aboutsummaryrefslogtreecommitdiff
path: root/src/script
AgeCommit message (Collapse)Author
2021-06-22Disallow bech32m addresses for legacy wallet thingsAndrew Chow
We don't want the legacy wallet to ever have bech32m addresses so don't allow importing them. This includes addmultisigaddress as that is a legacy wallet only RPC Additionally, bech32m multisigs are not available yet, so disallow them in createmultisig.
2021-06-22Use BECH32M for tr() desc, WitV1Taproot, and WitUnknown CTxDestsAndrew Chow
The tr() descriptor, WitnessV1Taproot CTxDestination, and WitnessUnknown CTxDestination are OutputType::BECH32M so they should report as such.
2021-06-18Taproot descriptor inferencePieter Wuille
2021-06-18consensus refactor: extract ComputeTapleafHash, ComputeTaprootMerkleRootPieter Wuille
2021-06-14refactor: Pass script verify flags as uint32_tMarcoFalke
They are cast to unsigned anyway when calling VerifyScript, bitcoinconsensus_verify_script*, or CountWitnessSigOps.
2021-06-12Add support for SIGHASH_DEFAULT in RPCs, and make it defaultPieter Wuille
For non-Taproot signatures, this is interpreted as SIGHASH_ALL.
2021-06-12Basic Taproot signing logic in script/sign.cppPieter Wuille
2021-06-12Construct and use PrecomputedTransactionData in SignTransactionPieter Wuille
2021-06-12Don't nuke witness data when signing failsPieter Wuille
2021-06-12Permit full precomputation in PrecomputedTransactionDataPieter Wuille
At verification time, the to be precomputed data can be inferred from the transaction itself. For signing, the necessary witnesses don't exist yet, so just permit precomputing everything in that case.
2021-06-12Add precomputed txdata support to MutableTransactionSignatureCreatorPieter Wuille
This provides a means to pass in a PrecomputedTransactionData object to the MutableTransactionSignatureCreator, allowing the prevout data to be passed into the signature hashers. It is also more efficient.
2021-06-12Use HandleMissingData also in CheckSchnorrSignaturePieter Wuille
2021-06-12Add TaprootSpendData data structure, equivalent to script map for P2[W]SHPieter Wuille
This data structures stores all information necessary for spending a taproot output (the internal key, the Merkle root, and the control blocks for every script leaf). It is added to signing providers, and populated by the tr() descriptor.
2021-05-24Add tr() descriptor (derivation only, no signing)Pieter Wuille
This adds a new descriptor with syntax e.g. tr(KEY,{S1,{{S2,S3},S4}) where KEY is a key expression for the internal key and S_i are script expression for the leaves. They have to be organized in nested {A,B} groups, with exactly two elements. tr() only exists at the top level, and inside the script expressions only pk() scripts are allowed for now.
2021-05-24Add TaprootBuilder classPieter Wuille
This class functions as a utility for building taproot outputs, from internal key and script leaves.
2021-05-24Make consensus checking of tweaks in pubkey.* Taproot-specificPieter Wuille
That results in a much safer interface (making the tweak commit to the key implicitly using a fixed tag means it can't be used for unrelated tweaking).
2021-05-24Separate WitnessV1Taproot variant in CTxDestinationPieter Wuille
2021-05-24Avoid dependence on CTxDestination index orderPieter Wuille
2021-05-24Change Solver() output for WITNESS_V1_TAPROOTPieter Wuille
This is just a small simplification to prepare for the follow-up instruction of a CTxDestination variant for taproot outputs. In the old code, WITNESS_V1_TAPROOT and WITNESS_UNKNOWN both produced {version, program} as Solver() output. Change this so that WITNESS_V1_TAPROOT produces just {program}, like WITNESS_V0_* do.
