zecfoundation
/
zebra
mirror of https://github.com/ZcashFoundation/zebra.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
zebra/zebra-consensus/src/transaction/check.rs

153 lines
5.1 KiB
Rust
Raw Normal View History

consensus: fix bug in coinbase joinsplit/spend check This function caused spurious "WrongVersion" errors, because the match pattern in the first arm was non-exhaustive, but the fallthrough match arm was present and assumed it would only be reached if the version was incorrect. This commit cleans up the implemenation, splits out the error variants, and renames the check to be more precise. To avoid this kind of bug in the future, two guidelines are useful: 1. Avoid fallthrough cases that circumvent non-exhaustive match checks; 2. Avoid nested conditionals, preferring a "straight-line" sequence of match arm => result pairs rather than nested matches or matches with conditionals inside.
2020-11-19 19:06:10 -08:00
//! Transaction checks.
//!
//! Code in this file can freely assume that no pre-V4 transactions are present.
consensus: add transaction::check module
2020-10-16 14:40:00 -07:00
use zebra_chain::{
Refactor Sapling data and use it in V4 (#1946) * start refactoring transaction v4 for transaction v5 - move ShieldedData to sapling - add AnchorVariant - rename shielded_data to sapling_shielded data in V4 - move value_balance into ShieldedData - update prop tests for new structure * add AnchorVariant to Spend - make anchor types available from sapling crate - update serialize * change shielded_balances_match() arguments * change variable name anchor to shared_anchor in ShieldedData * fix empty value balance serialization * use AnchorV in shielded spends * Rename anchor to per_spend_anchor * Use nullifiers function directly in non-finalized state * Use self.value_balance instead of passing it as an argument * Add missing fields to ShieldedData PartialEq * Derive Copy for tag types * Add doc comments for ShieldedData refactor * Implement a per-spend anchor compatibility iterator Co-authored-by: teor <teor@riseup.net>
2021-03-31 14:34:25 -07:00
sapling::{AnchorVariant, Output, PerSpendAnchor, ShieldedData, Spend},
transaction::Transaction,
consensus: add transaction::check module
2020-10-16 14:40:00 -07:00
};
Dedupe VerifyTransactionError into TransactionError
2020-10-26 23:42:27 -07:00
use crate::error::TransactionError;
consensus: add transaction::check module
2020-10-16 14:40:00 -07:00
consensus: fix bug in tx input/output presence check Making this check's match statement exhaustive revealed a bug similar to the previous commit. The logic in the spec is written in terms of numbers, but our data is internally represented in terms of enums (ADTs). This kind of cross-representation rule translation is a bug surface, which we can avoid by converting to counts and summing up. (We should use one style at a time).
2020-11-19 19:13:52 -08:00
/// Checks that the transaction has inputs and outputs.
///
/// More specifically:
///
/// * at least one of tx_in_count, nShieldedSpend, and nJoinSplit MUST be non-zero.
/// * at least one of tx_out_count, nShieldedOutput, and nJoinSplit MUST be non-zero.
consensus: add transaction::check module
2020-10-16 14:40:00 -07:00
///
replace canopy.pdf with protocol.pdf
2021-03-02 11:35:13 -08:00
/// https://zips.z.cash/protocol/protocol.pdf#txnencodingandconsensus
consensus: fix bug in tx input/output presence check Making this check's match statement exhaustive revealed a bug similar to the previous commit. The logic in the spec is written in terms of numbers, but our data is internally represented in terms of enums (ADTs). This kind of cross-representation rule translation is a bug surface, which we can avoid by converting to counts and summing up. (We should use one style at a time).
2020-11-19 19:13:52 -08:00
pub fn has_inputs_and_outputs(tx: &Transaction) -> Result<(), TransactionError> {
// The consensus rule is written in terms of numbers, but our transactions
// hold enum'd data. Mixing pattern matching and numerical checks is risky,
// so convert everything to counts and sum up.
consensus: add transaction::check module
2020-10-16 14:40:00 -07:00
match tx {
Transaction::V4 {
inputs,
consensus: fix bug in tx input/output presence check Making this check's match statement exhaustive revealed a bug similar to the previous commit. The logic in the spec is written in terms of numbers, but our data is internally represented in terms of enums (ADTs). This kind of cross-representation rule translation is a bug surface, which we can avoid by converting to counts and summing up. (We should use one style at a time).
