diff --git a/Cargo.lock b/Cargo.lock index 60bcbad..a733501 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -157,7 +157,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" [[package]] name = "crypto_api_chachapoly" -version = "0.1.8" +version = "0.2.2" source = "registry+https://github.com/rust-lang/crates.io-index" dependencies = [ "crypto_api 0.2.2 (registry+https://github.com/rust-lang/crates.io-index)", @@ -543,7 +543,7 @@ dependencies = [ "aes 0.3.2 (registry+https://github.com/rust-lang/crates.io-index)", "blake2b_simd 0.5.1 (registry+https://github.com/rust-lang/crates.io-index)", "byteorder 1.2.2 (registry+https://github.com/rust-lang/crates.io-index)", - "crypto_api_chachapoly 0.1.8 (registry+https://github.com/rust-lang/crates.io-index)", + "crypto_api_chachapoly 0.2.2 (registry+https://github.com/rust-lang/crates.io-index)", "ff 0.4.0", "fpe 0.2.0 (registry+https://github.com/rust-lang/crates.io-index)", "hex 0.3.2 (registry+https://github.com/rust-lang/crates.io-index)", @@ -591,7 +591,7 @@ dependencies = [ "checksum constant_time_eq 0.1.3 (registry+https://github.com/rust-lang/crates.io-index)" = "8ff012e225ce166d4422e0e78419d901719760f62ae2b7969ca6b564d1b54a9e" "checksum crossbeam 0.3.2 (registry+https://github.com/rust-lang/crates.io-index)" = "24ce9782d4d5c53674646a6a4c1863a21a8fc0cb649b3c94dfc16e45071dea19" "checksum crypto_api 0.2.2 (registry+https://github.com/rust-lang/crates.io-index)" = "2f855e87e75a4799e18b8529178adcde6fd4f97c1449ff4821e747ff728bb102" -"checksum crypto_api_chachapoly 0.1.8 (registry+https://github.com/rust-lang/crates.io-index)" = "2f9ee35dbace0831b5fe7cb9b43eb029aa14a10f594a115025d4628a2baa63ab" +"checksum crypto_api_chachapoly 0.2.2 (registry+https://github.com/rust-lang/crates.io-index)" = "95b2ad7cab08fd71addba81df5077c49df208effdfb3118a1519f9cdeac5aaf2" "checksum digest 0.8.0 (registry+https://github.com/rust-lang/crates.io-index)" = "05f47366984d3ad862010e22c7ce81a7dbcaebbdfb37241a620f8b6596ee135c" "checksum directories 1.0.2 (registry+https://github.com/rust-lang/crates.io-index)" = "72d337a64190607d4fcca2cb78982c5dd57f4916e19696b48a575fa746b6cb0f" "checksum fake-simd 0.1.2 (registry+https://github.com/rust-lang/crates.io-index)" = "e88a8acf291dafb59c2d96e8f59828f3838bb1a70398823ade51a84de6a6deed" diff --git a/zcash_primitives/Cargo.toml b/zcash_primitives/Cargo.toml index 5327905..ba724be 100644 --- a/zcash_primitives/Cargo.toml +++ b/zcash_primitives/Cargo.toml @@ -9,7 +9,7 @@ authors = [ aes = "0.3" blake2b_simd = "0.5" byteorder = "1" -crypto_api_chachapoly = "0.1" +crypto_api_chachapoly = "0.2.1" ff = { path = "../ff" } fpe = "0.2" hex = "0.3" diff --git a/zcash_primitives/src/note_encryption.rs b/zcash_primitives/src/note_encryption.rs index 42e1398..d6b66ce 100644 --- a/zcash_primitives/src/note_encryption.rs +++ b/zcash_primitives/src/note_encryption.rs @@ -444,23 +444,12 @@ pub fn try_sapling_compact_note_decryption( let shared_secret = sapling_ka_agree(ivk, epk); let key = kdf_sapling(shared_secret, &epk); - // Prefix plaintext with 64 zero-bytes to skip over Poly1305 keying output - const CHACHA20_BLOCK_SIZE: usize = 64; - let mut plaintext = [0; CHACHA20_BLOCK_SIZE + COMPACT_NOTE_SIZE]; - plaintext[CHACHA20_BLOCK_SIZE..].copy_from_slice(&enc_ciphertext[0..COMPACT_NOTE_SIZE]); - assert_eq!( - ChaCha20Ietf::cipher() - .decrypt( - &mut plaintext, - CHACHA20_BLOCK_SIZE + COMPACT_NOTE_SIZE, - key.as_bytes(), - &[0u8; 12], - ) - .ok()?, - CHACHA20_BLOCK_SIZE + COMPACT_NOTE_SIZE - ); + // Start from block 1 to skip over Poly1305 keying output + let mut plaintext = [0; COMPACT_NOTE_SIZE]; + plaintext.copy_from_slice(&enc_ciphertext); + ChaCha20Ietf::xor(key.as_bytes(), &[0u8; 12], 1, &mut plaintext); - parse_note_plaintext_without_memo(ivk, cmu, &plaintext[CHACHA20_BLOCK_SIZE..]) + parse_note_plaintext_without_memo(ivk, cmu, &plaintext) } /// Recovery of the full note plaintext by the sender.