zcash_primitives: Move `builder` module to `zcash_primitives::sapling`

zcash_client_backend/src/data_api/error.rs

@@ -6,9 +6,10 @@ use std::fmt::{self, Debug, Display};
 use shardtree::error::ShardTreeError;
 use zcash_primitives::transaction::components::amount::NonNegativeAmount;
 use zcash_primitives::{
+    sapling,
     transaction::{
         builder,
-        components::{amount::BalanceError, sapling, transparent},
+        components::{amount::BalanceError, transparent},
     },
     zip32::AccountId,
 };

zcash_primitives/CHANGELOG.md

@@ -11,6 +11,13 @@ and this library adheres to Rust's notion of
 - `zcash_primitives::sapling`:
   - `BatchValidator` (moved from `zcash_proofs::sapling`).
   - `SaplingVerificationContext` (moved from `zcash_proofs::sapling`).
+  - `builder` (moved from
+    `zcash_primitives::transaction::components::sapling::builder`).
+  - `builder::UnauthorizedBundle`
+  - `builder::InProgress`
+  - `builder::{InProgressProofs, Unproven, Proven}`
+  - `builder::{InProgressSignatures, Unsigned, PartiallyAuthorized}`
+  - `builder::{MaybeSigned, SigningParts}`
   - `circuit` module (moved from `zcash_proofs::circuit::sapling`).
   - `circuit::{SpendParameters, OutputParameters}`
   - `circuit::{SpendVerifyingKey, PreparedSpendVerifyingKey}`
@@ -25,11 +32,6 @@ and this library adheres to Rust's notion of
 - `zcash_primitives::transaction`:
   - `builder::get_fee`
   - `components::sapling`:
-    - `builder::UnauthorizedBundle`
-    - `builder::InProgress`
-    - `builder::{InProgressProofs, Unproven, Proven}`
-    - `builder::{InProgressSignatures, Unsigned, PartiallyAuthorized}`
-    - `builder::{MaybeSigned, SigningParts}`
     - `Bundle::<InProgress<Unproven, _>>::create_proofs`
     - `Bundle::<InProgress<_, Unsigned>>::prepare`
     - `Bundle::<InProgress<_, PartiallyAuthorized>>::{sign, append_signatures}`
@@ -70,6 +72,16 @@ and this library adheres to Rust's notion of
     newtypes.
   - `address::PaymentAddress::create_note` now takes its `value` argument as a
     `NoteValue` instead of as a bare `u64`.
+  - `builder::SaplingBuilder::add_spend` now takes `extsk` by reference.
+  - `builder::SaplingBuilder::build` no longer takes a prover, proving context,
+    or progress notifier. Instead, it has `SpendProver, OutputProver` generic
+    parameters and returns `(UnauthorizedBundle, SaplingMetadata)`. The caller
+    can then use `Bundle::<InProgress<Unproven, _>>::create_proofs` to create
+    spend and output proofs for the bundle.
+  - `builder::Error` has new error variants:
+    - `Error::DuplicateSignature`
+    - `Error::InvalidExternalSignature`
+    - `Error::MissingSignatures`
   - `circuit::ValueCommitmentOpening::value` is now represented as a `NoteValue`
     instead of as a bare `u64`.
 - `zcash_primitives::transaction`:
@@ -77,16 +89,6 @@ and this library adheres to Rust's notion of
     `&impl SpendProver, &impl OutputProver` instead of `&impl TxProver`.
   - `components::sapling`:
     - `MapAuth` trait methods now take `&mut self` instead of `&self`.
-    - `builder::SaplingBuilder::add_spend` now takes `extsk` by reference.
-    - `builder::SaplingBuilder::build` no longer takes a prover, proving context,
-      or progress notifier. Instead, it has `SpendProver, OutputProver` generic
-      parameters and returns `(UnauthorizedBundle, SaplingMetadata)`. The caller
-      can then use `Bundle::<InProgress<Unproven, _>>::create_proofs` to create
-      spend and output proofs for the bundle.
-    - `builder::Error` has new error variants:
-      - `Error::DuplicateSignature`
-      - `Error::InvalidExternalSignature`
-      - `Error::MissingSignatures`
   - `components::transparent::TxOut.value` now has type `NonNegativeAmount`
     instead of `Amount`.
   - `Unauthorized::SaplingAuth` now has type `InProgress<Proven, Unsigned>`.
@@ -113,6 +115,7 @@ and this library adheres to Rust's notion of
   - All `const` values (moved to `zcash_primitives::sapling::constants`).
 - `zcash_primitives::transaction::components::sapling`:
   - `Unproven`
+  - `builder` (moved to `zcash_primitives::sapling::builder`).
   - `builder::Unauthorized` (use `builder::InProgress` instead).
   - `SpendDescription::<Unauthorized>::apply_signature`
   - `Bundle::<Unauthorized>::apply_signatures` (use

