Bitcoin Core  31.0.0
P2P Digital Currency
miniscript.cpp
Go to the documentation of this file.
1 // Copyright (c) 2019-present The Bitcoin Core developers
2 // Distributed under the MIT software license, see the accompanying
3 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
4 
5 #include <limits>
6 #include <vector>
7 
8 #include <primitives/transaction.h>
9 #include <script/miniscript.h>
10 #include <script/script.h>
11 #include <script/solver.h>
12 #include <span.h>
13 #include <util/check.h>
14 #include <util/vector.h>
15 
16 namespace miniscript {
17 namespace internal {
18 
19 Type SanitizeType(Type e) {
20  int num_types = (e << "K"_mst) + (e << "V"_mst) + (e << "B"_mst) + (e << "W"_mst);
21  if (num_types == 0) return ""_mst; // No valid type, don't care about the rest
22  CHECK_NONFATAL(num_types == 1); // K, V, B, W all conflict with each other
23  CHECK_NONFATAL(!(e << "z"_mst) || !(e << "o"_mst)); // z conflicts with o
24  CHECK_NONFATAL(!(e << "n"_mst) || !(e << "z"_mst)); // n conflicts with z
25  CHECK_NONFATAL(!(e << "n"_mst) || !(e << "W"_mst)); // n conflicts with W
26  CHECK_NONFATAL(!(e << "V"_mst) || !(e << "d"_mst)); // V conflicts with d
27  CHECK_NONFATAL(!(e << "K"_mst) || (e << "u"_mst)); // K implies u
28  CHECK_NONFATAL(!(e << "V"_mst) || !(e << "u"_mst)); // V conflicts with u
29  CHECK_NONFATAL(!(e << "e"_mst) || !(e << "f"_mst)); // e conflicts with f
30  CHECK_NONFATAL(!(e << "e"_mst) || (e << "d"_mst)); // e implies d
31  CHECK_NONFATAL(!(e << "V"_mst) || !(e << "e"_mst)); // V conflicts with e
32  CHECK_NONFATAL(!(e << "d"_mst) || !(e << "f"_mst)); // d conflicts with f
33  CHECK_NONFATAL(!(e << "V"_mst) || (e << "f"_mst)); // V implies f
34  CHECK_NONFATAL(!(e << "K"_mst) || (e << "s"_mst)); // K implies s
35  CHECK_NONFATAL(!(e << "z"_mst) || (e << "m"_mst)); // z implies m
36  return e;
37 }
38 
39 Type ComputeType(Fragment fragment, Type x, Type y, Type z, const std::vector<Type>& sub_types, uint32_t k,
40  size_t data_size, size_t n_subs, size_t n_keys, MiniscriptContext ms_ctx) {
41  // Sanity check on data
42  if (fragment == Fragment::SHA256 || fragment == Fragment::HASH256) {
43  CHECK_NONFATAL(data_size == 32);
44  } else if (fragment == Fragment::RIPEMD160 || fragment == Fragment::HASH160) {
45  CHECK_NONFATAL(data_size == 20);
46  } else {
47  CHECK_NONFATAL(data_size == 0);
48  }
49  // Sanity check on k
50  if (fragment == Fragment::OLDER || fragment == Fragment::AFTER) {
51  CHECK_NONFATAL(k >= 1 && k < 0x80000000UL);
52  } else if (fragment == Fragment::MULTI || fragment == Fragment::MULTI_A) {
53  CHECK_NONFATAL(k >= 1 && k <= n_keys);
54  } else if (fragment == Fragment::THRESH) {
55  CHECK_NONFATAL(k >= 1 && k <= n_subs);
56  } else {
57  CHECK_NONFATAL(k == 0);
58  }
59  // Sanity check on subs
60  if (fragment == Fragment::AND_V || fragment == Fragment::AND_B || fragment == Fragment::OR_B ||
61  fragment == Fragment::OR_C || fragment == Fragment::OR_I || fragment == Fragment::OR_D) {
62  CHECK_NONFATAL(n_subs == 2);
63  } else if (fragment == Fragment::ANDOR) {
64  CHECK_NONFATAL(n_subs == 3);
65  } else if (fragment == Fragment::WRAP_A || fragment == Fragment::WRAP_S || fragment == Fragment::WRAP_C ||
66  fragment == Fragment::WRAP_D || fragment == Fragment::WRAP_V || fragment == Fragment::WRAP_J ||
67  fragment == Fragment::WRAP_N) {
68  CHECK_NONFATAL(n_subs == 1);
69  } else if (fragment != Fragment::THRESH) {
70  CHECK_NONFATAL(n_subs == 0);
71  }
72  // Sanity check on keys
73  if (fragment == Fragment::PK_K || fragment == Fragment::PK_H) {
74  CHECK_NONFATAL(n_keys == 1);
75  } else if (fragment == Fragment::MULTI) {
76  CHECK_NONFATAL(n_keys >= 1 && n_keys <= MAX_PUBKEYS_PER_MULTISIG);
77  CHECK_NONFATAL(!IsTapscript(ms_ctx));
78  } else if (fragment == Fragment::MULTI_A) {
79  CHECK_NONFATAL(n_keys >= 1 && n_keys <= MAX_PUBKEYS_PER_MULTI_A);
80  CHECK_NONFATAL(IsTapscript(ms_ctx));
81  } else {
82  CHECK_NONFATAL(n_keys == 0);
83  }
84 
85  // Below is the per-fragment logic for computing the expression types.
