diff options
51 files changed, 1364 insertions, 1002 deletions
diff --git a/src/Makefile.am b/src/Makefile.am index 1f8f9aabdc..91cc1b96e7 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -80,7 +80,9 @@ BITCOIN_CORE_H = \ coincontrol.h \ coins.h \ compat.h \ - core.h \ + compressor.h \ + core/block.h \ + core/transaction.h \ core_io.h \ crypter.h \ db.h \ @@ -103,7 +105,6 @@ BITCOIN_CORE_H = \ rpcclient.h \ rpcprotocol.h \ rpcserver.h \ - script/compressor.h \ script/interpreter.h \ script/script.h \ script/sigcache.h \ @@ -119,6 +120,7 @@ BITCOIN_CORE_H = \ txmempool.h \ ui_interface.h \ uint256.h \ + undo.h \ util.h \ utilstrencodings.h \ utilmoneystr.h \ @@ -209,10 +211,13 @@ univalue_libbitcoin_univalue_a_SOURCES = \ libbitcoin_common_a_CPPFLAGS = $(BITCOIN_INCLUDES) libbitcoin_common_a_SOURCES = \ allocators.cpp \ + amount.cpp \ base58.cpp \ chainparams.cpp \ coins.cpp \ - core.cpp \ + compressor.cpp \ + core/block.cpp \ + core/transaction.cpp \ core_read.cpp \ core_write.cpp \ ecwrapper.cpp \ @@ -221,7 +226,6 @@ libbitcoin_common_a_SOURCES = \ keystore.cpp \ netbase.cpp \ protocol.cpp \ - script/compressor.cpp \ script/interpreter.cpp \ script/script.cpp \ script/sigcache.cpp \ diff --git a/src/amount.cpp b/src/amount.cpp new file mode 100644 index 0000000000..e6f5b7d440 --- /dev/null +++ b/src/amount.cpp @@ -0,0 +1,31 @@ +// Copyright (c) 2009-2010 Satoshi Nakamoto +// Copyright (c) 2009-2014 The Bitcoin developers +// Distributed under the MIT software license, see the accompanying +// file COPYING or http://www.opensource.org/licenses/mit-license.php. + +#include "amount.h" + +#include "tinyformat.h" + +CFeeRate::CFeeRate(const CAmount& nFeePaid, size_t nSize) +{ + if (nSize > 0) + nSatoshisPerK = nFeePaid*1000/nSize; + else + nSatoshisPerK = 0; +} + +CAmount CFeeRate::GetFee(size_t nSize) const +{ + CAmount nFee = nSatoshisPerK*nSize / 1000; + + if (nFee == 0 && nSatoshisPerK > 0) + nFee = nSatoshisPerK; + + return nFee; +} + +std::string CFeeRate::ToString() const +{ + return strprintf("%d.%08d BTC/kB", nSatoshisPerK / COIN, nSatoshisPerK % COIN); +} diff --git a/src/amount.h b/src/amount.h index 831fa1f6ca..c0d37954cb 100644 --- a/src/amount.h +++ b/src/amount.h @@ -6,8 +6,49 @@ #ifndef BITCOIN_AMOUNT_H #define BITCOIN_AMOUNT_H -#include <stdint.h> +#include "serialize.h" + +#include <stdlib.h> +#include <string> typedef int64_t CAmount; +static const CAmount COIN = 100000000; +static const CAmount CENT = 1000000; + +/** No amount larger than this (in satoshi) is valid */ +static const CAmount MAX_MONEY = 21000000 * COIN; +inline bool MoneyRange(const CAmount& nValue) { return (nValue >= 0 && nValue <= MAX_MONEY); } + +/** Type-safe wrapper class to for fee rates + * (how much to pay based on transaction size) + */ +class CFeeRate +{ +private: + CAmount nSatoshisPerK; // unit is satoshis-per-1,000-bytes +public: + CFeeRate() : nSatoshisPerK(0) { } + explicit CFeeRate(const CAmount& _nSatoshisPerK): nSatoshisPerK(_nSatoshisPerK) { } + CFeeRate(const CAmount& nFeePaid, size_t nSize); + CFeeRate(const CFeeRate& other) { nSatoshisPerK = other.nSatoshisPerK; } + + CAmount GetFee(size_t size) const; // unit returned is satoshis + CAmount GetFeePerK() const { return GetFee(1000); } // satoshis-per-1000-bytes + + friend bool operator<(const CFeeRate& a, const CFeeRate& b) { return a.nSatoshisPerK < b.nSatoshisPerK; } + friend bool operator>(const CFeeRate& a, const CFeeRate& b) { return a.nSatoshisPerK > b.nSatoshisPerK; } + friend bool operator==(const CFeeRate& a, const CFeeRate& b) { return a.nSatoshisPerK == b.nSatoshisPerK; } + friend bool operator<=(const CFeeRate& a, const CFeeRate& b) { return a.nSatoshisPerK <= b.nSatoshisPerK; } + friend bool operator>=(const CFeeRate& a, const CFeeRate& b) { return a.nSatoshisPerK >= b.nSatoshisPerK; } + std::string ToString() const; + + ADD_SERIALIZE_METHODS; + + template <typename Stream, typename Operation> + inline void SerializationOp(Stream& s, Operation ser_action, int nType, int nVersion) { + READWRITE(nSatoshisPerK); + } +}; + #endif // BITCOIN_AMOUNT_H diff --git a/src/bitcoin-tx.cpp b/src/bitcoin-tx.cpp index da37e60c7f..6f3409edf3 100644 --- a/src/bitcoin-tx.cpp +++ b/src/bitcoin-tx.cpp @@ -3,7 +3,7 @@ // file COPYING or http://www.opensource.org/licenses/mit-license.php. #include "base58.h" -#include "core.h" +#include "core/transaction.h" #include "core_io.h" #include "keystore.h" #include "main.h" // for MAX_BLOCK_SIZE diff --git a/src/bloom.cpp b/src/bloom.cpp index cac71fdbbf..c1e7aeb3bf 100644 --- a/src/bloom.cpp +++ b/src/bloom.cpp @@ -4,7 +4,7 @@ #include "bloom.h" -#include "core.h" +#include "core/transaction.h" #include "script/script.h" #include "script/standard.h" #include "streams.h" diff --git a/src/chain.h b/src/chain.h index 290150476e..2a55771622 100644 --- a/src/chain.h +++ b/src/chain.h @@ -6,7 +6,7 @@ #ifndef H_BITCOIN_CHAIN #define H_BITCOIN_CHAIN -#include "core.h" +#include "core/block.h" #include "pow.h" #include "tinyformat.h" #include "uint256.h" diff --git a/src/chainparams.h b/src/chainparams.h index f157419bb2..e27728dbd5 100644 --- a/src/chainparams.h +++ b/src/chainparams.h @@ -6,9 +6,9 @@ #ifndef BITCOIN_CHAIN_PARAMS_H #define BITCOIN_CHAIN_PARAMS_H -#include "core.h" #include "chainparamsbase.h" #include "checkpoints.h" +#include "core/block.h" #include "protocol.h" #include "uint256.h" diff --git a/src/coincontrol.h b/src/coincontrol.h index 033092c019..c8f12d92de 100644 --- a/src/coincontrol.h +++ b/src/coincontrol.h @@ -5,7 +5,7 @@ #ifndef COINCONTROL_H #define COINCONTROL_H -#include "core.h" +#include "core/transaction.h" /** Coin Control Features. */ class CCoinControl diff --git a/src/coins.h b/src/coins.h index b8f1e5bcc5..ee9051562b 100644 --- a/src/coins.h +++ b/src/coins.h @@ -6,9 +6,10 @@ #ifndef BITCOIN_COINS_H #define BITCOIN_COINS_H -#include "core.h" +#include "compressor.h" #include "serialize.h" #include "uint256.h" +#include "undo.h" #include <assert.h> #include <stdint.h> diff --git a/src/script/compressor.cpp b/src/compressor.cpp index af1acf48db..806175dd3e 100644 --- a/src/script/compressor.cpp +++ b/src/compressor.cpp @@ -5,6 +5,7 @@ #include "compressor.h" +#include "hash.h" #include "key.h" #include "script/standard.h" @@ -128,3 +129,57 @@ bool CScriptCompressor::Decompress(unsigned int nSize, const std::vector<unsigne } return false; } + +// Amount compression: +// * If the amount is 0, output 0 +// * first, divide the amount (in base units) by the largest power of 10 possible; call the exponent e (e is max 9) +// * if e<9, the last digit of the resulting number cannot be 0; store it as d, and drop it (divide by 10) +// * call the result n +// * output 1 + 10*(9*n + d - 1) + e +// * if e==9, we only know the resulting number is not zero, so output 1 + 10*(n - 1) + 9 +// (this is decodable, as d is in [1-9] and e is in [0-9]) + +uint64_t CTxOutCompressor::CompressAmount(uint64_t n) +{ + if (n == 0) + return 0; + int e = 0; + while (((n % 10) == 0) && e < 9) { + n /= 10; + e++; + } + if (e < 9) { + int d = (n % 10); + assert(d >= 1 && d <= 9); + n /= 10; + return 1 + (n*9 + d - 1)*10 + e; + } else { + return 1 + (n - 1)*10 + 9; + } +} + +uint64_t CTxOutCompressor::DecompressAmount(uint64_t x) +{ + // x = 0 OR x = 1+10*(9*n + d - 1) + e OR x = 1+10*(n - 1) + 9 + if (x == 0) + return 0; + x--; + // x = 10*(9*n + d - 1) + e + int e = x % 10; + x /= 10; + uint64_t n = 0; + if (e < 9) { + // x = 9*n + d - 1 + int d = (x % 9) + 1; + x /= 9; + // x = n + n = x*10 + d; + } else { + n = x+1; + } + while (e) { + n *= 10; + e--; + } + return n; +} diff --git a/src/script/compressor.h b/src/compressor.h index 154e0b2662..a612c3a883 100644 --- a/src/script/compressor.h +++ b/src/compressor.h @@ -3,9 +3,10 @@ // Distributed under the MIT software license, see the accompanying // file COPYING or http://www.opensource.org/licenses/mit-license.php. -#ifndef H_BITCOIN_SCRIPT_COMPRESSOR -#define H_BITCOIN_SCRIPT_COMPRESSOR +#ifndef H_BITCOIN_COMPRESSOR +#define H_BITCOIN_COMPRESSOR +#include "core/transaction.h" #include "script/script.h" #include "serialize.h" @@ -86,4 +87,33 @@ public: } }; -#endif // H_BITCOIN_SCRIPT_COMPRESSOR +/** wrapper for CTxOut that provides a more compact serialization */ +class CTxOutCompressor +{ +private: + CTxOut &txout; + +public: + static uint64_t CompressAmount(uint64_t nAmount); + static uint64_t DecompressAmount(uint64_t nAmount); + + CTxOutCompressor(CTxOut &txoutIn) : txout(txoutIn) { } + + ADD_SERIALIZE_METHODS; + + template <typename Stream, typename Operation> + inline void SerializationOp(Stream& s, Operation ser_action, int nType, int nVersion) { + if (!ser_action.ForRead()) { + uint64_t nVal = CompressAmount(txout.nValue); + READWRITE(VARINT(nVal)); + } else { + uint64_t nVal = 0; + READWRITE(VARINT(nVal)); + txout.nValue = DecompressAmount(nVal); + } + CScriptCompressor cscript(REF(txout.scriptPubKey)); + READWRITE(cscript); + } +}; + +#endif // H_BITCOIN_COMPRESSOR diff --git a/src/core.cpp b/src/core.cpp deleted file mode 100644 index 73e6de88e1..0000000000 --- a/src/core.cpp +++ /dev/null @@ -1,339 +0,0 @@ -// Copyright (c) 2009-2010 Satoshi Nakamoto -// Copyright (c) 2009-2014 The Bitcoin developers -// Distributed under the MIT/X11 software license, see the accompanying -// file COPYING or http://www.opensource.org/licenses/mit-license.php. - -#include "core.h" - -#include "hash.h" -#include "tinyformat.h" -#include "utilstrencodings.h" - -std::string COutPoint::ToString() const -{ - return strprintf("COutPoint(%s, %u)", hash.ToString().substr(0,10), n); -} - -CTxIn::CTxIn(COutPoint prevoutIn, CScript scriptSigIn, uint32_t nSequenceIn) -{ - prevout = prevoutIn; - scriptSig = scriptSigIn; - nSequence = nSequenceIn; -} - -CTxIn::CTxIn(uint256 hashPrevTx, uint32_t nOut, CScript scriptSigIn, uint32_t nSequenceIn) -{ - prevout = COutPoint(hashPrevTx, nOut); - scriptSig = scriptSigIn; - nSequence = nSequenceIn; -} - -std::string CTxIn::ToString() const -{ - std::string str; - str += "CTxIn("; - str += prevout.ToString(); - if (prevout.IsNull()) - str += strprintf(", coinbase %s", HexStr(scriptSig)); - else - str += strprintf(", scriptSig=%s", scriptSig.ToString().substr(0,24)); - if (nSequence != std::numeric_limits<unsigned int>::max()) - str += strprintf(", nSequence=%u", nSequence); - str += ")"; - return str; -} - -CTxOut::CTxOut(const CAmount& nValueIn, CScript scriptPubKeyIn) -{ - nValue = nValueIn; - scriptPubKey = scriptPubKeyIn; -} - -uint256 CTxOut::GetHash() const -{ - return SerializeHash(*this); -} - -std::string CTxOut::ToString() const -{ - return strprintf("CTxOut(nValue=%d.%08d, scriptPubKey=%s)", nValue / COIN, nValue % COIN, scriptPubKey.ToString().substr(0,30)); -} - -CFeeRate::CFeeRate(const CAmount& nFeePaid, size_t nSize) -{ - if (nSize > 0) - nSatoshisPerK = nFeePaid*1000/nSize; - else - nSatoshisPerK = 0; -} - -CAmount CFeeRate::GetFee(size_t nSize) const -{ - CAmount nFee = nSatoshisPerK*nSize / 1000; - - if (nFee == 0 && nSatoshisPerK > 0) - nFee = nSatoshisPerK; - - return nFee; -} - -std::string CFeeRate::ToString() const -{ - return strprintf("%d.