Add Orchard versioned signatures and add ALGORITHM_BYTE to ik and IssueAuthSig

Cargo.toml

@@ -221,4 +221,5 @@ unexpected_cfgs = { level = "warn", check-cfg = [
 [patch.crates-io]
 zcash_note_encryption = { version = "0.4.1", git = "https://github.com/zcash/zcash_note_encryption", rev = "668ea44cf59a226715a5f3cb1bf88710a8c188a3" }
 sapling = { package = "sapling-crypto", version = "0.5", git = "https://github.com/QED-it/sapling-crypto", rev = "b0d2e4c1139f23fb7e9e410f2e5d986d5662ee03" }
-orchard = { version = "0.11.0", git = "https://github.com/QED-it/orchard", rev = "0982ff66e15e3e1e0566e4c9cd688d9d0e5d4f81" }
+orchard = { git = "https://github.com/QED-it/orchard", rev = "cc68804fe01fdfa090b5f92b82469da117036e90" }
+zcash_spec = { git = "https://github.com/QED-it/zcash_spec", rev = "842d697048a8960348adcde704c24438fc5b4544" }

pczt/src/common.rs

@@ -6,6 +6,7 @@ use alloc::vec::Vec;
 
 use getset::Getters;
 use serde::{Deserialize, Serialize};
+use serde_with::serde_as;
 
 use crate::roles::combiner::merge_map;
 
@@ -205,6 +206,18 @@ pub(crate) struct Zip32Derivation {
     pub(crate) derivation_path: Vec<u32>,
 }
 
+/// A versioned Orchard SpendAuth signature.
+///
+/// A easily serializable structure representing the serializable version of
+/// `orchard::builder::VerSpendAuthSig` struct.
+#[serde_as]
+#[derive(Clone, Debug, PartialEq, Serialize, Deserialize)]
+pub(crate) struct VerSpendAuthSig {
+    pub(crate) sighash_info: Vec<u8>,
+    #[serde_as(as = "[_; 64]")]
+    pub(crate) signature: [u8; 64],
+}
+
 /// Determines the lock time for the transaction.
 ///
 /// Implemented following the specification in [BIP 370], with the rationale that this

pczt/src/orchard.rs

@@ -13,7 +13,7 @@ use serde::{Deserialize, Serialize};
 use serde_with::serde_as;
 
 use crate::{
-    common::{Global, Zip32Derivation},
+    common::{Global, VerSpendAuthSig, Zip32Derivation},
     roles::combiner::{merge_map, merge_optional},
 };
 
@@ -116,8 +116,7 @@ pub struct Spend {
     /// The spend authorization signature.
     ///
     /// This is set by the Signer.
-    #[serde_as(as = "Option<[_; 64]>")]
-    pub(crate) spend_auth_sig: Option<[u8; 64]>,
+    pub(crate) spend_auth_sig: Option<VerSpendAuthSig>,
 
     /// The [raw encoding] of the Orchard payment address that received the note being spent.
     ///
@@ -448,7 +447,13 @@ impl Bundle {
                 let spend = orchard::pczt::Spend::parse(
                     action.spend.nullifier,
                     action.spend.rk,
-                    action.spend.spend_auth_sig,
+                    action
+                        .spend
+                        .spend_auth_sig
+                        .map(|z| {
+                            orchard::pczt::parse_ver_spend_auth_sig(z.sighash_info, z.signature)
+                        })
+                        .transpose()?,
                     action.spend.recipient,
                     action.spend.value,
                     action.spend.asset,
@@ -526,7 +531,10 @@ impl Bundle {
                     spend: Spend {
                         nullifier: spend.nullifier().to_bytes(),
                         rk: spend.rk().into(),
-                        spend_auth_sig: spend.spend_auth_sig().as_ref().map(|s| s.into()),
+                        spend_auth_sig: spend.spend_auth_sig().as_ref().map(|s| VerSpendAuthSig {
+                            sighash_info: s.version().to_bytes().to_vec(),
+                            signature: s.sig().into(),
+                        }),
                         recipient: action
                             .spend()
                             .recipient()

