Commit graph

204 commits

Author SHA1 Message Date
Pieter Wuille
6e18268616 Switch to libsecp256k1-based validation for ECDSA 2015-11-15 16:06:57 +01:00
Pieter Wuille
114b5812f6 Prevector type 2015-11-13 18:15:20 +01:00
Pieter Wuille
0b9e9dca4e Evict sigcache entries that are seen in a block 2015-10-31 01:15:11 +01:00
Pieter Wuille
830e3f3d02 Make sigcache faster and more efficient 2015-10-31 01:15:11 +01:00
Wladimir J. van der Laan
2a1090d4f5
Merge pull request #6351
65ef372 Add BIP65 to getblockchaininfo softforks list (Peter Todd)
cde7ab2 Add RPC tests for the CHECKLOCKTIMEVERIFY (BIP65) soft-fork (Peter Todd)
287f54f Add CHECKLOCKTIMEVERIFY (BIP65) soft-fork logic (Peter Todd)
2015-10-23 13:33:13 +02:00
David Hill
b48da5c189 script: Remove magic numbers
This adds two new constants, MAX_OPS_PER_SCRIPT and
MAX_PUBKEYS_PER_MULTISIG.
2015-10-15 09:48:15 -04:00
Peter Todd
287f54fc90 Add CHECKLOCKTIMEVERIFY (BIP65) soft-fork logic
Based on the earlier BIP66 soft-fork logic implemented by Pieter
Wuille's 5a47811da5
2015-10-08 17:23:22 +02:00
Peter Todd
da894ab5da Accept any sequence of PUSHDATAs in OP_RETURN outputs
Previously only one PUSHDATA was allowed, needlessly limiting
applications such as matching OP_RETURN contents with bloom filters that
operate on a per-PUSHDATA level. Now any combination that passes
IsPushOnly() is allowed, so long as the total size of the scriptPubKey
is less than 42 bytes. (unchanged modulo non-minimal PUSHDATA encodings)

Also, this fixes the odd bug where previously the PUSHDATA could be
replaced by any single opcode, even sigops consuming opcodes such as
CHECKMULTISIG. (20 sigops!)
2015-10-01 18:28:13 +02:00
Peter Todd
5d8709c3b7 Add IsPushOnly(const_iterator pc)
Allows IsPushOnly() to be applied to just part of the script for
OP_RETURN outputs.
2015-10-01 18:28:11 +02:00
Peter Todd
6a07eb676a Make TX_SCRIPTHASH clear vSolutionsRet first
Previously unlike other transaction types the TX_SCRIPTHASH would not
clear vSolutionsRet, which means that unlike other transaction types if
it was called twice in a row you would get the result of the previous
invocation as well.
2015-10-01 18:27:22 +02:00
Wladimir J. van der Laan
48efbdbe98
Merge pull request #5264
af3208b Resolve issue 3166. These changes decode valid SIGHASH types on signatures in assembly (asm) representations of scriptSig scripts. This squashed commit incorporates substantial helpful feedback from jtimon, laanwj, and sipa. (mruddy)
2015-09-25 19:19:07 +02:00
Wladimir J. van der Laan
ef30389e2a
Merge pull request #6544
c5c1edf Fix spelling mistake in -> if. (Mark Friedenbach)
e846b2a Correct a possibly intentional pun that is nevertheless hard to read: "two times of nLockTime." What is meant is that there are two kinds, or categories of nLockTime. (Mark Friedenbach)
2015-08-19 17:37:52 +02:00
Mark Friedenbach
e846b2a1e9 Correct a possibly intentional pun that is nevertheless hard to read: "two times of nLockTime." What is meant is that there are two kinds, or categories of nLockTime. 2015-08-10 18:08:30 -07:00
mruddy
af3208bfa6 Resolve issue 3166.
These changes decode valid SIGHASH types on signatures in assembly (asm) representations of scriptSig scripts.
This squashed commit incorporates substantial helpful feedback from jtimon, laanwj, and sipa.
2015-07-30 19:56:00 -04:00
Matt Corallo
cfc3dd3428 Also remove pay-2-pubkey from watch when adding a priv key 2015-07-20 16:01:37 -07:00
Pieter Wuille
9e38d0f745 Separate core memory usage computation in core_memusage.h 2015-07-20 11:17:53 -04:00
Pieter Wuille
5098c47b24 Implement accurate memory accounting for mempool 2015-07-10 10:49:31 -04:00
Wladimir J. van der Laan
9546a977d3
Merge pull request #6335
9238ecb Policy: MOVEONLY: 3 functions to policy.o: (Luke Dashjr)
627b9de Policy: MOVEONLY: Create policy/policy.h with some constants (Jorge Timón)
2015-07-06 18:54:20 +02:00
Jonas Schnelli
5496253966 add CReserveScript to allow modular script keeping/returning
- use one CReserveScript per mining thread
2015-07-01 16:06:14 +02:00
Luke Dashjr
9238ecb417 Policy: MOVEONLY: 3 functions to policy.o:
- [script/standard.o] IsStandard
- [main.o] IsStandardTx
- [main.o] AreInputsStandard

