15typedef std::vector<unsigned char>
valtype;
37 for (
unsigned int i = 0; i < vch.size(); i++)
42 if (i == vch.size()-1 && vch[i] == 0x80)
54#define stacktop(i) (stack.at(size_t(int64_t(stack.size()) + int64_t{i})))
55#define altstacktop(i) (altstack.at(size_t(int64_t(altstack.size()) + int64_t{i})))
56static inline void popstack(std::vector<valtype>& stack)
59 throw std::runtime_error(
"popstack(): stack empty");
68 if (vchPubKey[0] == 0x04) {
73 }
else if (vchPubKey[0] == 0x02 || vchPubKey[0] == 0x03) {
90 if (vchPubKey[0] != 0x02 && vchPubKey[0] != 0x03) {
121 if (sig.size() < 9)
return false;
122 if (sig.size() > 73)
return false;
125 if (sig[0] != 0x30)
return false;
128 if (sig[1] != sig.size() - 3)
return false;
131 unsigned int lenR = sig[3];
134 if (5 + lenR >= sig.size())
return false;
137 unsigned int lenS = sig[5 + lenR];
141 if ((
size_t)(lenR + lenS + 7) != sig.size())
return false;
144 if (sig[2] != 0x02)
return false;
147 if (lenR == 0)
return false;
150 if (sig[4] & 0x80)
return false;
154 if (lenR > 1 && (sig[4] == 0x00) && !(sig[5] & 0x80))
return false;
157 if (sig[lenR + 4] != 0x02)
return false;
160 if (lenS == 0)
return false;
163 if (sig[lenR + 6] & 0x80)
return false;
167 if (lenS > 1 && (sig[lenR + 6] == 0x00) && !(sig[lenR + 7] & 0x80))
return false;
179 std::vector<unsigned char> vchSigCopy(vchSig.begin(), vchSig.begin() + vchSig.size() - 1);
190 if (vchSig.size() == 0) {
203 if (vchSig.size() == 0) {
239 while (
static_cast<size_t>(end - pc) >= b.
size() && std::equal(b.
begin(), b.
end(), pc))
246 while (
script.GetOp(pc, opcode));
250 script = std::move(result);
272class ConditionStack {
275 static constexpr uint32_t NO_FALSE = std::numeric_limits<uint32_t>::max();
278 uint32_t m_stack_size = 0;
280 uint32_t m_first_false_pos = NO_FALSE;
283 bool empty()
const {
return m_stack_size == 0; }
284 bool all_true()
const {
return m_first_false_pos == NO_FALSE; }
285 void push_back(
bool f)
287 if (m_first_false_pos == NO_FALSE && !f) {
290 m_first_false_pos = m_stack_size;
298 if (m_first_false_pos == m_stack_size) {
300 m_first_false_pos = NO_FALSE;
306 if (m_first_false_pos == NO_FALSE) {
308 m_first_false_pos = m_stack_size - 1;
309 }
else if (m_first_false_pos == m_stack_size - 1) {
311 m_first_false_pos = NO_FALSE;
325 CScript scriptCode(pbegincodehash, pend);
356 success = !sig.empty();
366 if (pubkey.size() == 0) {
368 }
else if (pubkey.size() == 32) {
393 switch (sigversion) {
412 static const valtype vchFalse(0);
414 static const valtype vchTrue(1, 1);
424 ConditionStack vfExec;
425 std::vector<valtype> altstack;
432 uint32_t opcode_pos = 0;
438 for (; pc < pend; ++opcode_pos) {
439 bool fExec = vfExec.all_true();
444 if (!
script.GetOp(pc, opcode, vchPushValue))
481 stack.push_back(vchPushValue);
508 stack.push_back(bn.
getvch());
528 if (stack.size() < 1)
567 if (stack.size() < 1)
609 if (stack.size() < 1)
616 if (vch.size() > 1 || (vch.size() == 1 && vch[0] != 1)) {
624 if (vch.size() == 1 && vch[0] != 1)
632 vfExec.push_back(fValue);
656 if (stack.size() < 1)
678 if (stack.size() < 1)
687 if (altstack.size() < 1)
697 if (stack.size() < 2)
707 if (stack.size() < 2)
711 stack.push_back(vch1);
712 stack.push_back(vch2);
719 if (stack.size() < 3)
724 stack.push_back(vch1);
725 stack.push_back(vch2);
726 stack.push_back(vch3);
733 if (stack.size() < 4)
737 stack.push_back(vch1);
738 stack.push_back(vch2);
745 if (stack.size() < 6)
749 stack.erase(stack.end()-6, stack.end()-4);
750 stack.push_back(vch1);
751 stack.push_back(vch2);
758 if (stack.size() < 4)
768 if (stack.size() < 1)
772 stack.push_back(vch);
780 stack.push_back(bn.
