zec
/
zcash_note_encryption
mirror of https://github.com/zcash/zcash_note_encryption.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

zcash_note_encryption: Enforce ZIP 212 check on esk from outPlaintext 

It needs to equal the esk derived from the note (for v2 note plaintexts).


Extracted from: 16627b4569
This commit is contained in:
Jack Grigg 2021-05-28 22:33:00 +01:00
parent c78a79c998
commit 22d0991a46
1 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/lib.rs
View File

@ -64,7 +64,7 @@ pub enum NoteValidity {
}
pub trait Domain {
type EphemeralSecretKey;
type EphemeralSecretKey: ConstantTimeEq;
type EphemeralPublicKey;
type SharedSecret;
type SymmetricKey: AsRef<[u8]>;
@ -490,6 +490,14 @@ pub fn try_output_recovery_with_ock<D: Domain, Output: ShieldedOutput<D>>(
domain.parse_note_plaintext_without_memo_ovk(&pk_d, &esk, output.epk(), &plaintext)?;
let memo = domain.extract_memo(&plaintext);
// ZIP 212: Check that the esk provided to this function is consistent with the esk we
// can derive from the note.
if let Some(derived_esk) = D::derive_esk(&note) {
if (!derived_esk.ct_eq(&esk)).into() {
return None;
}
}
if let NoteValidity::Valid =
check_note_validity::<D>(&note, output.epk(), &output.cmstar_bytes())
{