Also, don't use namespace std in policy.cpp
2015-06-26 17:59:10 +02:00
Jorge Timón
627b9deff4 Policy: MOVEONLY: Create policy/policy.h with some constants 2015-06-26 17:59:07 +02:00
Wladimir J. van der Laan
41076aad0c
Merge pull request #6124
ffd75ad Enable CHECKLOCKTIMEVERIFY as a standard script verify flag (Peter Todd)
bc60b2b Replace NOP2 with CHECKLOCKTIMEVERIFY (BIP65) (Peter Todd)
48e9c57 Move LOCKTIME_THRESHOLD to src/script/script.h (Peter Todd)
99088d6 Make CScriptNum() take nMaxNumSize as an argument (Peter Todd)
2015-06-26 14:42:45 +02:00
Peter Todd
ffd75adce0
Enable CHECKLOCKTIMEVERIFY as a standard script verify flag
Transactions that fail CLTV verification will be rejected from the
mempool, making it easy to test the feature. However blocks containing
"invalid" CLTV-using transactions will still be accepted; this is *not*
the soft-fork required to actually enable CLTV for production use.
2015-06-22 00:00:48 -04:00
Peter Todd
bc60b2b4b4 Replace NOP2 with CHECKLOCKTIMEVERIFY (BIP65)
<nLockTime> CHECKLOCKTIMEVERIFY -> <nLockTime>

Fails if tx.nLockTime < nLockTime, allowing the funds in a txout to be
locked until some block height or block time in the future is reached.

Only the logic and unittests are implemented; this commit does not have
any actual soft-fork logic in it.

Thanks to Pieter Wuille for rebase.

Credit goes to Gregory Maxwell for the suggestion of comparing the
argument against the transaction nLockTime rather than the current
time/blockheight directly.
2015-06-21 23:56:28 -04:00
Pieter Wuille
9b4e7d9a5e Add DummySignatureCreator which just creates zeroed sigs 2015-06-11 01:03:23 -07:00
Philip Kaufmann
5207f33f45 fix header include groups 2015-05-14 01:02:01 -04:00
Peter Todd
48e9c57cf0 Move LOCKTIME_THRESHOLD to src/script/script.h
Will now be needed by CHECKLOCKTIMEVERIFY code.
2015-05-09 04:33:49 -04:00
Peter Todd
99088d60d8 Make CScriptNum() take nMaxNumSize as an argument
While the existing numeric opcodes are all limited to 4-byte bignum
arguments, new opcodes will need different limits.
2015-05-09 04:29:47 -04:00
Pieter Wuille
18051c7fbd Abstract out Ctransaction-specific signing into TransactionSignatureCreator 2015-03-21 07:06:18 -07:00
Wladimir J. van der Laan
4e853aa163 src/script/script.h: endian compatibility for PUSHDATA sizes 2015-03-06 17:21:58 +01:00
Wladimir J. van der Laan
fcf646c9b0
Merge pull request #5286
44e9a6b Update the 'test_IsStandard' unit test (Flavien Charlon)
a930658 Change the default maximum OP_RETURN size to 80 bytes (Flavien Charlon)
2015-02-03 13:12:44 +01:00
Wladimir J. van der Laan
41e6e4caba
Merge pull request #5713
bf6cdeb Increase coverage of DERSIG edge cases (Pieter Wuille)
819bcf9 Add RPC test for DERSIG BIP switchover logic (Pieter Wuille)
5a47811 BIP66 changeover logic (Pieter Wuille)
092e9fe Example unit tests from BIP66 (Pieter Wuille)
80ad135 Change IsDERSignature to BIP66 implementation (Pieter Wuille)
2015-02-03 10:34:53 +01:00
Pieter Wuille
9fddceda44 Avoid storing a reference passed to SignatureChecker constructors 2015-02-02 20:19:46 -08:00
Pieter Wuille
858809a33e Use separate SignatureChecker for CMutableTransaction 2015-02-02 20:19:12 -08:00
Pieter Wuille
5a47811da5 BIP66 changeover logic 2015-02-01 17:51:24 -04:00
Pieter Wuille
80ad135a5e Change IsDERSignature to BIP66 implementation 2015-02-01 17:47:21 -04:00
Pavel Janík
5262fde0ec Remove whitespaces before double colon in errors and logs 2015-01-31 17:38:28 -05:00
Peter Todd
2fa9a8ec86
Make empty byte arrays pass CheckSignatureEncoding()
Makes it possible to compactly provide a delibrately invalid signature
for use with CHECK(MULTI)SIG. For instance with BIP19 if m != n invalid
signatures need to be provided in the scriptSig; prior to this change
those invalid signatures would need to be large DER-encoded signatures.

