Add PrivacyPolicyMeet
And redefine various `TransactionStrategy` operations in terms of it.
This commit is contained in:
parent
ac128a0b2c
commit
d462f8a5b0
|
@ -7731,6 +7731,65 @@ std::optional<libzcash::UnifiedAddress> UnifiedAddressForReceiver::operator()(co
|
||||||
return std::nullopt;
|
return std::nullopt;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
PrivacyPolicy PrivacyPolicyMeet(PrivacyPolicy a, PrivacyPolicy b)
|
||||||
|
{
|
||||||
|
switch (a) {
|
||||||
|
case PrivacyPolicy::FullPrivacy:
|
||||||
|
return b;
|
||||||
|
case PrivacyPolicy::AllowRevealedAmounts:
|
||||||
|
switch (b) {
|
||||||
|
case PrivacyPolicy::FullPrivacy:
|
||||||
|
return a;
|
||||||
|
default: return b;
|
||||||
|
};
|
||||||
|
case PrivacyPolicy::AllowRevealedRecipients:
|
||||||
|
switch (b) {
|
||||||
|
case PrivacyPolicy::FullPrivacy:
|
||||||
|
case PrivacyPolicy::AllowRevealedAmounts:
|
||||||
|
return a;
|
||||||
|
case PrivacyPolicy::AllowRevealedSenders:
|
||||||
|
return PrivacyPolicy::AllowFullyTransparent;
|
||||||
|
case PrivacyPolicy::AllowLinkingAccountAddresses:
|
||||||
|
return PrivacyPolicy::NoPrivacy;
|
||||||
|
default: return b;
|
||||||
|
};
|
||||||
|
case PrivacyPolicy::AllowRevealedSenders:
|
||||||
|
switch (b) {
|
||||||
|
case PrivacyPolicy::FullPrivacy:
|
||||||
|
case PrivacyPolicy::AllowRevealedAmounts:
|
||||||
|
return a;
|
||||||
|
case PrivacyPolicy::AllowRevealedRecipients:
|
||||||
|
return PrivacyPolicy::AllowFullyTransparent;
|
||||||
|
default: return b;
|
||||||
|
};
|
||||||
|
case PrivacyPolicy::AllowFullyTransparent:
|
||||||
|
switch (b) {
|
||||||
|
case PrivacyPolicy::FullPrivacy:
|
||||||
|
case PrivacyPolicy::AllowRevealedAmounts:
|
||||||
|
case PrivacyPolicy::AllowRevealedRecipients:
|
||||||
|
case PrivacyPolicy::AllowRevealedSenders:
|
||||||
|
return a;
|
||||||
|
case PrivacyPolicy::AllowLinkingAccountAddresses:
|
||||||
|
return PrivacyPolicy::NoPrivacy;
|
||||||
|
default: return b;
|
||||||
|
};
|
||||||
|
case PrivacyPolicy::AllowLinkingAccountAddresses:
|
||||||
|
switch (b) {
|
||||||
|
case PrivacyPolicy::FullPrivacy:
|
||||||
|
case PrivacyPolicy::AllowRevealedAmounts:
|
||||||
|
case PrivacyPolicy::AllowRevealedSenders:
|
||||||
|
return a;
|
||||||
|
case PrivacyPolicy::AllowRevealedRecipients:
|
||||||
|
case PrivacyPolicy::AllowFullyTransparent:
|
||||||
|
return PrivacyPolicy::NoPrivacy;
|
||||||
|
default: return b;
|
||||||
|
};
|
||||||
|
case PrivacyPolicy::NoPrivacy:
|
||||||
|
return a;
|
||||||
|
default: assert(false);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
std::optional<TransactionStrategy> TransactionStrategy::FromString(std::string privacyPolicy) {
|
std::optional<TransactionStrategy> TransactionStrategy::FromString(std::string privacyPolicy) {
|
||||||
TransactionStrategy strategy;
|
TransactionStrategy strategy;
|
||||||
|
|
||||||
|
@ -7778,156 +7837,27 @@ std::string TransactionStrategy::ToString(PrivacyPolicy policy) {
|
||||||
}
|
}
|
||||||
|
|
||||||
bool TransactionStrategy::AllowRevealedAmounts() const {
|
bool TransactionStrategy::AllowRevealedAmounts() const {
|
||||||
switch (requestedLevel) {
|
return IsCompatibleWith(PrivacyPolicy::AllowRevealedAmounts);
|
||||||
case PrivacyPolicy::FullPrivacy:
|
|
||||||
return false;
|
|
||||||
case PrivacyPolicy::AllowRevealedAmounts:
|
|
||||||
case PrivacyPolicy::AllowRevealedRecipients:
|
|
||||||
case PrivacyPolicy::AllowRevealedSenders:
|
|
||||||
case PrivacyPolicy::AllowFullyTransparent:
|
|
||||||
case PrivacyPolicy::AllowLinkingAccountAddresses:
|
|
||||||
case PrivacyPolicy::NoPrivacy:
|
|
||||||
return true;
|
|
||||||
default:
|
|
||||||
// Fail closed.
