Implement shielding

[cypt4]

Resolves brave/brave-browser#37201

Adds shielding operations which means sending from transparent to shielded address.
See last commit until PR rebased on master.
This includes steps :
Create Tx flow:

• Resolve transparent UTXOs for the selected account, also resolve last orchard tree root ( This is needed to construct Orchard tx bundle ) and latest block id(needed for tx header).
• Construct unauthorized orchard bundle with provided shielded outputs and random number generator. Unauthorized bundle can supply us with orchard digest to use in signature digest construction.
• Calculate signature digest for every transparent input, also calculate orchard sighash.
• Apply sighash to the unauthorized orchard bundle. That returns authorized orchard bundle.
• From authorized orchard bundle we can resolve orchard raw tx part to insert it into serialized ZCashTransaction.
• Serialize transaction and send vie SendRawTransaction gRPC call.
• Calculate and show tx id using https://zips.z.cash/zip-0244#txid-digest

Audit: https://github.com/brave/reviews/issues/1588

Submitter Checklist:

• I confirm that no security/privacy review is needed and no other type of reviews are needed, or that I have requested them
• There is a ticket for my issue
• Used Github auto-closing keywords in the PR description above
• Wrote a good PR/commit description
• Squashed any review feedback or "fixup" commits before merge, so that history is a record of what happened in the repo, not your PR
• Added appropriate labels (QA/Yes or QA/No; release-notes/include or release-notes/exclude; OS/...) to the associated issue
• Checked the PR locally:
  • npm run test -- brave_browser_tests, npm run test -- brave_unit_tests wiki
  • npm run presubmit wiki, npm run gn_check, npm run tslint
• Ran git rebase master (if needed)

Reviewer Checklist:

• A security review is not needed, or a link to one is included in the PR description
• New files have MPL-2.0 license header
• Adequate test coverage exists to prevent regressions
• Major classes, functions and non-trivial code blocks are well-commented
• Changes in component dependencies are properly reflected in gn
• Code follows the style guide
• Test plan is specified in PR before merging

After-merge Checklist:

• The associated issue milestone is set to the smallest version that the
  changes has landed on
• All relevant documentation has been updated, for instance:
  • https://github.com/brave/brave-browser/wiki/Deviations-from-Chromium-(features-we-disable-or-remove)
  • https://github.com/brave/brave-browser/wiki/Proxy-redirected-URLs
  • https://github.com/brave/brave-browser/wiki/Fingerprinting-Protections
  • https://github.com/brave/brave-browser/wiki/Brave%E2%80%99s-Use-of-Referral-Codes
  • https://github.com/brave/brave-browser/wiki/Web-Compatibility-Exceptions-in-Brave
  • https://github.com/brave/brave-browser/wiki/QA-Guide
  • https://github.com/brave/brave-browser/wiki/P3A

Test Plan:

[rillian]

The empty components/zcash/README.chromium is unnecessary, but was a nice clue there was vendored code hiding in here. :)

[rillian]

This file is unnecessary. Having librustzcash/mod.rs is sufficient to declare the module.

[rillian]

Please keep Cargo.toml in sync for direct dependencies. These are all referenced directly.

If you want to verify sufficient declarations by running cargo check within the local source directory, you can resolve against the patched orchard crate by adding a patch like to zcash/rs/Cargo.toml:

[patch.crates-io.orchard]
path = "../../../third_party/rust/chromium_crates_io/vendor/orchard-0.7.1"

[rillian]

This seems not great for a CryptoRng. What about using rand_chacha::ChaCha20Rng::seed_from_u64() instead of this mock?

[cypt4]

This is used only in tests, do you think we really need to use complicated randomness there?

[rillian]

It's only used in test code, but it's available in all builds. I'm concerned about someone else using it accidentally, sometime in the future, where they need something else.

rand_chacha is a SeedableRng + CryptoRng we already have in tree, so using it is also just less code.

[cypt4]

We have discussed with @kdenhartog. He is ok with keeping mock rng since it's call is protected by CHECK_IS_TESTS. Otherwise i'd need to recapture testvectors.

[rillian]

Why are we importing code we're not using?

[cypt4]

Just to reduce changes in the librustzcash files

[rillian]

Can you share something about the motivation here? I really don't like this kind of cut-and-paste vendoring because it's hard to update. Or really, hard to remember it needs updating, since it's not visible to normal advisory notification tools.

Is this an attempt to strip the (large) dependency list of the published zcash_primitives and zcash_encoding crates? Has the code been customized beyond trimming it? I'd just like to clear about the maintenance and review tradeoffs we're making here.

