hasher: Enforce input length to match the modulus

To avoid misunderstandings related to padding in Poseidon hash inputs,
enforce them to have size 32, which is the number of bytes in `Fr`
modulus.

Author: vadorovsky

program-libs/compressed-account/src/compressed_account.rs

@@ -378,7 +378,7 @@ impl ZCompressedAccount<'_> {
 #[cfg(not(feature = "pinocchio"))]
 #[cfg(test)]
 mod tests {
-    use light_hasher::Poseidon;
+    use light_hasher::{to_byte_array::ToByteArray, Poseidon};
     use light_zero_copy::borsh::Deserialize;
     use num_bigint::BigUint;
     use rand::Rng;
@@ -750,7 +750,7 @@ mod tests {
                     Some(CompressedAccountData {
                         discriminator: rng.gen(),
                         data: Vec::new(), // not used in hash
-                        data_hash: Poseidon::hash(rng.gen::<u64>().to_be_bytes().as_slice())
+                        data_hash: Poseidon::hash(&rng.get::<u64>().to_byte_array().unwrap())
                             .unwrap(),
                     })
                 } else {

program-libs/hasher/src/poseidon.rs

@@ -83,6 +83,12 @@ impl Hasher for Poseidon {
     }
 
     fn hashv(vals: &[&[u8]]) -> Result<Hash, HasherError> {
+        for val in vals {
+            if val.len() != 32 {
+                return Err(HasherError::InvalidInputLength(32, val.len()));
+            }
+        }
+
         // Perform the calculation inline, calling this from within a program is
         // not supported.
         #[cfg(not(target_os = "solana"))]
@@ -99,13 +105,6 @@ impl Hasher for Poseidon {
         #[cfg(target_os = "solana")]
         {
             use crate::HASH_BYTES;
-            // TODO: reenable once LightHasher refactor is merged
-            // solana_program::msg!("remove len check onchain.");
-            // for val in vals {
-            //     if val.len() != 32 {
-            //         return Err(HasherError::InvalidInputLength(val.len()));
-            //     }
-            // }
             let mut hash_result = [0; HASH_BYTES];
             let result = unsafe {
                 crate::syscalls::sol_poseidon(

program-libs/hasher/src/to_byte_array.rs

@@ -67,6 +67,8 @@ impl_to_byte_array_for_integer_type!(i32);
 impl_to_byte_array_for_integer_type!(u32);
 impl_to_byte_array_for_integer_type!(i64);
 impl_to_byte_array_for_integer_type!(u64);
+impl_to_byte_array_for_integer_type!(isize);
+impl_to_byte_array_for_integer_type!(usize);
 impl_to_byte_array_for_integer_type!(i128);
 impl_to_byte_array_for_integer_type!(u128);
 

program-tests/create-address-test-program/src/create_pda.rs

@@ -133,8 +133,10 @@ pub struct RegisteredUser {
 impl light_hasher::DataHasher for RegisteredUser {
     fn hash<H: light_hasher::Hasher>(&self) -> std::result::Result<[u8; 32], HasherError> {
         let truncated_user_pubkey = hash_to_bn254_field_size_be(&self.user_pubkey.to_bytes());
+        let mut data = [0u8; 32];
+        data[1..].copy_from_slice(&self.data);
 
-        H::hashv(&[truncated_user_pubkey.as_slice(), self.data.as_slice()])
+        H::hashv(&[truncated_user_pubkey.as_slice(), data.as_slice()])
     }
 }
 

program-tests/system-cpi-test/src/create_pda.rs

@@ -543,6 +543,9 @@ pub struct RegisteredUser {
 impl light_hasher::DataHasher for RegisteredUser {
     fn hash<H: light_hasher::Hasher>(&self) -> std::result::Result<[u8; 32], HasherError> {
         let truncated_user_pubkey = hash_to_bn254_field_size_be(&self.user_pubkey.to_bytes());
+        let mut data = [0u8; 32];
+        data[1..].copy_from_slice(&self.data);
+
         H::hashv(&[truncated_user_pubkey.as_slice(), self.data.as_slice()])
     }
 }

program-tests/utils/src/mock_batched_forester.rs

@@ -1,7 +1,9 @@
 use light_compressed_account::{
     hash_chain::create_hash_chain_from_slice, instruction_data::compressed_proof::CompressedProof,
 };
-use light_hasher::{bigint::bigint_to_be_bytes_array, Hasher, Poseidon};
+use light_hasher::{
+    bigint::bigint_to_be_bytes_array, to_byte_array::ToByteArray, Hasher, Poseidon,
+};
 use light_merkle_tree_reference::{indexed::IndexedMerkleTree, MerkleTree};
 use light_prover_client::{
     errors::ProverClientError,
@@ -186,7 +188,7 @@ impl<const HEIGHT: usize> MockBatchedForester<HEIGHT> {
                 .iter()
                 .find(|tx_event| tx_event.inputs.contains(leaf))
                 .expect("No event for leaf found.");
-            let index_bytes = index.to_be_bytes();
+            let index_bytes = index.to_byte_array().unwrap();
             let nullifier = Poseidon::hashv(&[leaf, &index_bytes, &event.tx_hash]).unwrap();
             tx_hashes.push(event.tx_hash);
             nullifiers.push(nullifier);

