valueBalance -= value;
|
||||
}
|
||||
|
|
|
@ -289,7 +289,7 @@ CKey AddTestCKeyToKeyStore(CBasicKeyStore& keyStore) {
|
|||
|
||||
TestSaplingNote GetTestSaplingNote(const libzcash::SaplingPaymentAddress& pa, CAmount value) {
|
||||
// Generate dummy Sapling note
|
||||
libzcash::SaplingNote note(pa, value, 0x01);
|
||||
libzcash::SaplingNote note(pa, value, false);
|
||||
uint256 cm = note.cmu().get();
|
||||
SaplingMerkleTree tree;
|
||||
tree.append(cm);
|
||||
|
|
|
@ -385,10 +385,10 @@ TEST(WalletTests, SetSaplingNoteAddrsInCWalletTx) {
|
|||
UpdateNetworkUpgradeParameters(Consensus::UPGRADE_CANOPY, canopyActivationHeight);
|
||||
auto consensusParams = Params().GetConsensus();
|
||||
|
||||
unsigned char leadBytes[] = {0x01, 0x02};
|
||||
bool is_zip_212[] = {false, true};
|
||||
int builderHeights[] = {saplingActivationHeight, canopyActivationHeight};
|
||||
|
||||
for (int ver = 0; ver < sizeof(leadBytes); ver++) {
|
||||
for (int ver = 0; ver < sizeof(is_zip_212); ver++) {
|
||||
TestWallet wallet;
|
||||
LOCK(wallet.cs_wallet);
|
||||
|
||||
|
@ -398,7 +398,7 @@ TEST(WalletTests, SetSaplingNoteAddrsInCWalletTx) {
|
|||
auto ivk = fvk.in_viewing_key();
|
||||
auto pk = sk.DefaultAddress();
|
||||
|
||||
libzcash::SaplingNote note(pk, 50000, leadBytes[ver]);
|
||||
libzcash::SaplingNote note(pk, 50000, is_zip_212[ver]);
|
||||
auto cm = note.cmu().get();
|
||||
SaplingMerkleTree tree;
|
||||
tree.append(cm);
|
||||
|
@ -660,10 +660,10 @@ TEST(WalletTests, GetConflictedSaplingNotes) {
|
|||
UpdateNetworkUpgradeParameters(Consensus::UPGRADE_CANOPY, canopyActivationHeight);
|
||||
auto consensusParams = Params().GetConsensus();
|
||||
|
||||
unsigned char leadBytes[] = {0x01, 0x02};
|
||||
bool is_zip_212[] = {false, true};
|
||||
int builderHeights[] = {saplingActivationHeight, canopyActivationHeight};
|
||||
|
||||
for (int ver = 0; ver < sizeof(leadBytes); ver++) {
|
||||
for (int ver = 0; ver < sizeof(is_zip_212); ver++) {
|
||||
TestWallet wallet;
|
||||
LOCK2(cs_main, wallet.cs_wallet);
|
||||
|
||||
|
@ -678,7 +678,7 @@ TEST(WalletTests, GetConflictedSaplingNotes) {
|
|||
ASSERT_TRUE(wallet.HaveSaplingSpendingKey(extfvk));
|
||||
|
||||
// Generate note A
|
||||
libzcash::SaplingNote note(pk, 50000, leadBytes[ver]);
|
||||
libzcash::SaplingNote note(pk, 50000, is_zip_212[ver]);
|
||||
auto cm = note.cmu().get();
|
||||
SaplingMerkleTree saplingTree;
|
||||
saplingTree.append(cm);
|
||||
|
@ -1042,10 +1042,10 @@ TEST(WalletTests, SpentSaplingNoteIsFromMe) {
|
|||
UpdateNetworkUpgradeParameters(Consensus::UPGRADE_CANOPY, canopyActivationHeight);
|
||||
auto consensusParams = Params().GetConsensus();
|
||||
|
||||
unsigned char leadBytes[] = {0x01, 0x02};
|
||||
bool is_zip_212[] = {false, true};
|
||||
int builderHeights[] = {saplingActivationHeight, canopyActivationHeight};
|
||||
|
||||
for (int ver = 0; ver < sizeof(leadBytes); ver++) {
|
||||
for (int ver = 0; ver < sizeof(is_zip_212); ver++) {
|
||||
TestWallet wallet;
|
||||
LOCK2(cs_main, wallet.cs_wallet);
|
||||
|
||||
|
@ -1057,7 +1057,7 @@ TEST(WalletTests, SpentSaplingNoteIsFromMe) {
|
|||
auto pk = sk.DefaultAddress();
|
||||
|
||||
// Generate Sapling note A
|
||||
libzcash::SaplingNote note(pk, 50000, leadBytes[ver]);
|
||||
libzcash::SaplingNote note(pk, 50000, is_zip_212[ver]);
|
||||
auto cm = note.cmu().get();
|
||||
SaplingMerkleTree saplingTree;
|
||||
saplingTree.append(cm);
|
||||
|
|
|
@ -1500,7 +1500,7 @@ void CWallet::UpdateSaplingNullifierNoteMapWithTx(CWalletTx& wtx) {
|
|||
|
||||
if (!optDeserialized) {
|
||||
// The transaction would not have entered the wallet unless
|
||||
// its plaintest had been succesfully decrypted previously.
