github.com/keybase/client/go@v0.0.0-20241007131713-f10651d043c8/merkletree2/tree.go (about) 1 package merkletree2 2 3 import ( 4 "bytes" 5 "fmt" 6 "sort" 7 "sync" 8 9 "github.com/keybase/client/go/logger" 10 "github.com/keybase/go-codec/codec" 11 ) 12 13 // Tree is the MerkleTree class; it needs an engine and a configuration 14 // to run 15 type Tree struct { 16 sync.RWMutex 17 18 cfg Config 19 eng StorageEngine 20 21 newRootVersion RootVersion 22 23 // step is an optimization parameter for GetKeyValuePairWithProof that 24 // controls how many path positions at a time the tree requests from the 25 // storage engine. Lower values result in more storage engine requests, but 26 // less of the (somewhat expensive) bit fiddling operations. Values higher 27 // than 63 are not recommended as the bit operations (in the best case) 28 // cannot be done using a single 64 bit word and become more expensive. This 29 // is unnecessary if the tree has random keys (as such a tree should be 30 // approximately balanced and have short-ish paths). 31 step int 32 33 // these two fields are used as buffers during tree building to avoid making 34 // many short lived memory allocations 35 bufKss KeySpecificSecret 36 bufLeaf Node 37 } 38 39 // NewTree makes a new tree 40 func NewTree(c Config, step int, e StorageEngine, v RootVersion) (*Tree, error) { 41 if c.UseBlindedValueHashes { 42 _, ok := e.(StorageEngineWithBlinding) 43 if !ok { 44 return nil, fmt.Errorf("The config requires a StorageEngineWithBlinding implementation as a StorageEngine") 45 } 46 } 47 if step < 1 { 48 return nil, fmt.Errorf("step must be a positive integer") 49 } 50 51 return &Tree{cfg: c, eng: e, step: step, newRootVersion: v}, nil 52 } 53 54 // Hash is a byte-array, used to represent a full collision-resistant hash. 55 type Hash []byte 56 57 // Equal compares two hashes byte by byte 58 func (h Hash) Equal(h2 Hash) bool { 59 return bytes.Equal(h, h2) 60 } 61 62 // Key is a byte-array, and it is the type of the keys in the KeyValuePairs that 63 // the tree can store. 64 type Key []byte 65 66 // Equal compares two keys byte by byte 67 func (k Key) Equal(k2 Key) bool { 68 return bytes.Equal(k, k2) 69 } 70 71 // Cmp compares two keys lexicographically as byte slices 72 func (k Key) Cmp(k2 Key) int { 73 return bytes.Compare(k, k2) 74 } 75 76 // Seqno is an integer used to differentiate different versions of a merkle tree. 77 type Seqno int64 78 79 type SeqnoSortedAsInt []Seqno 80 81 func (d SeqnoSortedAsInt) Len() int { 82 return len(d) 83 } 84 85 func (d SeqnoSortedAsInt) Swap(i, j int) { 86 d[i], d[j] = d[j], d[i] 87 } 88 89 func (d SeqnoSortedAsInt) Less(i, j int) bool { 90 return d[i] < d[j] 91 } 92 93 // ChildIndex specifies one of an iNode's child nodes. 94 type ChildIndex int 95 96 // KeyValuePair is something the merkle tree can store. The key can be something 97 // like a UID or a TLF ID. The Value is a generic interface, so you can store 98 // anything there, as long as it obeys Msgpack-decoding behavior. The Value must 99 // be of the same type returned by ValueConstructor in the TreeConfig, otherwise 100 // the behavior is undefined. 101 type KeyValuePair struct { 102 _struct struct{} `codec:",toarray"` //nolint 103 Key Key `codec:"k"` 104 Value interface{} `codec:"v"` 105 } 106 107 type EncodedValue []byte 108 109 func (e EncodedValue) Equal(e2 EncodedValue) bool { 110 return bytes.Equal(e, e2) 111 } 112 113 // KeyEncodedValuePair is similar to a KeyValuePair, but the values is encoded 114 // as a byte slice. 