highperfocused/bitcoin
1
0
Fork 0
mirror of https://github.com/bitcoin/bitcoin.git synced 2026-06-08 05:39:38 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge bitcoin/bitcoin#24147: Miniscript integration

Browse Source 
2da94a4c6f fuzz: add a fuzz target for Miniscript decoding from Script (Antoine Poinsot)
f8369996e7 Miniscript: ops limit and stack size computation (Pieter Wuille)
2e55e88f86 Miniscript: conversion from script (Pieter Wuille)
1ddaa66eae Miniscript: type system, script creation, text notation, tests (Pieter Wuille)
4fe29368c0 script: expose getter for CScriptNum, add a BuildScript helper (Antoine Poinsot)
f4e289f384 script: move CheckMinimalPush from interpreter to script.h (Antoine Poinsot)
31ec6ae92a script: make IsPushdataOp non-static (Antoine Poinsot)

Pull request description:

  Miniscript is a language for writing (a subset of) Bitcoin Scripts in a structured way.

  Miniscript permits:
  - To safely extend the Output Descriptor language to many more scripting features thanks to the typing system (composition).
  - Statical analysis of spending conditions, maximum spending cost of each branch, security properties, third-party malleability.
  - General satisfaction of any correctly typed ("valid" [0]) Miniscript. The satisfaction itself is also analyzable.
  - To extend the possibilities of external signers, because of all of the above and since it carries enough metadata.

  Miniscript guarantees:
  - That for any statically-analyzed as "safe" [0] Script, a witness can be constructed in the bounds of the consensus and standardness rules (standardness complete).
  - That unless the conditions of the Miniscript are met, no witness can be created for the Script (consensus sound).
  - Third-party malleability protection for the satisfaction of a sane Miniscript, which is too complex to summarize here.

  For more details around Miniscript (including the specifications), please refer to the [website](https://bitcoin.sipa.be/miniscript/).

  Miniscript was designed by Pieter Wuille, Andrew Poelstra and Sanket Kanjalkar.
  This PR is an updated and rebased version of #16800. See [the commit history of the Miniscript repository](https://github.com/sipa/miniscript/commits/master) for details about the changes made since September 2019 (TL;DR: bugfixes, introduction of timelock conflicts in the type system, `pk()` and `pkh()` aliases, `thresh_m` renamed to `multi`, all recursive algorithms were made non-recursive).

  This PR is also the first in a series of 3:
  - The first one (here) integrates the backbone of Miniscript.
  - The second one (#24148) introduces support for Miniscript in Output Descriptors, allowing for watch-only support of Miniscript Descriptors in the wallet.
  - The third one (#24149) implements signing for these Miniscript Descriptors, using Miniscript's satisfaction algorithm.

  Note to reviewers:
  - Miniscript is currently defined only for P2WSH. No Taproot yet.
  - Miniscript is different from the policy language (a high-level logical representation of a spending policy). A policy->Miniscript compiler is not included here.
  - The fuzz target included here is more interestingly extended in the 3rd PR to check a script's satisfaction against `VerifyScript`. I think it could be further improved by having custom mutators as we now have for multisig (see https://github.com/bitcoin/bitcoin/issues/23105). A minified corpus of Miniscript Scripts is available at https://github.com/bitcoin-core/qa-assets/pull/85.

  [0] We call "valid" any correctly-typed Miniscript. And "safe" any sane Miniscript, ie one whose satisfaction isn't malleable, which requires a key for any spending path, etc..

