Commit graph

55 commits

Author SHA1 Message Date
MarcoFalke
fada0c422c [doc] Fix doxygen comments for members 2016-04-03 11:58:01 +02:00
BtcDrak
a38107643f Code style fix.
This if statement is a little obtuse and using braces here
improves readability.
2016-02-16 09:39:44 +00:00
BtcDrak
c3c375226e Separate CheckLockTime() and CheckSequence() logic
For the sake of a little repetition, make code more readable.
2016-02-14 11:29:40 +00:00
Mark Friedenbach
53e53a33c9 BIP112: Implement CHECKSEQUENCEVERIFY
- Replace NOP3 with CHECKSEQUENCEVERIFY (BIP112)
  <nSequence> CHECKSEQUENCEVERIFY -> <nSequence>
- Fails if txin.nSequence < nSequence, allowing funds of a txout to be locked for a number of blocks or a duration of time after its inclusion in a block.
- Pull most of CheckLockTime() out into VerifyLockTime(), a local function that will be reused for CheckSequence()
- Add bitwise AND operator to CScriptNum
- Enable CHECKSEQUENCEVERIFY as a standard script verify flag
- Transactions that fail CSV verification will be rejected from the mempool, making it easy to test the feature. However blocks containing "invalid" CSV-using transactions will still be accepted; this is *not* the soft-fork required to actually enable CSV for production use.
2016-02-14 11:29:38 +00:00
Wladimir J. van der Laan
80d1f2e483
Merge #7184: Implement SequenceLocks functions for BIP 68
b043c4b fix sdaftuar's nits again (Alex Morcos)
a51c79b Bug fix to RPC test (Alex Morcos)
da6ad5f Add RPC test exercising BIP68 (mempool only) (Suhas Daftuar)
c6c2f0f Implement SequenceLocks functions (Alex Morcos)
2016-02-12 17:03:46 +01:00
Alex Morcos
c6c2f0fd78 Implement SequenceLocks functions
SequenceLocks functions are used to evaluate sequence lock times or heights per BIP 68.

The majority of this code is copied from maaku in #6312
Further credit: btcdrak, sipa, NicolasDorier
2016-02-10 15:35:33 -05:00
Pieter Wuille
9d95187d5d Correctly report high-S violations 2016-02-10 14:19:20 +01:00
MarcoFalke
fa24439ff3 Bump copyright headers to 2015 2015-12-13 18:08:39 +01:00
Wladimir J. van der Laan
327291af02
Merge pull request #6914
114b581 Prevector type (Pieter Wuille)
2015-12-01 10:22:14 +01:00
Pieter Wuille
6e18268616 Switch to libsecp256k1-based validation for ECDSA 2015-11-15 16:06:57 +01:00
Pieter Wuille
114b5812f6 Prevector type 2015-11-13 18:15:20 +01:00
David Hill
b48da5c189 script: Remove magic numbers
This adds two new constants, MAX_OPS_PER_SCRIPT and
MAX_PUBKEYS_PER_MULTISIG.
2015-10-15 09:48:15 -04:00
Wladimir J. van der Laan
48efbdbe98
Merge pull request #5264
af3208b Resolve issue 3166. These changes decode valid SIGHASH types on signatures in assembly (asm) representations of scriptSig scripts. This squashed commit incorporates substantial helpful feedback from jtimon, laanwj, and sipa. (mruddy)
2015-09-25 19:19:07 +02:00
Mark Friedenbach
e846b2a1e9 Correct a possibly intentional pun that is nevertheless hard to read: "two times of nLockTime." What is meant is that there are two kinds, or categories of nLockTime. 2015-08-10 18:08:30 -07:00
mruddy
af3208bfa6 Resolve issue 3166.
These changes decode valid SIGHASH types on signatures in assembly (asm) representations of scriptSig scripts.
This squashed commit incorporates substantial helpful feedback from jtimon, laanwj, and sipa.
2015-07-30 19:56:00 -04:00
Peter Todd
bc60b2b4b4 Replace NOP2 with CHECKLOCKTIMEVERIFY (BIP65)
<nLockTime> CHECKLOCKTIMEVERIFY -> <nLockTime>

Fails if tx.nLockTime < nLockTime, allowing the funds in a txout to be
locked until some block height or block time in the future is reached.

Only the logic and unittests are implemented; this commit does not have
any actual soft-fork logic in it.

Thanks to Pieter Wuille for rebase.

