feat: verify node hashes on read

Author: demosdemon

firewood/src/iter.rs

@@ -141,13 +141,8 @@ impl ParallelMerkle {
                 }
 
                 // Return the child as the new root. Update its partial path to include the index value.
-                let mut child = match child {
-                    Child::Node(child_node) => std::mem::take(child_node),
-                    Child::AddressWithHash(addr, _) => nodestore.read_for_update((*addr).into())?,
-                    Child::MaybePersisted(maybe_persisted, _) => {
-                        nodestore.read_for_update(maybe_persisted.clone())?
-                    }
-                };
+                let mut child =
+                    child.read_for_update(nodestore, &Path::from(&[child_index.as_u8()]))?;
 
                 // The child's partial path is the concatenation of its (now removed) parent, which
                 // should always be empty because of our prepare step, its (former) child index, and
@@ -238,17 +233,8 @@ impl ParallelMerkle {
             .children
             .get_mut(first_path_component)
             .take()
-            .map(|child| -> Result<_, FileIoError> {
-                match child {
-                    Child::Node(node) => Ok(node),
-                    Child::AddressWithHash(address, _) => {
-                        // Track deletion of the removed child from the root (if it was persisted).
-                        Ok(proposal.read_for_update(address.into())?)
-                    }
-                    Child::MaybePersisted(maybe_persisted, _) => {
-                        Ok(proposal.read_for_update(maybe_persisted)?)
-                    }
-                }
+            .map(|child| {
+                child.read_for_update(proposal, &Path::from(&[first_path_component.as_u8()]))
             })
             .transpose()?;
 

firewood/src/merkle/mod.rs

@@ -281,7 +281,7 @@ fn remove_root() {
     assert!(merkle.get_value(&key3).unwrap().is_none());
     assert!(merkle.remove(&key3).unwrap().is_none());
 
-    assert!(merkle.nodestore.root_node().is_none());
+    assert!(merkle.nodestore.read_root().unwrap().is_none());
 }
 
 #[test]
@@ -357,7 +357,7 @@ fn remove_many() {
         let got = merkle.get_value(&key).unwrap();
         assert!(got.is_none());
     }
-    assert!(merkle.nodestore.root_node().is_none());
+    assert!(merkle.nodestore.read_root().unwrap().is_none());
 }
 
 #[test]

firewood/src/merkle/parallel.rs

@@ -141,6 +141,58 @@ impl Child {
             Child::MaybePersisted(maybe_persisted, _) => maybe_persisted.clone(),
         }
     }
+
+    /// Read the node from storage for update
+    pub fn read_for_update<S: crate::ReadableStorage>(
+        &self,
+        storage: &mut crate::NodeStore<crate::MutableProposal, S>,
+        leading_path: &Path,
+    ) -> Result<Node, crate::FileIoError> {
+        match self {
+            Child::Node(node) => Ok(node.clone()),
+            Child::AddressWithHash(addr, hash) => {
+                storage.read_for_update((*addr).into(), hash, leading_path)
+            }
+            Child::MaybePersisted(node, hash) => {
+                storage.read_for_update(node.clone(), hash, leading_path)
+            }
+        }
+    }
+
+    /// Read the node from storage
+    pub fn read_node_from_storage<S: crate::NodeReader>(
+        &self,
+        storage: &S,
+        leading_path: &Path,
+    ) -> Result<SharedNode, crate::FileIoError> {
+        match self {
+            Child::Node(node) => Ok(node.clone().into()),
+            Child::AddressWithHash(addr, hash) => storage.read_node(*addr, hash, leading_path),
+            Child::MaybePersisted(maybe_persisted, hash) => {
+                maybe_persisted.as_shared_node(storage, hash, leading_path)
+            }
+        }
+    }
+
+    pub(crate) fn read_root<S: crate::NodeReader>(
+        &self,
+        storage: &S,
+    ) -> Result<(MaybePersistedNode, Node), crate::FileIoError> {
+        match self {
+            Child::Node(node) => Ok((
+                MaybePersistedNode::from(SharedNode::from(node.clone())),
+                node.clone(),
+            )),
+            Child::AddressWithHash(addr, hash) => {
+                let node = storage.read_node(*addr, hash, &Path::new())?;
+                Ok((MaybePersistedNode::from(*addr), (*node).clone()))
+            }
+            Child::MaybePersisted(maybe_persisted, hash) => {
+                let node = maybe_persisted.as_shared_node(storage, hash, &Path::new())?;
+                Ok((maybe_persisted.clone(), (*node).clone()))
+            }
+        }
+    }
 }
 
 #[derive(PartialEq, Eq, Clone)]

firewood/src/merkle/tests/mod.rs

@@ -4,7 +4,7 @@
 use parking_lot::Mutex;
 use std::{fmt::Display, sync::Arc};
 
-use crate::{FileIoError, LinearAddress, NodeReader, SharedNode};
+use crate::{FileIoError, HashType, LinearAddress, NodeReader, Path, SharedNode};
 
