Merge pull request #30 from Zondax/dev

Dev

.github/workflows/main.yaml

@@ -17,18 +17,18 @@ jobs:
       image: zondax/rust-ci:latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
         with:
           submodules: true
       - run: sudo apt-get update && sudo apt-get install -y libudev-dev libusb-1.0-0-dev
       - name: show versions
         run: |
           rustup show
+      - name: Install rustfmt
+        run: rustup component add rustfmt --toolchain nightly
       - name: rustfmt
         run: |
-          cargo fmt --version
-          cargo fmt -- --check
-
+          cargo +nightly fmt -- --check
       - name: rust cache
         uses: Swatinem/rust-cache@v1
         with:
@@ -47,7 +47,7 @@ jobs:
       image: zondax/rust-ci:latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
         with:
           submodules: true
 

.github/workflows/rust_audit.yaml

@@ -10,15 +10,12 @@ jobs:
   security_audit:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
         with:
           submodules: true
 
-      - run: cargo audit
 
-      # disabled until we can change directory
-      # see https://github.com/actions-rs/audit-check/issues/194
-      # - name: Run audit
-      #   uses: actions-rs/audit-check@v1
-      #   with:
-      #     token: ${{ secrets.GITHUB_TOKEN }}
+      - name: Run audit
+        uses: actions-rs/audit-check@v1
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/rust_periodic_audit.yaml

@@ -9,7 +9,7 @@ jobs:
   security_audit:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
         with:
           submodules: true
 

Cargo.toml

@@ -2,10 +2,15 @@
 resolver = "2"
 members = [
     "ledger-zcash",
-    "zcash-hsmbuilder"
+    "ledger-zcash-builder"
 ]
 
 [profile.release]
 # Tell `rustc` to optimize for small code size.
 opt-level = "s"
 overflow-checks = true
+
+#[patch.crates-io]
+#ledger-transport = { path = "../ledger-rs/ledger-transport" }
+#ledger-zondax-generic = { path = "../ledger-rs/ledger-zondax-generic" }
+#ledger-transport-hid = { path = "../ledger-rs/ledger-transport-hid" }

LICENSE

@@ -186,7 +186,7 @@
       same "printed page" as the copyright notice for easier
       identification within third-party archives.
 
-   Copyright 2022 Zondax GmbH
+   Copyright 2022 Zondax AG
 
    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.

ledger-zcash-builder/Cargo.toml

@@ -0,0 +1,54 @@
+[package]
+name = "ledger-zcash-builder"
+description = "Library to build transactions for HSM apps"
+version = "0.11.2"
+license = "Apache-2.0"
+authors = ["Zondax AG <hello@zondax.ch>"]
+homepage = "https://github.com/Zondax/ledger-zcash-rs"
+repository = "https://github.com/Zondax/ledger-zcash-rs"
+readme = "README.md"
+categories = ["authentication", "cryptography"]
+keywords = ["ledger", "nano", "apdu", "zcash"]
+edition = "2021"
+autobenches = false
+
+[lib]
+name = "ledger_zcash_builder"
+
+[features]
+default = ["zcash_proofs"]
+bundled-prover = ["wagyu-zcash-parameters"]
+local-prover = []
+
+[dependencies]
+tokio = { version = "1.38", features = ["sync"] }
+educe = "0.5"
+log = "0.4"
+lazy_static = "1"
+sha2 = "0.10.8"
+serde_derive = "1"
+serde = { version = "1", features = ["derive"] }
+byteorder = "1.5"
+cfg-if = "1.0.0"
+hex = { version = "0.4", default-features = false }
+
+bellman = { version = "0.13", default-features = false, features = ["groth16"] }
+blake2b_simd = "1"
+bls12_381 = { version = "0.7" }
+chacha20poly1305 = "0.9"
+ff = "0.12"
+group = "0.12"
+jubjub = { version = "0.9", default-features = false }
+pairing = { version = "0.22" }
+rand = { version = "0.8.5", default-features = false }
+rand_core = "0.6.4"
+ripemd = "0.1"
+secp256k1 = { version = "0.29" }
+
+#zcash
+wagyu-zcash-parameters = { version = "0.2", optional = true }
+
+zcash_primitives = { version = "0.7", features = ["transparent-inputs"] }
+zcash_proofs = { version = "0.7", features = ["multicore"], optional = true }
+zcash_note_encryption = { version = "0.1", features = ["pre-zip-212"] }
+thiserror = "1.0"