86  // It heavily relies on Type's << operator (where "X << a_mst" means
87  // "X has all properties listed in a").
88  switch (fragment) {
89  case Fragment::PK_K: return "Konudemsxk"_mst;
90  case Fragment::PK_H: return "Knudemsxk"_mst;
91  case Fragment::OLDER: return
92  "g"_mst.If(k & CTxIn::SEQUENCE_LOCKTIME_TYPE_FLAG) |
93  "h"_mst.If(!(k & CTxIn::SEQUENCE_LOCKTIME_TYPE_FLAG)) |
94  "Bzfmxk"_mst;
95  case Fragment::AFTER: return
96  "i"_mst.If(k >= LOCKTIME_THRESHOLD) |
97  "j"_mst.If(k < LOCKTIME_THRESHOLD) |
98  "Bzfmxk"_mst;
99  case Fragment::SHA256: return "Bonudmk"_mst;
100  case Fragment::RIPEMD160: return "Bonudmk"_mst;
101  case Fragment::HASH256: return "Bonudmk"_mst;
102  case Fragment::HASH160: return "Bonudmk"_mst;
103  case Fragment::JUST_1: return "Bzufmxk"_mst;
104  case Fragment::JUST_0: return "Bzudemsxk"_mst;
105  case Fragment::WRAP_A: return
106  "W"_mst.If(x << "B"_mst) | // W=B_x
107  (x & "ghijk"_mst) | // g=g_x, h=h_x, i=i_x, j=j_x, k=k_x
108  (x & "udfems"_mst) | // u=u_x, d=d_x, f=f_x, e=e_x, m=m_x, s=s_x
109  "x"_mst; // x
110  case Fragment::WRAP_S: return
111  "W"_mst.If(x << "Bo"_mst) | // W=B_x*o_x
112  (x & "ghijk"_mst) | // g=g_x, h=h_x, i=i_x, j=j_x, k=k_x
113  (x & "udfemsx"_mst); // u=u_x, d=d_x, f=f_x, e=e_x, m=m_x, s=s_x, x=x_x
114  case Fragment::WRAP_C: return
115  "B"_mst.If(x << "K"_mst) | // B=K_x
116  (x & "ghijk"_mst) | // g=g_x, h=h_x, i=i_x, j=j_x, k=k_x
117  (x & "ondfem"_mst) | // o=o_x, n=n_x, d=d_x, f=f_x, e=e_x, m=m_x
118  "us"_mst; // u, s
119  case Fragment::WRAP_D: return
120  "B"_mst.If(x << "Vz"_mst) | // B=V_x*z_x
121  "o"_mst.If(x << "z"_mst) | // o=z_x
122  "e"_mst.If(x << "f"_mst) | // e=f_x
123  (x & "ghijk"_mst) | // g=g_x, h=h_x, i=i_x, j=j_x, k=k_x
124  (x & "ms"_mst) | // m=m_x, s=s_x
125  // NOTE: 'd:' is 'u' under Tapscript but not P2WSH as MINIMALIF is only a policy rule there.
