clean up

app/rust/include/notes.h

@@ -6,4 +6,4 @@ void rseed_get_rcm(const uint8_t *rseed_ptr, uint8_t *output_ptr);
 
 void ka_to_key(uint8_t *esk_ptr, uint8_t *pkd_ptr, uint8_t *epk_ptr, uint8_t *output_ptr);
 
-void prepare_enccompact_input(uint8_t *d, uint64_t value, uint8_t *rcm_ptr, uint8_t memotype, uint8_t *out_ptr);
+void prepare_compact_note(uint8_t *d, uint64_t value, uint8_t *rcm_ptr, uint8_t memotype, uint8_t *out_ptr);

app/rust/include/zip32.h

@@ -10,14 +10,16 @@ void diversifier_get_list(uint32_t zip32_account, const uint8_t *startindex, uin
 
 void diversifier_find_valid(uint32_t zip32_account, uint8_t *default_diversifier);
 
-void zip32_child_ask_nsk(uint32_t pos, uint8_t *ask, uint8_t *nsk);
+//////////////////////////////////
 
-void zip32_nsk_from_seed(uint32_t zip32_account, uint8_t *nsk);
-
-void zip32_ovk(uint32_t zip32_account, uint8_t *ovk);
+void zip32_child_ask_nsk(uint32_t account, uint8_t *ask, uint8_t *nsk);
 
 void zip32_child_proof_key(uint32_t account, uint8_t *ak_ptr, uint8_t *nsk_ptr);
 
+void zip32_nsk(uint32_t zip32_account, uint8_t *nsk);
+
+void zip32_ovk(uint32_t zip32_account, uint8_t *ovk);
+
 void zip32_ivk(uint32_t zip32_account, uint8_t *ivk);
 
 void zip32_fvk(uint32_t zip32_account, uint8_t *fvk_ptr);

app/rust/src/commitments.rs

@@ -11,7 +11,6 @@ use crate::pedersen::*;
 use crate::personalization::CRH_NF;
 use crate::types::Diversifier;
 use crate::utils::{into_fixed_array, shiftsixbits};
-use crate::zip32_extern::zip32_nsk_from_seed;
 use crate::{utils, zip32};
 
 #[inline(never)]
@@ -104,6 +103,7 @@ mod tests {
     use crate::commitments_extern::{compute_note_commitment, compute_nullifier};
     use crate::types::{diversifier_zero, NskBytes};
     use crate::utils::into_fixed_array;
+    use crate::zip32_extern::zip32_nsk;
 
     use super::*;
 
@@ -262,7 +262,7 @@ mod tests {
             let mut nsk: NskBytes = [0u8; 32];
             let mut nf = [0u8; 32];
 
-            zip32_nsk_from_seed(account, &mut nsk);
+            zip32_nsk(account, &mut nsk);
             compute_nullifier(&cm, pos, &nsk, &mut nf);
 
             assert_eq!(

app/rust/src/constants.rs

@@ -246,15 +246,6 @@ pub const ZIP32_HARDENED: u32 = 0x8000_0000;
 /////////////////////////////////////////////////
 /////////////////////////////////////////////////
 
-pub const COMPACT_NOTE_SIZE: usize = 1 /* version */ + 11 /*diversifier*/ + 8 /*value*/ + 32 /*rcv*/;
-//52
-pub const NOTE_PLAINTEXT_SIZE: usize = COMPACT_NOTE_SIZE + 512;
-pub const OUT_PLAINTEXT_SIZE: usize = 32 /*pk_d*/ + 32 /* esk */;
-pub const ENC_COMPACT_SIZE: usize = COMPACT_NOTE_SIZE + 16;
-//68
-pub const ENC_CIPHERTEXT_SIZE: usize = NOTE_PLAINTEXT_SIZE + 16;
-pub const OUT_CIPHERTEXT_SIZE: usize = OUT_PLAINTEXT_SIZE + 16;
-
 pub const DIV_SIZE: usize = 11;
 pub const DIV_DEFAULT_LIST_LEN: usize = 4;
-pub const MAX_SIZE_BUF_ADDR: usize = 143;
+// pub const MAX_SIZE_BUF_ADDR: usize = 143;

app/rust/src/notes_extern.rs

@@ -1,9 +1,8 @@
 use byteorder::{ByteOrder, LittleEndian};
 
