diff --git a/.cargo/config.offline b/.cargo/config.offline index c1c31ca9d..8b7762d20 100644 --- a/.cargo/config.offline +++ b/.cargo/config.offline @@ -4,20 +4,5 @@ linker = "aarch64-linux-gnu-gcc" [source.crates-io] replace-with = "vendored-sources" -[source."https://github.com/zcash/librustzcash.git"] -git = "https://github.com/zcash/librustzcash.git" -rev = "913aa0a9885acbd6af9cf3525221d632e4f5a6e4" -replace-with = "vendored-sources" - -[source."https://github.com/zcash/orchard.git"] -git = "https://github.com/zcash/orchard.git" -rev = "f206b3f5d4e31bba75d03d9d03d5fa25825a9384" -replace-with = "vendored-sources" - -[source."https://github.com/zkcrypto/group.git"] -git = "https://github.com/zkcrypto/group.git" -rev = "f61e3e420ed1220c8f1f80988f8c6c5e202d8715" -replace-with = "vendored-sources" - [source.vendored-sources] # The directory for this source is set to RUST_VENDORED_SOURCES by src/Makefile.am diff --git a/Cargo.lock b/Cargo.lock index 53914cba5..e315b28c3 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -531,7 +531,8 @@ checksum = "90e5c1c8368803113bf0c9584fc495a58b86dc8a29edbf8fe877d21d9507e797" [[package]] name = "equihash" version = "0.2.0" -source = "git+https://github.com/zcash/librustzcash.git?rev=913aa0a9885acbd6af9cf3525221d632e4f5a6e4#913aa0a9885acbd6af9cf3525221d632e4f5a6e4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ab579d7cf78477773b03e80bc2f89702ef02d7112c711d54ca93dcdce68533d5" dependencies = [ "blake2b_simd", "byteorder", @@ -540,7 +541,8 @@ dependencies = [ [[package]] name = "f4jumble" version = "0.1.0" -source = "git+https://github.com/zcash/librustzcash.git?rev=913aa0a9885acbd6af9cf3525221d632e4f5a6e4#913aa0a9885acbd6af9cf3525221d632e4f5a6e4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0a83e8d7fd0c526af4aad893b7c9fe41e2699ed8a776a6c74aecdeafe05afc75" dependencies = [ "blake2b_simd", ] @@ -667,8 +669,9 @@ checksum = "22030e2c5a68ec659fde1e949a745124b48e6fa8b045b7ed5bd1fe4ccc5c4e5d" [[package]] name = "group" -version = "0.12.0" -source = "git+https://github.com/zkcrypto/group.git?rev=f61e3e420ed1220c8f1f80988f8c6c5e202d8715#f61e3e420ed1220c8f1f80988f8c6c5e202d8715" +version = "0.12.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5dfbfb3a6cfbd390d5c9564ab283a0349b9b9fcd46a706c1eb10e0db70bfbac7" dependencies = [ "ff", "memuse", @@ -1246,8 +1249,9 @@ checksum = "624a8340c38c1b80fd549087862da4ba43e08858af025b236e509b6649fc13d5" [[package]] name = "orchard" -version = "0.2.0" -source = "git+https://github.com/zcash/orchard.git?rev=f206b3f5d4e31bba75d03d9d03d5fa25825a9384#f206b3f5d4e31bba75d03d9d03d5fa25825a9384" +version = "0.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8f06b263206a75a7d96ca75d46a3e9ca8eaf7ab7feea209749bb8b818d22f427" dependencies = [ "aes", "bitvec", @@ -2317,8 +2321,9 @@ dependencies = [ [[package]] name = "zcash_address" -version = "0.1.0" -source = "git+https://github.com/zcash/librustzcash.git?rev=913aa0a9885acbd6af9cf3525221d632e4f5a6e4#913aa0a9885acbd6af9cf3525221d632e4f5a6e4" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "804268e702b664fc09d3e2ce82786d0addf4ae57ba6976469be63e09066bf9f7" dependencies = [ "bech32", "bs58", @@ -2328,8 +2333,9 @@ dependencies = [ [[package]] name = "zcash_encoding" -version = "0.1.0" -source = "git+https://github.com/zcash/librustzcash.git?rev=913aa0a9885acbd6af9cf3525221d632e4f5a6e4#913aa0a9885acbd6af9cf3525221d632e4f5a6e4" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f03391b81727875efa6ac0661a20883022b6fba92365dc121c48fa9b00c5aac0" dependencies = [ "byteorder", "nonempty", @@ -2338,7 +2344,8 @@ dependencies = [ [[package]] name = "zcash_history" version = "0.3.0" -source = "git+https://github.com/zcash/librustzcash.git?rev=913aa0a9885acbd6af9cf3525221d632e4f5a6e4#913aa0a9885acbd6af9cf3525221d632e4f5a6e4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "eb611a28a4e13ac715ee712f4344d6b279b767daf6345dafefb2c4bf582b6679" dependencies = [ "blake2b_simd", "byteorder", @@ -2347,21 +2354,22 @@ dependencies = [ [[package]] name = "zcash_note_encryption" -version = "0.1.0" -source = "git+https://github.com/zcash/librustzcash.git?rev=913aa0a9885acbd6af9cf3525221d632e4f5a6e4#913aa0a9885acbd6af9cf3525221d632e4f5a6e4" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2be9c12532389fd03786b7068fb7936c17fade23b48f584707bdc5f79f3ec867" dependencies = [ "chacha20", "chacha20poly1305", "cipher 0.4.3", - "group", "rand_core 0.6.4", "subtle", ] [[package]] name = "zcash_primitives" -version = "0.7.0" -source = "git+https://github.com/zcash/librustzcash.git?rev=913aa0a9885acbd6af9cf3525221d632e4f5a6e4#913aa0a9885acbd6af9cf3525221d632e4f5a6e4" +version = "0.8.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9c2e24cb5e3352f751c699f47d363279178871b126d23f49d9018f6bae49219a" dependencies = [ "aes", "bip0039", @@ -2397,15 +2405,15 @@ dependencies = [ [[package]] name = "zcash_proofs" -version = "0.7.1" -source = "git+https://github.com/zcash/librustzcash.git?rev=913aa0a9885acbd6af9cf3525221d632e4f5a6e4#913aa0a9885acbd6af9cf3525221d632e4f5a6e4" +version = "0.8.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4b5cdd6f43c8b56449e52f760d71241b8490530dc10a88d990e8dcf0c435a957" dependencies = [ "bellman", "blake2b_simd", "bls12_381", "byteorder", "directories", - "ff", "group", "jubjub", "lazy_static", diff --git a/Cargo.toml b/Cargo.toml index f19397779..0c957ab68 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -49,19 +49,19 @@ libc = "0.2" jubjub = "0.9" memuse = "0.2" nonempty = "0.7" -orchard = "0.2" +orchard = "0.3" secp256k1 = "0.21" subtle = "2.2" rand_core = "0.6" tracing = "0.1" tracing-core = "0.1" tracing-appender = "0.2" -zcash_address = "0.1" -zcash_encoding = "0.1" +zcash_address = "0.2" +zcash_encoding = "0.2" zcash_history = "0.3" -zcash_note_encryption = "0.1" -zcash_primitives = { version = "0.7", features = ["transparent-inputs"] } -zcash_proofs = { version = "0.7.1", features = ["directories"] } +zcash_note_encryption = "0.2" +zcash_primitives = { version = "0.8.1", features = ["transparent-inputs"] } +zcash_proofs = { version = "0.8", features = ["directories"] } ed25519-zebra = "3" zeroize = "1.4.2" @@ -110,13 +110,3 @@ lto = true