refactor: optimize zcash

soralit · soralit · commit bda731ce973e · 2024-12-20T09:45:43.000+08:00
diff --git a/rust/Cargo.lock b/rust/Cargo.lock
diff --git a/rust/keystore/src/algorithms/zcash/mod.rs b/rust/keystore/src/algorithms/zcash/mod.rs
@@ -22,13 +22,43 @@ use zcash_vendor::{
 
 use crate::errors::{KeystoreError, Result};
 
-use super::utils::normalize_path;
-
-pub fn derive_ufvk<P: consensus::Parameters>(params: &P, seed: &[u8]) -> Result<String> {
-    let usk = UnifiedSpendingKey::from_seed(params, &seed, AccountId::ZERO)
+pub fn derive_ufvk<P: consensus::Parameters>(
+    params: &P,
+    seed: &[u8],
+    account_path: &str,
+) -> Result<String> {
+    let account_path = DerivationPath::from_str(account_path.to_lowercase().as_str())
         .map_err(|e| KeystoreError::DerivationError(e.to_string()))?;
-    let ufvk = usk.to_unified_full_viewing_key();
-    Ok(ufvk.encode(params))
+    if account_path.len() != 3 {
+        return Err(KeystoreError::DerivationError(format!(
+            "invalid account path: {}",
+            account_path
+        )));
+    }
+    //should be hardened(32) hardened(133) hardened(account_id)
+    let purpose = account_path[0];
+    let coin_type = account_path[1];
+    let account_id = account_path[2];
+    match (purpose, coin_type, account_id) {
+        (
+            ChildNumber::Hardened { index: 32 },
+            ChildNumber::Hardened { index: 133 },
+            ChildNumber::Hardened { index: account_id },
+        ) => {
+            let account_index = zip32::AccountId::try_from(account_id)
+                .map_err(|_e| KeystoreError::DerivationError(format!("invalid account index")))?;
+            let usk = UnifiedSpendingKey::from_seed(params, &seed, account_index)
+                .map_err(|e| KeystoreError::DerivationError(e.to_string()))?;
+            let ufvk = usk.to_unified_full_viewing_key();
+            Ok(ufvk.encode(params))
+        }
+        _ => {
+            return Err(KeystoreError::DerivationError(format!(
+                "invalid account path: {}",
+                account_path
+            )));
+        }
+    }
 }
 
 pub fn calculate_seed_fingerprint(seed: &[u8]) -> Result<[u8; 32]> {
diff --git a/rust/rust_c/src/common/Cargo.toml b/rust/rust_c/src/common/Cargo.toml
@@ -22,6 +22,8 @@ rsa = { workspace = true }
 cryptoxide = { workspace = true }
 ur-parse-lib = { workspace = true }
 sha1 = { workspace = true }
+aes = { workspace = true }
+cbc = { workspace = true }
 
 app_bitcoin = { workspace = true }
 app_wallets = { workspace = true }
diff --git a/rust/rust_c/src/common/src/lib.rs b/rust/rust_c/src/common/src/lib.rs
@@ -4,10 +4,16 @@
 #![allow(unused_unsafe)]
 extern crate alloc;
 
+use aes::cipher::block_padding::Pkcs7;
+use aes::cipher::generic_array::GenericArray;
+use aes::cipher::{BlockDecryptMut, BlockEncryptMut, KeyIvInit};
 use alloc::boxed::Box;
-use alloc::string::ToString;
+use alloc::string::{String, ToString};
+use core::ptr::null_mut;
 use core::slice;
-use keystore::algorithms::zcash;
+use cryptoxide::hashing::sha256;
+use ffi::VecFFI;
+use keystore::algorithms::ed25519::slip10_ed25519::get_private_key_by_seed;
 
 use bitcoin::hex::Case;
 use bitcoin_hashes::hex::DisplayHex;
@@ -16,7 +22,7 @@ use hex;
 use hex::ToHex;
 
 use errors::ErrorCodes;
-use structs::TransactionCheckResult;
+use structs::{Response, TransactionCheckResult};
 use types::Ptr;
 
