20 for (
size_t i = 0; i < vch.size(); i++) {
23 if (i == vch.size() - 1 && vch[i] == 0x80) {
36 #define stacktop(i) (stack.at(stack.size() + (i)))
37 #define altstacktop(i) (altstack.at(altstack.size() + (i)))
38 static inline void popstack(std::vector<valtype> &stack) {
40 throw std::runtime_error(
"popstack(): stack empty");
57 while (
static_cast<size_t>(end - pc) >= b.
size() &&
58 std::equal(b.
begin(), b.
end(), pc)) {
63 }
while (script.
GetOp(pc, opcode));
67 script = std::move(result);
74 const std::vector<uint8_t> &vchSig,
118 class ConditionStack {
121 static constexpr uint32_t NO_FALSE = std::numeric_limits<uint32_t>::max();
124 uint32_t m_stack_size = 0;
127 uint32_t m_first_false_pos = NO_FALSE;
130 bool empty()
const {
return m_stack_size == 0; }
131 bool all_true()
const {
return m_first_false_pos == NO_FALSE; }
132 void push_back(
bool f) {
133 if (m_first_false_pos == NO_FALSE && !f) {
136 m_first_false_pos = m_stack_size;
143 if (m_first_false_pos == m_stack_size) {
145 m_first_false_pos = NO_FALSE;
150 if (m_first_false_pos == NO_FALSE) {
153 m_first_false_pos = m_stack_size - 1;
154 }
else if (m_first_false_pos == m_stack_size - 1) {
157 m_first_false_pos = NO_FALSE;
188 CScript scriptCode(pbegincodehash, pend);
193 fSuccess = checker.
CheckSig(vchSig, vchPubKey, scriptCode,
flags);
208 static const valtype vchFalse(0);
209 static const valtype vchTrue(1, 1);
216 ConditionStack vfExec;
217 std::vector<valtype> altstack;
227 bool fExec = vfExec.all_true();
232 if (!script.
GetOp(pc, opcode, vchPushValue)) {
250 if (fRequireMinimal &&
254 stack.push_back(vchPushValue);
255 }
else if (fExec || (
OP_IF <= opcode && opcode <=
OP_ENDIF)) {
279 stack.push_back(bn.
getvch());
296 if (stack.size() < 1) {
323 return set_error(serror,
330 return set_error(serror,
342 if (stack.size() < 1) {
357 return set_error(serror,
371 return set_error(serror,
399 if (stack.size() < 1) {
406 if (vch.size() > 1) {
407 return set_error(serror,
410 if (vch.size() == 1 && vch[0] != 1) {
411 return set_error(serror,
421 vfExec.push_back(fValue);
425 if (vfExec.empty()) {
433 if (vfExec.empty()) {
443 if (stack.size() < 1) {
463 if (stack.size() < 1) {
472 if (altstack.size() < 1) {
483 if (stack.size() < 2) {
493 if (stack.size() < 2) {
499 stack.push_back(vch1);
500 stack.push_back(vch2);
505 if (stack.size() < 3) {
512 stack.push_back(vch1);
513 stack.push_back(vch2);
514 stack.push_back(vch3);
519 if (stack.size() < 4) {
525 stack.push_back(vch1);
526 stack.push_back(vch2);
531 if (stack.size() < 6) {
537 stack.erase(stack.end() - 6, stack.end() - 4);
538 stack.push_back(vch1);
539 stack.push_back(vch2);
544 if (stack.size() < 4) {
554 if (stack.size() < 1) {
560 stack.push_back(vch);
567 stack.push_back(bn.
getvch());
572 if (stack.size() < 1) {
581 if (stack.size() < 1) {
586 stack.push_back(vch);
591 if (stack.size() < 2) {
595 stack.erase(stack.end() - 2);
600 if (stack.size() < 2) {
605 stack.push_back(vch);
612 if (stack.size() < 2) {
619 if (n < 0 || n >= (
int)stack.size()) {
625 stack.erase(stack.end() - n - 1);
627 stack.push_back(vch);
634 if (stack.size() < 3) {
644 if (stack.size() < 2) {
653 if (stack.size() < 2) {
658 stack.insert(stack.end() - 2, vch);
663 if (stack.size() < 1) {
668 stack.push_back(bn.
