Commit graph

72 commits

Author SHA1 Message Date
Gavin Andresen
a90689ff98
Remove timing-based signature cache unit test
Two changes:

First removes a unit test that fails in my development environment
(OSX, compiled -g3 with clang).

sipa says that's not terribly surprising; the CMutableTransaction change
makes signing a little more expensive but verification quicker. The unit
test timed sign+verify-uncached versus verify-cached-five-times.

He also says the test will be invalid when libsec256kp1 is integrated
(because validation is super-optimized over signing).

core.h change fixes a compiler warning (clang -Wall : CMutableTransaction defined
as struct, declared as class in script.h).
2014-06-25 14:57:21 -04:00
Wladimir J. van der Laan
fa126effc2
Avoid undefined behavior using CFlatData in CScript serialization
`&vch[vch.size()]` and even `&vch[0]` on vectors can cause assertion
errors with VC in debug mode. This is the problem mentioned in #4239.
The deeper problem with this is that we rely on undefined behavior.

- Add `begin_ptr` and `end_ptr` functions that get the beginning and end
  pointer of vector in a reliable way that copes with empty vectors and
  doesn't reference outside the vector
(see https://stackoverflow.com/questions/1339470/how-to-get-the-address-of-the-stdvector-buffer-start-most-elegantly/1339767#1339767).
- Add a convenience constructor to CFlatData that wraps a vector.

I added `begin_ptr` and `end_ptr` as separate functions as I imagine
they will be useful in more places.
2014-06-23 10:38:15 +02:00
Pieter Wuille
4949004d68 Add CMutableTransaction and make CTransaction immutable.
In addition, introduce a cached hash inside CTransaction, to prevent
recalculating it over and over again.
2014-06-21 22:59:03 +02:00
Wladimir J. van der Laan
6dd5edb7de
Remove unused Print/PrintHex functions
You can just use HexStr(script) or script.ToString() for debugging, no
need for these extra functions.
2014-06-10 15:03:21 +02:00
R E Broadley
79d06dc6e0 Remove redundant c_str 2014-05-22 00:23:03 +07:00
Wladimir J. van der Laan
72f754cf51
Merge pull request #3637
6fd7ef2 Also switch the (unused) verification code to low-s instead of even-s. (Pieter Wuille)
2014-05-09 16:24:57 +02:00
Wladimir J. van der Laan
54f102248b
Merge pull request #3843
787ee0c Check redeemScript size does not exceed 520 byte limit (Peter Todd)
4d79098 Increase IsStandard() scriptSig length (Peter Todd)
f80cffa Do not trigger a DoS ban if SCRIPT_VERIFY_NULLDUMMY fails (Peter Todd)
6380180 Add rejection of non-null CHECKMULTISIG dummy values (Peter Todd)
29c1749 Let tx (in)valid tests use any SCRIPT_VERIFY flag (Peter Todd)
68f7d1d Create (MANDATORY|STANDARD)_SCRIPT_VERIFY_FLAGS constants (Peter Todd)
2014-05-09 16:09:20 +02:00
Peter Todd
f80cffa213 Do not trigger a DoS ban if SCRIPT_VERIFY_NULLDUMMY fails 2014-05-08 00:55:01 -04:00
Peter Todd
6380180821 Add rejection of non-null CHECKMULTISIG dummy values
This is a source of transaction mutability as the dummy value was
previously not checked and could be modified to something other than the
usual OP_0 value.
2014-05-08 00:55:01 -04:00
Peter Todd
68f7d1d7af Create (MANDATORY|STANDARD)_SCRIPT_VERIFY_FLAGS constants 2014-05-05 05:35:27 -04:00
Cory Fields
05e3ecffa4 script: remove bignum dependency 2014-04-22 00:32:30 -04:00
Cory Fields
27bff74e39 script: switch to CScriptNum usage for scripts 2014-04-22 00:32:30 -04:00
Cory Fields
48d8eb1847 script: add CScriptNum class
This class holds an int64_t and replaces the use of CBigInt for script
integrals.
2014-04-22 00:32:30 -04:00
Pieter Wuille
6fd7ef2bbf Also switch the (unused) verification code to low-s instead of even-s.
a81cd968 introduced a malleability breaker for signatures
(using an even value for S). In e0e14e43 this was changed to
the lower of two potential values, rather than the even one.
Only the signing code was changed though, the (for now unused)
verification code wasn't adapted.
2014-03-10 20:38:32 +01:00
Jeff Garzik
8175c790eb script: reduce OP_RETURN standard relay bytes to 40
Per mailing list discussion.
2014-02-26 12:58:08 -05:00
Pieter Wuille
87fe71e1fc Add HasCanonicalPushes(), and use it in IsStandardTx 2014-02-11 21:11:59 +01:00
Pieter Wuille
9aea601b05 Move IsPushOnly() to script.cpp 2014-02-11 20:38:23 +01:00
Brandon Dahler
51ed9ec971 Cleanup code using forward declarations.
Use misc methods of avoiding unnecesary header includes.
Replace int typedefs with int##_t from stdint.h.
Replace PRI64[xdu] with PRI[xdu]64 from inttypes.h.
Normalize QT_VERSION ifs where possible.
Resolve some indirect dependencies as direct ones.
Remove extern declarations from .cpp files.
2013-11-10 09:36:28 -06:00
Gavin Andresen
be484db274 Merge pull request #2738 from jgarzik/op_return
Relay OP_RETURN data TxOut as standard transaction type.
2013-10-21 22:47:24 -07:00
super3
db0e8ccd90 Bump Year Number to 2013 2013-10-20 15:25:06 -04:00
Jeff Garzik
a79342479f Relay OP_RETURN data TxOut as standard transaction type 2013-10-02 11:49:43 -04:00
Gavin Andresen
fb8724ee6c Merge pull request #2791 from sipa/proveprune
Prune provably-unspendable outputs
2013-09-23 14:23:14 -07:00
Gavin Andresen
881a85a22d Replace printf with LogPrintf / LogPrint 2013-09-18 20:39:25 +10:00
Peter Todd
214d45b6b9
Document and test OP_RESERVED weirdness
Seems it was forgotten about when IsPushOnly() and the unittests were
written. A particular oddity is that OP_RESERVED doesn't count towards
the >201 opcode limit unlike every other named opcode.
2013-08-25 12:37:07 -04:00
Pieter Wuille
a81cd96805 Only create signatures with even S, and verification mode to check.
To fix a minor malleability found by Sergio Lerner (reported here:
https://bitcointalk.org/index.php?topic=8392.msg1245898#msg1245898)

