* export proptest impls for use in downstream crates
* add testjob for disabled feature in zebra-chain
* run rustfmt
* try to fix github actions syntax
* differentiate name
* prove that github action tests zebra-chain build without features
* revert change from last commit now that test is running
* remove accidentally introduced newline
* Update .github/workflows/ci.yml
Co-authored-by: Deirdre Connolly <deirdre@zfnd.org>
Co-authored-by: Deirdre Connolly <deirdre@zfnd.org>
* Implement sighash
* move sighash logic to a separate module
* start filling in more of the alg
* start setting up a test case
* make the test useful
* Iter transaction inputs
* better error message for expect
* add support for zip243 sighash
* ohey first testvector is passing, yayyy
* pass the second testvector
* add last testvector
* move a use statement
* use common deserialization code for amount everywhere
* cleanup attributes
* bring in fixed preimage
* fix discrepancy with spec
* always deserialize as a signed value
* Update zebra-chain/src/transaction/sighash.rs
* update unreachable statements
* add serialization impls for nonnegative amounts
* Apply suggestions from code review
* document sighash fn
* tweek docs
* fix mistake in translation for zip243
* consistent error messages
* reorder because i like it more that way
* document more panics
* Update zebra-chain/src/amount.rs
* Add comment regarding the serialization of spend descriptions in sighash
Co-authored-by: teor <teor@riseup.net>
Co-authored-by: Deirdre Connolly <deirdre@zfnd.org>
The ShieldedData container for the spend and output descriptions of a
transaction does *not* move, because it's encoding transaction
structure. A good sign that this is the right factoring is that the
transaction module now only needs to pull in sapling::{Spend, Output}
and not all the internals.
* chain: add Transaction::is_coinbase()
This matches the check in zcashd/src/primitives/transaction.h:682
(CTransaction::IsCoinBase).
* chain: correct Block::is_coinbase_first
This matches zcashd/src/main.cpp:3968-3974 in CheckBlock.
Previously, the check allowed the first transaction to have multiple coinbase inputs.
* chain: return slices from Transaction::inputs()/outputs()
They're slices internally so we might as well just expose them that way.
The CoinbaseData field can only be constructed by the transaction parser, so we
can ensure that a coinbase input is always serializable, as CoinbaseData
instances can't be constructed outside of the parser that maintains the data
size invariant.
Because we represent each transaction version as a different variant of the
Transaction enum, we end up in a situation where fields that are common to
different transaction versions are awkward to access, requiring a match
statement with identical match arms.
To fix this, this commit adds the following convenience methods:
* `Transaction::inputs() -> impl Iterator<Item=&TransparentInput>`;
* `Transaction::outputs() -> impl Iterator<Item=&TransparentOutput>`;
* `Transaction::lock_time() -> LockTime`;
* `Transaction::expiry_height() -> Option<ExpiryHeight>`;
The last returns an `Option` because the field is only present in V3 and V4
transactions.
There are some remaining fields that do not get common accessors, because it
probably doesn't make sense to access independently of knowing the transaction
version: `joinsplit_data`, `shielded_data`, `value_balance`.
In the previous transaction modeling I defined the structs so that the number
of old and new commitments for a JoinSplit were variable, when in fact the
Sprout design fixes both to be 2. So now they are hardcoded as 2 in the source
code as well. This commit also fixes some missing `pub` fields on the
`JoinSplit` struct.
* Added a few more top-level fields for the Transaction struct
* Add a placeholder Script type.
This could alternately use bytes::Bytes to save some allocations
but I don't think this is important to get perfectly now. In the future, we
will want to have all of the script handling code in the zebra-script crate,
but we will need to have a container type for an encoded script in zebra-chain,
because otherwise zebra-chain would depend on zebra-script and not the other
way around.
* Rename Transaction{Input,Output} -> Transparent{Input,Output}.
These are only *transparent* inputs and outputs, so by putting Transparent in
the name (instead of Transaction) it's more clear that a transaction's inputs
or outputs can also be shielded.
* Add a LockTime enum.
* First attempt at a Transaction enum.
This attempts to map the versioning and field presence rules into an ADT, so
that structurally invalid transactions (e.g., a BCTV14 proof in a Sapling
transaction) are unrepresentable.
* Update zebra-chain/src/transaction.rs
Co-Authored-By: Daira Hopwood <daira@jacaranda.org>
* Add fixme note on type refinement.
* Rename Transaction variants according to version.
* Split transaction.rs into submodules.
* Start filling in spend, output descriptions.
* Progress on JoinSplit data structures.
This has a lot of duplication and should really use generics to abstract over
Sprout-on-BCTV14 or Sprout-on-Groth16.
* Add data types for Bctv14 and Groth16 proofs.
This also adds a trait to abstract over them.
* Make JoinSplit descriptions generic over the proof system.
* Update zebra-chain/src/transaction/joinsplit.rs