16typedef std::vector<unsigned char>
valtype;
38 for (
unsigned int i = 0; i < vch.size(); i++)
43 if (i == vch.size()-1 && vch[i] == 0x80)
55#define stacktop(i) (stack.at(size_t(int64_t(stack.size()) + int64_t{i})))
56#define altstacktop(i) (altstack.at(size_t(int64_t(altstack.size()) + int64_t{i})))
57static inline void popstack(std::vector<valtype>& stack)
60 throw std::runtime_error(
"popstack(): stack empty");
69 if (vchPubKey[0] == 0x04) {
74 }
else if (vchPubKey[0] == 0x02 || vchPubKey[0] == 0x03) {
91 if (vchPubKey[0] != 0x02 && vchPubKey[0] != 0x03) {
122 if (sig.size() < 9)
return false;
123 if (sig.size() > 73)
return false;
126 if (sig[0] != 0x30)
return false;
129 if (sig[1] != sig.size() - 3)
return false;
132 unsigned int lenR = sig[3];
135 if (5 + lenR >= sig.size())
return false;
138 unsigned int lenS = sig[5 + lenR];
142 if ((
size_t)(lenR + lenS + 7) != sig.size())
return false;
145 if (sig[2] != 0x02)
return false;
148 if (lenR == 0)
return false;
151 if (sig[4] & 0x80)
return false;
155 if (lenR > 1 && (sig[4] == 0x00) && !(sig[5] & 0x80))
return false;
158 if (sig[lenR + 4] != 0x02)
return false;
161 if (lenS == 0)
return false;
164 if (sig[lenR + 6] & 0x80)
return false;
168 if (lenS > 1 && (sig[lenR + 6] == 0x00) && !(sig[lenR + 7] & 0x80))
return false;
180 std::vector<unsigned char> vchSigCopy(vchSig.begin(), vchSig.begin() + vchSig.size() - 1);
191 if (vchSig.size() == 0) {
204 if (vchSig.size() == 0) {
240 while (
static_cast<size_t>(end - pc) >= b.
size() && std::equal(b.
begin(), b.
end(), pc))
247 while (
script.GetOp(pc, opcode));
251 script = std::move(result);
273class ConditionStack {
276 static constexpr uint32_t NO_FALSE = std::numeric_limits<uint32_t>::max();
279 uint32_t m_stack_size = 0;
281 uint32_t m_first_false_pos = NO_FALSE;
284 bool empty()
const {
return m_stack_size == 0; }
285 bool all_true()
const {
return m_first_false_pos == NO_FALSE; }
286 void push_back(
bool f)
288 if (m_first_false_pos == NO_FALSE && !f) {
291 m_first_false_pos = m_stack_size;
299 if (m_first_false_pos == m_stack_size) {
301 m_first_false_pos = NO_FALSE;
307 if (m_first_false_pos == NO_FALSE) {
309 m_first_false_pos = m_stack_size - 1;
310 }
else if (m_first_false_pos == m_stack_size - 1) {
312 m_first_false_pos = NO_FALSE;
326 CScript scriptCode(pbegincodehash, pend);
357 success = !sig.empty();
367 if (pubkey.size() == 0) {
369 }
else if (pubkey.size() == 32) {
394 switch (sigversion) {
413 static const valtype vchFalse(0);
415 static const valtype vchTrue(1, 1);
425 ConditionStack vfExec;
426 std::vector<valtype> altstack;
433 uint32_t opcode_pos = 0;
439 for (; pc < pend; ++opcode_pos) {
440 bool fExec = vfExec.all_true();
445 if (!
script.GetOp(pc, opcode, vchPushValue))
482 stack.push_back(vchPushValue);
509 stack.push_back(bn.
getvch());
529 if (stack.size() < 1)
568 if (stack.size() < 1)
610 if (stack.size() < 1)
617 if (vch.size() > 1 || (vch.size() == 1 && vch[0] != 1)) {
625 if (vch.size() == 1 && vch[0] != 1)
633 vfExec.push_back(fValue);
657 if (stack.size() < 1)
679 if (stack.size() < 1)
688 if (altstack.size() < 1)
698 if (stack.size() < 2)
708 if (stack.size() < 2)
712 stack.push_back(vch1);
713 stack.push_back(vch2);
720 if (stack.size() < 3)
725 stack.push_back(vch1);
726 stack.push_back(vch2);
727 stack.push_back(vch3);
734 if (stack.size() < 4)
738 stack.push_back(vch1);
739 stack.push_back(vch2);
746 if (stack.size() < 6)
750 stack.erase(stack.end()-6, stack.end()-4);
751 stack.push_back(vch1);
752 stack.push_back(vch2);
759 if (stack.size() < 4)
769 if (stack.size() < 1)
773 stack.push_back(vch);
781 stack.push_back(bn.
