Bitcoin Core  24.99.0
P2P Digital Currency
sign.cpp
Go to the documentation of this file.
1 // Copyright (c) 2009-2010 Satoshi Nakamoto
2 // Copyright (c) 2009-2021 The Bitcoin Core developers
3 // Distributed under the MIT software license, see the accompanying
4 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
5 
6 #include <script/sign.h>
7 
8 #include <consensus/amount.h>
9 #include <key.h>
10 #include <policy/policy.h>
11 #include <primitives/transaction.h>
12 #include <script/keyorigin.h>
13 #include <script/signingprovider.h>
14 #include <script/standard.h>
15 #include <uint256.h>
16 #include <util/translation.h>
17 #include <util/vector.h>
18 
19 typedef std::vector<unsigned char> valtype;
20 
21 MutableTransactionSignatureCreator::MutableTransactionSignatureCreator(const CMutableTransaction& tx, unsigned int input_idx, const CAmount& amount, int hash_type)
22  : m_txto{tx}, nIn{input_idx}, nHashType{hash_type}, amount{amount}, checker{&m_txto, nIn, amount, MissingDataBehavior::FAIL},
23  m_txdata(nullptr)
24 {
25 }
26 
27 MutableTransactionSignatureCreator::MutableTransactionSignatureCreator(const CMutableTransaction& tx, unsigned int input_idx, const CAmount& amount, const PrecomputedTransactionData* txdata, int hash_type)
28  : m_txto{tx}, nIn{input_idx}, nHashType{hash_type}, amount{amount},
29  checker{txdata ? MutableTransactionSignatureChecker{&m_txto, nIn, amount, *txdata, MissingDataBehavior::FAIL} :
31  m_txdata(txdata)
32 {
33 }
34 
35 bool MutableTransactionSignatureCreator::CreateSig(const SigningProvider& provider, std::vector<unsigned char>& vchSig, const CKeyID& address, const CScript& scriptCode, SigVersion sigversion) const
36 {
37  assert(sigversion == SigVersion::BASE || sigversion == SigVersion::WITNESS_V0);
38 
39  CKey key;
40  if (!provider.GetKey(address, key))
41  return false;
42 
43  // Signing with uncompressed keys is disabled in witness scripts
44  if (sigversion == SigVersion::WITNESS_V0 && !key.IsCompressed())
45  return false;
46 
47  // Signing without known amount does not work in witness scripts.
48  if (sigversion == SigVersion::WITNESS_V0 && !MoneyRange(amount)) return false;
49 
50  // BASE/WITNESS_V0 signatures don't support explicit SIGHASH_DEFAULT, use SIGHASH_ALL instead.
51  const int hashtype = nHashType == SIGHASH_DEFAULT ? SIGHASH_ALL : nHashType;
52 
53  uint256 hash = SignatureHash(scriptCode, m_txto, nIn, hashtype, amount, sigversion, m_txdata);
54  if (!key.Sign(hash, vchSig))
55  return false;
56  vchSig.push_back((unsigned char)hashtype);
57  return true;
58 }
59 
60 bool MutableTransactionSignatureCreator::CreateSchnorrSig(const SigningProvider& provider, std::vector<unsigned char>& sig, const XOnlyPubKey& pubkey, const uint256* leaf_hash, const uint256* merkle_root, SigVersion sigversion) const
61 {
62  assert(sigversion == SigVersion::TAPROOT || sigversion == SigVersion::TAPSCRIPT);
63 
64  CKey key;
65  if (!provider.GetKeyByXOnly(pubkey, key)) return false;
66 
67  // BIP341/BIP342 signing needs lots of precomputed transaction data. While some
68  // (non-SIGHASH_DEFAULT) sighash modes exist that can work with just some subset
69  // of data present, for now, only support signing when everything is provided.
71 
72  ScriptExecutionData execdata;
73  execdata.m_annex_init = true;
74  execdata.m_annex_present = false; // Only support annex-less signing for now.
75  if (sigversion == SigVersion::TAPSCRIPT) {
76  execdata.m_codeseparator_pos_init = true;
77  execdata.m_codeseparator_pos = 0xFFFFFFFF; // Only support non-OP_CODESEPARATOR BIP342 signing for now.
78  if (!leaf_hash) return false; // BIP342 signing needs leaf hash.
79  execdata.m_tapleaf_hash_init = true;
80  execdata.m_tapleaf_hash = *leaf_hash;
81  }
82  uint256 hash;
83  if (!SignatureHashSchnorr(hash, execdata, m_txto, nIn, nHashType, sigversion, *m_txdata, MissingDataBehavior::FAIL)) return false;
84  sig.resize(64);
85  // Use uint256{} as aux_rnd for now.
86  if (!key.SignSchnorr(hash, sig, merkle_root, {})) return false;
87  if (nHashType) sig.push_back(nHashType);
88  return true;
89 }
90 
91 static bool GetCScript(const SigningProvider& provider, const SignatureData& sigdata, const CScriptID& scriptid, CScript& script)
92 {
93  if (provider.GetCScript(scriptid, script)) {
94  return true;
95  }
96  // Look for scripts in SignatureData
97  if (CScriptID(sigdata.redeem_script) == scriptid) {
98  script = sigdata.redeem_script;
99  return true;
100  } else if (CScriptID(sigdata.witness_script) == scriptid) {
101  script = sigdata.witness_script;
102  return true;
103  }
104  return false;
105 }
106 
107 static bool GetPubKey(const SigningProvider& provider, const SignatureData& sigdata, const CKeyID& address, CPubKey& pubkey)
108 {
109  // Look for pubkey in all partial sigs
110  const auto it = sigdata.signatures.find(address);
111  if (it != sigdata.signatures.end()) {
112  pubkey = it->second.first;
113  return true;
114  }
115  // Look for pubkey in pubkey list
116  const auto& pk_it = sigdata.misc_pubkeys.find(address);
117  if (pk_it != sigdata.misc_pubkeys.end()) {
118  pubkey = pk_it->second.first;
119  return true;
120  }
121  // Query the underlying provider
122  return provider.GetPubKey(address, pubkey);
123 }
124 
125 static bool CreateSig(const BaseSignatureCreator& creator, SignatureData& sigdata, const SigningProvider& provider, std::vector<unsigned char>& sig_out, const CPubKey& pubkey, const CScript& scriptcode, SigVersion sigversion)
126 {
127  CKeyID keyid = pubkey.GetID();
128  const auto it = sigdata.signatures.find(keyid);
129  if (it != sigdata.signatures.end()) {
130  sig_out = it->second.second;
131  return true;
132  }
133  KeyOriginInfo info;
134  if (provider.GetKeyOrigin(keyid, info)) {
135  sigdata.misc_pubkeys.emplace(keyid, std::make_pair(pubkey, std::move(info)));
136  }
137  if (creator.CreateSig(provider, sig_out, keyid, scriptcode, sigversion)) {
138  auto i = sigdata.signatures.emplace(keyid, SigPair(pubkey, sig_out));
139  assert(i.second);
140  return true;
141  }
142  // Could not make signature or signature not found, add keyid to missing
143  sigdata.missing_sigs.push_back(keyid);
144  return false;
145 }
146 
147 static bool CreateTaprootScriptSig(const BaseSignatureCreator& creator, SignatureData& sigdata, const SigningProvider& provider, std::vector<unsigned char>& sig_out, const XOnlyPubKey& pubkey, const uint256& leaf_hash, SigVersion sigversion)
148 {
149  auto lookup_key = std::make_pair(pubkey, leaf_hash);
150  auto it = sigdata.taproot_script_sigs.find(lookup_key);
151  if (it != sigdata.taproot_script_sigs.end()) {
152  sig_out = it->second;
153  return true;
154  }
155  if (creator.CreateSchnorrSig(provider, sig_out, pubkey, &leaf_hash, nullptr, sigversion)) {
156  sigdata.taproot_script_sigs[lookup_key] = sig_out;
157  return true;
158  }
159  return false;
160 }
161 
162 static bool SignTaprootScript(const SigningProvider& provider, const BaseSignatureCreator& creator, SignatureData& sigdata, int leaf_version, const CScript& script, std::vector<valtype>& result)
163 {
164  // Only BIP342 tapscript signing is supported for now.
