-
Notifications
You must be signed in to change notification settings - Fork 823
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implement shielding #23076
base: master
Are you sure you want to change the base?
Implement shielding #23076
Conversation
02fe8cd
to
0ad3180
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The empty components/zcash/README.chromium
is unnecessary, but was a nice clue there was vendored code hiding in here. :)
components/zcash/rs/mod.rs
Outdated
// License, v. 2.0. If a copy of the MPL was not distributed with this file, | ||
// You can obtain one at https://mozilla.org/MPL/2.0/. | ||
|
||
mod librustzcash; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This file is unnecessary. Having librustzcash/mod.rs
is sufficient to declare the module.
components/zcash/rs/BUILD.gn
Outdated
"//brave/third_party/rust/byteorder/v1:lib", | ||
"//brave/third_party/rust/incrementalmerkletree/v0_5:lib", | ||
"//brave/third_party/rust/nonempty/v0_7:lib", | ||
"//brave/third_party/rust/orchard/v0_7:lib", | ||
"//third_party/rust/rand_core/v0_6:lib", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please keep Cargo.toml in sync for direct dependencies. These are all referenced directly.
If you want to verify sufficient declarations by running cargo check
within the local source directory, you can resolve against the patched orchard crate by adding a patch like to zcash/rs/Cargo.toml:
[patch.crates-io.orchard]
path = "../../../third_party/rust/chromium_crates_io/vendor/orchard-0.7.1"
components/zcash/rs/lib.rs
Outdated
} | ||
|
||
fn next_u64(&mut self) -> u64 { | ||
self.0 += 1; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This seems not great for a CryptoRng
. What about using rand_chacha::ChaCha20Rng::seed_from_u64()
instead of this mock?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is used only in tests, do you think we really need to use complicated randomness there?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's only used in test code, but it's available in all builds. I'm concerned about someone else using it accidentally, sometime in the future, where they need something else.
rand_chacha is a SeedableRng + CryptoRng
we already have in tree, so using it is also just less code.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We have discussed with @kdenhartog. He is ok with keeping mock rng since it's call is protected by CHECK_IS_TESTS. Otherwise i'd need to recapture testvectors.
// License, v. 2.0. If a copy of the MPL was not distributed with this file, | ||
// You can obtain one at https://mozilla.org/MPL/2.0/. | ||
|
||
#[allow(dead_code)] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why are we importing code we're not using?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just to reduce changes in the librustzcash files
// License, v. 2.0. If a copy of the MPL was not distributed with this file, | ||
// You can obtain one at https://mozilla.org/MPL/2.0/. | ||
|
||
// https://github.com/zcash/librustzcash/blob/zcash_primitives-0.15.0/zcash_primitives/src/transaction/components/orchard.rs |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you share something about the motivation here? I really don't like this kind of cut-and-paste vendoring because it's hard to update. Or really, hard to remember it needs updating, since it's not visible to normal advisory notification tools.
Is this an attempt to strip the (large) dependency list of the published zcash_primitives
and zcash_encoding
crates? Has the code been customized beyond trimming it? I'd just like to clear about the maintenance and review tradeoffs we're making here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sure, there is a quite big librustzcash crate and it is not clear yet which parts we can reuse directly.
Idea is just to copy necessary minimum of code and then decide if we can switch to vendoring istead of copying. Also there are some excess things in zcash_primitives that we don't need - like transparent or sapling support, tx builder, etc.
Has the code been customized beyond trimming it
There is a little of customization like changing "use" declarations. Probably it will be customized deeply in the future
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@kdenhartog iirc you've looked at the zcash crates. I'm curious how you see this approach?
components/zcash/rs/lib.rs
Outdated
.ok_or(Error::BuildError) | ||
}) | ||
}, | ||
OrchardRandomSource::MockRng(mut rng) => { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You could avoid the duplication here by implementing a forwarding RngCore
on the OrchardRandomSource
wrapper, but that wouldn't be less code so probably not worth it.
A Storybook has been deployed to preview UI for the latest push |
e2e4f6d
to
37373ae
Compare
wallet core looks ok in general, will wait for base PR gets merged |
components/zcash/rs/BUILD.gn
Outdated
@@ -9,11 +9,24 @@ rust_static_library("rust_lib") { | |||
crate_name = "zcash_cxx" | |||
crate_root = "lib.rs" | |||
allow_unsafe = true | |||
sources = [ "lib.rs" ] | |||
|
|||
sources = [ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why is this code in services?
