diff --git a/src/bundle.rs b/src/bundle.rs index 257f3510a..4cf88ccc8 100644 --- a/src/bundle.rs +++ b/src/bundle.rs @@ -631,10 +631,11 @@ pub mod testing { use super::{Action, Authorized, Bundle, Flags}; pub use crate::action::testing::ActionArb; - use crate::note::asset_base::testing::arb_zsa_asset_base; - use crate::note::AssetBase; - use crate::primitives::OrchardPrimitives; - use crate::value::testing::arb_note_value; + use crate::{ + note::{asset_base::testing::arb_zsa_asset_base, AssetBase}, + primitives::OrchardPrimitives, + value::testing::arb_note_value, + }; /// Marker type for a bundle that contains no authorizing data. pub type Unauthorized = super::EffectsOnly; diff --git a/src/bundle/batch.rs b/src/bundle/batch.rs index 4cc1deb04..f2f3b4cb5 100644 --- a/src/bundle/batch.rs +++ b/src/bundle/batch.rs @@ -8,8 +8,10 @@ use tracing::debug; use super::{Authorized, Bundle}; use crate::{ circuit::VerifyingKey, - primitives::redpallas::{self, Binding, SpendAuth}, - primitives::OrchardPrimitives, + primitives::{ + redpallas::{self, Binding, SpendAuth}, + OrchardPrimitives, + }, }; /// A signature within an authorized Orchard bundle. diff --git a/src/bundle/burn_validation.rs b/src/bundle/burn_validation.rs index 0bd7f455f..0d94c761e 100644 --- a/src/bundle/burn_validation.rs +++ b/src/bundle/burn_validation.rs @@ -65,16 +65,14 @@ impl fmt::Display for BurnError { #[cfg(test)] mod tests { - use crate::issuance::compute_asset_desc_hash; - use crate::value::NoteValue; - use nonempty::NonEmpty; - use super::*; + use crate::{issuance::compute_asset_desc_hash, issuance_auth::ZSASchnorr, value::NoteValue}; + use nonempty::NonEmpty; /// Creates an item of bundle burn list for a given asset description hash and value. /// /// This function is deterministic and guarantees that each call with the same parameters - /// will return the same result. It achieves determinism by using a static `IssuanceAuthorizingKey`. + /// will return the same result. It achieves determinism by using a static `IssueAuthKey`. /// /// # Arguments /// @@ -86,12 +84,12 @@ mod tests { /// A tuple `(AssetBase, Amount)` representing the burn list item. /// fn get_burn_tuple(asset_desc_hash: &[u8; 32], value: u64) -> (AssetBase, NoteValue) { - use crate::keys::{IssuanceAuthorizingKey, IssuanceValidatingKey}; + use crate::issuance_auth::{IssueAuthKey, IssueValidatingKey}; - let isk = IssuanceAuthorizingKey::from_bytes([1u8; 32]).unwrap(); + let isk = IssueAuthKey::::from_bytes(&[1u8; 32]).unwrap(); ( - AssetBase::derive(&IssuanceValidatingKey::from(&isk), asset_desc_hash), + AssetBase::derive(&IssueValidatingKey::from(&isk), asset_desc_hash), NoteValue::from_raw(value), ) } diff --git a/src/bundle/commitments.rs b/src/bundle/commitments.rs index 014fc07c1..5d8fe2a16 100644 --- a/src/bundle/commitments.rs +++ b/src/bundle/commitments.rs @@ -112,7 +112,7 @@ pub(crate) fn hash_issue_bundle_txid_data(bundle: &IssueBundle) ia.update(&[u8::from(action.is_finalized())]); } h.update(ia.finalize().as_bytes()); - h.update(&bundle.ik().to_bytes()); + h.update(&bundle.ik().encode()); h.finalize() } @@ -123,7 +123,7 @@ pub(crate) fn hash_issue_bundle_txid_data(bundle: &IssueBundle) /// [zip246]: https://zips.z.cash/zip-0246 pub(crate) fn hash_issue_bundle_auth_data(bundle: &IssueBundle) -> Blake2bHash { let mut h = hasher(ZCASH_ORCHARD_ZSA_ISSUE_SIG_PERSONALIZATION); - h.update(&<[u8; 64]>::from(bundle.authorization().signature())); + h.update(&bundle.authorization().signature().encode()); h.finalize() } diff --git a/src/circuit/circuit_zsa.rs b/src/circuit/circuit_zsa.rs index 94908a580..41e796d6b 100644 --- a/src/circuit/circuit_zsa.rs +++ b/src/circuit/circuit_zsa.rs @@ -40,8 +40,7 @@ use crate::{ AdditionalZsaWitnesses, Config, OrchardCircuit, Witnesses, ANCHOR, CMX, CV_NET_X, CV_NET_Y, ENABLE_OUTPUT, ENABLE_SPEND, ENABLE_ZSA, NF_OLD, RK_X, RK_Y, }, - constants::OrchardFixedBasesFull, - constants::{OrchardFixedBases, OrchardHashDomains}, + constants::{OrchardFixedBases, OrchardFixedBasesFull, OrchardHashDomains}, note::AssetBase, orchard_flavor::OrchardZSA, }; diff --git a/src/circuit/value_commit_orchard.rs b/src/circuit/value_commit_orchard.rs index 8a3e95956..8ad2793a1 100644 --- a/src/circuit/value_commit_orchard.rs +++ b/src/circuit/value_commit_orchard.rs @@ -130,9 +130,11 @@ pub(in crate::circuit) mod gadgets { #[cfg(test)] mod tests { use crate::{ - circuit::gadget::assign_free_advice, - circuit::value_commit_orchard::gadgets::value_commit_orchard, - circuit::K, + circuit::{ + gadget::assign_free_advice, + value_commit_orchard::{gadgets::value_commit_orchard, ZsaValueCommitParams}, + K, + }, constants::{OrchardCommitDomains, OrchardFixedBases, OrchardHashDomains}, note::AssetBase, value::{NoteValue, ValueCommitTrapdoor, ValueCommitment}, @@ -156,7 +158,6 @@ mod tests { }; use pasta_curves::pallas; - use crate::circuit::value_commit_orchard::ZsaValueCommitParams; use rand::{rngs::OsRng, RngCore}; #[test] diff --git a/src/issuance.rs b/src/issuance.rs index abc94f4d6..45cb9ae83 100644 --- a/src/issuance.rs +++ b/src/issuance.rs @@ -15,8 +15,8 @@ use alloc::{collections::BTreeMap, string::String, vec::Vec}; use blake2b_simd::{Hash as Blake2bHash, Params}; use core::fmt; +use core::fmt::Debug; use group::Group; -use k256::schnorr; use nonempty::NonEmpty; use rand::RngCore; @@ -24,17 +24,18 @@ use crate::{ asset_record::AssetRecord, bundle::commitments::{hash_issue_bundle_auth_data, hash_issue_bundle_txid_data}, constants::reference_keys::ReferenceKeys, - keys::{IssuanceAuthorizingKey, IssuanceValidatingKey}, + issuance_auth::{IssueAuthKey, IssueAuthSig, IssueValidatingKey}, note::{rho_for_issuance_note, AssetBase, Nullifier, Rho}, value::NoteValue, Address, Note, }; +use crate::issuance_auth::ZSASchnorr; use Error::{ AssetBaseCannotBeIdentityPoint, CannotBeFirstIssuance, IncorrectRhoDerivation, - IssueActionNotFound, IssueActionPreviouslyFinalizedAssetBase, - IssueActionWithoutNoteNotFinalized, IssueBundleIkMismatchAssetBase, - IssueBundleInvalidSignature, MissingReferenceNoteOnFirstIssuance, ValueOverflow, + InvalidIssueAuthKey, InvalidIssueBundleSig, InvalidIssueValidatingKey, IssueActionNotFound, + IssueActionPreviouslyFinalizedAssetBase, IssueActionWithoutNoteNotFinalized, + IssueBundleIkMismatchAssetBase, MissingReferenceNoteOnFirstIssuance, ValueOverflow, }; /// Checks if a given note is a reference note. @@ -50,7 +51,7 @@ fn is_reference_note(note: &Note) -> bool { #[derive(Debug, Clone, PartialEq, Eq)] pub struct IssueBundle { /// The issuer key for the note being created. - ik: IssuanceValidatingKey, + ik: IssueValidatingKey, /// The list of issue actions that make up this bundle. actions: NonEmpty, /// The authorization for this action. @@ -148,7 +149,7 @@ impl IssueAction { /// /// # Arguments /// - /// * `ik` - A reference to the `IssuanceValidatingKey` used for deriving the asset. + /// * `ik` - A reference to the `IssueValidatingKey` used for deriving the asset. /// /// # Returns /// @@ -164,7 +165,7 @@ impl IssueAction { /// * `AssetBaseCannotBeIdentityPoint`: The derived `AssetBase` is the identity point of the /// Pallas curve. /// * `IssueActionWithoutNoteNotFinalized`: The `IssueAction` contains no notes and is not finalized. - fn verify(&self, ik: &IssuanceValidatingKey) -> Result<(AssetBase, NoteValue), Error> { + fn verify(&self, ik: &IssueValidatingKey) -> Result<(AssetBase, NoteValue), Error> { if self.notes.is_empty() && !self.is_finalized() { return Err(IssueActionWithoutNoteNotFinalized); } @@ -238,21 +239,21 @@ pub struct Prepared { } /// Marker for an authorized bundle. -#[derive(Debug, Clone, PartialEq, Eq)] +#[derive(Clone, Debug, PartialEq, Eq)] pub struct Signed { - signature: schnorr::Signature, + signature: IssueAuthSig, } impl Signed { /// Returns the signature for this authorization. - pub fn signature(&self) -> &schnorr::Signature { + pub fn signature(&self) -> &IssueAuthSig { &self.signature } - /// Constructs a `Signed` from a byte array containing Schnorr signature bytes. - pub fn from_data(data: [u8; 64]) -> Self { + /// Constructs a `Signed` from a byte array containing an `IssueAuthSig` in raw bytes. + pub fn from_data(data: &[u8]) -> Self { Signed { - signature: schnorr::Signature::try_from(data.as_ref()).unwrap(), + signature: IssueAuthSig::decode(data).unwrap(), } } } @@ -264,7 +265,7 @@ impl IssueAuth for Signed {} impl IssueBundle { /// Returns the issuer verification key for the bundle. - pub fn ik(&self) -> &IssuanceValidatingKey { + pub fn ik(&self) -> &IssueValidatingKey { &self.ik } /// Return the actions for a given `IssueBundle`. @@ -335,7 +336,7 @@ impl IssueBundle { /// Constructs an `IssueBundle` from its constituent parts. pub fn from_parts( - ik: IssuanceValidatingKey, + ik: IssueValidatingKey, actions: NonEmpty, authorization: T, ) -> Self { @@ -372,7 +373,7 @@ impl IssueBundle { /// If `first_issuance` is true, the `IssueBundle` will contain a reference note for the asset /// defined by (`asset_desc_hash`, `ik`). pub fn new( - ik: IssuanceValidatingKey, + ik: IssueValidatingKey, asset_desc_hash: [u8; 32], issue_info: Option, first_issuance: bool, @@ -539,8 +540,8 @@ fn create_reference_note(asset: AssetBase, mut rng: impl RngCore) -> Note { impl IssueBundle { /// Sign the `IssueBundle`. /// The call makes sure that the provided `isk` matches the `ik` and the derived `asset` for each note in the bundle. - pub fn sign(self, isk: &IssuanceAuthorizingKey) -> Result, Error> { - let expected_ik: IssuanceValidatingKey = isk.into(); + pub fn sign(self, isk: &IssueAuthKey) -> Result, Error> { + let expected_ik = IssueValidatingKey::from(isk); // Make sure the `expected_ik` matches the `asset` for all notes. self.actions.iter().try_for_each(|action| { @@ -551,7 +552,7 @@ impl IssueBundle { // Make sure the signature can be generated. let signature = isk .try_sign(&self.authorization.sighash) - .map_err(|_| IssueBundleInvalidSignature)?; + .map_err(|_| InvalidIssueBundleSig)?; Ok(IssueBundle { ik: self.ik, @@ -640,7 +641,7 @@ pub fn verify_issue_bundle( bundle .ik() .verify(&sighash, bundle.authorization().signature()) - .map_err(|_| IssueBundleInvalidSignature)?; + .map_err(|_| InvalidIssueBundleSig)?; bundle.actions().iter().enumerate().try_fold( BTreeMap::new(), @@ -704,9 +705,15 @@ pub enum Error { /// It cannot be first issuance because we have already some notes for this asset. CannotBeFirstIssuance, + /// Signing errors: + /// Invalid issuance authorizing key. + InvalidIssueAuthKey, + /// Verification errors: - /// Invalid signature. - IssueBundleInvalidSignature, + /// Invalid issuance validating key. + InvalidIssueValidatingKey, + /// Invalid IssueBundle signature. + InvalidIssueBundleSig, /// The provided `AssetBase` has been previously finalized. IssueActionPreviouslyFinalizedAssetBase, /// The rho value of an issuance note is not correctly derived from the first nullifier. @@ -749,8 +756,14 @@ impl fmt::Display for Error { "it cannot be first issuance because we have already some notes for this asset." ) } - IssueBundleInvalidSignature => { - write!(f, "invalid signature") + InvalidIssueAuthKey => { + write!(f, "invalid issuance authorizing key") + } + InvalidIssueValidatingKey => { + write!(f, "invalid issuance validating key") + } + InvalidIssueBundleSig => { + write!(f, "invalid IssueBundle signature") } IssueActionPreviouslyFinalizedAssetBase => { write!