165  if (leaf_version != TAPROOT_LEAF_TAPSCRIPT) return false;
166  SigVersion sigversion = SigVersion::TAPSCRIPT;
167 
168  uint256 leaf_hash = (HashWriter{HASHER_TAPLEAF} << uint8_t(leaf_version) << script).GetSHA256();
169 
170  // <xonly pubkey> OP_CHECKSIG
171  if (script.size() == 34 && script[33] == OP_CHECKSIG && script[0] == 0x20) {
172  XOnlyPubKey pubkey{Span{script}.subspan(1, 32)};
173 
174  KeyOriginInfo info;
175  if (provider.GetKeyOriginByXOnly(pubkey, info)) {
176  auto it = sigdata.taproot_misc_pubkeys.find(pubkey);
177  if (it == sigdata.taproot_misc_pubkeys.end()) {
178  sigdata.taproot_misc_pubkeys.emplace(pubkey, std::make_pair(std::set<uint256>({leaf_hash}), info));
179  } else {
180  it->second.first.insert(leaf_hash);
181  }
182  }
183 
184  std::vector<unsigned char> sig;
185  if (CreateTaprootScriptSig(creator, sigdata, provider, sig, pubkey, leaf_hash, sigversion)) {
186  result = Vector(std::move(sig));
187  return true;
188  }
189  return false;
190  }
191 
192  // multi_a scripts (<key> OP_CHECKSIG <key> OP_CHECKSIGADD <key> OP_CHECKSIGADD <k> OP_NUMEQUAL)
193  if (auto match = MatchMultiA(script)) {
194  std::vector<std::vector<unsigned char>> sigs;
195  int good_sigs = 0;
196  for (size_t i = 0; i < match->second.size(); ++i) {
197  XOnlyPubKey pubkey{*(match->second.rbegin() + i)};
198  std::vector<unsigned char> sig;
199  bool good_sig = CreateTaprootScriptSig(creator, sigdata, provider, sig, pubkey, leaf_hash, sigversion);
200  if (good_sig && good_sigs < match->first) {
201  ++good_sigs;
202  sigs.push_back(std::move(sig));
203  } else {
204  sigs.emplace_back();
205  }
206  }
207  if (good_sigs == match->first) {
208  result = std::move(sigs);
209  return true;
210  }
211  return false;
212  }
213 
214  return false;
215 }
216 
217 static bool SignTaproot(const SigningProvider& provider, const BaseSignatureCreator& creator, const WitnessV1Taproot& output, SignatureData& sigdata, std::vector<valtype>& result)
218 {
219  TaprootSpendData spenddata;
220  TaprootBuilder builder;
221 
222  // Gather information about this output.
223  if (provider.GetTaprootSpendData(output, spenddata)) {
224  sigdata.tr_spenddata.Merge(spenddata);
225  }
226  if (provider.GetTaprootBuilder(output, builder)) {
227  sigdata.tr_builder = builder;
228  }
229 
230  // Try key path spending.
231  {
232  KeyOriginInfo info;
233  if (provider.GetKeyOriginByXOnly(sigdata.tr_spenddata.internal_key, info)) {
234  auto it = sigdata.taproot_misc_pubkeys.find(sigdata.tr_spenddata.internal_key);
235  if (it == sigdata.taproot_misc_pubkeys.end()) {
236  sigdata.taproot_misc_pubkeys.emplace(sigdata.tr_spenddata.internal_key, std::make_pair(std::set<uint256>(), info));
237  }
238  }
239 
240  std::vector<unsigned char> sig;
241  if (sigdata.taproot_key_path_sig.size() == 0) {
242  if (creator.CreateSchnorrSig(provider, sig, sigdata.tr_spenddata.internal_key, nullptr, &sigdata.tr_spenddata.merkle_root, SigVersion::TAPROOT)) {
243  sigdata.taproot_key_path_sig = sig;
244  }
245  }
246  if (sigdata.taproot_key_path_sig.size() == 0) {
247  if (creator.CreateSchnorrSig(provider, sig, output, nullptr, nullptr, SigVersion::TAPROOT)) {
248  sigdata.taproot_key_path_sig = sig;
249  }
250  }
251  if (sigdata.taproot_key_path_sig.size()) {
252  result = Vector(sigdata.taproot_key_path_sig);
253  return true;
254  }
255  }
256 
257  // Try script path spending.