2020-11-19 19:13:52 -08:00
outputs,
joinsplit_data,
Refactor Sapling data and use it in V4 (#1946) * start refactoring transaction v4 for transaction v5 - move ShieldedData to sapling - add AnchorVariant - rename shielded_data to sapling_shielded data in V4 - move value_balance into ShieldedData - update prop tests for new structure * add AnchorVariant to Spend - make anchor types available from sapling crate - update serialize * change shielded_balances_match() arguments * change variable name anchor to shared_anchor in ShieldedData * fix empty value balance serialization * use AnchorV in shielded spends * Rename anchor to per_spend_anchor * Use nullifiers function directly in non-finalized state * Use self.value_balance instead of passing it as an argument * Add missing fields to ShieldedData PartialEq * Derive Copy for tag types * Add doc comments for ShieldedData refactor * Implement a per-spend anchor compatibility iterator Co-authored-by: teor <teor@riseup.net>
2021-03-31 14:34:25 -07:00
sapling_shielded_data,
consensus: add transaction::check module
2020-10-16 14:40:00 -07:00
..
} => {
consensus: fix bug in tx input/output presence check Making this check's match statement exhaustive revealed a bug similar to the previous commit. The logic in the spec is written in terms of numbers, but our data is internally represented in terms of enums (ADTs). This kind of cross-representation rule translation is a bug surface, which we can avoid by converting to counts and summing up. (We should use one style at a time).
2020-11-19 19:13:52 -08:00
let tx_in_count = inputs.len();
let tx_out_count = outputs.len();
let n_joinsplit = joinsplit_data
.as_ref()
.map(|d| d.joinsplits().count())
.unwrap_or(0);
Refactor Sapling data and use it in V4 (#1946) * start refactoring transaction v4 for transaction v5 - move ShieldedData to sapling - add AnchorVariant - rename shielded_data to sapling_shielded data in V4 - move value_balance into ShieldedData - update prop tests for new structure * add AnchorVariant to Spend - make anchor types available from sapling crate - update serialize * change shielded_balances_match() arguments * change variable name anchor to shared_anchor in ShieldedData * fix empty value balance serialization * use AnchorV in shielded spends * Rename anchor to per_spend_anchor * Use nullifiers function directly in non-finalized state * Use self.value_balance instead of passing it as an argument * Add missing fields to ShieldedData PartialEq * Derive Copy for tag types * Add doc comments for ShieldedData refactor * Implement a per-spend anchor compatibility iterator Co-authored-by: teor <teor@riseup.net>
2021-03-31 14:34:25 -07:00
let n_shielded_spend = sapling_shielded_data
consensus: fix bug in tx input/output presence check Making this check's match statement exhaustive revealed a bug similar to the previous commit. The logic in the spec is written in terms of numbers, but our data is internally represented in terms of enums (ADTs). This kind of cross-representation rule translation is a bug surface, which we can avoid by converting to counts and summing up. (We should use one style at a time).
2020-11-19 19:13:52 -08:00
.as_ref()
.map(|d| d.spends().count())
.unwrap_or(0);
Refactor Sapling data and use it in V4 (#1946) * start refactoring transaction v4 for transaction v5 - move ShieldedData to sapling - add AnchorVariant - rename shielded_data to sapling_shielded data in V4 - move value_balance into ShieldedData - update prop tests for new structure * add AnchorVariant to Spend - make anchor types available from sapling crate - update serialize * change shielded_balances_match() arguments * change variable name anchor to shared_anchor in ShieldedData * fix empty value balance serialization * use AnchorV in shielded spends * Rename anchor to per_spend_anchor * Use nullifiers function directly in non-finalized state * Use self.value_balance instead of passing it as an argument * Add missing fields to ShieldedData PartialEq * Derive Copy for tag types * Add doc comments for ShieldedData refactor * Implement a per-spend anchor compatibility iterator Co-authored-by: teor <teor@riseup.net>
2021-03-31 14:34:25 -07:00
let n_shielded_output = sapling_shielded_data
consensus: fix bug in tx input/output presence check Making this check's match statement exhaustive revealed a bug similar to the previous commit. The logic in the spec is written in terms of numbers, but our data is internally represented in terms of enums (ADTs). This kind of cross-representation rule translation is a bug surface, which we can avoid by converting to counts and summing up. (We should use one style at a time).
2020-11-19 19:13:52 -08:00
.as_ref()
.map(|d| d.outputs().count())
.unwrap_or(0);
if tx_in_count + n_shielded_spend + n_joinsplit == 0 {
Err(TransactionError::NoInputs)
} else if tx_out_count + n_shielded_output + n_joinsplit == 0 {
Err(TransactionError::NoOutputs)
consensus: add transaction::check module
2020-10-16 14:40:00 -07:00
} else {
consensus: fix bug in tx input/output presence check Making this check's match statement exhaustive revealed a bug similar to the previous commit. The logic in the spec is written in terms of numbers, but our data is internally represented in terms of enums (ADTs). This kind of cross-representation rule translation is a bug surface, which we can avoid by converting to counts and summing up. (We should use one style at a time).
