2016-06-20 09:47:10 -05:00
|
|
|
// Copyright 2015 The go-ethereum Authors
|
|
|
|
// This file is part of the go-ethereum library.
|
|
|
|
//
|
|
|
|
// The go-ethereum library is free software: you can redistribute it and/or modify
|
|
|
|
// it under the terms of the GNU Lesser General Public License as published by
|
|
|
|
// the Free Software Foundation, either version 3 of the License, or
|
|
|
|
// (at your option) any later version.
|
|
|
|
//
|
|
|
|
// The go-ethereum library is distributed in the hope that it will be useful,
|
|
|
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
// GNU Lesser General Public License for more details.
|
|
|
|
//
|
|
|
|
// You should have received a copy of the GNU Lesser General Public License
|
|
|
|
// along with the go-ethereum library. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
|
|
|
|
package trie
|
|
|
|
|
|
|
|
import (
|
|
|
|
"bytes"
|
2021-06-28 08:53:50 +02:00
|
|
|
"errors"
|
2016-06-20 09:47:10 -05:00
|
|
|
"fmt"
|
|
|
|
|
|
|
|
"github.com/ethereum/go-ethereum/common"
|
2018-02-27 11:39:30 +01:00
|
|
|
"github.com/ethereum/go-ethereum/ethdb"
|
2017-05-01 14:09:48 +03:00
|
|
|
"github.com/ethereum/go-ethereum/log"
|
2016-06-20 09:47:10 -05:00
|
|
|
)
|
|
|
|
|
2018-02-27 11:39:30 +01:00
|
|
|
// Prove constructs a merkle proof for key. The result contains all encoded nodes
|
|
|
|
// on the path to the value at key. The value itself is also included in the last
|
|
|
|
// node and can be retrieved by verifying the proof.
|
2016-06-20 09:47:10 -05:00
|
|
|
//
|
2018-02-27 11:39:30 +01:00
|
|
|
// If the trie does not contain a value for key, the returned proof contains all
|
|
|
|
// nodes of the longest existing prefix of the key (at least the root node), ending
|
|
|
|
// with the node that proves the absence of the key.
|
2019-10-04 17:21:24 +02:00
|
|
|
func (t *Trie) Prove(key []byte, fromLevel uint, proofDb ethdb.KeyValueWriter) error {
|
2016-06-20 09:47:10 -05:00
|
|
|
// Collect all nodes on the path to key.
|
2022-10-25 15:25:08 +01:00
|
|
|
var (
|
|
|
|
prefix []byte
|
|
|
|
nodes []node
|
|
|
|
tn = t.root
|
|
|
|
)
|
2017-05-01 14:09:48 +03:00
|
|
|
key = keybytesToHex(key)
|
2016-06-20 09:47:10 -05:00
|
|
|
for len(key) > 0 && tn != nil {
|
|
|
|
switch n := tn.(type) {
|
2016-10-20 14:07:42 +03:00
|
|
|
case *shortNode:
|
2016-06-20 09:47:10 -05:00
|
|
|
if len(key) < len(n.Key) || !bytes.Equal(n.Key, key[:len(n.Key)]) {
|
|
|
|
// The trie doesn't contain the key.
|
|
|
|
tn = nil
|
|
|
|
} else {
|
|
|
|
tn = n.Val
|
2022-10-25 15:25:08 +01:00
|
|
|
prefix = append(prefix, n.Key...)
|
2016-06-20 09:47:10 -05:00
|
|
|
key = key[len(n.Key):]
|
|
|
|
}
|
|
|
|
nodes = append(nodes, n)
|
2016-10-20 14:07:42 +03:00
|
|
|
case *fullNode:
|
2016-07-03 14:44:31 -05:00
|
|
|
tn = n.Children[key[0]]
|
2022-10-25 15:25:08 +01:00
|
|
|
prefix = append(prefix, key[0])
|
2016-06-20 09:47:10 -05:00
|
|
|
key = key[1:]
|
|
|
|
nodes = append(nodes, n)
|
|
|
|
case hashNode:
|
2022-10-25 15:25:08 +01:00
|
|
|
// Retrieve the specified node from the underlying node reader.
|
|
|
|
// trie.resolveAndTrack is not used since in that function the
|
|
|
|
// loaded blob will be tracked, while it's not required here since
|
|
|
|
// all loaded nodes won't be linked to trie at all and track nodes
|
|
|
|
// may lead to out-of-memory issue.
