DragonX/hush3
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

Prevent nonce reuse in Sapling note encryption API.

Browse Source
This commit is contained in:
Sean Bowe
2018-06-14 12:21:28 -06:00
parent 90073aeca5
commit c03e22612d
3 changed files with 45 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
src/zcash/NoteEncryption.cpp
View File

@@ -121,6 +121,10 @@ boost::optional<SaplingEncCiphertext> SaplingNoteEncryption::encrypt_to_recipien
const SaplingEncPlaintext &message
)
{
if (already_encrypted_enc) {
throw std::logic_error("already encrypted to the recipient using this key");
}
uint256 dhsecret;
if (!librustzcash_sapling_ka_agree(pk_d.begin(), esk.begin(), dhsecret.begin())) {
@@ -143,6 +147,8 @@ boost::optional<SaplingEncCiphertext> SaplingNoteEncryption::encrypt_to_recipien
NULL, cipher_nonce, K
);
already_encrypted_enc = true;
return ciphertext;
}
@@ -188,6 +194,10 @@ SaplingOutCiphertext SaplingNoteEncryption::encrypt_to_ourselves(
const SaplingOutPlaintext &message
)
{
if (already_encrypted_out) {
throw std::logic_error("already encrypted to the recipient using this key");
}
// Construct the symmetric key
unsigned char K[NOTEENCRYPTION_CIPHER_KEYSIZE];
PRF_ock(K, ovk, cv, cm, epk);
@@ -204,6 +214,8 @@ SaplingOutCiphertext SaplingNoteEncryption::encrypt_to_ourselves(
NULL, cipher_nonce, K
);
already_encrypted_out = true;
return ciphertext;
}