proof fixes

abenso · abenso · commit 22849d455e35 · 2025-04-18T14:59:30.000-03:00
diff --git a/app/src/schema_proof.c b/app/src/schema_proof.c
@@ -28,13 +28,19 @@
 const uint8_t LEAF_PREFIX = 0x00;
 const uint8_t INNER_PREFIX = 0x01;
 
+static parser_error_t check_range_proof_inner(proof_t *proof, uint32_t start_index, uint32_t subtrie_size, uint32_t offset);
+
 /**
  * @brief Calculate the largest power of two which is strictly less than the argument.
  *
  * @param n The input value.
  * @return The largest power of two which is strictly less than the argument.
  */
 static uint32_t next_smaller_po2(uint32_t n) {
+    if (n == 0) {
+        return 0;
+    }
+
     if ((n & (n - 1)) == 0) {
         return n >> 1;
     }
@@ -44,6 +50,11 @@ static uint32_t next_smaller_po2(uint32_t n) {
     n |= n >> 4;
     n |= n >> 8;
     n |= n >> 16;
+
+    if (n == UINT32_MAX) {
+        return (UINT32_MAX >> 1) + 1;
+    }
+
     n += 1;
 
     // Return the next smaller power of two
@@ -85,6 +96,9 @@ parser_error_t compute_tree_size(uint32_t num_right_siblings, uint32_t index_of_
 
     while (remaining_right_siblings > 0) {
         if ((index_of_final_node & mask) == 0) {
+            if (index_of_final_node > UINT32_MAX - mask) {
+                return parser_value_out_of_range;
+            }
             index_of_final_node |= mask;
             remaining_right_siblings--;
         }
@@ -128,6 +142,10 @@ static parser_error_t hash_leaf(proof_t *proof) {
 // Declaring array sizes as static will trigger a warning if the user pass an array smaller than the size
 static parser_error_t merge_branches(const uint8_t left[CX_SHA256_SIZE], const uint8_t right[CX_SHA256_SIZE],
                                      uint8_t output[CX_SHA256_SIZE]) {
+    CHECK_INPUT(left);
+    CHECK_INPUT(right);
+    CHECK_INPUT(output);
+
     bytes_t buffer_left = {0};
     buffer_left.ptr = left;
     buffer_left.len = CX_SHA256_SIZE;
@@ -151,82 +169,87 @@ static parser_error_t merge_branches(const uint8_t left[CX_SHA256_SIZE], const u
     return parser_ok;
 }
 
+/**
+ * @brief Get the subtree hash.
+ *
+ * @param proof The proof structure containing the necessary data.
+ * @param start_index The start index.
+ * @param subtrie_size The subtrie size.
+ * @param offset The offset.
+ * @param hash The output buffer for the hash.
+ * @return parser_error_t Error code indicating the result of the operation.
+ */
+static parser_error_t get_subtree_hash(proof_t *proof, uint32_t start_index, uint32_t subtrie_size, uint32_t offset,
+                                       const uint8_t **hash) {
+    CHECK_INPUT(proof);
+    CHECK_INPUT(proof->hash);
+    CHECK_INPUT(hash);
+
+    if (subtrie_size == 1) {
+        *hash = proof->hash;
+    } else {
+        CHECK_ERROR(check_range_proof_inner(proof, start_index, subtrie_size, offset));
+        *hash = proof->hash;
+    }
+    return parser_ok;
+}
+
+/**
+ * @brief Get the lemma hash.
+ *
+ * @param proof The proof structure containing the necessary data.
+ * @param hash The output buffer for the hash.
+ * @return parser_error_t Error code indicating the result of the operation.
+ */
+static parser_error_t get_lemma_hash(proof_t *proof, const uint8_t **hash) {
+    CHECK_INPUT(proof);
+    CHECK_INPUT(hash);
+
+    if (proof->lemma_index < 0) {
+        return parser_value_out_of_range;
+    }
+    uint32_t offset = CX_SHA256_SIZE * proof->lemma_index;
+    if (offset >= proof->lemmas.data.buffer.len) {
+        return parser_value_out_of_range;
+    }
+    *hash = proof->lemmas.data.buffer.ptr + offset;
+    proof->lemma_index--;
+    return parser_ok;
+}
+
+/**
+ * @brief Recursively check the range proof inner to merge the branches of the proof.
+ *
+ * @param proof The proof structure containing the necessary data.
+ * @param start_index The start index.
+ * @param subtrie_size The subtrie size.
+ * @param offset The offset.
+ * @return parser_error_t Error code indicating the result of the operation.
+ */
 static parser_error_t check_range_proof_inner(proof_t *proof, uint32_t start_index, uint32_t subtrie_size, uint32_t offset) {
     CHECK_INPUT(proof);
 
     uint32_t split_index = next_smaller_po2(subtrie_size);
-    print_u32("split_point:", split_index);
-
     uint32_t leaves_end_idx = (proof->indices.entries + start_index) - 1;
-    print_u32("leaves_end_idx:", leaves_end_idx);
-
-    // TODO: remove this
-    bytes_t buffer_left = {0};
-    bytes_t buffer_right = {0};
 
