20 for (
size_t i = 0; i < vch.size(); i++) {
23 if (i == vch.size() - 1 && vch[i] == 0x80) {
36#define stacktop(i) (stack.at(stack.size() + (i)))
37#define altstacktop(i) (altstack.at(altstack.size() + (i)))
38static inline void popstack(std::vector<valtype> &stack) {
40 throw std::runtime_error(
"popstack(): stack empty");
57 while (
static_cast<size_t>(end - pc) >= b.
size() &&
58 std::equal(b.
begin(), b.
end(), pc)) {
63 }
while (script.
GetOp(pc, opcode));
67 script = std::move(result);
74 const std::vector<uint8_t> &vchSig,
123 CScript scriptCode(pbegincodehash, pend);
128 fSuccess = checker.
CheckSig(vchSig, vchPubKey, scriptCode,
flags);
142 : stack(stackIn), script(scriptIn), checker(checkerIn), metrics(metricsIn) {
169 std::vector<uint8_t> &vchRet)
const {
202 static const valtype vchFalse(0);
203 static const valtype vchTrue(1, 1);
236 stack.push_back(vchPushValue);
237 }
else if (fExec || (
OP_IF <= opcode && opcode <=
OP_ENDIF)) {
278 if (
stack.size() < 1) {
279 return set_error(serror,
321 if (
stack.size() < 1) {
322 return set_error(serror,
362 return set_error(serror,
373 if (
stack.size() < 1) {
374 return set_error(serror,
379 if (vch.size() > 1) {
382 if (vch.size() == 1 && vch[0] != 1) {
397 return set_error(serror,
405 return set_error(serror,
414 if (
stack.size() < 1) {
415 return set_error(serror,
434 if (
stack.size() < 1) {
435 return set_error(serror,
444 return set_error(serror,
453 if (
stack.size() < 2) {
454 return set_error(serror,
463 if (
stack.size() < 2) {
464 return set_error(serror,
469 stack.push_back(vch1);
470 stack.push_back(vch2);
475 if (
stack.size() < 3) {
476 return set_error(serror,
482 stack.push_back(vch1);
483 stack.push_back(vch2);
484 stack.push_back(vch3);
489 if (
stack.size() < 4) {
490 return set_error(serror,
495 stack.push_back(vch1);
496 stack.push_back(vch2);
501 if (
stack.size() < 6) {
502 return set_error(serror,
508 stack.push_back(vch1);
509 stack.push_back(vch2);
514 if (
stack.size() < 4) {
515 return set_error(serror,
524 if (
stack.size() < 1) {
525 return set_error(serror,
530 stack.push_back(vch);
542 if (
stack.size() < 1) {
543 return set_error(serror,
551 if (
stack.size() < 1) {
552 return set_error(serror,
556 stack.push_back(vch);
561 if (
stack.size() < 2) {
562 return set_error(serror,
570 if (
stack.size() < 2) {
571 return set_error(serror,
575 stack.push_back(vch);
582 if (
stack.size() < 2) {
583 return set_error(serror,
588 if (n < 0 || uint64_t(n) >= uint64_t(
stack.size())) {
589 return set_error(serror,
596 stack.push_back(vch);
603 if (
stack.size() < 3) {
604 return set_error(serror,
613 if (
stack.size() < 2) {
614 return set_error(serror,
622 if (
stack.size() < 2) {
623 return set_error(serror,
632 if (
stack.size() < 1) {
633 return set_error(serror,
647 if (
stack.size() < 2) {
648 return set_error(serror,
655 if (vch1.size() != vch2.size()) {
662 for (
size_t i = 0; i < vch1.size(); ++i) {
667 for (
size_t i = 0; i < vch1.size(); ++i) {
672 for (
size_t i = 0; i < vch1.size(); ++i) {
689 if (
stack.size() < 2) {
690 return set_error(serror,
696 bool fEqual = (vch1 == vch2);
705 stack.push_back(fEqual ? vchTrue : vchFalse);
726 if (
stack.size() < 1) {
727 return set_error(serror,
753 assert(!
