Add Sapling key classes to wallet, with new librustzcash APIs

2018-05-17 06:13:29 -07:00
parent 73fea25404
commit 11acfe6e9f
4 changed files with 231 additions and 0 deletions
--- a/src/zcash/prf.cpp
+++ b/src/zcash/prf.cpp
@@ -1,6 +1,78 @@
 #include "prf.h"
 #include "crypto/sha256.h"
+#include "hash.h"

+#include <array>
+#include <librustzcash.h>
+
+const unsigned char ZCASH_EXPANDSEED_PERSONALIZATION[crypto_generichash_blake2b_PERSONALBYTES] = {'Z','c','a','s','h','_','E','x','p','a','n','d','S','e','e','d'};
+
+// Sapling 
+std::array<unsigned char, 64> PRF_expand(const uint256& x, unsigned char t)
+{
+    std::array<unsigned char, 64> res;   
+    unsigned char blob[33];
+
+    memcpy(&blob[0], x.begin(), 32);
+    blob[32] = t;
+        
+    crypto_generichash_blake2b_state state;
+    crypto_generichash_blake2b_init_salt_personal(&state, nullptr, 0, 64, nullptr, ZCASH_EXPANDSEED_PERSONALIZATION);
+    crypto_generichash_blake2b_update(&state, blob, 33);
+    crypto_generichash_blake2b_final(&state, res.data(), 64);
+    
+    return res;
+}
+
+uint256 PRF_ask(const uint256& sk)
+{
+    uint256 ask;
+    auto tmp = PRF_expand(sk, 0);
+    librustzcash_to_scalar(tmp.data(), ask.begin());
+    return ask;
+}
+
+uint256 PRF_nsk(const uint256& sk)
+{
+    uint256 nsk;
+    auto tmp = PRF_expand(sk, 1);
+    librustzcash_to_scalar(tmp.data(), nsk.begin());
+    return nsk;
+}
+
+uint256 PRF_ovk(const uint256& sk)
+{
+    uint256 ovk;
+    auto tmp = PRF_expand(sk, 2);
+    memcpy(ovk.begin(), tmp.data(), 32);
+    return ovk;
+}
+
+std::array<unsigned char, 11> default_diversifier(const uint256& sk)
+{
+    std::array<unsigned char, 11> res;   
+    unsigned char blob[34];
+
+    memcpy(&blob[0], sk.begin(), 32);
+    blob[32] = 3;
+    
+    blob[33] = 0;
+    while (true) {
+        crypto_generichash_blake2b_state state;
+        crypto_generichash_blake2b_init_salt_personal(&state, nullptr, 0, 64, nullptr, ZCASH_EXPANDSEED_PERSONALIZATION);
+        crypto_generichash_blake2b_update(&state, blob, 33);
+        crypto_generichash_blake2b_final(&state, res.data(), 11);
+        
+        if (librustzcash_check_diversifier(res.data())) {
+            break;
+        }
+        blob[33] += 1;
+    }
+        
+    return res;
+}
+
+// Sprout
 uint256 PRF(bool a, bool b, bool c, bool d,
            const uint252& x,
            const uint256& y)