Upgrade ZCash dependencies to 0.6

.circleci/config.yml

@@ -6,7 +6,7 @@ jobs:
       - image: zondax/rust-ci:latest
     steps:
       - checkout
-      - run: sudo apt-get install libudev-dev libusb-1.0-0-dev
+      - run: sudo apt-get -y install libudev-dev libusb-1.0-0-dev
       - run:
           name: rustfmt
           command: |
@@ -40,7 +40,7 @@ jobs:
       - image: zondax/rust-ci:latest
     steps:
       - checkout
-      - run: sudo apt-get install libudev-dev libusb-1.0-0-dev
+      - run: sudo apt-get -y install libudev-dev libusb-1.0-0-dev
       - run:
           name: test --all-features
           command: |

ledger-zcash/Cargo.toml

@@ -1,7 +1,7 @@
 [package]
 name = "ledger-zcash"
 description = "Library to integrate with the Ledger Zcash app"
-version = "0.1.0"
+version = "0.2.0"
 license = "Apache-2.0"
 authors = ["Zondax GmbH <info@zondax.ch>"]
 homepage = "https://github.com/Zondax/ledger-zcash-rs"
@@ -12,9 +12,6 @@ keywords = ["ledger", "nano", "apdu", "zcash"]
 edition = "2018"
 autobenches = false
 
-[badges]
-circle-ci = { repository = "zondax/ledger-zcash-rs" }
-
 [lib]
 name = "ledger_zcash"
 
@@ -30,15 +27,13 @@ ledger-transport = "0.8.0"
 ledger-transport-hid = "0.8.0"
 hex = "0.4.2"
 jubjub = { version = "0.5.1", default-features = false }
-secp256k1 = { version = "0.19.0", default-features = false }
+secp256k1 = { version = "0.20.0", default-features = false }
 group = "0.8.0"
 sha2 = "0.9.2"
 
-zcash-hsmbuilder = { path = "../zcash-hsmbuilder", version = "0.1.0" }
-
-[dependencies.zcash_primitives]
-version = "0.4.0"
-features = ["transparent-inputs"]
+#zcash
+zcash-hsmbuilder = { path = "../zcash-hsmbuilder", version = "0.2" }
+zcash_primitives = { version = "0.5", features = ["transparent-inputs"] }
 
 [dev-dependencies]
 futures = "0.3.11"

ledger-zcash/src/app.rs

@@ -31,8 +31,8 @@ use ledger_zondax_generic::{
 };
 use zcash_primitives::keys::OutgoingViewingKey;
 use zcash_primitives::legacy::Script;
+use zcash_primitives::memo::MemoBytes as Memo;
 use zcash_primitives::merkle_tree::IncrementalWitness;
-use zcash_primitives::note_encryption::Memo;
 use zcash_primitives::primitives::Rseed;
 use zcash_primitives::primitives::{PaymentAddress, ProofGenerationKey};
 use zcash_primitives::redjubjub::Signature;
@@ -262,7 +262,7 @@ impl DataShieldedOutput {
         ShieldedOutputData {
             address: self.address.clone(),
             value: self.value,
-            memo_type: self.memo.as_ref().map(|v| v.as_bytes()[0]).unwrap_or(0xf6),
+            memo_type: self.memo.as_ref().map(|v| v.as_array()[0]).unwrap_or(0xf6),
             ovk: self.ovk,
         }
     }

zcash-hsmbuilder/Cargo.toml

@@ -1,7 +1,7 @@
 [package]
 name = "zcash-hsmbuilder"
 description = "Library to build transactions for HSM apps"
-version = "0.1.0"
+version = "0.2.0"
 license = "Apache-2.0"
 authors = ["Zondax GmbH <info@zondax.ch>"]
 homepage = "https://github.com/Zondax/ledger-zcash-rs"
@@ -12,9 +12,6 @@ keywords = ["ledger", "nano", "apdu", "zcash"]
 edition = "2018"
 autobenches = false
 
-[badges]
-circle-ci = { repository = "zondax/ledger-zcash-rs" }
-
 [lib]
 name = "zcash_hsmbuilder"
 
