mirror of
https://github.com/dashpay/dash.git
synced 2024-12-26 04:22:55 +01:00
Implement BIP 66 validation rules and switchover logic
This commit is contained in:
parent
41f94edf22
commit
ab03660824
16
src/main.cpp
16
src/main.cpp
@ -1795,6 +1795,12 @@ bool ConnectBlock(CBlock& block, CValidationState& state, CBlockIndex* pindex, C
|
||||
unsigned int flags = SCRIPT_VERIFY_NOCACHE |
|
||||
(fStrictPayToScriptHash ? SCRIPT_VERIFY_P2SH : SCRIPT_VERIFY_NONE);
|
||||
|
||||
if (block.nVersion >= 3 &&
|
||||
((!TestNet() && CBlockIndex::IsSuperMajority(3, pindex->pprev, 750, 1000)) ||
|
||||
(TestNet() && CBlockIndex::IsSuperMajority(3, pindex->pprev, 51, 100)))) {
|
||||
flags |= SCRIPT_VERIFY_DERSIG;
|
||||
}
|
||||
|
||||
CBlockUndo blockundo;
|
||||
|
||||
CCheckQueueControl<CScriptCheck> control(fScriptChecks && nScriptCheckThreads ? &scriptcheckqueue : NULL);
|
||||
@ -2427,6 +2433,16 @@ bool AcceptBlock(CBlock& block, CValidationState& state, CDiskBlockPos* dbp)
|
||||
REJECT_OBSOLETE, "bad-version");
|
||||
}
|
||||
}
|
||||
// Reject block.nVersion=2 blocks when 95% (75% on testnet) of the network has upgraded:
|
||||
if (block.nVersion < 3)
|
||||
{
|
||||
if ((!TestNet() && CBlockIndex::IsSuperMajority(3, pindexPrev, 950, 1000)) ||
|
||||
(TestNet() && CBlockIndex::IsSuperMajority(3, pindexPrev, 75, 100)))
|
||||
{
|
||||
return state.Invalid(error("AcceptBlock() : rejected nVersion=2 block"),
|
||||
REJECT_OBSOLETE, "bad-version");
|
||||
}
|
||||
}
|
||||
// Enforce block.nVersion=2 rule that the coinbase starts with serialized block height
|
||||
if (block.nVersion >= 2)
|
||||
{
|
||||
|
@ -294,6 +294,86 @@ bool IsCanonicalSignature(const valtype &vchSig, unsigned int flags) {
|
||||
return true;
|
||||
}
|
||||
|
||||
// BIP 66 defined signature encoding check. This largely overlaps with
|
||||
// IsCanonicalSignature above, but lacks hashtype constraints, and uses the
|
||||
// exact implementation code from BIP 66.
|
||||
bool static IsValidSignatureEncoding(const std::vector<unsigned char> &sig) {
|
||||
// Format: 0x30 [total-length] 0x02 [R-length] [R] 0x02 [S-length] [S] [sighash]
|
||||
// * total-length: 1-byte length descriptor of everything that follows,
|
||||
// excluding the sighash byte.
|
||||
// * R-length: 1-byte length descriptor of the R value that follows.
|
||||
// * R: arbitrary-length big-endian encoded R value. It must use the shortest
|
||||
// possible encoding for a positive integers (which means no null bytes at
|
||||
// the start, except a single one when the next byte has its highest bit set).
|
||||
// * S-length: 1-byte length descriptor of the S value that follows.
|
||||
// * S: arbitrary-length big-endian encoded S value. The same rules apply.
|
||||
// * sighash: 1-byte value indicating what data is hashed (not part of the DER
|
||||
// signature)
|
||||
|
||||
// Minimum and maximum size constraints.
|
||||
if (sig.size() < 9) return false;
|
||||
if (sig.size() > 73) return false;
|
||||
|
||||
// A signature is of type 0x30 (compound).
|
||||
if (sig[0] != 0x30) return false;
|
||||
|
||||
// Make sure the length covers the entire signature.
|
||||
if (sig[1] != sig.size() - 3) return false;
|
||||
|
||||
// Extract the length of the R element.
|
||||
unsigned int lenR = sig[3];
|
||||
|
||||
// Make sure the length of the S element is still inside the signature.
|
||||
if (5 + lenR >= sig.size()) return false;
|
||||
|
||||
// Extract the length of the S element.