115 type KeyEncodedValuePair struct { 116 _struct struct{} `codec:",toarray"` //nolint 117 Key Key `codec:"k"` 118 Value EncodedValue `codec:"v"` 119 } 120 121 type KeyHashPair struct { 122 _struct struct{} `codec:",toarray"` //nolint 123 Key Key `codec:"k"` 124 Hash Hash `codec:"h"` 125 } 126 127 // NodeType is used to distinguish serialized internal nodes from leaves in the tree 128 type NodeType uint8 129 130 const ( 131 NodeTypeNone NodeType = 0 132 NodeTypeINode NodeType = 1 133 NodeTypeLeaf NodeType = 2 134 ) 135 136 // A Node is either an internal node or a leaf: INodes and LeafHashes cannot 137 // both have length > 0 (else msgpack encoding will fail). 138 type Node struct { 139 INodes []Hash 140 LeafHashes []KeyHashPair 141 } 142 143 var _ codec.Selfer = &Node{} 144 145 func (n *Node) CodecEncodeSelf(e *codec.Encoder) { 146 if n.INodes != nil && n.LeafHashes != nil && len(n.INodes) > 0 && len(n.LeafHashes) > 0 { 147 panic("Cannot Encode a node with both Inodes and LeafHashes") 148 } 149 150 if n.INodes != nil && len(n.INodes) > 0 { 151 e.MustEncode(NodeTypeINode) 152 e.MustEncode(n.INodes) 153 return 154 } 155 156 // Note: we encode empty nodes (with empty or nil LeafHashes) as leaf nodes. 157 // This is so we can represent a tree with no values as a single (empty) 158 // leaf node. 159 e.MustEncode(NodeTypeLeaf) 160 // encode empty slices and nil slices equally 161 if len(n.LeafHashes) == 0 { 162 e.MustEncode([]KeyHashPair(nil)) 163 } else { 164 e.MustEncode(n.LeafHashes) 165 } 166 } 167 168 func (n *Node) CodecDecodeSelf(d *codec.Decoder) { 169 var nodeType NodeType 170 d.MustDecode(&nodeType) 171 switch nodeType { 172 case NodeTypeINode: 173 d.MustDecode(&n.INodes) 174 case NodeTypeLeaf: 175 d.MustDecode(&n.LeafHashes) 176 default: 177 panic("Unrecognized NodeType") 178 } 179 } 180 181 type PositionHashPair struct { 182 _struct struct{} `codec:",toarray"` //nolint 183 Position Position `codec:"p"` 184 Hash Hash `codec:"h"` 185 } 186 187 type RootVersion uint8 188 189 const ( 190 RootVersionV1 RootVersion = 1 191 CurrentRootVersion RootVersion = RootVersionV1 192 ) 193 194 type RootMetadata struct { 195 _struct struct{} `codec:",toarray"` //nolint 196 RootVersion RootVersion 197 EncodingType EncodingType 198 Seqno Seqno 199 BareRootHash Hash 200 SkipPointersHash Hash 201 202 // AddOnsHash is the (currently empty) hash of a (not yet defined) data 203 // structure which will contain a map[string]Hash (or even 204 // map[string]interface{}) which can contain arbitrary values. This AddOn 205 // struct is not used in verifying proofs, and new elements can be added to 206 // this map without bumping the RootVersion. Clients are expected to ignore 207 // fields in this map which they do not understand. 208 AddOnsHash Hash 209 } 210 211 func (t *Tree) makeNextRootMetadata(ctx logger.ContextInterface, tr Transaction, curr *RootMetadata, newRootHash Hash, addOnsHash Hash) (RootMetadata, error) { 212 root := RootMetadata{ 213 RootVersion: t.newRootVersion, 214 EncodingType: t.cfg.Encoder.GetEncodingType(), 215 BareRootHash: newRootHash, 216 AddOnsHash: addOnsHash, 217 } 218 219 // If there is no previous root, we do not need to include any skips, so 220 // return early. 221 if curr == nil || curr.Seqno == 0 { 222 root.Seqno = 1 223 return root, nil 224 } 225 226 newSeqno := curr.Seqno + 1 227 skipSeqnos := SkipPointersForSeqno(newSeqno) 228 229 skips, err := t.eng.LookupRootHashes(ctx, tr, skipSeqnos) 230 if err != nil { 231 return RootMetadata{}, fmt.Errorf("makeNextRootMetadata: error retrieving previous hashes %+v: %v", skipSeqnos, err) 232 } 233 234 _, skipsHash, err := t.cfg.Encoder.EncodeAndHashGeneric(skips) 235 if err != nil { 236 return RootMetadata{}, fmt.Errorf("makeNextRootMetadata: error encoding %+v, err: %v", skips, err) 237 } 238 239 root.Seqno = curr.Seqno + 1 240 root.SkipPointersHash = skipsHash 241 242 return root, nil 243 } 244 245 func (t *Tree) GenerateAndStoreMasterSecret( 246 ctx logger.ContextInterface, tr Transaction, s Seqno) (ms MasterSecret, err error) { 247 ms, err = t.cfg.Encoder.GenerateMasterSecret(s) 248 if err != nil { 249 return nil, err 250 } 251 err = t.eng.