258  std::vector<std::vector<unsigned char>> smallest_result_stack;
259  for (const auto& [key, control_blocks] : sigdata.tr_spenddata.scripts) {
260  const auto& [script, leaf_ver] = key;
261  std::vector<std::vector<unsigned char>> result_stack;
262  if (SignTaprootScript(provider, creator, sigdata, leaf_ver, script, result_stack)) {
263  result_stack.emplace_back(std::begin(script), std::end(script)); // Push the script
264  result_stack.push_back(*control_blocks.begin()); // Push the smallest control block
265  if (smallest_result_stack.size() == 0 ||
266  GetSerializeSize(result_stack, PROTOCOL_VERSION) < GetSerializeSize(smallest_result_stack, PROTOCOL_VERSION)) {
267  smallest_result_stack = std::move(result_stack);
268  }
269  }
270  }
271  if (smallest_result_stack.size() != 0) {
272  result = std::move(smallest_result_stack);
273  return true;
274  }
275 
276  return false;
277 }
278 
285 static bool SignStep(const SigningProvider& provider, const BaseSignatureCreator& creator, const CScript& scriptPubKey,
286  std::vector<valtype>& ret, TxoutType& whichTypeRet, SigVersion sigversion, SignatureData& sigdata)
287 {
288  CScript scriptRet;
289  uint160 h160;
290  ret.clear();
291  std::vector<unsigned char> sig;
292 
293  std::vector<valtype> vSolutions;
294  whichTypeRet = Solver(scriptPubKey, vSolutions);
295 
296  switch (whichTypeRet) {
300  return false;
301  case TxoutType::PUBKEY:
302  if (!CreateSig(creator, sigdata, provider, sig, CPubKey(vSolutions[0]), scriptPubKey, sigversion)) return false;
303  ret.push_back(std::move(sig));
304  return true;
305  case TxoutType::PUBKEYHASH: {
306  CKeyID keyID = CKeyID(uint160(vSolutions[0]));
307  CPubKey pubkey;
308  if (!GetPubKey(provider, sigdata, keyID, pubkey)) {
309  // Pubkey could not be found, add to missing
310  sigdata.missing_pubkeys.push_back(keyID);
311  return false;
312  }
313  if (!CreateSig(creator, sigdata, provider, sig, pubkey, scriptPubKey, sigversion)) return false;
314  ret.push_back(std::move(sig));
315  ret.push_back(ToByteVector(pubkey));
316  return true;
317  }
319  h160 = uint160(vSolutions[0]);
320  if (GetCScript(provider, sigdata, CScriptID{h160}, scriptRet)) {
321  ret.push_back(std::vector<unsigned char>(scriptRet.begin(), scriptRet.end()));
322  return true;
323  }
324  // Could not find redeemScript, add to missing
325  sigdata.missing_redeem_script = h160;
326  return false;
327 
328  case TxoutType::MULTISIG: {
329  size_t required = vSolutions.front()[0];
330  ret.push_back(valtype()); // workaround CHECKMULTISIG bug
331  for (size_t i = 1; i < vSolutions.size() - 1; ++i) {
332  CPubKey pubkey = CPubKey(vSolutions[i]);
333  // We need to always call CreateSig in order to fill sigdata with all
334  // possible signatures that we can create. This will allow further PSBT
335  // processing to work as it needs all possible signature and pubkey pairs
336  if (CreateSig(creator, sigdata, provider, sig, pubkey, scriptPubKey, sigversion)) {
337  if (ret.size() < required + 1) {
338  ret.push_back(std::move(sig));
339  }
340  }
341  }
342  bool ok = ret.size() == required + 1;
343  for (size_t i = 0; i + ret.size() < required + 1; ++i) {
344  ret.push_back(valtype());
345  }
346  return ok;
347  }
349  ret.push_back(vSolutions[0]);
350  return true;
351 
353  CRIPEMD160().Write(vSolutions[0].data(), vSolutions[0].size()).Finalize(h160.begin());
354  if (GetCScript(provider, sigdata, CScriptID{h160}, scriptRet)) {
355  ret.push_back(std::vector<unsigned char>(scriptRet.begin(), scriptRet.end()));
356  return true;
357  }
358  // Could not find witnessScript, add to missing
359  sigdata.missing_witness_script = uint256(vSolutions[0]);
360  return false;
361 
363  return SignTaproot(provider, creator, WitnessV1Taproot(XOnlyPubKey{vSolutions[0]}), sigdata, ret);
364  } // no default case, so the compiler can warn about missing cases
365  assert(false);
366 }
367 
368 static CScript PushAll(const std::vector<valtype>& values)
369 {
370  CScript result;
371  for (const valtype& v : values) {
372  if (v.size() == 0) {
373  result << OP_0;
374  } else if (v.size() == 1 && v[0] >= 1 && v[0] <= 16) {
375  result << CScript::EncodeOP_N(v[0]);
376  } else if (v.size() == 1 && v[0] == 0x81) {
377  result << OP_1NEGATE;
378  } else {
379  result << v;
380  }
381  }
382  return result;
383 }
384 
385 bool ProduceSignature(const SigningProvider& provider, const BaseSignatureCreator& creator, const CScript& fromPubKey, SignatureData& sigdata)
386 {
387  if (sigdata.complete) return true;
388 
389  std::vector<valtype> result;
390  TxoutType whichType;
391  bool solved = SignStep(provider, creator, fromPubKey, result, whichType, SigVersion::BASE, sigdata);
392  bool P2SH = false;
393  CScript subscript;
394 
395  if (solved && whichType == TxoutType::SCRIPTHASH)
396  {
397  // Solver returns the subscript that needs to be evaluated;
398  // the final scriptSig is the signatures from that
399  // and then the serialized subscript:
400  subscript = CScript(result[0].begin(), result[0].end());
401  sigdata.redeem_script = subscript;
402  solved = solved && SignStep(provider, creator, subscript, result, whichType, SigVersion::BASE, sigdata) && whichType != TxoutType::SCRIPTHASH;
403  P2SH = true;
404  }
405 
406  if (solved && whichType == TxoutType::WITNESS_V0_KEYHASH)
407  {
408  CScript witnessscript;
409  witnessscript << OP_DUP << OP_HASH160 << ToByteVector(result[0]) << OP_EQUALVERIFY << OP_CHECKSIG;
410  TxoutType subType;
411  solved = solved && SignStep(provider, creator, witnessscript, result, subType, SigVersion::WITNESS_V0, sigdata);
412  sigdata.scriptWitness.stack = result;
413  sigdata.witness = true;
414  result.clear();
415  }
416  else if (solved && whichType == TxoutType::WITNESS_V0_SCRIPTHASH)
417  {
