zec
/
librustzcash
mirror of https://github.com/zcash/librustzcash.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #65 from str4d/general-refactor 

Initial primitives refactor
This commit is contained in:
str4d 2019-03-08 09:01:47 +13:00 committed by GitHub
parent c57a31e82e 3d39706aee
commit e4187f07ff
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
15 changed files with 290 additions and 112 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Cargo.lock generated
View File

@ -230,6 +230,7 @@ dependencies = [
"pairing 0.14.2",
"rand 0.4.2 (registry+https://github.com/rust-lang/crates.io-index)",
"sapling-crypto 0.0.1",
"zcash_primitives 0.0.0",
"zcash_proofs 0.0.0",
"zip32 0.0.0",
]
@ -445,6 +446,7 @@ name = "zcash_proofs"
version = "0.0.0"
dependencies = [
"bellman 0.1.0",
"blake2-rfc 0.2.18 (git+https://github.com/gtank/blake2-rfc?rev=7a5b5fc99ae483a0043db7547fb79a6fa44b88a9)",
"byteorder 1.2.2 (registry+https://github.com/rust-lang/crates.io-index)",
"ff 0.4.0",
"pairing 0.14.2",
@ -465,9 +467,9 @@ dependencies = [
"byteorder 1.2.2 (registry+https://github.com/rust-lang/crates.io-index)",
"ff 0.4.0",
"fpe 0.1.0 (registry+https://github.com/rust-lang/crates.io-index)",
"lazy_static 1.0.0 (registry+https://github.com/rust-lang/crates.io-index)",
"pairing 0.14.2",
"sapling-crypto 0.0.1",
"zcash_primitives 0.0.0",
]
[metadata]

1
librustzcash/Cargo.toml
View File

@ -22,6 +22,7 @@ lazy_static = "1"
byteorder = "1"
rand = "0.4"
sapling-crypto = { path = "../sapling-crypto" }
zcash_primitives = { path = "../zcash_primitives" }
zcash_proofs = { path = "../zcash_proofs" }
zip32 = { path = "../zip32" }

