forked from zcash/zcash
-
Notifications
You must be signed in to change notification settings - Fork 18
/
key_agreement.rs
70 lines (58 loc) · 1.99 KB
/
key_agreement.rs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
use group::{Group, GroupEncoding};
use rand_core::{OsRng, RngCore};
use zcash_primitives::sapling::{Diversifier, NullifierDerivingKey, ViewingKey};
use crate::{
librustzcash_sapling_generate_r, librustzcash_sapling_ka_agree,
librustzcash_sapling_ka_derivepublic,
};
#[test]
fn test_key_agreement() {
let mut rng = OsRng;
// Create random viewing key
let vk = ViewingKey {
ak: jubjub::SubgroupPoint::random(&mut rng),
nk: NullifierDerivingKey(jubjub::SubgroupPoint::random(&mut rng)),
};
// Create a random address with the viewing key
let addr = loop {
let mut d = [0; 11];
rng.fill_bytes(&mut d);
if let Some(a) = vk.to_payment_address(Diversifier(d)) {
break a;
}
};
// Grab ivk from our viewing key in serialized form
let ivk = vk.ivk();
let ivk_serialized = ivk.to_repr();
// Create random esk
let mut esk = [0u8; 32];
librustzcash_sapling_generate_r(&mut esk);
// The sender will create a shared secret with the recipient
// by multiplying the pk_d from their address with the esk
// we randomly generated
let mut shared_secret_sender = [0u8; 32];
// Serialize pk_d for the call to librustzcash_sapling_ka_agree
let addr_pk_d = addr.pk_d().to_bytes();
assert!(librustzcash_sapling_ka_agree(
&addr_pk_d,
&esk,
&mut shared_secret_sender
));
// Create epk for the recipient, placed in the transaction. Computed
// using the diversifier and esk.
let mut epk = [0u8; 32];
assert!(librustzcash_sapling_ka_derivepublic(
&addr.diversifier().0,
&esk,
&mut epk
));
// Create sharedSecret with ephemeral key
let mut shared_secret_recipient = [0u8; 32];
assert!(librustzcash_sapling_ka_agree(
&epk,
&ivk_serialized,
&mut shared_secret_recipient
));
assert!(!shared_secret_sender.iter().all(|&v| v == 0));
assert_eq!(shared_secret_sender, shared_secret_recipient);
}