@@ -30,19 +27,18 @@ lazy_static = "1"
 minreq = { version = "2", features = ["https"], optional = true }
 pairing = { version = "0.18" }
 rand_core = "0.5.1"
-wagyu-zcash-parameters = { version = "0.2", optional = true }
 hex = { version = "0.4.2", default-features = false }
-zcash_proofs = { version = "0.4.0", features = ["multicore"] }
 group = "0.8.0"
 rand = { version = "0.7.3", default-features = false }
 crypto_api_chachapoly = "0.4.3"
-secp256k1 = { version = "0.19.0", default-features = false }
+secp256k1 = { version = "0.20" }
 sha2 = "0.9.1"
 ripemd160 = "0.9.1"
 
 serde_derive = "1.0.117"
 serde = { version = "1.0.117", features = ["derive"] }
 
-[dependencies.zcash_primitives]
-version = "0.4.0"
-features = ["transparent-inputs"]
+#zcash
+wagyu-zcash-parameters = { version = "0.2", optional = true }
+zcash_primitives = { version = "0.5", features = ["transparent-inputs"] }
+zcash_proofs = { version = "0.5", features = ["multicore"] }

zcash-hsmbuilder/src/lib.rs

@@ -22,8 +22,8 @@ use zcash_primitives::consensus;
 use zcash_primitives::consensus::TestNetwork;
 use zcash_primitives::keys::OutgoingViewingKey;
 use zcash_primitives::legacy::Script;
+use zcash_primitives::memo::MemoBytes as Memo;
 use zcash_primitives::merkle_tree::IncrementalWitness;
-use zcash_primitives::note_encryption::Memo;
 use zcash_primitives::primitives::{PaymentAddress, ProofGenerationKey, Rseed};
 use zcash_primitives::redjubjub::Signature;
 use zcash_primitives::sapling::Node;
@@ -92,12 +92,12 @@ pub struct InitData {
 
 impl InitData {
     pub fn to_hsm_bytes(&self) -> Result<Vec<u8>, Error> {
-        let mut data = Vec::new();
-
-        data.push(self.t_in.len() as u8);
-        data.push(self.t_out.len() as u8);
-        data.push(self.s_spend.len() as u8);
-        data.push(self.s_output.len() as u8);
+        let mut data = vec![
+            self.t_in.len() as u8,
+            self.t_out.len() as u8,
+            self.s_spend.len() as u8,
+            self.s_output.len() as u8,
+        ];
 
         for info in self.t_in.iter() {
             for p in info.path.iter() {

zcash-hsmbuilder/src/neon_bridge.rs

@@ -6,8 +6,8 @@ use jubjub::{Fr, SubgroupPoint};
 use serde::{de::Error, Deserialize, Deserializer, Serializer};
 use zcash_primitives::keys::OutgoingViewingKey;
 use zcash_primitives::legacy::Script;
+use zcash_primitives::memo::MemoBytes as Memo;
 use zcash_primitives::merkle_tree::IncrementalWitness;
-use zcash_primitives::note_encryption::Memo;
 use zcash_primitives::primitives::{PaymentAddress, ProofGenerationKey, Rseed};
 use zcash_primitives::redjubjub::Signature;
 use zcash_primitives::sapling::Node;
@@ -134,7 +134,11 @@ where
     } else {
         let mut bytes = Vec::with_capacity(str.len() / 2);
         hex::decode_to_slice(&str, &mut bytes).map_err(D::Error::custom)?;
-        Ok(Memo::from_bytes(&bytes[..]))
+        if bytes.is_empty() {
+            Ok(Some(Memo::empty()))
+        } else {
+            Ok(Memo::from_bytes(&bytes[..]).ok())
+        }
     }
 }
 

zcash-hsmbuilder/src/prover.rs

@@ -116,8 +116,7 @@ impl SaplingProvingContext {
         let payment_address = viewing_key.to_payment_address(diversifier).ok_or(())?;
 
         // This is the result of the re-randomization, we compute it for the caller
-        let rk =
-            PublicKey(proof_generation_key.ak.clone().into()).randomize(ar, SPENDING_KEY_GENERATOR);
+        let rk = PublicKey(proof_generation_key.ak.into()).randomize(ar, SPENDING_KEY_GENERATOR);
 
         // Let's compute the nullifier while we have the position
         let note = Note {

zcash-hsmbuilder/src/sighashdata.rs

@@ -20,7 +20,7 @@ const OVERWINTER_VERSION_GROUP_ID: u32 = 0x03C4_8270;
 const SAPLING_VERSION_GROUP_ID: u32 = 0x892F_2085;
 const SAPLING_TX_VERSION: u32 = 4;
 
-#[derive(Clone)]
+#[derive(Default, Clone)]
 pub struct TransactionDataSighash {
     pub header: [u8; 4],
     pub version_id: [u8; 4],
@@ -36,25 +36,6 @@ pub struct TransactionDataSighash {
     pub hash_type: [u8; 4],
 }
 