126  "u"_mst.If(IsTapscript(ms_ctx)) |
127  "ndx"_mst; // n, d, x
128  case Fragment::WRAP_V: return
129  "V"_mst.If(x << "B"_mst) | // V=B_x
130  (x & "ghijk"_mst) | // g=g_x, h=h_x, i=i_x, j=j_x, k=k_x
131  (x & "zonms"_mst) | // z=z_x, o=o_x, n=n_x, m=m_x, s=s_x
132  "fx"_mst; // f, x
133  case Fragment::WRAP_J: return
134  "B"_mst.If(x << "Bn"_mst) | // B=B_x*n_x
135  "e"_mst.If(x << "f"_mst) | // e=f_x
136  (x & "ghijk"_mst) | // g=g_x, h=h_x, i=i_x, j=j_x, k=k_x
137  (x & "oums"_mst) | // o=o_x, u=u_x, m=m_x, s=s_x
138  "ndx"_mst; // n, d, x
139  case Fragment::WRAP_N: return
140  (x & "ghijk"_mst) | // g=g_x, h=h_x, i=i_x, j=j_x, k=k_x
141  (x & "Bzondfems"_mst) | // B=B_x, z=z_x, o=o_x, n=n_x, d=d_x, f=f_x, e=e_x, m=m_x, s=s_x
142  "ux"_mst; // u, x
143  case Fragment::AND_V: return
144  (y & "KVB"_mst).If(x << "V"_mst) | // B=V_x*B_y, V=V_x*V_y, K=V_x*K_y
145  (x & "n"_mst) | (y & "n"_mst).If(x << "z"_mst) | // n=n_x+z_x*n_y
146  ((x | y) & "o"_mst).If((x | y) << "z"_mst) | // o=o_x*z_y+z_x*o_y
147  (x & y & "mz"_mst) | // m=m_x*m_y, z=z_x*z_y
148  ((x | y) & "s"_mst) | // s=s_x+s_y
149  "f"_mst.If((y << "f"_mst) || (x << "s"_mst)) | // f=f_y+s_x
150  (y & "ux"_mst) | // u=u_y, x=x_y
151  ((x | y) & "ghij"_mst) | // g=g_x+g_y, h=h_x+h_y, i=i_x+i_y, j=j_x+j_y
152  "k"_mst.If(((x & y) << "k"_mst) &&
153  !(((x << "g"_mst) && (y << "h"_mst)) ||
154  ((x << "h"_mst) && (y << "g"_mst)) ||
155  ((x << "i"_mst) && (y << "j"_mst)) ||
156  ((x << "j"_mst) && (y << "i"_mst)))); // k=k_x*k_y*!(g_x*h_y + h_x*g_y + i_x*j_y + j_x*i_y)
157  case Fragment::AND_B: return
158  (x & "B"_mst).If(y << "W"_mst) | // B=B_x*W_y
159  ((x | y) & "o"_mst).If((x | y) << "z"_mst) | // o=o_x*z_y+z_x*o_y
160  (x & "n"_mst) | (y & "n"_mst).If(x << "z"_mst) | // n=n_x+z_x*n_y
161  (x & y & "e"_mst).If((x & y) << "s"_mst) | // e=e_x*e_y*s_x*s_y
162  (x & y & "dzm"_mst) | // d=d_x*d_y, z=z_x*z_y, m=m_x*m_y
163  "f"_mst.If(((x & y) << "f"_mst) || (x << "sf"_mst) || (y << "sf"_mst)) | // f=f_x*f_y + f_x*s_x + f_y*s_y
164  ((x | y) & "s"_mst) | // s=s_x+s_y
165  "ux"_mst | // u, x
166  ((x | y) & "ghij"_mst) | // g=g_x+g_y, h=h_x+h_y, i=i_x+i_y, j=j_x+j_y
167  "k"_mst.If(((x & y) << "k"_mst) &&
168  !(((x << "g"_mst) && (y << "h"_mst)) ||
169  ((x << "h"_mst) && (y << "g"_mst)) ||
170  ((x << "i"_mst) && (y << "j"_mst)) ||
171  ((x << "j"_mst) && (y << "i"_mst)))); // k=k_x*k_y*!(g_x*h_y + h_x*g_y + i_x*j_y + j_x*i_y)
172  case Fragment::OR_B: return
173  "B"_mst.If(x << "Bd"_mst && y << "Wd"_mst) | // B=B_x*d_x*W_x*d_y
174  ((x | y) & "o"_mst).If((x | y) << "z"_mst) | // o=o_x*z_y+z_x*o_y
175  (x & y & "m"_mst).If((x | y) << "s"_mst && (x & y) << "e"_mst) | // m=m_x*m_y*e_x*e_y*(s_x+s_y)
176  (x & y & "zse"_mst) | // z=z_x*z_y, s=s_x*s_y, e=e_x*e_y
177  "dux"_mst | // d, u, x
178  ((x | y) & "ghij"_mst) | // g=g_x+g_y, h=h_x+h_y, i=i_x+i_y, j=j_x+j_y
179  (x & y & "k"_mst); // k=k_x*k_y
