Changes required for Keystone firmware support #1666
Conversation
This depends upon an updated fork or `bip32` maintained by `KeystoneHQ`
Co-authored-by: Kris Nuttycombe <[email protected]>
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #1666 +/- ##
==========================================
- Coverage 52.23% 51.89% -0.34%
==========================================
Files 179 180 +1
Lines 21351 21169 -182
==========================================
- Hits 11152 10986 -166
+ Misses 10199 10183 -16 ☔ View full report in Codecov by Sentry. |
Brings #1667 into the Keystone firmware branch.
str4d
changed the title
keystone support that require dependency updates beyond what we can currently do.
Instead the PCZT is parsed into its protocol-specific types, and getters on those are used. The remaining getters are used for sighash derivation, the one part of the stack that is not currently modular.
| "unicode-normalization", | ||
| "zeroize", | ||
| ] | ||
|
|
||
| [[package]] | ||
| name = "bip32" | ||
| version = "0.5.1" | ||
| version = "0.6.0-pre.1" |
There was a problem hiding this comment.
Why the preview version? I was unable to find any documentation of what changed in the preview here: https://github.com/iqlusioninc/crates/blob/bip32/v0.6.0-pre.1/bip32/CHANGELOG.md (or in corresponding files for the RustCrypto dependencies).
There was a problem hiding this comment.
Oh I see, it's to get iqlusioninc/crates#1254
There was a problem hiding this comment.
Depending on all of these previews and rcs does not seem ideal.
- hmac 0.13.0-pre.4
- ripemd 0.2.0-pre.4
- sha2 0.11.0-pre.4
- digest 0.11.0-pre.9
- block-buffer 0.11.0-rc.3
- crypto-common 0.2.0-rc.1
I realize it's only temporary, and that you asked @tony-iqlusion for a backport here. (I guess a bip32 0.6.0 release would do as well given that we've bitten the bullet of MSRV 1.81.0. But that would also require releases of the crates above iiuc.)
There was a problem hiding this comment.
Here's a bip32 v0.5.3 backport release, however be aware it uses an older version of the secp256k1 crate (v0.27) to retain compatibility with other v0.5.x releases: https://github.com/iqlusioninc/crates/pull/1261/files
There was a problem hiding this comment.
I'd hoped that a backport might suffice, but it turned out to be necessary to use secp256k1 0.29 because the firmware already did, and duplicate C bindings would be a nightmare.
There was a problem hiding this comment.
Note v0.30 is out and we'll bump to that (at least) before a final release
There was a problem hiding this comment.
So maybe we should ask Keystone to bump the firmware to secp256k1 0.30?
@tony-iqlusion when you say "at least", is that just because there might be another release after 0.30 that you could opportunistically upgrade to, or might it be necessary? (At a glance, 0.30 was tagged only last week but there are some significant changes since that tag, basically updating from rustsecp256k1_v0_10_0_* to rustsecp256k1_v0_11_*.)
There was a problem hiding this comment.
Ideally we'd bump to whatever the latest version is prior to a final release
There was a problem hiding this comment.
The problem we were having with this has apparently been resolved by zcash/zcash-devtool#78, so all good for now.
| @@ -36,6 +39,7 @@ pub struct Global { | |||
| /// - If omitted, the fallback locktime is assumed to be 0. | |||
| pub(crate) fallback_lock_time: Option<u32>, | |||
There was a problem hiding this comment.
Why doesn't this have #[getset(get = "pub")]? Similarly for coin_type, and for some other fields in orchard.rs and sapling.rs.
There was a problem hiding this comment.
I believe that this is intended to be set only by the Constructor role.
| pub(crate) value_sum: (u64, bool), | ||
|
|
||
| /// The Orchard anchor for this transaction. | ||
| /// | ||
| /// Set by the Creator. | ||
| #[getset(get = "pub")] | ||
| pub(crate) anchor: [u8; 32], | ||
|
|
||
| /// The Orchard bundle proof. |
There was a problem hiding this comment.
Should zkproof and bsk have #[getset(get = "pub")]?
There was a problem hiding this comment.