ACKs for top commit:
  jb55:
    ACK 2da94a4c6f
  laanwj:
    Light code review ACK 2da94a4c6f (mostly reviewed the changes to the existing code and build system)

Tree-SHA512: d3ef558436cfcc699a50ad13caf1e776f7d0addddb433ee28ef38f66ea5c3e581382d8c748ccac9b51768e4b95712ed7a6112b0e3281a6551e0f325331de9167
This commit is contained in:
laanwj
2022-04-05 13:02:27 +02:00
parent 0baf6aded5 2da94a4c6f
commit d492dc1cda
12 changed files with 2419 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
src/script/interpreter.cpp
View File

@@ -225,31 +225,6 @@ bool static CheckPubKeyEncoding(const valtype &vchPubKey, unsigned int flags, co
return true;
}
bool CheckMinimalPush(const valtype& data, opcodetype opcode) {
// Excludes OP_1NEGATE, OP_1-16 since they are by definition minimal
assert(0 <= opcode && opcode <= OP_PUSHDATA4);
if (data.size() == 0) {
// Should have used OP_0.
return opcode == OP_0;
} else if (data.size() == 1 && data[0] >= 1 && data[0] <= 16) {
// Should have used OP_1 .. OP_16.
return false;
} else if (data.size() == 1 && data[0] == 0x81) {
// Should have used OP_1NEGATE.
return false;
} else if (data.size() <= 75) {
// Must have used a direct push (opcode indicating number of bytes pushed + those bytes).
return opcode == data.size();
} else if (data.size() <= 255) {
// Must have used OP_PUSHDATA.
return opcode == OP_PUSHDATA1;
} else if (data.size() <= 65535) {
// Must have used OP_PUSHDATA2.
return opcode == OP_PUSHDATA2;
}
return true;
}
int FindAndDelete(CScript& script, const CScript& b)
{
int nFound = 0;

2
src/script/interpreter.h
View File

@@ -344,8 +344,6 @@ bool VerifyScript(const CScript& scriptSig, const CScript& scriptPubKey, const C
size_t CountWitnessSigOps(const CScript& scriptSig, const CScript& scriptPubKey, const CScriptWitness* witness, unsigned int flags);
bool CheckMinimalPush(const std::vector<unsigned char>& data, opcodetype opcode);
int FindAndDelete(CScript& script, const CScript& b);
#endif // BITCOIN_SCRIPT_INTERPRETER_H

