Line data Source code
1 : // Copyright (c) 2009-2010 Satoshi Nakamoto
2 : // Copyright (c) 2009-2020 The Bitcoin Core developers
3 : // Distributed under the MIT software license, see the accompanying
4 : // file COPYING or http://www.opensource.org/licenses/mit-license.php.
5 :
6 : #include <script/sign.h>
7 :
8 : #include <key.h>
9 : #include <policy/policy.h>
10 : #include <primitives/transaction.h>
11 : #include <script/signingprovider.h>
12 : #include <script/standard.h>
13 : #include <uint256.h>
14 :
15 : typedef std::vector<unsigned char> valtype;
16 :
17 53492 : MutableTransactionSignatureCreator::MutableTransactionSignatureCreator(const CMutableTransaction* txToIn, unsigned int nInIn, const CAmount& amountIn, int nHashTypeIn) : txTo(txToIn), nIn(nInIn), nHashType(nHashTypeIn), amount(amountIn), checker(txTo, nIn, amountIn) {}
18 :
19 23412 : bool MutableTransactionSignatureCreator::CreateSig(const SigningProvider& provider, std::vector<unsigned char>& vchSig, const CKeyID& address, const CScript& scriptCode, SigVersion sigversion) const
20 : {
21 23412 : CKey key;
22 23412 : if (!provider.GetKey(address, key))
23 950 : return false;
24 :
25 : // Signing with uncompressed keys is disabled in witness scripts
26 22462 : if (sigversion == SigVersion::WITNESS_V0 && !key.IsCompressed())
27 4 : return false;
28 :
29 22458 : uint256 hash = SignatureHash(scriptCode, *txTo, nIn, nHashType, amount, sigversion);
30 22458 : if (!key.Sign(hash, vchSig))
31 0 : return false;
32 22458 : vchSig.push_back((unsigned char)nHashType);
33 22458 : return true;
34 23412 : }
35 :
36 5654 : static bool GetCScript(const SigningProvider& provider, const SignatureData& sigdata, const CScriptID& scriptid, CScript& script)
37 : {
38 5654 : if (provider.GetCScript(scriptid, script)) {
39 5258 : return true;
40 : }
41 : // Look for scripts in SignatureData
42 396 : if (CScriptID(sigdata.redeem_script) == scriptid) {
43 140 : script = sigdata.redeem_script;
44 140 : return true;
45 256 : } else if (CScriptID(sigdata.witness_script) == scriptid) {
46 71 : script = sigdata.witness_script;
47 71 : return true;
48 : }
49 185 : return false;
50 5654 : }
51 :
52 506984 : static bool GetPubKey(const SigningProvider& provider, const SignatureData& sigdata, const CKeyID& address, CPubKey& pubkey)
53 : {
54 : // Look for pubkey in all partial sigs
55 506984 : const auto it = sigdata.signatures.find(address);
56 506984 : if (it != sigdata.signatures.end()) {
57 2 : pubkey = it->second.first;
58 2 : return true;
59 : }
60 : // Look for pubkey in pubkey list
61 506982 : const auto& pk_it = sigdata.misc_pubkeys.find(address);
62 506982 : if (pk_it != sigdata.misc_pubkeys.end()) {
63 155 : pubkey = pk_it->second.first;
64 155 : return true;
65 : }
66 : // Query the underlying provider
67 506827 : return provider.GetPubKey(address, pubkey);
68 506984 : }
69 :
70 509545 : static bool CreateSig(const BaseSignatureCreator& creator, SignatureData& sigdata, const SigningProvider& provider, std::vector<unsigned char>& sig_out, const CPubKey& pubkey, const CScript& scriptcode, SigVersion sigversion)
71 : {
72 509545 : CKeyID keyid = pubkey.GetID();
73 509545 : const auto it = sigdata.signatures.find(keyid);
74 509545 : if (it != sigdata.signatures.end()) {
75 474 : sig_out = it->second.second;
76 474 : return true;
77 : }
78 509071 : KeyOriginInfo info;
79 509071 : if (provider.GetKeyOrigin(keyid, info)) {
80 503597 : sigdata.misc_pubkeys.emplace(keyid, std::make_pair(pubkey, std::move(info)));
81 503597 : }
82 509071 : if (creator.CreateSig(provider, sig_out, keyid, scriptcode, sigversion)) {
83 508117 : auto i = sigdata.signatures.emplace(keyid, SigPair(pubkey, sig_out));
84 508117 : assert(i.second);
85 : return true;
86 0 : }
87 : // Could not make signature or signature not found, add keyid to missing
88 954 : sigdata.missing_sigs.push_back(keyid);
89 954 : return false;
90 509545 : }
91 :
92 : /**
93 : * Sign scriptPubKey using signature made with creator.