|
2016-06-20 09:47:10 -05:00
|
|
|
var err error
|
2022-10-25 15:25:08 +01:00
|
|
|
tn, err = t.reader.node(prefix, common.BytesToHash(n))
|
2016-06-20 09:47:10 -05:00
|
|
|
if err != nil {
|
2022-10-25 15:25:08 +01:00
|
|
|
log.Error("Unhandled trie error in Trie.Prove", "err", err)
|
2018-01-15 21:26:41 +01:00
|
|
|
return err
|
2016-06-20 09:47:10 -05:00
|
|
|
}
|
|
|
|
default:
|
|
|
|
panic(fmt.Sprintf("%T: invalid node: %v", tn, tn))
|
|
|
|
}
|
|
|
|
}
|
2021-06-28 08:53:50 +02:00
|
|
|
hasher := newHasher(false)
|
2018-12-19 11:02:07 +01:00
|
|
|
defer returnHasherToPool(hasher)
|
|
|
|
|
2016-06-20 09:47:10 -05:00
|
|
|
for i, n := range nodes {
|
2021-06-28 08:53:50 +02:00
|
|
|
if fromLevel > 0 {
|
|
|
|
fromLevel--
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
var hn node
|
|
|
|
n, hn = hasher.proofHash(n)
|
2018-01-15 21:26:41 +01:00
|
|
|
if hash, ok := hn.(hashNode); ok || i == 0 {
|
2016-06-20 09:47:10 -05:00
|
|
|
// If the node's database encoding is a hash (or is the
|
|
|
|
// root node), it becomes a proof element.
|
2022-10-25 15:25:08 +01:00
|
|
|
enc := nodeToBytes(n)
|
2021-06-28 08:53:50 +02:00
|
|
|
if !ok {
|
|
|
|
hash = hasher.hashData(enc)
|
2018-01-15 21:26:41 +01:00
|
|
|
}
|
2021-06-28 08:53:50 +02:00
|
|
|
proofDb.Put(hash, enc)
|
2016-06-20 09:47:10 -05:00
|
|
|
}
|
|
|
|
}
|
2018-01-15 21:26:41 +01:00
|
|
|
return nil
|
2016-06-20 09:47:10 -05:00
|
|
|
}
|
|
|
|
|
2018-02-27 11:39:30 +01:00
|
|
|
// Prove constructs a merkle proof for key. The result contains all encoded nodes
|
|
|
|
// on the path to the value at key. The value itself is also included in the last
|
|
|
|
// node and can be retrieved by verifying the proof.
|
|
|
|
//
|
|
|
|
// If the trie does not contain a value for key, the returned proof contains all
|
|
|
|
// nodes of the longest existing prefix of the key (at least the root node), ending
|
|
|
|
// with the node that proves the absence of the key.
|
2022-10-25 15:25:08 +01:00
|
|
|
func (t *StateTrie) Prove(key []byte, fromLevel uint, proofDb ethdb.KeyValueWriter) error {
|
2018-02-27 11:39:30 +01:00
|
|
|
return t.trie.Prove(key, fromLevel, proofDb)
|
|
|
|
}
|
|
|
|
|
|
|
|
// VerifyProof checks merkle proofs. The given proof must contain the value for
|
|
|
|
// key in a trie with the given root hash. VerifyProof returns an error if the
|
|
|
|
// proof contains invalid trie nodes or the wrong value.
|
2021-06-28 08:53:50 +02:00
|
|
|
func VerifyProof(rootHash common.Hash, key []byte, proofDb ethdb.KeyValueReader) (value []byte, err error) {
|
2017-05-01 14:09:48 +03:00
|
|
|
key = keybytesToHex(key)
|
2018-02-27 11:39:30 +01:00
|
|
|
wantHash := rootHash
|
2018-01-15 21:26:41 +01:00
|
|
|
for i := 0; ; i++ {
|
2018-02-27 11:39:30 +01:00
|
|
|
buf, _ := proofDb.Get(wantHash[:])
|
2018-01-15 21:26:41 +01:00
|
|
|
if buf == nil {
|
2021-06-28 08:53:50 +02:00
|
|
|
return nil, fmt.Errorf("proof node %d (hash %064x) missing", i, wantHash)
|
2016-06-20 09:47:10 -05:00
|
|
|
}
|
2019-10-04 17:21:24 +02:00
|
|
|
n, err := decodeNode(wantHash[:], buf)
|
2016-06-20 09:47:10 -05:00
|
|
|
if err != nil {
|
2021-06-28 08:53:50 +02:00
|
|
|
return nil, fmt.Errorf("bad proof node %d: %v", i, err)
|
2016-06-20 09:47:10 -05:00
|
|
|
}
|
2021-06-28 08:53:50 +02:00
|
|
|
keyrest, cld := get(n, key, true)
|
2016-06-20 09:47:10 -05:00
|
|
|
switch cld := cld.(type) {
|
|
|
|
case nil:
|
2018-01-15 21:26:41 +01:00
|
|
|
// The trie doesn't contain the key.
