zec
/
librustzcash
mirror of https://github.com/zcash/librustzcash.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Fix the byte length of Sapling and Transparent UFVK components.

This commit is contained in:
Kris Nuttycombe 2021-12-01 18:57:08 -07:00
parent 7e629db29f
commit 2ffe5963a1
3 changed files with 80 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
components/zcash_address/proptest-regressions/kind/unified/fvk.txt Normal file
View File

@ -0,0 +1,7 @@
# Seeds for failure cases proptest has generated in the past. It is
# automatically read and these particular cases re-run before any
# novel cases are generated.
#
# It is recommended to check this file in to source control so that
# everyone who runs the test benefits from these saved cases.
cc e104d5971b8fa530680706dab1f954d27650407285c4d78f3c8428fe20c8f008 # shrinks to network = Main, ufvk = Ufvk([Sapling([0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]), Orchard([0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 7, 199, 56, 71, 87, 43, 196, 81, 100, 9, 151, 208, 145, 131, 104, 86, 105, 222, 242, 35, 138, 199, 195, 23, 165, 218, 165, 79, 239, 183, 228, 111, 72, 26, 242, 158, 79, 109, 240, 47, 52, 59, 46, 164, 181, 240, 159, 234, 120, 160, 214, 6, 235, 69, 147, 88, 78, 48, 20, 53, 243, 221, 39, 208, 139, 21, 211, 238, 118, 101, 5, 77, 77, 29, 176, 157, 151, 6, 72])])

83
components/zcash_address/src/kind/unified/fvk.rs
View File

@ -16,11 +16,14 @@ pub enum Fvk {
/// Data contained within the Sapling component of a Unified Full Viewing Key
///
/// `(ak, nk, ovk)` each 32 bytes.
Sapling([u8; 96]),
/// `(ak, nk, ovk, dk)` each 32 bytes.
Sapling([u8; 128]),
/// The extended public key for the BIP 44 account corresponding to the transparent
/// address subtree from which transparent addresses are derived.
/// A pruned version of the extended public key for the BIP 44 account corresponding to the
/// transparent address subtree from which transparent addresses are derived. This
/// includes just the chain code (32 bytes) and the public key (33 bytes) and excludes
/// the depth of in the derivation tree, the parent key fingerprint, and the child key
/// number (which would reveal the wallet account number for which this UFVK was generated).
///
/// Transparent addresses don't have "viewing keys" - the addresses themselves serve
/// that purpose. However, we want the ability to derive diversified Unified Addresses
@ -29,7 +32,7 @@ pub enum Fvk {
/// the BIP 44 derivation path as the "transparent viewing key"; all addresses derived
/// from this node use non-hardened derivation, and can thus be derived just from this
/// extended public key.
P2pkh([u8; 78]),
P2pkh([u8; 65]),
Unknown {
typecode: u32,
@ -144,37 +147,50 @@ mod tests {
};
prop_compose! {
fn uniform96()(a in uniform32(0u8..), b in uniform32(0u8..), c in uniform32(0u8..)) -> [u8; 96] {
let mut fvk = [0; 96];
fn uniform128()(a in uniform32(0u8..), b in uniform32(0u8..), c in uniform32(0u8..), d in uniform32(0u8..)) -> [u8; 128] {
let mut fvk = [0; 128];
fvk[..32].copy_from_slice(&a);
fvk[32..64].copy_from_slice(&b);