(StorageEngineWithBlinding).StoreMasterSecret(ctx, tr, s, ms) 252 if err != nil { 253 return nil, err 254 } 255 return ms, nil 256 } 257 258 func (t *Tree) encodeKVPairs(sortedKVPairs []KeyValuePair) (kevPairs []KeyEncodedValuePair, err error) { 259 kevPairs = make([]KeyEncodedValuePair, len(sortedKVPairs)) 260 for i, kvp := range sortedKVPairs { 261 v, err := t.cfg.Encoder.Encode(kvp.Value) 262 if err != nil { 263 return nil, err 264 } 265 kevPairs[i].Key = kvp.Key 266 kevPairs[i].Value = EncodedValue(v) 267 } 268 return kevPairs, nil 269 } 270 271 // Build builds a new tree version, taking a batch input. The 272 // sortedKeyValuePairs must be sorted (lexicographically) by Key. 273 // 274 // NOTE: The input to this function should contain at least all the keys which 275 // were inserted in previous versions of the tree, and each key should only 276 // appear once, otherwise this procedure will put the tree into an inconsistent 277 // state. This function does not check the condition is true for efficiency 278 // reasons. 279 func (t *Tree) Build( 280 ctx logger.ContextInterface, tr Transaction, sortedKVPairs []KeyValuePair, addOnsHash Hash) (s Seqno, rootHash Hash, err error) { 281 t.Lock() 282 defer t.Unlock() 283 284 latestSeqNo, rootMetadata, err := t.eng.LookupLatestRoot(ctx, tr) 285 switch err.(type) { 286 case nil: 287 case NoLatestRootFoundError: 288 ctx.Debug("No root found. Starting a new merkle tree.") 289 latestSeqNo = 0 290 rootMetadata = RootMetadata{} 291 default: 292 return 0, nil, err 293 } 294 295 newSeqno := latestSeqNo + 1 296 297 sortedKEVPairs, err := t.encodeKVPairs(sortedKVPairs) 298 if err != nil { 299 return 0, nil, err 300 } 301 302 if len(sortedKEVPairs) > 0 { 303 if err = t.eng.StoreKEVPairs(ctx, tr, newSeqno, sortedKEVPairs); err != nil { 304 return 0, nil, err 305 } 306 } 307 308 var ms MasterSecret 309 if t.cfg.UseBlindedValueHashes { 310 ms, err = t.GenerateAndStoreMasterSecret(ctx, tr, newSeqno) 311 if err != nil { 312 return 0, nil, err 313 } 314 } else { 315 ms = nil 316 } 317 318 var newBareRootHash Hash 319 if newBareRootHash, err = t.hashTreeRecursive(ctx, tr, newSeqno, ms, 320 t.cfg.GetRootPosition(), sortedKEVPairs); err != nil { 321 return 0, nil, err 322 } 323 324 newRootMetadata, err := t.makeNextRootMetadata(ctx, tr, &rootMetadata, newBareRootHash, addOnsHash) 325 if err != nil { 326 return 0, nil, err 327 } 328 329 _, newRootHash, err := t.cfg.Encoder.EncodeAndHashGeneric(newRootMetadata) 330 if err != nil { 331 return 0, nil, err 332 } 333 334 if err = t.eng.StoreRootMetadata(ctx, tr, newRootMetadata, newRootHash); err != nil { 335 return 0, nil, err 336 } 337 338 _, hash, err := t.cfg.Encoder.EncodeAndHashGeneric(newRootMetadata) 339 340 return newSeqno, hash, err 341 } 342 343 func (t *Tree) hashTreeRecursive(ctx logger.ContextInterface, tr Transaction, s Seqno, ms MasterSecret, 344 p *Position, sortedKEVPairs []KeyEncodedValuePair) (ret Hash, err error) { 345 select { 346 case <-ctx.Ctx().Done(): 347 return nil, ctx.Ctx().Err() 348 default: 349 } 350 351 if len(sortedKEVPairs) <= t.cfg.MaxValuesPerLeaf { 352 err = t.makeAndStoreLeaf(ctx, tr, s, ms, p, sortedKEVPairs, &ret) 353 return ret, err 354 } 355 356 node := Node{INodes: make([]Hash, t.cfg.ChildrenPerNode)} 357 358 pairsNotYetSelected := sortedKEVPairs 359 var nextChild *Position 360 for i, child := ChildIndex(0), t.cfg.GetChild(p, ChildIndex(0)); i < ChildIndex(t.cfg.ChildrenPerNode); i++ { 361 var end int 362 if i+1 < ChildIndex(t.cfg.ChildrenPerNode) { 363 nextChild = t.cfg.GetChild(p, i+1) 