348
src/script/miniscript.cpp Normal file
View File

@@ -0,0 +1,348 @@
// Copyright (c) 2019 The Bitcoin Core developers
// Distributed under the MIT software license, see the accompanying
// file COPYING or http://www.opensource.org/licenses/mit-license.php.
#include <string>
#include <vector>
#include <script/script.h>
#include <script/standard.h>
#include <script/miniscript.h>
#include <assert.h>
namespace miniscript {
namespace internal {
Type SanitizeType(Type e) {
int num_types = (e << "K"_mst) + (e << "V"_mst) + (e << "B"_mst) + (e << "W"_mst);
if (num_types == 0) return ""_mst; // No valid type, don't care about the rest
assert(num_types == 1); // K, V, B, W all conflict with each other
bool ok = // Work around a GCC 4.8 bug that breaks user-defined literals in macro calls.
(!(e << "z"_mst) || !(e << "o"_mst)) && // z conflicts with o
(!(e << "n"_mst) || !(e << "z"_mst)) && // n conflicts with z
(!(e << "n"_mst) || !(e << "W"_mst)) && // n conflicts with W
(!(e << "V"_mst) || !(e << "d"_mst)) && // V conflicts with d
(!(e << "K"_mst) || (e << "u"_mst)) && // K implies u
(!(e << "V"_mst) || !(e << "u"_mst)) && // V conflicts with u
(!(e << "e"_mst) || !(e << "f"_mst)) && // e conflicts with f
(!(e << "e"_mst) || (e << "d"_mst)) && // e implies d
(!(e << "V"_mst) || !(e << "e"_mst)) && // V conflicts with e
(!(e << "d"_mst) || !(e << "f"_mst)) && // d conflicts with f
(!(e << "V"_mst) || (e << "f"_mst)) && // V implies f
(!(e << "K"_mst) || (e << "s"_mst)) && // K implies s
(!(e << "z"_mst) || (e << "m"_mst)); // z implies m
assert(ok);
return e;
}
Type ComputeType(Fragment nodetype, Type x, Type y, Type z, const std::vector<Type>& sub_types, uint32_t k, size_t data_size, size_t n_subs, size_t n_keys) {
// Sanity check on data
if (nodetype == Fragment::SHA256 || nodetype == Fragment::HASH256) {
assert(data_size == 32);
} else if (nodetype == Fragment::RIPEMD160 || nodetype == Fragment::HASH160) {
assert(data_size == 20);
} else {
assert(data_size == 0);
}
// Sanity check on k
if (nodetype == Fragment::OLDER || nodetype == Fragment::AFTER) {
assert(k >= 1 && k < 0x80000000UL);
} else if (nodetype == Fragment::MULTI) {
assert(k >= 1 && k <= n_keys);
} else if (nodetype == Fragment::THRESH) {
assert(k >= 1 && k <= n_subs);
} else {
assert(k == 0);
}
// Sanity check on subs
if (nodetype == Fragment::AND_V || nodetype == Fragment::AND_B || nodetype == Fragment::OR_B ||
nodetype == Fragment::OR_C || nodetype == Fragment::OR_I || nodetype == Fragment::OR_D) {
assert(n_subs == 2);
} else if (nodetype == Fragment::ANDOR) {
assert(n_subs == 3);
} else if (nodetype == Fragment::WRAP_A || nodetype == Fragment::WRAP_S || nodetype == Fragment::WRAP_C ||
nodetype == Fragment::WRAP_D || nodetype == Fragment::WRAP_V || nodetype == Fragment::WRAP_J ||
nodetype == Fragment::WRAP_N) {
assert(n_subs == 1);