The problem is that if (R,S) is a valid ECDSA signature for a given
message and public key, (R,-S) is also valid. Modulo N (the order
of the secp256k1 curve), this means that both (R,S) and (R,N-S) are
valid. Given that N is odd, S and N-S have a different lowest bit.
We solve the problem by forcing signatures to have an even S value,
excluding one of the alternatives.

This commit just changes the signing code to always produce even S
values, and adds a verification mode to check it. This code is not
enabled anywhere yet. Existing tests in key_tests.cpp verify that
the produced signatures are still valid.
2013-08-16 00:17:50 +02:00
Pieter Wuille
ec84e81e83 Prune provably-unspendable outputs 2013-07-10 00:23:46 +02:00
Pieter Wuille
acc775c554 Add ExtractAffectedKeys to script
This function finds all keys affected by a particular output script,
supporting everything ExtractDestinations supports (pay-to-pubkey,
pay-to-pubkeyhash, multisig) and recurses into subscripts (P2SH).
2013-06-22 16:49:30 +02:00
Eric Lombrozo
05df3fc68d Removed AcceptToMemoryPool method from CTransaction. This method belongs to the mempool instance.
Removed AreInputsStandard from CTransaction, made it a regular function in main.
Moved CTransaction::GetOutputFor to CCoinsViewCache.

Moved GetLegacySigOpCount and GetP2SHSigOpCount out of CTransaction into regular functions in main.

Moved GetValueIn and HaveInputs from CTransaction into CCoinsViewCache.

