2023-10-21 17:00:30 +00:00
|
|
|
/*
|
|
|
|
* This file is part of the Monero P2Pool <https://github.com/SChernykh/p2pool>
|
2024-01-02 13:28:00 +00:00
|
|
|
* Copyright (c) 2021-2024 SChernykh <https://github.com/SChernykh>
|
2023-10-21 17:00:30 +00:00
|
|
|
*
|
|
|
|
* This program is free software: you can redistribute it and/or modify
|
|
|
|
* it under the terms of the GNU General Public License as published by
|
|
|
|
* the Free Software Foundation, version 3.
|
|
|
|
*
|
|
|
|
* This program is distributed in the hope that it will be useful, but
|
|
|
|
* WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
|
|
* General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
*/
|
|
|
|
|
|
|
|
#include "common.h"
|
|
|
|
#include "keccak.h"
|
|
|
|
#include "merkle.h"
|
2023-10-22 21:31:07 +00:00
|
|
|
#include "keccak.h"
|
2023-10-24 12:13:36 +00:00
|
|
|
#include "sha256.h"
|
2023-10-21 17:00:30 +00:00
|
|
|
|
|
|
|
namespace p2pool {
|
|
|
|
|
2023-12-23 09:17:49 +00:00
|
|
|
void merkle_hash(const std::vector<hash>& hashes, root_hash& root)
|
2023-10-21 17:00:30 +00:00
|
|
|
{
|
|
|
|
const size_t count = hashes.size();
|
|
|
|
const uint8_t* h = hashes[0].h;
|
|
|
|
|
|
|
|
if (count == 1) {
|
2023-12-23 09:17:49 +00:00
|
|
|
root = root_hash(hashes[0]);
|
2023-10-21 17:00:30 +00:00
|
|
|
}
|
|
|
|
else if (count == 2) {
|
|
|
|
keccak(h, HASH_SIZE * 2, root.h);
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
size_t cnt = 1;
|
|
|
|
do { cnt <<= 1; } while (cnt <= count);
|
|
|
|
cnt >>= 1;
|
|
|
|
|
|
|
|
std::vector<hash> tmp_ints(cnt);
|
|
|
|
|
|
|
|
const size_t k = cnt * 2 - count;
|
|
|
|
memcpy(tmp_ints.data(), h, k * HASH_SIZE);
|
|
|
|
|
|
|
|
for (size_t i = k, j = k; j < cnt; i += 2, ++j) {
|
|
|
|
keccak(h + i * HASH_SIZE, HASH_SIZE * 2, tmp_ints[j].h);
|
|
|
|
}
|
|
|
|
|
|
|
|
while (cnt > 2) {
|
|
|
|
cnt >>= 1;
|
|
|
|
for (size_t i = 0, j = 0; j < cnt; i += 2, ++j) {
|
|
|
|
keccak(tmp_ints[i].h, HASH_SIZE * 2, tmp_ints[j].h);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
keccak(tmp_ints[0].h, HASH_SIZE * 2, root.h);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2023-10-21 20:45:07 +00:00
|
|
|
void merkle_hash_full_tree(const std::vector<hash>& hashes, std::vector<std::vector<hash>>& tree)
|
|
|
|
{
|
|
|
|
const size_t count = hashes.size();
|
|
|
|
const uint8_t* h = hashes[0].h;
|
|
|
|
|
|
|
|
tree.clear();
|
|
|
|
|
|
|
|
if (count == 1) {
|
|
|
|
tree.push_back(hashes);
|
|
|
|
}
|
|
|
|
else if (count == 2) {
|
|
|
|
hash tmp;
|
|
|
|
keccak(h, HASH_SIZE * 2, tmp.h);
|
|
|
|
|
|
|
|
tree.reserve(2);
|
|
|
|
tree.push_back(hashes);
|
|
|
|
tree.emplace_back(1, tmp);
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
size_t cnt = 1, height = 1;
|
|
|
|
do {
|
|
|
|
cnt <<= 1;
|
|
|
|
++height;
|
|
|
|
} while (cnt <= count);
|
|
|
|
cnt >>= 1;
|
|
|
|
|
|
|
|
tree.reserve(height);
|
|
|
|
tree.push_back(hashes);
|
|
|
|
|
|
|
|
tree.emplace_back(cnt);
|
|
|
|
{
|
|
|
|
std::vector<hash>& cur = tree.back();
|
|
|
|
|
|
|
|
const size_t k = cnt * 2 - count;
|
|
|
|
memcpy(cur.data(), h, k * HASH_SIZE);
|
|
|
|
|
|
|
|
for (size_t i = k, j = k; j < cnt; i += 2, ++j) {
|
|
|
|
keccak(h + i * HASH_SIZE, HASH_SIZE * 2, cur[j].h);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
while (cnt > 1) {
|
|
|
|
cnt >>= 1;
|
|
|
|
|
|
|
|
tree.emplace_back(cnt);
|
|
|
|
|
|
|
|
const std::vector<hash>& prev = tree[tree.size() - 2];
|
|
|
|
std::vector<hash>& cur = tree[tree.size() - 1];
|
|
|
|
|
|
|
|
cur.resize(cnt);
|
|
|
|
|
|
|
|