} else if (nodetype != Fragment::THRESH) {
assert(n_subs == 0);
}
// Sanity check on keys
if (nodetype == Fragment::PK_K || nodetype == Fragment::PK_H) {
assert(n_keys == 1);
} else if (nodetype == Fragment::MULTI) {
assert(n_keys >= 1 && n_keys <= 20);
} else {
assert(n_keys == 0);
}
// Below is the per-nodetype logic for computing the expression types.
// It heavily relies on Type's << operator (where "X << a_mst" means
// "X has all properties listed in a").
switch (nodetype) {
case Fragment::PK_K: return "Konudemsxk"_mst;
case Fragment::PK_H: return "Knudemsxk"_mst;
case Fragment::OLDER: return
"g"_mst.If(k & CTxIn::SEQUENCE_LOCKTIME_TYPE_FLAG) |
"h"_mst.If(!(k & CTxIn::SEQUENCE_LOCKTIME_TYPE_FLAG)) |
"Bzfmxk"_mst;
case Fragment::AFTER: return
"i"_mst.If(k >= LOCKTIME_THRESHOLD) |
"j"_mst.If(k < LOCKTIME_THRESHOLD) |
"Bzfmxk"_mst;
case Fragment::SHA256: return "Bonudmk"_mst;
case Fragment::RIPEMD160: return "Bonudmk"_mst;
case Fragment::HASH256: return "Bonudmk"_mst;
case Fragment::HASH160: return "Bonudmk"_mst;
case Fragment::JUST_1: return "Bzufmxk"_mst;
case Fragment::JUST_0: return "Bzudemsxk"_mst;
case Fragment::WRAP_A: return
"W"_mst.If(x << "B"_mst) | // W=B_x
(x & "ghijk"_mst) | // g=g_x, h=h_x, i=i_x, j=j_x, k=k_x
(x & "udfems"_mst) | // u=u_x, d=d_x, f=f_x, e=e_x, m=m_x, s=s_x
"x"_mst; // x
case Fragment::WRAP_S: return
"W"_mst.If(x << "Bo"_mst) | // W=B_x*o_x
(x & "ghijk"_mst) | // g=g_x, h=h_x, i=i_x, j=j_x, k=k_x
(x & "udfemsx"_mst); // u=u_x, d=d_x, f=f_x, e=e_x, m=m_x, s=s_x, x=x_x
case Fragment::WRAP_C: return
"B"_mst.If(x << "K"_mst) | // B=K_x
(x & "ghijk"_mst) | // g=g_x, h=h_x, i=i_x, j=j_x, k=k_x
(x & "ondfem"_mst) | // o=o_x, n=n_x, d=d_x, f=f_x, e=e_x, m=m_x
"us"_mst; // u, s
case Fragment::WRAP_D: return
"B"_mst.If(x << "Vz"_mst) | // B=V_x*z_x
"o"_mst.If(x << "z"_mst) | // o=z_x
"e"_mst.If(x << "f"_mst) | // e=f_x
(x & "ghijk"_mst) | // g=g_x, h=h_x, i=i_x, j=j_x, k=k_x
(x & "ms"_mst) | // m=m_x, s=s_x
"nudx"_mst; // n, u, d, x
case Fragment::WRAP_V: return
"V"_mst.If(x << "B"_mst) | // V=B_x
(x & "ghijk"_mst) | // g=g_x, h=h_x, i=i_x, j=j_x, k=k_x
(x & "zonms"_mst) | // z=z_x, o=o_x, n=n_x, m=m_x, s=s_x
"fx"_mst; // f, x
case Fragment::WRAP_J: return
"B"_mst.If(x << "Bn"_mst) | // B=B_x*n_x
"e"_mst.If(x << "f"_mst) | // e=f_x
(x & "ghijk"_mst) | // g=g_x, h=h_x, i=i_x, j=j_x, k=k_x
(x & "oums"_mst) | // o=o_x, u=u_x, m=m_x, s=s_x
"ndx"_mst; // n, d, x
case Fragment::WRAP_N: return
(x & "ghijk"_mst) | // g=g_x, h=h_x, i=i_x, j=j_x, k=k_x
(x & "Bzondfems"_mst) | // B=B_x, z=z_x, o=o_x, n=n_x, d=d_x, f=f_x, e=e_x, m=m_x, s=s_x
"ux"_mst; // u, x
case Fragment::AND_V: return
(y & "KVB"_mst).If(x << "V"_mst) | // B=V_x*B_y, V=V_x*V_y, K=V_x*K_y
(x & "n"_mst) | (y & "n"_mst).If(x << "z"_mst) | // n=n_x+z_x*n_y
((x | y) & "o"_mst).If((x | y) << "z"_mst) | // o=o_x*z_y+z_x*o_y
