zcash_note_encryption: Fix array size in Domain::extract_{esk, pk_d}

Decrypted output size is `OUT_PLAINTEXT_BYTES`, which the decryptor can always provide (either by decrypting into the correct size array as now, or truncating the buffer before passing it to the domain).
zcash · May 28, 2021 · 362838c · 362838c
1 parent f6705f2
commit 362838c
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 6 deletions.
diff --git a/components/zcash_note_encryption/src/lib.rs b/components/zcash_note_encryption/src/lib.rs
@@ -148,10 +148,10 @@ pub trait Domain {
     fn extract_memo(&self, plaintext: &[u8]) -> Self::Memo;
 
     fn extract_pk_d(
-        out_plaintext: &[u8; OUT_CIPHERTEXT_SIZE],
+        out_plaintext: &[u8; OUT_PLAINTEXT_SIZE],
     ) -> Option<Self::DiversifiedTransmissionKey>;
 
-    fn extract_esk(out_plaintext: &[u8; OUT_CIPHERTEXT_SIZE]) -> Option<Self::EphemeralSecretKey>;
+    fn extract_esk(out_plaintext: &[u8; OUT_PLAINTEXT_SIZE]) -> Option<Self::EphemeralSecretKey>;
 }
 
 pub trait ShieldedOutput<D: Domain> {
@@ -477,7 +477,7 @@ pub fn try_output_recovery_with_ock<D: Domain, Output: ShieldedOutput<D>>(
     assert_eq!(output.enc_ciphertext().len(), ENC_CIPHERTEXT_SIZE);
     assert_eq!(out_ciphertext.len(), OUT_CIPHERTEXT_SIZE);
 
-    let mut op = [0; OUT_CIPHERTEXT_SIZE];
+    let mut op = [0; OUT_PLAINTEXT_SIZE];
     assert_eq!(
         ChachaPolyIetf::aead_cipher()
             .open_to(&mut op, &out_ciphertext, &[], ock.as_ref(), &[0u8; 12])

diff --git a/zcash_primitives/src/sapling/note_encryption.rs b/zcash_primitives/src/sapling/note_encryption.rs
@@ -10,7 +10,7 @@ use zcash_note_encryption::{
     try_compact_note_decryption, try_note_decryption, try_output_recovery_with_ock,
     try_output_recovery_with_ovk, Domain, EphemeralKeyBytes, NoteEncryption, NotePlaintextBytes,
     NoteValidity, OutPlaintextBytes, OutgoingCipherKey, ShieldedOutput, COMPACT_NOTE_SIZE,
-    NOTE_PLAINTEXT_SIZE, OUT_CIPHERTEXT_SIZE, OUT_PLAINTEXT_SIZE,
+    NOTE_PLAINTEXT_SIZE, OUT_PLAINTEXT_SIZE,
 };
 
 use crate::{
@@ -272,7 +272,7 @@ impl<P: consensus::Parameters> Domain for SaplingDomain<P> {
         note.cmu()
     }
 
-    fn extract_pk_d(op: &[u8; OUT_CIPHERTEXT_SIZE]) -> Option<Self::DiversifiedTransmissionKey> {
+    fn extract_pk_d(op: &[u8; OUT_PLAINTEXT_SIZE]) -> Option<Self::DiversifiedTransmissionKey> {
         let pk_d = jubjub::SubgroupPoint::from_bytes(
             op[0..32].try_into().expect("slice is the correct length"),
         );
@@ -284,7 +284,7 @@ impl<P: consensus::Parameters> Domain for SaplingDomain<P> {
         }
     }
 
-    fn extract_esk(op: &[u8; OUT_CIPHERTEXT_SIZE]) -> Option<Self::EphemeralSecretKey> {
+    fn extract_esk(op: &[u8; OUT_PLAINTEXT_SIZE]) -> Option<Self::EphemeralSecretKey> {
         jubjub::Fr::from_repr(
             op[32..OUT_PLAINTEXT_SIZE]
                 .try_into()