"invalid opcode");
776 if (
stack.size() < 2) {
777 return set_error(serror,
809 bn = (bn1 != bnZero && bn2 != bnZero);
812 bn = (bn1 != bnZero || bn2 != bnZero);
836 bn = (bn1 < bn2 ? bn1 : bn2);
839 bn = (bn1 > bn2 ? bn1 : bn2);
842 assert(!
"invalid opcode");
860 if (
stack.size() < 3) {
861 return set_error(serror,
867 bool fValue = (bn2 <= bn1 && bn1 < bn3);
871 stack.push_back(fValue ? vchTrue : vchFalse);
883 if (
stack.size() < 1) {
884 return set_error(serror,
894 .
Write(vch.data(), vch.size())
896 }
else if (opcode ==
OP_SHA1) {
898 .
Write(vch.data(), vch.size())
902 .
Write(vch.data(), vch.size())
910 stack.push_back(vchHash);
921 if (
stack.size() < 2) {
922 return set_error(serror,
928 bool fSuccess =
false;
935 stack.push_back(fSuccess ? vchTrue : vchFalse);
948 if (
stack.size() < 3) {
949 return set_error(serror,
963 bool fSuccess =
false;
967 .
Write(vchMessage.data(), vchMessage.size())
981 stack.push_back(fSuccess ? vchTrue : vchFalse);
986 return set_error(serror,
996 const size_t idxKeyCount = 1;
997 if (
stack.size() < idxKeyCount) {
998 return set_error(serror,
1001 const int64_t nKeysCount =
1013 const size_t idxTopKey = idxKeyCount + 1;
1016 const size_t idxSigCount = idxTopKey + nKeysCount;
1017 if (
stack.size() < idxSigCount) {
1018 return set_error(serror,
1021 const int64_t nSigsCount =
1024 if (nSigsCount < 0 || nSigsCount > nKeysCount) {
1029 const size_t idxTopSig = idxSigCount + 1;
1032 const size_t idxDummy = idxTopSig + nSigsCount;
1033 if (
stack.size() < idxDummy) {
1034 return set_error(serror,
1044 bool fSuccess =
true;
1050 "Schnorr multisig checkbits implementation "
1051 "assumes < 32 pubkeys.");
1052 uint32_t checkBits = 0;
1065 if (
countBits(checkBits) != uint32_t(nSigsCount)) {
1066 return set_error(serror,
1070 const size_t idxBottomKey = idxTopKey + nKeysCount - 1;
1071 const size_t idxBottomSig = idxTopSig + nSigsCount - 1;
1074 for (
int iSig = 0; iSig < nSigsCount; iSig++, iKey++) {
1075 if ((checkBits >> iKey) == 0) {
1078 return set_error(serror,
1083 while (((checkBits >> iKey) & 0x01) == 0) {
1087 if (iKey >= nKeysCount) {
1100 vchSig,
flags, serror) ||
1121 if ((checkBits >> iKey) != 0) {
1124 return set_error(serror,
1131 for (
int k = 0; k < nSigsCount; k++) {
1136 int nSigsRemaining = nSigsCount;
1137 int nKeysRemaining = nKeysCount;
1138 while (fSuccess && nSigsRemaining > 0) {
1140 -idxTopSig - (nSigsCount - nSigsRemaining));
1142 -idxTopKey - (nKeysCount - nKeysRemaining));
1150 vchSig,
flags, serror) ||
1169 if (nSigsRemaining > nKeysRemaining) {
1174 bool areAllSignaturesNull =
true;
1175 for (
int i = 0; i < nSigsCount; i++) {
1176 if (
stacktop(-idxTopSig - i).size()) {
1177 areAllSignaturesNull =
false;
1185 !areAllSignaturesNull) {