getvch());
788 if (stack.size() < 1)
797 if (stack.size() < 1)
800 stack.push_back(vch);
807 if (stack.size() < 2)
809 stack.erase(stack.end() - 2);
816 if (stack.size() < 2)
819 stack.push_back(vch);
828 if (stack.size() < 2)
832 if (n < 0 || n >= (
int)stack.size())
836 stack.erase(stack.end()-n-1);
837 stack.push_back(vch);
846 if (stack.size() < 3)
856 if (stack.size() < 2)
865 if (stack.size() < 2)
868 stack.insert(stack.end()-2, vch);
876 if (stack.size() < 1)
879 stack.push_back(bn.
getvch());
892 if (stack.size() < 2)
896 bool fEqual = (vch1 == vch2);
904 stack.push_back(fEqual ? vchTrue : vchFalse);
927 if (stack.size() < 1)
932 case OP_1ADD: bn += bnOne;
break;
933 case OP_1SUB: bn -= bnOne;
break;
935 case OP_ABS:
if (bn < bnZero) bn = -bn;
break;
936 case OP_NOT: bn = (bn == bnZero);
break;
938 default:
assert(!
"invalid opcode");
break;
941 stack.push_back(bn.
getvch());
960 if (stack.size() < 2)
975 case OP_BOOLAND: bn = (bn1 != bnZero && bn2 != bnZero);
break;
976 case OP_BOOLOR: bn = (bn1 != bnZero || bn2 != bnZero);
break;
984 case OP_MIN: bn = (bn1 < bn2 ? bn1 : bn2);
break;
985 case OP_MAX: bn = (bn1 > bn2 ? bn1 : bn2);
break;
986 default:
assert(!
"invalid opcode");
break;
990 stack.push_back(bn.
getvch());
1005 if (stack.size() < 3)
1010 bool fValue = (bn2 <= bn1 && bn1 < bn3);
1014 stack.push_back(fValue ? vchTrue : vchFalse);
1029 if (stack.size() < 1)
1044 stack.push_back(vchHash);
1054 pbegincodehash = pc;
1063 if (stack.size() < 2)
1069 bool fSuccess =
true;
1070 if (!
EvalChecksig(vchSig, vchPubKey, pbegincodehash, pend, execdata,
flags, checker, sigversion, serror, fSuccess))
return false;
1073 stack.push_back(fSuccess ? vchTrue : vchFalse);
1096 bool success =
true;
1097 if (!
EvalChecksig(sig, pubkey, pbegincodehash, pend, execdata,
flags, checker, sigversion, serror, success))
return false;
1101 stack.push_back((num + (success ? 1 : 0)).getvch());
1113 if ((
int)stack.size() < i)
1119 nOpCount += nKeysCount;
1125 int ikey2 = nKeysCount + 2;
1127 if ((
int)stack.size() < i)
1131 if (nSigsCount < 0 || nSigsCount > nKeysCount)
1135 if ((
int)stack.size() < i)
1139 CScript scriptCode(pbegincodehash, pend);
1142 for (
int k = 0;
k < nSigsCount;
k++)
1152 bool fSuccess =
true;
1153 while (fSuccess && nSigsCount > 0)
1179 if (nSigsCount > nKeysCount)
1199 if (stack.size() < 1)
1205 stack.push_back(fSuccess ? vchTrue : vchFalse);
1231 if (!vfExec.empty())
1234 return set_success(serror);
1250class CTransactionSignatureSerializer
1255 const unsigned int nIn;
1256 const bool fAnyoneCanPay;
1257 const bool fHashSingle;
1258 const bool fHashNone;
1261 CTransactionSignatureSerializer(
const T& txToIn,
const CScript& scriptCodeIn,
unsigned int nInIn,
int nHashTypeIn) :
1262 txTo(txToIn), scriptCode(scriptCodeIn), nIn(nInIn),
1268 template<
typename S>
1269 void SerializeScriptCode(
S &
s)
const {
1273 unsigned int nCodeSeparators = 0;
1274 while (scriptCode.
GetOp(it, opcode)) {
1280 while (scriptCode.
