DataHasher macro: explicit validation for sha

SwenSchaeferjohann · SwenSchaeferjohann · commit cdcf56432742 · 2025-07-29T11:34:28.000-04:00
diff --git a/sdk-libs/macros/src/hasher/data_hasher.rs b/sdk-libs/macros/src/hasher/data_hasher.rs
@@ -83,3 +83,36 @@ pub(crate) fn generate_data_hasher_impl(
 
     Ok(hasher_impl)
 }
+
+/// SHA256-specific DataHasher implementation that serializes the whole struct
+pub(crate) fn generate_data_hasher_impl_sha(
+    struct_name: &syn::Ident,
+    generics: &syn::Generics,
+) -> Result<TokenStream> {
+    let (impl_gen, type_gen, where_clause) = generics.split_for_impl();
+
+    let hasher_impl = quote! {
+        impl #impl_gen ::light_hasher::DataHasher for #struct_name #type_gen #where_clause {
+            fn hash<H>(&self) -> ::std::result::Result<[u8; 32], ::light_hasher::HasherError>
+            where
+                H: ::light_hasher::Hasher
+            {
+                use ::light_hasher::Hasher;
+                use borsh::BorshSerialize;
+
+                // For SHA256, we serialize the whole struct and hash it in one go
+                let serialized = self.try_to_vec().map_err(|_| ::light_hasher::HasherError::BorshError)?;
+                let mut result = H::hash(&serialized)?;
+
+                // Truncate field size for non-Poseidon hashers
+                if H::ID != 0 {
+                    result[0] = 0;
+                }
+
+                Ok(result)
+            }
+        }
+    };
+
+    Ok(hasher_impl)
+}
diff --git a/sdk-libs/macros/src/hasher/input_validator.rs b/sdk-libs/macros/src/hasher/input_validator.rs
@@ -60,6 +60,36 @@ pub(crate) fn validate_input(input: &ItemStruct) -> Result<()> {
     Ok(())
 }
 
+/// SHA256-specific validation - much more relaxed constraints
+pub(crate) fn validate_input_sha(input: &ItemStruct) -> Result<()> {
+    // Check that we have a struct with named fields
+    match &input.fields {
+        Fields::Named(_) => (),
+        _ => {
+            return Err(Error::new_spanned(
+                input,
+                "Only structs with named fields are supported",
+            ))
+        }
+    };
+
+    // For SHA256, we don't limit field count or require specific attributes
+    // Just ensure flatten is not used (not implemented for SHA256 path)
+    let flatten_field_exists = input
+        .fields
+        .iter()
+        .any(|field| get_field_attribute(field) == FieldAttribute::Flatten);
+
+    if flatten_field_exists {
+        return Err(Error::new_spanned(
+            input,
+            "Flatten attribute is not supported in SHA256 hasher.",
+        ));
+    }
+
+    Ok(())
+}
+
 /// Gets the primary attribute for a field (only one attribute can be active)
 pub(crate) fn get_field_attribute(field: &Field) -> FieldAttribute {
     if field.attrs.iter().any(|attr| attr.path().is_ident("hash")) {
diff --git a/sdk-libs/macros/src/hasher/light_hasher.rs b/sdk-libs/macros/src/hasher/light_hasher.rs
@@ -3,10 +3,10 @@ use quote::quote;
 use syn::{Fields, ItemStruct, Result};
 
 use crate::hasher::{
-    data_hasher::generate_data_hasher_impl,
+    data_hasher::{generate_data_hasher_impl, generate_data_hasher_impl_sha},
     field_processor::{process_field, FieldProcessingContext},
-    input_validator::{get_field_attribute, validate_input, FieldAttribute},
-    to_byte_array::generate_to_byte_array_impl_with_hasher,
+    input_validator::{get_field_attribute, validate_input, validate_input_sha, FieldAttribute},
+    to_byte_array::{generate_to_byte_array_impl_sha, generate_to_byte_array_impl_with_hasher},
 };
 
 /// - ToByteArray:
@@ -53,7 +53,26 @@ pub(crate) fn derive_light_hasher(input: ItemStruct) -> Result<TokenStream> {
 }
 
 pub(crate) fn derive_light_hasher_sha(input: ItemStruct) -> Result<TokenStream> {
-    derive_light_hasher_with_hasher(input, &quote!(::light_hasher::Sha256))
+    // Use SHA256-specific validation (no field count limits)
+    validate_input_sha(&input)?;
+
+    let generics = input.generics.clone();
+
+    let fields = match &input.fields {
+        Fields::Named(fields) => fields.clone(),
+        _ => unreachable!("Validation should have caught this"),
+    };
+
+    let field_count = fields.named.len();
+
+    let to_byte_array_impl = generate_to_byte_array_impl_sha(&input.ident, &generics, field_count)?;
+    let data_hasher_impl = generate_data_hasher_impl_sha(&input.ident, &generics)?;
+
+    Ok(quote! {
+        #to_byte_array_impl
+
+        #data_hasher_impl
+    })
 }
 
 fn derive_light_hasher_with_hasher(input: ItemStruct, hasher: &TokenStream) -> Result<TokenStream> {
diff --git a/sdk-libs/macros/src/hasher/to_byte_array.rs b/sdk-libs/macros/src/hasher/to_byte_array.rs
@@ -21,34 +21,70 @@ pub(crate) fn generate_to_byte_array_impl_with_hasher(
             Some(s) => s,
             None => &alt_res,
         };
-        let field_assignment: TokenStream = syn::parse_str(str)?;
-
-        // Create a token stream with the field_assignment and the import code
-        let mut hash_imports = proc_macro2::TokenStream::new();
-        for code in &context.hash_to_field_size_code {
-            hash_imports.extend(code.clone());
-        }
 
+        let content: TokenStream = str.parse().expect("Invalid generated code");
         Ok(quote! {
             impl #impl_gen ::light_hasher::to_byte_array::ToByteArray for #struct_name #type_gen #where_clause {
-                const NUM_FIELDS: usize = #field_count;
+                const NUM_FIELDS: usize = 1;
 
                 fn to_byte_array(&self) -> ::std::result::Result<[u8; 32], ::light_hasher::HasherError> {
-                    #hash_imports
-                    #field_assignment
+                    use ::light_hasher::to_byte_array::ToByteArray;
+                    use ::light_hasher::hash_to_field_size::HashToFieldSize;
+                    #content
                 }
             }
         })
     } else {
+        let data_hasher_assignments = &context.data_hasher_assignments;
         Ok(quote! {
             impl #impl_gen ::light_hasher::to_byte_array::ToByteArray for #struct_name #type_gen #where_clause {
                 const NUM_FIELDS: usize = #field_count;
 
                 fn to_byte_array(&self) -> ::std::result::Result<[u8; 32], ::light_hasher::HasherError> {
-                    ::light_hasher::DataHasher::hash::<#hasher>(self)
-                }
+                    use ::light_hasher::to_byte_array::ToByteArray;
+                    use ::light_hasher::hash_to_field_size::HashToFieldSize;
+                    use ::light_hasher::Hasher;
+                    let mut result = #hasher::hashv(&[
+                        #(#data_hasher_assignments.as_slice(),)*
+                    ])?;
+
+                    // Truncate field size for non-Poseidon hashers
+                    if #hasher::ID != 0 {
+                        result[0] = 0;
+                    }
 
+                    Ok(result)
+                }
             }
         })
     }
 }
+
+/// SHA256-specific ToByteArray implementation that serializes the whole struct
+pub(crate) fn generate_to_byte_array_impl_sha(
+    struct_name: &syn::Ident,
+    generics: &syn::Generics,
+    field_count: usize,
+) -> Result<TokenStream> {
+    let (impl_gen, type_gen, where_clause) = generics.split_for_impl();
+
+    Ok(quote! {
+        impl #impl_gen ::light_hasher::to_byte_array::ToByteArray for #struct_name #type_gen #where_clause {
+            const NUM_FIELDS: usize = #field_count;
+
+            fn to_byte_array(&self) -> ::std::result::Result<[u8; 32], ::light_hasher::HasherError> {
+                use borsh::BorshSerialize;
+                use ::light_hasher::Hasher;
+
+                // For SHA256, we can serialize the whole struct and hash it in one go
+                let serialized = self.try_to_vec().map_err(|_| ::light_hasher::HasherError::BorshError)?;
+                let mut result = ::light_hasher::Sha256::hash(&serialized)?;
+
+                // Truncate field size for non-Poseidon hashers
+                result[0] = 0;
+
+                Ok(result)
+            }
+        }
+    })
+}
diff --git a/sdk-tests/native-compressible/src/lib.rs b/sdk-tests/native-compressible/src/lib.rs
@@ -203,4 +203,81 @@ mod test_sha_hasher {
 
         println!("Same account with Poseidon: {:?}", poseidon_hash);
     }
+
+    #[test]
+    fn test_large_struct_with_sha_hasher() {
+        // This demonstrates that SHA256 can handle arbitrary-sized data
+        // while Poseidon is limited to 12 fields in the current implementation
+
+        use light_hasher::{Hasher, Sha256};
+
+        // Create a large struct that would exceed Poseidon's field limits
+        #[derive(Clone, Debug, Default, BorshDeserialize, BorshSerialize)]
+        struct LargeStruct {
+            pub field1: u64,
+            pub field2: u64,
+            pub field3: u64,
+            pub field4: u64,
+            pub field5: u64,
+            pub field6: u64,
+            pub field7: u64,
+            pub field8: u64,
+            pub field9: u64,
+            pub field10: u64,
+            pub field11: u64,
+            pub field12: u64,
+            pub field13: u64,
+            // Pubkeys that would require #[hash] attribute with Poseidon
+            pub owner: solana_program::pubkey::Pubkey,
+            pub authority: solana_program::pubkey::Pubkey,
+        }
+
+        let large_account = LargeStruct {
+            field1: 1,
+            field2: 2,
+            field3: 3,
+            field4: 4,
+            field5: 5,
+            field6: 6,
+            field7: 7,
+            field8: 8,
+            field9: 9,
+            field10: 10,
+            field11: 11,
+            field12: 12,
+            field13: 13,
+            owner: solana_program::pubkey::Pubkey::new_unique(),
+            authority: solana_program::pubkey::Pubkey::new_unique(),
+        };
+
+        // Test that SHA256 can hash large data by serializing the whole struct
+        let serialized = large_account.try_to_vec().unwrap();
+        println!("Serialized struct size: {} bytes", serialized.len());
+
+        // SHA256 can hash arbitrary amounts of data
+        let sha_hash = Sha256::hash(&serialized).unwrap();
+        println!("SHA256 hash: {:?}", sha_hash);
+
+        // Verify the hash is truncated properly (first byte should be 0 for field size)
+        // Note: Since SHA256::ID = 1 (not 0), the system program expects truncation
+        let mut expected_hash = sha_hash;
+        expected_hash[0] = 0;
+
+        assert_eq!(sha_hash.len(), 32);
+        // For demonstration - in real usage, the truncation would be applied by the system
+        println!("SHA256 hash truncated: {:?}", expected_hash);
+
+        // Show that this would be different from a smaller struct
+        let small_struct = MyPdaAccount {
+            compression_info: None,
+            data: [42u8; 31],
+        };
+
+        let small_serialized = small_struct.try_to_vec().unwrap();
+        let small_hash = Sha256::hash(&small_serialized).unwrap();
+
+        // Different data should produce different hashes
+        assert_ne!(sha_hash, small_hash);
+        println!("Different struct produces different hash: {:?}", small_hash);
+    }
 }