zcash-hsmbuilder/src/data.rs → ledger-zcash-builder/src/data.rs

@@ -1,3 +1,18 @@
+/*******************************************************************************
+*   (c) 2022-2024 Zondax AG
+*
+*  Licensed under the Apache License, Version 2.0 (the "License");
+*  you may not use this file except in compliance with the License.
+*  You may obtain a copy of the License at
+*
+*      http://www.apache.org/licenses/LICENSE-2.0
+*
+*  Unless required by applicable law or agreed to in writing, software
+*  distributed under the License is distributed on an "AS IS" BASIS,
+*  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+*  See the License for the specific language governing permissions and
+*  limitations under the License.
+********************************************************************************/
 //! This module contains many of the data structures used in the crate and
 //! in conjunction with the HSM builder
 
@@ -7,17 +22,16 @@ use neon_bridge::*;
 pub mod sighashdata;
 pub mod sighashdata_v4;
 pub mod sighashdata_v5;
+use serde::{Deserialize, Serialize};
 use sighashdata::TransactionDataSighash;
-
-use crate::zcash::primitives::{
+use zcash_primitives::{
     keys::OutgoingViewingKey,
     legacy::Script,
     memo::MemoBytes as Memo,
     merkle_tree::MerklePath,
     sapling::{redjubjub::Signature, Node, PaymentAddress, ProofGenerationKey, Rseed},
     transaction::components::{Amount, OutPoint},
 };
-use serde::{Deserialize, Serialize};
 
 use crate::{
     errors::Error,
@@ -26,57 +40,53 @@ use crate::{
 
 #[derive(Debug, Deserialize)]
 pub struct TinData {
-    pub path: [u32; 5],
+    pub path: [u32; 5], // Expected: Array of 5 u32 values
     #[serde(deserialize_with = "script_deserialize")]
-    pub address: Script,
+    pub address: Script, // Expected: Hex-encoded string representing a Script
     #[serde(deserialize_with = "amount_deserialize")]
-    pub value: Amount,
+    pub value: Amount, // Expected: u64 value representing an Amount
 }
 
 #[derive(Debug, Deserialize)]
 pub struct ToutData {
     #[serde(deserialize_with = "script_deserialize")]
-    pub address: Script,
+    pub address: Script, // Expected: Hex-encoded string representing a Script
     #[serde(deserialize_with = "amount_deserialize")]
-    pub value: Amount,
+    pub value: Amount, // Expected: u64 value representing an Amount
 }
 
 #[derive(Debug, Deserialize)]
-pub struct ShieldedSpendData {
-    pub path: u32,
+pub struct SaplingInData {
+    pub path: u32, // Expected: Single u32 value
     #[serde(deserialize_with = "s_address_deserialize")]
-    pub address: PaymentAddress,
+    pub address: PaymentAddress, // Expected: Hex-encoded string representing a PaymentAddress
     #[serde(deserialize_with = "amount_deserialize")]
-    pub value: Amount,
+    pub value: Amount, // Expected: u64 value representing an Amount
 }
 