 use crate::errors::RustCError;
@@ -297,3 +303,118 @@ pub extern "C" fn pbkdf2_rust_64(
 pub extern "C" fn tx_check_pass() -> Ptr<TransactionCheckResult> {
     TransactionCheckResult::new().c_ptr()
 }
+
+type Aes256CbcEnc = cbc::Encryptor<aes::Aes256>;
+type Aes256CbcDec = cbc::Decryptor<aes::Aes256>;
+
+#[no_mangle]
+pub extern "C" fn rust_aes256_cbc_encrypt(
+    data: PtrString,
+    password: PtrString,
+    iv: PtrBytes,
+    iv_len: u32,
+) -> *mut SimpleResponse<c_char> {
+    let data = recover_c_char(data);
+    let data = data.as_bytes();
+    let password = recover_c_char(password);
+    let iv = unsafe { slice::from_raw_parts(iv, iv_len as usize) };
+    let key = sha256(password.as_bytes());
+    let iv = GenericArray::from_slice(&iv);
+    let key = GenericArray::from_slice(&key);
+    let ct = Aes256CbcEnc::new(key, iv).encrypt_padded_vec_mut::<Pkcs7>(data);
+    SimpleResponse::success(convert_c_char(hex::encode(ct))).simple_c_ptr()
+}
+
+#[no_mangle]
+pub extern "C" fn rust_aes256_cbc_decrypt(
+    hex_data: PtrString,
+    password: PtrString,
+    iv: PtrBytes,
+    iv_len: u32,
+) -> *mut SimpleResponse<c_char> {
+    let hex_data = recover_c_char(hex_data);
+    let data = hex::decode(hex_data).unwrap();
+    let password = recover_c_char(password);
+    let iv = unsafe { slice::from_raw_parts(iv, iv_len as usize) };
+    let key = sha256(password.as_bytes());
+    let iv = GenericArray::from_slice(&iv);
+    let key = GenericArray::from_slice(&key);
+
+    match Aes256CbcDec::new(key, iv).decrypt_padded_vec_mut::<Pkcs7>(&data) {
+        Ok(pt) => {
+            SimpleResponse::success(convert_c_char(String::from_utf8(pt).unwrap())).simple_c_ptr()
+        }
+        Err(_e) => SimpleResponse::from(RustCError::InvalidHex("decrypt failed".to_string()))
+            .simple_c_ptr(),
+    }
+}
+
+#[no_mangle]
+pub extern "C" fn rust_derive_iv_from_seed(
+    seed: PtrBytes,
+    seed_len: u32,
+) -> *mut SimpleResponse<u8> {
+    let seed = unsafe { slice::from_raw_parts(seed, seed_len as usize) };
+    let iv_path = "m/44'/1557192335'/0'/2'/0'".to_string();
+    let iv = get_private_key_by_seed(seed, &iv_path).unwrap();
+    let mut iv_bytes = [0; 16];
+    iv_bytes.copy_from_slice(&iv[..16]);
+    SimpleResponse::success(Box::into_raw(Box::new(iv_bytes)) as *mut u8).simple_c_ptr()
+}
+
+#[cfg(test)]
+mod tests {
+    use alloc::{string::String, vec::Vec};
+
+    use super::*;
+
+    #[test]
+    fn test_aes256_cbc_encrypt() {
+        let mut data = convert_c_char("hello world".to_string());
+        let mut password = convert_c_char("password".to_string());
+        let mut seed = hex::decode("00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000").unwrap();
+        let iv = rust_derive_iv_from_seed(seed.as_mut_ptr(), 64);
+        let mut iv = unsafe { slice::from_raw_parts_mut((*iv).data, 16) };
+        let iv_len = 16;
+        let ct = rust_aes256_cbc_encrypt(data, password, iv.as_mut_ptr(), iv_len as u32);
+        let ct_vec = unsafe { (*ct).data };
+        let value = recover_c_char(ct_vec);
+        assert_eq!(value, "639194f4bf964e15d8ea9c9bd9d96918");
+    }
+
+    #[test]
+    fn test_aes256_cbc_decrypt() {
+        let data = convert_c_char("639194f4bf964e15d8ea9c9bd9d96918".to_string());
+        let password = convert_c_char("password".to_string());
+        let mut seed = hex::decode("00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000").unwrap();
+        let iv = rust_derive_iv_from_seed(seed.as_mut_ptr(), 64);
+        let iv = unsafe { slice::from_raw_parts_mut((*iv).data, 16) };
+        let iv_len = 16;
+        let pt = rust_aes256_cbc_decrypt(data, password, iv.as_mut_ptr(), iv_len as u32);
+        assert!(!pt.is_null());
+        let ct_vec = unsafe { (*pt).data };
+        let value = recover_c_char(ct_vec);
+        assert_eq!(value, "hello world");
+    }
+
+    #[test]
+    fn test_dep_aes256() {
+        let mut data = b"hello world";
+        let seed = hex::decode("00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000").unwrap();
+        let iv_path = "m/44'/1557192335'/0'/2'/0'".to_string();
+        let iv = get_private_key_by_seed(&seed, &iv_path).unwrap();
+        let mut iv_bytes = [0; 16];
+        iv_bytes.copy_from_slice(&iv[..16]);
+        let key = sha256(b"password");
+        let iv = GenericArray::from_slice(&iv_bytes);
+        let key = GenericArray::from_slice(&key);
+
+        let encrypter = Aes256CbcEnc::new(key, iv);
+        let decrypter = Aes256CbcDec::new(key, iv);
+
+        let ct = encrypter.encrypt_padded_vec_mut::<Pkcs7>(data);
+        let pt = decrypter.decrypt_padded_vec_mut::<Pkcs7>(&ct).unwrap();
+
+        assert_eq!(String::from_utf8(pt).unwrap(), "hello world");
+    }
+}
diff --git a/rust/rust_c/src/common/src/structs.rs b/rust/rust_c/src/common/src/structs.rs
@@ -82,7 +82,7 @@ make_free_method!(TransactionCheckResult);
 