[cypt4]

Sure, there is a quite big librustzcash crate and it is not clear yet which parts we can reuse directly.
Idea is just to copy necessary minimum of code and then decide if we can switch to vendoring istead of copying. Also there are some excess things in zcash_primitives that we don't need - like transparent or sapling support, tx builder, etc.

Has the code been customized beyond trimming it

There is a little of customization like changing "use" declarations. Probably it will be customized deeply in the future

[rillian]

@kdenhartog iirc you've looked at the zcash crates. I'm curious how you see this approach?

[rillian]

You could avoid the duplication here by implementing a forwarding RngCore on the OrchardRandomSource wrapper, but that wouldn't be less code so probably not worth it.

[brave-builds]

A Storybook has been deployed to preview UI for the latest push

[supermassive]

wallet core looks ok in general, will wait for base PR gets merged

[bridiver]

why is this code in services?

[bridiver]

we should not be adding this directly to chromium_crates_io/Cargo.toml. It should go in a Cargo.toml file along with the relevant code

[supermassive]

Let's do this through PostTask to avoid Iterate()->CompleteTransaction()->Iterate() recursion

[cypt4]

Done

[supermassive]

mojom::ZCashKeyId::New(account_id_->account_index, 1 /* internal */, 0)
This most likely needs a seprate function with comment that we have only one internal(change) address for an account

[cypt4]

Done

[supermassive]

OrchardBundleManager maybe?

[supermassive]

or OrchardBundleWrapper

[cypt4]

Renamed

[supermassive]

= 0;

[cypt4]

Done

[josheleonard]

Desktop Frontend ++

[brave-builds]

A Storybook has been deployed to preview UI for the latest push

[brave-builds]

A Storybook has been deployed to preview UI for the latest push

[nuo-xu]

missed a ;

[brave-builds]

A Storybook has been deployed to preview UI for the latest push

[supermassive]

Let's not depend on content from here

[supermassive]

wallet core lgtm

[github-actions]

[puLL-Merge] - brave/brave-core@23076

Here is a review of the pull request:

Description

This PR adds support for Orchard shielded transactions in the Brave Wallet. It allows creating transactions that shield transparent funds into an Orchard shielded address. The main changes include:

• Adding APIs and UI for shielding transparent ZEC funds into Orchard
• Integrating rust-based Orchard cryptographic primitives
• Modifying the ZEC transaction format to include Orchard data
• Updating ZEC transaction signing to handle the Orchard bundle

The motivation appears to be to enhance user privacy by allowing funds to be shielded using the latest Orchard protocol.

Possible Issues

• The Orchard bundle creation uses randomness. Need to ensure the randomness source is cryptographically secure. The PR overrides it for testing which is good.
• Orchard transactions will likely be larger in size than transparent ones. May need to consider performance impact if many Orchard transactions are created.
• User education may be needed around the privacy benefits and tradeoffs of shielding.

Security Hotspots

1. Randomness generation for Orchard bundles in orchard_bundle_manager.cc. Ensure the random source has sufficient entropy and cannot be manipulated by an attacker. Using a hardware random source is ideal.
2. Avoid logging any sensitive Orchard data, addresses or transaction details that could impact privacy.
3. Validate and bounds check the outputs parameter passed to create_orchard_bundle. Ensure it cannot exceed reasonable limits and cause memory issues.

Changes

Changes

Cargo.toml

• Adds new rust dependencies rand and zcash_primitives

brave/components/brave_wallet/browser/zcash/rust/Cargo.toml

• Adds new rust dependencies rand and zcash_primitives

orchard_bundle_manager.h, orchard_bundle_manager.cc

• Adds new OrchardBundleManager class to manage Orchard bundle states

zcash_transaction.h, zcash_transaction.cc

• Adds OrchardOutput and OrchardPart structs to ZCashTransaction
• Updates transaction serialization

zcash_rpc.h, zcash_rpc.cc

• New APIs GetLatestTreeState and GetTreeState to retrieve Orchard tree state

zcash_wallet_service.h, zcash_wallet_service.cc

• Adds ShieldFunds API to allow shielding funds into Orchard

Overall this is a significant enhancement to add Orchard shielded transaction support. The security hotspots noted should be carefully reviewed, but with proper precautions this can allow users to take advantage of the latest ZEC privacy features. Thorough testing of the Orchard transactions is recommended. Documentation on the privacy implications and changes to transaction signing would also be beneficial. With those considerations, this looks like a good improvement to the Brave Wallet's ZEC capabilities.

[brave-builds]

A Storybook has been deployed to preview UI for the latest push

[brave-builds]

A Storybook has been deployed to preview UI for the latest push