You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

131 lines
3.9 KiB

  1. package merkle
  2. import (
  3. "bytes"
  4. "fmt"
  5. )
  6. type SimpleProof struct {
  7. Aunts [][]byte `json:"aunts"` // Hashes from leaf's sibling to a root's child.
  8. }
  9. // proofs[0] is the proof for items[0].
  10. func SimpleProofsFromHashables(items []Hashable) (rootHash []byte, proofs []*SimpleProof) {
  11. trails, rootSPN := trailsFromHashables(items)
  12. rootHash = rootSPN.Hash
  13. proofs = make([]*SimpleProof, len(items))
  14. for i, trail := range trails {
  15. proofs[i] = &SimpleProof{
  16. Aunts: trail.FlattenAunts(),
  17. }
  18. }
  19. return
  20. }
  21. // Verify that leafHash is a leaf hash of the simple-merkle-tree
  22. // which hashes to rootHash.
  23. func (sp *SimpleProof) Verify(index int, total int, leafHash []byte, rootHash []byte) bool {
  24. computedHash := computeHashFromAunts(index, total, leafHash, sp.Aunts)
  25. return computedHash != nil && bytes.Equal(computedHash, rootHash)
  26. }
  27. func (sp *SimpleProof) String() string {
  28. return sp.StringIndented("")
  29. }
  30. func (sp *SimpleProof) StringIndented(indent string) string {
  31. return fmt.Sprintf(`SimpleProof{
  32. %s Aunts: %X
  33. %s}`,
  34. indent, sp.Aunts,
  35. indent)
  36. }
  37. // Use the leafHash and innerHashes to get the root merkle hash.
  38. // If the length of the innerHashes slice isn't exactly correct, the result is nil.
  39. func computeHashFromAunts(index int, total int, leafHash []byte, innerHashes [][]byte) []byte {
  40. // Recursive impl.
  41. if index >= total {
  42. return nil
  43. }
  44. switch total {
  45. case 0:
  46. panic("Cannot call computeHashFromAunts() with 0 total")
  47. case 1:
  48. if len(innerHashes) != 0 {
  49. return nil
  50. }
  51. return leafHash
  52. default:
  53. if len(innerHashes) == 0 {
  54. return nil
  55. }
  56. numLeft := (total + 1) / 2
  57. if index < numLeft {
  58. leftHash := computeHashFromAunts(index, numLeft, leafHash, innerHashes[:len(innerHashes)-1])
  59. if leftHash == nil {
  60. return nil
  61. }
  62. return SimpleHashFromTwoHashes(leftHash, innerHashes[len(innerHashes)-1])
  63. } else {
  64. rightHash := computeHashFromAunts(index-numLeft, total-numLeft, leafHash, innerHashes[:len(innerHashes)-1])
  65. if rightHash == nil {
  66. return nil
  67. }
  68. return SimpleHashFromTwoHashes(innerHashes[len(innerHashes)-1], rightHash)
  69. }
  70. }
  71. }
  72. // Helper structure to construct merkle proof.
  73. // The node and the tree is thrown away afterwards.
  74. // Exactly one of node.Left and node.Right is nil, unless node is the root, in which case both are nil.
  75. // node.Parent.Hash = hash(node.Hash, node.Right.Hash) or
  76. // hash(node.Left.Hash, node.Hash), depending on whether node is a left/right child.
  77. type SimpleProofNode struct {
  78. Hash []byte
  79. Parent *SimpleProofNode
  80. Left *SimpleProofNode // Left sibling (only one of Left,Right is set)
  81. Right *SimpleProofNode // Right sibling (only one of Left,Right is set)
  82. }
  83. // Starting from a leaf SimpleProofNode, FlattenAunts() will return
  84. // the inner hashes for the item corresponding to the leaf.
  85. func (spn *SimpleProofNode) FlattenAunts() [][]byte {
  86. // Nonrecursive impl.
  87. innerHashes := [][]byte{}
  88. for spn != nil {
  89. if spn.Left != nil {
  90. innerHashes = append(innerHashes, spn.Left.Hash)
  91. } else if spn.Right != nil {
  92. innerHashes = append(innerHashes, spn.Right.Hash)
  93. } else {
  94. break
  95. }
  96. spn = spn.Parent
  97. }
  98. return innerHashes
  99. }
  100. // trails[0].Hash is the leaf hash for items[0].
  101. // trails[i].Parent.Parent....Parent == root for all i.
  102. func trailsFromHashables(items []Hashable) (trails []*SimpleProofNode, root *SimpleProofNode) {
  103. // Recursive impl.
  104. switch len(items) {
  105. case 0:
  106. return nil, nil
  107. case 1:
  108. trail := &SimpleProofNode{items[0].Hash(), nil, nil, nil}
  109. return []*SimpleProofNode{trail}, trail
  110. default:
  111. lefts, leftRoot := trailsFromHashables(items[:(len(items)+1)/2])
  112. rights, rightRoot := trailsFromHashables(items[(len(items)+1)/2:])
  113. rootHash := SimpleHashFromTwoHashes(leftRoot.Hash, rightRoot.Hash)
  114. root := &SimpleProofNode{rootHash, nil, nil, nil}
  115. leftRoot.Parent = root
  116. leftRoot.Right = rightRoot
  117. rightRoot.Parent = root
  118. rightRoot.Left = leftRoot
  119. return append(lefts, rights...), root
  120. }
  121. }