Validate PaymentAddress diversifier when decoding

2025-02-12 01:55:48 +00:00 · 2019-07-02 00:07:48 +01:00 · 2019-07-02 00:07:48 +01:00 · a3a9ee2682
commit a3a9ee2682
parent dd9c9ffa3f
1 changed files with 27 additions and 0 deletions
--- a/zcash_client_backend/src/encoding.rs
+++ b/zcash_client_backend/src/encoding.rs
@ -167,6 +167,11 @@ pub fn decode_payment_address(hrp: &str, s: &str) -> Result<Option<PaymentAddres
    bech32_decode(hrp, s, |data| {
        let mut diversifier = Diversifier([0; 11]);
        diversifier.0.copy_from_slice(&data[0..11]);
+        // Check that the diversifier is valid
+        if diversifier.g_d::<Bls12>(&JUBJUB).is_none() {
+            return None;
+        }
+
        edwards::Point::<Bls12, _>::read(&data[11..], &JUBJUB)
            .ok()?
            .as_prime_order(&JUBJUB)
@ -227,4 +232,26 @@ mod tests {
            Some(addr)
        );
    }
+
+    #[test]
+    fn invalid_diversifier() {
+        let rng = &mut XorShiftRng::from_seed([0x3dbe6259, 0x8d313d76, 0x3237db17, 0xe5bc0654]);
+
+        let addr = PaymentAddress {
+            diversifier: Diversifier([1u8; 11]),
+            pk_d: edwards::Point::<Bls12, _>::rand(rng, &JUBJUB).mul_by_cofactor(&JUBJUB),
+        };
+
+        let encoded_main =
+            encode_payment_address(constants::mainnet::HRP_SAPLING_PAYMENT_ADDRESS, &addr);
+
+        assert_eq!(
+            decode_payment_address(
+                constants::mainnet::HRP_SAPLING_PAYMENT_ADDRESS,
+                &encoded_main
+            )
+            .unwrap(),
+            None
+        );
+    }
 }