GetOp(it, opcode)) {
1282 s.write(std::as_bytes(std::span{&itBegin[0], size_t(it - itBegin - 1)}));
1286 if (itBegin != scriptCode.
end())
1287 s.write(std::as_bytes(std::span{&itBegin[0],
size_t(it - itBegin)}));
1291 template<
typename S>
1292 void SerializeInput(
S &
s,
unsigned int nInput)
const {
1303 SerializeScriptCode(
s);
1305 if (nInput != nIn && (fHashSingle || fHashNone))
1313 template<
typename S>
1314 void SerializeOutput(
S &
s,
unsigned int nOutput)
const {
1315 if (fHashSingle && nOutput != nIn)
1323 template<
typename S>
1328 unsigned int nInputs = fAnyoneCanPay ? 1 : txTo.vin.size();
1330 for (
unsigned int nInput = 0; nInput < nInputs; nInput++)
1331 SerializeInput(
s, nInput);
1333 unsigned int nOutputs = fHashNone ? 0 : (fHashSingle ? nIn+1 : txTo.vout.size());
1335 for (
unsigned int nOutput = 0; nOutput < nOutputs; nOutput++)
1336 SerializeOutput(
s, nOutput);
1344uint256 GetPrevoutsSHA256(
const T& txTo)
1347 for (
const auto& txin : txTo.vin) {
1355uint256 GetSequencesSHA256(
const T& txTo)
1358 for (
const auto& txin : txTo.vin) {
1359 ss << txin.nSequence;
1366uint256 GetOutputsSHA256(
const T& txTo)
1369 for (
const auto& txout : txTo.vout) {
1376uint256 GetSpentAmountsSHA256(
const std::vector<CTxOut>& outputs_spent)
1379 for (
const auto& txout : outputs_spent) {
1386uint256 GetSpentScriptsSHA256(
const std::vector<CTxOut>& outputs_spent)
1389 for (
const auto& txout : outputs_spent) {
1390 ss << txout.scriptPubKey;
1410 bool uses_bip143_segwit = force;
1411 bool uses_bip341_taproot = force;
1412 for (
size_t inpos = 0; inpos < txTo.vin.size() && !(uses_bip143_segwit && uses_bip341_taproot); ++inpos) {
1413 if (!txTo.vin[inpos].scriptWitness.IsNull()) {
1420 uses_bip341_taproot =
true;
1425 uses_bip143_segwit =
true;
1428 if (uses_bip341_taproot && uses_bip143_segwit)
break;
1431 if (uses_bip143_segwit || uses_bip341_taproot) {
1437 if (uses_bip143_segwit) {
1475 assert(!
"Unknown MissingDataBehavior value");
1481 uint8_t ext_flag, key_version;
1482 switch (sigversion) {
1498 assert(in_pos < tx_to.vin.size());
1506 static constexpr uint8_t EPOCH = 0;
1512 if (!(hash_type <= 0x03 || (hash_type >= 0x81 && hash_type <= 0x83)))
return false;
1516 ss << tx_to.version;
1517 ss << tx_to.nLockTime;
1531 const uint8_t spend_type = (ext_flag << 1) + (have_annex ? 1 : 0);
1534 ss << tx_to.vin[in_pos].prevout;
1536 ss << tx_to.vin[in_pos].nSequence;
1546 if (in_pos >= tx_to.vout.size())
return false;
1549 sha_single_output << tx_to.vout[in_pos];
1564 hash_out = ss.GetSHA256();
1579 auto& entry = m_cache_entries[CacheIndex(hash_type)];
1580 if (entry.has_value()) {
1581 if (script_code == entry->first) {
1591 auto& entry = m_cache_entries[CacheIndex(hash_type)];
1592 entry.emplace(script_code, writer);
1598 assert(nIn < txTo.vin.size());
1603 if (nIn >= txTo.vout.size()) {
1613 if (sighash_cache && sighash_cache->
Load(nHashType, scriptCode, ss)) {
1635 }
else if ((nHashType & 0x1f) ==
SIGHASH_SINGLE && nIn < txTo.vout.size()) {
1637 inner_ss << txTo.vout[nIn];
1638 hashOutputs = inner_ss.GetHash();
1649 ss << txTo.vin[nIn].prevout;
1652 ss << txTo.vin[nIn].nSequence;
1656 ss << txTo.nLockTime;
1659 CTransactionSignatureSerializer<T> txTmp(txTo, scriptCode, nIn, nHashType);
1666 if (sighash_cache !=
nullptr) {
1667 sighash_cache->
Store(nHashType, scriptCode, ss);
1672 return ss.GetHash();
1678 return pubkey.