|
2021-06-28 08:53:50 +02:00
|
|
|
return nil, nil
|
2016-06-20 09:47:10 -05:00
|
|
|
case hashNode:
|
|
|
|
key = keyrest
|
2018-02-27 11:39:30 +01:00
|
|
|
copy(wantHash[:], cld)
|
2016-06-20 09:47:10 -05:00
|
|
|
case valueNode:
|
2021-06-28 08:53:50 +02:00
|
|
|
return cld, nil
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// proofToPath converts a merkle proof to trie node path. The main purpose of
|
|
|
|
// this function is recovering a node path from the merkle proof stream. All
|
|
|
|
// necessary nodes will be resolved and leave the remaining as hashnode.
|
|
|
|
//
|
|
|
|
// The given edge proof is allowed to be an existent or non-existent proof.
|
|
|
|
func proofToPath(rootHash common.Hash, root node, key []byte, proofDb ethdb.KeyValueReader, allowNonExistent bool) (node, []byte, error) {
|
|
|
|
// resolveNode retrieves and resolves trie node from merkle proof stream
|
|
|
|
resolveNode := func(hash common.Hash) (node, error) {
|
|
|
|
buf, _ := proofDb.Get(hash[:])
|
|
|
|
if buf == nil {
|
|
|
|
return nil, fmt.Errorf("proof node (hash %064x) missing", hash)
|
|
|
|
}
|
|
|
|
n, err := decodeNode(hash[:], buf)
|
|
|
|
if err != nil {
|
|
|
|
return nil, fmt.Errorf("bad proof node %v", err)
|
|
|
|
}
|
|
|
|
return n, err
|
|
|
|
}
|
|
|
|
// If the root node is empty, resolve it first.
|
|
|
|
// Root node must be included in the proof.
|
|
|
|
if root == nil {
|
|
|
|
n, err := resolveNode(rootHash)
|
|
|
|
if err != nil {
|
|
|
|
return nil, nil, err
|
|
|
|
}
|
|
|
|
root = n
|
|
|
|
}
|
|
|
|
var (
|
|
|
|
err error
|
|
|
|
child, parent node
|
|
|
|
keyrest []byte
|
|
|
|
valnode []byte
|
|
|
|
)
|
|
|
|
key, parent = keybytesToHex(key), root
|
|
|
|
for {
|
|
|
|
keyrest, child = get(parent, key, false)
|
|
|
|
switch cld := child.(type) {
|
|
|
|
case nil:
|
|
|
|
// The trie doesn't contain the key. It's possible
|
|
|
|
// the proof is a non-existing proof, but at least
|
|
|
|
// we can prove all resolved nodes are correct, it's
|
|
|
|
// enough for us to prove range.
|
|
|
|
if allowNonExistent {
|
|
|
|
return root, nil, nil
|
|
|
|
}
|
|
|
|
return nil, nil, errors.New("the node is not contained in trie")
|
|
|
|
case *shortNode:
|
|
|
|
key, parent = keyrest, child // Already resolved
|
|
|
|
continue
|
|
|
|
case *fullNode:
|
|
|
|
key, parent = keyrest, child // Already resolved
|
|
|
|
continue
|
|
|
|
case hashNode:
|
|
|
|
child, err = resolveNode(common.BytesToHash(cld))
|
|
|
|
if err != nil {
|
|
|
|
return nil, nil, err
|
|
|
|
}
|
|
|
|
case valueNode:
|
|
|
|
valnode = cld
|
|
|
|
}
|
|
|
|
// Link the parent and child.
|
|
|
|
switch pnode := parent.(type) {
|
|
|
|
case *shortNode:
|
|
|
|
pnode.Val = child
|
|
|
|
case *fullNode:
|
|
|
|
pnode.Children[key[0]] = child
|
|
|
|
default:
|
|
|
|
panic(fmt.Sprintf("%T: invalid node: %v", pnode, pnode))
|
|
|
|
}
|
|
|
|
if len(valnode) > 0 {
|
|
|
|
return root, valnode, nil // The whole path is resolved
|
|
|
|
}
|
|
|
|
key, parent = keyrest, child
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// unsetInternal removes all internal node references(hashnode, embedded node).
|
|
|
|
// It should be called after a trie is constructed with two edge paths. Also
|
|
|
|
// the given boundary keys must be the one used to construct the edge paths.
