Skip to content

Commit

Permalink
improvements v2
Browse files Browse the repository at this point in the history
  • Loading branch information
@ftheirs
ftheirs committed Dec 8, 2023
1 parent f9281ce commit 901035f
Showing 1 changed file with 21 additions and 61 deletions.
82 changes: 21 additions & 61 deletions app/src/txid.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,8 @@
#include <zxmacros.h>
#include "zcash_utils.h"

#define PERSONALIZATION_SIZE 16

// TxId level 1 node personalization
#define ZCASH_HEADERS_HASH_PERSONALIZATION "ZTxIdHeadersHash"
#define ZCASH_TRANSPARENT_HASH_PERSONALIZATION "ZTxIdTranspaHash"
Expand All @@ -35,8 +37,6 @@
#define ZCASH_TRANSPARENT_AMOUNTS_HASH_PERSONALIZATION "ZTxTrAmountsHash"
#define ZCASH_TRANSPARENT_SCRIPTS_HASH_PERSONALIZATION "ZTxTrScriptsHash"

//TODO replace these defines with char[] and use sizeof instead of hardcoded numbers --> avoid copying to personalization

#define SIGHASH_ALL 0x01

zxerr_t nu5_transparent_prevouts_hash(const uint8_t *input, uint8_t *output) {
Expand All @@ -47,9 +47,7 @@ zxerr_t nu5_transparent_prevouts_hash(const uint8_t *input, uint8_t *output) {

const uint8_t n = t_inlist_len();
cx_blake2b_t ctx = {0};
uint8_t personalization[16] = {0};
MEMCPY(personalization, PIC(ZCASH_PREVOUTS_HASH_PERSONALIZATION), 16);
CHECK_CX_OK(cx_blake2b_init2_no_throw(&ctx, 256, NULL, 0, (uint8_t *)personalization, 16));
CHECK_CX_OK(cx_blake2b_init2_no_throw(&ctx, 256, NULL, 0, (uint8_t*)ZCASH_PREVOUTS_HASH_PERSONALIZATION, PERSONALIZATION_SIZE));

if (n == 0) {
CHECK_CX_OK(cx_hash_no_throw(&ctx.header, CX_LAST, 0, 0, output, HASH_SIZE));
Expand All @@ -72,9 +70,7 @@ zxerr_t nu5_transparent_sequence_hash(const uint8_t *input, uint8_t *output) {
const uint8_t n = t_inlist_len();

cx_blake2b_t ctx = {0};
uint8_t personalization[16] = {0};
MEMCPY(personalization, PIC(ZCASH_SEQUENCE_HASH_PERSONALIZATION), 16);
CHECK_CX_OK(cx_blake2b_init2_no_throw(&ctx, 256, NULL, 0, (uint8_t *)personalization, 16));
CHECK_CX_OK(cx_blake2b_init2_no_throw(&ctx, 256, NULL, 0, (uint8_t*)ZCASH_SEQUENCE_HASH_PERSONALIZATION, PERSONALIZATION_SIZE));

if (n == 0) {
CHECK_CX_OK(cx_hash_no_throw(&ctx.header, CX_LAST, 0, 0, output, HASH_SIZE));
Expand All @@ -101,9 +97,7 @@ zxerr_t nu5_transparent_outputs_hash(uint8_t *output) {
const uint8_t n = t_outlist_len();

cx_blake2b_t ctx = {0};
uint8_t personalization[16] = {0};
MEMCPY(personalization, PIC(ZCASH_OUTPUTS_HASH_PERSONALIZATION), 16);
CHECK_CX_OK(cx_blake2b_init2_no_throw(&ctx, 256, NULL, 0, (uint8_t *)personalization, 16));
CHECK_CX_OK(cx_blake2b_init2_no_throw(&ctx, 256, NULL, 0, (uint8_t*)ZCASH_OUTPUTS_HASH_PERSONALIZATION, PERSONALIZATION_SIZE));

if (n == 0) {
CHECK_CX_OK(cx_hash_no_throw(&ctx.header, CX_LAST, 0, 0, output, HASH_SIZE));
Expand Down Expand Up @@ -147,23 +141,17 @@ zxerr_t nu5_hash_sapling_spends(const uint8_t *input, uint8_t *output) {
const uint8_t n = spendlist_len();

cx_blake2b_t ctx = {0};
uint8_t personalization[16] = {0};
MEMCPY(personalization, PIC(ZCASH_SAPLING_SPENDS_HASH_PERSONALIZATION), 16);
CHECK_CX_OK(cx_blake2b_init2_no_throw(&ctx, 256, NULL, 0, (uint8_t *)personalization, 16));
CHECK_CX_OK(cx_blake2b_init2_no_throw(&ctx, 256, NULL, 0, (uint8_t*)ZCASH_SAPLING_SPENDS_HASH_PERSONALIZATION, PERSONALIZATION_SIZE));

