Commit graph

101 commits

Author SHA1 Message Date
Pieter Wuille
1cc344ce42 Add built-in SHA-1 implementation. 2014-06-21 19:47:39 +02:00
Pieter Wuille
7b4737c878 Switch script.cpp and hash.cpp to use sha2.cpp instead of OpenSSL. 2014-06-21 19:47:39 +02:00
Wladimir J. van der Laan
6dd5edb7de
Remove unused Print/PrintHex functions
You can just use HexStr(script) or script.ToString() for debugging, no
need for these extra functions.
2014-06-10 15:03:21 +02:00
Huang Le
aab2c0fd7e Remove template matching params from GetOpName()
Since they are not real opcodes, being reported as OP_UNKNOWN is less confusing for human-readable decoding.

Signed-off-by: Huang Le <4tarhl@gmail.com>
2014-05-31 01:23:53 +08:00
Wladimir J. van der Laan
72f754cf51
Merge pull request #3637
6fd7ef2 Also switch the (unused) verification code to low-s instead of even-s. (Pieter Wuille)
2014-05-09 16:24:57 +02:00
Wladimir J. van der Laan
54f102248b
Merge pull request #3843
787ee0c Check redeemScript size does not exceed 520 byte limit (Peter Todd)
4d79098 Increase IsStandard() scriptSig length (Peter Todd)
f80cffa Do not trigger a DoS ban if SCRIPT_VERIFY_NULLDUMMY fails (Peter Todd)
6380180 Add rejection of non-null CHECKMULTISIG dummy values (Peter Todd)
29c1749 Let tx (in)valid tests use any SCRIPT_VERIFY flag (Peter Todd)
68f7d1d Create (MANDATORY|STANDARD)_SCRIPT_VERIFY_FLAGS constants (Peter Todd)
2014-05-09 16:09:20 +02:00
Peter Todd
6380180821 Add rejection of non-null CHECKMULTISIG dummy values
This is a source of transaction mutability as the dummy value was
previously not checked and could be modified to something other than the
usual OP_0 value.
2014-05-08 00:55:01 -04:00
Peter Todd
68f7d1d7af Create (MANDATORY|STANDARD)_SCRIPT_VERIFY_FLAGS constants 2014-05-05 05:35:27 -04:00
Cory Fields
05e3ecffa4 script: remove bignum dependency 2014-04-22 00:32:30 -04:00
Cory Fields
27bff74e39 script: switch to CScriptNum usage for scripts 2014-04-22 00:32:30 -04:00
Pieter Wuille
6fd7ef2bbf Also switch the (unused) verification code to low-s instead of even-s.
a81cd968 introduced a malleability breaker for signatures
(using an even value for S). In e0e14e43 this was changed to
the lower of two potential values, rather than the even one.
Only the signing code was changed though, the (for now unused)
verification code wasn't adapted.
2014-03-10 20:38:32 +01:00
Jeff Garzik
8175c790eb script: reduce OP_RETURN standard relay bytes to 40
Per mailing list discussion.
2014-02-26 12:58:08 -05:00
Jeff Garzik
595b6d88d4 script: tighten multisig non-standard rules: do not relay pubkeys above 65 bytes 2014-02-21 02:26:51 -05:00
Pieter Wuille
87fe71e1fc Add HasCanonicalPushes(), and use it in IsStandardTx 2014-02-11 21:11:59 +01:00
Pieter Wuille
9aea601b05 Move IsPushOnly() to script.cpp 2014-02-11 20:38:23 +01:00
Wladimir J. van der Laan
d980f9b7d6
Merge pull request #3257
379778b core: remove includes in .cpp, if header is already in .h (Philip Kaufmann)
2013-11-20 16:18:33 +01:00
Philip Kaufmann
fabba0e6cc orphan spaces cleanup ;-) 2013-11-15 12:24:34 +01:00
Philip Kaufmann
379778bde6 core: remove includes in .cpp, if header is already in .h
- example: if util.h includes stdint.h, remove it from util.cpp, as
  util.h is the first header included in util.cpp
2013-11-15 12:20:16 +01:00
Brandon Dahler
51ed9ec971 Cleanup code using forward declarations.
Use misc methods of avoiding unnecesary header includes.
Replace int typedefs with int##_t from stdint.h.
Replace PRI64[xdu] with PRI[xdu]64 from inttypes.h.
Normalize QT_VERSION ifs where possible.
Resolve some indirect dependencies as direct ones.
Remove extern declarations from .cpp files.
2013-11-10 09:36:28 -06:00
Peter Todd
22de68dffc
Relay OP_RETURN TxOut as standard transaction type
Also fix decoderawtransaction to not show reqSigs or addresses for
nulldata txouts. (Previous version also left reqSigs uninitialized
mistakenly)
2013-10-24 04:32:35 -04:00
Gavin Andresen
be484db274 Merge pull request #2738 from jgarzik/op_return
Relay OP_RETURN data TxOut as standard transaction type.
2013-10-21 22:47:24 -07:00
Pieter Wuille
9b1200c23b
Merge pull request #3119
db0e8cc Bump Year Number to 2013 (super3)
2013-10-20 22:25:44 +02:00
super3
db0e8ccd90 Bump Year Number to 2013 2013-10-20 15:25:06 -04:00
Jeff Garzik
a79342479f Relay OP_RETURN data TxOut as standard transaction type 2013-10-02 11:49:43 -04:00
Pieter Wuille
f5857e5cb5 Inline signature serializer
Instead of building a full copy of a CTransaction being signed, and
then modifying bits and pieces until its fits the form necessary
for computing the signature hash, use a wrapper serializer that
only serializes the necessary bits on-the-fly.