|
|
|
|
//
|
|
|
|
// It's the key step for range proof. All visited nodes should be marked dirty
|
|
|
|
// since the node content might be modified. Besides it can happen that some
|
|
|
|
// fullnodes only have one child which is disallowed. But if the proof is valid,
|
|
|
|
// the missing children will be filled, otherwise it will be thrown anyway.
|
|
|
|
//
|
|
|
|
// Note we have the assumption here the given boundary keys are different
|
|
|
|
// and right is larger than left.
|
|
|
|
func unsetInternal(n node, left []byte, right []byte) (bool, error) {
|
|
|
|
left, right = keybytesToHex(left), keybytesToHex(right)
|
|
|
|
|
|
|
|
// Step down to the fork point. There are two scenarios can happen:
|
|
|
|
// - the fork point is a shortnode: either the key of left proof or
|
|
|
|
// right proof doesn't match with shortnode's key.
|
|
|
|
// - the fork point is a fullnode: both two edge proofs are allowed
|
|
|
|
// to point to a non-existent key.
|
|
|
|
var (
|
|
|
|
pos = 0
|
|
|
|
parent node
|
|
|
|
|
|
|
|
// fork indicator, 0 means no fork, -1 means proof is less, 1 means proof is greater
|
|
|
|
shortForkLeft, shortForkRight int
|
|
|
|
)
|
|
|
|
findFork:
|
|
|
|
for {
|
|
|
|
switch rn := (n).(type) {
|
|
|
|
case *shortNode:
|
|
|
|
rn.flags = nodeFlag{dirty: true}
|
|
|
|
|
|
|
|
// If either the key of left proof or right proof doesn't match with
|
|
|
|
// shortnode, stop here and the forkpoint is the shortnode.
|
|
|
|
if len(left)-pos < len(rn.Key) {
|
|
|
|
shortForkLeft = bytes.Compare(left[pos:], rn.Key)
|
|
|
|
} else {
|
|
|
|
shortForkLeft = bytes.Compare(left[pos:pos+len(rn.Key)], rn.Key)
|
|
|
|
}
|
|
|
|
if len(right)-pos < len(rn.Key) {
|
|
|
|
shortForkRight = bytes.Compare(right[pos:], rn.Key)
|
|
|
|
} else {
|
|
|
|
shortForkRight = bytes.Compare(right[pos:pos+len(rn.Key)], rn.Key)
|
|
|
|
}
|
|
|
|
if shortForkLeft != 0 || shortForkRight != 0 {
|
|
|
|
break findFork
|
|
|
|
}
|
|
|
|
parent = n
|
|
|
|
n, pos = rn.Val, pos+len(rn.Key)
|
|
|
|
case *fullNode:
|
|
|
|
rn.flags = nodeFlag{dirty: true}
|
|
|
|
|
|
|
|
// If either the node pointed by left proof or right proof is nil,
|
|
|
|
// stop here and the forkpoint is the fullnode.
|
|
|
|
leftnode, rightnode := rn.Children[left[pos]], rn.Children[right[pos]]
|
|
|
|
if leftnode == nil || rightnode == nil || leftnode != rightnode {
|
|
|
|
break findFork
|
|
|
|
}
|
|
|
|
parent = n
|
|
|
|
n, pos = rn.Children[left[pos]], pos+1
|
|
|
|
default:
|
|
|
|
panic(fmt.Sprintf("%T: invalid node: %v", n, n))
|
|
|
|
}
|
|
|
|
}
|
|
|
|
switch rn := n.(type) {
|
|
|
|
case *shortNode:
|
|
|
|
// There can have these five scenarios:
|
|
|
|
// - both proofs are less than the trie path => no valid range
|
|
|
|
// - both proofs are greater than the trie path => no valid range
|
|
|
|
// - left proof is less and right proof is greater => valid range, unset the shortnode entirely
|
|
|
|
// - left proof points to the shortnode, but right proof is greater
|
|
|
|
// - right proof points to the shortnode, but left proof is less
|
|
|
|
if shortForkLeft == -1 && shortForkRight == -1 {
|
|
|
|
return false, errors.New("empty range")
|
|
|
|
}
|
|
|
|
if shortForkLeft == 1 && shortForkRight == 1 {
|
|
|
|
return false, errors.New("empty range")
|
|
|
|
}
|
|
|
|
if shortForkLeft != 0 && shortForkRight != 0 {
|
|
|
|
// The fork point is root node, unset the entire trie
|
|
|
|
if parent == nil {
|
|
|
|
return true, nil
|
|
|
|
}
|
|
|
|
parent.(*fullNode).Children[left[pos-1]] = nil
|
|
|
|
return false, nil
|
|
|
|
}
|
|
|
|
// Only one proof points to non-existent key.