Note that we may want to further expand on this change in the future by
saying that only OP_0 is a "valid" invalid signature; BIP19 even with
this change is inherently malleable as the invalid signatures can be any
validly encoded DER signature.
2015-01-09 06:03:22 -05:00
Wladimir J. van der Laan
48e1765e27
Merge pull request #5143
da918ac Make SCRIPT_VERIFY_CLEANSTACK a standardness requirement (Pieter Wuille)
b6e03cc Add SCRIPT_VERIFY_CLEANSTACK (BIP62 rule 6) (Pieter Wuille)
ae4151b No semantic change: reuse stack variable in P2SH evaluation (Pieter Wuille)
2015-01-08 12:01:22 +01:00
Wladimir J. van der Laan
34cdc41128 String conversions uint256 -> uint256S
If uint256() constructor takes a string, uint256(0) will become
dangerous when uint256 does not take integers anymore (it will go
through std::string(const char*) making a NULL string, and the explicit
keyword is no help).
2015-01-05 15:45:35 +01:00
Wladimir J. van der Laan
2eae3157f6 Replace uint256(1) with static constant
SignatureHash and its test function SignatureHashOld
return uint256(1) as a special error signaling value.
Return a local static constant with the same value instead.
2015-01-05 15:45:34 +01:00
Wladimir J. van der Laan
4f1524966a Replace direct use of 0 with SetNull and IsNull
Replace x=0 with .SetNull(),
x==0 with IsNull(), x!=0 with !IsNull().
Replace uses of uint256(0) with uint256().
2015-01-05 15:45:34 +01:00
Peter Todd
d78f0dafd5
Fix CScriptID(const CScript& in) in empty script case
Previously an empty script wouldn't be hashed, and CScriptID would be
assigned the incorrect value of 0 instead. This bug can be seen in the
RPC decodescript command:

    $ btc decodescript ""
    {
        "asm" : "",
        "type" : "nonstandard",
        "p2sh" : "31h1vYVSYuKP6AhS86fbRdMw9XHieotbST"
    }

Correct output:

