diff options
| author | Wladimir J. van der Laan <laanwj@protonmail.com> | 2020-09-21 22:32:05 +0200 |
|---|---|---|
| committer | Wladimir J. van der Laan <laanwj@protonmail.com> | 2020-09-21 22:33:00 +0200 |
| commit | 8c5f68118cd03ff0b9babee351fee83117fb7afa (patch) | |
| tree | e38b0f179c5440fcb835b6408d05690949d57172 /src | |
| parent | c0c409dcd330e8b837291b1d331894aeb0015ead (diff) | |
| parent | 8258c4c0076bb5f27efdc117a04b27fcd6dd00b2 (diff) | |
| download | bitcoin-8c5f68118cd03ff0b9babee351fee83117fb7afa.tar.xz | |
Merge #18267: BIP-325: Signet [consensus]
8258c4c0076bb5f27efdc117a04b27fcd6dd00b2 test: some sanity checks for consensus logic (Anthony Towns)
e47ad375bf17557f805bd206e789b8db78c6338a test: basic signet tests (Karl-Johan Alm)
4c189abdc452f08dfa758564b5381bc78c42d481 test: add small signet fuzzer (practicalswift)
ec9b25d046793be50da1c11ba61d1b4b13b295b0 test: signet network selection tests (Karl-Johan Alm)
3efe298dccb248f25d6b01ab6a80b1cd6c9e1a1e signet: hard-coded parameters for Signet Global Network VI (2020-09-07) (Karl-Johan Alm)
c7898bca4e1ccbc6edafd3b72eaf80df38e3af32 qt: update QT to support signet network (Karl-Johan Alm)
a8de47a1c9033fac3355590f1fe2158a95011bb3 consensus: add signet validation (Karl-Johan Alm)
e8990f121405af8cd539b904ef082439261e6c93 add signet chain and accompanying parameters (Karl-Johan Alm)
404682b7cdb54494e7c98f0ba0cac8b51f379750 add signet basic support (signet.cpp) (Karl-Johan Alm)
a2147d7dadec1febcd9c2b8ebbbf78dce6d0556b validation: move GetWitnessCommitmentIndex to consensus/validation (Karl-Johan Alm)
Pull request description:
This PR is a part of BIP-325 (https://github.com/bitcoin/bips/blob/master/bip-0325.mediawiki), and is a sub-PR of #16411.
* Signet consensus (this)
* Signet RPC tools (pending)
* Signet utility scripts (contrib/signet) (pending)
ACKs for top commit:
jonatack:
re-ACK 8258c4c0076bb5f27efdc117a04b27fcd6dd00b per `git diff dbeea65 8258c4c`, only change since last review is updated `-signet*` config option naming.
fjahr:
re-ACK 8258c4c
laanwj:
ACK 8258c4c0076bb5f27efdc117a04b27fcd6dd00b2
MarcoFalke:
Approach ACK 8258c4c007 🌵
Tree-SHA512: 5d158add96755910837feafa8214e13695b769a6aec3a2da753cf672618bef377fac43b0f4b772a87b25dd9f0c1c9b29f2789785d7a7d47a155cdcf48f7c975d
Diffstat (limited to 'src')
| -rw-r--r-- | src/Makefile.am | 2 | ||||
| -rw-r--r-- | src/Makefile.test.include | 7 | ||||
| -rw-r--r-- | src/chainparams.cpp | 105 | ||||
| -rw-r--r-- | src/chainparamsbase.cpp | 16 | ||||
| -rw-r--r-- | src/chainparamsbase.h | 1 | ||||
| -rw-r--r-- | src/consensus/params.h | 7 | ||||
| -rw-r--r-- | src/consensus/validation.h | 27 | ||||
| -rw-r--r-- | src/qt/guiconstants.h | 1 | ||||
| -rw-r--r-- | src/qt/networkstyle.cpp | 3 | ||||
| -rw-r--r-- | src/signet.cpp | 149 | ||||
| -rw-r--r-- | src/signet.h | 42 | ||||
| -rw-r--r-- | src/test/fuzz/signet.cpp | 34 | ||||
| -rw-r--r-- | src/test/key_io_tests.cpp | 2 | ||||
| -rw-r--r-- | src/test/pow_tests.cpp | 47 | ||||
| -rw-r--r-- | src/test/util_tests.cpp | 8 | ||||
| -rw-r--r-- | src/util/system.cpp | 10 | ||||
| -rw-r--r-- | src/validation.cpp | 37 | ||||
| -rw-r--r-- | src/validation.h | 5 |
18 files changed, 459 insertions, 44 deletions
diff --git a/src/Makefile.am b/src/Makefile.am index b23bf062c5..aa63b5f516 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -202,6 +202,7 @@ BITCOIN_CORE_H = \ script/signingprovider.h \ script/standard.h \ shutdown.h \ + signet.h \ streams.h \ support/allocators/secure.h \ support/allocators/zeroafterfree.h \ @@ -322,6 +323,7 @@ libbitcoin_server_a_SOURCES = \ rpc/server.cpp \ script/sigcache.cpp \ shutdown.cpp \ + signet.cpp \ timedata.cpp \ torcontrol.cpp \ txdb.cpp \ diff --git a/src/Makefile.test.include b/src/Makefile.test.include index 77e50cf22c..06dde87ddd 100644 --- a/src/Makefile.test.include +++ b/src/Makefile.test.include @@ -137,6 +137,7 @@ FUZZ_TARGETS = \ test/fuzz/secp256k1_ecdsa_signature_parse_der_lax \ test/fuzz/service_deserialize \ test/fuzz/signature_checker \ + test/fuzz/signet \ test/fuzz/snapshotmetadata_deserialize \ test/fuzz/span \ test/fuzz/spanparsing \ @@ -1129,6 +1130,12 @@ test_fuzz_signature_checker_LDADD = $(FUZZ_SUITE_LD_COMMON) test_fuzz_signature_checker_LDFLAGS = $(FUZZ_SUITE_LDFLAGS_COMMON) test_fuzz_signature_checker_SOURCES = test/fuzz/signature_checker.cpp +test_fuzz_signet_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES) +test_fuzz_signet_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS) +test_fuzz_signet_LDADD = $(FUZZ_SUITE_LD_COMMON) +test_fuzz_signet_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) +test_fuzz_signet_SOURCES = test/fuzz/signet.cpp + test_fuzz_snapshotmetadata_deserialize_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES) -DSNAPSHOTMETADATA_DESERIALIZE=1 test_fuzz_snapshotmetadata_deserialize_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS) test_fuzz_snapshotmetadata_deserialize_LDADD = $(FUZZ_SUITE_LD_COMMON) diff --git a/src/chainparams.cpp b/src/chainparams.cpp index ffd2076c9a..d7f7888ef3 100644 --- a/src/chainparams.cpp +++ b/src/chainparams.cpp @@ -7,6 +7,7 @@ #include <chainparamsseeds.h> #include <consensus/merkle.h> +#include <hash.h> // for signet block challenge hash #include <tinyformat.h> #include <util/system.h> #include <util/strencodings.h> @@ -63,6 +64,8 @@ class CMainParams : public CChainParams { public: CMainParams() { strNetworkID = CBaseChainParams::MAIN; + consensus.signet_blocks = false; + consensus.signet_challenge.clear(); consensus.nSubsidyHalvingInterval = 210000; consensus.BIP16Exception = uint256S("0x00000000000002dc756eebf4f49723ed8d30cc28a5f108eb94b1ba88ac4f9c22"); consensus.BIP34Height = 227931; @@ -172,6 +175,8 @@ class CTestNetParams : public CChainParams { public: CTestNetParams() { strNetworkID = CBaseChainParams::TESTNET; + consensus.signet_blocks = false; + consensus.signet_challenge.clear(); consensus.nSubsidyHalvingInterval = 210000; consensus.BIP16Exception = uint256S("0x00000000dd30457c001f4095d208cc1296b0eed002427aa599874af7a432b105"); consensus.BIP34Height = 21111; @@ -251,12 +256,103 @@ public: }; /** + * Signet + */ +class SigNetParams : public CChainParams { +public: + explicit SigNetParams(const ArgsManager& args) { + std::vector<uint8_t> bin; + vSeeds.clear(); + + if (!args.IsArgSet("-signetchallenge")) { + LogPrintf("Using default signet network\n"); + bin = ParseHex("512103ad5e0edad18cb1f0fc0d28a3d4f1f3e445640337489abb10404f2d1e086be430210359ef5021964fe22d6f8e05b2463c9540ce96883fe3b278760f048f5189f2e6c452ae"); + vSeeds.emplace_back("178.128.221.177"); + vSeeds.emplace_back("2a01:7c8:d005:390::5"); + vSeeds.emplace_back("ntv3mtqw5wt63red.onion:38333"); + } else { + const auto signet_challenge = args.GetArgs("-signetchallenge"); + if (signet_challenge.size() != 1) { + throw std::runtime_error(strprintf("%s: -signetchallenge cannot be multiple values.", __func__)); + } + bin = ParseHex(signet_challenge[0]); + + LogPrintf("Signet with challenge %s\n", signet_challenge[0]); + } + + if (args.IsArgSet("-signetseednode")) { + vSeeds = args.GetArgs("-signetseednode"); + } + + strNetworkID = CBaseChainParams::SIGNET; + consensus.signet_blocks = true; + consensus.signet_challenge.assign(bin.begin(), bin.end()); + consensus.nSubsidyHalvingInterval = 210000; + consensus.BIP34Height = 1; + consensus.BIP65Height = 1; + consensus.BIP66Height = 1; + consensus.CSVHeight = 1; + consensus.SegwitHeight = 1; + consensus.nPowTargetTimespan = 14 * 24 * 60 * 60; // two weeks + consensus.nPowTargetSpacing = 10 * 60; + consensus.fPowAllowMinDifficultyBlocks = false; + consensus.fPowNoRetargeting = false; + consensus.nRuleChangeActivationThreshold = 1916; + consensus.nMinerConfirmationWindow = 2016; + consensus.powLimit = uint256S("00000377ae000000000000000000000000000000000000000000000000000000"); + consensus.vDeployments[Consensus::DEPLOYMENT_TESTDUMMY].bit = 28; + consensus.vDeployments[Consensus::DEPLOYMENT_TESTDUMMY].nStartTime = 1199145601; // January 1, 2008 + consensus.vDeployments[Consensus::DEPLOYMENT_TESTDUMMY].nTimeout = 1230767999; // December 31, 2008 + + // message start is defined as the first 4 bytes of the sha256d of the block script + CHashWriter h(SER_DISK, 0); + h << consensus.signet_challenge; + uint256 hash = h.GetHash(); + memcpy(pchMessageStart, hash.begin(), 4); + LogPrintf("Signet derived magic (message start): %s\n", HexStr({pchMessageStart, pchMessageStart + 4})); + + nDefaultPort = 38333; + nPruneAfterHeight = 1000; + m_assumed_blockchain_size = 0; + m_assumed_chain_state_size = 0; + + genesis = CreateGenesisBlock(1598918400, 52613770, 0x1e0377ae, 1, 50 * COIN); + consensus.hashGenesisBlock = genesis.GetHash(); + assert(consensus.hashGenesisBlock == uint256S("0x00000008819873e925422c1ff0f99f7cc9bbb232af63a077a480a3633bee1ef6")); + assert(genesis.hashMerkleRoot == uint256S("0x4a5e1e4baab89f3a32518a88c31bc87f618f76673e2cc77ab2127b7afdeda33b")); + + vFixedSeeds.clear(); + + base58Prefixes[PUBKEY_ADDRESS] = std::vector<unsigned