This makes it easier to see which data is actually being hash,
reduces load on the heap, and also marginally improves performances
(around 3-4us/sigcheck here). The performance improvements are much
larger for large transactions, though.

The old implementation of SignatureHash is moved to a unit tests,
to test whether the old and new algorithm result in the same value
for randomly-constructed transactions.
2013-09-28 18:37:00 +02:00
Gavin Andresen
881a85a22d Replace printf with LogPrintf / LogPrint 2013-09-18 20:39:25 +10:00
Gavin Andresen
b62dc051aa Merge pull request #2938 from petertodd/op-reserved-weirdness
Document and test OP_RESERVED weirdness
2013-08-25 18:17:59 -07:00
Peter Todd
214d45b6b9
Document and test OP_RESERVED weirdness
Seems it was forgotten about when IsPushOnly() and the unittests were
written. A particular oddity is that OP_RESERVED doesn't count towards
the >201 opcode limit unlike every other named opcode.
2013-08-25 12:37:07 -04:00
Jeff Garzik
3d86e7cd48 Merge pull request #2618 from fcicq/solaris-support
Partial solaris support
2013-08-24 20:19:24 -07:00
Pieter Wuille
a81cd96805 Only create signatures with even S, and verification mode to check.
To fix a minor malleability found by Sergio Lerner (reported here:
https://bitcointalk.org/index.php?topic=8392.msg1245898#msg1245898)

The problem is that if (R,S) is a valid ECDSA signature for a given
message and public key, (R,-S) is also valid. Modulo N (the order
of the secp256k1 curve), this means that both (R,S) and (R,N-S) are
valid. Given that N is odd, S and N-S have a different lowest bit.
We solve the problem by forcing signatures to have an even S value,
excluding one of the alternatives.

This commit just changes the signing code to always produce even S
values, and adds a verification mode to check it. This code is not
enabled anywhere yet. Existing tests in key_tests.cpp verify that
the produced signatures are still valid.
2013-08-16 00:17:50 +02:00
Gavin Andresen
050d2e953f Remove #define loop from util.h
Replace the loop macro with while (true). The #define caused
problems for Qt.
2013-07-31 14:06:44 +10:00
fcicq
c391f9a47b Fix boost uint type bug by reordering the includes 2013-07-17 16:50:51 +08:00
Pieter Wuille
acc775c554 Add ExtractAffectedKeys to script
This function finds all keys affected by a particular output script,
supporting everything ExtractDestinations supports (pay-to-pubkey,
pay-to-pubkeyhash, multisig) and recurses into subscripts (P2SH).
2013-06-22 16:49:30 +02:00
Eric Lombrozo
48343a0a50 Removed script.cpp's dependence on main.h 2013-06-05 23:15:20 -07:00
Pieter Wuille
896185d7ed Make signature cache store CPubKeys 2013-05-30 05:20:23 +02:00
Pieter Wuille
dfa23b94c2 CSecret/CKey -> CKey/CPubKey split/refactor 2013-05-30 05:20:21 +02:00
Pieter Wuille
5d891489ab Make CPubKey statically allocated 2013-05-30 05:18:42 +02:00
Gavin Andresen
bce697d7fa Remove implementation of disabled opcodes
So we stop getting pull requests (like #2604) fixing problems with disabled Script opcodes.
A hard fork would be required to re-enable these, and if we ever did that we'd require extensive review and testing.
2013-05-02 17:33:57 -04:00
Gavin Andresen
c429f2b062 Merge pull request #2114 from sipa/strictstrict
Make IsCanonicalScript() check the hash type more thoroughly
2013-01-23 07:08:55 -08:00
Matt Corallo
192cc910ec Replace 520 constant with MAX_SCRIPT_ELEMENT_SIZE 2013-01-18 13:55:18 -05:00
Pieter Wuille
ef0f422519 Remove contention on signature cache during block validation
Since block validation happens in parallel, multiple threads may be
accessing the signature cache simultaneously. To prevent contention:
* Turn the signature cache lock into a shared mutex
* Make reading from the cache only acquire a shared lock
* Let block validations not store their results in the cache
2013-01-08 02:00:59 +01:00
Pieter Wuille
f1136200a6 Move VerifySignature to main 2013-01-08 01:49:14 +01:00
Pieter Wuille
bffc744444 Make IsCanonicalScript() check the hash type more thoroughly
0 and 128 were previously accepted as standard hash type.

