add support for reading proofs from record program

Author: samkim-crypto

token/program-2022/Cargo.toml

@@ -22,10 +22,11 @@ bytemuck = { version = "1.16.1", features = ["derive"] }
 num-derive = "0.4"
 num-traits = "0.2"
 num_enum = "0.7.2"
-solana-program = "2.0.0"
+solana-program = "2.1.0"
 solana-security-txt = "1.1.1"
-solana-zk-token-sdk = "2.0.0"
+solana-zk-token-sdk = "2.1.0"
 spl-memo = { version = "5.0", path = "../../memo/program", features = [ "no-entrypoint" ] }
+spl-record = { version = "0.2.0", path = "../../record/program", features = [ "no-entrypoint" ]}
 spl-token = { version = "6.0",  path = "../program", features = ["no-entrypoint"] }
 spl-token-group-interface = { version = "0.3.0", path = "../../token-group/interface" }
 spl-token-metadata-interface = { version = "0.4.0", path = "../../token-metadata/interface" }
@@ -41,8 +42,8 @@ base64 = { version = "0.22.1", optional = true }
 lazy_static = "1.5.0"
 proptest = "1.5"
 serial_test = "3.1.1"
-solana-program-test = "2.0.0"
-solana-sdk = "2.0.0"
+solana-program-test = "2.1.0"
+solana-sdk = "2.1.0"
 spl-tlv-account-resolution = { version = "0.7.0", path = "../../libraries/tlv-account-resolution" }
 serde_json = "1.0.120"
 

token/program-2022/src/extension/confidential_transfer/instruction.rs

@@ -13,7 +13,7 @@ use {
         check_program_account,
         extension::confidential_transfer::{ciphertext_extraction::SourceDecryptHandles, *},
         instruction::{encode_instruction, TokenInstruction},
-        proof::ProofLocation,
+        proof::{ProofData, ProofLocation},
     },
     bytemuck::Zeroable, // `Pod` comes from zk_token_proof_instruction
     num_enum::{IntoPrimitive, TryFromPrimitive},
@@ -90,7 +90,9 @@ pub enum ConfidentialTransferInstruction {
     ///      in the same transaction or context state account if
     ///      `VerifyPubkeyValidityProof` is pre-verified into a context state
     ///      account.
-    ///   3. `[signer]` The single source account owner.
+    ///   3. `[]` (Optional) Record account if the accompanying proof is to be
+    ///      read from a record account.
+    ///   4. `[signer]` The single source account owner.
     ///
     ///   * Multisignature owner/delegate
     ///   0. `[writeable]` The SPL Token account.
@@ -99,8 +101,10 @@ pub enum ConfidentialTransferInstruction {
     ///      in the same transaction or context state account if
     ///      `VerifyPubkeyValidityProof` is pre-verified into a context state
     ///      account.
-    ///   3. `[]` The multisig source account owner.
-    ///   4.. `[signer]` Required M signer accounts for the SPL Token Multisig
+    ///   3. `[]` (Optional) Record account if the accompanying proof is to be
+    ///      read from a record account.
+    ///   4. `[]` The multisig source account owner.
+    ///   5.. `[signer]` Required M signer accounts for the SPL Token Multisig
     /// account.
     ///
     /// Data expected by this instruction:
@@ -151,16 +155,20 @@ pub enum ConfidentialTransferInstruction {
     ///      the same transaction or context state account if
     ///      `VerifyZeroBalanceProof` is pre-verified into a context state
     ///      account.
-    ///   2. `[signer]` The single account owner.
+    ///   2. `[]` (Optional) Record account if the accompanying proof is to be
+    ///      read from a record account.
+    ///   3. `[signer]` The single account owner.
     ///
     ///   * Multisignature owner/delegate