Verify(sighash, vchSig);
1695 std::vector<unsigned char> vchSig(vchSigIn);
1698 int nHashType = vchSig.back();
1704 uint256 sighash =
SignatureHash(scriptCode, *txTo, nIn, nHashType, amount, sigversion, this->txdata, &m_sighash_cache);
1706 if (!VerifyECDSASignature(vchSig, pubkey, sighash))
1717 assert(pubkey_in.size() == 32);
1727 if (sig.size() == 65) {
1733 if (!
SignatureHashSchnorr(sighash, execdata, *txTo, nIn, hashtype, sigversion, *this->txdata, m_mdb)) {
1758 if (nLockTime > (int64_t)txTo->nLockTime)
1782 const int64_t txToSequence = (int64_t)txTo->vin[nIn].nSequence;
1786 if (txTo->version < 2)
1799 const int64_t txToSequenceMasked = txToSequence & nLockTimeMask;
1800 const CScriptNum nSequenceMasked = nSequence & nLockTimeMask;
1818 if (nSequenceMasked > txToSequenceMasked)
1830 std::vector<valtype> stack{stack_span.begin(), stack_span.end()};
1835 while (pc < exec_script.
end()) {
1837 if (!exec_script.
GetOp(pc, opcode)) {
1846 return set_success(serror);
1855 for (
const valtype& elem : stack) {
1860 if (!
EvalScript(stack, exec_script,
flags, checker, sigversion, execdata, serror))
return false;
1876 if (std::lexicographical_compare(a.begin(), a.end(), b.begin(), b.end())) {
1877 ss_branch << a << b;
1879 ss_branch << b << a;
1892 for (
int i = 0; i < path_len; ++i) {
1910 return q.CheckTapTweak(p, merkle_root, control[0] & 1);
1916 std::span stack{witness.
stack};
1919 if (witversion == 0) {
1922 if (stack.size() == 0) {
1926 exec_script =
CScript(script_bytes.begin(), script_bytes.end());
1929 if (memcmp(hash_exec_script.
begin(), program.data(), 32)) {
1935 if (stack.size() != 2) {
1947 if (stack.size() >= 2 && !stack.back().empty() && stack.back()[0] ==
ANNEX_TAG) {
1956 if (stack.size() == 1) {
1961 return set_success(serror);
1984 return set_success(serror);
2001 if (witness ==
nullptr) {
2002 witness = &emptyWitness;
2004 bool hadWitness =
false;
2014 std::vector<std::vector<unsigned char> > stack, stackCopy;
2030 std::vector<unsigned char> witnessprogram;
2034 if (scriptSig.
size() != 0) {
2055 swap(stack, stackCopy);
2062 const valtype& pubKeySerialized = stack.back();
2063 CScript pubKey2(pubKeySerialized.begin(), pubKeySerialized.end());
2078 if (scriptSig !=
CScript() << std::vector<unsigned char>(pubKey2.
begin(), pubKey2.
end())) {
2101 if (stack.size() != 1) {
2111 if (!hadWitness && !witness->
IsNull()) {
2116 return set_success(serror);
2121 if (witversion == 0) {
2145 std::vector<unsigned char> witnessprogram;
2147 return WitnessSigOps(witnessversion, witnessprogram, witness ? *witness : witnessEmpty);
2152 std::vector<unsigned char>
data;
2153 while (pc < scriptSig.
end()) {
2159 return WitnessSigOps(witnessversion, witnessprogram, witness ? *witness : witnessEmpty);
2166#define FLAG_NAME(flag) {std::string(#flag), SCRIPT_VERIFY_##flag}
2182 FLAG_NAME(DISCOURAGE_UPGRADABLE_WITNESS_PROGRAM),
2186 FLAG_NAME(DISCOURAGE_UPGRADABLE_PUBKEYTYPE),
2188 FLAG_NAME(DISCOURAGE_UPGRADABLE_TAPROOT_VERSION),
2194 std::vector<std::string> res;
2200 if ((
flags & flag) != 0) {
2201 res.push_back(
name);
2205 if (leftover != 0) {
std::vector< unsigned char > valtype
int64_t CAmount
Amount in satoshis (Can be negative)
virtual bool CheckLockTime(const CScriptNum &nLockTime) const
virtual bool CheckSchnorrSignature(std::span< const unsigned char > sig, std::span< const unsigned char > pubkey, SigVersion sigversion, ScriptExecutionData &execdata, ScriptError *serror=nullptr) const
virtual bool CheckSequence(const CScriptNum &nSequence) const
virtual bool CheckECDSASignature(const std::vector< unsigned char > &scriptSig, const std::vector< unsigned char > &vchPubKey, const CScript &scriptCode, SigVersion sigversion) const
A hasher class for Bitcoin's 160-bit hash (SHA-256 + RIPEMD-160).
CHash160 & Write(std::span< const unsigned char > input)
void Finalize(std::span< unsigned char > output)
A hasher class for Bitcoin's 256-bit hash (double SHA-256).
void Finalize(std::span< unsigned char > output)
CHash256 & Write(std::span< const unsigned char > input)
An encapsulated public key.
static constexpr unsigned int COMPRESSED_SIZE
static bool CheckLowS(const std::vector< unsigned char > &vchSig)
Check whether a signature is normalized (lower-S).
bool Verify(const uint256 &hash, const std::vector< unsigned char > &vchSig) const
Verify a DER signature (~72 bytes).
static constexpr unsigned int SIZE
secp256k1:
A hasher class for RIPEMD-160.
CRIPEMD160 & Write(const unsigned char *data, size_t len)
void Finalize(unsigned char hash[OUTPUT_SIZE])
CSHA1 & Write(const unsigned char *data, size_t len)
void Finalize(unsigned char hash[OUTPUT_SIZE])
A hasher class for SHA-256.
void Finalize(unsigned char hash[OUTPUT_SIZE])
CSHA256 & Write(const unsigned char *data, size_t len)
Serialized script, used inside transaction inputs and outputs.
bool IsPushOnly(const_iterator pc) const
Called by IsStandardTx and P2SH/BIP62 VerifyScript (which makes it consensus-critical).
bool IsPayToScriptHash() const
unsigned int GetSigOpCount(bool fAccurate) const
Pre-version-0.6, Bitcoin always counted CHECKMULTISIGs as 20 sigops.
bool IsPayToAnchor() const
bool GetOp(const_iterator &pc, opcodetype &opcodeRet, std::vector< unsigned char > &vchRet) const
bool IsWitnessProgram(int &version, std::vector< unsigned char > &program) const
std::vector< unsigned char > getvch() const
The basic transaction that is broadcasted on the network and contained in blocks.
static const uint32_t SEQUENCE_LOCKTIME_DISABLE_FLAG
If this flag is set, CTxIn::nSequence is NOT interpreted as a relative lock-time.
static const uint32_t SEQUENCE_LOCKTIME_MASK
If CTxIn::nSequence encodes a relative lock-time, this mask is applied to extract that lock-time from...
static const uint32_t SEQUENCE_FINAL
Setting nSequence to this value for every input in a transaction disables nLockTime/IsFinalTx().
static const uint32_t SEQUENCE_LOCKTIME_TYPE_FLAG
If CTxIn::nSequence encodes a relative lock-time and this flag is set, the relative lock-time has uni...
An output of a transaction.
bool CheckSchnorrSignature(std::span< const unsigned char > sig, std::span< const unsigned char > pubkey, SigVersion sigversion, ScriptExecutionData &execdata, ScriptError *serror=nullptr) const override
bool CheckECDSASignature(const std::vector< unsigned char > &scriptSig, const std::vector< unsigned char > &vchPubKey, const CScript &scriptCode, SigVersion sigversion) const override
bool CheckLockTime(const CScriptNum &nLockTime) const override
virtual bool VerifySchnorrSignature(std::span< const unsigned char > sig, const XOnlyPubKey &pubkey, const uint256 &sighash) const
virtual bool VerifyECDSASignature(const std::vector< unsigned char > &vchSig, const CPubKey &vchPubKey, const uint256 &sighash) const
bool CheckSequence(const CScriptNum &nSequence) const override
A writer stream (for serialization) that computes a 256-bit hash.
uint256 GetHash()
Compute the double-SHA256 hash of all data written to this object.
uint256 GetSHA256()
Compute the SHA256 hash of all data written to this object.
Data structure to cache SHA256 midstates for the ECDSA sighash calculations (bare,...
void Store(int32_t hash_type, const CScript &script_code, const HashWriter &writer) noexcept
Store into this cache object the provided SHA256 midstate.
bool Load(int32_t hash_type, const CScript &script_code, HashWriter &writer) const noexcept
Load into writer the SHA256 midstate if found in this cache.
int CacheIndex(int32_t hash_type) const noexcept
Given a hash_type, find which of the 6 cache entries is to be used.
bool VerifySchnorr(const uint256 &msg, std::span< const unsigned char > sigbytes) const
Verify a Schnorr signature against this public key.
