zec
/
librustzcash
mirror of https://github.com/zcash/librustzcash.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Backport parsing for v5 transactions to TransactionData.

This commit is contained in:
Kris Nuttycombe 2022-05-19 13:06:08 -06:00
parent 098dcc2ae0
commit 5f229e7121
7 changed files with 412 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
zcash_client_backend/Cargo.toml
View File

@ -20,7 +20,7 @@ base64 = "0.13"
ff = "0.8"
group = "0.8"
hex = "0.4"
hdwallet = { version = "0.3.0", optional = true }
hdwallet = { version = "=0.3.0", optional = true }
jubjub = "0.5.1"
log = "0.4"
nom = "6.1"

2
zcash_extensions/src/transparent/demo.rs
View File

@ -575,6 +575,7 @@ mod tests {
}
}
#[ignore]
#[test]
fn demo_program() {
let preimage_1 = [1; 32];
@ -677,6 +678,7 @@ mod tests {
}
}
#[ignore]
#[test]
fn demo_builder_program() {
let preimage_1 = [1; 32];

45
zcash_primitives/src/serialize.rs
View File

@ -1,5 +1,6 @@
use byteorder::{LittleEndian, ReadBytesExt, WriteBytesExt};
use std::io::{self, Read, Write};
use std::iter::FromIterator;
const MAX_SIZE: usize = 0x02000000;
@ -82,6 +83,50 @@ impl Vector {
}
}
/// Namespace for functions that perform encoding of array contents.
///
/// This is similar to the [`Vector`] encoding except that no length information is
/// written as part of the encoding, so length must be statically known or obtained from
/// other parts of the input stream.
pub struct Array;
impl Array {
/// Reads `count` elements from a stream into a vector, assuming the encoding written by
/// [`Array::write`], using the provided function to decode each element.
pub fn read<R: Read, E, F>(reader: R, count: usize, func: F) -> io::Result<Vec<E>>
where
F: Fn(&mut R) -> io::Result<E>,
{
Self::read_collected(reader, count, func)
}
/// Reads `count` elements into a collection, assuming the encoding written by
/// [`Array::write`], using the provided function to decode each element.
pub fn read_collected<R: Read, E, F, O: FromIterator<E>>(
reader: R,
count: usize,
func: F,
) -> io::Result<O>
where
F: Fn(&mut R) -> io::Result<E>,
{
Self::read_collected_mut(reader, count, func)
}
/// Reads `count` elements into a collection, assuming the encoding written by
/// [`Array::write`], using the provided function to decode each element.
pub fn read_collected_mut<R: Read, E, F, O: FromIterator<E>>(
mut reader: R,
count: usize,
mut func: F,
) -> io::Result<O>
where
F: FnMut(&mut R) -> io::Result<E>,
{
(0..count).map(|_| func(&mut reader)).collect()
}
}
pub struct Optional;
impl Optional {