113
librustzcash/src/rustzcash.rs
View File

@ -6,12 +6,10 @@ extern crate libc;
extern crate pairing;
extern crate rand;
extern crate sapling_crypto;
extern crate zcash_primitives;
extern crate zcash_proofs;
extern crate zip32;
mod hashreader;
#[macro_use]
extern crate lazy_static;
use ff::{BitIterator, PrimeField, PrimeFieldRepr};
@ -23,7 +21,7 @@ use sapling_crypto::{
jubjub::{
edwards,
fs::{Fs, FsRepr},
FixedGenerators, JubjubBls12, JubjubEngine, JubjubParams, PrimeOrder, ToUniform, Unknown,
FixedGenerators, JubjubEngine, JubjubParams, PrimeOrder, ToUniform, Unknown,
},
pedersen_hash::{pedersen_hash, Personalization},
redjubjub::{self, Signature},
@ -33,8 +31,7 @@ use sapling_crypto::circuit::sapling::TREE_DEPTH as SAPLING_TREE_DEPTH;
use sapling_crypto::circuit::sprout::{self, TREE_DEPTH as SPROUT_TREE_DEPTH};
use bellman::groth16::{
create_random_proof, prepare_verifying_key, verify_proof, Parameters, PreparedVerifyingKey,
Proof, VerifyingKey,
create_random_proof, verify_proof, Parameters, PreparedVerifyingKey, Proof,
};
use blake2_rfc::blake2s::Blake2s;
@ -42,7 +39,7 @@ use blake2_rfc::blake2s::Blake2s;
use byteorder::{LittleEndian, ReadBytesExt, WriteBytesExt};
use rand::{OsRng, Rng};
use std::io::{self, BufReader};
use std::io::BufReader;
use libc::{c_char, c_uchar, int64_t, size_t, uint32_t, uint64_t};
use std::ffi::CStr;
@ -61,8 +58,10 @@ use std::ffi::OsString;
use std::os::windows::ffi::OsStringExt;
use sapling_crypto::primitives::{ProofGenerationKey, ViewingKey};
use zcash_proofs::sapling::{
CommitmentTreeWitness, SaplingProvingContext, SaplingVerificationContext,
use zcash_primitives::{sapling::spend_sig, JUBJUB};
use zcash_proofs::{
load_parameters,
sapling::{CommitmentTreeWitness, SaplingProvingContext, SaplingVerificationContext},
};
pub mod equihash;
@ -70,10 +69,6 @@ pub mod equihash;
#[cfg(test)]
mod tests;
lazy_static! {
static ref JUBJUB: JubjubBls12 = { JubjubBls12::new() };
}
static mut SAPLING_SPEND_VK: Option<PreparedVerifyingKey<Bls12>> = None;
static mut SAPLING_OUTPUT_VK: Option<PreparedVerifyingKey<Bls12>> = None;
static mut SPROUT_GROTH16_VK: Option<PreparedVerifyingKey<Bls12>> = None;
@ -199,70 +194,25 @@ fn init_zksnark_params(
let spend_hash = unsafe { CStr::from_ptr(spend_hash) }
.to_str()
.expect("hash should be a valid string")
.to_string();
.expect("hash should be a valid string");
let output_hash = unsafe { CStr::from_ptr(output_hash) }
.to_str()
.expect("hash should be a valid string")
.to_string();
.expect("hash should be a valid string");
let sprout_hash = unsafe { CStr::from_ptr(sprout_hash) }
.to_str()
.expect("hash should be a valid string")
.to_string();
.expect("hash should be a valid string");
// Load from each of the paths
let spend_fs = File::open(spend_path).expect("couldn't load Sapling spend parameters file");
let output_fs = File::open(output_path).expect("couldn't load Sapling output parameters file");
let sprout_fs = File::open(sprout_path).expect("couldn't load Sprout groth16 parameters file");
let mut spend_fs = hashreader::HashReader::new(BufReader::with_capacity(1024 * 1024, spend_fs));
let mut output_fs =
hashreader::HashReader::new(BufReader::with_capacity(1024 * 1024, output_fs));
let mut sprout_fs =
hashreader::HashReader::new(BufReader::with_capacity(1024 * 1024, sprout_fs));
// Deserialize params
let spend_params = Parameters::<Bls12>::read(&mut spend_fs, false)
.expect("couldn't deserialize Sapling spend parameters file");
let output_params = Parameters::<Bls12>::read(&mut output_fs, false)
.expect("couldn't deserialize Sapling spend parameters file");
// We only deserialize the verifying key for the Sprout parameters, which
// appears at the beginning of the parameter file. The rest is loaded
// during proving time.
let sprout_vk = VerifyingKey::<Bls12>::read(&mut sprout_fs)
.expect("couldn't deserialize Sprout Groth16 verifying key");
// There is extra stuff (the transcript) at the end of the parameter file which is
// used to verify the parameter validity, but we're not interested in that. We do
// want to read it, though, so that the BLAKE2b computed afterward is consistent
// with `b2sum` on the files.
let mut sink = io::sink();
io::copy(&mut spend_fs, &mut sink)
.expect("couldn't finish reading Sapling spend parameter file");
io::copy(&mut output_fs, &mut sink)
.expect("couldn't finish reading Sapling output parameter file");
io::copy(&mut sprout_fs, &mut sink)
.expect("couldn't finish reading Sprout groth16 parameter file");
if spend_fs.into_hash() != spend_hash {
panic!("Sapling spend parameter file is not correct, please clean your `~/.zcash-params/` and re-run `fetch-params`.");
}
if output_fs.into_hash() != output_hash {
panic!("Sapling output parameter file is not correct, please clean your `~/.zcash-params/` and re-run `fetch-params`.");
}
if sprout_fs.into_hash() != sprout_hash {
panic!("Sprout groth16 parameter file is not correct, please clean your `~/.zcash-params/` and re-run `fetch-params`.");
}
// Prepare verifying keys
let spend_vk = prepare_verifying_key(&spend_params.vk);
let output_vk = prepare_verifying_key(&output_params.vk);
let sprout_vk = prepare_verifying_key(&sprout_vk);
// Load params
let (spend_params, spend_vk, output_params, output_vk, sprout_vk) = load_parameters(
spend_path,
spend_hash,
output_path,
output_hash,
Some(sprout_path),
Some(sprout_hash),
);
// Caller is responsible for calling this function once, so
// these global mutations are safe.
@ -273,7 +223,7 @@ fn init_zksnark_params(
SAPLING_SPEND_VK = Some(spend_vk);
SAPLING_OUTPUT_VK = Some(output_vk);
SPROUT_GROTH16_VK = Some(sprout_vk);
SPROUT_GROTH16_VK = Some(sprout_vk.unwrap());
}
}
@ -1069,27 +1019,8 @@ pub extern "system" fn librustzcash_sapling_spend_sig(
Err(_) => return false,
};
// We compute `rsk`...
let rsk = ask.randomize(ar);
// We compute `rk` from there (needed for key prefixing)
let rk =
redjubjub::PublicKey::from_private(&rsk, FixedGenerators::SpendingKeyGenerator, &JUBJUB);
// Compute the signature's message for rk/spend_auth_sig
let mut data_to_be_signed = [0u8; 64];
rk.0.write(&mut data_to_be_signed[0..32])
.expect("message buffer should be 32 bytes");
(&mut data_to_be_signed[32..64]).copy_from_slice(&(unsafe { &*sighash })[..]);
// Do the signing
let mut rng = OsRng::new().expect("should be able to construct RNG");
let sig = rsk.sign(
&data_to_be_signed,
&mut rng,
FixedGenerators::SpendingKeyGenerator,
&JUBJUB,
);
let sig = spend_sig(ask, ar, unsafe { &*sighash }, &JUBJUB);
// Write out the signature
sig.write(&mut (unsafe { &mut *result })[..])

