feat!: add hashing API use to base layer (see issue #4394)

base_layer/common_types/src/types/bullet_rangeproofs.rs

@@ -22,7 +22,6 @@
 
 use std::fmt;
 
-use digest::Digest;
 use serde::{
     de::{self, Visitor},
     Deserialize,
@@ -32,14 +31,18 @@ use serde::{
 };
 use tari_utilities::{hex::*, ByteArray, ByteArrayError, Hashable};
 
-use crate::types::Blake256;
+use super::{base_layer_common_types_domain_hasher, BULLET_RANGEPROOFS_HASHER_LABEL};
 
 #[derive(Debug, Default, Clone, PartialEq, Eq, PartialOrd, Ord)]
 pub struct BulletRangeProof(pub Vec<u8>);
 /// Implement the hashing function for RangeProof for use in the MMR
 impl Hashable for BulletRangeProof {
     fn hash(&self) -> Vec<u8> {
-        Blake256::new().chain(&self.0).finalize().to_vec()
+        base_layer_common_types_domain_hasher(BULLET_RANGEPROOFS_HASHER_LABEL)
+            .chain(&self.0)
+            .finalize()
+            .as_ref()
+            .to_vec()
     }
 }
 

base_layer/common_types/src/types/mod.rs

@@ -78,3 +78,18 @@ pub type RangeProofService = BulletproofsPlusService;
 
 /// Specify the range proof
 pub type RangeProof = BulletRangeProof;
+
+use tari_crypto::{hash_domain, hashing::DomainSeparatedHasher};
+
+pub(crate) const BULLET_RANGEPROOFS_HASHER_LABEL: &str = "bullet_rangeproofs.hasher";
+
+hash_domain!(
+    BaseLayerCommonTypesDomain,
+    "com.tari.tari-project.base_layer.common_types"
+);
+
+pub(crate) fn base_layer_common_types_domain_hasher(
+    label: &'static str,
+) -> DomainSeparatedHasher<Blake256, BaseLayerCommonTypesDomain> {
+    DomainSeparatedHasher::<Blake256, BaseLayerCommonTypesDomain>::new_with_label(label)
+}

base_layer/core/src/chain_storage/lmdb_db/lmdb_db.rs

@@ -38,7 +38,6 @@ use std::{
     time::Instant,
 };
 
-use blake2::Digest;
 use croaring::Bitmap;
 use fs2::FileExt;
 use lmdb_zero::{open, ConstTransaction, Database, Environment, ReadTransaction, WriteTransaction};
@@ -57,6 +56,7 @@ use tari_utilities::{
     ByteArray,
 };
 
+use super::{base_layer_core_chain_storage_lmdb_hasher, LMDB_STORAGE_HASH_LABEL};
 use crate::{
     blocks::{
         Block,
@@ -2736,10 +2736,12 @@ impl UniqueIdIndexKey {
     /// `parent_public_key` - the parent asset public key to which the token is assigned
     /// `unique_id` - a series of bytes representing the token uniquely for the asset
     pub fn new(parent_public_key: Option<&PublicKey>, unique_id: &[u8]) -> Self {
-        let unique_id_hash = Blake256::default().chain(unique_id).finalize();
+        let unique_id_hash = base_layer_core_chain_storage_lmdb_hasher::<Blake256>(LMDB_STORAGE_HASH_LABEL)
+            .chain(unique_id)
+            .finalize();
         Self::from_raw_parts(
             parent_public_key.map(|p| p.as_bytes()).unwrap_or(&[0; 32][..]),
-            &unique_id_hash,
+            unique_id_hash.as_ref(),
             // u64::MAX
             &[0xff; 8][..],
         )

base_layer/core/src/chain_storage/lmdb_db/mod.rs

@@ -20,9 +20,14 @@
 // WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
 // USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
+use digest::Digest;
 pub use lmdb_db::{create_lmdb_database, create_recovery_lmdb_database, LMDBDatabase};
 use serde::{Deserialize, Serialize};
 use tari_common_types::types::HashOutput;
+use tari_crypto::{
+    hash_domain,
+    hashing::{DomainSeparatedHasher, LengthExtensionAttackResistant},
+};
 
 use crate::transactions::transaction_components::{TransactionInput, TransactionKernel, TransactionOutput};
 