(f, "the provided `AssetBase` has been previously finalized") @@ -781,17 +794,15 @@ mod tests { builder::{Builder, BundleType}, circuit::ProvingKey, issuance::Error::{ - IncorrectRhoDerivation, IssueActionNotFound, IssueActionPreviouslyFinalizedAssetBase, - IssueBundleIkMismatchAssetBase, IssueBundleInvalidSignature, + IncorrectRhoDerivation, InvalidIssueBundleSig, IssueActionNotFound, + IssueActionPreviouslyFinalizedAssetBase, IssueBundleIkMismatchAssetBase, }, issuance::{ compute_asset_desc_hash, is_reference_note, verify_issue_bundle, IssueAction, IssueBundle, IssueInfo, Signed, }, - keys::{ - FullViewingKey, IssuanceAuthorizingKey, IssuanceValidatingKey, Scope, - SpendAuthorizingKey, SpendingKey, - }, + issuance_auth::{IssueAuthKey, IssueValidatingKey, ZSASchnorr}, + keys::{FullViewingKey, Scope, SpendAuthorizingKey, SpendingKey}, note::{rho_for_issuance_note, AssetBase, ExtractedNoteCommitment, Nullifier, Rho}, orchard_flavor::OrchardZSA, tree::{MerkleHashOrchard, MerklePath}, @@ -824,8 +835,8 @@ mod tests { #[derive(Clone)] struct TestParams { rng: OsRng, - isk: IssuanceAuthorizingKey, - ik: IssuanceValidatingKey, + isk: IssueAuthKey, + ik: IssueValidatingKey, recipient: Address, sighash: [u8; 32], first_nullifier: Nullifier, @@ -834,8 +845,8 @@ mod tests { fn setup_params() -> TestParams { let mut rng = OsRng; - let isk = IssuanceAuthorizingKey::random(&mut rng); - let ik: IssuanceValidatingKey = (&isk).into(); + let isk = IssueAuthKey::::random(&mut rng); + let ik = IssueValidatingKey::from(&isk); let fvk = FullViewingKey::from(&SpendingKey::random(&mut rng)); let recipient = fvk.address_at(0u32, Scope::External); @@ -865,7 +876,7 @@ mod tests { note1_asset_desc: &[u8], note2_asset_desc: Option<&[u8]>, // if None, both notes use the same asset finalize: bool, - ) -> (IssuanceValidatingKey, AssetBase, IssueAction) { + ) -> (IssueValidatingKey, AssetBase, IssueAction) { let TestParams { mut rng, ik, @@ -1168,7 +1179,7 @@ mod tests { rng, ); - let wrong_isk: IssuanceAuthorizingKey = IssuanceAuthorizingKey::random(&mut rng); + let wrong_isk = IssueAuthKey::::random(&mut rng); let err = bundle .update_rho(&first_nullifier) @@ -1550,7 +1561,7 @@ mod tests { rng, ); - let wrong_isk: IssuanceAuthorizingKey = IssuanceAuthorizingKey::random(&mut rng); + let wrong_isk = IssueAuthKey::::random(&mut rng); let mut signed = bundle .update_rho(&first_nullifier) @@ -1564,7 +1575,7 @@ mod tests { assert_eq!( verify_issue_bundle(&signed, sighash, |_| None, &first_nullifier).unwrap_err(), - IssueBundleInvalidSignature + InvalidIssueBundleSig ); } @@ -1599,7 +1610,7 @@ mod tests { assert_eq!( verify_issue_bundle(&signed, random_sighash, |_| None, &first_nullifier).unwrap_err(), - IssueBundleInvalidSignature + InvalidIssueBundleSig ); } @@ -1681,8 +1692,8 @@ mod tests { .sign(&isk) .unwrap(); - let incorrect_isk = IssuanceAuthorizingKey::random(&mut rng); - let incorrect_ik: IssuanceValidatingKey = (&incorrect_isk).into(); + let incorrect_isk = IssueAuthKey::::random(&mut rng); + let incorrect_ik = IssueValidatingKey::from(&incorrect_isk); // Add "bad" note let note = Note::new( @@ -1774,8 +1785,8 @@ mod tests { let sk = SpendingKey::from_bytes([1; 32]).unwrap(); let fvk = FullViewingKey::from(&sk); let recipient = fvk.address_at(0u32, Scope::External); - let isk = IssuanceAuthorizingKey::from_bytes([2; 32]).unwrap(); - let ik = IssuanceValidatingKey::from(&isk); + let isk = IssueAuthKey::::from_bytes(&[2; 32]).unwrap(); + let ik = IssueValidatingKey::from(&isk); // Setup note and merkle tree let mut rng = OsRng; @@ -1917,22 +1928,25 @@ mod tests { pub mod testing { use crate::{ issuance::{AwaitingNullifier, IssueAction, IssueBundle, Prepared, Signed}, - keys::testing::arb_issuance_validating_key, + issuance_auth::{ + testing::arb_issuance_validating_key, IssueAuthSig, IssueAuthSigScheme, ZSASchnorr, + }, note::asset_base::testing::zsa_asset_base, note::testing::arb_zsa_note, }; - use k256::schnorr; use nonempty::NonEmpty; use proptest::collection::vec; use proptest::prelude::*; use proptest::prop_compose; prop_compose! { - /// Generate a uniformly distributed signature + /// Generate a uniformly distributed ZSA Schnorr signature pub(crate) fn arb_signature()( sig_bytes in vec(prop::num::u8::ANY, 64) - ) -> schnorr::Signature { - schnorr::Signature::try_from(sig_bytes.as_slice()).unwrap() + ) -> IssueAuthSig { + let mut encoded = vec![ZSASchnorr::ALGORITHM_BYTE]; + encoded.extend(sig_bytes); + IssueAuthSig::decode(&encoded).unwrap() } } diff --git a/src/issuance_auth.rs b/src/issuance_auth.rs new file mode 100644 index 000000000..8eee3346f --- /dev/null +++ b/src/issuance_auth.rs @@ -0,0 +1,388 @@ +//! Issuance authorization logic for Zcash Shielded Assets (ZSAs). +//! +//! This module provides types and methods for working with issuance authorizing keys, validating +//! keys, and authorization signatures, as defined in [ZIP 227]. +//! +//! # Example +//! ``` +//! use rand::rngs::OsRng; +//! use orchard::issuance_auth::{IssueAuthKey, IssueValidatingKey, ZSASchnorr}; +//! +//! let mut rng = OsRng; +//! let isk = IssueAuthKey::::random(&mut rng); +//! let ik = IssueValidatingKey::from(&isk); +//! let msg = [1u8; 32]; +//! let sig = isk.try_sign(&msg).unwrap(); +//! ik.verify(&msg, &sig).unwrap(); +//! ``` +//! +//! [ZIP 227]: https://zips.z.cash/zip-0227 + +use alloc::vec::Vec; +use core::{ + fmt::{Debug, Formatter}, + mem::size_of_val, +}; + +use k256::{ + schnorr, + schnorr::{signature::hazmat::PrehashVerifier, VerifyingKey}, + NonZeroScalar, +}; +use rand_core::CryptoRngCore; + +use crate::{ + issuance::Error, + zip32::{self, ExtendedSpendingKey}, +}; + +// Preserve '::' which specifies the EXTERNAL 'zip32' crate +#[rustfmt::skip] +pub use ::zip32::{AccountId, ChildIndex, DiversifierIndex, Scope, hardened_only}; + +const ZIP32_PURPOSE_FOR_ISSUANCE: u32 = 227; + +/// Trait that defines the common interface for issuance authorization signature schemes. +pub trait IssueAuthSigScheme { + /// The byte corresponding to this signature scheme, used to encode the issuance validating key + /// and issuance authorization signature. + const ALGORITHM_BYTE: u8; + + /// The type of the issuance authorizing key. + type IskType; + /// The type of the issuance validating key. + type IkType: Clone + PartialEq; + /// The type of the issuance authorization signature. + type IssueAuthSigType: Clone + PartialEq; + + /// Signs a 32-byte message using the issuance authorizing key. + /// + /// Only supports signing of messages of length 32 bytes, since we will only be using it + /// to sign 32 byte SIGHASH values. + fn try_sign(isk: &Self::IskType, msg: &[u8; 32]) -> Result; + + /// Verifies a signature over a message using the issuance validating key. + /// + /// Only supports verifying of messages of length 32 bytes, since we will only be using it + /// to verify 32 byte SIGHASH values. + fn verify( + ik: &Self::IkType, + msg: &[u8; 32], + signature: &Self::IssueAuthSigType, + ) -> Result<(), Error>; +} + +/// An issuance authorizing key. +/// +/// This is denoted by `isk` as defined in [ZIP 227][issuancekeycomponents]. +/// +/// [issuancekeycomponents]: https://zips.z.cash/zip-0227#issuance-key-derivation +#[derive(Clone)] +pub struct IssueAuthKey(S::IskType); + +impl IssueAuthKey { + /// Sign the provided message using the `IssueAuthKey`. + /// + /// Only supports signing of messages of length 32 bytes, since we will only be using it + /// to sign 32 byte SIGHASH values. + pub fn try_sign(&self, msg: &[u8; 32]) -> Result, Error> { + S::try_sign(&self.0, msg).map(IssueAuthSig) + } +} + +/// An issuance validating key which is used to validate issuance authorization signatures. +/// +/// This is denoted by `ik` and defined in [ZIP 227: Issuance of Zcash Shielded Assets § Issuance Key Generation][IssuanceZSA]. +/// +/// [IssuanceZSA]: https://zips.z.cash/zip-0227#issuance-key-derivation +#[derive(Clone, PartialEq, Eq)] +pub struct IssueValidatingKey(S::IkType); + +impl IssueValidatingKey { + /// Verifies a purported `signature` over `msg` made by this verification key. + /// + /// Only supports verifying of messages of length 32 bytes, since we will only be using it + /// to verify 32 byte SIGHASH values. + pub fn verify(&self, msg: &[u8; 32], sig: &IssueAuthSig) -> Result<(), Error> { + S::verify(&self.0, msg, &sig.0) + } +} + +/// An issuance authorization signature `issueAuthSig`, +/// +/// as defined in [ZIP 227][issueauthsig]. +/// +/// [issueauthsig]: https://zips.z.cash/zip-0227#issuance-authorization-signature-scheme +#[derive(Clone, Debug, PartialEq, Eq)] +pub struct IssueAuthSig(S::IssueAuthSigType); + +/// The Orchard-ZSA issuance authorization signature scheme, based on BIP 340 Schnorr. +#[derive(Clone, Debug, PartialEq, Eq)] +pub struct ZSASchnorr; + +impl IssueAuthSigScheme for ZSASchnorr { + const ALGORITHM_BYTE: u8 = 0x00; + + type IskType = NonZeroScalar; + type IkType = VerifyingKey; + type IssueAuthSigType = schnorr::Signature; + + fn try_sign(isk: &Self::IskType, msg: &[u8; 32]) -> Result { + schnorr::SigningKey::sign_raw(&schnorr::SigningKey::from(*isk), msg, &[0u8; 32]) + .map_err(|_| Error::InvalidIssueBundleSig) + } + + fn verify( + ik: &Self::IkType, + msg: &[u8; 32], + sig: &Self::IssueAuthSigType, + ) -> Result<(), Error> { + ik.verify_prehash(msg, sig) + .map_err(|_| Error::InvalidIssueBundleSig) + } +} + +impl IssueAuthKey { + /// Generates a random issuance authorizing key. + /// + /// This is only used when generating a random AssetBase. + /// Real issuance keys should be derived according to [ZIP 32]. + /// + /// [ZIP 32]: https://zips.z.cash/zip-0032 + pub fn random(rng: &mut impl CryptoRngCore) -> Self { + Self(NonZeroScalar::random(rng)) + } + + fn to_bytes(&self) -> Vec { + self.0.to_bytes().to_vec() + } + + /// Deserialize the issuance authorization signature from its canonical byte representation. + pub fn from_bytes(bytes: &[u8]) -> Option { + NonZeroScalar::try_from(bytes).ok().map(Self) + } + + /// Derives the Orchard-ZSA issuance key for the given seed, coin type, and account. + pub fn from_zip32_seed( + seed: &[u8], + coin_type: u32, + account: u32, + ) -> Result { + if account != 0 { + return Err(zip32::Error::NonZeroAccount); + } + + // Call zip32 logic + let path = &[ + ChildIndex::hardened(ZIP32_PURPOSE_FOR_ISSUANCE), + ChildIndex::hardened(coin_type), + ChildIndex::hardened(account), + ]; + + // we are reusing zip32 logic for deriving the key, zip32 should be updated as discussed + let &isk_bytes = ExtendedSpendingKey::::from_path(seed, path)? + .sk() + .to_bytes(); + + Self::from_bytes(&isk_bytes).ok_or(zip32::Error::InvalidSpendingKey) + } +} + +impl From<&IssueAuthKey> for IssueValidatingKey { + fn from(isk: &IssueAuthKey) -> Self { + Self(*schnorr::SigningKey::from(isk.0).verifying_key()) + } +} + +impl IssueValidatingKey { + /// Encodes the issuance validating key into a byte vector, in the manner defined in [ZIP 227][issuancekeycomponents]. + /// + /// [issuancekeycomponents]: https://zips.z.cash/zip-0227#derivation-of-issuance-validating-key + pub fn encode(&self) -> Vec { + let ik_bytes = self.0.to_bytes().to_vec(); + let mut encoded = + Vec::with_capacity(size_of_val(&ZSASchnorr::ALGORITHM_BYTE) + ik_bytes.len()); + encoded.push(ZSASchnorr::ALGORITHM_BYTE); + encoded.extend(ik_bytes); + encoded + } + + /// Decodes an issuance validating key from the byte representation defined in [ZIP 227][issuancekeycomponents]. + /// + /// [issuancekeycomponents]: https://zips.z.cash/zip-0227#derivation-of-issuance-validating-key + pub fn decode(bytes: &[u8]) -> Result { + if let Some((&algorithm_byte, key_bytes)) = bytes.split_first() { + if algorithm_byte == ZSASchnorr::ALGORITHM_BYTE { + return VerifyingKey::from_bytes(key_bytes) + .map(Self) + .map_err(|_| Error::InvalidIssueValidatingKey); + } + } + Err(Error::InvalidIssueValidatingKey) + } +} + +impl IssueAuthSig { + /// Encodes the issuance authorization signature into a byte vector, in the manner + /// defined in [ZIP 227][issueauthsig]. + /// + /// [issueauthsig]: https://zips.z.cash/zip-0227#issuance-authorization-signing-and-validation + pub(crate) fn encode(&self) -> Vec { + let sig_bytes = self.0.to_bytes().to_vec(); + let mut encoded = + Vec::with_capacity(size_of_val(&ZSASchnorr::ALGORITHM_BYTE) + sig_bytes.len()); + encoded.push(ZSASchnorr::ALGORITHM_BYTE); + encoded.extend(sig_bytes); + encoded + } + + /// Decodes an issuance authorization signature from the byte representation defined + /// in [ZIP 227][issueauthsig]. + /// + /// [issueauthsig]: https://zips.z.cash/zip-0227#issuance-authorization-signing-and-validation + pub(crate) fn decode(bytes: &[u8]) -> Result { + if let Some((&algorithm_byte, key_bytes)) = bytes.split_first() { + if algorithm_byte == ZSASchnorr::ALGORITHM_BYTE { + return schnorr::Signature::try_from(key_bytes) + .map(Self) + .map_err(|_| Error::InvalidIssueBundleSig); + } + } + Err(Error::InvalidIssueBundleSig) + } +} + +impl Debug for IssueValidatingKey { + fn fmt(&self, f: &mut Formatter<'_>) -> core::fmt::Result { + let ik_bytes = self.encode(); + let last4 = &ik_bytes[(ik_bytes.len() - 4)..]; + + write!