valar-pczt 0.5.1

Valar Group fork of pczt with shielded-voting getters, maintained until the getters are upstreamed to zcash/librustzcash.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192

//! The Transaction Extractor role (anyone can execute).
//!
//! - Creates bindingSig and extracts the final transaction.

use core::marker::PhantomData;
use rand_core::OsRng;

use zcash_primitives::transaction::{
    Authorization, Transaction, TransactionData, TxVersion,
    sighash::{SignableInput, signature_hash},
    txid::TxIdDigester,
};
#[cfg(all(
    any(zcash_unstable = "nu7", zcash_unstable = "zfuture"),
    feature = "zip-233"
))]
use zcash_protocol::value::Zatoshis;
use zcash_protocol::{
    consensus::BranchId,
    constants::{V5_TX_VERSION, V5_VERSION_GROUP_ID},
};

use crate::{Pczt, common::determine_lock_time};

mod orchard;
pub use self::orchard::OrchardError;

mod sapling;
pub use self::sapling::SaplingError;

mod transparent;
pub use self::transparent::TransparentError;

pub struct TransactionExtractor<'a> {
    pczt: Pczt,
    sapling_vk: Option<(
        &'a ::sapling::circuit::SpendVerifyingKey,
        &'a ::sapling::circuit::OutputVerifyingKey,
    )>,
    orchard_vk: Option<&'a ::orchard::circuit::VerifyingKey>,
    _unused: PhantomData<&'a ()>,
}

impl<'a> TransactionExtractor<'a> {
    /// Instantiates the Transaction Extractor role with the given PCZT.
    pub fn new(pczt: Pczt) -> Self {
        Self {
            pczt,
            sapling_vk: None,
            orchard_vk: None,
            _unused: PhantomData,
        }
    }

    /// Provides the Sapling Spend and Output verifying keys for validating the Sapling
    /// proofs (if any).
    ///
    /// If not provided, and the PCZT has a Sapling bundle, [`Self::extract`] will return
    /// an error.
    pub fn with_sapling(
        mut self,
        spend_vk: &'a ::sapling::circuit::SpendVerifyingKey,
        output_vk: &'a ::sapling::circuit::OutputVerifyingKey,
    ) -> Self {
        self.sapling_vk = Some((spend_vk, output_vk));
        self
    }

    /// Provides an existing Orchard verifying key for validating the Orchard proof (if
    /// any).
    ///
    /// If not provided, and the PCZT has an Orchard bundle, an Orchard verifying key will
    /// be generated on the fly.
    pub fn with_orchard(mut self, orchard_vk: &'a ::orchard::circuit::VerifyingKey) -> Self {
        self.orchard_vk = Some(orchard_vk);
        self
    }

    /// Attempts to extract a valid transaction from the PCZT.
    pub fn extract(self) -> Result<Transaction, Error> {
        let Self {
            pczt,
            sapling_vk,
            orchard_vk,
            _unused,
        } = self;

        let version = match (pczt.global.tx_version, pczt.global.version_group_id) {
            (V5_TX_VERSION, V5_VERSION_GROUP_ID) => Ok(TxVersion::V5),
            (version, version_group_id) => Err(Error::Global(GlobalError::UnsupportedTxVersion {
                version,
                version_group_id,
            })),
        }?;

        let consensus_branch_id = BranchId::try_from(pczt.global.consensus_branch_id)
            .map_err(|_| Error::Global(GlobalError::UnknownConsensusBranchId))?;

        let lock_time = determine_lock_time(&pczt.global, &pczt.transparent.inputs)
            .ok_or(Error::IncompatibleLockTimes)?;

        let transparent_bundle =
            transparent::extract_bundle(pczt.transparent).map_err(Error::Transparent)?;
        let sapling_bundle = sapling::extract_bundle(pczt.sapling).map_err(Error::Sapling)?;
        let orchard_bundle = orchard::extract_bundle(pczt.orchard).map_err(Error::Orchard)?;

        let tx_data = TransactionData::<Unbound>::from_parts(
            version,
            consensus_branch_id,
            lock_time,
            pczt.global.expiry_height.into(),
            #[cfg(all(
                any(zcash_unstable = "nu7", zcash_unstable = "zfuture"),
                feature = "zip-233"
            ))]
            Zatoshis::ZERO,
            transparent_bundle,
            None,
            sapling_bundle,
            orchard_bundle,
        );

        // The commitment being signed is shared across all shielded inputs.
        let txid_parts = tx_data.digest(TxIdDigester);
        let shielded_sighash = signature_hash(&tx_data, &SignableInput::Shielded, &txid_parts);

        // Create the binding signatures.
        let tx_data = tx_data.try_map_bundles(
            |t| Ok(t.map(|t| t.map_authorization(transparent::RemoveInputInfo))),
            |s| {
                s.map(|s| {
                    s.apply_binding_signature(*shielded_sighash.as_ref(), OsRng)
                        .ok_or(Error::SighashMismatch)
                })
                .transpose()
            },
            |o| {
                o.map(|o| {
                    o.apply_binding_signature(*shielded_sighash.as_ref(), OsRng)
                        .ok_or(Error::SighashMismatch)
                })
                .transpose()
            },
            #[cfg(zcash_unstable = "zfuture")]
            |_| unimplemented!("PCZT support for TZEs is not implemented."),
        )?;

        let tx = tx_data.freeze().expect("v5 tx can't fail here");

        // Now that we have a supposedly fully-authorized transaction, verify it.
        if let Some(bundle) = tx.sapling_bundle() {
            let (spend_vk, output_vk) = sapling_vk.ok_or(Error::SaplingRequired)?;

            sapling::verify_bundle(bundle, spend_vk, output_vk, *shielded_sighash.as_ref())
                .map_err(Error::Sapling)?;
        }
        if let Some(bundle) = tx.orchard_bundle() {
            orchard::verify_bundle(bundle, orchard_vk, *shielded_sighash.as_ref())
                .map_err(Error::Orchard)?;
        }

        Ok(tx)
    }
}

struct Unbound;

impl Authorization for Unbound {
    type TransparentAuth = ::transparent::pczt::Unbound;
    type SaplingAuth = ::sapling::pczt::Unbound;
    type OrchardAuth = ::orchard::pczt::Unbound;
    #[cfg(zcash_unstable = "zfuture")]
    type TzeAuth = core::convert::Infallible;
}

/// Errors that can occur while extracting a transaction from a PCZT.
#[derive(Debug)]
pub enum Error {
    Global(GlobalError),
    IncompatibleLockTimes,
    Orchard(OrchardError),
    Sapling(SaplingError),
    SaplingRequired,
    SighashMismatch,
    Transparent(TransparentError),
}

#[derive(Debug)]
pub enum GlobalError {
    UnknownConsensusBranchId,
    UnsupportedTxVersion { version: u32, version_group_id: u32 },
}