|
|
|
|
if shortForkRight != 0 {
|
|
|
|
if _, ok := rn.Val.(valueNode); ok {
|
|
|
|
// The fork point is root node, unset the entire trie
|
|
|
|
if parent == nil {
|
|
|
|
return true, nil
|
|
|
|
}
|
|
|
|
parent.(*fullNode).Children[left[pos-1]] = nil
|
|
|
|
return false, nil
|
|
|
|
}
|
|
|
|
return false, unset(rn, rn.Val, left[pos:], len(rn.Key), false)
|
|
|
|
}
|
|
|
|
if shortForkLeft != 0 {
|
|
|
|
if _, ok := rn.Val.(valueNode); ok {
|
|
|
|
// The fork point is root node, unset the entire trie
|
|
|
|
if parent == nil {
|
|
|
|
return true, nil
|
|
|
|
}
|
|
|
|
parent.(*fullNode).Children[right[pos-1]] = nil
|
|
|
|
return false, nil
|
|
|
|
}
|
|
|
|
return false, unset(rn, rn.Val, right[pos:], len(rn.Key), true)
|
|
|
|
}
|
|
|
|
return false, nil
|
|
|
|
case *fullNode:
|
|
|
|
// unset all internal nodes in the forkpoint
|
|
|
|
for i := left[pos] + 1; i < right[pos]; i++ {
|
|
|
|
rn.Children[i] = nil
|
|
|
|
}
|
|
|
|
if err := unset(rn, rn.Children[left[pos]], left[pos:], 1, false); err != nil {
|
|
|
|
return false, err
|
|
|
|
}
|
|
|
|
if err := unset(rn, rn.Children[right[pos]], right[pos:], 1, true); err != nil {
|
|
|
|
return false, err
|
|
|
|
}
|
|
|
|
return false, nil
|
|
|
|
default:
|
|
|
|
panic(fmt.Sprintf("%T: invalid node: %v", n, n))
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// unset removes all internal node references either the left most or right most.
|
|
|
|
// It can meet these scenarios:
|
|
|
|
//
|
2022-10-25 15:25:08 +01:00
|
|
|
// - The given path is existent in the trie, unset the associated nodes with the
|
|
|
|
// specific direction
|
|
|
|
// - The given path is non-existent in the trie
|
2021-06-28 08:53:50 +02:00
|
|
|
// - the fork point is a fullnode, the corresponding child pointed by path
|
|
|
|
// is nil, return
|
|
|
|
// - the fork point is a shortnode, the shortnode is included in the range,
|
|
|
|
// keep the entire branch and return.
|
|
|
|
// - the fork point is a shortnode, the shortnode is excluded in the range,
|
|
|
|
// unset the entire branch.
|
|
|
|
func unset(parent node, child node, key []byte, pos int, removeLeft bool) error {
|
|
|
|
switch cld := child.(type) {
|
|
|
|
case *fullNode:
|
|
|
|
if removeLeft {
|
|
|
|
for i := 0; i < int(key[pos]); i++ {
|
|
|
|
cld.Children[i] = nil
|
|
|
|
}
|
|
|
|
cld.flags = nodeFlag{dirty: true}
|
|
|
|
} else {
|
|
|
|
for i := key[pos] + 1; i < 16; i++ {
|
|
|
|
cld.Children[i] = nil
|
|
|
|
}
|
|
|
|
cld.flags = nodeFlag{dirty: true}
|
|
|
|
}
|
|
|
|
return unset(cld, cld.Children[key[pos]], key, pos+1, removeLeft)
|
|
|
|
case *shortNode:
|
|
|
|
if len(key[pos:]) < len(cld.Key) || !bytes.Equal(cld.Key, key[pos:pos+len(cld.Key)]) {
|
|
|
|
// Find the fork point, it's an non-existent branch.
|
|
|
|
if removeLeft {
|
|
|
|
if bytes.Compare(cld.Key, key[pos:]) < 0 {
|
|
|
|
// The key of fork shortnode is less than the path
|
2022-10-25 15:25:08 +01:00
|
|
|
// (it belongs to the range), unset the entire
|
2021-06-28 08:53:50 +02:00
|
|
|
// branch. The parent must be a fullnode.