94 : * Signatures are returned in scriptSigRet (or returns false if scriptPubKey can't be signed),
95 : * unless whichTypeRet is TxoutType::SCRIPTHASH, in which case scriptSigRet is the redemption script.
96 : * Returns false if scriptPubKey could not be completely satisfied.
97 : */
98 817091 : static bool SignStep(const SigningProvider& provider, const BaseSignatureCreator& creator, const CScript& scriptPubKey,
99 : std::vector<valtype>& ret, TxoutType& whichTypeRet, SigVersion sigversion, SignatureData& sigdata)
100 : {
101 817091 : CScript scriptRet;
102 817091 : uint160 h160;
103 817091 : ret.clear();
104 817091 : std::vector<unsigned char> sig;
105 :
106 817091 : std::vector<valtype> vSolutions;
107 817091 : whichTypeRet = Solver(scriptPubKey, vSolutions);
108 :
109 817091 : switch (whichTypeRet)
110 : {
111 : case TxoutType::NONSTANDARD:
112 : case TxoutType::NULL_DATA:
113 : case TxoutType::WITNESS_UNKNOWN:
114 111439 : return false;
115 : case TxoutType::PUBKEY:
116 883 : if (!CreateSig(creator, sigdata, provider, sig, CPubKey(vSolutions[0]), scriptPubKey, sigversion)) return false;
117 883 : ret.push_back(std::move(sig));
118 883 : return true;
119 : case TxoutType::PUBKEYHASH: {
120 506984 : CKeyID keyID = CKeyID(uint160(vSolutions[0]));
121 506984 : CPubKey pubkey;
122 506984 : if (!GetPubKey(provider, sigdata, keyID, pubkey)) {
123 : // Pubkey could not be found, add to missing
124 3974 : sigdata.missing_pubkeys.push_back(keyID);
125 3974 : return false;
126 : }
127 503010 : if (!CreateSig(creator, sigdata, provider, sig, pubkey, scriptPubKey, sigversion)) return false;
128 502653 : ret.push_back(std::move(sig));
129 502653 : ret.push_back(ToByteVector(pubkey));
130 502653 : return true;
131 506984 : }
132 : case TxoutType::SCRIPTHASH:
133 3274 : h160 = uint160(vSolutions[0]);
134 3274 : if (GetCScript(provider, sigdata, CScriptID{h160}, scriptRet)) {
135 3195 : ret.push_back(std::vector<unsigned char>(scriptRet.begin(), scriptRet.end()));
136 3195 : return true;
137 : }
138 : // Could not find redeemScript, add to missing
139 79 : sigdata.missing_redeem_script = h160;
140 79 : return false;
141 :
142 : case TxoutType::MULTISIG: {
143 2698 : size_t required = vSolutions.front()[0];
144 2698 : ret.push_back(valtype()); // workaround CHECKMULTISIG bug
145 8350 : for (size_t i = 1; i < vSolutions.size() - 1; ++i) {
146 5652 : CPubKey pubkey = CPubKey(vSolutions[i]);
147 : // We need to always call CreateSig in order to fill sigdata with all
148 : // possible signatures that we can create. This will allow further PSBT
149 : // processing to work as it needs all possible signature and pubkey pairs
150 5652 : if (CreateSig(creator, sigdata, provider, sig, pubkey, scriptPubKey, sigversion)) {
151 5055 : if (ret.size() < required + 1) {
152 4724 : ret.push_back(std::move(sig));
153 : }
154 : }
155 5652 : }
156 2698 : bool ok = ret.size() == required + 1;
157 2970 : for (size_t i = 0; i + ret.size() < required + 1; ++i) {
158 272 : ret.push_back(valtype());
159 : }
160 : return ok;
161 0 : }
162 : case TxoutType::WITNESS_V0_KEYHASH:
163 189433 : ret.push_back(vSolutions[0]);
164 189433 : return true;
165 :
166 : case TxoutType::WITNESS_V0_SCRIPTHASH:
167 2380 : CRIPEMD160().Write(&vSolutions[0][0], vSolutions[0].size()).Finalize(h160.begin());
168 2380 : if (GetCScript(provider, sigdata, CScriptID{h160}, scriptRet)) {
169 2274 : ret.push_back(std::vector<unsigned char>(scriptRet.begin(), scriptRet.end()));
170 2274 : return true;
171 : }
172 : // Could not find witnessScript, add to missing
173 106 : sigdata.missing_witness_script = uint256(vSolutions[0]);
174 106 : return false;
175 :
176 : default:
177 0 : return false;
178 : }
179 817091 : }
180 :
181 622189 : static CScript PushAll(const std::vector<valtype>& values)
182 : {
183 622189 : CScript result;
184 1257903 : for (const valtype& v : values) {
185 635714 : if (v.size() == 0) {
186 1122 : result << OP_0;
187 634592 : } else if (v.size() == 1 && v[0] >= 1 && v[0] <= 16) {
188 0 : result << CScript::EncodeOP_N(v[0]);
189 634592 : } else if (v.size() == 1 && v[0] == 0x81) {
190 0 : result << OP_1NEGATE;
191 : } else {
192 634592 : result << v;
193 : }
194 : }
195 : return result;
196 622189 : }
197 :
198 622366 : bool ProduceSignature(const SigningProvider& provider, const BaseSignatureCreator& creator, const CScript& fromPubKey, SignatureData& sigdata)
199 : {
200 622366 : if (sigdata.complete) return true;
201 :
202 622189 : std::vector<valtype> result;
203 622189 : TxoutType whichType;
204 622189 : bool solved = SignStep(provider, creator, fromPubKey, result, whichType, SigVersion::BASE, sigdata);
205 : bool P2SH = false;
206 622189 : CScript subscript;
207 622189 : sigdata.scriptWitness.stack.clear();
208 :
209 622189 : if (solved && whichType == TxoutType::SCRIPTHASH)
210 : {
211 : // Solver returns the subscript that needs to be evaluated;
212 : // the final scriptSig is the signatures from that
213 : // and then the serialized subscript:
214 3195 : subscript = CScript(result[0].begin(), result[0].end());
215 3195 : sigdata.redeem_script = subscript;
216 3195 : solved = solved && SignStep(provider, creator, subscript, result, whichType, SigVersion::BASE, sigdata) && whichType != TxoutType::SCRIPTHASH;
217 : P2SH = true;
218 3195 : }
219 :
220 622189 : if (solved && whichType == TxoutType::WITNESS_V0_KEYHASH)
221 : {
222 189433 : CScript witnessscript;
223 189433 : witnessscript << OP_DUP << OP_HASH160 << ToByteVector(result[0]) << OP_EQUALVERIFY << OP_CHECKSIG;
224 189433 : TxoutType subType;
225 189433 : solved = solved && SignStep(provider, creator, witnessscript, result, subType, SigVersion::WITNESS_V0, sigdata);
226 189433 : sigdata.scriptWitness.stack = result;
227 189433 : sigdata.witness = true;
228 189433 : result.clear();
229 189433 : }
230 432756 : else if (solved && whichType == TxoutType::WITNESS_V0_SCRIPTHASH)
231 : {
232 2274 : CScript witnessscript(result[0].begin(), result[0].end());
233 2274 : sigdata.witness_script = witnessscript;
234 2274 : TxoutType subType;
235 2274 : solved = solved && SignStep(provider, creator, witnessscript, result, subType, SigVersion::WITNESS_V0, sigdata) && subType != TxoutType::SCRIPTHASH && subType != TxoutType::WITNESS_V0_SCRIPTHASH && subType != TxoutType::WITNESS_V0_KEYHASH;
236 2274 : result.push_back(std::vector<unsigned char>(witnessscript.begin(), witnessscript.end()));