fvk[64..].copy_from_slice(&c);
fvk[64..96].copy_from_slice(&c);
fvk[96..].copy_from_slice(&d);
fvk
}
}
prop_compose! {
fn uniform78()(a in uniform96()) -> [u8; 78] {
let mut c = [0; 78];
c[..78].copy_from_slice(&a[..78]);
c
fn uniform96()(a in uniform128()) -> [u8; 96] {
let mut fvk = [0; 96];
fvk[..96].copy_from_slice(&a[..96]);
fvk
}
}
fn arb_shielded_fvk() -> BoxedStrategy<Vec<Fvk>> {
prop_compose! {
fn uniform65()(a in uniform96()) -> [u8; 65] {
let mut fvk = [0; 65];
fvk[..65].copy_from_slice(&a[..65]);
fvk
}
}
pub fn arb_orchard_fvk() -> impl Strategy<Value = Fvk> {
uniform96().prop_map(Fvk::Orchard)
}
pub fn arb_sapling_fvk() -> impl Strategy<Value = Fvk> {
uniform128().prop_map(Fvk::Sapling)
}
fn arb_shielded_fvk() -> impl Strategy<Value = Vec<Fvk>> {
prop_oneof![
vec![uniform96().prop_map(Fvk::Sapling)],
vec![uniform96().prop_map(Fvk::Orchard)],
vec![
uniform96().prop_map(Fvk::Orchard as fn([u8; 96]) -> Fvk),
uniform96().prop_map(Fvk::Sapling)
],
vec![arb_sapling_fvk().boxed()],
vec![arb_orchard_fvk().boxed()],
vec![arb_orchard_fvk().boxed(), arb_sapling_fvk().boxed()],
]
.boxed()
}
fn arb_transparent_fvk() -> BoxedStrategy<Fvk> {
uniform78().prop_map(Fvk::P2pkh).boxed()
uniform65().prop_map(Fvk::P2pkh).boxed()
}
prop_compose! {
@ -288,7 +304,7 @@ mod tests {
fn duplicate_typecode() {
// Construct and serialize an invalid Ufvk. This must be done using private
// methods, as the public API does not permit construction of such invalid values.
let ufvk = Ufvk(vec![Fvk::Sapling([1; 96]), Fvk::Sapling([2; 96])]);
let ufvk = Ufvk(vec![Fvk::Sapling([1; 128]), Fvk::Sapling([2; 128])]);
let encoded = ufvk.to_bytes(&Ufvk::MAINNET);
assert_eq!(
Ufvk::parse_items(&Ufvk::MAINNET, &encoded[..]).and_then(Ufvk::try_from_items),
@ -298,15 +314,14 @@ mod tests {
#[test]
fn only_transparent() {
// Raw encoding of `Ufvk(vec![Fvk::P2pkh([0; 78])])`.
// Raw encoding of `Ufvk(vec![Fvk::P2pkh([0; 65])])`.
let encoded = vec![
0xce, 0x3b, 0x36, 0xd9, 0x15, 0xf4, 0xc0, 0x78, 0x86, 0xf8, 0x21, 0xb6, 0x9a, 0xef,
0x40, 0x6d, 0xe6, 0x4d, 0xbd, 0x17, 0x8c, 0x7a, 0xa5, 0x4b, 0xd7, 0x0, 0x8d, 0x64, 0x2,
0x1a, 0x8, 0xd0, 0xbb, 0xcd, 0x65, 0xe2, 0x16, 0xba, 0x63, 0x7a, 0x3f, 0xf5, 0x7b,
0xe2, 0xff, 0x80, 0x5d, 0x42, 0xf7, 0x1, 0x8b, 0x1c, 0xd8, 0x31, 0x3, 0x36, 0xe9, 0x30,
0x9b, 0x46, 0xfd, 0x47, 0x9c, 0xce, 0x35, 0xdf, 0xb6, 0x24, 0xdc, 0x65, 0x25, 0x5b,
0xc4, 0xc5, 0x22, 0xe9, 0x4, 0x24, 0xe9, 0x8, 0x71, 0x27, 0x8, 0xc3, 0xa5, 0xff, 0x84,
0xf9, 0xfb, 0xf4, 0xa2, 0x8c, 0x27, 0xcc, 0x78, 0xcf,
0xc4, 0x70, 0xc8, 0x7a, 0xcc, 0xe6, 0x6b, 0x1a, 0x62, 0xc7, 0xcd, 0x5f, 0x76, 0xd8,
0xcc, 0x9c, 0x50, 0xbd, 0xce, 0x85, 0x80, 0xd7, 0x78, 0x25, 0x3e, 0x47, 0x9, 0x57,
0x7d, 0x6a, 0xdb, 0x10, 0xb4, 0x11, 0x80, 0x13, 0x4c, 0x83, 0x76, 0xb4, 0x6b, 0xbd,
0xef, 0x83, 0x5c, 0xa7, 0x68, 0xe6, 0xba, 0x41, 0x12, 0xbd, 0x43, 0x24, 0xf5, 0xaa,
0xa0, 0xf5, 0xf8, 0xe1, 0x59, 0xa0, 0x95, 0x85, 0x86, 0xf1, 0x9e, 0xcf, 0x8f, 0x94,
0xf4, 0xf5, 0x16, 0xef, 0x5c, 0xe0, 0x26, 0xbc, 0x23, 0x73, 0x76, 0x3f, 0x4b,
];
assert_eq!(
@ -319,13 +334,13 @@ mod tests {
fn fvks_are_sorted() {
// Construct a UFVK with fvks in an unsorted order.
