TransactionBuilder for Sapling and transparent transactions

[str4d]

This PR includes zcash/librustzcash#24, and will create a testnet chain split once merged into master (and once a Sapling transaction is mined).

[ebfull]

ACK, but if it's not too much trouble I'd love to see a check that all of the anchors are the same (as a stop-gap for a protocol change to enforce this).

[str4d]

Addressed @ebfull's comment.

[daira]

I'd like to see this merged together with a PR to use a version of sapling-crypto that includes zcash/sapling-crypto#80 , so that we don't inadvertently end up with two chain splits. The rationale is that this rule change will create a split on the next Sapling transaction, whereas the RedDSA change will only do so if someone creates a nonstandard signature (that will never be created by an unmodified zcashd).

[daira]

ut(ACK+cov)

[daira]

Rename this to expsk.

[daira]

Rename to expsk, also the member variable.

[daira]

Should there be a similar method that just takes a CTxOut, in case a caller wants to use a funky script?

[str4d]

If someone needs that in future, they can add it.

[daira]

Maybe we should return a value that indicates why building the tx failed?

[str4d]

Were this Rust, I'd be returning a Result<CTransaction, Reason>. The equivalent in C++ is very messy; probably the simplest is to return a std::pair<boost::optional<CTransaction>, Reason>, or we could add a GetFailureReason() method that exposes an internal variable we set before returning from Build().

[daira]

I would be inclined to implement a Result class.

[ebfull]

NB: an IncrementalWitness cannot be constructed such that tree.size() is 0, so this will never underflow.

[ebfull]

Pushed some commits to adopt zcash/librustzcash#26 into this PR and fix a bug in the return value from SendChangeTo.

[str4d]

ACK on the two commits @ebfull pushed.

[daira]

ACK b7b088c and 04ed758 .

[Eirik0]

Overall looks good.

One general comment that I have is that it would be nice if the methods in TransactionBuilder returned *this rather than bool or void. Because this is not yet used in production it is hard to tell if this makes TransactionBuilder easier to use. Returning a bool is useful if we are able to write code to recover from whatever has caused the failure. If we are not able to recover, we may as well throw some error rather than return bool as this can include more information. Similarly, are we able to recover if .Build() returns none? Would we be able to provide the end user more information if we throw an error in .Build() rather than returning none?

[str4d]

Useful comments, but we can look into ergonomics after we've used this in z_sendmany (and thus have more feedback from actually using the API).

@zkbot r+

[zkbot]

📌 Commit 04ed758 has been approved by str4d

[zkbot]

⌛ Testing commit 04ed758 with merge f87011a511eb4a0b7c923e1fc6802bd7c820ff6c...

[zkbot]

💔 Test failed - pr-merge

[bitcartel]

Tests fail when running locally

./zcash-gtest --gtest_filter=TransactionBuilder.*
Note: Google Test filter = TransactionBuilder.*
[==========] Running 7 tests from 1 test case.
[----------] Global test environment set-up.
[----------] 7 tests from TransactionBuilder
[ RUN      ] TransactionBuilder.Invoke
gtest/test_transaction_builder.cpp:54: Failure
Value of: ContextualCheckTransaction(tx1, state, 2, 0)
  Actual: false
Expected: true
gtest/test_transaction_builder.cpp:55: Failure
      Expected: state.GetRejectReason()
      Which is: "bad-txns-sapling-output-description-invalid"
To be equal to: ""
gtest/test_transaction_builder.cpp:78: Failure
      Expected: static_cast<bool>(maybe_tx2)
      Which is: false
To be equal to: true
[  FAILED  ] TransactionBuilder.Invoke (1831 ms)
[ RUN      ] TransactionBuilder.ThrowsOnTransparentInputWithoutKeyStore
[       OK ] TransactionBuilder.ThrowsOnTransparentInputWithoutKeyStore (0 ms)
[ RUN      ] TransactionBuilder.RejectsInvalidTransparentOutput
[       OK ] TransactionBuilder.RejectsInvalidTransparentOutput (0 ms)
[ RUN      ] TransactionBuilder.RejectsInvalidTransparentChangeAddress
[       OK ] TransactionBuilder.RejectsInvalidTransparentChangeAddress (0 ms)
[ RUN      ] TransactionBuilder.FailsWithNegativeChange
gtest/test_transaction_builder.cpp:172: Failure
Value of: static_cast<bool>(builder.Build())
  Actual: false
Expected: true
[  FAILED  ] TransactionBuilder.FailsWithNegativeChange (1566 ms)
[ RUN      ] TransactionBuilder.ChangeOutput
gtest/test_transaction_builder.cpp:225: Failure
      Expected: static_cast<bool>(maybe_tx)
      Which is: false
To be equal to: true
[  FAILED  ] TransactionBuilder.ChangeOutput (1603 ms)
[ RUN      ] TransactionBuilder.SetFee
gtest/test_transaction_builder.cpp:303: Failure
      Expected: static_cast<bool>(maybe_tx)
      Which is: false
To be equal to: true
[  FAILED  ] TransactionBuilder.SetFee (1580 ms)
[----------] 7 tests from TransactionBuilder (6581 ms total)

[----------] Global test environment tear-down
[==========] 7 tests from 1 test case ran. (6581 ms total)
[  PASSED  ] 3 tests.
[  FAILED  ] 4 tests, listed below:
[  FAILED  ] TransactionBuilder.Invoke
[  FAILED  ] TransactionBuilder.FailsWithNegativeChange
[  FAILED  ] TransactionBuilder.ChangeOutput
[  FAILED  ] TransactionBuilder.SetFee

 4 FAILED TESTS

[ebfull]

@bitcartel I haven't seen such failures.

I had to relocate ECC_Start() to avoid some kind of race condition in the test harness.

@zkbot r+

[zkbot]

📌 Commit a310f6c has been approved by ebfull

[zkbot]

⌛ Testing commit a310f6c with merge d84f14e...

[zkbot]

☀️ Test successful - pr-merge
Approved by: ebfull
Pushing d84f14e to master...

[daira]

a310f6c cannot be the right fix for that race condition, surely? It's dependent on the order in which tests are run.

[str4d]

@daira I think the problem was the presence of a second call. I thought I was fixing this once and for all in 3fd0a26, but I missed one. Removing the call from all individual tests, and leaving it in the initializer, should be sufficient.