if (n == 0) {
CHECK_CX_OK(cx_hash_no_throw(&ctx.header, CX_LAST, 0, 0, output, HASH_SIZE));
return zxerr_ok;
}
cx_blake2b_t ch_ctx = {0};
uint8_t ch_personalization[16] = {0};
MEMCPY(ch_personalization, PIC(ZCASH_SAPLING_SPENDS_COMPACT_HASH_PERSONALIZATION), 16);
CHECK_CX_OK(cx_blake2b_init2_no_throw(&ch_ctx, 256, NULL, 0, (uint8_t *)ch_personalization, 16));
CHECK_CX_OK(cx_blake2b_init2_no_throw(&ch_ctx, 256, NULL, 0, (uint8_t*)ZCASH_SAPLING_SPENDS_COMPACT_HASH_PERSONALIZATION, PERSONALIZATION_SIZE));

cx_blake2b_t nh_ctx = {0};
uint8_t nh_personalization[16] = {0};
MEMCPY(nh_personalization, PIC(ZCASH_SAPLING_SPENDS_NONCOMPACT_HASH_PERSONALIZATION), 16);
CHECK_CX_OK(cx_blake2b_init2_no_throw(&nh_ctx, 256, NULL, 0, (uint8_t *)nh_personalization, 16));
CHECK_CX_OK(cx_blake2b_init2_no_throw(&nh_ctx, 256, NULL, 0, (uint8_t*)ZCASH_SAPLING_SPENDS_NONCOMPACT_HASH_PERSONALIZATION, PERSONALIZATION_SIZE));

const uint8_t *nullifier_data = input + INDEX_SPEND_NF;
const uint8_t *cv_data = input + INDEX_SPEND_VALUECMT;
Expand Down Expand Up @@ -218,29 +206,21 @@ zxerr_t nu5_hash_sapling_outputs(const uint8_t *input, uint8_t *output) {
const uint8_t n = outputlist_len();

cx_blake2b_t ctx = {0};
uint8_t personalization[16] = {0};
MEMCPY(personalization, PIC(ZCASH_SAPLING_OUTPUTS_HASH_PERSONALIZATION), 16);
CHECK_CX_OK(cx_blake2b_init2_no_throw(&ctx, 256, NULL, 0, (uint8_t *)personalization, 16));
CHECK_CX_OK(cx_blake2b_init2_no_throw(&ctx, 256, NULL, 0, (uint8_t*)ZCASH_SAPLING_OUTPUTS_HASH_PERSONALIZATION, PERSONALIZATION_SIZE));

if (n == 0) {
CHECK_CX_OK(cx_hash_no_throw(&ctx.header, CX_LAST, 0, 0, output, HASH_SIZE));
return zxerr_ok;
}

cx_blake2b_t ch_ctx = {0};
uint8_t ch_personalization[16] = {0};
MEMCPY(ch_personalization, PIC(ZCASH_SAPLING_OUTPUTS_COMPACT_HASH_PERSONALIZATION), 16);
CHECK_CX_OK(cx_blake2b_init2_no_throw(&ch_ctx, 256, NULL, 0,(uint8_t *)ch_personalization, 16));
CHECK_CX_OK(cx_blake2b_init2_no_throw(&ch_ctx, 256, NULL, 0, (uint8_t*)ZCASH_SAPLING_OUTPUTS_COMPACT_HASH_PERSONALIZATION, PERSONALIZATION_SIZE));

cx_blake2b_t mh_ctx = {0};
uint8_t mh_personalization[16] = {0};
MEMCPY(mh_personalization,PIC(ZCASH_SAPLING_OUTPUTS_MEMOS_HASH_PERSONALIZATION), 16);
CHECK_CX_OK(cx_blake2b_init2_no_throw(&mh_ctx, 256, NULL, 0, (uint8_t *)mh_personalization, 16));
CHECK_CX_OK(cx_blake2b_init2_no_throw(&mh_ctx, 256, NULL, 0, (uint8_t*)ZCASH_SAPLING_OUTPUTS_MEMOS_HASH_PERSONALIZATION, PERSONALIZATION_SIZE));

cx_blake2b_t nh_ctx = {0};
uint8_t nh_personalization[16] = {0};
MEMCPY(nh_personalization, PIC(ZCASH_SAPLING_OUTPUTS_NONCOMPACT_HASH_PERSONALIZATION), 16);
CHECK_CX_OK(cx_blake2b_init2_no_throw(&nh_ctx, 256, NULL, 0, (uint8_t *)nh_personalization, 16));
CHECK_CX_OK(cx_blake2b_init2_no_throw(&nh_ctx, 256, NULL, 0, (uint8_t*)ZCASH_SAPLING_OUTPUTS_NONCOMPACT_HASH_PERSONALIZATION, PERSONALIZATION_SIZE));

