You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

198 lines
6.1 KiB

  1. package merkle
  2. import (
  3. "bytes"
  4. "errors"
  5. "fmt"
  6. "github.com/tendermint/tendermint/crypto/tmhash"
  7. cmn "github.com/tendermint/tendermint/libs/common"
  8. )
  9. // SimpleProof represents a simple Merkle proof.
  10. // NOTE: The convention for proofs is to include leaf hashes but to
  11. // exclude the root hash.
  12. // This convention is implemented across IAVL range proofs as well.
  13. // Keep this consistent unless there's a very good reason to change
  14. // everything. This also affects the generalized proof system as
  15. // well.
  16. type SimpleProof struct {
  17. Total int `json:"total"` // Total number of items.
  18. Index int `json:"index"` // Index of item to prove.
  19. LeafHash []byte `json:"leaf_hash"` // Hash of item value.
  20. Aunts [][]byte `json:"aunts"` // Hashes from leaf's sibling to a root's child.
  21. }
  22. // SimpleProofsFromByteSlices computes inclusion proof for given items.
  23. // proofs[0] is the proof for items[0].
  24. func SimpleProofsFromByteSlices(items [][]byte) (rootHash []byte, proofs []*SimpleProof) {
  25. trails, rootSPN := trailsFromByteSlices(items)
  26. rootHash = rootSPN.Hash
  27. proofs = make([]*SimpleProof, len(items))
  28. for i, trail := range trails {
  29. proofs[i] = &SimpleProof{
  30. Total: len(items),
  31. Index: i,
  32. LeafHash: trail.Hash,
  33. Aunts: trail.FlattenAunts(),
  34. }
  35. }
  36. return
  37. }
  38. // SimpleProofsFromMap generates proofs from a map. The keys/values of the map will be used as the keys/values
  39. // in the underlying key-value pairs.
  40. // The keys are sorted before the proofs are computed.
  41. func SimpleProofsFromMap(m map[string][]byte) (rootHash []byte, proofs map[string]*SimpleProof, keys []string) {
  42. sm := newSimpleMap()
  43. for k, v := range m {
  44. sm.Set(k, v)
  45. }
  46. sm.Sort()
  47. kvs := sm.kvs
  48. kvsBytes := make([][]byte, len(kvs))
  49. for i, kvp := range kvs {
  50. kvsBytes[i] = KVPair(kvp).Bytes()
  51. }
  52. rootHash, proofList := SimpleProofsFromByteSlices(kvsBytes)
  53. proofs = make(map[string]*SimpleProof)
  54. keys = make([]string, len(proofList))
  55. for i, kvp := range kvs {
  56. proofs[string(kvp.Key)] = proofList[i]
  57. keys[i] = string(kvp.Key)
  58. }
  59. return
  60. }
  61. // Verify that the SimpleProof proves the root hash.
  62. // Check sp.Index/sp.Total manually if needed
  63. func (sp *SimpleProof) Verify(rootHash []byte, leafHash []byte) error {
  64. if sp.Total < 0 {
  65. return errors.New("Proof total must be positive")
  66. }
  67. if sp.Index < 0 {
  68. return errors.New("Proof index cannot be negative")
  69. }
  70. if !bytes.Equal(sp.LeafHash, leafHash) {
  71. return cmn.NewError("invalid leaf hash: wanted %X got %X", leafHash, sp.LeafHash)
  72. }
  73. computedHash := sp.ComputeRootHash()
  74. if !bytes.Equal(computedHash, rootHash) {
  75. return cmn.NewError("invalid root hash: wanted %X got %X", rootHash, computedHash)
  76. }
  77. return nil
  78. }
  79. // Compute the root hash given a leaf hash. Does not verify the result.
  80. func (sp *SimpleProof) ComputeRootHash() []byte {
  81. return computeHashFromAunts(
  82. sp.Index,
  83. sp.Total,
  84. sp.LeafHash,
  85. sp.Aunts,
  86. )
  87. }
  88. // String implements the stringer interface for SimpleProof.
  89. // It is a wrapper around StringIndented.
  90. func (sp *SimpleProof) String() string {
  91. return sp.StringIndented("")
  92. }
  93. // StringIndented generates a canonical string representation of a SimpleProof.