     ///   0. `[writable]` The SPL Token account.
     ///   1. `[]` Instructions sysvar if `VerifyZeroBalanceProof` is included in
     ///      the same transaction or context state account if
     ///      `VerifyZeroBalanceProof` is pre-verified into a context state
     ///      account.
-    ///   2. `[]` The multisig account owner.
-    ///   3.. `[signer]` Required M signer accounts for the SPL Token Multisig
+    ///   2. `[]` (Optional) Record account if the accompanying proof is to be
+    ///      read from a record account.
+    ///   3. `[]` The multisig account owner.
+    ///   4.. `[signer]` Required M signer accounts for the SPL Token Multisig
     /// account.
     ///
     /// Data expected by this instruction:
@@ -214,16 +222,20 @@ pub enum ConfidentialTransferInstruction {
     ///   2. `[]` Instructions sysvar if `VerifyWithdraw` is included in the
     ///      same transaction or context state account if `VerifyWithdraw` is
     ///      pre-verified into a context state account.
-    ///   3. `[signer]` The single source account owner.
+    ///   3. `[]` (Optional) Record account if the accompanying proof is to be
+    ///      read from a record account.
+    ///   4. `[signer]` The single source account owner.
     ///
     ///   * Multisignature owner/delegate
     ///   0. `[writable]` The SPL Token account.
     ///   1. `[]` The token mint.
     ///   2. `[]` Instructions sysvar if `VerifyWithdraw` is included in the
     ///      same transaction or context state account if `VerifyWithdraw` is
     ///      pre-verified into a context state account.
-    ///   3. `[]` The multisig  source account owner.
-    ///   4.. `[signer]` Required M signer accounts for the SPL Token Multisig
+    ///   3. `[]` (Optional) Record account if the accompanying proof is to be
+    ///      read from a record account.
+    ///   4. `[]` The multisig  source account owner.
+    ///   5.. `[signer]` Required M signer accounts for the SPL Token Multisig
     /// account.
     ///
     /// Data expected by this instruction:
@@ -248,7 +260,9 @@ pub enum ConfidentialTransferInstruction {
     ///      `VerifyTransferWithFee` is included in the same transaction or
     ///      context state account if these proofs are pre-verified into a
     ///      context state account.
-    ///   5. `[signer]` The single source account owner.
+    ///   5. `[]` (Optional) Record account if the accompanying proof is to be
+    ///      read from a record account.
+    ///   6. `[signer]` The single source account owner.
     ///
     ///   * Multisignature owner/delegate
     ///   1. `[writable]` The source SPL Token account.
@@ -258,8 +272,10 @@ pub enum ConfidentialTransferInstruction {
     ///      `VerifyTransferWithFee` is included in the same transaction or
     ///      context state account if these proofs are pre-verified into a
     ///      context state account.
-    ///   5. `[]` The multisig  source account owner.
-    ///   6.. `[signer]` Required M signer accounts for the SPL Token Multisig
+    ///   5. `[]` (Optional) Record account if the accompanying proof is to be
+    ///      read from a record account.
+    ///   6. `[]` The multisig  source account owner.
+    ///   7.. `[signer]` Required M signer accounts for the SPL Token Multisig
     /// account.
     ///
     /// Data expected by this instruction:
@@ -715,8 +731,11 @@ pub fn inner_configure_account(
     ];
 
