aboutsummaryrefslogtreecommitdiff
path: root/src/script
AgeCommit message (Collapse)Author
2021-04-08Introduce DeferringSignatureChecker and inherit with SignatureExtractorAndrew Chow
Introduces a DeferringSignatureChecker which simply takes a BaseSignatureChecker and passes through everything. SignatureExtractorChecker now subclasses DeferringSignatureChecker. This allows for all BaseSignatureChecker functions to be implemented for SignatureExtractorChecker, while allowing for future signature checkers which opreate similarly to SignatureExtractorChecker. Github-Pull: #21166 Rebased-From: 6965456c10c9c4025c71c5e24fa5b27b15e5933a
2020-10-16script: Make ComputeEntrySchnorr and ComputeEntryECDSA const to clarify contractpracticalswift
2020-10-12Make Taproot spends standard + policy limitsPieter Wuille
This adds a `TxoutType::WITNESS_V1_TAPROOT` for P2TR outputs, and permits spending them in standardness rules. No corresponding `CTxDestination` is added for it, as that isn't needed until we want wallet integration. The taproot validation flags are also enabled for mempool transactions, and standardness rules are added (stack item size limit, no annexes).
2020-10-12Implement Tapscript script validation rules (BIP 342)Johnson Lau
This adds a new `SigVersion::TAPSCRIPT`, makes the necessary interpreter changes to make it implement BIP342, and uses them for leaf version 0xc0 in Taproot script path spends.
2020-10-12Use ScriptExecutionData to pass through annex hashPieter Wuille
Instead of recomputing the annex hash every time a signature is verified, compute it once and cache it in a new ScriptExecutionData structure.
2020-10-12Implement Taproot validation (BIP 341)Pieter Wuille
This includes key path spending and script path spending, but not the Tapscript execution implementation (leaf 0xc0 remains unemcumbered in this commit). Includes constants for various aspects of the consensus rules suggested by Jeremy Rubin.
2020-10-12Support for Schnorr signatures and integration in SignatureCheckers (BIP 340)Pieter Wuille
This enables the schnorrsig module in libsecp256k1, adds the relevant types and functions to src/pubkey, as well as in higher-level `SignatureChecker` classes. The (verification side of the) BIP340 test vectors is also added.
2020-10-12Implement Taproot signature hashing (BIP 341)Johnson Lau
This implements the new sighashing scheme from BIP341, with all relevant whole-transaction values precomputed once and cached. Includes changes to PrecomputedTransactionData by Pieter Wuille.
2020-10-12refactor: keep spent outputs in PrecomputedTransactionDataPieter Wuille
A BIP-341 signature message may commit to the scriptPubKeys and amounts of all spent outputs (including other ones than the input being signed for spends), so keep them available to signature hashing code.
2020-10-06refactor: rename scriptPubKey in VerifyWitnessProgram to exec_scriptPieter Wuille
The old name is confusing, as it doesn't store a scriptPubKey, but the actually executed script.
2020-10-06scripted-diff: put ECDSA in name of signature functionsPieter Wuille
In preparation for adding Schnorr versions of `CheckSig`, `VerifySignature`, and `ComputeEntry`, give them an ECDSA specific name. -BEGIN VERIFY SCRIPT- sed -i 's/CheckSig(/CheckECDSASignature(/g' $(git grep -l CheckSig ./src) sed -i 's/VerifySignature(/VerifyECDSASignature(/g' $(git grep -l VerifySignature ./src) sed -i 's/ComputeEntry(/ComputeEntryECDSA(/g' $(git grep -l ComputeEntry ./src) -END VERIFY SCRIPT-
2020-09-30Merge #20006: Fix misleading error message: Clean stack ruleWladimir J. van der Laan
af57766182013e17c23245671a33463f754ccd28 Fix misleading error message: Clean stack rule (sanket1729) Pull request description: Error messages in clean stack is misleading as it lets the user believe that there are extra elements on the stack which is incorrect if the stack is empty. Let me know if this requires additional test. ACKs for top commit: instagibbs: re-ACK https://github.com/bitcoin/bitcoin/pull/20006/commits/af57766182013e17c23245671a33463f754ccd28 gzhao408: reACK https://github.com/bitcoin/bitcoin/commit/af57766182013e17c23245671a33463f754ccd28 theStack: re-ACK af57766182013e17c23245671a33463f754ccd28 darosior: re ACK af57766182013e17c23245671a33463f754ccd28 Tree-SHA512: 88e77416e220b080246fec368f5552a891d102d072b7bee62ac560d5e31c4a8c2ee9cbe569740b253e9df177d21dc788d10d856b2a542ab47761bb81698e4082
2020-09-28scripted-diff: Replace UINT256_ONE() with uint256::ONEAnthony Towns
-BEGIN VERIFY SCRIPT- sed -i '/inline.* UINT256_ONE() {/,+1d' src/uint256.h sed -i 's/UINT256_ONE()/uint256::ONE/' $(git grep -l UINT256_ONE) -END VERIFY SCRIPT-
2020-09-24Fix misleading error message: Clean stack rulesanket1729
Error messages in cleanstack is misleading as it lets the user believe that there are extra elements on stack which is incorrect if the stack is empty.