     // Check right subtree
     const uint8_t *right;
     if (leaves_end_idx >= (split_index + offset)) {
         uint32_t right_subtrie_size = subtrie_size - split_index;
-        if (right_subtrie_size == 1) {
-            right = proof->hash;
-
-            buffer_right.ptr = right;
-            buffer_right.len = CX_SHA256_SIZE;
-            print_buffer(&buffer_right, "right inside if true");
-        } else {
-            print_u32("right inside else:", right_subtrie_size);
-            CHECK_ERROR(check_range_proof_inner(proof, start_index, right_subtrie_size, offset + split_index));
-            right = proof->hash;
-        }
+        CHECK_ERROR(get_subtree_hash(proof, start_index, right_subtrie_size, offset + split_index, &right));
     } else {
-        if (proof->lemmas_ctx.last_index < 0) {
-            return parser_value_out_of_range;
-        }
-        right = proof->lemmas_ctx.lemmas.data.buffer.ptr + CX_SHA256_SIZE * proof->lemmas_ctx.last_index;
-        proof->lemmas_ctx.last_index--;
-
-        buffer_right.ptr = right;
-        buffer_right.len = CX_SHA256_SIZE;
-        print_buffer(&buffer_right, "proof right outside if else");
+        CHECK_ERROR(get_lemma_hash(proof, &right));
     }
 
     // Check left subtree
     const uint8_t *left;
     if (start_index < (split_index + offset)) {
         uint32_t left_subtrie_size = split_index;
-        if (left_subtrie_size == 1) {
-            left = proof->hash;
-
-            buffer_left.ptr = left;
-            buffer_left.len = CX_SHA256_SIZE;
-            print_buffer(&buffer_left, "left inside if true");
-        } else {
-            print_u32("left inside else:", left_subtrie_size);
-            CHECK_ERROR(check_range_proof_inner(proof, start_index, left_subtrie_size, offset));
-            left = proof->hash;
-        }
+        CHECK_ERROR(get_subtree_hash(proof, start_index, left_subtrie_size, offset, &left));
     } else {
-        left = proof->lemmas_ctx.lemmas.data.buffer.ptr + CX_SHA256_SIZE * proof->lemmas_ctx.last_index;
-        if (proof->lemmas_ctx.last_index < 0) {
-            return parser_value_out_of_range;
-        }
-        proof->lemmas_ctx.last_index--;
-
-        buffer_left.ptr = left;
-        buffer_left.len = CX_SHA256_SIZE;
-        print_buffer(&buffer_left, "proof left outside if else");
+        CHECK_ERROR(get_lemma_hash(proof, &left));
     }
 
-    print_string("MERGING LEFT AND RIGHT");
-
-    buffer_left.ptr = left;
-    buffer_left.len = CX_SHA256_SIZE;
-    print_buffer(&buffer_left, "left outside if else");
-
-    buffer_right.ptr = right;
-    buffer_right.len = CX_SHA256_SIZE;
-    print_buffer(&buffer_right, "right outside if else");
     merge_branches(left, right, proof->hash);
 
     return parser_ok;
@@ -253,10 +276,10 @@ static parser_error_t get_hash_single_proof(uint32_t index, proof_t *proof) {
     uint32_t num_left_siblings = compute_num_left_siblings(index);
 
     // Get the number of right siblings needed
-    if (num_left_siblings > proof->lemmas_ctx.lemmas.entries) {
+    if (num_left_siblings > proof->lemmas.entries) {
         return parser_value_out_of_range;
     }
-    uint32_t num_right_siblings = proof->lemmas_ctx.lemmas.entries - num_left_siblings;
+    uint32_t num_right_siblings = proof->lemmas.entries - num_left_siblings;
     print_u32("num_left_siblings:", num_left_siblings);
     print_u32("num_right_siblings:", num_right_siblings);
 
@@ -277,17 +300,22 @@ static parser_error_t get_hash_single_proof(uint32_t index, proof_t *proof) {
  * @return parser_error_t Error code indicating the result of the operation.
  */
 parser_error_t get_root_hash(const merkle_proof_t *metadata, uint8_t metadataDigest[CX_SHA256_SIZE]) {
+    CHECK_INPUT(metadata);
+    CHECK_INPUT(metadataDigest);
+
     proof_t proof = {0};
     proof.leaves = metadata->leaves;
-    proof.lemmas_ctx = metadata->lemmas_ctx;
+    proof.lemmas = metadata->lemmas;
     proof.indices = metadata->indices;
+    proof.lemma_index = metadata->lemmas.entries - 1;
+    MEMSET(proof.hash, 0, CX_SHA256_SIZE);
 