1189 if (!areAllSignaturesNull) {
1199 for (
size_t i = 0; i < idxDummy; i++) {
1203 stack.push_back(fSuccess ? vchTrue : vchFalse);
1208 return set_error(serror,
1219 if (
stack.size() < 2) {
1220 return set_error(serror,
1228 vch1.insert(vch1.end(), vch2.begin(), vch2.end());
1234 if (
stack.size() < 2) {
1235 return set_error(serror,
1244 if (position > data.size()) {
1250 valtype n1(data.begin(), data.begin() + position);
1251 valtype n2(data.begin() + position, data.end());
1260 if (
stack.size() < 1) {
1261 return set_error(serror,
1266 std::reverse(data.begin(), data.end());
1274 if (
stack.size() < 2) {
1275 return set_error(serror,
1291 if (rawnum.size() > size) {
1298 if (rawnum.size() == size) {
1302 uint8_t signbit = 0x00;
1303 if (rawnum.size() > 0) {
1304 signbit = rawnum.back() & 0x80;
1305 rawnum[rawnum.size() - 1] &= 0x7f;
1308 rawnum.reserve(size);
1309 while (rawnum.size() < size - 1) {
1310 rawnum.push_back(0x00);
1313 rawnum.push_back(signbit);
1318 if (
stack.size() < 1) {
1319 return set_error(serror,
1360template <
class T>
class CTransactionSignatureSerializer {
1367 const unsigned int nIn;
1372 CTransactionSignatureSerializer(
const T &txToIn,
1376 : txTo(txToIn), scriptCode(scriptCodeIn), nIn(nInIn),
1377 sigHashType(sigHashTypeIn) {}
1380 template <
typename S>
void SerializeScriptCode(S &s)
const {
1384 unsigned int nCodeSeparators = 0;
1385 while (scriptCode.
GetOp(it, opcode)) {
1392 while (scriptCode.
GetOp(it, opcode)) {
1394 s.write(
AsBytes(
Span{&itBegin[0], size_t(it - itBegin - 1)}));
1398 if (itBegin != scriptCode.
end()) {
1399 s.write(
AsBytes(
Span{&itBegin[0], size_t(it - itBegin)}));
1404 template <
typename S>
void SerializeInput(S &s,
unsigned int nInput)
const {
1413 if (nInput != nIn) {
1417 SerializeScriptCode(s);
1420 if (nInput != nIn &&
1431 template <
typename S>
1432 void SerializeOutput(S &s,
unsigned int nOutput)
const {
1443 template <
typename S>
void Serialize(S &s)
const {
1447 unsigned int nInputs =
1450 for (
unsigned int nInput = 0; nInput < nInputs; nInput++) {
1451 SerializeInput(s, nInput);
1454 unsigned int nOutputs =
1459 : txTo.vout.size());
1461 for (
unsigned int nOutput = 0; nOutput < nOutputs; nOutput++) {
1462 SerializeOutput(s, nOutput);
1469template <
class T>
uint256 GetPrevoutHash(
const T &txTo) {
1471 for (
const auto &txin : txTo.vin) {
1477template <
class T>
uint256 GetSequenceHash(
const T &txTo) {
1479 for (
const auto &txin : txTo.vin) {
1480 ss << txin.nSequence;
1485template <
class T>
uint256 GetOutputsHash(
const T &txTo) {
1487 for (
const auto &txout : txTo.vout) {
1513 assert(nIn < txTo.vin.size());
1519 uint32_t newForkValue = sigHashType.
getForkValue() ^ 0xdead;
1520 sigHashType = sigHashType.