panic = 'abort' codegen-units = 1 -[patch.crates-io] -equihash = { git = "https://github.com/zcash/librustzcash.git", rev = "913aa0a9885acbd6af9cf3525221d632e4f5a6e4" } -zcash_address = { git = "https://github.com/zcash/librustzcash.git", rev = "913aa0a9885acbd6af9cf3525221d632e4f5a6e4" } -zcash_encoding = { git = "https://github.com/zcash/librustzcash.git", rev = "913aa0a9885acbd6af9cf3525221d632e4f5a6e4" } -zcash_history = { git = "https://github.com/zcash/librustzcash.git", rev = "913aa0a9885acbd6af9cf3525221d632e4f5a6e4" } -zcash_note_encryption = { git = "https://github.com/zcash/librustzcash.git", rev = "913aa0a9885acbd6af9cf3525221d632e4f5a6e4" } -zcash_primitives = { git = "https://github.com/zcash/librustzcash.git", rev = "913aa0a9885acbd6af9cf3525221d632e4f5a6e4" } -zcash_proofs = { git = "https://github.com/zcash/librustzcash.git", rev = "913aa0a9885acbd6af9cf3525221d632e4f5a6e4" } -orchard = { git = "https://github.com/zcash/orchard.git", rev = "f206b3f5d4e31bba75d03d9d03d5fa25825a9384" } -group = { git = "https://github.com/zkcrypto/group.git", rev = "f61e3e420ed1220c8f1f80988f8c6c5e202d8715" } diff --git a/qa/supply-chain/audits.toml b/qa/supply-chain/audits.toml index 6c394c7d1..de6c9c558 100644 --- a/qa/supply-chain/audits.toml +++ b/qa/supply-chain/audits.toml @@ -140,6 +140,11 @@ who = "Jack Grigg " criteria = "safe-to-deploy" delta = "1.0.76 -> 1.0.78" +[[audits.cxxbridge-macro]] +who = "Kris Nuttycombe " +criteria = "safe-to-deploy" +delta = "1.0.78 -> 1.0.79" + [[audits.cxxbridge-macro]] who = "Kris Nuttycombe " criteria = "safe-to-deploy" @@ -173,6 +178,11 @@ Checked that getrandom::wasi::getrandom_inner matches wasi::random_get. Checked that getrandom::util_libc::Weak lock ordering matches std::sys::unix::weak::DlsymWeak. """ +[[audits.group]] +who = "Kris Nuttycombe " +criteria = "safe-to-deploy" +delta = "0.12.0 -> 0.12.1" + [[audits.halo2_gadgets]] who = "Jack Grigg " criteria = ["crypto-reviewed", "safe-to-deploy"] @@ -301,6 +311,11 @@ criteria = ["crypto-reviewed", "safe-to-deploy"] delta = "0.1.0 -> 0.2.0" notes = "The ECC core team maintains this crate, and we have reviewed every line." +[[audits.orchard]] +who = "Kris Nuttycombe " +criteria = "safe-to-deploy" +delta = "0.2.0 -> 0.3.0" + [[audits.parking_lot]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -457,12 +472,22 @@ criteria = "safe-to-deploy" version = "0.1.0" notes = "The ECC core team maintains this crate, and we have reviewed every line." +[[audits.zcash_address]] +who = "Kris Nuttycombe " +criteria = "safe-to-deploy" +delta = "0.1.0 -> 0.2.0" + [[audits.zcash_encoding]] who = "Jack Grigg " criteria = "safe-to-deploy" version = "0.1.0" notes = "The ECC core team maintains this crate, and we have reviewed every line." +[[audits.zcash_encoding]] +who = "Kris Nuttycombe " +criteria = "safe-to-deploy" +delta = "0.1.0 -> 0.2.0" + [[audits.zcash_history]] who = "Jack Grigg " criteria = "safe-to-deploy" @@ -475,6 +500,11 @@ criteria = ["crypto-reviewed", "safe-to-deploy"] version = "0.1.0" notes = "The ECC core team maintains this crate, and