|
|
|
|
fn := parent.(*fullNode)
|
|
|
|
fn.Children[key[pos-1]] = nil
|
|
|
|
}
|
2022-10-25 15:25:08 +01:00
|
|
|
//else {
|
|
|
|
// The key of fork shortnode is greater than the
|
|
|
|
// path(it doesn't belong to the range), keep
|
|
|
|
// it with the cached hash available.
|
|
|
|
//}
|
2021-06-28 08:53:50 +02:00
|
|
|
} else {
|
|
|
|
if bytes.Compare(cld.Key, key[pos:]) > 0 {
|
|
|
|
// The key of fork shortnode is greater than the
|
|
|
|
// path(it belongs to the range), unset the entrie
|
|
|
|
// branch. The parent must be a fullnode.
|
|
|
|
fn := parent.(*fullNode)
|
|
|
|
fn.Children[key[pos-1]] = nil
|
|
|
|
}
|
2022-10-25 15:25:08 +01:00
|
|
|
//else {
|
|
|
|
// The key of fork shortnode is less than the
|
|
|
|
// path(it doesn't belong to the range), keep
|
|
|
|
// it with the cached hash available.
|
|
|
|
//}
|
2021-06-28 08:53:50 +02:00
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
if _, ok := cld.Val.(valueNode); ok {
|
|
|
|
fn := parent.(*fullNode)
|
|
|
|
fn.Children[key[pos-1]] = nil
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
cld.flags = nodeFlag{dirty: true}
|
|
|
|
return unset(cld, cld.Val, key, pos+len(cld.Key), removeLeft)
|
|
|
|
case nil:
|
|
|
|
// If the node is nil, then it's a child of the fork point
|
|
|
|
// fullnode(it's a non-existent branch).
|
|
|
|
return nil
|
|
|
|
default:
|
|
|
|
panic("it shouldn't happen") // hashNode, valueNode
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// hasRightElement returns the indicator whether there exists more elements
|
2022-10-25 15:25:08 +01:00
|
|
|
// on the right side of the given path. The given path can point to an existent
|
2021-06-28 08:53:50 +02:00
|
|
|
// key or a non-existent one. This function has the assumption that the whole
|
|
|
|
// path should already be resolved.
|
|
|
|
func hasRightElement(node node, key []byte) bool {
|
|
|
|
pos, key := 0, keybytesToHex(key)
|
|
|
|
for node != nil {
|
|
|
|
switch rn := node.(type) {
|
|
|
|
case *fullNode:
|
|
|
|
for i := key[pos] + 1; i < 16; i++ {
|
|
|
|
if rn.Children[i] != nil {
|
|
|
|
return true
|
|
|
|
}
|
|
|
|
}
|
|
|
|
node, pos = rn.Children[key[pos]], pos+1
|
|
|
|
case *shortNode:
|
|
|
|
if len(key)-pos < len(rn.Key) || !bytes.Equal(rn.Key, key[pos:pos+len(rn.Key)]) {
|
|
|
|
return bytes.Compare(rn.Key, key[pos:]) > 0
|
|
|
|
}
|
|
|
|
node, pos = rn.Val, pos+len(rn.Key)
|
|
|
|
case valueNode:
|
|
|
|
return false // We have resolved the whole path
|
|
|
|
default:
|
|
|
|
panic(fmt.Sprintf("%T: invalid node: %v", node, node)) // hashnode
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
|
|
|
// VerifyRangeProof checks whether the given leaf nodes and edge proof
|
|
|
|
// can prove the given trie leaves range is matched with the specific root.
|
|
|
|
// Besides, the range should be consecutive (no gap inside) and monotonic
|
|
|
|
// increasing.
|
|
|
|
//
|
|
|
|
// Note the given proof actually contains two edge proofs. Both of them can
|
|
|
|
// be non-existent proofs. For example the first proof is for a non-existent
|
|
|
|
// key 0x03, the last proof is for a non-existent key 0x10. The given batch
|
|
|
|
// leaves are [0x04, 0x05, .. 0x09]. It's still feasible to prove the given
|
|
|
|
// batch is valid.
|
|
|
|
//
|
|
|
|
// The firstKey is paired with firstProof, not necessarily the same as keys[0]
|
|
|
|
// (unless firstProof is an existent proof). Similarly, lastKey and lastProof
|
|
|
|
// are paired.
|
|
|
|
//
|
|
|
|
// Expect the normal case, this function can also be used to verify the following
|
|
|
|
// range proofs:
|
|
|
|
//
|
2022-10-25 15:25:08 +01:00
|
|
|
// - All elements proof. In this case the proof can be nil, but the range should
|
|
|
|
// be all the leaves in the trie.