withForkValue(0xff0000 | newForkValue);
1529 hashPrevouts = cache ? cache->
hashPrevouts : GetPrevoutHash(txTo);
1535 hashSequence = cache ? cache->
hashSequence : GetSequenceHash(txTo);
1540 hashOutputs = cache ? cache->
hashOutputs : GetOutputsHash(txTo);
1542 (nIn < txTo.vout.size())) {
1544 ss << txTo.vout[nIn];
1545 hashOutputs = ss.GetHash();
1550 ss << txTo.nVersion;
1557 ss << txTo.vin[nIn].prevout;
1560 ss << txTo.vin[nIn].nSequence;
1564 ss << txTo.nLockTime;
1568 return ss.GetHash();
1573 (nIn >= txTo.vout.size())) {
1580 CTransactionSignatureSerializer<T> txTmp(txTo, scriptCode, nIn,
1585 ss << txTmp << sigHashType;
1586 return ss.GetHash();
1591 const uint256 &sighash)
const {
1592 if (vchSig.size() == 64) {
1601 const std::vector<uint8_t> &vchSigIn,
const std::vector<uint8_t> &vchPubKey,
1609 std::vector<uint8_t> vchSig(vchSigIn);
1610 if (vchSig.empty()) {
1617 this->txdata,
flags);
1619 if (!VerifySignature(vchSig, pubkey, sighash)) {
1645 if (nLockTime > int64_t(txTo->nLockTime)) {
1670 const int64_t txToSequence = int64_t(txTo->vin[nIn].nSequence);
1674 if (
static_cast<uint32_t
>(txTo->nVersion) < 2) {
1688 const uint32_t nLockTimeMask =
1690 const int64_t txToSequenceMasked = txToSequence & nLockTimeMask;
1691 const CScriptNum nSequenceMasked = nSequence & nLockTimeMask;
1709 if (nSequenceMasked > txToSequenceMasked) {
1738 std::vector<valtype> stack, stackCopy;
1746 if (!
EvalScript(stack, scriptPubKey,
flags, checker, metrics, serror)) {
1750 if (stack.empty()) {
1765 swap(stack, stackCopy);
1772 const valtype &pubKeySerialized = stack.back();
1773 CScript pubKey2(pubKeySerialized.begin(), pubKeySerialized.end());
1782 metricsOut = metrics;
1783 return set_success(serror);
1790 if (stack.empty()) {
1807 if (stack.size() != 1) {
1827 "overflow sanity check on max script size");
1829 "overflow sanity check on maximum possible sigchecks "
1830 "from sig+redeem+pub scripts");
1836 metricsOut = metrics;
1837 return set_success(serror);
bool DecodeBitfield(const std::vector< uint8_t > &vch, unsigned size, uint32_t &bitfield, ScriptError *serror)
uint32_t countBits(uint32_t v)
virtual bool VerifySignature(const std::vector< uint8_t > &vchSig, const CPubKey &vchPubKey, const uint256 &sighash) const
virtual bool CheckLockTime(const CScriptNum &nLockTime) const
virtual bool CheckSequence(const CScriptNum &nSequence) const
virtual bool CheckSig(const std::vector< uint8_t > &vchSigIn, const std::vector< uint8_t > &vchPubKey, const CScript &scriptCode, uint32_t flags) const
A hasher class for Bitcoin's 160-bit hash (SHA-256 + RIPEMD-160).
CHash160 & Write(Span< const uint8_t > input)
void Finalize(Span< uint8_t > output)
A hasher class for Bitcoin's 256-bit hash (double SHA-256).
CHash256 & Write(Span< const uint8_t > input)
void Finalize(Span< uint8_t > output)
A mutable version of CTransaction.
An encapsulated public key.
bool VerifySchnorr(const uint256 &hash, const std::array< uint8_t, SCHNORR_SIZE > &sig) const
Verify a Schnorr signature (=64 bytes).
bool VerifyECDSA(const uint256 &hash, const std::vector< uint8_t > &vchSig) const
Verify a DER-serialized ECDSA signature (~72 bytes).
A hasher class for RIPEMD-160.
CRIPEMD160 & Write(const uint8_t *data, size_t len)
void Finalize(uint8_t hash[OUTPUT_SIZE])
void Finalize(uint8_t hash[OUTPUT_SIZE])
CSHA1 & Write(const uint8_t *data, size_t len)
A hasher class for SHA-256.
CSHA256 & Write(const uint8_t *data, size_t len)
void Finalize(uint8_t hash[OUTPUT_SIZE])
Serialized script, used inside transaction inputs and outputs.
bool IsPushOnly(const_iterator pc) const
Called by IsStandardTx and P2SH/BIP62 VerifyScript (which makes it consensus-critical).
bool IsPayToScriptHash() const
bool IsWitnessProgram(int &version, std::vector< uint8_t > &program) const
bool GetOp(const_iterator &pc, opcodetype &opcodeRet, std::vector< uint8_t > &vchRet) const
std::vector< uint8_t > getvch() const
static bool MinimallyEncode(std::vector< uint8_t > &data)
static bool IsMinimallyEncoded(const std::vector< uint8_t > &vch, const size_t nMaxNumSize=CScriptNum::MAXIMUM_ELEMENT_SIZE)
The basic transaction that is broadcasted on the network and contained in blocks.
static const uint32_t SEQUENCE_LOCKTIME_DISABLE_FLAG
If this flag set, CTxIn::nSequence is NOT interpreted as a relative lock-time.
static const uint32_t SEQUENCE_LOCKTIME_MASK
If CTxIn::nSequence encodes a relative lock-time, this mask is applied to extract that lock-time from...
static const uint32_t SEQUENCE_FINAL
Setting nSequence to this value for every input in a transaction disables nLockTime.
static const uint32_t SEQUENCE_LOCKTIME_TYPE_FLAG
If CTxIn::nSequence encodes a relative lock-time and this flag is set, the relative lock-time has uni...
An output of a transaction.
bool CheckSig(const std::vector< uint8_t > &vchSigIn, const std::vector< uint8_t > &vchPubKey, const CScript &scriptCode, uint32_t flags) const final override
bool CheckSequence(const CScriptNum &nSequence) const final override
bool CheckLockTime(const CScriptNum &nLockTime) const final override
A writer stream (for serialization) that computes a 256-bit hash.
uint256 GetHash()
Compute the double-SHA256 hash of all data written to this object.
CScript::const_iterator pend
bool CheckPostConditions()
std::vector< std::vector< uint8_t > > altstack
CScript::const_iterator pbegincodehash
ScriptError GetScriptError()
const ConditionStack & GetConditionStack()
const BaseSignatureChecker & checker
bool CheckPreConditions()
CScript::const_iterator pc
ScriptInterpreter(std::vector< std::vector< uint8_t > > &stack, const CScript &script, uint32_t flags, const BaseSignatureChecker &checker, ScriptExecutionMetrics &metrics)
std::vector< std::vector< uint8_t > > & stack
bool GetNextOp(opcodetype &opcodeRet, std::vector< uint8_t > &vchRet) const
ScriptExecutionMetrics & metrics
Signature hash type wrapper class.
BaseSigHashType getBaseType() const
bool hasAnyoneCanPay() const
SigHashType withForkValue(uint32_t forkId) const
uint32_t getForkValue() const
A Span is an object that can refer to a contiguous sequence of objects.
iterator insert(iterator pos, const T &value)
static bool IsOpcodeDisabled(opcodetype opcode, uint32_t flags)
static void CleanupScriptCode(CScript &scriptCode, const std::vector< uint8_t > &vchSig, uint32_t flags)
uint256 SignatureHash(const CScript &scriptCode, const T &txTo, unsigned int nIn, SigHashType sigHashType, const Amount amount, const PrecomputedTransactionData *cache, uint32_t flags)
bool EvalScript(std::vector< valtype > &stack, const CScript &script, uint32_t flags, const BaseSignatureChecker &checker, ScriptExecutionMetrics &metrics, ScriptError *serror)
static bool EvalChecksig(const valtype &vchSig, const valtype &vchPubKey, CScript::const_iterator pbegincodehash, CScript::const_iterator pend, uint32_t flags, const BaseSignatureChecker &checker, ScriptExecutionMetrics &metrics, ScriptError *serror, bool &fSuccess)
Helper for OP_CHECKSIG and OP_CHECKSIGVERIFY.
