aboutsummaryrefslogtreecommitdiff
path: root/src/script/sign.cpp
AgeCommit message (Collapse)Author
2021-02-11Merge #20211: Use -Wswitch for TxoutType where possibleMarcoFalke
fa650ca7f19307a9237e64ac311488c8947fc12a Use -Wswitch for TxoutType where possible (MarcoFalke) fa59e0b5bd2aed8380cc9b9e52791f662aecd6a6 test: Add missing script_standard_Solver_success cases (MarcoFalke) Pull request description: This removes unused `default:` cases for all `switch` statements on `TxoutType` and adds the cases (`MULTISIG`, `NULL_DATA`, `NONSTANDARD`) to `ExtractDestination` for clarity. Also, the compiler is now able to use `-Wswitch`. ACKs for top commit: practicalswift: cr ACK fa650ca7f19307a9237e64ac311488c8947fc12a: patch looks correct and `assert(false);` is better than UB :) hebasto: ACK fa650ca7f19307a9237e64ac311488c8947fc12a, I have reviewed the code and it looks OK, I agree it can be merged. Tree-SHA512: 282458b6523bd8923a0c0f5c423d1db2dce2a2d1b1d1dae455415c6fc995bb41ce82c1f9b0a1c0dcc6d874d171e04c30eca585f147582f52c7048c140358630a
2020-12-06Don't declare de facto const reference variables as non-constpracticalswift
2020-10-21Use -Wswitch for TxoutType where possibleMarcoFalke
2020-10-12Make Taproot spends standard + policy limitsPieter Wuille
This adds a `TxoutType::WITNESS_V1_TAPROOT` for P2TR outputs, and permits spending them in standardness rules. No corresponding `CTxDestination` is added for it, as that isn't needed until we want wallet integration. The taproot validation flags are also enabled for mempool transactions, and standardness rules are added (stack item size limit, no annexes).
2020-10-06scripted-diff: put ECDSA in name of signature functionsPieter Wuille
In preparation for adding Schnorr versions of `CheckSig`, `VerifySignature`, and `ComputeEntry`, give them an ECDSA specific name. -BEGIN VERIFY SCRIPT- sed -i 's/CheckSig(/CheckECDSASignature(/g' $(git grep -l CheckSig ./src) sed -i 's/VerifySignature(/VerifyECDSASignature(/g' $(git grep -l VerifySignature ./src) sed -i 's/ComputeEntry(/ComputeEntryECDSA(/g' $(git grep -l ComputeEntry ./src) -END VERIFY SCRIPT-
2020-07-15Do not turn OP_1NEGATE in scriptSig into 0x0181 in signing codePieter Wuille
Co-authored-by: Samuel Dobson <dobsonsa68@gmail.com>
2020-06-21scripted-diff: TxoutType C++11 scoped enum classMarcoFalke
-BEGIN VERIFY SCRIPT- # General rename helper: $1 -> $2 rename_global() { sed -i "s/\<$1\>/$2/g" $(git grep -l "$1"); } # Helper to rename TxoutType $1 rename_value() { sed -i "s/ TX_$1,/ $1,/g" src/script/standard.h; # First strip the prefix in the definition (header) rename_global TX_$1 "TxoutType::$1"; # Then replace globally } # Change the type globally to bring it in line with the style-guide # (clsses are UpperCamelCase) rename_global 'enum txnouttype' 'enum class TxoutType' rename_global 'txnouttype' 'TxoutType' # Now rename each enum value rename_value 'NONSTANDARD' rename_value 'PUBKEY' rename_value 'PUBKEYHASH' rename_value 'SCRIPTHASH' rename_value 'MULTISIG' rename_value 'NULL_DATA' rename_value 'WITNESS_V0_KEYHASH' rename_value 'WITNESS_V0_SCRIPTHASH' rename_value 'WITNESS_UNKNOWN' -END VERIFY SCRIPT-
2020-06-19Prefer explicit CScriptID constructionBen Woosley
2020-04-16scripted-diff: Bump copyright headersMarcoFalke
-BEGIN VERIFY SCRIPT- ./contrib/devtools/copyright_header.py update ./ -END VERIFY SCRIPT-
2020-03-09Clear any input_errors for an input after it is signedAndrew Chow
Make sure that there are no errors set for an input after it is signed. This is useful for when there are multiple ScriptPubKeyMans. Some may fail to sign, but one may be able to sign, and after it does, we don't want there to be any more errors there.
