Line data Source code
1 : // Copyright (c) 2009-2010 Satoshi Nakamoto
2 : // Copyright (c) 2009-2019 The Bitcoin Core developers
3 : // Distributed under the MIT software license, see the accompanying
4 : // file COPYING or http://www.opensource.org/licenses/mit-license.php.
5 :
6 : #ifndef BITCOIN_SCRIPT_INTERPRETER_H
7 : #define BITCOIN_SCRIPT_INTERPRETER_H
8 :
9 : #include <script/script_error.h>
10 : #include <primitives/transaction.h>
11 :
12 : #include <vector>
13 : #include <stdint.h>
14 :
15 : class CPubKey;
16 : class CScript;
17 : class CTransaction;
18 : class uint256;
19 :
20 : /** Signature hash types/flags */
21 : enum
22 : {
23 : SIGHASH_ALL = 1,
24 : SIGHASH_NONE = 2,
25 : SIGHASH_SINGLE = 3,
26 : SIGHASH_ANYONECANPAY = 0x80,
27 : };
28 :
29 : /** Script verification flags.
30 : *
31 : * All flags are intended to be soft forks: the set of acceptable scripts under
32 : * flags (A | B) is a subset of the acceptable scripts under flag (A).
33 : */
34 : enum
35 : {
36 : SCRIPT_VERIFY_NONE = 0,
37 :
38 : // Evaluate P2SH subscripts (BIP16).
39 : SCRIPT_VERIFY_P2SH = (1U << 0),
40 :
41 : // Passing a non-strict-DER signature or one with undefined hashtype to a checksig operation causes script failure.
42 : // Evaluating a pubkey that is not (0x04 + 64 bytes) or (0x02 or 0x03 + 32 bytes) by checksig causes script failure.
43 : // (not used or intended as a consensus rule).
44 : SCRIPT_VERIFY_STRICTENC = (1U << 1),
45 :
46 : // Passing a non-strict-DER signature to a checksig operation causes script failure (BIP62 rule 1)
47 : SCRIPT_VERIFY_DERSIG = (1U << 2),
48 :
49 : // Passing a non-strict-DER signature or one with S > order/2 to a checksig operation causes script failure
50 : // (BIP62 rule 5).
51 : SCRIPT_VERIFY_LOW_S = (1U << 3),
52 :
53 : // verify dummy stack item consumed by CHECKMULTISIG is of zero-length (BIP62 rule 7).
54 : SCRIPT_VERIFY_NULLDUMMY = (1U << 4),
55 :
56 : // Using a non-push operator in the scriptSig causes script failure (BIP62 rule 2).
57 : SCRIPT_VERIFY_SIGPUSHONLY = (1U << 5),
58 :
59 : // Require minimal encodings for all push operations (OP_0... OP_16, OP_1NEGATE where possible, direct
60 : // pushes up to 75 bytes, OP_PUSHDATA up to 255 bytes, OP_PUSHDATA2 for anything larger). Evaluating
61 : // any other push causes the script to fail (BIP62 rule 3).
62 : // In addition, whenever a stack element is interpreted as a number, it must be of minimal length (BIP62 rule 4).
63 : SCRIPT_VERIFY_MINIMALDATA = (1U << 6),
64 :
65 : // Discourage use of NOPs reserved for upgrades (NOP1-10)
66 : //
67 : // Provided so that nodes can avoid accepting or mining transactions
68 : // containing executed NOP's whose meaning may change after a soft-fork,
69 : // thus rendering the script invalid; with this flag set executing
70 : // discouraged NOPs fails the script. This verification flag will never be
71 : // a mandatory flag applied to scripts in a block. NOPs that are not
72 : // executed, e.g. within an unexecuted IF ENDIF block, are *not* rejected.
73 : // NOPs that have associated forks to give them new meaning (CLTV, CSV)
74 : // are not subject to this rule.
75 : SCRIPT_VERIFY_DISCOURAGE_UPGRADABLE_NOPS = (1U << 7),
76 :
77 : // Require that only a single stack element remains after evaluation. This changes the success criterion from
78 : // "At least one stack element must remain, and when interpreted as a boolean, it must be true" to
79 : // "Exactly one stack element must remain, and when interpreted as a boolean, it must be true".
80 : // (BIP62 rule 6)
81 : // Note: CLEANSTACK should never be used without P2SH or WITNESS.
82 : SCRIPT_VERIFY_CLEANSTACK = (1U << 8),
83 :
84 : // Verify CHECKLOCKTIMEVERIFY
85 : //
86 : // See BIP65 for details.
