Commit Graph

175 Commits

Author SHA1 Message Date
Dave Collins
c476afa931
txscript: Cleanup code for the substr opcode.
This cleans up the code for handling the substr opcode to explicitly
call out its semantics which are likely not otherwise obvious as well as
improve its readability.
2018-05-25 20:28:57 -05:00
Dave Collins
45e313e6d2
multi: Define vgo modules.
This adds module support for the versioned go toolchain.  In particular,
the following packages are defined as modules:

* addrmgr
* blockchain
* certgen
* chaincfg
* connmgr
* database
* dcrjson
* dcrutil
* gcs
* hdkeychain
* mempool
* mining
* peer
* rpcclient
* txscript
* wire

It does not update the travis build environment or README since it is
experimental at this point.
2018-05-25 15:38:16 -05:00
Dave Collins
678ff1efdd
multi: Replace btclog with slog.
This modifies all packages within the repository to the use the Decred
fork of btclog which has been renamed to slog and updates the dependency
files accordingly.
2018-05-23 14:22:10 -05:00
Dave Collins
3a81a21ec9
txscript: Improve substr opcode test coverage.
This adds several tests to the reference script tests which exercise the
semantics of the substr opcode including both positive and negative
tests.
2018-05-15 03:38:18 -05:00
Dave Collins
f54fb6ce67
txscript: Remove unused strict multisig flag.
This removes the ScriptStrictMultiSig flag from the txscript package
since it is not used or needed by Decred.

The flag is a holdover from the upstream code which was used to address
a bug that does not exist in Decred.
2018-05-15 02:34:22 -05:00
Dave Collins
66f5acc9aa
multi: Correct typos found by misspell. 2018-05-08 21:29:33 -05:00
Dave Collins
75432b3c96
multi: Break coinbase dep on standardness rules.
Standardness rules are not the same as consensus rules and it is
important to keep clear separation between them, because standardness
rules can and do change, while the consensus rules must not change
without a specific vote, and even then, the old rules must be kept
around for validation of all blocks prior to any changes introduced by a
successful vote.

Prior to this commit, the blockchain code which enforces the consensus
rule that requires the second output of the coinbase transaction to
contain the height of the block in a provably pruneable nulldata script
push was relying on code in txscript/standard.go, which, as the name of
the file suggests, is specifically intended for code related to
standardness checks.

This introduces a new function in the txscript package named
ExtractCoinbaseNullData which does not rely on any of the code related
to standardness checks and modifies the blockchain code accordingly to
make use of the new function instead.  It also removes the
standardness-dependent GetNullDataContent function which is no longer
used by anything.

Finally, it adds tests in the txscript package to ensure the new
function has the required semantics.
2018-05-08 12:49:40 -05:00
Dave Collins
5717411882
txscript: Decouple and optimize sighash calc.
This modifies the signature hash calculation logic to completely
decouple it from the wire transaction serialization and significantly
optimizes it in the process.  It also significantly improves the
comments to specifically call out the semantics.

This change is highly desirable because it has several beneficial
properties:

- The signature hash semantics are much clearer and specific
- There is no longer a need to copy the entire transaction and modify
  the relevant portions since the necessary substitutions are made on
  the fly
- Allows much faster calculation by serializing directly into byte
  slices and avoiding all of the additional error handling logic
  dedicated to handling network streams
- Provides the possibility of changing the wire format without breaking
  signature hash calculation
  - Note that the caching portion still relies on the wire format, but
    that can be addressed in future commits since it is merely an
    optimization that can also be decoupled

The following is a before and after comparison of signature hash
calculation for both speed and memory allocations for a transaction with
many inputs:

benchmark                old ns/op     new ns/op     delta
------------------------------------------------------------
BenchmarkCalcSigHash     6299714       1551740       -75.37%

benchmark                old allocs    new allocs    delta
------------------------------------------------------------
BenchmarkCalcSigHash     18601         1691          -90.91%
2018-05-01 08:51:41 -05:00
Dave Collins
b51a3bb396
txscript: Add benchmark for sighash calculation. 2018-05-01 08:51:38 -05:00
Dave Collins
a068101639
txscript: Correct JSON-based signature hash tests.
This updates the recently-added JSON-based signature hash test data to
actually test the SigHashAnyOneCanPay flag in the non-fuzzer
transactions as intended.