364 maxKey := t.cfg.getMinKey(nextChild) 365 366 end = sort.Search(len(pairsNotYetSelected), func(n int) bool { 367 return pairsNotYetSelected[n].Key.Cmp(maxKey) >= 0 368 }) 369 } else { 370 end = len(pairsNotYetSelected) 371 } 372 373 if end > 0 { 374 pairsSelected := pairsNotYetSelected[0:end] 375 pairsNotYetSelected = pairsNotYetSelected[end:] 376 node.INodes[i], err = t.hashTreeRecursive(ctx, tr, s, ms, child, pairsSelected) 377 if err != nil { 378 return nil, err 379 } 380 } 381 child = nextChild 382 } 383 if err = t.cfg.Encoder.HashGeneric(node, &ret); err != nil { 384 return nil, err 385 } 386 err = t.eng.StoreNode(ctx, tr, s, p, ret) 387 return ret, err 388 } 389 390 // makeKeyHashPairsFromKeyValuePairs preserves ordering 391 func (t *Tree) makeKeyHashPairsFromKeyValuePairs(ms MasterSecret, unhashed []KeyEncodedValuePair, node *Node) (err error) { 392 if cap(node.LeafHashes) < len(unhashed) { 393 node.LeafHashes = make([]KeyHashPair, len(unhashed)) 394 } 395 node.LeafHashes = node.LeafHashes[:len(unhashed)] 396 397 for i, kevp := range unhashed { 398 t.cfg.Encoder.ComputeKeySpecificSecretTo(ms, kevp.Key, &t.bufKss) 399 err = t.cfg.Encoder.HashKeyEncodedValuePairWithKeySpecificSecretTo(kevp, t.bufKss, &node.LeafHashes[i].Hash) 400 if err != nil { 401 return err 402 } 403 node.LeafHashes[i].Key = kevp.Key 404 } 405 return nil 406 } 407 408 func (t *Tree) makeAndStoreLeaf(ctx logger.ContextInterface, tr Transaction, s Seqno, ms MasterSecret, p *Position, sortedKEVPairs []KeyEncodedValuePair, ret *Hash) (err error) { 409 410 err = t.makeKeyHashPairsFromKeyValuePairs(ms, sortedKEVPairs, &t.bufLeaf) 411 if err != nil { 412 return err 413 } 414 415 if err = t.cfg.Encoder.HashGeneric(t.bufLeaf, ret); err != nil { 416 return err 417 } 418 if err = t.eng.StoreNode(ctx, tr, s, p, *ret); err != nil { 419 return err 420 } 421 return nil 422 } 423 424 // Retrieves a KeyValuePair from the tree. Note that if the root at Seqno s was 425 // not committed yet, there might be no proof for this pair yet (hence it is 426 // unsafe). 427 func (t *Tree) GetKeyValuePairUnsafe(ctx logger.ContextInterface, tr Transaction, s Seqno, k Key) (kvp KeyValuePair, err error) { 428 if s == 0 { 429 return KeyValuePair{}, NewInvalidSeqnoError(0, fmt.Errorf("No keys stored at Seqno 0")) 430 } 431 if len(k) != t.cfg.KeysByteLength { 432 return KeyValuePair{}, NewInvalidKeyError() 433 } 434 val, _, err := t.eng.LookupKEVPair(ctx, tr, s, k) 435 if err != nil { 436 return KeyValuePair{}, err 437 } 438 valContainer := t.cfg.ConstructValueContainer() 439 err = t.cfg.Encoder.Decode(&valContainer, val) 440 if err != nil { 441 return KeyValuePair{}, err 442 } 443 return KeyValuePair{Key: k, Value: valContainer}, nil 444 } 445 446 // Retrieves a KeyValuePair from the tree. Note that if the root at Seqno s was 447 // not committed yet, an InvalidSeqnoError is returned. 448 func (t *Tree) GetKeyValuePair(ctx logger.ContextInterface, tr Transaction, s Seqno, k Key) (KeyValuePair, error) { 449 // Checking the Seqno was committed. 450 _, err := t.eng.LookupRoot(ctx, tr, s) 451 if err != nil { 452 return KeyValuePair{}, err 453 } 454 455 return t.GetKeyValuePairUnsafe(ctx, tr, s, k) 456 } 457 458 // A MerkleInclusionProof proves that a specific key value pair is stored in a 459 // merkle tree, given the RootMetadata hash of such tree. It can also be used to 460 // prove that a specific key is not part of the tree (we call this an exclusion 461 // or absence proof) 462 type MerkleInclusionProof struct { 463 _struct struct{} `codec:",toarray"` //nolint 464 KeySpecificSecret KeySpecificSecret `codec:"k"` 465 // When this struct is used as an exclusion proof, OtherPairsInLeaf is set 466 // to nil if the proof ends at an internal node, and set to a slice of 467 // length 0 or more if the proof ends at a (possibly empty) leaf node. In 468 // particular, a tree with no keys is encoded with the root being the only 469 // (empty leaf) node. 470 OtherPairsInLeaf []KeyHashPair `codec:"l"` 471 // SiblingHashesOnPath are ordered by level from the farthest to the closest 472 // to the root, and lexicographically within each level. 