1
sapling-crypto/src/jubjub/edwards.rs
View File

@ -25,6 +25,7 @@ use std::io::{
//
// See "Twisted Edwards Curves Revisited"
// Huseyin Hisil, Kenneth Koon-Ho Wong, Gary Carter, and Ed Dawson
#[derive(Debug)]
pub struct Point<E: JubjubEngine, Subgroup> {
x: E::Fr,
y: E::Fr,

1
sapling-crypto/src/jubjub/mod.rs
View File

@ -43,6 +43,7 @@ pub mod fs;
pub mod tests;
/// Point of unknown order.
#[derive(Debug)]
pub enum Unknown { }
/// Point of prime order.

3
sapling-crypto/src/redjubjub.rs
View File

@ -29,7 +29,7 @@ fn h_star<E: JubjubEngine>(a: &[u8], b: &[u8]) -> E::Fs {
hash_to_scalar::<E>(b"Zcash_RedJubjubH", a, b)
}
#[derive(Copy, Clone)]
#[derive(Copy, Clone, Debug)]
pub struct Signature {
rbar: [u8; 32],
sbar: [u8; 32],
@ -37,6 +37,7 @@ pub struct Signature {
pub struct PrivateKey<E: JubjubEngine>(pub E::Fs);
#[derive(Debug)]
pub struct PublicKey<E: JubjubEngine>(pub Point<E, Unknown>);
impl Signature {

3
zcash_primitives/src/lib.rs
View File

@ -10,9 +10,10 @@ extern crate sapling_crypto;
use sapling_crypto::jubjub::JubjubBls12;
pub mod sapling;
mod serialize;
pub mod transaction;
lazy_static! {
static ref JUBJUB: JubjubBls12 = { JubjubBls12::new() };
pub static ref JUBJUB: JubjubBls12 = { JubjubBls12::new() };
}

