Page MenuHomePhabricator
Differential D3474 Diff 10570 src/script/interpreter.cpp

Changeset View

Standalone View

View Options

src/script/interpreter.cpp

// Copyright (c) 2009-2010 Satoshi Nakamoto // Copyright (c) 2009-2010 Satoshi Nakamoto
// Copyright (c) 2009-2016 The Bitcoin Core developers // Copyright (c) 2009-2016 The Bitcoin Core developers
// Copyright (c) 2017-2018 The Bitcoin developers // Copyright (c) 2017-2018 The Bitcoin developers
// Distributed under the MIT software license, see the accompanying // Distributed under the MIT software license, see the accompanying
// file COPYING or http://www.opensource.org/licenses/mit-license.php. // file COPYING or http://www.opensource.org/licenses/mit-license.php.
#include <script/interpreter.h> #include <script/interpreter.h>
#include <crypto/ripemd160.h> #include <crypto/ripemd160.h>
#include <crypto/sha1.h> #include <crypto/sha1.h>
#include <crypto/sha256.h> #include <crypto/sha256.h>
#include <primitives/transaction.h> #include <primitives/transaction.h>
#include <pubkey.h> #include <pubkey.h>
#include <script/bitfield.h>
#include <script/script.h> #include <script/script.h>
#include <script/script_flags.h> #include <script/script_flags.h>
#include <script/sigencoding.h> #include <script/sigencoding.h>
#include <uint256.h> #include <uint256.h>
#include <util/bitmanip.h>
bool CastToBool(const valtype &vch) { bool CastToBool(const valtype &vch) {
for (size_t i = 0; i < vch.size(); i++) { for (size_t i = 0; i < vch.size(); i++) {
if (vch[i] != 0) { if (vch[i] != 0) {
// Can be negative zero // Can be negative zero
if (i == vch.size() - 1 && vch[i] == 0x80) { if (i == vch.size() - 1 && vch[i] == 0x80) {
return false; return false;
} }
▲ Show 20 LinesShow All 981 Lines▼ Show 20 Lines try {
// stack depth of the dummy element // stack depth of the dummy element
const size_t idxDummy = idxTopSig + nSigsCount; const size_t idxDummy = idxTopSig + nSigsCount;
if (stack.size() < idxDummy) { if (stack.size() < idxDummy) {
return set_error( return set_error(
serror, ScriptError::INVALID_STACK_OPERATION); serror, ScriptError::INVALID_STACK_OPERATION);
} }
// Subset of script starting at the most recent
// codeseparator
CScript scriptCode(pbegincodehash, pend);
// Assuming success is usually a bad idea, but the
// schnorr path can only succeed.
bool fSuccess = true;
if ((flags & SCRIPT_ENABLE_SCHNORR_MULTISIG) &&
stacktop(-idxDummy).size() != 0) {
// SCHNORR MULTISIG
static_assert(MAX_PUBKEYS_PER_MULTISIG < 32);
uint32_t checkBits = 0;
// Dummy element is to be interpreted as a bitfield
// that represent which pubkeys should be checked.
valtype &vchDummy = stacktop(-idxDummy);
if (!DecodeBitfield(vchDummy, nKeysCount, checkBits,
serror)) {
// serror is set
return false;
}
// The bitfield doesn't set the right number of
// signatures.
if (countBits(checkBits) != uint32_t(nSigsCount)) {
return set_error(
serror, ScriptError::INVALID_BIT_COUNT);
}
const size_t idxBottomKey =
idxTopKey + nKeysCount - 1;
const size_t idxBottomSig =
idxTopSig + nSigsCount - 1;
int iKey = 0;
for (int iSig = 0; iSig < nSigsCount;
iSig++, iKey++) {
if ((checkBits >> iKey) == 0) {
// This is a sanity check and should be
// unrecheable.
return set_error(
serror, ScriptError::INVALID_BIT_RANGE);
}
// Find the next suitable key.
while (((checkBits >> iKey) & 0x01) == 0) {
iKey++;
}
if (iKey >= nKeysCount) {
// This is a sanity check and should be
// unrecheable.
return set_error(serror,
ScriptError::PUBKEY_COUNT);
}
// Check the signature.
valtype &vchSig =
stacktop(-idxBottomSig + iSig);
valtype &vchPubKey =
stacktop(-idxBottomKey + iKey);
// Note that only pubkeys associated with a
// signature are checked for validity.
if (!CheckTransactionSchnorrSignatureEncoding(
vchSig, flags, serror) ||
!CheckPubKeyEncoding(vchPubKey, flags,
serror)) {
// serror is set
return false;
}
// Check signature
if (!checker.CheckSig(vchSig, vchPubKey,
scriptCode, flags)) {
// This can fail if the signature is empty,