(x & y & "dmz"_mst) | // d=d_x*d_y, m=m_x*m_y, z=z_x*z_y
((x | y) & "s"_mst) | // s=s_x+s_y
"f"_mst.If((y << "f"_mst) || (x << "s"_mst)) | // f=f_y+s_x
(y & "ux"_mst) | // u=u_y, x=x_y
((x | y) & "ghij"_mst) | // g=g_x+g_y, h=h_x+h_y, i=i_x+i_y, j=j_x+j_y
"k"_mst.If(((x & y) << "k"_mst) &&
!(((x << "g"_mst) && (y << "h"_mst)) ||
((x << "h"_mst) && (y << "g"_mst)) ||
((x << "i"_mst) && (y << "j"_mst)) ||
((x << "j"_mst) && (y << "i"_mst)))); // k=k_x*k_y*!(g_x*h_y + h_x*g_y + i_x*j_y + j_x*i_y)
case Fragment::AND_B: return
(x & "B"_mst).If(y << "W"_mst) | // B=B_x*W_y
((x | y) & "o"_mst).If((x | y) << "z"_mst) | // o=o_x*z_y+z_x*o_y
(x & "n"_mst) | (y & "n"_mst).If(x << "z"_mst) | // n=n_x+z_x*n_y
(x & y & "e"_mst).If((x & y) << "s"_mst) | // e=e_x*e_y*s_x*s_y
(x & y & "dzm"_mst) | // d=d_x*d_y, z=z_x*z_y, m=m_x*m_y
"f"_mst.If(((x & y) << "f"_mst) || (x << "sf"_mst) || (y << "sf"_mst)) | // f=f_x*f_y + f_x*s_x + f_y*s_y
((x | y) & "s"_mst) | // s=s_x+s_y
"ux"_mst | // u, x
((x | y) & "ghij"_mst) | // g=g_x+g_y, h=h_x+h_y, i=i_x+i_y, j=j_x+j_y
"k"_mst.If(((x & y) << "k"_mst) &&
!(((x << "g"_mst) && (y << "h"_mst)) ||
((x << "h"_mst) && (y << "g"_mst)) ||
((x << "i"_mst) && (y << "j"_mst)) ||
((x << "j"_mst) && (y << "i"_mst)))); // k=k_x*k_y*!(g_x*h_y + h_x*g_y + i_x*j_y + j_x*i_y)
case Fragment::OR_B: return
"B"_mst.If(x << "Bd"_mst && y << "Wd"_mst) | // B=B_x*d_x*W_x*d_y
((x | y) & "o"_mst).If((x | y) << "z"_mst) | // o=o_x*z_y+z_x*o_y
(x & y & "m"_mst).If((x | y) << "s"_mst && (x & y) << "e"_mst) | // m=m_x*m_y*e_x*e_y*(s_x+s_y)
(x & y & "zse"_mst) | // z=z_x*z_y, s=s_x*s_y, e=e_x*e_y
"dux"_mst | // d, u, x
((x | y) & "ghij"_mst) | // g=g_x+g_y, h=h_x+h_y, i=i_x+i_y, j=j_x+j_y
(x & y & "k"_mst); // k=k_x*k_y
case Fragment::OR_D: return
(y & "B"_mst).If(x << "Bdu"_mst) | // B=B_y*B_x*d_x*u_x
(x & "o"_mst).If(y << "z"_mst) | // o=o_x*z_y
(x & y & "m"_mst).If(x << "e"_mst && (x | y) << "s"_mst) | // m=m_x*m_y*e_x*(s_x+s_y)
(x & y & "zes"_mst) | // z=z_x*z_y, e=e_x*e_y, s=s_x*s_y
(y & "ufd"_mst) | // u=u_y, f=f_y, d=d_y
"x"_mst | // x
((x | y) & "ghij"_mst) | // g=g_x+g_y, h=h_x+h_y, i=i_x+i_y, j=j_x+j_y
(x & y & "k"_mst); // k=k_x*k_y
case Fragment::OR_C: return
(y & "V"_mst).If(x << "Bdu"_mst) | // V=V_y*B_x*u_x*d_x
(x & "o"_mst).If(y << "z"_mst) | // o=o_x*z_y
(x & y & "m"_mst).If(x << "e"_mst && (x | y) << "s"_mst) | // m=m_x*m_y*e_x*(s_x+s_y)
(x & y & "zs"_mst) | // z=z_x*z_y, s=s_x*s_y
"fx"_mst | // f, x
((x | y) & "ghij"_mst) | // g=g_x+g_y, h=h_x+h_y, i=i_x+i_y, j=j_x+j_y
(x & y & "k"_mst); // k=k_x*k_y
case Fragment::OR_I: return
(x & y & "VBKufs"_mst) | // V=V_x*V_y, B=B_x*B_y, K=K_x*K_y, u=u_x*u_y, f=f_x*f_y, s=s_x*s_y
"o"_mst.If((x & y) << "z"_mst) | // o=z_x*z_y
((x | y) & "e"_mst).If((x | y) << "f"_mst) | // e=e_x*f_y+f_x*e_y
