aboutsummaryrefslogtreecommitdiff
path: root/src/script
AgeCommit message (Collapse)Author
2024-05-03miniscript: make operator_mst constevalPieter Wuille
It seems modern compilers don't realize that all invocations of operator""_mst can be evaluated at compile time, despite the constexpr keyword. Since C++20, we can force them to evaluate at compile time, turning all the miniscript type constants into actual compile-time constants. It appears that MSVC does not support consteval operator"" when used inside certain expressions. For the few places where this happens, define a constant outside the operator call. Co-Authored-By: Hennadii Stepanov <32963518+hebasto@users.noreply.github.com>
2024-04-22sign: don't assume we are parsing a sane MiniscriptAntoine Poinsot
The script provided for signature might be externally provided, for instance by way of 'finalizepsbt'. Therefore the script might be ill-crafted, so don't assume pubkeys are always 32 bytes. Thanks to Niklas for finding this.
2024-04-07[clang-tidy] Enable the misc-no-recursion checkdergoegge
Co-authored-by: stickies-v <stickies-v@protonmail.com> Co-authored-by: Gloria Zhao <gloriajzhao@gmail.com>
2024-04-01Merge bitcoin/bitcoin#29648: Remove libbitcoinconsensusfanquake
80f8b92f4f2311b9e9a25361c9dd973244e6f95c remove libbitcoinconsensus (fanquake) Pull request description: This was deprecated in `v27.0`, for removal in `v28.0`. See discussion in PR #29189. ACKs for top commit: theuni: Concept ACK and light review ACK 80f8b92f4f2311b9e9a25361c9dd973244e6f95c. My only hesitation here is that (afaics?) there's now nothing keeping undesired features like threading or globals from working their way into the interpreter in future commits. m3dwards: Concept ACK https://github.com/bitcoin/bitcoin/pull/29648/commits/80f8b92f4f2311b9e9a25361c9dd973244e6f95c TheCharlatan: ACK 80f8b92f4f2311b9e9a25361c9dd973244e6f95c hebasto: ACK 80f8b92f4f2311b9e9a25361c9dd973244e6f95c, I have reviewed the code and it looks OK. Tree-SHA512: 17a62118aeb088f2695c892bb32794dfea3061e3cb7d9e8e9f1c06c3ff6f63a7587fa532e37edbb91fbc5a19b12c9a0f8e05fa9e8864aa07f92665375d847e80
2024-04-01Merge bitcoin/bitcoin#29738: doc: fix typosfanquake
601edd8ee8810b5c6b2184ce8d7f7b45e70913cf ci: use codespell 2.2.6 (fanquake) 52fa0d285f4e8109ebdd8b1e43c897f6bfaa8e65 doc: fix some typos (crazeteam) b5ed13a2408a141d737341137b26b2f0249c8167 doc: Fix typos (RoboSchmied) Pull request description: Combines the recent PRs to fix typos so they can be merged. ACKs for top commit: brunoerg: crACK 601edd8ee8810b5c6b2184ce8d7f7b45e70913cf tdb3: crACK 601edd8ee8810b5c6b2184ce8d7f7b45e70913cf kristapsk: cr utACK 601edd8ee8810b5c6b2184ce8d7f7b45e70913cf Tree-SHA512: d054b1dad1336d6b9291cc5d5252d4debf6424a993d4edd6a97d7c15055a7fc48a333d30967f72e7dc9c6c1d9a9038ca8bb5e219c529f4c2365ea48404a508d0
2024-03-29Merge bitcoin/bitcoin#29130: wallet: Add `createwalletdescriptor` and ↵Ryan Ofsky
`gethdkeys` RPCs for adding new automatically generated descriptors 746b6d88395607abbd3c13bbdcdd4ca83e9bc9e4 test: Add test for createwalletdescriptor (Ava Chow) 2402b6306215a9ee8d5f4068ea81f4e7f324adeb wallet: Test upgrade of pre-taproot wallet to have tr() descriptors (Ava Chow) 460ae1bf67c0051033c1802d44787d173abb9248 wallet, rpc: Add createwalletdescriptor RPC (Ava Chow) 8e1a475062e62321e58a0624385cc3fa0885aa12 wallet: Be able to retrieve single key from descriptors (Ava Chow) 85b1fb19dd3a3f3c68da1c5e60a6eb911e1119a6 wallet: Add GetActiveHDPubKeys to retrieve xpubs from active descriptors (Ava Chow) 73926f2d31b61ff78d5f0c8f9b5e3130fb1f9620 wallet, descspkm: Refactor wallet descriptor generation to standalone func (Andrew Chow) 54e74f46ea10e479be682750c1279165f29bb2f4 wallet: Refactor function for single DescSPKM setup (Andrew Chow) 