From 5409291b0cbc409c8cbfc24695b4c50a3499b0fb Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Fri, 17 Dec 2021 01:07:07 +0000 Subject: [PATCH 1/7] zcash_note_encryption: Add `doc_cfg` annotations --- components/zcash_note_encryption/Cargo.toml | 4 ++++ components/zcash_note_encryption/src/lib.rs | 3 +++ 2 files changed, 7 insertions(+) diff --git a/components/zcash_note_encryption/Cargo.toml b/components/zcash_note_encryption/Cargo.toml index 060571499..51a69c6c5 100644 --- a/components/zcash_note_encryption/Cargo.toml +++ b/components/zcash_note_encryption/Cargo.toml @@ -11,6 +11,10 @@ repository = "https://github.com/zcash/librustzcash" license = "MIT OR Apache-2.0" edition = "2018" +[package.metadata.docs.rs] +all-features = true +rustdoc-args = ["--cfg", "docsrs"] + [dependencies] blake2b_simd = { version = "0.5", default-features = false } byteorder = { version = "1", default-features = false } diff --git a/components/zcash_note_encryption/src/lib.rs b/components/zcash_note_encryption/src/lib.rs index 646d0eeb7..f9733294a 100644 --- a/components/zcash_note_encryption/src/lib.rs +++ b/components/zcash_note_encryption/src/lib.rs @@ -4,6 +4,7 @@ //! protocols. #![no_std] +#![cfg_attr(docsrs, feature(doc_cfg))] // Catch documentation errors caused by code changes. #![deny(broken_intra_doc_links)] #![deny(unsafe_code)] @@ -29,6 +30,7 @@ use rand_core::RngCore; use subtle::{Choice, ConstantTimeEq}; #[cfg(feature = "alloc")] +#[cfg_attr(docsrs, doc(cfg(feature = "alloc")))] pub mod batch; pub const COMPACT_NOTE_SIZE: usize = 1 + // version @@ -175,6 +177,7 @@ pub trait Domain { } #[cfg(feature = "alloc")] +#[cfg_attr(docsrs, doc(cfg(feature = "alloc")))] pub trait BatchDomain: Domain { /// Computes `Self::kdf` on a batch of items. /// From edc3557e307c27ae98007e65ceeb0c99b5d000d4 Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Fri, 17 Dec 2021 05:36:21 +0000 Subject: [PATCH 2/7] zcash_note_encryption: Document APIs --- components/zcash_note_encryption/src/lib.rs | 130 ++++++++++++++++++-- 1 file changed, 119 insertions(+), 11 deletions(-) diff --git a/components/zcash_note_encryption/src/lib.rs b/components/zcash_note_encryption/src/lib.rs index f9733294a..0c3a01e9e 100644 --- a/components/zcash_note_encryption/src/lib.rs +++ b/components/zcash_note_encryption/src/lib.rs @@ -33,15 +33,20 @@ use subtle::{Choice, ConstantTimeEq}; #[cfg_attr(docsrs, doc(cfg(feature = "alloc")))] pub mod batch; +/// The size of a compact note. pub const COMPACT_NOTE_SIZE: usize = 1 + // version 11 + // diversifier 8 + // value 32; // rseed (or rcm prior to ZIP 212) +/// The size of [`NotePlaintextBytes`]. pub const NOTE_PLAINTEXT_SIZE: usize = COMPACT_NOTE_SIZE + 512; +/// The size of [`OutPlaintextBytes`]. pub const OUT_PLAINTEXT_SIZE: usize = 32 + // pk_d 32; // esk -pub const AEAD_TAG_SIZE: usize = 16; +const AEAD_TAG_SIZE: usize = 16; +/// The size of an encrypted note plaintext. pub const ENC_CIPHERTEXT_SIZE: usize = NOTE_PLAINTEXT_SIZE + AEAD_TAG_SIZE; +/// The size of an encrypted outgoing plaintext. pub const OUT_CIPHERTEXT_SIZE: usize = OUT_PLAINTEXT_SIZE + AEAD_TAG_SIZE; /// A symmetric key that can be used to recover a single Sapling or Orchard output. @@ -59,6 +64,9 @@ impl AsRef<[u8]> for OutgoingCipherKey { } } +/// Newtype representing the byte encoding of an [`EphemeralPublicKey`]. +/// +/// [`EphemeralPublicKey`]: Domain::EphemeralPublicKey #[derive(Clone, Debug)] pub struct EphemeralKeyBytes(pub [u8; 32]); @@ -80,7 +88,9 @@ impl ConstantTimeEq for EphemeralKeyBytes { } } +/// Newtype representing the byte encoding of a note plaintext. pub struct NotePlaintextBytes(pub [u8; NOTE_PLAINTEXT_SIZE]); +/// Newtype