1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65

//! Sprout commitment types.

use sha2::{Digest, Sha256};

use crate::fmt::HexDebug;

use super::note::Note;

/// The randomness used in the Pedersen Hash for note commitment.
#[derive(Copy, Clone, Debug, PartialEq, Eq)]
#[cfg_attr(
    any(test, feature = "proptest-impl"),
    derive(proptest_derive::Arbitrary)
)]
pub struct CommitmentRandomness(pub HexDebug<[u8; 32]>);

impl AsRef<[u8]> for CommitmentRandomness {
    fn as_ref(&self) -> &[u8] {
        self.0.as_ref()
    }
}

/// Note commitments for the output notes.
#[derive(Clone, Copy, Debug, Deserialize, PartialEq, Eq, Serialize)]
#[cfg_attr(
    any(test, feature = "proptest-impl"),
    derive(proptest_derive::Arbitrary)
)]
pub struct NoteCommitment(pub(crate) HexDebug<[u8; 32]>);

impl From<[u8; 32]> for NoteCommitment {
    fn from(bytes: [u8; 32]) -> Self {
        Self(bytes.into())
    }
}

impl From<Note> for NoteCommitment {
    /// NoteCommit_rcm^Sprout(a_pk, v, rho)
    ///
    /// <https://zips.z.cash/protocol/protocol.pdf#concretesproutnotecommit>
    fn from(note: Note) -> NoteCommitment {
        let leading_byte: u8 = 0xB0;
        let mut hasher = Sha256::default();
        hasher.update([leading_byte]);
        hasher.update(note.paying_key);
        hasher.update(note.value.to_bytes());
        hasher.update(note.rho);
        hasher.update(note.rcm);

        let commitment: [u8; 32] = hasher.finalize().into();
        NoteCommitment(commitment.into())
    }
}

impl From<NoteCommitment> for [u8; 32] {
    fn from(cm: NoteCommitment) -> [u8; 32] {
        *cm.0
    }
}

impl From<&NoteCommitment> for [u8; 32] {
    fn from(cm: &NoteCommitment) -> [u8; 32] {
        *cm.0
    }
}