program-tests/utils/src/test_batch_forester.rs

@@ -25,7 +25,9 @@ use light_compressed_account::{
     hash_chain::create_hash_chain_from_slice, instruction_data::compressed_proof::CompressedProof,
     QueueType,
 };
-use light_hasher::{bigint::bigint_to_be_bytes_array, Poseidon};
+use light_hasher::{
+    bigint::bigint_to_be_bytes_array, to_byte_array::ToByteArray, Hasher, Poseidon,
+};
 use light_prover_client::{
     proof_client::ProofClient,
     proof_types::{
@@ -269,8 +271,7 @@ pub async fn get_batched_nullify_ix_data<R: Rpc>(
         let proof = bundle.merkle_tree.get_proof_of_leaf(index, true).unwrap();
         merkle_proofs.push(proof.to_vec());
         bundle.input_leaf_indices.remove(0);
-        let index_bytes = index.to_be_bytes();
-        use light_hasher::Hasher;
+        let index_bytes = index.to_byte_array().unwrap();
         let nullifier = Poseidon::hashv(&[&leaf, &index_bytes, &leaf_info.tx_hash]).unwrap();
 
         tx_hashes.push(leaf_info.tx_hash);

prover/client/src/proof_types/batch_update/proof_inputs.rs

@@ -1,4 +1,6 @@
-use light_hasher::{hash_chain::create_hash_chain_from_array, Hasher, Poseidon};
+use light_hasher::{
+    hash_chain::create_hash_chain_from_array, to_byte_array::ToByteArray, Hasher, Poseidon,
+};
 use light_sparse_merkle_tree::changelog::ChangelogEntry;
 use num_bigint::{BigInt, Sign};
 
@@ -91,7 +93,7 @@ pub fn get_batch_update_inputs<const HEIGHT: usize>(
         let merkle_proof_array = merkle_proof.try_into().unwrap();
 
         // Use the adjusted index bytes for computing the nullifier.
-        let index_bytes = (*index).to_be_bytes();
+        let index_bytes = index.to_byte_array().unwrap();
         let nullifier = Poseidon::hashv(&[leaf, &index_bytes, &tx_hashes[i]]).unwrap();
         let (root, changelog_entry) =
             compute_root_from_merkle_proof(nullifier, &merkle_proof_array, *index);

sdk-libs/macros/tests/hasher.rs

@@ -141,8 +141,8 @@ mod basic_hashing {
         let account = create_account(Some(42));
 
         let manual_nested_bytes: Vec<Vec<u8>> = vec![
-            nested_struct.a.to_be_bytes().to_vec(),
-            nested_struct.b.to_be_bytes().to_vec(),
+            nested_struct.a.to_byte_array().unwrap().to_vec(),
+            nested_struct.b.to_byte_array().unwrap().to_vec(),
             light_compressed_account::hash_to_bn254_field_size_be(
                 nested_struct.c.try_to_vec().unwrap().as_slice(),
             )
@@ -163,8 +163,8 @@ mod basic_hashing {
         assert_eq!(nested_hash_result, manual_nested_hash);
 
         let manual_account_bytes: Vec<Vec<u8>> = vec![
-            vec![u8::from(account.a)],
-            account.b.to_be_bytes().to_vec(),
+            account.a.to_byte_array().unwrap().to_vec(),
+            account.b.to_byte_array().unwrap().to_vec(),
             account.c.hash::<Poseidon>().unwrap().to_vec(),
             light_compressed_account::hash_to_bn254_field_size_be(&account.d).to_vec(),
             {
@@ -495,18 +495,18 @@ fn test_poseidon_width_limits() {
 
     assert!(max_fields.hash::<Poseidon>().is_ok());
     let expected_hash = Poseidon::hashv(&[
-        1u64.to_be_bytes().as_ref(),
-        2u64.to_be_bytes().as_ref(),
-        3u64.to_be_bytes().as_ref(),
-        4u64.to_be_bytes().as_ref(),
-        5u64.to_be_bytes().as_ref(),
-        6u64.to_be_bytes().as_ref(),
-        7u64.to_be_bytes().as_ref(),
-        8u64.to_be_bytes().as_ref(),
-        9u64.to_be_bytes().as_ref(),
-        10u64.to_be_bytes().as_ref(),
-        11u64.to_be_bytes().as_ref(),
-        12u64.to_be_bytes().as_ref(),
+        1u64.to_byte_array().unwrap().as_ref(),
+        2u64.to_byte_array().unwrap().as_ref(),
+        3u64.to_byte_array().unwrap().as_ref(),
+        4u64.to_byte_array().unwrap().as_ref(),
+        5u64.to_byte_array().unwrap().as_ref(),
+        6u64.to_byte_array().unwrap().as_ref(),
+        7u64.to_byte_array().unwrap().as_ref(),
+        8u64.to_byte_array().unwrap().as_ref(),
+        9u64.to_byte_array().unwrap().as_ref(),
+        10u64.to_byte_array().unwrap().as_ref(),
+        11u64.to_byte_array().unwrap().as_ref(),
+        12u64.to_byte_array().unwrap().as_ref(),
     ])
     .unwrap();
     assert_eq!(max_fields.hash::<Poseidon>().unwrap(), expected_hash);