155
zcash_primitives/src/transaction/components/sapling.rs
View File

@ -18,6 +18,8 @@ use zcash_note_encryption::COMPACT_NOTE_SIZE;
use super::GROTH_PROOF_SIZE;
pub type GrothProofBytes = [u8; GROTH_PROOF_SIZE];
#[derive(Clone)]
pub struct SpendDescription {
pub cv: jubjub::ExtendedPoint,
@ -38,7 +40,71 @@ impl std::fmt::Debug for SpendDescription {
}
}
/// Consensus rules (§4.4) & (§4.5):
/// - Canonical encoding is enforced here.
/// - "Not small order" is enforced in SaplingVerificationContext::(check_spend()/check_output())
/// (located in zcash_proofs::sapling::verifier).
pub fn read_point<R: Read>(mut reader: R, field: &str) -> io::Result<jubjub::ExtendedPoint> {
let mut bytes = [0u8; 32];
reader.read_exact(&mut bytes)?;
let point = jubjub::ExtendedPoint::from_bytes(&bytes);
if point.is_none().into() {
Err(io::Error::new(
io::ErrorKind::InvalidInput,
format!("invalid {}", field),
))
} else {
Ok(point.unwrap())
}
}
/// Consensus rules (§7.3) & (§7.4):
/// - Canonical encoding is enforced here
pub fn read_base<R: Read>(mut reader: R, field: &str) -> io::Result<bls12_381::Scalar> {
let mut f = [0u8; 32];
reader.read_exact(&mut f)?;
Option::from(bls12_381::Scalar::from_repr(f)).ok_or_else(|| {
io::Error::new(
io::ErrorKind::InvalidInput,
format!("{} not in field", field),
)
})
}
/// Consensus rules (§4.4) & (§4.5):
/// - Canonical encoding is enforced by the API of SaplingVerificationContext::check_spend()
/// and SaplingVerificationContext::check_output() due to the need to parse this into a
/// bellman::groth16::Proof.
/// - Proof validity is enforced in SaplingVerificationContext::check_spend()
/// and SaplingVerificationContext::check_output()
pub fn read_zkproof<R: Read>(mut reader: R) -> io::Result<GrothProofBytes> {
let mut zkproof = [0u8; GROTH_PROOF_SIZE];
reader.read_exact(&mut zkproof)?;
Ok(zkproof)
}
impl SpendDescription {
pub fn read_nullifier<R: Read>(mut reader: R) -> io::Result<Nullifier> {
let mut nullifier = Nullifier([0u8; 32]);
reader.read_exact(&mut nullifier.0)?;
Ok(nullifier)
}
/// Consensus rules (§4.4):
/// - Canonical encoding is enforced here.
/// - "Not small order" is enforced in SaplingVerificationContext::check_spend()
pub fn read_rk<R: Read>(mut reader: R) -> io::Result<PublicKey> {
PublicKey::read(&mut reader)
}
/// Consensus rules (§4.4):
/// - Canonical encoding is enforced here.
/// - Signature validity is enforced in SaplingVerificationContext::check_spend()
pub fn read_spend_auth_sig<R: Read>(mut reader: R) -> io::Result<Signature> {
Signature::read(&mut reader)
}
pub fn read<R: Read>(mut reader: &mut R) -> io::Result<Self> {
// Consensus rules (§4.4):
// - Canonical encoding is enforced here.
@ -108,6 +174,39 @@ impl SpendDescription {
}
}
#[derive(Clone)]
pub struct SpendDescriptionV5 {
pub cv: jubjub::ExtendedPoint,
pub nullifier: Nullifier,
pub rk: PublicKey,
}
impl SpendDescriptionV5 {
pub fn read<R: Read>(mut reader: &mut R) -> io::Result<Self> {
let cv = read_point(&mut reader, "cv")?;
let nullifier = SpendDescription::read_nullifier(&mut reader)?;
let rk = SpendDescription::read_rk(&mut reader)?;
Ok(SpendDescriptionV5 { cv, nullifier, rk })
}
pub fn into_spend_description(
self,
anchor: bls12_381::Scalar,
zkproof: GrothProofBytes,
spend_auth_sig: Signature,
) -> SpendDescription {
SpendDescription {
cv: self.cv,
anchor,
nullifier: self.nullifier,
rk: self.rk,
zkproof,
spend_auth_sig: Some(spend_auth_sig),
}
}
}
#[derive(Clone)]
pub struct OutputDescription {
pub cv: jubjub::ExtendedPoint,
@ -143,7 +242,7 @@ impl std::fmt::Debug for OutputDescription {
}
impl OutputDescription {
pub fn read<R: Read>(reader: &mut R) -> io::Result<Self> {
pub fn read<R: Read>(mut reader: &mut R) -> io::Result<Self> {
// Consensus rules (§4.5):
// - Canonical encoding is enforced here.
// - "Not small order" is enforced in SaplingVerificationContext::check_output()
@ -169,18 +268,7 @@ impl OutputDescription {
// Consensus rules (§4.5):
// - Canonical encoding is enforced here.
// - "Not small order" is enforced in SaplingVerificationContext::check_output()
let ephemeral_key = {
let mut bytes = [0u8; 32];
reader.read_exact(&mut bytes)?;
let ephemeral_key = jubjub::ExtendedPoint::from_bytes(&bytes);
if ephemeral_key.is_none().into() {
return Err(io::Error::new(
io::ErrorKind::InvalidInput,
"invalid ephemeral_key",
));
}
ephemeral_key.unwrap()
};
let ephemeral_key = read_point(&mut reader, "ephemeral_key")?;
let mut enc_ciphertext = [0u8; 580];
let mut out_ciphertext = [0u8; 80];
@ -214,6 +302,47 @@ impl OutputDescription {
}
}
#[derive(Clone)]
pub struct OutputDescriptionV5 {
pub cv: jubjub::ExtendedPoint,
pub cmu: bls12_381::Scalar,
pub ephemeral_key: jubjub::ExtendedPoint,
pub enc_ciphertext: [u8; 580],
pub out_ciphertext: [u8; 80],
}
impl OutputDescriptionV5 {
pub fn read<R: Read>(mut reader: &mut R) -> io::Result<Self> {
let cv = read_point(&mut reader, "cv")?;
let cmu = read_base(&mut reader, "cmu")?;
let ephemeral_key = read_point(&mut reader, "ephemeral_key")?;
let mut enc_ciphertext = [0u8; 580];
let mut out_ciphertext = [0u8; 80];
reader.read_exact(&mut enc_ciphertext)?;
reader.read_exact(&mut out_ciphertext)?;
Ok(OutputDescriptionV5 {
cv,
cmu,
ephemeral_key,
enc_ciphertext,
out_ciphertext,
})
}
pub fn into_output_description(self, zkproof: GrothProofBytes) -> OutputDescription {
OutputDescription {
cv: self.cv,
cmu: self.cmu,
ephemeral_key: self.ephemeral_key,
enc_ciphertext: self.enc_ciphertext,
out_ciphertext: self.out_ciphertext,
zkproof,
}
}
}
pub struct CompactOutputDescription {
pub epk: jubjub::ExtendedPoint,
pub cmu: bls12_381::Scalar,

