1 // Copyright (c) 2009-2010 Satoshi Nakamoto 2 // Copyright (c) 2009-2019 The Bitcoin Core developers 3 // Distributed under the MIT software license, see the accompanying 4 // file COPYING or http://www.opensource.org/licenses/mit-license.php. 5 6 #ifndef BITCOIN_SCRIPT_INTERPRETER_H 7 #define BITCOIN_SCRIPT_INTERPRETER_H 8 9 #include <script/script_error.h> 10 #include <primitives/transaction.h> 11 12 #include <vector> 13 #include <stdint.h> 14 15 class CPubKey; 16 class CScript; 17 class CTransaction; 18 class uint256; 19 20 typedef std::vector<unsigned char> valtype; 21 22 /** Signature hash types/flags */ 23 enum 24 { 25 SIGHASH_ALL = 1, 26 SIGHASH_NONE = 2, 27 SIGHASH_SINGLE = 3, 28 SIGHASH_ANYONECANPAY = 0x80, 29 }; 30 31 /** Script verification flags. 32 * 33 * All flags are intended to be soft forks: the set of acceptable scripts under 34 * flags (A | B) is a subset of the acceptable scripts under flag (A). 35 */ 36 enum 37 { 38 SCRIPT_VERIFY_NONE = 0, 39 40 // Evaluate P2SH subscripts (BIP16). 41 SCRIPT_VERIFY_P2SH = (1U << 0), 42 43 // Passing a non-strict-DER signature or one with undefined hashtype to a checksig operation causes script failure. 44 // Evaluating a pubkey that is not (0x04 + 64 bytes) or (0x02 or 0x03 + 32 bytes) by checksig causes script failure. 45 // (not used or intended as a consensus rule). 46 SCRIPT_VERIFY_STRICTENC = (1U << 1), 47 48 // Passing a non-strict-DER signature to a checksig operation causes script failure (BIP62 rule 1) 49 SCRIPT_VERIFY_DERSIG = (1U << 2), 50 51 // Passing a non-strict-DER signature or one with S > order/2 to a checksig operation causes script failure 52 // (BIP62 rule 5). 53 SCRIPT_VERIFY_LOW_S = (1U << 3), 54 55 // verify dummy stack item consumed by CHECKMULTISIG is of zero-length (BIP62 rule 7). 56 SCRIPT_VERIFY_NULLDUMMY = (1U << 4), 57 58 // Using a non-push operator in the scriptSig causes script failure (BIP62 rule 2). 59 SCRIPT_VERIFY_SIGPUSHONLY = (1U << 5), 60 61 // Require minimal encodings for all push operations (OP_0... OP_16, OP_1NEGATE where possible, direct 62 // pushes up to 75 bytes, OP_PUSHDATA up to 255 bytes, OP_PUSHDATA2 for anything larger). Evaluating 63 // any other push causes the script to fail (BIP62 rule 3). 64 // In addition, whenever a stack element is interpreted as a number, it must be of minimal length (BIP62 rule 4). 65 SCRIPT_VERIFY_MINIMALDATA = (1U << 6), 66 67 // Discourage use of NOPs reserved for upgrades (NOP1-10) 68 // 69 // Provided so that nodes can avoid accepting or mining transactions 70 // containing executed NOP's whose meaning may change after a soft-fork, 71 // thus rendering the script invalid; with this flag set executing 72 // discouraged NOPs fails the script. This verification flag will never be 73 // a mandatory flag applied to scripts in a block. NOPs that are not 74 // executed, e.g. within an unexecuted IF ENDIF block, are *not* rejected. 75 // NOPs that have associated forks to give them new meaning (CLTV, CSV) 76 // are not subject to this rule. 77 SCRIPT_VERIFY_DISCOURAGE_UPGRADABLE_NOPS = (1U << 7), 78 79 // Require that only a single stack element remains after evaluation. This changes the success criterion from 80 // "At least one stack element must remain, and when interpreted as a boolean, it must be true" to 81 // "Exactly one stack element must remain, and when interpreted as a boolean, it must be true". 82 // (BIP62 rule 6) 83 // Note: CLEANSTACK should never be used without P2SH or WITNESS. 