Bitcoin Core  22.99.0
P2P Digital Currency
sign.cpp
Go to the documentation of this file.
1 // Copyright (c) 2009-2010 Satoshi Nakamoto
2 // Copyright (c) 2009-2020 The Bitcoin Core developers
3 // Distributed under the MIT software license, see the accompanying
4 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
5 
6 #include <script/sign.h>
7 
8 #include <key.h>
9 #include <policy/policy.h>
10 #include <primitives/transaction.h>
11 #include <script/signingprovider.h>
12 #include <script/standard.h>
13 #include <uint256.h>
14 #include <util/translation.h>
15 #include <util/vector.h>
16 
17 typedef std::vector<unsigned char> valtype;
18 
19 MutableTransactionSignatureCreator::MutableTransactionSignatureCreator(const CMutableTransaction* txToIn, unsigned int nInIn, const CAmount& amountIn, int nHashTypeIn)
20  : txTo(txToIn), nIn(nInIn), nHashType(nHashTypeIn), amount(amountIn), checker(txTo, nIn, amountIn, MissingDataBehavior::FAIL),
21  m_txdata(nullptr)
22 {
23 }
24 
25 MutableTransactionSignatureCreator::MutableTransactionSignatureCreator(const CMutableTransaction* txToIn, unsigned int nInIn, const CAmount& amountIn, const PrecomputedTransactionData* txdata, int nHashTypeIn)
26  : txTo(txToIn), nIn(nInIn), nHashType(nHashTypeIn), amount(amountIn),
27  checker(txdata ? MutableTransactionSignatureChecker(txTo, nIn, amount, *txdata, MissingDataBehavior::FAIL) :
29  m_txdata(txdata)
30 {
31 }
32 
33 bool MutableTransactionSignatureCreator::CreateSig(const SigningProvider& provider, std::vector<unsigned char>& vchSig, const CKeyID& address, const CScript& scriptCode, SigVersion sigversion) const
34 {
35  assert(sigversion == SigVersion::BASE || sigversion == SigVersion::WITNESS_V0);
36 
37  CKey key;
38  if (!provider.GetKey(address, key))
39  return false;
40 
41  // Signing with uncompressed keys is disabled in witness scripts
42  if (sigversion == SigVersion::WITNESS_V0 && !key.IsCompressed())
43  return false;
44 
45  // Signing without known amount does not work in witness scripts.
46  if (sigversion == SigVersion::WITNESS_V0 && !MoneyRange(amount)) return false;
47 
48  // BASE/WITNESS_V0 signatures don't support explicit SIGHASH_DEFAULT, use SIGHASH_ALL instead.
49  const int hashtype = nHashType == SIGHASH_DEFAULT ? SIGHASH_ALL : nHashType;
50 
51  uint256 hash = SignatureHash(scriptCode, *txTo, nIn, hashtype, amount, sigversion, m_txdata);
52  if (!key.Sign(hash, vchSig))
53  return false;
54  vchSig.push_back((unsigned char)hashtype);
55  return true;
56 }
57 
58 bool MutableTransactionSignatureCreator::CreateSchnorrSig(const SigningProvider& provider, std::vector<unsigned char>& sig, const XOnlyPubKey& pubkey, const uint256* leaf_hash, const uint256* merkle_root, SigVersion sigversion) const
59 {
60  assert(sigversion == SigVersion::TAPROOT || sigversion == SigVersion::TAPSCRIPT);
61 
62  CKey key;
63  if (!provider.GetKeyByXOnly(pubkey, key)) return false;
64 
65  // BIP341/BIP342 signing needs lots of precomputed transaction data. While some
66  // (non-SIGHASH_DEFAULT) sighash modes exist that can work with just some subset
67  // of data present, for now, only support signing when everything is provided.
69 
70  ScriptExecutionData execdata;
71  execdata.m_annex_init = true;
72  execdata.m_annex_present = false; // Only support annex-less signing for now.
73  if (sigversion == SigVersion::TAPSCRIPT) {
74  execdata.m_codeseparator_pos_init = true;
75  execdata.m_codeseparator_pos = 0xFFFFFFFF; // Only support non-OP_CODESEPARATOR BIP342 signing for now.
76  if (!leaf_hash) return false; // BIP342 signing needs leaf hash.
77  execdata.m_tapleaf_hash_init = true;
78  execdata.m_tapleaf_hash = *leaf_hash;
79  }
80  uint256 hash;
81  if (!SignatureHashSchnorr(hash, execdata, *txTo, nIn, nHashType, sigversion, *m_txdata, MissingDataBehavior::FAIL)) return false;
82  sig.resize(64);
83  if (!key.SignSchnorr(hash, sig, merkle_root, nullptr)) return false;
84  if (nHashType) sig.push_back(nHashType);
85  return true;
86 }
87 
88 static bool GetCScript(const SigningProvider& provider, const SignatureData& sigdata, const CScriptID& scriptid, CScript& script)
89 {
90  if (provider.GetCScript(scriptid, script)) {
91  return true;
92  }
93  // Look for scripts in SignatureData
94  if (CScriptID(sigdata.redeem_script) == scriptid) {
95  script = sigdata.redeem_script;
96  return true;
97  } else if (CScriptID(sigdata.witness_script) == scriptid) {
98  script = sigdata.witness_script;
99  return true;
100  }
101  return false;
102 }
103 
104 static bool GetPubKey(const SigningProvider& provider, const SignatureData& sigdata, const CKeyID& address, CPubKey& pubkey)
105 {
106  // Look for pubkey in all partial sigs
107  const auto it = sigdata.signatures.find(address);
108  if (it != sigdata.signatures.end()) {
109  pubkey = it->second.first;
110  return true;
111  }
112  // Look for pubkey in pubkey list
113  const auto& pk_it = sigdata.misc_pubkeys.find(address);
114  if (pk_it != sigdata.misc_pubkeys.end()) {
115  pubkey = pk_it->second.first;
116  return true;
117  }
118  // Query the underlying provider
119  return provider.GetPubKey(address, pubkey);
120 }
121 
122 static bool CreateSig(const BaseSignatureCreator& creator, SignatureData& sigdata, const SigningProvider& provider, std::vector<unsigned char>& sig_out, const CPubKey& pubkey, const CScript& scriptcode, SigVersion sigversion)
123 {
124  CKeyID keyid = pubkey.GetID();
125  const auto it = sigdata.signatures.find(keyid);
126  if (it != sigdata.signatures.end()) {
127  sig_out = it->second.second;
128  return true;
129  }
130  KeyOriginInfo info;
131  if (provider.GetKeyOrigin(keyid, info)) {
132  sigdata.misc_pubkeys.emplace(keyid, std::make_pair(pubkey, std::move(info)));
133  }
134  if (creator.CreateSig(provider, sig_out, keyid, scriptcode, sigversion)) {
135  auto i = sigdata.signatures.emplace(keyid, SigPair(pubkey, sig_out));
136  assert(i.second);
137  return true;
138  }
139  // Could not make signature or signature not found, add keyid to missing
140  sigdata.missing_sigs.push_back(keyid);
141  return false;
142 }
143 
144 static bool CreateTaprootScriptSig(const BaseSignatureCreator& creator, SignatureData& sigdata, const SigningProvider& provider, std::vector<unsigned char>& sig_out, const XOnlyPubKey& pubkey, const uint256& leaf_hash, SigVersion sigversion)
145 {
146  auto lookup_key = std::make_pair(pubkey, leaf_hash);
147  auto it = sigdata.taproot_script_sigs.find(lookup_key);
148  if (it != sigdata.taproot_script_sigs.end()) {
149  sig_out = it->second;
150  }
151  if (creator.CreateSchnorrSig(provider, sig_out, pubkey, &leaf_hash, nullptr, sigversion)) {
152  sigdata.taproot_script_sigs[lookup_key] = sig_out;
153  return true;
154  }
155  return false;
156 }
157 
158 static bool SignTaprootScript(const SigningProvider& provider, const BaseSignatureCreator& creator, SignatureData& sigdata, int leaf_version, const CScript& script, std::vector<valtype>& result)
159 {
160  // Only BIP342 tapscript signing is supported for now.