%08d BTC/kB", nSatoshisPerK / COIN, nSatoshisPerK % COIN); -} - -CMutableTransaction::CMutableTransaction() : nVersion(CTransaction::CURRENT_VERSION), nLockTime(0) {} -CMutableTransaction::CMutableTransaction(const CTransaction& tx) : nVersion(tx.nVersion), vin(tx.vin), vout(tx.vout), nLockTime(tx.nLockTime) {} - -uint256 CMutableTransaction::GetHash() const -{ - return SerializeHash(*this); -} - -void CTransaction::UpdateHash() const -{ - *const_cast<uint256*>(&hash) = SerializeHash(*this); -} - -CTransaction::CTransaction() : hash(0), nVersion(CTransaction::CURRENT_VERSION), vin(), vout(), nLockTime(0) { } - -CTransaction::CTransaction(const CMutableTransaction &tx) : nVersion(tx.nVersion), vin(tx.vin), vout(tx.vout), nLockTime(tx.nLockTime) { - UpdateHash(); -} - -CTransaction& CTransaction::operator=(const CTransaction &tx) { - *const_cast<int*>(&nVersion) = tx.nVersion; - *const_cast<std::vector<CTxIn>*>(&vin) = tx.vin; - *const_cast<std::vector<CTxOut>*>(&vout) = tx.vout; - *const_cast<unsigned int*>(&nLockTime) = tx.nLockTime; - *const_cast<uint256*>(&hash) = tx.hash; - return *this; -} - -CAmount CTransaction::GetValueOut() const -{ - CAmount nValueOut = 0; - for (std::vector<CTxOut>::const_iterator it(vout.begin()); it != vout.end(); ++it) - { - nValueOut += it->nValue; - if (!MoneyRange(it->nValue) || !MoneyRange(nValueOut)) - throw std::runtime_error("CTransaction::GetValueOut() : value out of range"); - } - return nValueOut; -} - -double CTransaction::ComputePriority(double dPriorityInputs, unsigned int nTxSize) const -{ - nTxSize = CalculateModifiedSize(nTxSize); - if (nTxSize == 0) return 0.0; - - return dPriorityInputs / nTxSize; -} - -unsigned int CTransaction::CalculateModifiedSize(unsigned int nTxSize) const -{ - // In order to avoid disincentivizing cleaning up the UTXO set we don't count - // the constant overhead for each txin and up to 110 bytes of scriptSig (which - // is enough to cover a compressed pubkey p2sh redemption) for priority. - // Providing any more cleanup incentive than making additional inputs free would - // risk encouraging people to create junk outputs to redeem later. - if (nTxSize == 0) - nTxSize = ::GetSerializeSize(*this, SER_NETWORK, PROTOCOL_VERSION); - for (std::vector<CTxIn>::const_iterator it(vin.begin()); it != vin.end(); ++it) - { - unsigned int offset = 41U + std::min(110U, (unsigned int)it->scriptSig.size()); - if (nTxSize > offset) - nTxSize -= offset; - } - return nTxSize; -} - -std::string CTransaction::ToString() const -{ - std::string str; - str += strprintf("CTransaction(hash=%s, ver=%d, vin.size=%u, vout.size=%u, nLockTime=%u)\n", - GetHash().ToString().substr(0,10), - nVersion, - vin.size(), - vout.size(), - nLockTime); - for (unsigned int i = 0; i < vin.size(); i++) - str += " " + vin[i].ToString() + "\n"; - for (unsigned int i = 0; i < vout.size(); i++) - str += " " + vout[i].ToString() + "\n"; - return str; -} - -// Amount compression: -// * If the amount is 0, output 0 -// * first, divide the amount (in base units) by the largest power of 10 possible; call the exponent e (e is max 9) -// * if e<9, the last digit of the resulting number cannot be 0; store it as d, and drop it (divide by 10) -// * call the result n -// * output 1 + 10*(9*n + d - 1) + e -// * if e==9, we only know the resulting number is not zero, so output 1 + 10*(n - 1) + 9 -// (this is decodable, as d is in [1-9] and e is in [0-9]) - -uint64_t CTxOutCompressor::CompressAmount(uint64_t n) -{ - if (n == 0) - return 0; - int e = 0; - while (((n % 10) == 0) && e < 9) { - n /= 10; - e++; - } - if (e < 9) { - int d = (n % 10); - assert(d >= 1 && d <= 9); - n /= 10; - return 1 + (n*9 + d - 1)*10 + e; - } else { - return 1 + (n - 1)*10 + 9; - } -} - -uint64_t CTxOutCompressor::DecompressAmount(uint64_t x) -{ - // x = 0 OR x = 1+10*(9*n + d - 1) + e OR x = 1+10*(n - 1) + 9 - if (x == 0) - return 0; - x--; - // x = 10*(9*n + d - 1) + e - int e = x % 10; - x /= 10; - uint64_t n = 0; - if (e < 9) { - // x = 9*n + d - 1 - int d = (x % 9) + 1; - x /= 9; - // x = n - n = x*10 + d; - } else { - n = x+1; - } - while (e) { - n *= 10; - e--; - } - return n; -} - -uint256 CBlockHeader::GetHash() const -{ - return Hash(BEGIN(nVersion), END(nNonce)); -} - -uint256 CBlock::BuildMerkleTree(bool* fMutated) const -{ - /* WARNING! If you're reading this because you're learning about crypto - and/or designing a new system that will use merkle trees, keep in mind - that the following merkle tree algorithm has a serious flaw related to - duplicate txids, resulting in a vulnerability (CVE-2012-2459). - - The reason is that if the number of hashes in the list at a given time - is odd, the last one is duplicated before computing the next level (which - is unusual in Merkle trees). This results in certain sequences of - transactions leading to the same merkle root. For example, these two - trees: - - A A - / \ / \ - B C B C - / \ | / \ / \ - D E F D E F F - / \ / \ / \ / \ / \ / \ / \ - 1 2 3 4 5 6 1 2 3 4 5 6 5 6 - - for transaction lists [1,2,3,4,5,6] and [1,2,3,4,5,6,5,6] (where 5 and - 6 are repeated) result in the same root hash A (because the hash of both - of (F) and (F,F) is C). - - The vulnerability results from being able to send a block with such a - transaction list, with the same merkle root, and the same block hash as - the original without duplication, resulting in failed validation. If the - receiving node proceeds to mark that block as permanently invalid - however, it will fail to accept further unmodified (and thus potentially - valid) versions of the same block. We defend against this by detecting - the case where we would hash two identical hashes at the end of the list - together, and treating that identically to the block having an invalid - merkle root. Assuming no double-SHA256 collisions, this will detect all - known ways of changing the transactions without affecting the merkle - root. - */ - vMerkleTree.clear(); - vMerkleTree.reserve(vtx.size() * 2 + 16); // Safe upper bound for the number of total nodes. - for (std::vector<CTransaction>::const_iterator it(vtx.begin()); it != vtx.end(); ++it) - vMerkleTree.push_back(it->GetHash()); - int j = 0; - bool mutated = false; - for (int nSize = vtx.size(); nSize > 1; nSize = (nSize + 1) / 2) - { - for (int i = 0; i < nSize; i += 2) - { - int i2 = std::min(i+1, nSize-1); - if (i2 == i + 1 && i2 + 1 == nSize && vMerkleTree[j+i] == vMerkleTree[j+i2]) { - // Two identical hashes at the end of the list at a particular level. - mutated = true; - } - vMerkleTree.push_back(Hash(BEGIN(vMerkleTree[j+i]), END(vMerkleTree[j+i]), - BEGIN(vMerkleTree[j+i2]), END(vMerkleTree[j+i2]))); - } - j += nSize; - } - if (fMutated) { - *fMutated = mutated; - } - return (vMerkleTree.empty() ? 0 : vMerkleTree.back()); -} - -std::vector<uint256> CBlock::GetMerkleBranch(int nIndex) const -{ - if (vMerkleTree.empty()) - BuildMerkleTree(); - std::vector<uint256> vMerkleBranch; - int j = 0; - for (int nSize = vtx.size(); nSize > 1; nSize = (nSize + 1) / 2) - { - int i = std::min(nIndex^1, nSize-1); - vMerkleBranch.push_back(vMerkleTree[j+i]); - nIndex >>= 1; - j += nSize; - } - return vMerkleBranch; -} - -uint256 CBlock::CheckMerkleBranch(uint256 hash, const std::vector<uint256>& vMerkleBranch, int nIndex) -{ - if (nIndex == -1) - return 0; - for (std::vector<uint256>::const_iterator it(vMerkleBranch.begin()); it != vMerkleBranch.end(); ++it) - { - if (nIndex & 1) - hash = Hash(BEGIN(*it), END(*it), BEGIN(hash), END(hash)); - else - hash = Hash(BEGIN(hash), END(hash), BEGIN(*it), END(*it)); - nIndex >>= 1; - } - return hash; -} - -std::string CBlock::ToString() const -{ - std::stringstream s; - s << strprintf("CBlock(hash=%s, ver=%d, hashPrevBlock=%s, hashMerkleRoot=%s, nTime=%u, nBits=%08x, nNonce=%u, vtx=%u)\n", - GetHash().ToString(), - nVersion, - hashPrevBlock.ToString(), - hashMerkleRoot.ToString(), - nTime, nBits, nNonce, - vtx.size()); - for (unsigned int i = 0; i < vtx.size(); i++) - { - s << " " << vtx[i].ToString() << "\n"; - } - s << " vMerkleTree: "; - for (unsigned int i = 0; i < vMerkleTree.size(); i++) - s << " " << vMerkleTree[i].ToString(); - s << "\n"; - return s.str(); -} diff --git a/src/core.h b/src/core.h deleted file mode 100644 index a024dad740..0000000000 --- a/src/core.h +++ /dev/null @@ -1,566 +0,0 @@ -// Copyright (c) 2009-2010 Satoshi Nakamoto -// Copyright (c) 2009-2013 The Bitcoin developers -// Distributed under the MIT/X11 software license, see the accompanying -// file COPYING or http://www.opensource.org/licenses/mit-license.php. - -#ifndef BITCOIN_CORE_H -#define BITCOIN_CORE_H - -#include "amount.h" -#include "script/compressor.h" -#include "script/script.h" -#include "serialize.h" -#include "uint256.h" - -#include <stdint.h> - -class CTransaction; - -static const int64_t COIN = 100000000; -static const int64_t CENT = 1000000; - -/** No amount larger than this (in satoshi) is valid */ -static const CAmount MAX_MONEY = 21000000 * COIN; -inline bool MoneyRange(const CAmount& nValue) { return (nValue >= 0 && nValue <= MAX_MONEY); } - -/** An outpoint - a combination of a transaction hash and an index n into its vout */ -class COutPoint -{ -public: - uint256 hash; - uint32_t n; - - COutPoint() { SetNull(); } - COutPoint(uint256 hashIn, uint32_t nIn) { hash = hashIn; n = nIn; } - - ADD_SERIALIZE_METHODS; - - template <typename Stream, typename Operation> - inline void SerializationOp(Stream& s, Operation ser_action, int nType, int nVersion) { - READWRITE(FLATDATA(*this)); - } - - void SetNull() { hash = 0; n = (uint32_t) -1; } - bool IsNull() const { return (hash == 0 && n == (uint32_t) -1); } - - friend bool operator<(const COutPoint& a, const COutPoint& b) - { - return (a.hash < b.hash || (a.hash == b.hash && a.n < b.n)); - } - - friend bool operator==(const COutPoint& a, const COutPoint& b) - { - return (a.hash == b.hash && a.n == b.n); - } - - friend bool operator!=(const COutPoint& a, const COutPoint& b) - { - return !(a == b); - } - - std::string ToString() const; -}; - -/** An input of a transaction. It contains the location of the previous - * transaction's output that it claims and a signature that matches the - * output's public key. - */ -class CTxIn -{ -public: - COutPoint prevout; - CScript scriptSig; - uint32_t nSequence; - - CTxIn() - { - nSequence = std::numeric_limits<unsigned int>::max(); - } - - explicit CTxIn(COutPoint prevoutIn, CScript scriptSigIn=CScript(), uint32_t nSequenceIn=std::numeric_limits<unsigned int>::max()); - CTxIn(uint256 hashPrevTx, uint32_t nOut, CScript scriptSigIn=CScript(), uint32_t nSequenceIn=std::numeric_limits<uint32_t>::max()); - - ADD_SERIALIZE_METHODS; - - template <typename Stream, typename Operation> - inline void SerializationOp(Stream& s, Operation ser_action, int nType, int nVersion) { - READWRITE(prevout); - READWRITE(scriptSig); - READWRITE(nSequence); - } - - bool IsFinal() const - { - return (nSequence == std::numeric_limits<uint32_t>::max()); - } - - friend bool operator==(const CTxIn& a, const CTxIn& b) - { - return (a.prevout == b.prevout && - a.scriptSig == b.scriptSig && - a.nSequence == b.nSequence); - } - - friend bool operator!=(const CTxIn& a, const CTxIn& b) - { - return !(a == b); - } - - std::string ToString() const; -}; - - - -/** Type-safe wrapper class to for fee rates - * (how much to pay based on transaction size) - */ -class CFeeRate -{ -private: - CAmount nSatoshisPerK; // unit is satoshis-per-1,000-bytes -public: - CFeeRate() : nSatoshisPerK(0) { } - explicit CFeeRate(const CAmount& _nSatoshisPerK): nSatoshisPerK(_nSatoshisPerK) { } - CFeeRate(const CAmount& nFeePaid, size_t nSize); - CFeeRate(const CFeeRate& other) { nSatoshisPerK = other.nSatoshisPerK; } - - CAmount GetFee(size_t size) const; // unit returned is satoshis - CAmount GetFeePerK() const { return GetFee(1000); } // satoshis-per-1000-bytes - - friend bool operator<(const CFeeRate& a, const CFeeRate& b) { return a.nSatoshisPerK < b.nSatoshisPerK; } - friend bool operator>(const CFeeRate& a, const CFeeRate& b) { return a.nSatoshisPerK > b.nSatoshisPerK; } - friend bool operator==(const CFeeRate& a, const CFeeRate& b) { return a.nSatoshisPerK == b.nSatoshisPerK; } - friend bool operator<=(const CFeeRate& a, const CFeeRate& b) { return a.nSatoshisPerK <= b.nSatoshisPerK; } - friend bool operator>=(const CFeeRate& a, const CFeeRate& b) { return a.nSatoshisPerK >= b.nSatoshisPerK; } - std::string ToString() const; - - ADD_SERIALIZE_METHODS; - - template <typename Stream, typename Operation> - inline void SerializationOp(Stream& s, Operation ser_action, int nType, int nVersion) { - READWRITE(nSatoshisPerK); - } -}; - - -/** An output of a transaction. It contains the public key that the next input - * must be able to sign with to claim it. - */ -class CTxOut -{ -public: - CAmount nValue; - CScript scriptPubKey; - - CTxOut() - { - SetNull(); - } - - CTxOut(const CAmount& nValueIn, CScript scriptPubKeyIn); - - ADD_SERIALIZE_METHODS; - - template <typename Stream, typename Operation> - inline void SerializationOp(Stream& s, Operation ser_action, int nType, int nVersion) { - READWRITE(nValue); - READWRITE(scriptPubKey); - } - - void SetNull() - { - nValue = -1; - scriptPubKey.clear(); - } - - bool IsNull() const - { - return (nValue == -1); - } - - uint256 GetHash() const; - - bool IsDust(CFeeRate minRelayTxFee) const - { - // "Dust" is defined in terms of CTransaction::minRelayTxFee, - // which has units satoshis-per-kilobyte. - // If you'd pay more than 1/3 in fees - // to spend something, then we consider it dust. - // A typical txout is 34 bytes big, and will - // need a CTxIn of at least 148 bytes to spend: - // so dust is a txout less than 546 satoshis - // with default minRelayTxFee. - size_t nSize = GetSerializeSize(SER_DISK,0)+148u; - return (nValue < 3*minRelayTxFee.GetFee(nSize)); - } - - friend bool operator==(const CTxOut& a, const CTxOut& b) - { - return (a.nValue == b.nValue && - a.scriptPubKey == b.scriptPubKey); - } - - friend bool operator!