// which also is a NULLFAIL error as the
// bitfield should have been null in this
// situation.
return set_error(serror,
ScriptError::SIG_NULLFAIL);
}
}
if ((checkBits >> iKey) != 0) {
// This is a sanity check and should be
// unrecheable.
return set_error(
serror, ScriptError::INVALID_BIT_COUNT);
}
} else {
// LEGACY MULTISIG (ECDSA / NULL)
// A bug causes CHECKMULTISIG to consume one extra // A bug causes CHECKMULTISIG to consume one extra
// argument whose contents were not checked in any way. // argument whose contents were not checked in any
// way.
// //
// Unfortunately this is a potential source of // Unfortunately this is a potential source of
// mutability, so optionally verify it is exactly equal // mutability, so optionally verify it is exactly
// to zero. // equal to zero.
if ((flags & SCRIPT_VERIFY_NULLDUMMY) && if ((flags & SCRIPT_VERIFY_NULLDUMMY) &&
stacktop(-idxDummy).size()) { stacktop(-idxDummy).size()) {
return set_error(serror, return set_error(serror,
ScriptError::SIG_NULLDUMMY); ScriptError::SIG_NULLDUMMY);
} }
// Subset of script starting at the most recent
// codeseparator
CScript scriptCode(pbegincodehash, pend);
// Remove signature for pre-fork scripts // Remove signature for pre-fork scripts
for (int k = 0; k < nSigsCount; k++) { for (int k = 0; k < nSigsCount; k++) {
valtype &vchSig = stacktop(-idxTopSig - k); valtype &vchSig = stacktop(-idxTopSig - k);
CleanupScriptCode(scriptCode, vchSig, flags); CleanupScriptCode(scriptCode, vchSig, flags);
} }
bool fSuccess = true;
int nSigsRemaining = nSigsCount; int nSigsRemaining = nSigsCount;
int nKeysRemaining = nKeysCount; int nKeysRemaining = nKeysCount;
while (fSuccess && nSigsRemaining > 0) { while (fSuccess && nSigsRemaining > 0) {
valtype &vchSig = stacktop( valtype &vchSig = stacktop(
-idxTopSig - (nSigsCount - nSigsRemaining)); -idxTopSig - (nSigsCount - nSigsRemaining));
valtype &vchPubKey = stacktop( valtype &vchPubKey = stacktop(
-idxTopKey - (nKeysCount - nKeysRemaining)); -idxTopKey - (nKeysCount - nKeysRemaining));
// Note how this makes the exact order of // Note how this makes the exact order of
// pubkey/signature evaluation distinguishable by // pubkey/signature evaluation distinguishable
// CHECKMULTISIG NOT if the STRICTENC flag is set. // by CHECKMULTISIG NOT if the STRICTENC flag is
// See the script_(in)valid tests for details. // set. See the script_(in)valid tests for
// details.
if (!CheckTransactionECDSASignatureEncoding( if (!CheckTransactionECDSASignatureEncoding(
vchSig, flags, serror) || vchSig, flags, serror) ||
!CheckPubKeyEncoding(vchPubKey, flags, !CheckPubKeyEncoding(vchPubKey, flags,
serror)) { serror)) {
// serror is set // serror is set
return false; return false;
} }
// Check signature // Check signature
bool fOk = checker.CheckSig(vchSig, vchPubKey, bool fOk = checker.CheckSig(vchSig, vchPubKey,
scriptCode, flags); scriptCode, flags);
if (fOk) { if (fOk) {
nSigsRemaining--; nSigsRemaining--;
} }
nKeysRemaining--; nKeysRemaining--;
// If there are more signatures left than keys left, // If there are more signatures left than keys
// then too many signatures have failed. Exit early, // left, then too many signatures have failed.
// without checking any further signatures. // Exit early, without checking any further
// signatures.
if (nSigsRemaining > nKeysRemaining) { if (nSigsRemaining > nKeysRemaining) {
fSuccess = false; fSuccess = false;
} }
} }
}
// If the operation failed, we require that all // If the operation failed, we require that all
// signatures must be empty vector // signatures must be empty vector
if (!fSuccess && (flags & SCRIPT_VERIFY_NULLFAIL)) { if (!fSuccess && (flags & SCRIPT_VERIFY_NULLFAIL)) {
for (int i = 0; i < nSigsCount; i++) { for (int i = 0; i < nSigsCount; i++) {
if (stacktop(-idxTopSig - i).size()) { if (stacktop(-idxTopSig - i).size()) {
return set_error(serror, return set_error(serror,
ScriptError::SIG_NULLFAIL); ScriptError::SIG_NULLFAIL);
▲ Show 20 LinesShow All 596 LinesShow Last 20 Lines