Upgrade to crypto_api_chachapoly >= 0.2.1

Cargo.lock

@@ -157,7 +157,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 
 [[package]]
 name = "crypto_api_chachapoly"
-version = "0.1.8"
+version = "0.2.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 dependencies = [
  "crypto_api 0.2.2 (registry+https://github.com/rust-lang/crates.io-index)",
@@ -543,7 +543,7 @@ dependencies = [
  "aes 0.3.2 (registry+https://github.com/rust-lang/crates.io-index)",
  "blake2b_simd 0.5.1 (registry+https://github.com/rust-lang/crates.io-index)",
  "byteorder 1.2.2 (registry+https://github.com/rust-lang/crates.io-index)",
- "crypto_api_chachapoly 0.1.8 (registry+https://github.com/rust-lang/crates.io-index)",
+ "crypto_api_chachapoly 0.2.2 (registry+https://github.com/rust-lang/crates.io-index)",
  "ff 0.4.0",
  "fpe 0.2.0 (registry+https://github.com/rust-lang/crates.io-index)",
  "hex 0.3.2 (registry+https://github.com/rust-lang/crates.io-index)",
@@ -591,7 +591,7 @@ dependencies = [
 "checksum constant_time_eq 0.1.3 (registry+https://github.com/rust-lang/crates.io-index)" = "8ff012e225ce166d4422e0e78419d901719760f62ae2b7969ca6b564d1b54a9e"
 "checksum crossbeam 0.3.2 (registry+https://github.com/rust-lang/crates.io-index)" = "24ce9782d4d5c53674646a6a4c1863a21a8fc0cb649b3c94dfc16e45071dea19"
 "checksum crypto_api 0.2.2 (registry+https://github.com/rust-lang/crates.io-index)" = "2f855e87e75a4799e18b8529178adcde6fd4f97c1449ff4821e747ff728bb102"
-"checksum crypto_api_chachapoly 0.1.8 (registry+https://github.com/rust-lang/crates.io-index)" = "2f9ee35dbace0831b5fe7cb9b43eb029aa14a10f594a115025d4628a2baa63ab"
+"checksum crypto_api_chachapoly 0.2.2 (registry+https://github.com/rust-lang/crates.io-index)" = "95b2ad7cab08fd71addba81df5077c49df208effdfb3118a1519f9cdeac5aaf2"
 "checksum digest 0.8.0 (registry+https://github.com/rust-lang/crates.io-index)" = "05f47366984d3ad862010e22c7ce81a7dbcaebbdfb37241a620f8b6596ee135c"
 "checksum directories 1.0.2 (registry+https://github.com/rust-lang/crates.io-index)" = "72d337a64190607d4fcca2cb78982c5dd57f4916e19696b48a575fa746b6cb0f"
 "checksum fake-simd 0.1.2 (registry+https://github.com/rust-lang/crates.io-index)" = "e88a8acf291dafb59c2d96e8f59828f3838bb1a70398823ade51a84de6a6deed"

zcash_primitives/Cargo.toml

@@ -9,7 +9,7 @@ authors = [
 aes = "0.3"
 blake2b_simd = "0.5"
 byteorder = "1"
-crypto_api_chachapoly = "0.1"
+crypto_api_chachapoly = "0.2.1"
 ff = { path = "../ff" }
 fpe = "0.2"
 hex = "0.3"

zcash_primitives/src/note_encryption.rs

@@ -444,23 +444,12 @@ pub fn try_sapling_compact_note_decryption(
     let shared_secret = sapling_ka_agree(ivk, epk);
     let key = kdf_sapling(shared_secret, &epk);
 
-    // Prefix plaintext with 64 zero-bytes to skip over Poly1305 keying output
+    // Start from block 1 to skip over Poly1305 keying output
-    const CHACHA20_BLOCK_SIZE: usize = 64;
+    let mut plaintext = [0; COMPACT_NOTE_SIZE];
-    let mut plaintext = [0; CHACHA20_BLOCK_SIZE + COMPACT_NOTE_SIZE];
+    plaintext.copy_from_slice(&enc_ciphertext);
-    plaintext[CHACHA20_BLOCK_SIZE..].copy_from_slice(&enc_ciphertext[0..COMPACT_NOTE_SIZE]);
+    ChaCha20Ietf::xor(key.as_bytes(), &[0u8; 12], 1, &mut plaintext);
-    assert_eq!(
-        ChaCha20Ietf::cipher()
-            .decrypt(
-                &mut plaintext,
-                CHACHA20_BLOCK_SIZE + COMPACT_NOTE_SIZE,
-                key.as_bytes(),
-                &[0u8; 12],
-            )
-            .ok()?,
-        CHACHA20_BLOCK_SIZE + COMPACT_NOTE_SIZE
-    );
 
-    parse_note_plaintext_without_memo(ivk, cmu, &plaintext[CHACHA20_BLOCK_SIZE..])
+    parse_note_plaintext_without_memo(ivk, cmu, &plaintext)
 }
 
 /// Recovery of the full note plaintext by the sender.