37
zcash_primitives/src/sapling.rs Normal file
View File

@ -0,0 +1,37 @@
use pairing::bls12_381::Bls12;
use rand::OsRng;
use sapling_crypto::{
jubjub::{fs::Fs, FixedGenerators, JubjubBls12},
redjubjub::{PrivateKey, PublicKey, Signature},
};
/// Create the spendAuthSig for a Sapling SpendDescription.
pub fn spend_sig(
ask: PrivateKey<Bls12>,
ar: Fs,
sighash: &[u8; 32],
params: &JubjubBls12,
) -> Signature {
// Initialize secure RNG
let mut rng = OsRng::new().expect("should be able to construct RNG");
// We compute `rsk`...
let rsk = ask.randomize(ar);
// We compute `rk` from there (needed for key prefixing)
let rk = PublicKey::from_private(&rsk, FixedGenerators::SpendingKeyGenerator, params);
// Compute the signature's message for rk/spend_auth_sig
let mut data_to_be_signed = [0u8; 64];
rk.0.write(&mut data_to_be_signed[0..32])
.expect("message buffer should be 32 bytes");
(&mut data_to_be_signed[32..64]).copy_from_slice(&sighash[..]);
// Do the signing
rsk.sign(
&data_to_be_signed,
&mut rng,
FixedGenerators::SpendingKeyGenerator,
params,
)
}

71
zcash_primitives/src/transaction/components.rs
View File

@ -58,6 +58,7 @@ impl Amount {
}
}
#[derive(Debug)]
pub struct Script(pub Vec<u8>);
impl Script {
@ -71,6 +72,7 @@ impl Script {
}
}
#[derive(Debug)]
pub struct OutPoint {
hash: [u8; 32],
n: u32,
@ -90,6 +92,7 @@ impl OutPoint {
}
}
#[derive(Debug)]
pub struct TxIn {
pub prevout: OutPoint,
script_sig: Script,
@ -116,6 +119,7 @@ impl TxIn {
}
}
#[derive(Debug)]
pub struct TxOut {
value: Amount,
script_pubkey: Script,
@ -144,7 +148,17 @@ pub struct SpendDescription {
pub nullifier: [u8; 32],
pub rk: PublicKey<Bls12>,
pub zkproof: [u8; GROTH_PROOF_SIZE],
pub spend_auth_sig: Signature,
pub spend_auth_sig: Option<Signature>,
}
impl std::fmt::Debug for SpendDescription {
fn fmt(&self, f: &mut std::fmt::Formatter) -> Result<(), std::fmt::Error> {
write!(
f,
"SpendDescription(cv = {:?}, anchor = {:?}, nullifier = {:?}, rk = {:?}, spend_auth_sig = {:?})",
self.cv, self.anchor, self.nullifier, self.rk, self.spend_auth_sig
)
}
}
impl SpendDescription {
@ -180,7 +194,7 @@ impl SpendDescription {
// Consensus rules (§4.4):
// - Canonical encoding is enforced here.
// - Signature validity is enforced in SaplingVerificationContext::check_spend()
let spend_auth_sig = Signature::read(&mut reader)?;
let spend_auth_sig = Some(Signature::read(&mut reader)?);
Ok(SpendDescription {
cv,
@ -198,7 +212,15 @@ impl SpendDescription {
writer.write_all(&self.nullifier)?;
self.rk.write(&mut writer)?;
writer.write_all(&self.zkproof)?;
self.spend_auth_sig.write(&mut writer)
match self.spend_auth_sig {
Some(sig) => sig.write(&mut writer),
None => {
return Err(io::Error::new(
io::ErrorKind::InvalidInput,
"Missing spend auth signature",
))
}
}
}
}
@ -211,6 +233,16 @@ pub struct OutputDescription {
pub zkproof: [u8; GROTH_PROOF_SIZE],
}
impl std::fmt::Debug for OutputDescription {
fn fmt(&self, f: &mut std::fmt::Formatter) -> Result<(), std::fmt::Error> {
write!(
f,
"OutputDescription(cv = {:?}, cmu = {:?}, ephemeral_key = {:?})",
self.cv, self.cmu, self.ephemeral_key
)
}
}
impl OutputDescription {
pub fn read<R: Read>(mut reader: &mut R) -> io::Result<Self> {
// Consensus rules (§4.5):
@ -268,6 +300,15 @@ enum SproutProof {
PHGR([u8; PHGR_PROOF_SIZE]),
}
impl std::fmt::Debug for SproutProof {
fn fmt(&self, f: &mut std::fmt::Formatter) -> Result<(), std::fmt::Error> {
match self {
SproutProof::Groth(_) => write!(f, "SproutProof::Groth"),
SproutProof::PHGR(_) => write!(f, "SproutProof::PHGR"),
}
}
}
pub struct JSDescription {
vpub_old: Amount,
vpub_new: Amount,
@ -281,6 +322,30 @@ pub struct JSDescription {
ciphertexts: [[u8; 601]; ZC_NUM_JS_OUTPUTS],
}
impl std::fmt::Debug for JSDescription {
fn fmt(&self, f: &mut std::fmt::Formatter) -> Result<(), std::fmt::Error> {
write!(
f,
"JSDescription(
vpub_old = {:?}, vpub_new = {:?},
anchor = {:?},
nullifiers = {:?},
commitments = {:?},
ephemeral_key = {:?},
random_seed = {:?},
macs = {:?})",
self.vpub_old,
self.vpub_new,
self.anchor,
self.nullifiers,
self.commitments,
self.ephemeral_key,
self.random_seed,
self.macs
)
}
}
impl JSDescription {
pub fn read<R: Read>(mut reader: R, use_groth: bool) -> io::Result<Self> {
// Consensus rule (§4.3): Canonical encoding is enforced here

