github.com/SmartMeshFoundation/Spectrum@v0.0.0-20220621030607-452a266fee1e/trie/secure_trie.go (about) 1 // Copyright 2015 The Spectrum Authors 2 // This file is part of the Spectrum library. 3 // 4 // The Spectrum library is free software: you can redistribute it and/or modify 5 // it under the terms of the GNU Lesser General Public License as published by 6 // the Free Software Foundation, either version 3 of the License, or 7 // (at your option) any later version. 8 // 9 // The Spectrum library is distributed in the hope that it will be useful, 10 // but WITHOUT ANY WARRANTY; without even the implied warranty of 11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 // GNU Lesser General Public License for more details. 13 // 14 // You should have received a copy of the GNU Lesser General Public License 15 // along with the Spectrum library. If not, see <http://www.gnu.org/licenses/>. 16 17 package trie 18 19 import ( 20 "fmt" 21 22 "github.com/SmartMeshFoundation/Spectrum/common" 23 "github.com/SmartMeshFoundation/Spectrum/log" 24 ) 25 26 var secureKeyPrefix = []byte("secure-key-") 27 28 const secureKeyLength = 11 + 32 // Length of the above prefix + 32byte hash 29 30 // SecureTrie wraps a trie with key hashing. In a secure trie, all 31 // access operations hash the key using keccak256. This prevents 32 // calling code from creating long chains of nodes that 33 // increase the access time. 34 // 35 // Contrary to a regular trie, a SecureTrie can only be created with 36 // New and must have an attached database. The database also stores 37 // the preimage of each key. 38 // 39 // SecureTrie is not safe for concurrent use. 40 type SecureTrie struct { 41 trie Trie 42 hashKeyBuf [secureKeyLength]byte 43 secKeyBuf [200]byte 44 secKeyCache map[string][]byte 45 secKeyCacheOwner *SecureTrie // Pointer to self, replace the key cache on mismatch 46 } 47 48 // NewSecure creates a trie with an existing root node from db. 49 // 50 // If root is the zero hash or the sha3 hash of an empty string, the 51 // trie is initially empty. Otherwise, New will panic if db is nil 52 // and returns MissingNodeError if the root node cannot be found. 53 // 54 // Accessing the trie loads nodes from db on demand. 55 // Loaded nodes are kept around until their 'cache generation' expires. 56 // A new cache generation is created by each call to Commit. 57 // cachelimit sets the number of past cache generations to keep. 58 func NewSecure(root common.Hash, db Database, cachelimit uint16) (*SecureTrie, error) { 59 if db == nil { 60 panic("NewSecure called with nil database") 61 } 62 trie, err := New(root, db) 63 if err != nil { 64 return nil, err 65 } 66 trie.SetCacheLimit(cachelimit) 67 return &SecureTrie{trie: *trie}, nil 68 } 69 70 // Get returns the value for key stored in the trie. 71 // The value bytes must not be modified by the caller. 72 func (t *SecureTrie) Get(key []byte) []byte { 73 res, err := t.TryGet(key) 74 if err != nil { 75 log.Error(fmt.Sprintf("Unhandled trie error: %v", err)) 76 } 77 return res 78 } 79 80 // TryGet returns the value for key stored in the trie. 81 // The value bytes must not be modified by the caller. 82 // If a node was not found in the database, a MissingNodeError is returned. 83 func (t *SecureTrie) TryGet(key []byte) ([]byte, error) { 84 return t.trie.TryGet(t.hashKey(key)) 85 } 86 87 // Update associates key with value in the trie. Subsequent calls to 88 // Get will return value. If value has length zero, any existing value 89 // is deleted from the trie and calls to Get will return nil. 90 // 91 // The value bytes must not be modified by the caller while they are 92 // stored in the trie. 93 func (t *SecureTrie) Update(key, value []byte) { 94 if err := t.TryUpdate(key, value); err != nil { 95 log.Error(fmt.Sprintf("Unhandled trie error: %v", err)) 96 } 97 } 98 99 // TryUpdate associates key with value in the trie. Subsequent calls to 100 // Get will return value. If value has length zero, any existing value 101 // is deleted from the trie and calls to Get will return nil. 102 // 103 // The value bytes must not be modified by the caller while they are 104 // stored in the trie. 105 // 106 // If a node was not found in the database, a MissingNodeError is returned. 