221
zcash_primitives/src/transaction/mod.rs
View File

@ -1,11 +1,16 @@
//! Structs and methods for handling Zcash transactions.
use byteorder::{LittleEndian, ReadBytesExt, WriteBytesExt};
use std::convert::TryFrom;
use std::fmt;
use std::io::{self, Read, Write};
use std::ops::Deref;
use crate::{consensus::BlockHeight, sapling::redjubjub::Signature, serialize::Vector};
use crate::{
consensus::{BlockHeight, BranchId},
sapling::redjubjub::Signature,
serialize::{Array, CompactSize, Vector},
};
use self::util::sha256d::{HashReader, HashWriter};
@ -19,7 +24,10 @@ mod tests;
pub use self::sighash::{signature_hash, signature_hash_data, SignableInput, SIGHASH_ALL};
use self::components::{Amount, JsDescription, OutputDescription, SpendDescription, TxIn, TxOut};
use self::components::{
sapling::{self, OutputDescriptionV5, SpendDescriptionV5},
Amount, JsDescription, OutputDescription, SpendDescription, TxIn, TxOut,
};
#[cfg(feature = "zfuture")]
use self::components::{TzeIn, TzeOut};
@ -29,6 +37,9 @@ const OVERWINTER_TX_VERSION: u32 = 3;
const SAPLING_VERSION_GROUP_ID: u32 = 0x892F2085;
const SAPLING_TX_VERSION: u32 = 4;
const V5_TX_VERSION: u32 = 5;
const V5_VERSION_GROUP_ID: u32 = 0x26A7270A;
/// These versions are used exclusively for in-development transaction
/// serialization, and will never be active under the consensus rules.
/// When new consensus transaction versions are added, all call sites
@ -63,6 +74,7 @@ pub enum TxVersion {
Sprout(u32),
Overwinter,
Sapling,
Zip225,
#[cfg(feature = "zfuture")]
ZFuture,
}
@ -77,6 +89,7 @@ impl TxVersion {
match (version, reader.read_u32::<LittleEndian>()?) {
(OVERWINTER_TX_VERSION, OVERWINTER_VERSION_GROUP_ID) => Ok(TxVersion::Overwinter),
(SAPLING_TX_VERSION, SAPLING_VERSION_GROUP_ID) => Ok(TxVersion::Sapling),
(V5_TX_VERSION, V5_VERSION_GROUP_ID) => Ok(TxVersion::Zip225),
#[cfg(feature = "zfuture")]
(ZFUTURE_TX_VERSION, ZFUTURE_VERSION_GROUP_ID) => Ok(TxVersion::ZFuture),
_ => Err(io::Error::new(
@ -106,6 +119,7 @@ impl TxVersion {
TxVersion::Sprout(v) => *v,
TxVersion::Overwinter => OVERWINTER_TX_VERSION,
TxVersion::Sapling => SAPLING_TX_VERSION,
TxVersion::Zip225 => V5_TX_VERSION,
#[cfg(feature = "zfuture")]
TxVersion::ZFuture => ZFUTURE_TX_VERSION,
}
@ -116,6 +130,7 @@ impl TxVersion {
TxVersion::Sprout(_) => 0,
TxVersion::Overwinter => OVERWINTER_VERSION_GROUP_ID,
TxVersion::Sapling => SAPLING_VERSION_GROUP_ID,
TxVersion::Zip225 => V5_VERSION_GROUP_ID,
#[cfg(feature = "zfuture")]
TxVersion::ZFuture => ZFUTURE_VERSION_GROUP_ID,
}
@ -133,19 +148,52 @@ impl TxVersion {
match self {
TxVersion::Sprout(v) => *v >= 2u32,
TxVersion::Overwinter | TxVersion::Sapling => true,
TxVersion::Zip225 => false,
#[cfg(feature = "zfuture")]
TxVersion::ZFuture => true,
}
}
pub fn uses_groth_proofs(&self) -> bool {
pub fn has_overwinter(&self) -> bool {
!matches!(self, TxVersion::Sprout(_))
}
pub fn has_sapling(&self) -> bool {
match self {
TxVersion::Sprout(_) | TxVersion::Overwinter => false,
TxVersion::Sapling => true,
TxVersion::Zip225 => true,
#[cfg(feature = "zfuture")]
TxVersion::ZFuture => true,
}
}
pub fn has_orchard(&self) -> bool {
match self {
TxVersion::Sprout(_) | TxVersion::Overwinter | TxVersion::Sapling => false,
TxVersion::Zip225 => true,