 /// A node that is either in memory or on disk.
 ///
@@ -86,12 +86,19 @@ impl MaybePersistedNode {
     /// Returns a `Result<SharedNode, FileIoError>` where:
     /// - `Ok(SharedNode)` contains the node if successfully retrieved
     /// - `Err(FileIoError)` if there was an error reading from storage
-    pub fn as_shared_node<S: NodeReader>(&self, storage: &S) -> Result<SharedNode, FileIoError> {
+    pub fn as_shared_node<S: NodeReader>(
+        &self,
+        storage: &S,
+        expected_hash: &HashType,
+        leading_path: &Path,
+    ) -> Result<SharedNode, FileIoError> {
         match &*self.0.lock() {
             MaybePersisted::Allocated(_, node) | MaybePersisted::Unpersisted(node) => {
                 Ok(node.clone())
             }
-            MaybePersisted::Persisted(address) => storage.read_node(*address),
+            MaybePersisted::Persisted(address) => {
+                storage.read_node(*address, expected_hash, leading_path)
+            }
         }
     }
 
@@ -234,15 +241,24 @@ mod test {
         // create as unpersisted
         let maybe_persisted_node = MaybePersistedNode::from(node.clone());
         let addr = nonzero!(2048u64);
-        assert_eq!(maybe_persisted_node.as_shared_node(&store).unwrap(), node);
+        assert_eq!(
+            maybe_persisted_node
+                .as_shared_node(&store, &HashType::empty(), &Path::new())
+                .unwrap(),
+            node
+        );
         assert_eq!(
             Option::<LinearAddress>::None,
             Option::from(&maybe_persisted_node)
         );
 
         let addr = LinearAddress::new(addr.get()).unwrap();
         maybe_persisted_node.persist_at(addr);
-        assert!(maybe_persisted_node.as_shared_node(&store).is_err());
+        assert!(
+            maybe_persisted_node
+                .as_shared_node(&store, &HashType::empty(), &Path::new())
+                .is_err()
+        );
         assert_eq!(Some(addr), Option::from(&maybe_persisted_node));
         Ok(())
     }
@@ -267,8 +283,18 @@ mod test {
         let cloned = original.clone();
 
         // Both should be unpersisted initially
-        assert_eq!(original.as_shared_node(&store).unwrap(), node);
-        assert_eq!(cloned.as_shared_node(&store).unwrap(), node);
+        assert_eq!(
+            original
+                .as_shared_node(&store, &HashType::empty(), &Path::new())
+                .unwrap(),
+            node
+        );
+        assert_eq!(
+            cloned
+                .as_shared_node(&store, &HashType::empty(), &Path::new())
+                .unwrap(),
+            node
+        );
         assert_eq!(Option::<LinearAddress>::None, Option::from(&original));
         assert_eq!(Option::<LinearAddress>::None, Option::from(&cloned));
 
@@ -281,8 +307,16 @@ mod test {
 
         // Both original and clone should now be persisted since they share the same
         // mutex-protected pointer
-        assert!(original.as_shared_node(&store).is_err());
-        assert!(cloned.as_shared_node(&store).is_err());
+        assert!(
+            original
+                .as_shared_node(&store, &HashType::empty(), &Path::new())
+                .is_err()
+        );
+        assert!(
+            cloned
+                .as_shared_node(&store, &HashType::empty(), &Path::new())
+                .is_err()
+        );
         assert_eq!(Some(addr), Option::from(&original));
         assert_eq!(Some(addr), Option::from(&cloned));
 

storage/src/node/branch.rs

@@ -102,7 +102,7 @@ where
                         } else {
                             // If not persisted, we need to get the node to hash it
                             let node = maybe_persisted
-                                .as_shared_node(&self)
+                                .as_shared_node(&self, &HashType::empty(), &Path::new())
                                 .expect("will never fail for unpersisted nodes");
                             acc.unhashed.push((idx, node.deref().clone()));
                         }
@@ -158,14 +158,17 @@ where
                 trace!("hashed {hashed:?} unhashed {unhashed:?}");
                 // we were left with one hashed node that must be rehashed
                 if let [(child_idx, (child_node, child_hash))] = &mut hashed[..] {
+                    let mut path_guard = PathGuard::new(&mut path_prefix);
+                    path_guard.0.extend(b.partial_path.0.iter().copied());
                     // Extract the address from the MaybePersistedNode
                     let addr: crate::LinearAddress = child_node
                         .as_linear_address()
                         .expect("hashed node should be persisted");
-                    let mut hashable_node = self.read_node(addr)?.deref().clone();
+                    let mut hashable_node = self
+                        .read_node(addr, child_hash, &path_guard)?
+                        .deref()
+                        .clone();
                     let hash = {
-                        let mut path_guard = PathGuard::new(&mut path_prefix);
-                        path_guard.0.extend(b.partial_path.0.iter().copied());
                         if unhashed.is_empty() {
                             hashable_node.update_partial_path(Path::from_nibbles_iterator(
                                 std::iter::once(child_idx.as_u8())