473 SiblingHashesOnPath []Hash `codec:"s"` 474 RootMetadataNoHash RootMetadata `codec:"e"` 475 } 476 477 // A MerkleExtensionProof proves, given the RootMetadata hashes of two merkle 478 // trees and their respective Seqno values, that: - the two merkle trees have 479 // the expected Seqno values, - the most recent merkle tree "points back" to the 480 // least recent one through a chain of SkipPointers that refer to merkle trees 481 // at intermediate Seqnos. 482 type MerkleExtensionProof struct { 483 _struct struct{} `codec:",toarray"` //nolint 484 RootHashes []Hash `codec:"h"` 485 PreviousRootsNoSkips []RootMetadata `codec:"k"` 486 } 487 488 // An MerkleInclusionExtensionProof combines a MerkleInclusionProof and a 489 // MerkleExtensionProof. The redundant fields are deleted so that sending a 490 // combined proof is more efficient than sending both of them individually. 491 type MerkleInclusionExtensionProof struct { 492 _struct struct{} `codec:",toarray"` //nolint 493 MerkleInclusionProof MerkleInclusionProof 494 MerkleExtensionProof MerkleExtensionProof 495 } 496 497 // This type orders positionHashPairs by position, more specificelly first by 498 // level descending (nodes with higher level first) and then within each level 499 // in ascending order. This is the order required by the merkle proof verifier 500 // to easily reconstruct a path. 501 type PosHashPairsInMerkleProofOrder []PositionHashPair 502 503 func (p PosHashPairsInMerkleProofOrder) Len() int { 504 return len(p) 505 } 506 507 func (p PosHashPairsInMerkleProofOrder) Less(i, j int) bool { 508 return p[i].Position.CmpInMerkleProofOrder(&(p[j].Position)) < 0 509 } 510 511 func (p PosHashPairsInMerkleProofOrder) Swap(i, j int) { 512 p[i], p[j] = p[j], p[i] 513 } 514 515 var _ sort.Interface = PosHashPairsInMerkleProofOrder{} 516 517 // If the key is not in the tree at the root with the specified hash, this function returns a nil value, a proof 518 // which certifies that and no error. 519 func (t *Tree) GetEncodedValueWithInclusionOrExclusionProofFromRootHash(ctx logger.ContextInterface, tr Transaction, rootHash Hash, k Key) (val EncodedValue, proof MerkleInclusionProof, err error) { 520 // Lookup the appropriate root. 521 rootMetadata, err := t.eng.LookupRootFromHash(ctx, tr, rootHash) 522 if err != nil { 523 return nil, MerkleInclusionProof{}, err 524 } 525 return t.getEncodedValueWithInclusionProofOrExclusionProof(ctx, tr, rootMetadata, k) 526 } 527 528 // If the key is not in the tree at seqno s, this function returns a KeyNotFoundError and no absence proof. 529 func (t *Tree) GetEncodedValueWithInclusionProof(ctx logger.ContextInterface, tr Transaction, s Seqno, k Key) (val EncodedValue, proof MerkleInclusionProof, err error) { 530 // Lookup the appropriate root. 531 rootMetadata, err := t.eng.LookupRoot(ctx, tr, s) 532 if err != nil { 533 return nil, MerkleInclusionProof{}, err 534 } 535 val, proof, err = t.getEncodedValueWithInclusionProofOrExclusionProof(ctx, tr, rootMetadata, k) 536 if err != nil { 537 return nil, MerkleInclusionProof{}, err 538 } 539 if val == nil { 540 return nil, MerkleInclusionProof{}, NewKeyNotFoundError() 541 } 542 return val, proof, nil 543 } 544 545 // if the key is not in the tree, this function returns a nil value, a proof 546 // which certifies that and no error. 