=(const CTxOut& a, const CTxOut& b) - { - return !(a == b); - } - - std::string ToString() const; -}; - - -struct CMutableTransaction; - -/** The basic transaction that is broadcasted on the network and contained in - * blocks. A transaction can contain multiple inputs and outputs. - */ -class CTransaction -{ -private: - /** Memory only. */ - const uint256 hash; - void UpdateHash() const; - -public: - static const int32_t CURRENT_VERSION=1; - - // The local variables are made const to prevent unintended modification - // without updating the cached hash value. However, CTransaction is not - // actually immutable; deserialization and assignment are implemented, - // and bypass the constness. This is safe, as they update the entire - // structure, including the hash. - const int32_t nVersion; - const std::vector<CTxIn> vin; - const std::vector<CTxOut> vout; - const uint32_t nLockTime; - - /** Construct a CTransaction that qualifies as IsNull() */ - CTransaction(); - - /** Convert a CMutableTransaction into a CTransaction. */ - CTransaction(const CMutableTransaction &tx); - - CTransaction& operator=(const CTransaction& tx); - - ADD_SERIALIZE_METHODS; - - template <typename Stream, typename Operation> - inline void SerializationOp(Stream& s, Operation ser_action, int nType, int nVersion) { - READWRITE(*const_cast<int32_t*>(&this->nVersion)); - nVersion = this->nVersion; - READWRITE(*const_cast<std::vector<CTxIn>*>(&vin)); - READWRITE(*const_cast<std::vector<CTxOut>*>(&vout)); - READWRITE(*const_cast<uint32_t*>(&nLockTime)); - if (ser_action.ForRead()) - UpdateHash(); - } - - bool IsNull() const { - return vin.empty() && vout.empty(); - } - - const uint256& GetHash() const { - return hash; - } - - // Return sum of txouts. - CAmount GetValueOut() const; - // GetValueIn() is a method on CCoinsViewCache, because - // inputs must be known to compute value in. - - // Compute priority, given priority of inputs and (optionally) tx size - double ComputePriority(double dPriorityInputs, unsigned int nTxSize=0) const; - - // Compute modified tx size for priority calculation (optionally given tx size) - unsigned int CalculateModifiedSize(unsigned int nTxSize=0) const; - - bool IsCoinBase() const - { - return (vin.size() == 1 && vin[0].prevout.IsNull()); - } - - friend bool operator==(const CTransaction& a, const CTransaction& b) - { - return a.hash == b.hash; - } - - friend bool operator!=(const CTransaction& a, const CTransaction& b) - { - return a.hash != b.hash; - } - - std::string ToString() const; -}; - -/** A mutable version of CTransaction. */ -struct CMutableTransaction -{ - int32_t nVersion; - std::vector<CTxIn> vin; - std::vector<CTxOut> vout; - uint32_t nLockTime; - - CMutableTransaction(); - CMutableTransaction(const CTransaction& tx); - - ADD_SERIALIZE_METHODS; - - template <typename Stream, typename Operation> - inline void SerializationOp(Stream& s, Operation ser_action, int nType, int nVersion) { - READWRITE(this->nVersion); - nVersion = this->nVersion; - READWRITE(vin); - READWRITE(vout); - READWRITE(nLockTime); - } - - /** Compute the hash of this CMutableTransaction. This is computed on the - * fly, as opposed to GetHash() in CTransaction, which uses a cached result. - */ - uint256 GetHash() const; -}; - -/** wrapper for CTxOut that provides a more compact serialization */ -class CTxOutCompressor -{ -private: - CTxOut &txout; - -public: - static uint64_t CompressAmount(uint64_t nAmount); - static uint64_t DecompressAmount(uint64_t nAmount); - - CTxOutCompressor(CTxOut &txoutIn) : txout(txoutIn) { } - - ADD_SERIALIZE_METHODS; - - template <typename Stream, typename Operation> - inline void SerializationOp(Stream& s, Operation ser_action, int nType, int nVersion) { - if (!ser_action.ForRead()) { - uint64_t nVal = CompressAmount(txout.nValue); - READWRITE(VARINT(nVal)); - } else { - uint64_t nVal = 0; - READWRITE(VARINT(nVal)); - txout.nValue = DecompressAmount(nVal); - } - CScriptCompressor cscript(REF(txout.scriptPubKey)); - READWRITE(cscript); - } -}; - -/** Undo information for a CTxIn - * - * Contains the prevout's CTxOut being spent, and if this was the - * last output of the affected transaction, its metadata as well - * (coinbase or not, height, transaction version) - */ -class CTxInUndo -{ -public: - CTxOut txout; // the txout data before being spent - bool fCoinBase; // if the outpoint was the last unspent: whether it belonged to a coinbase - unsigned int nHeight; // if the outpoint was the last unspent: its height - int nVersion; // if the outpoint was the last unspent: its version - - CTxInUndo() : txout(), fCoinBase(false), nHeight(0), nVersion(0) {} - CTxInUndo(const CTxOut &txoutIn, bool fCoinBaseIn = false, unsigned int nHeightIn = 0, int nVersionIn = 0) : txout(txoutIn), fCoinBase(fCoinBaseIn), nHeight(nHeightIn), nVersion(nVersionIn) { } - - unsigned int GetSerializeSize(int nType, int nVersion) const { - return ::GetSerializeSize(VARINT(nHeight*2+(fCoinBase ? 1 : 0)), nType, nVersion) + - (nHeight > 0 ? ::GetSerializeSize(VARINT(this->nVersion), nType, nVersion) : 0) + - ::GetSerializeSize(CTxOutCompressor(REF(txout)), nType, nVersion); - } - - template<typename Stream> - void Serialize(Stream &s, int nType, int nVersion) const { - ::Serialize(s, VARINT(nHeight*2+(fCoinBase ? 1 : 0)), nType, nVersion); - if (nHeight > 0) - ::Serialize(s, VARINT(this->nVersion), nType, nVersion); - ::Serialize(s, CTxOutCompressor(REF(txout)), nType, nVersion); - } - - template<typename Stream> - void Unserialize(Stream &s, int nType, int nVersion) { - unsigned int nCode = 0; - ::Unserialize(s, VARINT(nCode), nType, nVersion); - nHeight = nCode / 2; - fCoinBase = nCode & 1; - if (nHeight > 0) - ::Unserialize(s, VARINT(this->nVersion), nType, nVersion); - ::Unserialize(s, REF(CTxOutCompressor(REF(txout))), nType, nVersion); - } -}; - -/** Undo information for a CTransaction */ -class CTxUndo -{ -public: - // undo information for all txins - std::vector<CTxInUndo> vprevout; - - ADD_SERIALIZE_METHODS; - - template <typename Stream, typename Operation> - inline void SerializationOp(Stream& s, Operation ser_action, int nType, int nVersion) { - READWRITE(vprevout); - } -}; - - -/** Nodes collect new transactions into a block, hash them into a hash tree, - * and scan through nonce values to make the block's hash satisfy proof-of-work - * requirements. When they solve the proof-of-work, they broadcast the block - * to everyone and the block is added to the block chain. The first transaction - * in the block is a special one that creates a new coin owned by the creator - * of the block. - */ -class CBlockHeader -{ -public: - // header - static const int32_t CURRENT_VERSION=2; - int32_t nVersion; - uint256 hashPrevBlock; - uint256 hashMerkleRoot; - uint32_t nTime; - uint32_t nBits; - uint32_t nNonce; - - CBlockHeader() - { - SetNull(); - } - - ADD_SERIALIZE_METHODS; - - template <typename Stream, typename Operation> - inline void SerializationOp(Stream& s, Operation ser_action, int nType, int nVersion) { - READWRITE(this->nVersion); - nVersion = this->nVersion; - READWRITE(hashPrevBlock); - READWRITE(hashMerkleRoot); - READWRITE(nTime); - READWRITE(nBits); - READWRITE(nNonce); - } - - void SetNull() - { - nVersion = CBlockHeader::CURRENT_VERSION; - hashPrevBlock = 0; - hashMerkleRoot = 0; - nTime = 0; - nBits = 0; - nNonce = 0; - } - - bool IsNull() const - { - return (nBits == 0); - } - - uint256 GetHash() const; - - int64_t GetBlockTime() const - { - return (int64_t)nTime; - } -}; - - -class CBlock : public CBlockHeader -{ -public: - // network and disk - std::vector<CTransaction> vtx; - - // memory only - mutable std::vector<uint256> vMerkleTree; - - CBlock() - { - SetNull(); - } - - CBlock(const CBlockHeader &header) - { - SetNull(); - *((CBlockHeader*)this) = header; - } - - ADD_SERIALIZE_METHODS; - - template <typename Stream, typename Operation> - inline void SerializationOp(Stream& s, Operation ser_action, int nType, int nVersion) { - READWRITE(*(CBlockHeader*)this); - READWRITE(vtx); - } - - void SetNull() - { - CBlockHeader::SetNull(); - vtx.clear(); - vMerkleTree.clear(); - } - - CBlockHeader GetBlockHeader() const - { - CBlockHeader block; - block.nVersion = nVersion; - block.hashPrevBlock = hashPrevBlock; - block.hashMerkleRoot = hashMerkleRoot; - block.nTime = nTime; - block.nBits = nBits; - block.nNonce = nNonce; - return block; - } - - // Build the in-memory merkle tree for this block and return the merkle root. - // If non-NULL, *mutated is set to whether mutation was detected in the merkle - // tree (a duplication of transactions in the block leading to an identical - // merkle root). - uint256 BuildMerkleTree(bool* mutated = NULL) const; - - std::vector<uint256> GetMerkleBranch(int nIndex) const; - static uint256 CheckMerkleBranch(uint256 hash, const std::vector<uint256>& vMerkleBranch, int nIndex); - std::string ToString() const; -}; - - -/** Describes a place in the block chain to another node such that if the - * other node doesn't have the same branch, it can find a recent common trunk. - * The further back it is, the further before the fork it may be. - */ -struct CBlockLocator -{ - std::vector<uint256> vHave; - - CBlockLocator() {} - - CBlockLocator(const std::vector<uint256>& vHaveIn) - { - vHave = vHaveIn; - } - - ADD_SERIALIZE_METHODS; - - template <typename Stream, typename Operation> - inline void SerializationOp(Stream& s, Operation ser_action, int nType, int nVersion) { - if (!(nType & SER_GETHASH)) - READWRITE(nVersion); - READWRITE(vHave); - } - - void SetNull() - { - vHave.clear(); - } - - bool IsNull() - { - return vHave.empty(); - } -}; - -#endif // BITCOIN_CORE_H diff --git a/src/core/block.cpp b/src/core/block.cpp new file mode 100644 index 0000000000..2010d44dac --- /dev/null +++ b/src/core/block.cpp @@ -0,0 +1,130 @@ +// Copyright (c) 2009-2010 Satoshi Nakamoto +// Copyright (c) 2009-2014 The Bitcoin developers +// Distributed under the MIT/X11 software license, see the accompanying +// file COPYING or http://www.opensource.org/licenses/mit-license.php. + +#include "core/block.h" + +#include "hash.h" +#include "tinyformat.h" +#include "utilstrencodings.h" + +uint256 CBlockHeader::GetHash() const +{ + return Hash(BEGIN(nVersion), END(nNonce)); +} + +uint256 CBlock::BuildMerkleTree(bool* fMutated) const +{ + /* WARNING! If you're reading this because you're learning about crypto + and/or designing a new system that will use merkle trees, keep in mind + that the following merkle tree algorithm has a serious flaw related to + duplicate txids, resulting in a vulnerability (CVE-2012-2459). + + The reason is that if the number of hashes in the list at a given time + is odd, the last one is duplicated before computing the next level (which + is unusual in Merkle trees). This results in certain sequences of + transactions leading to the same merkle root. For example, these two + trees: + + A A + / \ / \ + B C B C + / \ | / \ / \ + D E F D E F F + / \ / \ / \ / \ / \ / \ / \ + 1 2 3 4 5 6 1 2 3 4 5 6 5 6 + + for transaction lists [1,2,3,4,5,6] and [1,2,3,4,5,6,5,6] (where 5 and + 6 are repeated) result in the same root hash A (because the hash of both + of (F) and (F,F) is C). + + The vulnerability results from being able to send a block with such a + transaction list, with the same merkle root, and the same block hash as + the original without duplication, resulting in failed validation. If the + receiving node proceeds to mark that block as permanently invalid + however, it will fail to accept further unmodified (and thus potentially + valid) versions of the same block. We defend against this by detecting + the case where we would hash two identical hashes at the end of the list + together, and treating that identically to the block having an invalid + merkle root. Assuming no double-SHA256 collisions, this will detect all + known ways of changing the transactions without affecting the merkle + root. + */ + vMerkleTree.clear(); + vMerkleTree.reserve(vtx.size() * 2 + 16); // Safe upper bound for the number of total nodes. + for (std::vector<CTransaction>::const_iterator it(vtx.begin()); it != vtx.end(); ++it) + vMerkleTree.push_back(it->GetHash()); + int j = 0; + bool mutated = false; + for (int nSize = vtx.size(); nSize > 1; nSize = (nSize + 1) / 2) + { + for (int i = 0; i < nSize; i += 2) + { + int i2 = std::min(i+1, nSize-1); + if (i2 == i + 1 && i2 + 1 == nSize && vMerkleTree[j+i] == vMerkleTree[j+i2]) { + // Two identical hashes at the end of the list at a particular level. + mutated = true; + } + vMerkleTree.push_back(Hash(BEGIN(vMerkleTree[j+i]), END(vMerkleTree[j+i]), + BEGIN(vMerkleTree[j+i2]), END(vMerkleTree[j+i2]))); + } + j += nSize; + } + if (fMutated) { + *fMutated = mutated; + } + return (vMerkleTree.empty() ? 