Merge #19601: Refactoring CHashWriter & Get{Prevouts,Sequence,Outputs}Hash to SHA256 (Alternative to #18071)

fanquake · fanquake · commit f8462a6d2794 · 2020-08-25T20:18:40.000+08:00
9ab4caf Refactor Get{Prevout,Sequence,Outputs}Hash to Get{Prevouts,Sequences,Outputs}SHA256. (Jeremy Rubin) 6510d0f Add SHA256Uint256 helper functions (Jeremy Rubin) b475d7d Add single sha256 call to CHashWriter (Jeremy Rubin) Pull request description: Opened as an alternative to #18071 to be more similar to #17977. I'm fine with either, deferring to others. cc jnewbery Sjors ACKs for top commit: jnewbery: Code review ACK 9ab4caf jonatack: Tested ACK 9ab4caf fjahr: tested ACK 9ab4caf instagibbs: reACK bitcoin/bitcoin@9ab4caf Tree-SHA512: 93a7a47697f1657f027b18407bdcce16963f6b23d12372e7ac8fd4ee96769b3e2639369f9956fee669cc881b6338641cddfeeef1516c7104cb50ef4b880bb0a7
diff --git a/src/hash.cpp b/src/hash.cpp
@@ -77,3 +77,10 @@ void BIP32Hash(const ChainCode &chainCode, unsigned int nChild, unsigned char he
     num[3] = (nChild >>  0) & 0xFF;
     CHMAC_SHA512(chainCode.begin(), chainCode.size()).Write(&header, 1).Write(data, 32).Write(num, 4).Finalize(output);
 }
+
+uint256 SHA256Uint256(const uint256& input)
+{
+    uint256 result;
+    CSHA256().Write(input.begin(), 32).Finalize(result.begin());
+    return result;
+}
diff --git a/src/hash.h b/src/hash.h
@@ -6,6 +6,7 @@
 #ifndef BITCOIN_HASH_H
 #define BITCOIN_HASH_H
 
+#include <attributes.h>
 #include <crypto/common.h>
 #include <crypto/ripemd160.h>
 #include <crypto/sha256.h>
@@ -98,7 +99,7 @@ inline uint160 Hash160(const T1& in1)
 class CHashWriter
 {
 private:
-    CHash256 ctx;
+    CSHA256 ctx;
 
     const int nType;
     const int nVersion;
@@ -110,23 +111,36 @@ class CHashWriter
     int GetVersion() const { return nVersion; }
 
     void write(const char *pch, size_t size) {
-        ctx.Write({(const unsigned char*)pch, size});
+        ctx.Write((const unsigned char*)pch, size);
     }
 
-    // invalidates the object
+    /** Compute the double-SHA256 hash of all data written to this object.
+     *
+     * Invalidates this object.
+     */
     uint256 GetHash() {
         uint256 result;
-        ctx.Finalize(result);
+        ctx.Finalize(result.begin());
+        ctx.Reset().Write(result.begin(), CSHA256::OUTPUT_SIZE).Finalize(result.begin());
+        return result;
+    }
+
+    /** Compute the SHA256 hash of all data written to this object.
+     *
+     * Invalidates this object.
+     */
+    uint256 GetSHA256() {
+        uint256 result;
+        ctx.Finalize(result.begin());
         return result;
     }
 
     /**
      * Returns the first 64 bits from the resulting hash.
      */
     inline uint64_t GetCheapHash() {
-        unsigned char result[CHash256::OUTPUT_SIZE];
-        ctx.Finalize(result);
-        return ReadLE64(result);
+        uint256 result = GetHash();
+        return ReadLE64(result.begin());
     }
 
     template<typename T>
@@ -181,6 +195,9 @@ uint256 SerializeHash(const T& obj, int nType=SER_GETHASH, int nVersion=PROTOCOL
     return ss.GetHash();
 }
 
+/** Single-SHA256 a 32-byte input (represented as uint256). */
+NODISCARD uint256 SHA256Uint256(const uint256& input);
+
 unsigned int MurmurHash3(unsigned int nHashSeed, Span<const unsigned char> vDataToHash);
 
 void BIP32Hash(const ChainCode &chainCode, unsigned int nChild, unsigned char header, const unsigned char data[32], unsigned char output[64]);
diff --git a/src/script/interpreter.cpp b/src/script/interpreter.cpp
@@ -1258,34 +1258,37 @@ class CTransactionSignatureSerializer
     }
 };
 