representing the byte encoding of a outgoing plaintext. pub struct OutPlaintextBytes(pub [u8; OUT_PLAINTEXT_SIZE]); #[derive(Copy, Clone, PartialEq, Eq)] @@ -89,6 +99,10 @@ enum NoteValidity { Invalid, } +/// Trait that encapsulates protocol-specific note encryption types and logic. +/// +/// This trait enables most of the note encryption logic to be shared between Sapling and +/// Orchard, as well as between different implementations of those protocols. pub trait Domain { type EphemeralSecretKey: ConstantTimeEq; type EphemeralPublicKey; @@ -104,36 +118,67 @@ pub trait Domain { type ExtractedCommitmentBytes: Eq + for<'a> From<&'a Self::ExtractedCommitment>; type Memo; + /// Derives the `EphemeralSecretKey` corresponding to this note. + /// + /// Returns `None` if the note was created prior to [ZIP 212], and doesn't have a + /// deterministic `EphemeralSecretKey`. + /// + /// [ZIP 212]: https://zips.z.cash/zip-0212 fn derive_esk(note: &Self::Note) -> Option; + /// Extracts the `DiversifiedTransmissionKey` from the note. fn get_pk_d(note: &Self::Note) -> Self::DiversifiedTransmissionKey; + /// Derives `EphemeralPublicKey` from `esk` and the note's diversifier. fn ka_derive_public( note: &Self::Note, esk: &Self::EphemeralSecretKey, ) -> Self::EphemeralPublicKey; + /// Derives the `SharedSecret` from the sender's information during note encryption. fn ka_agree_enc( esk: &Self::EphemeralSecretKey, pk_d: &Self::DiversifiedTransmissionKey, ) -> Self::SharedSecret; + /// Derives the `SharedSecret` from the recipient's information during note trial + /// decryption. fn ka_agree_dec( ivk: &Self::IncomingViewingKey, epk: &Self::EphemeralPublicKey, ) -> Self::SharedSecret; + /// Derives the `SymmetricKey` used to encrypt the note plaintext. + /// + /// `secret` is the `SharedSecret` obtained from [`Self::ka_agree_enc`] or + /// [`Self::ka_agree_dec`]. + /// + /// `ephemeral_key` is the byte encoding of the [`EphemeralPublicKey`] used to derive + /// `secret`. During encryption it is derived via [`Self::epk_bytes`]; during trial + /// decryption it is obtained from [`ShieldedOutput::ephemeral_key`]. + /// + /// [`EphemeralPublicKey`]: Self::EphemeralPublicKey + /// [`EphemeralSecretKey`]: Self::EphemeralSecretKey fn kdf(secret: Self::SharedSecret, ephemeral_key: &EphemeralKeyBytes) -> Self::SymmetricKey; - // for right now, we just need `recipient` to get `d`; in the future when we - // can get that from a Sapling note, the recipient parameter will be able - // to be removed. + /// Encodes the given `Note` and `Memo` as a note plaintext. + /// + /// # Future breaking changes + /// + /// The `recipient` argument is present as a secondary way to obtain the diversifier; + /// this is due to a historical quirk of how the Sapling `Note` struct was implemented + /// in the `zcash_primitives` crate. `recipient` will be removed from this method in a + /// future crate release, once [`zcash_primitives` has been refactored]. + /// + /// [`zcash_primitives` has been refactored]: https://github.com/zcash/librustzcash/issues/454 fn note_plaintext_bytes( note: &Self::Note, recipient: &Self::Recipient, memo: &Self::Memo, ) -> NotePlaintextBytes; + /// Derives the [`OutgoingCipherKey`] for an encrypted note, given the note-specific + /// public data and an `OutgoingViewingKey`. fn derive_ock( ovk: &Self::OutgoingViewingKey, cv: &Self::ValueCommitment, @@ -141,23 +186,60 @@ pub trait Domain { ephemeral_key: &EphemeralKeyBytes, ) -> OutgoingCipherKey; + /// Encodes the outgoing plaintext for the given note. fn outgoing_plaintext_bytes( note: &Self::Note, esk: &Self::EphemeralSecretKey, ) -> OutPlaintextBytes; + /// Returns