2020-11-19 19:13:52 -08:00
Ok(())
consensus: add transaction::check module
2020-10-16 14:40:00 -07:00
}
}
consensus: fix bug in tx input/output presence check Making this check's match statement exhaustive revealed a bug similar to the previous commit. The logic in the spec is written in terms of numbers, but our data is internally represented in terms of enums (ADTs). This kind of cross-representation rule translation is a bug surface, which we can avoid by converting to counts and summing up. (We should use one style at a time).
2020-11-19 19:13:52 -08:00
Transaction::V1 { .. } | Transaction::V2 { .. } | Transaction::V3 { .. } => {
unreachable!("tx version is checked first")
}
Add transaction version 5 stubs (#1824) * add transaction V5 stub * add v5_strategy * deduplicate version group ids * Update comment for V5 transactions * Add V5 transactions to non_finalized_state Currently these are all `unimplemented!(...)` * Fix struct matches * Apply trivial panic message changes * add zcash_deserialize for V5 * make all tx versions explicit in sprout and sapling nullifier functions * match exhaustively in sprout and sapling nullifier functions * fix matches in zebra-consensus * fix NU5 strategy * We're still deciding if v5 transactions support Sprout Co-authored-by: teor <teor@riseup.net>
2021-03-03 13:56:41 -08:00
Transaction::V5 { .. } => {
unimplemented!("v5 transaction format as specified in ZIP-225")
}
consensus: add transaction::check module
2020-10-16 14:40:00 -07:00
}
}
Add shielded_balances_match check
2020-10-16 13:54:14 -07:00
/// Check that if there are no Spends or Outputs, that valueBalance is also 0.
///
replace canopy.pdf with protocol.pdf
2021-03-02 11:35:13 -08:00
/// https://zips.z.cash/protocol/protocol.pdf#consensusfrombitcoin
Refactor Sapling data and use it in V4 (#1946) * start refactoring transaction v4 for transaction v5 - move ShieldedData to sapling - add AnchorVariant - rename shielded_data to sapling_shielded data in V4 - move value_balance into ShieldedData - update prop tests for new structure * add AnchorVariant to Spend - make anchor types available from sapling crate - update serialize * change shielded_balances_match() arguments * change variable name anchor to shared_anchor in ShieldedData * fix empty value balance serialization * use AnchorV in shielded spends * Rename anchor to per_spend_anchor * Use nullifiers function directly in non-finalized state * Use self.value_balance instead of passing it as an argument * Add missing fields to ShieldedData PartialEq * Derive Copy for tag types * Add doc comments for ShieldedData refactor * Implement a per-spend anchor compatibility iterator Co-authored-by: teor <teor@riseup.net>
2021-03-31 14:34:25 -07:00
pub fn shielded_balances_match<AnchorV>(
shielded_data: &ShieldedData<AnchorV>,
) -> Result<(), TransactionError>
where
AnchorV: AnchorVariant + Clone,
{
Make Clippy happy
2020-10-19 23:26:33 -07:00
if (shielded_data.spends().count() + shielded_data.outputs().count() != 0)
Refactor Sapling data and use it in V4 (#1946) * start refactoring transaction v4 for transaction v5 - move ShieldedData to sapling - add AnchorVariant - rename shielded_data to sapling_shielded data in V4 - move value_balance into ShieldedData - update prop tests for new structure * add AnchorVariant to Spend - make anchor types available from sapling crate - update serialize * change shielded_balances_match() arguments * change variable name anchor to shared_anchor in ShieldedData * fix empty value balance serialization * use AnchorV in shielded spends * Rename anchor to per_spend_anchor * Use nullifiers function directly in non-finalized state * Use self.value_balance instead of passing it as an argument * Add missing fields to ShieldedData PartialEq * Derive Copy for tag types * Add doc comments for ShieldedData refactor * Implement a per-spend anchor compatibility iterator Co-authored-by: teor <teor@riseup.net>
2021-03-31 14:34:25 -07:00
|| i64::from(shielded_data.value_balance) == 0
Make Clippy happy
2020-10-19 23:26:33 -07:00
{
Ok(())
Add shielded_balances_match check
2020-10-16 13:54:14 -07:00
} else {
Dedupe VerifyTransactionError into TransactionError
2020-10-26 23:42:27 -07:00
Err(TransactionError::BadBalance)
Add shielded_balances_match check
2020-10-16 13:54:14 -07:00
}
}
Add coinbase shielded descriptions check
2020-10-13 23:10:18 -07:00
/// Check that a coinbase tx does not have any JoinSplit or Spend descriptions.