-impl Default for TransactionDataSighash {
-    fn default() -> TransactionDataSighash {
-        TransactionDataSighash {
-            header: [0u8; 4],
-            version_id: [0u8; 4],
-            prevoutshash: [0u8; 32],
-            sequencehash: [0u8; 32],
-            outputshash: [0u8; 32],
-            joinsplitshash: [0u8; 32],
-            shieldedspendhash: [0u8; 32],
-            shieldedoutputhash: [0u8; 32],
-            lock_time: [0u8; 4],
-            expiry_height: [0u8; 4],
-            value_balance: [0u8; 8],
-            hash_type: [0u8; 4],
-        }
-    }
-}
-
 impl TransactionDataSighash {
     pub fn to_bytes(&self) -> Vec<u8> {
         let mut data = Vec::with_capacity(220);
@@ -101,14 +82,12 @@ enum SigHashVersion {
 
 impl SigHashVersion {
     fn from_tx(tx: &TransactionData) -> Self {
-        if tx.overwintered {
-            match tx.version_group_id {
-                OVERWINTER_VERSION_GROUP_ID => SigHashVersion::Overwinter,
-                SAPLING_VERSION_GROUP_ID => SigHashVersion::Sapling,
-                _ => unimplemented!(),
-            }
-        } else {
-            SigHashVersion::Sprout
+        use zcash_primitives::transaction::TxVersion;
+
+        match tx.version {
+            TxVersion::Sprout(_) => SigHashVersion::Sprout,
+            TxVersion::Overwinter => SigHashVersion::Overwinter,
+            TxVersion::Sapling => SigHashVersion::Sapling,
         }
     }
 }
@@ -151,10 +130,10 @@ fn outputs_hash(tx: &TransactionData) -> Blake2bHash {
 fn joinsplits_hash(tx: &TransactionData) -> Blake2bHash {
     let mut data = Vec::with_capacity(
         tx.joinsplits.len()
-            * if tx.version < SAPLING_TX_VERSION {
-                1802 // JSDescription with PHGR13 proof
-            } else {
+            * if tx.version.uses_groth_proofs() {
                 1698 // JSDescription with Groth16 proof
+            } else {
+                1802 // JSDescription with PHGR13 proof
             },
     );
     for js in &tx.joinsplits {
@@ -172,7 +151,7 @@ fn shielded_spends_hash(tx: &TransactionData) -> Blake2bHash {
     for s_spend in &tx.shielded_spends {
         data.extend_from_slice(&s_spend.cv.to_bytes());
         data.extend_from_slice(s_spend.anchor.to_repr().as_ref());
-        data.extend_from_slice(&s_spend.nullifier);
+        data.extend_from_slice(&s_spend.nullifier.0[..]);
         s_spend.rk.write(&mut data).unwrap();
         data.extend_from_slice(&s_spend.zkproof);
     }
@@ -199,13 +178,11 @@ pub fn signature_hash_input_data(tx: &TransactionData, hash_type: u32) -> Transa
     let sigversion = SigHashVersion::from_tx(tx);
     match sigversion {
         SigHashVersion::Overwinter | SigHashVersion::Sapling => {
-            let mut header = tx.version;
-            if tx.overwintered {
-                header |= 1 << 31;
-            }
+            let header = tx.version.header();
+            let version_group_id = tx.version.version_group_id();
 
             write_u32!(txdata_sighash.header, header, tmp);
-            write_u32!(txdata_sighash.version_id, tx.version_group_id, tmp);
+            write_u32!(txdata_sighash.version_id, version_group_id, tmp);
             update_data!(
                 txdata_sighash.prevoutshash,
                 hash_type & SIGHASH_ANYONECANPAY == 0,
@@ -247,7 +224,8 @@ pub fn signature_hash_input_data(tx: &TransactionData, hash_type: u32) -> Transa
                 );
             }
             write_u32!(txdata_sighash.lock_time, tx.lock_time, tmp);
-            write_u32!(txdata_sighash.expiry_height, tx.expiry_height, tmp);
+            let expiry_height = tx.expiry_height.into();
+            write_u32!(txdata_sighash.expiry_height, expiry_height, tmp);
             if sigversion == SigHashVersion::Sapling {
                 txdata_sighash
                     .value_balance

zcash-hsmbuilder/src/txbuilder.rs

@@ -11,11 +11,11 @@ use zcash_primitives::redjubjub::Signature;
 use zcash_primitives::transaction::components::amount::DEFAULT_FEE;
 use zcash_primitives::transaction::components::{Amount, TxOut, GROTH_PROOF_SIZE};
 use zcash_primitives::transaction::{
-    signature_hash_data, Transaction, TransactionData, SIGHASH_ALL,
+    signature_hash_data, SignableInput, Transaction, TransactionData, SIGHASH_ALL,
 };
 use zcash_primitives::{
-    consensus, keys::OutgoingViewingKey, legacy::TransparentAddress, merkle_tree::MerklePath,
-    note_encryption::Memo, redjubjub::PublicKey, sapling::Node, util::generate_random_rseed,
+    consensus, keys::OutgoingViewingKey, legacy::TransparentAddress, memo::MemoBytes as Memo,
+    merkle_tree::MerklePath, redjubjub::PublicKey, sapling::Node, util::generate_random_rseed,
 };
 use zcash_primitives::{
     legacy::Script,
@@ -96,7 +96,7 @@ impl SaplingOutput {
             ovk,
             to,
             note,
-            memo: memo.unwrap_or_default(),
+            memo: memo.unwrap_or_else(Memo::empty),
             rcv,
             hashseed,
         })
@@ -154,7 +154,7 @@ impl SaplingOutput {
             );
         }
 