237 2274 : sigdata.scriptWitness.stack = result;
238 2274 : sigdata.witness = true;
239 2274 : result.clear();
240 432756 : } else if (solved && whichType == TxoutType::WITNESS_UNKNOWN) {
241 0 : sigdata.witness = true;
242 0 : }
243 :
244 622189 : if (P2SH) {
245 3195 : result.push_back(std::vector<unsigned char>(subscript.begin(), subscript.end()));
246 3195 : }
247 622189 : sigdata.scriptSig = PushAll(result);
248 :
249 : // Test solution
250 622189 : sigdata.complete = solved && VerifyScript(sigdata.scriptSig, fromPubKey, &sigdata.scriptWitness, STANDARD_SCRIPT_VERIFY_FLAGS, creator.Checker());
251 : return sigdata.complete;
252 622366 : }
253 :
254 : namespace {
255 42216 : class SignatureExtractorChecker final : public BaseSignatureChecker
256 : {
257 : private:
258 : SignatureData& sigdata;
259 : BaseSignatureChecker& checker;
260 :
261 : public:
262 42216 : SignatureExtractorChecker(SignatureData& sigdata, BaseSignatureChecker& checker) : sigdata(sigdata), checker(checker) {}
263 703 : bool CheckSig(const std::vector<unsigned char>& scriptSig, const std::vector<unsigned char>& vchPubKey, const CScript& scriptCode, SigVersion sigversion) const override
264 : {
265 703 : if (checker.CheckSig(scriptSig, vchPubKey, scriptCode, sigversion)) {
266 226 : CPubKey pubkey(vchPubKey);
267 226 : sigdata.signatures.emplace(pubkey.GetID(), SigPair(pubkey, scriptSig));
268 : return true;
269 226 : }
270 477 : return false;
271 703 : }
272 : };
273 :
274 42216 : struct Stacks
275 : {
276 : std::vector<valtype> script;
277 : std::vector<valtype> witness;
278 :
279 : Stacks() = delete;
280 : Stacks(const Stacks&) = delete;
281 42216 : explicit Stacks(const SignatureData& data) : witness(data.scriptWitness.stack) {
282 21108 : EvalScript(script, data.scriptSig, SCRIPT_VERIFY_STRICTENC, BaseSignatureChecker(), SigVersion::BASE);
283 42216 : }
284 : };
285 : }
286 :
287 : // Extracts signatures and scripts from incomplete scriptSigs. Please do not extend this, use PSBT instead
288 21108 : SignatureData DataFromTransaction(const CMutableTransaction& tx, unsigned int nIn, const CTxOut& txout)
289 : {
290 21108 : SignatureData data;
291 21108 : assert(tx.vin.size() > nIn);
292 21108 : data.scriptSig = tx.vin[nIn].scriptSig;
293 21108 : data.scriptWitness = tx.vin[nIn].scriptWitness;
294 21108 : Stacks stack(data);
295 :
296 : // Get signatures
297 21108 : MutableTransactionSignatureChecker tx_checker(&tx, nIn, txout.nValue);
298 21108 : SignatureExtractorChecker extractor_checker(data, tx_checker);
299 21108 : if (VerifyScript(data.scriptSig, txout.scriptPubKey, &data.scriptWitness, STANDARD_SCRIPT_VERIFY_FLAGS, extractor_checker)) {
300 174 : data.complete = true;
301 174 : return data;
302 : }
303 :
304 : // Get scripts
305 20934 : std::vector<std::vector<unsigned char>> solutions;
306 20934 : TxoutType script_type = Solver(txout.scriptPubKey, solutions);
307 : SigVersion sigversion = SigVersion::BASE;
308 20934 : CScript next_script = txout.scriptPubKey;
309 :
310 20934 : if (script_type == TxoutType::SCRIPTHASH && !stack.script.empty() && !stack.script.back().empty()) {
311 : // Get the redeemScript
