* [NOD-532] Change chain to DAG in the root package.
* [NOD-532] Change chain to DAG in checkpoints.go.
* [NOD-532] Change chain to DAG in blockdag.
* [NOD-532] Change chain to DAG in cmd.
* [NOD-532] Change chain to DAG in dagconfig.
* [NOD-532] Change chain to DAG in database.
* [NOD-532] Change chain to DAG in mempool.
* [NOD-532] Change chain to DAG in mempool.
* [NOD-532] Change chain to DAG in netsync.
* [NOD-532] Change chain to DAG in rpcclient.
* [NOD-532] Change chain to DAG in server.
* [NOD-532] Change chain to DAG in txscript.
* [NOD-532] Change chain to DAG in util.
* [NOD-532] Change chain to DAG in wire.
* [NOD-532] Remove block heights in dagio.go examples.
* [NOD-532] Rename fakeChain to fakeDAG.
* [NOD-532] Fix comments, remove unused EnableBCInfoHacks flag.
* [NOD-532] Fix comments and variable names.
* [NOD-532] Fix comments.
* [NOD-532] Fix merge errors.
* [NOD-532] Formatted project.
* [NOD-373] Implement Schnorr digital signatures and remove ECDSA (based on code from gcash/bchd)
* [NOD-374] Add new error to list; Update comments.
* [NOD-373] Remove leftovers of verifyMessage RPC command (which was deleted)
* [NOD-373] Remove redundant test, add Schnorr tests, and fix tests where needed
* [NOD-373] Fix tests and remove redundant ones
* [NOD-373] Refactor functions names
* [NOD-373] Remove empty line
* [NOD-373] Fix comments, rename functions to more meaningful names
* [NOD-373] Additional data in nonceRFC6979 should not be nil
* [NOD-373] Refactor function name
* [NOD-373] Add permalinks for links to bchd code
* [DEV-376] Changed any instance of %v in format strings with a more specific format token
* [DEV-376] Fixed some more wrong formatting strings + removed redundant
cast
* [DEV-376] Added fmt.Sprintf where it was missing
* [DEV-376] use %s for util.Amount, to invoke .String()
* [DEV-376] Some more fixes in format strings
* [DEV-376] fixed mruinvmap_test to expect the correct behaviour
* [DEV-98] Move script flags from relay rules to consensus
* [DEV-98] remove flags from script_tests.json
* [DEV-98] fix multisig and remove test that assume no minimal data rule
* [DEV-98] rename bip16 bool to isP2sh
* [DEV-98] add sighash type to overly long signature in script_tests.json
* [DEV-98] add test for NUMEQUAL for non equal numbers script_tests.json
* [DEV-98] remove debugging if
* [DEV-98] remove ErrCleanStack from EVAL_FALSE
* [DEV-98] change isP2sh to isP2SH to comply with Go style
* [DEV-98] add ScriptNoFlags to explictly indicate for empty ScriptFlags
* [DEV-98] rename ErrPubKeyType -> ErrPubKeyFormat
* [DEV-98] rename PUBKEYTYPE -> PUBKEYFORMAT
* [DEV-18] changed CSV/CLTV to be regular op codes, and returned nop2 and nop3 to be regular nops
* [DEV-18] remove csv/cltv flags - part 1
* [DEV-18] remove csv/cltv flags - part 2
* [DEV-18] remove csv/cltv activation rules
* [DEV-18] remove csv/cltv activation rules
* [DEV-18] csv_fork_test fixes
* [DEV-18] readd chain params
* [DEV-18] readd chain params and remove csv activation rules
* [DEV-18] returned build flags to integration test
* [DEV-18] make csv/cltv to pop the the first element of the stack instead of peeking it
* [DEV-18] fix comments related to CSV/CLTV to remove any reference to soft fork
* [DEV-18] fix comments related to CSV/CLTV to remove any reference to soft fork
* [DEV-18] rename csv_fork_test.go to csv_fork.go
* [DEV-18] change mTx location
* [DEV-18] remove BIP0065Height
* [DEV-18] add function isUpgradableNop for readability
* [DEV-56] Remove any occurance of OP_CODESEPARATOR
* [DEV-56] Modified sighash tests to exclude OP_CODESEPARATOR
* [DEV-56] Fixed sighash.json to not include any codeseparators at all
* [DEV-56] Reformatted sighash.json
* [DEV-56] Rename any instance of subScript to script
* [DEV-56] Extracted check for opUnknown to separate function
* [DEV-58] Removed temporary code for test cleanup
* [DEV-50] Remove the Multisig bug requiring a dummy push
* [DEV-53] SigHashSingle now errors when the index is wrong
* [DEV-53] Fixed tests for SIGHASH_SINGLE
* [DEV-55] Removed FindAndDelete functionality that deletes sognatures
* [DEV-55] Removed some more redundant tests
* [DEV-55] Fixed redundant comment
* [DEV-50] Remove the Multisig bug requiring a dummy push
* [DEV-53] SigHashSingle now errors when the index is wrong
* [DEV-53] Fixed tests for SIGHASH_SINGLE
* [DEV-53] Removed redundant part of comment
* [DEV-50] Remove the Multisig bug requiring a dummy push
* [DEV-50] Removed redundant comment, since dummy bug was fixed
* [DEV-50] Removed some more dummy-related comments and error message
This commit adds verification of the post-segwit standardness
requirement that all pubkeys involved in checks operations MUST be
serialized as compressed public keys. A new ScriptFlag has been added
to guard this behavior when executing scripts.
This commit modifies the op-code execution for OP_IF and OP_NOTIF to
enforce the additional “minimal if” constraints which require the
top-stack item when the op codes are encountered to be either an empty
vector, or exactly [0x01].
This commit implements full witness program validation for the
currently defined version 0 witness programs. This includes validation
logic for nested p2sh, p2wsh, and p2wkh. Additionally, when in witness
validation mode, an additional set of constrains are enforced such as
using the new sighash digest algorithm and enforcing clean stack
behavior within witness programs.
This commit implements most of BIP0143 by adding logic to implement the
new sighash calculation, signing, and additionally introduces the
HashCache optimization which eliminates the O(N^2) computational
complexity for the SIGHASH_ALL sighash type.
The HashCache struct is the equivalent to the existing SigCache struct,
but for caching the reusable midstate for transactions which are
spending segwitty outputs.
Now that glide is used for version management and a specific commit of
the upstream repository can be locked it is no longer necessary to
maintain a fork of the package specifically to keep a stable dependency.
While here, update the glide dependency for btcutil as well since it was
switched to use the upstream path as well.
ScriptVerifyNullFail defines that signatures must be empty if a
CHECKSIG or CHECKMULTISIG operation fails.
This commit also enables ScriptVerifyNullFail at the mempool policy
level.
This converts the majority of script errors from generic errors created
via errors.New and fmt.Errorf to use a concrete type that implements the
error interface with an error code and description.
This allows callers to programmatically detect the type of error via
type assertions and an error code while still allowing the errors to
provide more context.
For example, instead of just having an error the reads "disabled opcode"
as would happen prior to these changes when a disabled opcode is
encountered, the error will now read "attempt to execute disabled opcode
OP_FOO".
While it was previously possible to programmatically detect many errors
due to them being exported, they provided no additional context and
there were also various instances that were just returning errors
created on the spot which callers could not reliably detect without
resorting to looking at the actual error message, which is nearly always
bad practice.
Also, while here, export the MaxStackSize and MaxScriptSize constants
since they can be useful for consumers of the package and perform some
minor cleanup of some of the tests.
The CSV consensus rules dictate that the opcode fails when the
transaction version is not at least version 2, however that only applies
if the disable flag is not set in the sequence.
This is not an issue at the current time because we do not yet enforce
CSV at a consensus level, however, I noticed this discrepancy when doing
a thorough audit of the CSV paths due to the ongoing work to add full
consensus-enforced CSV support.
As a result, this must be merged prior to enabling consensus enforcement
for CSV or it would open up the potential for a hard fork.
This is mostly a backport of some of the same modifications made in
Decred along with a few additional things cleaned up. In particular,
this updates the code to make use of the new chainhash package.
Also, since this required API changes anyways and the hash algorithm is
no longer tied specifically to SHA, all other functions throughout the
code base which had "Sha" in their name have been changed to Hash so
they are not incorrectly implying the hash algorithm.
The following is an overview of the changes:
- Remove the wire.ShaHash type
- Update all references to wire.ShaHash to the new chainhash.Hash type
- Rename the following functions and update all references:
- wire.BlockHeader.BlockSha -> BlockHash
- wire.MsgBlock.BlockSha -> BlockHash
- wire.MsgBlock.TxShas -> TxHashes
- wire.MsgTx.TxSha -> TxHash
- blockchain.ShaHashToBig -> HashToBig
- peer.ShaFunc -> peer.HashFunc
- Rename all variables that included sha in their name to include hash
instead
- Update for function name changes in other dependent packages such as
btcutil
- Update copyright dates on all modified files
- Update glide.lock file to use the required version of btcutil
See https://github.com/bitcoin/bips/blob/master/bip-0065.mediawiki for
more information.