the byte encoding of the given `EphemeralPublicKey`. fn epk_bytes(epk: &Self::EphemeralPublicKey) -> EphemeralKeyBytes; + /// Attempts to parse `ephemeral_key` as an `EphemeralPublicKey`. + /// + /// Returns `None` if `ephemeral_key` is not a valid byte encoding of an + /// `EphemeralPublicKey`. fn epk(ephemeral_key: &EphemeralKeyBytes) -> Option; + /// Derives the `ExtractedCommitment` for this note. fn cmstar(note: &Self::Note) -> Self::ExtractedCommitment; + /// Parses the given note plaintext from the recipient's perspective. + /// + /// The implementation of this method must check that: + /// - The note plaintext version is valid (for the given decryption domain's context, + /// which may be passed via `self`). + /// - The note plaintext contains valid encodings of its various fields. + /// - Any domain-specific requirements are satisfied. + /// + /// `&self` is passed here to enable the implementation to enforce contextual checks, + /// such as rules like [ZIP 212] that become active at a specific block height. + /// + /// [ZIP 212]: https://zips.z.cash/zip-0212 + /// + /// # Panics + /// + /// Panics if `plaintext` is shorter than [`COMPACT_NOTE_SIZE`]. fn parse_note_plaintext_without_memo_ivk( &self, ivk: &Self::IncomingViewingKey, plaintext: &[u8], ) -> Option<(Self::Note, Self::Recipient)>; + /// Parses the given note plaintext from the sender's perspective. + /// + /// The implementation of this method must check that: + /// - The note plaintext version is valid (for the given decryption domain's context, + /// which may be passed via `self`). + /// - The note plaintext contains valid encodings of its various fields. + /// - Any domain-specific requirements are satisfied. + /// - `ephemeral_key` can be derived from `esk` and the diversifier within the note + /// plaintext. + /// + /// `&self` is passed here to enable the implementation to enforce contextual checks, + /// such as rules like [ZIP 212] that become active at a specific block height. + /// + /// [ZIP 212]: https://zips.z.cash/zip-0212 fn parse_note_plaintext_without_memo_ovk( &self, pk_d: &Self::DiversifiedTransmissionKey, @@ -166,16 +248,32 @@ pub trait Domain { plaintext: &NotePlaintextBytes, ) -> Option<(Self::Note, Self::Recipient)>; - // &self is passed here in anticipation of future changes - // to memo handling where the memos may no longer be - // part of the note plaintext. + /// Extracts the memo field from the given note plaintext. + /// + /// # Compatibility + /// + /// `&self` is passed here in anticipation of future changes to memo handling, where + /// the memos may no longer be part of the note plaintext. fn extract_memo(&self, plaintext: &NotePlaintextBytes) -> Self::Memo; + /// Parses the `DiversifiedTransmissionKey` field of the outgoing plaintext. + /// + /// Returns `None` if `out_plaintext` does not contain a valid byte encoding of a + /// `DiversifiedTransmissionKey`. fn extract_pk_d(out_plaintext: &OutPlaintextBytes) -> Option; + /// Parses the `EphemeralSecretKey` field of the outgoing plaintext. + /// + /// Returns `None` if `out_plaintext` does not contain a valid byte encoding of an + /// `EphemeralSecretKey`. fn extract_esk(out_plaintext: &OutPlaintextBytes) -> Option; } +/// Trait that encapsulates protocol-specific batch trial decryption logic. +/// +/// Each batchable operation has a default implementation that calls through to the +/// non-batched implementation. Domains can override whichever operations benefit from +/// batched logic. #[cfg(feature = "alloc")] #[cfg_attr(docsrs, doc(cfg(feature = "alloc")))] pub trait BatchDomain: Domain { @@ -209,9 +307,19 @@ pub trait BatchDomain: Domain { } } +/// Trait that provides access to the components of an encrypted transaction output. +/// +/// Implementations of this trait are required to define the length of their ciphertext +/// field. In order to use the trial decryption APIs in this crate, the length must be +/// either [`ENC_CIPHERTEXT_SIZE`] or [`COMPACT_NOTE_SIZE`]. pub trait ShieldedOutput { + /// Exposes the `ephemeral_key` field of the output. fn ephemeral_key(&self) -> EphemeralKeyBytes; + + /// Exposes the `cmu_bytes` or `cmx_bytes` field of the output. fn cmstar_bytes(&self) -> D::ExtractedCommitmentBytes; + + /// Exposes the note ciphertext of the output. fn enc_ciphertext(&self) -> &[u8; CIPHERTEXT_SIZE]; } @@ -386,7 +494,7 @@ impl NoteEncryption { /// Trial decryption of the full note plaintext by the recipient. /// -/// Attempts to decrypt and validate the given `enc_ciphertext` using the given `ivk`. +/// Attempts to decrypt and validate the given shielded output using the given `ivk`. /// If successful, the corresponding note and memo are returned, along with the address to /// which the note was sent. /// @@ -482,7 +590,7 @@ fn check_note_validity( /// Trial decryption of the compact note plaintext by the recipient for light clients. /// -/// Attempts to decrypt and validate the first 52 bytes of `enc_ciphertext` using the +/// Attempts to decrypt and validate the given compact shielded output using the /// given `ivk`. If successful, the corresponding note is returned, along with the address /// to which the note was sent. /// @@ -528,7 +636,7 @@ fn try_compact_note_decryption_inner Date: Fri, 17 Dec 2021 14:57:17 +0000 Subject: [PATCH 3/7] zcash_note_encryption: Crate documentation --- components/zcash_note_encryption/Cargo.toml | 2 +- components/zcash_note_encryption/src/lib.rs | 17 +++++++++++++---- 2 files changed, 14 insertions(+), 5 deletions(-) diff --git a/components/zcash_note_encryption/Cargo.toml b/components/zcash_note_encryption/Cargo.toml index 51a69c6c5..0aeb273b8 100644 --- a/components/zcash_note_encryption/Cargo.toml +++ b/components/zcash_note_encryption/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "zcash_note_encryption" -description = "TBD" +description = "Note encryption for Zcash transactions" version = "0.0.0" authors = [ "Jack Grigg ", diff --git a/components/zcash_note_encryption/src/lib.rs b/components/zcash_note_encryption/src/lib.rs index 0c3a01e9e..95870338f 100644 --- a/components/zcash_note_encryption/src/lib.rs +++ b/components/zcash_note_encryption/src/lib.rs @@ -1,7 +1,16 @@ -//! Implementation of in-band secret distribution abstractions -//! for Zcash transactions. The implementations here provide -//! functionality that is shared between the Sapling and Orchard -//! protocols. +//! Note encryption for Zcash transactions. +//! +//! This crate implements the [in-band secret distribution scheme] for the Sapling and +//! Orchard protocols. It provides reusable methods that implement common note encryption +//! and trial decryption logic, and enforce protocol-agnostic verification requirements. +//! +//! Protocol-specific logic is handled via the [`Domain`] trait. Implementations of this +//! trait are provided in the [`zcash_primitives`] (for Sapling) and [`orchard`] crates; +//! users with their own existing types can similarly implement the trait themselves. +//! +//! [in-band secret distribution scheme]: https://zips.z.cash/protocol/protocol.pdf#saplingandorchardinband +//! [`zcash_primitives`]: https://crates.io/crates/zcash_primitives +//! [`orchard`]: https://crates.io/crates/orchard #![no_std] #![cfg_attr(docsrs, feature(doc_cfg))] From e8a755f6337021a370cb623af5c377ba3ebb5de6 Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Fri, 17 Dec 2021 15:03:19 +0000 Subject: [PATCH 4/7] zcash_note_encryption: Clean up dependencies Several dependencies were copied over during the extraction of this crate's logic from `zcash_primitives`, but are in fact only required for the protocol-specific logic. We can also remove the `std` feature flag, since we no longer have a dependency on `blake2b_simd` that needs its `std` flag exposed for performance. --- components/zcash_note_encryption/Cargo.toml | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/components/zcash_note_encryption/Cargo.toml b/components/zcash_note_encryption/Cargo.toml index 0aeb273b8..14576c0ea 100644 --- a/components/zcash_note_encryption/Cargo.toml +++ b/components/zcash_note_encryption/Cargo.toml @@ -16,24 +16,20 @@ all-features = true rustdoc-args = ["--cfg", "docsrs"] [dependencies] -blake2b_simd = { version = "0.5", default-features = false } -byteorder = { version = "1", default-features = false } chacha20 = { version = "0.8", default-features = false } chacha20poly1305 = { version = "0.9", default-features = false } -ff = { version = "0.11", default-features = false } -group = { version = "0.11", default-features = false } rand_core = { version = "0.6", default-features = false } subtle = { version = "2.2.3", default-features = false } [dev-dependencies] +ff = { version = "0.11", default-features = false } zcash_primitives = { version = "0.5", path = "../../zcash_primitives" } jubjub = "0.8" [features] -default = ["std"] +default = ["alloc"] alloc = [] pre-zip-212 = [] -std = ["alloc", "blake2b_simd/std"] [lib] bench = false From c4cbb2dd74e3cdee6d0dcdc1cfcb9a254f752a08 Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Fri, 17 Dec 2021 15:16:17 +0000 Subject: [PATCH 5/7] zcash_note_encryption: License files and readme --- components/zcash_note_encryption/Cargo.toml | 2 + .../zcash_note_encryption/LICENSE-APACHE | 202 ++++++++++++++++++ components/zcash_note_encryption/LICENSE-MIT | 21 ++ components/zcash_note_encryption/README.md | 30 +++ 4 files changed, 255 insertions(+) create mode 100644 components/zcash_note_encryption/LICENSE-APACHE create mode 100644 components/zcash_note_encryption/LICENSE-MIT create mode 100644 components/zcash_note_encryption/README.md diff --git a/components/zcash_note_encryption/Cargo.toml b/components/zcash_note_encryption/Cargo.toml index 14576c0ea..01d3939af 100644 --- a/components/zcash_note_encryption/Cargo.toml +++ b/components/zcash_note_encryption/Cargo.toml @@ -8,8 +8,10 @@ authors = [ ] homepage = "https://github.com/zcash/librustzcash" repository = "https://github.com/zcash/librustzcash" +readme = "README.md" license = "MIT OR Apache-2.0" edition = "2018" +categories = ["cryptography::cryptocurrencies"] [package.metadata.docs.rs] all-features = true diff --git a/components/zcash_note_encryption/LICENSE-APACHE b/components/zcash_note_encryption/LICENSE-APACHE new file mode 100644 index 000000000..1e5006dc1 --- /dev/null +++ b/components/zcash_note_encryption/LICENSE-APACHE @@ -0,0 +1,202 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + +TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + +1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + +2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + +3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + +4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + +5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + +6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + +7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + +8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + +9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + +END OF TERMS AND CONDITIONS + +APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + +Copyright [yyyy] [name of copyright owner] + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. + diff --git a/components/zcash_note_encryption/LICENSE-MIT b/components/zcash_note_encryption/LICENSE-MIT new file mode 100644 index 000000000..9500c140c --- /dev/null +++ b/components/zcash_note_encryption/LICENSE-MIT @@ -0,0 +1,21 @@ +The MIT License (MIT) + +Copyright (c) 2021 Electric Coin Company + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. diff --git a/components/zcash_note_encryption/README.md b/components/zcash_note_encryption/README.md new file mode 100644 index 000000000..612b7a64f --- /dev/null +++ b/components/zcash_note_encryption/README.md @@ -0,0 +1,30 @@ +# zcash_note_encryption + +This crate implements the [in-band secret distribution scheme] for the Sapling and +Orchard protocols. It provides reusable methods that implement common note encryption +and trial decryption logic, and enforce protocol-agnostic verification requirements. + +Protocol-specific logic is handled via the `Domain` trait. Implementations of this +trait are provided in the [`zcash_primitives`] (for Sapling) and [`orchard`] crates; +users with their own existing types can similarly implement the trait themselves. + +[in-band secret distribution scheme]: https://zips.z.cash/protocol/protocol.pdf#saplingandorchardinband +[`zcash_primitives`]: https://crates.io/crates/zcash_primitives +[`orchard`]: https://crates.io/crates/orchard + +## License + +Licensed under either of + + * Apache License, Version 2.0, ([LICENSE-APACHE](LICENSE-APACHE) or + http://www.apache.org/licenses/LICENSE-2.0) + * MIT license ([LICENSE-MIT](LICENSE-MIT) or http://opensource.org/licenses/MIT) + +at your option. + +### Contribution + +Unless you explicitly state otherwise, any contribution intentionally +submitted for inclusion in the work by you, as defined in the Apache-2.0 +license, shall be dual licensed as above, without any additional terms or +conditions. From 142a38e792b7ac17e44cbaed0b4e0551ecaeb343 Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Fri, 17 Dec 2021 15:21:09 +0000 Subject: [PATCH 6/7] zcash_note_encryption 0.1.0 --- Cargo.toml | 1 - components/zcash_note_encryption/CHANGELOG.md | 11 +++++++++++ components/zcash_note_encryption/Cargo.toml | 2 +- zcash_client_backend/Cargo.toml | 2 +- zcash_primitives/Cargo.toml | 2 +- 5 files changed, 14 insertions(+), 4 deletions(-) create mode 100644 components/zcash_note_encryption/CHANGELOG.md diff --git a/Cargo.toml b/Cargo.toml index e17b07bd2..a8f2e2b2a 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -23,4 +23,3 @@ codegen-units = 1 orchard = { git = "https://github.com/zcash/orchard.git", rev = "4b0b32275fe941b28cdfe632d2748453e6c32fbb" } incrementalmerkletree = { git = "https://github.com/zcash/incrementalmerkletree.git", rev = "b7bd6246122a6e9ace8edb51553fbf5228906cbb" } zcash_encoding = { path = "components/zcash_encoding" } -zcash_note_encryption = { path = "components/zcash_note_encryption" } diff --git a/components/zcash_note_encryption/CHANGELOG.md b/components/zcash_note_encryption/CHANGELOG.md new file mode 100644 index 000000000..5dd6dae9c --- /dev/null +++ b/components/zcash_note_encryption/CHANGELOG.md @@ -0,0 +1,11 @@ +# Changelog +All notable changes to this library will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), +and this library adheres to Rust's notion of +[Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +## [Unreleased] + +## [0.1.0] - 2021-12-17 +Initial release. diff --git