Moved AllowFree, ClientCheckInputs, CheckInputs, UpdateCoins, and CheckTransaction out of CTransaction and into main.

Moved IsStandard and IsFinal out of CTransaction and put them in main as IsStandardTx and IsFinalTx. Moved GetValueOut out of CTransaction into main. Moved CTxIn, CTxOut, and CTransaction into core.

Added minimum fee parameter to CTxOut::IsDust() temporarily until CTransaction is moved to core.h so that CTxOut needn't know about CTransaction.
2013-06-05 23:15:20 -07:00
Pieter Wuille
dfa23b94c2 CSecret/CKey -> CKey/CPubKey split/refactor 2013-05-30 05:20:21 +02:00
Pieter Wuille
5d891489ab Make CPubKey statically allocated 2013-05-30 05:18:42 +02:00
Matt Corallo
192cc910ec Replace 520 constant with MAX_SCRIPT_ELEMENT_SIZE 2013-01-18 13:55:18 -05:00
Gavin Andresen
0e31ae9818 Merge pull request #2060 from sipa/parallel
Parallel script verification
2013-01-17 16:58:58 -08:00
Gavin Andresen
5f04881618 Fix clang warnings 2013-01-15 17:27:29 -05:00
Pieter Wuille
ef0f422519 Remove contention on signature cache during block validation
Since block validation happens in parallel, multiple threads may be
accessing the signature cache simultaneously. To prevent contention:
* Turn the signature cache lock into a shared mutex
* Make reading from the cache only acquire a shared lock
* Let block validations not store their results in the cache
2013-01-08 02:00:59 +01:00
Pieter Wuille
f1136200a6 Move VerifySignature to main 2013-01-08 01:49:14 +01:00
Pieter Wuille
99d0d0f356 Introduce script verification flags
These flags select features to be enabled/disabled during script
evaluation/checking, instead of several booleans passed along.
Currently these flags are defined:
* SCRIPT_VERIFY_P2SH: enable BIP16-style subscript evaluation
* SCRIPT_VERIFY_STRICTENC: enforce strict adherence to pubkey/sig encoding standards.
2012-11-15 23:00:16 +01:00
Pieter Wuille
450cbb0944 Ultraprune
This switches bitcoin's transaction/block verification logic to use a
"coin database", which contains all unredeemed transaction output scripts,
amounts and heights.

The name ultraprune comes from the fact that instead of a full transaction
index, we only (need to) keep an index with unspent outputs. For now, the
blocks themselves are kept as usual, although they are only necessary for
serving, rescanning and reorganizing.

The basic datastructures are CCoins (representing the coins of a single
transaction), and CCoinsView (representing a state of the coins database).
There are several implementations for CCoinsView. A dummy, one backed by
the coins database (coins.dat), one backed by the memory pool, and one
that adds a cache on top of it. FetchInputs, ConnectInputs, ConnectBlock,
DisconnectBlock, ... now operate on a generic CCoinsView.

The block switching logic now builds a single cached CCoinsView with
changes to be committed to the database before any changes are made.
This means no uncommitted changes are ever read from the database, and
should ease the transition to another database layer which does not
support transactions (but does support atomic writes), like LevelDB.

For the getrawtransaction() RPC call, access to a txid-to-disk index
would be preferable. As this index is not necessary or even useful
for any other part of the implementation, it is not provided. Instead,
getrawtransaction() uses the coin database to find the block height,
and then scans that block to find the requested transaction. This is
slow, but should suffice for debug purposes.
2012-10-20 23:08:57 +02:00
Pieter Wuille
69fc8047a9 Compact serialization for scripts
Special serializers for script which detect common cases and encode
them much more efficiently. 3 special cases are defined:
* Pay to pubkey hash (encoded as 21 bytes)
* Pay to script hash (encoded as 21 bytes)
* Pay to pubkey starting with 0x02, 0x03 or 0x04 (encoded as 33 bytes)