getvch());
787 if (stack.size() < 1)
796 if (stack.size() < 1)
799 stack.push_back(vch);
806 if (stack.size() < 2)
808 stack.erase(stack.end() - 2);
815 if (stack.size() < 2)
818 stack.push_back(vch);
827 if (stack.size() < 2)
831 if (n < 0 || n >= (
int)stack.size())
835 stack.erase(stack.end()-n-1);
836 stack.push_back(vch);
845 if (stack.size() < 3)
855 if (stack.size() < 2)
864 if (stack.size() < 2)
867 stack.insert(stack.end()-2, vch);
875 if (stack.size() < 1)
878 stack.push_back(bn.
getvch());
891 if (stack.size() < 2)
895 bool fEqual = (vch1 == vch2);
903 stack.push_back(fEqual ? vchTrue : vchFalse);
926 if (stack.size() < 1)
931 case OP_1ADD: bn += bnOne;
break;
932 case OP_1SUB: bn -= bnOne;
break;
934 case OP_ABS:
if (bn < bnZero) bn = -bn;
break;
935 case OP_NOT: bn = (bn == bnZero);
break;
937 default:
assert(!
"invalid opcode");
break;
940 stack.push_back(bn.
getvch());
959 if (stack.size() < 2)
974 case OP_BOOLAND: bn = (bn1 != bnZero && bn2 != bnZero);
break;
975 case OP_BOOLOR: bn = (bn1 != bnZero || bn2 != bnZero);
break;
983 case OP_MIN: bn = (bn1 < bn2 ? bn1 : bn2);
break;
984 case OP_MAX: bn = (bn1 > bn2 ? bn1 : bn2);
break;
985 default:
assert(!
"invalid opcode");
break;
989 stack.push_back(bn.
getvch());
1004 if (stack.size() < 3)
1009 bool fValue = (bn2 <= bn1 && bn1 < bn3);
1013 stack.push_back(fValue ? vchTrue : vchFalse);
1028 if (stack.size() < 1)
1043 stack.push_back(vchHash);
1053 pbegincodehash = pc;
1062 if (stack.size() < 2)
1068 bool fSuccess =
true;
1069 if (!
EvalChecksig(vchSig, vchPubKey, pbegincodehash, pend, execdata,
flags, checker, sigversion, serror, fSuccess))
return false;
1072 stack.push_back(fSuccess ? vchTrue : vchFalse);
1095 bool success =
true;
1096 if (!
EvalChecksig(sig, pubkey, pbegincodehash, pend, execdata,
flags, checker, sigversion, serror, success))
return false;
1100 stack.push_back((num + (success ? 1 : 0)).getvch());
1112 if ((
int)stack.size() < i)
1118 nOpCount += nKeysCount;
1124 int ikey2 = nKeysCount + 2;
1126 if ((
int)stack.size() < i)
1130 if (nSigsCount < 0 || nSigsCount > nKeysCount)
1134 if ((
int)stack.size() < i)
1138 CScript scriptCode(pbegincodehash, pend);
1141 for (
int k = 0;
k < nSigsCount;
k++)
1151 bool fSuccess =
true;
1152 while (fSuccess && nSigsCount > 0)
1178 if (nSigsCount > nKeysCount)
1198 if (stack.size() < 1)
1204 stack.push_back(fSuccess ? vchTrue : vchFalse);
1230 if (!vfExec.empty())
1233 return set_success(serror);
1249class CTransactionSignatureSerializer
1254 const unsigned int nIn;
1255 const bool fAnyoneCanPay;
1256 const bool fHashSingle;
1257 const bool fHashNone;
1260 CTransactionSignatureSerializer(
const T& txToIn,
const CScript& scriptCodeIn,
unsigned int nInIn,
int nHashTypeIn) :
1261 txTo(txToIn), scriptCode(scriptCodeIn), nIn(nInIn),
1267 template<
typename S>
1268 void SerializeScriptCode(
S &
s)
const {
1272 unsigned int nCodeSeparators = 0;
1273 while (scriptCode.