    $ btc decodescript ""
    {
        "asm" : "",
        "type" : "nonstandard",
        "p2sh" : "3J98t1WpEZ73CNmQviecrnyiWrnqRhWNLy"
    }
2014-12-25 03:18:40 -05:00
sandakersmann
f914f1a746
Added "Core" to copyright headers
Github-Pull: #5494
Rebased-From: 15de949bb9277e442302bdd8dee299a8d6deee60
2014-12-19 19:55:32 +01:00
Philip Kaufmann
27df4123c4 make all catch() arguments const
- I saw this on http://en.cppreference.com/w/cpp/language/try_catch and
  thought it would be a good idea
- also unify used format to better be able to search for exception
  uses in our codebase
2014-12-17 09:39:24 +01:00
Pavel Janík
4c83c0e7c8
Normalize header guard of script_error.h 2014-12-05 12:01:13 +01:00
Luke Dashjr
d227011184 MOVEONLY: core/ -> primitives/ 2014-12-03 10:52:58 +00:00
Wladimir J. van der Laan
f0877f8b62
Merge pull request #5227
4cdaa95 Resize after succesful result (Pieter Wuille)
9d8604f Header define style cleanups (Pieter Wuille)
a53fd41 Deterministic signing (Pieter Wuille)
3060e36 Add the RFC6979 PRNG (Pieter Wuille)
a8f5087 Add HMAC-SHA256 (Pieter Wuille)
36fa4a7 Split up crypto/sha2 (Pieter Wuille)
2014-12-01 14:57:58 +01:00
Pieter Wuille
da918ac06e Make SCRIPT_VERIFY_CLEANSTACK a standardness requirement 2014-11-25 12:38:01 +01:00
Pieter Wuille
b6e03cc592 Add SCRIPT_VERIFY_CLEANSTACK (BIP62 rule 6)
Based on an earlier patch by Peter Todd, though the rules here are different
(P2SH scripts should not have a CLEANSTACK check before the P2SH evaluation).
2014-11-25 12:38:01 +01:00
Pieter Wuille
ae4151bbad No semantic change: reuse stack variable in P2SH evaluation 2014-11-25 12:35:32 +01:00
Cory Fields
322317951f libbitcoinconsensus: don't require any global constructors
These static objects are only used in once place, so declare them there instead.
2014-11-24 15:23:29 -05:00
Pieter Wuille
36fa4a78ac Split up crypto/sha2 2014-11-20 17:22:02 +01:00
Peter Todd
ca8158719b Test the exact order of CHECKMULTISIG sig/pubkey evaluation
Possible with STRICTENC
2014-11-20 15:29:28 +01:00
Pieter Wuille
98b135f97f Make STRICTENC invalid pubkeys fail the script rather than the opcode.
This turns STRICTENC turn into a softforking-safe change (even though it
is not intended as a consensus rule), and as a result guarantee that using
it for mempool validation only results in consensus-valid transactions in
the mempool.
2014-11-20 15:29:26 +01:00
Pieter Wuille
3ba5ebc065
Merge pull request #5000
0391423 Discourage NOPs reserved for soft-fork upgrades (Peter Todd)
2014-11-20 15:27:39 +01:00
Cory Fields
2cf5f16c25 build: add libbitcoinconsensus files and hook up the lib build
Credit BlueMatt for libbitcoinsonsensus.h/cpp
2014-11-19 22:31:10 -05:00
Peter Todd
03914234b3
Discourage NOPs reserved for soft-fork upgrades
NOP1 to NOP10 are reserved for future soft-fork upgrades. In the event
of an upgrade such NOPs have *VERIFY behavior, meaning that if their
arguments are not correct the script fails. Discouraging these NOPs by
rejecting transactions containing them from the mempool ensures that
we'll never accept transactions, nor mine blocks, with scripts that are
now invalid according to the majority of hashing power even if we're not
yet upgraded. Previously this wasn't an issue as the IsStandard() rules
didn't allow upgradable NOPs anyway, but 7f3b4e95 relaxed the
IsStandard() rules for P2SH redemptions allowing any redeemScript to be
spent.

We *do* allow upgradable NOPs in scripts so long as they are not
executed. This is harmless as there is no opportunity for the script to
be invalid post-upgrade.
2014-11-17 22:22:33 -05:00
Cory Fields
ab9edbd6b6 script: create sane error return codes for script validation and remove logging
Attempt to codify the possible error statuses associated with script
validation. script/types.h has been created with the expectation that it will
be part of the public lib interface. The other flag enums will be moved here in
a future commit.

Logging has also been removed in order to drop the dependency on core.h. It can
be re-added to bitcoind as-needed. This makes script verification finally free
of application state and boost!
2014-11-14 16:25:53 -05:00
Flavien Charlon
a9306587a4 Change the default maximum OP_RETURN size to 80 bytes
The value can be changed through the '-datacarriersize' option, this
is modifying the default value for that option.
2014-11-14 10:20:58 +00:00
Michael Ford
b9a36b15bf Make comments in /src/script doxygen compatible 2014-11-10 14:51:55 +08:00
Pieter Wuille
1f847936c9 Avoid a bunch of copying/conversion in script/sign 2014-11-04 13:59:41 -08:00
Philip Kaufmann
b4347f6035 minor code style cleanup after recent merges
- add a missing license header
- correct some header orderings etc.
2014-11-04 14:36:46 +01:00
Wladimir J. van der Laan
df504e924a
Merge pull request #5196
8473862 Fix all header defines (Pavel Janík)
2014-11-04 09:33:22 +01:00
Wladimir J. van der Laan
73b82a3089
Merge pull request #5162
d2e74c5 boost: moveonly: split CPubKey and friends to new files (Cory Fields)
78c228c boost: moveonly: move BIP32Hash to hash.h (Cory Fields)
900078a boost: moveonly: create eccryptoverify.h|cpp and move helper functions there (Cory Fields)
2014-11-04 09:26:45 +01:00
Pavel Janík
84738627ce Fix all header defines 2014-11-03 16:16:40 +01:00
Wladimir J. van der Laan
96012e83f1
Merge pull request #5077
2aa6329 Enable customising node policy for datacarrier data size with a -datacarriersize option (Luke Dashjr)
2014-10-31 11:16:09 +01:00
Cory Fields
d2e74c55bd boost: moveonly: split CPubKey and friends to new files 2014-10-31 01:19:37 -04:00
Cory Fields
900078aeb4 boost: moveonly: create eccryptoverify.h|cpp and move helper functions there
Eventually (after 0.10) these files will hold the logic for crypto
verification routines, and CKey/CPubKey will call into them.
2014-10-31 01:13:07 -04:00
Pieter Wuille
723c752636
Merge pull request #5100
99f41b9 MOVEONLY: core.o -> core/block.o (jtimon)
561e9e9 MOVEONLY: Move script/compressor out of script and put CTxOutCompressor (from core) with it (jtimon)
999a2ab MOVEONLY: separate CTxUndo out of core (jtimon)
4a3587d MOVEONLY: Separate CTransaction and dependencies from core (jtimon)
eda3733 MOVEONLY: Move CFeeRate and Amount constants to amount.o (jtimon)
2014-10-28 05:27:41 -07:00
jtimon
561e9e9de9 MOVEONLY: Move script/compressor out of script and put CTxOutCompressor (from
core) with it
2014-10-27 13:54:37 +01:00
jtimon
4a3587d8db MOVEONLY: Separate CTransaction and dependencies from core 2014-10-27 13:54:37 +01:00
Luke Dashjr
2aa632921e Enable customising node policy for datacarrier data size with a -datacarriersize option 2014-10-27 09:41:57 +00:00
Peter Todd
6004e77b92 Improve CScriptNum() comment
Edited-by: Pieter Wuille <pieter.wuille@gmail.com>
2014-10-25 03:03:20 -07:00
Pieter Wuille
698c6abb25 Add SCRIPT_VERIFY_MINIMALDATA (BIP62 rules 3 and 4)
Also use the new flag as a standard rule, and replace the IsCanonicalPush
standardness check with it (as it is more complete).
2014-10-25 03:03:20 -07:00
Pieter Wuille
d752ba86c1 Add SCRIPT_VERIFY_SIGPUSHONLY (BIP62 rule 2) 2014-10-25 03:03:16 -07:00
Cory Fields
3a757c5294 fix build with libc++ after 85c579e 2014-10-23 14:24:22 -04:00
Cory Fields
85c579e3a6 script: add a slew of includes all around and drop includes from script.h
Lots of files ended up with indirect includes from script.h.
2014-10-17 13:44:57 -04:00
Cory Fields
db8eb54bd7 script: move ToString and ValueString out of the header 2014-10-17 13:44:14 -04:00
Cory Fields
e9ca4280f3 script: add ToByteVector() for converting anything with begin/end
This should move to a util header once their dependencies are cleaned up.
2014-10-17 13:44:14 -04:00
Cory Fields
066e2a1403 script: move CScriptID to standard.h and add a ctor for creating them from CScripts
This allows for a reversal of the current behavior.