bool CastToBool(const valtype &vch)
int FindAndDelete(CScript &script, const CScript &b)
static void popstack(std::vector< valtype > &stack)
bool VerifyScript(const CScript &scriptSig, const CScript &scriptPubKey, uint32_t flags, const BaseSignatureChecker &checker, ScriptExecutionMetrics &metricsOut, ScriptError *serror)
Execute an unlocking and locking script together.
#define stacktop(i)
Script is a stack machine (like Forth) that evaluates a predicate returning a bool indicating valid o...
bool CheckMinimalPush(const std::vector< uint8_t > &data, opcodetype opcode)
Check whether the given stack element data would be minimally pushed using the given opcode.
static const unsigned int LOCKTIME_THRESHOLD
static const unsigned int MAX_SCRIPT_ELEMENT_SIZE
static const int MAX_SCRIPT_SIZE
opcodetype
Script opcodes.
static const int MAX_STACK_SIZE
static const int MAX_OPS_PER_SCRIPT
static const int MAX_PUBKEYS_PER_MULTISIG
@ DISCOURAGE_UPGRADABLE_NOPS
@ INVALID_ALTSTACK_OPERATION
@ INVALID_STACK_OPERATION
@ SCRIPT_VERIFY_SIGPUSHONLY
@ SCRIPT_VERIFY_MINIMALIF
@ SCRIPT_VERIFY_CHECKLOCKTIMEVERIFY
@ SCRIPT_ENABLE_REPLAY_PROTECTION
@ SCRIPT_ENABLE_SCHNORR_MULTISIG
@ SCRIPT_VERIFY_STRICTENC
@ SCRIPT_VERIFY_CLEANSTACK
@ SCRIPT_VERIFY_MINIMALDATA
@ SCRIPT_DISALLOW_SEGWIT_RECOVERY
@ SCRIPT_VERIFY_DISCOURAGE_UPGRADABLE_NOPS
@ SCRIPT_VERIFY_CHECKSEQUENCEVERIFY
@ SCRIPT_ENABLE_SIGHASH_FORKID
@ SCRIPT_VERIFY_INPUT_SIGCHECKS
void Serialize(Stream &, char)=delete
void WriteCompactSize(CSizeComputer &os, uint64_t nSize)
bool CheckTransactionSchnorrSignatureEncoding(const valtype &vchSig, uint32_t flags, ScriptError *serror)
Check that the signature provided to authentify a transaction is properly encoded Schnorr signature (...
bool CheckDataSignatureEncoding(const valtype &vchSig, uint32_t flags, ScriptError *serror)
Check that the signature provided on some data is properly encoded.
bool CheckTransactionECDSASignatureEncoding(const valtype &vchSig, uint32_t flags, ScriptError *serror)
Check that the signature provided to authentify a transaction is properly encoded ECDSA signature.
bool CheckTransactionSignatureEncoding(const valtype &vchSig, uint32_t flags, ScriptError *serror)
Check that the signature provided to authentify a transaction is properly encoded.
bool CheckPubKeyEncoding(const valtype &vchPubKey, uint32_t flags, ScriptError *serror)
Check that a public key is encoded properly.
std::vector< uint8_t > valtype
Span< const std::byte > AsBytes(Span< T > s) noexcept
Precompute sighash midstate to avoid quadratic hashing.
PrecomputedTransactionData()
Struct for holding cumulative results from executing a script or a sequence of scripts.