 #[derive(Debug, Deserialize)]
-pub struct ShieldedOutputData {
+pub struct SaplingOutData {
     #[serde(deserialize_with = "s_address_deserialize")]
-    pub address: PaymentAddress,
+    pub address: PaymentAddress, // Expected: Hex-encoded string representing a PaymentAddress
     #[serde(deserialize_with = "amount_deserialize")]
-    pub value: Amount,
-    pub memo_type: u8,
-    #[serde(deserialize_with = "ovk_deserialize")]
-    pub ovk: Option<OutgoingViewingKey>,
+    pub value: Amount, // Expected: u64 value representing an Amount
+    pub memo_type: u8, // Expected: Single byte value
+    #[serde(deserialize_with = "ovk_deserialize", default)]
+    pub ovk: Option<OutgoingViewingKey>, // Expected: Optional hex-encoded string representing an OutgoingViewingKey
 }
 
 #[derive(Debug, Deserialize)]
 pub struct InitData {
     pub t_in: Vec<TinData>,
     pub t_out: Vec<ToutData>,
-    pub s_spend: Vec<ShieldedSpendData>,
-    pub s_output: Vec<ShieldedOutputData>,
+    pub s_spend: Vec<SaplingInData>,
+    pub s_output: Vec<SaplingOutData>,
 }
 
 impl InitData {
     pub fn to_hsm_bytes(&self) -> Vec<u8> {
-        let mut data = vec![
-            self.t_in.len() as u8,
-            self.t_out.len() as u8,
-            self.s_spend.len() as u8,
-            self.s_output.len() as u8,
-        ];
+        let mut data =
+            vec![self.t_in.len() as u8, self.t_out.len() as u8, self.s_spend.len() as u8, self.s_output.len() as u8];
 
         for info in self.t_in.iter() {
             for p in info.path.iter() {
@@ -126,16 +136,24 @@ impl HsmTxData {
     pub fn to_hsm_bytes(&self) -> Result<Vec<u8>, Error> {
         let mut data = Vec::new();
         for t_data in self.t_script_data.iter() {
-            t_data.write(&mut data)?;
+            t_data
+                .write(&mut data)
+                .map_err(|_| Error::ReadWriteError)?;
         }
         for spend_old_data in self.s_spend_old_data.iter() {
-            spend_old_data.write(&mut data)?;
+            spend_old_data
+                .write(&mut data)
+                .map_err(|_| Error::ReadWriteError)?;
         }
         for spend_new_data in self.s_spend_new_data.iter() {
-            spend_new_data.write(&mut data)?;
+            spend_new_data
+                .write(&mut data)
+                .map_err(|_| Error::ReadWriteError)?;
         }
         for output_data in self.s_output_data.iter() {
-            output_data.write(&mut data)?;
+            output_data
+                .write(&mut data)
+                .map_err(|_| Error::ReadWriteError)?;
         }
         data.extend_from_slice(&self.tx_hash_data.to_bytes());
         Ok(data)
@@ -144,41 +162,41 @@ impl HsmTxData {
 
 #[derive(Debug, Deserialize)]
 pub struct TransparentInputBuilderInfo {
-    #[serde(deserialize_with = "outpoint_deserialize")]
-    pub outp: OutPoint,
+    #[serde(deserialize_with = "t_outpoint_deserialize")]
+    pub outp: OutPoint, // Expected: Hex-encoded string representing an OutPoint
     #[serde(deserialize_with = "t_pk_deserialize")]
-    pub pk: secp256k1::PublicKey,
+    pub pk: secp256k1::PublicKey, // Expected: Hex-encoded string representing a PublicKey
     #[serde(deserialize_with = "script_deserialize")]
-    pub address: Script,
+    pub address: Script, // Expected: Hex-encoded string representing a Script
     #[serde(deserialize_with = "amount_deserialize")]
-    pub value: Amount,
+    pub value: Amount, // Expected: u64 value representing an Amount
 }
 
 #[derive(Debug, Deserialize)]
 pub struct TransparentOutputBuilderInfo {
     #[serde(deserialize_with = "script_deserialize")]
-    pub address: Script,
-    //26
+    pub address: Script, // Expected: Hex-encoded string representing a Script
+    // 26
     #[serde(deserialize_with = "amount_deserialize")]
-    pub value: Amount, //8
+    pub value: Amount, // 8
 }
 