312 20 : CScript redeem_script(stack.script.back().begin(), stack.script.back().end());
313 20 : data.redeem_script = redeem_script;
314 20 : next_script = std::move(redeem_script);
315 :
316 : // Get redeemScript type
317 20 : script_type = Solver(next_script, solutions);
318 20 : stack.script.pop_back();
319 20 : }
320 20934 : if (script_type == TxoutType::WITNESS_V0_SCRIPTHASH && !stack.witness.empty() && !stack.witness.back().empty()) {
321 : // Get the witnessScript
322 29 : CScript witness_script(stack.witness.back().begin(), stack.witness.back().end());
323 29 : data.witness_script = witness_script;
324 29 : next_script = std::move(witness_script);
325 :
326 : // Get witnessScript type
327 29 : script_type = Solver(next_script, solutions);
328 29 : stack.witness.pop_back();
329 29 : stack.script = std::move(stack.witness);
330 29 : stack.witness.clear();
331 : sigversion = SigVersion::WITNESS_V0;
332 29 : }
333 20934 : if (script_type == TxoutType::MULTISIG && !stack.script.empty()) {
334 : // Build a map of pubkey -> signature by matching sigs to pubkeys:
335 41 : assert(solutions.size() > 1);
336 41 : unsigned int num_pubkeys = solutions.size()-2;
337 : unsigned int last_success_key = 0;
338 176 : for (const valtype& sig : stack.script) {
339 356 : for (unsigned int i = last_success_key; i < num_pubkeys; ++i) {
340 274 : const valtype& pubkey = solutions[i+1];
341 : // We either have a signature for this pubkey, or we have found a signature and it is valid
342 274 : if (data.signatures.count(CPubKey(pubkey).GetID()) || extractor_checker.CheckSig(sig, pubkey, next_script, sigversion)) {
343 : last_success_key = i + 1;
344 53 : break;
345 : }
346 221 : }
347 : }
348 41 : }
349 :
350 : return data;
351 21108 : }
352 :
353 268173 : void UpdateInput(CTxIn& input, const SignatureData& data)
354 : {
355 268173 : input.scriptSig = data.scriptSig;
356 268173 : input.scriptWitness = data.scriptWitness;
357 268173 : }
358 :
359 40 : void SignatureData::MergeSignatureData(SignatureData sigdata)
360 : {
361 40 : if (complete) return;
362 35 : if (sigdata.complete) {
363 8 : *this = std::move(sigdata);
364 8 : return;
365 : }
366 27 : if (redeem_script.empty() && !sigdata.redeem_script.empty()) {
367 0 : redeem_script = sigdata.redeem_script;
368 0 : }
369 27 : if (witness_script.empty() && !sigdata.witness_script.empty()) {
370 1 : witness_script = sigdata.witness_script;
371 1 : }
372 27 : signatures.insert(std::make_move_iterator(sigdata.signatures.begin()), std::make_move_iterator(sigdata.signatures.end()));
373 40 : }
374 :
375 4781 : bool SignSignature(const SigningProvider &provider, const CScript& fromPubKey, CMutableTransaction& txTo, unsigned int nIn, const CAmount& amount, int nHashType)
376 : {
377 4781 : assert(nIn < txTo.vin.size());
378 :
379 4781 : MutableTransactionSignatureCreator creator(&txTo, nIn, amount, nHashType);
380 :
381 4781 : SignatureData sigdata;
382 4781 : bool ret = ProduceSignature(provider, creator, fromPubKey, sigdata);
383 4781 : UpdateInput(txTo.vin.at(nIn), sigdata);
384 : return ret;
385 4781 : }
386 :
387 107 : bool SignSignature(const SigningProvider &provider, const CTransaction& txFrom, CMutableTransaction& txTo, unsigned int nIn, int nHashType)
