From 2190133ce7df18ed9d0da8e94eb9c8b17eba20e0 Mon Sep 17 00:00:00 2001 From: Michal Nazarewicz Date: Mon, 20 Nov 2023 14:54:21 +0100 Subject: [PATCH 1/4] solana-ibc: store proof of client id together with client state MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit As we parse client ids we strip out the client type. This means that ‘foo-42’ and ‘bar-42’ are internally represented as 42. To avoid confusion, we keep the client ids in private storage and whenever we index client data by the number we check that the full client id matches. However, that information isn’t currently available in provable storage (i.e. it’s not verifiable by light clients). Change hash we’re storing under client state path to include the client id. This way, light clients will be able to verify that indexes they’re extracting from the client id match the client id they are given. Issue: https://github.com/ComposableFi/emulated-light-client/issues/35 --- common/lib/src/hash.rs | 29 ++++++++++++++++--- .../solana-ibc/src/execution_context.rs | 7 ++++- .../programs/solana-ibc/src/storage.rs | 2 ++ .../solana-ibc/src/storage/trie_key.rs | 7 +++++ 4 files changed, 40 insertions(+), 5 deletions(-) diff --git a/common/lib/src/hash.rs b/common/lib/src/hash.rs index 269ae12c..c7c8c87a 100644 --- a/common/lib/src/hash.rs +++ b/common/lib/src/hash.rs @@ -43,10 +43,31 @@ impl CryptoHash { /// Returns hash of given bytes. #[inline] - pub fn digest(bytes: &[u8]) -> Self { - let mut builder = Self::builder(); - builder.update(bytes); - builder.build() + pub fn digest(bytes: &[u8]) -> Self { Self::digestv(&[bytes]) } + + /// Returns hash of consternation of given byte slices. + /// + /// This is morally equivalent to feeding all the slices into the builder + /// one-by-one or concatenating them into a single buffer and hashing it in + /// a single step. + /// + /// Depending on platform this call may be more efficient. Most notably, + /// Solana offers a vectorised syscall for calculating a SHA-2 256 digest + /// and this method will pass the request directly to it. + #[inline] + pub fn digestv(slices: &[&[u8]]) -> Self { + #[cfg(target_os = "solana")] + { + Self(solana_program::hash::hashv(slices).to_bytes()) + } + #[cfg(not(target_os = "solana"))] + { + let mut builder = Self::builder(); + for bytes in slices { + builder.update(bytes); + } + builder.build() + } } /// Decodes a base64 string representation of the hash. diff --git a/solana/solana-ibc/programs/solana-ibc/src/execution_context.rs b/solana/solana-ibc/programs/solana-ibc/src/execution_context.rs index 7b6e55db..5f0debc2 100644 --- a/solana/solana-ibc/programs/solana-ibc/src/execution_context.rs +++ b/solana/solana-ibc/programs/solana-ibc/src/execution_context.rs @@ -43,7 +43,12 @@ impl ClientExecutionContext for IbcStorage<'_, '_> { msg!("store_client_state({}, {:?})", path, state); let mut store = self.borrow_mut(); let mut client = store.private.client_mut(&path.0, true)?; - let hash = client.client_state.set(&state)?.digest(); + let serialised = client.client_state.set(&state)?; + let hash = CryptoHash::digestv(&[ + path.0.as_bytes(), + &[0], + serialised.as_bytes(), + ]); let key = TrieKey::for_client_state(client.index); store.provable.set(&key, &hash).map_err(error) } diff --git a/solana/solana-ibc/programs/solana-ibc/src/storage.rs b/solana/solana-ibc/programs/solana-ibc/src/storage.rs index 6315bbbc..b0041814 100644 --- a/solana/solana-ibc/programs/solana-ibc/src/storage.rs +++ b/solana/solana-ibc/programs/solana-ibc/src/storage.rs @@ -350,6 +350,8 @@ pub(crate) struct Serialised(Vec, core::marker::PhantomData); impl Serialised { pub fn empty() -> Self { Self(Vec::new(), core::marker::PhantomData) } + pub fn as_bytes(&self) -> &[u8] { self.0.as_slice() } + pub fn digest(&self) -> CryptoHash { CryptoHash::digest(self.0.as_slice()) } fn make_err(err: io::Error) -> ibc::ClientError { diff --git a/solana/solana-ibc/programs/solana-ibc/src/storage/trie_key.rs b/solana/solana-ibc/programs/solana-ibc/src/storage/trie_key.rs index 42035c84..338ed8ee 100644 --- a/solana/solana-ibc/programs/solana-ibc/src/storage/trie_key.rs +++ b/solana/solana-ibc/programs/solana-ibc/src/storage/trie_key.rs @@ -60,12 +60,17 @@ macro_rules! new_key_impl { impl TrieKey { /// Constructs a new key for a client state path for client with given /// counter. + /// + /// The hash stored under the key is `hash(borsh(client_id.as_str()) || + /// borsh(client_state))`. pub fn for_client_state(client: ids::ClientIdx) -> Self { new_key_impl!