private key protocol fixes

2026-01-02 13:23:10 +00:00 · 2025-12-15 17:24:59 -05:00 · 2025-12-15 17:24:59 -05:00 · 2e0450bfcd
commit 2e0450bfcd
parent 5fe29016b7
2 changed files with 102 additions and 7 deletions
--- a/key_protocol/src/key_management/key_tree/keys_private.rs
+++ b/key_protocol/src/key_management/key_tree/keys_private.rs
@ -1,6 +1,8 @@
 use k256::{Scalar, elliptic_curve::PrimeField};
-use nssa_core::encryption::IncomingViewingPublicKey;
+use nssa_core::{NullifierPublicKey, encryption::IncomingViewingPublicKey};
 use serde::{Deserialize, Serialize};
+use sha2::{Digest, digest::FixedOutput};
+use common::HashType;

 use crate::key_management::{
    KeyChain,
@ -33,7 +35,20 @@ impl KeyNode for ChildKeysPrivate {
        let isk = ssk.generate_incoming_viewing_secret_key();
        let ovk = ssk.generate_outgoing_viewing_secret_key();

-        let npk = (&nsk).into();
+
+        let npk: NullifierPublicKey = { 
+            let mut hasher = sha2::Sha256::new();
+
+            hasher.update("NSSA_keys");
+            hasher.update(nsk);
+            hasher.update([7u8]);
+            hasher.update([0u8; 22]);
+
+            NullifierPublicKey {
+            0: <HashType>::from(hasher.finalize_fixed())
+            }
+        };
+
        let ipk = IncomingViewingPublicKey::from_scalar(isk);

        Self {
@ -56,6 +71,7 @@ impl KeyNode for ChildKeysPrivate {
    }

    fn nth_child(&self, cci: u32) -> Self {
+        // parent_pt = ovk_par + scalar(nsk_par)*isk_par
        let parent_pt = Scalar::from_repr(
            self.value
                .0
@ -91,11 +107,24 @@ impl KeyNode for ChildKeysPrivate {
            .last_chunk::<32>()
            .expect("hash_value is 64 bytes, must be safe to get last 32");

-        let nsk = ssk.generate_nullifier_secret_key();
-        let isk = ssk.generate_incoming_viewing_secret_key();
-        let ovk = ssk.generate_outgoing_viewing_secret_key();
+        let nsk = ssk.generate_child_nullifier_secret_key(cci);
+        let isk = ssk.generate_child_incoming_viewing_secret_key(cci);
+        let ovk = ssk.generate_child_outgoing_viewing_secret_key(cci);
+
+        //TODO: separate out into its own function
+        let npk: NullifierPublicKey = {
+            let mut hasher = sha2::Sha256::new();
+
+            hasher.update("NSSAchain");
+            hasher.update(nsk);
+            hasher.update([7u8]);
+            hasher.update([0u8; 22]);
+
+            NullifierPublicKey {
+                0: <HashType>::from(hasher.finalize_fixed())
+            }
+        };

-        let npk = (&nsk).into();
        let ipk = IncomingViewingPublicKey::from_scalar(isk);

        Self {
--- a/key_protocol/src/key_management/secret_holders.rs
+++ b/key_protocol/src/key_management/secret_holders.rs
@ -115,11 +115,77 @@ impl SecretSpendingKey {
            outgoing_viewing_secret_key: self.generate_outgoing_viewing_secret_key(),
        }
    }
+
+    pub fn generate_child_nullifier_secret_key(&self, cci: u32) -> NullifierSecretKey {
+        let mut key = vec![];
+        key.extend_from_slice(b"NSSAchain");
+
+        let mut input = vec![];
+
+        input.extend_from_slice(&self.0);
+        input.extend_from_slice(&[1u8]);
+        input.extend_from_slice(&cci.to_le_bytes());
+        input.extend_from_slice(&[0u8;22]);
+
+        let hash_value = hmac_sha512::HMAC::mac(input, key);
+
+    
+        *hash_value
+            .first_chunk::<32>()
+            .expect("hash_value is 64 bytes, must be safe to get first 32")    
+    }
+
+    pub fn generate_child_incoming_viewing_secret_key(&self, cci: u32) -> IncomingViewingSecretKey {
+        let mut key = vec![];
+        key.extend_from_slice(b"NSSAchain");
+
+        let mut input = vec![];
+
+        input.extend_from_slice(&self.0);
+        input.extend_from_slice(&[2u8]);
+        input.extend_from_slice(&cci.to_le_bytes());
+        input.extend_from_slice(&[0u8;22]);
+
+        let hash_value = hmac_sha512::HMAC::mac(input, key);
+
+    
+        *hash_value
+            .first_chunk::<32>()
+            .expect("hash_value is 64 bytes, must be safe to get first 32")    
+    }
+
+    pub fn generate_child_outgoing_viewing_secret_key(&self, cci: u32) -> OutgoingViewingSecretKey {
+        let mut key = vec![];
+        key.extend_from_slice(b"NSSAchain");
+
+        let mut input = vec![];
+
+        input.extend_from_slice(&self.0);
+        input.extend_from_slice(&[3u8]);
+        input.extend_from_slice(&cci.to_le_bytes());
+        input.extend_from_slice(&[0u8;22]);
+
+        let hash_value = hmac_sha512::HMAC::mac(input, key);
+
+    
+        *hash_value
+            .first_chunk::<32>()
+            .expect("hash_value is 64 bytes, must be safe to get first 32")    
+    }
 }

 impl PrivateKeyHolder {
    pub fn generate_nullifier_public_key(&self) -> NullifierPublicKey {
-        (&self.nullifier_secret_key).into()
+        let mut hasher = sha2::Sha256::new();
+
+        hasher.update("NSSA_keys");
+        hasher.update(self.nullifier_secret_key);
+        hasher.update([7u8]);
+        hasher.update([0u8; 22]);
+
+        NullifierPublicKey {
+            0: <HashType>::from(hasher.finalize_fixed())
+        }
    }

    pub fn generate_incoming_viewing_public_key(&self) -> IncomingViewingPublicKey {