2020-03-08Refactor rawtransaction's SignTransaction into generic SignTransaction functionAndrew Chow
2020-01-23Always try to sign for all pubkeys in multisigAndrew Chow
2019-12-30scripted-diff: Bump copyright of files changed in 2019MarcoFalke
-BEGIN VERIFY SCRIPT- ./contrib/devtools/copyright_header.py update ./ -END VERIFY SCRIPT-
2019-10-02Merge #13266: refactor: privatize SignatureExtractorChecker [moveonly]Wladimir J. van der Laan
73aaf4ecf825a4d18c802ca5dd3856ce9096915e Make SignatureExtractorChecker private to its own file (Ben Woosley) Pull request description: ~If we add a CTxIn constructor to SignatureData, then constructing the SignatureData directly is no more verbose than calling DataFromTransaction, and grants the caller additional flexibiliy in how to provide the CTxIn.~ A simple change to enhance encapsulation. ACKs for top commit: MarcoFalke: utACK 73aaf4ecf825a4d18c802ca5dd3856ce9096915e laanwj: ACK 73aaf4ecf825a4d18c802ca5dd3856ce9096915e Tree-SHA512: f7eafbce22b0e9917a8487e88d1f5a1061f2a0959ae1a097cbd9c8ea0d774edfb807da56813cb5fb26f6ca98499a0604a8ff024c198a7c8dc755164de66d972a
2019-07-09Move various SigningProviders to signingprovider.{cpp,h}Andrew Chow
Moves all of the various SigningProviders out of sign.{cpp,h} and keystore.{cpp,h}. As such, keystore.{cpp,h} is also removed. Includes and the Makefile are updated to reflect this. Includes were largely changed using: git grep -l "keystore.h" | xargs sed -i -e 's;keystore.h;script/signingprovider.h;g'
2019-05-10Abstract out IsSegWitOutput from utxoupdatepsbtPieter Wuille
This is not a pure refactor; additional functionality is added in IsSegWitOutput which lets it recurse into P2SH when a SigningProvider is provided that knows about the inner script.
2019-04-04Keep full pubkeys in FlatSigningProvider::originsPieter Wuille
2019-03-04Make SignatureExtractorChecker private to its own fileBen Woosley
It's only used here in DataFromTransaction
2019-02-16Figure out what is missing during signingAndrew Chow
When signing an input, figure out what was requested for but was unable to be found and store it in a SignatureData. Return this information in SignPSBTInput.
2019-02-11Move PSBT definitions and code to separate filesGlenn Willen
Move non-wallet PSBT code to src/psbt.{h,cpp}, and PSBT wallet code to src/wallet/psbtwallet.{h,cpp}. This commit contains only code movement (and adjustments to includes and Makefile.am.)
2018-12-17 Minimal changes to comply with explicit CMutableTransaction -> CTranaction ↵lucash-dev
conversion. This commit makes the minimal changes necessary to fix compilation once CTransaction(const CMutableTransaction &tx) is made explicit. In each case an explicit call `CTransaction(...)` was added. Shouldn't affect behaviour or performance.