180  case Fragment::OR_D: return
181  (y & "B"_mst).If(x << "Bdu"_mst) | // B=B_y*B_x*d_x*u_x
182  (x & "o"_mst).If(y << "z"_mst) | // o=o_x*z_y
183  (x & y & "m"_mst).If(x << "e"_mst && (x | y) << "s"_mst) | // m=m_x*m_y*e_x*(s_x+s_y)
184  (x & y & "zs"_mst) | // z=z_x*z_y, s=s_x*s_y
185  (y & "ufde"_mst) | // u=u_y, f=f_y, d=d_y, e=e_y
186  "x"_mst | // x
187  ((x | y) & "ghij"_mst) | // g=g_x+g_y, h=h_x+h_y, i=i_x+i_y, j=j_x+j_y
188  (x & y & "k"_mst); // k=k_x*k_y
189  case Fragment::OR_C: return
190  (y & "V"_mst).If(x << "Bdu"_mst) | // V=V_y*B_x*u_x*d_x
191  (x & "o"_mst).If(y << "z"_mst) | // o=o_x*z_y
192  (x & y & "m"_mst).If(x << "e"_mst && (x | y) << "s"_mst) | // m=m_x*m_y*e_x*(s_x+s_y)
193  (x & y & "zs"_mst) | // z=z_x*z_y, s=s_x*s_y
194  "fx"_mst | // f, x
195  ((x | y) & "ghij"_mst) | // g=g_x+g_y, h=h_x+h_y, i=i_x+i_y, j=j_x+j_y
196  (x & y & "k"_mst); // k=k_x*k_y
197  case Fragment::OR_I: return
198  (x & y & "VBKufs"_mst) | // V=V_x*V_y, B=B_x*B_y, K=K_x*K_y, u=u_x*u_y, f=f_x*f_y, s=s_x*s_y
199  "o"_mst.If((x & y) << "z"_mst) | // o=z_x*z_y
200  ((x | y) & "e"_mst).If((x | y) << "f"_mst) | // e=e_x*f_y+f_x*e_y
201  (x & y & "m"_mst).If((x | y) << "s"_mst) | // m=m_x*m_y*(s_x+s_y)
202  ((x | y) & "d"_mst) | // d=d_x+d_y
203  "x"_mst | // x
204  ((x | y) & "ghij"_mst) | // g=g_x+g_y, h=h_x+h_y, i=i_x+i_y, j=j_x+j_y
205  (x & y & "k"_mst); // k=k_x*k_y
206  case Fragment::ANDOR: return
207  (y & z & "BKV"_mst).If(x << "Bdu"_mst) | // B=B_x*d_x*u_x*B_y*B_z, K=B_x*d_x*u_x*K_y*K_z, V=B_x*d_x*u_x*V_y*V_z
208  (x & y & z & "z"_mst) | // z=z_x*z_y*z_z
209  ((x | (y & z)) & "o"_mst).If((x | (y & z)) << "z"_mst) | // o=o_x*z_y*z_z+z_x*o_y*o_z
210  (y & z & "u"_mst) | // u=u_y*u_z
211  (z & "f"_mst).If((x << "s"_mst) || (y << "f"_mst)) | // f=(s_x+f_y)*f_z
212  (z & "d"_mst) | // d=d_z
213  (z & "e"_mst).If(x << "s"_mst || y << "f"_mst) | // e=e_z*(s_x+f_y)
214  (x & y & z & "m"_mst).If(x << "e"_mst && (x | y | z) << "s"_mst) | // m=m_x*m_y*m_z*e_x*(s_x+s_y+s_z)
215  (z & (x | y) & "s"_mst) | // s=s_z*(s_x+s_y)
216  "x"_mst | // x
217  ((x | y | z) & "ghij"_mst) | // g=g_x+g_y+g_z, h=h_x+h_y+h_z, i=i_x+i_y+i_z, j=j_x+j_y_j_z
218  "k"_mst.If(((x & y & z) << "k"_mst) &&
219  !(((x << "g"_mst) && (y << "h"_mst)) ||
220  ((x << "h"_mst) && (y << "g"_mst)) ||
221  ((x << "i"_mst) && (y << "j"_mst)) ||
222  ((x << "j"_mst) && (y << "i"_mst)))); // k=k_x*k_y*k_z* !(g_x*h_y + h_x*g_y + i_x*j_y + j_x*i_y)
223  case Fragment::MULTI: {
224  return "Bnudemsk"_mst;
225  }
226  case Fragment::MULTI_A: {
227  return "Budemsk"_mst;
228  }
229  case Fragment::THRESH: {
230  bool all_e = true;
231  bool all_m = true;
232  uint32_t args = 0;
233  uint32_t num_s = 0;
234  Type acc_tl = "k"_mst;
235  for (size_t i = 0; i < sub_types.size(); ++i) {
236  Type t = sub_types[i];
237  if (!(t << (i ? "Wdu"_mst : "Bdu"_mst))) return ""_mst; // Require Bdu, Wdu, Wdu, ...