3b09d0eb7f2c1d6ebdab73d18db28e5bf7d74f18 tests: Test for gethdkeys (Ava Chow) 5febe28c9e131fb93fac9c35f80c42759654f150 wallet, rpc: Add gethdkeys RPC (Ava Chow) 66632e5c24c1b59afef1e89b562fbd0117ab6ef5 wallet: Add IsActiveScriptPubKeyMan (Ava Chow) fa6a259985b61235ebc21eae2a76014cc9437d5f desc spkm: Add functions to retrieve specific private keys (Ava Chow) fe67841464cc0f970a1c233caba92cb78e9c78dc descriptor: Be able to get the pubkeys involved in a descriptor (Ava Chow) ef6745879d87cdb6f1061337867a689167e965a1 key: Add constructor for CExtKey that takes CExtPubKey and CKey (Ava Chow) Pull request description: This PR adds a `createwalletdescriptor` RPC which allows users to add new automatically generated descriptors to their wallet, e.g. to upgrade a 0.21.x wallet to contain a taproot descriptor. This RPC takes 3 arguments: the output type to create a descriptor for, whether the descriptor will be internal or external, and the HD key to use if the user wishes to use a specific key. The HD key is an optional parameter. If it is not specified, the wallet will use the key shared by the active descriptors, if they are all single key. For most users in the expected upgrade scenario, this should be sufficient. In more advanced cases, the user must specify the HD key to use. Currently, specified HD keys must already exist in the wallet. To make it easier for the user to know, `gethdkeys` is also added to list out the HD keys in use by all of the descriptors in the wallet. This will include all HD keys, whether we have the private key, for it, which descriptors use it and their activeness, and optionally the extended private key. In this way, users with more complex wallets will be still be able to get HD keys from their wallet for use in other scenarios, and if they want to use `createwalletdescriptor`, they can easily get the keys that they can specify to it. See also https://github.com/bitcoin/bitcoin/pull/26728#issuecomment-1866961865 ACKs for top commit: Sjors: re-utACK 746b6d88395607abbd3c13bbdcdd4ca83e9bc9e4 furszy: ACK 746b6d8 ryanofsky: Code review ACK 746b6d88395607abbd3c13bbdcdd4ca83e9bc9e4, and this looks ready to merge. There were various suggested changes since last review where main change seems to be switching `gethdkeys` output to use normalized descriptors (removing hardened path components). Tree-SHA512: f2849101e6fbf1f59cb031eaaaee97af5b1ae92aaab54c5716940d210f08ab4fc952df2725b636596cd5747b8f5beb1a7a533425bc10d09da02659473516fbda
2024-03-26doc: fix some typoscrazeteam
Signed-off-by: crazeteam <lilujing@outlook.com>
2024-03-18remove libbitcoinconsensusfanquake
This was deprecated in v27.0, for removal in v28.0. See discussion in PR #29189.
2024-03-15ci: Bump `TIDY_LLVM_V`Hennadii Stepanov
This change switches to the latest IWYU 0.22, which is compatible with Clang 18.
2024-03-11scripted-diff: Replace error() with LogError()MarcoFalke
This fixes the log output when -logsourcelocations is used. Also, instead of 'ERROR:', the log will now say '[error]', like other errors logged with LogError. -BEGIN VERIFY SCRIPT- sed -i --regexp-extended 's! error\("([^"]+)"! LogError("\1\\n"!g' $( git grep -l ' error(' ./src/ ) -END VERIFY SCRIPT-
2024-03-11scripted-diff: return error(...); ==> error(...); return false;MarcoFalke
This is needed for the next commit. -BEGIN VERIFY SCRIPT- # Separate sed invocations to replace one-line, and two-line error(...) calls sed -i --regexp-extended 's!( +)return (error\(.*\);)!\1\2\n\1return false;!g' $( git grep -l 'return error(' ) sed -i --null-data --regexp-extended 's!( +)return (error\([^\n]*\n[^\n]*\);)!\1\2\n\1return false;!g' $( git grep -l 'return error(' ) -END VERIFY SCRIPT-
2024-03-11refactor: Add missing {} around error() callsMarcoFalke
This is required for the next commit to be correct.
