diff --git a/src/merkleblock.cpp b/src/merkleblock.cpp index 69cb771e16..6f5d89f5dd 100644 --- a/src/merkleblock.cpp +++ b/src/merkleblock.cpp @@ -1,191 +1,219 @@ // Copyright (c) 2009-2010 Satoshi Nakamoto // Copyright (c) 2009-2016 The Bitcoin Core developers // Distributed under the MIT software license, see the accompanying // file COPYING or http://www.opensource.org/licenses/mit-license.php. #include "merkleblock.h" #include "consensus/consensus.h" #include "hash.h" #include "utilstrencodings.h" CMerkleBlock::CMerkleBlock(const CBlock &block, CBloomFilter &filter) { header = block.GetBlockHeader(); std::vector vMatch; std::vector vHashes; vMatch.reserve(block.vtx.size()); vHashes.reserve(block.vtx.size()); - for (unsigned int i = 0; i < block.vtx.size(); i++) { - const uint256 &txid = block.vtx[i]->GetId(); - if (filter.IsRelevantAndUpdate(*block.vtx[i])) { + for (size_t i = 0; i < block.vtx.size(); i++) { + const CTransaction *tx = block.vtx[i].get(); + const uint256 &txid = tx->GetId(); + if (filter.IsRelevantAndUpdate(*tx)) { vMatch.push_back(true); vMatchedTxn.push_back(std::make_pair(i, txid)); - } else + } else { vMatch.push_back(false); + } + vHashes.push_back(txid); } txn = CPartialMerkleTree(vHashes, vMatch); } CMerkleBlock::CMerkleBlock(const CBlock &block, const std::set &txids) { header = block.GetBlockHeader(); std::vector vMatch; std::vector vHashes; vMatch.reserve(block.vtx.size()); vHashes.reserve(block.vtx.size()); - for (unsigned int i = 0; i < block.vtx.size(); i++) { - const uint256 &txid = block.vtx[i]->GetId(); - if (txids.count(txid)) - vMatch.push_back(true); - else - vMatch.push_back(false); + for (const auto &tx : block.vtx) { + const uint256 &txid = tx->GetId(); + vMatch.push_back(txids.count(txid)); vHashes.push_back(txid); } txn = CPartialMerkleTree(vHashes, vMatch); } uint256 CPartialMerkleTree::CalcHash(int height, unsigned int pos, const std::vector &vTxid) { if (height == 0) { // hash at height 0 is the txids themself. return vTxid[pos]; + } + + // Calculate left hash. + uint256 left = CalcHash(height - 1, pos * 2, vTxid), right; + // Calculate right hash if not beyond the end of the array - copy left hash + // otherwise1. + if (pos * 2 + 1 < CalcTreeWidth(height - 1)) { + right = CalcHash(height - 1, pos * 2 + 1, vTxid); } else { - // Calculate left hash. - uint256 left = CalcHash(height - 1, pos * 2, vTxid), right; - // Calculate right hash if not beyond the end of the array - copy left - // hash otherwise1. - if (pos * 2 + 1 < CalcTreeWidth(height - 1)) { - right = CalcHash(height - 1, pos * 2 + 1, vTxid); - } else { - right = left; - } - // Combine subhashes. - return Hash(BEGIN(left), END(left), BEGIN(right), END(right)); + right = left; } + + // Combine subhashes. + return Hash(BEGIN(left), END(left), BEGIN(right), END(right)); } void CPartialMerkleTree::TraverseAndBuild(int height, unsigned int pos, const std::vector &vTxid, const std::vector &vMatch) { // Determine whether this node is the parent of at least one matched txid. bool fParentOfMatch = false; for (unsigned int p = pos << height; - p < (pos + 1) << height && p < nTransactions; p++) + p < (pos + 1) << height && p < nTransactions; p++) { fParentOfMatch |= vMatch[p]; + } + // Store as flag bit. vBits.push_back(fParentOfMatch); if (height == 0 || !fParentOfMatch) { // If at height 0, or nothing interesting below, store hash and stop. vHash.push_back(CalcHash(height, pos, vTxid)); } else { // Otherwise, don't store any hash, but descend into the subtrees. TraverseAndBuild(height - 1, pos * 2, vTxid, vMatch); - if (pos * 2 + 1 < CalcTreeWidth(height - 1)) + if (pos * 2 + 1 < CalcTreeWidth(height - 1)) { TraverseAndBuild(height - 1, pos * 2 + 1, vTxid, vMatch); + } } } uint256 CPartialMerkleTree::TraverseAndExtract( int height, unsigned int pos, unsigned int &nBitsUsed, unsigned int &nHashUsed, std::vector &vMatch, std::vector &vnIndex) { if (nBitsUsed >= vBits.size()) { // Overflowed the bits array - failure fBad = true; return uint256(); } + bool fParentOfMatch = vBits[nBitsUsed++]; if (height == 0 || !fParentOfMatch) { // If at height 0, or nothing interesting below, use stored hash and do // not descend. if (nHashUsed >= vHash.size()) { // Overflowed the hash array - failure fBad = true; return uint256(); } const uint256 &hash = vHash[nHashUsed++]; // In case of height 0, we have a matched txid. if (height == 0 && fParentOfMatch) { vMatch.push_back(hash); vnIndex.push_back(pos); } return hash; - } else { - // Otherwise, descend into the subtrees