161  if (leaf_version != TAPROOT_LEAF_TAPSCRIPT) return false;
162  SigVersion sigversion = SigVersion::TAPSCRIPT;
163 
164  uint256 leaf_hash = (CHashWriter(HASHER_TAPLEAF) << uint8_t(leaf_version) << script).GetSHA256();
165 
166  // <xonly pubkey> OP_CHECKSIG
167  if (script.size() == 34 && script[33] == OP_CHECKSIG && script[0] == 0x20) {
168  XOnlyPubKey pubkey(MakeSpan(script).subspan(1, 32));
169  std::vector<unsigned char> sig;
170  if (CreateTaprootScriptSig(creator, sigdata, provider, sig, pubkey, leaf_hash, sigversion)) {
171  result = Vector(std::move(sig));
172  return true;
173  }
174  }
175 
176  return false;
177 }
178 
179 static bool SignTaproot(const SigningProvider& provider, const BaseSignatureCreator& creator, const WitnessV1Taproot& output, SignatureData& sigdata, std::vector<valtype>& result)
180 {
181  TaprootSpendData spenddata;
182 
183  // Gather information about this output.
184  if (provider.GetTaprootSpendData(output, spenddata)) {
185  sigdata.tr_spenddata.Merge(spenddata);
186  }
187 
188  // Try key path spending.
189  {
190  std::vector<unsigned char> sig;
191  if (sigdata.taproot_key_path_sig.size() == 0) {
192  if (creator.CreateSchnorrSig(provider, sig, spenddata.internal_key, nullptr, &spenddata.merkle_root, SigVersion::TAPROOT)) {
193  sigdata.taproot_key_path_sig = sig;
194  }
195  }
196  if (sigdata.taproot_key_path_sig.size()) {
197  result = Vector(sigdata.taproot_key_path_sig);
198  return true;
199  }
200  }
201 
202  // Try script path spending.
203  std::vector<std::vector<unsigned char>> smallest_result_stack;
204  for (const auto& [key, control_blocks] : sigdata.tr_spenddata.scripts) {
205  const auto& [script, leaf_ver] = key;
206  std::vector<std::vector<unsigned char>> result_stack;
207  if (SignTaprootScript(provider, creator, sigdata, leaf_ver, script, result_stack)) {
208  result_stack.emplace_back(std::begin(script), std::end(script)); // Push the script
209  result_stack.push_back(*control_blocks.begin()); // Push the smallest control block
210  if (smallest_result_stack.size() == 0 ||
211  GetSerializeSize(result_stack, PROTOCOL_VERSION) < GetSerializeSize(smallest_result_stack, PROTOCOL_VERSION)) {
212  smallest_result_stack = std::move(result_stack);
213  }
214  }
215  }
216  if (smallest_result_stack.size() != 0) {
217  result = std::move(smallest_result_stack);
218  return true;
219  }
220 
221  return false;
222 }
223 
230 static bool SignStep(const SigningProvider& provider, const BaseSignatureCreator& creator, const CScript& scriptPubKey,
231  std::vector<valtype>& ret, TxoutType& whichTypeRet, SigVersion sigversion, SignatureData& sigdata)
232 {
233  CScript scriptRet;
234  uint160 h160;
235  ret.clear();
236  std::vector<unsigned char> sig;
237 
238  std::vector<valtype> vSolutions;
239  whichTypeRet = Solver(scriptPubKey, vSolutions);
240 
241  switch (whichTypeRet) {
245  return false;
246  case TxoutType::PUBKEY:
247  if (!CreateSig(creator, sigdata, provider, sig, CPubKey(vSolutions[0]), scriptPubKey, sigversion)) return false;
248  ret.push_back(std::move(sig));
249  return true;
250  case TxoutType::PUBKEYHASH: {
251  CKeyID keyID = CKeyID(uint160(vSolutions[0]));
252  CPubKey pubkey;
253  if (!GetPubKey(provider, sigdata, keyID, pubkey)) {
254  // Pubkey could not be found, add to missing
255  sigdata.missing_pubkeys.push_back(keyID);
256  return false;
257  }
258  if (!CreateSig(creator, sigdata, provider, sig, pubkey, scriptPubKey, sigversion)) return false;
259  ret.push_back(std::move(sig));
260  ret.push_back(ToByteVector(pubkey));
261  return true;
262  }
264  h160 = uint160(vSolutions[0]);
265  if (GetCScript(provider, sigdata, CScriptID{h160}, scriptRet)) {
266  ret.push_back(std::vector<unsigned char>(scriptRet.begin(), scriptRet.end()));
267  return true;
268  }
269  // Could not find redeemScript, add to missing
270  sigdata.missing_redeem_script = h160;
271  return false;
272 
273  case TxoutType::MULTISIG: {
274  size_t required = vSolutions.front()[0];
275  ret.push_back(valtype()); // workaround CHECKMULTISIG bug
276  for (size_t i = 1; i < vSolutions.size() - 1; ++i) {
277  CPubKey pubkey = CPubKey(vSolutions[i]);
278  // We need to always call CreateSig in order to fill sigdata with all
279  // possible signatures that we can create. This will allow further PSBT
280  // processing to work as it needs all possible signature and pubkey pairs
281  if (CreateSig(creator, sigdata, provider, sig, pubkey, scriptPubKey, sigversion)) {
282  if (ret.size() < required + 1) {
283  ret.push_back(std::move(sig));
284  }
285  }
286  }
287  bool ok = ret.size() == required + 1;
288  for (size_t i = 0; i + ret.size() < required + 1; ++i) {
289  ret.push_back(valtype());
290  }
291  return ok;
292  }
294  ret.push_back(vSolutions[0]);
295  return true;
296 
298  CRIPEMD160().Write(vSolutions[0].data(), vSolutions[0].size()).Finalize(h160.begin());
299  if (GetCScript(provider, sigdata, CScriptID{h160}, scriptRet)) {
300  ret.push_back(std::vector<unsigned char>(scriptRet.begin(), scriptRet.end()));
301  return true;
302  }
303  // Could not find witnessScript, add to missing
304  sigdata.missing_witness_script = uint256(vSolutions[0]);
305  return false;
306 
308  return SignTaproot(provider, creator, WitnessV1Taproot(XOnlyPubKey{vSolutions[0]}), sigdata, ret);
309  } // no default case, so the compiler can warn about missing cases
310  assert(false);
311 }
312 
313 static CScript PushAll(const std::vector<valtype>& values)
314 {
315  CScript result;
316  for (const valtype& v : values) {
317  if (v.size() == 0) {
318  result << OP_0;
319  } else if (v.size() == 1 && v[0] >= 1 && v[0] <= 16) {