-        let ephemeral_key = encryptor.epk().clone().into();
+        let ephemeral_key = (*encryptor.epk()).into();
 
         zcash_primitives::transaction::components::OutputDescription {
             cv,
@@ -238,7 +238,7 @@ impl TransparentInputs {
                 mtx,
                 consensus_branch_id,
                 SIGHASH_ALL,
-                Some((i, &info.coin.script_pubkey, info.coin.value)),
+                SignableInput::transparent(i, &info.coin.script_pubkey, info.coin.value),
             ));
 
             let msg = secp256k1::Message::from_slice(&sighash).expect("32 bytes");
@@ -349,7 +349,7 @@ fn transparent_script_data_fromtx(
     let mut data = Vec::new();
     for (i, info) in inputs.iter().enumerate() {
         let mut prevout = [0u8; 36];
-        prevout[0..32].copy_from_slice(&tx.vin[i].prevout.hash().as_ref());
+        prevout[0..32].copy_from_slice(tx.vin[i].prevout.hash().as_ref());
         prevout[32..36].copy_from_slice(&tx.vin[i].prevout.n().to_le_bytes());
 
         let mut script_pubkey = [0u8; 26];
@@ -440,7 +440,7 @@ impl SpendDescription {
         SpendDescription {
             cv: info.cv.to_bytes(),
             anchor: info.anchor.to_bytes(),
-            nullifier: info.nullifier,
+            nullifier: info.nullifier.0,
             rk: info.rk.0.to_bytes(),
             zkproof: info.zkproof,
         }
@@ -501,7 +501,7 @@ impl<P: consensus::Parameters, R: RngCore + CryptoRng> Builder<P, R> {
     /// The fee will be set to the default fee (0.0001 ZEC).
     pub fn new_with_rng(height: u32, rng: R) -> Builder<P, R> {
         let mut mtx = TransactionData::new();
-        mtx.expiry_height = height + DEFAULT_TX_EXPIRY_DELTA;
+        mtx.expiry_height = (height + DEFAULT_TX_EXPIRY_DELTA).into();
 
         Builder {
             rng,
@@ -519,7 +519,7 @@ impl<P: consensus::Parameters, R: RngCore + CryptoRng> Builder<P, R> {
 
     pub fn new_with_fee_rng(height: u32, rng: R, fee: u64) -> Builder<P, R> {
         let mut mtx = TransactionData::new();
-        mtx.expiry_height = height + DEFAULT_TX_EXPIRY_DELTA;
+        mtx.expiry_height = (height + DEFAULT_TX_EXPIRY_DELTA).into();
         let txfee = Amount::from_u64(fee).unwrap();
 
         Builder {
@@ -712,11 +712,11 @@ impl<P: consensus::Parameters, R: RngCore + CryptoRng> Builder<P, R> {
             for (_, spend) in spends.iter() {
                 let proof_generation_key = spend.proofkey.clone();
 
-                let mut nullifier = [0u8; 32];
-                nullifier.copy_from_slice(&spend.note.nf(
+                let nullifier = spend.note.nf(
                     &proof_generation_key.to_viewing_key(),
                     spend.merkle_path.position,
-                ));
+                );
+
                 let (zkproof, cv, rk) = prover
                     .spend_proof(
                         &mut ctx,
@@ -760,7 +760,7 @@ impl<P: consensus::Parameters, R: RngCore + CryptoRng> Builder<P, R> {
             &self.mtx,
             consensus_branch_id,
             SIGHASH_ALL,
-            None,
+            SignableInput::Shielded,
         ));
 
         // Add a binding signature if needed
@@ -870,9 +870,7 @@ impl<P: consensus::Parameters, R: RngCore + CryptoRng> Builder<P, R> {
      */
     pub fn finalize_js(&mut self) -> Result<Vec<u8>, Error> {
         let mut txdata_copy = TransactionData::new();
-        txdata_copy.overwintered = self.mtx.overwintered;
         txdata_copy.version = self.mtx.version;
-        txdata_copy.version_group_id = self.mtx.version_group_id;
         txdata_copy.vin = vec![];
         for info in self.mtx.vin.iter() {
             let tin = TxIn {