238  if (!(t << "e"_mst)) all_e = false;
239  if (!(t << "m"_mst)) all_m = false;
240  if (t << "s"_mst) num_s += 1;
241  args += (t << "z"_mst) ? 0 : (t << "o"_mst) ? 1 : 2;
242  acc_tl = ((acc_tl | t) & "ghij"_mst) |
243  // Thresh contains a combination of timelocks if it has threshold > 1 and
244  // it contains two different children that have different types of timelocks
245  // Note how if any of the children don't have "k", the parent also does not have "k"
246  "k"_mst.If(((acc_tl & t) << "k"_mst) && ((k <= 1) ||
247  ((k > 1) && !(((acc_tl << "g"_mst) && (t << "h"_mst)) ||
248  ((acc_tl << "h"_mst) && (t << "g"_mst)) ||
249  ((acc_tl << "i"_mst) && (t << "j"_mst)) ||
250  ((acc_tl << "j"_mst) && (t << "i"_mst))))));
251  }
252  return "Bdu"_mst |
253  "z"_mst.If(args == 0) | // z=all z
254  "o"_mst.If(args == 1) | // o=all z except one o
255  "e"_mst.If(all_e && num_s == n_subs) | // e=all e and all s
256  "m"_mst.If(all_e && all_m && num_s >= n_subs - k) | // m=all e, >=(n-k) s
257  "s"_mst.If(num_s >= n_subs - k + 1) | // s= >=(n-k+1) s
258  acc_tl; // timelock info
259  }
260  }
261  assert(false);
262 }
263 
264 size_t ComputeScriptLen(Fragment fragment, Type sub0typ, size_t subsize, uint32_t k, size_t n_subs,
265  size_t n_keys, MiniscriptContext ms_ctx) {
266  switch (fragment) {
267  case Fragment::JUST_1:
268  case Fragment::JUST_0: return 1;
269  case Fragment::PK_K: return IsTapscript(ms_ctx) ? 33 : 34;
270  case Fragment::PK_H: return 3 + 21;
271  case Fragment::OLDER:
272  case Fragment::AFTER: return 1 + BuildScript(k).size();
273  case Fragment::HASH256:
274  case Fragment::SHA256: return 4 + 2 + 33;
275  case Fragment::HASH160:
276  case Fragment::RIPEMD160: return 4 + 2 + 21;
277  case Fragment::MULTI: return 1 + BuildScript(n_keys).size() + BuildScript(k).size() + 34 * n_keys;
278  case Fragment::MULTI_A: return (1 + 32 + 1) * n_keys + BuildScript(k).size() + 1;
279  case Fragment::AND_V: return subsize;
280  case Fragment::WRAP_V: return subsize + (sub0typ << "x"_mst);
281  case Fragment::WRAP_S:
282  case Fragment::WRAP_C:
283  case Fragment::WRAP_N:
284  case Fragment::AND_B:
285  case Fragment::OR_B: return subsize + 1;
286  case Fragment::WRAP_A:
287  case Fragment::OR_C: return subsize + 2;
288  case Fragment::WRAP_D:
289  case Fragment::OR_D:
290  case Fragment::OR_I:
291  case Fragment::ANDOR: return subsize + 3;
292  case Fragment::WRAP_J: return subsize + 4;
293  case Fragment::THRESH: return subsize + n_subs + BuildScript(k).size();
294  }
295  assert(false);
296 }
297 
298 InputStack& InputStack::SetAvailable(Availability avail) {
299  available = avail;
300  if (avail == Availability::NO) {
301  stack.clear();
302  size = std::numeric_limits<size_t>::max();
303  has_sig = false;
304  malleable = false;
305  non_canon = false;
306  }
307  return *this;
308 }
309 
310 InputStack& InputStack::SetWithSig() {
311  has_sig = true;
312  return *this;
313 }
314 
315 InputStack& InputStack::SetNonCanon() {
316  non_canon = true;
317  return *this;
318 }
319 
320 InputStack& InputStack::SetMalleable(bool x) {
321  malleable = x;
322  return *this;
323 }
324 
325 InputStack operator+(InputStack a, InputStack b) {
326  a.stack = Cat(std::move(a.stack), std::move(b.stack));
327  if (a.available != Availability::NO && b.available != Availability::NO) a.size += b.size;
328  a.has_sig |= b.has_sig;
329  a.malleable |= b.malleable;
330  a.non_canon |= b.non_canon;
331  if (a.available == Availability::NO || b.available == Availability::NO) {
332  a.SetAvailable(Availability::NO);
333  } else if (a.available == Availability::MAYBE || b.available == Availability::MAYBE) {
334  a.SetAvailable(Availability::MAYBE);
335  }
336  return a;
337 }
338 
339 InputStack operator|(InputStack a, InputStack b) {
340  // If only one is invalid, pick the other one. If both are invalid, pick an arbitrary one.