pczt/tests/end_to_end.rs

@@ -35,7 +35,7 @@ use nonempty::NonEmpty;
 #[cfg(zcash_unstable = "nu7")]
 use orchard::{
     issuance::compute_asset_desc_hash,
-    keys::{IssuanceAuthorizingKey, IssuanceValidatingKey},
+    issuance_auth::{IssueAuthKey, IssueValidatingKey, ZSASchnorr},
     note::{RandomSeed, Rho},
     orchard_flavor::OrchardZSA,
     value::NoteValue,
@@ -45,6 +45,7 @@ use orchard::{
 use zcash_protocol::consensus::Network::RegtestNetwork;
 
 static ORCHARD_PROVING_KEY: OnceLock<orchard::circuit::ProvingKey> = OnceLock::new();
+#[cfg(zcash_unstable = "nu7")]
 static ORCHARD_ZSA_PROVING_KEY: OnceLock<orchard::circuit::ProvingKey> = OnceLock::new();
 
 fn orchard_proving_key() -> &'static orchard::circuit::ProvingKey {
@@ -495,8 +496,8 @@ fn zsa_to_zsa() {
         note
     };
 
-    let isk = IssuanceAuthorizingKey::from_bytes([1; 32]).unwrap();
-    let ik = IssuanceValidatingKey::from(&isk);
+    let isk = IssueAuthKey::<ZSASchnorr>::from_bytes(&[1; 32]).unwrap();
+    let ik = IssueValidatingKey::from(&isk);
     let value = orchard::value::NoteValue::from_raw(1_000_000);
     let asset = AssetBase::derive(
         &ik,

zcash_client_backend/src/data_api/wallet.rs

@@ -94,7 +94,7 @@ use {
     crate::data_api::error::PcztError,
     ::transparent::pczt::Bip32Derivation,
     bip32::ChildNumber,
-    orchard::domain::OrchardDomain,
+    orchard::primitives::OrchardDomain,
     pczt::roles::{
         creator::Creator, io_finalizer::IoFinalizer, spend_finalizer::SpendFinalizer,
         tx_extractor::TransactionExtractor, updater::Updater,

zcash_primitives/src/transaction/builder.rs

@@ -68,7 +68,7 @@ use orchard::{
     bundle::Authorization,
     issuance,
     issuance::{IssueBundle, IssueInfo},
-    keys::{IssuanceAuthorizingKey, IssuanceValidatingKey},
+    issuance_auth::{IssueAuthKey, IssueValidatingKey, ZSASchnorr},
     note::Nullifier,
     orchard_flavor::OrchardZSA,
 };
@@ -380,7 +380,7 @@ pub struct Builder<'a, P, U: sapling::builder::ProverProgress> {
     #[cfg(zcash_unstable = "nu7")]
     issuance_builder: Option<IssueBundle<issuance::AwaitingNullifier>>,
     #[cfg(zcash_unstable = "nu7")]
-    issuance_isk: Option<orchard::keys::IssuanceAuthorizingKey>,
+    issuance_isk: Option<orchard::issuance_auth::IssueAuthKey<ZSASchnorr>>,
     #[cfg(zcash_unstable = "zfuture")]
     tze_builder: TzeBuilder<'a, TransactionData<Unauthorized>>,
     #[cfg(not(zcash_unstable = "zfuture"))]
@@ -508,7 +508,7 @@ impl<'a, P: consensus::Parameters> Builder<'a, P, ()> {
     #[cfg(zcash_unstable = "nu7")]
     pub fn init_issuance_bundle<FE>(
         &mut self,
-        ik: IssuanceAuthorizingKey,
+        ik: IssueAuthKey<ZSASchnorr>,
         asset_desc_hash: [u8; 32],
         issue_info: Option<IssueInfo>,
         first_issuance: bool,
@@ -522,7 +522,7 @@ impl<'a, P: consensus::Parameters> Builder<'a, P, ()> {
         }
 
         let (bundle, _) = IssueBundle::new(
-            IssuanceValidatingKey::from(&ik),
+            IssueValidatingKey::<ZSASchnorr>::from(&ik),
             asset_desc_hash,
             issue_info,
             first_issuance,