( + f, + "IssueValidatingKey {{ last4: 0x{:02x}{:02x}{:02x}{:02x} }}", + last4[0], last4[1], last4[2], last4[3] + ) + } +} + +impl Debug for IssueAuthKey { + fn fmt(&self, f: &mut Formatter<'_>) -> core::fmt::Result { + // Do not print bytes from the issuance authorizing key. + let ik = IssueValidatingKey::from(self); + write!(f, "IssueAuthKey({:?})", ik) + } +} + +/// Generators for property testing. +#[cfg(any(test, feature = "test-dependencies"))] +#[cfg_attr(docsrs, doc(cfg(feature = "test-dependencies")))] +pub mod testing { + use super::{IssueAuthKey, IssueValidatingKey, ZSASchnorr}; + + use proptest::prelude::*; + + prop_compose! { + /// Generate a uniformly distributed Orchard issuance authorizing key. + pub fn arb_issuance_authorizing_key()( + key in prop::array::uniform32(prop::num::u8::ANY) + .prop_map(|key| IssueAuthKey::from_bytes(&key)) + .prop_filter( + "Values must be valid Orchard-ZSA issuance authorizing keys.", + |opt| opt.is_some() + ) + ) -> IssueAuthKey { + key.unwrap() + } + } + + prop_compose! { + /// Generate a uniformly distributed issuance validating key. + pub fn arb_issuance_validating_key()(isk in arb_issuance_authorizing_key()) -> IssueValidatingKey { + IssueValidatingKey::from(&isk) + } + } +} + +#[cfg(test)] +mod tests { + use super::*; + use rand::rngs::OsRng; + + #[test] + fn issuance_authorizing_key_from_bytes_fail_on_zero() { + // isk must not be the zero scalar for the ZSA Schnorr scheme. + let zero_bytes = [0u8; 32]; + let isk = IssueAuthKey::::from_bytes(&zero_bytes); + assert!(isk.is_none()); + } + + #[test] + fn issuance_authorizing_key_from_bytes_to_bytes_roundtrip() { + let isk: IssueAuthKey = IssueAuthKey::random(&mut OsRng); + let isk_bytes = isk.to_bytes(); + let isk_roundtrip = IssueAuthKey::::from_bytes(&isk_bytes).unwrap(); + assert_eq!(isk_bytes, isk_roundtrip.to_bytes()); + } + + #[test] + fn issuance_validating_key_encode_decode_roundtrip() { + let isk: IssueAuthKey = IssueAuthKey::random(&mut OsRng); + let ik = IssueValidatingKey::from(&isk); + let ik_bytes = ik.encode(); + let ik_roundtrip = IssueValidatingKey::decode(&ik_bytes).unwrap(); + assert_eq!(ik_bytes, ik_roundtrip.encode()); + } + + #[test] + fn issuance_authorization_signature_encode_decode_roundtrip() { + let isk: IssueAuthKey = IssueAuthKey::random(&mut OsRng); + let sig = isk.try_sign(&[1u8; 32]).unwrap(); + let sig_bytes = sig.encode(); + let sig_roundtrip = IssueAuthSig::::decode(&sig_bytes).unwrap(); + assert_eq!(sig_bytes, sig_roundtrip.encode()); + } + + #[test] + fn verify_fails_on_wrong_message() { + let isk: IssueAuthKey = IssueAuthKey::random(&mut OsRng); + let ik = IssueValidatingKey::from(&isk); + let msg = [1u8; 32]; + let incorrect_msg = [2u8; 32]; + let sig = isk.try_sign(&msg).unwrap(); + assert_eq!( + ik.verify(&incorrect_msg, &sig), + Err(Error::InvalidIssueBundleSig) + ); + } + + #[test] + fn verify_fails_on_wrong_key() { + let isk: IssueAuthKey = IssueAuthKey::random(&mut OsRng); + let msg = [1u8; 32]; + let sig = isk.try_sign(&msg).unwrap(); + let incorrect_isk: IssueAuthKey = IssueAuthKey::random(&mut OsRng); + let incorrect_ik = IssueValidatingKey::from(&incorrect_isk); + assert_eq!( + incorrect_ik.verify(&msg, &sig), + Err(Error::InvalidIssueBundleSig) + ); + } + + #[test] + fn issuance_auth_sig_test_vectors() { + for tv in crate::test_vectors::issuance_auth_sig::TEST_VECTORS { + let isk = IssueAuthKey::::from_bytes(&tv.isk).unwrap(); + + let ik = IssueValidatingKey::from(&isk); + assert_eq!(ik.encode(), &tv.ik_encoding); + + let message = tv.msg; + + let sig = isk.try_sign(&message).unwrap(); + let sig_bytes = sig.encode(); + assert_eq!(sig_bytes, &tv.issue_auth_sig); + + assert!(ik.verify(&message, &sig).is_ok()); + } + } +} diff --git a/src/keys.rs b/src/keys.rs index 44482602d..01b2d1303 100644 --- a/src/keys.rs +++ b/src/keys.rs @@ -1,7 +1,7 @@ //! Key structures for Orchard. use alloc::vec::Vec; -use core::fmt::{Debug, Formatter}; +use core::fmt::Debug; use core2::io::{self, Read, Write}; use aes::Aes256; @@ -12,17 +12,8 @@ use group::{ prime::PrimeCurveAffine, Curve, GroupEncoding, }; -use k256::{ - schnorr, - schnorr::{ - signature::hazmat::{PrehashSigner, PrehashVerifier}, - Signature, VerifyingKey, - }, - NonZeroScalar, -}; use pasta_curves::{pallas, pallas::Scalar}; use rand::RngCore; -use rand_core::CryptoRngCore; use subtle::{Choice, ConditionallySelectable, ConstantTimeEq, CtOption}; use zcash_note_encryption::EphemeralKeyBytes; @@ -43,7 +34,6 @@ pub use ::zip32::{AccountId, ChildIndex, DiversifierIndex, Scope, hardened_only} const KDF_ORCHARD_PERSONALIZATION: &[u8; 16] = b"Zcash_OrchardKDF"; const ZIP32_PURPOSE: u32 = 32; -const ZIP32_PURPOSE_FOR_ISSUANCE: u32 = 227; /// A spending key, from which all key material is derived. /// @@ -239,120 +229,6 @@ fn check_structural_validity( } } -/// An issuance key, from which all key material is derived. -/// -/// $\mathsf{isk}$ as defined in [ZIP 227][issuancekeycomponents]. -/// -/// [issuancekeycomponents]: https://zips.z.cash/zip-0227#issuance-key-derivation -#[derive(Copy, Clone)] -pub struct IssuanceAuthorizingKey(NonZeroScalar); - -impl IssuanceAuthorizingKey { - /// Generates a random issuance key. - /// - /// This is only used when generating a random AssetBase. - /// Real issuance keys should be derived according to [ZIP 32]. - /// - /// [ZIP 32]: https://zips.z.cash/zip-0032 - pub(crate) fn random(rng: &mut impl CryptoRngCore) -> Self { - IssuanceAuthorizingKey(NonZeroScalar::random(rng)) - } - - /// Constructs an Orchard issuance key from uniformly-random bytes. - /// - /// Returns `None` if the bytes do not correspond to a valid Orchard issuance key. - pub fn from_bytes(isk_bytes: [u8; 32]) -> Option { - NonZeroScalar::try_from(&isk_bytes as &[u8]) - .ok() - .map(IssuanceAuthorizingKey) - } - - /// Returns the raw bytes of the issuance key. - pub fn to_bytes(&self) -> [u8; 32] { - self.0.to_bytes().into() - } - - /// Derives the Orchard-ZSA issuance key for the given seed, coin type, and account. - pub fn from_zip32_seed( - seed: &[u8], - coin_type: u32, - account: u32, - ) -> Result { - // Call zip32 logic - let path = &[ - ChildIndex::hardened(ZIP32_PURPOSE_FOR_ISSUANCE), - ChildIndex::hardened(coin_type), - ChildIndex::hardened(account), - ]; - - // we are reusing zip32 logic for deriving the key, zip32 should be updated as discussed - let &isk_bytes = ExtendedSpendingKey::::from_path(seed, path)? - .sk() - .to_bytes(); - - IssuanceAuthorizingKey::from_bytes(isk_bytes).ok_or(zip32::Error::InvalidSpendingKey) - } - - /// Sign the provided message using the `IssuanceAuthorizingKey`. - /// Only supports signing of messages of length 32 bytes, since we will only be using it to sign 32 byte SIGHASH values. - pub fn try_sign(&self, msg: &[u8; 32]) -> Result { - schnorr::SigningKey::from(self.0).sign_prehash(msg) - } -} - -impl Debug for IssuanceAuthorizingKey { - fn fmt(&self, f: &mut Formatter<'_>) -> core::fmt::Result { - f.debug_tuple("IssuanceAuthorizingKey") - .field(&self.0.to_bytes()) - .finish() - } -} - -/// A key used to validate issuance authorization signatures. -/// -/// Defined in [ZIP 227: Issuance of Zcash Shielded Assets § Issuance Key Generation][IssuanceZSA]. -/// -/// [IssuanceZSA]: https://zips.z.cash/zip-0227#issuance-key-derivation -#[derive(Debug, Clone)] -pub struct IssuanceValidatingKey(schnorr::VerifyingKey); - -impl From<&IssuanceAuthorizingKey> for IssuanceValidatingKey { - fn from(isk: &IssuanceAuthorizingKey) -> Self { - IssuanceValidatingKey(*schnorr::SigningKey::from(isk.0).verifying_key()) - } -} - -impl PartialEq for IssuanceValidatingKey { - fn eq(&self, other: &Self) -> bool { - self.to_bytes().eq(&other.to_bytes()) - } -} - -impl Eq for IssuanceValidatingKey {} - -impl IssuanceValidatingKey { - /// Converts this issuance validating key to its serialized form, - /// in big-endian order as defined in BIP 340. - pub fn to_bytes(&self) -> [u8; 32] { - self.0.to_bytes().into() - } - - /// Constructs an Orchard issuance validating key from the provided bytes. - /// The bytes are assumed to be encoded in big-endian order. - /// - /// Returns `None` if the bytes do not correspond to a valid key. - pub fn from_bytes(bytes: &[u8]) -> Option { - VerifyingKey::from_bytes(bytes) - .ok() - .map(IssuanceValidatingKey) - } - - /// Verifies a purported `signature` over `msg` made by this verification key. - pub fn verify(&self, msg: &[u8], signature: &Signature) -> Result<(), schnorr::Error> { - self.0.verify_prehash(msg, signature) - } -} - /// A key used to derive [`Nullifier`]s from [`Note`]s. /// /// $\mathsf{nk}$ as defined in [Zcash Protocol Spec § 4.2.3: Orchard Key Components][orchardkeycomponents]. @@ -1049,10 +925,7 @@ impl SharedSecret { #[cfg(any(test, feature = "test-dependencies"))] #[cfg_attr(docsrs, doc(cfg(feature = "test-dependencies")))] pub mod testing { - use super::{ - DiversifierIndex, DiversifierKey, EphemeralSecretKey, IssuanceAuthorizingKey, - IssuanceValidatingKey, SpendingKey, - }; + use super::{DiversifierIndex, DiversifierKey, EphemeralSecretKey, SpendingKey}; use proptest::prelude::*; prop_compose! { @@ -1069,20 +942,6 @@ pub mod testing { } } - prop_compose! { - /// Generate a uniformly distributed Orchard issuance master key. - pub fn arb_issuance_authorizing_key()( - key in prop::array::uniform32(prop::num::u8::ANY) - .prop_map(IssuanceAuthorizingKey::from_bytes) - .prop_filter( - "Values must correspond to valid Orchard-ZSA issuance keys.", - |opt| opt.is_some() - ) - ) -> IssuanceAuthorizingKey { - key.unwrap() - } - } - prop_compose! { /// Generate a uniformly distributed Orchard ephemeral secret key. pub fn arb_esk()( @@ -1114,26 +973,19 @@ pub mod testing { DiversifierIndex::from(d_bytes) } } - - prop_compose! { - /// Generate a uniformly distributed RedDSA issuance validating key. - pub fn arb_issuance_validating_key()(isk in arb_issuance_authorizing_key()) -> IssuanceValidatingKey { - IssuanceValidatingKey::from(&isk) - } - } } #[cfg(test)] mod tests { use ff::PrimeField; use proptest::prelude::*; - use rand::rngs::OsRng; use super::{ testing::{arb_diversifier_index, arb_diversifier_key, arb_esk, arb_spending_key}, *, }; use crate::{ + issuance_auth::{IssueAuthKey, IssueValidatingKey, ZSASchnorr}, note::{AssetBase, ExtractedNoteCommitment, RandomSeed, Rho}, value::NoteValue, Note, @@ -1155,21 +1007,6 @@ mod tests { )); } - #[test] - fn issuance_authorizing_key_from_bytes_fail_on_zero() { - // isk must not be the zero scalar. - let isk = IssuanceAuthorizingKey::from_bytes([0; 32]); - assert!(isk.is_none()); - } - - #[test] - fn issuance_authorizing_key_from_bytes_to_bytes_roundtrip() { - let isk = IssuanceAuthorizingKey::random(&mut OsRng); - let isk_bytes = isk.to_bytes(); - let isk_roundtrip = IssuanceAuthorizingKey::from_bytes(isk_bytes).unwrap(); - assert_eq!(isk_bytes, isk_roundtrip.to_bytes()); - } - proptest! { #[test] fn key_agreement( @@ -1207,13 +1044,13 @@ mod tests { let ask: SpendAuthorizingKey = (&sk).into(); assert_eq!(<[u8; 32]>::from(&ask.0), tv.ask); - let isk = IssuanceAuthorizingKey::from_bytes(tv.isk).unwrap(); + let isk = IssueAuthKey::::from_bytes(&tv.isk).unwrap(); let ak: SpendValidatingKey = (&ask).into(); assert_eq!