388 : {
389 107 : assert(nIn < txTo.vin.size());
390 107 : CTxIn& txin = txTo.vin[nIn];
391 107 : assert(txin.prevout.n < txFrom.vout.size());
392 107 : const CTxOut& txout = txFrom.vout[txin.prevout.n];
393 :
394 107 : return SignSignature(provider, txout.scriptPubKey, txTo, nIn, txout.nValue, nHashType);
395 : }
396 :
397 : namespace {
398 : /** Dummy signature checker which accepts all signatures. */
399 1462 : class DummySignatureChecker final : public BaseSignatureChecker
400 : {
401 : public:
402 1462 : DummySignatureChecker() {}
403 728594 : bool CheckSig(const std::vector<unsigned char>& scriptSig, const std::vector<unsigned char>& vchPubKey, const CScript& scriptCode, SigVersion sigversion) const override { return true; }
404 : };
405 731 : const DummySignatureChecker DUMMY_CHECKER;
406 :
407 2924 : class DummySignatureCreator final : public BaseSignatureCreator {
408 : private:
409 : char m_r_len = 32;
410 : char m_s_len = 32;
411 : public:
412 2924 : DummySignatureCreator(char r_len, char s_len) : m_r_len(r_len), m_s_len(s_len) {}
413 483827 : const BaseSignatureChecker& Checker() const override { return DUMMY_CHECKER; }
414 485659 : bool CreateSig(const SigningProvider& provider, std::vector<unsigned char>& vchSig, const CKeyID& keyid, const CScript& scriptCode, SigVersion sigversion) const override
415 : {
416 : // Create a dummy signature that is a valid DER-encoding
417 485659 : vchSig.assign(m_r_len + m_s_len + 7, '\000');
418 485659 : vchSig[0] = 0x30;
419 485659 : vchSig[1] = m_r_len + m_s_len + 4;
420 485659 : vchSig[2] = 0x02;
421 485659 : vchSig[3] = m_r_len;
422 485659 : vchSig[4] = 0x01;
423 485659 : vchSig[4 + m_r_len] = 0x02;
424 485659 : vchSig[5 + m_r_len] = m_s_len;
425 485659 : vchSig[6 + m_r_len] = 0x01;
426 485659 : vchSig[6 + m_r_len + m_s_len] = SIGHASH_ALL;
427 485659 : return true;
428 : }
429 : };
430 :
431 : }
432 :
433 731 : const BaseSignatureCreator& DUMMY_SIGNATURE_CREATOR = DummySignatureCreator(32, 32);
434 731 : const BaseSignatureCreator& DUMMY_MAXIMUM_SIGNATURE_CREATOR = DummySignatureCreator(33, 32);
435 :
436 241721 : bool IsSolvable(const SigningProvider& provider, const CScript& script)
437 : {
438 : // This check is to make sure that the script we created can actually be solved for and signed by us
439 : // if we were to have the private keys. This is just to make sure that the script is valid and that,
440 : // if found in a transaction, we would still accept and relay that transaction. In particular,
441 : // it will reject witness outputs that require signing with an uncompressed public key.
442 241721 : SignatureData sigs;
443 : // Make sure that STANDARD_SCRIPT_VERIFY_FLAGS includes SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, the most
444 : // important property this function is designed to test for.
445 : static_assert(STANDARD_SCRIPT_VERIFY_FLAGS & SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, "IsSolvable requires standard script flags to include WITNESS_PUBKEYTYPE");
446 241721 : if (ProduceSignature(provider, DUMMY_SIGNATURE_CREATOR, script, sigs)) {
447 : // VerifyScript check is just defensive, and should never fail.