to extract matched txids and - // hashes. - uint256 left = TraverseAndExtract(height - 1, pos * 2, nBitsUsed, - nHashUsed, vMatch, vnIndex), - right; - if (pos * 2 + 1 < CalcTreeWidth(height - 1)) { - right = TraverseAndExtract(height - 1, pos * 2 + 1, nBitsUsed, - nHashUsed, vMatch, vnIndex); - if (right == left) { - // The left and right branches should never be identical, as the - // transaction hashes covered by them must each be unique. - fBad = true; - } - } else { - right = left; + } + + // Otherwise, descend into the subtrees to extract matched txids and hashes. + uint256 left = TraverseAndExtract(height - 1, pos * 2, nBitsUsed, nHashUsed, + vMatch, vnIndex), + right; + if (pos * 2 + 1 < CalcTreeWidth(height - 1)) { + right = TraverseAndExtract(height - 1, pos * 2 + 1, nBitsUsed, + nHashUsed, vMatch, vnIndex); + if (right == left) { + // The left and right branches should never be identical, as the + // transaction hashes covered by them must each be unique. + fBad = true; } - // and combine them before returning. - return Hash(BEGIN(left), END(left), BEGIN(right), END(right)); + } else { + right = left; } + + // and combine them before returning. + return Hash(BEGIN(left), END(left), BEGIN(right), END(right)); } CPartialMerkleTree::CPartialMerkleTree(const std::vector &vTxid, const std::vector &vMatch) : nTransactions(vTxid.size()), fBad(false) { // reset state vBits.clear(); vHash.clear(); // calculate height of tree int nHeight = 0; - while (CalcTreeWidth(nHeight) > 1) + while (CalcTreeWidth(nHeight) > 1) { nHeight++; + } // traverse the partial tree TraverseAndBuild(nHeight, 0, vTxid, vMatch); } CPartialMerkleTree::CPartialMerkleTree() : nTransactions(0), fBad(true) {} uint256 CPartialMerkleTree::ExtractMatches(std::vector &vMatch, std::vector &vnIndex) { vMatch.clear(); + // An empty set will not work - if (nTransactions == 0) return uint256(); + if (nTransactions == 0) { + return uint256(); + } + // Check for excessively high numbers of transactions. // FIXME: Track the maximum block size we've seen and use it here. // There can never be more hashes provided than one for every txid. - if (vHash.size() > nTransactions) return uint256(); + if (vHash.size() > nTransactions) { + return uint256(); + } + // There must be at least one bit per node in the partial tree, and at least // one node per hash. - if (vBits.size() < vHash.size()) return uint256(); + if (vBits.size() < vHash.size()) { + return uint256(); + } + // calculate height of tree. int nHeight = 0; - while (CalcTreeWidth(nHeight) > 1) + while (CalcTreeWidth(nHeight) > 1) { nHeight++; + } + // traverse the partial tree. unsigned int nBitsUsed = 0, nHashUsed = 0; uint256 hashMerkleRoot = TraverseAndExtract(nHeight, 0, nBitsUsed, nHashUsed, vMatch, vnIndex); + // verify that no problems occurred during the tree traversal. - if (fBad) return uint256(); + if (fBad) { + return uint256(); + } + // verify that all bits were consumed (except for the padding caused by // serializing it as a byte sequence) - if ((nBitsUsed + 7) / 8 != (vBits.size() + 7) / 8) return uint256(); + if ((nBitsUsed + 7) / 8 != (vBits.size() + 7) / 8) { + return uint256(); + } + // verify that all hashes were consumed. - if (nHashUsed != vHash.size()) return uint256(); + if (nHashUsed != vHash.size()) { + return uint256(); + } + return hashMerkleRoot; } diff --git a/src/merkleblock.h b/src/merkleblock.h index 33aaf4f38e..f8de87c63d 100644 --- a/src/merkleblock.h +++ b/src/merkleblock.h @@ -1,168 +1,178 @@ // Copyright (c) 2009-2010 Satoshi Nakamoto // Copyright (c) 2009-2016 The Bitcoin Core developers // Distributed under the MIT software license, see the accompanying // file COPYING or http://www.opensource.org/licenses/mit-license.php. #ifndef BITCOIN_MERKLEBLOCK_H #define BITCOIN_MERKLEBLOCK_H #include "bloom.h" #include "primitives/block.h" #include "serialize.h" #include "uint256.h" #include /** * Data structure that represents a partial merkle tree. * * It represents a subset of the txid's of a known block, in a way that * allows recovery of the list of txid's and the merkle root, in an * authenticated way. * * The encoding works as follows: we traverse the tree in depth-first order, * storing a bit for each traversed node, signifying whether the node is the * parent of at least one matched leaf txid (or a matched txid itself). In * case we are at the leaf level, or this bit is 0, its merkle node hash is * stored, and its children are not explorer further. Otherwise, no hash is * stored, but we recurse into