     let proof_instruction_offset = match proof_data_location {
-        ProofLocation::InstructionOffset(proof_instruction_offset, _) => {
+        ProofLocation::InstructionOffset(proof_instruction_offset, proof_data) => {
             accounts.push(AccountMeta::new_readonly(sysvar::instructions::id(), false));
+            if let ProofData::RecordAccount(record_address, _) = proof_data {
+                accounts.push(AccountMeta::new_readonly(*record_address, false));
+            }
             proof_instruction_offset.into()
         }
         ProofLocation::ContextStateAccount(context_state_account) => {
@@ -781,8 +800,14 @@ pub fn configure_account(
         if proof_instruction_offset != 1 {
             return Err(TokenError::InvalidProofInstructionOffset.into());
         }
-        instructions.push(verify_pubkey_validity(None, proof_data));
-    };
+        match proof_data {
+            ProofData::ProofData(data) => instructions.push(verify_pubkey_validity(None, data)),
+            ProofData::RecordAccount(address, offset) => instructions.push(
+                ProofInstruction::VerifyPubkeyValidity
+                    .encode_verify_proof_from_account(None, address, offset),
+            ),
+        };
+    }
 
     Ok(instructions)
 }
@@ -827,8 +852,11 @@ pub fn inner_empty_account(
     let mut accounts = vec![AccountMeta::new(*token_account, false)];
 
     let proof_instruction_offset = match proof_data_location {
-        ProofLocation::InstructionOffset(proof_instruction_offset, _) => {
+        ProofLocation::InstructionOffset(proof_instruction_offset, proof_data) => {
             accounts.push(AccountMeta::new_readonly(sysvar::instructions::id(), false));
+            if let ProofData::RecordAccount(record_address, _) = proof_data {
+                accounts.push(AccountMeta::new_readonly(*record_address, false));
+            }
             proof_instruction_offset.into()
         }
         ProofLocation::ContextStateAccount(context_state_account) => {
@@ -884,7 +912,13 @@ pub fn empty_account(
         if proof_instruction_offset != 1 {
             return Err(TokenError::InvalidProofInstructionOffset.into());
         }
-        instructions.push(verify_zero_balance(None, proof_data));
+        match proof_data {
+            ProofData::ProofData(data) => instructions.push(verify_zero_balance(None, data)),
+            ProofData::RecordAccount(address, offset) => instructions.push(
+                ProofInstruction::VerifyZeroBalance
+                    .encode_verify_proof_from_account(None, address, offset),
+            ),
+        };
     };
 
     Ok(instructions)
@@ -946,8 +980,11 @@ pub fn inner_withdraw(
     ];
 
     let proof_instruction_offset = match proof_data_location {
-        ProofLocation::InstructionOffset(proof_instruction_offset, _) => {
+        ProofLocation::InstructionOffset(proof_instruction_offset, proof_data) => {
             accounts.push(AccountMeta::new_readonly(sysvar::instructions::id(), false));
+            if let ProofData::RecordAccount(record_address, _) = proof_data {
+                accounts.push(AccountMeta::new_readonly(*record_address, false));
+            }
             proof_instruction_offset.into()
         }
         ProofLocation::ContextStateAccount(context_state_account) => {
@@ -1015,7 +1052,13 @@ pub fn withdraw(
         if proof_instruction_offset != 1 {
             return Err(TokenError::InvalidProofInstructionOffset.into());
         }
-        instructions.push(verify_withdraw(None, proof_data));
+        match proof_data {
+            ProofData::ProofData(data) => instructions.push(verify_withdraw(None, data)),
+            ProofData::RecordAccount(address, offset) => instructions.push(
+                ProofInstruction::VerifyWithdraw
+                    .encode_verify_proof_from_account(None, address, offset),
+            ),
+        };
     };
 
     Ok(instructions)
@@ -1043,8 +1086,11 @@ pub fn inner_transfer(
     ];
 
     let proof_instruction_offset = match proof_data_location {
-        ProofLocation::InstructionOffset(proof_instruction_offset, _) => {
+        ProofLocation::InstructionOffset(proof_instruction_offset, proof_data) => {
             accounts.push(AccountMeta::new_readonly(sysvar::instructions::id(), false));
+            if let ProofData::RecordAccount(record_address, _) = proof_data {
+                accounts.push(AccountMeta::new_readonly(*record_address, false));
+            }
             proof_instruction_offset.into()
         }
         ProofLocation::ContextStateAccount(context_state_account) => {
@@ -1108,7 +1154,13 @@ pub fn transfer(
         if proof_instruction_offset != 1 {
             return Err(TokenError::InvalidProofInstructionOffset.into());
         }
-        instructions.push(verify_transfer(None, proof_data));
+        match proof_data {
+            ProofData::ProofData(data) => instructions.push(verify_transfer(None, data)),
+            ProofData::RecordAccount(address, offset) => instructions.push(
+                ProofInstruction::VerifyTransfer
+                    .encode_verify_proof_from_account(None, address, offset),
+            ),
+        };
     };
 
     Ok(instructions)
@@ -1136,8 +1188,11 @@ pub fn inner_transfer_with_fee(
     ];
 
     let proof_instruction_offset = match proof_data_location {
-        ProofLocation::InstructionOffset(proof_instruction_offset, _) => {
+        ProofLocation::InstructionOffset(proof_instruction_offset, proof_data) => {
             accounts.push(AccountMeta::new_readonly(sysvar::instructions::id(), false));
+            if let ProofData::RecordAccount(record_address, _) = proof_data {
+                accounts.push(AccountMeta::new_readonly(*record_address, false));
+            }
             proof_instruction_offset.into()
         }
         ProofLocation::ContextStateAccount(context_state_account) => {
@@ -1201,7 +1256,13 @@ pub fn transfer_with_fee(
         if proof_instruction_offset != 1 {
             return Err(TokenError::InvalidProofInstructionOffset.into());
         }
-        instructions.push(verify_transfer_with_fee(None, proof_data));
+        match proof_data {
+            ProofData::ProofData(data) => instructions.push(verify_transfer_with_fee(None, data)),
+            ProofData::RecordAccount(address, offset) => instructions.push(
+                ProofInstruction::VerifyTransferWithFee
+                    .encode_verify_proof_from_account(None, address, offset),
+            ),
+        };
     };
 