we have reviewed every line." +[[audits.zcash_note_encryption]] +who = "Kris Nuttycombe " +criteria = "safe-to-deploy" +delta = "0.1.0 -> 0.2.0" + [[audits.zcash_primitives]] who = "Jack Grigg " criteria = ["crypto-reviewed", "safe-to-deploy"] @@ -487,6 +517,11 @@ criteria = ["crypto-reviewed", "safe-to-deploy"] delta = "0.6.0 -> 0.7.0" notes = "The ECC core team maintains this crate, and we have reviewed every line." +[[audits.zcash_primitives]] +who = "Kris Nuttycombe " +criteria = "safe-to-deploy" +delta = "0.7.0 -> 0.8.1" + [[audits.zcash_proofs]] who = "Jack Grigg " criteria = ["crypto-reviewed", "safe-to-deploy"] @@ -505,6 +540,11 @@ criteria = ["crypto-reviewed", "safe-to-deploy"] delta = "0.7.0 -> 0.7.1" notes = "The ECC core team maintains this crate, and we have reviewed every line." +[[audits.zcash_proofs]] +who = "Kris Nuttycombe " +criteria = "safe-to-deploy" +delta = "0.7.1 -> 0.8.0" + [[audits.zeroize]] who = "Daira Hopwood " criteria = "safe-to-deploy" diff --git a/src/rust/bin/inspect/block.rs b/src/rust/bin/inspect/block.rs index edaeeecaa..f9be3b113 100644 --- a/src/rust/bin/inspect/block.rs +++ b/src/rust/bin/inspect/block.rs @@ -186,8 +186,8 @@ impl Block { mutated = true; } let mut inner_hasher = Sha256::new(); - inner_hasher.update(&merkle_tree[j + i]); - inner_hasher.update(&merkle_tree[j + i2]); + inner_hasher.update(merkle_tree[j + i]); + inner_hasher.update(merkle_tree[j + i2]); merkle_tree.push(Sha256::digest(&inner_hasher.finalize())); i += 2; } diff --git a/src/rust/bin/inspect/transaction.rs b/src/rust/bin/inspect/transaction.rs index 4140cdd82..218292226 100644 --- a/src/rust/bin/inspect/transaction.rs +++ b/src/rust/bin/inspect/transaction.rs @@ -261,7 +261,7 @@ pub(crate) fn inspect(tx: Transaction, context: Option) { let ctx = Secp256k1::::gen_new(); for (i, (txin, coin)) in bundle.vin.iter().zip(coins).enumerate() { - match coin.script_pubkey.address() { + match coin.recipient_address() { Some(addr @ TransparentAddress::PublicKey(_)) => { // Format is [sig_and_type_len] || sig || [hash_type] || [pubkey_len] || pubkey // where [x] encodes a single byte. diff --git a/src/rust/src/builder_ffi.rs b/src/rust/src/builder_ffi.rs index 5e3c4ab12..437ad45f4 100644 --- a/src/rust/src/builder_ffi.rs +++ b/src/rust/src/builder_ffi.rs @@ -171,7 +171,7 @@ pub extern "C" fn orchard_unauthorized_bundle_prove_and_sign( let mut rng = OsRng; let res = bundle .create_proof(pk, &mut rng) - .and_then(|b| b.apply_signatures(&mut rng, *sighash, &signing_keys)); + .and_then(|b| b.apply_signatures(rng, *sighash, &signing_keys)); match res { Ok(signed) => Box::into_raw(Box::new(signed)), diff --git a/src/rust/src/incremental_merkle_tree.rs b/src/rust/src/incremental_merkle_tree.rs index 83c6e335c..0f51b9635 100644 --- a/src/rust/src/incremental_merkle_tree.rs +++ b/src/rust/src/incremental_merkle_tree.rs @@ -17,7 +17,7 @@ use zcash_primitives::merkle_tree::{ pub fn write_checkpoint_v2(mut writer: W, checkpoint: &Checkpoint) -> io::Result<()> { write_usize_leu64(&mut writer, checkpoint.bridges_len())?; - writer.write_u8(if