-use crate::constants::COMPACT_NOTE_SIZE;
 use crate::notes;
 use crate::notes::{get_epk, rseed_generate_rcm, rseed_get_esk};
-use crate::types::Diversifier;
+use crate::types::{CompactNoteExt, Diversifier};
 
 #[no_mangle]
 pub extern "C" fn rseed_get_esk_epk(
@@ -52,27 +51,20 @@ pub extern "C" fn ka_to_key(
 }
 
 #[no_mangle]
-pub extern "C" fn prepare_enccompact_input(
+pub extern "C" fn prepare_compact_note(
     d_ptr: *const Diversifier,
     value: u64,
     rcm_ptr: *const [u8; 32],
     memotype: u8,
-    output_ptr: *mut [u8; COMPACT_NOTE_SIZE + 1],
+    out_ptr: *mut CompactNoteExt,
 ) {
     let d = unsafe { &*d_ptr };
     let rcm = unsafe { &*rcm_ptr };
+    let out = unsafe { &mut *out_ptr };
 
-    let output = unsafe { &mut *output_ptr };
-
-    let mut input = [0; COMPACT_NOTE_SIZE + 1];
-    input[0] = 2;
-    input[1..12].copy_from_slice(d);
-
-    let mut vbytes = [0u8; 8];
-    LittleEndian::write_u64(&mut vbytes, value);
-
-    input[12..20].copy_from_slice(&vbytes);
-    input[20..COMPACT_NOTE_SIZE].copy_from_slice(rcm);
-    input[COMPACT_NOTE_SIZE] = memotype;
-    output.copy_from_slice(&input);
+    *out.version_mut() = 2u8;
+    out.diversifier_mut().copy_from_slice(d);
+    LittleEndian::write_u64(out.value_mut(), value);
+    out.rcm_mut().copy_from_slice(rcm);
+    *out.memotype_mut() = memotype;
 }

app/rust/src/types.rs

@@ -98,3 +98,14 @@ create_ztruct! {
         pub chain_code: Zip32MasterChainCode,
     }
 }
+
+create_ztruct! {
+    pub struct CompactNoteExt {
+        pub version: u8,
+        pub diversifier: Diversifier,
+        pub value: [u8; 8],
+        pub rcm: DkBytes,
+        // FIXME: why an additional byte?
+        pub memotype: u8
+    }
+}

app/rust/src/zip32_extern.rs

@@ -101,7 +101,7 @@ pub extern "C" fn zip32_child_ask_nsk(
 }
 
 #[no_mangle]
-pub extern "C" fn zip32_nsk_from_seed(account: u32, nsk_ptr: *mut NskBytes) {
+pub extern "C" fn zip32_nsk(account: u32, nsk_ptr: *mut NskBytes) {
     let path = [ZIP32_PURPOSE, ZIP32_COIN_TYPE, account];
     let nsk = unsafe { &mut *nsk_ptr };
 

app/src/crypto.c

@@ -191,10 +191,10 @@ zxerr_t crypto_fillDeviceSeed(uint8_t *device_seed) {
 
     // Generate randomness using a fixed path related to the device mnemonic
     const uint32_t path[HDPATH_LEN_DEFAULT] = {
-        0x8000002c, 0x80000085, MASK_HARDENED, MASK_HARDENED, MASK_HARDENED,
+        HDPATH_0_DEFAULT, HDPATH_1_DEFAULT, MASK_HARDENED, MASK_HARDENED, MASK_HARDENED,
     };
-    MEMZERO(device_seed, ED25519_SK_SIZE);
 
+    MEMZERO(device_seed, ED25519_SK_SIZE);
     uint8_t raw_privkey[64];  // Allocate 64 bytes to respect Syscall API but only 32 will be used
 
     zxerr_t error = zxerr_unknown;
@@ -214,6 +214,11 @@ zxerr_t crypto_fillDeviceSeed(uint8_t *device_seed) {
     return error;
 }
 