This:
CScript foo;
CScriptID bar(foo.GetID());

Becomes:
CScript foo;
CScriptID bar(foo);

This way, CScript is no longer dependent on CScriptID or Hash();
2014-10-17 13:44:14 -04:00
Pieter Wuille
9df9cf5a9f Make SCRIPT_VERIFY_STRICTENC compatible with BIP62
* Delete canonical_tests.cpp, and move the tests to script_tests.cpp.
* Split off SCRIPT_VERIFY_DERSIG from SCRIPT_VERIFY_STRICTENC (the BIP62 part of it).
* Change signature STRICTENC/DERSIG semantics to fail the script entirely rather than the CHECKSIG result (softfork safety, and BIP62 requirement).
* Add many autogenerated tests for several odd cases.
* Mention specific BIP62 rules in the script verification flags.
2014-10-08 15:42:29 -07:00
Wladimir J. van der Laan
953f16cb4e
Merge pull request #4954
9d7cd4c Don't return an address for invalid pubkeys (Andy Alness)
2014-10-07 08:51:20 +02:00
Andy Alness
9d7cd4c598 Don't return an address for invalid pubkeys 2014-10-06 21:54:34 -04:00
Philip Kaufmann
5eed8c21c7 minor license, header end comment etc. cleanup in /script
- ensure all licenses are just MIT
- add a missing header end comment
- ensure alphabetical ordering
2014-10-06 13:00:55 +02:00
Pieter Wuille
e790c370b5 Replace SCRIPT_VERIFY_NOCACHE by flag directly to checker 2014-10-02 20:26:58 +02:00
Pieter Wuille
5c1e798a8e Make signature cache optional 2014-10-02 20:26:17 +02:00
Pieter Wuille
c7829ea797 Abstract out SignatureChecker 2014-10-02 20:26:16 +02:00
Cory Fields
be6d87aa60 script: don't read past the end 2014-09-25 14:56:26 -04:00
Wladimir J. van der Laan
4b2b78b9f2
Merge pull request #4969
cda45b5 Reinitializing list's begin iterator after few elements were erased from the head (ENikS)
2014-09-25 15:58:56 +02:00
ENikS
1e73504865
Fixing C4146 warning
Rebased-By: Wladimir J. van der Laan <laanwj@gmail.com>
2014-09-25 15:24:36 +02:00
ENikS
219372f1dd
script: Fix reference into empty vector run time exception
Edit by laanwj: `begin_ptr(sourcedata) + sourcedata.size()` -> `end_ptr(sourcedata)`
2014-09-25 11:46:52 +02:00
ENikS
cda45b5131 Reinitializing list's begin iterator after few elements were erased from the head 2014-09-23 18:33:16 -04:00
ENikS
6134b43ba9 Fixing condition 'sabotaging' MSVC build 2014-09-19 18:29:58 -04:00
Wladimir J. van der Laan
438c7e4cd2
Merge pull request #4555
6dcfda2 Don't pass nHashType to EvalScript nor CheckSig (jtimon)
2b23a87 Don't pass nHashType to VerifyScript (jtimon)
ce3649fb Remove CScriptCheck::nHashType (was always 0) (jtimon)
358562b Remove unused function main:VerifySignature (jtimon)
2014-09-17 13:44:22 +02:00
Pieter Wuille
0be990ba34 Move CTxDestination from script/script to script/standard 2014-09-16 19:14:32 +02:00
Philip Kaufmann
2d79bba36b cleanup new script files (no code changes)
- add missing header end comments
- ensure alphabetical ordering
- update copyright year and license
2014-09-14 12:25:38 +02:00
jtimon
6dcfda2dc4 Don't pass nHashType to EvalScript nor CheckSig 2014-09-12 20:04:31 +02:00
jtimon
2b23a87599 Don't pass nHashType to VerifyScript 2014-09-12 20:04:31 +02:00
jtimon
e088d65acb Separate script/sign 2014-09-08 20:21:35 +02:00
jtimon
9294a4bbe7 Separate CScriptCompressor 2014-09-08 20:21:35 +02:00
jtimon
c4408a6c85 Separate script/standard 2014-09-08 20:21:35 +02:00
jtimon
da03e6ed7c Separate script/interpreter 2014-09-08 20:21:33 +02:00
jtimon
cbd22a50c4 Move CScript class and dependencies to script/script 2014-09-08 20:19:31 +02:00