2020-08-25Merge #19601: Refactoring CHashWriter & Get{Prevouts,Sequence,Outputs}Hash ↵fanquake
to SHA256 (Alternative to #18071) 9ab4cafabda227ccee5b241d7690fc67f9a27221 Refactor Get{Prevout,Sequence,Outputs}Hash to Get{Prevouts,Sequences,Outputs}SHA256. (Jeremy Rubin) 6510d0ff4173a7b01d6728051303c7c38eb34533 Add SHA256Uint256 helper functions (Jeremy Rubin) b475d7d0fa000d5802caf3065b8b2abcea60719b Add single sha256 call to CHashWriter (Jeremy Rubin) Pull request description: Opened as an alternative to #18071 to be more similar to #17977. I'm fine with either, deferring to others. cc jnewbery Sjors ACKs for top commit: jnewbery: Code review ACK 9ab4cafabda227ccee5b241d7690fc67f9a27221 jonatack: Tested ACK 9ab4caf fjahr: tested ACK 9ab4cafabda227ccee5b241d7690fc67f9a27221 instagibbs: reACK https://github.com/bitcoin/bitcoin/pull/19601/commits/9ab4cafabda227ccee5b241d7690fc67f9a27221 Tree-SHA512: 93a7a47697f1657f027b18407bdcce16963f6b23d12372e7ac8fd4ee96769b3e2639369f9956fee669cc881b6338641cddfeeef1516c7104cb50ef4b880bb0a7
2020-08-15Merge #16841: Replace GetScriptForWitness with GetScriptForDestinationfanquake
7966aa424a8b78983f73742cbdb3d11eccaf9f3a Add variables for repeated scripts (MeshCollider) fec8336ad97dc717ea123f84ecfc10d9ee4a11db Remove GetScriptForWitness function (MeshCollider) b887060d06290abf4983a487f8da6b0986b058ab Replace usage of GetScriptForWitness with GetScriptForDestination (MeshCollider) Pull request description: As per this TODO in the code: > TODO: replace calls to GetScriptForWitness with GetScriptForDestination using the various witness-specific CTxDestination subtypes. The commit "Add additional check for P2SH before adding extra wrapper" also adds an additional check that the scriptPubKey is a P2SH before auto-wrapping the witness script. We shouldn't wrap the witness script if not. Note: #16251 is even better than this check, please review that. ACKs for top commit: instagibbs: ACK https://github.com/bitcoin/bitcoin/pull/16841/commits/7966aa424a8b78983f73742cbdb3d11eccaf9f3a jonatack: Code review re-ACK 7966aa4 per `git range-diff b4d0366 ed266f7 7966aa4` achow101: re-ACK 7966aa424a8b78983f73742cbdb3d11eccaf9f3a only changes since last is rebase. Tree-SHA512: 3449e0e83bd842acc7c94544a85367da97ac20d859eefc1a618caef0c98204398c266fe8fb9600b78326df5175402e1ae4a132eb766e2c4485e7cda6a2a95c43