@@ -72,3 +77,13 @@ pub(crate) struct TransactionKernelRowData {
     pub mmr_position: u32,
     pub hash: HashOutput,
 }
+
+hash_domain!(BaseLayerCoreDomain, "com.tari.tari-project.base_layer.core");
+
+pub(crate) const LMDB_STORAGE_HASH_LABEL: &str = "lmdb_db";
+
+pub(crate) fn base_layer_core_chain_storage_lmdb_hasher<D: Digest + LengthExtensionAttackResistant>(
+    label: &'static str,
+) -> DomainSeparatedHasher<D, BaseLayerCoreDomain> {
+    DomainSeparatedHasher::<D, BaseLayerCoreDomain>::new_with_label(label)
+}

base_layer/core/src/covenants/fields.rs

@@ -29,8 +29,9 @@ use std::{
 
 use digest::Digest;
 use integer_encoding::VarIntWriter;
-use tari_crypto::hash::blake2::Blake256;
+use tari_crypto::{hash::blake2::Blake256, hashing::DomainSeparation};
 
+use super::{BaseLayerCovenantsDomain, COVENANTS_FIELD_HASHER_LABEL};
 use crate::{
     consensus::ToConsensusBytes,
     covenants::{
@@ -369,8 +370,9 @@ impl OutputFields {
 
     pub fn construct_challenge_from(&self, output: &TransactionOutput) -> Blake256 {
         let mut challenge = Blake256::new();
+        BaseLayerCovenantsDomain::add_domain_separation_tag(&mut challenge, COVENANTS_FIELD_HASHER_LABEL);
         for field in &self.fields {
-            challenge.update(field.get_field_value_bytes(output));
+            challenge.update(&field.get_field_value_bytes(output).as_slice());
         }
         challenge
     }
@@ -402,7 +404,6 @@ mod test {
 
     use super::*;
     use crate::{
-        consensus::ConsensusEncoding,
         covenant,
         covenants::test::{create_input, create_outputs},
         transactions::{
@@ -570,6 +571,9 @@ mod test {
         use super::*;
 
         mod construct_challenge_from {
+            use blake2::Digest;
+            use tari_crypto::hashing::DomainSeparation;
+
             use super::*;
 
             #[test]
@@ -591,12 +595,16 @@ mod test {
                 fields.push(OutputField::Commitment);
                 fields.push(OutputField::Script);
                 let hash = fields.construct_challenge_from(&output).finalize();
-
-                let mut challenge = Vec::new();
-                output.features.consensus_encode(&mut challenge).unwrap();
-                output.commitment.consensus_encode(&mut challenge).unwrap();
-                output.script.consensus_encode(&mut challenge).unwrap();
-                let expected_hash = Blake256::new().chain(&challenge).finalize();
+                let hash = hash.to_vec();
+
+                let mut hasher = Blake256::new();
+                BaseLayerCovenantsDomain::add_domain_separation_tag(&mut hasher, COVENANTS_FIELD_HASHER_LABEL);
+                let expected_hash = hasher
+                    .chain(output.features.to_consensus_bytes())
+                    .chain(output.commitment.to_consensus_bytes())
+                    .chain(output.script.to_consensus_bytes())
+                    .finalize()
+                    .to_vec();
                 assert_eq!(hash, expected_hash);
             }
         }

base_layer/core/src/covenants/filters/fields_hashed_eq.rs

@@ -23,7 +23,6 @@
 use digest::Digest;
 
 use crate::covenants::{context::CovenantContext, error::CovenantError, filters::Filter, output_set::OutputSet};
-
 #[derive(Debug, Clone, PartialEq, Eq)]
 pub struct FieldsHashedEqFilter;
 
@@ -32,22 +31,29 @@ impl Filter for FieldsHashedEqFilter {
         let fields = context.next_arg()?.require_outputfields()?;
         let hash = context.next_arg()?.require_hash()?;
         output_set.retain(|output| {
-            let challenge = fields.construct_challenge_from(output);
-            Ok(challenge.finalize()[..] == *hash)
+            let challenge = fields.construct_challenge_from(output).finalize();
+            let challenge = challenge.to_vec();
+            Ok(challenge[..] == *hash)
         })?;
         Ok(())
     }
 }
 
