diff --git a/app/Makefile.version b/app/Makefile.version index 82feb033..5e6df4ea 100644 --- a/app/Makefile.version +++ b/app/Makefile.version @@ -3,4 +3,4 @@ APPVERSION_M=4 # This is the minor version APPVERSION_N=2 # This is the patch version -APPVERSION_P=3 +APPVERSION_P=4 diff --git a/app/src/apdu_handler.c b/app/src/apdu_handler.c index 32397f21..31156be7 100644 --- a/app/src/apdu_handler.c +++ b/app/src/apdu_handler.c @@ -145,12 +145,6 @@ void handleApdu(volatile uint32_t *flags, volatile uint32_t *tx, uint32_t rx) { break; } - case INS_SIGN_SAPLING: { - CHECK_PIN_VALIDATED() - handleSignSapling(); - break; - } - default: THROW(APDU_CODE_INS_NOT_SUPPORTED); } diff --git a/app/src/coin.h b/app/src/coin.h index e0dbaa75..ade19f29 100644 --- a/app/src/coin.h +++ b/app/src/coin.h @@ -66,15 +66,12 @@ extern "C" { #define INS_GET_VERSION 0x00 #define INS_GET_ADDR_SECP256K1 0x01 -#define INS_SIGN_SECP256K1 0x02 #define INS_GET_ADDR_SAPLING_DIV 0x10 #define INS_GET_ADDR_SAPLING 0x11 -#define INS_SIGN_SAPLING 0x12 #define INS_GET_DIV_LIST 0x09 #define INS_INIT_TX 0xa0 -#define INS_KEY_EXCHANGE 0xaa #define INS_EXTRACT_SPEND 0xa1 #define INS_EXTRACT_OUTPUT 0xa2 #define INS_CHECKANDSIGN 0xa3 @@ -85,7 +82,6 @@ extern "C" { #define INS_GET_OVK 0xf1 #define INS_GET_NF 0xf2 #define INS_GET_FVK 0xf3 -#define INS_CRASH_TEST 0xff typedef enum { key_ivk = 0, key_ovk = 1, key_fvk = 2, nf = 3 } key_type_e; diff --git a/app/src/handlers/handler_signing.h b/app/src/handlers/handler_signing.h index e3176abb..e741d7ec 100644 --- a/app/src/handlers/handler_signing.h +++ b/app/src/handlers/handler_signing.h @@ -333,7 +333,3 @@ __Z_INLINE void handleCheckandSign(volatile uint32_t *tx, uint32_t rx) { *tx = 32; THROW(APDU_CODE_OK); } - -__Z_INLINE void handleSignSapling() { - THROW(APDU_CODE_COMMAND_NOT_ALLOWED); -} diff --git a/docs/APDUSPEC.md b/docs/APDUSPEC.md index 4a2717b5..ee63f1e9 100644 --- a/docs/APDUSPEC.md +++ b/docs/APDUSPEC.md @@ -68,7 +68,7 @@ The general structure of commands and responses is as follows: --- -### GET_VERSION +### INS_GET_VERSION #### Command @@ -198,7 +198,7 @@ If a diversifier was not valid, zero-bytes are returned (so always 220 bytes are --- -### INS_GET_IVK_SAPLING +### INS_GET_IVK Returns a sapling incoming viewing key. Forced user confirmation (So P1 needs to be 0x01). @@ -225,7 +225,7 @@ Also returns the default diversifier (starting from index 0). --- -### INS_GET_OVK_SAPLING +### INS_GET_OVK Returns a sapling outgoing viewing key. Forced user confirmation (So P1 needs to be 0x01). @@ -249,7 +249,7 @@ Returns a sapling outgoing viewing key. Forced user confirmation (So P1 needs to --- -### INS_GET_FVK_SAPLING +### INS_GET_FVK Returns a sapling full viewing key fvk = (ak, nk, ovk). Forced user confirmation (So P1 needs to be 0x01). @@ -275,7 +275,7 @@ Returns a sapling full viewing key fvk = (ak, nk, ovk). Forced user confirmation --- -### INS_GET_NF_SAPLING +### INS_GET_NF Returns a sapling nullifier. TODO: Forced user confirmation (So P1 needs to be 0x01). @@ -397,7 +397,7 @@ Data is defined as: Returns a proof generating key (PGK) and randomness (rcv and alpha) for a sapling spend. -- This command requires you already called the INS_INIT_TX_SAPLING. +- This command requires you already called the INS_INIT_TX. - This command requires that it is needed to extract spendinfo. #### Command @@ -425,7 +425,7 @@ Returns a proof generating key (PGK) and randomness (rcv and alpha) for a saplin Returns randomness (rcv and rseed (after ZIP202) and optional Hash_Seed) for a sapling output. -- This command requires you already called the INS_INIT_TX_SAPLING. +- This command requires you already called the INS_INIT_TX. - This command requires you already called the correct number of INS_GET_SPENDINFO. - This command requires that it is needed to extract outputinfo. @@ -560,7 +560,7 @@ Data is defined as: --- -### INS_GET_EXTRACT_TRANSSSIG +### INS_EXTRACT_TRANSSIG Returns a SECP256K1 signature for a sapling transparent input if available. Othrewise, it returns only an error code. diff --git a/docs/previuos/zcash_workflow_v1.md b/docs/previuos/zcash_workflow_v1.md new file mode 100644 index 00000000..46779294 --- /dev/null +++ b/docs/previuos/zcash_workflow_v1.md @@ -0,0 +1,199 @@ +Zcash ledger, first connect: +- Address generation +- Sharing address with host +- Sharing IVK with host +//TODO: change to APDU API +```mermaid + sequenceDiagram + participant LF as Ledger flash storage + participant LC as Ledger computation + participant H as Host + participant N as Network + H ->> LC: compute_address(path: u32) + activate LC + LC -->> LF: store_ivk(ivk) ? + Note over LF: potentially store (path, IVK) + LC ->> H: address: (diversifier, pk_d) + LC ->> H: incoming viewing key: ivk + deactivate LC + Note over H,LC: show address on both screens? +``` + +Zcash ledger, syncing +- Sharing IVK with host +- Decrypt incoming notes and verification note commitments +- TODO: what to do with matching notes? +```mermaid + sequenceDiagram + participant LF as Ledger flash storage + participant LC as Ledger computation + participant H as Host + participant N as Network + H ->> LC: get_ivk(path: u32) + #add minor confirmation + activate LC + LC -->> LF: retrieve_ivk(path) ? + LF -->> LC: ivk ? + Note over LC: compute_ivk(path) + LC ->> H: ivk + deactivate LC + activate H + H ->> N: get_unspend_notes() + N ->> H: [unspend_notes] + Note over H: [matching_notes] = decrypt_all_unspend_notes(ivk, [unspend_notes]) + Note over H: store [matching_notes] (d, pk_d, v, rcm) + deactivate H +``` + +Zcash ledger, make shielded transaction phase 1 +- Verify outputs on screen + +```mermaid + sequenceDiagram + participant LF as Ledger flash storage + participant LC as Ledger computation + participant H as Host + participant N as Network + + Note over H: show amount, address, memo-fields per output + Note over H: validate amount <= total_amount + H ->> LC: initiate_transaction() +N ->> H: anchor of note? +N ->> H: metadata +Note over H: input note selection (path, note) + + activate LC + loop Every output note + H ->> LC: verify_output(d, pk_d, value, memo) + Note over H,LC: approve amount and address and verify on screens + Note over H,LC: approve hash of memo and verify on screens + LC ->> H: approval of output + LC ->> LF: store_output_data(d,pk_d,value,memo) + end + deactivate LC + #compute value balance and approve + Note over LC,H: continue if all approved + ``` + + Zcash ledger, make shielded transaction phase 2 +- Process outputs and store in flash +- Compute hash of all outputs + +```mermaid + sequenceDiagram + participant LF as Ledger flash storage + participant LC as Ledger computation + participant H as Host + participant N as Network + activate LC + loop Every output note + H ->> LC: make_transaction(path) #TODO: which path??? fixed one makes sense?? + Note over LC: compute random rcm + LC ->> LF: update_rcmnew(rcm) + LF ->> LC: (d,pk_d,value) + Note over LC: compute value/note commitments + LC ->> LF: update_valuecommitsum(vc) + LC ->> LF: value/note commitments + LC ->> H: value/note commitments + LF ->> LC: d,pk_d, value, memo + Note over LC: compute eph, c_out, c_enc + LC ->> LF: eph, c_out, c_enc + LC ->> H: eph, c_out, c_enc + deactivate LC + activate H + H -->> LC: get_proof_key(path) #is this necessary? + LC -->> H: proof_key + Note over H: ZK proof of output note + H ->> LC: zk_proof + deactivate H + activate LC + LC ->> LF: zk_proof + end + Note over LC: perform shieldedoutput_hash + LC ->> H: shielded_output_hash + LC ->> LF: shielded_output_hash + deactivate LC + ``` + +Zcash ledger, make shielded transaction phase 3 +- Process spends and store in flash +- Store RCM values in flash +- Compute hash of all outputs + +```mermaid + sequenceDiagram + participant LF as Ledger flash storage + participant LC as Ledger computation + participant H as Host + participant N as Network + loop Every spend note + N ->> H: anchor of note? + H ->> LC: spend_this_note(path, valuecommit, rcm, anchor) # Do we need to verify here that rcm is correct? Is the zkproof of the spend the old one in the blockchain? #what about the valuecommit? + LC ->> LF: (path, valuecommit, anchor) + LC -->> H: proof_gen_key(path) ? #is this needed + + activate LC + LC ->> LF: update_rcmvalue(rcm) + LC ->> LF: update_valuecommitsum(vc) #??? + + note over LC: compute nullifier + LC ->> H: nullifier + LC ->> LF: nullifier + + note over LC: compute randomized verification key + LC ->> H: randomized verification key + LC ->> LF: (path, randomizer value, randomized verification key) + deactivate LC + + Note over H: ZK proof of spend note + H ->> LC: zk_proof + LC ->> LF: zk_proof + + end + Note over LC: perform shieldedspend_hash + LC ->> LF: shieldedspend_hash #does the host actually need this? + LC ->> H: shieldedspend_hash +``` + +Zcash ledger, make shielded transaction phase 4 +- Host gives all remaining transaction (meta) data +- Ledger does the complete TX_HASH_ALL +- Final approval of transaction? +- Ledger signs the necessary parts and shares with host +- Host sends transaction blob to network + +```mermaid + sequenceDiagram + participant LF as Ledger flash storage + participant LC as Ledger computation + participant