547 func (t *Tree) getEncodedValueWithInclusionProofOrExclusionProof(ctx logger.ContextInterface, tr Transaction, rootMetadata RootMetadata, k Key) (val EncodedValue, proof MerkleInclusionProof, err error) { 548 if len(k) != t.cfg.KeysByteLength { 549 return nil, MerkleInclusionProof{}, fmt.Errorf("The supplied key has the wrong length: exp %v, got %v", t.cfg.KeysByteLength, len(k)) 550 } 551 552 s := rootMetadata.Seqno 553 proof.RootMetadataNoHash = rootMetadata 554 // clear up hash to make the proof smaller. 555 proof.RootMetadataNoHash.BareRootHash = nil 556 557 var siblingPosHashPairs []PositionHashPair 558 needMore := true 559 for curr := 1; needMore && curr <= t.cfg.MaxDepth; curr += t.step + 1 { 560 // The first element is the position at level curr+step on the path from 561 // the root to k (on a complete tree). The next ones are all the 562 // necessary siblings at levels from curr+step to curr (both included) 563 // on such path. 564 deepestAndCurrSiblingPositions := t.cfg.getDeepestPositionAtLevelAndSiblingsOnPathToKey(k, curr+t.step, curr) 565 deepestAndCurrSiblings, err := t.eng.LookupNodes(ctx, tr, s, deepestAndCurrSiblingPositions) 566 if err != nil { 567 return nil, MerkleInclusionProof{}, err 568 } 569 570 sort.Sort(PosHashPairsInMerkleProofOrder(deepestAndCurrSiblings)) 571 572 var currSiblings []PositionHashPair 573 // if we found a PositionHashPair corrisponding to the first element in 574 // deepestAndCurrSiblingPositions, it means the path might be deeper and we 575 // need to fetch more siblings. 576 candidateDeepest := len(deepestAndCurrSiblings) 577 if len(deepestAndCurrSiblings) > 0 { 578 candidateDeepest = sort.Search(len(deepestAndCurrSiblings), func(i int) bool { 579 return deepestAndCurrSiblings[i].Position.CmpInMerkleProofOrder(&deepestAndCurrSiblingPositions[0]) >= 0 580 }) 581 } 582 if candidateDeepest < len(deepestAndCurrSiblings) && deepestAndCurrSiblings[candidateDeepest].Position.Equals(&deepestAndCurrSiblingPositions[0]) { 583 currSiblings = deepestAndCurrSiblings[:candidateDeepest] 584 currSiblings = append(currSiblings, deepestAndCurrSiblings[candidateDeepest+1:]...) 585 } else { 586 currSiblings = deepestAndCurrSiblings 587 needMore = false 588 } 589 siblingPosHashPairs = append(currSiblings, siblingPosHashPairs...) 590 } 591 592 var leafLevel int 593 if len(siblingPosHashPairs) == 0 { 594 // If there are no siblings, the key must be stored on the root 595 leafLevel = 0 596 } else { 597 // The level of the first sibling equals the level of the leaf node for the 598 // key we are producing the proof for. 599 leafLevel = t.cfg.getLevel(&(siblingPosHashPairs[0].Position)) 600 } 601 602 deepestPosition, err := t.cfg.getDeepestPositionForKey(k) 603 if err != nil { 604 return nil, MerkleInclusionProof{}, err 605 } 606 leafPos := t.cfg.getParentAtLevel(deepestPosition, uint(leafLevel)) 607 608 proof.SiblingHashesOnPath = make([]Hash, leafLevel*(t.cfg.ChildrenPerNode-1)) 609 leafChildIndexes := t.cfg.positionToChildIndexPath(leafPos) 610 // Flatten the siblingPosHashPairs Hashes into a []Hash. 611 for _, pos := range siblingPosHashPairs { 612 if t.cfg.getDeepestChildIndex(&pos.Position) < leafChildIndexes[leafLevel-t.cfg.getLevel(&pos.Position)] { 613 proof.SiblingHashesOnPath[(leafLevel-t.cfg.getLevel(&pos.Position))*(t.cfg.ChildrenPerNode-1)+int(t.cfg.getDeepestChildIndex(&pos.Position))] = pos.Hash 614 } else { 615 proof.SiblingHashesOnPath[(leafLevel-t.cfg.getLevel(&pos.Position))*(t.cfg.ChildrenPerNode-1)+int(t.cfg.getDeepestChildIndex(&pos.Position))-1] = pos.Hash 616 } 617 } 618 619 var kevps []KeyEncodedValuePair 620 621 // We have two cases: either the node at leafPos is actually a leaf 622 // (which might or not contain the key which we are trying to look up), 623 // or such node does not exists at all (which happens only if the key we 624 // are looking up is not part of the tree at that seqno). 