///
replace canopy.pdf with protocol.pdf
2021-03-02 11:35:13 -08:00
/// https://zips.z.cash/protocol/protocol.pdf#txnencodingandconsensus
consensus: fix bug in coinbase joinsplit/spend check This function caused spurious "WrongVersion" errors, because the match pattern in the first arm was non-exhaustive, but the fallthrough match arm was present and assumed it would only be reached if the version was incorrect. This commit cleans up the implemenation, splits out the error variants, and renames the check to be more precise. To avoid this kind of bug in the future, two guidelines are useful: 1. Avoid fallthrough cases that circumvent non-exhaustive match checks; 2. Avoid nested conditionals, preferring a "straight-line" sequence of match arm => result pairs rather than nested matches or matches with conditionals inside.
2020-11-19 19:06:10 -08:00
pub fn coinbase_tx_no_joinsplit_or_spend(tx: &Transaction) -> Result<(), TransactionError> {
if tx.is_coinbase() {
match tx {
// Check if there is any JoinSplitData.
Transaction::V4 {
joinsplit_data: Some(_),
..
} => Err(TransactionError::CoinbaseHasJoinSplit),
// The ShieldedData contains both Spends and Outputs, and Outputs
// are allowed post-Heartwood, so we have to count Spends.
Transaction::V4 {
Refactor Sapling data and use it in V4 (#1946) * start refactoring transaction v4 for transaction v5 - move ShieldedData to sapling - add AnchorVariant - rename shielded_data to sapling_shielded data in V4 - move value_balance into ShieldedData - update prop tests for new structure * add AnchorVariant to Spend - make anchor types available from sapling crate - update serialize * change shielded_balances_match() arguments * change variable name anchor to shared_anchor in ShieldedData * fix empty value balance serialization * use AnchorV in shielded spends * Rename anchor to per_spend_anchor * Use nullifiers function directly in non-finalized state * Use self.value_balance instead of passing it as an argument * Add missing fields to ShieldedData PartialEq * Derive Copy for tag types * Add doc comments for ShieldedData refactor * Implement a per-spend anchor compatibility iterator Co-authored-by: teor <teor@riseup.net>
2021-03-31 14:34:25 -07:00
sapling_shielded_data: Some(sapling_shielded_data),
consensus: fix bug in coinbase joinsplit/spend check This function caused spurious "WrongVersion" errors, because the match pattern in the first arm was non-exhaustive, but the fallthrough match arm was present and assumed it would only be reached if the version was incorrect. This commit cleans up the implemenation, splits out the error variants, and renames the check to be more precise. To avoid this kind of bug in the future, two guidelines are useful: 1. Avoid fallthrough cases that circumvent non-exhaustive match checks; 2. Avoid nested conditionals, preferring a "straight-line" sequence of match arm => result pairs rather than nested matches or matches with conditionals inside.
2020-11-19 19:06:10 -08:00
..
Refactor Sapling data and use it in V4 (#1946) * start refactoring transaction v4 for transaction v5 - move ShieldedData to sapling - add AnchorVariant - rename shielded_data to sapling_shielded data in V4 - move value_balance into ShieldedData - update prop tests for new structure * add AnchorVariant to Spend - make anchor types available from sapling crate - update serialize * change shielded_balances_match() arguments * change variable name anchor to shared_anchor in ShieldedData * fix empty value balance serialization * use AnchorV in shielded spends * Rename anchor to per_spend_anchor * Use nullifiers function directly in non-finalized state * Use self.value_balance instead of passing it as an argument * Add missing fields to ShieldedData PartialEq * Derive Copy for tag types * Add doc comments for ShieldedData refactor * Implement a per-spend anchor compatibility iterator Co-authored-by: teor <teor@riseup.net>
2021-03-31 14:34:25 -07:00
} if sapling_shielded_data.spends().count() > 0 => {
Err(TransactionError::CoinbaseHasSpend)
}
consensus: fix bug in coinbase joinsplit/spend check This function caused spurious "WrongVersion" errors, because the match pattern in the first arm was non-exhaustive, but the fallthrough match arm was present and assumed it would only be reached if the version was incorrect. This commit cleans up the implemenation, splits out the error variants, and renames the check to be more precise. To avoid this kind of bug in the future, two guidelines are useful: 1. Avoid fallthrough cases that circumvent non-exhaustive match checks; 2. Avoid nested conditionals, preferring a "straight-line" sequence of match arm => result pairs rather than nested matches or matches with conditionals inside.
2020-11-19 19:06:10 -08:00
Transaction::V4 { .. } => Ok(()),
Transaction::V1 { .. } | Transaction::V2 { .. } | Transaction::V3 { .. } => {
unreachable!("tx version is checked first")
Add coinbase shielded descriptions check
2020-10-13 23:10:18 -07:00
}
Add transaction version 5 stubs (#1824) * add transaction V5 stub * add v5_strategy * deduplicate version group ids * Update comment for V5 transactions * Add V5 transactions to non_finalized_state Currently these are all `unimplemented!(...)` * Fix struct matches * Apply trivial panic message changes * add zcash_deserialize for V5 * make all tx versions explicit in sprout and sapling nullifier functions * match exhaustively in sprout and sapling nullifier functions * fix matches in zebra-consensus * fix NU5 strategy * We're still deciding if v5 transactions support Sprout Co-authored-by: teor <teor@riseup.net>
2021-03-03 13:56:41 -08:00
Transaction::V5 { .. } => {
unimplemented!("v5 coinbase validation as specified in ZIP-225 and the draft spec")
}
Add coinbase shielded descriptions check
2020-10-13 23:10:18 -07:00
}
consensus: fix bug in coinbase joinsplit/spend check This function caused spurious "WrongVersion" errors, because the match pattern in the first arm was non-exhaustive, but the fallthrough match arm was present and assumed it would only be reached if the version was incorrect. This commit cleans up the implemenation, splits out the error variants, and renames the check to be more precise. To avoid this kind of bug in the future, two guidelines are useful: 1. Avoid fallthrough cases that circumvent non-exhaustive match checks; 2. Avoid nested conditionals, preferring a "straight-line" sequence of match arm => result pairs rather than nested matches or matches with conditionals inside.
2020-11-19 19:06:10 -08:00
} else {
Ok(())
Add coinbase shielded descriptions check
2020-10-13 23:10:18 -07:00
}
}
Merge pull request #1713 from ZcashFoundation/use-groth16-batch-math Use batch optimizations, load params in groth16::Verifier, verify Spend & Output descriptions in transaction verifier
2021-03-24 09:28:25 -07:00
/// Check that a Spend description's cv and rk are not of small order,
/// i.e. [h_J]cv MUST NOT be 𝒪_J and [h_J]rk MUST NOT be 𝒪_J.
///
/// https://zips.z.cash/protocol/protocol.pdf#spenddesc
Refactor Sapling data and use it in V4 (#1946) * start refactoring transaction v4 for transaction v5 - move ShieldedData to sapling - add AnchorVariant - rename shielded_data to sapling_shielded data in V4 - move value_balance into ShieldedData - update prop tests for new structure * add AnchorVariant to Spend - make anchor types available from sapling crate - update serialize * change shielded_balances_match() arguments * change variable name anchor to shared_anchor in ShieldedData * fix empty value balance serialization * use AnchorV in shielded spends * Rename anchor to per_spend_anchor * Use nullifiers function directly in non-finalized state * Use self.value_balance instead of passing it as an argument * Add missing fields to ShieldedData PartialEq * Derive Copy for tag types * Add doc comments for ShieldedData refactor * Implement a per-spend anchor compatibility iterator Co-authored-by: teor <teor@riseup.net>
2021-03-31 14:34:25 -07:00
pub fn spend_cv_rk_not_small_order(spend: &Spend<PerSpendAnchor>) -> Result<(), TransactionError> {
Merge pull request #1713 from ZcashFoundation/use-groth16-batch-math Use batch optimizations, load params in groth16::Verifier, verify Spend & Output descriptions in transaction verifier
2021-03-24 09:28:25 -07:00
if bool::from(spend.cv.0.is_small_order())
|| bool::from(
jubjub::AffinePoint::from_bytes(spend.rk.into())
.unwrap()
.is_small_order(),
)
{
Err(TransactionError::SmallOrder)
} else {
Ok(())
}
}
/// Check that a Output description's cv and epk are not of small order,
/// i.e. [h_J]cv MUST NOT be 𝒪_J and [h_J]epk MUST NOT be 𝒪_J.
///
/// https://zips.z.cash/protocol/protocol.pdf#outputdesc
pub fn output_cv_epk_not_small_order(output: &Output) -> Result<(), TransactionError> {
if bool::from(output.cv.0.is_small_order())
|| bool::from(
jubjub::AffinePoint::from_bytes(output.ephemeral_key.into())
.unwrap()
.is_small_order(),
)
{
Err(TransactionError::SmallOrder)
} else {
Ok(())
}
}