diff --git a/src/merkleblock.cpp b/src/merkleblock.cpp index 028b982fb8..bdc97a52eb 100644 --- a/src/merkleblock.cpp +++ b/src/merkleblock.cpp @@ -1,218 +1,222 @@ // Copyright (c) 2009-2010 Satoshi Nakamoto // Copyright (c) 2009-2016 The Bitcoin Core developers // Distributed under the MIT software license, see the accompanying // file COPYING or http://www.opensource.org/licenses/mit-license.php. #include #include #include #include CMerkleBlock::CMerkleBlock(const CBlock &block, CBloomFilter &filter) { header = block.GetBlockHeader(); std::vector vMatch; std::vector vHashes; vMatch.reserve(block.vtx.size()); vHashes.reserve(block.vtx.size()); for (size_t i = 0; i < block.vtx.size(); i++) { const CTransaction *tx = block.vtx[i].get(); const uint256 &txid = tx->GetId(); if (filter.IsRelevantAndUpdate(*tx)) { vMatch.push_back(true); vMatchedTxn.push_back(std::make_pair(i, txid)); } else { vMatch.push_back(false); } vHashes.push_back(txid); } txn = CPartialMerkleTree(vHashes, vMatch); } CMerkleBlock::CMerkleBlock(const CBlock &block, const std::set &txids) { header = block.GetBlockHeader(); std::vector vMatch; std::vector vHashes; vMatch.reserve(block.vtx.size()); vHashes.reserve(block.vtx.size()); for (const auto &tx : block.vtx) { const TxId &txid = tx->GetId(); vMatch.push_back(txids.count(txid)); vHashes.push_back(txid); } txn = CPartialMerkleTree(vHashes, vMatch); } uint256 CPartialMerkleTree::CalcHash(int height, unsigned int pos, const std::vector &vTxid) { + // we can never have zero txs in a merkle block, we always need the + // coinbase tx if we do not have this assert, we can hit a memory + // access violation when indexing into vTxid + assert(vTxid.size() != 0); if (height == 0) { // hash at height 0 is the txids themself. return vTxid[pos]; } // Calculate left hash. uint256 left = CalcHash(height - 1, pos * 2, vTxid), right; // Calculate right hash if not beyond the end of the array - copy left hash // otherwise. if (pos * 2 + 1 < CalcTreeWidth(height - 1)) { right = CalcHash(height - 1, pos * 2 + 1, vTxid); } else { right = left; } // Combine subhashes. return Hash(BEGIN(left), END(left), BEGIN(right), END(right)); } void CPartialMerkleTree::TraverseAndBuild(int height, unsigned int pos, const std::vector &vTxid, const std::vector &vMatch) { // Determine whether this node is the parent of at least one matched txid. bool fParentOfMatch = false; for (unsigned int p = pos << height; p < (pos + 1) << height && p < nTransactions; p++) { fParentOfMatch |= vMatch[p]; } // Store as flag bit. vBits.push_back(fParentOfMatch); if (height == 0 || !fParentOfMatch) { // If at height 0, or nothing interesting below, store hash and stop. vHash.push_back(CalcHash(height, pos, vTxid)); } else { // Otherwise, don't store any hash, but descend into the subtrees. TraverseAndBuild(height - 1, pos * 2, vTxid, vMatch); if (pos * 2 + 1 < CalcTreeWidth(height - 1)) { TraverseAndBuild(height - 1, pos * 2 + 1, vTxid, vMatch); } } } uint256 CPartialMerkleTree::TraverseAndExtract( int height, unsigned int pos, unsigned int &nBitsUsed, unsigned int &nHashUsed, std::vector &vMatch, std::vector &vnIndex) { if (nBitsUsed >= vBits.size()) { // Overflowed the bits array - failure fBad = true; return uint256(); } bool fParentOfMatch = vBits[nBitsUsed++]; if (height == 0 || !fParentOfMatch) { // If at height 0, or nothing interesting below, use stored hash and do // not descend. if (nHashUsed >= vHash.size()) { // Overflowed the hash array - failure fBad = true; return uint256(); } const uint256 &hash = vHash[nHashUsed++]; // In case of height 0, we have a matched txid. if (height == 0 && fParentOfMatch) { vMatch.push_back(hash); vnIndex.push_back(pos); } return hash; } // Otherwise, descend into the subtrees to extract matched txids and hashes. uint256 left = TraverseAndExtract(height - 1, pos * 