+//////////////////////////////////////////////////////////
+//////////////////////////////////////////////////////////
+//////////////////////////////////////////////////////////
+//////////////////////////////////////////////////////////
+
 // handleInitTX step 1/2
 zxerr_t crypto_extracttx_sapling(uint8_t *buffer, uint16_t bufferLen, const uint8_t *txdata, const uint16_t txdatalen) {
     zemu_log_stack("crypto_extracttx_sapling");
@@ -375,17 +380,8 @@ zxerr_t crypto_extracttx_sapling(uint8_t *buffer, uint16_t bufferLen, const uint
 }
 
 typedef struct {
-    union {
-        // STEP 1
-        struct {
-            uint8_t sk[ED25519_SK_SIZE];
-        } step1;
-
-        struct {
-            uint8_t ask[ASK_SIZE];
-            uint8_t nsk[NSK_SIZE];
-        } step2;
-    };
+    uint8_t ask[ASK_SIZE];
+    uint8_t nsk[NSK_SIZE];
 } tmp_spendinfo_s;
 
 // handleExtractSpendData
@@ -662,8 +658,6 @@ zxerr_t crypto_checkspend_sapling(
 
     tmp_checkspend tmp = {0};
 
-    // the path in zip32 is [FIRST_VALUE, COIN_TYPE, p] where p is u32 and last
-    // part of hdPath
     const uint8_t spendListSize = spendlist_len();
 
     for (uint8_t i = 0; i < spendListSize; i++) {
@@ -782,8 +776,6 @@ zxerr_t crypto_checkoutput_sapling(
 
     uint8_t rcm[RCM_SIZE] = {0};
 
-    // the path in zip32 is [FIRST_VALUE, COIN_TYPE, p] where p is u32 and last
-    // part of hdPath
     const uint8_t outputListLen = outputlist_len();
     for (uint8_t i = 0; i < outputListLen; i++) {
         const output_item_t *item = outputlist_retrieve_item(i);
@@ -908,8 +900,6 @@ zxerr_t crypto_checkencryptions_sapling(uint8_t *buffer, uint16_t bufferLen, con
 
     const uint8_t *start_outputdata = (uint8_t *)(txdata + length_t_in_data() + length_spenddata());
 
-    // the path in zip32 is [FIRST_VALUE, COIN_TYPE, p] where p is u32 and last
-    // part of hdPath
     for (uint8_t i = 0; i < outputlist_len(); i++) {
         // retrieve info on list of outputs stored in flash
         const output_item_t *item = outputlist_retrieve_item(i);
@@ -931,8 +921,9 @@ zxerr_t crypto_checkencryptions_sapling(uint8_t *buffer, uint16_t bufferLen, con
         CHECK_APP_CANARY()
         // encode (div, value rseed and memotype) into step2.compactout ready to be
         // encrypted
-        prepare_enccompact_input((uint8_t *)item->div, item->value, (uint8_t *)item->rseed, item->memotype,
-                                 tmp->step2.compactout);
+        prepare_compact_note((uint8_t *)item->div, item->value, (uint8_t *)item->rseed, item->memotype,
+                             tmp->step2.compactout);
+
         CHECK_APP_CANARY()
         MEMZERO(tmp->step2.chachanonce, CHACHA_NONCE_SIZE);
         // encrypt the previously obtained encoding, and store it in
@@ -1192,8 +1183,6 @@ zxerr_t crypto_signspends_sapling(
     signature_hash(txdata, start_signdata, SAPLING_LENGTH_HASH_DATA, tx_version, message + 32);
     tmp_sign_s tmp = {0};
 
-    // the path in zip32 is [FIRST_VALUE, COIN_TYPE, p] where p is u32 and last
-    // part of hdPath
     //  Temporarily get sk from Ed25519
     const uint8_t spendListLen = spendlist_len();
     for (uint8_t i = 0; i < spendListLen; i++) {
@@ -1314,7 +1303,7 @@ zxerr_t crypto_fvk_sapling(uint8_t *buffer, uint16_t bufferLen, uint32_t p, uint
 // handleGetNullifier
 zxerr_t crypto_nullifier_sapling(uint8_t *outputBuffer,
                                  uint16_t outputBufferLen,
-                                 uint32_t zip32_path,
+                                 uint32_t zip32_account,
                                  uint64_t notepos,
                                  uint8_t *cm,
                                  uint16_t *replyLen) {
@@ -1324,7 +1313,7 @@ zxerr_t crypto_nullifier_sapling(uint8_t *outputBuffer,
 
     // nk can be computed from nsk which itself can be computed from the seed.
     uint8_t nsk[NSK_SIZE] = {0};
-    zip32_nsk_from_seed(zip32_path, nsk);
+    zip32_nsk(zip32_account, nsk);
 
     compute_nullifier(cm, notepos, nsk, outputBuffer);
     CHECK_APP_CANARY()