static constexpr unsigned int size()
constexpr unsigned char * begin()
iterator insert(iterator pos, const T &value)
constexpr value_type as_int() const
HashWriter TaggedHash(const std::string &tag)
Return a HashWriter primed for tagged hashes (as specified in BIP 340).
uint256 SHA256Uint256(const uint256 &input)
Single-SHA256 a 32-byte input (represented as uint256).
uint256 ComputeTapbranchHash(std::span< const unsigned char > a, std::span< const unsigned char > b)
Compute the BIP341 tapbranch hash from two branches.
static bool IsDefinedHashtypeSignature(const valtype &vchSig)
bool SignatureHashSchnorr(uint256 &hash_out, ScriptExecutionData &execdata, const T &tx_to, uint32_t in_pos, uint8_t hash_type, SigVersion sigversion, const PrecomputedTransactionData &cache, MissingDataBehavior mdb)
static bool EvalChecksigTapscript(const valtype &sig, const valtype &pubkey, ScriptExecutionData &execdata, script_verify_flags flags, const BaseSignatureChecker &checker, SigVersion sigversion, ScriptError *serror, bool &success)
static bool IsCompressedPubKey(const valtype &vchPubKey)
static bool IsValidSignatureEncoding(const std::vector< unsigned char > &sig)
A canonical signature exists of: <30> <total len> <02> <len R> <R> <02> <len S> <hashtype> Where R a...
uint256 ComputeTaprootMerkleRoot(std::span< const unsigned char > control, const uint256 &tapleaf_hash)
Compute the BIP341 taproot script tree Merkle root from control block and leaf hash.
bool CastToBool(const valtype &vch)
int FindAndDelete(CScript &script, const CScript &b)
static bool EvalChecksig(const valtype &sig, const valtype &pubkey, CScript::const_iterator pbegincodehash, CScript::const_iterator pend, ScriptExecutionData &execdata, script_verify_flags flags, const BaseSignatureChecker &checker, SigVersion sigversion, ScriptError *serror, bool &success)
Helper for OP_CHECKSIG, OP_CHECKSIGVERIFY, and (in Tapscript) OP_CHECKSIGADD.
const HashWriter HASHER_TAPBRANCH
Hasher with tag "TapBranch" pre-fed to it.
static void popstack(std::vector< valtype > &stack)
static bool IsLowDERSignature(const valtype &vchSig, ScriptError *serror)
uint256 ComputeTapleafHash(uint8_t leaf_version, std::span< const unsigned char > script)
Compute the BIP341 tapleaf hash from leaf version & script.
bool EvalScript(std::vector< std::vector< unsigned char > > &stack, const CScript &script, script_verify_flags flags, const BaseSignatureChecker &checker, SigVersion sigversion, ScriptExecutionData &execdata, ScriptError *serror)
uint256 SignatureHash(const CScript &scriptCode, const T &txTo, unsigned int nIn, int32_t nHashType, const CAmount &amount, SigVersion sigversion, const PrecomputedTransactionData *cache, SigHashCache *sighash_cache)
static bool ExecuteWitnessScript(const std::span< const valtype > &stack_span, const CScript &exec_script, script_verify_flags flags, SigVersion sigversion, const BaseSignatureChecker &checker, ScriptExecutionData &execdata, ScriptError *serror)
static size_t WitnessSigOps(int witversion, const std::vector< unsigned char > &witprogram, const CScriptWitness &witness)
std::vector< unsigned char > valtype
static bool IsCompressedOrUncompressedPubKey(const valtype &vchPubKey)
std::vector< std::string > GetScriptFlagNames(script_verify_flags flags)
bool CheckSignatureEncoding(const std::vector< unsigned char > &vchSig, script_verify_flags flags, ScriptError *serror)
const std::map< std::string, script_verify_flag_name > g_verify_flag_names
#define stacktop(i)
Script is a stack machine (like Forth) that evaluates a predicate returning a bool indicating valid o...
const HashWriter HASHER_TAPLEAF
Hasher with tag "TapLeaf" pre-fed to it.