2020-08-14Merge #17204: wallet: Do not turn OP_1NEGATE in scriptSig into 0x0181 in ↵Wladimir J. van der Laan
signing code (sipa) dca28634d779c775678cba402a85fe5bb9b3a5a9 test: ensure OP_1NEGATE satisfies BIP62 minimal push rule (Jon Atack) e629d07199b83f4ad313b23a94c9016e3276c52a Do not turn OP_1NEGATE in scriptSig into 0x0181 in signing code (Pieter Wuille) Pull request description: A rebase of #13084 which additionally modifies the test code (unaddressed in the original, assuming sipa is too busy to deal with this at the moment). Relatively simple bugfix so it'd be good to have merged soon. Turning OP_1NEGATE into 0x0181 results in a larger-than-necessary data push instead of just actually using the OP_1NEGATE opcode (0x4f). This fails the minimal push rule of BIP 62 and makes the result non-standard. ACKs for top commit: fjahr: Code review ACK dca28634d779c775678cba402a85fe5bb9b3a5a9 luke-jr: ACK dca28634d77 jonatack: ACK dca28634d779c775678cba402a85fe5bb9b3a5a9 Tree-SHA512: 706d9a2ef20c809dea923e477a873e2fd60db8d0ae64289e510b766a38005c1f31ab0b5883f16b9c7863ff0d3f705e8e413f6121320028ac196b79c3184a4113
2020-08-14Remove GetScriptForWitness functionMeshCollider
2020-08-07Refactor Get{Prevout,Sequence,Outputs}Hash to ↵Jeremy Rubin
Get{Prevouts,Sequences,Outputs}SHA256. Several proposals (Taproot, MuHash, CTV) require access to the single hash.
2020-08-06refactor: Make HexStr take a spanWladimir J. van der Laan
Make HexStr take a span of bytes, instead of an awkward pair of templated iterators.
2020-07-30Make Hash[160] consume range-like objectsPieter Wuille
2020-07-30Make CHash256/CHash160 output to SpanPieter Wuille
2020-07-30Make CHash256 and CHash160 consume SpansPieter Wuille
2020-07-30Make script/standard's BaseHash Span-convertiblePieter Wuille
2020-07-19span: Add Span::empty() and use it in script/descriptorMarcoFalke
2020-07-15Do not turn OP_1NEGATE in scriptSig into 0x0181 in signing codePieter Wuille
Co-authored-by: Samuel Dobson <dobsonsa68@gmail.com>
2020-07-13Work around memory-aliasing in descriptor ParsePubkeyMarcoFalke
2020-07-01script: Fix boost/C++17 compile failureMarcoFalke
script/standard.cpp:297:48: error: temporary of type 'boost::static_visitor<CScript>' has protected destructor return boost::apply_visitor(CScriptVisitor{}, dest); ^ /usr/include/boost/variant/static_visitor.hpp:53:5: note: declared protected here ~static_visitor() = default; ^ 1 error generated.