+/** Compute the (single) SHA256 of the concatenation of all prevouts of a tx. */
 template <class T>
-uint256 GetPrevoutHash(const T& txTo)
+uint256 GetPrevoutsSHA256(const T& txTo)
 {
     CHashWriter ss(SER_GETHASH, 0);
     for (const auto& txin : txTo.vin) {
         ss << txin.prevout;
     }
-    return ss.GetHash();
+    return ss.GetSHA256();
 }
 
+/** Compute the (single) SHA256 of the concatenation of all nSequences of a tx. */
 template <class T>
-uint256 GetSequenceHash(const T& txTo)
+uint256 GetSequencesSHA256(const T& txTo)
 {
     CHashWriter ss(SER_GETHASH, 0);
     for (const auto& txin : txTo.vin) {
         ss << txin.nSequence;
     }
-    return ss.GetHash();
+    return ss.GetSHA256();
 }
 
+/** Compute the (single) SHA256 of the concatenation of all txouts of a tx. */
 template <class T>
-uint256 GetOutputsHash(const T& txTo)
+uint256 GetOutputsSHA256(const T& txTo)
 {
     CHashWriter ss(SER_GETHASH, 0);
     for (const auto& txout : txTo.vout) {
         ss << txout;
     }
-    return ss.GetHash();
+    return ss.GetSHA256();
 }
 
 } // namespace
@@ -1297,9 +1300,9 @@ void PrecomputedTransactionData::Init(const T& txTo)
 
     // Cache is calculated only for transactions with witness
     if (txTo.HasWitness()) {
-        hashPrevouts = GetPrevoutHash(txTo);
-        hashSequence = GetSequenceHash(txTo);
-        hashOutputs = GetOutputsHash(txTo);
+        hashPrevouts = SHA256Uint256(GetPrevoutsSHA256(txTo));
+        hashSequence = SHA256Uint256(GetSequencesSHA256(txTo));
+        hashOutputs = SHA256Uint256(GetOutputsSHA256(txTo));
     }
 
     m_ready = true;
@@ -1329,16 +1332,16 @@ uint256 SignatureHash(const CScript& scriptCode, const T& txTo, unsigned int nIn
         const bool cacheready = cache && cache->m_ready;
 
         if (!(nHashType & SIGHASH_ANYONECANPAY)) {
-            hashPrevouts = cacheready ? cache->hashPrevouts : GetPrevoutHash(txTo);
+            hashPrevouts = cacheready ? cache->hashPrevouts : SHA256Uint256(GetPrevoutsSHA256(txTo));
         }
 
         if (!(nHashType & SIGHASH_ANYONECANPAY) && (nHashType & 0x1f) != SIGHASH_SINGLE && (nHashType & 0x1f) != SIGHASH_NONE) {
-            hashSequence = cacheready ? cache->hashSequence : GetSequenceHash(txTo);
+            hashSequence = cacheready ? cache->hashSequence : SHA256Uint256(GetSequencesSHA256(txTo));
         }
 
 
         if ((nHashType & 0x1f) != SIGHASH_SINGLE && (nHashType & 0x1f) != SIGHASH_NONE) {
-            hashOutputs = cacheready ? cache->hashOutputs : GetOutputsHash(txTo);
+            hashOutputs = cacheready ? cache->hashOutputs : SHA256Uint256(GetOutputsSHA256(txTo));
         } else if ((nHashType & 0x1f) == SIGHASH_SINGLE && nIn < txTo.vout.size()) {
             CHashWriter ss(SER_GETHASH, 0);
             ss << txTo.vout[nIn];