The flag is 0x80, but the JSON test data specifies the signature hash
type in decimal, so SigHashAll|SigHashAnyOneCanPay, which is 0x81,
should've been specified as 129 decimal instead of 81 decimal.  The same
applies to all combinations with the SigHashAnyOneCanPay flag.
2018-04-30 18:18:18 -05:00
Dave Collins
47cbc26b93
txscript: Add JSON-based signature hash tests.
This adds a significant number of JSON-based tests with various
transactions, scripts, and hash types, to ensure the signature hash
calculated generates the expected hash in each case.

It specifically tests some specialized transactions such as coinbase,
ticket purchase, vote, and revocation.  It also includes carefully
created tests for all combinations of defined hash types along with
triggering an error due to improper use of SigHashSingle.

Finally, it also includes fuzz testing by providing a selection of 100
regular transactions with various numbers of inputs and outputs along
with randomly generated (including undefined) signature hash types and
input indexes.  Due to the way that masking of the signature hash type
works, a couple of the fuzzer tests also hit the improper use of
SigHashSingle.

The test data was generated as JSON in order to make it easier for
developers of software in other languages and platforms that need to
deal with generating signature hashes to consume and prove correctness
of their implementation as well.
2018-04-30 12:14:14 -05:00
Dave Collins
2cb2d9a22a
txscript: Consolidate tests into txscript package.
Putting the test code in the same package makes it easier for forks
since they don't have to change the import paths as much and it also
gets rid of the need for internal_test.go to bridge.

Also, do some light cleanup on a few tests while here.
2018-04-30 10:34:59 -05:00
Dave Collins
6fe33fc277
txscript: Remove SigHashAllValue.
This removes the SigHashAllValue signature hash type.  This is being
done because it is not currently usable without a consensus change due
to a consensus rule which enforces strict signature encoding disallowing
the hash type.

While it would be possible to change the consensus rule in question to
include SigHashAllValue, that would obviously require a consensus vote
since it constitutes a change to the consensus rules.  Given that a vote
is required to make any changes in regards to this, it is ideal to
completely change the algorithm altogether to not only address this
issue, but also to address other shortcomings in regards to efficiency
and complexity of the current algorithm in addition to committing to all
input amounts per the aforementioned description.
2018-04-30 09:10:02 -05:00
Dave Collins
f6be618a1b
txscript: Move sig hash logic to separate file.
This moves the logic to calculate the signature hash and the associated
test to separate files.  Since there will ultimately be a new signature
algorithm, it makes sense to separate all logic related to signature
hashes for better code organization.

It contains no functional changes.
2018-04-30 08:54:07 -05:00
Josh Rickmar
e944badc9b chainec/dcrec: Remove hybrid pubkey support
This is a follow-up to a previous change which removed the ability to
create a dcrutil.Address from a hybrid pubkey.  It removes all
secp256k1 hybrid pubkey support from the chainec/dcrec packages since
these pubkeys are not usable when evaluated by OP_CHECKSIG or
OP_CHECKMULTISIG.

While ParsePubKey is called by consensus code and its behavior has
been changed to error when encountering a hybrid secp256k1 pubkey,
this is not a consensus change as every use of ParsePubKey in
consensus code either checks beforehand that the pubkey is compressed
or uncompressed, requires a parsed address to be P2PKH or P2SH, or
checks an address string against the premine ledger (which only
contains P2PKH addresses).
2018-03-20 17:45:09 -04:00
Markus Richter
1e42b8524d multi: Properly capitalize Decred.
Decred is inconsistencly capitalized in the code base,
change all occurences of decred to Decred.
2018-03-01 17:41:35 -06:00
David Hill
5fc31ca578 multi: fix misspell linter warnings 2018-02-18 12:26:52 -06:00
Josh Rickmar
5eb3296508 Require atomic swap contracts to specify the secret size.
This allows redeeming parties to audit the secret size and ensure it
will be usable once revealed.
2018-02-16 15:14:27 -06:00
David Hill
393a95c079 multi: fix some maligned linter warnings 2018-02-13 14:50:33 -06:00
David Hill
e45c34fbfc multi: release the mutex earlier 2018-02-13 13:55:02 -06:00
David Hill
dce7e3f161 multi: various cleanups 2018-02-02 14:18:41 -06:00
Donald Adu-Poku
e5828813c0 txscript: Remove OP_SMALLDATA 2017-12-29 19:57:26 +00:00
Donald Adu-Poku
29aa087e97 txscript: enforce MaxDataCarrierSize for GenerateProvablyPruneableOut 2017-12-23 01:36:12 +00:00
Donald Adu-Poku
106f979fa7 txscript: Cleanup and improve NullDataScript tests.
This modifies the recently-added NullDataScript function in several
ways in an effort to make them more consistent with the tests in the
rest of the code base and improve/correct the logic:

- Use the hexToBytes and mustParseShortForm functions
- Consistently format the test errors
- Replace the valid bool flag with an expected error and test against it
- Ensure the returned script type is the expected type in all cases
2017-12-22 00:58:54 +00:00
Dave Collins
1ca1017813
txscript: Allow external signature hash calc.
This modifies the exported CalcSignatureHash function to accept a script
as bytes instead of an array of parsed opcodes which are not available
to callers outside of the package.

While here, it also adds a proper comment for the exported function
since it is intended for more than testing as the previous comment
claimed.

Finally, it updates the tests to use a valid script instead of the
previous impossible to achieve constructed series of parsed opcodes.
2017-12-21 14:28:22 -06:00
David Hill
fc31a0b39e multi: remove unused funcs and vars 2017-12-07 21:46:25 -06:00
David Hill
b13f5dfbda travis: add ineffassign linter 2017-12-01 09:14:04 -05:00
Donald Adu-Poku
2d0d42401c txscript: Correct nulldata standardness check. 2017-12-01 01:24:17 +00:00
Josh Rickmar
238bef1c80 txscript: Require SHA256 secret hashes for atomic swaps 2017-11-28 10:03:42 -05:00
David Hill
20686cd775 travis: add gosimple linter 2017-11-20 18:49:55 -06:00
Josh Rickmar
6842aa006d Merge remaining dcrutil code into a dcrd package.
This merge commit adds the following code from the
github.com/decred/dcrutil package into a new
github.com/decred/dcrd/dcrutil package:

* Address handling
* Amount type
* AppDataDir func
* bitflags functions
* Block wrapper type
* Hash160 func
* Tx wrapper type
* WIF type

as well as all tests for this code.

The old github.com/decred/dcrutil/hdkeychain package has also been
merged and moved to github.com/decred/dcrd/dcrutil/hdkeychain.

dcrd packages have been updated to use the new packages and the dep
files have been updated for this change.
2017-10-11 22:06:36 -04:00
Dave Collins
ee5b56ba72
txscript: Implement CheckSequenceVerify
This modifies the script engine to replace OP_NOP3 with
OP_CHECKSEQUENCEVERIFY and adds a flag to selectively enable its
enforcement.

The new opcode examines the top item on the stack and compares it
against the sequence number of the associated transaction input in order
to allow scripts to conditionally enforce the inclusion of relative time
locks to the transaction.

The following is an overview of the changes:

- Introduce a new flag named ScriptVerifyCheckSequenceVerify to
  provide conditional enforcement of the new opcode
- Introduce a constant named OP_CHECKSEQUENCEVERIFY which has the same
  value as OP_NOP3 since it is replacing it
  - Update opcode to name mappings accordingly
- Abstract the logic that deals with time lock verification since it is
  the same for both the new opcode and OP_CHECKLOCKTIMEVERIFY
- Implement the required opcode semantics
- Add tests to ensure the opcode works as expected including when used
  both correctly and incorrectly
2017-09-21 15:58:48 -05:00
Dave Collins
bd78208c37
txscript: Revert upstream CSV merge.
This reverts the changes related to the CheckSequenceVerify opcode that
were merged from upstream since additional changes are needed and it's
much cleaner to implement all of code related to the sequence locks in
the same PR which will be referenced by the DCP as opposed to being
split up in multiple.
2017-09-21 11:17:58 -05:00
Josh Rickmar
5cb9a722a3 Add txscript API to parse atomic swap contracts. 2017-09-19 17:44:29 -04:00
Dave Collins
1955bb1bf1
multi: Abstract standard verification flags.
This modifies the way standard verification flags are handled so that it
is possible to selectively enable them based on the result of agenda
votes.