getvch());
678 if (stack.size() < 2) {
686 if (vch1.size() != vch2.size()) {
687 return set_error(serror,
694 for (
size_t i = 0; i < vch1.size(); ++i) {
699 for (
size_t i = 0; i < vch1.size(); ++i) {
704 for (
size_t i = 0; i < vch1.size(); ++i) {
721 if (stack.size() < 2) {
729 bool fEqual = (vch1 == vch2);
738 stack.push_back(fEqual ? vchTrue : vchFalse);
743 return set_error(serror,
760 if (stack.size() < 1) {
787 assert(!
"invalid opcode");
791 stack.push_back(bn.
getvch());
810 if (stack.size() < 2) {
829 return set_error(serror,
838 return set_error(serror,
845 bn = (bn1 != bnZero && bn2 != bnZero);
848 bn = (bn1 != bnZero || bn2 != bnZero);
872 bn = (bn1 < bn2 ? bn1 : bn2);
875 bn = (bn1 > bn2 ? bn1 : bn2);
878 assert(!
"invalid opcode");
883 stack.push_back(bn.
getvch());
889 return set_error(serror,
897 if (stack.size() < 3) {
904 bool fValue = (bn2 <= bn1 && bn1 < bn3);
908 stack.push_back(fValue ? vchTrue : vchFalse);
920 if (stack.size() < 1) {
932 .
Write(vch.data(), vch.size())
934 }
else if (opcode ==
OP_SHA1) {
936 .
Write(vch.data(), vch.size())
940 .
Write(vch.data(), vch.size())
948 stack.push_back(vchHash);
959 if (stack.size() < 2) {
966 bool fSuccess =
false;
968 pend,
flags, checker, metrics, serror,
974 stack.push_back(fSuccess ? vchTrue : vchFalse);
979 return set_error(serror,
988 if (stack.size() < 3) {
1004 bool fSuccess =
false;
1005 if (vchSig.size()) {
1008 .
Write(vchMessage.data(), vchMessage.size())
1015 return set_error(serror,
1023 stack.push_back(fSuccess ? vchTrue : vchFalse);
1038 const size_t idxKeyCount = 1;
1039 if (stack.size() < idxKeyCount) {
1043 const int nKeysCount =
1046 if (nKeysCount < 0 ||
1050 nOpCount += nKeysCount;
1056 const size_t idxTopKey = idxKeyCount + 1;
1059 const size_t idxSigCount = idxTopKey + nKeysCount;
1060 if (stack.size() < idxSigCount) {
1064 const int nSigsCount =
1067 if (nSigsCount < 0 || nSigsCount > nKeysCount) {
1072 const size_t idxTopSig = idxSigCount + 1;
1075 const size_t idxDummy = idxTopSig + nSigsCount;
1076 if (stack.size() < idxDummy) {
1083 CScript scriptCode(pbegincodehash, pend);
1087 bool fSuccess =
true;
1094 "Schnorr multisig checkbits implementation "
1095 "assumes < 32 pubkeys.");
1096 uint32_t checkBits = 0;
1109 if (
countBits(checkBits) != uint32_t(nSigsCount)) {
1114 const size_t idxBottomKey =
1115 idxTopKey + nKeysCount - 1;
1116 const size_t idxBottomSig =
1117 idxTopSig + nSigsCount - 1;
1120 for (
int iSig = 0; iSig < nSigsCount;
1122 if ((checkBits >> iKey) == 0) {
1130 while (((checkBits >> iKey) & 0x01) == 0) {
1134 if (iKey >= nKeysCount) {
1137 return set_error(serror,
1150 vchSig,
flags, serror) ||
1158 if (!checker.
CheckSig(vchSig, vchPubKey,
1159 scriptCode,
flags)) {
1164 return set_error(serror,
1173 if ((checkBits >> iKey) != 0) {
1183 for (
int k = 0; k < nSigsCount; k++) {
1188 int nSigsRemaining = nSigsCount;
1189 int nKeysRemaining = nKeysCount;
1190 while (fSuccess && nSigsRemaining > 0) {
1192 -idxTopSig - (nSigsCount - nSigsRemaining));
1194 -idxTopKey - (nKeysCount - nKeysRemaining));
1202 vchSig,
flags, serror) ||
1210 bool fOk = checker.
CheckSig(vchSig, vchPubKey,
1222 if (nSigsRemaining > nKeysRemaining) {
1227 bool areAllSignaturesNull =
true;
1228 for (
int i = 0; i < nSigsCount; i++) {
1229 if (
stacktop(-idxTopSig - i).size()) {
1230 areAllSignaturesNull =
false;
1238 !areAllSignaturesNull) {
1239 return set_error(serror,
1243 if (!areAllSignaturesNull) {
1253 for (
size_t i = 0; i < idxDummy; i++) {
1257 stack.push_back(fSuccess ? vchTrue : vchFalse);
1273 if (stack.size() < 2) {
1279 if (vch1.size() + vch2.size() >
1283 vch1.insert(vch1.end(), vch2.begin(), vch2.end());
1289 if (stack.size() < 2) {
1299 if (position > data.size()) {
1300 return set_error(serror,
1306 valtype n1(data.begin(), data.begin() + position);
1307 valtype n2(data.begin() + position, data.end());
1316 if (stack.size() < 1) {
1322 std::reverse(data.begin(), data.end());
1330 if (stack.size() < 2) {
1347 if (rawnum.size() > size) {
1349 return set_error(serror,
1355 if (rawnum.size() == size) {
1359 uint8_t signbit = 0x00;
1360 if (rawnum.size() > 0) {
1361 signbit = rawnum.back() & 0x80;
1362 rawnum[rawnum.size() - 1] &= 0x7f;
1365 rawnum.reserve(size);
1366 while (rawnum.size() < size - 1) {
1367 rawnum.push_back(0x00);
1370 rawnum.push_back(signbit);
1375 if (stack.size() < 1) {
1385 return set_error(serror,
1404 if (!vfExec.empty()) {
1408 return set_success(serror);
1417 template <
class T>
class CTransactionSignatureSerializer {
1424 const unsigned int nIn;
1429 CTransactionSignatureSerializer(
const T &txToIn,
1433 : txTo(txToIn), scriptCode(scriptCodeIn), nIn(nInIn),
1434 sigHashType(sigHashTypeIn) {}
1437 template <
typename S>
void SerializeScriptCode(S &s)
const {
1441 unsigned int nCodeSeparators = 0;
1442 while (scriptCode.
GetOp(it, opcode)) {
1449 while (scriptCode.
GetOp(it, opcode)) {
1451 s.write((
char *)&itBegin[0], it - itBegin - 1);
1455 if (itBegin != scriptCode.
end()) {
1456 s.write((
char *)&itBegin[0], it - itBegin);
1461 template <
typename S>
void SerializeInput(S &s,
unsigned int nInput)
const {
1470 if (nInput != nIn) {
1474 SerializeScriptCode(s);
1477 if (nInput != nIn &&
1488 template <
typename S>
1489 void SerializeOutput(S &s,
unsigned int nOutput)
const {
1500 template <
typename S>
void Serialize(S &s)
const {
1504 unsigned int nInputs =
1507 for (
unsigned int nInput = 0; nInput < nInputs; nInput++) {
1508 SerializeInput(s, nInput);
1511 unsigned int nOutputs =
1516 : txTo.vout.size());
1518 for (
unsigned int nOutput = 0; nOutput < nOutputs; nOutput++) {
1519 SerializeOutput(s, nOutput);
1526 template <
class T>
uint256 GetPrevoutHash(
const T &txTo) {
1528 for (
const auto &txin : txTo.vin) {
1531 return ss.GetHash();
1534 template <
class T>
uint256 GetSequenceHash(
const T &txTo) {
1536 for (
const auto &txin : txTo.vin) {
1537 ss << txin.nSequence;
1539 return ss.GetHash();
1542 template <
class T>
uint256 GetOutputsHash(
const T &txTo) {
1544 for (
const auto &txout : txTo.vout) {
1547 return ss.GetHash();
1570 assert(nIn < txTo.vin.size());
1576 uint32_t newForkValue = sigHashType.
getForkValue() ^ 0xdead;
1577 sigHashType = sigHashType.
withForkValue(0xff0000 | newForkValue);
1586 hashPrevouts = cache ? cache->
hashPrevouts : GetPrevoutHash(txTo);
1592 hashSequence = cache ? cache->
hashSequence : GetSequenceHash(txTo);
1597 hashOutputs = cache ? cache->
hashOutputs : GetOutputsHash(txTo);
1599 (nIn < txTo.vout.size())) {
1601 ss << txTo.vout[nIn];
1614 ss << txTo.vin[nIn].prevout;
1617 ss << txTo.vin[nIn].nSequence;
1621 ss << txTo.nLockTime;
1630 (nIn >= txTo.vout.size())) {
1637 CTransactionSignatureSerializer<T> txTmp(txTo, scriptCode, nIn,
1642 ss << txTmp << sigHashType;
1648 const uint256 &sighash)
const {
1649 if (vchSig.size() == 64) {
1658 const std::vector<uint8_t> &vchSigIn,
const std::vector<uint8_t> &vchPubKey,
1666 std::vector<uint8_t> vchSig(vchSigIn);
1667 if (vchSig.empty()) {
1674 this->txdata,
flags);
1676 if (!VerifySignature(vchSig, pubkey, sighash)) {
1702 if (nLockTime > int64_t(txTo->nLockTime)) {
1727 const int64_t txToSequence = int64_t(txTo->vin[nIn].nSequence);
1731 if (
static_cast<uint32_t
>(txTo->nVersion) < 2) {
1745 const uint32_t nLockTimeMask =
1747 const int64_t txToSequenceMasked = txToSequence & nLockTimeMask;
1748 const CScriptNum nSequenceMasked = nSequence & nLockTimeMask;
1766 if (nSequenceMasked > txToSequenceMasked) {
1795 std::vector<valtype> stack, stackCopy;
1803 if (!
EvalScript(stack, scriptPubKey,
flags, checker, metrics, serror)) {
1807 if (stack.empty()) {
1822 swap(stack, stackCopy);
1829 const valtype &pubKeySerialized = stack.back();
1830 CScript pubKey2(pubKeySerialized.begin(), pubKeySerialized.end());
1839 metricsOut = metrics;
1840 return set_success(serror);
1847 if (stack.empty()) {
1864 if (stack.size() != 1) {
1884 "overflow sanity check on max script size");
1886 "overflow sanity check on maximum possible sigchecks "
1887 "from sig+redeem+pub scripts");
1893 metricsOut = metrics;
1894 return set_success(serror);
bool DecodeBitfield(const std::vector< uint8_t > &vch, unsigned size, uint32_t &bitfield, ScriptError *serror)
uint32_t countBits(uint32_t v)
virtual bool VerifySignature(const std::vector< uint8_t > &vchSig, const CPubKey &vchPubKey, const uint256 &sighash) const
virtual bool CheckLockTime(const CScriptNum &nLockTime) const
virtual bool CheckSequence(const CScriptNum &nSequence) const
virtual bool CheckSig(const std::vector< uint8_t > &vchSigIn, const std::vector< uint8_t > &vchPubKey, const CScript &scriptCode, uint32_t flags) const
A hasher class for Bitcoin's 160-bit hash (SHA-256 + RIPEMD-160).