H as Host + participant N as Network + + H -->> N: retrieve meta_data from network? + N -->> H: meta_data + + H ->> LC: meta_data transaction + LC ->> LF: meta_data transaction + + Note over LC: compute valuebalance and commitment + LC ->> LF: valuebalance and commitment + Note over LF,LC: verify rcm_secretkey/publickey + + Note over LF,LC: perform_tx_hash_all over all data in flash + + LC ->> H: tx_hash_all + + Note over LC,H: final verification/approval of tx before signing? + + LC ->> H: sign(rcm_secretkey, tx_hash_all) + loop Every spend note + LF ->> LC: randomized value + Note over LC: get_secret_key(path) + Note over LC: sign(sk, randomized value, tx_hash_all) + LC ->> H: spend_auth_sign + end + + Note over H: make raw transaction blob + H ->> N: raw_transaction_blob + +``` \ No newline at end of file diff --git a/docs/zcash_workflow_version2.md b/docs/previuos/zcash_workflow_v2.md similarity index 99% rename from docs/zcash_workflow_version2.md rename to docs/previuos/zcash_workflow_v2.md index 8721170b..275f02d6 100644 --- a/docs/zcash_workflow_version2.md +++ b/docs/previuos/zcash_workflow_v2.md @@ -74,7 +74,7 @@ Zcash ledger, make shielded transaction phase 1 end deactivate LC Note over LC,H: continue if all approved - ``` +``` Zcash ledger, make shielded transaction phase 2 - Process outputs and store in flash @@ -114,14 +114,14 @@ Zcash ledger, make shielded transaction phase 1 LC ->> H: shielded_output_hash LC ->> LF: shielded_output_hash deactivate LC - ``` +``` Zcash ledger, make shielded transaction phase 3 - Process spends and store in flash - Store RCM values in flash - Compute hash of all outputs - ```mermaid +```mermaid sequenceDiagram participant LF as Ledger flash storage participant LC as Ledger computation @@ -162,7 +162,7 @@ Zcash ledger, make shielded transaction phase 4 - Ledger signs the necessary parts and shares with host - Host sends transaction blob to network - ```mermaid +```mermaid sequenceDiagram participant LF as Ledger flash storage participant LC as Ledger computation diff --git a/docs/zcash_workflow.md b/docs/zcash_workflow.md index a885b003..b6545a32 100644 --- a/docs/zcash_workflow.md +++ b/docs/zcash_workflow.md @@ -7,7 +7,8 @@ Zcash ledger, first connect: sequenceDiagram participant LF as Ledger flash storage participant LC as Ledger computation - participant H as Host + participant H as Host (JS) + participant Z as Zcashtools participant N as Network H ->> LC: compute_address(path: u32) activate LC @@ -27,7 +28,8 @@ Zcash ledger, syncing sequenceDiagram participant LF as Ledger flash storage participant LC as Ledger computation - participant H as Host + participant H as Host (JS) + participant Z as Zcashtools participant N as Network H ->> LC: get_ivk(path: u32) #add minor confirmation @@ -47,153 +49,164 @@ Zcash ledger, syncing Zcash ledger, make shielded transaction phase 1 - Verify outputs on screen +- Verify enough balance +- Put relevant data in flash storage ```mermaid sequenceDiagram participant LF as Ledger flash storage participant LC as Ledger computation - participant H as Host + participant H as Host (JS) + participant Z as Zcashtools participant N as Network Note over H: show amount, address, memo-fields per output - Note over H: validate amount <= total_amount - H ->> LC: initiate_transaction() -N ->> H: anchor of note? -N ->> H: metadata -Note over H: input note selection (path, note) + Note over H: Shuffle shielded spends/outputs + Note over H: Treat change address as regular output + Note over H: Make sure amount_in - amount_out = tx-fee + H ->> LC: TX_INPUT_LENGTHS + H ->> LC: T_INPUT_DATA + H ->> LC: T_OUTPUT_DATA + H ->> LC: S_SPEND_DATA + H ->> LC: S_OUTPUT_DATA + Note over LC,H: check input/outputdata on screen and verify + Note over LC: Continue if approved + loop Every transparent input + LC ->> LF: T_INPUT_DATA + end - activate LC - loop Every output note - H ->> LC: verify_output(d, pk_d, value, memo) - Note over H,LC: approve amount and address and verify on screens - Note over H,LC: approve hash of memo and verify on screens - LC ->> H: approval of output - LC ->> LF: store_output_data(d,pk_d,value,memo) + loop Every transparent output + LC ->> LF: T_OUTPUT_DATA end - deactivate LC - #compute value balance and approve - Note over LC,H: continue if all approved - ``` - Zcash ledger, make shielded transaction phase 2 -- Process outputs and store in flash -- Compute hash of all outputs + loop Every shielded spend + Note over LC: Random numbers rcv/alpha + LC ->> LF: S_SPEND_DATA, RND_DATA + end -```mermaid - sequenceDiagram - participant LF as Ledger flash