2018-11-28[refactor] Add a base DescriptorImpl with most common logicPieter Wuille
2018-11-23Merge #14678: [wallet] remove redundant KeyOriginInfo access, already done ↵Wladimir J. van der Laan
in CreateSig b81a1860561ccbda3cd6913f54e49fdc91c7718c GetPubKey: make sigdata const (Gregory Sanders) f7beb95a1f921ed292680fbd2f042b4bac73bf59 remove redundant KeyOriginInfo access, already done in CreateSig (Gregory Sanders) Pull request description: This redundancy is confusing as it looks like pubkeyhashes are special in some way based on where it's called. Tree-SHA512: a980b7c774c6d69322945227a2b156489fb1991ebf57fe6f26096d5f8047f246a133debc241b05af67810f604b040079add3ab3d30d9e2928095905a2afe17eb
2018-11-13GetPubKey: make sigdata constGregory Sanders
2018-11-12remove redundant KeyOriginInfo access, already done in CreateSigGregory Sanders
2018-11-09Merge #14689: Require a public key to be retrieved when signing a P2PKH inputPieter Wuille
6b8d86ddb8 Require a public key to be retrieved when signing a P2PKH input (Andrew Chow) Pull request description: If we do not have the public key for a P2PKH input, we should not continue to attempt to sign for it. This fixes a problem where a PSBT with a P2PKH output would include invalid BIP 32 derivation paths that are missing the public key. Tree-SHA512: 850d5e74c06833da937d5bf0348bd134180be7167b6f9b9cecbf09f75e3543fbad60d0abbc0b9afdfa51ce165aa36168849f24a7c5abf1e75f37ce8f9a13d127
2018-11-08Require a public key to be retrieved when signing a P2PKH inputAndrew Chow
If we do not have the public key for a P2PKH input, we should not continue to attempt to sign for it.
2018-11-01Refactor PSBTInput signing to enforce invariantGlenn Willen
Refactor the process of PSBTInput signing to enforce the invariant that a PSBTInput always has _either_ a witness_utxo or a non_witness_utxo, never both. This simplifies the logic of SignPSBTInput slightly, since it no longer has to deal with the "both" case. When calling it, we now give it, in order of preference: (1) whichever of the utxo fields was already present in the PSBT we received, or (2) if neither, the non_witness_utxo field, which is just a copy of the input transaction, which we get from the wallet. SignPSBTInput no longer has to remove one of the two fields; instead, it will check if we have a witness signature, and if so, it will replace the non_witness_utxo with the witness_utxo (which is smaller, as it is just a copy of the output being spent.) Add PSBTInput::IsSane checks in two more places, which checks for both utxo fields being present; we will now give an RPC error early on if we are supplied such a malformed PSBT to fill in. Also add a check to FillPSBT, to avoid touching any input that is already signed. (This is now redundant, since we should no longer potentially harm an already-signed input, but it's harmless.) fixes #14473
2018-11-01Simplify arguments to SignPSBTInputGlenn Willen
Remove redundant arguments to SignPSBTInput -- since it needs several bits of the PartiallySignedTransaction, pass in a reference instead of doing it piecemeal. This saves us having to pass in both a PSBTInput and its index, as well as having to pass in the CTransaction. Also avoid redundantly passing the sighash_type, which is contained in the PSBTInput already.
2018-11-01Add bool PSBTInputSignedGlenn Willen
Refactor out a "PSBTInputSigned" function to check if a PSBT is signed, for use in subsequent commits. Also improve a related comment.
2018-11-01New PartiallySignedTransaction constructor from CTransctionGlenn Willen
New constructor that creates a PartiallySignedTransaction from a CTransaction, automatically sizing the inputs and outputs vectors for convenience.
2018-11-01Merge #14197: [psbt] Convert non-witness UTXOs to witness if witness sig createdWladimir J. van der Laan
862d159d635c1de219d94e030b186a745fe28eb9 Add test for conversion from non-witness to witness UTXO (Pieter Wuille) f8c1714634445542a16ac01d128d8ad2b2810e19 Convert non-witness UTXOs to witness if witness sig created (Andrew Chow) Pull request description: If a witness signature was created when a non-witness UTXO is used, convert the non-witness UTXO to a witness one. Port of #14196 to master. Tree-SHA512: 2235eeb008ffa48e821628032d689e4a83bff6c29b93fa050ab2ee492b0e67b3a30f29a680d4a0e574e05c3a2f9edf0005e161fbe25b7aef2acd034a2424e2f2
2018-10-20Add key origin support to descriptorsPieter Wuille
2018-10-07Stop requiring imported pubkey to sign non-PKH schemesPieter Wuille
2018-09-22Convert non-witness UTXOs to witness if witness sig createdAndrew Chow
If a witness signature was created when a non-witness UTXO is used, convert the non-witness UTXO to a witness one.
