New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update CCryptoKeyStore with Sapling support #3396
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Also add Sapling support to CCryptoKeyStore::EncryptKeys
src/zcash/Address.cpp
Outdated
uint256 SaplingFullViewingKey::GetHash() const { | ||
CDataStream ss(SER_NETWORK, PROTOCOL_VERSION); | ||
ss << *this; | ||
return Hash(ss.begin(), ss.end()); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We should use the fingerprint defined in ZIP 32, for consistency: BLAKE2b-256("ZcashSaplingFVFP", fvk)
CBLAKE2bWriter ss(SER_GETHASH, 0, ZCASH_SAPLING_FVFP_PERSONALIZATION);
ss << *this;
return ss.GetHash();
src/wallet/crypter.cpp
Outdated
if(!DecryptSecret(vMasterKey, vchCryptedSecret, fvk.GetHash(), vchSecret)) | ||
return false; | ||
|
||
if (vchSecret.size() != libzcash::SerializedSpendingKeySize) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is technically incorrect, because it's the Sprout spending key size. But in practice both Sprout and Sapling spending keys serialize to the same size. If another reviewer wants it changed, I'll support that.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Will add const size_t SerializedSaplingSpendingKeySize = 32;
and use that, for clarity
src/wallet/crypter.cpp
Outdated
@@ -340,7 +357,7 @@ bool CCryptoKeyStore::AddSaplingSpendingKey(const libzcash::SaplingSpendingKey & | |||
CKeyingMaterial vchSecret(ss.begin(), ss.end()); | |||
auto address = sk.default_address(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This can be removed now.
☔ The latest upstream changes (presumably #3390) made this pull request unmergeable. Please resolve the merge conflicts. |
15e1dea
to
8b55ddf
Compare
Addressed comments - review needed on Sapling key encryption in |
e59702b
to
07442c6
Compare
{ | ||
LOCK(cs_SpendingKeyStore); | ||
if (!IsCrypted()) | ||
return CBasicKeyStore::GetSaplingSpendingKey(fvk, skOut); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm confused about what this calls, is this not recursing? unconfused
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No, it's a superclass call.
src/zcash/Address.hpp
Outdated
READWRITE(ak); | ||
READWRITE(nk); | ||
READWRITE(ovk); | ||
} | ||
|
||
//! Get the 256-bit SHA256d hash of this full viewing key. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Update this comment to match the implementation and ZIP 32.
src/zcash/Address.hpp
Outdated
READWRITE(ak); | ||
READWRITE(nk); | ||
READWRITE(ovk); | ||
} | ||
|
||
//! Get the 256-bit SHA256d hash of this full viewing key. | ||
uint256 GetHash() const; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Rename this to GetFingerprint()
to match ZIP 32.
I'm taking over this PR, as @arcalinea is away this week. |
07442c6
to
37de067
Compare
Rebased on master, addressed my comments, and added a few missing parts. @zkbot try |
Add Sapling have/get spendingkey crypter overrides Sapling crypter overrides for: - `HaveSaplingSpendingKey()` - `GetSaplingSpendingKey()` Closes #3389
💔 Test failed - pr-try |
To be filled in when we implement Sapling persistence to disk.
e65383b
to
5175a7f
Compare
I've taken over the PR, so I can't review it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Renaming changes requested. (Some of my comments are on individual commits.)
src/wallet/crypter.cpp
Outdated
libzcash::SaplingSpendingKey& sk) | ||
{ | ||
CKeyingMaterial vchSecret; | ||
if(!DecryptSecret(vMasterKey, vchCryptedSecret, fvk.GetFingerprint(), vchSecret)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: if (
if (vchSecret.size() != libzcash::SerializedSaplingSpendingKeySize) | ||
return false; | ||
|
||
CSecureDataStream ss(vchSecret, SER_NETWORK, PROTOCOL_VERSION); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this actually dependent on the network protocol version? That doesn't sound right to me.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It matches what we do in e.g. src/key_io.h
. The distinction from upstream, as I understand it, is that anything that might get communicated spatially between nodes is technically part of the protocol, whereas anything that is only communicated temporally between a single node's past and future selves is SER_DISK, CLIENT_VERSION
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this is questionable because, if we were to substantially change the network protocol, that would have to be versioned and upgraded quite differently from changing the external key formats. In any case, it's ok for this PR.
{ | ||
LOCK(cs_SpendingKeyStore); | ||
if (!IsCrypted()) | ||
return CBasicKeyStore::GetSaplingSpendingKey(fvk, skOut); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No, it's a superclass call.
src/zcash/Address.hpp
Outdated
@@ -19,6 +19,8 @@ const size_t SerializedPaymentAddressSize = 64; | |||
const size_t SerializedViewingKeySize = 64; | |||
const size_t SerializedSpendingKeySize = 32; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
These should be renamed to SerializedSprout...
.
src/wallet/crypter.cpp
Outdated
@@ -173,7 +173,7 @@ bool CCryptoKeyStore::SetCrypted() | |||
LOCK2(cs_KeyStore, cs_SpendingKeyStore); | |||
if (fUseCrypto) | |||
return true; | |||
if (!(mapKeys.empty() && mapSpendingKeys.empty())) | |||
if (!(mapKeys.empty() && mapSpendingKeys.empty() && mapSaplingSpendingKeys.empty())) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
mapSpendingKeys
should be renamed to mapSproutSpendingKeys
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I was hoping to avoid that large rename for now, but I'll go rip off the plaster 😂
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh, turns out it's not a large rename after all!
src/wallet/wallet.h
Outdated
@@ -999,14 +999,16 @@ class CWallet : public CCryptoKeyStore, public CValidationInterface | |||
bool RemoveViewingKey(const libzcash::SproutViewingKey &vk); | |||
//! Adds a viewing key to the store, without saving it to disk (used by LoadWallet) | |||
bool LoadViewingKey(const libzcash::SproutViewingKey &dest); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
These methods should be renamed to include Sprout
.
Addressed @daira's comments. |
re-ACK |
And rename these too (sorry I didn't catch them before):
|
Also GetPaymentAddresses -> GetSproutPaymentAddresses
@daira Done (that was the big one). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ut(ACK+cov).
re-ACK |
@zkbot r+ |
📌 Commit 25d5e80 has been approved by |
Update CCryptoKeyStore with Sapling support Sapling crypter overrides for various `CCryptoKeyStore` functions such as: - `HaveSaplingSpendingKey()` - `GetSaplingSpendingKey()` Also includes some changes to prepare for diversified addresses and ZIP 32. Closes #3389
Sapling crypter overrides for various
CCryptoKeyStore
functions such as:HaveSaplingSpendingKey()
GetSaplingSpendingKey()
Also includes some changes to prepare for diversified addresses and ZIP 32.
Closes #3389