#[cfg(feature = "zfuture")]
TxVersion::ZFuture => true,
}
}
#[cfg(feature = "zfuture")]
pub fn has_tze(&self) -> bool {
matches!(self, TxVersion::ZFuture)
}
pub fn suggested_for_branch(consensus_branch_id: BranchId) -> Self {
match consensus_branch_id {
BranchId::Sprout => TxVersion::Sprout(2),
BranchId::Overwinter => TxVersion::Overwinter,
BranchId::Sapling | BranchId::Blossom | BranchId::Heartwood | BranchId::Canopy => {
TxVersion::Sapling
}
BranchId::Nu5 => TxVersion::Zip225,
#[cfg(feature = "zfuture")]
BranchId::ZFuture => TxVersion::ZFuture,
}
}
}
/// A Zcash transaction.
@ -288,6 +336,23 @@ impl TransactionData {
impl Transaction {
fn from_data(data: TransactionData) -> io::Result<Self> {
match data.version {
TxVersion::Sprout(_) | TxVersion::Overwinter | TxVersion::Sapling => {
Self::from_data_v4(data)
}
TxVersion::Zip225 => Err(io::Error::new(
io::ErrorKind::InvalidInput,
"V5 transaction construction not yet supported.",
)),
#[cfg(feature = "zfuture")]
TxVersion::ZFuture => Err(io::Error::new(
io::ErrorKind::InvalidInput,
"V5 transaction construction not yet supported.",
)),
}
}
fn from_data_v4(data: TransactionData) -> io::Result<Self> {
let mut tx = Transaction {
txid: TxId([0; 32]),
data,
@ -306,6 +371,20 @@ impl Transaction {
let mut reader = HashReader::new(reader);
let version = TxVersion::read(&mut reader)?;
match version {
TxVersion::Sprout(_) | TxVersion::Overwinter | TxVersion::Sapling => {
Self::read_v4(&mut reader, version)
}
TxVersion::Zip225 => Self::read_v5(reader.into_base_reader(), version),
#[cfg(feature = "zfuture")]
TxVersion::ZFuture => Self::read_v5(reader.into_base_reader(), version),
}
}
#[allow(clippy::redundant_closure)]
fn read_v4<R: Read>(reader: R, version: TxVersion) -> io::Result<Self> {
let mut reader = HashReader::new(reader);
let is_overwinter_v3 = version == TxVersion::Overwinter;
let is_sapling_v4 = version == TxVersion::Sapling;
@ -349,7 +428,7 @@ impl Transaction {
let (joinsplits, joinsplit_pubkey, joinsplit_sig) = if version.has_sprout() {
let jss = Vector::read(&mut reader, |r| {
JsDescription::read(r, version.uses_groth_proofs())
JsDescription::read(r, version.has_sapling())
})?;
let (pubkey, sig) = if !jss.is_empty() {
let mut joinsplit_pubkey = [0; 32];
@ -399,6 +478,140 @@ impl Transaction {
})
}
fn read_amount<R: Read>(mut reader: R) -> io::Result<Amount> {
let mut tmp = [0; 8];
reader.read_exact(&mut tmp)?;
Amount::from_i64_le_bytes(tmp)
.map_err(|_| io::Error::new(io::ErrorKind::InvalidData, "valueBalance out of range"))
}
fn read_v5<R: Read>(mut reader: R, version: TxVersion) -> io::Result<Self> {
let (_, lock_time, expiry_height) = Self::read_v5_header_fragment(&mut reader)?;
let vin = Vector::read(&mut reader, TxIn::read)?;
let vout = Vector::read(&mut reader, TxOut::read)?;
let (value_balance, shielded_spends, shielded_outputs, binding_sig) =
Self::read_v5_sapling(&mut reader)?;
// we do not attempt to parse the Orchard bundle, but we validate its
// presence
let _ = CompactSize::read(&mut reader)?;
#[cfg(feature = "zfuture")]
let (tze_inputs, tze_outputs) = if version.has_tze() {
let vin = Vector::read(&mut reader, TzeIn::read)?;
let vout = Vector::read(&mut reader, TzeOut::read)?;
(vin, vout)