0 : vMerkleTree.back()); +} + +std::vector<uint256> CBlock::GetMerkleBranch(int nIndex) const +{ + if (vMerkleTree.empty()) + BuildMerkleTree(); + std::vector<uint256> vMerkleBranch; + int j = 0; + for (int nSize = vtx.size(); nSize > 1; nSize = (nSize + 1) / 2) + { + int i = std::min(nIndex^1, nSize-1); + vMerkleBranch.push_back(vMerkleTree[j+i]); + nIndex >>= 1; + j += nSize; + } + return vMerkleBranch; +} + +uint256 CBlock::CheckMerkleBranch(uint256 hash, const std::vector<uint256>& vMerkleBranch, int nIndex) +{ + if (nIndex == -1) + return 0; + for (std::vector<uint256>::const_iterator it(vMerkleBranch.begin()); it != vMerkleBranch.end(); ++it) + { + if (nIndex & 1) + hash = Hash(BEGIN(*it), END(*it), BEGIN(hash), END(hash)); + else + hash = Hash(BEGIN(hash), END(hash), BEGIN(*it), END(*it)); + nIndex >>= 1; + } + return hash; +} + +std::string CBlock::ToString() const +{ + std::stringstream s; + s << strprintf("CBlock(hash=%s, ver=%d, hashPrevBlock=%s, hashMerkleRoot=%s, nTime=%u, nBits=%08x, nNonce=%u, vtx=%u)\n", + GetHash().ToString(), + nVersion, + hashPrevBlock.ToString(), + hashMerkleRoot.ToString(), + nTime, nBits, nNonce, + vtx.size()); + for (unsigned int i = 0; i < vtx.size(); i++) + { + s << " " << vtx[i].ToString() << "\n"; + } + s << " vMerkleTree: "; + for (unsigned int i = 0; i < vMerkleTree.size(); i++) + s << " " << vMerkleTree[i].ToString(); + s << "\n"; + return s.str(); +} diff --git a/src/core/block.h b/src/core/block.h new file mode 100644 index 0000000000..f1eb7a844f --- /dev/null +++ b/src/core/block.h @@ -0,0 +1,168 @@ +// Copyright (c) 2009-2010 Satoshi Nakamoto +// Copyright (c) 2009-2013 The Bitcoin developers +// Distributed under the MIT/X11 software license, see the accompanying +// file COPYING or http://www.opensource.org/licenses/mit-license.php. + +#ifndef H_BITCOIN_CORE_BLOCK +#define H_BITCOIN_CORE_BLOCK + +#include "core/transaction.h" +#include "serialize.h" +#include "uint256.h" + +/** Nodes collect new transactions into a block, hash them into a hash tree, + * and scan through nonce values to make the block's hash satisfy proof-of-work + * requirements. When they solve the proof-of-work, they broadcast the block + * to everyone and the block is added to the block chain. The first transaction + * in the block is a special one that creates a new coin owned by the creator + * of the block. + */ +class CBlockHeader +{ +public: + // header + static const int32_t CURRENT_VERSION=2; + int32_t nVersion; + uint256 hashPrevBlock; + uint256 hashMerkleRoot; + uint32_t nTime; + uint32_t nBits; + uint32_t nNonce; + + CBlockHeader() + { + SetNull(); + } + + ADD_SERIALIZE_METHODS; + + template <typename Stream, typename Operation> + inline void SerializationOp(Stream& s, Operation ser_action, int nType, int nVersion) { + READWRITE(this->nVersion); + nVersion = this->nVersion; + READWRITE(hashPrevBlock); + READWRITE(hashMerkleRoot); + READWRITE(nTime); + READWRITE(nBits); + READWRITE(nNonce); + } + + void SetNull() + { + nVersion = CBlockHeader::CURRENT_VERSION; + hashPrevBlock = 0; + hashMerkleRoot = 0; + nTime = 0; + nBits = 0; + nNonce = 0; + } + + bool IsNull() const + { + return (nBits == 0); + } + + uint256 GetHash() const; + + int64_t GetBlockTime() const + { + return (int64_t)nTime; + } +}; + + +class CBlock : public CBlockHeader +{ +public: + // network and disk + std::vector<CTransaction> vtx; + + // memory only + mutable std::vector<uint256> vMerkleTree; + + CBlock() + { + SetNull(); + } + + CBlock(const CBlockHeader &header) + { + SetNull(); + *((CBlockHeader*)this) = header; + } + + ADD_SERIALIZE_METHODS; + + template <typename Stream, typename Operation> + inline void SerializationOp(Stream& s, Operation ser_action, int nType, int nVersion) { + READWRITE(*(CBlockHeader*)this); + READWRITE(vtx); + } + + void SetNull() + { + CBlockHeader::SetNull(); + vtx.clear(); + vMerkleTree.clear(); + } + + CBlockHeader GetBlockHeader() const + { + CBlockHeader block; + block.nVersion = nVersion; + block.hashPrevBlock = hashPrevBlock; + block.hashMerkleRoot = hashMerkleRoot; + block.nTime = nTime; + block.nBits = nBits; + block.nNonce = nNonce; + return block; + } + + // Build the in-memory merkle tree for this block and return the merkle root. + // If non-NULL, *mutated is set to whether mutation was detected in the merkle + // tree (a duplication of transactions in the block leading to an identical + // merkle root). + uint256 BuildMerkleTree(bool* mutated = NULL) const; + + std::vector<uint256> GetMerkleBranch(int nIndex) const; + static uint256 CheckMerkleBranch(uint256 hash, const std::vector<uint256>& vMerkleBranch, int nIndex); + std::string ToString() const; +}; + + +/** Describes a place in the block chain to another node such that if the + * other node doesn't have the same branch, it can find a recent common trunk. + * The further back it is, the further before the fork it may be. + */ +struct CBlockLocator +{ + std::vector<uint256> vHave; + + CBlockLocator() {} + + CBlockLocator(const std::vector<uint256>& vHaveIn) + { + vHave = vHaveIn; + } + + ADD_SERIALIZE_METHODS; + + template <typename Stream, typename Operation> + inline void SerializationOp(Stream& s, Operation ser_action, int nType, int nVersion) { + if (!(nType & SER_GETHASH)) + READWRITE(nVersion); + READWRITE(vHave); + } + + void SetNull() + { + vHave.clear(); + } + + bool IsNull() + { + return vHave.empty(); + } +}; + +#endif // H_BITCOIN_CORE_BLOCK diff --git a/src/core/transaction.cpp b/src/core/transaction.cpp new file mode 100644 index 0000000000..f835bafb9f --- /dev/null +++ b/src/core/transaction.cpp @@ -0,0 +1,142 @@ +// Copyright (c) 2009-2010 Satoshi Nakamoto +// Copyright (c) 2009-2014 The Bitcoin developers +// Distributed under the MIT software license, see the accompanying +// file COPYING or http://www.opensource.org/licenses/mit-license.php. + +#include "core/transaction.h" + +#include "hash.h" +#include "tinyformat.h" +#include "utilstrencodings.h" + +std::string COutPoint::ToString() const +{ + return strprintf("COutPoint(%s, %u)", hash.ToString().substr(0,10), n); +} + +CTxIn::CTxIn(COutPoint prevoutIn, CScript scriptSigIn, uint32_t nSequenceIn) +{ + prevout = prevoutIn; + scriptSig = scriptSigIn; + nSequence = nSequenceIn; +} + +CTxIn::CTxIn(uint256 hashPrevTx, uint32_t nOut, CScript scriptSigIn, uint32_t nSequenceIn) +{ + prevout = COutPoint(hashPrevTx, nOut); + scriptSig = scriptSigIn; + nSequence = nSequenceIn; +} + +std::string CTxIn::ToString() const +{ + std::string str; + str += "CTxIn("; + str += prevout.ToString(); + if (prevout.IsNull()) + str += strprintf(", coinbase %s", HexStr(scriptSig)); + else + str += strprintf(", scriptSig=%s", scriptSig.ToString().substr(0,24)); + if (nSequence != std::numeric_limits<unsigned int>::max()) + str += strprintf(", nSequence=%u", nSequence); + str += ")"; + return str; +} + +CTxOut::CTxOut(const CAmount& nValueIn, CScript scriptPubKeyIn) +{ + nValue = nValueIn; + scriptPubKey = scriptPubKeyIn; +} + +uint256 CTxOut::GetHash() const +{ + return SerializeHash(*this); +} + +std::string CTxOut::ToString() const +{ + return strprintf("CTxOut(nValue=%d.%08d, scriptPubKey=%s)", nValue / COIN, nValue % COIN, scriptPubKey.ToString().substr(0,30)); +} + +CMutableTransaction::CMutableTransaction() : nVersion(CTransaction::CURRENT_VERSION), nLockTime(0) {} +CMutableTransaction::CMutableTransaction(const CTransaction& tx) : nVersion(tx.nVersion), vin(tx.vin), vout(tx.vout), nLockTime(tx.nLockTime) {} + +uint256 CMutableTransaction::GetHash() const +{ + return SerializeHash(*this); +} + +void CTransaction::UpdateHash() const +{ + *const_cast<uint256*>(&hash) = SerializeHash(*this); +} + +CTransaction::CTransaction() : hash(0), nVersion(CTransaction::CURRENT_VERSION), vin(), vout(), nLockTime(0) { } + +CTransaction::CTransaction(const CMutableTransaction &tx) : nVersion(tx.nVersion), vin(tx.vin), vout(tx.vout), nLockTime(tx.nLockTime) { + UpdateHash(); +} + +CTransaction& CTransaction::operator=(const CTransaction &tx) { + *const_cast<int*>(&nVersion) = tx.nVersion; + *const_cast<std::vector<CTxIn>*>(&vin) = tx.vin; + *const_cast<std::vector<CTxOut>*>(&vout) = tx.vout; + *const_cast<unsigned int*>(&nLockTime) = tx.nLockTime; + *const_cast<uint256*>(&hash) = tx.hash; + return *this; +} + +CAmount CTransaction::GetValueOut() const +{ + CAmount nValueOut = 0; + for (std::vector<CTxOut>::const_iterator it(vout.begin()); it != vout.end(); ++it) + { + nValueOut += it->nValue; + if (!MoneyRange(it->nValue) || !MoneyRange(nValueOut)) + throw std::runtime_error("CTransaction::GetValueOut() : value out of range"); + } + return nValueOut; +} + +double CTransaction::ComputePriority(double dPriorityInputs, unsigned int nTxSize) const +{ + nTxSize = CalculateModifiedSize(nTxSize); + if (nTxSize == 0) return 0.0; + + return dPriorityInputs / nTxSize; +} + +unsigned int CTransaction::CalculateModifiedSize(unsigned int nTxSize) const +{ + // In order to avoid disincentivizing cleaning up the UTXO set we don't count + // the constant overhead for each txin and up to 110 bytes of scriptSig (which + // is enough to cover a compressed pubkey p2sh redemption) for priority. + // Providing any more cleanup incentive than making additional inputs free would + // risk encouraging people to create junk outputs to redeem later. + if (nTxSize == 0) + nTxSize = ::GetSerializeSize(*this, SER_NETWORK, PROTOCOL_VERSION); + for (std::vector<CTxIn>::const_iterator it(vin.begin()); it != vin.end(); ++it) + { + unsigned int offset = 41U + std::min(110U, (unsigned int)it->scriptSig.size()); + if (nTxSize > offset) + nTxSize -= offset; + } + return nTxSize; +} + +std::string CTransaction::ToString() const +{ + std::string str; + str += strprintf("CTransaction(hash=%s, ver=%d, vin.size=%u, vout.size=%u, nLockTime=%u)\n", + GetHash().ToString().substr(0,10), + nVersion, + vin.size(), + vout.size(), + nLockTime); + for (unsigned int i = 0; i < vin.size(); i++) + str += " " + vin[i].ToString() + "\n"; + for (unsigned int i = 0; i < vout.size(); i++) + str += " " + vout[i].ToString() + "\n"; + return str; +} diff --git a/src/core/transaction.h b/src/core/transaction.h new file mode 100644 index 0000000000..c21558cfeb --- /dev/null +++ b/src/core/transaction.h @@ -0,0 +1,276 @@ +// Copyright (c) 2009-2010 Satoshi Nakamoto +// Copyright (c) 2009-2014 The Bitcoin developers +// Distributed under the MIT software license, see the accompanying +// file COPYING or http://www.opensource.org/licenses/mit-license.php. + +#ifndef H_BITCOIN_CORE_TRANSACTION +#define H_BITCOIN_CORE_TRANSACTION + +#include "amount.h" +#include "script/script.h" +#include "serialize.h" +#include "uint256.h" + +/** An outpoint - a combination of a transaction hash and an index n into its vout */ +class COutPoint +{ +public: + uint256 hash; + uint32_t n; + + COutPoint() { SetNull(); } + COutPoint(uint256 hashIn, uint32_t nIn) { hash = hashIn; n = nIn; } + + ADD_SERIALIZE_METHODS; + + template <typename Stream, typename Operation> + inline void SerializationOp(Stream& s, Operation ser_action, int nType, int nVersion) { + READWRITE(FLATDATA(*this)); + } + + void SetNull() { hash = 0; n = (uint32_t) -1; } + bool IsNull() const { return (hash == 0 && n == (uint32_t) -1); } + + friend bool operator<(const COutPoint& a, const COutPoint& b) + { + return (a.hash < b.hash || (a.hash == b.hash && a.n < b.n)); + } + + friend bool operator==(const COutPoint& a, const COutPoint& b) + { + return (a.hash == b.hash && a.n == b.n); + } + + friend bool operator!