Note that this function is not active in the current verification
code.
2012-12-22 18:39:36 +01:00
Gavin Andresen
a91efb2d8d Add assert and comment for subtle pay-to-script-hash logic 2012-11-21 13:58:10 -05:00
Pieter Wuille
99d0d0f356 Introduce script verification flags
These flags select features to be enabled/disabled during script
evaluation/checking, instead of several booleans passed along.
Currently these flags are defined:
* SCRIPT_VERIFY_P2SH: enable BIP16-style subscript evaluation
* SCRIPT_VERIFY_STRICTENC: enforce strict adherence to pubkey/sig encoding standards.
2012-11-15 23:00:16 +01:00
Pieter Wuille
f50fb5470b Merge pull request #1936 from sipa/morehashwriter
Use CHashWriter also in SignatureHash(), and for message signing
2012-10-20 14:53:43 -07:00
Pieter Wuille
450cbb0944 Ultraprune
This switches bitcoin's transaction/block verification logic to use a
"coin database", which contains all unredeemed transaction output scripts,
amounts and heights.

The name ultraprune comes from the fact that instead of a full transaction
index, we only (need to) keep an index with unspent outputs. For now, the
blocks themselves are kept as usual, although they are only necessary for
serving, rescanning and reorganizing.

The basic datastructures are CCoins (representing the coins of a single
transaction), and CCoinsView (representing a state of the coins database).
There are several implementations for CCoinsView. A dummy, one backed by
the coins database (coins.dat), one backed by the memory pool, and one
that adds a cache on top of it. FetchInputs, ConnectInputs, ConnectBlock,
DisconnectBlock, ... now operate on a generic CCoinsView.

The block switching logic now builds a single cached CCoinsView with
changes to be committed to the database before any changes are made.
This means no uncommitted changes are ever read from the database, and
should ease the transition to another database layer which does not
support transactions (but does support atomic writes), like LevelDB.

For the getrawtransaction() RPC call, access to a txid-to-disk index
would be preferable. As this index is not necessary or even useful
for any other part of the implementation, it is not provided. Instead,
getrawtransaction() uses the coin database to find the block height,
and then scans that block to find the requested transaction. This is
slow, but should suffice for debug purposes.
2012-10-20 23:08:57 +02:00
Pieter Wuille
69fc8047a9 Compact serialization for scripts
Special serializers for script which detect common cases and encode
them much more efficiently. 3 special cases are defined:
* Pay to pubkey hash (encoded as 21 bytes)
* Pay to script hash (encoded as 21 bytes)
* Pay to pubkey starting with 0x02, 0x03 or 0x04 (encoded as 33 bytes)

Other scripts up to 121 bytes require 1 byte + script length. Above
that, scripts up to 16505 bytes require 2 bytes + script length.
2012-10-20 23:08:56 +02:00
Jeff Garzik
dee0ee2ac9 Merge pull request #1742 from sipa/canonical
Check for canonical public keys and signatures
2012-10-20 10:56:04 -07:00
Pieter Wuille
8980a50924 Use CHashWriter also in SignatureHash(), and for message signing 2012-10-19 23:18:07 +02:00