GetOp(it, opcode)) {
1279 while (scriptCode.
GetOp(it, opcode)) {
1281 s.write(std::as_bytes(std::span{&itBegin[0], size_t(it - itBegin - 1)}));
1285 if (itBegin != scriptCode.
end())
1286 s.write(std::as_bytes(std::span{&itBegin[0],
size_t(it - itBegin)}));
1290 template<
typename S>
1291 void SerializeInput(
S &
s,
unsigned int nInput)
const {
1302 SerializeScriptCode(
s);
1304 if (nInput != nIn && (fHashSingle || fHashNone))
1312 template<
typename S>
1313 void SerializeOutput(
S &
s,
unsigned int nOutput)
const {
1314 if (fHashSingle && nOutput != nIn)
1322 template<
typename S>
1327 unsigned int nInputs = fAnyoneCanPay ? 1 : txTo.vin.size();
1329 for (
unsigned int nInput = 0; nInput < nInputs; nInput++)
1330 SerializeInput(
s, nInput);
1332 unsigned int nOutputs = fHashNone ? 0 : (fHashSingle ? nIn+1 : txTo.vout.size());
1334 for (
unsigned int nOutput = 0; nOutput < nOutputs; nOutput++)
1335 SerializeOutput(
s, nOutput);
1343uint256 GetPrevoutsSHA256(
const T& txTo)
1346 for (
const auto& txin : txTo.vin) {
1354uint256 GetSequencesSHA256(
const T& txTo)
1357 for (
const auto& txin : txTo.vin) {
1358 ss << txin.nSequence;
1365uint256 GetOutputsSHA256(
const T& txTo)
1368 for (
const auto& txout : txTo.vout) {
1375uint256 GetSpentAmountsSHA256(
const std::vector<CTxOut>& outputs_spent)
1378 for (
const auto& txout : outputs_spent) {
1385uint256 GetSpentScriptsSHA256(
const std::vector<CTxOut>& outputs_spent)
1388 for (
const auto& txout : outputs_spent) {
1389 ss << txout.scriptPubKey;
1409 bool uses_bip143_segwit = force;
1410 bool uses_bip341_taproot = force;
1411 for (
size_t inpos = 0; inpos < txTo.vin.size() && !(uses_bip143_segwit && uses_bip341_taproot); ++inpos) {
1412 if (!txTo.vin[inpos].scriptWitness.IsNull()) {
1419 uses_bip341_taproot =
true;
1424 uses_bip143_segwit =
true;
1427 if (uses_bip341_taproot && uses_bip143_segwit)
break;
1430 if (uses_bip143_segwit || uses_bip341_taproot) {
1436 if (uses_bip143_segwit) {
1474 assert(!
"Unknown MissingDataBehavior value");
1480 uint8_t ext_flag, key_version;
1481 switch (sigversion) {
1497 assert(in_pos < tx_to.vin.size());
1505 static constexpr uint8_t EPOCH = 0;
1511 if (!(hash_type <= 0x03 || (hash_type >= 0x81 && hash_type <= 0x83)))
return false;
1515 ss << tx_to.version;
1516 ss << tx_to.nLockTime;
1530 const uint8_t spend_type = (ext_flag << 1) + (have_annex ? 1 : 0);
1533 ss << tx_to.vin[in_pos].prevout;
1535 ss << tx_to.vin[in_pos].nSequence;
1545 if (in_pos >= tx_to.vout.size())
return false;
1548 sha_single_output << tx_to.vout[in_pos];
1563 hash_out = ss.GetSHA256();
1578 auto& entry = m_cache_entries[CacheIndex(hash_type)];
1579 if (entry.has_value()) {
1580 if (script_code == entry->first) {
1590 auto& entry = m_cache_entries[CacheIndex(hash_type)];
1591 entry.emplace(script_code, writer);
1597 assert(nIn < txTo.vin.size());
1602 if (nIn >= txTo.vout.size()) {
1612 if (sighash_cache && sighash_cache->
Load(nHashType, scriptCode, ss)) {
1634 }
else if ((nHashType & 0x1f) ==
SIGHASH_SINGLE && nIn < txTo.vout.size()) {
1636 inner_ss << txTo.vout[nIn];
1637 hashOutputs = inner_ss.GetHash();
1648 ss << txTo.vin[nIn].prevout;
1651 ss << txTo.vin[nIn].nSequence;
1655 ss << txTo.nLockTime;
1658 CTransactionSignatureSerializer<T> txTmp(txTo, scriptCode, nIn, nHashType);
1665 if (sighash_cache !=
nullptr) {
1666 sighash_cache->
Store(nHashType, scriptCode, ss);
1671 return ss.GetHash();
1677 return pubkey.