=(const COutPoint& a, const COutPoint& b) + { + return !(a == b); + } + + std::string ToString() const; +}; + +/** An input of a transaction. It contains the location of the previous + * transaction's output that it claims and a signature that matches the + * output's public key. + */ +class CTxIn +{ +public: + COutPoint prevout; + CScript scriptSig; + uint32_t nSequence; + + CTxIn() + { + nSequence = std::numeric_limits<unsigned int>::max(); + } + + explicit CTxIn(COutPoint prevoutIn, CScript scriptSigIn=CScript(), uint32_t nSequenceIn=std::numeric_limits<unsigned int>::max()); + CTxIn(uint256 hashPrevTx, uint32_t nOut, CScript scriptSigIn=CScript(), uint32_t nSequenceIn=std::numeric_limits<uint32_t>::max()); + + ADD_SERIALIZE_METHODS; + + template <typename Stream, typename Operation> + inline void SerializationOp(Stream& s, Operation ser_action, int nType, int nVersion) { + READWRITE(prevout); + READWRITE(scriptSig); + READWRITE(nSequence); + } + + bool IsFinal() const + { + return (nSequence == std::numeric_limits<uint32_t>::max()); + } + + friend bool operator==(const CTxIn& a, const CTxIn& b) + { + return (a.prevout == b.prevout && + a.scriptSig == b.scriptSig && + a.nSequence == b.nSequence); + } + + friend bool operator!=(const CTxIn& a, const CTxIn& b) + { + return !(a == b); + } + + std::string ToString() const; +}; + +/** An output of a transaction. It contains the public key that the next input + * must be able to sign with to claim it. + */ +class CTxOut +{ +public: + CAmount nValue; + CScript scriptPubKey; + + CTxOut() + { + SetNull(); + } + + CTxOut(const CAmount& nValueIn, CScript scriptPubKeyIn); + + ADD_SERIALIZE_METHODS; + + template <typename Stream, typename Operation> + inline void SerializationOp(Stream& s, Operation ser_action, int nType, int nVersion) { + READWRITE(nValue); + READWRITE(scriptPubKey); + } + + void SetNull() + { + nValue = -1; + scriptPubKey.clear(); + } + + bool IsNull() const + { + return (nValue == -1); + } + + uint256 GetHash() const; + + bool IsDust(CFeeRate minRelayTxFee) const + { + // "Dust" is defined in terms of CTransaction::minRelayTxFee, + // which has units satoshis-per-kilobyte. + // If you'd pay more than 1/3 in fees + // to spend something, then we consider it dust. + // A typical txout is 34 bytes big, and will + // need a CTxIn of at least 148 bytes to spend: + // so dust is a txout less than 546 satoshis + // with default minRelayTxFee. + size_t nSize = GetSerializeSize(SER_DISK,0)+148u; + return (nValue < 3*minRelayTxFee.GetFee(nSize)); + } + + friend bool operator==(const CTxOut& a, const CTxOut& b) + { + return (a.nValue == b.nValue && + a.scriptPubKey == b.scriptPubKey); + } + + friend bool operator!=(const CTxOut& a, const CTxOut& b) + { + return !(a == b); + } + + std::string ToString() const; +}; + +struct CMutableTransaction; + +/** The basic transaction that is broadcasted on the network and contained in + * blocks. A transaction can contain multiple inputs and outputs. + */ +class CTransaction +{ +private: + /** Memory only. */ + const uint256 hash; + void UpdateHash() const; + +public: + static const int32_t CURRENT_VERSION=1; + + // The local variables are made const to prevent unintended modification + // without updating the cached hash value. However, CTransaction is not + // actually immutable; deserialization and assignment are implemented, + // and bypass the constness. This is safe, as they update the entire + // structure, including the hash. + const int32_t nVersion; + const std::vector<CTxIn> vin; + const std::vector<CTxOut> vout; + const uint32_t nLockTime; + + /** Construct a CTransaction that qualifies as IsNull() */ + CTransaction(); + + /** Convert a CMutableTransaction into a CTransaction. */ + CTransaction(const CMutableTransaction &tx); + + CTransaction& operator=(const CTransaction& tx); + + ADD_SERIALIZE_METHODS; + + template <typename Stream, typename Operation> + inline void SerializationOp(Stream& s, Operation ser_action, int nType, int nVersion) { + READWRITE(*const_cast<int32_t*>(&this->nVersion)); + nVersion = this->nVersion; + READWRITE(*const_cast<std::vector<CTxIn>*>(&vin)); + READWRITE(*const_cast<std::vector<CTxOut>*>(&vout)); + READWRITE(*const_cast<uint32_t*>(&nLockTime)); + if (ser_action.ForRead()) + UpdateHash(); + } + + bool IsNull() const { + return vin.empty() && vout.empty(); + } + + const uint256& GetHash() const { + return hash; + } + + // Return sum of txouts. + CAmount GetValueOut() const; + // GetValueIn() is a method on CCoinsViewCache, because + // inputs must be known to compute value in. + + // Compute priority, given priority of inputs and (optionally) tx size + double ComputePriority(double dPriorityInputs, unsigned int nTxSize=0) const; + + // Compute modified tx size for priority calculation (optionally given tx size) + unsigned int CalculateModifiedSize(unsigned int nTxSize=0) const; + + bool IsCoinBase() const + { + return (vin.size() == 1 && vin[0].prevout.IsNull()); + } + + friend bool operator==(const CTransaction& a, const CTransaction& b) + { + return a.hash == b.hash; + } + + friend bool operator!=(const CTransaction& a, const CTransaction& b) + { + return a.hash != b.hash; + } + + std::string ToString() const; +}; + +/** A mutable version of CTransaction. */ +struct CMutableTransaction +{ + int32_t nVersion; + std::vector<CTxIn> vin; + std::vector<CTxOut> vout; + uint32_t nLockTime; + + CMutableTransaction(); + CMutableTransaction(const CTransaction& tx); + + ADD_SERIALIZE_METHODS; + + template <typename Stream, typename Operation> + inline void SerializationOp(Stream& s, Operation ser_action, int nType, int nVersion) { + READWRITE(this->nVersion); + nVersion = this->nVersion; + READWRITE(vin); + READWRITE(vout); + READWRITE(nLockTime); + } + + /** Compute the hash of this CMutableTransaction. This is computed on the + * fly, as opposed to GetHash() in CTransaction, which uses a cached result. + */ + uint256 GetHash() const; +}; + +#endif // H_BITCOIN_CORE_TRANSACTION diff --git a/src/core_read.cpp b/src/core_read.cpp index dcbcf4b4f7..d39bc9a780 100644 --- a/src/core_read.cpp +++ b/src/core_read.cpp @@ -4,7 +4,7 @@ #include "core_io.h" -#include "core.h" +#include "core/transaction.h" #include "script/script.h" #include "serialize.h" #include "streams.h" diff --git a/src/core_write.cpp b/src/core_write.cpp index b2b29fb367..a3ae8eec07 100644 --- a/src/core_write.cpp +++ b/src/core_write.cpp @@ -5,7 +5,7 @@ #include "core_io.h" #include "base58.h" -#include "core.h" +#include "core/transaction.h" #include "script/script.h" #include "script/standard.h" #include "serialize.h" diff --git a/src/init.cpp b/src/init.cpp index 70ac5190d3..d928094bba 100644 --- a/src/init.cpp +++ b/src/init.cpp @@ -10,6 +10,7 @@ #include "init.h" #include "addrman.h" +#include "amount.h" #include "checkpoints.h" #include "compat/sanity.h" #include "key.h" diff --git a/src/main.cpp b/src/main.cpp index 0cfe90beda..008a059103 100644 --- a/src/main.cpp +++ b/src/main.cpp @@ -633,10 +633,6 @@ bool IsStandardTx(const CTransaction& tx, string& reason) reason = "scriptsig-not-pushonly"; return false; } - if (!txin.scriptSig.HasCanonicalPushes()) { - reason = "scriptsig-non-canonical-push"; - return false; - } } unsigned int nDataOut = 0; diff --git a/src/main.h b/src/main.h index 1ef51918c5..1941ca7059 100644 --- a/src/main.h +++ b/src/main.h @@ -10,10 +10,12 @@ #include "config/bitcoin-config.h" #endif +#include "amount.h" #include "chain.h" #include "chainparams.h" #include "coins.h" -#include "core.h" +#include "core/block.h" +#include "core/transaction.h" #include "net.h" #include "pow.h" #include "script/script.h" @@ -23,6 +25,7 @@ #include "tinyformat.h" #include "txmempool.h" #include "uint256.h" +#include "undo.h" #include <algorithm> #include <exception> @@ -127,7 +130,6 @@ static const uint64_t nMinDiskSpace = 52428800; class CBlockTreeDB; -class CTxUndo; class CScriptCheck; class CValidationState; class CValidationInterface; diff --git a/src/miner.cpp b/src/miner.cpp index eefccfd641..0235de3ab3 100644 --- a/src/miner.cpp +++ b/src/miner.cpp @@ -5,7 +5,9 @@ #include "miner.h" -#include "core.h" +#include "amount.h" +#include "core/block.h" +#include "core/transaction.h" #include "hash.h" #include "main.h" #include "net.h" diff --git a/src/net.cpp b/src/net.cpp index 6cf64f51c3..6cccdca952 100644 --- a/src/net.cpp +++ b/src/net.cpp @@ -11,7 +11,7 @@ #include "addrman.h" #include "chainparams.h" -#include "core.h" +#include "core/transaction.h" #include "ui_interface.h" #ifdef WIN32 diff --git a/src/pow.cpp b/src/pow.cpp index 75fbfc6a6d..af7fc488ef 100644 --- a/src/pow.cpp +++ b/src/pow.cpp @@ -6,7 +6,7 @@ #include "pow.h" #include "chainparams.h" -#include "core.h" +#include "core/block.h" #include "main.h" #include "timedata.h" #include "uint256.h" diff --git a/src/qt/bitcoinunits.cpp b/src/qt/bitcoinunits.cpp index 423b559bf7..c85f569fd3 100644 --- a/src/qt/bitcoinunits.cpp +++ b/src/qt/bitcoinunits.cpp @@ -4,7 +4,7 @@ #include "bitcoinunits.h" -#include "core.h" +#include "core/transaction.h" #include <QStringList> diff --git a/src/qt/guiutil.cpp b/src/qt/guiutil.cpp index 91bb10755a..22a1f019e9 100644 --- a/src/qt/guiutil.cpp +++ b/src/qt/guiutil.cpp @@ -9,7 +9,7 @@ #include "qvalidatedlineedit.h" #include "walletmodel.h" -#include "core.h" +#include "core/transaction.h" #include "init.h" #include "main.h" #include "protocol.h" diff --git a/src/qt/optionsmodel.cpp b/src/qt/optionsmodel.cpp index 6db654dff7..c941ebd4ca 100644 --- a/src/qt/optionsmodel.cpp +++ b/src/qt/optionsmodel.cpp @@ -11,6 +11,7 @@ #include "bitcoinunits.h" #include "guiutil.h" +#include "amount.h" #include "init.h" #include "main.h" #include "net.h" diff --git a/src/rpcmining.cpp b/src/rpcmining.cpp index c767835a27..8af3c46348 100644 --- a/src/rpcmining.cpp +++ b/src/rpcmining.cpp @@ -3,6 +3,7 @@ // Distributed under the MIT/X11 software license, see the accompanying // file COPYING or http://www.opensource.org/licenses/mit-license.php. +#include "amount.h" #include "chainparams.h" #include "core_io.h" #include "init.h" diff --git a/src/rpcrawtransaction.cpp b/src/rpcrawtransaction.cpp index fdfcb59eeb..d3ce3b3191 100644 --- a/src/rpcrawtransaction.cpp +++ b/src/rpcrawtransaction.cpp @@ -4,7 +4,7 @@ // file COPYING or http://www.opensource.org/licenses/mit-license.php. #include "base58.h" -#include "core.h" +#include "core/transaction.h" #include "core_io.h" #include "init.h" #include "keystore.h" diff --git a/src/rpcwallet.cpp b/src/rpcwallet.cpp index 68bb4068b8..2728fb4fb3 100644 --- a/src/rpcwallet.cpp +++ b/src/rpcwallet.cpp @@ -3,6 +3,7 @@ // Distributed under the MIT/X11 software license, see the accompanying // file COPYING or http://www.opensource.org/licenses/mit-license.php. +#include "amount.h" #include "base58.h" #include "core_io.h" #include "rpcserver.h" diff --git a/src/script/interpreter.cpp b/src/script/interpreter.cpp index cd73b88210..3625972ebf 100644 --- a/src/script/interpreter.cpp +++ b/src/script/interpreter.cpp @@ -5,7 +5,7 @@ #include "interpreter.h" -#include "core.h" +#include "core/transaction.h" #include "crypto/ripemd160.h" #include "crypto/sha1.h" #include "crypto/sha2.h" @@ -157,6 +157,29 @@ bool static CheckPubKeyEncoding(const valtype &vchSig, unsigned int flags) { return true; } +bool static CheckMinimalPush(const valtype& data, opcodetype opcode) { + if (data.size() == 0) { + // Could have used OP_0. + return opcode == OP_0; + } else if (data.size() == 1 && data[0] >= 1 && data[0] <= 16) { + // Could have used OP_1 .. OP_16. + return opcode == OP_1 + (data[0] - 1); + } else if (data.size() == 1 && data[0] == 0x81) { + // Could have used