107 func (t *SecureTrie) TryUpdate(key, value []byte) error { 108 hk := t.hashKey(key) 109 err := t.trie.TryUpdate(hk, value) 110 if err != nil { 111 return err 112 } 113 t.getSecKeyCache()[string(hk)] = common.CopyBytes(key) 114 return nil 115 } 116 117 // Delete removes any existing value for key from the trie. 118 func (t *SecureTrie) Delete(key []byte) { 119 if err := t.TryDelete(key); err != nil { 120 log.Error(fmt.Sprintf("Unhandled trie error: %v", err)) 121 } 122 } 123 124 // TryDelete removes any existing value for key from the trie. 125 // If a node was not found in the database, a MissingNodeError is returned. 126 func (t *SecureTrie) TryDelete(key []byte) error { 127 hk := t.hashKey(key) 128 delete(t.getSecKeyCache(), string(hk)) 129 return t.trie.TryDelete(hk) 130 } 131 132 // GetKey returns the sha3 preimage of a hashed key that was 133 // previously used to store a value. 134 func (t *SecureTrie) GetKey(shaKey []byte) []byte { 135 if key, ok := t.getSecKeyCache()[string(shaKey)]; ok { 136 return key 137 } 138 key, _ := t.trie.db.Get(t.secKey(shaKey)) 139 return key 140 } 141 142 // Commit writes all nodes and the secure hash pre-images to the trie's database. 143 // Nodes are stored with their sha3 hash as the key. 144 // 145 // Committing flushes nodes from memory. Subsequent Get calls will load nodes 146 // from the database. 147 func (t *SecureTrie) Commit() (root common.Hash, err error) { 148 return t.CommitTo(t.trie.db) 149 } 150 151 func (t *SecureTrie) Hash() common.Hash { 152 return t.trie.Hash() 153 } 154 155 func (t *SecureTrie) Root() []byte { 156 return t.trie.Root() 157 } 158 159 func (t *SecureTrie) Copy() *SecureTrie { 160 cpy := *t 161 return &cpy 162 } 163 164 // NodeIterator returns an iterator that returns nodes of the underlying trie. Iteration 165 // starts at the key after the given start key. 166 func (t *SecureTrie) NodeIterator(start []byte) NodeIterator { 167 return t.trie.NodeIterator(start) 168 } 169 170 // CommitTo writes all nodes and the secure hash pre-images to the given database. 171 // Nodes are stored with their sha3 hash as the key. 172 // 173 // Committing flushes nodes from memory. Subsequent Get calls will load nodes from 174 // the trie's database. Calling code must ensure that the changes made to db are 175 // written back to the trie's attached database before using the trie. 176 func (t *SecureTrie) CommitTo(db DatabaseWriter) (root common.Hash, err error) { 177 if len(t.getSecKeyCache()) > 0 { 178 for hk, key := range t.secKeyCache { 179 if err := db.Put(t.secKey([]byte(hk)), key); err != nil { 180 return common.Hash{}, err 181 } 182 } 183 t.secKeyCache = make(map[string][]byte) 184 } 185 return t.trie.CommitTo(db) 186 } 187 188 // secKey returns the database key for the preimage of key, as an ephemeral buffer. 189 // The caller must not hold onto the return value because it will become 190 // invalid on the next call to hashKey or secKey. 191 func (t *SecureTrie) secKey(key []byte) []byte { 192 buf := append(t.secKeyBuf[:0], secureKeyPrefix...) 193 buf = append(buf, key...) 194 return buf 195 } 196 197 // hashKey returns the hash of key as an ephemeral buffer. 198 // The caller must not hold onto the return value because it will become 199 // invalid on the next call to hashKey or secKey. 200 func (t *SecureTrie) hashKey(key []byte) []byte { 201 h := newHasher(0, 0) 202 calculator := h.newCalculator() 203 calculator.sha.Write(key) 204 buf := calculator.sha.Sum(t.hashKeyBuf[:0]) 205 h.returnCalculator(calculator) 206 return buf 207 } 208 209 // getSecKeyCache returns the current secure key cache, creating a new one if 210 // ownership changed (i.e. the current secure trie is a copy of another owning 211 // the actual cache). 212 func (t *SecureTrie) getSecKeyCache() map[string][]byte { 213 if t != t.secKeyCacheOwner { 214 t.secKeyCacheOwner = t 215 t.secKeyCache = make(map[string][]byte) 216 } 217 return t.secKeyCache 218 }