|
2021-06-28 08:53:50 +02:00
|
|
|
//
|
2022-10-25 15:25:08 +01:00
|
|
|
// - One element proof. In this case no matter the edge proof is a non-existent
|
|
|
|
// proof or not, we can always verify the correctness of the proof.
|
2021-06-28 08:53:50 +02:00
|
|
|
//
|
2022-10-25 15:25:08 +01:00
|
|
|
// - Zero element proof. In this case a single non-existent proof is enough to prove.
|
|
|
|
// Besides, if there are still some other leaves available on the right side, then
|
|
|
|
// an error will be returned.
|
2021-06-28 08:53:50 +02:00
|
|
|
//
|
|
|
|
// Except returning the error to indicate the proof is valid or not, the function will
|
|
|
|
// also return a flag to indicate whether there exists more accounts/slots in the trie.
|
|
|
|
//
|
|
|
|
// Note: This method does not verify that the proof is of minimal form. If the input
|
|
|
|
// proofs are 'bloated' with neighbour leaves or random data, aside from the 'useful'
|
|
|
|
// data, then the proof will still be accepted.
|
|
|
|
func VerifyRangeProof(rootHash common.Hash, firstKey []byte, lastKey []byte, keys [][]byte, values [][]byte, proof ethdb.KeyValueReader) (bool, error) {
|
|
|
|
if len(keys) != len(values) {
|
|
|
|
return false, fmt.Errorf("inconsistent proof data, keys: %d, values: %d", len(keys), len(values))
|
|
|
|
}
|
2022-10-25 15:25:08 +01:00
|
|
|
// Ensure the received batch is monotonic increasing and contains no deletions
|
2021-06-28 08:53:50 +02:00
|
|
|
for i := 0; i < len(keys)-1; i++ {
|
|
|
|
if bytes.Compare(keys[i], keys[i+1]) >= 0 {
|
|
|
|
return false, errors.New("range is not monotonically increasing")
|
2016-06-20 09:47:10 -05:00
|
|
|
}
|
|
|
|
}
|
2022-10-25 15:25:08 +01:00
|
|
|
for _, value := range values {
|
|
|
|
if len(value) == 0 {
|
|
|
|
return false, errors.New("range contains deletion")
|
|
|
|
}
|
|
|
|
}
|
2021-06-28 08:53:50 +02:00
|
|
|
// Special case, there is no edge proof at all. The given range is expected
|
|
|
|
// to be the whole leaf-set in the trie.
|
|
|
|
if proof == nil {
|
|
|
|
tr := NewStackTrie(nil)
|
|
|
|
for index, key := range keys {
|
|
|
|
tr.TryUpdate(key, values[index])
|
|
|
|
}
|
|
|
|
if have, want := tr.Hash(), rootHash; have != want {
|
|
|
|
return false, fmt.Errorf("invalid proof, want hash %x, got %x", want, have)
|
|
|
|
}
|
|
|
|
return false, nil // No more elements
|
|
|
|
}
|
|
|
|
// Special case, there is a provided edge proof but zero key/value
|
|
|
|
// pairs, ensure there are no more accounts / slots in the trie.
|
|
|
|
if len(keys) == 0 {
|
|
|
|
root, val, err := proofToPath(rootHash, nil, firstKey, proof, true)
|
|
|
|
if err != nil {
|
|
|
|
return false, err
|
|
|
|
}
|
|
|
|
if val != nil || hasRightElement(root, firstKey) {
|
|
|
|
return false, errors.New("more entries available")
|
|
|
|
}
|
2022-10-25 15:25:08 +01:00
|
|
|
return false, nil
|
2021-06-28 08:53:50 +02:00
|
|
|
}
|
|
|
|
// Special case, there is only one element and two edge keys are same.
|
|
|
|
// In this case, we can't construct two edge paths. So handle it here.
|
|
|
|
if len(keys) == 1 && bytes.Equal(firstKey, lastKey) {
|
|
|
|
root, val, err := proofToPath(rootHash, nil, firstKey, proof, false)
|
|
|
|
if err != nil {
|
|
|
|
return false, err
|
|
|
|
}
|
|
|
|
if !bytes.Equal(firstKey, keys[0]) {
|
|
|
|
return false, errors.New("correct proof but invalid key")
|
|
|
|
}
|
|
|
|
if !bytes.Equal(val, values[0]) {
|
|
|
|
return false, errors.New("correct proof but invalid data")
|
|
|
|
}
|
|
|
|
return hasRightElement(root, firstKey), nil
|
|
|
|
}
|
|
|
|
// Ok, in all other cases, we require two edge paths available.