const uint8_t *cmu = input + INDEX_OUTPUT_NOTECMT;
const uint8_t *ephemeral_key = input + INDEX_OUTPUT_EPK;
Expand Down Expand Up @@ -298,11 +278,7 @@ zxerr_t hash_header_txid_data(const uint8_t *input, uint8_t *output) {
}

cx_blake2b_t ctx = {0};
uint8_t personalization[16] = {0};
MEMCPY(personalization, PIC(ZCASH_HEADERS_HASH_PERSONALIZATION), 16);
if (cx_blake2b_init2_no_throw(&ctx, 256, NULL, 0, (uint8_t *)personalization, 16) != CX_OK) {
return zxerr_invalid_crypto_settings;
}
CHECK_CX_OK(cx_blake2b_init2_no_throw(&ctx, 256, NULL, 0, (uint8_t*)ZCASH_HEADERS_HASH_PERSONALIZATION, PERSONALIZATION_SIZE));

const uint8_t *version = input + NU5_INDEX_HASH_VERSION;
const uint8_t *version_group_id = input + NU5_INDEX_HASH_VERSION_GROUP_ID;
Expand All @@ -329,11 +305,7 @@ zxerr_t hash_transparent_txid_data(const uint8_t *input, uint8_t *output) {
}

cx_blake2b_t ctx = {0};
uint8_t personalization[16] = {0};
MEMCPY(personalization, PIC(ZCASH_TRANSPARENT_HASH_PERSONALIZATION), 16);
if (cx_blake2b_init2_no_throw(&ctx, 256, NULL, 0, (uint8_t *)personalization, 16) != CX_OK) {
return zxerr_unknown;
}
CHECK_CX_OK(cx_blake2b_init2_no_throw(&ctx, 256, NULL, 0, (uint8_t*)ZCASH_TRANSPARENT_HASH_PERSONALIZATION, PERSONALIZATION_SIZE));

if ((t_inlist_len() + t_outlist_len()) == 0) {
return cx_hash_no_throw(&ctx.header, CX_LAST, NULL, 0, output, HASH_SIZE) == CX_OK ? zxerr_ok : zxerr_unknown;
Expand Down Expand Up @@ -370,9 +342,7 @@ zxerr_t transparent_sig_digest(const uint8_t *input, uint8_t *start_signdata,

// compute amounts digest
cx_blake2b_t ctx_amounts = {0};
uint8_t personalization[16] = {0};
MEMCPY(personalization, PIC(ZCASH_TRANSPARENT_AMOUNTS_HASH_PERSONALIZATION),16);
CHECK_CX_OK(cx_blake2b_init2_no_throw(&ctx_amounts, 256, NULL, 0,(uint8_t *)personalization, 16));
CHECK_CX_OK(cx_blake2b_init2_no_throw(&ctx_amounts, 256, NULL, 0, (uint8_t*)ZCASH_TRANSPARENT_AMOUNTS_HASH_PERSONALIZATION, PERSONALIZATION_SIZE));

uint64_t amount = 0;
uint8_t amounts_digest[HASH_SIZE] = {0};
Expand All @@ -386,9 +356,7 @@ zxerr_t transparent_sig_digest(const uint8_t *input, uint8_t *start_signdata,
CHECK_CX_OK(cx_hash_no_throw(&ctx_amounts.header, CX_LAST, (uint8_t *)&amount, sizeof(uint64_t), amounts_digest, HASH_SIZE));

cx_blake2b_t ctx_scripts = {0};
MEMZERO(personalization, 16);
MEMCPY(personalization, PIC(ZCASH_TRANSPARENT_SCRIPTS_HASH_PERSONALIZATION),16);
CHECK_CX_OK(cx_blake2b_init2_no_throw(&ctx_scripts, 256, NULL, 0,(uint8_t *)personalization, 16));
CHECK_CX_OK(cx_blake2b_init2_no_throw(&ctx_scripts, 256, NULL, 0, (uint8_t*)ZCASH_TRANSPARENT_SCRIPTS_HASH_PERSONALIZATION, PERSONALIZATION_SIZE));

uint8_t scripts[SCRIPT_SIZE] = {0};
uint8_t scripts_digest[HASH_SIZE] = {0};
Expand All @@ -400,14 +368,12 @@ zxerr_t transparent_sig_digest(const uint8_t *input, uint8_t *start_signdata,
t_inlist_retrieve_item_script(t_inlist_len() - 1, scripts);
CHECK_CX_OK(cx_hash_no_throw(&ctx_scripts.header, CX_LAST, scripts, SCRIPT_SIZE,scripts_digest, HASH_SIZE));