|
||||
unsigned int lenS = sig[5 + lenR];
|
||||
|
||||
// Verify that the length of the signature matches the sum of the length
|
||||
// of the elements.
|
||||
if ((size_t)(lenR + lenS + 7) != sig.size()) return false;
|
||||
|
||||
// Check whether the R element is an integer.
|
||||
if (sig[2] != 0x02) return false;
|
||||
|
||||
// Zero-length integers are not allowed for R.
|
||||
if (lenR == 0) return false;
|
||||
|
||||
// Negative numbers are not allowed for R.
|
||||
if (sig[4] & 0x80) return false;
|
||||
|
||||
// Null bytes at the start of R are not allowed, unless R would
|
||||
// otherwise be interpreted as a negative number.
|
||||
if (lenR > 1 && (sig[4] == 0x00) && !(sig[5] & 0x80)) return false;
|
||||
|
||||
// Check whether the S element is an integer.
|
||||
if (sig[lenR + 4] != 0x02) return false;
|
||||
|
||||
// Zero-length integers are not allowed for S.
|
||||
if (lenS == 0) return false;
|
||||
|
||||
// Negative numbers are not allowed for S.
|
||||
if (sig[lenR + 6] & 0x80) return false;
|
||||
|
||||
// Null bytes at the start of S are not allowed, unless S would otherwise be
|
||||
// interpreted as a negative number.
|
||||
if (lenS > 1 && (sig[lenR + 6] == 0x00) && !(sig[lenR + 7] & 0x80)) return false;
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
bool static CheckSignatureEncoding(const valtype &vchSig, unsigned int flags) {
|
||||
// Empty signature. Not strictly DER encoded, but allowed to provide a
|
||||
// compact way to provide an invalid signature for use with CHECK(MULTI)SIG
|
||||
if (vchSig.size() == 0) {
|
||||
return true;
|
||||
}
|
||||
if ((flags & SCRIPT_VERIFY_DERSIG) != 0 && !IsValidSignatureEncoding(vchSig)) {
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
bool EvalScript(vector<vector<unsigned char> >& stack, const CScript& script, const CTransaction& txTo, unsigned int nIn, unsigned int flags, int nHashType)
|
||||
{
|
||||
CScript::const_iterator pc = script.begin();
|
||||
@ -846,6 +926,10 @@ bool EvalScript(vector<vector<unsigned char> >& stack, const CScript& script, co
|
||||
// Drop the signature, since there's no way for a signature to sign itself
|
||||
scriptCode.FindAndDelete(CScript(vchSig));
|
||||
|
||||
if (!CheckSignatureEncoding(vchSig, flags)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
bool fSuccess = IsCanonicalSignature(vchSig, flags) && IsCanonicalPubKey(vchPubKey, flags) &&
|
||||
CheckSig(vchSig, vchPubKey, scriptCode, txTo, nIn, nHashType, flags);
|
||||
|
||||
@ -906,6 +990,10 @@ bool EvalScript(vector<vector<unsigned char> >& stack, const CScript& script, co
|
||||
valtype& vchSig = stacktop(-isig);
|
||||
valtype& vchPubKey = stacktop(-ikey);
|
||||
|
||||
if (!CheckSignatureEncoding(vchSig, flags)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
// Check signature
|
||||
bool fOk = IsCanonicalSignature(vchSig, flags) && IsCanonicalPubKey(vchPubKey, flags) &&
|
||||
CheckSig(vchSig, vchPubKey, scriptCode, txTo, nIn, nHashType, flags);
|
||||
|
@ -190,6 +190,7 @@ enum
|
||||
SCRIPT_VERIFY_STRICTENC = (1U << 1), // enforce strict conformance to DER and SEC2 for signatures and pubkeys
|
||||
SCRIPT_VERIFY_EVEN_S = (1U << 2), // enforce even S values in signatures (depends on STRICTENC)
|
||||
SCRIPT_VERIFY_NOCACHE = (1U << 3), // do not store results in signature cache (but do query it)
|
||||
SCRIPT_VERIFY_DERSIG = (1U << 4), // enforce signature encodings as defined by BIP 66 (which is a softfork, while STRICTENC is not)
|
||||
};
|
||||
|
||||
enum txnouttype
|
||||
|
Loading…
Reference in New Issue
Block a user