(<[u8; 32]>::from(ak.0), tv.ak); - let ik: IssuanceValidatingKey = (&isk).into(); - assert_eq!(ik.to_bytes(), tv.ik); + let ik = IssueValidatingKey::from(&isk); + assert_eq!(&ik.encode(), &tv.ik_encoding); let nk: NullifierDerivingKey = (&sk).into(); assert_eq!(nk.0.to_repr(), tv.nk); @@ -1260,22 +1097,4 @@ mod tests { assert_eq!(internal_ovk.0, tv.internal_ovk); } } - - #[test] - fn issuance_auth_sig_test_vectors() { - for tv in crate::test_vectors::issuance_auth_sig::TEST_VECTORS { - let isk = IssuanceAuthorizingKey::from_bytes(tv.isk).unwrap(); - - let ik = IssuanceValidatingKey::from(&isk); - assert_eq!(ik.to_bytes(), tv.ik); - - let message = tv.msg; - - let signature = isk.try_sign(&message).unwrap(); - let sig_bytes: [u8; 64] = signature.to_bytes(); - assert_eq!(sig_bytes, tv.sig); - - assert!(ik.verify(&message, &signature).is_ok()); - } - } } diff --git a/src/lib.rs b/src/lib.rs index f6d8dff1c..70fb8d111 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -34,6 +34,7 @@ pub mod bundle; pub mod circuit; mod constants; pub mod issuance; +pub mod issuance_auth; pub mod keys; pub mod note; pub mod orchard_flavor; diff --git a/src/note/asset_base.rs b/src/note/asset_base.rs index 636dd56f8..df7293b18 100644 --- a/src/note/asset_base.rs +++ b/src/note/asset_base.rs @@ -1,3 +1,4 @@ +use alloc::vec::Vec; use blake2b_simd::{Hash as Blake2bHash, Params}; use core::cmp::Ordering; use core::hash::{Hash, Hasher}; @@ -8,12 +9,13 @@ use pasta_curves::{arithmetic::CurveExt, pallas}; use rand_core::CryptoRngCore; use subtle::{Choice, ConstantTimeEq, CtOption}; +use crate::issuance_auth::ZSASchnorr; use crate::{ constants::fixed_bases::{ NATIVE_ASSET_BASE_V_BYTES, VALUE_COMMITMENT_PERSONALIZATION, ZSA_ASSET_BASE_PERSONALIZATION, }, issuance::compute_asset_desc_hash, - keys::{IssuanceAuthorizingKey, IssuanceValidatingKey}, + issuance_auth::{IssueAuthKey, IssueValidatingKey}, }; /// Note type identifier. @@ -46,15 +48,31 @@ pub const ZSA_ASSET_DIGEST_PERSONALIZATION: &[u8; 16] = b"ZSA-Asset-Digest"; /// Defined in [ZIP-227: Issuance of Zcash Shielded Assets][assetdigest]. /// /// [assetdigest]: https://zips.z.cash/zip-0227.html#specification-asset-identifier-asset-digest-and-asset-base -pub fn asset_digest(encode_asset_id: [u8; 65]) -> Blake2bHash { +pub fn asset_digest(encode_asset_id: &[u8]) -> Blake2bHash { Params::new() .hash_length(64) .personal(ZSA_ASSET_DIGEST_PERSONALIZATION) .to_state() - .update(&encode_asset_id) + .update(encode_asset_id) .finalize() } +/// Encoding the Asset Identifier, as defined in [ZIP 227][assetidentifier]. +/// +/// [assetidentifier]: https://zips.z.cash/zip-0227.html#specification-asset-identifier-asset-digest-and-asset-base +pub fn encode_asset_id( + version: u8, + ik: &IssueValidatingKey, + asset_desc_hash: &[u8; 32], +) -> Vec { + let ik_encoding = ik.encode(); + let mut asset_id = Vec::with_capacity(1 + ik_encoding.len() + asset_desc_hash.len()); + asset_id.push(version); + asset_id.extend(ik_encoding); + asset_id.extend_from_slice(&asset_desc_hash[..]); + asset_id +} + impl AssetBase { /// Deserialize the AssetBase from a byte array. pub fn from_bytes(bytes: &[u8; 32]) -> CtOption { @@ -76,19 +94,12 @@ impl AssetBase { /// /// Panics if the derived AssetBase is the identity point. #[allow(non_snake_case)] - pub fn derive(ik: &IssuanceValidatingKey, asset_desc_hash: &[u8; 32]) -> Self { - let version_byte = [0x00]; + pub fn derive(ik: &IssueValidatingKey, asset_desc_hash: &[u8; 32]) -> Self { + let version_byte: u8 = 0x00; // EncodeAssetId(ik, asset_desc_hash) = version_byte || ik || asset_desc_hash - let encode_asset_id: [u8; 65] = { - let mut array = [0u8; 65]; - array[..1].copy_from_slice(&version_byte); - array[1..33].copy_from_slice(&ik.to_bytes()); - array[33..].copy_from_slice(asset_desc_hash); - array - }; - - let asset_digest = asset_digest(encode_asset_id); + let asset_id = encode_asset_id(version_byte, ik, asset_desc_hash); + let asset_digest = asset_digest(&asset_id); let asset_base = pallas::Point::hash_to_curve(ZSA_ASSET_BASE_PERSONALIZATION)(asset_digest.as_bytes()); @@ -124,8 +135,8 @@ impl AssetBase { /// /// This is only used in tests. pub(crate) fn random(rng: &mut impl CryptoRngCore) -> Self { - let isk = IssuanceAuthorizingKey::random(rng); - let ik = IssuanceValidatingKey::from(&isk); + let isk = IssueAuthKey::::random(rng); + let ik = IssueValidatingKey::from(&isk); AssetBase::derive( &ik, &compute_asset_desc_hash(&NonEmpty::from_slice(b"zsa_asset").unwrap()), @@ -154,7 +165,7 @@ pub mod testing { use proptest::prelude::*; - use crate::keys::{testing::arb_issuance_authorizing_key, IssuanceValidatingKey}; + use crate::issuance_auth::{testing::arb_issuance_authorizing_key, IssueValidatingKey}; prop_compose! { /// Generate a uniformly distributed note type @@ -166,7 +177,7 @@ pub mod testing { if is_native { AssetBase::native() } else { - AssetBase::derive(&IssuanceValidatingKey::from(&isk), &asset_desc_hash) + AssetBase::derive(&IssueValidatingKey::from(&isk), &asset_desc_hash) } } } @@ -177,7 +188,7 @@ pub mod testing { isk in arb_issuance_authorizing_key(), asset_desc_hash in any::<[u8; 32]>(), ) -> AssetBase { - AssetBase::derive(&IssuanceValidatingKey::from(&isk), &asset_desc_hash) + AssetBase::derive(&IssueValidatingKey::from(&isk), &asset_desc_hash) } } @@ -186,9 +197,17 @@ pub mod testing { pub fn zsa_asset_base(asset_desc_hash: [u8; 32])( isk in arb_issuance_authorizing_key(), ) -> AssetBase { - AssetBase::derive(&IssuanceValidatingKey::from(&isk), &asset_desc_hash) + AssetBase::derive(&IssueValidatingKey::from(&isk), &asset_desc_hash) } } +} + +#[cfg(test)] +mod tests { + use crate::{ + issuance_auth::{IssueValidatingKey, ZSASchnorr}, + note::AssetBase, + }; #[test] fn test_vectors() { @@ -199,7 +218,7 @@ pub mod testing { &nonempty::NonEmpty::from_slice(&tv.description).unwrap(), ); let calculated_asset_base = AssetBase::derive( - &IssuanceValidatingKey::from_bytes(&tv.key).unwrap(), + &IssueValidatingKey::::decode(&tv.key).unwrap(), &asset_desc_hash, ); let test_vector_asset_base = AssetBase::from_bytes(&tv.asset_base).unwrap(); diff --git a/src/pczt.rs b/src/pczt.rs index 4b07a5234..93e8ed725 100644 --- a/src/pczt.rs +++ b/src/pczt.rs @@ -16,8 +16,10 @@ use crate::{ note::{ AssetBase, ExtractedNoteCommitment, Nullifier, RandomSeed, Rho, TransmittedNoteCiphertext, }, - primitives::redpallas::{self, Binding, SpendAuth}, - primitives::OrchardPrimitives, + primitives::{ + redpallas::{self, Binding, SpendAuth}, + OrchardPrimitives, + }, tree::MerklePath, value::{NoteValue, ValueCommitTrapdoor, ValueCommitment, ValueSum}, Address, Anchor, Proof, diff --git a/src/pczt/tx_extractor.rs b/src/pczt/tx_extractor.rs index 483348f17..4de78e750 100644 --- a/src/pczt/tx_extractor.rs +++ b/src/pczt/tx_extractor.rs @@ -4,8 +4,10 @@ use rand::{CryptoRng, RngCore}; use super::Action; use crate::{ bundle::{Authorization, Authorized, EffectsOnly}, - primitives::redpallas::{self, Binding, SpendAuth}, - primitives::OrchardPrimitives, + primitives::{ + redpallas::{self, Binding, SpendAuth}, + OrchardPrimitives, + }, Proof, }; diff --git a/src/test_vectors/asset_base.rs b/src/test_vectors/asset_base.rs index 2aed92c25..6366c59c4 100644 --- a/src/test_vectors/asset_base.rs +++ b/src/test_vectors/asset_base.rs @@ -1,7 +1,7 @@ // From https://github.com/zcash-hackworks/zcash-test-vectors/blob/master/orchard_zsa_asset_base.py pub(crate) struct TestVector { - pub(crate) key: [u8; 32], + pub(crate) key: [u8; 33], pub(crate) description: [u8; 512], pub(crate) asset_base: [u8; 32], } @@ -9,9 +9,9 @@ pub(crate) struct TestVector { pub(crate) const TEST_VECTORS: &[TestVector] = &[ TestVector { key: [ - 0x4b, 0xec, 0xe1, 0xff, 0x00, 0xe2, 0xed, 0x77, 0x64, 0xae, 0x6b, 0xe2, 0x0d, 0x2f, - 0x67, 0x22, 0x04, 0xfc, 0x86, 0xcc, 0xed, 0xd6, 0xfc, 0x1f, 0x71, 0xdf, 0x02, 0xc7, - 0x51, 0x6d, 0x9f, 0x31, + 0x00, 0x4b, 0xec, 0xe1, 0xff, 0x00, 0xe2, 0xed, 0x77, 0x64, 0xae, 0x6b, 0xe2, 0x0d, + 0x2f, 0x67, 0x22, 0x04, 0xfc, 0x86, 0xcc, 0xed, 0xd6, 0xfc, 0x1f, 0x71, 0xdf, 0x02, + 0xc7, 0x51, 0x6d, 0x9f, 0x31, ], description: [ 0xc2, 0xb9, 0xc3, 0x8b, 0xe1, 0x9a, 0xa4, 0xe1, 0x9b, 0x99, 0xc3, 0xbc, 0xc4, 0xad, @@ -53,16 +53,16 @@ pub(crate) const TEST_VECTORS: &[TestVector] = &[ 0x8b, 0xe2, 0xb1, 0xb4, 0xc3, 0x85, 0xc8, 0xbe, ], asset_base: [ - 0x7e, 0x46, 0xc7, 0x8d, 0xdc, 0xba, 0x48, 0x8b, 0x25, 0x91, 0xff, 0xc9, 0x35, 0x43, - 0x7e, 0x57, 0x33, 0xd7, 0xc4, 0xea, 0x10, 0x0e, 0x22, 0xca, 0x32, 0x2a, 0x7d, 0x23, - 0x1b, 0xaf, 0xc9, 0x00, + 0x83, 0x4c, 0x06, 0x47, 0x00, 0xdc, 0xee, 0xd1, 0x4d, 0xbb, 0xf7, 0x78, 0x8c, 0x6e, + 0xd2, 0x5e, 0xcd, 0x24, 0x86, 0xed, 0xc9, 0xff, 0xe0, 0xf0, 0x6a, 0x89, 0x3b, 0x20, + 0xe0, 0x0b, 0x88, 0x80, ], }, TestVector { key: [ - 0xd5, 0x9a, 0x54, 0xb2, 0x87, 0x10, 0x58, 0xe8, 0xdf, 0x0e, 0x8d, 0xb3, 0x15, 0x6f, - 0xb5, 0x60, 0xd9, 0x8d, 0xa4, 0xdb, 0x99, 0x04, 0x2c, 0xe9, 0x85, 0x2f, 0x4b, 0x08, - 0xb1, 0xf4, 0x9f, 0xaa, + 0x00, 0xd5, 0x9a, 0x54, 0xb2, 0x87, 0x10, 0x58, 0xe8, 0xdf, 0x0e, 0x8d, 0xb3, 0x15, + 0x6f, 0xb5, 0x60, 0xd9, 0x8d, 0xa4, 0xdb, 0x99, 0x04, 0x2c, 0xe9, 0x85, 0x2f, 0x4b, + 0x08, 0xb1, 0xf4, 0x9f, 0xaa, ], description: [ 0xe1, 0x9b, 0x93, 0xc6, 0xab, 0xe1, 0x9b, 0x88, 0xc2, 0xb5, 0x24, 0xc6, 0x85, 0xe2, @@ -104,16 +104,16 @@ pub(crate) const TEST_VECTORS: &[TestVector] = &[ 0x9e, 0xe1, 0x9b, 0x90, 0x4d, 0x70, 0xc8, 0xaf, ], asset_base: [ - 0xd7, 0xb2, 0xe4, 0x87, 0x84, 0x75, 0xf5, 0x3c, 0xf8, 0x91, 0x9b, 0x5b, 0x91, 0x0e, - 0x92, 0xe5, 0xb6, 0xb4, 0x23, 0x73, 0xf6, 0x2f, 0x3b, 0x1a, 0x4e, 0x20, 0xbf, 0x07, - 0x22, 0x9a, 0xdf, 0x99, + 0x4c, 0xb3, 0xb0, 0x4f, 0xb3, 0x8a, 0xc5, 0xe8, 0xa3, 0x2b, 0xcb, 0x0e, 0x99, 0xee, + 0xe8, 0xa2, 0x6c, 0x34, 0x22, 0x7f, 0x4a, 0x35, 0xad, 0xeb, 0x91, 0x14, 0xc6, 0x74, + 0x24, 0xdc, 0x1a, 0xac, ], }, TestVector { key: [ - 0x85, 0xbc, 0x7d, 0x64, 0xbe, 0x0d, 0xef, 0xc4, 0x77, 0xeb, 0x05, 0xe7, 0x95, 0xf7, - 0x69, 0x57, 0x62, 0x80, 0x02, 0x61, 0x62, 0x5a, 0x7b, 0x71, 0xa1, 0x4d, 0x18, 0xf0, - 0xef, 0x1f, 0x01, 0xb0, + 0x00, 0x85, 0xbc, 0x7d, 0x64, 0xbe, 0x0d, 0xef, 0xc4, 0x77, 0xeb, 0x05, 0xe7, 0x95, + 0xf7, 0x69, 0x57, 0x62, 0x80, 0x02, 0x61, 0x62, 0x5a, 0x7b, 0x71, 0xa1, 0x4d, 0x18, + 0xf0, 0xef, 0x1f, 0x01, 0xb0, ], description: [ 0xc7, 0x96, 0xcd, 0xb7, 0xc3, 0x9b, 0xc7, 0x8d, 0xc4, 0x92, 0x7b, 0xcd, 0xb4, 0x34, @@ -155,16 +155,16 @@ pub(crate) const TEST_VECTORS: &[TestVector] = &[ 0xc5, 0x80, 0xc3, 0xa5, 0xe1, 0x9b, 0x83, 0x5a, ], asset_base: [ - 0xa9, 0xd3, 0x61, 0x55, 0x2c, 0xe0, 0x29, 0x7b, 0x79, 0x10, 0x1c, 0xd0, 0x7e, 0xb7, - 0xf9, 0x6c, 0xbc, 0x01, 0x3f, 0xfa, 0x7d, 0xb0, 0xe2, 0x23, 0xe1, 0xb7, 0xdf, 0xb1, - 0x22, 0xe2, 0x8a, 0xb2, + 0xbb, 0x33, 0xa1, 0xb8, 0x55, 0xeb, 0x00, 0x50, 0xad, 0x02, 0xf5, 0x4b, 0xf2, 0xea, + 0x9b, 0xb2, 0x65, 0xea, 0x05, 0xd7, 0x82, 0x1d, 0x15, 0x15, 0x47, 0xe8, 0xb1, 0xa2, + 0xfc, 0x60, 0xab, 0xa1, ], }, TestVector { key: [ - 0xd7, 0x5a, 0xf5, 0x78, 0x2a, 0x5c, 0x72, 0x16, 0x38, 0xf7, 0x59, 0x32, 0x91, 0x11, - 0x49, 0x93, 0x24, 0x05, 0x3a, 0x5d, 0x1e, 0x1b, 0x2a, 0x4a, 0xb3, 0xcd, 0xf7, 0xf8, - 0x24, 0x12, 0xff, 0x42, + 0x00, 0xd7, 0x5a, 0xf5, 0x78, 0x2a, 0x5c, 0x72, 0x16, 0x38, 0xf7, 0x59, 0x32, 0x91, + 0x11, 0x49, 0x93, 0x24, 0x05, 0x3a, 0x5d, 0x1e, 0x1b, 0x2a, 0x4a, 0xb3, 0xcd, 0xf7, + 0xf8, 0x24, 0x12, 0xff, 0x42, ], description: [ 0xc3, 0xa1, 0xc7, 0xa6, 0xc4, 0xa7, 0xc5, 0xa9, 0x37, 0xc4, 0x87, 0xc7, 0xb0, 0xe1, @@ -206,16 +206,16 @@ pub(crate) const TEST_VECTORS: &[TestVector] = &[ 0xc7, 0xab, 0xc7, 0xab, 0xe2, 0xb1, 0xbb, 0x48, ], asset_base: [ - 0x01, 0x0d, 0xf0, 0x33, 0xb2, 0x76, 0xd3, 0x3c, 0x42, 0x7c, 0xa1, 0x9e, 0xae, 0x6c, - 0x57, 0xd9, 0x35, 0x78, 0x16, 0xb9, 0xc4, 0xb7, 0x52, 0xc5, 0xff, 0x8f, 0x5e, 0xa7, - 0x0b, 0x23, 0xc1, 0x8e, + 0xd7, 0x44, 0x64, 0x97, 0x40, 0x53, 0x5f, 0x38, 0xd1, 0x6e, 0x8b, 0xd6, 0x18, 0x87, + 0x02, 0xe3, 0x65, 