  94. func (sp *SimpleProof) StringIndented(indent string) string {
  95. return fmt.Sprintf(`SimpleProof{
  96. %s Aunts: %X
  97. %s}`,
  98. indent, sp.Aunts,
  99. indent)
  100. }
  101. // Use the leafHash and innerHashes to get the root merkle hash.
  102. // If the length of the innerHashes slice isn't exactly correct, the result is nil.
  103. // Recursive impl.
  104. func computeHashFromAunts(index int, total int, leafHash []byte, innerHashes [][]byte) []byte {
  105. if index >= total || index < 0 || total <= 0 {
  106. return nil
  107. }
  108. switch total {
  109. case 0:
  110. panic("Cannot call computeHashFromAunts() with 0 total")
  111. case 1:
  112. if len(innerHashes) != 0 {
  113. return nil
  114. }
  115. return leafHash
  116. default:
  117. if len(innerHashes) == 0 {
  118. return nil
  119. }
  120. numLeft := (total + 1) / 2
  121. if index < numLeft {
  122. leftHash := computeHashFromAunts(index, numLeft, leafHash, innerHashes[:len(innerHashes)-1])
  123. if leftHash == nil {
  124. return nil
  125. }
  126. return simpleHashFromTwoHashes(leftHash, innerHashes[len(innerHashes)-1])
  127. }
  128. rightHash := computeHashFromAunts(index-numLeft, total-numLeft, leafHash, innerHashes[:len(innerHashes)-1])
  129. if rightHash == nil {
  130. return nil
  131. }
  132. return simpleHashFromTwoHashes(innerHashes[len(innerHashes)-1], rightHash)
  133. }
  134. }
  135. // SimpleProofNode is a helper structure to construct merkle proof.
  136. // The node and the tree is thrown away afterwards.
  137. // Exactly one of node.Left and node.Right is nil, unless node is the root, in which case both are nil.
  138. // node.Parent.Hash = hash(node.Hash, node.Right.Hash) or
  139. // hash(node.Left.Hash, node.Hash), depending on whether node is a left/right child.
  140. type SimpleProofNode struct {
  141. Hash []byte
  142. Parent *SimpleProofNode
  143. Left *SimpleProofNode // Left sibling (only one of Left,Right is set)
  144. Right *SimpleProofNode // Right sibling (only one of Left,Right is set)
  145. }
  146. // FlattenAunts will return the inner hashes for the item corresponding to the leaf,
  147. // starting from a leaf SimpleProofNode.
  148. func (spn *SimpleProofNode) FlattenAunts() [][]byte {
  149. // Nonrecursive impl.
  150. innerHashes := [][]byte{}
  151. for spn != nil {
  152. if spn.Left != nil {
  153. innerHashes = append(innerHashes, spn.Left.Hash)
  154. } else if spn.Right != nil {
  155. innerHashes = append(innerHashes, spn.Right.Hash)
  156. } else {
  157. break
  158. }
  159. spn = spn.Parent
  160. }
  161. return innerHashes
  162. }
  163. // trails[0].Hash is the leaf hash for items[0].
  164. // trails[i].Parent.Parent....Parent == root for all i.
  165. func trailsFromByteSlices(items [][]byte) (trails []*SimpleProofNode, root *SimpleProofNode) {
  166. // Recursive impl.
  167. switch len(items) {
  168. case 0:
  169. return nil, nil
  170. case 1:
  171. trail := &SimpleProofNode{tmhash.Sum(items[0]), nil, nil, nil}
  172. return []*SimpleProofNode{trail}, trail
  173. default:
  174. lefts, leftRoot := trailsFromByteSlices(items[:(len(items)+1)/2])
  175. rights, rightRoot := trailsFromByteSlices(items[(len(items)+1)/2:])
  176. rootHash := simpleHashFromTwoHashes(leftRoot.Hash, rightRoot.Hash)
  177. root := &SimpleProofNode{rootHash, nil, nil, nil}
  178. leftRoot.Parent = root
  179. leftRoot.Right = rightRoot
  180. rightRoot.Parent = root
  181. rightRoot.Left = leftRoot
  182. return append(lefts, rights...), root
  183. }
  184. }