2021-05-11move-only: Add util/hash_typeMarcoFalke
Can be reviewed with --color-moved=dimmed-zebra
2021-05-04refactor: Replace &foo[0] with foo.data()MarcoFalke
2021-05-04refactor: Use CPubKey vector constructor where possibleMarcoFalke
2021-05-04script: Replace address-of idiom with vector data() methodGuido Vranken
2021-04-28script: allow up to 20 keys in wsh() descriptorsAntoine Poinsot
Signed-off-by: Antoine Poinsot <darosior@protonmail.com>
2021-04-28script: match multisigs with up to MAX_PUBKEYS_PER_MULTISIG keysAntoine Poinsot
We were previously ruling out 17-20 pubkeys multisig, while they are only invalid under P2SH context. This makes multisigs with up to 20 keys be detected as valid by the solver. This is however *not* a policy change as it would only apply to bare multisigs, which are already limited to 3 pubkeys. Note that this does not change the sigOpCount calculation (as it would break consensus). Therefore 1-16 keys multisigs are counted as 1-16 sigops and 17-20 keys multisigs are counted as 20 sigops. Signed-off-by: Antoine Poinsot <darosior@protonmail.com>
2021-04-27doc: IsFinalTx comment about nSequence & OP_CLTVYuval Kogman
It's somewhat surprising that a transaction's nLockTime field is ignored when all nSequence fields are final, so this change aims to clarify this behavior and cross reference relevant details of OP_CHECKLOCKTIMEVERIFY.
2021-04-20doc: Fix doxygen comment silent merge conflict in descriptor.cppW. J. van der Laan
It looks like #21238 introduced a silent merge conflict in the documentation, which fails with `-Wdocumentation` in the CI.
2021-04-20Merge #21238: A few descriptor improvements to prepare for Taproot supportW. J. van der Laan
0b188b751f970027c52729e0c223cc9257669322 Clean up context dependent checks in descriptor parsing (Pieter Wuille) 33275a96490445e293c322a29a3b146ccb91083c refactor: move uncompressed-permitted logic into ParsePubkey* (Pieter Wuille) 17e006ff8d5e42f22474c5191d1b745bbc97571f refactor: split off subscript logic from ToStringHelper (Pieter Wuille) 6ba5dda0c9de75196c6a427d9e59d39e5a41bff7 Account for key cache indices in subexpressions (Pieter Wuille) 4441c6f3c046c0b28ce3f0ca6d938af71d797586 Make DescriptorImpl support multiple subscripts (Pieter Wuille) a917478db0788b244c0c799b98bf67a94df7035e refactor: move population of out.scripts from ExpandHelper to MakeScripts (Pieter Wuille) 84f3939ece9f4901141b28fd2dd6e3899d01d66e Remove support for subdescriptors expanding to multiple scripts (Pieter Wuille) Pull request description: These are a few refactors and non-invasive improvements to the descriptors code to prepare for adding Taproot descriptors. None of the commits change behavior in any way, except the last one which improves error reporting a bit. ACKs for top commit: S3RK: reACK 0b188b7 Sjors: re-ACK 0b188b7 achow101: re-ACK 0b188b751f970027c52729e0c223cc9257669322 Tree-SHA512: cb4e999134aa2bace0e13d4883454c65bcf1369e1c8585d93cc6444ddc245f3def5a628d58af7dab577e9d5a4a75d3bb46f766421fcc8cc5c85c01a11f148b3f
2021-04-13Merge #21330: Deal with missing data in signature hashes more consistentlyfanquake
