aboutsummaryrefslogtreecommitdiff
path: root/src/script.cpp
AgeCommit message (Collapse)Author
2012-10-20UltraprunePieter Wuille
This switches bitcoin's transaction/block verification logic to use a "coin database", which contains all unredeemed transaction output scripts, amounts and heights. The name ultraprune comes from the fact that instead of a full transaction index, we only (need to) keep an index with unspent outputs. For now, the blocks themselves are kept as usual, although they are only necessary for serving, rescanning and reorganizing. The basic datastructures are CCoins (representing the coins of a single transaction), and CCoinsView (representing a state of the coins database). There are several implementations for CCoinsView. A dummy, one backed by the coins database (coins.dat), one backed by the memory pool, and one that adds a cache on top of it. FetchInputs, ConnectInputs, ConnectBlock, DisconnectBlock, ... now operate on a generic CCoinsView. The block switching logic now builds a single cached CCoinsView with changes to be committed to the database before any changes are made. This means no uncommitted changes are ever read from the database, and should ease the transition to another database layer which does not support transactions (but does support atomic writes), like LevelDB. For the getrawtransaction() RPC call, access to a txid-to-disk index would be preferable. As this index is not necessary or even useful for any other part of the implementation, it is not provided. Instead, getrawtransaction() uses the coin database to find the block height, and then scans that block to find the requested transaction. This is slow, but should suffice for debug purposes.
2012-10-20Compact serialization for scriptsPieter Wuille
Special serializers for script which detect common cases and encode them much more efficiently. 3 special cases are defined: * Pay to pubkey hash (encoded as 21 bytes) * Pay to script hash (encoded as 21 bytes) * Pay to pubkey starting with 0x02, 0x03 or 0x04 (encoded as 33 bytes) Other scripts up to 121 bytes require 1 byte + script length. Above that, scripts up to 16505 bytes require 2 bytes + script length.
2012-10-20Merge pull request #1742 from sipa/canonicalJeff Garzik
Check for canonical public keys and signatures
2012-09-25Documented bug in sign-extension behavior of opcodes OP_AND, OP_OR, and OP_XOR.Mark Friedenbach
Due to a bug in the implementation of MakeSameSize(), using OP_AND, OP_OR, or OP_XOR with signed values of unequal size will result in the sign-value becoming part of the smaller integer, with nonsensical results. This patch documents the unexpected behavior and provides the basis of a solution should decision be made to fix the bug in the future.
2012-09-21Check for canonical public keys and signaturesPieter Wuille
Only enabled inside tests for now.
2012-08-24Avoid leaving return types or function attributes on their own lines.Gregory Maxwell
2012-08-01Bugfix: Correct English grammar regarding "'s"Luke Dashjr
2012-08-01Bugfix: Fix a variety of misspellingsLuke Dashjr
2012-07-05Use unsigned ints to fix signed/unsigned warningsGavin Andresen
2012-07-05Implement raw transaction RPC callsGavin Andresen
Implement listunspent / getrawtransaction / createrawtransaction / signrawtransaction, to support creation and signing-on-multiple-device multisignature transactions.
2012-07-05Refactor: SignSignature/VerifyScriptGavin Andresen
Minor refactor to support signrawtx signing/verifying transactions when it might only have the previous transaction's txid and txOut.
2012-05-24Refactor: split CKeyID/CScriptID/CTxDestination from CBitcoinAddressPieter Wuille
This introduces internal types: * CKeyID: reference (hash160) of a key * CScriptID: reference (hash160) of a script * CTxDestination: a boost::variant of the former two CBitcoinAddress is retrofitted to be a Base58 encoding of a CTxDestination. This allows all internal code to only use the internal types, and only have RPC and GUI depend on the base58 code. Furthermore, the header dependencies are a lot saner now. base58.h is at the top (right below rpc and gui) instead of at the bottom. For the rest: wallet -> script -> keystore -> key. Only keystore still requires a forward declaration of CScript. Solving that would require splitting script into two layers.