87 : SCRIPT_VERIFY_CHECKLOCKTIMEVERIFY = (1U << 9),
88 :
89 : // support CHECKSEQUENCEVERIFY opcode
90 : //
91 : // See BIP112 for details
92 : SCRIPT_VERIFY_CHECKSEQUENCEVERIFY = (1U << 10),
93 :
94 : // Support segregated witness
95 : //
96 : SCRIPT_VERIFY_WITNESS = (1U << 11),
97 :
98 : // Making v1-v16 witness program non-standard
99 : //
100 : SCRIPT_VERIFY_DISCOURAGE_UPGRADABLE_WITNESS_PROGRAM = (1U << 12),
101 :
102 : // Segwit script only: Require the argument of OP_IF/NOTIF to be exactly 0x01 or empty vector
103 : //
104 : SCRIPT_VERIFY_MINIMALIF = (1U << 13),
105 :
106 : // Signature(s) must be empty vector if a CHECK(MULTI)SIG operation failed
107 : //
108 : SCRIPT_VERIFY_NULLFAIL = (1U << 14),
109 :
110 : // Public keys in segregated witness scripts must be compressed
111 : //
112 : SCRIPT_VERIFY_WITNESS_PUBKEYTYPE = (1U << 15),
113 :
114 : // Making OP_CODESEPARATOR and FindAndDelete fail any non-segwit scripts
115 : //
116 : SCRIPT_VERIFY_CONST_SCRIPTCODE = (1U << 16),
117 : };
118 :
119 : bool CheckSignatureEncoding(const std::vector<unsigned char> &vchSig, unsigned int flags, ScriptError* serror);
120 :
121 : struct PrecomputedTransactionData
122 : {
123 : uint256 hashPrevouts, hashSequence, hashOutputs;
124 146180 : bool m_ready = false;
125 :
126 292360 : PrecomputedTransactionData() = default;
127 :
128 : template <class T>
129 : void Init(const T& tx);
130 :
131 : template <class T>
132 : explicit PrecomputedTransactionData(const T& tx);
133 : };
134 :
135 : enum class SigVersion
136 : {
137 : BASE = 0,
138 : WITNESS_V0 = 1,
139 : };
140 :
141 : /** Signature hash sizes */
142 : static constexpr size_t WITNESS_V0_SCRIPTHASH_SIZE = 32;
143 : static constexpr size_t WITNESS_V0_KEYHASH_SIZE = 20;
144 :
145 : template <class T>
146 : uint256 SignatureHash(const CScript& scriptCode, const T& txTo, unsigned int nIn, int nHashType, const CAmount& amount, SigVersion sigversion, const PrecomputedTransactionData* cache = nullptr);
147 :
148 627737 : class BaseSignatureChecker
149 : {
150 : public:
151 0 : virtual bool CheckSig(const std::vector<unsigned char>& scriptSig, const std::vector<unsigned char>& vchPubKey, const CScript& scriptCode, SigVersion sigversion) const
152 : {
153 0 : return false;
154 : }
155 :
156 0 : virtual bool CheckLockTime(const CScriptNum& nLockTime) const
157 : {
158 0 : return false;
159 : }
160 :
161 4 : virtual bool CheckSequence(const CScriptNum& nSequence) const
162 : {
163 4 : return false;
164 : }
165 :
166 627637 : virtual ~BaseSignatureChecker() {}
167 : };
168 :
169 : template <class T>
170 517195 : class GenericTransactionSignatureChecker : public BaseSignatureChecker
171 : {
172 : private:
173 : const T* txTo;
174 : unsigned int nIn;
175 : const CAmount amount;
176 : const PrecomputedTransactionData* txdata;
177 :
178 : protected:
179 : virtual bool VerifySignature(const std::vector<unsigned char>& vchSig, const CPubKey& vchPubKey, const uint256& sighash) const;
180 :
181 : public:
182 177536 : GenericTransactionSignatureChecker(const T* txToIn, unsigned int nInIn, const CAmount& amountIn) : txTo(txToIn), nIn(nInIn), amount(amountIn), txdata(nullptr) {}
183 339775 : GenericTransactionSignatureChecker(const T* txToIn, unsigned int nInIn, const CAmount& amountIn, const PrecomputedTransactionData& txdataIn) : txTo(txToIn), nIn(nInIn), amount(amountIn), txdata(&txdataIn) {}
184 : bool CheckSig(const std::vector<unsigned char>& scriptSig, const std::vector<unsigned char>& vchPubKey, const CScript& scriptCode, SigVersion sigversion) const override;
185 : bool CheckLockTime(const CScriptNum& nLockTime) const override;
186 : bool CheckSequence(const CScriptNum& nSequence) const override;
187 : };
188 :
189 : using TransactionSignatureChecker = GenericTransactionSignatureChecker<CTransaction>;
190 : using MutableTransactionSignatureChecker = GenericTransactionSignatureChecker<CMutableTransaction>;
191 :
192 : bool EvalScript(std::vector<std::vector<unsigned char> >& stack, const CScript& script, unsigned int flags, const BaseSignatureChecker& checker, SigVersion sigversion, ScriptError* error = nullptr);
193 : bool VerifyScript(const CScript& scriptSig, const CScript& scriptPubKey, const CScriptWitness* witness, unsigned int flags, const BaseSignatureChecker& checker, ScriptError* serror = nullptr);
194 :
195 : size_t CountWitnessSigOps(const CScript& scriptSig, const CScript& scriptPubKey, const CScriptWitness* witness, unsigned int flags);
196 :
197 : int FindAndDelete(CScript& script, const CScript& b);
198 :
199 : #endif // BITCOIN_SCRIPT_INTERPRETER_H
|