0xa9, 0x7c, 0x18, 0x94, 0x76, 0xb4, 0xf1, 0x51, 0x00, 0x99, 0xd5, + 0xf5, 0xf8, 0x7a, 0x14, ], }, TestVector { key: [ - 0x1b, 0x39, 0xca, 0x34, 0x32, 0x36, 0xdf, 0xab, 0x88, 0xfe, 0x78, 0x12, 0x10, 0xe1, - 0xe8, 0x79, 0x29, 0x3b, 0xe0, 0xf4, 0xc5, 0x1c, 0x86, 0xfd, 0x8a, 0x6f, 0xff, 0xdb, - 0xb4, 0xad, 0x26, 0x73, + 0x00, 0x1b, 0x39, 0xca, 0x34, 0x32, 0x36, 0xdf, 0xab, 0x88, 0xfe, 0x78, 0x12, 0x10, + 0xe1, 0xe8, 0x79, 0x29, 0x3b, 0xe0, 0xf4, 0xc5, 0x1c, 0x86, 0xfd, 0x8a, 0x6f, 0xff, + 0xdb, 0xb4, 0xad, 0x26, 0x73, ], description: [ 0xe1, 0x9b, 0xa7, 0xe2, 0xb1, 0xa5, 0xc2, 0xba, 0xc6, 0x8c, 0xc3, 0x81, 0xc6, 0x82, @@ -257,16 +257,16 @@ pub(crate) const TEST_VECTORS: &[TestVector] = &[ 0xe1, 0x9b, 0x88, 0x61, 0xc6, 0xa9, 0xc4, 0xa2, ], asset_base: [ - 0xa3, 0xd7, 0x7d, 0xcd, 0xb9, 0xa7, 0xa1, 0x5a, 0x78, 0x08, 0x8c, 0xff, 0xec, 0x67, - 0x85, 0xf8, 0x26, 0x84, 0x75, 0x7c, 0x98, 0x89, 0x3d, 0x52, 0xf9, 0x3c, 0xd8, 0x09, - 0x49, 0x0f, 0x8a, 0x0e, + 0x78, 0x27, 0x9e, 0x01, 0x0c, 0x1b, 0xc4, 0x7f, 0x0f, 0x78, 0x7b, 0x42, 0x14, 0x72, + 0xfb, 0x83, 0x85, 0x94, 0xd9, 0xf7, 0xe5, 0x6e, 0xb3, 0xcc, 0x02, 0xd5, 0x9c, 0xa7, + 0xfb, 0xb8, 0x1f, 0x35, ], }, TestVector { key: [ - 0x56, 0x6e, 0x78, 0x1a, 0xc9, 0x8e, 0x99, 0x13, 0x08, 0x98, 0x1b, 0x7c, 0xdc, 0x73, - 0x7c, 0x66, 0x78, 0x5b, 0xe5, 0x31, 0xe2, 0x0a, 0xef, 0x77, 0x7a, 0xac, 0xe0, 0x6d, - 0x38, 0xfa, 0x02, 0x6b, + 0x00, 0x56, 0x6e, 0x78, 0x1a, 0xc9, 0x8e, 0x99, 0x13, 0x08, 0x98, 0x1b, 0x7c, 0xdc, + 0x73, 0x7c, 0x66, 0x78, 0x5b, 0xe5, 0x31, 0xe2, 0x0a, 0xef, 0x77, 0x7a, 0xac, 0xe0, + 0x6d, 0x38, 0xfa, 0x02, 0x6b, ], description: [ 0xc6, 0xa4, 0xc7, 0xae, 0xe1, 0x9a, 0xa6, 0xc8, 0x91, 0xc2, 0xb5, 0xc8, 0xaa, 0xc3, @@ -308,16 +308,16 @@ pub(crate) const TEST_VECTORS: &[TestVector] = &[ 0x85, 0xc6, 0xa9, 0xc7, 0xac, 0xc7, 0x9f, 0x5a, ], asset_base: [ - 0xd3, 0xd8, 0x13, 0xbb, 0xa4, 0x40, 0xb5, 0xff, 0xeb, 0x1c, 0xdd, 0x67, 0x03, 0xc7, - 0xf3, 0x45, 0xa5, 0x79, 0xc1, 0x34, 0x7c, 0xcd, 0xb5, 0x15, 0x2e, 0x89, 0x0f, 0x49, - 0x52, 0x61, 0xd4, 0x90, + 0xca, 0xf1, 0x15, 0xdf, 0xa8, 0xf1, 0x29, 0xc9, 0x80, 0xb6, 0x3e, 0xce, 0x94, 0x87, + 0x0b, 0x6a, 0x61, 0xed, 0x8f, 0x16, 0x9b, 0x4d, 0x6b, 0x1b, 0xca, 0xd6, 0x8a, 0x1d, + 0x01, 0x3c, 0x1f, 0x33, ], }, TestVector { key: [ - 0x86, 0xcc, 0x5e, 0x4f, 0xea, 0x9b, 0x7c, 0x1d, 0x0e, 0x1f, 0xa8, 0xb6, 0xa8, 0xf2, - 0x31, 0xb4, 0x56, 0x2e, 0x53, 0x89, 0xe9, 0xe7, 0x92, 0x16, 0x57, 0x67, 0x96, 0xce, - 0x3a, 0x49, 0x40, 0x6b, + 0x00, 0x86, 0xcc, 0x5e, 0x4f, 0xea, 0x9b, 0x7c, 0x1d, 0x0e, 0x1f, 0xa8, 0xb6, 0xa8, + 0xf2, 0x31, 0xb4, 0x56, 0x2e, 0x53, 0x89, 0xe9, 0xe7, 0x92, 0x16, 0x57, 0x67, 0x96, + 0xce, 0x3a, 0x49, 0x40, 0x6b, ], description: [ 0xc2, 0xa1, 0xc4, 0x8e, 0xc3, 0x9f, 0xc5, 0xbb, 0x74, 0xc4, 0x82, 0xc5, 0xbb, 0x7d, @@ -359,16 +359,16 @@ pub(crate) const TEST_VECTORS: &[TestVector] = &[ 0xcd, 0xb4, 0xc7, 0x9a, 0x3f, 0xc4, 0x85, 0x5a, ], asset_base: [ - 0x98, 0x40, 0xad, 0x9e, 0x83, 0xd6, 0xb0, 0xe1, 0xe9, 0x5b, 0x71, 0xe9, 0x01, 0x84, - 0x06, 0xea, 0x41, 0x07, 0x90, 0xfb, 0x90, 0x17, 0x38, 0xac, 0x91, 0x26, 0xe8, 0x16, - 0xf8, 0x26, 0x42, 0xb8, + 0x7d, 0x4e, 0xcd, 0xc4, 0x98, 0xd8, 0x41, 0xf6, 0x6a, 0x3e, 0xbd, 0xf4, 0xdb, 0x73, + 0x0f, 0x96, 0x7b, 0x50, 0x84, 0xc4, 0x16, 0xeb, 0x52, 0x14, 0xc7, 0xeb, 0x3a, 0xfc, + 0xea, 0x8a, 0x15, 0x22, ], }, TestVector { key: [ - 0x43, 0x39, 0xfd, 0x2a, 0x6c, 0x66, 0x30, 0x2e, 0x31, 0x8e, 0x18, 0x41, 0xf7, 0xe6, - 0x36, 0xb7, 0x76, 0x58, 0xda, 0xfc, 0x9c, 0x8e, 0x96, 0x45, 0xc9, 0x46, 0xe9, 0x5e, - 0x56, 0x9c, 0x3c, 0x45, + 0x00, 0x43, 0x39, 0xfd, 0x2a, 0x6c, 0x66, 0x30, 0x2e, 0x31, 0x8e, 0x18, 0x41, 0xf7, + 0xe6, 0x36, 0xb7, 0x76, 0x58, 0xda, 0xfc, 0x9c, 0x8e, 0x96, 0x45, 0xc9, 0x46, 0xe9, + 0x5e, 0x56, 0x9c, 0x3c, 0x45, ], description: [ 0xc9, 0x80, 0xc4, 0x80, 0xe1, 0x9a, 0xb0, 0xc4, 0xa3, 0xc6, 0x8e, 0xc5, 0xb2, 0xc6, @@ -410,16 +410,16 @@ pub(crate) const TEST_VECTORS: &[TestVector] = &[ 0xc3, 0xa7, 0x5c, 0xe1, 0x9b, 0x97, 0x47, 0x5a, ], asset_base: [ - 0xe8, 0x86, 0xd9, 0x58, 0x68, 0xa3, 0x37, 0x06, 0x45, 0xd3, 0x31, 0xb1, 0x0a, 0xcf, - 0x65, 0x20, 0x52, 0xf8, 0x82, 0x21, 0x94, 0x95, 0xd7, 0x9b, 0x76, 0x73, 0xb1, 0xb7, - 0xdd, 0x1b, 0x92, 0xaa, + 0x26, 0xec, 0x70, 0x8a, 0x9f, 0x89, 0x4e, 0xb4, 0x0f, 0xac, 0xe0, 0x84, 0xba, 0xfd, + 0xb3, 0x62, 0x2b, 0xcc, 0x30, 0xb0, 0x6b, 0x40, 0x08, 0x97, 0x50, 0xc2, 0x7a, 0x91, + 0xf3, 0x86, 0x23, 0x3a, ], }, TestVector { key: [ - 0x46, 0x2e, 0xe2, 0x38, 0x00, 0xc2, 0x1e, 0x2b, 0xbd, 0x90, 0x2b, 0xf7, 0x2f, 0x60, - 0xe1, 0xab, 0x08, 0x26, 0xd3, 0x68, 0x0c, 0x6f, 0xd0, 0xa2, 0x6f, 0x87, 0xdb, 0xac, - 0xd0, 0xd7, 0x6c, 0xa0, + 0x00, 0x46, 0x2e, 0xe2, 0x38, 0x00, 0xc2, 0x1e, 0x2b, 0xbd, 0x90, 0x2b, 0xf7, 0x2f, + 0x60, 0xe1, 0xab, 0x08, 0x26, 0xd3, 0x68, 0x0c, 0x6f, 0xd0, 0xa2, 0x6f, 0x87, 0xdb, + 0xac, 0xd0, 0xd7, 0x6c, 0xa0, ], description: [ 0xc6, 0x96, 0x5e, 0x38, 0xc5, 0xa9, 0x73, 0x21, 0xc9, 0x88, 0xcd, 0xb7, 0xc3, 0xba, @@ -461,16 +461,16 @@ pub(crate) const TEST_VECTORS: &[TestVector] = &[ 0xc3, 0xbd, 0xc3, 0xb2, 0xc8, 0x9a, 0xc8, 0x9f, ], asset_base: [ - 0x9b, 0x83, 0xfb, 0x05, 0xd3, 0x83, 0x37, 0x66, 0xcb, 0xee, 0xf1, 0xde, 0xee, 0xcb, - 0x30, 0x77, 0x76, 0x16, 0x1a, 0x24, 0xa2, 0x64, 0x15, 0x44, 0x9a, 0x63, 0xe7, 0x61, - 0x17, 0xdf, 0x9e, 0x94, + 0x6e, 0xbf, 0x7e, 0x3f, 0x99, 0x42, 0x25, 0x9e, 0x0f, 0x5f, 0x01, 0xb9, 0x7a, 0xda, + 0x67, 0xab, 0x96, 0x9b, 0x3a, 0xe5, 0x92, 0x8b, 0x62, 0x87, 0xad, 0xf9, 0xc8, 0xa6, + 0x53, 0xa2, 0x4d, 0xb4, ], }, TestVector { key: [ - 0x9e, 0x94, 0xc3, 0xbb, 0x8a, 0xb5, 0x31, 0x98, 0xd3, 0x9e, 0xf1, 0xb4, 0x05, 0xd1, - 0x75, 0x39, 0x20, 0x6f, 0x1b, 0x9f, 0x8e, 0xe9, 0xbc, 0x62, 0x58, 0xb5, 0xfe, 0xf5, - 0xb3, 0x0a, 0xb9, 0x4d, + 0x00, 0x9e, 0x94, 0xc3, 0xbb, 0x8a, 0xb5, 0x31, 0x98, 0xd3, 0x9e, 0xf1, 0xb4, 0x05, + 0xd1, 0x75, 0x39, 0x20, 0x6f, 0x1b, 0x9f, 0x8e, 0xe9, 0xbc, 0x62, 0x58, 0xb5, 0xfe, + 0xf5, 0xb3, 0x0a, 0xb9, 0x4d, ], description: [ 0x76, 0xe1, 0x9b, 0xa3, 0xc5, 0x8f, 0xc3, 0x95, 0xc6, 0xa6, 0x65, 0xc3, 0x9f, 0xc7, @@ -512,16 +512,16 @@ pub(crate) const TEST_VECTORS: &[TestVector] = &[ 0xbc, 0xc6, 0xaf, 0xc2, 0xac, 0xc9, 0x89, 0x5a, ], asset_base: [ - 0xf4, 0x50, 0x63, 0x88, 0xca, 0xcb, 0xd0, 0xe5, 0x22, 0xf5, 0x19, 0xe0, 0x0b, 0x2a, - 0x6c, 0xcc, 0x9a, 0xf4, 0x38, 0x87, 0x17, 0x71, 0xb4, 0xc2, 0xb9, 0x06, 0x92, 0x3b, - 0x32, 0xf5, 0x5b, 0xa2, + 0xaa, 0x76, 0x2e, 0x0b, 0xc9, 0xf2, 0x3b, 0x50, 0xfe, 0x68, 0x45, 0x16, 0xb3, 0xcf, + 0x00, 0x25, 0x45, 0x94, 0xc5, 0x2a, 0x5e, 0x3b, 0x3c, 0x8b, 0x88, 0xed, 0x83, 0xe1, + 0x8d, 0x03, 0x41, 0xa9, ], }, TestVector { key: [ - 0xb2, 0xa8, 0xb7, 0x91, 0x5b, 0x37, 0x72, 0x5a, 0xd1, 0xcf, 0x5d, 0xc6, 0xeb, 0x4c, - 0xd0, 0x9a, 0xf4, 0xe1, 0x87, 0xf8, 0xcf, 0x27, 0x37, 0xed, 0x33, 0x7c, 0x77, 0x6e, - 0x93, 0xe2, 0xa0, 0x89, + 0x00, 0xb2, 0xa8, 0xb7, 0x91, 0x5b, 0x37, 0x72, 0x5a, 0xd1, 0xcf, 0x5d, 0xc6, 0xeb, + 0x4c, 0xd0, 0x9a, 0xf4, 0xe1, 0x87, 0xf8, 0xcf, 0x27, 0x37, 0xed, 0x33, 0x7c, 0x77, + 0x6e, 0x93, 0xe2, 0xa0, 0x89, ], description: [ 0xe1, 0x9a, 0xa7, 0x70, 0xc6, 0xa8, 0xe1, 0x9b, 0x9a, 0xe1, 0x9b, 0xa2, 0xc5, 0xad, @@ -563,16 +563,16 @@ pub(crate) const TEST_VECTORS: &[TestVector] = &[ 0xc4, 0x94, 0xc5, 0x80, 0xc8, 0x96, 0xc6, 0xb3, ], asset_base: [ - 0x5a, 0x04, 0x3d, 0x99, 0x0d, 0xb1, 0x1b, 0x51, 0x60, 0x67, 0x24, 0xe2, 0xdf, 0x9e, - 0x5b, 0xf3, 0xe6, 0x6a, 0xef, 0x7a, 0x89, 0xee, 0xb6, 0x01, 0x0b, 0xfc, 0x35, 0x76, - 0xb8, 0xc9, 0x84, 0x3d, + 0x85, 0x8e, 0xf9, 0x01, 0x47, 0x6e, 0x97, 0x36, 0xff, 0x2d, 0xc8, 0x42, 0x6c, 0x6f, + 0xdd, 0x8a, 0xe7, 0x53, 0x4e, 0xd5, 0xd1, 0x1c, 0xc5, 0x67, 0xd6, 0xf9, 0x4c, 0xe7, + 0x66, 0xec, 0x68, 0xb0, ], }, TestVector { key: [ - 0xe6, 0xdf, 0x3e, 0xbc, 0x84, 0x4c, 0x0c, 0x39, 0xcb, 0x25, 0xac, 0x91, 0xd6, 0xc1, - 0xd9, 0x20, 0x0f, 0x18, 0xfa, 0x7e, 0x8c, 0x93, 0x4c, 0x4d, 0x0c, 0x30, 0x9d, 0x79, - 0xb0, 0x4a, 0xb4, 0x43, + 0x00, 0xe6, 0xdf, 0x3e, 0xbc, 0x84, 0x4c, 0x0c, 0x39, 0xcb, 0x25, 0xac, 0x91, 0xd6, + 0xc1, 0xd9, 0x20, 0x0f, 0x18, 0xfa, 0x7e, 0x8c, 0x93, 0x4c, 0x4d, 0x0c, 0x30, 0x9d, + 0x79, 0xb0, 0x4a, 0xb4, 0x43, ], description: [ 0xe1, 0x9a, 0xa5, 0xc4, 0x80, 0xc3, 0x85, 0xc5, 0xa4, 0xc5, 0xbb, 0xc7, 0xbf, 0x34, @@ -614,16 +614,16 @@ pub(crate) const TEST_VECTORS: &[TestVector] = &[ 0xb2, 0xc6, 0xb9, 0xc3, 0xb5, 0x74, 0xc2, 0xb3, ], asset_base: [ - 0x10, 0xa8, 0xbf, 0xf0, 0xed, 0x13, 0xb3, 0xc9, 0x10, 0x26, 0x17, 0xb2, 0x7c, 0xe8, - 0x51, 0x76, 0x2b, 0x0b, 0xa0, 0xb0, 0x92, 0x4f, 0xc2, 0x02, 0xae, 0x17, 0x95, 0x7f, - 0x27, 0xc8, 0xc6, 0x99, + 0x8f, 0xf5, 0x4f, 0x73, 0x34, 0xb8, 0x9a, 0x41, 0x5a, 0xcf, 0xad, 0x33, 0x91, 0xc0, + 0x29, 0x12, 0x1b, 0xea, 0x90, 0xb9, 0x55, 0x08, 0x9b, 0x00, 0x97, 0xe1, 0x09, 0xbb, + 0xd0, 0x77, 0x69, 0x11, ], }, TestVector { key: [ - 0xdb, 0x1f, 0x0a, 0x56, 0x5c, 0x8c, 0x06, 0xa6, 0x3d, 0x4f, 0x75, 0x92, 0x62, 0x55, - 0xf4, 0xfa, 0x3c, 0x76, 0x44, 0x23, 0xc0, 0x49, 0x55, 0x02, 0x4e, 0xa0, 0x3b, 0xba, - 0x63, 0x63, 0x6c, 0x55, + 0x00, 0xdb, 0x1f, 0x0a, 0x56, 0x5c, 0x8c, 0x06, 0xa6, 0x3d, 0x4f, 0x75, 0x92, 0x62, + 0x55, 0xf4, 0xfa, 0x3c, 0x76, 0x44, 0x23, 0xc0, 0x49, 0x55, 0x02, 0x4e, 0xa0, 0x3b, + 0xba, 0x63, 0x63, 0x6c, 0x55, ], description: [ 0xc6, 0xa7, 0xe1, 0x9b, 0x8e, 0xc6, 0x8d, 0xc6, 0x88, 0xc2, 0xa3, 0xc4, 0xbe, 0xc6, @@ -665,16 +665,16 @@ pub(crate) const TEST_VECTORS: &[TestVector] = &[ 0xcd, 0xbc, 0xe1, 0x9a, 0xbc, 0xe2, 0xb1, 0xa8, ], asset_base: [ - 0xec, 0x69, 0x43, 0x25, 0xaf, 0x69, 0x09, 0x19, 0x89, 0x0c, 0x98, 0xf2, 0x1e, 0x68, - 0x0f, 0x6f, 0xce, 0x19, 0x3e, 0x83, 0x20, 0x86, 0xe3, 0xe3, 0x75, 0xc4, 0x2a, 0x31, - 0xbd, 0x8d, 0x4d, 0xb7, + 0x21, 0xde, 0x1c, 0xdd, 0x66, 0x54, 0xd4, 0x5a, 0xc5, 0x57, 0x7b, 0x81, 0x6f, 0x29, + 0x8f, 0x78, 0x88, 0x59, 0x9d, 0xbb, 0xa5, 0xa5, 0xd5, 0x31, 0xe9, 0x85, 0x1a, 0x13, + 0x91, 0xbd, 0x60, 0x0b, ], }, TestVector { key: [ - 0x98, 0x9f, 0xc7, 0x01, 0x45, 0xd2, 0xfb, 0xb4, 0xd2, 0xe2, 0x79, 0xe5, 0xf9, 0x5d, - 0x72, 0x9f, 0x6a, 0xf4, 0xe9, 0x83, 0x28, 0x53, 0xf5, 0x97, 0xaf, 0x2f, 0xfb, 0xfb, - 0x88, 0xa6, 0x6e, 0xba, + 0x00, 0x98, 0x9f, 0xc7, 0x01, 0x45, 0xd2, 0xfb, 0xb4, 0xd2, 0xe2, 0x79, 0xe5, 0xf9, + 0x5d, 0x72, 0x9f, 0x6a, 0xf4, 0xe9, 0x83, 0x28, 0x53, 0xf5, 0x97, 0xaf, 0x2f, 0xfb, + 0xfb, 0x88, 0xa6, 0x6e, 0xba, ], description: [ 0xce, 0x8a, 0xc7, 0xb5, 0xc7, 0xbd, 0xc2, 0xae, 0x66, 0xc6, 0xbd, 0xc8, 0xa0, 0xc7, @@ -716,16 +716,16 @@ pub(crate) const TEST_VECTORS: &[TestVector] = &[ 0x87, 0xe2, 0xb1, 0xbd, 0xc8, 0x8f, 0xc9, 0x8c, ], asset_base: [ - 0x00, 0xd1, 0x7f, 0x46, 0x6a, 0x46, 0x7a, 0x61, 0x3b, 0x6e, 0xe2, 0x24, 0x85, 0xe3, - 0xa8, 0x9c, 0x86, 0xcc, 0x8d, 0x1a, 0xf3, 0x7b, 0xdb, 0x5b, 0x01, 0xa0, 0x9f, 0x6b, - 0x13, 0xfc, 0x74, 0x85, + 0x97, 0x57, 0x87, 0x2a, 0x0f, 0x06, 0x4f, 0x52, 0x78, 0x62, 0x64, 0x7b, 0x8d, 0x05, + 0xf8, 0xb8, 0x43, 0xe7, 0x82, 0x04, 0xbc, 0xa1, 0x51, 0xa9, 0x69, 0xd5, 0x99, 0x40, + 0xb3, 0xa6, 0x23, 0x04, ], }, TestVector { key: [ - 0x1d, 0xa0, 0x2d, 0x7e, 0x6a, 0x75, 0x4b, 0xe4, 0xde, 0xfa, 0x04, 0x90, 0x29, 0xc7, - 0x94, 0x8b, 0x5e, 0xd2, 0x5b, 0x4d, 0x22, 0xbf, 0x87, 0x27, 0x0b, 0x9d, 0x32, 0xda, - 0x52, 0x81, 0x92, 0x24, + 0x00, 0x1d, 0xa0, 0x2d, 0x7e, 0x6a, 0x75, 0x4b, 0xe4, 0xde, 0xfa, 0x04, 0x90, 0x29, + 0xc7, 0x94, 0x8b, 0x5e, 0xd2, 0x5b, 0x4d, 0x22, 0xbf, 0x87, 0x27, 0x0b, 0x9d, 0x32, + 0xda, 0x52, 0x81, 0x92, 0x24, ], description: [ 0xe1, 0x9b, 0x9c, 0xe1, 0x9a, 0xa5, 0xc5, 0xb7, 0x2b, 0xc3, 0x81, 0xc3, 0x8d, 0xc8, @@ -767,16 +767,16 @@ pub(crate) const TEST_VECTORS: &[TestVector] = &[ 0xc7, 0xab, 0xc5, 0x92, 0xc8, 0x8c, 0x5a, 0x5a, ], asset_base: [ - 0x89, 0x29, 0x91, 0xc7, 0xbe, 0xb5, 0x25, 0x9d, 0xc4, 0xc9, 0x9c, 0x2e, 0x6d, 0x34, - 0x93, 0x87, 0x01, 0x56, 0x06, 0x27, 0x1b, 0x9c, 0xb0, 0x23, 0xb1, 0x1b, 0xb8, 0xa9, - 0xdf, 0x99, 0xc1, 0x25, + 0xed, 0xa1, 0x59, 0x95, 0x48, 0x4d, 0x4e, 0x29, 0x81, 0xa7, 0xbc, 0xb1, 0xe1, 0xaa, + 0x35, 0xf0, 0x51, 0x60, 0x10, 0x7a, 0xcd, 0xa2, 0x1f, 0x60, 0xc1, 0xca, 0x47, 0xed, + 0x28, 0x9c, 0xa3, 0x96, ], }, TestVector { key: [ - 0x72, 0xab, 0x8e, 0x45, 0x8e, 0xd4, 0xc8, 0xf2, 0xc5, 0xba, 0xa1, 0x18, 0x50, 