let ufvk = Ufvk(vec![
Fvk::P2pkh([0; 78]),
Fvk::P2pkh([0; 65]),
Fvk::Orchard([0; 96]),
Fvk::Unknown {
typecode: 0xff,
data: vec![],
},
Fvk::Sapling([0; 96]),
Fvk::Sapling([0; 128]),
]);
// `Ufvk::items` sorts the fvks in priority order.
@ -333,8 +348,8 @@ mod tests {
ufvk.items(),
vec![
Fvk::Orchard([0; 96]),
Fvk::Sapling([0; 96]),
Fvk::P2pkh([0; 78]),
Fvk::Sapling([0; 128]),
Fvk::P2pkh([0; 65]),
Fvk::Unknown {
typecode: 0xff,
data: vec![],

46
components/zcash_address/src/kind/unified/ivk.rs
View File

@ -23,8 +23,12 @@ pub enum Ivk {
/// `(dk, ivk)` each 32 bytes.
Sapling([u8; 64]),
/// The extended public key for the BIP 44 account corresponding to the transparent
/// address subtree from which transparent addresses are derived.
/// A pruned version of the extended public key for the BIP 44 account corresponding to the
/// transparent address subtree from which transparent addresses are derived,
/// at the external `change` BIP 44 path, i.e. `m/44'/133'/<account_id>'/0`. This
/// includes just the chain code (32 bytes) and the public key (33 bytes) and excludes
/// the depth of in the derivation tree, the parent key fingerprint, and the child key
/// number (which would reveal the wallet account number for which this UFVK was generated).
///
/// Transparent addresses don't have "viewing keys" - the addresses themselves serve
/// that purpose. However, we want the ability to derive diversified Unified Addresses
@ -33,7 +37,7 @@ pub enum Ivk {
/// the BIP 44 derivation path as the "transparent viewing key"; all addresses derived
/// from this node use non-hardened derivation, and can thus be derived just from this
/// extended public key.
P2pkh([u8; 78]),
P2pkh([u8; 65]),
Unknown {
typecode: u32,
@ -140,7 +144,7 @@ mod tests {
use assert_matches::assert_matches;
use proptest::{
array::{uniform14, uniform32},
array::{uniform1, uniform32},
prelude::*,
sample::select,
};
@ -161,15 +165,15 @@ mod tests {
}
prop_compose! {
fn uniform78()(a in uniform14(0u8..), b in uniform64()) -> [u8; 78] {
let mut c = [0; 78];
c[..14].copy_from_slice(&a);
c[14..].copy_from_slice(&b);
fn uniform65()(a in uniform1(0u8..), b in uniform64()) -> [u8; 65] {
let mut c = [0; 65];
c[..1].copy_from_slice(&a);
c[1..].copy_from_slice(&b);
c
}
}
fn arb_shielded_ivk() -> BoxedStrategy<Vec<Ivk>> {
fn arb_shielded_ivk() -> impl Strategy<Value = Vec<Ivk>> {
prop_oneof![
vec![uniform64().prop_map(Ivk::Sapling)],
vec![uniform64().prop_map(Ivk::Orchard)],
@ -178,11 +182,10 @@ mod tests {
uniform64().prop_map(Ivk::Sapling)
],
]
.boxed()
}
fn arb_transparent_ivk() -> BoxedStrategy<Ivk> {
uniform78().prop_map(Ivk::P2pkh).boxed()
fn arb_transparent_ivk() -> impl Strategy<Value = Ivk> {
uniform65().prop_map(Ivk::P2pkh)
}
prop_compose! {
@ -295,15 +298,14 @@ mod tests {
#[test]
fn only_transparent() {
// Raw Encoding of `Uivk(vec![Ivk::P2pkh([0; 78])])`.