Original file line number	Diff line number	Diff line change
`@@ -1258,34 +1258,37 @@ class CTransactionSignatureSerializer`
`1258`	`1258`	`}`
`1259`	`1259`	`};`
`1260`	`1260`
	`1261`	`+/** Compute the (single) SHA256 of the concatenation of all prevouts of a tx. */`
`1261`	`1262`	`template <class T>`
`1262`		`-uint256 GetPrevoutHash(const T& txTo)`
	`1263`	`+uint256 GetPrevoutsSHA256(const T& txTo)`
`1263`	`1264`	`{`
`1264`	`1265`	`CHashWriter ss(SER_GETHASH, 0);`
`1265`	`1266`	`for (const auto& txin : txTo.vin) {`
`1266`	`1267`	`ss << txin.prevout;`
`1267`	`1268`	`}`
`1268`		`- return ss.GetHash();`
	`1269`	`+ return ss.GetSHA256();`
`1269`	`1270`	`}`
`1270`	`1271`
	`1272`	`+/** Compute the (single) SHA256 of the concatenation of all nSequences of a tx. */`
`1271`	`1273`	`template <class T>`
`1272`		`-uint256 GetSequenceHash(const T& txTo)`
	`1274`	`+uint256 GetSequencesSHA256(const T& txTo)`
`1273`	`1275`	`{`
`1274`	`1276`	`CHashWriter ss(SER_GETHASH, 0);`
`1275`	`1277`	`for (const auto& txin : txTo.vin) {`
`1276`	`1278`	`ss << txin.nSequence;`
`1277`	`1279`	`}`
`1278`		`- return ss.GetHash();`
	`1280`	`+ return ss.GetSHA256();`
`1279`	`1281`	`}`
`1280`	`1282`
	`1283`	`+/** Compute the (single) SHA256 of the concatenation of all txouts of a tx. */`
`1281`	`1284`	`template <class T>`
`1282`		`-uint256 GetOutputsHash(const T& txTo)`
	`1285`	`+uint256 GetOutputsSHA256(const T& txTo)`
`1283`	`1286`	`{`
`1284`	`1287`	`CHashWriter ss(SER_GETHASH, 0);`
`1285`	`1288`	`for (const auto& txout : txTo.vout) {`
`1286`	`1289`	`ss << txout;`
`1287`	`1290`	`}`
`1288`		`- return ss.GetHash();`
	`1291`	`+ return ss.GetSHA256();`
`1289`	`1292`	`}`
`1290`	`1293`
`1291`	`1294`	`} // namespace`
`@@ -1297,9 +1300,9 @@ void PrecomputedTransactionData::Init(const T& txTo)`
`1297`	`1300`
`1298`	`1301`	`// Cache is calculated only for transactions with witness`
`1299`	`1302`	`if (txTo.HasWitness()) {`
`1300`		`- hashPrevouts = GetPrevoutHash(txTo);`
`1301`		`- hashSequence = GetSequenceHash(txTo);`
`1302`		`- hashOutputs = GetOutputsHash(txTo);`
	`1303`	`+ hashPrevouts = SHA256Uint256(GetPrevoutsSHA256(txTo));`
	`1304`	`+ hashSequence = SHA256Uint256(GetSequencesSHA256(txTo));`
	`1305`	`+ hashOutputs = SHA256Uint256(GetOutputsSHA256(txTo));`
`1303`	`1306`	`}`
`1304`	`1307`
`1305`	`1308`	`m_ready = true;`
`@@ -1329,16 +1332,16 @@ uint256 SignatureHash(const CScript& scriptCode, const T& txTo, unsigned int nIn`
`1329`	`1332`	`const bool cacheready = cache && cache->m_ready;`
`1330`	`1333`
`1331`	`1334`	`if (!(nHashType & SIGHASH_ANYONECANPAY)) {`
`1332`		`- hashPrevouts = cacheready ? cache->hashPrevouts : GetPrevoutHash(txTo);`
	`1335`	`+ hashPrevouts = cacheready ? cache->hashPrevouts : SHA256Uint256(GetPrevoutsSHA256(txTo));`
`1333`	`1336`	`}`
`1334`	`1337`
`1335`	`1338`	`if (!(nHashType & SIGHASH_ANYONECANPAY) && (nHashType & 0x1f) != SIGHASH_SINGLE && (nHashType & 0x1f) != SIGHASH_NONE) {`
`1336`		`- hashSequence = cacheready ? cache->hashSequence : GetSequenceHash(txTo);`
	`1339`	`+ hashSequence = cacheready ? cache->hashSequence : SHA256Uint256(GetSequencesSHA256(txTo));`
`1337`	`1340`	`}`
`1338`	`1341`
`1339`	`1342`
`1340`	`1343`	`if ((nHashType & 0x1f) != SIGHASH_SINGLE && (nHashType & 0x1f) != SIGHASH_NONE) {`
`1341`		`- hashOutputs = cacheready ? cache->hashOutputs : GetOutputsHash(txTo);`
	`1344`	`+ hashOutputs = cacheready ? cache->hashOutputs : SHA256Uint256(GetOutputsSHA256(txTo));`
`1342`	`1345`	`} else if ((nHashType & 0x1f) == SIGHASH_SINGLE && nIn < txTo.vout.size()) {`
`1343`	`1346`	`CHashWriter ss(SER_GETHASH, 0);`
`1344`	`1347`	`ss << txTo.vout[nIn];`