     Ok(instructions)

token/program-2022/src/extension/confidential_transfer/verify_proof.rs

@@ -43,11 +43,13 @@ pub fn verify_configure_account_proof(
         let sysvar_account_info = next_account_info(account_info_iter)?;
         let zkp_instruction =
             get_instruction_relative(proof_instruction_offset, sysvar_account_info)?;
-        Ok(*decode_proof_instruction_context::<
+        Ok(decode_proof_instruction_context::<
             PubkeyValidityData,
             PubkeyValidityProofContext,
         >(
-            ProofInstruction::VerifyPubkeyValidity, &zkp_instruction
+            account_info_iter,
+            ProofInstruction::VerifyPubkeyValidity,
+            &zkp_instruction,
         )?)
     }
 }
@@ -77,11 +79,13 @@ pub fn verify_empty_account_proof(
         let sysvar_account_info = next_account_info(account_info_iter)?;
         let zkp_instruction =
             get_instruction_relative(proof_instruction_offset, sysvar_account_info)?;
-        Ok(*decode_proof_instruction_context::<
+        Ok(decode_proof_instruction_context::<
             ZeroBalanceProofData,
             ZeroBalanceProofContext,
         >(
-            ProofInstruction::VerifyZeroBalance, &zkp_instruction
+            account_info_iter,
+            ProofInstruction::VerifyZeroBalance,
+            &zkp_instruction,
         )?)
     }
 }
@@ -110,11 +114,13 @@ pub fn verify_withdraw_proof(
         let sysvar_account_info = next_account_info(account_info_iter)?;
         let zkp_instruction =
             get_instruction_relative(proof_instruction_offset, sysvar_account_info)?;
-        Ok(*decode_proof_instruction_context::<
+        Ok(decode_proof_instruction_context::<
             WithdrawData,
             WithdrawProofContext,
         >(
-            ProofInstruction::VerifyWithdraw, &zkp_instruction
+            account_info_iter,
+            ProofInstruction::VerifyWithdraw,
+            &zkp_instruction,
         )?)
     }
 }
@@ -259,11 +265,13 @@ pub fn verify_transfer_proof(
         let sysvar_account_info = next_account_info(account_info_iter)?;
         let zkp_instruction =
             get_instruction_relative(proof_instruction_offset, sysvar_account_info)?;
-        let proof_context = (*decode_proof_instruction_context::<
-            TransferData,
-            TransferProofContext,
-        >(ProofInstruction::VerifyTransfer, &zkp_instruction)?)
-        .into();
+        let proof_context =
+            (decode_proof_instruction_context::<TransferData, TransferProofContext>(
+                account_info_iter,
+                ProofInstruction::VerifyTransfer,
+                &zkp_instruction,
+            )?)
+            .into();
 
         Ok(Some(proof_context))
     }
@@ -490,10 +498,12 @@ pub fn verify_transfer_with_fee_proof(
         let sysvar_account_info = next_account_info(account_info_iter)?;
         let zkp_instruction =
             get_instruction_relative(proof_instruction_offset, sysvar_account_info)?;
-        let proof_context = decode_proof_instruction_context::<
-            TransferWithFeeData,
-            TransferWithFeeProofContext,
-        >(ProofInstruction::VerifyTransferWithFee, &zkp_instruction)?;
+        let proof_context =
+            decode_proof_instruction_context::<TransferWithFeeData, TransferWithFeeProofContext>(
+                account_info_iter,
+                ProofInstruction::VerifyTransferWithFee,
+                &zkp_instruction,
+            )?;
 
         let proof_tranfer_fee_basis_points: u16 =
             proof_context.fee_parameters.fee_rate_basis_points.into();
@@ -509,7 +519,7 @@ pub fn verify_transfer_with_fee_proof(
             return Err(TokenError::FeeParametersMismatch.into());
         }
 
-        Ok(Some((*proof_context).into()))
+        Ok(Some(proof_context.into()))
     }
 }