zcash_primitives/benches/note_decryption.rs

@@ -8,6 +8,7 @@ use zcash_primitives::{
     consensus::{NetworkUpgrade::Canopy, Parameters, TEST_NETWORK},
     memo::MemoBytes,
     sapling::{
+        builder::SaplingBuilder,
         note_encryption::{
             try_sapling_compact_note_decryption, try_sapling_note_decryption,
             PreparedIncomingViewingKey, SaplingDomain,
@@ -16,7 +17,7 @@ use zcash_primitives::{
         value::NoteValue,
         Diversifier, SaplingIvk,
     },
-    transaction::components::sapling::{builder::SaplingBuilder, CompactOutputDescription},
+    transaction::components::sapling::CompactOutputDescription,
 };
 
 #[cfg(unix)]

zcash_primitives/src/sapling.rs

@@ -1,6 +1,7 @@
 //! Structs and constants specific to the Sapling shielded pool.
 
 mod address;
+pub mod builder;
 pub mod circuit;
 pub mod constants;
 pub mod group_hash;

zcash_primitives/src/sapling/builder.rs

@@ -147,17 +147,17 @@ impl SpendDescriptionInfo {
         )
         .ok_or(Error::SpendProof)?;
 
-        Ok(SpendDescription {
+        Ok(SpendDescription::from_parts(
             cv,
             anchor,
             nullifier,
             rk,
             zkproof,
-            spend_auth_sig: SigningParts {
+            SigningParts {
                 ak,
                 alpha: self.alpha,
             },
-        })
+        ))
     }
 }
 
@@ -248,14 +248,14 @@ impl SaplingOutputInfo {
 
         let epk = encryptor.epk();
 
-        OutputDescription {
+        OutputDescription::from_parts(
             cv,
             cmu,
-            ephemeral_key: epk.to_bytes(),
+            epk.to_bytes(),
             enc_ciphertext,
             out_ciphertext,
             zkproof,
-        }
+        )
     }
 }
 
@@ -341,7 +341,7 @@ impl<P> SaplingBuilder<P> {
     ///
     /// This may be larger than the number of outputs that have been added to the builder,
     /// depending on whether padding is going to be applied.
-    pub(in crate::transaction) fn bundle_output_count(&self) -> usize {
+    pub(crate) fn bundle_output_count(&self) -> usize {
         // This matches the padding behaviour in `Self::build`.
         match self.spends.len() {
             0 => self.outputs.len(),
@@ -529,15 +529,15 @@ impl<P: consensus::Parameters> SaplingBuilder<P> {
             None
         } else {
             Some((
-                Bundle {
+                Bundle::from_parts(
                     shielded_spends,
                     shielded_outputs,
                     value_balance,
-                    authorization: InProgress {
+                    InProgress {
                         sigs: Unsigned { bsk },
                         _proof_state: PhantomData::default(),
                     },
-                },
+                ),
                 tx_metadata,
             ))
         };
@@ -676,7 +676,8 @@ impl<S: InProgressSignatures> Bundle<InProgress<Unproven, S>> {
         rng: impl RngCore,
         progress_notifier: Option<&Sender<Progress>>,
     ) -> Bundle<InProgress<Proven, S>> {
-        let total_progress = self.shielded_spends.len() as u32 + self.shielded_outputs.len() as u32;
+        let total_progress =
+            self.shielded_spends().len() as u32 + self.shielded_outputs().len() as u32;
         self.map_authorization(CreateProofs::new(
             spend_prover,
             output_prover,
@@ -803,7 +804,7 @@ impl<P: InProgressProofs> Bundle<InProgress<P, PartiallyAuthorized>> {
     /// This will apply signatures for all notes controlled by this spending key.
     pub fn sign<R: RngCore + CryptoRng>(self, mut rng: R, ask: &PrivateKey) -> Self {
         let expected_ak = PublicKey::from_private(ask, SPENDING_KEY_GENERATOR);
-        let sighash = self.authorization.sigs.sighash;
+        let sighash = self.authorization().sigs.sighash;
         self.map_authorization((
             |proof| proof,
             |proof| proof,
@@ -827,7 +828,7 @@ impl<P: InProgressProofs> Bundle<InProgress<P, PartiallyAuthorized>> {
     }
 