zcash_primitives/src/transaction/components/issuance.rs

@@ -1,12 +1,13 @@
 use crate::encoding::{ReadBytesExt, WriteBytesExt};
 use core2::io::{self, Error, ErrorKind, Read, Write};
 use nonempty::NonEmpty;
-use orchard::issuance::{IssueAction, IssueAuth, IssueBundle, Signed};
-use orchard::keys::IssuanceValidatingKey;
+use orchard::issuance::{IssueAction, IssueAuth, IssueBundle, Signed, VerBIP340IssueAuthSig};
+use orchard::issuance_auth::{IssueAuthSig, IssueValidatingKey, ZSASchnorr};
 use orchard::note::{AssetBase, RandomSeed, Rho};
 use orchard::value::NoteValue;
 use orchard::{Address, Note};
 use zcash_encoding::{CompactSize, Vector};
+use zcash_spec::sighash_versioning::SighashVersion;
 
 /// Reads an [`orchard::Bundle`] from a v6 transaction format.
 pub fn read_v6_bundle<R: Read>(mut reader: R) -> io::Result<Option<IssueBundle<Signed>>> {
@@ -26,24 +27,30 @@ pub fn read_v6_bundle<R: Read>(mut reader: R) -> io::Result<Option<IssueBundle<S
     }
 }
 
-fn read_ik<R: Read>(mut reader: R) -> io::Result<IssuanceValidatingKey> {
-    let mut bytes = [0u8; 32];
-    reader.read_exact(&mut bytes)?;
-    IssuanceValidatingKey::from_bytes(&bytes).ok_or(Error::new(
-        ErrorKind::InvalidData,
-        "Invalid Pallas point for IssuanceValidatingKey",
-    ))
+fn read_ik<R: Read>(mut reader: R) -> io::Result<IssueValidatingKey<ZSASchnorr>> {
+    let ik_bytes = Vector::read(&mut reader, |r| r.read_u8())?;
+    IssueValidatingKey::decode(&ik_bytes).map_err(|_| {
+        Error::new(
+            ErrorKind::InvalidData,
+            "Invalid IssueValidatingKey encoding",
+        )
+    })
 }
 
 fn read_authorization<R: Read>(mut reader: R) -> io::Result<Signed> {
-    let mut bytes = [0u8; 64];
-    reader.read_exact(&mut bytes).map_err(|_| {
+    let sighash_info_bytes = Vector::read(&mut reader, |r| r.read_u8())?;
+    let sighash_info = SighashVersion::from_bytes(&sighash_info_bytes).ok_or(Error::new(
+        ErrorKind::InvalidData,
+        "Invalid SighashInfo encoding",
+    ))?;
+    let sig_bytes = Vector::read(&mut reader, |r| r.read_u8())?;
+    let sig = IssueAuthSig::decode(&sig_bytes).map_err(|_| {
         Error::new(
             ErrorKind::InvalidData,
             "Invalid signature for IssuanceAuthorization",
         )
     })?;
-    Ok(Signed::from_data(bytes))
+    Ok(Signed::new(VerBIP340IssueAuthSig::new(sighash_info, sig)))
 }
 
 fn read_action<R: Read>(mut reader: R) -> io::Result<IssueAction> {
@@ -125,8 +132,17 @@ pub fn write_v6_bundle<W: Write>(
 ) -> io::Result<()> {
     if let Some(bundle) = bundle {
         Vector::write_nonempty(&mut writer, bundle.actions(), write_action)?;
-        writer.write_all(&bundle.ik().to_bytes())?;
-        writer.write_all(&<[u8; 64]>::from(bundle.authorization().signature()))?;
+        Vector::write(&mut writer, &bundle.ik().encode(), |w, b| w.write_u8(*b))?;
+        Vector::write(
+            &mut writer,
+            &bundle.authorization().signature().version().to_bytes(),
+            |w, b| w.write_u8(*b),
+        )?;
+        Vector::write(
+            &mut writer,
+            &bundle.authorization().signature().sig().encode(),
+            |w, b| w.write_u8(*b),
+        )?;
     } else {
         CompactSize::write(&mut writer, 0)?;
     }