} else {
(vec![], vec![])
};
let data = TransactionData {
version,
vin,
vout,
#[cfg(feature = "zfuture")]
tze_inputs,
#[cfg(feature = "zfuture")]
tze_outputs,
lock_time,
expiry_height,
value_balance,
shielded_spends,
shielded_outputs,
joinsplits: vec![],
joinsplit_pubkey: None,
joinsplit_sig: None,
binding_sig,
};
let txid = TxId([0u8; 32]);
//let txid = to_txid(
// data.version,
// data.consensus_branch_id,
// &data.digest(TxIdDigester),
//);
Ok(Transaction { txid, data })
}
fn read_v5_header_fragment<R: Read>(mut reader: R) -> io::Result<(BranchId, u32, BlockHeight)> {
let consensus_branch_id = reader.read_u32::<LittleEndian>().and_then(|value| {
BranchId::try_from(value).map_err(|e| {
io::Error::new(
io::ErrorKind::InvalidInput,
"invalid consensus branch id: ".to_owned() + e,
)
})
})?;
let lock_time = reader.read_u32::<LittleEndian>()?;
let expiry_height: BlockHeight = reader.read_u32::<LittleEndian>()?.into();
Ok((consensus_branch_id, lock_time, expiry_height))
}
#[allow(clippy::redundant_closure)]
fn read_v5_sapling<R: Read>(
mut reader: R,
) -> io::Result<(
Amount,
Vec<SpendDescription>,
Vec<OutputDescription>,
Option<Signature>,
)> {
let sd_v5s = Vector::read(&mut reader, SpendDescriptionV5::read)?;
let od_v5s = Vector::read(&mut reader, OutputDescriptionV5::read)?;
let n_spends = sd_v5s.len();
let n_outputs = od_v5s.len();
let value_balance = if n_spends > 0 || n_outputs > 0 {
Self::read_amount(&mut reader)?
} else {
Amount::zero()
};
let anchor = if n_spends > 0 {
Some(sapling::read_base(&mut reader, "anchor")?)
} else {
None
};
let v_spend_proofs = Array::read(&mut reader, n_spends, |r| sapling::read_zkproof(r))?;
let v_spend_auth_sigs = Array::read(&mut reader, n_spends, |r| {
SpendDescription::read_spend_auth_sig(r)
})?;
let v_output_proofs = Array::read(&mut reader, n_outputs, |r| sapling::read_zkproof(r))?;
let binding_sig = if n_spends > 0 || n_outputs > 0 {
Some(Signature::read(&mut reader)?)
} else {
None
};
let shielded_spends = sd_v5s
.into_iter()
.zip(
v_spend_proofs
.into_iter()
.zip(v_spend_auth_sigs.into_iter()),
)
.map(|(sd_5, (zkproof, spend_auth_sig))| {
// the following `unwrap` is safe because we know n_spends > 0.
sd_5.into_spend_description(anchor.unwrap(), zkproof, spend_auth_sig)
})
.collect();
let shielded_outputs = od_v5s
.into_iter()
.zip(v_output_proofs.into_iter())
.map(|(od_5, zkproof)| od_5.into_output_description(zkproof))
.collect();
Ok((
value_balance,
shielded_spends,
shielded_outputs,
binding_sig,
))
}
pub fn write<W: Write>(&self, mut writer: W) -> io::Result<()> {
self.version.write(&mut writer)?;

2
zcash_primitives/src/transaction/sighash.rs
View File

@ -127,7 +127,7 @@ fn joinsplits_hash(
) -> Blake2bHash {
let mut data = Vec::with_capacity(
joinsplits.len()
* if txversion.uses_groth_proofs() {
* if txversion.has_sapling() {
1698 // JSDescription with Groth16 proof
} else {
1802 // JSDescription with PHGR13 proof

4
zcash_primitives/src/transaction/util/sha256d.rs
View File

@ -16,6 +16,10 @@ impl<R: Read> HashReader<R> {
}
}
pub fn into_base_reader(self) -> R {
self.reader
}
/// Destroy this reader and return the hash of what was read.
pub fn into_hash(self) -> Output<Sha256> {
Sha256::digest(&self.hasher.finalize())