storage - participant LC as Ledger computation - participant H as Host - participant N as Network - activate LC - loop Every output note - H ->> LC: make_transaction(path) #TODO: which path??? fixed one makes sense?? - Note over LC: compute random rcm - LC ->> LF: update_rcmnew(rcm) - LF ->> LC: (d,pk_d,value) - Note over LC: compute value/note commitments - LC ->> LF: update_valuecommitsum(vc) - LC ->> LF: value/note commitments - LC ->> H: value/note commitments - LF ->> LC: d,pk_d, value, memo - Note over LC: compute eph, c_out, c_enc - LC ->> LF: eph, c_out, c_enc - LC ->> H: eph, c_out, c_enc - deactivate LC - activate H - H -->> LC: get_proof_key(path) #is this necessary? - LC -->> H: proof_key - Note over H: ZK proof of output note - H ->> LC: zk_proof - deactivate H - activate LC - LC ->> LF: zk_proof + loop Every shielded output + Note over LC: Random numbers rcv/rcm/esk + LC ->> LF: S_OUTPUT_DATA, RND_DATA end - Note over LC: perform shieldedoutput_hash - LC ->> H: shielded_output_hash - LC ->> LF: shielded_output_hash - deactivate LC - ``` +``` -Zcash ledger, make shielded transaction phase 3 -- Process spends and store in flash -- Store RCM values in flash -- Compute hash of all outputs + Zcash ledger, make shielded transaction phase 2 +- Host processes everything, uses zcashtools builder +- Host asks ledger for random values to use +- Host initiates builder - ```mermaid +```mermaid sequenceDiagram participant LF as Ledger flash storage participant LC as Ledger computation - participant H as Host + participant H as Host (JS) + participant Z as Zcashtools participant N as Network - loop Every spend note - N ->> H: anchor of note? - H ->> LC: spend_this_note(path, valuecommit, rcm, anchor) # Do we need to verify here that rcm is correct? Is the zkproof of the spend the old one in the blockchain? #what about the valuecommit? - LC ->> LF: (path, valuecommit, anchor) - LC -->> H: proof_gen_key(path) ? #is this needed - - activate LC - LC ->> LF: update_rcmvalue(rcm) - LC ->> LF: update_valuecommitsum(vc) #??? - - note over LC: compute nullifier - LC ->> H: nullifier - LC ->> LF: nullifier - - note over LC: compute randomized verification key - LC ->> H: randomized verification key - LC ->> LF: (path, randomizer value, randomized verification key) - deactivate LC - - Note over H: ZK proof of spend note - H ->> LC: zk_proof - LC ->> LF: zk_proof + H ->> Z: builder_init() + H ->> Z: add_transparent_inputs(txdata) + H ->> Z: add_transparent_outputs(txdata) + loop Every shielded spend + H ->> LC: get_spend_data () + LF ->> LC: spend_data + LC ->> H: proofkey, rnd (rcv/alpha) + H ->> Z: add_sapling_spend(txdata, proofkey, rnd) + end + loop Every shielded output + H ->> LC: get_output_data () + LF ->> LC: output_data + LC ->> H: rnd (rcv/rcm/esk) + H ->> Z: add_sapling_output(txdata, rnd) end - Note over LC: perform shieldedspend_hash - LC ->> LF: shieldedspend_hash #does the host actually need this? - LC ->> H: shieldedspend_hash ``` + Zcash ledger, make shielded transaction phase 4 -- Host gives all remaining transaction (meta) data +- Host gives all remaining transaction data - Ledger does the complete TX_HASH_ALL -- Final approval of transaction? - Ledger signs the necessary parts and shares with host - Host sends transaction blob to network - ```mermaid +```mermaid sequenceDiagram participant LF as Ledger flash storage participant LC as Ledger computation - participant H as Host + participant H as Host (JS) + participant Z as Zcashtools participant N as Network H -->> N: retrieve meta_data from network? N -->> H: meta_data + H ->> Z: build() + Z ->> H: raw_tx_blob + + H ->> LC: t_in_script_data + H ->> LC: spend_data + H ->> LC: output_data + H ->> LC: sighash_data + + LF ->> LC: t_output_data + Note over LC: outputshash = hash(t_output_data) + Note over LC: check outputshash == sighash_data[outputshash] + + LF ->> LC: valuebalance + Note over LC: check valuebalance - H ->> LC: meta_data transaction - LC ->> LF: meta_data transaction + Note over LC: check joinsplits (empty) - Note over LC: compute valuebalance and commitment - LC ->> LF: valuebalance and commitment - Note over LF,LC: verify rcm_secretkey/publickey + loop Every shielded spend + LF ->> LC: S_SPEND_DATA, RND_DATA + Note over LC: check spend data (CV, RK, NF) + end - Note over LF,LC: perform_tx_hash_all over all data in flash + loop Every shielded output + LF ->> LC: S_OUTPUT_DATA, RND_DATA + Note over LC: check output data (CV, CMU, (ENC_C, ENC_OUT)) + end - LC ->> H: tx_hash_all + loop Every transparent input + LF ->> LC: T_INPUT_DATA + Note over LC: check t_input