btcruby 1.0.4 → 1.0.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 0d9eaa33fb43ddda93be8bb439718983f8595e41
-  data.tar.gz: af06b8d5bcd07f02d8351e398c6b7a8595a8ddff
+  metadata.gz: 7296b8cbca8113b4795a800e581c220afdbe9b12
+  data.tar.gz: a318bf76d773d9f4bc4955e03bd70f0006bbaf1a
 SHA512:
-  metadata.gz: 0f50ec59b1e00e03cf6d23de427ee7b3a50058be67f4931fb9db7b400eee94d54ad58fb8abc66f5337a0960d31efcd010abb276a7a779ef5496a7f489d3d7df4
-  data.tar.gz: 444b559fcbf592eda67d82326510e2433810639b0530d55afdffdf241836d34396221c3fbdea1086c302c9063fe07b7dd2fa38412edcd4eeaf32d5289de8cba5
+  metadata.gz: ef71f62233c862f300abe91608cdc9f100a2ccdcc91f011436f543805fdceb0d8ff795240973a898edb1939c2ceceac43c00329430a0e78914bb97fe6ca5ae94
+  data.tar.gz: de2350b6b17e8c3de1f9e563916bdea830ed23fb0758e49ae1ea30de9d6ae4615fe786015860c1bf707f7a18e6c290eb52695ea77dc6bc63cf34ea546052fd3c

data/.gitignore

@@ -16,3 +16,5 @@ DerivedData
 *.xcuserstate
 *.xcodeproj
 *.xcodeproj/
+*.gem
+.ruby-version

data/README.md

@@ -52,6 +52,18 @@ $ bundle install
 $ rake
 ```
 
+## How to publish a gem
+
+1. Edit version.rb to bump the version.
+2. Update `RELEASE_NOTES.md`.
+3. Commit changes and tag it with new version.
+4. Generate and publish the gem:
+
+```
+$ gem build btcruby
+$ gem push btcruby-<version>.gem
+```
+
 ## Authors
 
 * [Oleg Andreev](http://oleganza.com/)

data/RELEASE_NOTES.md

@@ -2,6 +2,11 @@
 BTCRuby Release Notes
 =====================
 
+1.0.5 (July 8, 2015)
+--------------------
+
+* Added MerkleTree API.
+
 1.0.4 (July 2, 2015)
 --------------------
 

data/lib/btcruby/address.rb

@@ -213,7 +213,7 @@ module BTC
     end
 
     def data_for_base58check_encoding
-      BTC::Data.data_from_bytes([self.version]) + @data
+      BTC.data_from_bytes([self.version].flatten) + @data
     end
   end
 

data/lib/btcruby/block_header.rb

@@ -51,8 +51,6 @@ module BTC
     # The number of blocks that have been processed since the previous block (including the block itself).
     attr_accessor :confirmations
 
-    attr_accessor :my_name
-
     def self.genesis_mainnet
       self.new(
         version:             1,

data/lib/btcruby/merkle_tree.rb

@@ -0,0 +1,91 @@
+module BTC
+  class MerkleTree
+    
+    attr_reader :merkle_root
+    
+    def initialize(hashes: nil, transactions: nil, items: nil)
+      raise ArgumentError, "None of the arguments are used" if !transactions && !hashes && !items
+      if transactions
+        hashes = transactions.map{|tx| tx.transaction_hash}
+      elsif items
+        hashes = items.map{|item| BTC.hash256(item) }
+      end
+      raise ArgumentError, "Empty list is not allowed" if hashes.size == 0
+      @hashes = hashes
+    end
+    
+    def merkle_root
+      @merkle_root ||= compute_merkle_root
+    end
+    
+    def tail_duplicates?