 #[repr(C)]
 pub struct SimpleResponse<T> {
-    data: *mut T,
+    pub data: *mut T,
     error_code: u32,
     error_message: PtrString,
 }
diff --git a/rust/rust_c/src/zcash/src/lib.rs b/rust/rust_c/src/zcash/src/lib.rs
@@ -24,9 +24,10 @@ use ur_registry::{traits::RegistryItem, zcash::zcash_pczt::ZcashPczt};
 use zcash_vendor::zcash_protocol::consensus::MainNetwork;
 
 #[no_mangle]
-pub extern "C" fn derive_zcash_ufvk(seed: PtrBytes, seed_len: u32) -> *mut SimpleResponse<c_char> {
+pub extern "C" fn derive_zcash_ufvk(seed: PtrBytes, seed_len: u32, account_path: PtrString) -> *mut SimpleResponse<c_char> {
     let seed = unsafe { slice::from_raw_parts(seed, seed_len as usize) };
-    let ufvk_text = derive_ufvk(&MainNetwork, seed);
+    let account_path = recover_c_char(account_path);
+    let ufvk_text = derive_ufvk(&MainNetwork, seed, &account_path);
     match ufvk_text {
         Ok(text) => SimpleResponse::success(convert_c_char(text)).simple_c_ptr(),
         Err(e) => SimpleResponse::from(e).simple_c_ptr(),
diff --git a/src/crypto/account_public_info.c b/src/crypto/account_public_info.c
@@ -50,6 +50,7 @@ typedef enum {
     TON_NATIVE,
     TON_CHECKSUM,
     LEDGER_BITBOX02,
+    ZCASH_UFVK_ENCRYPTED,
 } PublicInfoType_t;
 
 typedef struct {
@@ -289,6 +290,12 @@ static const ChainItem_t g_chainTable[] = {
     {XPUB_TYPE_TON_BIP39,             ED25519,       "ton_bip39",                "M/44'/607'/0'"    },
     {XPUB_TYPE_TON_NATIVE,            TON_NATIVE,    "ton",                      ""                 },
     {PUBLIC_INFO_TON_CHECKSUM,        TON_CHECKSUM,  "ton_checksum",             ""                 },
+    //this path is not 100% correct because UFVK is a combination of
+    //a k1 key with path M/44'/133'/x'
+    //and
+    //a redpallas key with path M/32'/133'/x'
+    //but we use 32 to identify it for now
+    {ZCASH_UFVK_ENCRYPTED_0,          ZCASH_UFVK_ENCRYPTED, "zcash_ufvk_0",        "M/32'/133'/0'"    },
 
 #else
     {XPUB_TYPE_BTC,                     SECP256K1,      "btc_nested_segwit",        "M/49'/0'/0'"   },
@@ -590,7 +597,6 @@ int32_t AccountPublicSavePublicInfo(uint8_t accountIndex, const char *password,
             ledgerBitbox02Key = ledger_bitbox02_response->data;
         }
 