data (script, script_from_pk, value) + Note over LC: sighash_all_script = hash_sigall(sighash_data, t_in_script_data) + Note over LC: secp256k1_sign (sighash_all_script) + LC ->> LF: transparent_signature + end - Note over LC,H: final verification/approval of tx before signing? + loop Every shielded spend + LF ->> LC: S_SPEND_DATA, RND_DATA + Note over LC: sighash_all (sighash_data) + Note over LC: jubjub_sign(ask, alpha, sighash_all) + LC ->> LF: spend_signature + end +LC ->> H: all_ok + +``` + +Zcash ledger, make shielded transaction phase 5 +- Finalize tx + +```mermaid + sequenceDiagram + participant LF as Ledger flash storage + participant LC as Ledger computation + participant H as Host (JS) + participant Z as Zcashtools + participant N as Network + + loop Every transparent input + H ->> LC: next_transparent_signature + LF ->> LC: transparent_signature + LC ->> H: transparent_signature + end + H ->> Z: add_transparent_signatures(t_signatures) - LC ->> H: sign(rcm_secretkey, tx_hash_all) - loop Every spend note - LF ->> LC: randomized value - Note over LC: get_secret_key(path) - Note over LC: sign(sk, randomized value, tx_hash_all) - LC ->> H: spend_auth_sign + loop Every shielded spend + H ->> LC: next_spend_signature + LF ->> LC: spend_signature + LC ->> H: spend_signature end + H ->> Z: add_spend_signatures(s_signatures) - Note over H: make raw transaction blob - H ->> N: raw_transaction_blob + Z ->> N: send_raw_tx ``` \ No newline at end of file diff --git a/docs/zcash_workflow_version3.md b/docs/zcash_workflow_version3.md deleted file mode 100644 index 2f915c1a..00000000 --- a/docs/zcash_workflow_version3.md +++ /dev/null @@ -1,212 +0,0 @@ -Zcash ledger, first connect: -- Address generation -- Sharing address with host -- Sharing IVK with host -//TODO: change to APDU API -```mermaid - sequenceDiagram - participant LF as Ledger flash storage - participant LC as Ledger computation - participant H as Host (JS) - participant Z as Zcashtools - participant N as Network - H ->> LC: compute_address(path: u32) - activate LC - LC -->> LF: store_ivk(ivk) ? - Note over LF: potentially store (path, IVK) - LC ->> H: address: (diversifier, pk_d) - LC ->> H: incoming viewing key: ivk - deactivate LC - Note over H,LC: show address on both screens? -``` - -Zcash ledger, syncing -- Sharing IVK with host -- Decrypt incoming notes and verification note commitments -- TODO: what to do with matching notes? -```mermaid - sequenceDiagram - participant LF as Ledger flash storage - participant LC as Ledger computation - participant H as Host (JS) - participant Z as Zcashtools - participant N as Network - H ->> LC: get_ivk(path: u32) - #add minor confirmation - activate LC - LC -->> LF: retrieve_ivk(path) ? - LF -->> LC: ivk ? - Note over LC: compute_ivk(path) - LC ->> H: ivk - deactivate LC - activate H - H ->> N: get_unspend_notes() - N ->> H: [unspend_notes] - Note over H: [matching_notes] = decrypt_all_unspend_notes(ivk, [unspend_notes]) - Note over H: store [matching_notes] (d, pk_d, v, rcm) - deactivate H -``` - -Zcash ledger, make shielded transaction phase 1 -- Verify outputs on screen -- Verify enough balance -- Put relevant data in flash storage - -```mermaid - sequenceDiagram - participant LF as Ledger flash storage - participant LC as Ledger computation - participant H as Host (JS) - participant Z as Zcashtools - participant N as Network - - Note over H: show amount, address, memo-fields per output - Note over H: Shuffle shielded spends/outputs - Note over H: Treat change address as regular output - Note over H: Make sure amount_in - amount_out = tx-fee - H ->> LC: TX_INPUT_LENGTHS - H ->> LC: T_INPUT_DATA - H ->> LC: T_OUTPUT_DATA - H ->> LC: S_SPEND_DATA - H ->> LC: S_OUTPUT_DATA - Note over LC,H: check input/outputdata on screen and verify - Note over LC: Continue if approved - loop Every transparent input - LC ->> LF: T_INPUT_DATA - end - - loop Every transparent output - LC ->> LF: T_OUTPUT_DATA - end - - loop Every shielded spend - Note over LC: Random numbers rcv/alpha - LC ->> LF: S_SPEND_DATA, RND_DATA - end - - loop Every shielded output - Note over LC: Random numbers rcv/rcm/esk - LC ->> LF: S_OUTPUT_DATA, RND_DATA - end - ``` - - Zcash ledger, make shielded transaction phase 2 -- Host processes everything, uses zcashtools builder -- Host asks ledger for random values to use -- Host initiates builder - -```mermaid - sequenceDiagram - participant LF as Ledger flash storage - participant LC as Ledger computation - participant H as Host (JS) - participant Z as Zcashtools - participant N as Network - H ->> Z: builder_init() - H ->> Z: add_transparent_inputs(txdata) - H ->> Z: add_transparent_outputs(txdata) - loop Every shielded spend - H ->> LC: get_spend_data () - LF ->> LC: spend_data - LC ->> H: proofkey, rnd (rcv/alpha) - H ->> Z: add_sapling_spend(txdata, proofkey, rnd) - end - - loop Every shielded output - H ->> LC: get_ouput_data () - LF ->> LC: output_data - LC ->> H: rnd (rcv/rcm/esk) - H ->> Z: add_sapling_outpu(txdata, rnd) - end - ``` - - -Zcash ledger, make shielded transaction phase 4 -- Host gives all remaining transaction data -- Ledger does the complete TX_HASH_ALL -- Ledger signs the necessary parts and shares with host -- Host sends transaction blob to network - - ```mermaid - sequenceDiagram - participant LF as Ledger flash storage - participant LC as Ledger computation - participant H as Host (JS) - participant Z as Zcashtools - participant N as Network - - H -->> N: retrieve meta_data from network? - N -->> H: meta_data - H ->> Z: build() - Z ->> H: raw_tx_blob - - H ->> LC: t_in_script_data - H ->> LC: spend_data - H ->> LC: output_data - H ->> LC: sighash_data - - LF ->> LC: t_output_data - Note over LC: outputshash = hash(t_output_data) - Note over LC: check outputshash == sighash_data[outputshash] - - LF ->> LC: valuebalance - Note over LC: check valuebalance - - Note over LC: check joinsplits (empty) - - loop Every shielded spend - LF ->> LC: S_SPEND_DATA, RND_DATA - Note over LC: check spend data (CV, RK, NF) - end - - loop Every shielded output - LF ->> LC: S_OUTPUT_DATA, RND_DATA - Note over LC: check output data (CV, CMU, (ENC_C, ENC_OUT)) - end - - loop Every transparent input - LF ->> LC: T_INPUT_DATA - Note over LC: check t_input data (script, script_from_pk, value) - Note over LC: sighash_all_script = hash_sigall(sighash_data, t_in_script_data) - Note over LC: secp256k1_sign (sighash_all_script) - LC ->> LF: transparent_signature - end - - loop Every shielded spend - LF ->> LC: S_SPEND_DATA, RND_DATA - Note over LC: sighash_all (sighash_data) - Note over LC: jubjub_sign(ask, alpha, sighash_all) - LC ->> LF: spend_signature - end -LC ->> H: all_ok - -``` - -Zcash ledger, make shielded transaction phase 5 -- Finalize tx - - ```mermaid - sequenceDiagram - participant LF as Ledger flash storage - participant LC as Ledger computation - participant H as Host (JS) - participant Z as Zcashtools - participant N as Network - - loop Every transparent input - H ->> LC: next_transparent_signature - LF ->> LC: transparent_signature - LC ->> H: transparent_signature - end - H ->> Z: add_transparent_signatures(t_signatures) - - loop Every shielded spend - H ->> LC: next_spend_signature - LF ->> LC: spend_signature - LC ->> H: spend_signature - end - H ->> Z: add_spend_signatures(s_signatures) - - Z ->> N: send_raw_tx - -``` \ No newline at end of file diff --git a/tests_zemu/snapshots/fl-mainmenu/00004.png b/tests_zemu/snapshots/fl-mainmenu/00004.png index fa946076..5686e50e 100644 Binary files a/tests_zemu/snapshots/fl-mainmenu/00004.png and b/tests_zemu/snapshots/fl-mainmenu/00004.png differ diff --git a/tests_zemu/snapshots/s-mainmenu/00004.png b/tests_zemu/snapshots/s-mainmenu/00004.png index a78e6827..d84dc33b 100644 Binary files a/tests_zemu/snapshots/s-mainmenu/00004.png and b/tests_zemu/snapshots/s-mainmenu/00004.png differ diff --git a/tests_zemu/snapshots/s-mainmenu/00010.png b/tests_zemu/snapshots/s-mainmenu/00010.png index a78e6827..d84dc33b 100644 Binary files a/tests_zemu/snapshots/s-mainmenu/00010.png and b/tests_zemu/snapshots/s-mainmenu/00010.png differ diff --git a/tests_zemu/snapshots/sp-mainmenu/00004.png b/tests_zemu/snapshots/sp-mainmenu/00004.png index 500d0b8f..5ebb8454 100644 Binary files a/tests_zemu/snapshots/sp-mainmenu/00004.png and b/tests_zemu/snapshots/sp-mainmenu/00004.png differ diff --git a/tests_zemu/snapshots/sp-mainmenu/00010.png b/tests_zemu/snapshots/sp-mainmenu/00010.png index 500d0b8f..5ebb8454 100644 Binary files a/tests_zemu/snapshots/sp-mainmenu/00010.png and b/tests_zemu/snapshots/sp-mainmenu/00010.png differ diff --git a/tests_zemu/snapshots/st-mainmenu/00004.png b/tests_zemu/snapshots/st-mainmenu/00004.png index f07b2ba3..8b04780e 100644 Binary files a/tests_zemu/snapshots/st-mainmenu/00004.png and b/tests_zemu/snapshots/st-mainmenu/00004.png differ diff --git a/tests_zemu/snapshots/x-mainmenu/00004.png b/tests_zemu/snapshots/x-mainmenu/00004.png index 500d0b8f..5ebb8454 100644 Binary files a/tests_zemu/snapshots/x-mainmenu/00004.png and b/tests_zemu/snapshots/x-mainmenu/00004.png differ diff --git a/tests_zemu/snapshots/x-mainmenu/00010.png b/tests_zemu/snapshots/x-mainmenu/00010.png index 