725d7ae0494d4a45f5a840bbbd19c008a7363965 Use PrecomputedTransactionData in signet check (Pieter Wuille) 497718b467330b2c6bb0d44786020c55f1aa75f9 Treat amount<0 also as missing data for P2WPKH/P2WSH (Pieter Wuille) 3820090bd619ac85ab35eff376c03136fe4a9f04 Make all SignatureChecker explicit about missing data (Pieter Wuille) b77b0cc507bdc716e5236b1d9880e648147e0af9 Add MissingDataBehavior and make TransactionSignatureChecker handle it (Pieter Wuille) Pull request description: Currently we have 2 levels of potentially-missing data in the transaction signature hashes: * P2WPKH/P2WSH hashes need the spent amount * P2TR hashes need all spent outputs (amount + scriptPubKey) Missing amounts are treated as -1 (thus leading to unexpected signature failures), while missing outputs in P2TR validation cause assertion failure. This is hard to extend for signing support, and also quite ugly in general. In this PR, an explicit configuration option to {Mutable,}TransactionSignatureChecker is added (MissingDataBehavior enum class) to either select ASSERT_FAIL or FAIL. Validation code passes ASSERT_FAIL (as at validation time all data should always be passed, and anything else is a serious bug in the code), while signing code uses FAIL. The existence of the ASSERT_FAIL option is really just an abundance of caution. Always using FAIL should be just fine, but if there were for some reason a code path in consensus code was introduced that misses certain data, I think we prefer as assertion failure over silently introducing a consensus change. Potentially useful follow-ups (not for this PR, in my preference): * Having an explicit script validation error code for missing data. * Having a MissingDataBehavior::SUCCEED option as well, for use in script/sign.cpp DataFromTransaction (if a signature is present in a witness, and we don't have enough data to fully validate it, we should probably treat it as valid and not touch it). ACKs for top commit: sanket1729: reACK 725d7ae0494d4a45f5a840bbbd19c008a7363965 Sjors: ACK 725d7ae0494d4a45f5a840bbbd19c008a7363965 achow101: re-ACK 725d7ae0494d4a45f5a840bbbd19c008a7363965 benthecarman: ACK 725d7ae0494d4a45f5a840bbbd19c008a7363965 fjahr: Code review ACK 725d7ae0494d4a45f5a840bbbd19c008a7363965 Tree-SHA512: d67dc51bae9ca7ef6eb9acccefd682529f397830f77d74cd305500a081ef55aede0e9fa380648c3a8dd4857aa7eeb1ab54fe808979d79db0784ac94ceb31b657
2021-04-07Merge #21166: Introduce DeferredSignatureChecker and have ↵fanquake
SignatureExtractorClass subclass it a97a9298cea085858e1a65a5e9b20d7a9e0f7303 Test that signrawtx works when a signed CSV and CLTV inputs are present (Andrew Chow) 6965456c10c9c4025c71c5e24fa5b27b15e5933a Introduce DeferringSignatureChecker and inherit with SignatureExtractor (Andrew Chow) Pull request description: Previously SignatureExtractorChecker took a MutableTransactionSignatureChecker and passed through function calls to that. However not all functions were implemented so not everything passed through as it should have. To solve this, SignatureExctractorChecker now implements all of those functions via a new class - DeferredSignatureChecker. DeferredSignatureChecker is introduced to allow for future signature checkers which use another SignatureChecker but need to be able to do somethings outside of just the signature checking. Fixes #21151 ACKs for top commit: sipa: utACK a97a9298cea085858e1a65a5e9b20d7a9e0f7303 meshcollider: Code review ACK a97a9298cea085858e1a65a5e9b20d7a9e0f7303 instagibbs: utACK a97a9298cea085858e1a65a5e9b20d7a9e0f7303 Tree-SHA512: bca784c75c2fc3fcb74e81f4e3ff516699e8debaa2db81e12843abdfe9cf265dac11db8619751cb9b3e9bbe779805d029fabe5f3cbca5e86bfd72de3664b0b94
2021-03-29Clean up context dependent checks in descriptor parsingPieter Wuille
This changes all context dependent checks in the parser to be disjunctions of equality checks, rather than also including inequalities. This makes sure that adding a new context enum in the future won't change semantics for existing checks. The error messages are also made a bit more consistent.