(x & y & "m"_mst).If((x | y) << "s"_mst) | // m=m_x*m_y*(s_x+s_y)
((x | y) & "d"_mst) | // d=d_x+d_y
"x"_mst | // x
((x | y) & "ghij"_mst) | // g=g_x+g_y, h=h_x+h_y, i=i_x+i_y, j=j_x+j_y
(x & y & "k"_mst); // k=k_x*k_y
case Fragment::ANDOR: return
(y & z & "BKV"_mst).If(x << "Bdu"_mst) | // B=B_x*d_x*u_x*B_y*B_z, K=B_x*d_x*u_x*K_y*K_z, V=B_x*d_x*u_x*V_y*V_z
(x & y & z & "z"_mst) | // z=z_x*z_y*z_z
((x | (y & z)) & "o"_mst).If((x | (y & z)) << "z"_mst) | // o=o_x*z_y*z_z+z_x*o_y*o_z
(y & z & "u"_mst) | // u=u_y*u_z
(z & "f"_mst).If((x << "s"_mst) || (y << "f"_mst)) | // f=(s_x+f_y)*f_z
(z & "d"_mst) | // d=d_z
(x & z & "e"_mst).If(x << "s"_mst || y << "f"_mst) | // e=e_x*e_z*(s_x+f_y)
(x & y & z & "m"_mst).If(x << "e"_mst && (x | y | z) << "s"_mst) | // m=m_x*m_y*m_z*e_x*(s_x+s_y+s_z)
(z & (x | y) & "s"_mst) | // s=s_z*(s_x+s_y)
"x"_mst | // x
((x | y | z) & "ghij"_mst) | // g=g_x+g_y+g_z, h=h_x+h_y+h_z, i=i_x+i_y+i_z, j=j_x+j_y_j_z
"k"_mst.If(((x & y & z) << "k"_mst) &&
!(((x << "g"_mst) && (y << "h"_mst)) ||
((x << "h"_mst) && (y << "g"_mst)) ||
((x << "i"_mst) && (y << "j"_mst)) ||
((x << "j"_mst) && (y << "i"_mst)))); // k=k_x*k_y*k_z* !(g_x*h_y + h_x*g_y + i_x*j_y + j_x*i_y)
case Fragment::MULTI: return "Bnudemsk"_mst;
case Fragment::THRESH: {
bool all_e = true;
bool all_m = true;
uint32_t args = 0;
uint32_t num_s = 0;
Type acc_tl = "k"_mst;
for (size_t i = 0; i < sub_types.size(); ++i) {
Type t = sub_types[i];
if (!(t << (i ? "Wdu"_mst : "Bdu"_mst))) return ""_mst; // Require Bdu, Wdu, Wdu, ...
if (!(t << "e"_mst)) all_e = false;
if (!(t << "m"_mst)) all_m = false;
if (t << "s"_mst) num_s += 1;
args += (t << "z"_mst) ? 0 : (t << "o"_mst) ? 1 : 2;
acc_tl = ((acc_tl | t) & "ghij"_mst) |
// Thresh contains a combination of timelocks if it has threshold > 1 and
// it contains two different children that have different types of timelocks
// Note how if any of the children don't have "k", the parent also does not have "k"
"k"_mst.If(((acc_tl & t) << "k"_mst) && ((k <= 1) ||
((k > 1) && !(((acc_tl << "g"_mst) && (t << "h"_mst)) ||
((acc_tl << "h"_mst) && (t << "g"_mst)) ||
((acc_tl << "i"_mst) && (t << "j"_mst)) ||
((acc_tl << "j"_mst) && (t << "i"_mst))))));
}
return "Bdu"_mst |
"z"_mst.If(args == 0) | // z=all z
"o"_mst.If(args == 1) | // o=all z except one o
"e"_mst.If(all_e && num_s == n_subs) | // e=all e and all s
"m"_mst.If(all_e && all_m && num_s >= n_subs - k) | // m=all e, >=(n-k) s
"s"_mst.If(num_s >= n_subs - k + 1) | // s= >=(n-k+1) s
acc_tl; // timelock info
}
}
assert(false);
return ""_mst;
}
size_t ComputeScriptLen(Fragment nodetype, Type sub0typ, size_t subsize, uint32_t k, size_t n_subs, size_t n_keys) {
switch (nodetype) {
case Fragment::JUST_1:
case Fragment::JUST_0: return 1;
case Fragment::PK_K: return 34;
case Fragment::PK_H: return 3 + 21;
case Fragment::OLDER:
case Fragment::AFTER: return 1 + BuildScript(k).size();