@@ -26,6 +26,7 @@ adblock-cxx = { version = "1" } | |||
constellation-cxx = "0.1" | |||
challenge-bypass-ristretto-cxx = "1" | |||
orchard = { version = "0.7.0", default-features = false } | |||
incrementalmerkletree = { version = "0.5.1", features = ["legacy-api"]} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we should not be adding this directly to chromium_crates_io/Cargo.toml. It should go in a Cargo.toml file along with the relevant code
base::StrCat({"0x", tree_state_.value()->orchardTree})); | ||
if (!state_tree_bytes) { | ||
error_ = l10n_util::GetStringUTF8(IDS_WALLET_INTERNAL_ERROR); | ||
Iterate(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's do this through PostTask to avoid Iterate()->CompleteTransaction()->Iterate() recursion
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
account_id_, mojom::ZCashKeyId::New(account_id_->account_index, | ||
1 /* internal */, 0)); | ||
if (!addr_bytes) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
mojom::ZCashKeyId::New(account_id_->account_index, 1 /* internal */, 0)
This most likely needs a seprate function with comment that we have only one internal(change) address for an account
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
|
||
namespace brave_wallet { | ||
|
||
class OrchardManager { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
OrchardBundleManager maybe?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
or OrchardBundleWrapper
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Renamed
@@ -49,6 +53,15 @@ struct DecodedZCashAddress { | |||
bool testnet = false; | |||
}; | |||
|
|||
struct OrchardOutput { | |||
uint64_t value; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
= 0;
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Desktop Frontend ++
A Storybook has been deployed to preview UI for the latest push |
components/brave_wallet/browser/zcash/create_shield_all_transaction_task.cc
Outdated
Show resolved
Hide resolved
A Storybook has been deployed to preview UI for the latest push |
std::unique_ptr<OrchardBundleManager> orchard_bundle_manager, | ||
std::array<uint8_t, kZCashDigestSize> sighash) { | ||
#if BUILDFLAG(IS_IOS) | ||
DCHECK(!web::WebThread::CurrentlyOn(web::WebThread::UI)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
missed a ;
A Storybook has been deployed to preview UI for the latest push |
#if BUILDFLAG(IS_IOS) | ||
#include "ios/web/public/thread/web_thread.h" | ||
#else | ||
#include "content/public/browser/browser_thread.h" | ||
#endif |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's not depend on content from here
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
wallet core lgtm
[puLL-Merge] - brave/brave-core@23076 Here is a review of the pull request: DescriptionThis PR adds support for Orchard shielded transactions in the Brave Wallet. It allows creating transactions that shield transparent funds into an Orchard shielded address. The main changes include:
The motivation appears to be to enhance user privacy by allowing funds to be shielded using the latest Orchard protocol. Possible Issues
Security Hotspots
ChangesChanges
Overall this is a significant enhancement to add Orchard shielded transaction support. The security hotspots noted should be carefully reviewed, but with proper precautions this can allow users to take advantage of the latest ZEC privacy features. Thorough testing of the Orchard transactions is recommended. Documentation on the privacy implications and changes to transaction signing would also be beneficial. With those considerations, this looks like a good improvement to the Brave Wallet's ZEC capabilities. |
A Storybook has been deployed to preview UI for the latest push |
A Storybook has been deployed to preview UI for the latest push |
Resolves brave/brave-browser#37201
Adds shielding operations which means sending from transparent to shielded address.
See last commit until PR rebased on master.
This includes steps :
Create Tx flow:
Audit: https://github.com/brave/reviews/issues/1588
Submitter Checklist:
QA/Yes
orQA/No
;release-notes/include
orrelease-notes/exclude
;OS/...
) to the associated issuenpm run test -- brave_browser_tests
,npm run test -- brave_unit_tests
wikinpm run presubmit
wiki,npm run gn_check
,npm run tslint
git rebase master
(if needed)Reviewer Checklist:
gn
After-merge Checklist:
changes has landed on
Test Plan: