Make signature cache optional
This commit is contained in:
parent
c7829ea797
commit
5c1e798a8e
@ -103,6 +103,7 @@ BITCOIN_CORE_H = \
|
|||||||
script/compressor.h \
|
script/compressor.h \
|
||||||
script/interpreter.h \
|
script/interpreter.h \
|
||||||
script/script.h \
|
script/script.h \
|
||||||
|
script/sigcache.h \
|
||||||
script/sign.h \
|
script/sign.h \
|
||||||
script/standard.h \
|
script/standard.h \
|
||||||
serialize.h \
|
serialize.h \
|
||||||
@ -218,6 +219,7 @@ libbitcoin_common_a_SOURCES = \
|
|||||||
script/compressor.cpp \
|
script/compressor.cpp \
|
||||||
script/interpreter.cpp \
|
script/interpreter.cpp \
|
||||||
script/script.cpp \
|
script/script.cpp \
|
||||||
|
script/sigcache.cpp \
|
||||||
script/sign.cpp \
|
script/sign.cpp \
|
||||||
script/standard.cpp \
|
script/standard.cpp \
|
||||||
$(BITCOIN_CORE_H)
|
$(BITCOIN_CORE_H)
|
||||||
|
@ -435,7 +435,7 @@ static void MutateTxSign(CMutableTransaction& tx, const string& flagStr)
|
|||||||
BOOST_FOREACH(const CTransaction& txv, txVariants) {
|
BOOST_FOREACH(const CTransaction& txv, txVariants) {
|
||||||
txin.scriptSig = CombineSignatures(prevPubKey, mergedTx, i, txin.scriptSig, txv.vin[i].scriptSig);
|
txin.scriptSig = CombineSignatures(prevPubKey, mergedTx, i, txin.scriptSig, txv.vin[i].scriptSig);
|
||||||
}
|
}
|
||||||
if (!VerifyScript(txin.scriptSig, prevPubKey, mergedTx, i, STANDARD_SCRIPT_VERIFY_FLAGS))
|
if (!VerifyScript(txin.scriptSig, prevPubKey, STANDARD_SCRIPT_VERIFY_FLAGS, SignatureChecker(mergedTx, i)))
|
||||||
fComplete = false;
|
fComplete = false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -645,7 +645,7 @@ bool AreInputsStandard(const CTransaction& tx, const CCoinsViewCache& mapInputs)
|
|||||||
// IsStandard() will have already returned false
|
// IsStandard() will have already returned false
|
||||||
// and this method isn't called.
|
// and this method isn't called.
|
||||||
vector<vector<unsigned char> > stack;
|
vector<vector<unsigned char> > stack;
|
||||||
if (!EvalScript(stack, tx.vin[i].scriptSig, tx, i, false))
|
if (!EvalScript(stack, tx.vin[i].scriptSig, false, BaseSignatureChecker()))
|
||||||
return false;
|
return false;
|
||||||
|
|
||||||
if (whichType == TX_SCRIPTHASH)
|
if (whichType == TX_SCRIPTHASH)
|
||||||
|
@ -17,6 +17,7 @@
|
|||||||
#include "net.h"
|
#include "net.h"
|
||||||
#include "pow.h"
|
#include "pow.h"
|
||||||
#include "script/script.h"
|
#include "script/script.h"
|
||||||
|
#include "script/sigcache.h"
|
||||||
#include "script/standard.h"
|
#include "script/standard.h"
|
||||||
#include "sync.h"
|
#include "sync.h"
|
||||||
#include "txmempool.h"
|
#include "txmempool.h"
|
||||||
|
@ -9,14 +9,10 @@
|
|||||||
#include "crypto/ripemd160.h"
|
#include "crypto/ripemd160.h"
|
||||||
#include "crypto/sha1.h"
|
#include "crypto/sha1.h"
|
||||||
#include "crypto/sha2.h"
|
#include "crypto/sha2.h"
|
||||||
#include "random.h"
|
|
||||||
#include "script/script.h"
|
#include "script/script.h"
|
||||||
#include "uint256.h"
|
#include "uint256.h"
|
||||||
#include "util.h"
|
#include "util.h"
|
||||||
|
|
||||||
#include <boost/thread.hpp>
|
|
||||||
#include <boost/tuple/tuple_comparison.hpp>
|
|
||||||
|
|
||||||
using namespace std;
|
using namespace std;
|
||||||
|
|
||||||
typedef vector<unsigned char> valtype;
|
typedef vector<unsigned char> valtype;
|
||||||
@ -132,7 +128,7 @@ bool IsCanonicalSignature(const valtype &vchSig, unsigned int flags) {
|
|||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
bool EvalScript(vector<vector<unsigned char> >& stack, const CScript& script, unsigned int flags, const SignatureChecker& checker)
|
bool EvalScript(vector<vector<unsigned char> >& stack, const CScript& script, unsigned int flags, const BaseSignatureChecker& checker)
|
||||||
{
|
{
|
||||||
CScript::const_iterator pc = script.begin();
|
CScript::const_iterator pc = script.begin();
|
||||||
CScript::const_iterator pend = script.end();
|
CScript::const_iterator pend = script.end();
|
||||||
@ -921,65 +917,13 @@ uint256 SignatureHash(const CScript& scriptCode, const CTransaction& txTo, unsig
|
|||||||
return ss.GetHash();
|
return ss.GetHash();
|
||||||
}
|
}
|
||||||
|
|
||||||
// Valid signature cache, to avoid doing expensive ECDSA signature checking
|
bool SignatureChecker::VerifySignature(const std::vector<unsigned char>& vchSig, const CPubKey& pubkey, const uint256& sighash, int flags) const
|
||||||
// twice for every transaction (once when accepted into memory pool, and
|
|
||||||
// again when accepted into the block chain)
|
|
||||||
class CSignatureCache
|
|
||||||
{
|
{
|
||||||
private:
|
return pubkey.Verify(sighash, vchSig);
|
||||||
// sigdata_type is (signature hash, signature, public key):
|
|
||||||
typedef boost::tuple<uint256, std::vector<unsigned char>, CPubKey> sigdata_type;
|
|
||||||
std::set< sigdata_type> setValid;
|
|
||||||
boost::shared_mutex cs_sigcache;
|
|
||||||
|
|
||||||
public:
|
|
||||||
bool
|
|
||||||
Get(const uint256 &hash, const std::vector<unsigned char>& vchSig, const CPubKey& pubKey)
|
|
||||||
{
|
|
||||||
boost::shared_lock<boost::shared_mutex> lock(cs_sigcache);
|
|
||||||
|
|
||||||
sigdata_type k(hash, vchSig, pubKey);
|
|
||||||
std::set<sigdata_type>::iterator mi = setValid.find(k);
|
|
||||||
if (mi != setValid.end())
|
|
||||||
return true;
|
|
||||||
return false;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
void Set(const uint256 &hash, const std::vector<unsigned char>& vchSig, const CPubKey& pubKey)
|
|
||||||
{
|
|
||||||
// DoS prevention: limit cache size to less than 10MB
|
|
||||||
// (~200 bytes per cache entry times 50,000 entries)
|
|
||||||
// Since there are a maximum of 20,000 signature operations per block
|
|
||||||
// 50,000 is a reasonable default.
|
|
||||||
int64_t nMaxCacheSize = GetArg("-maxsigcachesize", 50000);
|
|
||||||
if (nMaxCacheSize <= 0) return;
|
|
||||||
|
|
||||||
boost::unique_lock<boost::shared_mutex> lock(cs_sigcache);
|
|
||||||
|
|
||||||
while (static_cast<int64_t>(setValid.size()) > nMaxCacheSize)
|
|
||||||
{
|
|
||||||
// Evict a random entry. Random because that helps
|
|
||||||
// foil would-be DoS attackers who might try to pre-generate
|
|
||||||
// and re-use a set of valid signatures just-slightly-greater
|
|
||||||
// than our cache size.