(Tag::ClientState, client) } /// Constructs a new key for a consensus state path for client with given /// counter and specified height. + /// + /// The hsah stored under the key is `hash(borsh(consensus_state))`. pub fn for_consensus_state( client: ids::ClientIdx, height: ibc::Height, @@ -74,6 +79,8 @@ impl TrieKey { } /// Constructs a new key for a connection end path. + /// + /// The hsah stored under the key is `hash(borsh(connection_end))`. pub fn for_connection(connection: ids::ConnectionIdx) -> Self { new_key_impl!(Tag::Connection, connection) } From 39135459ba01a609ba56eccd86c538ea2d960170 Mon Sep 17 00:00:00 2001 From: Michal Nazarewicz Date: Mon, 20 Nov 2023 18:02:09 +0100 Subject: [PATCH 2/4] Update solana/solana-ibc/programs/solana-ibc/src/storage/trie_key.rs Co-authored-by: Dhruv D Jain Signed-off-by: Michal Nazarewicz --- solana/solana-ibc/programs/solana-ibc/src/storage/trie_key.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/solana/solana-ibc/programs/solana-ibc/src/storage/trie_key.rs b/solana/solana-ibc/programs/solana-ibc/src/storage/trie_key.rs index 338ed8ee..80571426 100644 --- a/solana/solana-ibc/programs/solana-ibc/src/storage/trie_key.rs +++ b/solana/solana-ibc/programs/solana-ibc/src/storage/trie_key.rs @@ -80,7 +80,7 @@ impl TrieKey { /// Constructs a new key for a connection end path. /// - /// The hsah stored under the key is `hash(borsh(connection_end))`. + /// The hash stored under the key is `hash(borsh(connection_end))`. pub fn for_connection(connection: ids::ConnectionIdx) -> Self { new_key_impl!(Tag::Connection, connection) } From 28ed07ab888b3289262f22d644b015f2f8f29976 Mon Sep 17 00:00:00 2001 From: Michal Nazarewicz Date: Mon, 20 Nov 2023 18:02:15 +0100 Subject: [PATCH 3/4] Update solana/solana-ibc/programs/solana-ibc/src/storage/trie_key.rs Co-authored-by: Dhruv D Jain Signed-off-by: Michal Nazarewicz --- solana/solana-ibc/programs/solana-ibc/src/storage/trie_key.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/solana/solana-ibc/programs/solana-ibc/src/storage/trie_key.rs b/solana/solana-ibc/programs/solana-ibc/src/storage/trie_key.rs index 80571426..cd7bbcb2 100644 --- a/solana/solana-ibc/programs/solana-ibc/src/storage/trie_key.rs +++ b/solana/solana-ibc/programs/solana-ibc/src/storage/trie_key.rs @@ -70,7 +70,7 @@ impl TrieKey { /// Constructs a new key for a consensus state path for client with given /// counter and specified height. /// - /// The hsah stored under the key is `hash(borsh(consensus_state))`. + /// The hash stored under the key is `hash(borsh(consensus_state))`. pub fn for_consensus_state( client: ids::ClientIdx, height: ibc::Height, From 3266cd5206ee42709d4445faa2e15404733c777c Mon Sep 17 00:00:00 2001 From: Michal Nazarewicz Date: Mon, 20 Nov 2023 18:02:22 +0100 Subject: [PATCH 4/4] Update common/lib/src/hash.rs Co-authored-by: Dhruv D Jain Signed-off-by: Michal Nazarewicz --- common/lib/src/hash.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/common/lib/src/hash.rs b/common/lib/src/hash.rs index c7c8c87a..ebd7c20b 100644 --- a/common/lib/src/hash.rs +++ b/common/lib/src/hash.rs @@ -45,7 +45,7 @@ impl CryptoHash { #[inline] pub fn digest(bytes: &[u8]) -> Self { Self::digestv(&[bytes]) } - /// Returns hash of consternation of given byte slices. + /// Returns hash of concatenation of given byte slices. /// /// This is morally equivalent to feeding all the slices into the builder /// one-by-one or concatenating them into a single buffer and hashing it in