|
||||
// its plaintext had been successfully decrypted previously.
|
||||
assert(false);
|
||||
}
|
||||
|
||||
|
@ -2353,7 +2353,7 @@ boost::optional<std::pair<
|
|||
|
||||
if (!optDeserialized) {
|
||||
// The transaction would not have entered the wallet unless
|
||||
// its plaintest had been succesfully decrypted previously.
|
||||
// its plaintext had been successfully decrypted previously.
|
||||
assert(false);
|
||||
}
|
||||
|
||||
|
@ -2428,7 +2428,7 @@ boost::optional<std::pair<
|
|||
|
||||
if (!optDeserialized) {
|
||||
// The transaction would not have entered the wallet unless
|
||||
// its plaintest had been succesfully decrypted previously.
|
||||
// its plaintext had been successfully decrypted previously.
|
||||
assert(false);
|
||||
}
|
||||
|
||||
|
@ -5068,7 +5068,7 @@ void CWallet::GetFilteredNotes(
|
|||
|
||||
if (!optDeserialized) {
|
||||
// The transaction would not have entered the wallet unless
|
||||
// its plaintest had been succesfully decrypted previously.
|
||||
// its plaintext had been successfully decrypted previously.
|
||||
assert(false);
|
||||
}
|
||||
// We don't need to check the leadbyte here: if wtx exists in
|
||||
|
|
|
@ -45,12 +45,12 @@ uint256 SproutNote::nullifier(const SproutSpendingKey& a_sk) const {
|
|||
SaplingNote::SaplingNote(
|
||||
const SaplingPaymentAddress& address,
|
||||
const uint64_t value,
|
||||
unsigned char _leadByte
|
||||
bool _is_zip_212
|
||||
) : BaseNote(value) {
|
||||
d = address.d;
|
||||
pk_d = address.pk_d;
|
||||
leadByte = _leadByte;
|
||||
if (leadByte == 0x02) {
|
||||
is_zip_212 = _is_zip_212;
|
||||
if (is_zip_212) {
|
||||
// Per ZIP 212, the rseed field is 32 random bytes.
|
||||
rseed = random_uint256();
|
||||
} else {
|
||||
|
@ -159,7 +159,11 @@ SaplingNotePlaintext::SaplingNotePlaintext(
|
|||
{
|
||||
d = note.d;
|
||||
rseed = note.rseed;
|
||||
leadByte = note.leadByte;
|
||||
if (note.get_is_zip_212()) {
|
||||
leadbyte = 0x02;
|
||||
} else {
|
||||
leadbyte = 0x01;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
@ -168,7 +172,10 @@ boost::optional<SaplingNote> SaplingNotePlaintext::note(const SaplingIncomingVie
|
|||
auto addr = ivk.address(d);
|
||||
if (addr) {
|
||||
auto tmp = SaplingNote(d, addr.get().pk_d, value_, rseed);
|
||||
tmp.leadByte = leadByte;
|
||||
tmp.is_zip_212 = false;
|
||||
if (leadbyte == 0x02) {
|
||||
tmp.is_zip_212 = true;
|
||||
}
|
||||
return tmp;
|
||||
} else {
|
||||
return boost::none;
|
||||
|
@ -217,7 +224,7 @@ boost::optional<SaplingNotePlaintext> SaplingNotePlaintext::decrypt(
|
|||
const SaplingNotePlaintext plaintext = *ret;
|
||||
|
||||
// Check leadbyte is allowed at block height
|
||||
if (!plaintext_version_is_valid(params, height, plaintext.leadByte)) {
|
||||
if (!plaintext_version_is_valid(params, height, plaintext.get_leadbyte())) {
|
||||
return boost::none;
|
||||
}
|
||||
|
||||
|
@ -254,7 +261,7 @@ boost::optional<SaplingNotePlaintext> SaplingNotePlaintext::plaintext_checks_wit
|
|||
return boost::none;
|
||||
}
|
||||
|
||||
if (plaintext.leadByte == 0x02) {
|
||||
if (plaintext.get_leadbyte() == 0x02) {
|
||||
// ZIP 212: Check that epk is consistent to prevent against linkability
|
||||
// attacks without relying on the soundness of the SNARK.
