Make cmstar check follow the spec more closely.

zcash · Apr 14, 2021 · 00d04de · 00d04de
1 parent 12cb826
commit 00d04de
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 8 deletions.
diff --git a/components/zcash_note_encryption/src/lib.rs b/components/zcash_note_encryption/src/lib.rs
@@ -5,6 +5,7 @@
 
 use crypto_api_chachapoly::{ChaCha20Ietf, ChachaPolyIetf};
 use rand_core::RngCore;
+use std::convert::TryFrom;
 use subtle::{Choice, ConstantTimeEq};
 
 pub const COMPACT_NOTE_SIZE: usize = 1 + // version
@@ -74,7 +75,7 @@ pub trait Domain {
     type OutgoingViewingKey;
     type ValueCommitment;
     type NoteCommitment;
-    type ExtractedCommitment: Eq;
+    type ExtractedCommitment: Eq + TryFrom<Self::NoteCommitment>;
     type Memo;
 
     fn derive_esk(note: &Self::Note) -> Option<Self::EphemeralSecretKey>;
@@ -126,7 +127,7 @@ pub trait Domain {
         check: F,
     ) -> NoteValidity;
 
-    fn extract_note_commitment(note: &Self::Note) -> Self::ExtractedCommitment;
+    fn note_commitment(note: &Self::Note) -> Self::NoteCommitment;
 
     fn parse_note_plaintext_without_memo_ivk(
         &self,
@@ -383,10 +384,9 @@ fn check_note_validity<D: Domain>(
     epk: &D::EphemeralPublicKey,
     cmstar: &D::ExtractedCommitment,
 ) -> NoteValidity {
-    if &D::extract_note_commitment(&note) != cmstar {
-        // Published commitment doesn't match calculated commitment
-        NoteValidity::Invalid
-    } else {
+    if D::ExtractedCommitment::try_from(D::note_commitment(&note))
+        .map_or(false, |cs| &cs == cmstar)
+    {
         let epk_bytes = D::epk_bytes(epk);
         D::check_epk_bytes(&note, |derived_esk| {
             if D::epk_bytes(&D::ka_derive_public(&note, &derived_esk))
@@ -398,6 +398,9 @@ fn check_note_validity<D: Domain>(
                 NoteValidity::Invalid
             }
         })
+    } else {
+        // Published commitment doesn't match calculated commitment
+        NoteValidity::Invalid
     }
 }
 

diff --git a/zcash_primitives/src/sapling/note_encryption.rs b/zcash_primitives/src/sapling/note_encryption.rs
@@ -265,8 +265,8 @@ impl<P: consensus::Parameters> Domain for SaplingDomain<P> {
         })
     }
 
-    fn extract_note_commitment(note: &Self::Note) -> Self::ExtractedCommitment {
-        note.cmu().to_bytes()
+    fn note_commitment(note: &Self::Note) -> Self::NoteCommitment {
+        note.cmu()
     }
 
     fn extract_pk_d(op: &[u8; OUT_CIPHERTEXT_SIZE]) -> Option<Self::DiversifiedTransmissionKey> {