418  CScript witnessscript(result[0].begin(), result[0].end());
419  sigdata.witness_script = witnessscript;
420  TxoutType subType;
421  solved = solved && SignStep(provider, creator, witnessscript, result, subType, SigVersion::WITNESS_V0, sigdata) && subType != TxoutType::SCRIPTHASH && subType != TxoutType::WITNESS_V0_SCRIPTHASH && subType != TxoutType::WITNESS_V0_KEYHASH;
422  result.push_back(std::vector<unsigned char>(witnessscript.begin(), witnessscript.end()));
423  sigdata.scriptWitness.stack = result;
424  sigdata.witness = true;
425  result.clear();
426  } else if (whichType == TxoutType::WITNESS_V1_TAPROOT && !P2SH) {
427  sigdata.witness = true;
428  if (solved) {
429  sigdata.scriptWitness.stack = std::move(result);
430  }
431  result.clear();
432  } else if (solved && whichType == TxoutType::WITNESS_UNKNOWN) {
433  sigdata.witness = true;
434  }
435 
436  if (!sigdata.witness) sigdata.scriptWitness.stack.clear();
437  if (P2SH) {
438  result.push_back(std::vector<unsigned char>(subscript.begin(), subscript.end()));
439  }
440  sigdata.scriptSig = PushAll(result);
441 
442  // Test solution
443  sigdata.complete = solved && VerifyScript(sigdata.scriptSig, fromPubKey, &sigdata.scriptWitness, STANDARD_SCRIPT_VERIFY_FLAGS, creator.Checker());
444  return sigdata.complete;
445 }
446 
447 namespace {
448 class SignatureExtractorChecker final : public DeferringSignatureChecker
449 {
450 private:
451  SignatureData& sigdata;
452 
453 public:
454  SignatureExtractorChecker(SignatureData& sigdata, BaseSignatureChecker& checker) : DeferringSignatureChecker(checker), sigdata(sigdata) {}
455 
456  bool CheckECDSASignature(const std::vector<unsigned char>& scriptSig, const std::vector<unsigned char>& vchPubKey, const CScript& scriptCode, SigVersion sigversion) const override
457  {
458  if (m_checker.CheckECDSASignature(scriptSig, vchPubKey, scriptCode, sigversion)) {
459  CPubKey pubkey(vchPubKey);
460  sigdata.signatures.emplace(pubkey.GetID(), SigPair(pubkey, scriptSig));
461  return true;
462  }
463  return false;
464  }
465 };
466 
467 struct Stacks
468 {
469  std::vector<valtype> script;
470  std::vector<valtype> witness;
471 
472  Stacks() = delete;
473  Stacks(const Stacks&) = delete;
474  explicit Stacks(const SignatureData& data) : witness(data.scriptWitness.stack) {
476  }
477 };
478 }
479 
480 // Extracts signatures and scripts from incomplete scriptSigs. Please do not extend this, use PSBT instead
481 SignatureData DataFromTransaction(const CMutableTransaction& tx, unsigned int nIn, const CTxOut& txout)
482 {
483  SignatureData data;
484  assert(tx.vin.size() > nIn);
485  data.scriptSig = tx.vin[nIn].scriptSig;
486  data.scriptWitness = tx.vin[nIn].scriptWitness;
487  Stacks stack(data);
488 
489  // Get signatures
491  SignatureExtractorChecker extractor_checker(data, tx_checker);
492  if (VerifyScript(data.scriptSig, txout.scriptPubKey, &data.scriptWitness, STANDARD_SCRIPT_VERIFY_FLAGS, extractor_checker)) {
493  data.complete = true;
494  return data;
495  }
496 
497  // Get scripts
498  std::vector<std::vector<unsigned char>> solutions;
499  TxoutType script_type = Solver(txout.scriptPubKey, solutions);
500  SigVersion sigversion = SigVersion::BASE;
501  CScript next_script = txout.scriptPubKey;
502 
503  if (script_type == TxoutType::SCRIPTHASH && !stack.script.empty() && !stack.script.back().empty()) {
504  // Get the redeemScript
505  CScript redeem_script(stack.script.back().begin(), stack.script.back().end());
506  data.redeem_script = redeem_script;
507  next_script = std::move(redeem_script);
508 
509  // Get redeemScript type
510  script_type = Solver(next_script, solutions);
511  stack.script.pop_back();
512  }
513  if (script_type == TxoutType::WITNESS_V0_SCRIPTHASH && !stack.witness.empty() && !stack.witness.back().empty()) {
514  // Get the witnessScript
515  CScript witness_script(stack.witness.back().begin(), stack.witness.back().end());
516  data.witness_script = witness_script;
517  next_script = std::move(witness_script);
518 
519  // Get witnessScript type
520  script_type = Solver(next_script, solutions);
521  stack.witness.pop_back();
522  stack.script = std::move(stack.witness);
523  stack.witness.clear();
524  sigversion = SigVersion::WITNESS_V0;
525  }
526  if (script_type == TxoutType::MULTISIG && !stack.script.empty()) {
527  // Build a map of pubkey -> signature by matching sigs to pubkeys:
528  assert(solutions.size() > 1);
529  unsigned int num_pubkeys = solutions.size()-2;
530  unsigned int last_success_key = 0;
531  for (const valtype& sig : stack.script) {
532  for (unsigned int i = last_success_key; i < num_pubkeys; ++i) {
533  const valtype& pubkey = solutions[i+1];
534  // We either have a signature for this pubkey, or we have found a signature and it is valid
535  if (data.signatures.count(CPubKey(pubkey).GetID()) || extractor_checker.CheckECDSASignature(sig, pubkey, next_script, sigversion)) {
536  last_success_key = i + 1;
537  break;
538  }
539  }
540  }
541  }
542 
543  return data;
544 }
545 
546 void UpdateInput(CTxIn& input, const SignatureData& data)
547 {
548  input.scriptSig = data.scriptSig;
549  input.scriptWitness = data.scriptWitness;
550 }
551 
553 {
554  if (complete) return;
555  if (sigdata.complete) {
556  *this = std::move(sigdata);
557  return;
558  }
559  if (redeem_script.empty() && !sigdata.redeem_script.empty()) {
560  redeem_script = sigdata.redeem_script;
561  }
562  if (witness_script.empty() && !sigdata.witness_script.empty()) {
563  witness_script = sigdata.witness_script;
564  }
565  signatures.insert(std::make_move_iterator(sigdata.signatures.begin()), std::make_move_iterator(sigdata.signatures.end()));
566 }
567 
568 bool SignSignature(const SigningProvider &provider, const CScript& fromPubKey, CMutableTransaction& txTo, unsigned int nIn, const CAmount& amount, int nHashType)
569 {
570  assert(nIn < txTo.vin.size());
571 
572  MutableTransactionSignatureCreator creator(txTo, nIn, amount, nHashType);
573 
574  SignatureData sigdata;
575  bool ret = ProduceSignature(provider, creator, fromPubKey, sigdata);
576  UpdateInput(txTo.vin.at(nIn), sigdata);
577  return ret;
578 }
579 
580 bool SignSignature(const SigningProvider &provider, const CTransaction& txFrom, CMutableTransaction& txTo, unsigned int nIn, int nHashType)
581 {
582  assert(nIn < txTo.vin.size());
583  const CTxIn& txin = txTo.vin[nIn];
584  assert(txin.prevout.n < txFrom.vout.size());
585  const CTxOut& txout = txFrom.vout[txin.prevout.n];
586 
587  return SignSignature(provider, txout.scriptPubKey, txTo, nIn, txout.nValue, nHashType);
588 }
589 
590 namespace {
592 class DummySignatureChecker final : public BaseSignatureChecker
593 {
594 public:
595  DummySignatureChecker() = default;
596  bool CheckECDSASignature(const std::vector<unsigned char>& scriptSig, const std::vector<unsigned char>& vchPubKey, const CScript& scriptCode, SigVersion sigversion) const override { return true; }
597  bool CheckSchnorrSignature(Span<const unsigned char> sig, Span<const unsigned char> pubkey, SigVersion sigversion, ScriptExecutionData& execdata, ScriptError* serror) const override { return true; }
598 };
599 }
600 
601 const BaseSignatureChecker& DUMMY_CHECKER = DummySignatureChecker();
602 
603 namespace {
604 class DummySignatureCreator final : public BaseSignatureCreator {
605 private:
606  char m_r_len = 32;
607  char m_s_len = 32;
608 public:
609  DummySignatureCreator(char r_len, char s_len) : m_r_len(r_len), m_s_len(s_len) {}
610  const BaseSignatureChecker& Checker() const override { return DUMMY_CHECKER; }
611  bool CreateSig(const SigningProvider& provider, std::vector<unsigned char>& vchSig, const CKeyID& keyid, const CScript& scriptCode, SigVersion sigversion) const override
612  {
613  // Create a dummy signature that is a valid DER-encoding
614  vchSig.assign(m_r_len + m_s_len + 7, '\000');
615  vchSig[0] = 0x30;
616  vchSig[1] = m_r_len + m_s_len + 4;
617  vchSig[2] = 0x02;
618  vchSig[3] = m_r_len;
619  vchSig[4] = 0x01;
620  vchSig[4 + m_r_len] = 0x02;
621  vchSig[5 + m_r_len] = m_s_len;
622  vchSig[6 + m_r_len] = 0x01;
623  vchSig[6 + m_r_len + m_s_len] = SIGHASH_ALL;
624  return true;
625  }
626  bool CreateSchnorrSig(const SigningProvider& provider, std::vector<unsigned char>& sig, const XOnlyPubKey& pubkey, const uint256* leaf_hash, const uint256* tweak, SigVersion sigversion) const override
627  {
628  sig.assign(64, '\000');
629  return true;
630  }
631 };
632 
633 }
634 
635 const BaseSignatureCreator& DUMMY_SIGNATURE_CREATOR = DummySignatureCreator(32, 32);
636 const BaseSignatureCreator& DUMMY_MAXIMUM_SIGNATURE_CREATOR = DummySignatureCreator(33, 32);
637 
638 bool IsSegWitOutput(const SigningProvider& provider, const CScript& script)
639 {
640  int version;
641  valtype program;
642  if (script.IsWitnessProgram(version, program)) return true;
643  if (script.IsPayToScriptHash()) {
644  std::vector<valtype> solutions;
645  auto whichtype = Solver(script, solutions);
646  if (whichtype == TxoutType::SCRIPTHASH) {
647  auto h160 = uint160(solutions[0]);
648  CScript subscript;
649  if (provider.GetCScript(CScriptID{h160}, subscript)) {
650  if (subscript.IsWitnessProgram(version, program)) return true;
651  }
652  }
653  }
654  return false;
655 }
656 
657 bool SignTransaction(CMutableTransaction& mtx, const SigningProvider* keystore, const std::map<COutPoint, Coin>& coins, int nHashType, std::map<int, bilingual_str>& input_errors)
658 {
659  bool fHashSingle = ((nHashType & ~SIGHASH_ANYONECANPAY) == SIGHASH_SINGLE);
660 
661  // Use CTransaction for the constant parts of the
662  // transaction to avoid rehashing.
663  const CTransaction txConst(mtx);
664 
666  std::vector<CTxOut> spent_outputs;
667  for (unsigned int i = 0; i < mtx.vin.size(); ++i) {
668  CTxIn& txin = mtx.vin[i];
669  auto coin = coins.find(txin.prevout);
670  if (coin == coins.end() || coin->second.IsSpent()) {
671  txdata.Init(txConst, /*spent_outputs=*/{}, /*force=*/true);
672  break;
673  } else {
674  spent_outputs.emplace_back(coin->second.out.nValue, coin->second.out.scriptPubKey);
675  }
676  }
677  if (spent_outputs.size() == mtx.vin.size()) {
678  txdata.Init(txConst, std::move(spent_outputs), true);
679  }
680 
681  // Sign what we can:
682  for (unsigned int i = 0; i < mtx.vin.size(); ++i) {
683  CTxIn& txin = mtx.vin[i];
684  auto coin = coins.find(txin.prevout);
685  if (coin == coins.end() || coin->second.IsSpent()) {
686  input_errors[i] = _("Input not found or already spent");
687  continue;
688  }
689  const CScript& prevPubKey = coin->second.out.scriptPubKey;
690  const CAmount& amount = coin->second.out.nValue;
691 
692  SignatureData sigdata = DataFromTransaction(mtx, i, coin->second.out);
693  // Only sign SIGHASH_SINGLE if there's a corresponding output:
694  if (!fHashSingle || (i < mtx.vout.size())) {
695  ProduceSignature(*keystore, MutableTransactionSignatureCreator(mtx, i, amount, &txdata, nHashType), prevPubKey, sigdata);
696  }
697 
698  UpdateInput(txin, sigdata);
699 
700  // amount must be specified for valid segwit signature
701  if (amount == MAX_MONEY && !txin.scriptWitness.IsNull()) {
702  input_errors[i] = _("Missing amount");
703  continue;
704  }
705 
706  ScriptError serror = SCRIPT_ERR_OK;
707  if (!VerifyScript(txin.scriptSig, prevPubKey, &txin.scriptWitness, STANDARD_SCRIPT_VERIFY_FLAGS, TransactionSignatureChecker(&txConst, i, amount, txdata, MissingDataBehavior::FAIL), &serror)) {
708  if (serror == SCRIPT_ERR_INVALID_STACK_OPERATION) {
709  // Unable to sign input and verification failed (possible attempt to partially sign).