2012-05-24Encapsulate public keys in CPubKeyPieter Wuille
2012-05-22Move signature cache from CKey::Verify to CheckSig in script.cppGavin Andresen
More than doubles the speed of verifying already-cached signatures that use compressed pubkeys: Before: ~200 microseconds After: ~80 microseconds (no caching at all: ~3,300 microseconds per signature) Also encapsulates the signature cache code in a class and fixes a signed/unsigned comparison warning.
2012-05-18Update License in File HeadersFordy
I originally created a pull to replace the "COPYING" in crypter.cpp and crypter.h, but it turned out that COPYING was actually the correct file.
2012-05-01EvalScript(): cast to avoid signed/unsigned warningJeff Garzik
2012-04-26Undo part of c2e8c8ac to fix issue#1148Gavin Andresen
2012-04-23Add casts for unavoidable signed/unsigned comparisonsJeff Garzik
At these code sites, it is preferable to cast rather than change a variable's type.
2012-04-23SigOp and orphan-tx constants and counts are always unsigned.Jeff Garzik
Fixes several sign-comparison warnings.
2012-04-22Prefer 'unsigned int' for loop index variables tested against ::size()Jeff Garzik
C++ STL ::size() generally returns unsigned, which implies that "int idx" style of loop variable will generate a signed-vs-unsigned comparison warning when testing the loop exit condition "idx < blah.size()" Update areas of the bitcoin code where loop variables may be more properly and correctly defined as unsigned.
2012-04-17Further reduce header dependenciesPieter Wuille
This commit removes the dependency of serialize.h on PROTOCOL_VERSION, and makes this parameter required instead of implicit. This is much saner, as it makes the places where changing a version number can have an influence obvious.
2012-04-17Remove headers.hPieter Wuille
2012-04-15fix warnings: unused variable 'XX' [-Wunused-variable]Wladimir J. van der Laan
2012-02-07Update all copyrights to 2012Gavin Andresen
2012-01-19Make transactions with extra data in their scriptSig's non-standard.Gavin Andresen
2012-01-13Replace OP_EVAL (BIP 12) with Pay-to-script-hash (BIP 16).Gavin Andresen
2012-01-13Remove not-used-anywhere scriptPrereq from SignSignature()Gavin Andresen
2012-01-03make sure IsMine only returns true when we own all keyscoderrr
2011-12-27Fix OP_EVAL recursion depth countingWladimir J. van der Laan
2011-12-22Fix broken ExtractAddress (refactored, made callers check for addresses in ↵Gavin Andresen
keystore if they care)
2011-12-19Update bitcoin address numbers for latest luke-jr/sipa schemeGavin Andresen
2011-12-19Use block times for 'hard' OP_EVAL switchover, and refactored EvalScriptGavin Andresen
so it takes a flag for how to interpret OP_EVAL. Also increased IsStandard size of scriptSigs to 500 bytes, so a 3-of-3 multisig transaction IsStandard.
2011-12-19Interpret OP_EVAL as OP_NOP until Feb 1, 2012Gavin Andresen
2011-12-19OP_EVAL implementationGavin Andresen
OP_EVAL is a new opcode that evaluates an item on the stack as a script. It enables a new type of bitcoin address that needs an arbitrarily complex script to redeem.
2011-12-19Support 3 new multisignature IsStandard transactionsGavin Andresen
Initial support for (a and b), (a or b), and 2-of-3 escrow transactions (where a, b, and c are keys).
2011-12-19Collapse no-op ExtractAddress/ExtractAddressInnerGavin Andresen
2011-09-02Merge branch 'master' of https://github.com/bitcoin/bitcoinWladimir J. van der Laan
Conflicts: src/main.cpp
2011-08-31Fix rpc-hanging deadlocksGavin Andresen
Collapsed multiple wallet mutexes to a single cs_wallet, to avoid deadlocks with wallet methods that acquired locks in different order. Also change master RPC call handler to acquire cs_main and cs_wallet locks before executing RPC calls; requiring each RPC call to acquire the right set of locks in the right order was too error-prone.