Verify(sighash, vchSig);
1694 std::vector<unsigned char> vchSig(vchSigIn);
1697 int nHashType = vchSig.back();
1703 uint256 sighash =
SignatureHash(scriptCode, *txTo, nIn, nHashType, amount, sigversion, this->txdata, &m_sighash_cache);
1705 if (!VerifyECDSASignature(vchSig, pubkey, sighash))
1716 assert(pubkey_in.size() == 32);
1726 if (sig.size() == 65) {
1732 if (!
SignatureHashSchnorr(sighash, execdata, *txTo, nIn, hashtype, sigversion, *this->txdata, m_mdb)) {
1757 if (nLockTime > (int64_t)txTo->nLockTime)
1781 const int64_t txToSequence = (int64_t)txTo->vin[nIn].nSequence;
1785 if (txTo->version < 2)
1798 const int64_t txToSequenceMasked = txToSequence & nLockTimeMask;
1799 const CScriptNum nSequenceMasked = nSequence & nLockTimeMask;
1817 if (nSequenceMasked > txToSequenceMasked)
1829 std::vector<valtype> stack{stack_span.begin(), stack_span.end()};
1834 while (pc < exec_script.
end()) {
1836 if (!exec_script.
GetOp(pc, opcode)) {
1845 return set_success(serror);
1854 for (
const valtype& elem : stack) {
1859 if (!
EvalScript(stack, exec_script,
flags, checker, sigversion, execdata, serror))
return false;
1875 if (std::lexicographical_compare(a.begin(), a.end(), b.begin(), b.end())) {
1876 ss_branch << a << b;
1878 ss_branch << b << a;
1891 for (
int i = 0; i < path_len; ++i) {
1909 return q.CheckTapTweak(p, merkle_root, control[0] & 1);
1915 std::span stack{witness.
stack};
1918 if (witversion == 0) {
1921 if (stack.size() == 0) {
1925 exec_script =
CScript(script_bytes.begin(), script_bytes.end());
1928 if (memcmp(hash_exec_script.
begin(), program.data(), 32)) {
1934 if (stack.size() != 2) {
1946 if (stack.size() >= 2 && !stack.back().empty() && stack.back()[0] ==
ANNEX_TAG) {
1955 if (stack.size() == 1) {
1960 return set_success(serror);
1983 return set_success(serror);
2000 if (witness ==
nullptr) {
2001 witness = &emptyWitness;
2003 bool hadWitness =
false;
2013 std::vector<std::vector<unsigned char> > stack, stackCopy;
2029 std::vector<unsigned char> witnessprogram;
2033 if (scriptSig.
size() != 0) {
2054 swap(stack, stackCopy);
2061 const valtype& pubKeySerialized = stack.back();
2062 CScript pubKey2(pubKeySerialized.begin(), pubKeySerialized.end());
2077 if (scriptSig !=
CScript() << std::vector<unsigned char>(pubKey2.
begin(), pubKey2.
end())) {
2100 if (stack.size() != 1) {
2110 if (!hadWitness && !witness->
IsNull()) {
2115 return set_success(serror);
2120 if (witversion == 0) {
2144 std::vector<unsigned char> witnessprogram;
2146 return WitnessSigOps(witnessversion, witnessprogram, witness ? *witness : witnessEmpty);
2151 std::vector<unsigned char>
data;
2152 while (pc < scriptSig.
end()) {
2158 return WitnessSigOps(witnessversion, witnessprogram, witness ? *witness : witnessEmpty);
std::vector< unsigned char > valtype
int64_t CAmount
Amount in satoshis (Can be negative)
virtual bool CheckLockTime(const CScriptNum &nLockTime) const
virtual bool CheckSchnorrSignature(std::span< const unsigned char > sig, std::span< const unsigned char > pubkey, SigVersion sigversion, ScriptExecutionData &execdata, ScriptError *serror=nullptr) const
virtual bool CheckSequence(const CScriptNum &nSequence) const
virtual bool CheckECDSASignature(const std::vector< unsigned char > &scriptSig, const std::vector< unsigned char > &vchPubKey, const CScript &scriptCode, SigVersion sigversion) const
A hasher class for Bitcoin's 160-bit hash (SHA-256 + RIPEMD-160).