710  input_errors[i] = Untranslated("Unable to sign input, invalid stack size (possibly missing key)");
711  } else if (serror == SCRIPT_ERR_SIG_NULLFAIL) {
712  // Verification failed (possibly due to insufficient signatures).
713  input_errors[i] = Untranslated("CHECK(MULTI)SIG failing with non-zero signature (possibly need more signatures)");
714  } else {
715  input_errors[i] = Untranslated(ScriptErrorString(serror));
716  }
717  } else {
718  // If this input succeeds, make sure there is no error set for it
719  input_errors.erase(i);
720  }
721  }
722  return input_errors.empty();
723 }
static constexpr CAmount MAX_MONEY
No amount larger than this (in satoshi) is valid.
Definition: amount.h:26
bool MoneyRange(const CAmount &nValue)
Definition: amount.h:27
int64_t CAmount
Amount in satoshis (Can be negative)
Definition: amount.h:12
int ret
virtual bool CheckSchnorrSignature(Span< const unsigned char > sig, Span< const unsigned char > pubkey, SigVersion sigversion, ScriptExecutionData &execdata, ScriptError *serror=nullptr) const
Definition: interpreter.h:251
virtual bool CheckECDSASignature(const std::vector< unsigned char > &scriptSig, const std::vector< unsigned char > &vchPubKey, const CScript &scriptCode, SigVersion sigversion) const
Definition: interpreter.h:246
Interface for signature creators.
Definition: sign.h:27
virtual bool CreateSchnorrSig(const SigningProvider &provider, std::vector< unsigned char > &sig, const XOnlyPubKey &pubkey, const uint256 *leaf_hash, const uint256 *merkle_root, SigVersion sigversion) const =0
virtual const BaseSignatureChecker & Checker() const =0
virtual bool CreateSig(const SigningProvider &provider, std::vector< unsigned char > &vchSig, const CKeyID &keyid, const CScript &scriptCode, SigVersion sigversion) const =0
Create a singular (non-script) signature.
An encapsulated private key.
Definition: key.h:27
bool SignSchnorr(const uint256 &hash, Span< unsigned char > sig, const uint256 *merkle_root, const uint256 &aux) const
Create a BIP-340 Schnorr signature, for the xonly-pubkey corresponding to *this, optionally tweaked b...
Definition: key.cpp:278
bool Sign(const uint256 &hash, std::vector< unsigned char > &vchSig, bool grind=true, uint32_t test_case=0) const
Create a DER-serialized signature.
Definition: key.cpp:213
bool IsCompressed() const
Check whether the public key corresponding to this private key is (to be) compressed.
Definition: key.h:96
A reference to a CKey: the Hash160 of its serialized public key.
Definition: pubkey.h:24
uint32_t n
Definition: transaction.h:38
An encapsulated public key.
Definition: pubkey.h:34
CKeyID GetID() const
Get the KeyID of this public key (hash of its serialization)
Definition: pubkey.h:164
A hasher class for RIPEMD-160.
Definition: ripemd160.h:13
CRIPEMD160 & Write(const unsigned char *data, size_t len)
Definition: ripemd160.cpp:247
void Finalize(unsigned char hash[OUTPUT_SIZE])
Definition: ripemd160.cpp:273
Serialized script, used inside transaction inputs and outputs.
Definition: script.h:411
bool IsPayToScriptHash() const
Definition: script.cpp:201
bool IsWitnessProgram(int &version, std::vector< unsigned char > &program) const
Definition: script.cpp:220
static opcodetype EncodeOP_N(int n)
Definition: script.h:510
A reference to a CScript: the Hash160 of its serialization (see script.h)
Definition: standard.h:27
The basic transaction that is broadcasted on the network and contained in blocks.
Definition: transaction.h:288
const std::vector< CTxOut > vout
Definition: transaction.h:299
An input of a transaction.
Definition: transaction.h:74
CScript scriptSig
Definition: transaction.h:77
CScriptWitness scriptWitness
Only serialized through CTransaction.
Definition: transaction.h:79
COutPoint prevout
Definition: transaction.h:76
An output of a transaction.
Definition: transaction.h:157
CScript scriptPubKey
Definition: transaction.h:160
CAmount nValue
Definition: transaction.h:159
bool CheckECDSASignature(const std::vector< unsigned char > &scriptSig, const std::vector< unsigned char > &vchPubKey, const CScript &scriptCode, SigVersion sigversion) const override
Definition: interpreter.h:315
A writer stream (for serialization) that computes a 256-bit hash.
Definition: hash.h:100
A signature creator for transactions.
Definition: sign.h:39
bool CreateSchnorrSig(const SigningProvider &provider, std::vector< unsigned char > &sig, const XOnlyPubKey &pubkey, const uint256 *leaf_hash, const uint256 *merkle_root, SigVersion sigversion) const override
Definition: sign.cpp:60
MutableTransactionSignatureCreator(const CMutableTransaction &tx LIFETIMEBOUND, unsigned int input_idx, const CAmount &amount, int hash_type)
const CMutableTransaction & m_txto
Definition: sign.h:40
bool CreateSig(const SigningProvider &provider, std::vector< unsigned char > &vchSig, const CKeyID &keyid, const CScript &scriptCode, SigVersion sigversion) const override
Create a singular (non-script) signature.
Definition: sign.cpp:35
const PrecomputedTransactionData * m_txdata
Definition: sign.h:45
An interface to be implemented by keystores that support signing.
virtual bool GetCScript(const CScriptID &scriptid, CScript &script) const
virtual bool GetTaprootSpendData(const XOnlyPubKey &output_key, TaprootSpendData &spenddata) const
bool GetKeyByXOnly(const XOnlyPubKey &pubkey, CKey &key) const
virtual bool GetPubKey(const CKeyID &address, CPubKey &pubkey) const
bool GetKeyOriginByXOnly(const XOnlyPubKey &pubkey, KeyOriginInfo &info) const
virtual bool GetTaprootBuilder(const XOnlyPubKey &output_key, TaprootBuilder &builder) const
virtual bool GetKey(const CKeyID &address, CKey &key) const
virtual bool GetKeyOrigin(const CKeyID &keyid, KeyOriginInfo &info) const
A Span is an object that can refer to a contiguous sequence of objects.