+      if !@merkle_root
+        @merkle_root = compute_merkle_root
+      end
+      @tail_duplicates
+    end
+    
+    private
+    
+    def compute_merkle_root
+      # Based on original Satoshi implementation + vulnerability detection API:
+      # WARNING! If you're reading this because you're learning about crypto
+      # and/or designing a new system that will use merkle trees, keep in mind
+      # that the following merkle tree algorithm has a serious flaw related to
+      # duplicate txids, resulting in a vulnerability (CVE-2012-2459).
+      # 
+      # The reason is that if the number of hashes in the list at a given time
+      # is odd, the last one is duplicated before computing the next level (which
+      # is unusual in Merkle trees). This results in certain sequences of
+      # transactions leading to the same merkle root. For example, these two
+      # trees:
+      # 
+      #              A               A
+      #            /  \            /   \
+      #          B     C         B       C
+      #         / \    |        / \     / \
+      #        D   E   F       D   E   F   F
+      #       / \ / \ / \     / \ / \ / \ / \
+      #       1 2 3 4 5 6     1 2 3 4 5 6 5 6
+      # 
+      # for transaction lists [1,2,3,4,5,6] and [1,2,3,4,5,6,5,6] (where 5 and
+      # 6 are repeated) result in the same root hash A (because the hash of both
+      # of (F) and (F,F) is C).
+      # 
+      # The vulnerability results from being able to send a block with such a
+      # transaction list, with the same merkle root, and the same block hash as
+      # the original without duplication, resulting in failed validation. If the
+      # receiving node proceeds to mark that block as permanently invalid
+      # however, it will fail to accept further unmodified (and thus potentially
+      # valid) versions of the same block. We defend against this by detecting
+      # the case where we would hash two identical hashes at the end of the list
+      # together, and treating that identically to the block having an invalid
+      # merkle root. Assuming no double-SHA256 collisions, this will detect all
+      # known ways of changing the transactions without affecting the merkle
+      # root.
+      
+      @tail_duplicates = false
+
+      tree = @hashes.dup
+      j = 0
+      size = tree.size
+      while size > 1
+        i = 0
+        while i < size
+          i2 = [i + 1, size - 1].min
+          if i2 == i + 1 && i2 + 1 == size && tree[j+i] == tree[j+i2]
+            # Two identical hashes at the end of the list at a particular level.
+            @tail_duplicates = true
+          end
+          hash = BTC.hash256(tree[j+i] + tree[j+i2])
+          tree << hash
+          i += 2
+        end
+        j += size
+        size = (size + 1) / 2
+      end
+      tree.last
+    end
+    
+  end # MerkleTree
+end # BTC

data/lib/btcruby/open_assets/asset_address.rb

@@ -20,7 +20,7 @@ module BTC
       if string
         _raw_data ||= Base58.data_from_base58check(string)
         raise FormatError, "Too short AssetAddress" if _raw_data.bytesize < 2
-        raise FormatError, "Invalid namespace for AssetAddress" if _raw_data.bytes[0] != NAMESPACE
+        raise FormatError, "Invalid namespace for AssetAddress" if _raw_data.bytes[0] != self.class.mainnet_version
         @bitcoin_address = BTC::Address.mux_parse_raw_data(_raw_data[1..-1])
         @base58check_string = string
       elsif bitcoin_address
@@ -46,7 +46,7 @@ module BTC
     end
 
     def data_for_base58check_encoding
-      BTC::Data.data_from_bytes([NAMESPACE]) + @bitcoin_address.data_for_base58check_encoding
+      BTC::Data.data_from_bytes([self.class.mainnet_version]) + @bitcoin_address.data_for_base58check_encoding
     end
   end
 end

data/lib/btcruby/open_assets/issuance_id.rb

@@ -13,8 +13,6 @@ module BTC
       125 # 's' prefix
     end
 
-    # Instantiates AssetID with output, output script or raw hash.