500d0b8f..5ebb8454 100644 Binary files a/tests_zemu/snapshots/x-mainmenu/00010.png and b/tests_zemu/snapshots/x-mainmenu/00010.png differ diff --git a/zcashtools/Cargo.lock b/zcashtools/Cargo.lock index 553a48a6..91663eb7 100644 --- a/zcashtools/Cargo.lock +++ b/zcashtools/Cargo.lock @@ -451,7 +451,7 @@ dependencies = [ [[package]] name = "equihash" version = "0.1.0" -source = "git+https://github.com/Zondax/librustzcash?rev=112eedd27b2e51b9e1b77603a776cd78e738c3ae#112eedd27b2e51b9e1b77603a776cd78e738c3ae" +source = "git+https://github.com/Zondax/librustzcash?rev=ce278848fef35903db46c3dced41658e90bbeb3c#ce278848fef35903db46c3dced41658e90bbeb3c" dependencies = [ "blake2b_simd", "byteorder", @@ -665,8 +665,28 @@ dependencies = [ [[package]] name = "ledger-zcash" +version = "2.0.0" +source = "git+https://github.com/Zondax/ledger-zcash-rs?tag=v2.0.0#e5f3e6d633ea316759b153c7edacaaabf580f32c" +dependencies = [ + "byteorder", + "cfg-if", + "educe", + "hex", + "lazy_static", + "ledger-transport", + "ledger-zondax-generic", + "log", + "serde", + "sha2 0.10.8", + "thiserror", + "tokio", + "zx-bip44", +] + +[[package]] +name = "ledger-zcash-app-builder" version = "0.11.2" -source = "git+https://github.com/Zondax/ledger-zcash-rs?rev=3bad2fa4a7870270627edc25ebdb5b4818fd1855#3bad2fa4a7870270627edc25ebdb5b4818fd1855" +source = "git+https://github.com/Zondax/ledger-zcash-tools?tag=v2.0.0#5e8588cc0fef85a74c22d1012ed951b7b44a5097" dependencies = [ "arrayvec", "byteorder", @@ -678,7 +698,8 @@ dependencies = [ "jubjub", "lazy_static", "ledger-transport", - "ledger-zcash-builder", + "ledger-zcash", + "ledger-zcash-chain-builder", "ledger-zondax-generic", "log", "rand_core", @@ -693,9 +714,9 @@ dependencies = [ ] [[package]] -name = "ledger-zcash-builder" +name = "ledger-zcash-chain-builder" version = "0.11.2" -source = "git+https://github.com/Zondax/ledger-zcash-rs?rev=3bad2fa4a7870270627edc25ebdb5b4818fd1855#3bad2fa4a7870270627edc25ebdb5b4818fd1855" +source = "git+https://github.com/Zondax/ledger-zcash-tools?tag=v2.0.0#5e8588cc0fef85a74c22d1012ed951b7b44a5097" dependencies = [ "bellman", "blake2b_simd", @@ -720,7 +741,7 @@ dependencies = [ "sha2 0.10.8", "thiserror", "tokio", - "zcash_note_encryption 0.1.0 (git+https://github.com/Zondax/librustzcash?rev=112eedd27b2e51b9e1b77603a776cd78e738c3ae)", + "zcash_note_encryption 0.1.0 (git+https://github.com/Zondax/librustzcash?rev=ce278848fef35903db46c3dced41658e90bbeb3c)", "zcash_primitives", "zcash_proofs", ] @@ -1592,7 +1613,7 @@ dependencies = [ [[package]] name = "zcash_encoding" version = "0.1.0" -source = "git+https://github.com/Zondax/librustzcash?rev=112eedd27b2e51b9e1b77603a776cd78e738c3ae#112eedd27b2e51b9e1b77603a776cd78e738c3ae" +source = "git+https://github.com/Zondax/librustzcash?rev=ce278848fef35903db46c3dced41658e90bbeb3c#ce278848fef35903db46c3dced41658e90bbeb3c" dependencies = [ "byteorder", "nonempty", @@ -1613,7 +1634,7 @@ dependencies = [ [[package]] name = "zcash_note_encryption" version = "0.1.0" -source = "git+https://github.com/Zondax/librustzcash?rev=112eedd27b2e51b9e1b77603a776cd78e738c3ae#112eedd27b2e51b9e1b77603a776cd78e738c3ae" +source = "git+https://github.com/Zondax/librustzcash?rev=ce278848fef35903db46c3dced41658e90bbeb3c#ce278848fef35903db46c3dced41658e90bbeb3c" dependencies = [ "chacha20", "chacha20poly1305", @@ -1624,7 +1645,7 @@ dependencies = [ [[package]] name = "zcash_primitives" version = "0.6.0" -source = "git+https://github.com/Zondax/librustzcash?rev=112eedd27b2e51b9e1b77603a776cd78e738c3ae#112eedd27b2e51b9e1b77603a776cd78e738c3ae" +source = "git+https://github.com/Zondax/librustzcash?rev=ce278848fef35903db46c3dced41658e90bbeb3c#ce278848fef35903db46c3dced41658e90bbeb3c" dependencies = [ "aes", "bip0039", @@ -1654,13 +1675,13 @@ dependencies = [ "sha2 0.9.9", "subtle", "zcash_encoding", - "zcash_note_encryption 0.1.0 (git+https://github.com/Zondax/librustzcash?rev=112eedd27b2e51b9e1b77603a776cd78e738c3ae)", + "zcash_note_encryption 0.1.0 (git+https://github.com/Zondax/librustzcash?rev=ce278848fef35903db46c3dced41658e90bbeb3c)", ] [[package]] name = "zcash_proofs" version = "0.6.0" -source = "git+https://github.com/Zondax/librustzcash?rev=112eedd27b2e51b9e1b77603a776cd78e738c3ae#112eedd27b2e51b9e1b77603a776cd78e738c3ae" +source = "git+https://github.com/Zondax/librustzcash?rev=ce278848fef35903db46c3dced41658e90bbeb3c#ce278848fef35903db46c3dced41658e90bbeb3c" dependencies = [ "bellman", "blake2b_simd", @@ -1680,8 +1701,8 @@ name = "zcashtool" version = "0.1.0" dependencies = [ "env_logger", - "ledger-zcash", - "ledger-zcash-builder", + "ledger-zcash-app-builder", + "ledger-zcash-chain-builder", "log", "neon", "neon-serde", diff --git a/zcashtools/Cargo.toml b/zcashtools/Cargo.toml index 28f590b4..9607a839 100644 --- a/zcashtools/Cargo.toml +++ b/zcashtools/Cargo.toml @@ -8,8 +8,8 @@ opt-level = "s" overflow-checks = true [patch.crates-io] -ledger-zcash-builder = { git = "https://github.com/Zondax/ledger-zcash-rs", rev = "3bad2fa4a7870270627edc25ebdb5b4818fd1855" } -ledger-zcash = { git = "https://github.com/Zondax/ledger-zcash-rs", rev = "3bad2fa4a7870270627edc25ebdb5b4818fd1855" } +ledger-zcash-chain-builder = { git = "https://github.com/Zondax/ledger-zcash-tools", tag = "v2.0.0" } +ledger-zcash-app-builder = { git = "https://github.com/Zondax/ledger-zcash-tools", tag = "v2.0.0" } -# ledger-zcash-builder = { path = "../../ledger-zcash-rs/ledger-zcash-builder" } -# ledger-zcash = { path = "../../ledger-zcash-rs/ledger-zcash" } +# ledger-zcash-chain-builder = { path = "../../ledger-zcash-tools/ledger-zcash-chain-builder" } +# ledger-zcash-app-builder = { path = "../../ledger-zcash-tools/ledger-zcash-app-builder" } diff --git a/zcashtools/neon/native/Cargo.toml b/zcashtools/neon/native/Cargo.toml index b3a526fc..ce3622b7 100644 --- a/zcashtools/neon/native/Cargo.toml +++ b/zcashtools/neon/native/Cargo.toml @@ -19,14 +19,14 @@ serde_derive = "1" serde = "1" log = "0.4" snafu = { version = "0.8.2" } -zcash_primitives = { git = "https://github.com/Zondax/librustzcash", rev = "112eedd27b2e51b9e1b77603a776cd78e738c3ae", features = ["transparent-inputs"], package = "zcash_primitives" } +zcash_primitives = { git = "https://github.com/Zondax/librustzcash", rev = "ce278848fef35903db46c3dced41658e90bbeb3c", features = ["transparent-inputs"], package = "zcash_primitives" } neon-serde = { git = "https://github.com/Zondax/neon-serde", branch = "master", default-features = false, features = [ "napi-6", ] } -ledger-zcash-builder = { git = "https://github.com/Zondax/ledger-zcash-rs", rev = "3bad2fa4a7870270627edc25ebdb5b4818fd1855", package = "ledger-zcash-builder" } -ledger-zcash = { git = "https://github.com/Zondax/ledger-zcash-rs", rev = "3bad2fa4a7870270627edc25ebdb5b4818fd1855", package = "ledger-zcash" } +ledger-zcash-chain-builder = { git = "https://github.com/Zondax/ledger-zcash-tools", tag = "v2.0.0", package = "ledger-zcash-chain-builder" } +ledger-zcash-app-builder = { git = "https://github.com/Zondax/ledger-zcash-tools", tag = "v2.0.0", package = "ledger-zcash-app-builder" } [dev-dependencies] serde = { version = "1", features = ["derive"] } diff --git a/zcashtools/neon/native/src/lib.rs b/zcashtools/neon/native/src/lib.rs index 83ceaab8..4b064bbc 100644 --- a/zcashtools/neon/native/src/lib.rs +++ b/zcashtools/neon/native/src/lib.rs @@ -1,9 +1,9 @@ -use ledger_zcash_builder::data::{ +use ledger_zcash_chain_builder::data::{ HsmTxData, InitData, OutputBuilderInfo, SpendBuilderInfo, TransactionSignatures, TransparentInputBuilderInfo, TransparentOutputBuilderInfo, }; -use ledger_zcash_builder::errors::Error; -use ledger_zcash_builder::{hsmauth, txbuilder, txprover}; +use ledger_zcash_chain_builder::errors::Error; +use ledger_zcash_chain_builder::{hsmauth, txbuilder, txprover}; use neon::prelude::*; use std::cell::RefCell; use std::path::Path; @@ -45,7 +45,7 @@ fn calculate_zip0317_fee(mut cx: FunctionContext) -> JsResult { ]; let fee: u64 = - ledger_zcash::builder::Builder::calculate_zip0317_fee(n_tin, n_tout, n_spend, n_sout) + ledger_zcash_app_builder::builder::Builder::calculate_zip0317_fee(n_tin, n_tout, n_spend, n_sout) .into(); Ok(cx.number(fee as f64)) diff --git a/zcashtools/neon/native/tests/builder_test.rs b/zcashtools/neon/native/tests/builder_test.rs index 61e6f01b..09d3a82a 100644 --- a/zcashtools/neon/native/tests/builder_test.rs +++ b/zcashtools/neon/native/tests/builder_test.rs @@ -1,6 +1,6 @@ use env_logger::Env; -use ledger_zcash::builder::Builder as ZcashBuilder; -use ledger_zcash_builder::{ +use ledger_zcash_app_builder::builder::Builder as ZcashBuilder; +use ledger_zcash_chain_builder::{ data::{OutputBuilderInfo, SpendBuilderInfo}, txbuilder::Builder, }; diff --git a/zcashtools/neon/native/tests/builder_test2.rs b/zcashtools/neon/native/tests/builder_test2.rs index 8c17cffc..c7f13b85 100644 --- a/zcashtools/neon/native/tests/builder_test2.rs +++ b/zcashtools/neon/native/tests/builder_test2.rs @@ -1,6 +1,6 @@ use env_logger::Env; -use ledger_zcash::builder::Builder as ZcashBuilder; -use ledger_zcash_builder::{ +use ledger_zcash_app_builder::builder::Builder as ZcashBuilder; +use ledger_zcash_chain_builder::{ data::{TransparentInputBuilderInfo, TransparentOutputBuilderInfo}, txbuilder::Builder, };