These served no type safety purpose; they were just to make developing
the crate easier. However, while docs.rs correctly shows these in trait
APIs as their plain `[u8; N]` form, editor LSPs like `rust-analyzer`
assume the crate-private types are public and auto-create stubs that
reference them, which is not good UX for downstream developers.
This is more generally useful for debugging purposes than the default
`Debug` impl for `&[u8]`.
We also provide an alternate `Debug` impl for `legacy::Script` that
parses and renders known opcodes. Note that we only parse a subset of
the full opcode set.
This method is only called from `try_output_recovery_with_ock`, and we
can instead rely on the check performed in `check_note_validity`,
reducing the number of checks that `Domain` implementations need to
perform.
The `esk` and `ephemeral_key` parameters become unused, and will be
removed in a subsequent commit (as this change needs to be synchronized
with the `orchard` crate).
This removes the path-based dependencies on the `zcash_note_encryption`
crate in favor of using versioned dependencies locally. This better
reflects the future state in which `zcash_note_encryption` is factored
out of the workspace and maintained in a separate repository.
The `Domain::Note` type is now expected to contain information about the
recipient of the note, eliminating the need to pass this information in
via the encryption context.
This was only used to provide example code for Sapling usage of
the `NoteEncryption` struct; this example code has been moved
to `sapling::note_encryption`.
This modifies wallet scanning to perform per-block batched
decryption. It also alters the structure of the `ScanningKey`
trait to correctly include internal (change) keys in the scan
process.
While it is necessary in the worst case to perform `m * n` decryptions,
where `m` is the number of outputs being decrypted and `n` is the number
of IVKs, it is possible to stop performing trial decryptions when the
first successful decryption is performed. Also, it's inconvenient and
unnecessary to return the full cartesian product of these results, as
only one IVK will decrypt a given output. This commit modifies batch
trial decryption to stop on the first successful decryption, and instead
of returning the cartesian product of results we return the index of the
input IVK along with the output it decrypted. Note that this means that
trial decryption is not constant-time with respect to the number and/or
order of IVKs.
This, along with the corresponding `TryFromRawAddress` trait, enables
converting `ZcashAddress` into a network-agnostic type.
Closeszcash/librustzcash#564.
This enables the user-defined conversions to be fallible, which they
will almost always want to be (as address data needs to be validated
before it can be used).
This provides the encoding corresponding to
`ZcashAddress::try_from_encoded` and documents the fact that the
`Display` instance can also provide this encoding.
Fixes#463
In a number of places, we transform other kinds of collections with
known length information into vectors simply to be able to use them with
`Vector::write` or `Vector::read`. We can avoid these extra allocations
by writing from iterators directly, and similarly by reading directly
into our desired collection types.
There are two canonical orderings for sealed items: preference
order and encoding order. Removing the `Ord` instances means
that a user can't accidentally choose the wrong ordering;
these orderings are replaced by explicit `preference_order`
and `encoding_order` comparison functions.
Several dependencies were copied over during the extraction of this
crate's logic from `zcash_primitives`, but are in fact only required for
the protocol-specific logic. We can also remove the `std` feature flag,
since we no longer have a dependency on `blake2b_simd` that needs its
`std` flag exposed for performance.
Previously we were returning the ciphertext as a slice, and then
asserting its length within the APIs the caller passed it into. Now
instead we require the caller to define whether or not the output is
compact, to make the API more predictable.
This doesn't place any additional constraints on users of this trait,
because the assertions already prevented a full output from being passed
to a compact trial decryption API.
`Domain::derive_esk` provides sufficient information to determine
whether or not we need to enforce `EphemeralSecretKey`-specific
decryption checks, as it returns `None` for pre-ZIP 212 notes.
`Domain::parse_note_plaintext_without_memo_ivk` is used with both full
note plaintexts and compact notes, so continues to accept a slice. For
all other `Domain` APIs, we constrain the input to `NotePlaintextBytes`
or `OutPlaintextBytes` as appropriate.
This renames the `FromReceivers` trait to `UnifiedEncoding` and makes
its public methods (as well as the private to_bytes method) function in
terms of network values rather than explicit HRP arguments. It also adds
high-level encoding and decoding methods that handle conversion to and
from the Bech32m-encoded transport format for all supported types, and
then delegates to these from locations that previously used lower-level
utilities.