2024-02-20descriptor: Be able to get the pubkeys involved in a descriptorAva Chow
2023-12-08wallet: fix key parsing check for miniscript expressions in `ParseScript`brunoerg
2023-11-23Fix IWYU for the script_flags fuzz targetMarcoFalke
Also, export script_error.h from interpreter.h, because there should rarely be a case where script_error.h is included without interpreter.h
2023-11-16Include version.h in fewer placesAnthony Towns
2023-11-16serialize: Drop useless version param from GetSerializeSize()Anthony Towns
2023-11-14Use ParamsWrapper for witness serializationAnthony Towns
2023-10-25iwyu: Export prevector.h from script.hMarcoFalke
This should cut some include bloat and seems fine to do, because prevector exists primarily to represent scripts. Also, add missing includes to script.h and addresstype.h
2023-10-17Merge bitcoin/bitcoin#28651: Make miniscript GetWitnessSize accurate for ↵Andrew Chow
tapscript b22810887b3840ad0fcb424ea7e16d2d195767d9 miniscript: make GetWitnessSize accurate for tapscript (Pieter Wuille) 8be98514080ab816fcb2498ea4bc6f211a2b05e0 test: add tests for miniscript GetWitnessSize (Pieter Wuille) 7ed2b2d430e4dc0d3ba62a30f814df2c7c0c0651 test: remove mutable global contexts in miniscript fuzzer/test (Pieter Wuille) Pull request description: So far, the same algorithm is used to compute an (upper bound on) the maximum witness size for both P2WSH and P2TR miniscript. That's unfortunate, because it means fee estimations for P2TR miniscript will miss out on the generic savings brought by P2TR witnesses (smaller signatures and public keys, specifically). Fix this by making the algorithm use script context specification calculations, and add tests for it. Also included is a cleanup for the tests to avoid mutable globals, as I found it hard to reason about what exactly was being tested. ACKs for top commit: achow101: ACK b22810887b3840ad0fcb424ea7e16d2d195767d9 darosior: ACK b22810887b3840ad0fcb424ea7e16d2d195767d9 Tree-SHA512: e4bda7376628f3e91cfc74917cefc554ca16eb5f2a0e1adddc33eb8717c4aaa071e56a40f85a2041ae74ec445a7bd0129bba48994c203e0e6e4d25af65954d9e
2023-10-16Merge bitcoin/bitcoin#28539: lib: add taproot support to libconsensusAndrew Chow
ff8e2fc2e2416f6f3b84cdb40db8ac168596b579 fuzz: add coverage for `bitcoinconsensus_verify_script_with_spent_outputs` (brunoerg) c5f2a757d736f14d27ac5256a9df887cd2f174f1 docs: add release notes for #28539 (brunoerg) de54882348502d860cf1e504100aa8fb1e52aa88 docs: add docs for additional libconsensus functions (Jake Rawsthorne) 70106e0689546fee497814c63a6a4747e0937b36 docs: link to rust-bitcoinconsensus (Jake Rawsthorne) fb0db07e414fec3318b3af683167ebef9c82fc84 lib: add Taproot support to libconsensus (Jake Rawsthorne) Pull request description: Grabbed from #21158. Closes #21133. ACKs for top commit: achow101: ACK ff8e2fc2e2416f6f3b84cdb40db8ac168596b579 theStack: ACK ff8e2fc2e2416f6f3b84cdb40db8ac168596b579 darosior: re-ACK ff8e2fc2e2416f6f3b84cdb40db8ac168596b579 Tree-SHA512: bf6f500c7e8c9ff6884137c2cd9b4522c586e52848dd639b774b94d998b0516b877498d24f3a6cc7425aedf81d18b0d30c1ccf19e2d527fdfdfa3955ca49b6e7
2023-10-13miniscript: make GetWitnessSize accurate for tapscriptPieter Wuille
2023-10-13lib: add Taproot support to libconsensusJake Rawsthorne
Co-authored-by: Bruno Garcia <brunoely.gc@gmail.com>
2023-10-12tidy: modernize-use-emplaceMarcoFalke
2023-10-09descriptors: Move InferScript's pubkey validity checks to InferPubkeyAndrew Chow
2023-10-09descriptors: Check result of InferPubkeyAndrew Chow
InferPubkey can return a nullptr, so check it's result before continuing with creating the inferred descriptor.
2023-10-08miniscript: remove P2WSH-specific part of GetStackSize doc commentAntoine Poinsot
2023-10-08miniscript: have a custom Node destructorAntoine Poinsot
To avoid recursive calls in shared_ptr's destructor that could lead to a stack overflow.