 #[derive(Deserialize)]
 pub struct SpendBuilderInfo {
     #[serde(deserialize_with = "pgk_deserialize")]
-    pub proofkey: ProofGenerationKey,
+    pub proofkey: ProofGenerationKey, // Expected: Hex-encoded string representing a ProofGenerationKey
     #[serde(deserialize_with = "fr_deserialize")]
-    pub rcv: jubjub::Fr,
+    pub rcv: jubjub::Fr, // Expected: Hex-encoded string representing a Fr
     #[serde(deserialize_with = "fr_deserialize")]
-    pub alpha: jubjub::Fr,
+    pub alpha: jubjub::Fr, // Expected: Hex-encoded string representing a Fr
     #[serde(deserialize_with = "s_address_deserialize")]
-    pub address: PaymentAddress,
+    pub address: PaymentAddress, // Expected: Hex-encoded string representing a PaymentAddress
     #[serde(deserialize_with = "amount_deserialize")]
-    pub value: Amount,
+    pub value: Amount, // Expected: u64 value representing an Amount
     #[serde(deserialize_with = "merkle_path_deserialize")]
-    pub witness: MerklePath<Node>,
+    pub witness: MerklePath<Node>, // Expected: Hex-encoded string representing a MerklePath<Node>
     #[serde(deserialize_with = "rseed_deserialize")]
-    pub rseed: Rseed,
+    pub rseed: Rseed, // Expected: Hex-encoded string representing a Rseed
 }
 
 /// An outgoing viewing key
@@ -188,25 +206,26 @@ pub struct HashSeed(pub [u8; 32]);
 #[derive(Debug, Deserialize)]
 pub struct OutputBuilderInfo {
     #[serde(deserialize_with = "fr_deserialize")]
-    pub rcv: jubjub::Fr,
+    pub rcv: jubjub::Fr, // Expected: Hex-encoded string representing a Fr
     #[serde(deserialize_with = "rseed_deserialize")]
-    pub rseed: Rseed,
-    #[serde(deserialize_with = "ovk_deserialize")]
-    pub ovk: Option<OutgoingViewingKey>,
+    pub rseed: Rseed, // Expected: Hex-encoded string representing a Rseed
+    #[serde(deserialize_with = "ovk_deserialize", default)]
+    pub ovk: Option<OutgoingViewingKey>, // Expected: Optional hex-encoded string representing an OutgoingViewingKey
     #[serde(deserialize_with = "s_address_deserialize")]
-    pub address: PaymentAddress,
+    pub address: PaymentAddress, // Expected: Hex-encoded string representing a PaymentAddress
     #[serde(deserialize_with = "amount_deserialize")]
-    pub value: Amount,
-    #[serde(deserialize_with = "memo_deserialize")]
-    pub memo: Option<Memo>,
-    #[serde(deserialize_with = "hashseed_deserialize")]
-    pub hash_seed: Option<HashSeed>,
+    pub value: Amount, // Expected: u64 value representing an Amount
+    #[serde(deserialize_with = "memo_deserialize", default)]
+    pub memo: Option<Memo>, // Expected: Optional hex-encoded string representing a Memo
+    // #[serde(deserialize_with = "hashseed_deserialize")]
+    #[serde(deserialize_with = "hashseed_deserialize", default)]
+    pub hash_seed: Option<HashSeed>, // Expected: Optional hex-encoded string representing a HashSeed
 }
 
 #[derive(Debug, Deserialize)]
 pub struct TransactionSignatures {
     #[serde(deserialize_with = "t_sig_deserialize")]
-    pub transparent_sigs: Vec<secp256k1::Signature>,
+    pub transparent_sigs: Vec<secp256k1::ecdsa::Signature>, // Expected: List of hex-encoded strings representing secp256k1::ecdsa::Signature
     #[serde(deserialize_with = "s_sig_deserialize")]
-    pub spend_sigs: Vec<Signature>,
+    pub sapling_sigs: Vec<Signature>, // Expected: List of hex-encoded strings representing Signature
 }