-
 #ifndef BTC_ONLY
         if (isTon) {
             //store public key for ton wallet;
@@ -613,16 +619,34 @@ int32_t AccountPublicSavePublicInfo(uint8_t accountIndex, const char *password,
         } else {
 #endif
             for (int i = 0; i < NUMBER_OF_ARRAYS(g_chainTable); i++) {
-                // slip39 wallet does not support ADA
-                if (isSlip39 && (g_chainTable[i].cryptoKey == BIP32_ED25519 || g_chainTable[i].cryptoKey == LEDGER_BITBOX02)) {
+                // slip39 wallet does not support:
+                // ADA
+                // Zcash
+                if (isSlip39 && (g_chainTable[i].cryptoKey == BIP32_ED25519 || g_chainTable[i].cryptoKey == LEDGER_BITBOX02 || g_chainTable[i].cryptoKey == ZCASH_UFVK_ENCRYPTED)) {
                     continue;
                 }
-                // do not generate public keys for ton wallet;
+                // do not generate public keys for ton-only wallet;
                 if (g_chainTable[i].cryptoKey == TON_CHECKSUM || g_chainTable[i].cryptoKey == TON_NATIVE) {
                     continue;
                 }
-
-                xPubResult = ProcessKeyType(seed, len, g_chainTable[i].cryptoKey, g_chainTable[i].path, icarusMasterKey, ledgerBitbox02Key);
+                //encrypt zcash ufvk
+                if (g_chainTable[i].cryptoKey == ZCASH_UFVK_ENCRYPTED) {
+                    char* zcashUfvk = NULL;
+                    SimpleResponse_c_char *zcash_ufvk_response = NULL;
+                    zcash_ufvk_response = derive_zcash_ufvk(seed, len, g_chainTable[i].path);
+                    CHECK_AND_FREE_XPUB(zcash_ufvk_response)
+                    zcashUfvk = zcash_ufvk_response->data;
+                    printf("zcash ufvk: %s\r\n", zcashUfvk);
+                    SimpleResponse_u8 *iv_response = rust_derive_iv_from_seed(seed, len);
+                    //iv_response won't fail
+                    uint8_t iv_bytes[16];
+                    memcpy_s(iv_bytes, 16, iv_response->data, 16);
+                    free_simple_response_u8(iv_response);
+                    xPubResult = rust_aes256_cbc_encrypt(zcashUfvk, password, iv_bytes, 16);
+                }
+                else {
+                    xPubResult = ProcessKeyType(seed, len, g_chainTable[i].cryptoKey, g_chainTable[i].path, icarusMasterKey, ledgerBitbox02Key);
+                }
                 if (g_chainTable[i].cryptoKey == RSA_KEY && xPubResult == NULL) {
                     continue;
                 }
@@ -773,6 +797,9 @@ int32_t TempAccountPublicInfo(uint8_t accountIndex, const char *password, bool s
             if (g_chainTable[i].cryptoKey == TON_CHECKSUM || g_chainTable[i].cryptoKey == TON_NATIVE) {
                 continue;
             }
+            if (g_chainTable[i].cryptoKey == ZCASH_UFVK_ENCRYPTED) {
+                continue;
+            }
 
             xPubResult = ProcessKeyType(seed, len, g_chainTable[i].cryptoKey, g_chainTable[i].path, icarusMasterKey, ledgerBitbox02Key);
             if (g_chainTable[i].cryptoKey == RSA_KEY && xPubResult == NULL) {
diff --git a/src/crypto/account_public_info.h b/src/crypto/account_public_info.h
@@ -222,6 +222,7 @@ typedef enum {
     XPUB_TYPE_TON_BIP39,
     XPUB_TYPE_TON_NATIVE,
     PUBLIC_INFO_TON_CHECKSUM,
+    ZCASH_UFVK_ENCRYPTED_0,
 #else
     XPUB_TYPE_BTC_TEST,
     XPUB_TYPE_BTC_LEGACY_TEST,
diff --git a/src/managers/account_manager.c b/src/managers/account_manager.c
@@ -600,18 +600,18 @@ int32_t CalculateZcashUFVK(uint8_t accountIndex, const char* password) {
     int len = GetMnemonicType() == MNEMONIC_TYPE_BIP39 ? sizeof(seed) : GetCurrentAccountEntropyLen();
     int32_t ret = GetAccountSeed(accountIndex, &seed, password);
 
-    SimpleResponse_c_char *response = derive_zcash_ufvk(seed, len);
-    if (response->error_code != 0)
-    {
-        ret = response->error_code;
-        printf("error: %s\r\n", response->error_message);
-        return ret;
-    }
+    SimpleResponse_u8 *iv_response = rust_derive_iv_from_seed(seed, len);
+
+    uint8_t iv_bytes[16];
+    memcpy_s(iv_bytes, 16, iv_response->data, 16);
+    free_simple_response_u8(iv_response);
+
+    char *zcashEncrypted = GetCurrentAccountPublicKey(ZCASH_UFVK_ENCRYPTED_0);
+    SimpleResponse_c_char *response = rust_aes256_cbc_decrypt(zcashEncrypted, password, iv_bytes, 16);
 
     char ufvk[ZCASH_UFVK_MAX_LEN] = {'\0'};
     strcpy_s(ufvk, ZCASH_UFVK_MAX_LEN, response->data);
     free_simple_response_c_char(response);
-
     SimpleResponse_u8 *responseSFP = calculate_zcash_seed_fingerprint(seed, len);
     if (responseSFP->error_code != 0)
     {

Original file line number	Diff line number	Diff line change
`@@ -82,7 +82,7 @@ make_free_method!(TransactionCheckResult);`
`82`	`82`
`83`	`83`	`#[repr(C)]`
`84`	`84`	`pub struct SimpleResponse<T> {`
`85`		`- data: *mut T,`
	`85`	`+ pub data: *mut T,`
`86`	`86`	`error_code: u32,`
`87`	`87`	`error_message: PtrString,`
`88`	`88`	`}`