36
zcash_primitives/src/transaction/mod.rs
View File

@ -21,6 +21,7 @@ const SAPLING_VERSION_GROUP_ID: u32 = 0x892F2085;
const SAPLING_TX_VERSION: u32 = 4;
/// A Zcash transaction.
#[derive(Debug)]
pub struct Transaction(TransactionData);
impl Deref for Transaction {
@ -48,6 +49,41 @@ pub struct TransactionData {
pub binding_sig: Option<Signature>,
}
impl std::fmt::Debug for TransactionData {
fn fmt(&self, f: &mut std::fmt::Formatter) -> Result<(), std::fmt::Error> {
write!(
f,
"TransactionData(
overwintered = {:?},
version = {:?},
version_group_id = {:?},
vin = {:?},
vout = {:?},
lock_time = {:?},
expiry_height = {:?},
value_balance = {:?},
shielded_spends = {:?},
shielded_outputs = {:?},
joinsplits = {:?},
joinsplit_pubkey = {:?},
binding_sig = {:?})",
self.overwintered,
self.version,
self.version_group_id,
self.vin,
self.vout,
self.lock_time,
self.expiry_height,
self.value_balance,
self.shielded_spends,
self.shielded_outputs,
self.joinsplits,
self.joinsplit_pubkey,
self.binding_sig
)
}
}
impl TransactionData {
pub fn new() -> Self {
TransactionData {

4
zcash_proofs/Cargo.toml
View File

@ -12,3 +12,7 @@ ff = { path = "../ff" }
pairing = { path = "../pairing" }
rand = "0.4"
sapling-crypto = { path = "../sapling-crypto" }
[dependencies.blake2-rfc]
git = "https://github.com/gtank/blake2-rfc"
rev = "7a5b5fc99ae483a0043db7547fb79a6fa44b88a9"