2020-06-29Merge #19333: refactor: Fix clang compile failureWladimir J. van der Laan
fa3b35a189c4a4fd9667ef0af1c7059471ac8b01 ci: Add test for clang-3.8 C++11 support (MarcoFalke) faa7431fee45b26f7ac2f5fd0b8874cb6afafbd4 refactor: Fix clang compile failure (MarcoFalke) Pull request description: Fix ``` script/standard.cpp:278:22: error: default initialization of an object of const type 'const (anonymous namespace)::CScriptVisitor' without a user-provided default constructor const CScriptVisitor g_script_visitor; ^ {} 1 error generated. ACKs for top commit: laanwj: ACK fa3b35a189c4a4fd9667ef0af1c7059471ac8b01 Tree-SHA512: b3251208945b44530224aadbc10fef1260b479c0b43a5e345501fbfd3579a9fe354b946090e023232852bbb99759da4429b58b137b7b286ddac6bd7960851f7f
2020-06-28Merge #19114: scripted-diff: TxoutType C++11 scoped enum classMarcoFalke
fa32adf9dc25540ad27f5b82654c7057d7738627 scripted-diff: TxoutType C++11 scoped enum class (MarcoFalke) fa95a694c492b267e4038674fd3f338dd215ab48 doc: Update outdated txnouttype documentation (MarcoFalke) fa58469c770d8c935a86462634e4e8cd806aa6e3 rpc: Properly use underlying type in GetAllOutputTypes (MarcoFalke) fa41c657022b8f99c8e6718a0e33c5838c412a0b rpc: Simplify GetAllOutputTypes with the Join helper (MarcoFalke) Pull request description: Non-scoped enums can accidentally and silently decay into an integral type. Also, the symbol names of the keys are exported to the surrounding (usually global) namespace. Fix both issues by switching to an `enum class TxoutType` in a (mostly) scripted-diff. ACKs for top commit: practicalswift: ACK fa32adf9dc25540ad27f5b82654c7057d7738627 -- patch looks correct hebasto: re-ACK fa32adf9dc25540ad27f5b82654c7057d7738627, since fa5997bd6fc82e16b597ea96e3c5c665f1f174ab (https://github.com/bitcoin/bitcoin/pull/19114#pullrequestreview-421425198) rebased only (verified with `git range-diff`). Tree-SHA512: f42a9db47f9be89fa4bdd8d2fb05a16726286d8b12e3d87327b67d723f91c7d5a57deb4b2ddae9e1d16fee7a5f8c00828b6dc8909c5db680fc5e0a3cf07cd465
2020-06-24refactor: Replace HexStr(o.begin(), o.end()) with HexStr(o)Wladimir J. van der Laan
HexStr can be called with anything that bas `begin()` and `end()` functions, so clean up the redundant calls.
2020-06-21scripted-diff: TxoutType C++11 scoped enum classMarcoFalke
-BEGIN VERIFY SCRIPT- # General rename helper: $1 -> $2 rename_global() { sed -i "s/\<$1\>/$2/g" $(git grep -l "$1"); } # Helper to rename TxoutType $1 rename_value() { sed -i "s/ TX_$1,/ $1,/g" src/script/standard.h; # First strip the prefix in the definition (header) rename_global TX_$1 "TxoutType::$1"; # Then replace globally } # Change the type globally to bring it in line with the style-guide # (clsses are UpperCamelCase) rename_global 'enum txnouttype' 'enum class TxoutType' rename_global 'txnouttype' 'TxoutType' # Now rename each enum value rename_value 'NONSTANDARD' rename_value 'PUBKEY' rename_value 'PUBKEYHASH' rename_value 'SCRIPTHASH' rename_value 'MULTISIG' rename_value 'NULL_DATA' rename_value 'WITNESS_V0_KEYHASH' rename_value 'WITNESS_V0_SCRIPTHASH' rename_value 'WITNESS_UNKNOWN' -END VERIFY SCRIPT-
2020-06-21doc: Update outdated txnouttype documentationMarcoFalke
Also, remove scope of txnouttype in fuzz tests temporarily. The next commit will add scopes to all txnouttype.
2020-06-19refactor: Fix clang compile failureMarcoFalke
script/standard.cpp:278:22: error: default initialization of an object of const type 'const (anonymous namespace)::CScriptVisitor' without a user-provided default constructor const CScriptVisitor g_script_visitor; ^ {} 1 error generated.
2020-06-19Disallow automatic conversion between hash typesBen Woosley
A templated BaseHash does not allow for automatic conversion, thus conversions much be explicitly allowed / whitelisted, which will reduce the risk of unintended conversions.
2020-06-19Explicitly support conversion between equivalent hash typesBen Woosley
ScriptHash <-> CScriptID CKeyID -> PKHash PKHash -> WitnessV0KeyHash
2020-06-19Use explicit conversion from WitnessV0KeyHash -> CKeyIDBen Woosley
These types are equivalent, in data etc, so they need only their data cast across.
2020-06-19Use explicit conversion from PKHash -> CKeyIDBen Woosley
These types are equivalent, in data etc, so they need only their data cast across. Note a function is used rather than a casting operator as CKeyID is defined at a lower level than script/standard
2020-06-19Convert CPubKey to WitnessV0KeyHash directlyBen Woosley
The round-tripping through PKHash has no effect, and is potentially misleading as such.