|
||||
uint256 expected_epk;
|
||||
|
@ -310,7 +317,7 @@ boost::optional<SaplingNotePlaintext> SaplingNotePlaintext::decrypt(
|
|||
SaplingNotePlaintext plaintext = *ret;
|
||||
|
||||
// Check leadbyte is allowed at block height
|
||||
if (!plaintext_version_is_valid(params, height, plaintext.leadByte)) {
|
||||
if (!plaintext_version_is_valid(params, height, plaintext.get_leadbyte())) {
|
||||
return boost::none;
|
||||
}
|
||||
|
||||
|
@ -352,7 +359,7 @@ boost::optional<SaplingNotePlaintext> SaplingNotePlaintext::plaintext_checks_wit
|
|||
return boost::none;
|
||||
}
|
||||
|
||||
if (plaintext.leadByte == 0x02) {
|
||||
if (plaintext.get_leadbyte() == 0x02) {
|
||||
// ZIP 212: Additionally check that the esk provided to this function
|
||||
// is consistent with the esk we can derive
|
||||
if (esk != plaintext.generate_esk()) {
|
||||
|
@ -429,7 +436,7 @@ SaplingOutCiphertext SaplingOutgoingPlaintext::encrypt(
|
|||
}
|
||||
|
||||
uint256 SaplingNotePlaintext::rcm() const {
|
||||
if (leadByte == 0x02) {
|
||||
if (leadbyte == 0x02) {
|
||||
return PRF_rcm(rseed);
|
||||
} else {
|
||||
return rseed;
|
||||
|
@ -437,7 +444,7 @@ uint256 SaplingNotePlaintext::rcm() const {
|
|||
}
|
||||
|
||||
uint256 SaplingNote::rcm() const {
|
||||
if (leadByte == 0x02) {
|
||||
if (SaplingNote::get_is_zip_212()) {
|
||||
return PRF_rcm(rseed);
|
||||
} else {
|
||||
return rseed;
|
||||
|
@ -445,7 +452,7 @@ uint256 SaplingNote::rcm() const {
|
|||
}
|
||||
|
||||
uint256 SaplingNotePlaintext::generate_esk() const {
|
||||
if (leadByte == 0x02) {
|
||||
if (leadbyte == 0x02) {
|
||||
return PRF_esk(rseed);
|
||||
} else {
|
||||
uint256 esk;
|
||||
|
|
|
@ -42,22 +42,22 @@ public:
|
|||
uint256 nullifier(const SproutSpendingKey& a_sk) const;
|
||||
};
|
||||
|
||||
inline bool plaintext_version_is_valid(const Consensus::Params& params, int height, unsigned char leadByte) {
|
||||
inline bool plaintext_version_is_valid(const Consensus::Params& params, int height, unsigned char leadbyte) {
|
||||
int canopyActivationHeight = params.vUpgrades[Consensus::UPGRADE_CANOPY].nActivationHeight;
|
||||
|
||||
if (height < canopyActivationHeight && leadByte != 0x01) {
|
||||
if (height < canopyActivationHeight && leadbyte != 0x01) {
|
||||
// non-0x01 received before Canopy activation height
|
||||
return false;
|
||||
}
|
||||
if (height >= canopyActivationHeight
|
||||
&& height < canopyActivationHeight + ZIP212_GRACE_PERIOD
|
||||
&& leadByte != 0x01
|
||||
&& leadByte != 0x02)
|
||||
&& leadbyte != 0x01
|
||||
&& leadbyte != 0x02)
|
||||
{
|
||||
// non-{0x01,0x02} received after Canopy activation and before grace period has elapsed
|
||||
return false;
|
||||
}
|
||||
if (height >= canopyActivationHeight + ZIP212_GRACE_PERIOD && leadByte != 0x02) {
|
||||
if (height >= canopyActivationHeight + ZIP212_GRACE_PERIOD && leadbyte != 0x02) {
|
||||
// non-0x02 received past (Canopy activation height + grace period)
|
||||
return false;
|
||||
}
|
||||
|
@ -68,7 +68,7 @@ class SaplingNote : public BaseNote {
|
|||
private:
|
||||
uint256 rseed;
|
||||
friend class SaplingNotePlaintext;
|
||||
unsigned char leadByte;
|
||||