|
|
||||||
uint256 randomHash = GetRandHash();
|
|
||||||
std::vector<unsigned char> unused;
|
|
||||||
std::set<sigdata_type>::iterator it =
|
|
||||||
setValid.lower_bound(sigdata_type(randomHash, unused, unused));
|
|
||||||
if (it == setValid.end())
|
|
||||||
it = setValid.begin();
|
|
||||||
setValid.erase(*it);
|
|
||||||
}
|
|
||||||
|
|
||||||
sigdata_type k(hash, vchSig, pubKey);
|
|
||||||
setValid.insert(k);
|
|
||||||
}
|
|
||||||
};
|
|
||||||
|
|
||||||
bool SignatureChecker::CheckSig(const vector<unsigned char>& vchSigIn, const vector<unsigned char>& vchPubKey, const CScript& scriptCode, int flags) const
|
bool SignatureChecker::CheckSig(const vector<unsigned char>& vchSigIn, const vector<unsigned char>& vchPubKey, const CScript& scriptCode, int flags) const
|
||||||
{
|
{
|
||||||
static CSignatureCache signatureCache;
|
|
||||||
|
|
||||||
CPubKey pubkey(vchPubKey);
|
CPubKey pubkey(vchPubKey);
|
||||||
if (!pubkey.IsValid())
|
if (!pubkey.IsValid())
|
||||||
return false;
|
return false;
|
||||||
@ -993,19 +937,13 @@ bool SignatureChecker::CheckSig(const vector<unsigned char>& vchSigIn, const vec
|
|||||||
|
|
||||||
uint256 sighash = SignatureHash(scriptCode, txTo, nIn, nHashType);
|
uint256 sighash = SignatureHash(scriptCode, txTo, nIn, nHashType);
|
||||||
|
|
||||||
if (signatureCache.Get(sighash, vchSig, pubkey))
|
if (!VerifySignature(vchSig, pubkey, sighash, flags))
|
||||||
return true;
|
|
||||||
|
|
||||||
if (!pubkey.Verify(sighash, vchSig))
|
|
||||||
return false;
|
return false;
|
||||||
|
|
||||||
if (!(flags & SCRIPT_VERIFY_NOCACHE))
|
|
||||||
signatureCache.Set(sighash, vchSig, pubkey);
|
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
bool VerifyScript(const CScript& scriptSig, const CScript& scriptPubKey, unsigned int flags, const SignatureChecker& checker)
|
bool VerifyScript(const CScript& scriptSig, const CScript& scriptPubKey, unsigned int flags, const BaseSignatureChecker& checker)
|
||||||
{
|
{
|
||||||
vector<vector<unsigned char> > stack, stackCopy;
|
vector<vector<unsigned char> > stack, stackCopy;
|
||||||
if (!EvalScript(stack, scriptSig, flags, checker))
|
if (!EvalScript(stack, scriptSig, flags, checker))
|
||||||
|
@ -10,9 +10,10 @@
|
|||||||
#include <stdint.h>
|
#include <stdint.h>
|
||||||
#include <string>
|
#include <string>
|
||||||
|
|
||||||
|
class uint256;
|
||||||
|
class CPubKey;
|
||||||
class CScript;
|
class CScript;
|
||||||
class CTransaction;
|
class CTransaction;
|
||||||
class uint256;
|
|
||||||
|
|
||||||
/** Signature hash types/flags */
|
/** Signature hash types/flags */
|
||||||
enum
|
enum
|
||||||
@ -39,29 +40,32 @@ bool IsCanonicalSignature(const std::vector<unsigned char> &vchSig, unsigned int
|
|||||||
|
|
||||||
uint256 SignatureHash(const CScript &scriptCode, const CTransaction& txTo, unsigned int nIn, int nHashType);
|
uint256 SignatureHash(const CScript &scriptCode, const CTransaction& txTo, unsigned int nIn, int nHashType);
|
||||||
|
|
||||||
class SignatureChecker
|