CHash160 & Write(std::span< const unsigned char > input)
void Finalize(std::span< unsigned char > output)
A hasher class for Bitcoin's 256-bit hash (double SHA-256).
void Finalize(std::span< unsigned char > output)
CHash256 & Write(std::span< const unsigned char > input)
An encapsulated public key.
static constexpr unsigned int COMPRESSED_SIZE
static bool CheckLowS(const std::vector< unsigned char > &vchSig)
Check whether a signature is normalized (lower-S).
bool Verify(const uint256 &hash, const std::vector< unsigned char > &vchSig) const
Verify a DER signature (~72 bytes).
static constexpr unsigned int SIZE
secp256k1:
A hasher class for RIPEMD-160.
CRIPEMD160 & Write(const unsigned char *data, size_t len)
void Finalize(unsigned char hash[OUTPUT_SIZE])
CSHA1 & Write(const unsigned char *data, size_t len)
void Finalize(unsigned char hash[OUTPUT_SIZE])
A hasher class for SHA-256.
void Finalize(unsigned char hash[OUTPUT_SIZE])
CSHA256 & Write(const unsigned char *data, size_t len)
Serialized script, used inside transaction inputs and outputs.
bool IsPushOnly(const_iterator pc) const
Called by IsStandardTx and P2SH/BIP62 VerifyScript (which makes it consensus-critical).
bool IsPayToScriptHash() const
unsigned int GetSigOpCount(bool fAccurate) const
Pre-version-0.6, Bitcoin always counted CHECKMULTISIGs as 20 sigops.
bool IsPayToAnchor() const
bool GetOp(const_iterator &pc, opcodetype &opcodeRet, std::vector< unsigned char > &vchRet) const
bool IsWitnessProgram(int &version, std::vector< unsigned char > &program) const
std::vector< unsigned char > getvch() const
The basic transaction that is broadcasted on the network and contained in blocks.
static const uint32_t SEQUENCE_LOCKTIME_DISABLE_FLAG
If this flag is set, CTxIn::nSequence is NOT interpreted as a relative lock-time.
static const uint32_t SEQUENCE_LOCKTIME_MASK
If CTxIn::nSequence encodes a relative lock-time, this mask is applied to extract that lock-time from...
static const uint32_t SEQUENCE_FINAL
Setting nSequence to this value for every input in a transaction disables nLockTime/IsFinalTx().
static const uint32_t SEQUENCE_LOCKTIME_TYPE_FLAG
If CTxIn::nSequence encodes a relative lock-time and this flag is set, the relative lock-time has uni...
An output of a transaction.
bool CheckSchnorrSignature(std::span< const unsigned char > sig, std::span< const unsigned char > pubkey, SigVersion sigversion, ScriptExecutionData &execdata, ScriptError *serror=nullptr) const override
bool CheckECDSASignature(const std::vector< unsigned char > &scriptSig, const std::vector< unsigned char > &vchPubKey, const CScript &scriptCode, SigVersion sigversion) const override
bool CheckLockTime(const CScriptNum &nLockTime) const override
virtual bool VerifySchnorrSignature(std::span< const unsigned char > sig, const XOnlyPubKey &pubkey, const uint256 &sighash) const
virtual bool VerifyECDSASignature(const std::vector< unsigned char > &vchSig, const CPubKey &vchPubKey, const uint256 &sighash) const
bool CheckSequence(const CScriptNum &nSequence) const override
A writer stream (for serialization) that computes a 256-bit hash.
uint256 GetHash()
Compute the double-SHA256 hash of all data written to this object.
uint256 GetSHA256()
Compute the SHA256 hash of all data written to this object.
Data structure to cache SHA256 midstates for the ECDSA sighash calculations (bare,...
void Store(int32_t hash_type, const CScript &script_code, const HashWriter &writer) noexcept
Store into this cache object the provided SHA256 midstate.
bool Load(int32_t hash_type, const CScript &script_code, HashWriter &writer) const noexcept
Load into writer the SHA256 midstate if found in this cache.
int CacheIndex(int32_t hash_type) const noexcept
Given a hash_type, find which of the 6 cache entries is to be used.
bool VerifySchnorr(const uint256 &msg, std::span< const unsigned char > sigbytes) const
Verify a Schnorr signature against this public key.