OP_1NEGATE. + return opcode == OP_1NEGATE; + } else if (data.size() <= 75) { + // Could have used a direct push (opcode indicating number of bytes pushed + those bytes). + return opcode == data.size(); + } else if (data.size() <= 255) { + // Could have used OP_PUSHDATA. + return opcode == OP_PUSHDATA1; + } else if (data.size() <= 65535) { + // Could have used OP_PUSHDATA2. + return opcode == OP_PUSHDATA2; + } + return true; +} + bool EvalScript(vector<vector<unsigned char> >& stack, const CScript& script, unsigned int flags, const BaseSignatureChecker& checker) { CScript::const_iterator pc = script.begin(); @@ -169,6 +192,7 @@ bool EvalScript(vector<vector<unsigned char> >& stack, const CScript& script, un if (script.size() > 10000) return false; int nOpCount = 0; + bool fRequireMinimal = (flags & SCRIPT_VERIFY_MINIMALDATA) != 0; try { @@ -205,9 +229,12 @@ bool EvalScript(vector<vector<unsigned char> >& stack, const CScript& script, un opcode == OP_RSHIFT) return false; // Disabled opcodes. - if (fExec && 0 <= opcode && opcode <= OP_PUSHDATA4) + if (fExec && 0 <= opcode && opcode <= OP_PUSHDATA4) { + if (fRequireMinimal && !CheckMinimalPush(vchPushValue, opcode)) { + return false; + } stack.push_back(vchPushValue); - else if (fExec || (OP_IF <= opcode && opcode <= OP_ENDIF)) + } else if (fExec || (OP_IF <= opcode && opcode <= OP_ENDIF)) switch (opcode) { // @@ -234,6 +261,8 @@ bool EvalScript(vector<vector<unsigned char> >& stack, const CScript& script, un // ( -- value) CScriptNum bn((int)opcode - (int)(OP_1 - 1)); stack.push_back(bn.getvch()); + // The result of these opcodes should always be the minimal way to push the data + // they push, so no need for a CheckMinimalPush here. } break; @@ -458,7 +487,7 @@ bool EvalScript(vector<vector<unsigned char> >& stack, const CScript& script, un // (xn ... x2 x1 x0 n - ... x2 x1 x0 xn) if (stack.size() < 2) return false; - int n = CScriptNum(stacktop(-1)).getint(); + int n = CScriptNum(stacktop(-1), fRequireMinimal).getint(); popstack(stack); if (n < 0 || n >= (int)stack.size()) return false; @@ -557,7 +586,7 @@ bool EvalScript(vector<vector<unsigned char> >& stack, const CScript& script, un // (in -- out) if (stack.size() < 1) return false; - CScriptNum bn(stacktop(-1)); + CScriptNum bn(stacktop(-1), fRequireMinimal); switch (opcode) { case OP_1ADD: bn += bnOne; break; @@ -590,8 +619,8 @@ bool EvalScript(vector<vector<unsigned char> >& stack, const CScript& script, un // (x1 x2 -- out) if (stack.size() < 2) return false; - CScriptNum bn1(stacktop(-2)); - CScriptNum bn2(stacktop(-1)); + CScriptNum bn1(stacktop(-2), fRequireMinimal); + CScriptNum bn2(stacktop(-1), fRequireMinimal); CScriptNum bn(0); switch (opcode) { @@ -635,9 +664,9 @@ bool EvalScript(vector<vector<unsigned char> >& stack, const CScript& script, un // (x min max -- out) if (stack.size() < 3) return false; - CScriptNum bn1(stacktop(-3)); - CScriptNum bn2(stacktop(-2)); - CScriptNum bn3(stacktop(-1)); + CScriptNum bn1(stacktop(-3), fRequireMinimal); + CScriptNum bn2(stacktop(-2), fRequireMinimal); + CScriptNum bn3(stacktop(-1), fRequireMinimal); bool fValue = (bn2 <= bn1 && bn1 < bn3); popstack(stack); popstack(stack); @@ -727,7 +756,7 @@ bool EvalScript(vector<vector<unsigned char> >& stack, const CScript& script, un if ((int)stack.size() < i) return false; - int nKeysCount = CScriptNum(stacktop(-i)).getint(); + int nKeysCount = CScriptNum(stacktop(-i), fRequireMinimal).getint(); if (nKeysCount < 0 || nKeysCount > 20) return false; nOpCount += nKeysCount; @@ -738,7 +767,7 @@ bool EvalScript(vector<vector<unsigned char> >& stack, const CScript& script, un if ((int)stack.size() < i) return false; - int nSigsCount = CScriptNum(stacktop(-i)).getint(); + int nSigsCount = CScriptNum(stacktop(-i), fRequireMinimal).getint(); if (nSigsCount < 0 || nSigsCount > nKeysCount) return false; int isig = ++i; @@ -980,6 +1009,10 @@ bool SignatureChecker::CheckSig(const vector<unsigned char>& vchSigIn, const vec bool VerifyScript(const CScript& scriptSig, const CScript& scriptPubKey, unsigned int flags, const BaseSignatureChecker& checker) { + if ((flags & SCRIPT_VERIFY_SIGPUSHONLY) != 0 && !scriptSig.IsPushOnly()) { + return false; + } + vector<vector<unsigned char> > stack, stackCopy; if (!EvalScript(stack, scriptSig, flags, checker)) return false; diff --git a/src/script/interpreter.h b/src/script/interpreter.h index de5ce2ced1..5133c80aab 100644 --- a/src/script/interpreter.h +++ b/src/script/interpreter.h @@ -46,6 +46,16 @@ enum // verify dummy stack item consumed by CHECKMULTISIG is of zero-length (softfork safe, BIP62 rule 7). SCRIPT_VERIFY_NULLDUMMY = (1U << 4), + + // Using a non-push operator in the scriptSig causes script failure (softfork safe, BIP62 rule 2). + SCRIPT_VERIFY_SIGPUSHONLY = (1U << 5), + + // Require minimal encodings for all push operations (OP_0... OP_16, OP_1NEGATE where possible, direct + // pushes up to 75 bytes, OP_PUSHDATA up to 255 bytes, OP_PUSHDATA2 for anything larger). Evaluating + // any other push causes the script to fail (BIP62 rule 3). + // In addition, whenever a stack element is interpreted as a number, it must be of minimal length (BIP62 rule 4). + // (softfork safe) + SCRIPT_VERIFY_MINIMALDATA = (1U << 6) }; uint256 SignatureHash(const CScript &scriptCode, const CTransaction& txTo, unsigned int nIn, int nHashType); diff --git a/src/script/script.cpp b/src/script/script.cpp index 3e19d0c2bf..b879d72d6b 100644 --- a/src/script/script.cpp +++ b/src/script/script.cpp @@ -12,7 +12,7 @@ namespace { inline std::string ValueString(const std::vector<unsigned char>& vch) { if (vch.size() <= 4) - return strprintf("%d", CScriptNum(vch).getint()); + return strprintf("%d", CScriptNum(vch, false).getint()); else return HexStr(vch); } @@ -230,7 +230,7 @@ bool CScript::IsPushOnly() const return false; // Note that IsPushOnly() *does* consider OP_RESERVED to be a // push-type opcode, however execution of OP_RESERVED fails, so - // it's not relevant to P2SH as the scriptSig would fail prior to + // it's not relevant to P2SH/BIP62 as the scriptSig would fail prior to // the P2SH special validation code being executed. if (opcode > OP_16) return false; @@ -238,33 +238,6 @@ bool CScript::IsPushOnly() const return true; } -bool CScript::HasCanonicalPushes() const -{ - const_iterator pc = begin(); - while (pc < end()) - { - opcodetype opcode; - std::vector<unsigned char> data; - if (!GetOp(pc, opcode, data)) - return false; - if (opcode > OP_16) - continue; - if (opcode < OP_PUSHDATA1 && opcode > OP_0 && (data.size() == 1 && data[0] <= 16)) - // Could have used an OP_n code, rather than a 1-byte push. - return false; - if (opcode == OP_PUSHDATA1 && data.size() < OP_PUSHDATA1) - // Could have used a normal n-byte push, rather than OP_PUSHDATA1. - return false; - if (opcode == OP_PUSHDATA2 && data.size() <= 0xFF) - // Could have used an OP_PUSHDATA1. - return false; - if (opcode == OP_PUSHDATA4 && data.size() <= 0xFFFF) - // Could have used an OP_PUSHDATA2. - return false; - } - return true; -} - std::string CScript::ToString() const { std::string str; diff --git a/src/script/script.h b/src/script/script.h index d450db5cad..05f2e7e3a9 100644 --- a/src/script/script.h +++ b/src/script/script.h @@ -192,10 +192,29 @@ public: m_value = n; } - explicit CScriptNum(const std::vector<unsigned char>& vch) + explicit CScriptNum(const std::vector<unsigned char>& vch, bool fRequireMinimal) { - if (vch.size() > nMaxNumSize) - throw scriptnum_error("CScriptNum(const std::vector<unsigned char>&) : overflow"); + if (vch.size() > nMaxNumSize) { + throw scriptnum_error("script number overflow"); + } + if (fRequireMinimal && vch.size() > 0) { + // Check that the number is encoded with the minimum possible + // number of bytes. + // + // If the most-significant-byte - excluding the sign bit - is zero + // then we're not minimal. Note how this test also rejects the + // negative-zero encoding, 0x80. + if ((vch.back() & 0x7f) == 0) { + // One exception: if there's more than one byte and the most + // significant bit of the second-most-significant-byte is set + // it would conflict with the sign bit. An example of this case + // is +-255, which encode to 0xff00 and 0xff80 respectively. + // (big-endian). + if (vch.size() <= 1 || (vch[vch.size() - 2] & 0x80) == 0) { + throw scriptnum_error("non-minimally encoded script number"); + } + } + } m_value = set_vch(vch); } @@ -319,7 +338,6 @@ private: int64_t m_value; }; - /** Serialized script, used inside transaction inputs and outputs */ class CScript : public std::vector<unsigned char> { @@ -330,6 +348,10 @@ protected: { push_back(n + (OP_1 - 1)); } + else if (n == 0) + { + push_back(OP_0); + } else { *this << CScriptNum::serialize(n); @@ -551,12 +573,9 @@ public: bool IsPayToScriptHash() const; - // Called by IsStandardTx and P2SH VerifyScript (which makes it consensus-critical). + // Called by IsStandardTx and P2SH/BIP62 VerifyScript (which makes it consensus-critical). bool IsPushOnly() const; - // Called by IsStandardTx. - bool HasCanonicalPushes() const; - // Returns whether the script is guaranteed to fail at execution, // regardless of the initial stack. This allows outputs to be pruned // instantly when entering the UTXO set. diff --git a/src/script/sign.cpp b/src/script/sign.cpp index bf98c40394..0eab0626e5 100644 --- a/src/script/sign.cpp +++ b/src/script/sign.cpp @@ -5,7 +5,7 @@ #include "script/sign.h" -#include "core.h" +#include "core/transaction.h" #include "key.h" #include "keystore.h" #include "script/standard.h" diff --git a/src/script/standard.h b/src/script/standard.h index 961b214c89..248b941a64 100644 --- a/src/script/standard.h +++ b/src/script/standard.h @@ -41,6 +41,7 @@ static const unsigned int MANDATORY_SCRIPT_VERIFY_FLAGS = SCRIPT_VERIFY_P2SH; // blocks and we must accept those blocks. static const unsigned int STANDARD_SCRIPT_VERIFY_FLAGS = MANDATORY_SCRIPT_VERIFY_FLAGS | SCRIPT_VERIFY_STRICTENC | + SCRIPT_VERIFY_MINIMALDATA | SCRIPT_VERIFY_NULLDUMMY; // For convenience, standard but not mandatory verify flags. diff --git a/src/test/compress_tests.cpp b/src/test/compress_tests.cpp index 719955ba85..bf404cf0cf 100644 --- a/src/test/compress_tests.cpp +++ b/src/test/compress_tests.cpp @@ -2,7 +2,7 @@ // Distributed under the MIT/X11 software license, see the accompanying // file COPYING or http://www.opensource.org/licenses/mit-license.php. -#include "main.h" +#include "compressor.h" #include "util.h" #include <stdint.h> diff --git a/src/test/data/script_invalid.json b/src/test/data/script_invalid.json index b6447cb221..6f451a36ee 100644 --- a/src/test/data/script_invalid.json +++ b/src/test/data/script_invalid.json @@ -384,6 +384,101 @@ nSequences are max. ["0x00", "'00' EQUAL", "P2SH,STRICTENC", "Basic OP_0 execution"], +["MINIMALDATA enforcement for PUSHDATAs"], + +["0x4c 0x00", "DROP 1", "MINIMALDATA", "Empty vector minimally represented by OP_0"], +["0x01 0x81", "DROP 1", "MINIMALDATA", "-1 minimally represented by OP_1NEGATE"], +["0x01 0x01", "DROP 1", "MINIMALDATA", "1 to 16 minimally represented by OP_1 to OP_16"], +["0x01 0x02", "DROP 1", "MINIMALDATA"], +["0x01 0x03", "DROP 1", "MINIMALDATA"], +["0x01 0x04", "DROP 1", "MINIMALDATA"], +["0x01 0x05", "DROP 1", "MINIMALDATA"], +["0x01 0x06", "DROP 1", "MINIMALDATA"], +["0x01 0x07", "DROP 1", "MINIMALDATA"], +["0x01 0x08", "DROP 1", "MINIMALDATA"], +["0x01 0x09", "DROP 1", "MINIMALDATA"], +["0x01 0x0a", "DROP 1", "MINIMALDATA"], +["0x01 0x0b", "DROP 1", "MINIMALDATA"], +["0x01 0x0c", "DROP 1", "MINIMALDATA"], +["0x01 0x0d", "DROP 1", "MINIMALDATA"], +["0x01 0x0e", "DROP 1", "MINIMALDATA"], +["0x01 0x0f", "DROP 1", "MINIMALDATA"], +["0x01 0x10", "DROP 1", "MINIMALDATA"], + +["0x4c 0x48 0x111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111", "DROP 1", "MINIMALDATA", + "PUSHDATA1 of 72 bytes minimally represented by direct push"], + +["0x4d 0xFF00 0x111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111", "DROP 1", "MINIMALDATA", + "PUSHDATA2 of 255 bytes minimally represented by PUSHDATA1"], + +["0x4f 0x00100000 0x11111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111", "DROP 1", "MINIMALDATA", + "PUSHDATA4 of 256 bytes minimally represented by PUSHDATA2"], + + +["MINIMALDATA