Skip to content

Commit

Permalink
[Cleanup] Remove old NoteEncryption/NoteDecryption classes
Browse files Browse the repository at this point in the history
  • Loading branch information
@random-zebra
random-zebra committed Nov 21, 2020
1 parent 52d2625 commit 1c23279
Show file tree
Hide file tree
Showing 5 changed files with 0 additions and 419 deletions.
4 changes: 0 additions & 4 deletions src/sapling/address.cpp
View file
Expand Up @@ -13,10 +13,6 @@ const unsigned char ZCASH_SAPLING_FVFP_PERSONALIZATION[crypto_generichash_blake2

namespace libzcash {

uint256 ReceivingKey::pk_enc() const {
return ZCNoteEncryption::generate_pubkey(*this);
}


//! Sapling
uint256 SaplingPaymentAddress::GetHash() const {
Expand Down
9 changes: 0 additions & 9 deletions src/sapling/address.hpp
View file
Expand Up @@ -22,15 +22,6 @@ const size_t SerializedSaplingFullViewingKeySize = 96;
const size_t SerializedSaplingExpandedSpendingKeySize = 96;
const size_t SerializedSaplingSpendingKeySize = 32;


class ReceivingKey : public uint256 {
public:
ReceivingKey() { }
ReceivingKey(uint256 sk_enc) : uint256(sk_enc) { }

uint256 pk_enc() const;
};

//! Sapling functions.
class SaplingPaymentAddress {
public:
Expand Down
160 changes: 0 additions & 160 deletions src/sapling/noteencryption.cpp
View file
Expand Up @@ -295,164 +295,4 @@ boost::optional<SaplingOutPlaintext> AttemptSaplingOutDecryption(
return plaintext;
}

template<size_t MLEN>
NoteEncryption<MLEN>::NoteEncryption(uint256 hSig) : nonce(0), hSig(hSig) {
// All of this code assumes crypto_scalarmult_BYTES is 32
// There's no reason that will _ever_ change, but for
// completeness purposes, let's check anyway.
static_assert(32 == crypto_scalarmult_BYTES, "invalid crypto_scalarmult_BYTES");
static_assert(32 == crypto_scalarmult_SCALARBYTES, "invalid crypto_scalarmult_SCALARBYTES");
static_assert(NOTEENCRYPTION_AUTH_BYTES == crypto_aead_chacha20poly1305_ABYTES, "noteencryp_auth_bytes != crypto_aead_chacha20poly1305_ABYTES");

// Create the ephemeral keypair
esk = random_uint256();
epk = generate_pubkey(esk);
}

template<size_t MLEN>
NoteDecryption<MLEN>::NoteDecryption(uint256 sk_enc) : sk_enc(sk_enc) {
this->pk_enc = NoteEncryption<MLEN>::generate_pubkey(sk_enc);
}

template<size_t MLEN>
typename NoteEncryption<MLEN>::Ciphertext NoteEncryption<MLEN>::encrypt
(const uint256 &pk_enc,
const NoteEncryption<MLEN>::Plaintext &message
)
{
uint256 dhsecret;

if (crypto_scalarmult(dhsecret.begin(), esk.begin(), pk_enc.begin()) != 0) {
throw std::logic_error("Could not create DH secret");
}

// Construct the symmetric key
unsigned char K[NOTEENCRYPTION_CIPHER_KEYSIZE];
KDF(K, dhsecret, epk, pk_enc, hSig, nonce);

// Increment the number of encryptions we've performed
nonce++;

// The nonce is zero because we never reuse keys
unsigned char cipher_nonce[crypto_aead_chacha20poly1305_IETF_NPUBBYTES] = {};

NoteEncryption<MLEN>::Ciphertext ciphertext;

crypto_aead_chacha20poly1305_ietf_encrypt(ciphertext.begin(), NULL,
message.begin(), MLEN,
NULL, 0, // no "additional data"
NULL, cipher_nonce, K);

return ciphertext;
}

template<size_t MLEN>
typename NoteDecryption<MLEN>::Plaintext NoteDecryption<MLEN>::decrypt
(const NoteDecryption<MLEN>::Ciphertext &ciphertext,
const uint256 &epk,
const uint256 &hSig,
unsigned char nonce
) const
{
uint256 dhsecret;

if (crypto_scalarmult(dhsecret.begin(), sk_enc.begin(), epk.begin()) != 0) {
throw std::logic_error("Could not create DH secret");
}

unsigned char K[NOTEENCRYPTION_CIPHER_KEYSIZE];
KDF(K, dhsecret, epk, pk_enc, hSig, nonce);

// The nonce is zero because we never reuse keys
unsigned char cipher_nonce[crypto_aead_chacha20poly1305_IETF_NPUBBYTES] = {};

NoteDecryption<MLEN>::Plaintext plaintext;

// Message length is always NOTEENCRYPTION_AUTH_BYTES less than
// the ciphertext length.
if (crypto_aead_chacha20poly1305_ietf_decrypt(plaintext.begin(), NULL,
NULL,
ciphertext.begin(), NoteDecryption<MLEN>::CLEN,
NULL,
0,
cipher_nonce, K) != 0) {
throw note_decryption_failed();
}

return plaintext;
}

//
// Payment disclosure - decrypt with esk
//
template<size_t MLEN>
typename PaymentDisclosureNoteDecryption<MLEN>::Plaintext PaymentDisclosureNoteDecryption<MLEN>::decryptWithEsk
(const PaymentDisclosureNoteDecryption<MLEN>::Ciphertext &ciphertext,
const uint256 &pk_enc,
const uint256 &esk,
const uint256 &hSig,
unsigned char nonce
) const
{
uint256 dhsecret;

if (crypto_scalarmult(dhsecret.begin(), esk.begin(), pk_enc.begin()) != 0) {
throw std::logic_error("Could not create DH secret");
}