2020-06-19Prefer explicit CScriptID constructionBen Woosley
2020-06-19Prefer explicit uint160 conversionBen Woosley
2020-06-19Merge #18863: refactor: Make CScriptVisitor statelessMarcoFalke
3351c91ed402895dcb4f803a29d2cac70ccfa8b4 refactor: Make CScriptVisitor stateless (João Barbosa) Pull request description: `CScriptVisitor` was added in 1025440184ef100a22d07c7bb543ee45cf169d64 (#1357) and the visitor return type was never used. Now `CScriptVisitor` is stateless and `CScript` is the return type. ACKs for top commit: MarcoFalke: ACK 3351c91ed402895dcb4f803a29d2cac70ccfa8b4 🏤 sipa: utACK 3351c91ed402895dcb4f803a29d2cac70ccfa8b4 Tree-SHA512: d158ad2ebe8ea4dc8cc090b943dd66fa5421a84f9443e16ab2d661df38e1a85de16ff13cbaa56924489d8d43cba25fa3cd8b6904bbbcbf356b886ffe8ffba19a
2020-06-18Merge #18468: Span improvementsWladimir J. van der Laan
26acc8dd9b512f220c1facdba2c5de7976d3c258 Add sanity check asserts to span when -DDEBUG (Pieter Wuille) 2676aeadfa0e43dcaaccc4720623cdfe0beed528 Simplify usage of Span in several places (Pieter Wuille) ab303a16d114b1e94c6cf0e4c5db5389dfa197f6 Add Span constructors for arrays and vectors (Pieter Wuille) bb3d38fc061d8482e68cd335a45c9cd8bb66a475 Make pointer-based Span construction safer (Pieter Wuille) 1f790a1147ad9a5fe06987d84b6cd71f91cbec4b Make Span size type unsigned (Pieter Wuille) Pull request description: This improves our Span class by making it closer to the C++20 `std::span` one: * ~~Support conversion between compatible Spans (e.g. `Span<char>` to `Span<const char>`).~~ (done in #18591) * Make the size type `std::size_t` rather than `std::ptrdiff_t` (the C++20 one underwent the same change). * Support construction of Spans directly from arrays, `std::string`s, `std::array`s, `std::vector`s, `prevector`s, ... (for all but arrays, this only works for const containers to prevent surprises). And then make use of those improvements in various call sites. I realize the template magic used looks scary, but it's only needed to make overload resultion make the right choices. Note that the operations done on values are all extremely simple: no casts, explicit conversions, or warning-silencing constructions. That should hopefully make it simpler to review. ACKs for top commit: laanwj: Code review ACK 26acc8dd9b512f220c1facdba2c5de7976d3c258 promag: Code review ACK 26acc8dd9b512f220c1facdba2c5de7976d3c258. Tree-SHA512: 5a5bd346a140edf782b5b3b3f04d9160c7b9e9def35159814a07780ab1dd352545b88d3cc491e0f80d161f829c49ebfb952fddc9180f1a56f1257aa51f38788a
2020-06-06refactor: Make CScriptVisitor statelessJoão Barbosa
2020-06-04refactor: Specify boost/thread/thread.hpp explicitlyHennadii Stepanov
2020-06-02Merge #13204: Faster sigcache nonceMarcoFalke
152e8baf08c7379e5cc09f90863e6309bdd4866c Use salted hasher instead of nonce in sigcache (Jeremy Rubin) 5495fa585007b40b2e9285c23be275de71708af8 Add Hash Padding Microbenchmarks (Jeremy Rubin) Pull request description: This PR replaces nonces in two places with pre-salted hashers. The nonce is chosen to be 64 bytes long so that it forces the SHA256 hasher to process the chunk. This leaves the next 64 (or 56 depending if final chunk) open for data. In the case of the script execution cache, this does not make a big performance improvement because the nonce was already properly padded to fit into one buffer, but does make the code a little simpler. In the case of the sig cache, this should reduce the hashing overhead slightly because we are less likely to need an additional processing step. I haven't benchmarked this, but back of the envelope it should reduce the hashing by one buffer for all combinations except compressed public keys with compact signatures. ACKs for top commit: ryanofsky: Code review ACK 152e8baf08c7379e5cc09f90863e6309bdd4866c. No code changes, just rebase since last review and expanded commit message Tree-SHA512: b133e902fd595cfe3b54ad8814b823f4d132cb2c358c89158842ae27daee56ab5f70cde2585078deb46f77a6e7b35b4cc6bba47b65302b7befc2cff254bad93d