static constexpr unsigned int size()
constexpr unsigned char * begin()
iterator insert(iterator pos, const T &value)
HashWriter TaggedHash(const std::string &tag)
Return a HashWriter primed for tagged hashes (as specified in BIP 340).
uint256 SHA256Uint256(const uint256 &input)
Single-SHA256 a 32-byte input (represented as uint256).
static bool CheckPubKeyEncoding(const valtype &vchPubKey, unsigned int flags, const SigVersion &sigversion, ScriptError *serror)
uint256 ComputeTapbranchHash(std::span< const unsigned char > a, std::span< const unsigned char > b)
Compute the BIP341 tapbranch hash from two branches.
static bool IsDefinedHashtypeSignature(const valtype &vchSig)
bool SignatureHashSchnorr(uint256 &hash_out, ScriptExecutionData &execdata, const T &tx_to, uint32_t in_pos, uint8_t hash_type, SigVersion sigversion, const PrecomputedTransactionData &cache, MissingDataBehavior mdb)
static bool IsCompressedPubKey(const valtype &vchPubKey)
static bool EvalChecksig(const valtype &sig, const valtype &pubkey, CScript::const_iterator pbegincodehash, CScript::const_iterator pend, ScriptExecutionData &execdata, unsigned int flags, const BaseSignatureChecker &checker, SigVersion sigversion, ScriptError *serror, bool &success)
Helper for OP_CHECKSIG, OP_CHECKSIGVERIFY, and (in Tapscript) OP_CHECKSIGADD.
static bool IsValidSignatureEncoding(const std::vector< unsigned char > &sig)
A canonical signature exists of: <30> <total len> <02> <len R> <R> <02> <len S> <hashtype> Where R a...
uint256 ComputeTaprootMerkleRoot(std::span< const unsigned char > control, const uint256 &tapleaf_hash)
Compute the BIP341 taproot script tree Merkle root from control block and leaf hash.
bool CastToBool(const valtype &vch)
static bool VerifyWitnessProgram(const CScriptWitness &witness, int witversion, const std::vector< unsigned char > &program, unsigned int flags, const BaseSignatureChecker &checker, ScriptError *serror, bool is_p2sh)
int FindAndDelete(CScript &script, const CScript &b)
const HashWriter HASHER_TAPBRANCH
Hasher with tag "TapBranch" pre-fed to it.
bool CheckSignatureEncoding(const std::vector< unsigned char > &vchSig, unsigned int flags, ScriptError *serror)
static void popstack(std::vector< valtype > &stack)
size_t CountWitnessSigOps(const CScript &scriptSig, const CScript &scriptPubKey, const CScriptWitness *witness, unsigned int flags)
static bool IsLowDERSignature(const valtype &vchSig, ScriptError *serror)
uint256 ComputeTapleafHash(uint8_t leaf_version, std::span< const unsigned char > script)
Compute the BIP341 tapleaf hash from leaf version & script.
uint256 SignatureHash(const CScript &scriptCode, const T &txTo, unsigned int nIn, int32_t nHashType, const CAmount &amount, SigVersion sigversion, const PrecomputedTransactionData *cache, SigHashCache *sighash_cache)
static size_t WitnessSigOps(int witversion, const std::vector< unsigned char > &witprogram, const CScriptWitness &witness)
static bool EvalChecksigPreTapscript(const valtype &vchSig, const valtype &vchPubKey, CScript::const_iterator pbegincodehash, CScript::const_iterator pend, unsigned int flags, const BaseSignatureChecker &checker, SigVersion sigversion, ScriptError *serror, bool &fSuccess)
std::vector< unsigned char > valtype
static bool IsCompressedOrUncompressedPubKey(const valtype &vchPubKey)
#define stacktop(i)
Script is a stack machine (like Forth) that evaluates a predicate returning a bool indicating valid o...
const HashWriter HASHER_TAPLEAF
Hasher with tag "TapLeaf" pre-fed to it.