// Regenerate keypair
uint256 epk = NoteEncryption<MLEN>::generate_pubkey(esk);

unsigned char K[NOTEENCRYPTION_CIPHER_KEYSIZE];
KDF(K, dhsecret, epk, pk_enc, hSig, nonce);

// The nonce is zero because we never reuse keys
unsigned char cipher_nonce[crypto_aead_chacha20poly1305_IETF_NPUBBYTES] = {};

PaymentDisclosureNoteDecryption<MLEN>::Plaintext plaintext;

// Message length is always NOTEENCRYPTION_AUTH_BYTES less than
// the ciphertext length.
if (crypto_aead_chacha20poly1305_ietf_decrypt(plaintext.begin(), NULL,
NULL,
ciphertext.begin(), PaymentDisclosureNoteDecryption<MLEN>::CLEN,
NULL,
0,
cipher_nonce, K) != 0) {
throw note_decryption_failed();
}

return plaintext;
}




template<size_t MLEN>
uint256 NoteEncryption<MLEN>::generate_privkey(const uint252 &a_sk)
{
uint256 sk = PRF_addr_sk_enc(a_sk);

clamp_curve25519(sk.begin());

return sk;
}

template<size_t MLEN>
uint256 NoteEncryption<MLEN>::generate_pubkey(const uint256 &sk_enc)
{
uint256 pk;

if (crypto_scalarmult_base(pk.begin(), sk_enc.begin()) != 0) {
throw std::logic_error("Could not create public key");
}

return pk;
}

template class NoteEncryption<ZC_NOTEPLAINTEXT_SIZE>;
template class NoteDecryption<ZC_NOTEPLAINTEXT_SIZE>;

template class PaymentDisclosureNoteDecryption<ZC_NOTEPLAINTEXT_SIZE>;

}
101 changes: 0 additions & 101 deletions src/sapling/noteencryption.hpp
View file
Expand Up @@ -97,107 +97,6 @@ boost::optional<SaplingOutPlaintext> AttemptSaplingOutDecryption(
const uint256 &epk
);

template<size_t MLEN>
class NoteEncryption {
protected:
enum { CLEN=MLEN+NOTEENCRYPTION_AUTH_BYTES };
uint256 epk;
uint256 esk;
unsigned char nonce;
uint256 hSig;

public:
typedef std::array<unsigned char, CLEN> Ciphertext;
typedef std::array<unsigned char, MLEN> Plaintext;

NoteEncryption(uint256 hSig);

// Gets the ephemeral secret key
uint256 get_esk() {
return esk;
}

// Gets the ephemeral public key
uint256 get_epk() {
return epk;
}

// Encrypts `message` with `pk_enc` and returns the ciphertext.
// This is only called ZC_NUM_JS_OUTPUTS times for a given instantiation;
// but can be called 255 times before the nonce-space runs out.
Ciphertext encrypt(const uint256 &pk_enc,
const Plaintext &message
);

// Creates a NoteEncryption private key
static uint256 generate_privkey(const uint252 &a_sk);

// Creates a NoteEncryption public key from a private key
static uint256 generate_pubkey(const uint256 &sk_enc);
};

template<size_t MLEN>
class NoteDecryption {
protected:
enum { CLEN=MLEN+NOTEENCRYPTION_AUTH_BYTES };
uint256 sk_enc;
uint256 pk_enc;

public:
typedef std::array<unsigned char, CLEN> Ciphertext;
typedef std::array<unsigned char, MLEN> Plaintext;

NoteDecryption() { }
NoteDecryption(uint256 sk_enc);

Plaintext decrypt(const Ciphertext &ciphertext,
const uint256 &epk,
const uint256 &hSig,
unsigned char nonce
) const;

friend inline bool operator==(const NoteDecryption& a, const NoteDecryption& b) {
return a.sk_enc == b.sk_enc && a.pk_enc == b.pk_enc;
}
friend inline bool operator<(const NoteDecryption& a, const NoteDecryption& b) {
return (a.sk_enc < b.sk_enc ||
(a.sk_enc == b.sk_enc && a.pk_enc < b.pk_enc));
}
};

class note_decryption_failed : public std::runtime_error {
public:
note_decryption_failed() : std::runtime_error("Could not decrypt message") { }
};



// Subclass PaymentDisclosureNoteDecryption provides a method to decrypt a note with esk.
template<size_t MLEN>
class PaymentDisclosureNoteDecryption : public NoteDecryption<MLEN> {
protected:
public:
enum { CLEN=MLEN+NOTEENCRYPTION_AUTH_BYTES };
typedef std::array<unsigned char, CLEN> Ciphertext;
typedef std::array<unsigned char, MLEN> Plaintext;

PaymentDisclosureNoteDecryption() : NoteDecryption<MLEN>() {}
PaymentDisclosureNoteDecryption(uint256 sk_enc) : NoteDecryption<MLEN>(sk_enc) {}

Plaintext decryptWithEsk(
const Ciphertext &ciphertext,
const uint256 &pk_enc,
const uint256 &esk,
const uint256 &hSig,
unsigned char nonce
) const;
};

}

typedef libzcash::NoteEncryption<ZC_NOTEPLAINTEXT_SIZE> ZCNoteEncryption;
typedef libzcash::NoteDecryption<ZC_NOTEPLAINTEXT_SIZE> ZCNoteDecryption;

typedef libzcash::PaymentDisclosureNoteDecryption<ZC_NOTEPLAINTEXT_SIZE> ZCPaymentDisclosureNoteDecryption;

#endif /* ZC_NOTE_ENCRYPTION_H_ */

0 comments on commit 1c23279

Please sign in to comment.