2023-10-08script/sign: Miniscript support in TapscriptAntoine Poinsot
We make the Satisfier a base in which to store the common methods between the Tapscript and P2WSH satisfier, and from which they both inherit. A field is added to SignatureData to be able to satisfy pkh() under Tapscript context (to get the pubkey hash preimage) without wallet data. For instance in `finalizepsbt` RPC. See also the next commits for a functional test that exercises this.
2023-10-08MOVEONLY: script/sign: move Satisfier declaration above Tapscript signingAntoine Poinsot
We'll need the Miniscript satisfier for Tapscript too.
2023-10-08descriptor: parse Miniscript expressions within Taproot descriptorsAntoine Poinsot
2023-10-08descriptor: Tapscript-specific Miniscript key serialization / parsingAntoine Poinsot
64-hex-characters public keys are valid in Miniscript key expressions within a Tapscript context. Keys under a Tapscript context always serialize as 32-bytes x-only public keys (and that's what get hashed by OP_HASH160 on the stack too).
2023-10-08miniscript: check maximum stack size during executionAntoine Poinsot
Under Tapscript, due to the lifting of some standardness and consensus limits, scripts can now run into the maximum stack size during execution. Any Miniscript that may hit the limit on any of its spending paths must be marked as unsafe. Co-Authored-By: Pieter Wuille <pieter@wuille.net>
2023-10-08pubkey: introduce a GetEvenCorrespondingCPubKey helperAntoine Poinsot
We'll need to get a compressed key out of an x-only one in other places. Avoid duplicating the code.
2023-10-08miniscript: account for keys as being 32 bytes under Taproot contextAntoine Poinsot
2023-10-08miniscript: adapt resources checks depending on contextAntoine Poinsot
Under Tapscript, there is: - No limit on the number of OPs - No limit on the script size, it's implicitly limited by the maximum (standard) transaction size. - No standardness limit on the number of stack items, it's limited by the consensus MAX_STACK_SIZE. This requires tracking the maximum stack size at all times during script execution, which will be tackled in its own commit. In order to avoid any Miniscript that would not be spendable by a standard transaction because of the size of the witness, we limit the script size under Tapscript to the maximum standard transaction size minus the maximum possible witness and Taproot control block sizes. Note this is a conservative limit but it still allows for scripts more than a hundred times larger than under P2WSH.
2023-10-08miniscript: sanity asserts context in ComputeTypeAntoine Poinsot
2023-10-08miniscript: make 'd:' have the 'u' property under Tapscript contextAntoine Poinsot
In Tapscript MINIMALIF is a consensus rule, so we can rely on the fact that the `DUP IF [X] ENDIF` will always put an exact 1 on the stack upon satisfaction.
2023-10-08miniscript: introduce a multi_a fragmentAntoine Poinsot
It is the equivalent of multi() but for Tapscript, using CHECKSIGADD instead of CHECKMULTISIG. It shares the same properties as multi() but for 'n', since a threshold multi_a() may have an empty vector as the top element of its satisfaction. It could also have the 'o' property when it only has a single key, but in this case a 'pk()' is always preferable anyways.
2023-10-08miniscript: restrict multi() usage to P2WSH contextAntoine Poinsot
CHECKMULTISIG is disabled for Tapscript. Instead, we'll introduce a multi_a() fragment with the same semantic as multi().
2023-10-08miniscript: store the script context within the Node structureAntoine Poinsot
Some checks will be different depending on the script context (for instance the maximum script size).
2023-10-08miniscript: introduce a MsContext() helper to contextsAntoine Poinsot
We are going to introduce Tapscript support in Miniscript, for which some of Miniscript rules and properties change (new or modified fragments, different typing rules, different resources consumption, ..).
2023-10-08miniscript: don't anticipate signature presence in CalcStackSize()Antoine Poinsot
It's true that for any public key there'll be a signature check in a valid Miniscript. The code would previously, when computing the size of a satisfaction, account for the signature when it sees a public key push. Instead, account for it when it is required (ie when encountering the `c:` wrapper). This has two benefits: - Allows to accurately compute the net effect of a fragment on the stack size. This is necessary to track the size of the stack during the execution of a Script. - It also just makes more sense, making the code more accessible to future contributors.
2023-10-08miniscript: add a missing dup key check bypass in Parse()Antoine Poinsot
This was calling the wrong constructor.
2023-10-04descriptors: disallow hybrid public keysPieter Wuille
The descriptor documentation (doc/descriptors.md) and BIP380 explicitly require that hex-encoded public keys start with 02 or 03 (compressed) or 04 (uncompressed). However, the current parsing/inference code permit 06 and 07 (hybrid) encoding as well. Fix this.
