Address review comments

Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-05-28 23:37:49 +08:00 · 2021-05-28 23:37:49 +08:00 · d25805a893
parent 70ccff9bd9
commit d25805a893
2 changed files with 8 additions and 5 deletions
--- a/orchard_note.py
+++ b/orchard_note.py
@ -9,6 +9,7 @@ from utils import leos2bsp

 class OrchardNote(object):
    def __init__(self, d, pk_d, v, rho, rseed):
+        assert isinstance(v, int)
        self.d = d
        self.pk_d = pk_d
        self.v = v
--- a/orchard_note_encryption.py
+++ b/orchard_note_encryption.py
@ -1,5 +1,6 @@
 #!/usr/bin/env python3
 import sys; assert sys.version_info[0] >= 3, "Python 3 required."
+import struct

 from chacha20poly1305 import ChaCha20Poly1305
 import os
@ -126,19 +127,20 @@ class TransmittedNoteCipherText(object):
        assert(leadbyte == 2)
        np = OrchardNotePlaintext(
            p_enc[1:12],   # d
-            struct.unpack('<Q', p_enc[12:20]),  # v
+            struct.unpack('<Q', p_enc[12:20])[0],  # v
            p_enc[20:52],  # rseed
            p_enc[52:564], # memo
        )

        g_d = diversify_hash(np.d)
-        pk_d = OrchardKeyAgreement.derive_public(ivk, g_d)
-        note = OrchardNote(np.d, pk_d, np.v, rho, np.rseed)

        esk = OrchardKeyAgreement.esk(np.rseed, rho)
        if OrchardKeyAgreement.derive_public(esk, g_d) != epk:
            return None

+        pk_d = OrchardKeyAgreement.derive_public(ivk, g_d)
+        note = OrchardNote(np.d, pk_d, np.v, rho, np.rseed)
+
        cm = note.note_commitment()
        if cm is None:
            return None
@ -152,6 +154,7 @@ class TransmittedNoteCipherText(object):
        # and to decode epk from it. That is required for consensus compatibility
        # in Sapling decryption before ZIP 216, but the reverse is okay here
        # because Pallas points have no non-canonical encodings.
+        ephemeral_key = bytes(self.epk)
        ock = prf_ock_orchard(ovk, bytes(cv), bytes(cm_star), bytes(self.epk))
        op = OrchardSym.decrypt(ock, self.c_out)
        if op is None:
@ -164,7 +167,6 @@ class TransmittedNoteCipherText(object):
            return None

        shared_secret = OrchardKeyAgreement.agree(esk, pk_d)
-        ephemeral_key = bytes(self.epk)
        k_enc = kdf_orchard(shared_secret, ephemeral_key)
        p_enc = OrchardSym.decrypt(k_enc, self.c_enc)
        if p_enc is None:
@ -174,7 +176,7 @@ class TransmittedNoteCipherText(object):
        assert(leadbyte == 2)
        np = OrchardNotePlaintext(
            p_enc[1:12],   # d
-            struct.unpack('<Q', p_enc[12:20]),  # v
+            struct.unpack('<Q', p_enc[12:20])[0],  # v
            p_enc[20:52],  # rseed
            p_enc[52:564], # memo
        )