Not until we find a need for those getters in protocol-unaware code (maybe for deriving the Authorizing Data Commitment, but I don't yet see a need to do that for an in-progress transaction).
| @@ -67,6 +70,7 @@ pub struct Action { | |||
| // These are required fields that are part of the final transaction, and are filled in | |||
| // by the Constructor when adding an output. | |||
| // | |||
| #[getset(get = "pub")] | |||
| pub(crate) cv_net: [u8; 32], | |||
| #[getset(get = "pub")] | |||
| pub(crate) spend: Spend, | |||
There was a problem hiding this comment.
Should rcv have #[getset(get = "pub")]?
There was a problem hiding this comment.
It was not necessary on the protocol-agnostic type for the sighash calculation (as it's private data, and useless for checking commitments without protocol awareness).
| @@ -97,6 +101,7 @@ pub struct Spend { | |||
| // | |||
| #[getset(get = "pub")] | |||
| pub(crate) nullifier: [u8; 32], | |||
| #[getset(get = "pub")] | |||
| pub(crate) rk: [u8; 32], | |||
|
|
|||
| /// The spend authorization signature. | |||
There was a problem hiding this comment.
Should some of the fields below have #[getset(get = "pub")]?
| pub(crate) enc_ciphertext: Vec<u8>, | ||
| /// The encrypted note plaintext for the output. | ||
| /// | ||
| /// Encoded as a `Vec<u8>` because its length depends on the transaction version. | ||
| #[getset(get = "pub")] | ||
| pub(crate) out_ciphertext: Vec<u8>, | ||
|
|
||
| /// The [raw encoding] of the Orchard payment address that will receive the output. |
There was a problem hiding this comment.
Should ock and zip32_derivation have #[getset(get = "pub")]?
| pub(crate) value_sum: i128, | ||
|
|
||
| /// The Sapling anchor for this transaction. | ||
| /// | ||
| /// Set by the Creator. | ||
| #[getset(get = "pub")] | ||
| pub(crate) anchor: [u8; 32], | ||
|
|
||
| /// The Sapling binding signature signing key. |
There was a problem hiding this comment.
Should bsk have #[getset(get = "pub")]?
| pub(crate) nullifier: [u8; 32], | ||
| #[getset(get = "pub")] | ||
| pub(crate) rk: [u8; 32], | ||
|
|
||
| /// The Spend proof. |
There was a problem hiding this comment.
Should some of the fields below have #[getset(get = "pub")]?
| @@ -66,6 +67,7 @@ pub struct Input { | |||
| // needed for computing the binding signatures. | |||
| #[getset(get = "pub")] | |||
| pub(crate) value: u64, | |||
| #[getset(get = "pub")] | |||
| pub(crate) script_pubkey: Vec<u8>, | |||
|
|
|||
| /// The script required to spend this output, if it is P2SH. | |||
There was a problem hiding this comment.
Should some of the fields below have #[getset(get = "pub")]?
| pub(crate) value: u64, | ||
| #[getset(get = "pub")] | ||
| pub(crate) script_pubkey: Vec<u8>, | ||
|
|
||
| /// The script required to spend this output, if it is P2SH. |
There was a problem hiding this comment.
Should redeem_script and bip32_derivation have #[getset(get = "pub")]?
There was a problem hiding this comment.
I assume that after these changes, we'll do the rest of the devtools removal (in favor of having this functionality in zcash-devtool?)
There was a problem hiding this comment.
Correct (it should have been done already, but not going to disturb this PR further).
| @@ -36,6 +39,7 @@ pub struct Global { | |||
| /// - If omitted, the fallback locktime is assumed to be 0. | |||
| pub(crate) fallback_lock_time: Option<u32>, | |||
There was a problem hiding this comment.
I believe that this is intended to be set only by the Constructor role.
| ripemd = { version = "0.1", default-features = false } | ||
| secp256k1 = { version = "0.27", default-features = false, features = ["alloc"] } | ||
| secp256k1 = { version = "0.29", default-features = false, features = ["alloc"] } |
There was a problem hiding this comment.
Note to self: secp256k1 and bip32 need to be mentioned in the changelogs. I'll do that in a follow-up PR.
This is a feature branch depended on by the downstream Keystone firmware; do not rebase it.