2021-03-29refactor: move uncompressed-permitted logic into ParsePubkey*Pieter Wuille
This is a preparation for parsing xonly pubkeys, which will complicate this logic. It's cleaner to put the decision logic close to the public key parsing itself.
2021-03-29refactor: split off subscript logic from ToStringHelperPieter Wuille
This will allow subclasses to overwrite the serialization of subscript arguments without needing to reimplement all the rest of the ToString logic.
2021-03-29Account for key cache indices in subexpressionsPieter Wuille
This has no effect for now, as the only fragments with sub-script expressions (sh, wsh) only allow one, and don't have key expressions in them. A future Taproot descriptor will however violate both, and we want the keys in different sub-scripts to be assigned non-overlapping cache indices.
2021-03-29Make DescriptorImpl support multiple subscriptsPieter Wuille
So far, no descriptor exists that supports more than one sub-script descriptor. This will change with taproot, so prepare for this by changing the m_subdescriptor_arg from a unique_ptr to a vector of unique_ptr's.
2021-03-29refactor: move population of out.scripts from ExpandHelper to MakeScriptsPieter Wuille
There are currently two DescriptorImpl subclasses that rely on the functionality that ExpandHelper automatically adds subscripts to the output SigningProvider. Taproot descriptors will have subscripts, but we don't want them in the SigningProvider's bare script field. To avoid them ending up there, move this functionality into the specific classes' MakeScripts implementation.
2021-03-29Remove support for subdescriptors expanding to multiple scriptsPieter Wuille
2021-03-23rpc: deprecate `addresses` and `reqSigs` from rpc outputsMichael Dietz
1) add a new sane "address" field (for outputs that have an identifiable address, which doesn't include bare multisig) 2) with -deprecatedrpc: leave "reqSigs" and "addresses" intact (with all weird/wrong behavior they have now) 3) without -deprecatedrpc: drop "reqSigs" and "addresses" entirely, always.
2021-03-15Treat amount<0 also as missing data for P2WPKH/P2WSHPieter Wuille
Historically lack of amount data has been treated as amount==-1. Change this and treat it as missing data, as introduced in the previous commits. To be minimally invasive, do this at SignatureHash() call sites rather than inside SignatureHash() (which currently has no means or returning a failure code).
2021-03-15Make all SignatureChecker explicit about missing dataPieter Wuille
Remove the implicit MissingDataBehavior::ASSERT_FAIL in the *TransationSignatureChecker constructors, and instead specify it explicit in all call sites: * Test code uses ASSERT_FAIL * Validation uses ASSERT_FAIL (through CachingTransactionSignatureChecker) (including signet) * libconsensus uses FAIL, matching the existing behavior of the non-amount API (and the extended required data for taproot validation is not available yet) * Signing code uses FAIL
2021-03-15Add MissingDataBehavior and make TransactionSignatureChecker handle itPieter Wuille
This allows specifying how *TransactionSignatureChecker will behave when presented with missing transaction data such as amounts spent, BIP341 data, or spent outputs. As all call sites still (implicitly) use MissingDataBehavior::ASSERT_FAIL, this commit introduces no change in behavior.