static bool VerifyWitnessProgram(const CScriptWitness &witness, int witversion, const std::vector< unsigned char > &program, script_verify_flags flags, const BaseSignatureChecker &checker, ScriptError *serror, bool is_p2sh)
bool VerifyScript(const CScript &scriptSig, const CScript &scriptPubKey, const CScriptWitness *witness, script_verify_flags flags, const BaseSignatureChecker &checker, ScriptError *serror)
static bool HandleMissingData(MissingDataBehavior mdb)
static bool CheckPubKeyEncoding(const valtype &vchPubKey, script_verify_flags flags, const SigVersion &sigversion, ScriptError *serror)
static bool EvalChecksigPreTapscript(const valtype &vchSig, const valtype &vchPubKey, CScript::const_iterator pbegincodehash, CScript::const_iterator pend, script_verify_flags flags, const BaseSignatureChecker &checker, SigVersion sigversion, ScriptError *serror, bool &fSuccess)
static bool VerifyTaprootCommitment(const std::vector< unsigned char > &control, const std::vector< unsigned char > &program, const uint256 &tapleaf_hash)
size_t CountWitnessSigOps(const CScript &scriptSig, const CScript &scriptPubKey, const CScriptWitness *witness, script_verify_flags flags)
const HashWriter HASHER_TAPSIGHASH
Hasher with tag "TapSighash" pre-fed to it.
static constexpr size_t WITNESS_V0_KEYHASH_SIZE
@ TAPROOT
Witness v1 with 32-byte program, not BIP16 P2SH-wrapped, key path spending; see BIP 341.
@ BASE
Bare scripts and BIP16 P2SH-wrapped redeemscripts.
@ TAPSCRIPT
Witness v1 with 32-byte program, not BIP16 P2SH-wrapped, script path spending, leaf version 0xc0; see...
@ WITNESS_V0
Witness v0 (P2WPKH and P2WSH); see BIP 141.
static constexpr uint8_t TAPROOT_LEAF_MASK
static constexpr uint8_t TAPROOT_LEAF_TAPSCRIPT
static constexpr size_t WITNESS_V0_SCRIPTHASH_SIZE
Signature hash sizes.
@ SIGHASH_DEFAULT
Taproot only; implied when sighash byte is missing, and equivalent to SIGHASH_ALL.
static constexpr size_t TAPROOT_CONTROL_NODE_SIZE
static constexpr size_t WITNESS_V1_TAPROOT_SIZE
MissingDataBehavior
Enum to specify what *TransactionSignatureChecker's behavior should be when dealing with missing tran...
@ ASSERT_FAIL
Abort execution through assertion failure (for consensus code)
@ FAIL
Just act as if the signature was invalid.
static constexpr size_t TAPROOT_CONTROL_MAX_SIZE
@ SCRIPT_VERIFY_NULLDUMMY
@ SCRIPT_VERIFY_STRICTENC
@ SCRIPT_VERIFY_CHECKSEQUENCEVERIFY
@ SCRIPT_VERIFY_CLEANSTACK
@ SCRIPT_VERIFY_CHECKLOCKTIMEVERIFY
@ SCRIPT_VERIFY_DISCOURAGE_UPGRADABLE_NOPS
@ SCRIPT_VERIFY_DISCOURAGE_OP_SUCCESS
@ SCRIPT_VERIFY_DISCOURAGE_UPGRADABLE_TAPROOT_VERSION
@ SCRIPT_VERIFY_SIGPUSHONLY
@ SCRIPT_VERIFY_WITNESS_PUBKEYTYPE
@ SCRIPT_VERIFY_MINIMALIF
@ SCRIPT_VERIFY_DISCOURAGE_UPGRADABLE_WITNESS_PROGRAM
@ SCRIPT_VERIFY_MINIMALDATA
@ SCRIPT_VERIFY_DISCOURAGE_UPGRADABLE_PUBKEYTYPE
@ SCRIPT_VERIFY_CONST_SCRIPTCODE
static constexpr script_verify_flags SCRIPT_VERIFY_NONE
Script verification flags.
static constexpr size_t TAPROOT_CONTROL_BASE_SIZE
#define S(a, b, c, d, e, f, g, h, i, j, k, l, m, n, o, p)
bool CheckMinimalPush(const std::vector< unsigned char > &data, opcodetype opcode)
bool IsOpSuccess(const opcodetype &opcode)
Test for OP_SUCCESSx opcodes as defined by BIP342.
static constexpr int64_t VALIDATION_WEIGHT_PER_SIGOP_PASSED
static const unsigned int LOCKTIME_THRESHOLD
static const unsigned int MAX_SCRIPT_ELEMENT_SIZE
static const int MAX_SCRIPT_SIZE
opcodetype
Script opcodes.