for (size_t i = 0, j = 0; j < cnt; i += 2, ++j) {
|
|
|
|
keccak(prev[i].h, HASH_SIZE * 2, cur[j].h);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2024-05-10 13:20:27 +00:00
|
|
|
bool get_merkle_proof(const std::vector<std::vector<hash>>& tree, const hash& h, std::vector<hash>& proof, uint32_t& path)
|
2023-10-22 21:31:07 +00:00
|
|
|
{
|
|
|
|
if (tree.empty()) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
const std::vector<hash>& hashes = tree[0];
|
|
|
|
const size_t count = hashes.size();
|
|
|
|
|
|
|
|
size_t index = 0;
|
|
|
|
|
|
|
|
while ((index < count) && (hashes[index] != h)) {
|
|
|
|
++index;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (index >= count) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
proof.clear();
|
2024-05-10 13:20:27 +00:00
|
|
|
path = 0;
|
2023-10-22 21:31:07 +00:00
|
|
|
|
|
|
|
if (count == 1) {
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
else if (count == 2) {
|
2023-12-10 18:24:05 +00:00
|
|
|
proof.emplace_back(hashes[index ^ 1]);
|
2024-05-10 13:20:27 +00:00
|
|
|
path = index & 1;
|
2023-10-22 21:31:07 +00:00
|
|
|
}
|
|
|
|
else {
|
|
|
|
size_t cnt = 1;
|
|
|
|
do { cnt <<= 1; } while (cnt <= count);
|
|
|
|
cnt >>= 1;
|
|
|
|
|
|
|
|
const size_t k = cnt * 2 - count;
|
|
|
|
|
|
|
|
if (index >= k) {
|
|
|
|
index -= k;
|
|
|
|
const size_t j = (index ^ 1) + k;
|
|
|
|
if (j >= count) {
|
|
|
|
return false;
|
|
|
|
}
|
2023-12-10 18:24:05 +00:00
|
|
|
proof.emplace_back(hashes[j]);
|
2024-05-10 13:20:27 +00:00
|
|
|
path = index & 1;
|
2023-10-22 21:31:07 +00:00
|
|
|
index = (index >> 1) + k;
|
|
|
|
}
|
|
|
|
|
|
|
|
const size_t n = tree.size();
|
|
|
|
|
|
|
|
for (size_t i = 1; cnt >= 2; ++i, index >>= 1, cnt >>= 1) {
|
|
|
|
const size_t j = index ^ 1;
|
|
|
|
if ((i >= n) || (j >= tree[i].size())) {
|
|
|
|
return false;
|
|
|
|
}
|
2023-12-10 18:24:05 +00:00
|
|
|
proof.emplace_back(tree[i][j]);
|
2024-05-10 13:20:27 +00:00
|
|
|
path = (static_cast<uint64_t>(path) << 1) | (index & 1);
|
2023-10-22 21:31:07 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
2023-12-23 09:17:49 +00:00
|
|
|
root_hash get_root_from_proof(hash h, const std::vector<hash>& proof, size_t index, size_t count)
|
2023-10-23 17:21:45 +00:00
|
|
|
{
|
2023-10-25 20:54:25 +00:00
|
|
|
if (count == 1) {
|
2023-12-23 09:17:49 +00:00
|
|
|
return root_hash(h);
|
2023-10-25 20:54:25 +00:00
|
|
|
}
|
|
|
|
|
2023-10-23 17:21:45 +00:00
|
|
|
if (index >= count) {
|
2023-12-23 09:17:49 +00:00
|
|
|
return root_hash();
|
2023-10-23 17:21:45 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
hash tmp[2];
|
|
|
|
|
2023-10-25 20:54:25 +00:00
|
|
|
if (count == 2) {
|
2023-10-23 17:21:45 +00:00
|
|
|
if (proof.empty()) {
|
2023-12-23 09:17:49 +00:00
|
|
|
return root_hash();
|
2023-10-23 17:21:45 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if (index & 1) {
|
|
|
|
tmp[0] = proof[0];
|
|
|
|
tmp[1] = h;
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
tmp[0] = h;
|
|
|
|
tmp[1] = proof[0];
|
|
|
|
}
|
|
|
|
|
|
|
|
keccak(tmp[0].h, HASH_SIZE * 2, h.h);
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
size_t cnt = 1;
|
|
|
|
do { cnt <<= 1; } while (cnt <= count);
|
|
|
|
cnt >>= 1;
|
|
|
|
|
|
|
|
size_t proof_index = 0;
|
|
|
|
|
|
|
|
const size_t k = cnt * 2 - count;
|
|
|
|
|
|
|
|
if (index >= k) {
|
|
|
|
index -= k;
|
|
|
|
|
2023-10-24 08:55:08 +00:00
|
|
|
if (proof.empty()) {
|
2023-12-23 09:17:49 +00:00
|
|
|
return root_hash();
|
2023-10-23 17:21:45 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if (index & 1) {
|