320  result << CScript::EncodeOP_N(v[0]);
321  } else if (v.size() == 1 && v[0] == 0x81) {
322  result << OP_1NEGATE;
323  } else {
324  result << v;
325  }
326  }
327  return result;
328 }
329 
330 bool ProduceSignature(const SigningProvider& provider, const BaseSignatureCreator& creator, const CScript& fromPubKey, SignatureData& sigdata)
331 {
332  if (sigdata.complete) return true;
333 
334  std::vector<valtype> result;
335  TxoutType whichType;
336  bool solved = SignStep(provider, creator, fromPubKey, result, whichType, SigVersion::BASE, sigdata);
337  bool P2SH = false;
338  CScript subscript;
339 
340  if (solved && whichType == TxoutType::SCRIPTHASH)
341  {
342  // Solver returns the subscript that needs to be evaluated;
343  // the final scriptSig is the signatures from that
344  // and then the serialized subscript:
345  subscript = CScript(result[0].begin(), result[0].end());
346  sigdata.redeem_script = subscript;
347  solved = solved && SignStep(provider, creator, subscript, result, whichType, SigVersion::BASE, sigdata) && whichType != TxoutType::SCRIPTHASH;
348  P2SH = true;
349  }
350 
351  if (solved && whichType == TxoutType::WITNESS_V0_KEYHASH)
352  {
353  CScript witnessscript;
354  witnessscript << OP_DUP << OP_HASH160 << ToByteVector(result[0]) << OP_EQUALVERIFY << OP_CHECKSIG;
355  TxoutType subType;
356  solved = solved && SignStep(provider, creator, witnessscript, result, subType, SigVersion::WITNESS_V0, sigdata);
357  sigdata.scriptWitness.stack = result;
358  sigdata.witness = true;
359  result.clear();
360  }
361  else if (solved && whichType == TxoutType::WITNESS_V0_SCRIPTHASH)
362  {
363  CScript witnessscript(result[0].begin(), result[0].end());
364  sigdata.witness_script = witnessscript;
365  TxoutType subType;
366  solved = solved && SignStep(provider, creator, witnessscript, result, subType, SigVersion::WITNESS_V0, sigdata) && subType != TxoutType::SCRIPTHASH && subType != TxoutType::WITNESS_V0_SCRIPTHASH && subType != TxoutType::WITNESS_V0_KEYHASH;
367  result.push_back(std::vector<unsigned char>(witnessscript.begin(), witnessscript.end()));
368  sigdata.scriptWitness.stack = result;
369  sigdata.witness = true;
370  result.clear();
371  } else if (whichType == TxoutType::WITNESS_V1_TAPROOT && !P2SH) {
372  sigdata.witness = true;
373  if (solved) {
374  sigdata.scriptWitness.stack = std::move(result);
375  }
376  result.clear();
377  } else if (solved && whichType == TxoutType::WITNESS_UNKNOWN) {
378  sigdata.witness = true;
379  }
380 
381  if (!sigdata.witness) sigdata.scriptWitness.stack.clear();
382  if (P2SH) {
383  result.push_back(std::vector<unsigned char>(subscript.begin(), subscript.end()));
384  }
385  sigdata.scriptSig = PushAll(result);
386 
387  // Test solution
388  sigdata.complete = solved && VerifyScript(sigdata.scriptSig, fromPubKey, &sigdata.scriptWitness, STANDARD_SCRIPT_VERIFY_FLAGS, creator.Checker());
389  return sigdata.complete;
390 }
391 
392 namespace {
393 class SignatureExtractorChecker final : public DeferringSignatureChecker
394 {
395 private:
396  SignatureData& sigdata;
397 
398 public:
399  SignatureExtractorChecker(SignatureData& sigdata, BaseSignatureChecker& checker) : DeferringSignatureChecker(checker), sigdata(sigdata) {}
400 
401  bool CheckECDSASignature(const std::vector<unsigned char>& scriptSig, const std::vector<unsigned char>& vchPubKey, const CScript& scriptCode, SigVersion sigversion) const override
402  {
403  if (m_checker.CheckECDSASignature(scriptSig, vchPubKey, scriptCode, sigversion)) {
404  CPubKey pubkey(vchPubKey);
405  sigdata.signatures.emplace(pubkey.GetID(), SigPair(pubkey, scriptSig));
406  return true;
407  }
408  return false;
409  }
410 };
411 
412 struct Stacks
413 {
414  std::vector<valtype> script;
415  std::vector<valtype> witness;
416 
417  Stacks() = delete;
418  Stacks(const Stacks&) = delete;
419  explicit Stacks(const SignatureData& data) : witness(data.scriptWitness.stack) {
421  }
422 };
423 }
424 
425 // Extracts signatures and scripts from incomplete scriptSigs. Please do not extend this, use PSBT instead
426 SignatureData DataFromTransaction(const CMutableTransaction& tx, unsigned int nIn, const CTxOut& txout)
427 {
428  SignatureData data;
429  assert(tx.vin.size() > nIn);
430  data.scriptSig = tx.vin[nIn].scriptSig;
431  data.scriptWitness = tx.vin[nIn].scriptWitness;
432  Stacks stack(data);
433 
434  // Get signatures
436  SignatureExtractorChecker extractor_checker(data, tx_checker);
437  if (VerifyScript(data.scriptSig, txout.scriptPubKey, &data.scriptWitness, STANDARD_SCRIPT_VERIFY_FLAGS, extractor_checker)) {
438  data.complete = true;
439  return data;
440  }
441 
442  // Get scripts
443  std::vector<std::vector<unsigned char>> solutions;
444  TxoutType script_type = Solver(txout.scriptPubKey, solutions);
445  SigVersion sigversion = SigVersion::BASE;
446  CScript next_script = txout.scriptPubKey;
447 
448  if (script_type == TxoutType::SCRIPTHASH && !stack.script.empty() && !stack.script.back().empty()) {
449  // Get the redeemScript
450  CScript redeem_script(stack.script.back().begin(), stack.script.back().end());
451  data.redeem_script = redeem_script;
452  next_script = std::move(redeem_script);
453 
454  // Get redeemScript type
455  script_type = Solver(next_script, solutions);
456  stack.script.pop_back();
457  }
458  if (script_type == TxoutType::WITNESS_V0_SCRIPTHASH && !stack.witness.empty() && !stack.witness.back().empty()) {
459  // Get the witnessScript
460  CScript witness_script(stack.witness.back().begin(), stack.witness.back().end());
461  data.witness_script = witness_script;