341  if (a.available == Availability::NO) return b;
342  if (b.available == Availability::NO) return a;
343  // If only one of the solutions has a signature, we must pick the other one.
344  if (!a.has_sig && b.has_sig) return a;
345  if (!b.has_sig && a.has_sig) return b;
346  if (!a.has_sig && !b.has_sig) {
347  // If neither solution requires a signature, the result is inevitably malleable.
348  a.malleable = true;
349  b.malleable = true;
350  } else {
351  // If both options require a signature, prefer the non-malleable one.
352  if (b.malleable && !a.malleable) return a;
353  if (a.malleable && !b.malleable) return b;
354  }
355  // Between two malleable or two non-malleable solutions, pick the smaller one between
356  // YESes, and the bigger ones between MAYBEs. Prefer YES over MAYBE.
357  if (a.available == Availability::YES && b.available == Availability::YES) {
358  return std::move(a.size <= b.size ? a : b);
359  } else if (a.available == Availability::MAYBE && b.available == Availability::MAYBE) {
360  return std::move(a.size >= b.size ? a : b);
361  } else if (a.available == Availability::YES) {
362  return a;
363  } else {
364  return b;
365  }
366 }
367 
368 std::optional<std::vector<Opcode>> DecomposeScript(const CScript& script)
369 {
370  std::vector<Opcode> out;
371  CScript::const_iterator it = script.begin(), itend = script.end();
372  while (it != itend) {
373  std::vector<unsigned char> push_data;
374  opcodetype opcode;
375  if (!script.GetOp(it, opcode, push_data)) {
376  return {};
377  } else if (opcode >= OP_1 && opcode <= OP_16) {
378  // Deal with OP_n (GetOp does not turn them into pushes).
379  push_data.assign(1, CScript::DecodeOP_N(opcode));
380  } else if (opcode == OP_CHECKSIGVERIFY) {
381  // Decompose OP_CHECKSIGVERIFY into OP_CHECKSIG OP_VERIFY
382  out.emplace_back(OP_CHECKSIG, std::vector<unsigned char>());
383  opcode = OP_VERIFY;
384  } else if (opcode == OP_CHECKMULTISIGVERIFY) {
385  // Decompose OP_CHECKMULTISIGVERIFY into OP_CHECKMULTISIG OP_VERIFY
386  out.emplace_back(OP_CHECKMULTISIG, std::vector<unsigned char>());
387  opcode = OP_VERIFY;
388  } else if (opcode == OP_EQUALVERIFY) {
389  // Decompose OP_EQUALVERIFY into OP_EQUAL OP_VERIFY
390  out.emplace_back(OP_EQUAL, std::vector<unsigned char>());
391  opcode = OP_VERIFY;
392  } else if (opcode == OP_NUMEQUALVERIFY) {
393  // Decompose OP_NUMEQUALVERIFY into OP_NUMEQUAL OP_VERIFY
394  out.emplace_back(OP_NUMEQUAL, std::vector<unsigned char>());
395  opcode = OP_VERIFY;
396  } else if (IsPushdataOp(opcode)) {
397  if (!CheckMinimalPush(push_data, opcode)) return {};
398  } else if (it != itend && (opcode == OP_CHECKSIG || opcode == OP_CHECKMULTISIG || opcode == OP_EQUAL || opcode == OP_NUMEQUAL) && (*it == OP_VERIFY)) {
399  // Rule out non minimal VERIFY sequences
400  return {};
401  }
402  out.emplace_back(opcode, std::move(push_data));
403  }
404  std::reverse(out.begin(), out.end());
405  return out;
406 }
407 
408 std::optional<int64_t> ParseScriptNumber(const Opcode& in) {
409  if (in.first == OP_0) {
410  return 0;
411  }
412  if (!in.second.empty()) {
413  if (IsPushdataOp(in.first) && !CheckMinimalPush(in.second, in.first)) return {};
414  try {
415  return CScriptNum(in.second, true).GetInt64();
416  } catch(const scriptnum_error&) {}
417  }
418  return {};
419 }
420 
421 int FindNextChar(std::span<const char> sp, const char m)
422 {
423  for (int i = 0; i < (int)sp.size(); ++i) {
424  if (sp[i] == m) return i;
425  // We only search within the current parentheses
426  if (sp[i] == ')') break;
427  }
428  return -1;
429 }
430 
431 } // namespace internal
432 } // namespace miniscript
BuildScript
CScript BuildScript(Ts &&... inputs)
Build a script by concatenating other scripts, or any argument accepted by CScript::operator<<.