char>(1,111); + base58Prefixes[SCRIPT_ADDRESS] = std::vector<unsigned char>(1,196); + base58Prefixes[SECRET_KEY] = std::vector<unsigned char>(1,239); + base58Prefixes[EXT_PUBLIC_KEY] = {0x04, 0x35, 0x87, 0xCF}; + base58Prefixes[EXT_SECRET_KEY] = {0x04, 0x35, 0x83, 0x94}; + + bech32_hrp = "tb"; + + fDefaultConsistencyChecks = false; + fRequireStandard = true; + m_is_test_chain = true; + m_is_mockable_chain = false; + + chainTxData = ChainTxData{ + 0, + 0, + 0 + }; + } +}; + +/** * Regression test */ class CRegTestParams : public CChainParams { public: explicit CRegTestParams(const ArgsManager& args) { strNetworkID = CBaseChainParams::REGTEST; + consensus.signet_blocks = false; + consensus.signet_challenge.clear(); consensus.nSubsidyHalvingInterval = 150; consensus.BIP16Exception = uint256(); consensus.BIP34Height = 500; // BIP34 activated on regtest (Used in functional tests) @@ -391,12 +487,15 @@ const CChainParams &Params() { std::unique_ptr<const CChainParams> CreateChainParams(const std::string& chain) { - if (chain == CBaseChainParams::MAIN) + if (chain == CBaseChainParams::MAIN) { return std::unique_ptr<CChainParams>(new CMainParams()); - else if (chain == CBaseChainParams::TESTNET) + } else if (chain == CBaseChainParams::TESTNET) { return std::unique_ptr<CChainParams>(new CTestNetParams()); - else if (chain == CBaseChainParams::REGTEST) + } else if (chain == CBaseChainParams::SIGNET) { + return std::unique_ptr<CChainParams>(new SigNetParams(gArgs)); + } else if (chain == CBaseChainParams::REGTEST) { return std::unique_ptr<CChainParams>(new CRegTestParams(gArgs)); + } throw std::runtime_error(strprintf("%s: Unknown chain %s.", __func__, chain)); } diff --git a/src/chainparamsbase.cpp b/src/chainparamsbase.cpp index 1825ced640..034e897ca6 100644 --- a/src/chainparamsbase.cpp +++ b/src/chainparamsbase.cpp @@ -13,6 +13,7 @@ const std::string CBaseChainParams::MAIN = "main"; const std::string CBaseChainParams::TESTNET = "test"; +const std::string CBaseChainParams::SIGNET = "signet"; const std::string CBaseChainParams::REGTEST = "regtest"; void SetupChainParamsBaseOptions(ArgsManager& argsman) @@ -23,6 +24,9 @@ void SetupChainParamsBaseOptions(ArgsManager& argsman) argsman.AddArg("-segwitheight=<n>", "Set the activation height of segwit. -1 to disable. (regtest-only)", ArgsManager::ALLOW_ANY | ArgsManager::DEBUG_ONLY, OptionsCategory::DEBUG_TEST); argsman.AddArg("-testnet", "Use the test chain. Equivalent to -chain=test.", ArgsManager::ALLOW_ANY, OptionsCategory::CHAINPARAMS); argsman.AddArg("-vbparams=deployment:start:end", "Use given start/end times for specified version bits deployment (regtest-only)", ArgsManager::ALLOW_ANY | ArgsManager::DEBUG_ONLY, OptionsCategory::CHAINPARAMS); + argsman.AddArg("-signet", "Use the signet chain. Note that the network is defined by the -signetchallenge parameter", ArgsManager::ALLOW_ANY, OptionsCategory::CHAINPARAMS); + argsman.AddArg("-signetchallenge", "Blocks must satisfy the given script to be considered valid (only for signet networks; defaults to the global default signet test network challenge)", ArgsManager::ALLOW_STRING, OptionsCategory::CHAINPARAMS); + argsman.AddArg("-signetseednode", "Specify a seed node for the signet network, in the hostname[:port] format, e.g. sig.net:1234 (may be used multiple times to specify multiple seed nodes; defaults to the global default signet test network seed node(s))", ArgsManager::ALLOW_STRING, OptionsCategory::CHAINPARAMS); } static std::unique_ptr<CBaseChainParams> globalChainBaseParams; @@ -35,14 +39,16 @@ const CBaseChainParams& BaseParams() std::unique_ptr<CBaseChainParams> CreateBaseChainParams(const std::string& chain) { - if (chain == CBaseChainParams::MAIN) + if (chain == CBaseChainParams::MAIN) { return MakeUnique<CBaseChainParams>("", 8332); - else if (chain == CBaseChainParams::TESTNET) + } else if (chain == CBaseChainParams::TESTNET) { return MakeUnique<CBaseChainParams>("testnet3", 18332); - else if (chain == CBaseChainParams::REGTEST) + } else if (chain == CBaseChainParams::SIGNET) { + return MakeUnique<CBaseChainParams>("signet", 38332); + } else if (chain == CBaseChainParams::REGTEST) { return MakeUnique<CBaseChainParams>("regtest", 18443); - else - throw std::runtime_error(strprintf("%s: Unknown chain %s.", __func__, chain)); + } + throw std::runtime_error(strprintf("%s: Unknown chain %s.", __func__, chain)); } void SelectBaseParams(const std::string& chain) diff --git a/src/chainparamsbase.h b/src/chainparamsbase.h index 1c52d0ea97..9852446b3c 100644 --- a/src/chainparamsbase.h +++ b/src/chainparamsbase.h @@ -21,6 +21,7 @@ public: /** Chain name strings */ static const std::string MAIN; static const std::string TESTNET; + static const std::string SIGNET; static const std::string REGTEST; ///@} diff --git a/src/consensus/params.h b/src/consensus/params.h index 61b1fbc2e5..85ab3f61ef 100644 --- a/src/consensus/params.h +++ b/src/consensus/params.h @@ -80,6 +80,13 @@ struct Params { int64_t DifficultyAdjustmentInterval() const { return nPowTargetTimespan / nPowTargetSpacing; } uint256 nMinimumChainWork; uint256 defaultAssumeValid; + + /** + * If true, witness commitments contain a payload equal to a Bitcoin Script solution + * to the signet challenge. See BIP325. + */ + bool signet_blocks{false}; + std::vector<uint8_t> signet_challenge; }; } // namespace Consensus diff --git a/src/consensus/validation.h b/src/consensus/validation.h index 2a93a090d6..e007c481df 100644 --- a/src/consensus/validation.h +++ b/src/consensus/validation.h @@ -12,6 +12,12 @@ #include <primitives/transaction.h> #include <primitives/block.h> +/** Index marker for when no witness commitment is present in a coinbase transaction. */ +static constexpr int NO_WITNESS_COMMITMENT{-1}; + +/** Minimum size of a witness commitment structure. Defined in BIP 141. **/ +static constexpr size_t MINIMUM_WITNESS_COMMITMENT{38}; + /** A "reason" why a transaction was invalid, suitable for determining whether the * provider of the transaction should be banned/ignored/disconnected/etc. */ @@ -151,4 +157,25 @@ static inline int64_t GetTransactionInputWeight(const CTxIn& txin) return ::GetSerializeSize(txin, PROTOCOL_VERSION | SERIALIZE_TRANSACTION_NO_WITNESS) * (WITNESS_SCALE_FACTOR - 1) + ::GetSerializeSize(txin, PROTOCOL_VERSION) + ::GetSerializeSize(txin.scriptWitness.stack, PROTOCOL_VERSION); } +/** Compute at which vout of the block's coinbase transaction the witness commitment occurs, or -1 if not found */ +inline int GetWitnessCommitmentIndex(const CBlock& block) +{ + int commitpos = NO_WITNESS_COMMITMENT; + if (!block.vtx.empty()) { + for (size_t o = 0; o < block.vtx[0]->vout.size(); o++) { + const CTxOut& vout = block.vtx[0]->vout[o]; + if (vout.scriptPubKey.size() >= MINIMUM_WITNESS_COMMITMENT && + vout.scriptPubKey[0] == OP_RETURN && + vout.scriptPubKey[1] == 0x24 && + vout.scriptPubKey[2] == 0xaa && + vout.scriptPubKey[3] == 0x21 && + vout.scriptPubKey[4] == 0xa9 && + vout.scriptPubKey[5] == 0xed) { + commitpos = o; + } + } + } + return commitpos; +} + #endif // BITCOIN_CONSENSUS_VALIDATION_H diff --git a/src/qt/guiconstants.h b/src/qt/guiconstants.h index 9457ea37d6..882d2c8f52 100644 --- a/src/qt/guiconstants.h +++ b/src/qt/guiconstants.h @@ -46,6 +46,7 @@ static const int TOOLTIP_WRAP_THRESHOLD = 80; #define QAPP_ORG_DOMAIN "bitcoin.org" #define QAPP_APP_NAME_DEFAULT "Bitcoin-Qt" #define QAPP_APP_NAME_TESTNET "Bitcoin-Qt-testnet" +#define QAPP_APP_NAME_SIGNET "Bitcoin-Qt-signet" #define QAPP_APP_NAME_REGTEST "Bitcoin-Qt-regtest" /* One gigabyte (GB) in bytes */ diff --git a/src/qt/networkstyle.cpp b/src/qt/networkstyle.cpp index 3a251e0573..b1081f6aee 100644 --- a/src/qt/networkstyle.cpp +++ b/src/qt/networkstyle.cpp @@ -19,7 +19,8 @@ static const struct { } network_styles[] = { {"main", QAPP_APP_NAME_DEFAULT, 0, 0}, {"test", QAPP_APP_NAME_TESTNET, 70, 30}, - {"regtest", QAPP_APP_NAME_REGTEST, 160, 30} + {"signet", QAPP_APP_NAME_SIGNET, 35, 15}, + {"regtest", QAPP_APP_NAME_REGTEST, 160, 30}, }; static const unsigned network_styles_count = sizeof(network_styles)/sizeof(*network_styles); diff --git a/src/signet.cpp b/src/signet.cpp new file mode 100644 index 0000000000..a29f89b58e --- /dev/null +++ b/src/signet.cpp @@ -0,0 +1,149 @@ +// Copyright (c) 2019-2020 The Bitcoin Core developers +// Distributed under the MIT software license, see the accompanying +// file COPYING or http://www.opensource.org/licenses/mit-license.php. + +#include <signet.h> + +#include <array> +#include <cstdint> +#include <vector> + +#include <consensus/merkle.h> +#include <consensus/params.h> +#include <consensus/validation.h> +#include <core_io.h> +#include <hash.h> +#include <primitives/block.h> +#include <primitives/transaction.h> +#include <span.h> +#include <script/interpreter.h> +#include <script/standard.h> +#include <streams.h> +#include <util/strencodings.h> +#include <util/system.h> +#include <uint256.h> + +static constexpr uint8_t SIGNET_HEADER[4] = {0xec, 0xc7, 0xda, 0xa2}; + +static constexpr unsigned int BLOCK_SCRIPT_VERIFY_FLAGS = SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_DERSIG | SCRIPT_VERIFY_NULLDUMMY; + +static bool FetchAndClearCommitmentSection(const Span<const uint8_t> header, CScript& witness_commitment, std::vector<uint8_t>& result) +{ + CScript replacement; + bool found_header = false; + result.clear(); + + opcodetype opcode; + CScript::const_iterator pc = witness_commitment.begin(); + std::vector<uint8_t> pushdata; + while (witness_commitment.GetOp(pc, opcode, pushdata)) { + if (pushdata.size() > 0) { + if (!found_header && pushdata.size() > (size_t) header.size() && Span<const uint8_t>(pushdata.data(), header.size()) == header) { + // pushdata only counts if it has the header _and_ some data + result.insert(result.end(), pushdata.begin() + header.size(), pushdata.end()); + pushdata.erase(pushdata.begin() + header.size(), pushdata.end()); + found_header = true; + } + replacement << pushdata; + } else { + replacement << opcode; + } + } + + if (found_header) witness_commitment = replacement; + return found_header; +} + +static uint256 ComputeModifiedMerkleRoot(const CMutableTransaction& cb, const CBlock& block) +{ + std::vector<uint256> leaves; + leaves.resize(block.vtx.size()); + leaves[0] = cb.GetHash(); + for (size_t s = 1; s < block.vtx.size(); ++s) { + leaves[s] = block.vtx[s]->GetHash(); + } + return ComputeMerkleRoot(std::move(leaves)); +} + +SignetTxs SignetTxs::Create(const CBlock& block, const CScript& challenge) +{ + CMutableTransaction tx_to_spend; + tx_to_spend.nVersion = 0; + tx_to_spend.nLockTime = 0; + tx_to_spend.vin.emplace_back(COutPoint(), CScript(OP_0), 0); + tx_to_spend.vout.emplace_back(0, challenge); + + CMutableTransaction tx_spending; + tx_spending.nVersion = 0; + tx_spending.nLockTime = 0; + tx_spending.vin.emplace_back(COutPoint(), CScript(), 0); + tx_spending.vout.emplace_back(0, CScript(OP_RETURN)); + + // can't fill any other fields before extracting signet + // responses from block coinbase tx + + // find and delete signet signature + if (block.vtx.empty()) return invalid(); // no coinbase tx in block; invalid + CMutableTransaction modified_cb(*block.vtx.at(0)); + + const int cidx = GetWitnessCommitmentIndex(block); + if (cidx == NO_WITNESS_COMMITMENT) { + return invalid(); // require a witness commitment + } + + CScript& witness_commitment = modified_cb.vout.at(cidx).scriptPubKey; + + std::vector<uint8_t> signet_solution; + if (!FetchAndClearCommitmentSection(SIGNET_HEADER, witness_commitment, signet_solution)) { + // no signet solution -- allow this to support OP_TRUE as trivial block challenge + } else { + try { + VectorReader v(SER_NETWORK, INIT_PROTO_VERSION, signet_solution, 0); + v >> tx_spending.vin[0].scriptSig; + v >> tx_spending.vin[0].scriptWitness.stack; + if (!v.empty()) return invalid(); // extraneous data encountered + } catch (const std::exception&) { + return invalid(); // parsing error + } + } + uint256 signet_merkle = ComputeModifiedMerkleRoot(modified_cb, block); + + std::vector<uint8_t> block_data; + CVectorWriter writer(SER_NETWORK, INIT_PROTO_VERSION, block_data, 0); + writer << block.nVersion; + writer << block.hashPrevBlock; + writer << signet_merkle; + writer << block.nTime; + tx_to_spend.vin[0].scriptSig << block_data; + tx_spending.vin[0].prevout = COutPoint(tx_to_spend.GetHash(), 0); + + return {tx_to_spend, tx_spending}; +} + +// Signet block solution checker +bool CheckSignetBlockSolution(const CBlock& block, const Consensus::Params& consensusParams) +{ + if (block.GetHash() == consensusParams.hashGenesisBlock) { + // genesis block solution is always valid + return true; + } + + const CScript challenge(consensusParams.signet_challenge.begin(), consensusParams.signet_challenge.end()); + const SignetTxs signet_txs(block, challenge); + + if (!signet_txs.m_valid) { + LogPrint(BCLog::VALIDATION, "CheckSignetBlockSolution: Errors in block (block solution parse failure)\n"); + return false; + } + + const CScript& scriptSig = signet_txs.m_to_sign.vin[0].scriptSig; + const CScriptWitness& witness = signet_txs.m_to_sign.vin[0].scriptWitness; + + TransactionSignatureChecker sigcheck(&signet_txs.m_to_sign, /*nIn=*/ 0, /*amount=*/ signet_txs.m_to_spend.vout[0].nValue); + + if (!VerifyScript(scriptSig, signet_txs.m_to_spend.vout[0].scriptPubKey, &witness, BLOCK_SCRIPT_VERIFY_FLAGS, sigcheck)) { + LogPrint(BCLog::VALIDATION, "CheckSignetBlockSolution: Errors in block (block solution invalid)\n"); + return false; + } + return true; +} diff --git a/src/signet.h b/src/signet.h new file mode 100644 index 0000000000..5694716fb6 --- /dev/null +++ b/src/signet.h @@ -0,0 +1,42 @@ +// Copyright (c) 2019-2020 The Bitcoin Core developers +// Distributed under the MIT software license, see the accompanying +// file COPYING or http://www.opensource.org/licenses/mit-license.php. + +#ifndef BITCOIN_SIGNET_H +#define BITCOIN_SIGNET_H + +#include <consensus/params.h> +#include <primitives/block.h> +#include <primitives/transaction.h> + +/** + * Extract signature and check whether a block has a valid solution + */ +bool CheckSignetBlockSolution(const CBlock& block, const Consensus::Params& consensusParams); + +/** + * Generate the signet tx corresponding to the given block + * + * The signet tx commits to everything in the block except: + * 1. It hashes a modified merkle root with the signet signature removed. + * 2. It skips the nonce. + */ +class SignetTxs { +private: + struct invalid {}; + SignetTxs(invalid i) : m_to_spend(), m_to_sign(), m_valid(false) { } + + template<class T1, class T2> + SignetTxs(const T1& to_spend, const T2& to_sign) : m_to_spend{to_spend}, m_to_sign{to_sign}, m_valid(true) { } + + static SignetTxs Create(const CBlock& block, const CScript& challenge); + +public: + SignetTxs(const CBlock& block, const CScript& challenge) : SignetTxs(Create(block, challenge)) { } + + const CTransaction m_to_spend; + const CTransaction m_to_sign; + const bool m_valid; +}; + +#endif // BITCOIN_SIGNET_H diff --git a/src/test/fuzz/signet.cpp b/src/test/fuzz/signet.cpp new file mode 100644 index 0000000000..4736ae27f5 --- /dev/null +++ b/src/test/fuzz/signet.cpp @@ -0,0 +1,34 @@ +// Copyright (c) 2020 The Bitcoin Core developers +// Distributed under the MIT software license, see the accompanying +// file COPYING or http://www.opensource.org/licenses/mit-license.php. + +#include <chainparams.h> +#include <consensus/validation.h> +#include <primitives/block.h> +#include <signet.h> +#include <streams.h> +#include <test/fuzz/fuzz.h> +#include <test/fuzz/FuzzedDataProvider.h> +#include <test/fuzz/util.h> + +#include <cstdint> +#include <optional> +#include <vector> + +void initialize() +{ + InitializeFuzzingContext(CBaseChainParams::SIGNET); +} + +void test_one_input(const std::vector<uint8_t>& buffer) +{ + FuzzedDataProvider fuzzed_data_provider{buffer.data(), buffer.size()}; + const std::optional<CBlock> block = ConsumeDeserializable<CBlock>(fuzzed_data_provider); + if (!block) { + return; + } + (void)CheckSignetBlockSolution(*block, Params().GetConsensus()); + if (GetWitnessCommitmentIndex(*block) != NO_WITNESS_COMMITMENT) { + (void)SignetTxs(*block, ConsumeScript(fuzzed_data_provider)); + } +} diff --git a/src/test/key_io_tests.cpp b/src/test/key_io_tests.cpp index d465ee6759..611e9f2623 100644 --- a/src/test/key_io_tests.cpp +++ b/src/test/key_io_tests.cpp @@ -136,7 +136,7 @@ BOOST_AUTO_TEST_CASE(key_io_invalid) std::string exp_base58string = test[0].get_str(); // must be invalid as public and as private key - for (const auto& chain : { CBaseChainParams::MAIN, CBaseChainParams::TESTNET, CBaseChainParams::REGTEST }) { + for (const auto& chain : { CBaseChainParams::MAIN, CBaseChainParams::TESTNET, CBaseChainParams::SIGNET, CBaseChainParams::REGTEST }) { SelectParams(chain); destination = DecodeDestination(exp_base58string); BOOST_CHECK_MESSAGE(!IsValidDestination(destination), "IsValid pubkey in mainnet:" + strTest); diff --git a/src/test/pow_tests.cpp b/src/test/pow_tests.cpp index 0f9872f434..ca49b89ad8 100644 --- a/src/test/pow_tests.cpp +++ b/src/test/pow_tests.cpp @@ -135,4 +135,51 @@ BOOST_AUTO_TEST_CASE(GetBlockProofEquivalentTime_test) } } +void sanity_check_chainparams(std::string chainName) +{ + const auto chainParams = CreateChainParams(chainName); + const auto consensus = chainParams->GetConsensus(); + + // hash genesis is correct + BOOST_CHECK_EQUAL(consensus.hashGenesisBlock, chainParams->GenesisBlock().GetHash()); + + // target timespan is an even multiple of spacing + BOOST_CHECK_EQUAL(consensus.nPowTargetTimespan % consensus.nPowTargetSpacing, 0); + + // genesis nBits is positive, doesn't overflow and is lower than powLimit + arith_uint256 pow_compact; + bool