static bool EvalChecksigTapscript(const valtype &sig, const valtype &pubkey, ScriptExecutionData &execdata, unsigned int flags, const BaseSignatureChecker &checker, SigVersion sigversion, ScriptError *serror, bool &success)
static bool HandleMissingData(MissingDataBehavior mdb)
static bool ExecuteWitnessScript(const std::span< const valtype > &stack_span, const CScript &exec_script, unsigned int flags, SigVersion sigversion, const BaseSignatureChecker &checker, ScriptExecutionData &execdata, ScriptError *serror)
static bool VerifyTaprootCommitment(const std::vector< unsigned char > &control, const std::vector< unsigned char > &program, const uint256 &tapleaf_hash)
bool EvalScript(std::vector< std::vector< unsigned char > > &stack, const CScript &script, unsigned int flags, const BaseSignatureChecker &checker, SigVersion sigversion, ScriptExecutionData &execdata, ScriptError *serror)
bool VerifyScript(const CScript &scriptSig, const CScript &scriptPubKey, const CScriptWitness *witness, unsigned int flags, const BaseSignatureChecker &checker, ScriptError *serror)
const HashWriter HASHER_TAPSIGHASH
Hasher with tag "TapSighash" pre-fed to it.
static constexpr size_t WITNESS_V0_KEYHASH_SIZE
@ TAPROOT
Witness v1 with 32-byte program, not BIP16 P2SH-wrapped, key path spending; see BIP 341.
@ BASE
Bare scripts and BIP16 P2SH-wrapped redeemscripts.
@ TAPSCRIPT
Witness v1 with 32-byte program, not BIP16 P2SH-wrapped, script path spending, leaf version 0xc0; see...
@ WITNESS_V0
Witness v0 (P2WPKH and P2WSH); see BIP 141.
static constexpr uint8_t TAPROOT_LEAF_MASK
@ SCRIPT_VERIFY_NULLDUMMY
@ SCRIPT_VERIFY_SIGPUSHONLY
@ SCRIPT_VERIFY_DISCOURAGE_OP_SUCCESS
@ SCRIPT_VERIFY_CONST_SCRIPTCODE
@ SCRIPT_VERIFY_MINIMALIF
@ SCRIPT_VERIFY_CHECKLOCKTIMEVERIFY
@ SCRIPT_VERIFY_WITNESS_PUBKEYTYPE
@ SCRIPT_VERIFY_DISCOURAGE_UPGRADABLE_TAPROOT_VERSION
@ SCRIPT_VERIFY_STRICTENC
@ SCRIPT_VERIFY_DISCOURAGE_UPGRADABLE_PUBKEYTYPE
@ SCRIPT_VERIFY_CLEANSTACK
@ SCRIPT_VERIFY_MINIMALDATA
@ SCRIPT_VERIFY_DISCOURAGE_UPGRADABLE_NOPS
@ SCRIPT_VERIFY_CHECKSEQUENCEVERIFY
@ SCRIPT_VERIFY_DISCOURAGE_UPGRADABLE_WITNESS_PROGRAM
static constexpr uint8_t TAPROOT_LEAF_TAPSCRIPT
static constexpr size_t WITNESS_V0_SCRIPTHASH_SIZE
Signature hash sizes.
@ SIGHASH_DEFAULT
Taproot only; implied when sighash byte is missing, and equivalent to SIGHASH_ALL.
static constexpr size_t TAPROOT_CONTROL_NODE_SIZE
static constexpr size_t WITNESS_V1_TAPROOT_SIZE
MissingDataBehavior
Enum to specify what *TransactionSignatureChecker's behavior should be when dealing with missing tran...
@ ASSERT_FAIL
Abort execution through assertion failure (for consensus code)
@ FAIL
Just act as if the signature was invalid.
static constexpr size_t TAPROOT_CONTROL_MAX_SIZE
static constexpr size_t TAPROOT_CONTROL_BASE_SIZE
#define S(a, b, c, d, e, f, g, h, i, j, k, l, m, n, o, p)
bool CheckMinimalPush(const std::vector< unsigned char > &data, opcodetype opcode)
bool IsOpSuccess(const opcodetype &opcode)
Test for OP_SUCCESSx opcodes as defined by BIP342.
static constexpr int64_t VALIDATION_WEIGHT_PER_SIGOP_PASSED
static const unsigned int LOCKTIME_THRESHOLD
static const unsigned int MAX_SCRIPT_ELEMENT_SIZE
static const int MAX_SCRIPT_SIZE
opcodetype
Script opcodes.