462  next_script = std::move(witness_script);
463 
464  // Get witnessScript type
465  script_type = Solver(next_script, solutions);
466  stack.witness.pop_back();
467  stack.script = std::move(stack.witness);
468  stack.witness.clear();
469  sigversion = SigVersion::WITNESS_V0;
470  }
471  if (script_type == TxoutType::MULTISIG && !stack.script.empty()) {
472  // Build a map of pubkey -> signature by matching sigs to pubkeys:
473  assert(solutions.size() > 1);
474  unsigned int num_pubkeys = solutions.size()-2;
475  unsigned int last_success_key = 0;
476  for (const valtype& sig : stack.script) {
477  for (unsigned int i = last_success_key; i < num_pubkeys; ++i) {
478  const valtype& pubkey = solutions[i+1];
479  // We either have a signature for this pubkey, or we have found a signature and it is valid
480  if (data.signatures.count(CPubKey(pubkey).GetID()) || extractor_checker.CheckECDSASignature(sig, pubkey, next_script, sigversion)) {
481  last_success_key = i + 1;
482  break;
483  }
484  }
485  }
486  }
487 
488  return data;
489 }
490 
491 void UpdateInput(CTxIn& input, const SignatureData& data)
492 {
493  input.scriptSig = data.scriptSig;
494  input.scriptWitness = data.scriptWitness;
495 }
496 
498 {
499  if (complete) return;
500  if (sigdata.complete) {
501  *this = std::move(sigdata);
502  return;
503  }
504  if (redeem_script.empty() && !sigdata.redeem_script.empty()) {
505  redeem_script = sigdata.redeem_script;
506  }
507  if (witness_script.empty() && !sigdata.witness_script.empty()) {
508  witness_script = sigdata.witness_script;
509  }
510  signatures.insert(std::make_move_iterator(sigdata.signatures.begin()), std::make_move_iterator(sigdata.signatures.end()));
511 }
512 
513 bool SignSignature(const SigningProvider &provider, const CScript& fromPubKey, CMutableTransaction& txTo, unsigned int nIn, const CAmount& amount, int nHashType)
514 {
515  assert(nIn < txTo.vin.size());
516 
517  MutableTransactionSignatureCreator creator(&txTo, nIn, amount, nHashType);
518 
519  SignatureData sigdata;
520  bool ret = ProduceSignature(provider, creator, fromPubKey, sigdata);
521  UpdateInput(txTo.vin.at(nIn), sigdata);
522  return ret;
523 }
524 
525 bool SignSignature(const SigningProvider &provider, const CTransaction& txFrom, CMutableTransaction& txTo, unsigned int nIn, int nHashType)
526 {
527  assert(nIn < txTo.vin.size());
528  const CTxIn& txin = txTo.vin[nIn];
529  assert(txin.prevout.n < txFrom.vout.size());
530  const CTxOut& txout = txFrom.vout[txin.prevout.n];
531 
532  return SignSignature(provider, txout.scriptPubKey, txTo, nIn, txout.nValue, nHashType);
533 }
534 
535 namespace {
537 class DummySignatureChecker final : public BaseSignatureChecker
538 {
539 public:
540  DummySignatureChecker() {}
541  bool CheckECDSASignature(const std::vector<unsigned char>& scriptSig, const std::vector<unsigned char>& vchPubKey, const CScript& scriptCode, SigVersion sigversion) const override { return true; }
542  bool CheckSchnorrSignature(Span<const unsigned char> sig, Span<const unsigned char> pubkey, SigVersion sigversion, const ScriptExecutionData& execdata, ScriptError* serror) const override { return true; }
543 };
544 const DummySignatureChecker DUMMY_CHECKER;
545 
546 class DummySignatureCreator final : public BaseSignatureCreator {
547 private:
548  char m_r_len = 32;
549  char m_s_len = 32;
550 public:
551  DummySignatureCreator(char r_len, char s_len) : m_r_len(r_len), m_s_len(s_len) {}
552  const BaseSignatureChecker& Checker() const override { return DUMMY_CHECKER; }
553  bool CreateSig(const SigningProvider& provider, std::vector<unsigned char>& vchSig, const CKeyID& keyid, const CScript& scriptCode, SigVersion sigversion) const override
554  {
555  // Create a dummy signature that is a valid DER-encoding
556  vchSig.assign(m_r_len + m_s_len + 7, '\000');
557  vchSig[0] = 0x30;
558  vchSig[1] = m_r_len + m_s_len + 4;
559  vchSig[2] = 0x02;
560  vchSig[3] = m_r_len;
561  vchSig[4] = 0x01;
562  vchSig[4 + m_r_len] = 0x02;
563  vchSig[5 + m_r_len] = m_s_len;
564  vchSig[6 + m_r_len] = 0x01;
565  vchSig[6 + m_r_len + m_s_len] = SIGHASH_ALL;
566  return true;
567  }
568  bool CreateSchnorrSig(const SigningProvider& provider, std::vector<unsigned char>& sig, const XOnlyPubKey& pubkey, const uint256* leaf_hash, const uint256* tweak, SigVersion sigversion) const override
569  {
570  sig.assign(64, '\000');
571  return true;
572  }
573 };
574 
575 }
576 
577 const BaseSignatureCreator& DUMMY_SIGNATURE_CREATOR = DummySignatureCreator(32, 32);
578 const BaseSignatureCreator& DUMMY_MAXIMUM_SIGNATURE_CREATOR = DummySignatureCreator(33, 32);
579 
580 bool IsSolvable(const SigningProvider& provider, const CScript& script)
581 {
582  // This check is to make sure that the script we created can actually be solved for and signed by us
583  // if we were to have the private keys. This is just to make sure that the script is valid and that,
584  // if found in a transaction, we would still accept and relay that transaction. In particular,
585  // it will reject witness outputs that require signing with an uncompressed public key.
586  SignatureData sigs;
587  // Make sure that STANDARD_SCRIPT_VERIFY_FLAGS includes SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, the most
588  // important property this function is designed to test for.
589  static_assert(STANDARD_SCRIPT_VERIFY_FLAGS & SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, "IsSolvable requires standard script flags to include WITNESS_PUBKEYTYPE");
590  if (ProduceSignature(provider, DUMMY_SIGNATURE_CREATOR, script, sigs)) {
591  // VerifyScript check is just defensive, and should never fail.