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
bool TransactionStrategy::AllowRevealedRecipients() const {
|
bool TransactionStrategy::AllowRevealedRecipients() const {
|
||||||
switch (requestedLevel) {
|
return IsCompatibleWith(PrivacyPolicy::AllowRevealedRecipients);
|
||||||
case PrivacyPolicy::FullPrivacy:
|
|
||||||
case PrivacyPolicy::AllowRevealedAmounts:
|
|
||||||
case PrivacyPolicy::AllowRevealedSenders:
|
|
||||||
case PrivacyPolicy::AllowLinkingAccountAddresses:
|
|
||||||
return false;
|
|
||||||
case PrivacyPolicy::AllowRevealedRecipients:
|
|
||||||
case PrivacyPolicy::AllowFullyTransparent:
|
|
||||||
case PrivacyPolicy::NoPrivacy:
|
|
||||||
return true;
|
|
||||||
default:
|
|
||||||
// Fail closed.
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
bool TransactionStrategy::AllowRevealedSenders() const {
|
bool TransactionStrategy::AllowRevealedSenders() const {
|
||||||
switch (requestedLevel) {
|
return IsCompatibleWith(PrivacyPolicy::AllowRevealedSenders);
|
||||||
case PrivacyPolicy::FullPrivacy:
|
|
||||||
case PrivacyPolicy::AllowRevealedAmounts:
|
|
||||||
case PrivacyPolicy::AllowRevealedRecipients:
|
|
||||||
return false;
|
|
||||||
case PrivacyPolicy::AllowRevealedSenders:
|
|
||||||
case PrivacyPolicy::AllowFullyTransparent:
|
|
||||||
case PrivacyPolicy::AllowLinkingAccountAddresses:
|
|
||||||
case PrivacyPolicy::NoPrivacy:
|
|
||||||
return true;
|
|
||||||
default:
|
|
||||||
// Fail closed.
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
bool TransactionStrategy::AllowFullyTransparent() const {
|
bool TransactionStrategy::AllowFullyTransparent() const {
|
||||||
switch (requestedLevel) {
|
return IsCompatibleWith(PrivacyPolicy::AllowFullyTransparent);
|
||||||
case PrivacyPolicy::FullPrivacy:
|
|
||||||
case PrivacyPolicy::AllowRevealedAmounts:
|
|
||||||
case PrivacyPolicy::AllowRevealedRecipients:
|
|
||||||
case PrivacyPolicy::AllowRevealedSenders:
|
|
||||||
return false;
|
|
||||||
case PrivacyPolicy::AllowFullyTransparent:
|
|
||||||
case PrivacyPolicy::AllowLinkingAccountAddresses:
|
|
||||||
case PrivacyPolicy::NoPrivacy:
|
|
||||||
return true;
|
|
||||||
default:
|
|
||||||
// Fail closed.
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
bool TransactionStrategy::AllowLinkingAccountAddresses() const {
|
bool TransactionStrategy::AllowLinkingAccountAddresses() const {
|
||||||
switch (requestedLevel) {
|
return IsCompatibleWith(PrivacyPolicy::AllowLinkingAccountAddresses);
|
||||||
case PrivacyPolicy::FullPrivacy:
|
|
||||||
case PrivacyPolicy::AllowRevealedAmounts:
|
|
||||||
case PrivacyPolicy::AllowRevealedRecipients:
|
|
||||||
case PrivacyPolicy::AllowRevealedSenders:
|
|
||||||
case PrivacyPolicy::AllowFullyTransparent:
|
|
||||||
return false;
|
|
||||||
case PrivacyPolicy::AllowLinkingAccountAddresses:
|
|
||||||
case PrivacyPolicy::NoPrivacy:
|
|
||||||
return true;
|
|
||||||
default:
|
|
||||||
// Fail closed.