bool is_zip_212 = false; // whether the note was generated using ZIP 212 (activated at Canopy)
|
||||
public:
|
||||
diversifier_t d;
|
||||
uint256 pk_d;
|
||||
|
@ -76,7 +76,7 @@ public:
|
|||
SaplingNote(diversifier_t d, uint256 pk_d, uint64_t value, uint256 rseed)
|
||||
: BaseNote(value), d(d), pk_d(pk_d), rseed(rseed) {}
|
||||
|
||||
SaplingNote(const SaplingPaymentAddress &address, uint64_t value, unsigned char leadByte);
|
||||
SaplingNote(const SaplingPaymentAddress &address, uint64_t value, bool is_zip_212);
|
||||
|
||||
virtual ~SaplingNote() {};
|
||||
|
||||
|
@ -84,8 +84,8 @@ public:
|
|||
boost::optional<uint256> nullifier(const SaplingFullViewingKey &vk, const uint64_t position) const;
|
||||
uint256 rcm() const;
|
||||
|
||||
unsigned char get_lead_byte() const {
|
||||
return leadByte;
|
||||
bool get_is_zip_212() const {
|
||||
return is_zip_212;
|
||||
}
|
||||
};
|
||||
|
||||
|
@ -120,10 +120,10 @@ public:
|
|||
|
||||
template <typename Stream, typename Operation>
|
||||
inline void SerializationOp(Stream& s, Operation ser_action) {
|
||||
unsigned char leadByte = 0x00;
|
||||
READWRITE(leadByte);
|
||||
unsigned char leadbyte = 0x00;
|
||||
READWRITE(leadbyte);
|
||||
|
||||
if (leadByte != 0x00) {
|
||||
if (leadbyte != 0x00) {
|
||||
throw std::ios_base::failure("lead byte of SproutNotePlaintext is not recognized");
|
||||
}
|
||||
|
||||
|
@ -150,7 +150,7 @@ typedef std::pair<SaplingEncCiphertext, SaplingNoteEncryption> SaplingNotePlaint
|
|||
class SaplingNotePlaintext : public BaseNotePlaintext {
|
||||
private:
|
||||
uint256 rseed;
|
||||
unsigned char leadByte;
|
||||
unsigned char leadbyte;
|
||||
public:
|
||||
diversifier_t d;
|
||||
|
||||
|
@ -213,7 +213,7 @@ public:
|
|||
|
||||
template <typename Stream, typename Operation>
|
||||
inline void SerializationOp(Stream& s, Operation ser_action) {
|
||||
READWRITE(leadByte); // 1 byte
|
||||
READWRITE(leadbyte); // 1 byte
|
||||
READWRITE(d); // 11 bytes
|
||||
READWRITE(value_); // 8 bytes
|
||||
READWRITE(rseed); // 32 bytes
|
||||
|
@ -224,8 +224,8 @@ public:
|
|||
|
||||
uint256 rcm() const;
|
||||
uint256 generate_esk() const;
|
||||
unsigned char get_lead_byte() const {
|
||||
return leadByte;
|
||||
unsigned char get_leadbyte() const {
|
||||
return leadbyte;
|
||||
}
|
||||
};
|
||||
|
||||
|
|
|
@ -594,7 +594,7 @@ double benchmark_create_sapling_spend()
|
|||
auto sk = libzcash::SaplingSpendingKey::random();
|
||||
auto expsk = sk.expanded_spending_key();
|
||||
auto address = sk.default_address();
|
||||
SaplingNote note(address, GetRand(MAX_MONEY), 0x01);
|
||||
SaplingNote note(address, GetRand(MAX_MONEY), false);
|
||||
SaplingMerkleTree tree;
|
||||
auto maybe_cmu = note.cmu();
|
||||
tree.append(maybe_cmu.get());
|
||||
|
@ -647,7 +647,7 @@ double benchmark_create_sapling_output()
|
|||
auto address = sk.default_address();
|
||||
|
||||
std::array<unsigned char, ZC_MEMO_SIZE> memo;
|
||||
SaplingNote note(address, GetRand(MAX_MONEY), 0x01);
|
||||
SaplingNote note(address, GetRand(MAX_MONEY), false);
|
||||
|
||||
libzcash::SaplingNotePlaintext notePlaintext(note, memo);
|
||||
auto res = notePlaintext.encrypt(note.pk_d);
|
||||
|
|
Loading…
Reference in New Issue