2020-05-27Merge #19004: refactor: Replace const char* to std::stringMarcoFalke
c57f03ce1741b38af448bec7b22ab9f8ac21f067 refactor: Replace const char* to std::string (Calvin Kim) Pull request description: Rationale: Addresses #19000 Some functions should be returning std::string instead of const char*. This commit changes that. Main benefits/reasoning: 1. The functions never return nullptr, so returning a string makes code at call sites easier to review (reviewers don't have to read the source code to verify that a nullptr is never returned) 2. All call sites convert to string anyway ACKs for top commit: MarcoFalke: re-ACK c57f03ce17 (no changes since previous review) 🚃 Empact: Fair enough, Code Review ACK https://github.com/bitcoin/bitcoin/pull/19004/commits/c57f03ce1741b38af448bec7b22ab9f8ac21f067 practicalswift: ACK c57f03ce1741b38af448bec7b22ab9f8ac21f067 -- patch looks correct hebasto: re-ACK c57f03ce1741b38af448bec7b22ab9f8ac21f067 Tree-SHA512: 9ce99bb38fe399b54844315048204cafce0f27fd8f24cae357fa7ac6f5d8094d57bbf5f5c1f5878a65f2d35e4a3f95d527eb17f49250b690c591c0df86ca84fd
2020-05-26Remove outdated comment about DER encodingElichai Turkel
2020-05-22refactor: Replace const char* to std::stringCalvin Kim
Some functions should be returning std::string instead of const char*. This commit changes that.
2020-05-20Merge #18317: Serialization improvements step 6 (all except wallet/gui)MarcoFalke
f9ee0f37c28f604bc82dab502ce229c66ef5b3b9 Add comments to CustomUintFormatter (Pieter Wuille) 4eb5643e3538863c9d2ff261f49a9a1b248de243 Convert everything except wallet/qt to new serialization (Pieter Wuille) 2b1f85e8c52c8bc5a17eae4c809eaf61d724af98 Convert blockencodings_tests to new serialization (Pieter Wuille) 73747afbbeb013669faf4c4d2c0903cec4526fb0 Convert merkleblock to new serialization (Pieter Wuille) d06fedd1bc26bf5bf2b203d4445aeaebccca780e Add SER_READ and SER_WRITE for read/write-dependent statements (Russell Yanofsky) 6f9a1e5ad0a270d3b5a715f3e3ea0911193bf244 Extend CustomUintFormatter to support enums (Russell Yanofsky) 769ee5fa0011ae658770586442715452a656559d Merge BigEndian functionality into CustomUintFormatter (Pieter Wuille) Pull request description: The next step of changes from #10785. This: * Adds support for enum serialization to `CustomUintFormatter`, used in `CAddress` for service flags. * Merges `BigEndian` into `CustomUintFormatter`, used in `CNetAddr` for port numbers. * Converts everything (except wallet and gui) to use the new serialization framework. ACKs for top commit: MarcoFalke: re-ACK f9ee0f37c2, only change is new documentation commit for CustomUintFormatter 📂 ryanofsky: Code review ACK f9ee0f37c28f604bc82dab502ce229c66ef5b3b9. Just new commit adding comment since last review jonatack: Code review re-ACK f9ee0f37c28f604bc82dab502ce229c6 only change since last review is an additional commit adding Doxygen documentation for `CustomUintFormatter`. Tree-SHA512: e7a0a36afae592d5a4ff8c81ae04d858ac409388e361f2bc197d9a78abca45134218497ab2dfd6d031e0cce0ca586cf857077b7c6ce17fccf67e2d367c1b6cd4