// Raw Encoding of `Uivk(vec![Ivk::P2pkh([0; 65])])`.
let encoded = vec![
0xda, 0x41, 0xe7, 0x2b, 0xae, 0x1e, 0x95, 0x89, 0x0, 0xac, 0x28, 0x68, 0xb8, 0x50,
0x71, 0x20, 0xa8, 0xfd, 0xdf, 0x29, 0x74, 0x3f, 0x34, 0x4f, 0xbc, 0x28, 0xe8, 0x29,
0xe6, 0xee, 0x43, 0x74, 0xb, 0xea, 0x55, 0xd1, 0x58, 0xba, 0xb4, 0x71, 0x40, 0x6a,
0x79, 0x91, 0xa4, 0x1e, 0x1e, 0x5f, 0xdf, 0x19, 0x42, 0xa3, 0xb0, 0x87, 0x8c, 0x3, 0x9,
0xed, 0xc, 0x7a, 0x63, 0xa, 0x74, 0xbf, 0x30, 0xf5, 0xbb, 0xf2, 0x6f, 0xc, 0x89, 0xb2,
0xf8, 0xda, 0xa1, 0xff, 0x84, 0xc2, 0xa, 0x89, 0x3, 0x8d, 0xf7, 0x0, 0x59, 0x63, 0xb1,
0xfc, 0x13, 0x68, 0xc0, 0x32, 0x9a, 0x26, 0x10, 0x15,
0x12, 0x51, 0x37, 0xc7, 0xac, 0x8c, 0xd, 0x13, 0x3a, 0x5f, 0xc6, 0x84, 0x53, 0x90,
0xf8, 0xe7, 0x23, 0x34, 0xfb, 0xda, 0x49, 0x3c, 0x87, 0x1c, 0x8f, 0x1a, 0xe1, 0x63,
0xba, 0xdf, 0x77, 0x64, 0x43, 0xcf, 0xdc, 0x37, 0x1f, 0xd2, 0x89, 0x60, 0xe3, 0x77,
0x20, 0xd0, 0x1c, 0x5, 0x40, 0xe5, 0x43, 0x55, 0xc4, 0xe5, 0xf8, 0xaa, 0xe, 0x7a, 0xe7,
0x8c, 0x53, 0x15, 0xb8, 0x8f, 0x90, 0x14, 0x33, 0x30, 0x52, 0x2b, 0x8, 0x89, 0x90,
0xbd, 0xfe, 0xa4, 0xb7, 0x47, 0x20, 0x92, 0x6, 0xf0, 0x0, 0xf9, 0x64,
];
assert_eq!(
@ -316,7 +318,7 @@ mod tests {
fn ivks_are_sorted() {
// Construct a UIVK with ivks in an unsorted order.
let uivk = Uivk(vec![
Ivk::P2pkh([0; 78]),
Ivk::P2pkh([0; 65]),
Ivk::Orchard([0; 64]),
Ivk::Unknown {
typecode: 0xff,
@ -331,7 +333,7 @@ mod tests {
vec![
Ivk::Orchard([0; 64]),
Ivk::Sapling([0; 64]),
Ivk::P2pkh([0; 78]),
Ivk::P2pkh([0; 65]),
Ivk::Unknown {
typecode: 0xff,
data: vec![],