class BaseSignatureChecker
|
||||||
|
{
|
||||||
|
public:
|
||||||
|
virtual bool CheckSig(const std::vector<unsigned char>& scriptSig, const std::vector<unsigned char>& vchPubKey, const CScript& scriptCode, int nFlags) const
|
||||||
|
{
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
virtual ~BaseSignatureChecker() {}
|
||||||
|
};
|
||||||
|
|
||||||
|
class SignatureChecker : public BaseSignatureChecker
|
||||||
{
|
{
|
||||||
private:
|
private:
|
||||||
const CTransaction& txTo;
|
const CTransaction& txTo;
|
||||||
unsigned int nIn;
|
unsigned int nIn;
|
||||||
|
|
||||||
|
protected:
|
||||||
|
virtual bool VerifySignature(const std::vector<unsigned char>& vchSig, const CPubKey& vchPubKey, const uint256& sighash, int flags) const;
|
||||||
|
|
||||||
public:
|
public:
|
||||||
SignatureChecker(const CTransaction& txToIn, unsigned int nInIn) : txTo(txToIn), nIn(nInIn) {}
|
SignatureChecker(const CTransaction& txToIn, unsigned int nInIn) : txTo(txToIn), nIn(nInIn) {}
|
||||||
bool CheckSig(const std::vector<unsigned char>& scriptSig, const std::vector<unsigned char>& vchPubKey, const CScript& scriptCode, int nFlags) const;
|
bool CheckSig(const std::vector<unsigned char>& scriptSig, const std::vector<unsigned char>& vchPubKey, const CScript& scriptCode, int nFlags) const;
|
||||||
};
|
};
|
||||||
|
|
||||||
bool EvalScript(std::vector<std::vector<unsigned char> >& stack, const CScript& script, unsigned int flags, const SignatureChecker& checker);
|
bool EvalScript(std::vector<std::vector<unsigned char> >& stack, const CScript& script, unsigned int flags, const BaseSignatureChecker& checker);
|
||||||
bool VerifyScript(const CScript& scriptSig, const CScript& scriptPubKey, unsigned int flags, const SignatureChecker& checker);
|
bool VerifyScript(const CScript& scriptSig, const CScript& scriptPubKey, unsigned int flags, const BaseSignatureChecker& checker);
|
||||||
|
|
||||||
// Wrappers using a default SignatureChecker.
|
|
||||||
bool inline EvalScript(std::vector<std::vector<unsigned char> >& stack, const CScript& script, const CTransaction& txTo, unsigned int nIn, unsigned int flags)
|
|
||||||
{
|
|
||||||
return EvalScript(stack, script, flags, SignatureChecker(txTo, nIn));
|
|
||||||
}
|
|
||||||
|
|
||||||
bool inline VerifyScript(const CScript& scriptSig, const CScript& scriptPubKey, const CTransaction& txTo, unsigned int nIn, unsigned int flags)
|
|
||||||
{
|
|
||||||
return VerifyScript(scriptSig, scriptPubKey, flags, SignatureChecker(txTo, nIn));
|
|
||||||
}
|
|
||||||
|
|
||||||
#endif // H_BITCOIN_SCRIPT_INTERPRETER
|
#endif // H_BITCOIN_SCRIPT_INTERPRETER
|
||||||
|
88
src/script/sigcache.cpp
Normal file
88
src/script/sigcache.cpp
Normal file
@ -0,0 +1,88 @@
|
|||||||
|
// Copyright (c) 2009-2010 Satoshi Nakamoto
|
||||||
|
// Copyright (c) 2009-2013 The Bitcoin developers
|
||||||
|
// Distributed under the MIT/X11 software license, see the accompanying
|
||||||
|
// file COPYING or http://www.opensource.org/licenses/mit-license.php.