First, it moves the StandardVerifyFlags constant from the txscript
package to the mempool/policy code and rename it to
BaseStandardVerifyFlags.  As the TODO in the comment of the moved
constant indicated, these flags are policy related and thus really
belong in policy.  Ideally there would be a completely separate policy
package, but since the policy code currently lives in mempool/policy.go,
the constant has been moved there.

Next, it introduces a new function named standardScriptVerifyFlags,
which accepts the chain as an argument and, for now, just returns the
BaseStandardVerifyFlags along with a nil error.  This will allow
additional flags to be selectively enabled depending on the result of an
agenda vote.

Finally, it updates the mempool policy struct to require a closure for
obtaining the flags so it can remain decoupled from the chain which in
turn allows easier and more robust unit testing of mempool functionality
since it allows a mocks to be used.
2017-09-15 12:58:21 -05:00
Dave Collins
11ae59977a
txscript: Introduce OP_SHA256.
This modifies the script engine to replace OP_UNKNOWN192 with OP_SHA256
along with a flag named ScriptVerifySHA256 to selectively enable its
enforcement.

The new opcode consumes the top item from the data stack, computes its
SHA-256, and pushes the resulting digest back to the data stack.

Since it requires an item on the data stack, execution will terminate
with an error when the stack is empty.  This behavior differs from
OP_UNKNOWN192 which does not consume any elements from the data stack
and therefore makes this is hard-forking change when interpreted with
the new semantics due to the ScriptVerifySHA256 flag being set.  Code to
selectively enable the opcode based on the result of an agenda vote will
be added in a separate commit.

This also includes tests to ensure the opcode works as expected
including when used both correctly and incorrectly.
2017-09-14 11:33:48 -05:00
Dave Collins
7c3ff8279e
txscript: Rename OP_SHA256 to OP_BLAKE256.
Decred updated the semantics of this opcode to use blake256, but did not
rename the opcode to reflect that.  This renames the opcode so that it
is clear that a blake256 hash is produced instead of a sha256 hash.
2017-09-08 12:40:39 -05:00
Jean-Christophe Mincke
5115a422f0 multi: Error descriptions are in lower case.
Functions fmt.Error(), errors.New() are inspected.

Files under the dcrd/vendor directory are ignored.
2017-09-08 18:03:59 +02:00
Dave Collins
c47ee87673
txscript: Implement CheckSequenceVerify
Upstream commit a6bf1d9850.

The merge commit modifies all of the encoded transactions in the test
data to use Decred native format and contains some other minor
modifications necessary to integrate with Decred.
2017-08-28 12:23:34 -05:00
David Hill
64119dfabb txscript: remove unneeded API 2017-08-17 15:42:04 -04:00
Dave Collins
fce24223cd
multi: Separate tx serialization type from version.
Decred's serialized format for transactions split the 32-bit version
field into two 16-bit components such that the upper bits are used to
encode a serialization type and the lower 16 bits are the actual
transaction version.

Unfortunately, when this was done, the in-memory transaction struct was
not also updated to hide this complexity, which means that callers
currently have to understand and take special care when dealing with the
version field of the transaction.

Since the main purpose of the wire package is precisely to hide these
details, this remedies the situation by introducing a new field on the
in-memory transaction struct named SerType which houses the
serialization type and changes the Version field back to having the
desired semantics of actually being the real transaction version.  Also,
since the maximum version can only be a 16-bit value, the Version field
has been changed to a uint16 to properly reflect this.

The serialization and deserialization functions now deal with properly
converting to and from these fields to the actual serialized format as
intended.

Finally, these changes also include a fairly significant amount of
related code cleanup and optimization along with some bug fixes in order
to allow the transaction version to be bumped as intended.