Credit goes to Gregory Maxwell for the suggestion of comparing the
argument against the transaction nLockTime rather than the current
time/blockheight directly.
2015-06-21 23:56:28 -04:00
Wladimir J. van der Laan
41e6e4caba
Merge pull request #5713
bf6cdeb Increase coverage of DERSIG edge cases (Pieter Wuille)
819bcf9 Add RPC test for DERSIG BIP switchover logic (Pieter Wuille)
5a47811 BIP66 changeover logic (Pieter Wuille)
092e9fe Example unit tests from BIP66 (Pieter Wuille)
80ad135 Change IsDERSignature to BIP66 implementation (Pieter Wuille)
2015-02-03 10:34:53 +01:00
Pieter Wuille
9fddceda44 Avoid storing a reference passed to SignatureChecker constructors 2015-02-02 20:19:46 -08:00
Pieter Wuille
858809a33e Use separate SignatureChecker for CMutableTransaction 2015-02-02 20:19:12 -08:00
Pieter Wuille
80ad135a5e Change IsDERSignature to BIP66 implementation 2015-02-01 17:47:21 -04:00
Pavel Janík
5262fde0ec Remove whitespaces before double colon in errors and logs 2015-01-31 17:38:28 -05:00
Peter Todd
2fa9a8ec86
Make empty byte arrays pass CheckSignatureEncoding()
Makes it possible to compactly provide a delibrately invalid signature
for use with CHECK(MULTI)SIG. For instance with BIP19 if m != n invalid
signatures need to be provided in the scriptSig; prior to this change
those invalid signatures would need to be large DER-encoded signatures.

Note that we may want to further expand on this change in the future by
saying that only OP_0 is a "valid" invalid signature; BIP19 even with
this change is inherently malleable as the invalid signatures can be any
validly encoded DER signature.
2015-01-09 06:03:22 -05:00
Wladimir J. van der Laan
48e1765e27
Merge pull request #5143
da918ac Make SCRIPT_VERIFY_CLEANSTACK a standardness requirement (Pieter Wuille)
b6e03cc Add SCRIPT_VERIFY_CLEANSTACK (BIP62 rule 6) (Pieter Wuille)
ae4151b No semantic change: reuse stack variable in P2SH evaluation (Pieter Wuille)
2015-01-08 12:01:22 +01:00
Wladimir J. van der Laan
34cdc41128 String conversions uint256 -> uint256S
If uint256() constructor takes a string, uint256(0) will become
dangerous when uint256 does not take integers anymore (it will go
through std::string(const char*) making a NULL string, and the explicit
keyword is no help).
2015-01-05 15:45:35 +01:00
Wladimir J. van der Laan
2eae3157f6 Replace uint256(1) with static constant
SignatureHash and its test function SignatureHashOld
return uint256(1) as a special error signaling value.
Return a local static constant with the same value instead.
2015-01-05 15:45:34 +01:00
sandakersmann
f914f1a746
Added "Core" to copyright headers
Github-Pull: #5494
Rebased-From: 15de949bb9277e442302bdd8dee299a8d6deee60
2014-12-19 19:55:32 +01:00
Luke Dashjr
d227011184 MOVEONLY: core/ -> primitives/ 2014-12-03 10:52:58 +00:00
Wladimir J. van der Laan
f0877f8b62
Merge pull request #5227
4cdaa95 Resize after succesful result (Pieter Wuille)
9d8604f Header define style cleanups (Pieter Wuille)
a53fd41 Deterministic signing (Pieter Wuille)
3060e36 Add the RFC6979 PRNG (Pieter Wuille)
a8f5087 Add HMAC-SHA256 (Pieter Wuille)
36fa4a7 Split up crypto/sha2 (Pieter Wuille)
2014-12-01 14:57:58 +01:00
Pieter Wuille
b6e03cc592 Add SCRIPT_VERIFY_CLEANSTACK (BIP62 rule 6)
Based on an earlier patch by Peter Todd, though the rules here are different
(P2SH scripts should not have a CLEANSTACK check before the P2SH evaluation).
2014-11-25 12:38:01 +01:00
Pieter Wuille
ae4151bbad No semantic change: reuse stack variable in P2SH evaluation 2014-11-25 12:35:32 +01:00
Cory Fields
322317951f libbitcoinconsensus: don't require any global constructors
These static objects are only used in once place, so declare them there instead.
2014-11-24 15:23:29 -05:00
Pieter Wuille
36fa4a78ac Split up crypto/sha2 2014-11-20 17:22:02 +01:00
Peter Todd
ca8158719b Test the exact order of CHECKMULTISIG sig/pubkey evaluation
Possible with STRICTENC
2014-11-20 15:29:28 +01:00
Pieter Wuille
98b135f97f Make STRICTENC invalid pubkeys fail the script rather than the opcode.
This turns STRICTENC turn into a softforking-safe change (even though it
is not intended as a consensus rule), and as a result guarantee that using
it for mempool validation only results in consensus-valid transactions in
the mempool.
2014-11-20 15:29:26 +01:00
Peter Todd
03914234b3
Discourage NOPs reserved for soft-fork upgrades
NOP1 to NOP10 are reserved for future soft-fork upgrades. In the event
of an upgrade such NOPs have *VERIFY behavior, meaning that if their
arguments are not correct the script fails. Discouraging these NOPs by
rejecting transactions containing them from the mempool ensures that
we'll never accept transactions, nor mine blocks, with scripts that are
now invalid according to the majority of hashing power even if we're not
yet upgraded. Previously this wasn't an issue as the IsStandard() rules
didn't allow upgradable NOPs anyway, but 7f3b4e95 relaxed the
IsStandard() rules for P2SH redemptions allowing any redeemScript to be
spent.

