bitcoin/util/
bip143.rs

1// Rust Bitcoin Library
2// Written in 2018 by
3//     Andrew Poelstra <apoelstra@wpsoftware.net>
4// To the extent possible under law, the author(s) have dedicated all
5// copyright and related and neighboring rights to this software to
6// the public domain worldwide. This software is distributed without
7// any warranty.
8//
9// You should have received a copy of the CC0 Public Domain Dedication
10// along with this software.
11// If not, see <http://creativecommons.org/publicdomain/zero/1.0/>.
12//
13
14//! BIP143 Implementation
15//!
16//! Implementation of BIP143 Segwit-style signatures. Should be sufficient
17//! to create signatures for Segwit transactions (which should be pushed into
18//! the appropriate place in the `Transaction::witness` array) or bcash
19//! signatures, which are placed in the scriptSig.
20//!
21
22use bitcoin_hashes::{sha256d, Hash};
23
24use blockdata::script::Script;
25use blockdata::transaction::{Transaction, TxIn};
26use consensus::encode::Encodable;
27
28/// Parts of a sighash which are common across inputs or signatures, and which are
29/// sufficient (in conjunction with a private key) to sign the transaction
30#[derive(Clone, PartialEq, Eq, Debug)]
31pub struct SighashComponents {
32    tx_version: u32,
33    tx_locktime: u32,
34    /// Hash of all the previous outputs
35    pub hash_prevouts: sha256d::Hash,
36    /// Hash of all the input sequence nos
37    pub hash_sequence: sha256d::Hash,
38    /// Hash of all the outputs in this transaction
39    pub hash_outputs: sha256d::Hash,
40}
41
42impl SighashComponents {
43    /// Compute the sighash components from an unsigned transaction and auxiliary
44    /// information about its inputs.
45    /// For the generated sighashes to be valid, no fields in the transaction may change except for
46    /// script_sig and witnesses.
47    pub fn new(tx: &Transaction) -> SighashComponents {
48        let hash_prevouts = {
49            let mut enc = sha256d::Hash::engine();
50            for txin in &tx.input {
51                txin.previous_output.consensus_encode(&mut enc).unwrap();
52            }
53            sha256d::Hash::from_engine(enc)
54        };
55
56        let hash_sequence = {
57            let mut enc = sha256d::Hash::engine();
58            for txin in &tx.input {
59                txin.sequence.consensus_encode(&mut enc).unwrap();
60            }
61            sha256d::Hash::from_engine(enc)
62        };
63
64        let hash_outputs = {
65            let mut enc = sha256d::Hash::engine();
66            for txout in &tx.output {
67                txout.consensus_encode(&mut enc).unwrap();
68            }
69            sha256d::Hash::from_engine(enc)
70        };
71
72        SighashComponents {
73            tx_version: tx.version,
74            tx_locktime: tx.lock_time,
75            hash_prevouts: hash_prevouts,
76            hash_sequence: hash_sequence,
77            hash_outputs: hash_outputs,
78        }
79    }
80
81    /// Compute the BIP143 sighash for a `SIGHASH_ALL` signature for the given
82    /// input.
83    pub fn sighash_all(&self, txin: &TxIn, witness_script: &Script, value: u64) -> sha256d::Hash {
84        let mut enc = sha256d::Hash::engine();
85        self.tx_version.consensus_encode(&mut enc).unwrap();
86        self.hash_prevouts.consensus_encode(&mut enc).unwrap();
87        self.hash_sequence.consensus_encode(&mut enc).unwrap();
88        txin
89            .previous_output
90            .consensus_encode(&mut enc)
91            .unwrap();
92        witness_script.consensus_encode(&mut enc).unwrap();
93        value.consensus_encode(&mut enc).unwrap();
94        txin.sequence.consensus_encode(&mut enc).unwrap();
95        self.hash_outputs.consensus_encode(&mut enc).unwrap();
96        self.tx_locktime.consensus_encode(&mut enc).unwrap();
97        1u32.consensus_encode(&mut enc).unwrap(); // hashtype
98        sha256d::Hash::from_engine(enc)
99    }
100}
101
102#[cfg(test)]
103mod tests {
104    use blockdata::script::Script;
105    use blockdata::transaction::Transaction;
106    use consensus::encode::deserialize;
107    use network::constants::Network;
108    use util::misc::hex_bytes;
109    use util::address::Address;
110    use hex;
111    use secp256k1::PublicKey;
112
113    use super::*;
114
115    fn p2pkh_hex(pk: &str) -> Script {
116        let pk = hex::decode(pk).unwrap();
117        let pk = PublicKey::from_slice(pk.as_slice()).unwrap();
118        let witness_script = Address::p2pkh(&pk, Network::Bitcoin).script_pubkey();
119        witness_script
120    }
121
122    #[test]
123    fn bip143_p2wpkh() {
124        let tx = deserialize::<Transaction>(
125            &hex_bytes(
126                "0100000002fff7f7881a8099afa6940d42d1e7f6362bec38171ea3edf433541db4e4ad969f000000\
127                0000eeffffffef51e1b804cc89d182d279655c3aa89e815b1b309fe287d9b2b55d57b90ec68a01000000\