a/components/zcash_note_encryption/Cargo.toml b/components/zcash_note_encryption/Cargo.toml index 01d3939af..9b302a282 100644 --- a/components/zcash_note_encryption/Cargo.toml +++ b/components/zcash_note_encryption/Cargo.toml @@ -1,7 +1,7 @@ [package] name = "zcash_note_encryption" description = "Note encryption for Zcash transactions" -version = "0.0.0" +version = "0.1.0" authors = [ "Jack Grigg ", "Kris Nuttycombe " diff --git a/zcash_client_backend/Cargo.toml b/zcash_client_backend/Cargo.toml index 3625f8cd7..e096cd4a7 100644 --- a/zcash_client_backend/Cargo.toml +++ b/zcash_client_backend/Cargo.toml @@ -28,7 +28,7 @@ protobuf = "2.20" rand_core = "0.6" subtle = "2.2.3" time = "0.2" -zcash_note_encryption = { version = "0.0", path = "../components/zcash_note_encryption" } +zcash_note_encryption = { version = "0.1", path = "../components/zcash_note_encryption" } zcash_primitives = { version = "0.5", path = "../zcash_primitives" } [build-dependencies] diff --git a/zcash_primitives/Cargo.toml b/zcash_primitives/Cargo.toml index c6de784a8..42f43bd45 100644 --- a/zcash_primitives/Cargo.toml +++ b/zcash_primitives/Cargo.toml @@ -47,7 +47,7 @@ subtle = "2.2.3" zcash_encoding = { version = "0.0", path = "../components/zcash_encoding" } [dependencies.zcash_note_encryption] -version = "0.0" +version = "0.1" path = "../components/zcash_note_encryption" features = ["pre-zip-212"] From 36db7634a0b1f82684717b5a9cff76eb0191e15a Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Fri, 17 Dec 2021 22:22:25 +0000 Subject: [PATCH 7/7] orchard 0.1.0-beta.1 --- Cargo.toml | 1 - zcash_extensions/Cargo.toml | 2 +- zcash_primitives/Cargo.toml | 6 +++--- 3 files changed, 4 insertions(+), 5 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index a8f2e2b2a..2139b2cf5 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -20,6 +20,5 @@ codegen-units = 1 [patch.crates-io] # In development. -orchard = { git = "https://github.com/zcash/orchard.git", rev = "4b0b32275fe941b28cdfe632d2748453e6c32fbb" } incrementalmerkletree = { git = "https://github.com/zcash/incrementalmerkletree.git", rev = "b7bd6246122a6e9ace8edb51553fbf5228906cbb" } zcash_encoding = { path = "components/zcash_encoding" } diff --git a/zcash_extensions/Cargo.toml b/zcash_extensions/Cargo.toml index d84002fb0..6b8edf49e 100644 --- a/zcash_extensions/Cargo.toml +++ b/zcash_extensions/Cargo.toml @@ -15,7 +15,7 @@ zcash_primitives = { version = "0.5", path = "../zcash_primitives", features = [ [dev-dependencies] ff = "0.11" jubjub = "0.8" -orchard = "0.0" +orchard = "=0.1.0-beta.1" rand_core = "0.6" zcash_proofs = { version = "0.5", path = "../zcash_proofs" } secp256k1 = { version = "0.20", features = ["rand", "bitcoin_hashes"] } diff --git a/zcash_primitives/Cargo.toml b/zcash_primitives/Cargo.toml index 42f43bd45..1c1a56429 100644 --- a/zcash_primitives/Cargo.toml +++ b/zcash_primitives/Cargo.toml @@ -19,7 +19,7 @@ all-features = true aes = "0.7" bitvec = "0.22" bip0039 = { version = "0.9", features = ["std", "all-languages"] } -blake2b_simd = "0.5" +blake2b_simd = "1" blake2s_simd = "0.5" bls12_381 = "0.6" byteorder = "1" @@ -35,7 +35,7 @@ lazy_static = "1" log = "0.4" memuse = "0.2" nonempty = "0.7" -orchard = "0.0" +orchard = "=0.1.0-beta.1" pasta_curves = "0.2.1" proptest = { version = "1.0.0", optional = true } rand = "0.8" @@ -56,7 +56,7 @@ criterion = "0.3" hex-literal = "0.3" proptest = "1.0.0" rand_xorshift = "0.3" -orchard = { version = "0.0", features = ["test-dependencies"] } +orchard = { version = "=0.1.0-beta.1", features = ["test-dependencies"] } [target.'cfg(unix)'.dev-dependencies] pprof = { version = "0.5", features = ["criterion", "flamegraph"] }