 #[cfg(test)]
 mod test {
-    use tari_common_types::types::{Challenge, FixedHash};
+    use tari_common_types::types::FixedHash;
+    use tari_crypto::{hash::blake2::Blake256, hashing::DomainSeparation};
 
     use super::*;
     use crate::{
         consensus::ToConsensusBytes,
         covenant,
-        covenants::{filters::test::setup_filter_test, test::create_input},
+        covenants::{
+            filters::test::setup_filter_test,
+            test::create_input,
+            BaseLayerCovenantsDomain,
+            COVENANTS_FIELD_HASHER_LABEL,
+        },
         transactions::transaction_components::{OutputFeatures, SideChainFeatures},
     };
 
@@ -58,9 +64,9 @@ mod test {
             sidechain_features: Some(Box::new(SideChainFeatures::new(FixedHash::hash_bytes("A")))),
             ..Default::default()
         };
-        let hashed = Challenge::new().chain(features.to_consensus_bytes()).finalize();
-        let mut hash = [0u8; 32];
-        hash.copy_from_slice(hashed.as_slice());
+        let mut hasher = Blake256::new();
+        BaseLayerCovenantsDomain::add_domain_separation_tag(&mut hasher, COVENANTS_FIELD_HASHER_LABEL);
+        let hash = hasher.chain(&features.to_consensus_bytes()).finalize();
         let covenant = covenant!(fields_hashed_eq(@fields(@field::features), @hash(hash.into())));
         let input = create_input();
         let (mut context, outputs) = setup_filter_test(&covenant, &input, 0, |outputs| {

base_layer/core/src/covenants/mod.rs

@@ -51,3 +51,13 @@ mod macros;
 
 #[cfg(test)]
 mod test;
+
+use tari_crypto::hash_domain;
+
+hash_domain!(
+    BaseLayerCovenantsDomain,
+    "com.tari.tari-project.base_layer.covenants",
+    1
+);
+
+pub(crate) const COVENANTS_FIELD_HASHER_LABEL: &str = "fields";

base_layer/core/src/mempool/unconfirmed_pool/mod.rs

@@ -25,5 +25,24 @@ mod error;
 mod unconfirmed_pool;
 
 // Public re-exports
+use digest::Digest;
 pub use error::UnconfirmedPoolError;
+use tari_crypto::{
+    hash_domain,
+    hashing::{DomainSeparatedHasher, LengthExtensionAttackResistant},
+};
 pub use unconfirmed_pool::{UnconfirmedPool, UnconfirmedPoolConfig};
+
+hash_domain!(
+    BaseLayerCoreMemPoolDomain,
+    "com.tari.tari-project.base_layer.core.mempool",
+    1
+);
+
+pub(crate) const UNCONFIRMED_POOL_HASH_DOMAIN_LABEL: &str = "uncorfimed_pool_output_token_id";
+
+pub(crate) fn base_layer_core_mempool_hash_domain<D: Digest + LengthExtensionAttackResistant>(
+    label: &'static str,
+) -> DomainSeparatedHasher<D, BaseLayerCoreMemPoolDomain> {
+    DomainSeparatedHasher::<D, BaseLayerCoreMemPoolDomain>::new_with_label(label)
+}

base_layer/core/src/mempool/unconfirmed_pool/unconfirmed_pool.rs

@@ -26,13 +26,13 @@ use std::{
     sync::Arc,
 };
 
-use digest::Digest;
 use log::*;
 use serde::{Deserialize, Serialize};
 use tari_common_types::types::{HashOutput, PrivateKey, PublicKey, Signature};
 use tari_crypto::hash::blake2::Blake256;
 use tari_utilities::{hex::Hex, ByteArray, Hashable};
 