     print_buffer(&proof.leaves.data.buffer, "leaves data");
     print_u32("leaves.qty:", proof.leaves.entries);
     print_buffer(&proof.indices.indices.buffer, "indices");
     print_u32("indices.qty:", proof.indices.entries);
-    print_buffer(&proof.lemmas_ctx.lemmas.data.buffer, "lemmas");
-    print_u32("lemmas.qty:", proof.lemmas_ctx.lemmas.entries);
+    print_buffer(&proof.lemmas.data.buffer, "lemmas");
+    print_u32("lemmas.qty:", proof.lemmas.entries);
 
     uint32_t leaves_start = 0;
     CHECK_ERROR(read_u32(&proof.indices.indices, &leaves_start));
@@ -301,12 +329,17 @@ parser_error_t get_root_hash(const merkle_proof_t *metadata, uint8_t metadataDig
 
 parser_error_t verify_merkle_proofs(const merkle_proof_t *metadata) {
     CHECK_INPUT(metadata);
+    CHECK_INPUT(metadata->root_hash.ptr);
+
+    if (metadata->root_hash.len < CX_SHA256_SIZE) {
+        return parser_unexpected_buffer_end;
+    }
 
     uint8_t root_hash[CX_SHA256_SIZE] = {0};
     CHECK_ERROR(get_root_hash(metadata, root_hash));
 
     // compare root_hash received with computed root_hash
-    if (memcmp(metadata->root_hash.ptr, root_hash, 32) != 0) {
+    if (memcmp(metadata->root_hash.ptr, root_hash, CX_SHA256_SIZE) != 0) {
         return parser_unexpected_root_hash;
     }
 
diff --git a/app/src/schema_proof.h b/app/src/schema_proof.h
@@ -31,7 +31,8 @@ typedef struct {
     uint8_t hash[CX_SHA256_SIZE];
     merkle_leaves_data_t leaves;
     merkle_leaves_indices_t indices;
-    merkle_lemmas_ctx_t lemmas_ctx;
+    merkle_lemmas_t lemmas;
+    int64_t lemma_index;
 } proof_t;
 
 parser_error_t get_root_hash(const merkle_proof_t *metadata, uint8_t metadataDigest[CX_SHA256_SIZE]);
diff --git a/app/src/schema_reader.c b/app/src/schema_reader.c
@@ -946,15 +946,14 @@ parser_error_t merkle_proofs_read(parser_context_t *ctx, parser_tx_t *txObj) {
     CHECK_INPUT(ctx);
     CHECK_INPUT(txObj);
 
-    CHECK_ERROR(read_u32(ctx, &txObj->merkle_proofs.lemmas_ctx.lemmas.entries));
-    print_u32("registry_qty:", txObj->merkle_proofs.lemmas_ctx.lemmas.entries);
-    txObj->merkle_proofs.lemmas_ctx.last_index = txObj->merkle_proofs.lemmas_ctx.lemmas.entries - 1;
+    CHECK_ERROR(read_u32(ctx, &txObj->merkle_proofs.lemmas.entries));
+    print_u32("registry_qty:", txObj->merkle_proofs.lemmas.entries);
 
     // read short_registry
-    txObj->merkle_proofs.lemmas_ctx.lemmas.data.buffer.ptr = ctx->buffer.ptr + ctx->offset;
-    txObj->merkle_proofs.lemmas_ctx.lemmas.data.buffer.len = txObj->merkle_proofs.lemmas_ctx.lemmas.entries * 32;
-    CTX_CHECK_AND_ADVANCE(ctx, txObj->merkle_proofs.lemmas_ctx.lemmas.data.buffer.len);
-    print_buffer(&txObj->merkle_proofs.lemmas_ctx.lemmas.data.buffer, "lemmas");
+    txObj->merkle_proofs.lemmas.data.buffer.ptr = ctx->buffer.ptr + ctx->offset;
+    txObj->merkle_proofs.lemmas.data.buffer.len = txObj->merkle_proofs.lemmas.entries * 32;
+    CTX_CHECK_AND_ADVANCE(ctx, txObj->merkle_proofs.lemmas.data.buffer.len);
+    print_buffer(&txObj->merkle_proofs.lemmas.data.buffer, "lemmas");
 
     // read schema
     uint8_t schema_type = 0;
diff --git a/app/src/txdefs/merkle_txdef.h b/app/src/txdefs/merkle_txdef.h
@@ -36,15 +36,10 @@ typedef struct {
     parser_context_t data;
 } merkle_lemmas_t;
 
-typedef struct {
-    int64_t last_index;
-    merkle_lemmas_t lemmas;
-} merkle_lemmas_ctx_t;
-
 typedef struct {
     merkle_leaves_data_t leaves;
     merkle_leaves_indices_t indices;
-    merkle_lemmas_ctx_t lemmas_ctx;
+    merkle_lemmas_t lemmas;
     bytes_t root_hash;
 } merkle_proof_t;
 
diff --git a/tests/parser_impl.cpp b/tests/parser_impl.cpp