0
librustzcash/src/hashreader.rs → zcash_proofs/src/hashreader.rs
View File

82
zcash_proofs/src/lib.rs
View File

@ -1,8 +1,90 @@
extern crate bellman;
extern crate blake2_rfc;
extern crate byteorder;
extern crate ff;
extern crate pairing;
extern crate rand;
extern crate sapling_crypto;
use bellman::groth16::{prepare_verifying_key, Parameters, PreparedVerifyingKey, VerifyingKey};
use pairing::bls12_381::Bls12;
use std::fs::File;
use std::io::{self, BufReader};
use std::path::Path;
mod hashreader;
pub mod sapling;
pub fn load_parameters(
spend_path: &Path,
spend_hash: &str,
output_path: &Path,
output_hash: &str,
sprout_path: Option<&Path>,
sprout_hash: Option<&str>,
) -> (
Parameters<Bls12>,
PreparedVerifyingKey<Bls12>,
Parameters<Bls12>,
PreparedVerifyingKey<Bls12>,
Option<PreparedVerifyingKey<Bls12>>,
) {
// Load from each of the paths
let spend_fs = File::open(spend_path).expect("couldn't load Sapling spend parameters file");
let output_fs = File::open(output_path).expect("couldn't load Sapling output parameters file");
let sprout_fs =
sprout_path.map(|p| File::open(p).expect("couldn't load Sprout groth16 parameters file"));
let mut spend_fs = hashreader::HashReader::new(BufReader::with_capacity(1024 * 1024, spend_fs));
let mut output_fs =
hashreader::HashReader::new(BufReader::with_capacity(1024 * 1024, output_fs));
let mut sprout_fs =
sprout_fs.map(|fs| hashreader::HashReader::new(BufReader::with_capacity(1024 * 1024, fs)));
// Deserialize params
let spend_params = Parameters::<Bls12>::read(&mut spend_fs, false)
.expect("couldn't deserialize Sapling spend parameters file");
let output_params = Parameters::<Bls12>::read(&mut output_fs, false)
.expect("couldn't deserialize Sapling spend parameters file");
// We only deserialize the verifying key for the Sprout parameters, which
// appears at the beginning of the parameter file. The rest is loaded
// during proving time.
let sprout_vk = sprout_fs.as_mut().map(|mut fs| {
VerifyingKey::<Bls12>::read(&mut fs)
.expect("couldn't deserialize Sprout Groth16 verifying key")
});
// There is extra stuff (the transcript) at the end of the parameter file which is
// used to verify the parameter validity, but we're not interested in that. We do
// want to read it, though, so that the BLAKE2b computed afterward is consistent
// with `b2sum` on the files.
let mut sink = io::sink();
io::copy(&mut spend_fs, &mut sink)
.expect("couldn't finish reading Sapling spend parameter file");
io::copy(&mut output_fs, &mut sink)
.expect("couldn't finish reading Sapling output parameter file");
if let Some(mut sprout_fs) = sprout_fs.as_mut() {
io::copy(&mut sprout_fs, &mut sink)
.expect("couldn't finish reading Sprout groth16 parameter file");
}
if spend_fs.into_hash() != spend_hash {
panic!("Sapling spend parameter file is not correct, please clean your `~/.zcash-params/` and re-run `fetch-params`.");
}
if output_fs.into_hash() != output_hash {
panic!("Sapling output parameter file is not correct, please clean your `~/.zcash-params/` and re-run `fetch-params`.");
}
if sprout_fs.map(|fs| fs.into_hash()) != sprout_hash.map(|h| h.to_owned()) {
panic!("Sprout groth16 parameter file is not correct, please clean your `~/.zcash-params/` and re-run `fetch-params`.");
}
// Prepare verifying keys
let spend_vk = prepare_verifying_key(&spend_params.vk);
let output_vk = prepare_verifying_key(&output_params.vk);
let sprout_vk = sprout_vk.map(|vk| prepare_verifying_key(&vk));
(spend_params, spend_vk, output_params, output_vk, sprout_vk)
}

2
zip32/Cargo.toml
View File

@ -16,9 +16,9 @@ aes = "0.2"
byteorder = "1"
ff = { path = "../ff" }
fpe = "0.1"
lazy_static = "1.0"
pairing = { path = "../pairing" }
sapling-crypto = { path = "../sapling-crypto" }
zcash_primitives = { path = "../zcash_primitives" }
[dependencies.blake2-rfc]
git = "https://github.com/gtank/blake2-rfc"