2021-03-17refactor: post Optional<> removal cleanupsfanquake
2021-03-15scripted-diff: remove Optional & nulloptfanquake
-BEGIN VERIFY SCRIPT- git rm src/optional.h sed -i -e 's/Optional</std::optional</g' $(git grep -l 'Optional<' src) sed -i -e 's/{nullopt}/{std::nullopt}/g' $(git grep -l 'nullopt' src) sed -i -e 's/ nullopt;/ std::nullopt;/g' $(git grep -l 'nullopt' src) sed -i -e 's/ nullopt)/ std::nullopt)/g' $(git grep -l 'nullopt' src) sed -i -e 's/(nullopt)/(std::nullopt)/g' $(git grep -l 'nullopt' src) sed -i -e 's/ nullopt,/ std::nullopt,/g' $(git grep -l 'nullopt' src) sed -i -e 's/? nullopt :/? std::nullopt :/g' $(git grep -l 'nullopt' src) sed -i -e 's/: nullopt}/: std::nullopt}/g' $(git grep -l 'nullopt' src) sed -i -e '/optional.h \\/d' src/Makefile.am sed -i -e '/#include <optional.h>/d' src/test/fuzz/autofile.cpp src/test/fuzz/buffered_file.cpp src/test/fuzz/node_eviction.cpp sed -i -e 's/#include <optional.h>/#include <optional>/g' $(git grep -l '#include <optional.h>' src) -END VERIFY SCRIPT-
2021-03-11scripted-diff: remove MakeUnique<T>()fanquake
-BEGIN VERIFY SCRIPT- git rm src/util/memory.h sed -i -e 's/MakeUnique/std::make_unique/g' $(git grep -l MakeUnique src) sed -i -e '/#include <util\/memory.h>/d' $(git grep -l '#include <util/memory.h>' src) sed -i -e '/util\/memory.h \\/d' src/Makefile.am -END VERIFY SCRIPT-
2021-03-04Introduce DeferringSignatureChecker and inherit with SignatureExtractorAndrew Chow
Introduces a DeferringSignatureChecker which simply takes a BaseSignatureChecker and passes through everything. SignatureExtractorChecker now subclasses DeferringSignatureChecker. This allows for all BaseSignatureChecker functions to be implemented for SignatureExtractorChecker, while allowing for future signature checkers which opreate similarly to SignatureExtractorChecker.
2021-03-01Correction for VerifyTaprootCommitment commentsRussell O'Connor
According to BIP-341, 'p' is called the taproot *internal* key, not inner key.
2021-02-18Merge #19136: wallet: add parent_desc to getaddressinfoSamuel Dobson
de6b389d5db7b8426313c5be6fbd290f992c5aa8 tests: Test getaddressinfo parent_desc (Andrew Chow) e4ac869a0a0083e2e3af3b56301bd5c8e0cf650b rpc: Add parent descriptor to getaddressinfo output (Andrew Chow) bbe4a36152fb8d9c8c3682ca2380f1c88cca61cb wallet: Add GetDescriptorString to DescriptorScriptPubKeyMan (Andrew Chow) 9be1437c49f986e8ed964d5f863b4bbcec340751 descriptors: Add ToNormalizedString and tests (Andrew Chow) Pull request description: Adds `parent_desc` field to the `getaddressinfo` RPC to export a public descriptor. Using the given address, `getaddressinfo` will look up which `DescriptorScriptPubKeyMan` can be used to produce that address. It will then return the descriptor for that `DescriptorScriptPubKeyMan` in the `parent_desc` field. The descriptor will be in a normalized form where the xpub at the last hardened step is derived so that the descriptor can be imported to other wallets. Tests are added to check that the correct descriptor is being returned for the wallet's addresses and that these descriptors can be imported and used in other wallets. As part of this PR, a `ToNormalizedString` function is added to the descriptor classes. This really only has an effect on `BIP32PubkeyProvider`s that have hardened derivation steps. Tests are added to check that normalized descriptors are returned. ACKs for top commit: Sjors: utACK de6b389d5db7b8426313c5be6fbd290f992c5aa8 S3RK: Tested ACK de6b389 jonatack: Tested ACK de6b389d5db7b8426313c5be6fbd290f992c5aa8 modulo a few minor comments fjahr: Code review ACK de6b389d5db7b8426313c5be6fbd290f992c5aa8 meshcollider: Tested ACK de6b389d5db7b8426313c5be6fbd290f992c5aa8 Tree-SHA512: a633e4a39f2abbd95afd7488484cfa66fdd2651dac59fe59f2b80a0940a2a4a13acf889c534a6948903d701484a2ba1218e3081feafe0b9a720dccfa9e43ca2b