|
||||||
|
|
||||||
|
#include "sigcache.h"
|
||||||
|
|
||||||
|
#include "key.h"
|
||||||
|
#include "random.h"
|
||||||
|
#include "uint256.h"
|
||||||
|
#include "util.h"
|
||||||
|
|
||||||
|
#include <boost/thread.hpp>
|
||||||
|
#include <boost/tuple/tuple_comparison.hpp>
|
||||||
|
|
||||||
|
namespace {
|
||||||
|
|
||||||
|
// Valid signature cache, to avoid doing expensive ECDSA signature checking
|
||||||
|
// twice for every transaction (once when accepted into memory pool, and
|
||||||
|
// again when accepted into the block chain)
|
||||||
|
class CSignatureCache
|
||||||
|
{
|
||||||
|
private:
|
||||||
|
// sigdata_type is (signature hash, signature, public key):
|
||||||
|
typedef boost::tuple<uint256, std::vector<unsigned char>, CPubKey> sigdata_type;
|
||||||
|
std::set< sigdata_type> setValid;
|
||||||
|
boost::shared_mutex cs_sigcache;
|
||||||
|
|
||||||
|
public:
|
||||||
|
bool
|
||||||
|
Get(const uint256 &hash, const std::vector<unsigned char>& vchSig, const CPubKey& pubKey)
|
||||||
|
{
|
||||||
|
boost::shared_lock<boost::shared_mutex> lock(cs_sigcache);
|
||||||
|
|
||||||
|
sigdata_type k(hash, vchSig, pubKey);
|
||||||
|
std::set<sigdata_type>::iterator mi = setValid.find(k);
|
||||||
|
if (mi != setValid.end())
|
||||||
|
return true;
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
void Set(const uint256 &hash, const std::vector<unsigned char>& vchSig, const CPubKey& pubKey)
|
||||||
|
{
|
||||||
|
// DoS prevention: limit cache size to less than 10MB
|
||||||
|
// (~200 bytes per cache entry times 50,000 entries)
|
||||||
|
// Since there are a maximum of 20,000 signature operations per block
|
||||||
|
// 50,000 is a reasonable default.
|
||||||
|
int64_t nMaxCacheSize = GetArg("-maxsigcachesize", 50000);
|
||||||
|
if (nMaxCacheSize <= 0) return;
|
||||||
|
|
||||||
|
boost::unique_lock<boost::shared_mutex> lock(cs_sigcache);
|
||||||
|
|
||||||
|
while (static_cast<int64_t>(setValid.size()) > nMaxCacheSize)
|
||||||
|
{
|
||||||
|
// Evict a random entry. Random because that helps
|
||||||
|
// foil would-be DoS attackers who might try to pre-generate
|
||||||
|
// and re-use a set of valid signatures just-slightly-greater
|
||||||
|
// than our cache size.
|
||||||
|
uint256 randomHash = GetRandHash();
|
||||||
|
std::vector<unsigned char> unused;
|
||||||
|
std::set<sigdata_type>::iterator it =
|
||||||
|
setValid.lower_bound(sigdata_type(randomHash, unused, unused));
|
||||||
|
if (it == setValid.end())
|
||||||
|
it = setValid.begin();
|
||||||
|
setValid.erase(*it);
|
||||||
|
}
|
||||||
|
|
||||||
|
sigdata_type k(hash, vchSig, pubKey);
|
||||||
|
setValid.insert(k);
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
bool CachingSignatureChecker::VerifySignature(const std::vector<unsigned char>& vchSig, const CPubKey& pubkey, const uint256& sighash, int flags) const
|
||||||
|
{
|
||||||
|
static CSignatureCache signatureCache;
|
||||||
|
|
||||||
|
if (signatureCache.Get(sighash, vchSig, pubkey))
|
||||||
|
return true;
|
||||||
|
|
||||||
|
if (!SignatureChecker::VerifySignature(vchSig, pubkey, sighash, flags))
|
||||||
|
return false;
|
||||||
|
|
||||||
|
if (!(flags & SCRIPT_VERIFY_NOCACHE))
|
||||||
|
signatureCache.Set(sighash, vchSig, pubkey);
|
||||||
|
return true;
|
||||||
|
}
|
34
src/script/sigcache.h
Normal file
34
src/script/sigcache.h
Normal file
@ -0,0 +1,34 @@
|
|||||||
|
// Copyright (c) 2009-2010 Satoshi Nakamoto
|
||||||
|
// Copyright (c) 2009-2013 The Bitcoin developers
|
||||||
|
// Distributed under the MIT/X11 software license, see the accompanying
|
||||||
|
// file COPYING or http://www.opensource.org/licenses/mit-license.php.