2011-08-16Merge branch 'master' of https://github.com/bitcoin/bitcoinWladimir J. van der Laan
2011-08-09Unify copyright notices.Matt Corallo
To a variation on: // Copyright (c) 2009-2010 Satoshi Nakamoto // Copyright (c) 2011 The Bitcoin developers
2011-07-27Merge branch 'master' of https://github.com/bitcoin/bitcoinWladimir J. van der Laan
Conflicts: src/script.cpp
2011-07-26Bugfix: don't overuse limited ExtractAddressPieter Wuille
ExtractAddress was called with the keystore as argument in RPC and UI, limiting results to own keys. This caused empty "address" fields.
2011-07-26Merge remote branch 'upstream/master'Wladimir J. van der Laan
Conflicts: src/bitcoinrpc.cpp
2011-07-17split off CBase58Data from CBitcoinAddressPieter Wuille
Split off features unrelated to addresses from CBitcoinAddress to CBase58Data, so they can be reused.
2011-07-17Use CBitcoinAddress instead of string/uint160Pieter Wuille
Instead of conversion functions between pubkey/uint160/address in base58.h, have a fully fledged class CBitcoinAddress (CAddress was already taken) to represent addresses.
2011-07-17get rid of mapPubKeysPieter Wuille
Make CKeyStore's interface work on uint160's instead of pubkeys, so no separate global mapPubKeys is necessary anymore.
2011-07-13fix warning: X enumeration values not handled in switch [-Wswitch-enum]Giel van Schijndel
Add default cases to opcode switches to assert that they should never occur. Signed-off-by: Giel van Schijndel <me@mortis.eu>
2011-07-13Do not use obsolete CPrivKey for passing keys aroundPieter Wuille
2011-07-13Add wallet privkey encryption.Matt Corallo
This commit adds support for ckeys, or enCrypted private keys, to the wallet. All keys are stored in memory in their encrypted form and thus the passphrase is required from the user to spend coins, or to create new addresses. Keys are encrypted with AES-256-CBC using OpenSSL's EVP library. The key is calculated via EVP_BytesToKey using SHA512 with (by default) 25000 rounds and a random salt. By default, the user's wallet remains unencrypted until they call the RPC command encryptwallet <passphrase> or, from the GUI menu, Options-> Encrypt Wallet. When the user is attempting to call RPC functions which require the password to unlock the wallet, an error will be returned unless they call walletpassphrase <passphrase> <time to keep key in memory> first. A keypoolrefill command has been added which tops up the users keypool (requiring the passphrase via walletpassphrase first). keypoolsize has been added to the output of getinfo to show the user the number of keys left before they need to specify their passphrase (and call keypoolrefill). Note that walletpassphrase will automatically fill keypool in a separate thread which it spawns when the passphrase is set. This could cause some delays in other threads waiting for locks on the wallet passphrase, including one which could cause the passphrase to be stored longer than expected, however it will not allow the passphrase to be used longer than expected as ThreadCleanWalletPassphrase will attempt to get a lock on the key as soon as the specified lock time has arrived. When the keypool runs out (and wallet is locked) GetOrReuseKeyFromPool returns vchDefaultKey, meaning miners may start to generate many blocks to vchDefaultKey instead of a new key each time. A walletpassphrasechange <oldpassphrase> <newpassphrase> has been added to allow the user to change their password via RPC. Whenever keying material (unencrypted private keys, the user's passphrase, the wallet's AES key) is stored unencrypted in memory, any reasonable attempt is made to mlock/VirtualLock that memory before storing the keying material. This is not true in several (commented) cases where mlock/VirtualLocking the memory is not possible. Although encryption of private keys in memory can be very useful on desktop systems (as some small amount of protection against stupid viruses), on an RPC server, the password is entered fairly insecurely. Thus, the only main advantage encryption has for RPC servers is for RPC servers that do not spend coins, except in rare cases, eg. a webserver of a merchant which only receives payment except for cases of manual intervention. Thanks to jgarzik for the original patch and sipa, gmaxwell and many others for all their input. Conflicts: src/wallet.cpp
2011-07-08Prepare codebase for Encrypted Keys.Pieter Wuille