2021-02-12Merge #21064: refactor: use std::shared_mutex & remove Boost ThreadWladimir J. van der Laan
060a2a64d40d75fecb60b7d2b9946a67e46aa6fc ci: remove boost thread installation (fanquake) 06e1d7d81d5a56d136c6fc88f09a2b0654a164f9 build: don't build or use Boost Thread (fanquake) 7097add83c8596f81be9edd66971ffd2486357eb refactor: replace Boost shared_mutex with std shared_mutex in sigcache (fanquake) 8e55981ef834490c438436719f95cbaf888c4914 refactor: replace Boost shared_mutex with std shared_mutex in cuckoocache tests (fanquake) Pull request description: This replaces `boost::shared_mutex` and `boost::unique_lock` with [`std::shared_mutex`](https://en.cppreference.com/w/cpp/thread/shared_mutex) & [`std::unique_lock`](https://en.cppreference.com/w/cpp/thread/unique_lock). Even though [some concerns were raised](https://github.com/bitcoin/bitcoin/issues/16684#issuecomment-726214696) in #16684 with regard to `std::shared_mutex` being unsafe to use across some glibc versions, I still think this change is an improvement. As I mentioned in #21022, I also think trying to restrict standard library feature usage based on bugs in glibc is not only hard to do, but it's not currently clear exactly how we do that in practice (does it also extend to patching out use in our dependencies, should we be implementing more runtime checks for features we are using, when do we consider an affected glibc "old enough" not to worry about? etc). If you take a look through the [glibc bug tracker](https://sourceware.org/bugzilla/describecomponents.cgi?product=glibc) you'll no doubt find plenty of (active) bug reports for standard library code we already using. Obviously not to say we shouldn't try and avoid buggy code where possible. Two other points: [Cory mentioned in #21022](https://github.com/bitcoin/bitcoin/pull/21022#issuecomment-769274179): > It also seems reasonable to me to worry that boost hits the same underlying glibc bug, and we've just not happened to trigger the right conditions yet. Moving away from Boost to the standard library also removes the potential for differences related to Boosts configuration. Boost has multiple versions of `shared_mutex`, and what you end up using, and what it's backed by depends on: * The version of Boost. * The platform you're building for. * Which version of `BOOST_THREAD_VERSION` is defined: (2,3,4 or 5) default=2. (see [here](https://www.boost.org/doc/libs/1_70_0/doc/html/thread/build.html#thread.build.configuration) for some of the differences). * Is `BOOST_THREAD_V2_SHARED_MUTEX` defined? (not by default). If so, you might get the ["less performant, but more robust"](https://github.com/boostorg/thread/issues/230#issuecomment-475937761) version of `shared_mutex`. A lot of these factors are eliminated by our use of depends, but users will have varying configurations. It's also not inconceivable to think that a distro, or some package manager might start defining something like `BOOST_THREAD_VERSION=3`. Boost tried to change the default from 2 to 3 at one point. With this change, we no longer use Boost Thread, so this PR also removes it from depends, the build system, CI etc. Previous similar PRs were #19183 & #20922. The authors are included in the commits here. Also related to #21022 - pthread sanity checking. ACKs for top commit: laanwj: Code review ACK 060a2a64d40d75fecb60b7d2b9946a67e46aa6fc vasild: ACK 060a2a64d40d75fecb60b7d2b9946a67e46aa6fc Tree-SHA512: 572d14d8c9de20bc434511f20d3f431836393ff915b2fe9de5a47a02dca76805ad5c3fc4cceecb4cd43f3ba939a0508178c4e60e62abdbaaa6b3e8db20b75b03
2021-02-12build: test for __declspec(dllexport) in configurefanquake
This should work for GCC and Clang when building for Windows targets.
2021-02-12build: remove duplicate visibility attribute detectionfanquake
We are already testing for this, and our test works correctly with a Darwin target, where the macro does not. Darwin targets do not support "protected" visibility.