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
bool TransactionStrategy::IsCompatibleWith(PrivacyPolicy requiredLevel) const {
|
bool TransactionStrategy::IsCompatibleWith(PrivacyPolicy requiredLevel) const {
|
||||||
switch (requiredLevel) {
|
return requestedLevel == PrivacyPolicyMeet(requestedLevel, requiredLevel);
|
||||||
case PrivacyPolicy::FullPrivacy:
|
|
||||||
// FullPrivacy is most restrictive (it needs no privicy-violating
|
|
||||||
// capabilities), so any strategy the user chooses is fine.
|
|
||||||
return true;
|
|
||||||
case PrivacyPolicy::AllowRevealedAmounts:
|
|
||||||
switch (requestedLevel) {
|
|
||||||
case PrivacyPolicy::AllowRevealedAmounts:
|
|
||||||
case PrivacyPolicy::AllowRevealedRecipients:
|
|
||||||
case PrivacyPolicy::AllowRevealedSenders:
|
|
||||||
case PrivacyPolicy::AllowFullyTransparent:
|
|
||||||
case PrivacyPolicy::AllowLinkingAccountAddresses:
|
|
||||||
case PrivacyPolicy::NoPrivacy:
|
|
||||||
return true;
|
|
||||||
default:
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
case PrivacyPolicy::AllowRevealedRecipients:
|
|
||||||
switch (requestedLevel) {
|
|
||||||
case PrivacyPolicy::AllowRevealedRecipients:
|
|
||||||
case PrivacyPolicy::AllowRevealedSenders:
|
|
||||||
case PrivacyPolicy::AllowFullyTransparent:
|
|
||||||
case PrivacyPolicy::AllowLinkingAccountAddresses:
|
|
||||||
case PrivacyPolicy::NoPrivacy:
|
|
||||||
return true;
|
|
||||||
default:
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
case PrivacyPolicy::AllowRevealedSenders:
|
|
||||||
switch (requestedLevel) {
|
|
||||||
case PrivacyPolicy::AllowRevealedSenders:
|
|
||||||
case PrivacyPolicy::AllowFullyTransparent:
|
|
||||||
case PrivacyPolicy::AllowLinkingAccountAddresses:
|
|
||||||
case PrivacyPolicy::NoPrivacy:
|
|
||||||
return true;
|
|
||||||
default:
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
case PrivacyPolicy::AllowFullyTransparent:
|
|
||||||
switch (requestedLevel) {
|
|
||||||
case PrivacyPolicy::AllowFullyTransparent:
|
|
||||||
case PrivacyPolicy::AllowLinkingAccountAddresses:
|
|
||||||
case PrivacyPolicy::NoPrivacy:
|
|
||||||
return true;
|
|
||||||
default:
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
case PrivacyPolicy::AllowLinkingAccountAddresses:
|
|
||||||
switch (requestedLevel) {
|
|
||||||
case PrivacyPolicy::AllowLinkingAccountAddresses:
|
|
||||||
case PrivacyPolicy::NoPrivacy:
|
|
||||||
return true;
|
|
||||||
default:
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
case PrivacyPolicy::NoPrivacy:
|
|
||||||
switch (requestedLevel) {
|
|
||||||
case PrivacyPolicy::NoPrivacy:
|
|
||||||
return true;
|
|
||||||
default:
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
default:
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
bool ZTXOSelector::SelectsTransparent() const {
|
bool ZTXOSelector::SelectsTransparent() const {
|
||||||
|
|
|
@ -752,6 +752,9 @@ public:
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* A strategy to use for managing privacy when constructing a transaction.
|
* A strategy to use for managing privacy when constructing a transaction.
|
||||||
|
*
|
||||||
|
* **NB**: These are intentionally in an order where `<` will never do the right
|
||||||
|
* thing. See `PrivacyPolicyMeet` for a correct comparison.
|
||||||
*/
|
*/
|
||||||
enum class PrivacyPolicy {
|
enum class PrivacyPolicy {
|
||||||
FullPrivacy,
|
FullPrivacy,
|
||||||
|
@ -763,6 +766,14 @@ enum class PrivacyPolicy {
|
||||||
NoPrivacy,
|
NoPrivacy,
|
||||||
};
|
};
|
||||||
|
|
||||||
|
/** Returns the meet of two privacy policies. I.e., the strongest policy that is
|
||||||
|
* compatible with both of the provided policies.
|
||||||
|
*
|
||||||
|
* See https://github.com/zcash/zcash/issues/6240 for the graph that this
|
||||||
|
* models.
|
||||||
|
*/
|
||||||
|
PrivacyPolicy PrivacyPolicyMeet(PrivacyPolicy a, PrivacyPolicy b);
|
||||||
|
|
||||||
class TransactionStrategy {
|
class TransactionStrategy {
|
||||||
PrivacyPolicy requestedLevel;
|
PrivacyPolicy requestedLevel;
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue