diff options
author | Pieter Wuille <pieter.wuille@gmail.com> | 2015-02-05 20:56:10 -0800 |
---|---|---|
committer | Pieter Wuille <pieter.wuille@gmail.com> | 2015-02-05 20:56:10 -0800 |
commit | ab03660824daa2c49379d0da28e1d9cb03f6b995 (patch) | |
tree | ab934a1cec5b35a03b5b52eda28f7a7b557b7b0a | |
parent | 41f94edf221019a6c4b8f78c2b17c389442f546e (diff) | |
download | bitcoin-ab03660824daa2c49379d0da28e1d9cb03f6b995.tar.xz |
Implement BIP 66 validation rules and switchover logic
-rw-r--r-- | src/main.cpp | 16 | ||||
-rw-r--r-- | src/script.cpp | 88 | ||||
-rw-r--r-- | src/script.h | 1 |
3 files changed, 105 insertions, 0 deletions
diff --git a/src/main.cpp b/src/main.cpp index fce341876e..1aac4b31dd 100644 --- a/src/main.cpp +++ b/src/main.cpp @@ -1795,6 +1795,12 @@ bool ConnectBlock(CBlock& block, CValidationState& state, CBlockIndex* pindex, C unsigned int flags = SCRIPT_VERIFY_NOCACHE | (fStrictPayToScriptHash ? SCRIPT_VERIFY_P2SH : SCRIPT_VERIFY_NONE); + if (block.nVersion >= 3 && + ((!TestNet() && CBlockIndex::IsSuperMajority(3, pindex->pprev, 750, 1000)) || + (TestNet() && CBlockIndex::IsSuperMajority(3, pindex->pprev, 51, 100)))) { + flags |= SCRIPT_VERIFY_DERSIG; + } + CBlockUndo blockundo; CCheckQueueControl<CScriptCheck> control(fScriptChecks && nScriptCheckThreads ? &scriptcheckqueue : NULL); @@ -2427,6 +2433,16 @@ bool AcceptBlock(CBlock& block, CValidationState& state, CDiskBlockPos* dbp) REJECT_OBSOLETE, "bad-version"); } } + // Reject block.nVersion=2 blocks when 95% (75% on testnet) of the network has upgraded: + if (block.nVersion < 3) + { + if ((!TestNet() && CBlockIndex::IsSuperMajority(3, pindexPrev, 950, 1000)) || + (TestNet() && CBlockIndex::IsSuperMajority(3, pindexPrev, 75, 100))) + { + return state.Invalid(error("AcceptBlock() : rejected nVersion=2 block"), + REJECT_OBSOLETE, "bad-version"); + } + } // Enforce block.nVersion=2 rule that the coinbase starts with serialized block height if (block.nVersion >= 2) { diff --git a/src/script.cpp b/src/script.cpp index 81d2754453..139c8e6684 100644 --- a/src/script.cpp +++ b/src/script.cpp @@ -294,6 +294,86 @@ bool IsCanonicalSignature(const valtype &vchSig, unsigned int flags) { return true; } +// BIP 66 defined signature encoding check. This largely overlaps with +// IsCanonicalSignature above, but lacks hashtype constraints, and uses the +// exact implementation code from BIP 66. +bool static IsValidSignatureEncoding(const std::vector<unsigned char> &sig) { + // Format: 0x30 [total-length] 0x02 [R-length] [R] 0x02 [S-length] [S] [sighash] + // * total-length: 1-byte length descriptor of everything that follows, + // excluding the sighash byte. + // * R-length: 1-byte length descriptor of the R value that follows. + // * R: arbitrary-length big-endian encoded R value. It must use the shortest + // possible encoding for a positive integers (which means no null bytes at + // the start, except a single one when the next byte has its highest bit set). + // * S-length: 1-byte length descriptor of the S value that follows. + // * S: arbitrary-length big-endian encoded S value. The same rules apply. + // * sighash: 1-byte value indicating what data is hashed (not part of the DER + // signature) + + // Minimum and maximum size constraints. + if (sig.size() < 9) return false; + if (sig.size() > 73) return false; + + // A signature is of type 0x30 (compound). + if (sig[0] != 0x30) return false; + + // Make sure the length covers the entire signature. + if (sig[1] != sig.size() - 3) return false; + + // Extract the length of the R element. + unsigned int lenR = sig[3]; + + // Make sure the length of the S element is still inside the signature. + if (5 + lenR >= sig.size()) return false; + + // Extract the length of the S element. + unsigned int lenS = sig[5 + lenR]; + + // Verify that the length of the signature matches the sum of the length + // of the elements. + if ((size_t)(lenR + lenS + 7) != sig.size()) return false; + + // Check whether the R element is an integer. + if (sig[2] != 0x02) return false; + + // Zero-length integers are not allowed for R. + if (lenR == 0) return false; + + // Negative numbers are not allowed for R. + if (sig[4] & 0x80) return false; + + // Null bytes at the start of R are not allowed, unless R would + // otherwise be interpreted as a negative number. + if (lenR > 1 && (sig[4] == 0x00) && !(sig[5] & 0x80)) return false; + + // Check whether the S element is an integer. + if (sig[lenR + 4] != 0x02) return false; + + // Zero-length integers are not allowed for S. + if (lenS == 0) return false; + + // Negative numbers are not allowed for S. + if (sig[lenR + 6] & 0x80) return false; + + // Null bytes at the start of S are not allowed, unless S would otherwise be + // interpreted as a negative number. + if (lenS > 1 && (sig[lenR + 6] == 0x00) && !(sig[lenR + 7] & 0x80)) return false; + + return true; +} + +bool static CheckSignatureEncoding(const valtype &vchSig, unsigned int flags) { + // Empty signature. Not strictly DER encoded, but allowed to provide a + // compact way to provide an invalid signature for use with CHECK(MULTI)SIG + if (vchSig.size() == 0) { + return true; + } + if ((flags & SCRIPT_VERIFY_DERSIG) != 0 && !IsValidSignatureEncoding(vchSig)) { + return false; + } + return true; +} + bool EvalScript(vector<vector<unsigned char> >& stack, const CScript& script, const CTransaction& txTo, unsigned int nIn, unsigned int flags, int nHashType) { CScript::const_iterator pc = script.begin(); @@ -846,6 +926,10 @@ bool EvalScript(vector<vector<unsigned char> >& stack, const CScript& script, co // Drop the signature, since there's no way for a signature to sign itself scriptCode.FindAndDelete(CScript(vchSig)); + if (!CheckSignatureEncoding(vchSig, flags)) { + return false; + } + bool fSuccess = IsCanonicalSignature(vchSig, flags) && IsCanonicalPubKey(vchPubKey, flags) && CheckSig(vchSig, vchPubKey, scriptCode, txTo, nIn, nHashType, flags); @@ -906,6 +990,10 @@ bool EvalScript(vector<vector<unsigned char> >& stack, const CScript& script, co valtype& vchSig = stacktop(-isig); valtype& vchPubKey = stacktop(-ikey); + if (!CheckSignatureEncoding(vchSig, flags)) { + return false; + } + // Check signature bool fOk = IsCanonicalSignature(vchSig, flags) && IsCanonicalPubKey(vchPubKey, flags) && CheckSig(vchSig, vchPubKey, scriptCode, txTo, nIn, nHashType, flags); diff --git a/src/script.h b/src/script.h index 1742ce81f8..c6e31f603c 100644 --- a/src/script.h +++ b/src/script.h @@ -190,6 +190,7 @@ enum SCRIPT_VERIFY_STRICTENC = (1U << 1), // enforce strict conformance to DER and SEC2 for signatures and pubkeys SCRIPT_VERIFY_EVEN_S = (1U << 2), // enforce even S values in signatures (depends on STRICTENC) SCRIPT_VERIFY_NOCACHE = (1U << 3), // do not store results in signature cache (but do query it) + SCRIPT_VERIFY_DERSIG = (1U << 4), // enforce signature encodings as defined by BIP 66 (which is a softfork, while STRICTENC is not) }; enum txnouttype |