448 241534 : bool verified = VerifyScript(sigs.scriptSig, script, &sigs.scriptWitness, STANDARD_SCRIPT_VERIFY_FLAGS, DUMMY_CHECKER);
449 241534 : assert(verified);
450 : return true;
451 0 : }
452 187 : return false;
453 241721 : }
454 :
455 12 : bool IsSegWitOutput(const SigningProvider& provider, const CScript& script)
456 : {
457 12 : std::vector<valtype> solutions;
458 12 : auto whichtype = Solver(script, solutions);
459 12 : if (whichtype == TxoutType::WITNESS_V0_SCRIPTHASH || whichtype == TxoutType::WITNESS_V0_KEYHASH || whichtype == TxoutType::WITNESS_UNKNOWN) return true;
460 8 : if (whichtype == TxoutType::SCRIPTHASH) {
461 4 : auto h160 = uint160(solutions[0]);
462 4 : CScript subscript;
463 4 : if (provider.GetCScript(CScriptID{h160}, subscript)) {
464 2 : whichtype = Solver(subscript, solutions);
465 2 : if (whichtype == TxoutType::WITNESS_V0_SCRIPTHASH || whichtype == TxoutType::WITNESS_V0_KEYHASH || whichtype == TxoutType::WITNESS_UNKNOWN) return true;
466 : }
467 4 : }
468 6 : return false;
469 12 : }
470 :
471 5178 : bool SignTransaction(CMutableTransaction& mtx, const SigningProvider* keystore, const std::map<COutPoint, Coin>& coins, int nHashType, std::map<int, std::string>& input_errors)
472 : {
473 5178 : bool fHashSingle = ((nHashType & ~SIGHASH_ANYONECANPAY) == SIGHASH_SINGLE);
474 :
475 : // Use CTransaction for the constant parts of the
476 : // transaction to avoid rehashing.
477 5178 : const CTransaction txConst(mtx);
478 : // Sign what we can:
479 26272 : for (unsigned int i = 0; i < mtx.vin.size(); i++) {
480 21094 : CTxIn& txin = mtx.vin[i];
481 21094 : auto coin = coins.find(txin.prevout);
482 21094 : if (coin == coins.end() || coin->second.IsSpent()) {
483 4 : input_errors[i] = "Input not found or already spent";
484 4 : continue;
485 : }
486 21090 : const CScript& prevPubKey = coin->second.out.scriptPubKey;
487 21090 : const CAmount& amount = coin->second.out.nValue;
488 :
489 21090 : SignatureData sigdata = DataFromTransaction(mtx, i, coin->second.out);
490 : // Only sign SIGHASH_SINGLE if there's a corresponding output:
491 21090 : if (!fHashSingle || (i < mtx.vout.size())) {
492 21090 : ProduceSignature(*keystore, MutableTransactionSignatureCreator(&mtx, i, amount, nHashType), prevPubKey, sigdata);
493 21090 : }
494 :
495 21090 : UpdateInput(txin, sigdata);
496 :
497 : // amount must be specified for valid segwit signature
498 21090 : if (amount == MAX_MONEY && !txin.scriptWitness.IsNull()) {
499 2 : input_errors[i] = "Missing amount";
500 2 : continue;
501 : }
502 :
503 21088 : ScriptError serror = SCRIPT_ERR_OK;
504 21088 : if (!VerifyScript(txin.scriptSig, prevPubKey, &txin.scriptWitness, STANDARD_SCRIPT_VERIFY_FLAGS, TransactionSignatureChecker(&txConst, i, amount), &serror)) {
505 3637 : if (serror == SCRIPT_ERR_INVALID_STACK_OPERATION) {
506 : // Unable to sign input and verification failed (possible attempt to partially sign).
507 2576 : input_errors[i] = "Unable to sign input, invalid stack size (possibly missing key)";
508 3637 : } else if (serror == SCRIPT_ERR_SIG_NULLFAIL) {
509 : // Verification failed (possibly due to insufficient signatures).
510 81 : input_errors[i] = "CHECK(MULTI)SIG failing with non-zero signature (possibly need more signatures)";
511 81 : } else {
512 980 : input_errors[i] = ScriptErrorString(serror);
513 : }
514 : } else {
515 : // If this input succeeds, make sure there is no error set for it
516 17451 : input_errors.erase(i);
517 : }
518 21094 : }
519 5178 : return input_errors.empty();
520 5178 : }
|