0xac, - 0xff, 0x71, 0x55, 0xd6, 0xad, 0x0d, 0xc9, 0x81, 0x55, 0x7b, 0x0a, 0x63, 0xab, 0xcb, - 0xf4, 0xa6, 0x8d, 0xe3, + 0x00, 0x72, 0xab, 0x8e, 0x45, 0x8e, 0xd4, 0xc8, 0xf2, 0xc5, 0xba, 0xa1, 0x18, 0x50, + 0xac, 0xff, 0x71, 0x55, 0xd6, 0xad, 0x0d, 0xc9, 0x81, 0x55, 0x7b, 0x0a, 0x63, 0xab, + 0xcb, 0xf4, 0xa6, 0x8d, 0xe3, ], description: [ 0x6d, 0xc3, 0xbf, 0xc7, 0xa9, 0xc6, 0x93, 0xc4, 0x8b, 0xc4, 0xb2, 0xc8, 0xba, 0xc6, @@ -818,16 +818,16 @@ pub(crate) const TEST_VECTORS: &[TestVector] = &[ 0xe2, 0xb1, 0xa5, 0xc8, 0x82, 0xc7, 0x8b, 0x5a, ], asset_base: [ - 0x65, 0xf8, 0x13, 0xc3, 0x65, 0x97, 0x2b, 0xbb, 0x33, 0xfc, 0x35, 0x17, 0x0e, 0x95, - 0x4f, 0xb0, 0x7c, 0x89, 0x94, 0x24, 0xca, 0x6a, 0x48, 0x2b, 0xce, 0x0d, 0x6d, 0x26, - 0x58, 0x71, 0x1b, 0xbe, + 0xef, 0xe9, 0xdd, 0x3a, 0x41, 0x31, 0x01, 0x12, 0x3e, 0xfa, 0xe1, 0x75, 0xc2, 0xf0, + 0x1f, 0x94, 0x96, 0x01, 0x16, 0x69, 0xf4, 0xe6, 0x11, 0xd0, 0xcc, 0x3e, 0xf7, 0x4a, + 0x8d, 0xc6, 0x4c, 0xbe, ], }, TestVector { key: [ - 0x0e, 0xf9, 0x1a, 0x2b, 0x56, 0xac, 0x5f, 0x19, 0xd1, 0xc9, 0xfb, 0x24, 0x98, 0x6c, - 0x01, 0x36, 0x2d, 0x66, 0x39, 0x16, 0x0c, 0x27, 0x5b, 0x28, 0x02, 0x46, 0x50, 0x05, - 0x14, 0x96, 0x98, 0x44, + 0x00, 0x0e, 0xf9, 0x1a, 0x2b, 0x56, 0xac, 0x5f, 0x19, 0xd1, 0xc9, 0xfb, 0x24, 0x98, + 0x6c, 0x01, 0x36, 0x2d, 0x66, 0x39, 0x16, 0x0c, 0x27, 0x5b, 0x28, 0x02, 0x46, 0x50, + 0x05, 0x14, 0x96, 0x98, 0x44, ], description: [ 0x49, 0xc2, 0xa7, 0xc3, 0xb0, 0x67, 0xe1, 0x9b, 0xa1, 0xc6, 0xa6, 0xc6, 0x95, 0xe1, @@ -869,16 +869,16 @@ pub(crate) const TEST_VECTORS: &[TestVector] = &[ 0xc5, 0x91, 0xc9, 0x8c, 0xc2, 0xab, 0xc6, 0x9d, ], asset_base: [ - 0xb6, 0xff, 0xe5, 0x46, 0x67, 0xba, 0xd3, 0x36, 0x0f, 0xf9, 0x7c, 0x51, 0xbc, 0x63, - 0xd0, 0x99, 0x70, 0xcf, 0x40, 0xbe, 0x92, 0x0a, 0xd0, 0x1c, 0x72, 0x40, 0x42, 0x0d, - 0x82, 0xb7, 0x1b, 0x0f, + 0x7c, 0xdd, 0x49, 0x85, 0xc5, 0xcd, 0x72, 0xf9, 0x2d, 0x4c, 0x40, 0xa7, 0xa2, 0x56, + 0x74, 0xdc, 0x53, 0x16, 0x7a, 0x99, 0xed, 0x62, 0xe8, 0x5a, 0xe9, 0x98, 0x59, 0x70, + 0xb1, 0x93, 0x47, 0x00, ], }, TestVector { key: [ - 0x0b, 0x08, 0x3c, 0x42, 0x29, 0xbd, 0x05, 0x85, 0xa4, 0xa0, 0xf5, 0xe8, 0x06, 0x55, - 0x2b, 0x65, 0xee, 0x24, 0xc7, 0x1a, 0x4a, 0x2a, 0x19, 0x7f, 0x9e, 0x85, 0x5e, 0xdc, - 0x2e, 0x1a, 0x09, 0xfa, + 0x00, 0x0b, 0x08, 0x3c, 0x42, 0x29, 0xbd, 0x05, 0x85, 0xa4, 0xa0, 0xf5, 0xe8, 0x06, + 0x55, 0x2b, 0x65, 0xee, 0x24, 0xc7, 0x1a, 0x4a, 0x2a, 0x19, 0x7f, 0x9e, 0x85, 0x5e, + 0xdc, 0x2e, 0x1a, 0x09, 0xfa, ], description: [ 0xc5, 0xa0, 0x2a, 0xc4, 0xbc, 0xc6, 0x92, 0xc6, 0x9b, 0xc6, 0x9f, 0xe1, 0x9b, 0xaf, @@ -920,16 +920,16 @@ pub(crate) const TEST_VECTORS: &[TestVector] = &[ 0xc5, 0x91, 0x75, 0xc7, 0xbd, 0xe1, 0x9a, 0xb4, ], asset_base: [ - 0xde, 0x6b, 0x80, 0x19, 0x0e, 0x59, 0x02, 0x25, 0x7b, 0x37, 0xf0, 0xaa, 0xf0, 0xc4, - 0x68, 0xb0, 0xee, 0xa6, 0x20, 0x24, 0x29, 0x8f, 0xe6, 0xaa, 0x54, 0x2e, 0xf4, 0x67, - 0x8a, 0x88, 0x9f, 0xb0, + 0xe9, 0x33, 0x51, 0xd8, 0x60, 0x24, 0xc7, 0x99, 0xad, 0x70, 0x41, 0xe4, 0x13, 0x87, + 0x2c, 0x6b, 0x77, 0xb0, 0x09, 0x15, 0x9f, 0x90, 0x49, 0xed, 0xdc, 0x5f, 0x00, 0x4a, + 0x9c, 0x04, 0xfb, 0xb8, ], }, TestVector { key: [ - 0x02, 0x66, 0x60, 0x55, 0xf4, 0x0b, 0x89, 0x61, 0x24, 0xe3, 0x67, 0x56, 0xa7, 0xa0, - 0x93, 0xbb, 0x8e, 0x0b, 0xaa, 0x26, 0x3c, 0xab, 0x79, 0x67, 0x3b, 0x0f, 0x3d, 0x09, - 0x74, 0x68, 0x8e, 0xa1, + 0x00, 0x02, 0x66, 0x60, 0x55, 0xf4, 0x0b, 0x89, 0x61, 0x24, 0xe3, 0x67, 0x56, 0xa7, + 0xa0, 0x93, 0xbb, 0x8e, 0x0b, 0xaa, 0x26, 0x3c, 0xab, 0x79, 0x67, 0x3b, 0x0f, 0x3d, + 0x09, 0x74, 0x68, 0x8e, 0xa1, ], description: [ 0xc7, 0xac, 0xc3, 0xa5, 0xc7, 0xa7, 0x62, 0xc3, 0xb5, 0x4d, 0xc6, 0x80, 0xc3, 0x83, @@ -971,16 +971,16 @@ pub(crate) const TEST_VECTORS: &[TestVector] = &[ 0xe2, 0xb1, 0xb3, 0x47, 0xc6, 0xbb, 0xc8, 0x83, ], asset_base: [ - 0xb3, 0xab, 0xd0, 0x61, 0x3b, 0xd2, 0xa7, 0xa8, 0xf6, 0x74, 0x33, 0x6f, 0x0f, 0xdf, - 0x2c, 0x3b, 0x08, 0x16, 0xee, 0x04, 0x1c, 0x85, 0x04, 0xb4, 0x45, 0xcc, 0xe1, 0x53, - 0x15, 0x46, 0xc8, 0x1c, + 0xe2, 0x5b, 0x76, 0x27, 0xb4, 0x2b, 0x0d, 0xa2, 0x38, 0xdb, 0xc4, 0x38, 0xfb, 0x09, + 0xdc, 0x6c, 0xcd, 0x8d, 0x54, 0xb2, 0xfa, 0xa6, 0x5b, 0x30, 0xf8, 0x02, 0xcd, 0x39, + 0x29, 0x9a, 0xc6, 0x27, ], }, TestVector { key: [ - 0x0a, 0xc2, 0x8d, 0x35, 0x85, 0x55, 0x65, 0x95, 0xac, 0x16, 0x8a, 0x8c, 0xa3, 0xa0, - 0x63, 0x31, 0x9c, 0xdf, 0xbb, 0x4f, 0xaf, 0x2c, 0xa2, 0x48, 0x1d, 0x4d, 0xaa, 0x04, - 0x2d, 0x7c, 0xad, 0xa5, + 0x00, 0x0a, 0xc2, 0x8d, 0x35, 0x85, 0x55, 0x65, 0x95, 0xac, 0x16, 0x8a, 0x8c, 0xa3, + 0xa0, 0x63, 0x31, 0x9c, 0xdf, 0xbb, 0x4f, 0xaf, 0x2c, 0xa2, 0x48, 0x1d, 0x4d, 0xaa, + 0x04, 0x2d, 0x7c, 0xad, 0xa5, ], description: [ 0xe2, 0xb1, 0xb0, 0xc6, 0x87, 0xc7, 0xb8, 0x58, 0xc8, 0x93, 0xe1, 0x9a, 0xb6, 0xc5, @@ -1022,9 +1022,9 @@ pub(crate) const TEST_VECTORS: &[TestVector] = &[ 0xc2, 0xa9, 0xc5, 0x89, 0xc8, 0xb5, 0x5a, 0x5a, ], asset_base: [ - 0x38, 0x52, 0x49, 0x24, 0x7a, 0xb3, 0x96, 0xdb, 0xd5, 0x07, 0x83, 0xa3, 0x51, 0xf6, - 0xbe, 0x50, 0x80, 0x3e, 0xf4, 0x4b, 0x2c, 0x29, 0x82, 0xbc, 0xdd, 0x81, 0xe7, 0x72, - 0x44, 0xbd, 0xa6, 0x8c, + 0x87, 0x4a, 0x3c, 0x3d, 0x56, 0xc1, 0x2e, 0xa1, 0x10, 0x33, 0x73, 0x08, 0x00, 0x2e, + 0x75, 0xc6, 0xe7, 0xb3, 0x48, 0x53, 0x8d, 0xea, 0x65, 0x5e, 0xbf, 0xf4, 0xe1, 0x85, + 0x19, 0x66, 0x51, 0x95, ], }, ]; diff --git a/src/test_vectors/issuance_auth_sig.rs b/src/test_vectors/issuance_auth_sig.rs index a9d250b37..3f7803ce3 100644 --- a/src/test_vectors/issuance_auth_sig.rs +++ b/src/test_vectors/issuance_auth_sig.rs @@ -2,9 +2,9 @@ pub(crate) struct TestVector { pub(crate) isk: [u8; 32], - pub(crate) ik: [u8; 32], + pub(crate) ik_encoding: [u8; 33], pub(crate) msg: [u8; 32], - pub(crate) sig: [u8; 64], + pub(crate) issue_auth_sig: [u8; 65], } pub(crate) const TEST_VECTORS: &[TestVector] = &[ @@ -14,22 +14,22 @@ pub(crate) const TEST_VECTORS: &[TestVector] = &[ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03, ], - ik: [ - 0xf9, 0x30, 0x8a, 0x01, 0x92, 0x58, 0xc3, 0x10, 0x49, 0x34, 0x4f, 0x85, 0xf8, 0x9d, - 0x52, 0x29, 0xb5, 0x31, 0xc8, 0x45, 0x83, 0x6f, 0x99, 0xb0, 0x86, 0x01, 0xf1, 0x13, - 0xbc, 0xe0, 0x36, 0xf9, + ik_encoding: [ + 0x00, 0xf9, 0x30, 0x8a, 0x01, 0x92, 0x58, 0xc3, 0x10, 0x49, 0x34, 0x4f, 0x85, 0xf8, + 0x9d, 0x52, 0x29, 0xb5, 0x31, 0xc8, 0x45, 0x83, 0x6f, 0x99, 0xb0, 0x86, 0x01, 0xf1, + 0x13, 0xbc, 0xe0, 0x36, 0xf9, ], msg: [ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ], - sig: [ - 0xe9, 0x07, 0x83, 0x1f, 0x80, 0x84, 0x8d, 0x10, 0x69, 0xa5, 0x37, 0x1b, 0x40, 0x24, - 0x10, 0x36, 0x4b, 0xdf, 0x1c, 0x5f, 0x83, 0x07, 0xb0, 0x08, 0x4c, 0x55, 0xf1, 0xce, - 0x2d, 0xca, 0x82, 0x15, 0x25, 0xf6, 0x6a, 0x4a, 0x85, 0xea, 0x8b, 0x71, 0xe4, 0x82, - 0xa7, 0x4f, 0x38, 0x2d, 0x2c, 0xe5, 0xeb, 0xee, 0xe8, 0xfd, 0xb2, 0x17, 0x2f, 0x47, - 0x7d, 0xf4, 0x90, 0x0d, 0x31, 0x05, 0x36, 0xc0, + issue_auth_sig: [ + 0x00, 0xe9, 0x07, 0x83, 0x1f, 0x80, 0x84, 0x8d, 0x10, 0x69, 0xa5, 0x37, 0x1b, 0x40, + 0x24, 0x10, 0x36, 0x4b, 0xdf, 0x1c, 0x5f, 0x83, 0x07, 0xb0, 0x08, 0x4c, 0x55, 0xf1, + 0xce, 0x2d, 0xca, 0x82, 0x15, 0x25, 0xf6, 0x6a, 0x4a, 0x85, 0xea, 0x8b, 0x71, 0xe4, + 0x82, 0xa7, 0x4f, 0x38, 0x2d, 0x2c, 0xe5, 0xeb, 0xee, 0xe8, 0xfd, 0xb2, 0x17, 0x2f, + 0x47, 0x7d, 0xf4, 0x90, 0x0d, 0x31, 0x05, 0x36, 0xc0, ], }, TestVector { @@ -38,22 +38,22 @@ pub(crate) const TEST_VECTORS: &[TestVector] = &[ 0x9e, 0x29, 0x4c, 0x4d, 0x6e, 0x66, 0xb1, 0x64, 0x93, 0x9d, 0xaf, 0xfa, 0x2e, 0xf6, 0xee, 0x69, 0x21, 0x48, ], - ik: [ - 0x4b, 0xec, 0xe1, 0xff, 0x00, 0xe2, 0xed, 0x77, 0x64, 0xae, 0x6b, 0xe2, 0x0d, 0x2f, - 0x67, 0x22, 0x04, 0xfc, 0x86, 0xcc, 0xed, 0xd6, 0xfc, 0x1f, 0x71, 0xdf, 0x02, 0xc7, - 0x51, 0x6d, 0x9f, 0x31, + ik_encoding: [ + 0x00, 0x4b, 0xec, 0xe1, 0xff, 0x00, 0xe2, 0xed, 0x77, 0x64, 0xae, 0x6b, 0xe2, 0x0d, + 0x2f, 0x67, 0x22, 0x04, 0xfc, 0x86, 0xcc, 0xed, 0xd6, 0xfc, 0x1f, 0x71, 0xdf, 0x02, + 0xc7, 0x51, 0x6d, 0x9f, 0x31, ], msg: [ 0x1c, 0xdd, 0x86, 0xb3, 0xcc, 0x43, 0x18, 0xd9, 0x61, 0x4f, 0xc8, 0x20, 0x90, 0x5d, 0x04, 0x2b, 0xb1, 0xef, 0x9c, 0xa3, 0xf2, 0x49, 0x88, 0xc7, 0xb3, 0x53, 0x42, 0x01, 0xcf, 0xb1, 0xcd, 0x8d, ], - sig: [ - 0xa5, 0xb5, 0x92, 0x78, 0x1b, 0xeb, 0x55, 0xee, 0xbf, 0x8b, 0xc2, 0xbf, 0xd7, 0x9d, - 0xa9, 0x45, 0x2d, 0xc9, 0x22, 0x39, 0x87, 0x7e, 0xb7, 0xe1, 0xf5, 0x64, 0x65, 0xff, - 0x11, 0x1e, 0x59, 0x08, 0xde, 0xac, 0x15, 0xd5, 0x69, 0x99, 0x9a, 0x2b, 0xd2, 0x2b, - 0x2e, 0xf6, 0x01, 0xc5, 0x81, 0x3b, 0xdb, 0xba, 0x99, 0x3c, 0x08, 0xd4, 0xe8, 0x56, - 0xc9, 0x26, 0xd9, 0xe2, 0xc0, 0x63, 0x93, 0x67, + issue_auth_sig: [ + 0x00, 0xa5, 0xb5, 0x92, 0x78, 0x1b, 0xeb, 0x55, 0xee, 0xbf, 0x8b, 0xc2, 0xbf, 0xd7, + 0x9d, 0xa9, 0x45, 0x2d, 0xc9, 0x22, 0x39, 0x87, 0x7e, 0xb7, 0xe1, 0xf5, 0x64, 0x65, + 0xff, 0x11, 0x1e, 0x59, 0x08, 0xde, 0xac, 0x15, 0xd5, 0x69, 0x99, 0x9a, 0x2b, 0xd2, + 0x2b, 0x2e, 0xf6, 0x01, 0xc5, 0x81, 0x3b, 0xdb, 0xba, 0x99, 0x3c, 0x08, 0xd4, 0xe8, + 0x56, 0xc9, 0x26, 0xd9, 0xe2, 0xc0, 0x63, 0x93, 0x67, ], }, TestVector { @@ -62,22 +62,22 @@ pub(crate) const TEST_VECTORS: &[TestVector] = &[ 0x54, 0x6c, 0x1f, 0xe0, 0x1f, 0x7e, 0x9c, 0x8e, 0x36, 0xd6, 0xa5, 0xe2, 0x9d, 0x4e, 0x30, 0xa7, 0x35, 0x94, ], - ik: [ - 0xd4, 0x22, 0x9e, 0x19, 0x5e, 0x25, 0xf6, 0x02, 0xa2, 0x18, 0x61, 0x22, 0xcb, 0x4e, - 0x78, 0x76, 0x7b, 0x3c, 0x66, 0xac, 0x39, 0x08, 0x08, 0xd2, 0xd1, 0xb4, 0x04, 0x42, - 0xda, 0x7f, 0x00, 0x66, + ik_encoding: [ + 0x00, 0xd4, 0x22, 0x9e, 0x19, 0x5e, 0x25, 0xf6, 0x02, 0xa2, 0x18, 0x61, 0x22, 0xcb, + 0x4e, 0x78, 0x76, 0x7b, 0x3c, 0x66, 0xac, 0x39, 0x08, 0x08, 0xd2, 0xd1, 0xb4, 0x04, + 0x42, 0xda, 0x7f, 0x00, 0x66, ], msg: [ 0xbf, 0x50, 0x98, 0x42, 0x1c, 0x69, 0x37, 0x8a, 0xf1, 0xe4, 0x0f, 0x64, 0xe1, 0x25, 0x94, 0x6f, 0x62, 0xc2, 0xfa, 0x7b, 0x2f, 0xec, 0xbc, 0xb6, 0x4b, 0x69, 0x68, 0x91, 0x2a, 0x63, 0x81, 0xce, ], - sig: [ - 0x18, 0x8b, 0x15, 0x57, 0x42, 0x87, 0x83, 0x55, 0x6b, 0x66, 0x80, 0x3b, 0xf9, 0x06, - 0x63, 0xb7, 0xa1, 0x6d, 0x43, 0x76, 0x92, 0x7c, 0x58, 0x35, 0xe0, 0xb7, 0x26, 0x52, - 0x0e, 0xb2, 0x6d, 0x53, 0x24, 0x99, 0x10, 0xc3, 0x9c, 0x5f, 0x05, 0x90, 0xb6, 0xd6, - 0xaa, 0xb3, 0x51, 0xff, 0x8c, 0xd8, 0xe0, 0x63, 0xfa, 0x74, 0x20, 0x42, 0x55, 0xda, - 0xdc, 0x00, 0xd9, 0xe0, 0xdf, 0xf7, 0x7b, 0x09, + issue_auth_sig: [ + 0x00, 0x18, 0x8b, 0x15, 0x57, 0x42, 0x87, 0x83, 0x55, 0x6b, 0x66, 0x80, 0x3b, 0xf9, + 0x06, 0x63, 0xb7, 0xa1, 0x6d, 0x43, 0x76, 0x92, 0x7c, 0x58, 0x35, 0xe0, 0xb7, 0x26, + 0x52, 0x0e, 0xb2, 0x6d, 0x53, 0x24, 0x99, 0x10, 0xc3, 0x9c, 0x5f, 0x05, 0x90, 0xb6, + 0xd6, 0xaa, 0xb3, 0x51, 0xff, 0x8c, 0xd8, 0xe0, 0x63, 0xfa, 0x74, 0x20, 0x42, 0x55, + 0xda, 0xdc, 0x00, 0xd9, 0xe0, 0xdf, 0xf7, 0x7b, 0x09, ], }, TestVector { @@ -86,22 +86,22 @@ pub(crate) const TEST_VECTORS: &[TestVector] = &[ 0x93, 0x13, 0xe8, 0xc7, 0x20, 0x3d, 0x99, 0x6a, 0xf7, 0xd4, 0x77, 0x08, 0x37, 0x56, 0xd5, 0x9a, 0xf8, 0x0d, ], - ik: [ - 0xce, 0xb7, 0x5a, 0x43, 0x9f, 0xf0, 0x16, 0x15, 0x80, 0xbf, 0x29, 0x57, 0x24, 0xc6, - 0xd9, 0x2d, 0x31, 0xb7, 0xaa, 0x02, 0x84, 0x03, 0x39, 0x44, 0x49, 0x64, 0x48, 0x6f, - 0xae, 0xa8, 0x90, 0xe5, + ik_encoding: [ + 0x00, 0xce, 0xb7, 0x5a, 0x43, 0x9f, 0xf0, 0x16, 0x15, 0x80, 0xbf, 0x29, 0x57, 0x24, + 0xc6, 0xd9, 0x2d, 0x31, 0xb7, 0xaa, 0x02, 0x84, 0x03, 0x39, 0x44, 0x49, 0x64, 0x48, + 0x6f, 0xae, 0xa8, 0x90, 0xe5, ], msg: [ 0x06, 0xa7, 0x45, 0xf4, 0x4a, 0xb0, 0x23, 0x75, 0x2c, 0xb5, 0xb4, 0x06, 0xed, 0x89, 0x85, 0xe1, 0x81, 0x30, 0xab, 0x33, 0x36, 0x26, 0x97, 0xb0, 0xe4, 0xe4, 0xc7, 0x63, 0xcc, 0xb8, 0xf6, 0x76, ], - sig: [ - 0x6e, 0x5e, 0xd6, 0x65, 0x6c, 0x32, 0x71, 0x32, 0xb1, 0x65, 0x81, 0x06, 0x2f, 0x1b, - 0x13, 0x8a, 0xcc, 0x6f, 0x1f, 0x83, 0x43, 0xed, 0x9d, 0x89, 0xab, 0x5f, 0xd9, 0x38, - 0xe4, 0xe6, 0xce, 0xf7, 0x99, 0xa2, 0x25, 0x1c, 0xa5, 0x2d, 0x60, 0x82, 0x0e, 0x51, - 0x00, 0x25, 0x06, 0x7d, 0xcd, 0x1b, 0xf7, 0x54, 0xc5, 0xbf, 0xf1, 0x39, 0xb4, 0xcc, - 0x44, 0xb3, 0x7d, 0x27, 0xd1, 0x7c, 0x4a, 0xee, + issue_auth_sig: [ + 0x00, 0x6e, 0x5e, 0xd6, 0x65, 0x6c, 0x32, 0x71, 0x32, 0xb1, 0x65, 0x81, 0x06, 0x2f, + 0x1b, 0x13, 0x8a, 0xcc, 0x6f, 0x1f, 0x83, 0x43, 0xed, 0x9d, 0x89, 0xab, 0x5f, 0xd9, + 0x38, 