592  bool verified = VerifyScript(sigs.scriptSig, script, &sigs.scriptWitness, STANDARD_SCRIPT_VERIFY_FLAGS, DUMMY_CHECKER);
593  assert(verified);
594  return true;
595  }
596  return false;
597 }
598 
599 bool IsSegWitOutput(const SigningProvider& provider, const CScript& script)
600 {
601  int version;
602  valtype program;
603  if (script.IsWitnessProgram(version, program)) return true;
604  if (script.IsPayToScriptHash()) {
605  std::vector<valtype> solutions;
606  auto whichtype = Solver(script, solutions);
607  if (whichtype == TxoutType::SCRIPTHASH) {
608  auto h160 = uint160(solutions[0]);
609  CScript subscript;
610  if (provider.GetCScript(CScriptID{h160}, subscript)) {
611  if (subscript.IsWitnessProgram(version, program)) return true;
612  }
613  }
614  }
615  return false;
616 }
617 
618 bool SignTransaction(CMutableTransaction& mtx, const SigningProvider* keystore, const std::map<COutPoint, Coin>& coins, int nHashType, std::map<int, bilingual_str>& input_errors)
619 {
620  bool fHashSingle = ((nHashType & ~SIGHASH_ANYONECANPAY) == SIGHASH_SINGLE);
621 
622  // Use CTransaction for the constant parts of the
623  // transaction to avoid rehashing.
624  const CTransaction txConst(mtx);
625 
627  std::vector<CTxOut> spent_outputs;
628  for (unsigned int i = 0; i < mtx.vin.size(); ++i) {
629  CTxIn& txin = mtx.vin[i];
630  auto coin = coins.find(txin.prevout);
631  if (coin == coins.end() || coin->second.IsSpent()) {
632  txdata.Init(txConst, /* spent_outputs */ {}, /* force */ true);
633  break;
634  } else {
635  spent_outputs.emplace_back(coin->second.out.nValue, coin->second.out.scriptPubKey);
636  }
637  }
638  if (spent_outputs.size() == mtx.vin.size()) {
639  txdata.Init(txConst, std::move(spent_outputs), true);
640  }
641 
642  // Sign what we can:
643  for (unsigned int i = 0; i < mtx.vin.size(); ++i) {
644  CTxIn& txin = mtx.vin[i];
645  auto coin = coins.find(txin.prevout);
646  if (coin == coins.end() || coin->second.IsSpent()) {
647  input_errors[i] = _("Input not found or already spent");
648  continue;
649  }
650  const CScript& prevPubKey = coin->second.out.scriptPubKey;
651  const CAmount& amount = coin->second.out.nValue;
652 
653  SignatureData sigdata = DataFromTransaction(mtx, i, coin->second.out);
654  // Only sign SIGHASH_SINGLE if there's a corresponding output:
655  if (!fHashSingle || (i < mtx.vout.size())) {
656  ProduceSignature(*keystore, MutableTransactionSignatureCreator(&mtx, i, amount, &txdata, nHashType), prevPubKey, sigdata);
657  }
658 
659  UpdateInput(txin, sigdata);
660 
661  // amount must be specified for valid segwit signature
662  if (amount == MAX_MONEY && !txin.scriptWitness.IsNull()) {
663  input_errors[i] = _("Missing amount");
664  continue;
665  }
666 
667  ScriptError serror = SCRIPT_ERR_OK;
668  if (!VerifyScript(txin.scriptSig, prevPubKey, &txin.scriptWitness, STANDARD_SCRIPT_VERIFY_FLAGS, TransactionSignatureChecker(&txConst, i, amount, txdata, MissingDataBehavior::FAIL), &serror)) {
669  if (serror == SCRIPT_ERR_INVALID_STACK_OPERATION) {
670  // Unable to sign input and verification failed (possible attempt to partially sign).
671  input_errors[i] = Untranslated("Unable to sign input, invalid stack size (possibly missing key)");
672  } else if (serror == SCRIPT_ERR_SIG_NULLFAIL) {
673  // Verification failed (possibly due to insufficient signatures).
674  input_errors[i] = Untranslated("CHECK(MULTI)SIG failing with non-zero signature (possibly need more signatures)");
675  } else {
676  input_errors[i] = Untranslated(ScriptErrorString(serror));
677  }
678  } else {
679  // If this input succeeds, make sure there is no error set for it
680  input_errors.erase(i);
681  }
682  }
683  return input_errors.empty();
684 }
ScriptErrorString
std::string ScriptErrorString(const ScriptError serror)
Definition: script_error.cpp:10
SigVersion
SigVersion
Definition: interpreter.h:187
GetSerializeSize
size_t GetSerializeSize(const T &t, int nVersion=0)
Definition: serialize.h:1080
CTxIn
An input of a transaction.
Definition: transaction.h:65
CKey::IsCompressed
bool IsCompressed() const
Check whether the public key corresponding to this private key is (to be) compressed.
Definition: key.h:95
SigningProvider::GetKeyByXOnly
bool GetKeyByXOnly(const XOnlyPubKey &pubkey, CKey &key) const
Definition: signingprovider.h:30
policy.h
CMutableTransaction::vin
std::vector< CTxIn > vin
Definition: transaction.h:346
CScriptWitness::IsNull
bool IsNull() const
Definition: script.h:566
_
bilingual_str _(const char *psz)
Translation function.
Definition: translation.h:63
assert
assert(!tx.IsCoinBase())
SignatureData::missing_redeem_script
uint160 missing_redeem_script
ScriptID of the missing redeemScript (if any)
Definition: sign.h:79
Solver
TxoutType Solver(const CScript &scriptPubKey, std::vector< std::vector< unsigned char >> &vSolutionsRet)
Parse a scriptPubKey and identify script type for standard scripts.
Definition: standard.cpp:144
BaseSignatureCreator::CreateSig
virtual bool CreateSig(const SigningProvider &provider, std::vector< unsigned char > &vchSig, const CKeyID &keyid, const CScript &scriptCode, SigVersion sigversion) const =0
Create a singular (non-script) signature.
SignatureData::scriptWitness
CScriptWitness scriptWitness
The scriptWitness of an input. Contains complete signatures or the traditional partial signatures for...
Definition: sign.h:71
CRIPEMD160
A hasher class for RIPEMD-160.
Definition: ripemd160.h:12
SignTransaction
bool SignTransaction(CMutableTransaction &mtx, const SigningProvider *keystore, const std::map< COutPoint, Coin > &coins, int nHashType, std::map< int, bilingual_str > &input_errors)
Sign the CMutableTransaction.
Definition: sign.cpp:618
SigVersion::BASE
@ BASE
Bare scripts and BIP16 P2SH-wrapped redeemscripts.
TaprootSpendData::scripts
std::map< std::pair< CScript, int >, std::set< std::vector< unsigned char >, ShortestVectorFirstComparator > > scripts
Map from (script, leaf_version) to (sets of) control blocks.
Definition: standard.h:235
MissingDataBehavior
MissingDataBehavior
Enum to specify what *TransactionSignatureChecker's behavior should be when dealing with missing tran...
Definition: interpreter.h:267
TxoutType
TxoutType
Definition: standard.h:59
SCRIPT_ERR_OK
@ SCRIPT_ERR_OK
Definition: script_error.h:13
TxoutType::NONSTANDARD
@ NONSTANDARD
TxoutType::WITNESS_UNKNOWN
@ WITNESS_UNKNOWN
Only for Witness versions not already defined above.
DUMMY_SIGNATURE_CREATOR
const BaseSignatureCreator & DUMMY_SIGNATURE_CREATOR
A signature creator that just produces 71-byte empty signatures.
Definition: sign.cpp:577
SignatureData::MergeSignatureData
void MergeSignatureData(SignatureData sigdata)
Definition: sign.cpp:497
transaction.h
CRIPEMD160::Finalize
void Finalize(unsigned char hash[OUTPUT_SIZE])
Definition: ripemd160.cpp:273
SCRIPT_ERR_SIG_NULLFAIL
@ SCRIPT_ERR_SIG_NULLFAIL
Definition: script_error.h:54
BaseSignatureChecker::CheckECDSASignature
virtual bool CheckECDSASignature(const std::vector< unsigned char > &scriptSig, const std::vector< unsigned char > &vchPubKey, const CScript &scriptCode, SigVersion sigversion) const
Definition: interpreter.h:241
SignStep
static bool SignStep(const SigningProvider &provider, const BaseSignatureCreator &creator, const CScript &scriptPubKey, std::vector< valtype > &ret, TxoutType &whichTypeRet, SigVersion sigversion, SignatureData &sigdata)
Sign scriptPubKey using signature made with creator.
Definition: sign.cpp:230
uint256.h
ScriptExecutionData::m_codeseparator_pos
uint32_t m_codeseparator_pos
Opcode position of the last executed OP_CODESEPARATOR (or 0xFFFFFFFF if none executed).
Definition: interpreter.h:205
CScript::IsWitnessProgram
bool IsWitnessProgram(int &version, std::vector< unsigned char > &program) const
Definition: script.cpp:220
GenericTransactionSignatureChecker
Definition: interpreter.h:277
SigningProvider
An interface to be implemented by keystores that support signing.
Definition: signingprovider.h:18
SIGHASH_SINGLE
@ SIGHASH_SINGLE
Definition: interpreter.h:29
ScriptExecutionData
Definition: interpreter.h:195
MutableTransactionSignatureCreator
A signature creator for transactions.
Definition: sign.h:39
SignTaprootScript
static bool SignTaprootScript(const SigningProvider &provider, const BaseSignatureCreator &creator, SignatureData &sigdata, int leaf_version, const CScript &script, std::vector< valtype > &result)
Definition: sign.cpp:158
MoneyRange
bool MoneyRange(const CAmount &nValue)
Definition: amount.h:26
MutableTransactionSignatureCreator::nIn
unsigned int nIn
Definition: sign.h:41
CScript::EncodeOP_N
static opcodetype EncodeOP_N(int n)
Definition: script.h:505
BaseSignatureChecker
Definition: interpreter.h:238
XOnlyPubKey
Definition: pubkey.h:220
ScriptExecutionData::m_annex_present
bool m_annex_present
Whether an annex is present.
Definition: interpreter.h:210
CKeyID
A reference to a CKey: the Hash160 of its serialized public key.
Definition: pubkey.h:22
CScript::IsPayToScriptHash
bool IsPayToScriptHash() const
Definition: script.cpp:201
MissingDataBehavior::FAIL
@ FAIL
Just act as if the signature was invalid.
SigningProvider::GetPubKey
virtual bool GetPubKey(const CKeyID &address, CPubKey &pubkey) const
Definition: signingprovider.h:24
SigVersion::TAPROOT
@ TAPROOT
Witness v1 with 32-byte program, not BIP16 P2SH-wrapped, key path spending; see BIP 341.
VerifyScript
bool VerifyScript(const CScript &scriptSig, const CScript &scriptPubKey, const CScriptWitness *witness, unsigned int flags, const BaseSignatureChecker &checker, ScriptError *serror)
Definition: interpreter.cpp:1969
TxoutType::WITNESS_V1_TAPROOT
@ WITNESS_V1_TAPROOT
CTransaction
The basic transaction that is broadcasted on the network and contained in blocks.
Definition: transaction.h:259
ScriptError
enum ScriptError_t ScriptError
CKey::SignSchnorr
bool SignSchnorr(const uint256 &hash, Span< unsigned char > sig, const uint256 *merkle_root=nullptr, const uint256 *aux=nullptr) const
Create a BIP-340 Schnorr signature, for the xonly-pubkey corresponding to *this, optionally tweaked b...
Definition: key.cpp:264
CTxIn::scriptWitness
CScriptWitness scriptWitness
Only serialized through CTransaction.
Definition: transaction.h:71
CTxOut::nValue
CAmount nValue
Definition: transaction.h:131
Span
A Span is an object that can refer to a contiguous sequence of objects.
Definition: span.h:92
signingprovider.h
prevector::end
iterator end()
Definition: prevector.h:292
SigPair
std::pair< CPubKey, std::vector< unsigned char > > SigPair
Definition: sign.h:60
PushAll
static CScript PushAll(const std::vector< valtype > &values)
Definition: sign.cpp:313
OP_0
@ OP_0
Definition: script.h:69
TxoutType::WITNESS_V0_SCRIPTHASH
@ WITNESS_V0_SCRIPTHASH
ToByteVector
std::vector< unsigned char > ToByteVector(const T &in)
Definition: script.h:60
TxoutType::PUBKEY
@ PUBKEY
DUMMY_MAXIMUM_SIGNATURE_CREATOR
const BaseSignatureCreator & DUMMY_MAXIMUM_SIGNATURE_CREATOR
A signature creator that just produces 72-byte empty signatures.
Definition: sign.cpp:578
MutableTransactionSignatureCreator::MutableTransactionSignatureCreator
MutableTransactionSignatureCreator(const CMutableTransaction *txToIn, unsigned int nInIn, const CAmount &amountIn, int nHashTypeIn)
Definition: sign.cpp:19
Untranslated
bilingual_str Untranslated(std::string original)
Mark a bilingual_str as untranslated.
Definition: translation.h:46
MutableTransactionSignatureCreator::CreateSig
bool CreateSig(const SigningProvider &provider, std::vector< unsigned char > &vchSig, const CKeyID &keyid, const CScript &scriptCode, SigVersion sigversion) const override
Create a singular (non-script) signature.
Definition: sign.cpp:33
SignatureData
Definition: sign.h:65
MutableTransactionSignatureCreator::amount
CAmount amount
Definition: sign.h:43
SigningProvider::GetKeyOrigin
virtual bool GetKeyOrigin(const CKeyID &keyid, KeyOriginInfo &info) const
Definition: signingprovider.h:27
SIGHASH_ANYONECANPAY
@ SIGHASH_ANYONECANPAY
Definition: interpreter.h:30
CTxOut
An output of a transaction.
Definition: transaction.h:128
SignSignature
bool SignSignature(const SigningProvider &provider, const CScript &fromPubKey, CMutableTransaction &txTo, unsigned int nIn, const CAmount &amount, int nHashType)
Produce a script signature for a transaction.
Definition: sign.cpp:513
values
static const int64_t values[]
A selection of numbers that do not trigger int64_t overflow when added/subtracted.
Definition: scriptnum_tests.cpp:17
CreateSig
static bool CreateSig(const BaseSignatureCreator &creator, SignatureData &sigdata, const SigningProvider &provider, std::vector< unsigned char > &sig_out, const CPubKey &pubkey, const CScript &scriptcode, SigVersion sigversion)
Definition: sign.cpp:122
TaprootSpendData
Definition: standard.h:223
CTransaction::vout
const std::vector< CTxOut > vout
Definition: transaction.h:271
ScriptExecutionData::m_tapleaf_hash
uint256 m_tapleaf_hash
The tapleaf hash.