2023-09-07Merge bitcoin/bitcoin#25284: net: Use serialization parameters for CAddress ↵fanquake
serialization fa626af3edbe8d98b2de91dd71729ceef90389fb Remove unused legacy CHashVerifier (MarcoFalke) fafa3fc5a62702da72991497e3270034eb9159c0 test: add tests that exercise WithParams() (MarcoFalke) fac81affb527132945773a5315bd27fec61ec52f Use serialization parameters for CAddress serialization (MarcoFalke) faec591d64e40ba7ec7656cbfdda1a05953bde13 Support for serialization parameters (MarcoFalke) fac42e9d35f6ba046999b2e3a757ab720c51b6bb Rename CSerAction* to Action* (MarcoFalke) aaaa3fa9477eef9ea72e4a501d130c57b47b470a Replace READWRITEAS macro with AsBase wrapping function (MarcoFalke) Pull request description: It seems confusing that picking a wrong value for `ADDRV2_FORMAT` could have effects on consensus. (See the docstring of `ADDRV2_FORMAT`). Fix this by implementing https://github.com/bitcoin/bitcoin/issues/19477#issuecomment-1147421608 . This may also help with libbitcoinkernel, see https://github.com/bitcoin/bitcoin/pull/28327 ACKs for top commit: TheCharlatan: ACK fa626af3edbe8d98b2de91dd71729ceef90389fb ajtowns: ACK fa626af3edbe8d98b2de91dd71729ceef90389fb Tree-SHA512: 229d379da27308890de212b1fd2b85dac13f3f768413cb56a4b0c2da708f28344d04356ffd75bfcbaa4cabf0b6cc363c4f812a8f1648cff9e436811498278318
2023-09-06Merge bitcoin/bitcoin#26567: Wallet: estimate the size of signed inputs ↵Andrew Chow
using descriptors 10546a569c6c96a5ec1b9708abf9ff5c8644f669 wallet: accurately account for the size of the witness stack (Antoine Poinsot) 9b7ec393b82ca9d7ada77d06e0835df0386a8b85 wallet: use descriptor satisfaction size to estimate inputs size (Antoine Poinsot) 8d870a98731e8db5ecc614bb5f7c064cbf30c7f4 script/signingprovider: introduce a MultiSigningProvider (Antoine Poinsot) fa7c46b503f0b69630f55dc43021d2099e3515ba descriptor: introduce a method to get the satisfaction size (Antoine Poinsot) bdba7667d2d65f31484760a8e8420c488fc5f801 miniscript: introduce a helper to get the maximum witness size (Antoine Poinsot) 4ab382c2cdb09fb4056711b4336807845cbe1ad5 miniscript: make GetStackSize independent of P2WSH context (Antoine Poinsot) Pull request description: The wallet currently estimates the size of a signed input by doing a dry run of the signing logic. This is unnecessary since all outputs we can sign for can be represented by a descriptor, and we can derive the size of a satisfaction ("signature") directly from the descriptor itself. In addition, the current approach does not generalize well: dry runs of the signing logic are only possible for the most basic scripts. See for instance the discussion in #24149 around that. This introduces a method to get the maximum size of a satisfaction from a descriptor, and makes the wallet use that instead of the dry-run. ACKs for top commit: sipa: utACK 10546a569c6c96a5ec1b9708abf9ff5c8644f669 achow101: re-ACK 10546a569c6c96a5ec1b9708abf9ff5c8644f669 Tree-SHA512: 43ed1529fbd30af709d903c8c5063235e8c6a03b500bc8f144273d6184e23a53edf0fea9ef898ed57d8a40d73208b5d935cc73b94a24fad3ad3c63b3b2027174
2023-08-28Replace READWRITEAS macro with AsBase wrapping functionMarcoFalke
Co-authored-by: Pieter Wuille <pieter@wuille.net>
2023-08-25wallet: accurately account for the size of the witness stackAntoine Poinsot
When estimating the maximum size of an input, we were assuming the number of elements on the witness stack could be encode in a single byte. This is a valid approximation for all the descriptors we support (including P2WSH Miniscript ones), but may not hold anymore once we support Miniscript within Taproot descriptors (since the max standard witness stack size of 100 gets lifted). It's a low-hanging fruit to account for it correctly, so just do it now.
2023-08-25script/signingprovider: introduce a MultiSigningProviderAntoine Poinsot
It is sometimes useful to interface with multiple signing providers at once. For instance when inferring a descriptor with solving information being provided from multiple sources (see next commit). Instead of inneficiently copying the information from one provider into the other, introduce a new signing provider that takes a list of pointers to existing providers.