signet.cpp
1 // Copyright (c) 2019-present The Bitcoin Core developers 2 // Distributed under the MIT software license, see the accompanying 3 // file COPYING or http://www.opensource.org/licenses/mit-license.php. 4 5 #include <signet.h> 6 7 #include <consensus/merkle.h> 8 #include <consensus/params.h> 9 #include <consensus/validation.h> 10 #include <primitives/block.h> 11 #include <primitives/transaction.h> 12 #include <script/interpreter.h> 13 #include <script/script.h> 14 #include <streams.h> 15 #include <uint256.h> 16 #include <util/check.h> 17 #include <util/log.h> 18 19 #include <algorithm> 20 #include <cstddef> 21 #include <cstdint> 22 #include <exception> 23 #include <memory> 24 #include <span> 25 #include <utility> 26 #include <vector> 27 28 static constexpr uint8_t SIGNET_HEADER[4] = {0xec, 0xc7, 0xda, 0xa2}; 29 30 static constexpr script_verify_flags BLOCK_SCRIPT_VERIFY_FLAGS = SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_DERSIG | SCRIPT_VERIFY_NULLDUMMY; 31 32 static bool FetchAndClearCommitmentSection(const std::span<const uint8_t> header, CScript& witness_commitment, std::vector<uint8_t>& result) 33 { 34 CScript replacement; 35 bool found_header = false; 36 result.clear(); 37 38 opcodetype opcode; 39 CScript::const_iterator pc = witness_commitment.begin(); 40 std::vector<uint8_t> pushdata; 41 while (witness_commitment.GetOp(pc, opcode, pushdata)) { 42 if (pushdata.size() > 0) { 43 if (!found_header && pushdata.size() > header.size() && std::ranges::equal(std::span{pushdata}.first(header.size()), header)) { 44 // pushdata only counts if it has the header _and_ some data 45 result.insert(result.end(), pushdata.begin() + header.size(), pushdata.end()); 46 pushdata.erase(pushdata.begin() + header.size(), pushdata.end()); 47 found_header = true; 48 } 49 replacement << pushdata; 50 } else { 51 replacement << opcode; 52 } 53 } 54 55 if (found_header) witness_commitment = replacement; 56 return found_header; 57 } 58 59 static uint256 ComputeModifiedMerkleRoot(const CMutableTransaction& cb, const CBlock& block) 60 { 61 std::vector<uint256> leaves; 62 leaves.reserve((block.vtx.size() + 1) & ~1ULL); // capacity rounded up to even 63 leaves.push_back(cb.GetHash().ToUint256()); 64 for (size_t s = 1; s < block.vtx.size(); ++s) { 65 leaves.push_back(block.vtx[s]->GetHash().ToUint256()); 66 } 67 return ComputeMerkleRoot(std::move(leaves)); 68 } 69 70 std::optional<SignetTxs> SignetTxs::Create(const CBlock& block, const CScript& challenge) 71 { 72 CMutableTransaction tx_to_spend; 73 tx_to_spend.version = 0; 74 tx_to_spend.nLockTime = 0; 75 tx_to_spend.vin.emplace_back(COutPoint(), CScript(OP_0), 0); 76 tx_to_spend.vout.emplace_back(0, challenge); 77 78 CMutableTransaction tx_spending; 79 tx_spending.version = 0; 80 tx_spending.nLockTime = 0; 81 tx_spending.vin.emplace_back(COutPoint(), CScript(), 0); 82 tx_spending.vout.emplace_back(0, CScript(OP_RETURN)); 83 84 // can't fill any other fields before extracting signet 85 // responses from block coinbase tx 86 87 // find and delete signet signature 88 if (block.vtx.empty()) return std::nullopt; // no coinbase tx in block; invalid 89 CMutableTransaction modified_cb(*block.vtx.at(0)); 90 91 const int cidx = GetWitnessCommitmentIndex(block); 92 if (cidx == NO_WITNESS_COMMITMENT) { 93 return std::nullopt; // require a witness commitment 94 } 95 96 CScript& witness_commitment = modified_cb.vout.at(cidx).scriptPubKey; 97 98 std::vector<uint8_t> signet_solution; 99 if (!FetchAndClearCommitmentSection(SIGNET_HEADER, witness_commitment, signet_solution)) { 100 // no signet solution -- allow this to support OP_TRUE as trivial block challenge 101 } else { 102 try { 103 SpanReader v{signet_solution}; 104 v >> tx_spending.vin[0].scriptSig; 105 v >> tx_spending.vin[0].scriptWitness.stack; 106 if (!v.empty()) return std::nullopt; // extraneous data encountered 107 } catch (const std::exception&) { 108 return std::nullopt; // parsing error 109 } 110 } 111 uint256 signet_merkle = ComputeModifiedMerkleRoot(modified_cb, block); 112 113 std::vector<uint8_t> block_data; 114 VectorWriter writer{block_data, 0}; 115 writer << block.nVersion; 116 writer << block.hashPrevBlock; 117 writer << signet_merkle; 118 writer << block.nTime; 119 tx_to_spend.vin[0].scriptSig << block_data; 120 tx_spending.vin[0].prevout = COutPoint(tx_to_spend.GetHash(), 0); 121 122 return SignetTxs{tx_to_spend, tx_spending}; 123 } 124 125 // Signet block solution checker 126 bool CheckSignetBlockSolution(const CBlock& block, const Consensus::Params& consensusParams) 127 { 128 if (block.GetHash() == consensusParams.hashGenesisBlock) { 129 // genesis block solution is always valid 130 return true; 131 } 132 133 const CScript challenge(consensusParams.signet_challenge.begin(), consensusParams.signet_challenge.end()); 134 const std::optional<SignetTxs> signet_txs = SignetTxs::Create(block, challenge); 135 136 if (!signet_txs) { 137 LogDebug(BCLog::VALIDATION, "CheckSignetBlockSolution: Errors in block (block solution parse failure)\n"); 138 return false; 139 } 140 141 const CScript& scriptSig = signet_txs->m_to_sign.vin[0].scriptSig; 142 const CScriptWitness& witness = signet_txs->m_to_sign.vin[0].scriptWitness; 143 144 PrecomputedTransactionData txdata; 145 txdata.Init(signet_txs->m_to_sign, {signet_txs->m_to_spend.vout[0]}); 146 TransactionSignatureChecker sigcheck(&signet_txs->m_to_sign, /* nInIn= */ 0, /* amountIn= */ signet_txs->m_to_spend.vout[0].nValue, txdata, MissingDataBehavior::ASSERT_FAIL); 147 148 if (!VerifyScript(scriptSig, signet_txs->m_to_spend.vout[0].scriptPubKey, &witness, BLOCK_SCRIPT_VERIFY_FLAGS, sigcheck)) { 149 LogDebug(BCLog::VALIDATION, "CheckSignetBlockSolution: Errors in block (block solution invalid)\n"); 150 return false; 151 } 152 return true; 153 }