625 _, err = t.eng.LookupNode(ctx, tr, s, leafPos) 626 if err != nil { 627 // NodeNotFoundError is ignored as the inclusion proof we 628 // produce will prove that the key is not in the tree. 629 if _, nodeNotFound := err.(NodeNotFoundError); !nodeNotFound { 630 return nil, MerkleInclusionProof{}, err 631 } 632 } else { 633 if t.cfg.MaxValuesPerLeaf == 1 { 634 // Try to avoid LookupKEVPairsUnderPosition if possible as it is a range 635 // query and thus more expensive. 636 kevp, _, err := t.eng.LookupKEVPair(ctx, tr, s, k) 637 if err != nil { 638 // KeyNotFoundError is ignored as the inclusion proof we 639 // produce will prove that the key is not in the tree. 640 if _, keyNotFound := err.(KeyNotFoundError); !keyNotFound { 641 return nil, MerkleInclusionProof{}, err 642 } 643 } else { 644 kevps = append(kevps, KeyEncodedValuePair{Key: k, Value: kevp}) 645 } 646 } 647 648 // if len(kevps)>0, then MaxValuesPerLeaf == 1 and we found the key we 649 // are looking for, so there is no need to look for other keys under 650 // leafPos. 651 if len(kevps) == 0 { 652 // Lookup hashes of key value pairs stored at the same leaf. 653 // These pairs are ordered by key. 654 kevps, _, err = t.eng.LookupKEVPairsUnderPosition(ctx, tr, s, leafPos) 655 if err != nil { 656 // KeyNotFoundError is ignored. This would happen when we are 657 // trying to produce an absence proof on an empty tree: there 658 // would be a leaf node containing no keys. 659 if _, keyNotFound := err.(KeyNotFoundError); !keyNotFound { 660 return nil, MerkleInclusionProof{}, err 661 } 662 kevps = make([]KeyEncodedValuePair, 0) 663 } 664 } 665 } 666 667 var ms MasterSecret 668 if t.cfg.UseBlindedValueHashes && len(kevps) > 0 { 669 msMap, err := t.eng.(StorageEngineWithBlinding).LookupMasterSecrets(ctx, tr, []Seqno{s}) 670 if err != nil { 671 return nil, MerkleInclusionProof{}, err 672 } 673 ms = msMap[s] 674 } 675 676 // OtherPairsInLeaf will have length equal to kevps - 1 in an inclusion 677 // proof, and kevps in an absence proof. 678 if kevps != nil { 679 proof.OtherPairsInLeaf = make([]KeyHashPair, 0, len(kevps)) 680 } 681 for _, kevpi := range kevps { 682 if kevpi.Key.Equal(k) { 683 val = kevpi.Value 684 if t.cfg.UseBlindedValueHashes { 685 proof.KeySpecificSecret = t.cfg.Encoder.ComputeKeySpecificSecret(ms, k) 686 } else { 687 proof.KeySpecificSecret = nil 688 } 689 continue 690 } 691 692 var hash Hash 693 hash, err = t.cfg.Encoder.HashKeyEncodedValuePairWithKeySpecificSecret(kevpi, t.cfg.Encoder.ComputeKeySpecificSecret(ms, kevpi.Key)) 694 if err != nil { 695 return nil, MerkleInclusionProof{}, err 696 } 697 proof.OtherPairsInLeaf = append(proof.OtherPairsInLeaf, KeyHashPair{Key: kevpi.Key, Hash: hash}) 698 } 699 700 return val, proof, nil 701 } 702 703 func (t *Tree) GetKeyValuePairWithProof(ctx logger.ContextInterface, tr Transaction, s Seqno, k Key) (kvp KeyValuePair, proof MerkleInclusionProof, err error) { 704 val, proof, err := t.GetEncodedValueWithInclusionProof(ctx, tr, s, k) 705 if err != nil { 706 return KeyValuePair{}, MerkleInclusionProof{}, err 707 } 708 709 valContainer := t.cfg.ConstructValueContainer() 710 err = t.cfg.Encoder.Decode(&valContainer, val) 711 if err != nil { 712 return KeyValuePair{}, MerkleInclusionProof{}, err 713 } 714 kvp = KeyValuePair{Key: k, Value: valContainer} 715 716 return kvp, proof, nil 717 } 718 719 func (t *Tree) getExtensionProof(ctx logger.ContextInterface, tr Transaction, fromSeqno, toSeqno Seqno, isPartOfIncExtProof bool) (proof MerkleExtensionProof, err error) { 720 // Optimization: no proof is required to show something extends itself. 