Bitcoin Core  0.20.99
P2P Digital Currency
signet.cpp
Go to the documentation of this file.
1 // Copyright (c) 2019-2020 The Bitcoin Core developers
2 // Distributed under the MIT software license, see the accompanying
3 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
4 
5 #include <signet.h>
6 
7 #include <array>
8 #include <cstdint>
9 #include <vector>
10 
11 #include <consensus/merkle.h>
12 #include <consensus/params.h>
13 #include <consensus/validation.h>
14 #include <core_io.h>
15 #include <hash.h>
16 #include <primitives/block.h>
17 #include <primitives/transaction.h>
18 #include <span.h>
19 #include <script/interpreter.h>
20 #include <script/standard.h>
21 #include <streams.h>
22 #include <util/strencodings.h>
23 #include <util/system.h>
24 #include <uint256.h>
25 
26 static constexpr uint8_t SIGNET_HEADER[4] = {0xec, 0xc7, 0xda, 0xa2};
27 
29 
30 static bool FetchAndClearCommitmentSection(const Span<const uint8_t> header, CScript& witness_commitment, std::vector<uint8_t>& result)
31 {
32  CScript replacement;
33  bool found_header = false;
34  result.clear();
35 
36  opcodetype opcode;
37  CScript::const_iterator pc = witness_commitment.begin();
38  std::vector<uint8_t> pushdata;
39  while (witness_commitment.GetOp(pc, opcode, pushdata)) {
40  if (pushdata.size() > 0) {
41  if (!found_header && pushdata.size() > (size_t) header.size() && Span<const uint8_t>(pushdata.data(), header.size()) == header) {
42  // pushdata only counts if it has the header _and_ some data
43  result.insert(result.end(), pushdata.begin() + header.size(), pushdata.end());
44  pushdata.erase(pushdata.begin() + header.size(), pushdata.end());
45  found_header = true;
46  }
47  replacement << pushdata;
48  } else {
49  replacement << opcode;
50  }
51  }
52 
53  if (found_header) witness_commitment = replacement;
54  return found_header;
55 }
56 
58 {
59  std::vector<uint256> leaves;
60  leaves.resize(block.vtx.size());
61  leaves[0] = cb.GetHash();
62  for (size_t s = 1; s < block.vtx.size(); ++s) {
63  leaves[s] = block.vtx[s]->GetHash();
64  }
65  return ComputeMerkleRoot(std::move(leaves));
66 }
67 
68 Optional<SignetTxs> SignetTxs::Create(const CBlock& block, const CScript& challenge)
69 {
70  CMutableTransaction tx_to_spend;
71  tx_to_spend.nVersion = 0;
72  tx_to_spend.nLockTime = 0;
73  tx_to_spend.vin.emplace_back(COutPoint(), CScript(OP_0), 0);
74  tx_to_spend.vout.emplace_back(0, challenge);
75 
76  CMutableTransaction tx_spending;
77  tx_spending.nVersion = 0;
78  tx_spending.nLockTime = 0;
79  tx_spending.vin.emplace_back(COutPoint(), CScript(), 0);
80  tx_spending.vout.emplace_back(0, CScript(OP_RETURN));
81 
82  // can't fill any other fields before extracting signet
83  // responses from block coinbase tx
84 
85  // find and delete signet signature
86  if (block.vtx.empty()) return nullopt; // no coinbase tx in block; invalid
87  CMutableTransaction modified_cb(*block.vtx.at(0));
88 
89  const int cidx = GetWitnessCommitmentIndex(block);
90  if (cidx == NO_WITNESS_COMMITMENT) {
91  return nullopt; // require a witness commitment
92  }
93 
94  CScript& witness_commitment = modified_cb.vout.at(cidx).scriptPubKey;
95 
96  std::vector<uint8_t> signet_solution;
97  if (!FetchAndClearCommitmentSection(SIGNET_HEADER, witness_commitment, signet_solution)) {
98  // no signet solution -- allow this to support OP_TRUE as trivial block challenge
99  } else {
100  try {
101  VectorReader v(SER_NETWORK, INIT_PROTO_VERSION, signet_solution, 0);
102  v >> tx_spending.vin[0].scriptSig;
103  v >> tx_spending.vin[0].scriptWitness.stack;
104  if (!v.empty()) return nullopt; // extraneous data encountered
105  } catch (const std::exception&) {
106  return nullopt; // parsing error
107  }
108  }
109  uint256 signet_merkle = ComputeModifiedMerkleRoot(modified_cb, block);
110 
111  std::vector<uint8_t> block_data;
112  CVectorWriter writer(SER_NETWORK, INIT_PROTO_VERSION, block_data, 0);
113  writer << block.nVersion;
114  writer << block.hashPrevBlock;
115  writer << signet_merkle;
116  writer << block.nTime;
117  tx_to_spend.vin[0].scriptSig << block_data;
118  tx_spending.vin[0].prevout = COutPoint(tx_to_spend.GetHash(), 0);
119 
120  return SignetTxs{tx_to_spend, tx_spending};
121 }
122 
123 // Signet block solution checker
124 bool CheckSignetBlockSolution(const CBlock& block, const Consensus::Params& consensusParams)
125 {
126  if (block.GetHash() == consensusParams.hashGenesisBlock) {
127  // genesis block solution is always valid
128  return true;
129  }
130 
131  const CScript challenge(consensusParams.signet_challenge.begin(), consensusParams.signet_challenge.end());
132  const Optional<SignetTxs> signet_txs = SignetTxs::Create(block, challenge);
133 
134  if (!signet_txs) {
135  LogPrint(BCLog::VALIDATION, "CheckSignetBlockSolution: Errors in block (block solution parse failure)\n");
136  return false;
137  }
138 
139  const CScript& scriptSig = signet_txs->m_to_sign.vin[0].scriptSig;
140  const CScriptWitness& witness = signet_txs->m_to_sign.vin[0].scriptWitness;
141 
142  TransactionSignatureChecker sigcheck(&signet_txs->m_to_sign, /*nIn=*/ 0, /*amount=*/ signet_txs->m_to_spend.vout[0].nValue);
143 
144  if (!VerifyScript(scriptSig, signet_txs->m_to_spend.vout[0].scriptPubKey, &witness, BLOCK_SCRIPT_VERIFY_FLAGS, sigcheck)) {
145  LogPrint(BCLog::VALIDATION, "CheckSignetBlockSolution: Errors in block (block solution invalid)\n");
146  return false;
147  }
148  return true;
149 }
#define LogPrint(category,...)
Definition: logging.h:182
bool GetOp(const_iterator &pc, opcodetype &opcodeRet, std::vector< unsigned char > &vchRet) const
Definition: script.h:486
Definition: block.h:62
bool VerifyScript(const CScript &scriptSig, const CScript &scriptPubKey, const CScriptWitness *witness, unsigned int flags, const BaseSignatureChecker &checker, ScriptError *serror)
std::vector< CTxIn > vin
Definition: transaction.h:355
constexpr std::size_t size() const noexcept
Definition: span.h:153
static auto & nullopt
Substitute for C++17 std::nullopt.
Definition: optional.h:24
static constexpr int NO_WITNESS_COMMITMENT
Index marker for when no witness commitment is present in a coinbase transaction. ...
Definition: validation.h:16
uint32_t nTime
Definition: block.h:27
opcodetype
Script opcodes.
Definition: script.h:65
Minimal stream for reading from an existing vector by reference.
Definition: streams.h:131
static bool FetchAndClearCommitmentSection(const Span< const uint8_t > header, CScript &witness_commitment, std::vector< uint8_t > &result)
Definition: signet.cpp:30
static const int INIT_PROTO_VERSION
initial proto version, to be increased after version/verack negotiation
Definition: version.h:15
uint256 hashPrevBlock
Definition: block.h:25
Parameters that influence chain consensus.
Definition: params.h:46
An outpoint - a combination of a transaction hash and an index n into its vout.
Definition: transaction.h:26
std::vector< CTxOut > vout
Definition: transaction.h:356
uint256 GetHash() const
Definition: block.cpp:11
256-bit opaque blob.
Definition: uint256.h:124
uint256 ComputeMerkleRoot(std::vector< uint256 > hashes, bool *mutated)
Definition: merkle.cpp:45
std::vector< CTransactionRef > vtx
Definition: block.h:66
uint256 GetHash() const
Compute the hash of this CMutableTransaction.
Definition: transaction.cpp:62
Serialized script, used inside transaction inputs and outputs.
Definition: script.h:404
std::vector< uint8_t > signet_challenge
Definition: params.h:92
static uint256 ComputeModifiedMerkleRoot(const CMutableTransaction &cb, const CBlock &block)
Definition: signet.cpp:57
iterator begin()
Definition: prevector.h:290
bool empty() const
Definition: streams.h:179
A mutable version of CTransaction.
Definition: transaction.h:353
A Span is an object that can refer to a contiguous sequence of objects.
Definition: span.h:82
boost::optional< T > Optional
Substitute for C++17 std::optional.
Definition: optional.h:14
static constexpr unsigned int BLOCK_SCRIPT_VERIFY_FLAGS
Definition: signet.cpp:28
Generate the signet tx corresponding to the given block.
Definition: signet.h:26
int GetWitnessCommitmentIndex(const CBlock &block)
Compute at which vout of the block&#39;s coinbase transaction the witness commitment occurs, or -1 if not found.
Definition: validation.h:161
Definition: script.h:68
static Optional< SignetTxs > Create(const CBlock &block, const CScript &challenge)
Definition: signet.cpp:68
void clear()
Definition: script.h:548
int32_t nVersion
Definition: block.h:24
uint256 hashGenesisBlock
Definition: params.h:47
static constexpr uint8_t SIGNET_HEADER[4]
Definition: signet.cpp:26
bool CheckSignetBlockSolution(const CBlock &block, const Consensus::Params &consensusParams)
Extract signature and check whether a block has a valid solution.
Definition: signet.cpp:124