refactor(wallet): dedup randomness helpers, fill dummy note directly

This commit is contained in:
Artem Gureev 2026-07-03 16:53:39 +00:00 committed by agureev
parent 3d95594b4f
commit d0fda9b3dd

View File

@ -4,12 +4,11 @@ use anyhow::Result;
use keycard_wallet::{KeycardWallet, python_path}; use keycard_wallet::{KeycardWallet, python_path};
use lee::{AccountId, PrivateKey, PublicKey, Signature}; use lee::{AccountId, PrivateKey, PublicKey, Signature};
use lee_core::{ use lee_core::{
Commitment, CommitmentSetDigest, DUMMY_COMMITMENT_HASH, DummyInput, EncryptionScheme, CommitmentSetDigest, DUMMY_COMMITMENT_HASH, DummyInput, Identifier, InputAccountIdentity,
Identifier, InputAccountIdentity, MembershipProof, NullifierPublicKey, NullifierSecretKey, MembershipProof, NullifierPublicKey, NullifierSecretKey, PrivateAccountKind, SharedSecretKey,
PrivateAccountKind, SharedSecretKey,
account::{Account, AccountWithMetadata, Nonce}, account::{Account, AccountWithMetadata, Nonce},
encryption::{ encryption::{
EncryptedAccountData, EphemeralPublicKey, ML_KEM_768_CIPHERTEXT_LEN, ViewTag, Ciphertext, EncryptedAccountData, EphemeralPublicKey, ML_KEM_768_CIPHERTEXT_LEN, ViewTag,
ViewingPublicKey, ViewingPublicKey,
}, },
}; };
@ -267,8 +266,7 @@ impl AccountManager {
} => { } => {
let acc = lee_core::account::Account::default(); let acc = lee_core::account::Account::default();
let auth_acc = AccountWithMetadata::new(acc, false, (&npk, &vpk, identifier)); let auth_acc = AccountWithMetadata::new(acc, false, (&npk, &vpk, identifier));
let mut random_seed: [u8; 32] = [0; 32]; let random_seed = random_bytes();
OsRng.fill_bytes(&mut random_seed);
let pre = AccountPreparedData { let pre = AccountPreparedData {
nsk: None, nsk: None,
npk, npk,
@ -294,8 +292,7 @@ impl AccountManager {
} => { } => {
let acc = lee_core::account::Account::default(); let acc = lee_core::account::Account::default();
let auth_acc = AccountWithMetadata::new(acc, false, account_id); let auth_acc = AccountWithMetadata::new(acc, false, account_id);
let mut random_seed: [u8; 32] = [0; 32]; let random_seed = random_bytes();
OsRng.fill_bytes(&mut random_seed);
let pre = AccountPreparedData { let pre = AccountPreparedData {
nsk: None, nsk: None,
npk, npk,
@ -584,8 +581,7 @@ async fn private_key_tree_acc_preparation(
// support from that in the wallet. // support from that in the wallet.
let sender_pre = AccountWithMetadata::new(from_acc.account.clone(), true, account_id); let sender_pre = AccountWithMetadata::new(from_acc.account.clone(), true, account_id);
let mut random_seed: [u8; 32] = [0; 32]; let random_seed = random_bytes();
OsRng.fill_bytes(&mut random_seed);
Ok(AccountPreparedData { Ok(AccountPreparedData {
nsk: Some(nsk), nsk: Some(nsk),
@ -622,8 +618,7 @@ async fn private_shared_acc_preparation(
.await .await
.unwrap_or(None); .unwrap_or(None);
let mut random_seed: [u8; 32] = [0; 32]; let random_seed = random_bytes();
OsRng.fill_bytes(&mut random_seed);
Ok(AccountPreparedData { Ok(AccountPreparedData {
nsk: Some(nsk), nsk: Some(nsk),
@ -650,26 +645,22 @@ fn random_bytes() -> [u8; 32] {
bytes bytes
} }
/// Generates a random note by encoding a default account with random secret key, fn random_vec(len: usize) -> Vec<u8> {
/// then generating a random epk value (not connected to the original key) as well let mut bytes = vec![0; len];
/// as a random tag. OsRng.fill_bytes(&mut bytes);
bytes
}
/// Generates a dummy note: random bytes sized to a default-account ciphertext, a
/// random epk, and a random view tag. Not decryptable — it only pads the journal.
fn random_dummy_note() -> EncryptedAccountData { fn random_dummy_note() -> EncryptedAccountData {
let mut secret = [0; 32]; // Sized to a default-account ciphertext; matching real data sizes is a separate issue.
OsRng.fill_bytes(&mut secret); let ciphertext_len = PrivateAccountKind::HEADER_LEN
// The cipher is currently assumed to have default data. The data padding .checked_add(Account::default().to_bytes().len())
// leak is a separate issue. .expect("dummy ciphertext length fits in usize");
let ciphertext = EncryptionScheme::encrypt(
&Account::default(),
&PrivateAccountKind::Regular(0),
&SharedSecretKey(secret),
&Commitment::new(&AccountId::new([0; 32]), &Account::default()),
0,
);
let mut epk = vec![0; ML_KEM_768_CIPHERTEXT_LEN];
OsRng.fill_bytes(&mut epk);
EncryptedAccountData { EncryptedAccountData {
ciphertext, ciphertext: Ciphertext::from_inner(random_vec(ciphertext_len)),
epk: EphemeralPublicKey(epk), epk: EphemeralPublicKey(random_vec(ML_KEM_768_CIPHERTEXT_LEN)),
view_tag: random_view_tag(), view_tag: random_view_tag(),
} }
} }