enforcement for numeric arguments"], + +["0x01 0x00", "NOT DROP 1", "MINIMALDATA", "numequals 0"], +["0x02 0x0000", "NOT DROP 1", "MINIMALDATA", "numequals 0"], +["0x01 0x80", "NOT DROP 1", "MINIMALDATA", "0x80 (negative zero) numequals 0"], +["0x02 0x0080", "NOT DROP 1", "MINIMALDATA", "numequals 0"], +["0x02 0x0500", "NOT DROP 1", "MINIMALDATA", "numequals 5"], +["0x03 0x050000", "NOT DROP 1", "MINIMALDATA", "numequals 5"], +["0x02 0x0580", "NOT DROP 1", "MINIMALDATA", "numequals -5"], +["0x03 0x050080", "NOT DROP 1", "MINIMALDATA", "numequals -5"], +["0x03 0xff7f80", "NOT DROP 1", "MINIMALDATA", "Minimal encoding is 0xffff"], +["0x03 0xff7f00", "NOT DROP 1", "MINIMALDATA", "Minimal encoding is 0xff7f"], +["0x04 0xffff7f80", "NOT DROP 1", "MINIMALDATA", "Minimal encoding is 0xffffff"], +["0x04 0xffff7f00", "NOT DROP 1", "MINIMALDATA", "Minimal encoding is 0xffff7f"], + +["Test every numeric-accepting opcode for correct handling of the numeric minimal encoding rule"], + +["1 0x02 0x0000", "PICK DROP", "MINIMALDATA"], +["1 0x02 0x0000", "ROLL DROP 1", "MINIMALDATA"], +["0x02 0x0000", "1ADD DROP 1", "MINIMALDATA"], +["0x02 0x0000", "1SUB DROP 1", "MINIMALDATA"], +["0x02 0x0000", "NEGATE DROP 1", "MINIMALDATA"], +["0x02 0x0000", "ABS DROP 1", "MINIMALDATA"], +["0x02 0x0000", "NOT DROP 1", "MINIMALDATA"], +["0x02 0x0000", "0NOTEQUAL DROP 1", "MINIMALDATA"], + +["0 0x02 0x0000", "ADD DROP 1", "MINIMALDATA"], +["0x02 0x0000 0", "ADD DROP 1", "MINIMALDATA"], +["0 0x02 0x0000", "SUB DROP 1", "MINIMALDATA"], +["0x02 0x0000 0", "SUB DROP 1", "MINIMALDATA"], +["0 0x02 0x0000", "BOOLAND DROP 1", "MINIMALDATA"], +["0x02 0x0000 0", "BOOLAND DROP 1", "MINIMALDATA"], +["0 0x02 0x0000", "BOOLOR DROP 1", "MINIMALDATA"], +["0x02 0x0000 0", "BOOLOR DROP 1", "MINIMALDATA"], +["0 0x02 0x0000", "NUMEQUAL DROP 1", "MINIMALDATA"], +["0x02 0x0000 1", "NUMEQUAL DROP 1", "MINIMALDATA"], +["0 0x02 0x0000", "NUMEQUALVERIFY 1", "MINIMALDATA"], +["0x02 0x0000 0", "NUMEQUALVERIFY 1", "MINIMALDATA"], +["0 0x02 0x0000", "NUMNOTEQUAL DROP 1", "MINIMALDATA"], +["0x02 0x0000 0", "NUMNOTEQUAL DROP 1", "MINIMALDATA"], +["0 0x02 0x0000", "LESSTHAN DROP 1", "MINIMALDATA"], +["0x02 0x0000 0", "LESSTHAN DROP 1", "MINIMALDATA"], +["0 0x02 0x0000", "GREATERTHAN DROP 1", "MINIMALDATA"], +["0x02 0x0000 0", "GREATERTHAN DROP 1", "MINIMALDATA"], +["0 0x02 0x0000", "LESSTHANOREQUAL DROP 1", "MINIMALDATA"], +["0x02 0x0000 0", "LESSTHANOREQUAL DROP 1", "MINIMALDATA"], +["0 0x02 0x0000", "GREATERTHANOREQUAL DROP 1", "MINIMALDATA"], +["0x02 0x0000 0", "GREATERTHANOREQUAL DROP 1", "MINIMALDATA"], +["0 0x02 0x0000", "MIN DROP 1", "MINIMALDATA"], +["0x02 0x0000 0", "MIN DROP 1", "MINIMALDATA"], +["0 0x02 0x0000", "MAX DROP 1", "MINIMALDATA"], +["0x02 0x0000 0", "MAX DROP 1", "MINIMALDATA"], + +["0x02 0x0000 0 0", "WITHIN DROP 1", "MINIMALDATA"], +["0 0x02 0x0000 0", "WITHIN DROP 1", "MINIMALDATA"], +["0 0 0x02 0x0000", "WITHIN DROP 1", "MINIMALDATA"], + +["0 0 0x02 0x0000", "CHECKMULTISIG DROP 1", "MINIMALDATA"], +["0 0x02 0x0000 0", "CHECKMULTISIG DROP 1", "MINIMALDATA"], +["0 0x02 0x0000 0 1", "CHECKMULTISIG DROP 1", "MINIMALDATA"], +["0 0 0x02 0x0000", "CHECKMULTISIGVERIFY 1", "MINIMALDATA"], +["0 0x02 0x0000 0", "CHECKMULTISIGVERIFY 1", "MINIMALDATA"], + + [ "0x47 0x30440220304eff7556bba9560df47873275e64db45f3cd735998ce3f00d2e57b1bb5f31302205c0c9d14b8b80d43e2ac9b87532f1af6d8a3271262bc694ec4e14068392bb0a001", "0x41 0x0479be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8 CHECKSIG", @@ -504,6 +599,24 @@ nSequences are max. "NULLDUMMY", "3-of-3 NOT with invalid sig with nonzero dummy" ], +[ + "0 0x47 0x3044022035341cc377b19138f944f90c45772cb06338c6d56a4c0c31a65bf1a8a105fadc022046dd232850b6bacb25879c9da82a7a628982aa19d055f1753468f68047662e0301 DUP", + "2 0x21 0x038282263212c609d9ea2a6e3e172de238d8c39cabd5ac1ca10646e23fd5f51508 0x21 0x038282263212c609d9ea2a6e3e172de238d8c39cabd5ac1ca10646e23fd5f51508 2 CHECKMULTISIG", + "SIGPUSHONLY", + "2-of-2 with two identical keys and sigs pushed using OP_DUP" +], +[ + "0x47 0x304402204d8b99eea2f53382fd67e0dbc8ed0596bd614aa0dad6bc6843c7860c79b901c3022062f022a71993013e3d9b22302a8e4b40109d7bb057aeb250b9aab2197b3e96b801 0x23 0x2103363d90d447b00c9c99ceac05b6262ee053441c7e55552ffe526bad8f83ff4640ac", + "0x21 0x03363d90d447b00c9c99ceac05b6262ee053441c7e55552ffe526bad8f83ff4640 CHECKSIG", + "", + "P2SH(P2PK) with non-push scriptSig but no SIGPUSHONLY" +], +[ + "0x47 0x30440220078c887c33abc67fbbd827ceb3f661c1c459e78218161b652f23e3ca76cfabbd022047df245eacb8a88d8c5ca7b5228e3b4d070c102d2f542433362d3f443cd24eda01 0x23 0x2103363d90d447b00c9c99ceac05b6262ee053441c7e55552ffe526bad8f83ff4640ac", + "0x21 0x03363d90d447b00c9c99ceac05b6262ee053441c7e55552ffe526bad8f83ff4640 CHECKSIG", + "SIGPUSHONLY", + "P2SH(P2PK) with non-push scriptSig" +], ["The End"] ] diff --git a/src/test/data/script_valid.json b/src/test/data/script_valid.json index 88bec7238c..439c82ef32 100644 --- a/src/test/data/script_valid.json +++ b/src/test/data/script_valid.json @@ -527,8 +527,139 @@ nSequences are max. "P2SH,STRICTENC", "Basic PUSHDATA1 signedness check"], +["all PUSHDATA forms are equivalent"], + +["0x4c 0x4b 0x111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111", "0x4b 0x111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111 EQUAL", "", "PUSHDATA1 of 75 bytes equals direct push of it"], +["0x4d 0xFF00 0x111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111", "0x4c 0xFF 0x111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111 EQUAL", "", "PUSHDATA2 of 255 bytes equals PUSHDATA1 of it"], + ["0x00", "SIZE 0 EQUAL", "P2SH,STRICTENC", "Basic OP_0 execution"], +["Numeric pushes"], + +["0x01 0x81", "0x4f EQUAL", "", "OP1_NEGATE pushes 0x81"], +["0x01 0x01", "0x51 EQUAL", "", "OP_1 pushes 0x01"], +["0x01 0x02", "0x52 EQUAL", "", "OP_2 pushes 0x02"], +["0x01 0x03", "0x53 EQUAL", "", "OP_3 pushes 0x03"], +["0x01 0x04", "0x54 EQUAL", "", "OP_4 pushes 0x04"], +["0x01 0x05", "0x55 EQUAL", "", "OP_5 pushes 0x05"], +["0x01 0x06", "0x56 EQUAL", "", "OP_6 pushes 0x06"], +["0x01 0x07", "0x57 EQUAL", "", "OP_7 pushes 0x07"], +["0x01 0x08", "0x58 EQUAL", "", "OP_8 pushes 0x08"], +["0x01 0x09", "0x59 EQUAL", "", "OP_9 pushes 0x09"], +["0x01 0x0a", "0x5a EQUAL", "", "OP_10 pushes 0x0a"], +["0x01 0x0b", "0x5b EQUAL", "", "OP_11 pushes 0x0b"], +["0x01 0x0c", "0x5c EQUAL", "", "OP_12 pushes 0x0c"], +["0x01 0x0d", "0x5d EQUAL", "", "OP_13 pushes 0x0d"], +["0x01 0x0e", "0x5e EQUAL", "", "OP_14 pushes 0x0e"], +["0x01 0x0f", "0x5f EQUAL", "", "OP_15 pushes 0x0f"], +["0x01 0x10", "0x60 EQUAL", "", "OP_16 pushes 0x10"], + +["Equivalency of different numeric encodings"], + +["0x02 0x8000", "128 NUMEQUAL", "", "0x8000 equals 128"], +["0x01 0x00", "0 NUMEQUAL", "", "0x00 numequals 0"], +["0x01 0x80", "0 NUMEQUAL", "", "0x80 (negative zero) numequals 0"], +["0x02 0x0080", "0 NUMEQUAL", "", "0x0080 numequals 0"], +["0x02 0x0500", "5 NUMEQUAL", "", "0x0500 numequals 5"], +["0x03 0xff7f80", "0x02 0xffff NUMEQUAL", "", ""], +["0x03 0xff7f00", "0x02 0xff7f NUMEQUAL", "", ""], +["0x04 0xffff7f80", "0x03 0xffffff NUMEQUAL", "", ""], +["0x04 0xffff7f00", "0x03 0xffff7f NUMEQUAL", "", ""], + +["Unevaluated non-minimal pushes are ignored"], + +["0 IF 0x4c 0x00 ENDIF 1", "", "MINIMALDATA", "non-minimal PUSHDATA1 ignored"], +["0 IF 0x4d 0x0000 ENDIF 1", "", "MINIMALDATA", "non-minimal PUSHDATA2 ignored"], +["0 IF 0x4c 0x00000000 ENDIF 1", "", "MINIMALDATA", "non-minimal PUSHDATA4 ignored"], +["0 IF 0x01 0x81 ENDIF 1", "", "MINIMALDATA", "1NEGATE equiv"], +["0 IF 0x01 0x01 ENDIF 1", "", "MINIMALDATA", "OP_1 equiv"], +["0 IF 0x01 0x02 ENDIF 1", "", "MINIMALDATA", "OP_2 equiv"], +["0 IF 0x01 0x03 ENDIF 1", "", "MINIMALDATA", "OP_3 equiv"], +["0 IF 0x01 0x04 ENDIF 1", "", "MINIMALDATA", "OP_4 equiv"], +["0 IF 0x01 0x05 ENDIF 1", "", "MINIMALDATA", "OP_5 equiv"], +["0 IF 0x01 0x06 ENDIF 1", "", "MINIMALDATA", "OP_6 equiv"], +["0 IF 0x01 0x07 ENDIF 1", "", "MINIMALDATA", "OP_7 equiv"], +["0 IF 0x01 0x08 ENDIF 1", "", "MINIMALDATA", "OP_8 equiv"], +["0 IF 0x01 0x09 ENDIF 1", "", "MINIMALDATA", "OP_9 equiv"], +["0 IF 0x01 0x0a ENDIF 1", "", "MINIMALDATA", "OP_10 equiv"], +["0 IF 0x01 0x0b ENDIF 1", "", "MINIMALDATA", "OP_11 equiv"], +["0 IF 0x01 0x0c ENDIF 1", "", "MINIMALDATA", "OP_12 equiv"], +["0 IF 0x01 0x0d ENDIF 1", "", "MINIMALDATA", "OP_13 equiv"], +["0 IF 0x01 0x0e ENDIF 1", "", "MINIMALDATA", "OP_14 equiv"], +["0 IF 0x01 0x0f ENDIF 1", "", "MINIMALDATA", "OP_15 equiv"], +["0 IF 0x01 0x10 ENDIF 1", "", "MINIMALDATA", "OP_16 equiv"], + +["Numeric minimaldata rules are only applied when a stack item is numerically evaluated; the push itself is allowed"], + +["0x01 0x00", "1", "MINIMALDATA"], +["0x01 0x80", "1", "MINIMALDATA"], +["0x02 0x0180", "1", "MINIMALDATA"], +["0x02 0x0100", "1", "MINIMALDATA"], +["0x02 0x0200", "1", "MINIMALDATA"], +["0x02 0x0300", "1", "MINIMALDATA"], +["0x02 0x0400", "1", "MINIMALDATA"], +["0x02 0x0500", "1", "MINIMALDATA"], +["0x02 0x0600", "1", "MINIMALDATA"], +["0x02 0x0700", "1", "MINIMALDATA"], +["0x02 0x0800", "1", "MINIMALDATA"], +["0x02 0x0900", "1", "MINIMALDATA"], +["0x02 0x0a00", "1", "MINIMALDATA"], +["0x02 0x0b00", "1", "MINIMALDATA"], +["0x02 0x0c00", "1", "MINIMALDATA"], +["0x02 0x0d00", "1", "MINIMALDATA"], +["0x02 0x0e00", "1", "MINIMALDATA"], +["0x02 0x0f00", "1", "MINIMALDATA"], +["0x02 0x1000", "1", "MINIMALDATA"], + +["Valid version of the 'Test every numeric-accepting opcode for correct handling of the numeric minimal encoding rule' script_invalid test"], + +["1 0x02 0x0000", "PICK DROP", ""], +["1 0x02 0x0000", "ROLL DROP 1", ""], +["0x02 0x0000", "1ADD DROP 1", ""], +["0x02 0x0000", "1SUB DROP 1", ""], +["0x02 0x0000", "NEGATE DROP 1", ""], +["0x02 0x0000", "ABS DROP 1", ""], +["0x02 0x0000", "NOT DROP 1", ""], +["0x02 0x0000", "0NOTEQUAL DROP 1", ""], + +["0 0x02 0x0000", "ADD DROP 1", ""], +["0x02 0x0000 0", "ADD DROP 1", ""], +["0 0x02 0x0000", "SUB DROP 1", ""], +["0x02 0x0000 0", "SUB DROP 1", ""], +["0 0x02 0x0000", "BOOLAND DROP 1", ""], +["0x02 0x0000 0", "BOOLAND DROP 1", ""], +["0 0x02 0x0000", "BOOLOR DROP 1", ""], +["0x02 0x0000 0", "BOOLOR DROP 1", ""], +["0 0x02 0x0000", "NUMEQUAL DROP 1", ""], +["0x02 0x0000 1", "NUMEQUAL DROP 1", ""], +["0 0x02 0x0000", "NUMEQUALVERIFY 1", ""], +["0x02 0x0000 0", "NUMEQUALVERIFY 1", ""], +["0 0x02 0x0000", "NUMNOTEQUAL DROP 1", ""], +["0x02 0x0000 0", "NUMNOTEQUAL DROP 1", ""], +["0 0x02 0x0000", "LESSTHAN DROP 1", ""], +["0x02 0x0000 0", "LESSTHAN DROP 1", ""], +["0 0x02 0x0000", "GREATERTHAN DROP 1", ""], +["0x02 0x0000 0", "GREATERTHAN DROP 1", ""], +["0 0x02 0x0000", "LESSTHANOREQUAL DROP 1", ""], +["0x02 0x0000 0", "LESSTHANOREQUAL DROP 1", ""], +["0 0x02 0x0000", "GREATERTHANOREQUAL DROP 1", ""], +["0x02 0x0000 0", "GREATERTHANOREQUAL DROP 1", ""], +["0 0x02 0x0000", "MIN DROP 1", ""], +["0x02 0x0000 0", "MIN DROP 1", ""], +["0 0x02 0x0000", "MAX DROP 1", ""], +["0x02 0x0000 0", "MAX DROP 1", ""], + +["0x02 0x0000 0 0", "WITHIN DROP 1", ""], +["0 0x02 0x0000 0", "WITHIN DROP 1", ""], +["0 0 0x02 0x0000", "WITHIN DROP 1", ""], + +["0 0 0x02 0x0000", "CHECKMULTISIG DROP 1", ""], +["0 0x02 0x0000 0", "CHECKMULTISIG DROP 1", ""], +["0 0x02 0x0000 0 1", "CHECKMULTISIG DROP 1", ""], +["0 0 0x02 0x0000", "CHECKMULTISIGVERIFY 1", ""], +["0 0x02 0x0000 0", "CHECKMULTISIGVERIFY 1", ""], + + [ "0x47 0x3044022007415aa37ce7eaa6146001ac8bdefca0ddcba0e37c5dc08c4ac99392124ebac802207d382307fd53f65778b07b9c63b6e196edeadf0be719130c5db21ff1e700d67501", "0x41 0x0479be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8 CHECKSIG", @@ -638,17 +769,29 @@ nSequences are max. "P2PK NOT with invalid sig and undefined hashtype but no STRICTENC" ], [ - "0x01 0x01 0x47 0x3044022046ce33d1771b0127dd4c4cef8fdc3218ebdfa60e3793ed700292d8ebd93fb1f402201029d47a414db83e96e31443c2d8b552f971469c4800f5eff7df2f0648521aed01 0x47 0x304402205c53911ad55b054920043962bbda98cf6e57e2db1cd5611138251490baabaa8702201dc80dfceae6007e7772dc13ff6e7ca66a983cb017fe5d46d30118462d83bcf801 0x47 0x304402201937e44a4ec12364f9d32f9d25e7ecbc68aee9ef90069af80efef4c05f6ace9602206c515101c00c75710b32ff7ff8dbaf7c9a0be6e86ed14a0755b47626604f31fd01", + "1 0x47 0x3044022046ce33d1771b0127dd4c4cef8fdc3218ebdfa60e3793ed700292d8ebd93fb1f402201029d47a414db83e96e31443c2d8b552f971469c4800f5eff7df2f0648521aed01 