CHash160 & Write(Span< const uint8_t > input)
void Finalize(Span< uint8_t > output)
A hasher class for Bitcoin's 256-bit hash (double SHA-256).
void Finalize(Span< uint8_t > output)
CHash256 & Write(Span< const uint8_t > input)
A writer stream (for serialization) that computes a 256-bit hash.
uint256 GetHash()
Compute the double-SHA256 hash of all data written to this object.
A mutable version of CTransaction.
An encapsulated public key.
bool VerifySchnorr(const uint256 &hash, const std::array< uint8_t, SCHNORR_SIZE > &sig) const
Verify a Schnorr signature (=64 bytes).
bool VerifyECDSA(const uint256 &hash, const std::vector< uint8_t > &vchSig) const
Verify a DER-serialized ECDSA signature (~72 bytes).
A hasher class for RIPEMD-160.
CRIPEMD160 & Write(const uint8_t *data, size_t len)
void Finalize(uint8_t hash[OUTPUT_SIZE])
void Finalize(uint8_t hash[OUTPUT_SIZE])
CSHA1 & Write(const uint8_t *data, size_t len)
A hasher class for SHA-256.
CSHA256 & Write(const uint8_t *data, size_t len)
void Finalize(uint8_t hash[OUTPUT_SIZE])
Serialized script, used inside transaction inputs and outputs.
bool IsPushOnly(const_iterator pc) const
Called by IsStandardTx and P2SH/BIP62 VerifyScript (which makes it consensus-critical).
bool IsPayToScriptHash() const
bool IsWitnessProgram(int &version, std::vector< uint8_t > &program) const
bool GetOp(const_iterator &pc, opcodetype &opcodeRet, std::vector< uint8_t > &vchRet) const
std::vector< uint8_t > getvch() const
static bool MinimallyEncode(std::vector< uint8_t > &data)
static bool IsMinimallyEncoded(const std::vector< uint8_t > &vch, const size_t nMaxNumSize=CScriptNum::MAXIMUM_ELEMENT_SIZE)
The basic transaction that is broadcasted on the network and contained in blocks.
static const uint32_t SEQUENCE_LOCKTIME_DISABLE_FLAG
If this flag set, CTxIn::nSequence is NOT interpreted as a relative lock-time.
static const uint32_t SEQUENCE_LOCKTIME_MASK
If CTxIn::nSequence encodes a relative lock-time, this mask is applied to extract that lock-time from...
static const uint32_t SEQUENCE_FINAL
Setting nSequence to this value for every input in a transaction disables nLockTime.
static const uint32_t SEQUENCE_LOCKTIME_TYPE_FLAG
If CTxIn::nSequence encodes a relative lock-time and this flag is set, the relative lock-time has uni...
An output of a transaction.
bool CheckSig(const std::vector< uint8_t > &vchSigIn, const std::vector< uint8_t > &vchPubKey, const CScript &scriptCode, uint32_t flags) const final override
bool CheckSequence(const CScriptNum &nSequence) const final override
bool CheckLockTime(const CScriptNum &nLockTime) const final override
Signature hash type wrapper class.
BaseSigHashType getBaseType() const
bool hasAnyoneCanPay() const
SigHashType withForkValue(uint32_t forkId) const
uint32_t getForkValue() const
iterator insert(iterator pos, const T &value)
static bool IsOpcodeDisabled(opcodetype opcode, uint32_t flags)
static void CleanupScriptCode(CScript &scriptCode, const std::vector< uint8_t > &vchSig, uint32_t flags)
uint256 SignatureHash(const CScript &scriptCode, const T &txTo, unsigned int nIn, SigHashType sigHashType, const Amount amount, const PrecomputedTransactionData *cache, uint32_t flags)
bool EvalScript(std::vector< valtype > &stack, const CScript &script, uint32_t flags, const BaseSignatureChecker &checker, ScriptExecutionMetrics &metrics, ScriptError *serror)
static bool EvalChecksig(const valtype &vchSig, const valtype &vchPubKey, CScript::const_iterator pbegincodehash, CScript::const_iterator pend, uint32_t flags, const BaseSignatureChecker &checker, ScriptExecutionMetrics &metrics, ScriptError *serror, bool &fSuccess)
Helper for OP_CHECKSIG and OP_CHECKSIGVERIFY.