The following is an overview of all changes:
- Introduce new SerType field to MsgTx to specify the serialization type
- Change MsgTx.Version to a uint16 to properly reflect its maximum
  allowed value
- Change the semantics of MsgTx.Version to be the actual transaction
  version as intended
- Update all callers that had special code to deal with the previous
  Version field semantics to use the new semantics
- Switch all of the code that deals with encoding and decoding the
  serialized version field to use more efficient masks and shifts
  instead of binary writes into buffers which cause allocations
- Correct several issues that would prevent producing expected
  serializations for transactions with actual transaction versions that
  are not 1
- Simplify the various serialize functions to use a single func which
  accepts the serialization type to reduce code duplication
- Make serialization type switch usage more consistent with the rest of
  the code base
- Update the utxoview and related code to use uint16s for the
  transaction version as well since it should not care about the
  serialization type due to using its own
- Make code more consistent in how it uses bytes.Buffer
- Clean up several of the comments regarding hashes and add some new
  comments to better describe the serialization types
2017-08-07 14:10:27 -05:00
Dave Collins
9a7132a56b
txscript: Cleanup reference test code.
This cleans up the reference test file to remove references to bitcoin
since it no longer applies to decred and remove a TODO that was recently
completed.
2017-08-04 03:05:42 -05:00
Dave Collins
fdb25c2f43
txscript: Use native encoding in json test data.
This modifies the valid and invalid JSON transaction test data to use
natively-encoded transactions instead of the legacy Bitcoin format.
2017-08-03 23:43:37 -05:00
Dave Collins
5baa16baa3
txscript: Update signatures in json test data.
This modifies the signatures of all the transactions in the invalid
transaction data which involve checking signatures to ensure that they
are not failing for the wrong reason.

In order to make it easier for future updates, it introduces three
well-known private keys, 1, 2, and 3, that are used for signing all of
the transactions and adds them to the comments in the test data.  The
first one is used for regular CHECKSIG while all three are used for
CHECKMULTISIG.
2017-08-03 23:43:00 -05:00
Dave Collins
3a243c6bc1
txscript: Remove max money from json test data.
This removes the tests related to max money checks since txscript does
not do sanity checking on the monetary amounts as that is done by the
consensus rules in blockchain.

While here, update dcrscript -> txscript in the comments to reflect
reality.

As an aside, the existing tests were invalid anyways since the
signatures were invalid and thus the tests were failing for the wrong
reason.
2017-08-03 22:31:22 -05:00
Dave Collins
6a0c530a46
txscript: Remove multisigdummy from json test data.
This removes the test for the original Bitcoin bug in CHECKMULTISIG that
required an additional argument since that has been fixed in Decred and
the test therefore no longer applies.

As an aside, the existing test was invalid anyways since the signature
was invalid and thus the test would've failed for the wrong reason.
2017-08-03 20:30:09 -05:00
Dave Collins
4acee5b61a
txscript: Replace CODESEPARATOR json test data.
This replaces the tests for CODESEPARATOR in the invalid transaction
JSON data to be correct for Decred.  It is always invalid to pass over
the CODESEPARATOR opcode in Decred as opposed to the Bitcoin behavior
where it changes what is hashed for the signature hash calculation.

As an aside, the previous tests were invalid anyways since they included
a signature that was invalid so the test would've failed for the wrong
reason.  For all of these tests it's important for them to pass other
than the specific failure condition they are intended to trigger.
2017-08-03 16:39:29 -05:00
Dave Collins
c11117aa77
txscript: Correct p2sh hashes in json test data.
This corrects the hashes for the p2sh scripts in the invalid transaction
JSON data.  This helps ensure the transactions are failing for the
intended reason as opposed to the p2sh script never being run because
the script hashes don't match.
2017-08-03 11:21:09 -05:00
Donald Adu-Poku
2c1e17b424 txscript: Force extracted addrs to compressed.
decred's consensus rules require address generation
to use a compressed pubkey format, this was hacked
into NewAddressSecpPubKey. This commit removes the
hack and provides NewAddressSecpPubKeyCompressed to
enforce the consensus prerequisite
2017-08-02 00:34:35 +00:00
Donald Adu-Poku
db727aeeb6 multi: Update DecodeAddress function signature 2017-07-21 23:41:24 -05:00