84 SCRIPT_VERIFY_CLEANSTACK = (1U << 8), 85 86 // Verify CHECKLOCKTIMEVERIFY 87 // 88 // See BIP65 for details. 89 SCRIPT_VERIFY_CHECKLOCKTIMEVERIFY = (1U << 9), 90 91 // support CHECKSEQUENCEVERIFY opcode 92 // 93 // See BIP112 for details 94 SCRIPT_VERIFY_CHECKSEQUENCEVERIFY = (1U << 10), 95 96 // Support segregated witness 97 // 98 SCRIPT_VERIFY_WITNESS = (1U << 11), 99 100 // Making v1-v16 witness program non-standard 101 // 102 SCRIPT_VERIFY_DISCOURAGE_UPGRADABLE_WITNESS_PROGRAM = (1U << 12), 103 104 // Segwit script only: Require the argument of OP_IF/NOTIF to be exactly 0x01 or empty vector 105 // 106 SCRIPT_VERIFY_MINIMALIF = (1U << 13), 107 108 // Signature(s) must be empty vector if a CHECK(MULTI)SIG operation failed 109 // 110 SCRIPT_VERIFY_NULLFAIL = (1U << 14), 111 112 // Public keys in segregated witness scripts must be compressed 113 // 114 SCRIPT_VERIFY_WITNESS_PUBKEYTYPE = (1U << 15), 115 116 // Making OP_CODESEPARATOR and FindAndDelete fail any non-segwit scripts 117 // 118 SCRIPT_VERIFY_CONST_SCRIPTCODE = (1U << 16), 119 120 // Support sender address in contract output 121 // 122 SCRIPT_OUTPUT_SENDER = (1U << 29), 123 124 // Performs the compiled byte code 125 // 126 SCRIPT_EXEC_BYTE_CODE = (1U << 30), 127 }; 128 129 bool CheckSignatureEncoding(const std::vector<unsigned char> &vchSig, unsigned int flags, ScriptError* serror); 130 131 struct PrecomputedTransactionData 132 { 133 uint256 hashPrevouts, hashSequence, hashOutputs, hashOutputsOpSender; 134 bool ready = false; 135 136 template <class T> 137 explicit PrecomputedTransactionData(const T& tx); 138 }; 139 140 enum class SigVersion 141 { 142 BASE = 0, 143 WITNESS_V0 = 1, 144 }; 145 146 /** Signature hash sizes */ 147 static constexpr size_t WITNESS_V0_SCRIPTHASH_SIZE = 32; 148 static constexpr size_t WITNESS_V0_KEYHASH_SIZE = 20; 149 150 template <class T> 151 uint256 SignatureHash(const CScript& scriptCode, const T& txTo, unsigned int nIn, int nHashType, const CAmount& amount, SigVersion sigversion, const PrecomputedTransactionData* cache = nullptr); 152 153 template <class T> 154 uint256 SignatureHashOutput(const CScript& scriptCode, const T& txTo, unsigned int nOut, int nHashType, const CAmount& amount, SigVersion sigversion, const PrecomputedTransactionData* cache = nullptr); 155 156 class BaseSignatureChecker 157 { 158 public: CheckSig(const std::vector<unsigned char> & scriptSig,const std::vector<unsigned char> & vchPubKey,const CScript & scriptCode,SigVersion sigversion)159 virtual bool CheckSig(const std::vector<unsigned char>& scriptSig, const std::vector<unsigned char>& vchPubKey, const CScript& scriptCode, SigVersion sigversion) const 160 { 161 return false; 162 } 163 CheckLockTime(const CScriptNum & nLockTime)164 virtual bool CheckLockTime(const CScriptNum& nLockTime) const 165 { 166 return false; 167 } 168 CheckSequence(const CScriptNum & nSequence)169 virtual bool CheckSequence(const CScriptNum& nSequence) const 170 { 171 return false; 172 } 173 ~BaseSignatureChecker()174 virtual ~BaseSignatureChecker() {} 175 }; 176 177 template <class T> 178 class GenericTransactionSignatureChecker : public BaseSignatureChecker 179 { 180 private: 181 const T* txTo; 182 unsigned int nIn; 183 const CAmount amount; 184 const PrecomputedTransactionData* txdata; 185 186 protected: 187 virtual bool VerifySignature(const std::vector<unsigned char>& vchSig, const CPubKey& vchPubKey, const uint256& sighash) const; 188 189 public: GenericTransactionSignatureChecker(const