Add crh_ivk

6 years ago · 23c2f0e527
2 changed files with 27 additions and 1 deletions
--- a/include/librustzcash.h
+++ b/include/librustzcash.h
@ -12,6 +12,8 @@ extern "C" {
    void librustzcash_nsk_to_nk(const unsigned char *nsk, unsigned char *result);
    void librustzcash_crh_ivk(const unsigned char *ak, const unsigned char *nk, unsigned char *result);
    /// Loads the zk-SNARK parameters into memory and saves
    /// paths as necessary. Only called once.
    void librustzcash_init_zksnark_params(
--- a/src/rustzcash.rs
+++ b/src/rustzcash.rs
@ -11,7 +11,7 @@ extern crate lazy_static;
 use pairing::{BitIterator, Field, PrimeField, PrimeFieldRepr, bls12_381::{Bls12, Fr, FrRepr}};
-use sapling_crypto::{circuit::multipack,
+use sapling_crypto::{circuit::multipack, constants::CRH_IVK_PERSONALIZATION,
                     jubjub::{edwards, FixedGenerators, JubjubBls12, JubjubEngine, JubjubParams,
                              PrimeOrder, ToUniform, Unknown, fs::FsRepr},
                     pedersen_hash::{pedersen_hash, Personalization}, redjubjub::{self, Signature}};
@ -21,6 +21,8 @@ use sapling_crypto::circuit::sprout::{self, TREE_DEPTH as SPROUT_TREE_DEPTH};
 use bellman::groth16::{create_random_proof, prepare_verifying_key, verify_proof, Parameters,
                       PreparedVerifyingKey, Proof, VerifyingKey};
 use blake2_rfc::blake2s::Blake2s;
 use byteorder::{LittleEndian, ReadBytesExt, WriteBytesExt};
 use rand::OsRng;
@ -241,6 +243,28 @@ pub extern "system" fn librustzcash_nsk_to_nk(
    nk.write(&mut result[..]).expect("length is 32 bytes");
 }
 #[no_mangle]
 pub extern "system" fn librustzcash_crh_ivk(
    ak: *const [c_uchar; 32],
    nk: *const [c_uchar; 32],
    result: *mut [c_uchar; 32],
 ) {
    let ak = unsafe { &*ak };
    let nk = unsafe { &*nk };
    let mut h = Blake2s::with_params(32, &[], &[], CRH_IVK_PERSONALIZATION);
    h.update(ak);
    h.update(nk);
    let mut h = h.finalize().as_ref().to_vec();
    // Drop the last five bits, so it can be interpreted as a scalar.
    h[31] &= 0b0000_0111;
    let result = unsafe { &mut *result };
    result.copy_from_slice(&h);
 }
 /// XOR two uint64_t values and return the result, used
 /// as a temporary mechanism for introducing Rust into
 /// Zcash.