Definition: interpreter.h:200
CTxOut::scriptPubKey
CScript scriptPubKey
Definition: transaction.h:132
ScriptExecutionData::m_annex_init
bool m_annex_init
Whether m_annex_present and (when needed) m_annex_hash are initialized.
Definition: interpreter.h:208
PrecomputedTransactionData::Init
void Init(const T &tx, std::vector< CTxOut > &&spent_outputs, bool force=false)
Initialize this PrecomputedTransactionData with transaction data.
Definition: interpreter.cpp:1423
IsSegWitOutput
bool IsSegWitOutput(const SigningProvider &provider, const CScript &script)
Check whether a scriptPubKey is known to be segwit.
Definition: sign.cpp:599
ScriptExecutionData::m_codeseparator_pos_init
bool m_codeseparator_pos_init
Whether m_codeseparator_pos is initialized.
Definition: interpreter.h:203
SignatureData::redeem_script
CScript redeem_script
The redeemScript (if any) for the input.
Definition: sign.h:69
CRIPEMD160::Write
CRIPEMD160 & Write(const unsigned char *data, size_t len)
Definition: ripemd160.cpp:247
SignatureHashSchnorr
bool SignatureHashSchnorr(uint256 &hash_out, const ScriptExecutionData &execdata, const T &tx_to, uint32_t in_pos, uint8_t hash_type, SigVersion sigversion, const PrecomputedTransactionData &cache, MissingDataBehavior mdb)
Definition: interpreter.cpp:1503
SignatureData::scriptSig
CScript scriptSig
The scriptSig of an input. Contains complete signatures or the traditional partial signatures format.
Definition: sign.h:68
SignatureData::witness
bool witness
Stores whether the input this SigData corresponds to is a witness input.
Definition: sign.h:67
sign.h
CKey::Sign
bool Sign(const uint256 &hash, std::vector< unsigned char > &vchSig, bool grind=true, uint32_t test_case=0) const
Create a DER-serialized signature.
Definition: key.cpp:213
TaprootSpendData::merkle_root
uint256 merkle_root
The Merkle root of the script tree (0 if no scripts).
Definition: standard.h:228
CAmount
int64_t CAmount
Amount in satoshis (Can be negative)
Definition: amount.h:12
standard.h
PrecomputedTransactionData::m_spent_outputs_ready
bool m_spent_outputs_ready
Whether m_spent_outputs is initialized.
Definition: interpreter.h:169
MutableTransactionSignatureCreator::m_txdata
const PrecomputedTransactionData * m_txdata
Definition: sign.h:45
SigVersion::WITNESS_V0
@ WITNESS_V0
Witness v0 (P2WPKH and P2WSH); see BIP 141.
SignatureData::signatures
std::map< CKeyID, SigPair > signatures
BIP 174 style partial signatures for the input. May contain all signatures necessary for producing a ...
Definition: sign.h:73
SCRIPT_ERR_INVALID_STACK_OPERATION
@ SCRIPT_ERR_INVALID_STACK_OPERATION
Definition: script_error.h:36
SignatureData::missing_sigs
std::vector< CKeyID > missing_sigs
KeyIDs of pubkeys for signatures which could not be found.
Definition: sign.h:78
SignatureData::witness_script
CScript witness_script
The witnessScript (if any) for the input. witnessScripts are used in P2WSH outputs.
Definition: sign.h:70
PrecomputedTransactionData
Definition: interpreter.h:150
SignatureData::taproot_key_path_sig
std::vector< unsigned char > taproot_key_path_sig
Definition: sign.h:75
TxoutType::SCRIPTHASH
@ SCRIPTHASH
SigningProvider::GetTaprootSpendData
virtual bool GetTaprootSpendData(const XOnlyPubKey &output_key, TaprootSpendData &spenddata) const
Definition: signingprovider.h:28
SignatureData::complete
bool complete
Stores whether the scriptSig and scriptWitness are complete.
Definition: sign.h:66
uint256
256-bit opaque blob.
Definition: uint256.h:124
MutableTransactionSignatureCreator::nHashType
int nHashType
Definition: sign.h:42
SigningProvider::GetCScript
virtual bool GetCScript(const CScriptID &scriptid, CScript &script) const
Definition: signingprovider.h:22
CScript
Serialized script, used inside transaction inputs and outputs.
Definition: script.h:405
SCRIPT_VERIFY_WITNESS_PUBKEYTYPE
@ SCRIPT_VERIFY_WITNESS_PUBKEYTYPE
Definition: interpreter.h:123
SignTaproot
static bool SignTaproot(const SigningProvider &provider, const BaseSignatureCreator &creator, const WitnessV1Taproot &output, SignatureData &sigdata, std::vector< valtype > &result)
Definition: sign.cpp:179
OP_HASH160
@ OP_HASH160
Definition: script.h:180
TaprootSpendData::internal_key
XOnlyPubKey internal_key
The BIP341 internal key.
Definition: standard.h:226
TxoutType::NULL_DATA
@ NULL_DATA
unspendable OP_RETURN script that carries data
OP_1NEGATE
@ OP_1NEGATE
Definition: script.h:74
ScriptExecutionData::m_tapleaf_hash_init
bool m_tapleaf_hash_init
Whether m_tapleaf_hash is initialized.
Definition: interpreter.h:198
SignatureData::tr_spenddata
TaprootSpendData tr_spenddata
Taproot spending data.
Definition: sign.h:72
TxoutType::PUBKEYHASH
@ PUBKEYHASH
BaseSignatureCreator::CreateSchnorrSig
virtual bool CreateSchnorrSig(const SigningProvider &provider, std::vector< unsigned char > &sig, const XOnlyPubKey &pubkey, const uint256 *leaf_hash, const uint256 *merkle_root, SigVersion sigversion) const =0
ProduceSignature
bool ProduceSignature(const SigningProvider &provider, const BaseSignatureCreator &creator, const CScript &fromPubKey, SignatureData &sigdata)
Produce a script signature using a generic signature creator.
Definition: sign.cpp:330
MutableTransactionSignatureCreator::txTo
const CMutableTransaction * txTo
Definition: sign.h:40
SignatureData::missing_pubkeys
std::vector< CKeyID > missing_pubkeys
KeyIDs of pubkeys which could not be found.
Definition: sign.h:77
MutableTransactionSignatureCreator::CreateSchnorrSig
bool CreateSchnorrSig(const SigningProvider &provider, std::vector< unsigned char > &sig, const XOnlyPubKey &pubkey, const uint256 *leaf_hash, const uint256 *merkle_root, SigVersion sigversion) const override
Definition: sign.cpp:58
CMutableTransaction::vout
std::vector< CTxOut > vout
Definition: transaction.h:347
key.h
BaseSignatureChecker::CheckSchnorrSignature
virtual bool CheckSchnorrSignature(Span< const unsigned char > sig, Span< const unsigned char > pubkey, SigVersion sigversion, const ScriptExecutionData &execdata, ScriptError *serror=nullptr) const
Definition: interpreter.h:246
SIGHASH_ALL
@ SIGHASH_ALL
Definition: interpreter.h:27
uint160
160-bit opaque blob.