Definition: script.h:608
miniscript::Fragment::HASH160
OP_SIZE 32 OP_EQUALVERIFY OP_HASH160 [hash] OP_EQUAL.
IsPushdataOp
constexpr bool IsPushdataOp(opcodetype opcode)
Definition: solver.h:40
miniscript::internal::InputStack::stack
std::vector< std::vector< unsigned char > > stack
Data elements.
Definition: miniscript.h:323
miniscript::Fragment::WRAP_V
[X] OP_VERIFY (or -VERIFY version of last opcode in X)
CScript::DecodeOP_N
static int DecodeOP_N(opcodetype opcode)
Encode/decode small integers:
Definition: script.h:507
CheckMinimalPush
bool CheckMinimalPush(const std::vector< unsigned char > &data, opcodetype opcode)
Definition: script.cpp:373
miniscript::internal::ComputeScriptLen
size_t ComputeScriptLen(Fragment fragment, Type sub0typ, size_t subsize, uint32_t k, size_t n_subs, size_t n_keys, MiniscriptContext ms_ctx)
Helper function for Node::CalcScriptLen.
Definition: miniscript.cpp:264
miniscript::Fragment::PK_H
OP_DUP OP_HASH160 [keyhash] OP_EQUALVERIFY.
assert
assert(!tx.IsCoinBase())
miniscript::Fragment::RIPEMD160
OP_SIZE 32 OP_EQUALVERIFY OP_RIPEMD160 [hash] OP_EQUAL.
miniscript::Fragment::MULTI
[k] [key_n]* [n] OP_CHECKMULTISIG (only available within P2WSH context)
miniscript::internal::InputStack::SetMalleable
InputStack & SetMalleable(bool x=true)
Mark this input stack as malleable.
Definition: miniscript.cpp:320
miniscript::Fragment::AFTER
[n] OP_CHECKLOCKTIMEVERIFY
miniscript::internal::operator+
InputStack operator+(InputStack a, InputStack b)
Definition: miniscript.cpp:325
miniscript::internal::FindNextChar
int FindNextChar(std::span< const char > sp, const char m)
Definition: miniscript.cpp:421
miniscript::Fragment::WRAP_A
OP_TOALTSTACK [X] OP_FROMALTSTACK.
CHECK_NONFATAL
#define CHECK_NONFATAL(condition)
Identity function.
Definition: check.h:109
miniscript::IsTapscript
constexpr bool IsTapscript(MiniscriptContext ms_ctx)
Whether the context Tapscript, ensuring the only other possibility is P2WSH.
Definition: miniscript.h:257
miniscript::internal::InputStack::available
Availability available
Whether this stack is valid for its intended purpose (satisfaction or dissatisfaction of a Node)...
Definition: miniscript.h:312
miniscript::internal::InputStack::malleable
bool malleable
Whether this stack is malleable (can be turned into an equally valid other stack by a third party)...
Definition: miniscript.h:316
prevector::const_iterator
Definition: prevector.h:78
OP_0
Definition: script.h:76
miniscript::Type::If
constexpr Type If(bool x) const
The empty type if x is false, itself otherwise.
Definition: miniscript.h:155
miniscript::internal::InputStack::SetAvailable
InputStack & SetAvailable(Availability avail)
Change availability.
Definition: miniscript.cpp:298
MAX_PUBKEYS_PER_MULTISIG
static const int MAX_PUBKEYS_PER_MULTISIG
Definition: script.h:34
miniscript::internal::InputStack::has_sig
bool has_sig
Whether this stack contains a digital signature.
Definition: miniscript.h:314
miniscript::Opcode
std::pair< opcodetype, std::vector< unsigned char > > Opcode
Definition: miniscript.h:191
miniscript::internal::ParseContext::ANDOR
ANDOR will construct an andor node from the last three constructed nodes.
miniscript::internal::ParseContext::AND_B
AND_B will construct an and_b node from the last two constructed nodes.
OP_1
Definition: script.h:83
miniscript::internal::operator|
InputStack operator|(InputStack a, InputStack b)
Definition: miniscript.cpp:339
miniscript::internal::SanitizeType
Type SanitizeType(Type e)
A helper sanitizer/checker for the output of CalcType.
