lazarus-receipts 1.0.2

Lazarus Receipts SDK - Cryptographic receipt verification
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116

//! Merkle proof verification for Lazarus Receipts.

use crate::hash::{hash256, hex_to_bytes};

/// A node in a directional Merkle proof.
#[derive(Debug, Clone)]
pub struct ProofNode {
    /// 'L' or 'R' indicating sibling position
    pub side: char,
    /// 32-byte sibling hash
    pub hash: [u8; 32],
}

impl ProofNode {
    /// Create a new proof node from side and hex hash.
    pub fn from_hex(side: char, hex: &str) -> Result<Self, &'static str> {
        Ok(ProofNode {
            side,
            hash: hex_to_bytes(hex)?,
        })
    }
}

/// Verify a Merkle proof using positional v1.0.1 rule.
///
/// Directional proof nodes specify side:
/// - 'L': sibling is on left, cur = H(sibling || cur)
/// - 'R': sibling is on right, cur = H(cur || sibling)
///
/// # Arguments
/// * `leaf` - 32-byte leaf hash
/// * `root` - 32-byte expected root hash
/// * `proof` - Vector of proof nodes with side and hash
///
/// # Returns
/// `true` if proof verifies, `false` otherwise
pub fn verify_merkle_proof_directional(
    leaf: [u8; 32],
    root: [u8; 32],
    proof: &[ProofNode],
) -> bool {
    if proof.is_empty() {
        return false;
    }

    // Validate all nodes have valid side
    for node in proof {
        if node.side != 'L' && node.side != 'R' {
            return false;
        }
    }

    let mut current = leaf;

    for node in proof {
        match node.side {
            'L' => {
                // Sibling on left: H(sibling || current)
                let mut combined = Vec::with_capacity(64);
                combined.extend_from_slice(&node.hash);
                combined.extend_from_slice(&current);
                current = hash256(&combined);
            }
            'R' => {
                // Sibling on right: H(current || sibling)
                let mut combined = Vec::with_capacity(64);
                combined.extend_from_slice(&current);
                combined.extend_from_slice(&node.hash);
                current = hash256(&combined);
            }
            _ => return false,
        }
    }

    current == root
}

/// Legacy sorted-pair Merkle verification.
///
/// **WARNING**: NOT auditor-grade. Use `verify_merkle_proof_directional` instead.
///
/// This uses sorted concatenation which loses positional information.
/// Included only for backward compatibility with legacy systems.
#[deprecated(
    since = "1.0.0",
    note = "Use verify_merkle_proof_directional (positional_v1_0_1) instead"
)]
pub fn verify_merkle_proof_legacy_sorted(
    leaf: [u8; 32],
    root: [u8; 32],
    siblings: &[[u8; 32]],
) -> bool {
    if siblings.is_empty() {
        return false;
    }

    let mut current = leaf;

    for sibling in siblings {
        // Sorted concatenation - loses positional information
        let combined = if current < *sibling {
            let mut v = Vec::with_capacity(64);
            v.extend_from_slice(&current);
            v.extend_from_slice(sibling);
            v
        } else {
            let mut v = Vec::with_capacity(64);
            v.extend_from_slice(sibling);
            v.extend_from_slice(&current);
            v
        };
        current = hash256(&combined);
    }

    current == root
}