2018-08-28Merge #13723: PSBT key path cleanupsWladimir J. van der Laan
917353c8b0eff4cd95f9a5f7719f6756bb8338b1 Make SignPSBTInput operate on a private SignatureData object (Pieter Wuille) cad5dd2368109ec398a3b79c8b9e94dfd23f0845 Pass HD path data through SignatureData (Pieter Wuille) 03a99586a398ee38f40c3b72d24c6a2ba4b88579 Implement key origin lookup in CWallet (Pieter Wuille) 3b01efa0d1bf3d23d1b7b7e518849f1fc26314f9 [MOVEONLY] Move ParseHDKeypath to utilstrencodings (Pieter Wuille) 81e1dd5ce1a32114a38691ec6b55e72ab04dbbb1 Generalize PublicOnlySigningProvider into HidingSigningProvider (Pieter Wuille) 84f1f1bfdf900cd28099e428441aa42f9d11a0ed Make SigningProvider expose key origin information (Pieter Wuille) 611ab307fbd8b6f8f7ffc1d569bb86d1f9cb4e92 Introduce KeyOriginInfo for fingerprint + path (Pieter Wuille) Pull request description: This PR adds "key origin" (master fingeprint + key path) information to what is exposed from `SigningProvider`s, allowing this information to be used by the generic PSBT code instead of having the RPC pull it directly from the wallet. This is also a preparation to having PSBT interact with output descriptors, which can then directly expose key origin information for the scripts they generate. Tree-SHA512: c718382ba8ba2d6fc9a32c062bd4cff08b6f39b133838aa03115c39aeca0f654c7cc3ec72d87005bf8306e550824cd8eb9d60f0bd41784a3e22e17b2afcfe833
2018-08-25Merge #13429: Return the script type from SolverWladimir J. van der Laan
984d72ec659361d8c1a6f3c6864e839a807817a7 Return the script type from Solver (Ben Woosley) Pull request description: Because false is synonymous with TX_NONSTANDARD, this conveys the same information and makes the handling explicitly based on script type, simplifying each call site. Prior to this change it was common for the return value to be ignored, or for the return value and TX_NONSTANDARD to be redundantly handled. Tree-SHA512: 31864f856b8cb75f4b782d12678070e8b1cfe9665c6f57cfb25e7ac8bcea8a22f9a78d7c8cf0101c841f2a612400666fb91798bffe88de856e98b873703b0965
2018-08-13Make SignPSBTInput operate on a private SignatureData objectPieter Wuille
2018-08-13Pass HD path data through SignatureDataPieter Wuille
2018-08-13Generalize PublicOnlySigningProvider into HidingSigningProviderPieter Wuille
2018-08-13Make SigningProvider expose key origin informationPieter Wuille
2018-08-13Additional sanity checks in SignPSBTInputPieter Wuille
2018-08-13Merge #13534: Don't assert(foo()) where foo() has side effectsMarcoFalke
6ad0328f1c Don't assert(foo()) where foo has side effects (practicalswift) Pull request description: Don't `assert(foo())` where `foo` has side effects. From `assert(3)`: > If the macro `NDEBUG` is defined at the moment `<assert.h>` was last included, the macro `assert()` generates no code, and hence does nothing at all. Bitcoin currently cannot be compiled without assertions, but we shouldn't rely on that. Tree-SHA512: 28cff0c6d1c2fb612ca58c9c94142ed01c5cfd0a2fecb8e59cdb6c270374b215d952ed3491d921d84dc1b439fa49da4f0e75e080f6adcbc6b0e08be14e54c170
2018-08-13Merge #13666: Always create signatures with Low R valuesWladimir J. van der Laan