Definition: span.h:97
Utility class to construct Taproot outputs from internal key and script tree.
Definition: standard.h:227
unsigned char * begin()
Definition: uint256.h:61
bool empty() const
Definition: prevector.h:288
size_type size() const
Definition: prevector.h:284
iterator begin()
Definition: prevector.h:292
iterator end()
Definition: prevector.h:294
160-bit opaque blob.
Definition: uint256.h:108
256-bit opaque blob.
Definition: uint256.h:119
bool SignatureHashSchnorr(uint256 &hash_out, ScriptExecutionData &execdata, const T &tx_to, uint32_t in_pos, uint8_t hash_type, SigVersion sigversion, const PrecomputedTransactionData &cache, MissingDataBehavior mdb)
std::vector< unsigned char > valtype
Definition: interpreter.cpp:15
const HashWriter HASHER_TAPLEAF
Hasher with tag "TapLeaf" pre-fed to it.
uint256 SignatureHash(const CScript &scriptCode, const T &txTo, unsigned int nIn, int nHashType, const CAmount &amount, SigVersion sigversion, const PrecomputedTransactionData *cache)
bool EvalScript(std::vector< std::vector< unsigned char > > &stack, const CScript &script, unsigned int flags, const BaseSignatureChecker &checker, SigVersion sigversion, ScriptExecutionData &execdata, ScriptError *serror)
bool VerifyScript(const CScript &scriptSig, const CScript &scriptPubKey, const CScriptWitness *witness, unsigned int flags, const BaseSignatureChecker &checker, ScriptError *serror)
SigVersion
Definition: interpreter.h:189
@ TAPROOT
Witness v1 with 32-byte program, not BIP16 P2SH-wrapped, key path spending; see BIP 341.
@ BASE
Bare scripts and BIP16 P2SH-wrapped redeemscripts.
@ TAPSCRIPT
Witness v1 with 32-byte program, not BIP16 P2SH-wrapped, script path spending, leaf version 0xc0; see...
@ WITNESS_V0
Witness v0 (P2WPKH and P2WSH); see BIP 141.
@ SCRIPT_VERIFY_STRICTENC
Definition: interpreter.h:52
static constexpr uint8_t TAPROOT_LEAF_TAPSCRIPT
Definition: interpreter.h:230
@ SIGHASH_ANYONECANPAY
Definition: interpreter.h:31
@ SIGHASH_DEFAULT
Taproot only; implied when sighash byte is missing, and equivalent to SIGHASH_ALL.
Definition: interpreter.h:33
@ SIGHASH_ALL
Definition: interpreter.h:28
@ SIGHASH_SINGLE
Definition: interpreter.h:30
MissingDataBehavior
Enum to specify what *TransactionSignatureChecker's behavior should be when dealing with missing tran...
Definition: interpreter.h:273
@ FAIL
Just act as if the signature was invalid.
static constexpr unsigned int STANDARD_SCRIPT_VERIFY_FLAGS
Standard script verification flags that standard transactions will comply with.
Definition: policy.h:77
std::vector< unsigned char > ToByteVector(const T &in)
Definition: script.h:63
@ OP_1NEGATE
Definition: script.h:77
@ OP_CHECKSIG
Definition: script.h:186
@ OP_DUP
Definition: script.h:121
@ OP_HASH160
Definition: script.h:183
@ OP_0
Definition: script.h:72
@ OP_EQUALVERIFY
Definition: script.h:143
std::string ScriptErrorString(const ScriptError serror)
enum ScriptError_t ScriptError
@ SCRIPT_ERR_INVALID_STACK_OPERATION
Definition: script_error.h:36
@ SCRIPT_ERR_SIG_NULLFAIL
Definition: script_error.h:54
@ SCRIPT_ERR_OK
Definition: script_error.h:13
static const int64_t values[]
A selection of numbers that do not trigger int64_t overflow when added/subtracted.
size_t GetSerializeSize(const T &t, int nVersion=0)
Definition: serialize.h:1109
static bool SignStep(const SigningProvider &provider, const BaseSignatureCreator &creator, const CScript &scriptPubKey, std::vector< valtype > &ret, TxoutType &whichTypeRet, SigVersion sigversion, SignatureData &sigdata)
Sign scriptPubKey using signature made with creator.
Definition: sign.cpp:285
bool ProduceSignature(const SigningProvider &provider, const BaseSignatureCreator &creator, const CScript &fromPubKey, SignatureData &sigdata)
Produce a script signature using a generic signature creator.
Definition: sign.cpp:385
static bool CreateTaprootScriptSig(const BaseSignatureCreator &creator, SignatureData &sigdata, const SigningProvider &provider, std::vector< unsigned char > &sig_out, const XOnlyPubKey &pubkey, const uint256 &leaf_hash, SigVersion sigversion)
Definition: sign.cpp:147
void UpdateInput(CTxIn &input, const SignatureData &data)
Definition: sign.cpp:546
bool IsSegWitOutput(const SigningProvider &provider, const CScript &script)
Check whether a scriptPubKey is known to be segwit.
Definition: sign.cpp:638
static bool SignTaprootScript(const SigningProvider &provider, const BaseSignatureCreator &creator, SignatureData &sigdata, int leaf_version, const CScript &script, std::vector< valtype > &result)
Definition: sign.cpp:162
static bool CreateSig(const BaseSignatureCreator &creator, SignatureData &sigdata, const SigningProvider &provider, std::vector< unsigned char > &sig_out, const CPubKey &pubkey, const CScript &scriptcode, SigVersion sigversion)
Definition: sign.cpp:125
std::vector< unsigned char > valtype
Definition: sign.cpp:19
static bool SignTaproot(const SigningProvider &provider, const BaseSignatureCreator &creator, const WitnessV1Taproot &output, SignatureData &sigdata, std::vector< valtype > &result)
Definition: sign.cpp:217
bool SignSignature(const SigningProvider &provider, const CScript &fromPubKey, CMutableTransaction &txTo, unsigned int nIn, const CAmount &amount, int nHashType)
Produce a script signature for a transaction.
Definition: sign.cpp:568
const BaseSignatureCreator & DUMMY_MAXIMUM_SIGNATURE_CREATOR
A signature creator that just produces 72-byte empty signatures.