static const int MAX_STACK_SIZE
static const int MAX_OPS_PER_SCRIPT
static constexpr int64_t VALIDATION_WEIGHT_OFFSET
static const int MAX_PUBKEYS_PER_MULTISIG
static constexpr unsigned int ANNEX_TAG
enum ScriptError_t ScriptError
@ SCRIPT_ERR_OP_CODESEPARATOR
@ SCRIPT_ERR_SIG_PUSHONLY
@ SCRIPT_ERR_DISCOURAGE_UPGRADABLE_PUBKEYTYPE
@ SCRIPT_ERR_NUMEQUALVERIFY
@ SCRIPT_ERR_TAPSCRIPT_CHECKMULTISIG
@ SCRIPT_ERR_DISABLED_OPCODE
@ SCRIPT_ERR_DISCOURAGE_UPGRADABLE_TAPROOT_VERSION
@ SCRIPT_ERR_INVALID_ALTSTACK_OPERATION
@ SCRIPT_ERR_DISCOURAGE_UPGRADABLE_WITNESS_PROGRAM
@ SCRIPT_ERR_TAPSCRIPT_MINIMALIF
@ SCRIPT_ERR_UNKNOWN_ERROR
@ SCRIPT_ERR_WITNESS_PROGRAM_WRONG_LENGTH
@ SCRIPT_ERR_SIG_HASHTYPE
@ SCRIPT_ERR_CHECKSIGVERIFY
@ SCRIPT_ERR_WITNESS_MALLEATED_P2SH
@ SCRIPT_ERR_SCHNORR_SIG_SIZE
@ SCRIPT_ERR_WITNESS_MALLEATED
@ SCRIPT_ERR_DISCOURAGE_UPGRADABLE_NOPS
@ SCRIPT_ERR_TAPSCRIPT_VALIDATION_WEIGHT
@ SCRIPT_ERR_INVALID_STACK_OPERATION
@ SCRIPT_ERR_DISCOURAGE_OP_SUCCESS
@ SCRIPT_ERR_WITNESS_UNEXPECTED
@ SCRIPT_ERR_NEGATIVE_LOCKTIME
@ SCRIPT_ERR_WITNESS_PROGRAM_MISMATCH
@ SCRIPT_ERR_SIG_NULLFAIL
@ SCRIPT_ERR_SIG_NULLDUMMY
@ SCRIPT_ERR_CHECKMULTISIGVERIFY
@ SCRIPT_ERR_TAPROOT_WRONG_CONTROL_SIZE
@ SCRIPT_ERR_UNSATISFIED_LOCKTIME
@ SCRIPT_ERR_WITNESS_PUBKEYTYPE
@ SCRIPT_ERR_SIG_FINDANDDELETE
@ SCRIPT_ERR_PUBKEY_COUNT
@ SCRIPT_ERR_WITNESS_PROGRAM_WITNESS_EMPTY
@ SCRIPT_ERR_SCHNORR_SIG_HASHTYPE
@ SCRIPT_ERR_UNBALANCED_CONDITIONAL
size_t GetSerializeSize(const T &t)
void Serialize(Stream &, V)=delete
void WriteCompactSize(SizeComputer &os, uint64_t nSize)
T & SpanPopBack(std::span< T > &span)
A span is an object that can refer to a contiguous sequence of objects.
A mutable version of CTransaction.
std::vector< std::vector< unsigned char > > stack
void Init(const T &tx, std::vector< CTxOut > &&spent_outputs, bool force=false)
Initialize this PrecomputedTransactionData with transaction data.
uint256 m_sequences_single_hash
bool m_bip341_taproot_ready
Whether the 5 fields above are initialized.
PrecomputedTransactionData()=default
bool m_bip143_segwit_ready
Whether the 3 fields above are initialized.
uint256 m_prevouts_single_hash
uint256 m_spent_amounts_single_hash
uint256 m_spent_scripts_single_hash
bool m_spent_outputs_ready
Whether m_spent_outputs is initialized.
uint256 m_outputs_single_hash
std::vector< CTxOut > m_spent_outputs
std::optional< uint256 > m_output_hash
The hash of the corresponding output.
uint256 m_tapleaf_hash
The tapleaf hash.
uint256 m_annex_hash
Hash of the annex data.
int64_t m_validation_weight_left
How much validation weight is left (decremented for every successful non-empty signature check).
bool m_annex_present
Whether an annex is present.
bool m_annex_init
Whether m_annex_present and (when needed) m_annex_hash are initialized.
bool m_codeseparator_pos_init
Whether m_codeseparator_pos is initialized.
bool m_tapleaf_hash_init
Whether m_tapleaf_hash is initialized.
bool m_validation_weight_left_init
Whether m_validation_weight_left is initialized.
uint32_t m_codeseparator_pos
Opcode position of the last executed OP_CODESEPARATOR (or 0xFFFFFFFF if none executed).