     fn append_signature(self, signature: &Signature) -> Result<Self, Error> {
-        let sighash = self.authorization.sigs.sighash;
+        let sighash = self.authorization().sigs.sighash;
         let mut signature_valid_for = 0usize;
         let bundle = self.map_authorization((
             |proof| proof,

zcash_primitives/src/sapling/value.rs

@@ -33,8 +33,8 @@
 //!
 //! [`Bundle`]: crate::transaction::components::sapling::Bundle
 //! [`Bundle::value_balance`]: crate::transaction::components::sapling::Bundle::value_balance
-//! [`SaplingBuilder::value_balance`]: crate::transaction::components::sapling::builder::SaplingBuilder::value_balance
-//! [`SaplingBuilder::add_output`]: crate::transaction::components::sapling::builder::SaplingBuilder::add_output
+//! [`SaplingBuilder::value_balance`]: crate::sapling::builder::SaplingBuilder::value_balance
+//! [`SaplingBuilder::add_output`]: crate::sapling::builder::SaplingBuilder::add_output
 //! [Rust documentation]: https://doc.rust-lang.org/stable/std/primitive.i64.html
 
 use bitvec::{array::BitArray, order::Lsb0};

zcash_primitives/src/transaction/builder.rs

@@ -14,16 +14,14 @@ use crate::{
     memo::MemoBytes,
     sapling::{
         self,
+        builder::{self as sapling_builder, SaplingBuilder, SaplingMetadata},
         prover::{OutputProver, SpendProver},
         redjubjub, Diversifier, Note, PaymentAddress,
     },
     transaction::{
         components::{
             amount::{Amount, BalanceError},
-            sapling::{
-                builder::{self as sapling_builder, SaplingBuilder, SaplingMetadata},
-                fees as sapling_fees,
-            },
+            sapling::fees as sapling_fees,
             transparent::{self, builder::TransparentBuilder},
         },
         fees::FeeRule,

zcash_primitives/src/transaction/components/sapling.rs

@@ -24,7 +24,6 @@ use super::{amount::Amount, GROTH_PROOF_SIZE};
 
 pub type GrothProofBytes = [u8; GROTH_PROOF_SIZE];
 
-pub mod builder;
 pub mod fees;
 
 /// Defines the authorization type of a Sapling bundle.
@@ -341,6 +340,17 @@ impl<A: Authorization> SpendDescription<A> {
         rk: PublicKey,
         zkproof: A::SpendProof,
         spend_auth_sig: A::AuthSig,
+    ) -> Self {
+        Self::from_parts(cv, anchor, nullifier, rk, zkproof, spend_auth_sig)
+    }
+
+    pub(crate) fn from_parts(
+        cv: ValueCommitment,
+        anchor: bls12_381::Scalar,
+        nullifier: Nullifier,
+        rk: PublicKey,
+        zkproof: A::SpendProof,
+        spend_auth_sig: A::AuthSig,
     ) -> Self {
         Self {
             cv,
@@ -595,7 +605,6 @@ impl<Proof> OutputDescription<Proof> {
         )
     }
 
-    #[cfg(any(test, feature = "temporary-zcashd"))]
     pub(crate) fn from_parts(
         cv: ValueCommitment,
         cmu: ExtractedNoteCommitment,

zcash_primitives/src/transaction/mod.rs

@@ -24,7 +24,7 @@ use zcash_encoding::{Array, CompactSize, Vector};
 
 use crate::{
     consensus::{BlockHeight, BranchId},
-    sapling::redjubjub,
+    sapling::{builder as sapling_builder, redjubjub},
 };
 
 use self::{
@@ -276,7 +276,7 @@ pub struct Unauthorized;
 impl Authorization for Unauthorized {
     type TransparentAuth = transparent::builder::Unauthorized;
     type SaplingAuth =
-        sapling::builder::InProgress<sapling::builder::Proven, sapling::builder::Unsigned>;
+        sapling_builder::InProgress<sapling_builder::Proven, sapling_builder::Unsigned>;
     type OrchardAuth =
         orchard::builder::InProgress<orchard::builder::Unproven, orchard::builder::Unauthorized>;