e306be742932d4ea5aca0ea4768e54b2fc3dc6a0 Use 72 byte dummy signatures when watching only inputs may be used (Andrew Chow) 48b1473c898129a99212e2db36c61cf93625ea17 Use 71 byte signature for DUMMY_SIGNATURE_CREATOR (Andrew Chow) 18dfea0dd082af18dfb02981b7ee1cd44d514388 Always create 70 byte signatures with low R values (Andrew Chow) Pull request description: When creating signatures for transactions, always make one which has a 32 byte or smaller R and 32 byte or smaller S value. This results in signatures that are always less than 71 bytes (32 byte R + 32 byte S + 6 bytes DER + 1 byte sighash) with low R values. In most cases, the signature will be 71 bytes. Because R is not mutable in the same way that S is, a low R value can only be found by trying different nonces. RFC 6979 for deterministic nonce generation has the option to specify additional entropy, so we simply use that and add a uin32_t counter which we increment in order to try different nonces. Nonces are sill deterministically generated as the nonce used will the be the first one where the counter results in a nonce that results in a low R value. Because different nonces need to be tried, time to produce a signature does increase. On average, it takes twice as long to make a signature as two signatures need to be created, on average, to find one with a low R. Having a fixed size signature makes size calculations easier and also saves half a byte of transaction size, on average. DUMMY_SIGNATURE_CREATOR has been modified to produce 71 byte dummy signatures instead of 72 byte signatures. Tree-SHA512: 3cd791505126ce92da7c631856a97ba0b59e87d9c132feff6e0eef1dc47768e81fbb38bfbe970371bedf9714b7f61a13a5fe9f30f962c81734092a4d19a4ef33
2018-08-09Use 72 byte dummy signatures when watching only inputs may be usedAndrew Chow
With watching only inputs, we do not know how large the signatures for those inputs will be as their signers may not have implemented 71 byte signatures. Thus we estimate their fees using the 72 byte dummy signature to ensure that we pay enough fees. This only effects fundrawtransaction when includeWatching is true.
2018-08-09Use 71 byte signature for DUMMY_SIGNATURE_CREATORAndrew Chow
Changes DUMMY_SIGNATURE_CREATOR to create 71 byte dummy signatures. Update comments to reflect this change
2018-08-08Merge #13780: 0.17: Pre-branch maintenanceWladimir J. van der Laan
3fc20632a3ad30809356a58d2cf0ea4a4ad4cec3 qt: Set BLOCK_CHAIN_SIZE = 220 (DrahtBot) 2b6a2f4a28792f2fe9dc1be843b1ff1ecae35e8a Regenerate manpages (DrahtBot) eb7daf4d600eeb631427c018a984a77a34aca66e Update copyright headers to 2018 (DrahtBot) Pull request description: Some trivial maintenance to avoid having to do it again after the 0.17 branch off. (The scripts to do this are in `./contrib/`) Tree-SHA512: 16b2af45e0351b1c691c5311d48025dc6828079e98c2aa2e600dc5910ee8aa01858ca6c356538150dc46fe14c8819ed8ec8e4ec9a0f682b9950dd41bc50518fa
2018-07-27Add simple FlatSigningProviderPieter Wuille
2018-07-27Update copyright headers to 2018DrahtBot
2018-07-25Merge #13721: Bugfixes for BIP 174 combining and deserializationWladimir J. van der Laan
fad231ad41e12b7047deb64220942ca8cb8357bc Fix merging of global unknown data in PSBTs (Andrew Chow) 41df035ee1694715ee1e0f89b08ac8c73987807b Check that PSBT keys are the correct length (Andrew Chow) Pull request description: This PR fixes a few bugs that were found and adds tests checking for these errors. Specifically: - Single byte keys are checked to actually be one byte. - Unknown global data must be merged when combining two PSBTs. Tree-SHA512: c0e7b4bc607d510cc005aaa7c0813ee58c5467ab7ce4adce485522dfeee92b1af3d29fe89df778b0ea812bb3827e085b30e04d4f4ebcefd8364d809573991332