|
||||||
|
|
||||||
|
#ifndef H_BITCOIN_SCRIPT_SIGCACHE
|
||||||
|
#define H_BITCOIN_SCRIPT_SIGCACHE
|
||||||
|
|
||||||
|
#include "script/interpreter.h"
|
||||||
|
|
||||||
|
#include <vector>
|
||||||
|
|
||||||
|
class CPubKey;
|
||||||
|
|
||||||
|
class CachingSignatureChecker : public SignatureChecker
|
||||||
|
{
|
||||||
|
public:
|
||||||
|
CachingSignatureChecker(const CTransaction& txToIn, unsigned int nInIn) : SignatureChecker(txToIn, nInIn) {}
|
||||||
|
|
||||||
|
bool VerifySignature(const std::vector<unsigned char>& vchSig, const CPubKey& vchPubKey, const uint256& sighash, int flags) const;
|
||||||
|
};
|
||||||
|
|
||||||
|
// Wrappers using a default SignatureChecker.
|
||||||
|
bool inline EvalScript(std::vector<std::vector<unsigned char> >& stack, const CScript& script, const CTransaction& txTo, unsigned int nIn, unsigned int flags)
|
||||||
|
{
|
||||||
|
return EvalScript(stack, script, flags, CachingSignatureChecker(txTo, nIn));
|
||||||
|
}
|
||||||
|
|
||||||
|
bool inline VerifyScript(const CScript& scriptSig, const CScript& scriptPubKey, const CTransaction& txTo, unsigned int nIn, unsigned int flags)
|
||||||
|
{
|
||||||
|
return VerifyScript(scriptSig, scriptPubKey, flags, CachingSignatureChecker(txTo, nIn));
|
||||||
|
}
|
||||||
|
|
||||||
|
#endif
|
@ -123,7 +123,7 @@ bool SignSignature(const CKeyStore &keystore, const CScript& fromPubKey, CMutabl
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Test solution
|
// Test solution
|
||||||
return VerifyScript(txin.scriptSig, fromPubKey, txTo, nIn, STANDARD_SCRIPT_VERIFY_FLAGS);
|
return VerifyScript(txin.scriptSig, fromPubKey, STANDARD_SCRIPT_VERIFY_FLAGS, SignatureChecker(txTo, nIn));
|
||||||
}
|
}
|
||||||
|
|
||||||
bool SignSignature(const CKeyStore &keystore, const CTransaction& txFrom, CMutableTransaction& txTo, unsigned int nIn, int nHashType)
|
bool SignSignature(const CKeyStore &keystore, const CTransaction& txFrom, CMutableTransaction& txTo, unsigned int nIn, int nHashType)
|
||||||
@ -252,9 +252,9 @@ CScript CombineSignatures(CScript scriptPubKey, const CTransaction& txTo, unsign
|
|||||||
Solver(scriptPubKey, txType, vSolutions);
|
Solver(scriptPubKey, txType, vSolutions);
|
||||||
|
|
||||||
vector<valtype> stack1;
|
vector<valtype> stack1;
|
||||||
EvalScript(stack1, scriptSig1, CTransaction(), 0, SCRIPT_VERIFY_STRICTENC);
|
EvalScript(stack1, scriptSig1, SCRIPT_VERIFY_STRICTENC, BaseSignatureChecker());
|
||||||
vector<valtype> stack2;
|
vector<valtype> stack2;
|
||||||
EvalScript(stack2, scriptSig2, CTransaction(), 0, SCRIPT_VERIFY_STRICTENC);
|
EvalScript(stack2, scriptSig2, SCRIPT_VERIFY_STRICTENC, BaseSignatureChecker());
|
||||||
|
|
||||||
return CombineSignatures(scriptPubKey, txTo, nIn, txType, vSolutions, stack1, stack2);
|
return CombineSignatures(scriptPubKey, txTo, nIn, txType, vSolutions, stack1, stack2);
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user