2014-01-08 23:52:54 -06:00
|
|
|
// Copyright (c) 2013-2014 Conformal Systems LLC.
|
2013-07-18 09:49:28 -05:00
|
|
|
// Use of this source code is governed by an ISC
|
|
|
|
// license that can be found in the LICENSE file.
|
|
|
|
|
|
|
|
package btcchain
|
|
|
|
|
|
|
|
import (
|
2014-07-02 18:04:59 +02:00
|
|
|
"math"
|
|
|
|
|
2013-07-18 09:49:28 -05:00
|
|
|
"github.com/conformal/btcutil"
|
|
|
|
"github.com/conformal/btcwire"
|
|
|
|
)
|
|
|
|
|
|
|
|
// nextPowerOfTwo returns the next highest power of two from a given number if
|
|
|
|
// it is not already a power of two. This is a helper function used during the
|
|
|
|
// calculation of a merkle tree.
|
|
|
|
func nextPowerOfTwo(n int) int {
|
|
|
|
// Return the number if it's already a power of 2.
|
|
|
|
if n&(n-1) == 0 {
|
|
|
|
return n
|
|
|
|
}
|
|
|
|
|
|
|
|
// Figure out and return the next power of two.
|
|
|
|
exponent := uint(math.Log2(float64(n))) + 1
|
|
|
|
return 1 << exponent // 2^exponent
|
|
|
|
}
|
|
|
|
|
2014-05-22 13:29:39 -04:00
|
|
|
// HashMerkleBranches takes two hashes, treated as the left and right tree
|
2013-07-18 09:49:28 -05:00
|
|
|
// nodes, and returns the hash of their concatenation. This is a helper
|
2014-05-22 13:29:39 -04:00
|
|
|
// function used to aid in the generation of a merkle tree.
|
|
|
|
func HashMerkleBranches(left *btcwire.ShaHash, right *btcwire.ShaHash) *btcwire.ShaHash {
|
2013-07-18 09:49:28 -05:00
|
|
|
// Concatenate the left and right nodes.
|
|
|
|
var sha [btcwire.HashSize * 2]byte
|
|
|
|
copy(sha[:btcwire.HashSize], left.Bytes())
|
|
|
|
copy(sha[btcwire.HashSize:], right.Bytes())
|
|
|
|
|
|
|
|
// Create a new sha hash from the double sha 256. Ignore the error
|
|
|
|
// here since SetBytes can't fail here due to the fact DoubleSha256
|
|
|
|
// always returns a []byte of the right size regardless of input.
|
|
|
|
newSha, _ := btcwire.NewShaHash(btcwire.DoubleSha256(sha[:]))
|
|
|
|
return newSha
|
|
|
|
}
|
|
|
|
|
2014-03-01 21:16:06 -06:00
|
|
|
// BuildMerkleTreeStore creates a merkle tree from a slice of transactions,
|
|
|
|
// stores it using a linear array, and returns a slice of the backing array. A
|
|
|
|
// linear array was chosen as opposed to an actual tree structure since it uses
|
|
|
|
// about half as much memory. The following describes a merkle tree and how it
|
|
|
|
// is stored in a linear array.
|
2013-07-18 09:49:28 -05:00
|
|
|
//
|
|
|
|
// A merkle tree is a tree in which every non-leaf node is the hash of its
|
|
|
|
// children nodes. A diagram depicting how this works for bitcoin transactions
|
|
|
|
// where h(x) is a double sha256 follows:
|
|
|
|
//
|
|
|
|
// root = h1234 = h(h12 + h34)
|
|
|
|
// / \
|
|
|
|
// h12 = h(h1 + h2) h34 = h(h3 + h4)
|
|
|
|
// / \ / \
|
|
|
|
// h1 = h(tx1) h2 = h(tx2) h3 = h(tx3) h4 = h(tx4)
|
|
|
|
//
|
|
|
|
// The above stored as a linear array is as follows:
|
|
|
|
//
|
|
|
|
// [h1 h2 h3 h4 h12 h34 root]
|
|
|
|
//
|
|
|
|
// As the above shows, the merkle root is always the last element in the array.
|
|
|
|
//
|
|
|
|
// The number of inputs is not always a power of two which results in a
|
|
|
|
// balanced tree structure as above. In that case, parent nodes with no
|
|
|
|
// children are also zero and parent nodes with only a single left node
|
|
|
|
// are calculated by concatenating the left node with itself before hashing.
|
|
|
|
// Since this function uses nodes that are pointers to the hashes, empty nodes
|
|
|
|
// will be nil.
|
2014-03-01 21:16:06 -06:00
|
|
|
func BuildMerkleTreeStore(transactions []*btcutil.Tx) []*btcwire.ShaHash {
|
2013-07-18 09:49:28 -05:00
|
|
|
// Calculate how many entries are required to hold the binary merkle
|
|
|
|
// tree as a linear array and create an array of that size.
|
2014-03-01 21:16:06 -06:00
|
|
|
nextPoT := nextPowerOfTwo(len(transactions))
|
2013-07-18 09:49:28 -05:00
|
|
|
arraySize := nextPoT*2 - 1
|
|
|
|
merkles := make([]*btcwire.ShaHash, arraySize)
|
|
|
|
|
|
|
|
// Create the base transaction shas and populate the array with them.
|
2014-03-01 21:16:06 -06:00
|
|
|
for i, tx := range transactions {
|
2013-10-28 15:17:53 -05:00
|
|
|
merkles[i] = tx.Sha()
|
2013-07-18 09:49:28 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
// Start the array offset after the last transaction and adjusted to the
|
|
|
|
// next power of two.
|
|
|
|
offset := nextPoT
|
|
|
|
for i := 0; i < arraySize-1; i += 2 {
|
|
|
|
switch {
|
|
|
|
// When there is no left child node, the parent is nil too.
|
|
|
|
case merkles[i] == nil:
|
|
|
|
merkles[offset] = nil
|
|
|
|
|
|
|
|
// When there is no right child, the parent is generated by
|
|
|
|
// hashing the concatenation of the left child with itself.
|
|
|
|
case merkles[i+1] == nil:
|
2014-05-22 13:29:39 -04:00
|
|
|
newSha := HashMerkleBranches(merkles[i], merkles[i])
|
2013-07-18 09:49:28 -05:00
|
|
|
merkles[offset] = newSha
|
|
|
|
|
|
|
|
// The normal case sets the parent node to the double sha256
|
|
|
|
// of the concatentation of the left and right children.
|
|
|
|
default:
|
2014-05-22 13:29:39 -04:00
|
|
|
newSha := HashMerkleBranches(merkles[i], merkles[i+1])
|
2013-07-18 09:49:28 -05:00
|
|
|
merkles[offset] = newSha
|
|
|
|
}
|
|
|
|
offset++
|
|
|
|
}
|
|
|
|
|
|
|
|
return merkles
|
|
|
|
}
|