Browse Source

Sapling note encryption test vectors

hush
Jack Grigg 6 years ago
parent
commit
70caa7d4b0
No known key found for this signature in database GPG Key ID: 9E8255172BBF9898
  1. 3
      zcash_primitives/src/lib.rs
  2. 88
      zcash_primitives/src/note_encryption.rs
  3. 1
      zcash_primitives/src/test_vectors.rs
  4. 2046
      zcash_primitives/src/test_vectors/note_encryption.rs

3
zcash_primitives/src/lib.rs

@ -20,6 +20,9 @@ pub mod sapling;
mod serialize;
pub mod transaction;
#[cfg(test)]
mod test_vectors;
lazy_static! {
pub static ref JUBJUB: JubjubBls12 = { JubjubBls12::new() };
}

88
zcash_primitives/src/note_encryption.rs

@ -152,3 +152,91 @@ impl SaplingNoteEncryption {
output
}
}
#[cfg(test)]
mod tests {
use ff::{PrimeField, PrimeFieldRepr};
use pairing::bls12_381::{Bls12, Fr, FrRepr};
use sapling_crypto::{
jubjub::{
edwards,
fs::{Fs, FsRepr},
},
primitives::{Diversifier, PaymentAddress},
};
use super::{kdf_sapling, sapling_ka_agree, Memo, SaplingNoteEncryption};
use crate::{keys::OutgoingViewingKey, JUBJUB};
#[test]
fn test_vectors() {
let test_vectors = crate::test_vectors::note_encryption::make_test_vectors();
macro_rules! read_fr {
($field:expr) => {{
let mut repr = FrRepr::default();
repr.read_le(&$field[..]).unwrap();
Fr::from_repr(repr).unwrap()
}};
}
macro_rules! read_fs {
($field:expr) => {{
let mut repr = FsRepr::default();
repr.read_le(&$field[..]).unwrap();
Fs::from_repr(repr).unwrap()
}};
}
macro_rules! read_point {
($field:expr) => {
edwards::Point::<Bls12, _>::read(&$field[..], &JUBJUB).unwrap()
};
}
for tv in test_vectors {
//
// Load the test vector components
//
let pk_d = read_point!(tv.default_pk_d)
.as_prime_order(&JUBJUB)
.unwrap();
let rcm = read_fs!(tv.rcm);
let cv = read_point!(tv.cv);
let cmu = read_fr!(tv.cmu);
let esk = read_fs!(tv.esk);
let epk = read_point!(tv.epk).as_prime_order(&JUBJUB).unwrap();
//
// Test the individual components
//
let shared_secret = sapling_ka_agree(&esk, &pk_d);
assert_eq!(shared_secret, tv.shared_secret);
let k_enc = kdf_sapling(&shared_secret, &epk);
assert_eq!(k_enc.as_bytes(), tv.k_enc);
let to = PaymentAddress {
pk_d,
diversifier: Diversifier(tv.default_d),
};
let note = to.create_note(tv.v, rcm, &JUBJUB).unwrap();
assert_eq!(note.cm(&JUBJUB), cmu);
//
// Test encryption
//
let mut ne =
SaplingNoteEncryption::new(OutgoingViewingKey(tv.ovk), note, to, Memo(tv.memo));
// Swap in the ephemeral keypair from the test vectors
ne.esk = esk;
ne.epk = epk;
assert_eq!(&ne.encrypt_note_plaintext()[..], &tv.c_enc[..]);
assert_eq!(&ne.encrypt_outgoing_plaintext(&cv, &cmu)[..], &tv.c_out[..]);
}
}
}

1
zcash_primitives/src/test_vectors.rs

@ -0,0 +1 @@
pub(crate) mod note_encryption;

2046
zcash_primitives/src/test_vectors/note_encryption.rs

File diff suppressed because it is too large
Loading…
Cancel
Save