2023-10-24 08:55:08 +00:00
|
|
|
tmp[0] = proof[0];
|
2023-10-23 17:21:45 +00:00
|
|
|
tmp[1] = h;
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
tmp[0] = h;
|
2023-10-24 08:55:08 +00:00
|
|
|
tmp[1] = proof[0];
|
2023-10-23 17:21:45 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
keccak(tmp[0].h, HASH_SIZE * 2, h.h);
|
|
|
|
|
|
|
|
index = (index >> 1) + k;
|
2023-10-24 08:55:08 +00:00
|
|
|
proof_index = 1;
|
2023-10-23 17:21:45 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
for (; cnt >= 2; ++proof_index, index >>= 1, cnt >>= 1) {
|
|
|
|
if (proof_index >= proof.size()) {
|
2023-12-23 09:17:49 +00:00
|
|
|
return root_hash();
|
2023-10-23 17:21:45 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if (index & 1) {
|
|
|
|
tmp[0] = proof[proof_index];
|
|
|
|
tmp[1] = h;
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
tmp[0] = h;
|
|
|
|
tmp[1] = proof[proof_index];
|
|
|
|
}
|
|
|
|
|
|
|
|
keccak(tmp[0].h, HASH_SIZE * 2, h.h);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2023-12-23 09:17:49 +00:00
|
|
|
return root_hash(h);
|
2023-10-25 18:06:12 +00:00
|
|
|
}
|
|
|
|
|
2023-12-23 09:17:49 +00:00
|
|
|
bool verify_merkle_proof(hash h, const std::vector<hash>& proof, size_t index, size_t count, const root_hash& root)
|
2023-10-25 18:06:12 +00:00
|
|
|
{
|
|
|
|
return get_root_from_proof(h, proof, index, count) == root;
|
2023-10-23 17:21:45 +00:00
|
|
|
}
|
|
|
|
|
2024-05-10 13:20:27 +00:00
|
|
|
bool verify_merkle_proof(hash h, const std::vector<hash>& proof, uint32_t path, const root_hash& root)
|
|
|
|
{
|
|
|
|
for (size_t d = 0, depth = proof.size(); d < depth; ++d) {
|
|
|
|
hash tmp[2];
|
|
|
|
|
|
|
|
if ((path >> (depth - d - 1)) & 1) {
|
|
|
|
tmp[0] = proof[d];
|
|
|
|
tmp[1] = h;
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
tmp[0] = h;
|
|
|
|
tmp[1] = proof[d];
|
|
|
|
}
|
|
|
|
|
|
|
|
keccak(tmp[0].h, HASH_SIZE * 2, h.h);
|
|
|
|
}
|
|
|
|
|
|
|
|
return h == root;
|
|
|
|
}
|
|
|
|
|
2023-10-24 12:13:36 +00:00
|
|
|
uint32_t get_aux_slot(const hash &id, uint32_t nonce, uint32_t n_aux_chains)
|
|
|
|
{
|
|
|
|
if (n_aux_chains <= 1) {
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
constexpr uint8_t HASH_KEY_MM_SLOT = 'm';
|
|
|
|
|
|
|
|
uint8_t buf[HASH_SIZE + sizeof(uint32_t) + 1];
|
|
|
|
|
|
|
|
memcpy(buf, &id, HASH_SIZE);
|
|
|
|
memcpy(buf + HASH_SIZE, &nonce, sizeof(uint32_t));
|
|
|
|
buf[HASH_SIZE + sizeof(uint32_t)] = HASH_KEY_MM_SLOT;
|
|
|
|
|
|
|
|
hash res;
|
|
|
|
sha256(buf, sizeof(buf), res.h);
|
|
|
|
|
|
|
|
return *reinterpret_cast<uint32_t*>(res.h) % n_aux_chains;
|
|
|
|
}
|
|
|
|
|
2023-10-25 18:06:12 +00:00
|
|
|
bool find_aux_nonce(const std::vector<hash>& aux_id, uint32_t& nonce, uint32_t max_nonce)
|
|
|
|
{
|
|
|
|
const uint32_t n_aux_chains = static_cast<uint32_t>(aux_id.size());
|
|
|
|
|
|
|
|
if (n_aux_chains <= 1) {
|
|
|
|
nonce = 0;
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
std::vector<bool> slots;
|
|
|
|
|
|
|
|
for (uint32_t i = 0;; ++i) {
|
|
|
|
slots.assign(n_aux_chains, false);
|
|
|
|
|
|
|
|
uint32_t j;
|
|
|
|
for (j = 0; j < n_aux_chains; ++j) {
|
|
|
|
const uint32_t k = get_aux_slot(aux_id[j], i, n_aux_chains);
|
|
|
|
if (slots[k]) {
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
slots[k] = true;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (j >= n_aux_chains) {
|
|
|
|
nonce = i;
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (i == max_nonce) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2023-10-21 17:00:30 +00:00
|
|
|
} // namespace p2pool
|