128                00ffffffff02202cb206000000001976a9148280b37df378db99f66f85c95a783a76ac7a6d5988ac9093\
129                510d000000001976a9143bde42dbee7e4dbe6a21b2d50ce2f0167faa815988ac11000000",
130            ).unwrap()[..],
131        ).unwrap();
132
133        let witness_script = p2pkh_hex("025476c2e83188368da1ff3e292e7acafcdb3566bb0ad253f62fc70f07aeee6357");
134        let value = 600_000_000;
135
136        let comp = SighashComponents::new(&tx);
137        assert_eq!(
138            comp,
139            SighashComponents {
140                tx_version: 1,
141                tx_locktime: 17,
142                hash_prevouts: hex_hash!(
143                    "96b827c8483d4e9b96712b6713a7b68d6e8003a781feba36c31143470b4efd37"
144                ),
145                hash_sequence: hex_hash!(
146                    "52b0a642eea2fb7ae638c36f6252b6750293dbe574a806984b8e4d8548339a3b"
147                ),
148                hash_outputs: hex_hash!(
149                    "863ef3e1a92afbfdb97f31ad0fc7683ee943e9abcf2501590ff8f6551f47e5e5"
150                ),
151            }
152        );
153
154        assert_eq!(
155            comp.sighash_all(&tx.input[1], &witness_script, value),
156            hex_hash!("c37af31116d1b27caf68aae9e3ac82f1477929014d5b917657d0eb49478cb670")
157        );
158    }
159
160    #[test]
161    fn bip143_p2wpkh_nested_in_p2sh() {
162        let tx = deserialize::<Transaction>(
163            &hex_bytes(
164                "0100000001db6b1b20aa0fd7b23880be2ecbd4a98130974cf4748fb66092ac4d3ceb1a5477010000\
165                0000feffffff02b8b4eb0b000000001976a914a457b684d7f0d539a46a45bbc043f35b59d0d96388ac00\
166                08af2f000000001976a914fd270b1ee6abcaea97fea7ad0402e8bd8ad6d77c88ac92040000",
167            ).unwrap()[..],
168        ).unwrap();
169
170        let witness_script = p2pkh_hex("03ad1d8e89212f0b92c74d23bb710c00662ad1470198ac48c43f7d6f93a2a26873");
171        let value = 1_000_000_000;
172
173        let comp = SighashComponents::new(&tx);
174        assert_eq!(
175            comp,
176            SighashComponents {
177                tx_version: 1,
178                tx_locktime: 1170,
179                hash_prevouts: hex_hash!(
180                    "b0287b4a252ac05af83d2dcef00ba313af78a3e9c329afa216eb3aa2a7b4613a"
181                ),
182                hash_sequence: hex_hash!(
183                    "18606b350cd8bf565266bc352f0caddcf01e8fa789dd8a15386327cf8cabe198"
184                ),
185                hash_outputs: hex_hash!(
186                    "de984f44532e2173ca0d64314fcefe6d30da6f8cf27bafa706da61df8a226c83"
187                ),
188            }
189        );
190
191        assert_eq!(
192            comp.sighash_all(&tx.input[0], &witness_script, value),
193            hex_hash!("64f3b0f4dd2bb3aa1ce8566d220cc74dda9df97d8490cc81d89d735c92e59fb6")
194        );
195    }
196
197    #[test]
198    fn bip143_p2wsh_nested_in_p2sh() {
199        let tx = deserialize::<Transaction>(
200            &hex_bytes(
201            "010000000136641869ca081e70f394c6948e8af409e18b619df2ed74aa106c1ca29787b96e0100000000\
202             ffffffff0200e9a435000000001976a914389ffce9cd9ae88dcc0631e88a821ffdbe9bfe2688acc0832f\
203             05000000001976a9147480a33f950689af511e6e84c138dbbd3c3ee41588ac00000000").unwrap()[..],
204        ).unwrap();
205
206        let witness_script = hex_script!(
207            "56210307b8ae49ac90a048e9b53357a2354b3334e9c8bee813ecb98e99a7e07e8c3ba32103b28f0c28\
208             bfab54554ae8c658ac5c3e0ce6e79ad336331f78c428dd43eea8449b21034b8113d703413d57761b8b\
209             9781957b8c0ac1dfe69f492580ca4195f50376ba4a21033400f6afecb833092a9a21cfdf1ed1376e58\
210             c5d1f47de74683123987e967a8f42103a6d48b1131e94ba04d9737d61acdaa1322008af9602b3b1486\
211             2c07a1789aac162102d8b661b0b3302ee2f162b09e07a55ad5dfbe673a9f01d9f0c19617681024306b\
212             56ae"
213        );
214        let value = 987654321;
215
216        let comp = SighashComponents::new(&tx);
217        assert_eq!(
218            comp,
219            SighashComponents {
220                tx_version: 1,
221                tx_locktime: 0,
222                hash_prevouts: hex_hash!(
223                    "74afdc312af5183c4198a40ca3c1a275b485496dd3929bca388c4b5e31f7aaa0"
224                ),
225                hash_sequence: hex_hash!(
226                    "3bb13029ce7b1f559ef5e747fcac439f1455a2ec7c5f09b72290795e70665044"
227                ),
228                hash_outputs: hex_hash!(
229                    "bc4d309071414bed932f98832b27b4d76dad7e6c1346f487a8fdbb8eb90307cc"
230                ),
231            }
232        );
233
234        assert_eq!(
235            comp.sighash_all(&tx.input[0], &witness_script, value),
236            hex_hash!("185c0be5263dce5b4bb50a047973c1b6272bfbd0103a89444597dc40b248ee7c")
237        );
238    }
239}
bitcoin/util/bip143.rs

bitcoin/util/
bip143.rs