MEMZERO(personalization, 16);
const uint8_t *sequence_digest = start_signdata + NU5_INDEX_HASH_SEQUENCEHASH;
const uint8_t *outputs_digest = start_signdata + NU5_INDEX_HASH_OUTPUTSHASH;

cx_blake2b_t ctx_txin_sig_digest = {0};
uint8_t txin_sig_digest[HASH_SIZE] = {0};
MEMCPY(personalization, PIC(ZCASH_TRANSPARENT_INPUT_HASH_PERSONALIZATION),16);
CHECK_CX_OK(cx_blake2b_init2_no_throw(&ctx_txin_sig_digest, 256, NULL, 0,(uint8_t *)personalization, 16));
CHECK_CX_OK(cx_blake2b_init2_no_throw(&ctx_txin_sig_digest, 256, NULL, 0, (uint8_t*)ZCASH_TRANSPARENT_INPUT_HASH_PERSONALIZATION, PERSONALIZATION_SIZE));

if (type == transparent) {
const t_input_item_t *item = t_inlist_retrieve_item(index);
Expand All @@ -425,12 +391,10 @@ zxerr_t transparent_sig_digest(const uint8_t *input, uint8_t *start_signdata,
CHECK_CX_OK(cx_hash_no_throw(&ctx_txin_sig_digest.header, 0, sequence_data, SEQUENCE_SIZE, NULL, 0));
}

CHECK_CX_OK(cx_hash_no_throw(&ctx_txin_sig_digest.header, CX_LAST, NULL, 0,txin_sig_digest, HASH_SIZE));
CHECK_CX_OK(cx_hash_no_throw(&ctx_txin_sig_digest.header, CX_LAST, NULL, 0, txin_sig_digest, HASH_SIZE));

cx_blake2b_t ctx = {0};
MEMZERO(personalization, 16);
MEMCPY(personalization, PIC(ZCASH_TRANSPARENT_HASH_PERSONALIZATION), 16);
CHECK_CX_OK(cx_blake2b_init2_no_throw(&ctx, 256, NULL, 0, (uint8_t *)personalization,16));
CHECK_CX_OK(cx_blake2b_init2_no_throw(&ctx, 256, NULL, 0, (uint8_t*)ZCASH_TRANSPARENT_HASH_PERSONALIZATION, PERSONALIZATION_SIZE));

CHECK_CX_OK(cx_hash_no_throw(&ctx.header, 0, &hash_type, sizeof(uint8_t), NULL, 0));
CHECK_CX_OK(cx_hash_no_throw(&ctx.header, 0, prevout_digest, HASH_SIZE, NULL, 0));
Expand All @@ -451,9 +415,7 @@ zxerr_t hash_sapling_txid_data(const uint8_t *input, uint8_t *output) {
}

cx_blake2b_t ctx = {0};
uint8_t personalization[16] = {0};
MEMCPY(personalization, PIC(ZCASH_SAPLING_HASH_PERSONALIZATION), 16);
CHECK_CX_OK(cx_blake2b_init2_no_throw(&ctx, 256, NULL, 0, (uint8_t *)personalization, 16));
CHECK_CX_OK(cx_blake2b_init2_no_throw(&ctx, 256, NULL, 0, (uint8_t*)ZCASH_SAPLING_HASH_PERSONALIZATION, PERSONALIZATION_SIZE));

if (spendlist_len() + outputlist_len() == 0) {
CHECK_CX_OK(cx_hash_no_throw(&ctx.header, CX_LAST, 0, 0, output, HASH_SIZE));
Expand All @@ -475,9 +437,7 @@ zxerr_t hash_empty_orchard_txid_data(uint8_t *output) {
return zxerr_no_data;
}
cx_blake2b_t ctx = {0};
uint8_t personalization[16] = {0};
MEMCPY(personalization, PIC(ZCASH_ORCHARD_HASH_PERSONALIZATION), 16);
CHECK_CX_OK(cx_blake2b_init2_no_throw(&ctx, 256, NULL, 0, (uint8_t *)personalization, 16));
CHECK_CX_OK(cx_blake2b_init2_no_throw(&ctx, 256, NULL, 0, (uint8_t*)ZCASH_ORCHARD_HASH_PERSONALIZATION, PERSONALIZATION_SIZE));
CHECK_CX_OK(cx_hash_no_throw(&ctx.header, CX_LAST, 0, 0, output, HASH_SIZE));

return zxerr_ok;
Expand Down

0 comments on commit 901035f

Please sign in to comment.