|
|
|
|
// First check the validity of edge keys.
|
|
|
|
if bytes.Compare(firstKey, lastKey) >= 0 {
|
|
|
|
return false, errors.New("invalid edge keys")
|
|
|
|
}
|
|
|
|
// todo(rjl493456442) different length edge keys should be supported
|
|
|
|
if len(firstKey) != len(lastKey) {
|
|
|
|
return false, errors.New("inconsistent edge keys")
|
|
|
|
}
|
|
|
|
// Convert the edge proofs to edge trie paths. Then we can
|
|
|
|
// have the same tree architecture with the original one.
|
|
|
|
// For the first edge proof, non-existent proof is allowed.
|
|
|
|
root, _, err := proofToPath(rootHash, nil, firstKey, proof, true)
|
|
|
|
if err != nil {
|
|
|
|
return false, err
|
|
|
|
}
|
|
|
|
// Pass the root node here, the second path will be merged
|
|
|
|
// with the first one. For the last edge proof, non-existent
|
|
|
|
// proof is also allowed.
|
|
|
|
root, _, err = proofToPath(rootHash, root, lastKey, proof, true)
|
|
|
|
if err != nil {
|
|
|
|
return false, err
|
|
|
|
}
|
|
|
|
// Remove all internal references. All the removed parts should
|
|
|
|
// be re-filled(or re-constructed) by the given leaves range.
|
|
|
|
empty, err := unsetInternal(root, firstKey, lastKey)
|
|
|
|
if err != nil {
|
|
|
|
return false, err
|
|
|
|
}
|
|
|
|
// Rebuild the trie with the leaf stream, the shape of trie
|
|
|
|
// should be same with the original one.
|
2022-10-25 15:25:08 +01:00
|
|
|
tr := &Trie{root: root, reader: newEmptyReader()}
|
2021-06-28 08:53:50 +02:00
|
|
|
if empty {
|
|
|
|
tr.root = nil
|
|
|
|
}
|
|
|
|
for index, key := range keys {
|
|
|
|
tr.TryUpdate(key, values[index])
|
|
|
|
}
|
|
|
|
if tr.Hash() != rootHash {
|
|
|
|
return false, fmt.Errorf("invalid proof, want hash %x, got %x", rootHash, tr.Hash())
|
|
|
|
}
|
2022-10-25 15:25:08 +01:00
|
|
|
return hasRightElement(tr.root, keys[len(keys)-1]), nil
|
2016-06-20 09:47:10 -05:00
|
|
|
}
|
|
|
|
|
2021-06-28 08:53:50 +02:00
|
|
|
// get returns the child of the given node. Return nil if the
|
|
|
|
// node with specified key doesn't exist at all.
|
|
|
|
//
|
|
|
|
// There is an additional flag `skipResolved`. If it's set then
|
|
|
|
// all resolved nodes won't be returned.
|
|
|
|
func get(tn node, key []byte, skipResolved bool) ([]byte, node) {
|
2017-08-04 23:14:17 +07:00
|
|
|
for {
|
2016-06-20 09:47:10 -05:00
|
|
|
switch n := tn.(type) {
|
2016-10-20 14:07:42 +03:00
|
|
|
case *shortNode:
|
2016-06-20 09:47:10 -05:00
|
|
|
if len(key) < len(n.Key) || !bytes.Equal(n.Key, key[:len(n.Key)]) {
|
|
|
|
return nil, nil
|
|
|
|
}
|
|
|
|
tn = n.Val
|
|
|
|
key = key[len(n.Key):]
|
2021-06-28 08:53:50 +02:00
|
|
|
if !skipResolved {
|
|
|
|
return key, tn
|
|
|
|
}
|
2016-10-20 14:07:42 +03:00
|
|
|
case *fullNode:
|
2016-07-03 14:44:31 -05:00
|
|
|
tn = n.Children[key[0]]
|
2016-06-20 09:47:10 -05:00
|
|
|
key = key[1:]
|
2021-06-28 08:53:50 +02:00
|
|
|
if !skipResolved {
|
|
|
|
return key, tn
|
|
|
|
}
|
2016-06-20 09:47:10 -05:00
|
|
|
case hashNode:
|
|
|
|
return key, n
|
|
|
|
case nil:
|
|
|
|
return key, nil
|
2017-08-04 23:14:17 +07:00
|
|
|
case valueNode:
|
|
|
|
return nil, n
|
2016-06-20 09:47:10 -05:00
|
|
|
default:
|
|
|
|
panic(fmt.Sprintf("%T: invalid node: %v", tn, tn))
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|