Other scripts up to 121 bytes require 1 byte + script length. Above
that, scripts up to 16505 bytes require 2 bytes + script length.
2012-10-20 23:08:56 +02:00
Pieter Wuille
58bc86e37f Check for canonical public keys and signatures
Only enabled inside tests for now.
2012-09-21 01:24:25 +02:00
Philip Kaufmann
e6bc9c35f3 Update Warning-strings to use a standard-format
- ensure warnings always start with "Warning:" and that the first
  character after ":" is written uppercase
- ensure the first sentence in warnings ends with an "!"
- remove unneeded spaces from Warning-strings
- add missing Warning-string translation
- remove a "\n" and replace with untranslatable "<br><br>"
2012-08-01 19:33:32 +02:00
Gavin Andresen
a2709fad7f Implement raw transaction RPC calls
Implement listunspent / getrawtransaction / createrawtransaction /
signrawtransaction, to support creation and
signing-on-multiple-device multisignature transactions.
2012-07-05 12:50:09 -04:00
Gavin Andresen
34420d655d Refactor: SignSignature/VerifyScript
Minor refactor to support signrawtx signing/verifying transactions
when it might only have the previous transaction's txid and
txOut.
2012-07-05 12:42:25 -04:00
Matt Corallo
467b79391f Fix signed/unsigned warnings in {script,serialize}.h (fixes #1541) 2012-07-02 16:29:14 +02:00
Pieter Wuille
1025440184 Refactor: split CKeyID/CScriptID/CTxDestination from CBitcoinAddress
This introduces internal types:
* CKeyID: reference (hash160) of a key
* CScriptID: reference (hash160) of a script
* CTxDestination: a boost::variant of the former two

CBitcoinAddress is retrofitted to be a Base58 encoding of a
CTxDestination. This allows all internal code to only use the
internal types, and only have RPC and GUI depend on the base58 code.

Furthermore, the header dependencies are a lot saner now. base58.h is
at the top (right below rpc and gui) instead of at the bottom. For the
rest: wallet -> script -> keystore -> key. Only keystore still requires
a forward declaration of CScript. Solving that would require splitting
script into two layers.
2012-05-24 20:26:19 +02:00
Pieter Wuille
fd61d6f506 Encapsulate public keys in CPubKey 2012-05-24 19:58:12 +02:00
Fordy
3a25a2b9b0 Update License in File Headers
I originally created a pull to replace the "COPYING" in crypter.cpp and
crypter.h, but it turned out that COPYING was actually the correct
file.
2012-05-18 22:02:28 +08:00
Jeff Garzik
1d8c7a9557 Add casts for unavoidable signed/unsigned comparisons
At these code sites, it is preferable to cast rather than change
a variable's type.
2012-04-23 14:14:36 -04:00
Jeff Garzik
7bd9c3a3cf SigOp and orphan-tx constants and counts are always unsigned.
Fixes several sign-comparison warnings.
2012-04-23 14:14:03 -04:00
Wladimir J. van der Laan
7be8b2ff9c Add explicit numeric constant value for all opcodes
- Easier for debugging (what opcode was 0x... again?)
- Clarifies that the opcodes are set in stone in the protocol, and signals that it is impossible to insert opcodes in between.
2012-04-21 10:34:18 +02:00
Dwayne C. Litzenberger
8c8e8c2e93 Fix bugs on 'unsigned char' platforms.
In ISO C++, the signedness of 'char' is undefined.  On some platforms (e.g.
ARM), 'char' is an unsigned type, but some of the code relies on 'char' being
signed (as it is on x86).  This is indicated by compiler warnings like this:

 bignum.h: In constructor 'CBigNum::CBigNum(char)':
 bignum.h:81:59: warning: comparison is always true due to limited range of data type [-Wtype-limits]

 util.cpp: In function 'bool IsHex(const string&)':
 util.cpp:427:28: warning: comparison is always false due to limited range of data type [-Wtype-limits]

In particular, IsHex erroneously returned true regardless of the input
characters, as long as the length of the string was a positive multiple of 2.

Note: For testing, it's possible using GCC to force char to be unsigned by
adding the -funsigned-char parameter to xCXXFLAGS.
2012-04-18 00:33:32 -04:00