T * txToIn,unsigned int nInIn,const CAmount & amountIn)190 GenericTransactionSignatureChecker(const T* txToIn, unsigned int nInIn, const CAmount& amountIn) : txTo(txToIn), nIn(nInIn), amount(amountIn), txdata(nullptr) {} GenericTransactionSignatureChecker(const T * txToIn,unsigned int nInIn,const CAmount & amountIn,const PrecomputedTransactionData & txdataIn)191 GenericTransactionSignatureChecker(const T* txToIn, unsigned int nInIn, const CAmount& amountIn, const PrecomputedTransactionData& txdataIn) : txTo(txToIn), nIn(nInIn), amount(amountIn), txdata(&txdataIn) {} 192 bool CheckSig(const std::vector<unsigned char>& scriptSig, const std::vector<unsigned char>& vchPubKey, const CScript& scriptCode, SigVersion sigversion) const override; 193 bool CheckLockTime(const CScriptNum& nLockTime) const override; 194 bool CheckSequence(const CScriptNum& nSequence) const override; 195 }; 196 197 using TransactionSignatureChecker = GenericTransactionSignatureChecker<CTransaction>; 198 using MutableTransactionSignatureChecker = GenericTransactionSignatureChecker<CMutableTransaction>; 199 200 template <class T> 201 class GenericTransactionSignatureOutputChecker : public BaseSignatureChecker 202 { 203 private: 204 const T* txTo; 205 unsigned int nOut; 206 const CAmount amount; 207 const PrecomputedTransactionData* txdata; 208 209 protected: 210 virtual bool VerifySignature(const std::vector<unsigned char>& vchSig, const CPubKey& vchPubKey, const uint256& sighash) const; 211 212 public: GenericTransactionSignatureOutputChecker(const T * txToIn,unsigned int nOutIn,const CAmount & amountIn)213 GenericTransactionSignatureOutputChecker(const T* txToIn, unsigned int nOutIn, const CAmount& amountIn) : txTo(txToIn), nOut(nOutIn), amount(amountIn), txdata(nullptr) {} GenericTransactionSignatureOutputChecker(const T * txToIn,unsigned int nOutIn,const CAmount & amountIn,const PrecomputedTransactionData & txdataIn)214 GenericTransactionSignatureOutputChecker(const T* txToIn, unsigned int nOutIn, const CAmount& amountIn, const PrecomputedTransactionData& txdataIn) : txTo(txToIn), nOut(nOutIn), amount(amountIn), txdata(&txdataIn) {} 215 bool CheckSig(const std::vector<unsigned char>& scriptSig, const std::vector<unsigned char>& vchPubKey, const CScript& scriptCode, SigVersion sigversion) const override; 216 }; 217 218 using TransactionSignatureOutputChecker = GenericTransactionSignatureOutputChecker<CTransaction>; 219 using MutableTransactionSignatureOutputChecker = GenericTransactionSignatureOutputChecker<CMutableTransaction>; 220 221 bool EvalScript(std::vector<std::vector<unsigned char> >& stack, const CScript& script, unsigned int flags, const BaseSignatureChecker& checker, SigVersion sigversion, ScriptError* error = nullptr); 222 bool VerifyScript(const CScript& scriptSig, const CScript& scriptPubKey, const CScriptWitness* witness, unsigned int flags, const BaseSignatureChecker& checker, ScriptError* serror = nullptr); 223 224 size_t CountWitnessSigOps(const CScript& scriptSig, const CScript& scriptPubKey, const CScriptWitness* witness, unsigned int flags); 225 226 int FindAndDelete(CScript& script, const CScript& b); 227 228 bool IsLowDERSignature(const valtype &vchSig, ScriptError* serror = NULL, bool haveHashType = true); 229 bool IsDERSignature(const valtype &vchSig, ScriptError* serror = NULL, bool haveHashType = true); 230 bool IsCompressedOrUncompressedPubKey(const valtype &vchPubKey); 231 232 #endif // BITCOIN_SCRIPT_INTERPRETER_H 233