neg, over; + pow_compact.SetCompact(chainParams->GenesisBlock().nBits, &neg, &over); + BOOST_CHECK(!neg && pow_compact != 0); + BOOST_CHECK(!over); + BOOST_CHECK(UintToArith256(consensus.powLimit) >= pow_compact); + + // check max target * 4*nPowTargetTimespan doesn't overflow -- see pow.cpp:CalculateNextWorkRequired() + if (!consensus.fPowNoRetargeting) { + arith_uint256 targ_max("0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"); + targ_max /= consensus.nPowTargetTimespan*4; + BOOST_CHECK(UintToArith256(consensus.powLimit) < targ_max); + } +} + +BOOST_AUTO_TEST_CASE(ChainParams_MAIN_sanity) +{ + sanity_check_chainparams(CBaseChainParams::MAIN); +} + +BOOST_AUTO_TEST_CASE(ChainParams_REGTEST_sanity) +{ + sanity_check_chainparams(CBaseChainParams::REGTEST); +} + +BOOST_AUTO_TEST_CASE(ChainParams_TESTNET_sanity) +{ + sanity_check_chainparams(CBaseChainParams::TESTNET); +} + +BOOST_AUTO_TEST_CASE(ChainParams_SIGNET_sanity) +{ + sanity_check_chainparams(CBaseChainParams::SIGNET); +} + BOOST_AUTO_TEST_SUITE_END() diff --git a/src/test/util_tests.cpp b/src/test/util_tests.cpp index bf7c6c3e3e..241c56934e 100644 --- a/src/test/util_tests.cpp +++ b/src/test/util_tests.cpp @@ -848,8 +848,8 @@ struct ArgsMergeTestingSetup : public BasicTestingSetup { ForEachNoDup(conf_actions, SET, SECTION_NEGATE, [&] { for (bool soft_set : {false, true}) { for (bool force_set : {false, true}) { - for (const std::string& section : {CBaseChainParams::MAIN, CBaseChainParams::TESTNET}) { - for (const std::string& network : {CBaseChainParams::MAIN, CBaseChainParams::TESTNET}) { + for (const std::string& section : {CBaseChainParams::MAIN, CBaseChainParams::TESTNET, CBaseChainParams::SIGNET}) { + for (const std::string& network : {CBaseChainParams::MAIN, CBaseChainParams::TESTNET, CBaseChainParams::SIGNET}) { for (bool net_specific : {false, true}) { fn(arg_actions, conf_actions, soft_set, force_set, section, network, net_specific); } @@ -1003,7 +1003,7 @@ BOOST_FIXTURE_TEST_CASE(util_ArgsMerge, ArgsMergeTestingSetup) // Results file is formatted like: // // <input> || <IsArgSet/IsArgNegated/GetArg output> | <GetArgs output> | <GetUnsuitable output> - BOOST_CHECK_EQUAL(out_sha_hex, "8fd4877bb8bf337badca950ede6c917441901962f160e52514e06a60dea46cde"); + BOOST_CHECK_EQUAL(out_sha_hex, "d1e436c1cd510d0ec44d5205d4b4e3bee6387d316e0075c58206cb16603f3d82"); } // Similar test as above, but for ArgsManager::GetChainName function. @@ -1106,7 +1106,7 @@ BOOST_FIXTURE_TEST_CASE(util_ChainMerge, ChainMergeTestingSetup) // Results file is formatted like: // // <input> || <output> - BOOST_CHECK_EQUAL(out_sha_hex, "f0b3a3c29869edc765d579c928f7f1690a71fbb673b49ccf39cbc4de18156a0d"); + BOOST_CHECK_EQUAL(out_sha_hex, "f263493e300023b6509963887444c41386f44b63bc30047eb8402e8c1144854c"); } BOOST_AUTO_TEST_CASE(util_ReadWriteSettings) diff --git a/src/util/system.cpp b/src/util/system.cpp index 999937d906..41715aac1a 100644 --- a/src/util/system.cpp +++ b/src/util/system.cpp @@ -263,6 +263,7 @@ const std::list<SectionInfo> ArgsManager::GetUnrecognizedSections() const // Section names to be recognized in the config file. static const std::set<std::string> available_sections{ CBaseChainParams::REGTEST, + CBaseChainParams::SIGNET, CBaseChainParams::TESTNET, CBaseChainParams::MAIN }; @@ -916,16 +917,21 @@ std::string ArgsManager::GetChainName() const }; const bool fRegTest = get_net("-regtest"); + const bool fSigNet = get_net("-signet"); const bool fTestNet = get_net("-testnet"); const bool is_chain_arg_set = IsArgSet("-chain"); - if ((int)is_chain_arg_set + (int)fRegTest + (int)fTestNet > 1) { - throw std::runtime_error("Invalid combination of -regtest, -testnet and -chain. Can use at most one."); + if ((int)is_chain_arg_set + (int)fRegTest + (int)fSigNet + (int)fTestNet > 1) { + throw std::runtime_error("Invalid combination of -regtest, -signet, -testnet and -chain. Can use at most one."); } if (fRegTest) return CBaseChainParams::REGTEST; + if (fSigNet) { + return CBaseChainParams::SIGNET; + } if (fTestNet) return CBaseChainParams::TESTNET; + return GetArg("-chain", CBaseChainParams::MAIN); } diff --git a/src/validation.cpp b/src/validation.cpp index 0823c6b124..a96913e3a0 100644 --- a/src/validation.cpp +++ b/src/validation.cpp @@ -33,6 +33,7 @@ #include <script/script.h> #include <script/sigcache.h> #include <shutdown.h> +#include <signet.h> #include <timedata.h> #include <tinyformat.h> #include <txdb.h> @@ -1169,6 +1170,11 @@ bool ReadBlockFromDisk(CBlock& block, const