both (or the only) child branch. During * decoding, the same depth-first traversal is performed, consuming bits and * hashes as they written during encoding. * * The serialization is fixed and provides a hard guarantee about the * encoded size: * * SIZE <= 10 + ceil(32.25*N) * * Where N represents the number of leaf nodes of the partial tree. N itself * is bounded by: * * N <= total_transactions * N <= 1 + matched_transactions*tree_height * * The serialization format: * - uint32 total_transactions (4 bytes) * - varint number of hashes (1-3 bytes) * - uint256[] hashes in depth-first order (<= 32*N bytes) * - varint number of bytes of flag bits (1-3 bytes) * - byte[] flag bits, packed per 8 in a byte, least significant bit first * (<= 2*N-1 bits) * The size constraints follow from this. */ class CPartialMerkleTree { protected: /** the total number of transactions in the block */ unsigned int nTransactions; /** node-is-parent-of-matched-txid bits */ std::vector vBits; /** txids and internal hashes */ std::vector vHash; /** flag set when encountering invalid data */ bool fBad; - /** helper function to efficiently calculate the number of nodes at given - * height in the merkle tree. */ + /** + * Helper function to efficiently calculate the number of nodes at given + * height in the merkle tree. + */ unsigned int CalcTreeWidth(int height) { return (nTransactions + (1 << height) - 1) >> height; } - /** Calculate the hash of a node in the merkle tree (at leaf level: the - * txid's themselves) */ + /** + * Calculate the hash of a node in the merkle tree (at leaf level: the + * txid's themselves) + */ uint256 CalcHash(int height, unsigned int pos, const std::vector &vTxid); - /** Recursive function that traverses tree nodes, storing the data as bits - * and hashes. */ + /** + * Recursive function that traverses tree nodes, storing the data as bits + * and hashes. + */ void TraverseAndBuild(int height, unsigned int pos, const std::vector &vTxid, const std::vector &vMatch); /** * Recursive function that traverses tree nodes, consuming the bits and * hashes produced by TraverseAndBuild. It returns the hash of the * respective node and its respective index. */ uint256 TraverseAndExtract(int height, unsigned int pos, unsigned int &nBitsUsed, unsigned int &nHashUsed, std::vector &vMatch, std::vector &vnIndex); public: /** serialization implementation */ ADD_SERIALIZE_METHODS; template inline void SerializationOp(Stream &s, Operation ser_action) { READWRITE(nTransactions); READWRITE(vHash); std::vector vBytes; if (ser_action.ForRead()) { READWRITE(vBytes); CPartialMerkleTree &us = *(const_cast(this)); us.vBits.resize(vBytes.size() * 8); - for (unsigned int p = 0; p < us.vBits.size(); p++) + for (unsigned int p = 0; p < us.vBits.size(); p++) { us.vBits[p] = (vBytes[p / 8] & (1 << (p % 8))) != 0; + } us.fBad = false; } else { vBytes.resize((vBits.size() + 7) / 8); - for (unsigned int p = 0; p < vBits.size(); p++) + for (unsigned int p = 0; p < vBits.size(); p++) { vBytes[p / 8] |= vBits[p] << (p % 8); + } READWRITE(vBytes); } } - /** Construct a partial merkle tree from a list of transaction ids, and a - * mask that selects a subset of them. */ + /** + * Construct a partial merkle tree from a list of transaction ids, and a + * mask that selects a subset of them. + */ CPartialMerkleTree(const std::vector &vTxid, const std::vector &vMatch); CPartialMerkleTree(); /** * Extract the matching txid's represented by this partial merkle tree and * their respective indices within the partial tree. Returns the merkle - * root, or 0 in case of failure + * root, or 0 in case of failure. */ uint256 ExtractMatches(std::vector &vMatch, std::vector &vnIndex); }; /** * Used to relay blocks as header + vector * to filtered nodes. */ class CMerkleBlock { public: /** Public only for unit testing */ CBlockHeader header; CPartialMerkleTree txn; public: /** Public only for unit testing and relay testing (not relayed) */ std::vector> vMatchedTxn; /** * Create from a CBlock, filtering transactions according to filter. Note * that this will call IsRelevantAndUpdate on the filter for each * transaction, thus the filter will likely be modified. */ CMerkleBlock(const CBlock &block, CBloomFilter &filter); // Create from a CBlock, matching the txids in the set. CMerkleBlock(const CBlock &block, const std::set &txids); CMerkleBlock() {} ADD_SERIALIZE_METHODS; template inline void SerializationOp(Stream &s, Operation ser_action) { READWRITE(header); READWRITE(txn); } }; #endif // BITCOIN_MERKLEBLOCK_H