Definition: miniscript.cpp:19
scriptnum_error
Definition: script.h:220
miniscript::internal::DecomposeScript
std::optional< std::vector< Opcode > > DecomposeScript(const CScript &script)
Decode a script into opcode/push pairs.
Definition: miniscript.cpp:368
miniscript::internal::ComputeType
Type ComputeType(Fragment fragment, Type x, Type y, Type z, const std::vector< Type > &sub_types, uint32_t k, size_t data_size, size_t n_subs, size_t n_keys, MiniscriptContext ms_ctx)
Helper function for Node::CalcType.
Definition: miniscript.cpp:39
args
ArgsManager & args
Definition: bitcoind.cpp:277
miniscript::Fragment::OLDER
[n] OP_CHECKSEQUENCEVERIFY
miniscript::internal::ParseContext::OR_C
OR_C will construct an or_c node from the last two constructed nodes.
opcodetype
opcodetype
Script opcodes.
Definition: script.h:73
MAX_PUBKEYS_PER_MULTI_A
static constexpr unsigned int MAX_PUBKEYS_PER_MULTI_A
The limit of keys in OP_CHECKSIGADD-based scripts.
Definition: script.h:37
miniscript::internal::ParseContext::THRESH
THRESH will read a wrapped expression, and then look for a COMMA.
miniscript::Fragment::WRAP_D
OP_DUP OP_IF [X] OP_ENDIF.
miniscript::internal::InputStack
An object representing a sequence of witness stack elements.
Definition: miniscript.h:306
CTxIn::SEQUENCE_LOCKTIME_TYPE_FLAG
static const uint32_t SEQUENCE_LOCKTIME_TYPE_FLAG
If CTxIn::nSequence encodes a relative lock-time and this flag is set, the relative lock-time has uni...
Definition: transaction.h:99
miniscript::internal::ParseContext::OR_D
OR_D will construct an or_d node from the last two constructed nodes.
tests_wycheproof_generate_ecdsa.out
string out
Definition: tests_wycheproof_generate_ecdsa.py:24
miniscript::internal::InputStack::non_canon
bool non_canon
Whether this stack is non-canonical (using a construction known to be unnecessary for satisfaction)...
Definition: miniscript.h:319
miniscript::Fragment::WRAP_J
OP_SIZE OP_0NOTEQUAL OP_IF [X] OP_ENDIF.
miniscript::internal::ParseContext::OR_I
OR_I will construct an or_i node from the last two constructed nodes.
miniscript::internal::InputStack::SetNonCanon
InputStack & SetNonCanon()
Mark this input stack as non-canonical (known to not be necessary in non-malleable satisfactions)...
Definition: miniscript.cpp:315
CScript
Serialized script, used inside transaction inputs and outputs.
Definition: script.h:404
miniscript::Fragment
Fragment
The different node types in miniscript.
Definition: miniscript.h:211
miniscript::internal::ParseContext::AND_V
AND_V will construct an and_v node from the last two constructed nodes.
miniscript::internal::InputStack::size
size_t size
Serialized witness size.
Definition: miniscript.h:321
miniscript::internal::InputStack::SetWithSig
InputStack & SetWithSig()
Mark this input stack as having a signature.
Definition: miniscript.cpp:310
miniscript::internal::ParseContext::OR_B
OR_B will construct an or_b node from the last two constructed nodes.
CScriptNum::GetInt64
int64_t GetInt64() const
Definition: script.h:334
prevector::size
size_type size() const
Definition: prevector.h:247
miniscript::Fragment::SHA256
OP_SIZE 32 OP_EQUALVERIFY OP_SHA256 [hash] OP_EQUAL.
LOCKTIME_THRESHOLD
static const unsigned int LOCKTIME_THRESHOLD
Definition: script.h:47
OP_16
Definition: script.h:99
miniscript::Fragment::HASH256
OP_SIZE 32 OP_EQUALVERIFY OP_HASH256 [hash] OP_EQUAL.
miniscript::Fragment::MULTI_A
[key_0] OP_CHECKSIG ([key_n] OP_CHECKSIGADD)* [k] OP_NUMEQUAL (only within Tapscript ctx) ...
miniscript::Type
This type encapsulates the miniscript type system properties.
Definition: miniscript.h:128
miniscript::internal::ParseScriptNumber
std::optional< int64_t > ParseScriptNumber(const Opcode &in)
Determine whether the passed pair (created by DecomposeScript) is pushing a number.
Definition: miniscript.cpp:408
Cat
V Cat(V v1, V &&v2)
Concatenate two vectors, moving elements.
Definition: vector.h:34
Generated on Thu Apr 16 2026 12:00:00 for Bitcoin Core by   doxygen 1.8.14