Make cmstar check follow the spec more closely.

2021-04-14 09:24:42 -06:00 · 2021-04-14 09:24:42 -06:00 · 00d04de547
parent 12cb8265d8
commit 00d04de547
2 changed files with 11 additions and 8 deletions
--- a/components/zcash_note_encryption/src/lib.rs
+++ b/components/zcash_note_encryption/src/lib.rs
@ -5,6 +5,7 @@

 use crypto_api_chachapoly::{ChaCha20Ietf, ChachaPolyIetf};
 use rand_core::RngCore;
+use std::convert::TryFrom;
 use subtle::{Choice, ConstantTimeEq};

 pub const COMPACT_NOTE_SIZE: usize = 1 + // version
@ -74,7 +75,7 @@ pub trait Domain {
    type OutgoingViewingKey;
    type ValueCommitment;
    type NoteCommitment;
-    type ExtractedCommitment: Eq;
+    type ExtractedCommitment: Eq + TryFrom<Self::NoteCommitment>;
    type Memo;

    fn derive_esk(note: &Self::Note) -> Option<Self::EphemeralSecretKey>;
@ -126,7 +127,7 @@ pub trait Domain {
        check: F,
    ) -> NoteValidity;

-    fn extract_note_commitment(note: &Self::Note) -> Self::ExtractedCommitment;
+    fn note_commitment(note: &Self::Note) -> Self::NoteCommitment;

    fn parse_note_plaintext_without_memo_ivk(
        &self,
@ -383,10 +384,9 @@ fn check_note_validity<D: Domain>(
    epk: &D::EphemeralPublicKey,
    cmstar: &D::ExtractedCommitment,
 ) -> NoteValidity {
-    if &D::extract_note_commitment(&note) != cmstar {
-        // Published commitment doesn't match calculated commitment
-        NoteValidity::Invalid
-    } else {
+    if D::ExtractedCommitment::try_from(D::note_commitment(&note))
+        .map_or(false, |cs| &cs == cmstar)
+    {
        let epk_bytes = D::epk_bytes(epk);
        D::check_epk_bytes(&note, |derived_esk| {
            if D::epk_bytes(&D::ka_derive_public(&note, &derived_esk))
@ -398,6 +398,9 @@ fn check_note_validity<D: Domain>(
                NoteValidity::Invalid
            }
        })
+    } else {
+        // Published commitment doesn't match calculated commitment
+        NoteValidity::Invalid
    }
 }

--- a/zcash_primitives/src/sapling/note_encryption.rs
+++ b/zcash_primitives/src/sapling/note_encryption.rs
@ -265,8 +265,8 @@ impl<P: consensus::Parameters> Domain for SaplingDomain<P> {
        })
    }

-    fn extract_note_commitment(note: &Self::Note) -> Self::ExtractedCommitment {
-        note.cmu().to_bytes()
+    fn note_commitment(note: &Self::Note) -> Self::NoteCommitment {
+        note.cmu()
    }

    fn extract_pk_d(op: &[u8; OUT_CIPHERTEXT_SIZE]) -> Option<Self::DiversifiedTransmissionKey> {