Definition: uint256.h:113
CPubKey
An encapsulated public key.
Definition: pubkey.h:32
HASHER_TAPLEAF
const CHashWriter HASHER_TAPLEAF
Hasher with tag "TapLeaf" pre-fed to it.
Definition: interpreter.cpp:1487
CKey
An encapsulated private key.
Definition: key.h:26
SignatureHash
uint256 SignatureHash(const CScript &scriptCode, const T &txTo, unsigned int nIn, int nHashType, const CAmount &amount, SigVersion sigversion, const PrecomputedTransactionData *cache)
Definition: interpreter.cpp:1590
translation.h
IsSolvable
bool IsSolvable(const SigningProvider &provider, const CScript &script)
Definition: sign.cpp:580
GetCScript
static bool GetCScript(const SigningProvider &provider, const SignatureData &sigdata, const CScriptID &scriptid, CScript &script)
Definition: sign.cpp:88
COutPoint::n
uint32_t n
Definition: transaction.h:30
SignatureData::misc_pubkeys
std::map< CKeyID, std::pair< CPubKey, KeyOriginInfo > > misc_pubkeys
Definition: sign.h:74
Vector
std::vector< typename std::common_type< Args... >::type > Vector(Args &&... args)
Construct a vector with the specified elements.
Definition: vector.h:20
vector.h
SigVersion::TAPSCRIPT
@ TAPSCRIPT
Witness v1 with 32-byte program, not BIP16 P2SH-wrapped, script path spending, leaf version 0xc0; see...
EvalScript
bool EvalScript(std::vector< std::vector< unsigned char > > &stack, const CScript &script, unsigned int flags, const BaseSignatureChecker &checker, SigVersion sigversion, ScriptExecutionData &execdata, ScriptError *serror)
Definition: interpreter.cpp:431
DeferringSignatureChecker::CheckECDSASignature
bool CheckECDSASignature(const std::vector< unsigned char > &scriptSig, const std::vector< unsigned char > &vchPubKey, const CScript &scriptCode, SigVersion sigversion) const override
Definition: interpreter.h:310
DeferringSignatureChecker
Definition: interpreter.h:302
CTxIn::prevout
COutPoint prevout
Definition: transaction.h:68
CHashWriter
A writer stream (for serialization) that computes a 256-bit hash.
Definition: hash.h:100
MAX_MONEY
static const CAmount MAX_MONEY
No amount larger than this (in satoshi) is valid.
Definition: amount.h:25
prevector::size
size_type size() const
Definition: prevector.h:282
CTxIn::scriptSig
CScript scriptSig
Definition: transaction.h:69
prevector::begin
iterator begin()
Definition: prevector.h:290
TxoutType::MULTISIG
@ MULTISIG
TAPROOT_LEAF_TAPSCRIPT
static constexpr uint8_t TAPROOT_LEAF_TAPSCRIPT
Definition: interpreter.h:226
SigningProvider::GetKey
virtual bool GetKey(const CKeyID &address, CKey &key) const
Definition: signingprovider.h:25
OP_EQUALVERIFY
@ OP_EQUALVERIFY
Definition: script.h:140
prevector::empty
bool empty() const
Definition: prevector.h:286
BaseSignatureCreator::Checker
virtual const BaseSignatureChecker & Checker() const =0
valtype
std::vector< unsigned char > valtype
Definition: interpreter.cpp:15
UpdateInput
void UpdateInput(CTxIn &input, const SignatureData &data)
Definition: sign.cpp:491
PrecomputedTransactionData::m_bip341_taproot_ready
bool m_bip341_taproot_ready
Whether the 5 fields above are initialized.
Definition: interpreter.h:160
SignatureData::missing_witness_script
uint256 missing_witness_script
SHA256 of the missing witnessScript (if any)
Definition: sign.h:80
STANDARD_SCRIPT_VERIFY_FLAGS
static constexpr unsigned int STANDARD_SCRIPT_VERIFY_FLAGS
Standard script verification flags that standard transactions will comply with.
Definition: policy.h:60
TxoutType::WITNESS_V0_KEYHASH
@ WITNESS_V0_KEYHASH
CMutableTransaction
A mutable version of CTransaction.
Definition: transaction.h:344
BaseSignatureCreator
Interface for signature creators.
Definition: sign.h:28
SignatureData::taproot_script_sigs
std::map< std::pair< XOnlyPubKey, uint256 >, std::vector< unsigned char > > taproot_script_sigs
Schnorr signature for key path spending.
Definition: sign.h:76
CScriptID
A reference to a CScript: the Hash160 of its serialization (see script.h)
Definition: standard.h:25
DataFromTransaction
SignatureData DataFromTransaction(const CMutableTransaction &tx, unsigned int nIn, const CTxOut &txout)
Extract signature data from a transaction input, and insert it.
Definition: sign.cpp:426
MakeSpan
constexpr Span< A > MakeSpan(A(&a)[N])
MakeSpan for arrays:
Definition: span.h:222
OP_CHECKSIG
@ OP_CHECKSIG
Definition: script.h:183
GetPubKey
static bool GetPubKey(const SigningProvider &provider, const SignatureData &sigdata, const CKeyID &address, CPubKey &pubkey)
Definition: sign.cpp:104
base_blob::begin
unsigned char * begin()
Definition: uint256.h:58
OP_DUP
@ OP_DUP
Definition: script.h:118
KeyOriginInfo
Definition: keyorigin.h:11
CScriptWitness::stack
std::vector< std::vector< unsigned char > > stack
Definition: script.h:561
valtype
std::vector< unsigned char > valtype
Definition: sign.cpp:17
TaprootSpendData::Merge
void Merge(TaprootSpendData other)
Merge other TaprootSpendData (for the same scriptPubKey) into this.
Definition: standard.cpp:399
CreateTaprootScriptSig
static bool CreateTaprootScriptSig(const BaseSignatureCreator &creator, SignatureData &sigdata, const SigningProvider &provider, std::vector< unsigned char > &sig_out, const XOnlyPubKey &pubkey, const uint256 &leaf_hash, SigVersion sigversion)
Definition: sign.cpp:144
CPubKey::GetID
CKeyID GetID() const
Get the KeyID of this public key (hash of its serialization)
Definition: pubkey.h:160
SCRIPT_VERIFY_STRICTENC
@ SCRIPT_VERIFY_STRICTENC
Definition: interpreter.h:51
PROTOCOL_VERSION
static const int PROTOCOL_VERSION
network protocol versioning
Definition: version.h:12
WitnessV1Taproot
Definition: standard.h:118
SIGHASH_DEFAULT
@ SIGHASH_DEFAULT
Taproot only; implied when sighash byte is missing, and equivalent to SIGHASH_ALL.
Definition: interpreter.h:32