This commit mimics Bitcoin Core commit bc60b2b4b401f0adff5b8b9678903ff8feb5867b
and includes additional tests from Bitcoin Core commit
cb54d17355864fa08826d6511a0d7692b21ef2c9
Introduce an ECDSA signature verification into btcd in order to
mitigate a certain DoS attack and as a performance optimization.
The benefits of SigCache are two fold. Firstly, usage of SigCache
mitigates a DoS attack wherein an attacker causes a victim's client to
hang due to worst-case behavior triggered while processing attacker
crafted invalid transactions. A detailed description of the mitigated
DoS attack can be found here: https://bitslog.wordpress.com/2013/01/23/fixed-bitcoin-vulnerability-explanation-why-the-signature-cache-is-a-dos-protection/
Secondly, usage of the SigCache introduces a signature verification
optimization which speeds up the validation of transactions within a
block, if they've already been seen and verified within the mempool.
The server itself manages the sigCache instance. The blockManager and
txMempool respectively now receive pointers to the created sigCache
instance. All read (sig triplet existence) operations on the sigCache
will not block unless a separate goroutine is adding an entry (writing)
to the sigCache. GetBlockTemplate generation now also utilizes the
sigCache in order to avoid unnecessarily double checking signatures
when generating a template after previously accepting a txn to the
mempool. Consequently, the CPU miner now also employs the same
optimization.
The maximum number of entries for the sigCache has been introduced as a
config parameter in order to allow users to configure the amount of
memory consumed by this new additional caching.
This commit contains fixes from the results of a thorough audit of
txscript to find any cases of script evaluation which doesn't match the
required consensus behavior. These conditions are fairly obscure and
highly unlikely to happen in any real scripts, but they could have
nevertheless been used by a clever attacker with malicious intent to
cause a fork.
Test cases which exercise these conditions have been added to the
reference tests and will contributed upstream to improve the quality for
the entire ecosystem.
Unlike OP_IF and OP_NOTIF which interpret the top stack item as a
number, OP_IFDUP interprets it as a boolean. This has important
consequences because numbers are imited to int32s while booleans can be
an arbitrary number of bytes.
The offending script was found and reported by Jonas Nick through the
use of fuzzing.
This commit implements a new type, named scriptNum, for handling all
numeric values used in scripts and converts the code over to make use of
it. This is being done for a few of reasons.
First, the consensus rules for handling numeric values in the scripts
require special handling with subtle semantics. By encapsulating those
details into a type specifically dedicated to that purpose, it
simplifies the code and generally helps prevent improper usage.
Second, the new type is quite a bit more efficient than big.Ints which
are designed to be arbitrarily large and thus involve a lot of heap
allocations and additional multi-precision bookkeeping. Because this
new type is based on an int64, it allows the numbers to be stack
allocated thereby eliminating a lot of GC and also eliminates the extra
multi-precision arithmetic bookkeeping.
The use of an int64 is possible because the consensus rules dictate that
when data is interpreted as a number, it is limited to an int32 even
though results outside of this range are allowed so long as they are not
interpreted as integers again themselves. Thus, the maximum possible
result comes from multiplying a max int32 by itself which safely fits
into an int64 and can then still appropriately provide the serialization
of the larger number as required by consensus.
Finally, it more closely resembles the implementation used by Bitcoin
Core and thus makes is easier to compare the behavior between the two
implementations.
This commit also includes a full suite of tests with 100% coverage of
the semantics of the new type.
This commit contains a lot of cleanup on the txscript code to make it
more consistent with the code throughout the rest of the project. It
doesn't change any operational logic.
The following is an overview of the changes:
- Add a significant number of comments throughout in order to better
explain what the code is doing
- Fix several comment typos
- Move a couple of constants only used by the engine to engine.go
- Move a variable only used by the engine to engine.go
- Fix a couple of format specifiers in the test prints
- Reorder functions so they're defined before/closer to use
- Make the code lint clean with the exception of the opcode definitions
- Remove all redundant opcode tests in favor of the JSON-based tests
in the data directory.
- Remove duplicate stack nip test
- Add new tests to data/script_invalid.json to exercise additional
negative error paths
- Remove old unneeded pubkey trace code from opcodeCheckSig
- Simplify and improve the disassembly print function
- Add new tests to directly test all individual opcode disassembly
- Add new tests to directly test opcode disabled function which does not
get invoked during ordinary execution
- Improve test coverage of opcode.go
This commit moves the opcode execution logic from the opcode type to the
engine type because execution of an opcode modifies the engine state
(primarily the main and alternate data stacks) as opposed to the state
of the opcode. Making the engine the receiver more clearly indicates
this fact.