Definition: sign.cpp:636
static bool GetPubKey(const SigningProvider &provider, const SignatureData &sigdata, const CKeyID &address, CPubKey &pubkey)
Definition: sign.cpp:107
SignatureData DataFromTransaction(const CMutableTransaction &tx, unsigned int nIn, const CTxOut &txout)
Extract signature data from a transaction input, and insert it.
Definition: sign.cpp:481
const BaseSignatureChecker & DUMMY_CHECKER
A signature checker that accepts all signatures.
Definition: sign.cpp:601
bool SignTransaction(CMutableTransaction &mtx, const SigningProvider *keystore, const std::map< COutPoint, Coin > &coins, int nHashType, std::map< int, bilingual_str > &input_errors)
Sign the CMutableTransaction.
Definition: sign.cpp:657
static CScript PushAll(const std::vector< valtype > &values)
Definition: sign.cpp:368
const BaseSignatureCreator & DUMMY_SIGNATURE_CREATOR
A signature creator that just produces 71-byte empty signatures.
Definition: sign.cpp:635
static bool GetCScript(const SigningProvider &provider, const SignatureData &sigdata, const CScriptID &scriptid, CScript &script)
Definition: sign.cpp:91
std::pair< CPubKey, std::vector< unsigned char > > SigPair
Definition: sign.h:62
TxoutType Solver(const CScript &scriptPubKey, std::vector< std::vector< unsigned char >> &vSolutionsRet)
Parse a scriptPubKey and identify script type for standard scripts.
Definition: standard.cpp:168
std::optional< std::pair< int, std::vector< Span< const unsigned char > > > > MatchMultiA(const CScript &script)
Definition: standard.cpp:134
TxoutType
Definition: standard.h:51
@ WITNESS_V1_TAPROOT
@ WITNESS_UNKNOWN
Only for Witness versions not already defined above.
@ WITNESS_V0_SCRIPTHASH
@ NULL_DATA
unspendable OP_RETURN script that carries data
@ WITNESS_V0_KEYHASH
A mutable version of CTransaction.
Definition: transaction.h:373
std::vector< CTxOut > vout
Definition: transaction.h:375
std::vector< CTxIn > vin
Definition: transaction.h:374
std::vector< std::vector< unsigned char > > stack
Definition: script.h:566
bool IsNull() const
Definition: script.h:571
void Init(const T &tx, std::vector< CTxOut > &&spent_outputs, bool force=false)
Initialize this PrecomputedTransactionData with transaction data.
bool m_bip341_taproot_ready
Whether the 5 fields above are initialized.
Definition: interpreter.h:161
bool m_spent_outputs_ready
Whether m_spent_outputs is initialized.
Definition: interpreter.h:170
uint256 m_tapleaf_hash
The tapleaf hash.
Definition: interpreter.h:201
bool m_annex_present
Whether an annex is present.
Definition: interpreter.h:211
bool m_annex_init
Whether m_annex_present and (when needed) m_annex_hash are initialized.
Definition: interpreter.h:209
bool m_codeseparator_pos_init
Whether m_codeseparator_pos is initialized.
Definition: interpreter.h:204
bool m_tapleaf_hash_init
Whether m_tapleaf_hash is initialized.
Definition: interpreter.h:199
uint32_t m_codeseparator_pos
Opcode position of the last executed OP_CODESEPARATOR (or 0xFFFFFFFF if none executed).
Definition: interpreter.h:206
uint160 missing_redeem_script
ScriptID of the missing redeemScript (if any)
Definition: sign.h:83
std::vector< CKeyID > missing_sigs
KeyIDs of pubkeys for signatures which could not be found.
Definition: sign.h:82
void MergeSignatureData(SignatureData sigdata)
Definition: sign.cpp:552
std::map< CKeyID, SigPair > signatures
BIP 174 style partial signatures for the input. May contain all signatures necessary for producing a ...
Definition: sign.h:76
TaprootSpendData tr_spenddata
Taproot spending data.
Definition: sign.h:74
bool witness
Stores whether the input this SigData corresponds to is a witness input.
Definition: sign.h:69
std::map< CKeyID, std::pair< CPubKey, KeyOriginInfo > > misc_pubkeys
Definition: sign.h:77
std::optional< TaprootBuilder > tr_builder
Taproot tree used to build tr_spenddata.
Definition: sign.h:75
CScript scriptSig
The scriptSig of an input. Contains complete signatures or the traditional partial signatures format.
Definition: sign.h:70
std::vector< unsigned char > taproot_key_path_sig
Definition: sign.h:78
std::map< std::pair< XOnlyPubKey, uint256 >, std::vector< unsigned char > > taproot_script_sigs
Schnorr signature for key path spending.
Definition: sign.h:79
std::map< XOnlyPubKey, std::pair< std::set< uint256 >, KeyOriginInfo > > taproot_misc_pubkeys
Miscellaneous Taproot pubkeys involved in this input along with their leaf script hashes and key orig...
Definition: sign.h:80
CScript redeem_script
The redeemScript (if any) for the input.
Definition: sign.h:71
uint256 missing_witness_script
SHA256 of the missing witnessScript (if any)
Definition: sign.h:84
std::vector< CKeyID > missing_pubkeys
KeyIDs of pubkeys which could not be found.
Definition: sign.h:81
CScript witness_script
The witnessScript (if any) for the input. witnessScripts are used in P2WSH outputs.
Definition: sign.h:72
CScriptWitness scriptWitness
The scriptWitness of an input. Contains complete signatures or the traditional partial signatures for...
Definition: sign.h:73
bool complete
Stores whether the scriptSig and scriptWitness are complete.
Definition: sign.h:68
uint256 merkle_root
The Merkle root of the script tree (0 if no scripts).
Definition: standard.h:213
std::map< std::pair< CScript, int >, std::set< std::vector< unsigned char >, ShortestVectorFirstComparator > > scripts
Map from (script, leaf_version) to (sets of) control blocks.
Definition: standard.h:220
void Merge(TaprootSpendData other)
Merge other TaprootSpendData (for the same scriptPubKey) into this.
Definition: standard.cpp:382
XOnlyPubKey internal_key
The BIP341 internal key.
Definition: standard.h:211
bilingual_str _(const char *psz)
Translation function.
Definition: translation.h:65
bilingual_str Untranslated(std::string original)
Mark a bilingual_str as untranslated.
Definition: translation.h:48
assert(!tx.IsCoinBase())
std::vector< typename std::common_type< Args... >::type > Vector(Args &&... args)
Construct a vector with the specified elements.
Definition: vector.h:21
static const int PROTOCOL_VERSION
network protocol versioning
Definition: version.h:12