+use super::{base_layer_core_mempool_hash_domain, UNCONFIRMED_POOL_HASH_DOMAIN_LABEL};
 use crate::{
     blocks::Block,
     mempool::{
@@ -46,7 +46,6 @@ use crate::{
         weight::TransactionWeight,
     },
 };
-
 pub const LOG_TARGET: &str = "c::mp::unconfirmed_pool::unconfirmed_pool_storage";
 
 type TransactionKey = usize;
@@ -660,11 +659,14 @@ fn get_output_token_id(output: &TransactionOutput) -> Option<[u8; 32]> {
             .as_ref()
             .map(|pk| pk.as_bytes())
             .unwrap_or_else(|| root_pk.as_bytes());
-        Blake256::new()
+        let hash = base_layer_core_mempool_hash_domain::<Blake256>(UNCONFIRMED_POOL_HASH_DOMAIN_LABEL)
             .chain(parent_pk_bytes)
             .chain(unique_id)
-            .finalize()
-            .into()
+            .finalize();
+
+        let mut output = [0u8; 32];
+        output.copy_from_slice(hash.as_ref());
+        output
     })
 }
 
@@ -1027,11 +1029,14 @@ mod test {
         unconfirmed_pool
             .insert_many(vec![tx1.clone(), tx2.clone(), tx3.clone(), tx4.clone()], &tx_weight)
             .unwrap();
-        let expected_hash: [u8; 32] = Blake256::new()
+
+        let domain_separated_hash = base_layer_core_mempool_hash_domain::<Blake256>(UNCONFIRMED_POOL_HASH_DOMAIN_LABEL)
             .chain(parent_pk.as_bytes())
             .chain(&unique_id)
-            .finalize()
-            .into();
+            .finalize();
+
+        let mut expected_hash: [u8; 32] = [0u8; 32];
+        expected_hash.copy_from_slice(domain_separated_hash.as_ref());
         let entry = unconfirmed_pool.txs_by_unique_id.get(&expected_hash).unwrap();
         let tx_id1 = unconfirmed_pool
             .txs_by_signature

base_layer/core/src/transactions/transaction_components/side_chain/contract_acceptance_challenge.rs

@@ -20,22 +20,25 @@
 //  WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
 //  USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
-use digest::Digest;
 use tari_common_types::types::{Commitment, FixedHash};
-use tari_crypto::hash::blake2::Blake256;
 use tari_utilities::ByteArray;
 
+use super::{base_layer_core_transactions_side_chain_domain, CONTRACT_ACCEPTANCE_CHALLENGE_LABEL};
 #[derive(Debug, Clone, Copy)]
 pub struct ContractAcceptanceChallenge(FixedHash);
 
 impl ContractAcceptanceChallenge {
     pub fn new(constiution_commitment: &Commitment, contract_id: &FixedHash) -> Self {
-        // TODO: Use new tari_crypto domain-separated hashing
-        let hash = Blake256::new()
+        let hash = base_layer_core_transactions_side_chain_domain(CONTRACT_ACCEPTANCE_CHALLENGE_LABEL)
             .chain(constiution_commitment.as_bytes())
             .chain(contract_id.as_slice())
-            .finalize()
-            .into();
+            .finalize();
+
+        let mut slice = [0u8; FixedHash::byte_size()];
+        slice.copy_from_slice(hash.as_ref());
+
+        let hash = FixedHash::from(slice);
+
         Self(hash)
     }
 }

base_layer/core/src/transactions/transaction_components/side_chain/mod.rs

@@ -77,3 +77,20 @@ pub type FixedString = [u8; FIXED_STR_LEN];
 pub fn bytes_into_fixed_string<T: AsRef<[u8]>>(value: T) -> FixedString {
     tari_common_types::array::copy_into_fixed_array_lossy::<_, FIXED_STR_LEN>(value.as_ref())
 }
+
+use tari_crypto::{hash::blake2::Blake256, hash_domain, hashing::DomainSeparatedHasher};
+
+hash_domain!(
+    BaseLayerCoreTransactionsSideChainDomain,
+    "com.tari.tari-project.base_layer.core.transactions.side_chain",
+    1
+);
+
+pub(crate) const CONTRACT_ACCEPTANCE_CHALLENGE_LABEL: &str = "contract_acceptance_challenge";
+pub(crate) const SIGNER_SIGNATURE_LABEL: &str = "signer_signature";
+
+pub(crate) fn base_layer_core_transactions_side_chain_domain(
+    label: &'static str,
+) -> DomainSeparatedHasher<Blake256, BaseLayerCoreTransactionsSideChainDomain> {
+    DomainSeparatedHasher::<Blake256, BaseLayerCoreTransactionsSideChainDomain>::new_with_label(label)
+}