checkpoint.is_witnessed() { 1 } else { 0 })?; + writer.write_u8(u8::from(checkpoint.is_witnessed()))?; Vector::write_sized(&mut writer, checkpoint.witnessed().iter(), |w, p| { write_position(w, *p) })?; diff --git a/src/rust/src/metrics_ffi.rs b/src/rust/src/metrics_ffi.rs index 1354389b4..169f82da8 100644 --- a/src/rust/src/metrics_ffi.rs +++ b/src/rust/src/metrics_ffi.rs @@ -28,7 +28,7 @@ pub extern "C" fn metrics_run( } }; // We always allow localhost. - allow_ips.extend(&["127.0.0.0/8", "::1/128"]); + allow_ips.extend(["127.0.0.0/8", "::1/128"]); // Parse the address to bind to. let bind_address = SocketAddr::new( diff --git a/src/rust/src/rustzcash.rs b/src/rust/src/rustzcash.rs index 3f5e5b15f..39906f5cb 100644 --- a/src/rust/src/rustzcash.rs +++ b/src/rust/src/rustzcash.rs @@ -46,10 +46,9 @@ use std::os::windows::ffi::OsStringExt; use zcash_primitives::{ constants::{CRH_IVK_PERSONALIZATION, PROOF_GENERATION_KEY_GENERATOR, SPENDING_KEY_GENERATOR}, sapling::{ - keys::FullViewingKey, note_encryption::sapling_ka_agree, redjubjub, Diversifier, Note, - NullifierDerivingKey, Rseed, + keys::FullViewingKey, merkle_hash, note_encryption::sapling_ka_agree, redjubjub, spend_sig, + Diversifier, Note, NullifierDerivingKey, Rseed, }, - sapling::{merkle_hash, spend_sig}, zip32::{self, sapling_address, sapling_derive_internal_fvk, sapling_find_address}, }; use zcash_proofs::{load_parameters, sprout}; @@ -757,7 +756,7 @@ pub extern "C" fn librustzcash_zip32_sapling_derive_internal_fvk( dk_ret: *mut [c_uchar; 32], ) { let fvk = FullViewingKey::read(&unsafe { *fvk }[..]).expect("valid Sapling FullViewingKey"); - let dk = zip32::DiversifierKey::from_bytes(unsafe { *dk }); + let dk = zip32::sapling::DiversifierKey::from_bytes(unsafe { *dk }); let (fvk_internal, dk_internal) = sapling_derive_internal_fvk(&fvk, &dk); let fvk_ret = unsafe { &mut *fvk_ret }; @@ -776,7 +775,7 @@ pub extern "C" fn librustzcash_zip32_sapling_address( addr_ret: *mut [c_uchar; 43], ) -> bool { let fvk = FullViewingKey::read(&unsafe { *fvk }[..]).expect("valid Sapling FullViewingKey"); - let dk = zip32::DiversifierKey::from_bytes(unsafe { *dk }); + let dk = zip32::sapling::DiversifierKey::from_bytes(unsafe { *dk }); let j = zip32::DiversifierIndex(unsafe { *j }); match sapling_address(&fvk, &dk, j) { @@ -800,7 +799,7 @@ pub extern "C" fn librustzcash_zip32_find_sapling_address( addr_ret: *mut [c_uchar; 43], ) -> bool { let fvk = FullViewingKey::read(&unsafe { *fvk }[..]).expect("valid Sapling FullViewingKey"); - let dk = zip32::DiversifierKey::from_bytes(unsafe { *dk }); + let dk = zip32::sapling::DiversifierKey::from_bytes(unsafe { *dk }); let j = zip32::DiversifierIndex(unsafe { *j }); match sapling_find_address(&fvk, &dk, j) { @@ -823,7 +822,7 @@ pub extern "C" fn librustzcash_sapling_diversifier_index( d: *const [c_uchar; 11], j_ret: *mut [c_uchar; 11], ) { - let dk = zip32::DiversifierKey::from_bytes(unsafe { *dk }); + let dk = zip32::sapling::DiversifierKey::from_bytes(unsafe { *dk }); let diversifier = Diversifier(unsafe { *d }); let j_ret = unsafe { &mut *j_ret };