2, nBitsUsed, nHashUsed, vMatch, vnIndex), right; if (pos * 2 + 1 < CalcTreeWidth(height - 1)) { right = TraverseAndExtract(height - 1, pos * 2 + 1, nBitsUsed, nHashUsed, vMatch, vnIndex); if (right == left) { // The left and right branches should never be identical, as the // transaction hashes covered by them must each be unique. fBad = true; } } else { right = left; } // and combine them before returning. return Hash(BEGIN(left), END(left), BEGIN(right), END(right)); } CPartialMerkleTree::CPartialMerkleTree(const std::vector &vTxid, const std::vector &vMatch) : nTransactions(vTxid.size()), fBad(false) { // reset state vBits.clear(); vHash.clear(); // calculate height of tree int nHeight = 0; while (CalcTreeWidth(nHeight) > 1) { nHeight++; } // traverse the partial tree TraverseAndBuild(nHeight, 0, vTxid, vMatch); } CPartialMerkleTree::CPartialMerkleTree() : nTransactions(0), fBad(true) {} uint256 CPartialMerkleTree::ExtractMatches(std::vector &vMatch, std::vector &vnIndex) { vMatch.clear(); // An empty set will not work if (nTransactions == 0) { return uint256(); } // Check for excessively high numbers of transactions. // FIXME: Track the maximum block size we've seen and use it here. // There can never be more hashes provided than one for every txid. if (vHash.size() > nTransactions) { return uint256(); } // There must be at least one bit per node in the partial tree, and at least // one node per hash. if (vBits.size() < vHash.size()) { return uint256(); } // calculate height of tree. int nHeight = 0; while (CalcTreeWidth(nHeight) > 1) { nHeight++; } // traverse the partial tree. unsigned int nBitsUsed = 0, nHashUsed = 0; uint256 hashMerkleRoot = TraverseAndExtract(nHeight, 0, nBitsUsed, nHashUsed, vMatch, vnIndex); // verify that no problems occurred during the tree traversal. if (fBad) { return uint256(); } // verify that all bits were consumed (except for the padding caused by // serializing it as a byte sequence) if ((nBitsUsed + 7) / 8 != (vBits.size() + 7) / 8) { return uint256(); } // verify that all hashes were consumed. if (nHashUsed != vHash.size()) { return uint256(); } return hashMerkleRoot; } diff --git a/src/merkleblock.h b/src/merkleblock.h index d52c79f546..29aa1acb3c 100644 --- a/src/merkleblock.h +++ b/src/merkleblock.h @@ -1,184 +1,187 @@ // Copyright (c) 2009-2010 Satoshi Nakamoto // Copyright (c) 2009-2016 The Bitcoin Core developers // Distributed under the MIT software license, see the accompanying // file COPYING or http://www.opensource.org/licenses/mit-license.php. #ifndef BITCOIN_MERKLEBLOCK_H #define BITCOIN_MERKLEBLOCK_H #include #include #include #include #include /** * Data structure that represents a partial merkle tree. * * It represents a subset of the txid's of a known block, in a way that * allows recovery of the list of txid's and the merkle root, in an * authenticated way. * * The encoding works as follows: we traverse the tree in depth-first order, * storing a bit for each traversed node, signifying whether the node is the * parent of at least one matched leaf txid (or a matched txid itself). In * case we are at the leaf level, or this bit is 0, its merkle node hash is * stored, and its children are not explored further. Otherwise, no hash is * stored, but we recurse into both (or the only) child branch. During * decoding, the same depth-first traversal is performed, consuming bits and * hashes as they written during encoding. * * The serialization is fixed and provides a hard guarantee about the * encoded size: * * SIZE <= 10 + ceil(32.25*N) * * Where N represents the number of leaf nodes of the partial tree. N itself * is bounded by: * * N <= total_transactions * N <= 1 + matched_transactions*tree_height * * The serialization format: * - uint32 total_transactions (4 bytes) * - varint number of hashes (1-3 bytes) * - uint256[] hashes