0xe4, 0xe6, 0xce, 0xf7, 0x99, 0xa2, 0x25, 0x1c, 0xa5, 0x2d, 0x60, 0x82, 0x0e, + 0x51, 0x00, 0x25, 0x06, 0x7d, 0xcd, 0x1b, 0xf7, 0x54, 0xc5, 0xbf, 0xf1, 0x39, 0xb4, + 0xcc, 0x44, 0xb3, 0x7d, 0x27, 0xd1, 0x7c, 0x4a, 0xee, ], }, TestVector { @@ -110,22 +110,22 @@ pub(crate) const TEST_VECTORS: &[TestVector] = &[ 0xc2, 0xe1, 0xe9, 0xb0, 0x1a, 0x03, 0x55, 0x87, 0xd5, 0xfb, 0x1a, 0x38, 0xe0, 0x1d, 0x94, 0x90, 0x3d, 0x3c, ], - ik: [ - 0xb0, 0xfa, 0x9d, 0x77, 0xfc, 0xbd, 0x96, 0x45, 0x91, 0x32, 0xe3, 0x05, 0xe3, 0x24, - 0xe7, 0x93, 0x6a, 0xe1, 0x3b, 0x15, 0x14, 0x7e, 0x20, 0x5d, 0x7b, 0xae, 0x42, 0xfa, - 0x7f, 0xaf, 0x5d, 0x1e, + ik_encoding: [ + 0x00, 0xb0, 0xfa, 0x9d, 0x77, 0xfc, 0xbd, 0x96, 0x45, 0x91, 0x32, 0xe3, 0x05, 0xe3, + 0x24, 0xe7, 0x93, 0x6a, 0xe1, 0x3b, 0x15, 0x14, 0x7e, 0x20, 0x5d, 0x7b, 0xae, 0x42, + 0xfa, 0x7f, 0xaf, 0x5d, 0x1e, ], msg: [ 0x3e, 0x0a, 0xd3, 0x36, 0x0c, 0x1d, 0x37, 0x10, 0xac, 0xd2, 0x0b, 0x18, 0x3e, 0x31, 0xd4, 0x9f, 0x25, 0xc9, 0xa1, 0x38, 0xf4, 0x9b, 0x1a, 0x53, 0x7e, 0xdc, 0xf0, 0x4b, 0xe3, 0x4a, 0x98, 0x51, ], - sig: [ - 0x17, 0xc2, 0xe5, 0xdf, 0x2e, 0xa6, 0xa1, 0x2e, 0x8a, 0xb2, 0xb0, 0xd5, 0x04, 0x89, - 0x8f, 0x3f, 0x23, 0x43, 0xe0, 0x98, 0x90, 0x7f, 0x7a, 0xfe, 0x43, 0xac, 0x8a, 0x01, - 0x14, 0x42, 0x35, 0x80, 0x97, 0x53, 0x67, 0xba, 0x4b, 0x6d, 0x16, 0x6c, 0x44, 0x28, - 0x48, 0x57, 0xb7, 0xcd, 0x29, 0xa8, 0x38, 0xb4, 0x9c, 0xc3, 0x41, 0xd2, 0x89, 0x51, - 0xaa, 0x0b, 0x5d, 0x55, 0x6a, 0x20, 0x9e, 0xb6, + issue_auth_sig: [ + 0x00, 0x17, 0xc2, 0xe5, 0xdf, 0x2e, 0xa6, 0xa1, 0x2e, 0x8a, 0xb2, 0xb0, 0xd5, 0x04, + 0x89, 0x8f, 0x3f, 0x23, 0x43, 0xe0, 0x98, 0x90, 0x7f, 0x7a, 0xfe, 0x43, 0xac, 0x8a, + 0x01, 0x14, 0x42, 0x35, 0x80, 0x97, 0x53, 0x67, 0xba, 0x4b, 0x6d, 0x16, 0x6c, 0x44, + 0x28, 0x48, 0x57, 0xb7, 0xcd, 0x29, 0xa8, 0x38, 0xb4, 0x9c, 0xc3, 0x41, 0xd2, 0x89, + 0x51, 0xaa, 0x0b, 0x5d, 0x55, 0x6a, 0x20, 0x9e, 0xb6, ], }, TestVector { @@ -134,22 +134,22 @@ pub(crate) const TEST_VECTORS: &[TestVector] = &[ 0x32, 0x3e, 0xa5, 0x1b, 0x00, 0x52, 0xad, 0x80, 0x84, 0xa8, 0xb9, 0xda, 0x94, 0x8d, 0x32, 0x0d, 0xad, 0xd6, ], - ik: [ - 0x0b, 0xb4, 0x91, 0x3d, 0xba, 0xf1, 0x4e, 0xf6, 0xd0, 0xad, 0xeb, 0x8b, 0x70, 0x27, - 0xbf, 0x0b, 0x9a, 0x8f, 0x59, 0x0d, 0x3e, 0x2d, 0x95, 0xa1, 0x2d, 0xba, 0xaf, 0x0b, - 0x95, 0x33, 0xdc, 0xa4, + ik_encoding: [ + 0x00, 0x0b, 0xb4, 0x91, 0x3d, 0xba, 0xf1, 0x4e, 0xf6, 0xd0, 0xad, 0xeb, 0x8b, 0x70, + 0x27, 0xbf, 0x0b, 0x9a, 0x8f, 0x59, 0x0d, 0x3e, 0x2d, 0x95, 0xa1, 0x2d, 0xba, 0xaf, + 0x0b, 0x95, 0x33, 0xdc, 0xa4, ], msg: [ 0x4f, 0x54, 0x31, 0xe6, 0x1d, 0xdf, 0x65, 0x8d, 0x24, 0xae, 0x67, 0xc2, 0x2c, 0x8d, 0x13, 0x09, 0x13, 0x1f, 0xc0, 0x0f, 0xe7, 0xf2, 0x35, 0x73, 0x42, 0x76, 0xd3, 0x8d, 0x47, 0xf1, 0xe1, 0x91, ], - sig: [ - 0x42, 0x1f, 0x5b, 0x07, 0x57, 0x2e, 0x6b, 0x05, 0xe8, 0x0b, 0xa5, 0x85, 0xff, 0x63, - 0x21, 0x42, 0x26, 0x75, 0xcd, 0x19, 0xea, 0x59, 0x15, 0xd6, 0x32, 0xeb, 0x47, 0x64, - 0x6c, 0xe2, 0x20, 0x27, 0x6b, 0xb7, 0x82, 0x42, 0xcc, 0x75, 0x48, 0xd9, 0xa0, 0x57, - 0x2b, 0x89, 0x69, 0x2e, 0x5b, 0x95, 0xdb, 0x14, 0x14, 0xe4, 0xeb, 0xd2, 0x20, 0xcc, - 0xf8, 0x3a, 0xf2, 0x98, 0x2f, 0xdd, 0x3a, 0xec, + issue_auth_sig: [ + 0x00, 0x42, 0x1f, 0x5b, 0x07, 0x57, 0x2e, 0x6b, 0x05, 0xe8, 0x0b, 0xa5, 0x85, 0xff, + 0x63, 0x21, 0x42, 0x26, 0x75, 0xcd, 0x19, 0xea, 0x59, 0x15, 0xd6, 0x32, 0xeb, 0x47, + 0x64, 0x6c, 0xe2, 0x20, 0x27, 0x6b, 0xb7, 0x82, 0x42, 0xcc, 0x75, 0x48, 0xd9, 0xa0, + 0x57, 0x2b, 0x89, 0x69, 0x2e, 0x5b, 0x95, 0xdb, 0x14, 0x14, 0xe4, 0xeb, 0xd2, 0x20, + 0xcc, 0xf8, 0x3a, 0xf2, 0x98, 0x2f, 0xdd, 0x3a, 0xec, ], }, TestVector { @@ -158,22 +158,22 @@ pub(crate) const TEST_VECTORS: &[TestVector] = &[ 0x7f, 0xa6, 0xb6, 0x79, 0xf3, 0xdc, 0x60, 0x1d, 0x00, 0x82, 0x85, 0xed, 0xcb, 0xda, 0xe6, 0x9c, 0xe8, 0xfc, ], - ik: [ - 0x61, 0xbb, 0x33, 0x91, 0x59, 0xdf, 0x98, 0x20, 0xef, 0xae, 0xb6, 0x1d, 0x9a, 0x10, - 0xcd, 0xc1, 0x3b, 0x4c, 0x99, 0xfd, 0xc8, 0x6d, 0x94, 0x85, 0x11, 0x5d, 0xfd, 0x83, - 0x62, 0x36, 0xac, 0xf8, + ik_encoding: [ + 0x00, 0x61, 0xbb, 0x33, 0x91, 0x59, 0xdf, 0x98, 0x20, 0xef, 0xae, 0xb6, 0x1d, 0x9a, + 0x10, 0xcd, 0xc1, 0x3b, 0x4c, 0x99, 0xfd, 0xc8, 0x6d, 0x94, 0x85, 0x11, 0x5d, 0xfd, + 0x83, 0x62, 0x36, 0xac, 0xf8, ], msg: [ 0x1b, 0xe4, 0xaa, 0xc0, 0x0f, 0xf2, 0x71, 0x1e, 0xbd, 0x93, 0x1d, 0xe5, 0x18, 0x85, 0x68, 0x78, 0xf7, 0x34, 0x76, 0xf2, 0x1a, 0x48, 0x2e, 0xc9, 0x37, 0x83, 0x65, 0xc8, 0xf7, 0x39, 0x3c, 0x94, ], - sig: [ - 0x5a, 0x11, 0x48, 0xa8, 0x92, 0x8f, 0xbf, 0x43, 0xbb, 0x33, 0xa5, 0x70, 0xf0, 0xdf, - 0xa3, 0x53, 0x32, 0xb7, 0x01, 0x80, 0x21, 0xa0, 0xcb, 0x75, 0xe9, 0x55, 0x4e, 0x86, - 0xec, 0xb2, 0x1d, 0xa3, 0x2e, 0xb5, 0xa2, 0xd8, 0xc5, 0x9e, 0xa3, 0x90, 0x43, 0xb9, - 0x74, 0x78, 0x75, 0x0c, 0x6b, 0xf8, 0x66, 0xeb, 0x3b, 0x01, 0x5e, 0xbb, 0x31, 0x68, - 0xf7, 0x53, 0x76, 0x6a, 0xd1, 0x71, 0xd2, 0x1e, + issue_auth_sig: [ + 0x00, 0x5a, 0x11, 0x48, 0xa8, 0x92, 0x8f, 0xbf, 0x43, 0xbb, 0x33, 0xa5, 0x70, 0xf0, + 0xdf, 0xa3, 0x53, 0x32, 0xb7, 0x01, 0x80, 0x21, 0xa0, 0xcb, 0x75, 0xe9, 0x55, 0x4e, + 0x86, 0xec, 0xb2, 0x1d, 0xa3, 0x2e, 0xb5, 0xa2, 0xd8, 0xc5, 0x9e, 0xa3, 0x90, 0x43, + 0xb9, 0x74, 0x78, 0x75, 0x0c, 0x6b, 0xf8, 0x66, 0xeb, 0x3b, 0x01, 0x5e, 0xbb, 0x31, + 0x68, 0xf7, 0x53, 0x76, 0x6a, 0xd1, 0x71, 0xd2, 0x1e, ], }, TestVector { @@ -182,22 +182,22 @@ pub(crate) const TEST_VECTORS: &[TestVector] = &[ 0xe5, 0x3e, 0x29, 0xfe, 0xf2, 0xb3, 0x76, 0x66, 0x97, 0xac, 0x32, 0xb4, 0xf4, 0x73, 0xf4, 0x68, 0xa0, 0x08, ], - ik: [ - 0x19, 0x58, 0x53, 0x8b, 0x12, 0x17, 0xa0, 0x3d, 0x89, 0xcd, 0x83, 0xb8, 0x3d, 0x0b, - 0xdd, 0x40, 0xa6, 0x9a, 0xbe, 0x3a, 0xc2, 0x5d, 0x00, 0xc6, 0xd2, 0x69, 0x97, 0xf9, - 0xf2, 0x57, 0x4d, 0x4f, + ik_encoding: [ + 0x00, 0x19, 0x58, 0x53, 0x8b, 0x12, 0x17, 0xa0, 0x3d, 0x89, 0xcd, 0x83, 0xb8, 0x3d, + 0x0b, 0xdd, 0x40, 0xa6, 0x9a, 0xbe, 0x3a, 0xc2, 0x5d, 0x00, 0xc6, 0xd2, 0x69, 0x97, + 0xf9, 0xf2, 0x57, 0x4d, 0x4f, ], msg: [ 0xe7, 0x23, 0x89, 0xfc, 0x03, 0x88, 0x0d, 0x78, 0x0c, 0xb0, 0x7f, 0xcf, 0xaa, 0xbe, 0x3f, 0x1a, 0x84, 0xb2, 0x7d, 0xb5, 0x9a, 0x4a, 0x15, 0x3d, 0x88, 0x2d, 0x2b, 0x21, 0x03, 0x59, 0x65, 0x55, ], - sig: [ - 0x16, 0x90, 0xf5, 0x43, 0xee, 0x67, 0xbb, 0x1c, 0xe0, 0xe4, 0x25, 0x4e, 0xa5, 0xdf, - 0xd0, 0x42, 0xfe, 0x86, 0x3a, 0xb4, 0x6c, 0xd9, 0xa8, 0x90, 0x55, 0x19, 0xff, 0xb1, - 0xb8, 0x40, 0x6b, 0xec, 0xbd, 0x90, 0xda, 0x66, 0xe5, 0xb5, 0x44, 0xbc, 0xd4, 0x3b, - 0xdb, 0x29, 0xbc, 0x5d, 0x2c, 0x02, 0x4d, 0xd2, 0x85, 0xab, 0xcd, 0x77, 0xe4, 0xac, - 0x1f, 0x9d, 0x60, 0x35, 0x22, 0xe4, 0xf1, 0x5b, + issue_auth_sig: [ + 0x00, 0x16, 0x90, 0xf5, 0x43, 0xee, 0x67, 0xbb, 0x1c, 0xe0, 0xe4, 0x25, 0x4e, 0xa5, + 0xdf, 0xd0, 0x42, 0xfe, 0x86, 0x3a, 0xb4, 0x6c, 0xd9, 0xa8, 0x90, 0x55, 0x19, 0xff, + 0xb1, 0xb8, 0x40, 0x6b, 0xec, 0xbd, 0x90, 0xda, 0x66, 0xe5, 0xb5, 0x44, 0xbc, 0xd4, + 0x3b, 0xdb, 0x29, 0xbc, 0x5d, 0x2c, 0x02, 0x4d, 0xd2, 0x85, 0xab, 0xcd, 0x77, 0xe4, + 0xac, 0x1f, 0x9d, 0x60, 0x35, 0x22, 0xe4, 0xf1, 0x5b, ], }, TestVector { @@ -206,22 +206,22 @@ pub(crate) const TEST_VECTORS: &[TestVector] = &[ 0xc1, 0x03, 0x95, 0x86, 0xa7, 0xaf, 0xcf, 0x4a, 0x0d, 0x9c, 0x73, 0x1e, 0x98, 0x5d, 0x99, 0x58, 0x9c, 0x8b, ], - ik: [ - 0x7d, 0xd6, 0xd7, 0x61, 0xe1, 0x02, 0x01, 0x37, 0xfa, 0x01, 0xb4, 0xdd, 0xd3, 0xb0, - 0xf3, 0x48, 0x04, 0xcc, 0x10, 0xcc, 0x4e, 0x9f, 0x6e, 0x9d, 0xf5, 0xb6, 0x04, 0x69, - 0xf5, 0x79, 0x36, 0x67, + ik_encoding: [ + 0x00, 0x7d, 0xd6, 0xd7, 0x61, 0xe1, 0x02, 0x01, 0x37, 0xfa, 0x01, 0xb4, 0xdd, 0xd3, + 0xb0, 0xf3, 0x48, 0x04, 0xcc, 0x10, 0xcc, 0x4e, 0x9f, 0x6e, 0x9d, 0xf5, 0xb6, 0x04, + 0x69, 0xf5, 0x79, 0x36, 0x67, ], msg: [ 0xb8, 0x38, 0xe8, 0xaa, 0xf7, 0x45, 0x53, 0x3e, 0xd9, 0xe8, 0xae, 0x3a, 0x1c, 0xd0, 0x74, 0xa5, 0x1a, 0x20, 0xda, 0x8a, 0xba, 0x18, 0xd1, 0xdb, 0xeb, 0xbc, 0x86, 0x2d, 0xed, 0x42, 0x43, 0x5e, ], - sig: [ - 0x59, 0x34, 0x5d, 0x6b, 0x89, 0x4e, 0xd6, 0xd0, 0x3a, 0x56, 0x73, 0xa0, 0x14, 0x63, - 0x07, 0x51, 0x04, 0x3d, 0x11, 0xfa, 0x63, 0x18, 0x7c, 0x92, 0x9c, 0xae, 0x3f, 0xa1, - 0xb0, 0x29, 0x22, 0xf2, 0x7d, 0xc0, 0x16, 0x40, 0x33, 0x95, 0x2c, 0x84, 0x16, 0xe6, - 0xd0, 0x43, 0x81, 0x77, 0xb3, 0xbc, 0xe8, 0x78, 0xfd, 0xec, 0x75, 0x0a, 0x16, 0x64, - 0xd4, 0x89, 0xdf, 0x0a, 0x4e, 0xae, 0xb1, 0x35, + issue_auth_sig: [ + 0x00, 0x59, 0x34, 0x5d, 0x6b, 0x89, 0x4e, 0xd6, 0xd0, 0x3a, 0x56, 0x73, 0xa0, 0x14, + 0x63, 0x07, 0x51, 0x04, 0x3d, 0x11, 0xfa, 0x63, 0x18, 0x7c, 0x92, 0x9c, 0xae, 0x3f, + 0xa1, 0xb0, 0x29, 0x22, 0xf2, 0x7d, 0xc0, 0x16, 0x40, 0x33, 0x95, 0x2c, 0x84, 0x16, + 0xe6, 0xd0, 0x43, 0x81, 0x77, 0xb3, 0xbc, 0xe8, 0x78, 0xfd, 0xec, 0x75, 0x0a, 0x16, + 0x64, 0xd4, 0x89, 0xdf, 0x0a, 0x4e, 0xae, 0xb1, 0x35, ], }, TestVector { @@ -230,22 +230,22 @@ pub(crate) const TEST_VECTORS: &[TestVector] = &[ 0x7b, 0x89, 0xe0, 0x01, 0xaf, 0xa2, 0xfb, 0x8d, 0xc3, 0x43, 0x6d, 0x75, 0xa4, 0xa6, 0xf2, 0x65, 0x72, 0x50, ], - ik: [ - 0xb5, 0x9c, 0x5f, 0x32, 0x34, 0xd6, 0xca, 0x36, 0xcc, 0x48, 0x3d, 0x67, 0xa8, 0x4f, - 0x37, 0xd6, 0xb2, 0x4b, 0x24, 0x45, 0x48, 0x25, 0xd2, 0xb7, 0xbf, 0xdc, 0x80, 0x2b, - 0x2e, 0x32, 0x8c, 0x43, + ik_encoding: [ + 0x00, 0xb5, 0x9c, 0x5f, 0x32, 0x34, 0xd6, 0xca, 0x36, 0xcc, 0x48, 0x3d, 0x67, 0xa8, + 0x4f, 0x37, 0xd6, 0xb2, 0x4b, 0x24, 0x45, 0x48, 0x25, 0xd2, 0xb7, 0xbf, 0xdc, 0x80, + 0x2b, 0x2e, 0x32, 0x8c, 0x43, ], msg: [ 0x4b, 0x19, 0x22, 0x32, 0xec, 0xb9, 0xf0, 0xc0, 0x24, 0x11, 0xe5, 0x25, 0x96, 0xbc, 0x5e, 0x90, 0x45, 0x7e, 0x74, 0x59, 0x39, 0xff, 0xed, 0xbd, 0x12, 0x86, 0x3c, 0xe7, 0x1a, 0x02, 0xaf, 0x11, ], - sig: [ - 0xa4, 0x58, 0x79, 0x33, 0x26, 0x98, 0x37, 0x74, 0x09, 0x6d, 0x36, 0x59, 0xeb, 0x9a, - 0x21, 0xd1, 0x2c, 0x8e, 0xb8, 0x77, 0x56, 0x6b, 0x66, 0xbf, 0x60, 0x33, 0xdb, 0x8f, - 0xde, 0x20, 0xc4, 0x66, 0xa2, 0xe9, 0x54, 0x30, 0xa0, 0x1e, 0xb9, 0xad, 0x28, 0xe0, - 0x76, 0x5b, 0xed, 0x21, 0xdc, 0xd3, 0x03, 0x86, 0xfc, 0xe7, 0xaa, 0xba, 0xde, 0xa6, - 0xda, 0x72, 0x8c, 0x16, 0xbb, 0x80, 0xf1, 0xc2, + issue_auth_sig: [ + 0x00, 0xa4, 0x58, 0x79, 0x33, 0x26, 0x98, 0x37, 0x74, 0x09, 0x6d, 0x36, 0x59, 0xeb, + 0x9a, 0x21, 0xd1, 0x2c, 0x8e, 0xb8, 0x77, 0x56, 0x6b, 0x66, 0xbf, 0x60, 0x33, 0xdb, + 0x8f, 0xde, 0x20, 0xc4, 0x66, 0xa2, 0xe9, 0x54, 0x30, 0xa0, 0x1e, 0xb9, 0xad, 0x28, + 0xe0, 0x76, 0x5b, 0xed, 0x21, 0xdc, 0xd3, 0x03, 0x86, 0xfc, 0xe7, 0xaa, 0xba, 0xde, + 0xa6, 0xda, 0x72, 0x8c, 0x16, 0xbb, 0x80, 0xf1, 0xc2, ], }, TestVector { @@ -254,22 +254,22 @@ pub(crate) const TEST_VECTORS: &[TestVector] = &[ 0x0c, 0x6b, 0x8f, 0xb8, 0x6b, 0x12, 0xb5, 0x6d, 0xa9, 0xc3, 0x82, 0x85, 0x7d, 0xee, 0xcc, 0x40, 0xa9, 0x8d, ], - ik: [ - 0x45, 0x61, 0x9f, 0x20, 0x6c, 0x3b, 0xfc, 0x84, 0xfd, 0x42, 0x4f, 0xfb, 0x5c, 0x81, - 0x6f, 0x65, 0x4b, 0x27, 0xaa, 0x7f, 0x7b, 0x4b, 0xd6, 0x7e, 0xc5, 0xf9, 0xac, 0x6d, - 0x0f, 0x38, 0xdb, 0xb1, + ik_encoding: [ + 0x00, 0x45, 0x61, 0x9f, 0x20, 0x6c, 0x3b, 0xfc, 0x84, 0xfd, 0x42, 0x4f, 0xfb, 0x5c, + 0x81, 0x6f, 0x65, 0x4b, 0x27, 0xaa, 0x7f, 0x7b, 0x4b, 0xd6, 0x7e, 0xc5, 0xf9, 0xac, + 0x6d, 0x0f, 0x38, 0xdb, 0xb1, ], msg: [ 0x5f, 0x29, 0x35, 0x39, 0x5e, 0xe4, 0x76, 0x2d, 0xd2, 0x1a, 0xfd, 0xbb, 0x5d, 0x47, 0xfa, 0x9a, 0x6d, 0xd9, 0x84, 0xd5, 0x67, 0xdb, 0x28, 0x57, 0xb9, 0x27, 0xb7, 0xfa, 0xe2, 0xdb, 0x58, 0x71, ], - sig: [ - 0xe6, 0x92, 0x4d, 0x53, 0xec, 0x97, 0x80, 0x79, 0xd6, 0x6a, 0x28, 0x4c, 0x00, 0xa8, - 0x68, 0xf9, 0xeb, 0x75, 0x1a, 0xe3, 0xb1, 0x69, 0x0d, 0x15, 0xee, 0x1b, 0x39, 0x68, - 0x0b, 0x83, 0xc4, 0x38, 0xe4, 0x5f, 0x02, 0xa2, 0x3c, 0x65, 0x6e, 0x4e, 0x53, 0xd3, - 0xc7, 0x3e, 0xfa, 0x0d, 0xc5, 0xf7, 0xad, 0x63, 0x28, 0x21, 0x7f, 0xd5, 0x9b, 0x23, - 0xaa, 0xe4, 0xf9, 0x0c, 0x68, 0xbe, 0x76, 0xbc, + issue_auth_sig: [ + 0x00, 0xe6, 0x92, 0x4d, 0x53, 0xec, 0x97, 0x80, 0x79, 0xd6, 0x6a, 0x28, 0x4c, 0x00, + 0xa8, 0x68, 0xf9, 0xeb, 0x75, 0x1a, 0xe3, 0xb1, 0x69, 0x0d, 0x15, 0xee, 0x1b, 0x39, + 0x68, 0x0b, 0x83, 0xc4, 0x38, 0xe4, 0x5f, 0x02, 0xa2, 0x3c, 0x65, 0x6e, 0x4e, 0x53, + 0xd3, 0xc7, 0x3e, 0xfa, 0x0d, 0xc5, 0xf7, 0xad, 0x63, 0x28, 0x21, 0x7f, 0xd5, 0x9b, + 0x23, 0xaa, 0xe4, 0xf9, 0x0c, 0x68, 0xbe, 0x76, 0xbc, ], }, ]; diff --git a/src/test_vectors/keys.rs b/src/test_vectors/keys.rs