case Fragment::HASH256:
case Fragment::SHA256: return 4 + 2 + 33;
case Fragment::HASH160:
case Fragment::RIPEMD160: return 4 + 2 + 21;
case Fragment::MULTI: return 3 + (n_keys > 16) + (k > 16) + 34 * n_keys;
case Fragment::AND_V: return subsize;
case Fragment::WRAP_V: return subsize + (sub0typ << "x"_mst);
case Fragment::WRAP_S:
case Fragment::WRAP_C:
case Fragment::WRAP_N:
case Fragment::AND_B:
case Fragment::OR_B: return subsize + 1;
case Fragment::WRAP_A:
case Fragment::OR_C: return subsize + 2;
case Fragment::WRAP_D:
case Fragment::OR_D:
case Fragment::OR_I:
case Fragment::ANDOR: return subsize + 3;
case Fragment::WRAP_J: return subsize + 4;
case Fragment::THRESH: return subsize + n_subs + BuildScript(k).size();
}
assert(false);
return 0;
}
bool DecomposeScript(const CScript& script, std::vector<std::pair<opcodetype, std::vector<unsigned char>>>& out)
{
out.clear();
CScript::const_iterator it = script.begin(), itend = script.end();
while (it != itend) {
std::vector<unsigned char> push_data;
opcodetype opcode;
if (!script.GetOp(it, opcode, push_data)) {
out.clear();
return false;
} else if (opcode >= OP_1 && opcode <= OP_16) {
// Deal with OP_n (GetOp does not turn them into pushes).
push_data.assign(1, CScript::DecodeOP_N(opcode));
} else if (opcode == OP_CHECKSIGVERIFY) {
// Decompose OP_CHECKSIGVERIFY into OP_CHECKSIG OP_VERIFY
out.emplace_back(OP_CHECKSIG, std::vector<unsigned char>());
opcode = OP_VERIFY;
} else if (opcode == OP_CHECKMULTISIGVERIFY) {
// Decompose OP_CHECKMULTISIGVERIFY into OP_CHECKMULTISIG OP_VERIFY
out.emplace_back(OP_CHECKMULTISIG, std::vector<unsigned char>());
opcode = OP_VERIFY;
} else if (opcode == OP_EQUALVERIFY) {
// Decompose OP_EQUALVERIFY into OP_EQUAL OP_VERIFY
out.emplace_back(OP_EQUAL, std::vector<unsigned char>());
opcode = OP_VERIFY;
} else if (IsPushdataOp(opcode)) {
if (!CheckMinimalPush(push_data, opcode)) return false;
} else if (it != itend && (opcode == OP_CHECKSIG || opcode == OP_CHECKMULTISIG || opcode == OP_EQUAL) && (*it == OP_VERIFY)) {
// Rule out non minimal VERIFY sequences
return false;
}
out.emplace_back(opcode, std::move(push_data));
}
std::reverse(out.begin(), out.end());
return true;
}
bool ParseScriptNumber(const std::pair<opcodetype, std::vector<unsigned char>>& in, int64_t& k) {
if (in.first == OP_0) {
k = 0;
return true;
}
if (!in.second.empty()) {
if (IsPushdataOp(in.first) && !CheckMinimalPush(in.second, in.first)) return false;
try {
k = CScriptNum(in.second, true).GetInt64();
return true;
} catch(const scriptnum_error&) {}
}
return false;
}
int FindNextChar(Span<const char> sp, const char m)
{
for (int i = 0; i < (int)sp.size(); ++i) {
if (sp[i] == m) return i;
// We only search within the current parentheses
if (sp[i] == ')') break;
}
return -1;
}
} // namespace internal
} // namespace miniscript