-    # To compute an Asset ID for the Asset Definition file, use `trim_script_prefix: true`.
     def initialize(string: nil, hash: nil, network: nil, outpoint: nil, amount: nil, _raw_data: nil)
       if outpoint || amount
         raise ArgumentError, "Outpoint is missing" if !outpoint

data/lib/btcruby/version.rb

@@ -1,3 +1,3 @@
 module BTC
-  VERSION = "1.0.4".freeze
+  VERSION = "1.0.5".freeze
 end

data/lib/btcruby.rb

@@ -34,6 +34,7 @@ require_relative 'btcruby/transaction_builder.rb'
 require_relative 'btcruby/proof_of_work.rb'
 require_relative 'btcruby/block_header.rb'
 require_relative 'btcruby/block.rb'
+require_relative 'btcruby/merkle_tree.rb'
 require_relative 'btcruby/open_assets.rb'
 
 # TODO:

data/spec/merkle_tree_spec.rb

@@ -0,0 +1,30 @@
+require_relative 'spec_helper'
+describe BTC::MerkleTree do
+  
+  it "should compute root of one hash equal to that hash" do
+    hash = "5df6e0e2761359d30a8275058e299fcc0381534545f55cf43e41983f5d4c9456"
+    MerkleTree.new(hashes: [hash.from_hex]).merkle_root.to_hex.must_equal hash
+  end
+
+  it "merkle root of 2 hashes must equal hash(a+b)" do
+    a = "9c2e4d8fe97d881430de4e754b4205b9c27ce96715231cffc4337340cb110280".from_hex
+    b = "0c08173828583fc6ecd6ecdbcca7b6939c49c242ad5107e39deb7b0a5996b903".from_hex
+    r = "7de236613dd3d9fa1d86054a84952f1e0df2f130546b394a4d4dd7b76997f607".from_hex
+    r.to_hex.must_equal BTC.hash256(a+b).to_hex
+    mt = MerkleTree.new(hashes: [a,b])
+    mt.tail_duplicates?.must_equal false
+    mt.merkle_root.to_hex.must_equal r.to_hex
+  end
+
+  it "merkle root of 3 hashes must equal Hash(Hash(a+b)+Hash(c+c))" do
+    a = "9c2e4d8fe97d881430de4e754b4205b9c27ce96715231cffc4337340cb110280".from_hex
+    b = "0c08173828583fc6ecd6ecdbcca7b6939c49c242ad5107e39deb7b0a5996b903".from_hex
+    c = "80903da4e6bbdf96e8ff6fc3966b0cfd355c7e860bdd1caa8e4722d9230e40ac".from_hex
+    r = "5b7534123197114fa7e7459075f39d89ffab74b5c3f31fad48a025b931ff5a01".from_hex
+    r.to_hex.must_equal BTC.hash256(BTC.hash256(a+b)+BTC.hash256(c+c)).to_hex
+    mt = MerkleTree.new(hashes: [a,b,c])
+    mt.tail_duplicates?.must_equal false
+    mt.merkle_root.to_hex.must_equal r.to_hex
+  end
+
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: btcruby
 version: !ruby/object:Gem::Version
-  version: 1.0.4
+  version: 1.0.5
 platform: ruby
 authors:
 - Oleg Andreev
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-07-02 00:00:00.000000000 Z
+date: 2015-07-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: ffi
@@ -92,6 +92,7 @@ files:
 - lib/btcruby/hash_id.rb
 - lib/btcruby/key.rb
 - lib/btcruby/keychain.rb
+- lib/btcruby/merkle_tree.rb
 - lib/btcruby/network.rb
 - lib/btcruby/opcode.rb
 - lib/btcruby/open_assets.rb
@@ -140,6 +141,7 @@ files:
 - spec/diagnostics_spec.rb
 - spec/key_spec.rb
 - spec/keychain_spec.rb
+- spec/merkle_tree_spec.rb
 - spec/network_spec.rb
 - spec/open_assets/asset_address_spec.rb
 - spec/open_assets/asset_id_spec.rb