index e078f819b..2808c5e7d 100644 --- a/src/test_vectors/keys.rs +++ b/src/test_vectors/keys.rs @@ -5,7 +5,7 @@ pub(crate) struct TestVector { pub(crate) ask: [u8; 32], pub(crate) ak: [u8; 32], pub(crate) isk: [u8; 32], - pub(crate) ik: [u8; 32], + pub(crate) ik_encoding: [u8; 33], pub(crate) nk: [u8; 32], pub(crate) rivk: [u8; 32], pub(crate) ivk: [u8; 32], @@ -47,10 +47,10 @@ pub(crate) const TEST_VECTORS: &[TestVector] = &[ 0x1a, 0x53, 0x7e, 0xdc, 0xf0, 0x4b, 0xe3, 0x4a, 0x98, 0x51, 0xa7, 0xaf, 0x9d, 0xb6, 0x99, 0x0e, 0xd8, 0x3d, ], - ik: [ - 0xd1, 0xa2, 0xfa, 0xb4, 0x17, 0x0c, 0x45, 0xc5, 0xf9, 0x79, 0xc8, 0xe7, 0x46, 0x3b, - 0x8e, 0x20, 0xf2, 0x34, 0xde, 0x35, 0xeb, 0x58, 0xa8, 0x38, 0xdf, 0x9a, 0x1f, 0xe9, - 0xb1, 0xa5, 0xaa, 0x45, + ik_encoding: [ + 0x00, 0xd1, 0xa2, 0xfa, 0xb4, 0x17, 0x0c, 0x45, 0xc5, 0xf9, 0x79, 0xc8, 0xe7, 0x46, + 0x3b, 0x8e, 0x20, 0xf2, 0x34, 0xde, 0x35, 0xeb, 0x58, 0xa8, 0x38, 0xdf, 0x9a, 0x1f, + 0xe9, 0xb1, 0xa5, 0xaa, 0x45, ], nk: [ 0x9f, 0x2f, 0x82, 0x67, 0x38, 0x94, 0x5a, 0xd0, 0x1f, 0x47, 0xf7, 0x0d, 0xb0, 0xc3, @@ -153,10 +153,10 @@ pub(crate) const TEST_VECTORS: &[TestVector] = &[ 0x65, 0x55, 0xed, 0x94, 0x94, 0xc6, 0xac, 0x89, 0x3c, 0x49, 0x72, 0x38, 0x33, 0xec, 0x89, 0x26, 0xc1, 0x03, ], - ik: [ - 0x39, 0x62, 0x5b, 0x51, 0xaa, 0x0a, 0x3d, 0xde, 0x54, 0x6e, 0xde, 0x39, 0xa1, 0x23, - 0x2f, 0xa9, 0xba, 0xe8, 0x71, 0xab, 0x4f, 0x18, 0xe9, 0x0e, 0x5a, 0xe8, 0x03, 0x8c, - 0xce, 0xef, 0x66, 0x37, + ik_encoding: [ + 0x00, 0x39, 0x62, 0x5b, 0x51, 0xaa, 0x0a, 0x3d, 0xde, 0x54, 0x6e, 0xde, 0x39, 0xa1, + 0x23, 0x2f, 0xa9, 0xba, 0xe8, 0x71, 0xab, 0x4f, 0x18, 0xe9, 0x0e, 0x5a, 0xe8, 0x03, + 0x8c, 0xce, 0xef, 0x66, 0x37, ], nk: [ 0x26, 0x84, 0x71, 0xe4, 0x66, 0xfe, 0x31, 0x2d, 0xd2, 0x07, 0x5d, 0x1a, 0x1a, 0x07, @@ -259,10 +259,10 @@ pub(crate) const TEST_VECTORS: &[TestVector] = &[ 0xe7, 0x6c, 0x17, 0x82, 0xfd, 0x27, 0x95, 0xd1, 0x8a, 0x76, 0x36, 0x24, 0xc2, 0x5f, 0xa9, 0x59, 0xcc, 0x97, ], - ik: [ - 0x78, 0xd1, 0xdc, 0xef, 0xee, 0x06, 0xc5, 0x66, 0x7f, 0x19, 0x76, 0xa5, 0x66, 0x73, - 0x13, 0x0b, 0x9e, 0x72, 0x05, 0xf3, 0xa5, 0x0a, 0xd1, 0x96, 0x00, 0x89, 0x6c, 0xe5, - 0xc2, 0x64, 0xfa, 0xf6, + ik_encoding: [ + 0x00, 0x78, 0xd1, 0xdc, 0xef, 0xee, 0x06, 0xc5, 0x66, 0x7f, 0x19, 0x76, 0xa5, 0x66, + 0x73, 0x13, 0x0b, 0x9e, 0x72, 0x05, 0xf3, 0xa5, 0x0a, 0xd1, 0x96, 0x00, 0x89, 0x6c, + 0xe5, 0xc2, 0x64, 0xfa, 0xf6, ], nk: [ 0x9d, 0xca, 0xb0, 0x5e, 0x6c, 0x24, 0x15, 0xad, 0x65, 0xb6, 0x4e, 0x6a, 0x9a, 0xec, @@ -365,10 +365,10 @@ pub(crate) const TEST_VECTORS: &[TestVector] = &[ 0xcb, 0x05, 0x6b, 0x95, 0xe3, 0x02, 0x5b, 0x97, 0x92, 0xff, 0xf7, 0xf2, 0x44, 0xfc, 0x71, 0x62, 0x69, 0xb9, ], - ik: [ - 0x39, 0xc4, 0x51, 0xf4, 0xd8, 0xdd, 0xcf, 0x69, 0x05, 0xed, 0xd8, 0x82, 0x5a, 0xd9, - 0x81, 0xb9, 0xe7, 0x3c, 0xa6, 0x83, 0x1c, 0xa2, 0xb3, 0xd7, 0xe8, 0xce, 0xf3, 0xd0, - 0xba, 0xaa, 0x31, 0x1b, + ik_encoding: [ + 0x00, 0x39, 0xc4, 0x51, 0xf4, 0xd8, 0xdd, 0xcf, 0x69, 0x05, 0xed, 0xd8, 0x82, 0x5a, + 0xd9, 0x81, 0xb9, 0xe7, 0x3c, 0xa6, 0x83, 0x1c, 0xa2, 0xb3, 0xd7, 0xe8, 0xce, 0xf3, + 0xd0, 0xba, 0xaa, 0x31, 0x1b, ], nk: [ 0x8d, 0xa4, 0xba, 0x62, 0x70, 0xae, 0x6d, 0x89, 0xa8, 0x6a, 0x06, 0xbc, 0x84, 0xbb, @@ -471,10 +471,10 @@ pub(crate) const TEST_VECTORS: &[TestVector] = &[ 0x15, 0xf5, 0x72, 0x2d, 0xb0, 0x41, 0xa3, 0xef, 0x66, 0xfa, 0x48, 0x3a, 0xfd, 0x3c, 0x2e, 0x19, 0xe5, 0x94, ], - ik: [ - 0x2b, 0x5d, 0xe5, 0x60, 0x92, 0xfe, 0xa3, 0x1a, 0x8e, 0xa9, 0xf8, 0x70, 0x84, 0x7d, - 0xc1, 0xfa, 0x87, 0xfd, 0x3c, 0x25, 0xcf, 0x70, 0x9a, 0x0e, 0xff, 0xd6, 0x99, 0xc2, - 0x96, 0x41, 0x31, 0x6e, + ik_encoding: [ + 0x00, 0x2b, 0x5d, 0xe5, 0x60, 0x92, 0xfe, 0xa3, 0x1a, 0x8e, 0xa9, 0xf8, 0x70, 0x84, + 0x7d, 0xc1, 0xfa, 0x87, 0xfd, 0x3c, 0x25, 0xcf, 0x70, 0x9a, 0x0e, 0xff, 0xd6, 0x99, + 0xc2, 0x96, 0x41, 0x31, 0x6e, ], nk: [ 0x4f, 0xb7, 0x68, 0x10, 0x2e, 0x99, 0xbe, 0xfe, 0x6e, 0x76, 0xed, 0x4e, 0xea, 0x65, @@ -577,10 +577,10 @@ pub(crate) const TEST_VECTORS: &[TestVector] = &[ 0x68, 0xf5, 0x0c, 0x05, 0x36, 0xac, 0xdd, 0xf6, 0xf1, 0xae, 0xab, 0x01, 0x6b, 0x6b, 0xc1, 0xec, 0x14, 0x4b, ], - ik: [ - 0xe2, 0xb7, 0xd3, 0x28, 0x92, 0x52, 0xf8, 0x69, 0x17, 0xd4, 0xcb, 0x43, 0x04, 0xbe, - 0x9a, 0x06, 0xd6, 0x25, 0xdb, 0x6f, 0xb2, 0xcb, 0xea, 0xf8, 0x84, 0xc2, 0x80, 0x66, - 0x94, 0x16, 0xad, 0x30, + ik_encoding: [ + 0x00, 0xe2, 0xb7, 0xd3, 0x28, 0x92, 0x52, 0xf8, 0x69, 0x17, 0xd4, 0xcb, 0x43, 0x04, + 0xbe, 0x9a, 0x06, 0xd6, 0x25, 0xdb, 0x6f, 0xb2, 0xcb, 0xea, 0xf8, 0x84, 0xc2, 0x80, + 0x66, 0x94, 0x16, 0xad, 0x30, ], nk: [ 0x54, 0x81, 0x3a, 0x55, 0x4c, 0xd0, 0x88, 0xfd, 0xad, 0x77, 0x91, 0x00, 0xa5, 0xa4, @@ -683,10 +683,10 @@ pub(crate) const TEST_VECTORS: &[TestVector] = &[ 0x8e, 0x1a, 0x28, 0xf8, 0x9d, 0xb8, 0x9f, 0xfd, 0xec, 0xa3, 0x64, 0xdd, 0x2f, 0x0f, 0x07, 0x39, 0xf0, 0x53, ], - ik: [ - 0x03, 0xd8, 0x30, 0x92, 0xd7, 0x09, 0xcb, 0x92, 0x8f, 0xf1, 0x50, 0xf0, 0x8e, 0xa2, - 0x68, 0xe8, 0x45, 0x41, 0x80, 0xcd, 0xc4, 0x9f, 0x07, 0xf5, 0xa3, 0xd9, 0xb2, 0x03, - 0x90, 0x68, 0xc9, 0x09, + ik_encoding: [ + 0x00, 0x03, 0xd8, 0x30, 0x92, 0xd7, 0x09, 0xcb, 0x92, 0x8f, 0xf1, 0x50, 0xf0, 0x8e, + 0xa2, 0x68, 0xe8, 0x45, 0x41, 0x80, 0xcd, 0xc4, 0x9f, 0x07, 0xf5, 0xa3, 0xd9, 0xb2, + 0x03, 0x90, 0x68, 0xc9, 0x09, ], nk: [ 0x0d, 0x47, 0x60, 0xf0, 0xe9, 0x3d, 0x2c, 0x4b, 0x67, 0x6e, 0x88, 0xfa, 0x40, 0xfa, @@ -789,10 +789,10 @@ pub(crate) const TEST_VECTORS: &[TestVector] = &[ 0xf8, 0x55, 0x88, 0x74, 0x1b, 0x31, 0x28, 0x90, 0x1a, 0x93, 0xbd, 0x78, 0xe4, 0xbe, 0x02, 0x25, 0xa9, 0xe2, ], - ik: [ - 0x78, 0xfe, 0x62, 0x0f, 0xc5, 0x91, 0x3f, 0xc1, 0x8a, 0xa2, 0x09, 0x36, 0x40, 0x9d, - 0x38, 0x8f, 0x0f, 0x10, 0x88, 0x14, 0xa7, 0x5e, 0x93, 0x1b, 0xea, 0xcb, 0x61, 0x83, - 0xa9, 0xbe, 0x18, 0xc4, + ik_encoding: [ + 0x00, 0x78, 0xfe, 0x62, 0x0f, 0xc5, 0x91, 0x3f, 0xc1, 0x8a, 0xa2, 0x09, 0x36, 0x40, + 0x9d, 0x38, 0x8f, 0x0f, 0x10, 0x88, 0x14, 0xa7, 0x5e, 0x93, 0x1b, 0xea, 0xcb, 0x61, + 0x83, 0xa9, 0xbe, 0x18, 0xc4, ], nk: [ 0x88, 0xc5, 0xc9, 0x2d, 0x1c, 0xd0, 0xe5, 0x01, 0xc9, 0x1d, 0x80, 0x1c, 0x50, 0xdf, @@ -895,10 +895,10 @@ pub(crate) const TEST_VECTORS: &[TestVector] = &[ 0x61, 0xc6, 0x59, 0xcc, 0x5d, 0x32, 0x5b, 0x44, 0x0f, 0x6b, 0x9f, 0x59, 0xaf, 0xf6, 0x68, 0x79, 0xbb, 0x66, ], - ik: [ - 0x0c, 0x40, 0xa2, 0x9b, 0xdb, 0xe3, 0xe4, 0x5d, 0x2c, 0xb7, 0xc1, 0x41, 0xed, 0xe0, - 0xce, 0x2c, 0xe9, 0x2c, 0xa6, 0xbf, 0x9f, 0x6b, 0xc0, 0x42, 0xb0, 0xe7, 0x25, 0x24, - 0xf4, 0x19, 0x5c, 0xa6, + ik_encoding: [ + 0x00, 0x0c, 0x40, 0xa2, 0x9b, 0xdb, 0xe3, 0xe4, 0x5d, 0x2c, 0xb7, 0xc1, 0x41, 0xed, + 0xe0, 0xce, 0x2c, 0xe9, 0x2c, 0xa6, 0xbf, 0x9f, 0x6b, 0xc0, 0x42, 0xb0, 0xe7, 0x25, + 0x24, 0xf4, 0x19, 0x5c, 0xa6, ], nk: [ 0x2c, 0x5c, 0xc2, 0x37, 0x14, 0xa6, 0x22, 0xa0, 0xb9, 0xe2, 0x0a, 0x1f, 0x0f, 0x23, @@ -1001,10 +1001,10 @@ pub(crate) const TEST_VECTORS: &[TestVector] = &[ 0x4d, 0x63, 0x59, 0xeb, 0x23, 0xfa, 0xf3, 0x8a, 0x08, 0x22, 0xda, 0x36, 0xce, 0x42, 0x6c, 0x4a, 0x2f, 0xbe, ], - ik: [ - 0x6c, 0xc4, 0x46, 0x5c, 0x0a, 0x64, 0xa5, 0xec, 0x41, 0x96, 0x8a, 0x80, 0x9f, 0x71, - 0x3d, 0xf6, 0xf3, 0x45, 0x1c, 0x5e, 0xec, 0xff, 0xf5, 0x31, 0x7a, 0x21, 0x0c, 0xc7, - 0xc8, 0x50, 0xbd, 0x51, + ik_encoding: [ + 0x00, 0x6c, 0xc4, 0x46, 0x5c, 0x0a, 0x64, 0xa5, 0xec, 0x41, 0x96, 0x8a, 0x80, 0x9f, + 0x71, 0x3d, 0xf6, 0xf3, 0x45, 0x1c, 0x5e, 0xec, 0xff, 0xf5, 0x31, 0x7a, 0x21, 0x0c, + 0xc7, 0xc8, 0x50, 0xbd, 0x51, ], nk: [ 0x5c, 0x39, 0x80, 0xe1, 0x5d, 0xba, 0xd3, 0x67, 0xf4, 0xa1, 0xd3, 0x89, 0x15, 0x78, diff --git a/src/zip32.rs b/src/zip32.rs index 1a815f4c0..00eab0573 100644 --- a/src/zip32.rs +++ b/src/zip32.rs @@ -21,7 +21,7 @@ const ZIP32_ORCHARD_FVFP_PERSONALIZATION: &[u8; 16] = b"ZcashOrchardFVFP"; /// Personalization for the master extended spending key pub const ZIP32_ORCHARD_PERSONALIZATION: &[u8; 16] = b"ZcashIP32Orchard"; /// Personalization for the master extended issuance key -pub const ZIP32_ORCHARD_ISSUANCE_PERSONALIZATION: &[u8; 16] = b"ZIP32ZSAIssue_V1"; +pub const ZIP32_ORCHARD_ISSUANCE_PERSONALIZATION: &[u8; 16] = b"ZcashSA_Issue_V1"; /// Errors produced in derivation of extended spending keys #[derive(Debug, PartialEq, Eq)] @@ -30,6 +30,8 @@ pub enum Error { InvalidSpendingKey, /// A child index in a derivation path exceeded 2^31 InvalidChildIndex(u32), + /// A non zero account when deriving an Orchard-ZSA issuance key + NonZeroAccount, } impl fmt::Display for Error { diff --git a/tests/issuance_global_state.rs b/tests/issuance_global_state.rs index 753c00f56..5f58e02f9 100644 --- a/tests/issuance_global_state.rs +++ b/tests/issuance_global_state.rs @@ -14,7 +14,8 @@ use orchard::{ }, IssueBundle, IssueInfo, Signed, }, - keys::{FullViewingKey, IssuanceAuthorizingKey, IssuanceValidatingKey, Scope, SpendingKey}, + issuance_auth::{IssueAuthKey, IssueValidatingKey, ZSASchnorr}, + keys::{FullViewingKey, Scope, SpendingKey}, note::{AssetBase, Nullifier}, value::NoteValue, Address, Note, @@ -29,8 +30,8 @@ fn random_bytes(mut rng: OsRng) -> [u8; N] { #[derive(Clone)] struct TestParams { rng: OsRng, - isk: IssuanceAuthorizingKey, - ik: IssuanceValidatingKey, + isk: IssueAuthKey, + ik: IssueValidatingKey, recipient: Address, sighash: [u8; 32], first_nullifier: Nullifier, @@ -41,10 +42,10 @@ fn setup_params() -> TestParams { use group::{ff::PrimeField, Curve, Group}; use pasta_curves::{arithmetic::CurveAffine, pallas}; - let rng = OsRng; + let mut rng = OsRng; - let isk = IssuanceAuthorizingKey::from_bytes(random_bytes(rng)).unwrap(); - let ik: IssuanceValidatingKey = (&isk).into(); + let isk = IssueAuthKey::::random(&mut rng); + let ik = IssueValidatingKey::from(&isk); let fvk = FullViewingKey::from(&SpendingKey::from_bytes(random_bytes(rng)).unwrap()); let recipient = fvk.address_at(0u32, Scope::External); diff --git a/tests/zsa.rs b/tests/zsa.rs index 27b5b358f..66017e4b9 100644 --- a/tests/zsa.rs +++ b/tests/zsa.rs @@ -11,8 +11,8 @@ use orchard::{ compute_asset_desc_hash, verify_issue_bundle, AwaitingNullifier, IssueBundle, IssueInfo, Signed, }, + issuance_auth::{IssueAuthKey, IssueValidatingKey, ZSASchnorr}, keys::{FullViewingKey, PreparedIncomingViewingKey, Scope, SpendAuthorizingKey, SpendingKey}, - keys::{IssuanceAuthorizingKey, IssuanceValidatingKey}, note::{AssetBase, ExtractedNoteCommitment, Nullifier}, orchard_flavor::OrchardZSA, primitives::OrchardDomain, @@ -31,8 +31,8 @@ struct Keychain { vk: VerifyingKey, sk: SpendingKey, fvk: FullViewingKey, - isk: IssuanceAuthorizingKey, - ik: IssuanceValidatingKey, + isk: IssueAuthKey, + ik: IssueValidatingKey, recipient: Address, } @@ -46,10 +46,10 @@ impl Keychain { fn fvk(&self) -> &FullViewingKey { &self.fvk } - fn isk(&self) -> &IssuanceAuthorizingKey { + fn isk(&self) -> &IssueAuthKey { &self.isk } - fn ik(&self) -> &IssuanceValidatingKey { + fn ik(&self) -> &IssueValidatingKey { &self.ik } } @@ -59,9 +59,8 @@ fn prepare_keys(pk: ProvingKey, vk: VerifyingKey, seed: u8) -> Keychain { let fvk = FullViewingKey::from(&sk); let recipient = fvk.address_at(0u32, Scope::External); - let isk = - IssuanceAuthorizingKey::from_bytes([seed.wrapping_add(1); 32]).expect("valid issuance key"); - let ik = IssuanceValidatingKey::from(&isk); + let isk = IssueAuthKey::from_bytes(&[seed.wrapping_add(1); 32]).expect("valid issuance key"); + let ik = IssueValidatingKey::from(&isk); Keychain { pk, vk, @@ -75,7 +74,7 @@ fn prepare_keys(pk: ProvingKey, vk: VerifyingKey, seed: u8) -> Keychain { fn sign_issue_bundle( awaiting_nullifier_bundle: IssueBundle, - isk: &IssuanceAuthorizingKey, + isk: &IssueAuthKey, first_nullifier: &Nullifier, ) -> IssueBundle { let awaiting_sighash_bundle = awaiting_nullifier_bundle.update_rho(first_nullifier); @@ -150,7 +149,7 @@ fn issue_zsa_notes( first_nullifier: &Nullifier, ) -> (Note, Note, Note) { let mut rng = OsRng; - // Create a issuance bundle + // Create an issuance bundle let asset_desc_hash = compute_asset_desc_hash(&NonEmpty::from_slice(asset_descr).unwrap()); let (mut awaiting_nullifier_bundle, _) = IssueBundle::new( keys.ik().clone(),