FlatFilePos& pos, const Consensus::P if (!CheckProofOfWork(block.GetHash(), block.nBits, consensusParams)) return error("ReadBlockFromDisk: Errors in block header at %s", pos.ToString()); + // Signet only: check block solution + if (consensusParams.signet_blocks && !CheckSignetBlockSolution(block, consensusParams)) { + return error("ReadBlockFromDisk: Errors in block solution at %s", pos.ToString()); + } + return true; } @@ -3346,6 +3352,11 @@ bool CheckBlock(const CBlock& block, BlockValidationState& state, const Consensu if (!CheckBlockHeader(block, state, consensusParams, fCheckPOW)) return false; + // Signet only: check block solution + if (consensusParams.signet_blocks && fCheckPOW && !CheckSignetBlockSolution(block, consensusParams)) { + return state.Invalid(BlockValidationResult::BLOCK_CONSENSUS, "bad-signet-blksig", "signet block signature validation failure"); + } + // Check the merkle root. if (fCheckMerkleRoot) { bool mutated; @@ -3409,31 +3420,11 @@ bool IsWitnessEnabled(const CBlockIndex* pindexPrev, const Consensus::Params& pa return (height >= params.SegwitHeight); } -int GetWitnessCommitmentIndex(const CBlock& block) -{ - int commitpos = -1; - if (!block.vtx.empty()) { - for (size_t o = 0; o < block.vtx[0]->vout.size(); o++) { - const CTxOut& vout = block.vtx[0]->vout[o]; - if (vout.scriptPubKey.size() >= MINIMUM_WITNESS_COMMITMENT && - vout.scriptPubKey[0] == OP_RETURN && - vout.scriptPubKey[1] == 0x24 && - vout.scriptPubKey[2] == 0xaa && - vout.scriptPubKey[3] == 0x21 && - vout.scriptPubKey[4] == 0xa9 && - vout.scriptPubKey[5] == 0xed) { - commitpos = o; - } - } - } - return commitpos; -} - void UpdateUncommittedBlockStructures(CBlock& block, const CBlockIndex* pindexPrev, const Consensus::Params& consensusParams) { int commitpos = GetWitnessCommitmentIndex(block); static const std::vector<unsigned char> nonce(32, 0x00); - if (commitpos != -1 && IsWitnessEnabled(pindexPrev, consensusParams) && !block.vtx[0]->HasWitness()) { + if (commitpos != NO_WITNESS_COMMITMENT && IsWitnessEnabled(pindexPrev, consensusParams) && !block.vtx[0]->HasWitness()) { CMutableTransaction tx(*block.vtx[0]); tx.vin[0].scriptWitness.stack.resize(1); tx.vin[0].scriptWitness.stack[0] = nonce; @@ -3447,7 +3438,7 @@ std::vector<unsigned char> GenerateCoinbaseCommitment(CBlock& block, const CBloc int commitpos = GetWitnessCommitmentIndex(block); std::vector<unsigned char> ret(32, 0x00); if (consensusParams.SegwitHeight != std::numeric_limits<int>::max()) { - if (commitpos == -1) { + if (commitpos == NO_WITNESS_COMMITMENT) { uint256 witnessroot = BlockWitnessMerkleRoot(block, nullptr); CHash256().Write(witnessroot).Write(ret).Finalize(witnessroot); CTxOut out; @@ -3585,7 +3576,7 @@ static bool ContextualCheckBlock(const CBlock& block, BlockValidationState& stat bool fHaveWitness = false; if (nHeight >= consensusParams.SegwitHeight) { int commitpos = GetWitnessCommitmentIndex(block); - if (commitpos != -1) { + if (commitpos != NO_WITNESS_COMMITMENT) { bool malleated = false; uint256 hashWitness = BlockWitnessMerkleRoot(block, &malleated); // The malleation check is ignored; as the transaction tree itself diff --git a/src/validation.h b/src/validation.h index 0bc80e1cee..0da62093a3 100644 --- a/src/validation.h +++ b/src/validation.h @@ -93,8 +93,6 @@ static const unsigned int DEFAULT_CHECKLEVEL = 3; // one 128MB block file + added 15% undo data = 147MB greater for a total of 545MB // Setting the target to >= 550 MiB will make it likely we can respect the target. static const uint64_t MIN_DISK_SPACE_FOR_BLOCK_FILES = 550 * 1024 * 1024; -/** Minimum size of a witness commitment structure. Defined in BIP 141. **/ -static constexpr size_t MINIMUM_WITNESS_COMMITMENT{38}; struct BlockHasher { @@ -306,9 +304,6 @@ bool TestBlockValidity(BlockValidationState& state, const CChainParams& chainpar * Note that transaction witness validation rules are always enforced when P2SH is enforced. */ bool IsWitnessEnabled(const CBlockIndex* pindexPrev, const Consensus::Params& params); -/** Compute at which vout of the block's coinbase transaction the witness commitment occurs, or -1 if not found */ -int GetWitnessCommitmentIndex(const CBlock& block); - /** Update uncommitted block structures (currently: only the witness reserved value). This is safe for submitted blocks. */ void UpdateUncommittedBlockStructures(CBlock& block, const CBlockIndex* pindexPrev, const Consensus::Params& consensusParams); |