bool CastToBool(const valtype &vch)
int FindAndDelete(CScript &script, const CScript &b)
static void popstack(std::vector< valtype > &stack)
bool VerifyScript(const CScript &scriptSig, const CScript &scriptPubKey, uint32_t flags, const BaseSignatureChecker &checker, ScriptExecutionMetrics &metricsOut, ScriptError *serror)
Execute an unlocking and locking script together.
#define stacktop(i)
Script is a stack machine (like Forth) that evaluates a predicate returning a bool indicating valid o...
bool CheckMinimalPush(const std::vector< uint8_t > &data, opcodetype opcode)
Check whether the given stack element data would be minimally pushed using the given opcode.
static const unsigned int LOCKTIME_THRESHOLD
static const unsigned int MAX_SCRIPT_ELEMENT_SIZE
static const int MAX_SCRIPT_SIZE
opcodetype
Script opcodes.
static const int MAX_STACK_SIZE
static const int MAX_OPS_PER_SCRIPT
static const int MAX_PUBKEYS_PER_MULTISIG
@ DISCOURAGE_UPGRADABLE_NOPS
@ INVALID_ALTSTACK_OPERATION
@ INVALID_STACK_OPERATION
@ SCRIPT_VERIFY_SIGPUSHONLY
@ SCRIPT_VERIFY_MINIMALIF
@ SCRIPT_VERIFY_CHECKLOCKTIMEVERIFY
@ SCRIPT_ENABLE_REPLAY_PROTECTION
@ SCRIPT_ENABLE_SCHNORR_MULTISIG
@ SCRIPT_VERIFY_STRICTENC
@ SCRIPT_VERIFY_CLEANSTACK
@ SCRIPT_VERIFY_MINIMALDATA
@ SCRIPT_DISALLOW_SEGWIT_RECOVERY
@ SCRIPT_VERIFY_DISCOURAGE_UPGRADABLE_NOPS
@ SCRIPT_VERIFY_CHECKSEQUENCEVERIFY
@ SCRIPT_ENABLE_SIGHASH_FORKID
@ SCRIPT_VERIFY_INPUT_SIGCHECKS
void Serialize(Stream &s, char a)
void WriteCompactSize(CSizeComputer &os, uint64_t nSize)
bool CheckTransactionSchnorrSignatureEncoding(const valtype &vchSig, uint32_t flags, ScriptError *serror)
Check that the signature provided to authentify a transaction is properly encoded Schnorr signature (...
bool CheckDataSignatureEncoding(const valtype &vchSig, uint32_t flags, ScriptError *serror)
Check that the signature provided on some data is properly encoded.
bool CheckTransactionECDSASignatureEncoding(const valtype &vchSig, uint32_t flags, ScriptError *serror)
Check that the signature provided to authentify a transaction is properly encoded ECDSA signature.
bool CheckTransactionSignatureEncoding(const valtype &vchSig, uint32_t flags, ScriptError *serror)
Check that the signature provided to authentify a transaction is properly encoded.
bool CheckPubKeyEncoding(const valtype &vchPubKey, uint32_t flags, ScriptError *serror)
Check that a public key is encoded properly.
std::vector< uint8_t > valtype
Precompute sighash midstate to avoid quadratic hashing.
PrecomputedTransactionData()
Struct for holding cumulative results from executing a script or a sequence of scripts.