721 if fromSeqno == toSeqno { 722 return MerkleExtensionProof{}, nil 723 } 724 725 seqnos, err := ComputeRootHashSeqnosNeededInExtensionProof(fromSeqno, toSeqno) 726 if err != nil { 727 return MerkleExtensionProof{}, err 728 } 729 hashes, err := t.eng.LookupRootHashes(ctx, tr, seqnos) 730 if err != nil { 731 return MerkleExtensionProof{}, err 732 } 733 734 seqnos, err = ComputeRootMetadataSeqnosNeededInExtensionProof(fromSeqno, toSeqno, isPartOfIncExtProof) 735 if err != nil { 736 return MerkleExtensionProof{}, err 737 } 738 roots, err := t.eng.LookupRoots(ctx, tr, seqnos) 739 if err != nil { 740 return MerkleExtensionProof{}, err 741 } 742 743 proof.RootHashes = hashes 744 proof.PreviousRootsNoSkips = roots 745 746 return proof, nil 747 } 748 749 func (t *Tree) GetExtensionProof(ctx logger.ContextInterface, tr Transaction, fromSeqno, toSeqno Seqno) (proof MerkleExtensionProof, err error) { 750 return t.getExtensionProof(ctx, tr, fromSeqno, toSeqno, false) 751 } 752 753 func (t *Tree) GetEncodedValueWithInclusionExtensionProof(ctx logger.ContextInterface, tr Transaction, haveSeqno, wantSeqno Seqno, k Key) (val EncodedValue, proof MerkleInclusionExtensionProof, err error) { 754 val, incProof, err := t.GetEncodedValueWithInclusionProof(ctx, tr, wantSeqno, k) 755 if err != nil { 756 return nil, MerkleInclusionExtensionProof{}, err 757 } 758 proof.MerkleInclusionProof = incProof 759 760 if haveSeqno != wantSeqno { 761 // clear these fields to save bandwidth, they are redundant when an 762 // inclusion proof is paired with an extension proof. Note that if 763 // haveSeqno == wantSeqno, we don't do this optimization as the 764 // extension proof is skipped. 765 proof.MerkleInclusionProof.RootMetadataNoHash.SkipPointersHash = nil 766 proof.MerkleInclusionProof.RootMetadataNoHash.Seqno = Seqno(0) 767 } 768 769 extProof, err := t.getExtensionProof(ctx, tr, haveSeqno, wantSeqno, true) 770 if err != nil { 771 return nil, MerkleInclusionExtensionProof{}, err 772 } 773 774 // clear these fields to save bandwidth 775 for i := range extProof.PreviousRootsNoSkips { 776 extProof.PreviousRootsNoSkips[i].SkipPointersHash = nil 777 } 778 779 proof.MerkleExtensionProof = extProof 780 return val, proof, err 781 } 782 783 func (t *Tree) GetKeyValuePairWithInclusionExtensionProof(ctx logger.ContextInterface, tr Transaction, haveSeqno, wantSeqno Seqno, k Key) (kvp KeyValuePair, proof MerkleInclusionExtensionProof, err error) { 784 val, proof, err := t.GetEncodedValueWithInclusionExtensionProof(ctx, tr, haveSeqno, wantSeqno, k) 785 if err != nil { 786 return KeyValuePair{}, MerkleInclusionExtensionProof{}, err 787 } 788 789 valContainer := t.cfg.ConstructValueContainer() 790 err = t.cfg.Encoder.Decode(&valContainer, val) 791 if err != nil { 792 return KeyValuePair{}, MerkleInclusionExtensionProof{}, err 793 } 794 kvp = KeyValuePair{Key: k, Value: valContainer} 795 796 return kvp, proof, nil 797 } 798 799 func (t *Tree) ExecTransaction(ctx logger.ContextInterface, txFn func(logger.ContextInterface, Transaction) error) error { 800 return t.eng.ExecTransaction(ctx, txFn) 801 } 802 803 // GetLatestRoot returns the latest RootMetadata which was stored in the 804 // tree (and its Hash and Seqno). If no such record was stored yet, 805 // GetLatestRoot returns 0 as a Seqno and a NoLatestRootFound error. 806 func (t *Tree) GetLatestRoot(ctx logger.ContextInterface, tr Transaction) (s Seqno, root RootMetadata, rootHash Hash, err error) { 807 s, root, err = t.eng.LookupLatestRoot(ctx, tr) 808 if err != nil || s == 0 { 809 return 0, RootMetadata{}, nil, err 810 } 811 _, rootHash, err = t.cfg.Encoder.EncodeAndHashGeneric(root) 812 if err != nil { 813 return 0, RootMetadata{}, nil, err 814 } 815 816 return s, root, rootHash, nil 817 }