0x47 0x304402205c53911ad55b054920043962bbda98cf6e57e2db1cd5611138251490baabaa8702201dc80dfceae6007e7772dc13ff6e7ca66a983cb017fe5d46d30118462d83bcf801 0x47 0x304402201937e44a4ec12364f9d32f9d25e7ecbc68aee9ef90069af80efef4c05f6ace9602206c515101c00c75710b32ff7ff8dbaf7c9a0be6e86ed14a0755b47626604f31fd01", "3 0x21 0x0279be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798 0x21 0x038282263212c609d9ea2a6e3e172de238d8c39cabd5ac1ca10646e23fd5f51508 0x21 0x03363d90d447b00c9c99ceac05b6262ee053441c7e55552ffe526bad8f83ff4640 3 CHECKMULTISIG", "", "3-of-3 with nonzero dummy but no NULLDUMMY" ], [ - "0x01 0x01 0x47 0x30440220195038dbc6b2ae1199f86a6777824f7c5149789d85f655a3534a4422b8fba38c02204df9db87d2eb9fe06edc66870d9ac4c9ce673459f9d43cee0347ce4ffb02ee5a01 0x47 0x3044022010a45f30c6fa97a186eba9e6b595ab87d3dfcbf05dcaf1f1b8e3e7bf39515bb802203474e78d3d372e5f5c0f8c257ce8300c4bb8f37c51d4a894e11a91b5817da6ed01 0x47 0x30440220039cffd8e39850f95112662b1220b14b3c0d3d8a2772e13c947bfbf96345a64e02204154bfa77e2c0134d5434353bed82141e5da1cc479954aa288d5f0671480a04b01", + "1 0x47 0x30440220195038dbc6b2ae1199f86a6777824f7c5149789d85f655a3534a4422b8fba38c02204df9db87d2eb9fe06edc66870d9ac4c9ce673459f9d43cee0347ce4ffb02ee5a01 0x47 0x3044022010a45f30c6fa97a186eba9e6b595ab87d3dfcbf05dcaf1f1b8e3e7bf39515bb802203474e78d3d372e5f5c0f8c257ce8300c4bb8f37c51d4a894e11a91b5817da6ed01 0x47 0x30440220039cffd8e39850f95112662b1220b14b3c0d3d8a2772e13c947bfbf96345a64e02204154bfa77e2c0134d5434353bed82141e5da1cc479954aa288d5f0671480a04b01", "3 0x21 0x0279be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798 0x21 0x038282263212c609d9ea2a6e3e172de238d8c39cabd5ac1ca10646e23fd5f51508 0x21 0x03363d90d447b00c9c99ceac05b6262ee053441c7e55552ffe526bad8f83ff4640 3 CHECKMULTISIG NOT", "", "3-of-3 NOT with invalid sig and nonzero dummy but no NULLDUMMY" ], +[ + "0 0x47 0x3044022002a27769ee33db258bdf7a3792e7da4143ec4001b551f73e6a190b8d1bde449d02206742c56ccd94a7a2e16ca52fc1ae4a0aa122b0014a867a80de104f9cb18e472c01 DUP", + "2 0x21 0x038282263212c609d9ea2a6e3e172de238d8c39cabd5ac1ca10646e23fd5f51508 0x21 0x038282263212c609d9ea2a6e3e172de238d8c39cabd5ac1ca10646e23fd5f51508 2 CHECKMULTISIG", + "", + "2-of-2 with two identical keys and sigs pushed using OP_DUP but no SIGPUSHONLY" +], +[ + "0 0x47 0x304402203acf75dd59bbef171aeeedae4f1020b824195820db82575c2b323b8899f95de9022067df297d3a5fad049ba0bb81255d0e495643cbcf9abae9e396988618bc0c6dfe01 0x47 0x304402205f8b859230c1cab7d4e8de38ff244d2ebe046b64e8d3f4219b01e483c203490a022071bdc488e31b557f7d9e5c8a8bec90dc92289ca70fa317685f4f140e38b30c4601", + "2 0x21 0x038282263212c609d9ea2a6e3e172de238d8c39cabd5ac1ca10646e23fd5f51508 0x21 0x038282263212c609d9ea2a6e3e172de238d8c39cabd5ac1ca10646e23fd5f51508 2 CHECKMULTISIG", + "SIGPUSHONLY", + "2-of-2 with two identical keys and sigs pushed" +], ["The End"] ] diff --git a/src/test/main_tests.cpp b/src/test/main_tests.cpp index 70a800af51..78c4181409 100644 --- a/src/test/main_tests.cpp +++ b/src/test/main_tests.cpp @@ -2,7 +2,7 @@ // Distributed under the MIT/X11 software license, see the accompanying // file COPYING or http://www.opensource.org/licenses/mit-license.php. -#include "core.h" +#include "core/transaction.h" #include "main.h" #include <boost/test/unit_test.hpp> diff --git a/src/test/script_tests.cpp b/src/test/script_tests.cpp index d3fc673a79..a41552fea1 100644 --- a/src/test/script_tests.cpp +++ b/src/test/script_tests.cpp @@ -1,5 +1,5 @@ -// Copyright (c) 2011-2013 The Bitcoin Core developers -// Distributed under the MIT/X11 software license, see the accompanying +// Copyright (c) 2011-2014 The Bitcoin Core developers +// Distributed under the MIT software license, see the accompanying // file COPYING or http://www.opensource.org/licenses/mit-license.php. #include "data/script_invalid.json.h" @@ -171,13 +171,15 @@ public: TestBuilder& Add(const CScript& script) { + DoPush(); spendTx.vin[0].scriptSig += script; return *this; } TestBuilder& Num(int num) { - spendTx.vin[0].scriptSig << CScriptNum(num); + DoPush(); + spendTx.vin[0].scriptSig << num; return *this; } @@ -402,6 +404,23 @@ BOOST_AUTO_TEST_CASE(script_build) "3-of-3 NOT with invalid sig with nonzero dummy", SCRIPT_VERIFY_NULLDUMMY ).Num(1).PushSig(keys.key0).PushSig(keys.key1).PushSig(keys.key2).DamagePush(10)); + good.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey1C) << OP_2 << OP_CHECKMULTISIG, + "2-of-2 with two identical keys and sigs pushed using OP_DUP but no SIGPUSHONLY", 0 + ).Num(0).PushSig(keys.key1).Add(CScript() << OP_DUP)); + bad.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey1C) << OP_2 << OP_CHECKMULTISIG, + "2-of-2 with two identical keys and sigs pushed using OP_DUP", SCRIPT_VERIFY_SIGPUSHONLY + ).Num(0).PushSig(keys.key1).Add(CScript() << OP_DUP)); + bad.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG, + "P2SH(P2PK) with non-push scriptSig but no SIGPUSHONLY", 0 + ).PushSig(keys.key2).PushRedeem()); + bad.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG, + "P2SH(P2PK) with non-push scriptSig", SCRIPT_VERIFY_SIGPUSHONLY + ).PushSig(keys.key2).PushRedeem()); + good.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey1C) << OP_2 << OP_CHECKMULTISIG, + "2-of-2 with two identical keys and sigs pushed", SCRIPT_VERIFY_SIGPUSHONLY + ).Num(0).PushSig(keys.key1).PushSig(keys.key1)); + + std::map<std::string, Array> tests_good; std::map<std::string, Array> tests_bad; @@ -769,19 +788,19 @@ BOOST_AUTO_TEST_CASE(script_combineSigs) BOOST_AUTO_TEST_CASE(script_standard_push) { - for (int i=0; i<1000; i++) { + for (int i=0; i<67000; i++) { CScript script; script << i; BOOST_CHECK_MESSAGE(script.IsPushOnly(), "Number " << i << " is not pure push."); - BOOST_CHECK_MESSAGE(script.HasCanonicalPushes(), "Number " << i << " push is not canonical."); + BOOST_CHECK_MESSAGE(VerifyScript(script, CScript() << OP_1, SCRIPT_VERIFY_MINIMALDATA, BaseSignatureChecker()), "Number " << i << " push is not minimal data."); } - for (int i=0; i<1000; i++) { + for (unsigned int i=0; i<=MAX_SCRIPT_ELEMENT_SIZE; i++) { std::vector<unsigned char> data(i, '\111'); CScript script; script << data; BOOST_CHECK_MESSAGE(script.IsPushOnly(), "Length " << i << " is not pure push."); - BOOST_CHECK_MESSAGE(script.HasCanonicalPushes(), "Length " << i << " push is not canonical."); + BOOST_CHECK_MESSAGE(VerifyScript(script, CScript() << OP_1, SCRIPT_VERIFY_MINIMALDATA, BaseSignatureChecker()), "Length " << i << " push is not minimal data."); } } diff --git a/src/test/scriptnum_tests.cpp b/src/test/scriptnum_tests.cpp index ac60fa426f..5621e12729 100644 --- a/src/test/scriptnum_tests.cpp +++ b/src/test/scriptnum_tests.cpp @@ -25,11 +25,11 @@ static void CheckCreateVch(const int64_t& num) BOOST_CHECK(verify(bignum, scriptnum)); CBigNum bignum2(bignum.getvch()); - CScriptNum scriptnum2(scriptnum.getvch()); + CScriptNum scriptnum2(scriptnum.getvch(), false); BOOST_CHECK(verify(bignum2, scriptnum2)); CBigNum bignum3(scriptnum2.getvch()); - CScriptNum scriptnum3(bignum2.getvch()); + CScriptNum scriptnum3(bignum2.getvch(), false); BOOST_CHECK(verify(bignum3, scriptnum3)); } diff --git a/src/test/transaction_tests.cpp b/src/test/transaction_tests.cpp index 41ccaaac94..c46c31e99f 100644 --- a/src/test/transaction_tests.cpp +++ b/src/test/transaction_tests.cpp @@ -33,6 +33,8 @@ static std::map<string, unsigned int> mapFlagNames = boost::assign::map_list_of (string("STRICTENC"), (unsigned int)SCRIPT_VERIFY_STRICTENC) (string("DERSIG"), (unsigned int)SCRIPT_VERIFY_DERSIG) (string("LOW_S"), (unsigned int)SCRIPT_VERIFY_LOW_S) + (string("SIGPUSHONLY"), (unsigned int)SCRIPT_VERIFY_SIGPUSHONLY) + (string("MINIMALDATA"), (unsigned int)SCRIPT_VERIFY_MINIMALDATA) (string("NULLDUMMY"), (unsigned int)SCRIPT_VERIFY_NULLDUMMY); unsigned int ParseScriptFlags(string strFlags) diff --git a/src/test/util_tests.cpp b/src/test/util_tests.cpp index 61daa0a3fe..761210feac 100644 --- a/src/test/util_tests.cpp +++ b/src/test/util_tests.cpp @@ -4,7 +4,7 @@ #include "util.h" -#include "core.h" +#include "core/transaction.h" #include "random.h" #include "sync.h" #include "utilstrencodings.h" diff --git a/src/txdb.cpp b/src/txdb.cpp index 8a73ce961c..0731d843f3 100644 --- a/src/txdb.cpp +++ b/src/txdb.cpp @@ -5,7 +5,6 @@ #include "txdb.h" -#include "core.h" #include "pow.h" #include "uint256.h" diff --git a/src/txmempool.cpp b/src/txmempool.cpp index b0d6b4aefa..c042dd8467 100644 --- a/src/txmempool.cpp +++ b/src/txmempool.cpp @@ -5,7 +5,6 @@ #include "txmempool.h" -#include "core.h" #include "streams.h" #include "util.h" #include "utilmoneystr.h" diff --git a/src/txmempool.h b/src/txmempool.h index 85cf5310ff..2ec80cb860 100644 --- a/src/txmempool.h +++ b/src/txmempool.h @@ -8,8 +8,9 @@ #include <list> +#include "amount.h" #include "coins.h" -#include "core.h" +#include "core/transaction.h" #include "sync.h" class CAutoFile; diff --git a/src/undo.h b/src/undo.h new file mode 100644 index 0000000000..232c193429 --- /dev/null +++ b/src/undo.h @@ -0,0 +1,71 @@ +// Copyright (c) 2009-2010 Satoshi Nakamoto +// Copyright (c) 2009-2013 The Bitcoin developers +// Distributed under the MIT software license, see the accompanying +// file COPYING or http://www.opensource.org/licenses/mit-license.php. + +#ifndef H_BITCOIN_TXUNDO +#define H_BITCOIN_TXUNDO + +#include "compressor.h" +#include "core/transaction.h" +#include "serialize.h" + +/** Undo information for a CTxIn + * + * Contains the prevout's CTxOut being spent, and if this was the + * last output of the affected transaction, its metadata as well + * (coinbase or not, height, transaction version) + */ +class CTxInUndo +{ +public: + CTxOut txout; // the txout data before being spent + bool fCoinBase; // if the outpoint was the last unspent: whether it belonged to a coinbase + unsigned int nHeight; // if the outpoint was the last unspent: its height + int nVersion; // if the outpoint was the last unspent: its version + + CTxInUndo() : txout(), fCoinBase(false), nHeight(0), nVersion(0) {} + CTxInUndo(const CTxOut &txoutIn, bool fCoinBaseIn = false, unsigned int nHeightIn = 0, int nVersionIn = 0) : txout(txoutIn), fCoinBase(fCoinBaseIn), nHeight(nHeightIn), nVersion(nVersionIn) { } + + unsigned int GetSerializeSize(int nType, int nVersion) const { + return ::GetSerializeSize(VARINT(nHeight*2+(fCoinBase ? 1 : 0)), nType, nVersion) + + (nHeight > 0 ? ::GetSerializeSize(VARINT(this->nVersion), nType, nVersion) : 0) + + ::GetSerializeSize(CTxOutCompressor(REF(txout)), nType, nVersion); + } + + template<typename Stream> + void Serialize(Stream &s, int nType, int nVersion) const { + ::Serialize(s, VARINT(nHeight*2+(fCoinBase ? 1 : 0)), nType, nVersion); + if (nHeight > 0) + ::Serialize(s, VARINT(this->nVersion), nType, nVersion); + ::Serialize(s, CTxOutCompressor(REF(txout)), nType, nVersion); + } + + template<typename Stream> + void Unserialize(Stream &s, int nType, int nVersion) { + unsigned int nCode = 0; + ::Unserialize(s, VARINT(nCode), nType, nVersion); + nHeight = nCode / 2; + fCoinBase = nCode & 1; + if (nHeight > 0) + ::Unserialize(s, VARINT(this->nVersion), nType, nVersion); + ::Unserialize(s, REF(CTxOutCompressor(REF(txout))), nType, nVersion); + } +}; + +/** Undo information for a CTransaction */ +class CTxUndo +{ +public: + // undo information for all txins + std::vector<CTxInUndo> vprevout; + + ADD_SERIALIZE_METHODS; + + template <typename Stream, typename Operation> + inline void SerializationOp(Stream& s, Operation ser_action, int nType, int nVersion) { + READWRITE(vprevout); + } +}; + +#endif // H_BITCOIN_TXUNDO diff --git a/src/utilmoneystr.cpp b/src/utilmoneystr.cpp index 95be06aa18..267a5b845c 100644 --- a/src/utilmoneystr.cpp +++ b/src/utilmoneystr.cpp @@ -5,7 +5,7 @@ #include "utilmoneystr.h" -#include "core.h" +#include "core/transaction.h" #include "tinyformat.h" #include "utilstrencodings.h" diff --git a/src/wallet.h b/src/wallet.h index 9b6895090c..768887e0cb 100644 --- a/src/wallet.h +++ b/src/wallet.h @@ -6,7 +6,9 @@ #ifndef BITCOIN_WALLET_H #define BITCOIN_WALLET_H -#include "core.h" +#include "amount.h" +#include "core/block.h" +#include "core/transaction.h" #include "crypter.h" #include "key.h" #include "keystore.h" |