in depth-first order (<= 32*N bytes) * - varint number of bytes of flag bits (1-3 bytes) * - byte[] flag bits, packed per 8 in a byte, least significant bit first * (<= 2*N-1 bits) * The size constraints follow from this. */ class CPartialMerkleTree { protected: /** the total number of transactions in the block */ unsigned int nTransactions; /** node-is-parent-of-matched-txid bits */ std::vector vBits; /** txids and internal hashes */ std::vector vHash; /** flag set when encountering invalid data */ bool fBad; /** * Helper function to efficiently calculate the number of nodes at given * height in the merkle tree. */ unsigned int CalcTreeWidth(int height) const { return (nTransactions + (1 << height) - 1) >> height; } /** * Calculate the hash of a node in the merkle tree (at leaf level: the * txid's themselves) */ uint256 CalcHash(int height, unsigned int pos, const std::vector &vTxid); /** * Recursive function that traverses tree nodes, storing the data as bits * and hashes. */ void TraverseAndBuild(int height, unsigned int pos, const std::vector &vTxid, const std::vector &vMatch); /** * Recursive function that traverses tree nodes, consuming the bits and * hashes produced by TraverseAndBuild. It returns the hash of the * respective node and its respective index. */ uint256 TraverseAndExtract(int height, unsigned int pos, unsigned int &nBitsUsed, unsigned int &nHashUsed, std::vector &vMatch, std::vector &vnIndex); public: /** serialization implementation */ ADD_SERIALIZE_METHODS; template inline void SerializationOp(Stream &s, Operation ser_action) { READWRITE(nTransactions); READWRITE(vHash); std::vector vBytes; if (ser_action.ForRead()) { READWRITE(vBytes); CPartialMerkleTree &us = *(const_cast(this)); us.vBits.resize(vBytes.size() * 8); for (unsigned int p = 0; p < us.vBits.size(); p++) { us.vBits[p] = (vBytes[p / 8] & (1 << (p % 8))) != 0; } us.fBad = false; } else { vBytes.resize((vBits.size() + 7) / 8); for (unsigned int p = 0; p < vBits.size(); p++) { vBytes[p / 8] |= vBits[p] << (p % 8); } READWRITE(vBytes); } } /** * Construct a partial merkle tree from a list of transaction ids, and a * mask that selects a subset of them. */ CPartialMerkleTree(const std::vector &vTxid, const std::vector &vMatch); CPartialMerkleTree(); /** * Extract the matching txid's represented by this partial merkle tree and * their respective indices within the partial tree. Returns the merkle * root, or 0 in case of failure. */ uint256 ExtractMatches(std::vector &vMatch, std::vector &vnIndex); }; /** * Used to create a Merkle proof (usually from a subset of transactions), * which consists of a block header and partial Merkle Tree. * SPV clients typically use this Merkle proof to limit bandwidth and * computation requirements to process incoming transactions. * From the peer-node's perspective, the SPV client is a "filtered node". * See BIP37 for details: * https://github.com/bitcoin/bips/blob/master/bip-0037.mediawiki + * + * NOTE: The class assumes that the given CBlock has *at least* 1 transaction. + * If the CBlock has 0 txs, it will hit an assertion. */ class CMerkleBlock { public: /** Public only for unit testing */ CBlockHeader header; CPartialMerkleTree txn; /** Public only for unit testing and relay testing (not relayed) */ std::vector> vMatchedTxn; /** * Create a Merkle proof according to a bloom filter. Note * that this will call IsRelevantAndUpdate on the filter for each * transaction, thus the filter will likely be modified. */ CMerkleBlock(const CBlock &block, CBloomFilter &filter); /** * Create a Merkle proof for a set of transactions. */ CMerkleBlock(const CBlock &block, const std::set &txids); CMerkleBlock() {} ADD_SERIALIZE_METHODS; template inline void SerializationOp(Stream &s, Operation ser_action) { READWRITE(header); READWRITE(txn); } }; #endif // BITCOIN_MERKLEBLOCK_H