github.com/vipernet-xyz/tendermint-core@v0.32.0/crypto/merkle/simple_proof.go (about) 1 package merkle 2 3 import ( 4 "bytes" 5 "fmt" 6 7 "github.com/pkg/errors" 8 9 "github.com/tendermint/tendermint/crypto/tmhash" 10 ) 11 12 const ( 13 // MaxAunts is the maximum number of aunts that can be included in a SimpleProof. 14 // This corresponds to a tree of size 2^100, which should be sufficient for all conceivable purposes. 15 // This maximum helps prevent Denial-of-Service attacks by limitting the size of the proofs. 16 MaxAunts = 100 17 ) 18 19 // SimpleProof represents a simple Merkle proof. 20 // NOTE: The convention for proofs is to include leaf hashes but to 21 // exclude the root hash. 22 // This convention is implemented across IAVL range proofs as well. 23 // Keep this consistent unless there's a very good reason to change 24 // everything. This also affects the generalized proof system as 25 // well. 26 type SimpleProof struct { 27 Total int `json:"total"` // Total number of items. 28 Index int `json:"index"` // Index of item to prove. 29 LeafHash []byte `json:"leaf_hash"` // Hash of item value. 30 Aunts [][]byte `json:"aunts"` // Hashes from leaf's sibling to a root's child. 31 } 32 33 // SimpleProofsFromByteSlices computes inclusion proof for given items. 34 // proofs[0] is the proof for items[0]. 35 func SimpleProofsFromByteSlices(items [][]byte) (rootHash []byte, proofs []*SimpleProof) { 36 trails, rootSPN := trailsFromByteSlices(items) 37 rootHash = rootSPN.Hash 38 proofs = make([]*SimpleProof, len(items)) 39 for i, trail := range trails { 40 proofs[i] = &SimpleProof{ 41 Total: len(items), 42 Index: i, 43 LeafHash: trail.Hash, 44 Aunts: trail.FlattenAunts(), 45 } 46 } 47 return 48 } 49 50 // SimpleProofsFromMap generates proofs from a map. The keys/values of the map will be used as the keys/values 51 // in the underlying key-value pairs. 52 // The keys are sorted before the proofs are computed. 53 func SimpleProofsFromMap(m map[string][]byte) (rootHash []byte, proofs map[string]*SimpleProof, keys []string) { 54 sm := newSimpleMap() 55 for k, v := range m { 56 sm.Set(k, v) 57 } 58 sm.Sort() 59 kvs := sm.kvs 60 kvsBytes := make([][]byte, len(kvs)) 61 for i, kvp := range kvs { 62 kvsBytes[i] = KVPair(kvp).Bytes() 63 } 64 65 rootHash, proofList := SimpleProofsFromByteSlices(kvsBytes) 66 proofs = make(map[string]*SimpleProof) 67 keys = make([]string, len(proofList)) 68 for i, kvp := range kvs { 69 proofs[string(kvp.Key)] = proofList[i] 70 keys[i] = string(kvp.Key) 71 } 72 return 73 } 74 75 // Verify that the SimpleProof proves the root hash. 76 // Check sp.Index/sp.Total manually if needed 77 func (sp *SimpleProof) Verify(rootHash []byte, leaf []byte) error { 78 leafHash := leafHash(leaf) 79 if sp.Total < 0 { 80 return errors.New("proof total must be positive") 81 } 82 if sp.Index < 0 { 83 return errors.New("proof index cannot be negative") 84 } 85 if !bytes.Equal(sp.LeafHash, leafHash) { 86 return errors.Errorf("invalid leaf hash: wanted %X got %X", leafHash, sp.LeafHash) 87 } 88 computedHash := sp.ComputeRootHash() 89 if !bytes.Equal(computedHash, rootHash) { 90 return errors.Errorf("invalid root hash: wanted %X got %X", rootHash, computedHash) 91 } 92 return nil 93 } 94 95 // Compute the root hash given a leaf hash. Does not verify the result. 96 func (sp *SimpleProof) ComputeRootHash() []byte { 97 return computeHashFromAunts( 98 sp.Index, 99 sp.Total, 100 sp.LeafHash, 101 sp.Aunts, 102 ) 103 } 104 105 // String implements the stringer interface for SimpleProof. 106 // It is a wrapper around StringIndented. 107 func (sp *SimpleProof) String() string { 108 return sp.StringIndented("") 109 } 110 111 // StringIndented generates a canonical string representation of a SimpleProof. 112 func (sp *SimpleProof) StringIndented(indent string) string { 113 return fmt.Sprintf(`SimpleProof{ 114 %s Aunts: %X 115 %s}`, 116 indent, sp.Aunts, 117 indent) 118 } 119 120 // ValidateBasic performs basic validation. 