We *do* allow upgradable NOPs in scripts so long as they are not
executed. This is harmless as there is no opportunity for the script to
be invalid post-upgrade.
2014-11-17 22:22:33 -05:00
Cory Fields
ab9edbd6b6 script: create sane error return codes for script validation and remove logging
Attempt to codify the possible error statuses associated with script
validation. script/types.h has been created with the expectation that it will
be part of the public lib interface. The other flag enums will be moved here in
a future commit.

Logging has also been removed in order to drop the dependency on core.h. It can
be re-added to bitcoind as-needed. This makes script verification finally free
of application state and boost!
2014-11-14 16:25:53 -05:00
Michael Ford
b9a36b15bf Make comments in /src/script doxygen compatible 2014-11-10 14:51:55 +08:00
Cory Fields
d2e74c55bd boost: moveonly: split CPubKey and friends to new files 2014-10-31 01:19:37 -04:00
Cory Fields
900078aeb4 boost: moveonly: create eccryptoverify.h|cpp and move helper functions there
Eventually (after 0.10) these files will hold the logic for crypto
verification routines, and CKey/CPubKey will call into them.
2014-10-31 01:13:07 -04:00
Pieter Wuille
723c752636
Merge pull request #5100
99f41b9 MOVEONLY: core.o -> core/block.o (jtimon)
561e9e9 MOVEONLY: Move script/compressor out of script and put CTxOutCompressor (from core) with it (jtimon)
999a2ab MOVEONLY: separate CTxUndo out of core (jtimon)
4a3587d MOVEONLY: Separate CTransaction and dependencies from core (jtimon)
eda3733 MOVEONLY: Move CFeeRate and Amount constants to amount.o (jtimon)
2014-10-28 05:27:41 -07:00
jtimon
4a3587d8db MOVEONLY: Separate CTransaction and dependencies from core 2014-10-27 13:54:37 +01:00
Pieter Wuille
698c6abb25 Add SCRIPT_VERIFY_MINIMALDATA (BIP62 rules 3 and 4)
Also use the new flag as a standard rule, and replace the IsCanonicalPush
standardness check with it (as it is more complete).
2014-10-25 03:03:20 -07:00
Pieter Wuille
d752ba86c1 Add SCRIPT_VERIFY_SIGPUSHONLY (BIP62 rule 2) 2014-10-25 03:03:16 -07:00
Cory Fields
85c579e3a6 script: add a slew of includes all around and drop includes from script.h
Lots of files ended up with indirect includes from script.h.
2014-10-17 13:44:57 -04:00
Pieter Wuille
9df9cf5a9f Make SCRIPT_VERIFY_STRICTENC compatible with BIP62
* Delete canonical_tests.cpp, and move the tests to script_tests.cpp.
* Split off SCRIPT_VERIFY_DERSIG from SCRIPT_VERIFY_STRICTENC (the BIP62 part of it).
* Change signature STRICTENC/DERSIG semantics to fail the script entirely rather than the CHECKSIG result (softfork safety, and BIP62 requirement).
* Add many autogenerated tests for several odd cases.
* Mention specific BIP62 rules in the script verification flags.
2014-10-08 15:42:29 -07:00
Pieter Wuille
e790c370b5 Replace SCRIPT_VERIFY_NOCACHE by flag directly to checker 2014-10-02 20:26:58 +02:00
Pieter Wuille
5c1e798a8e Make signature cache optional 2014-10-02 20:26:17 +02:00
Pieter Wuille
c7829ea797 Abstract out SignatureChecker 2014-10-02 20:26:16 +02:00
Cory Fields
be6d87aa60 script: don't read past the end 2014-09-25 14:56:26 -04:00
ENikS
219372f1dd
script: Fix reference into empty vector run time exception
Edit by laanwj: `begin_ptr(sourcedata) + sourcedata.size()` -> `end_ptr(sourcedata)`
2014-09-25 11:46:52 +02:00