1652
src/script/miniscript.h Normal file
View File

File diff suppressed because it is too large Load Diff

25
src/script/script.cpp
View File

@@ -339,3 +339,28 @@ bool IsOpSuccess(const opcodetype& opcode)
(opcode >= 141 && opcode <= 142) || (opcode >= 149 && opcode <= 153) ||
(opcode >= 187 && opcode <= 254);
}
bool CheckMinimalPush(const std::vector<unsigned char>& data, opcodetype opcode) {
// Excludes OP_1NEGATE, OP_1-16 since they are by definition minimal
assert(0 <= opcode && opcode <= OP_PUSHDATA4);
if (data.size() == 0) {
// Should have used OP_0.
return opcode == OP_0;
} else if (data.size() == 1 && data[0] >= 1 && data[0] <= 16) {
// Should have used OP_1 .. OP_16.
return false;
} else if (data.size() == 1 && data[0] == 0x81) {
// Should have used OP_1NEGATE.
return false;
} else if (data.size() <= 75) {
// Must have used a direct push (opcode indicating number of bytes pushed + those bytes).
return opcode == data.size();
} else if (data.size() <= 255) {
// Must have used OP_PUSHDATA.
return opcode == OP_PUSHDATA1;
} else if (data.size() <= 65535) {
// Must have used OP_PUSHDATA2.
return opcode == OP_PUSHDATA2;
}
return true;
}

29
src/script/script.h
View File

@@ -335,6 +335,8 @@ public:
return m_value;
}
int64_t GetInt64() const { return m_value; }
std::vector<unsigned char> getvch() const
{
return serialize(m_value);
@@ -576,4 +578,31 @@ struct CScriptWitness
/** Test for OP_SUCCESSx opcodes as defined by BIP342. */
bool IsOpSuccess(const opcodetype& opcode);
bool CheckMinimalPush(const std::vector<unsigned char>& data, opcodetype opcode);
/** Build a script by concatenating other scripts, or any argument accepted by CScript::operator<<. */
template<typename... Ts>
CScript BuildScript(Ts&&... inputs)
{
CScript ret;
int cnt{0};
([&ret, &cnt] (Ts&& input) {
cnt++;
if constexpr (std::is_same_v<std::remove_cv_t<std::remove_reference_t<Ts>>, CScript>) {
// If it is a CScript, extend ret with it. Move or copy the first element instead.
if (cnt == 0) {
ret = std::forward<Ts>(input);
} else {
ret.insert(ret.end(), input.begin(), input.end());
}
} else {
// Otherwise invoke CScript::operator<<.
ret << input;
}
} (std::forward<Ts>(inputs)), ...);
return ret;
}
#endif // BITCOIN_SCRIPT_SCRIPT_H

5
src/script/standard.cpp
View File

@@ -91,11 +91,6 @@ static constexpr bool IsSmallInteger(opcodetype opcode)
return opcode >= OP_1 && opcode <= OP_16;
}
static constexpr bool IsPushdataOp(opcodetype opcode)
{
return opcode > OP_FALSE && opcode <= OP_PUSHDATA4;
}
/** Retrieve a minimally-encoded number in range [min,max] from an (opcode, data) pair,
* whether it's OP_n or through a push. */
static std::optional<int> GetScriptNumber(opcodetype opcode, valtype data, int min, int max)

5
src/script/standard.h
View File

@@ -162,6 +162,11 @@ bool IsValidDestination(const CTxDestination& dest);
/** Get the name of a TxoutType as a string */
std::string GetTxnOutputType(TxoutType t);
constexpr bool IsPushdataOp(opcodetype opcode)
{
return opcode > OP_FALSE && opcode <= OP_PUSHDATA4;
}
/**
* Parse a scriptPubKey and identify script type for standard scripts. If
* successful, returns script type and parsed pubkeys or hashes, depending on