121 // NOTE: it expects the LeafHash and the elements of Aunts to be of size tmhash.Size, 122 // and it expects at most MaxAunts elements in Aunts. 123 func (sp *SimpleProof) ValidateBasic() error { 124 if sp.Total < 0 { 125 return errors.New("negative Total") 126 } 127 if sp.Index < 0 { 128 return errors.New("negative Index") 129 } 130 if len(sp.LeafHash) != tmhash.Size { 131 return errors.Errorf("expected LeafHash size to be %d, got %d", tmhash.Size, len(sp.LeafHash)) 132 } 133 if len(sp.Aunts) > MaxAunts { 134 return errors.Errorf("expected no more than %d aunts, got %d", MaxAunts, len(sp.Aunts)) 135 } 136 for i, auntHash := range sp.Aunts { 137 if len(auntHash) != tmhash.Size { 138 return errors.Errorf("expected Aunts#%d size to be %d, got %d", i, tmhash.Size, len(auntHash)) 139 } 140 } 141 return nil 142 } 143 144 // Use the leafHash and innerHashes to get the root merkle hash. 145 // If the length of the innerHashes slice isn't exactly correct, the result is nil. 146 // Recursive impl. 147 func computeHashFromAunts(index int, total int, leafHash []byte, innerHashes [][]byte) []byte { 148 if index >= total || index < 0 || total <= 0 { 149 return nil 150 } 151 switch total { 152 case 0: 153 panic("Cannot call computeHashFromAunts() with 0 total") 154 case 1: 155 if len(innerHashes) != 0 { 156 return nil 157 } 158 return leafHash 159 default: 160 if len(innerHashes) == 0 { 161 return nil 162 } 163 numLeft := getSplitPoint(total) 164 if index < numLeft { 165 leftHash := computeHashFromAunts(index, numLeft, leafHash, innerHashes[:len(innerHashes)-1]) 166 if leftHash == nil { 167 return nil 168 } 169 return innerHash(leftHash, innerHashes[len(innerHashes)-1]) 170 } 171 rightHash := computeHashFromAunts(index-numLeft, total-numLeft, leafHash, innerHashes[:len(innerHashes)-1]) 172 if rightHash == nil { 173 return nil 174 } 175 return innerHash(innerHashes[len(innerHashes)-1], rightHash) 176 } 177 } 178 179 // SimpleProofNode is a helper structure to construct merkle proof. 180 // The node and the tree is thrown away afterwards. 181 // Exactly one of node.Left and node.Right is nil, unless node is the root, in which case both are nil. 182 // node.Parent.Hash = hash(node.Hash, node.Right.Hash) or 183 // hash(node.Left.Hash, node.Hash), depending on whether node is a left/right child. 184 type SimpleProofNode struct { 185 Hash []byte 186 Parent *SimpleProofNode 187 Left *SimpleProofNode // Left sibling (only one of Left,Right is set) 188 Right *SimpleProofNode // Right sibling (only one of Left,Right is set) 189 } 190 191 // FlattenAunts will return the inner hashes for the item corresponding to the leaf, 192 // starting from a leaf SimpleProofNode. 193 func (spn *SimpleProofNode) FlattenAunts() [][]byte { 194 // Nonrecursive impl. 195 innerHashes := [][]byte{} 196 for spn != nil { 197 switch { 198 case spn.Left != nil: 199 innerHashes = append(innerHashes, spn.Left.Hash) 200 case spn.Right != nil: 201 innerHashes = append(innerHashes, spn.Right.Hash) 202 default: 203 break 204 } 205 spn = spn.Parent 206 } 207 return innerHashes 208 } 209 210 // trails[0].Hash is the leaf hash for items[0]. 211 // trails[i].Parent.Parent....Parent == root for all i. 212 func trailsFromByteSlices(items [][]byte) (trails []*SimpleProofNode, root *SimpleProofNode) { 213 // Recursive impl. 214 switch len(items) { 215 case 0: 216 return nil, nil 217 case 1: 218 trail := &SimpleProofNode{leafHash(items[0]), nil, nil, nil} 219 return []*SimpleProofNode{trail}, trail 220 default: 221 k := getSplitPoint(len(items)) 222 lefts, leftRoot := trailsFromByteSlices(items[:k]) 223 rights, rightRoot := trailsFromByteSlices(items[k:]) 224 rootHash := innerHash(leftRoot.Hash, rightRoot.Hash) 225 root := &SimpleProofNode{rootHash, nil, nil, nil} 226 leftRoot.Parent = root 227 leftRoot.Right = rightRoot 228 rightRoot.Parent = root 229 rightRoot.Left = leftRoot 230 return append(lefts, rights...), root 231 } 232 }