44
zip32/src/lib.rs
View File

@ -3,10 +3,9 @@ extern crate blake2_rfc;
extern crate byteorder;
extern crate ff;
extern crate fpe;
#[macro_use]
extern crate lazy_static;
extern crate pairing;
extern crate sapling_crypto;
extern crate zcash_primitives;
use aes::Aes256;
use blake2_rfc::blake2b::{Blake2b, Blake2bResult};
@ -15,16 +14,11 @@ use ff::{Field, PrimeField, PrimeFieldRepr};
use fpe::ff1::{BinaryNumeralString, FF1};
use pairing::bls12_381::Bls12;
use sapling_crypto::{
jubjub::{
edwards, FixedGenerators, JubjubBls12, JubjubEngine, JubjubParams, ToUniform, Unknown,
},
primitives::{Diversifier, PaymentAddress, ViewingKey},
jubjub::{edwards, FixedGenerators, JubjubEngine, JubjubParams, ToUniform, Unknown},
primitives::{Diversifier, PaymentAddress, ProofGenerationKey, ViewingKey},
};
use std::io::{self, Read, Write};
lazy_static! {
static ref JUBJUB: JubjubBls12 = { JubjubBls12::new() };
}
use zcash_primitives::JUBJUB;
pub const PRF_EXPAND_PERSONALIZATION: &'static [u8; 16] = b"Zcash_ExpandSeed";
pub const ZIP32_SAPLING_MASTER_PERSONALIZATION: &'static [u8; 16] = b"ZcashIP32Sapling";
@ -48,7 +42,7 @@ fn prf_expand_vec(sk: &[u8], ts: &[&[u8]]) -> Blake2bResult {
/// An outgoing viewing key
#[derive(Clone, Copy, PartialEq)]
struct OutgoingViewingKey([u8; 32]);
pub struct OutgoingViewingKey([u8; 32]);
impl OutgoingViewingKey {
fn derive_child(&self, i_l: &[u8]) -> Self {
@ -61,15 +55,15 @@ impl OutgoingViewingKey {
/// A Sapling expanded spending key
#[derive(Clone)]
pub struct ExpandedSpendingKey<E: JubjubEngine> {
ask: E::Fs,
pub ask: E::Fs,
nsk: E::Fs,
ovk: OutgoingViewingKey,
}
/// A Sapling full viewing key
pub struct FullViewingKey<E: JubjubEngine> {
vk: ViewingKey<E>,
ovk: OutgoingViewingKey,
pub vk: ViewingKey<E>,
pub ovk: OutgoingViewingKey,
}
impl<E: JubjubEngine> ExpandedSpendingKey<E> {
@ -82,6 +76,15 @@ impl<E: JubjubEngine> ExpandedSpendingKey<E> {
ExpandedSpendingKey { ask, nsk, ovk }
}
pub fn proof_generation_key(&self, params: &E::Params) -> ProofGenerationKey<E> {
ProofGenerationKey {
ak: params
.generator(FixedGenerators::SpendingKeyGenerator)
.mul(self.ask, params),
nsk: self.nsk,
}
}
fn derive_child(&self, i_l: &[u8]) -> Self {
let mut ask = E::Fs::to_uniform(prf_expand(i_l, &[0x13]).as_bytes());
let mut nsk = E::Fs::to_uniform(prf_expand(i_l, &[0x14]).as_bytes());
@ -128,6 +131,18 @@ impl<E: JubjubEngine> ExpandedSpendingKey<E> {
}
}
impl<E: JubjubEngine> Clone for FullViewingKey<E> {
fn clone(&self) -> Self {
FullViewingKey {
vk: ViewingKey {
ak: self.vk.ak.clone(),
nk: self.vk.nk.clone(),
},
ovk: self.ovk.clone(),
}
}
}
impl<E: JubjubEngine> FullViewingKey<E> {
fn from_expanded_spending_key(expsk: &ExpandedSpendingKey<E>, params: &E::Params) -> Self {
FullViewingKey {
@ -348,6 +363,7 @@ pub struct ExtendedSpendingKey {
}
// A Sapling extended full viewing key
#[derive(Clone)]
pub struct ExtendedFullViewingKey {
depth: u8,
parent_fvk_tag: FVKTag,