static const int MAX_STACK_SIZE
static const int MAX_OPS_PER_SCRIPT
static constexpr int64_t VALIDATION_WEIGHT_OFFSET
static const int MAX_PUBKEYS_PER_MULTISIG
static constexpr unsigned int ANNEX_TAG
enum ScriptError_t ScriptError
@ SCRIPT_ERR_OP_CODESEPARATOR
@ SCRIPT_ERR_SIG_PUSHONLY
@ SCRIPT_ERR_DISCOURAGE_UPGRADABLE_PUBKEYTYPE
@ SCRIPT_ERR_NUMEQUALVERIFY
@ SCRIPT_ERR_TAPSCRIPT_CHECKMULTISIG
@ SCRIPT_ERR_DISABLED_OPCODE
@ SCRIPT_ERR_DISCOURAGE_UPGRADABLE_TAPROOT_VERSION
@ SCRIPT_ERR_INVALID_ALTSTACK_OPERATION
@ SCRIPT_ERR_DISCOURAGE_UPGRADABLE_WITNESS_PROGRAM
@ SCRIPT_ERR_TAPSCRIPT_MINIMALIF
@ SCRIPT_ERR_UNKNOWN_ERROR
@ SCRIPT_ERR_WITNESS_PROGRAM_WRONG_LENGTH
@ SCRIPT_ERR_SIG_HASHTYPE
@ SCRIPT_ERR_CHECKSIGVERIFY
@ SCRIPT_ERR_WITNESS_MALLEATED_P2SH
@ SCRIPT_ERR_SCHNORR_SIG_SIZE
@ SCRIPT_ERR_WITNESS_MALLEATED
@ SCRIPT_ERR_DISCOURAGE_UPGRADABLE_NOPS
@ SCRIPT_ERR_TAPSCRIPT_VALIDATION_WEIGHT
@ SCRIPT_ERR_INVALID_STACK_OPERATION
@ SCRIPT_ERR_DISCOURAGE_OP_SUCCESS
@ SCRIPT_ERR_WITNESS_UNEXPECTED
@ SCRIPT_ERR_NEGATIVE_LOCKTIME
@ SCRIPT_ERR_WITNESS_PROGRAM_MISMATCH
@ SCRIPT_ERR_SIG_NULLFAIL
@ SCRIPT_ERR_SIG_NULLDUMMY
@ SCRIPT_ERR_CHECKMULTISIGVERIFY
@ SCRIPT_ERR_TAPROOT_WRONG_CONTROL_SIZE
@ SCRIPT_ERR_UNSATISFIED_LOCKTIME
@ SCRIPT_ERR_WITNESS_PUBKEYTYPE
@ SCRIPT_ERR_SIG_FINDANDDELETE
@ SCRIPT_ERR_PUBKEY_COUNT
@ SCRIPT_ERR_WITNESS_PROGRAM_WITNESS_EMPTY
@ SCRIPT_ERR_SCHNORR_SIG_HASHTYPE
@ SCRIPT_ERR_UNBALANCED_CONDITIONAL
size_t GetSerializeSize(const T &t)
void Serialize(Stream &, V)=delete
void WriteCompactSize(SizeComputer &os, uint64_t nSize)
T & SpanPopBack(std::span< T > &span)
A span is an object that can refer to a contiguous sequence of objects.
A mutable version of CTransaction.
std::vector< std::vector< unsigned char > > stack
void Init(const T &tx, std::vector< CTxOut > &&spent_outputs, bool force=false)
Initialize this PrecomputedTransactionData with transaction data.
uint256 m_sequences_single_hash
bool m_bip341_taproot_ready
Whether the 5 fields above are initialized.
PrecomputedTransactionData()=default
bool m_bip143_segwit_ready
Whether the 3 fields above are initialized.
uint256 m_prevouts_single_hash
uint256 m_spent_amounts_single_hash
uint256 m_spent_scripts_single_hash
bool m_spent_outputs_ready
Whether m_spent_outputs is initialized.
uint256 m_outputs_single_hash
std::vector< CTxOut > m_spent_outputs
std::optional< uint256 > m_output_hash
The hash of the corresponding output.
uint256 m_tapleaf_hash
The tapleaf hash.
uint256 m_annex_hash
Hash of the annex data.
int64_t m_validation_weight_left
How much validation weight is left (decremented for every successful non-empty signature check).
bool m_annex_present
Whether an annex is present.
bool m_annex_init
Whether m_annex_present and (when needed) m_annex_hash are initialized.
bool m_codeseparator_pos_init
Whether m_codeseparator_pos is initialized.
bool m_tapleaf_hash_init
Whether m_tapleaf_hash is initialized.
bool m_validation_weight_left_init
Whether m_validation_weight_left is initialized.
uint32_t m_codeseparator_pos
Opcode position of the last executed OP_CODESEPARATOR (or 0xFFFFFFFF if none executed).