2014-09-10 16:16:09 +02:00
|
|
|
// Copyright (c) 2009-2010 Satoshi Nakamoto
|
2020-12-31 09:48:25 +01:00
|
|
|
// Copyright (c) 2009-2020 The Bitcoin Core developers
|
2014-10-06 13:00:55 +02:00
|
|
|
// Distributed under the MIT software license, see the accompanying
|
2014-09-10 16:16:09 +02:00
|
|
|
// file COPYING or http://www.opensource.org/licenses/mit-license.php.
|
|
|
|
|
|
2017-11-10 13:57:53 +13:00
|
|
|
#include <script/sigcache.h>
|
2014-09-10 16:16:09 +02:00
|
|
|
|
2017-11-10 13:57:53 +13:00
|
|
|
#include <pubkey.h>
|
|
|
|
|
#include <random.h>
|
|
|
|
|
#include <uint256.h>
|
2018-10-22 15:51:11 -07:00
|
|
|
#include <util/system.h>
|
2014-09-10 16:16:09 +02:00
|
|
|
|
2017-11-10 13:57:53 +13:00
|
|
|
#include <cuckoocache.h>
|
2021-01-27 15:04:34 +08:00
|
|
|
|
2021-02-02 10:18:39 +08:00
|
|
|
#include <algorithm>
|
|
|
|
|
#include <mutex>
|
|
|
|
|
#include <shared_mutex>
|
|
|
|
|
#include <vector>
|
2014-09-10 16:16:09 +02:00
|
|
|
|
|
|
|
|
namespace {
|
2014-11-10 14:40:01 +08:00
|
|
|
/**
|
|
|
|
|
* Valid signature cache, to avoid doing expensive ECDSA signature checking
|
|
|
|
|
* twice for every transaction (once when accepted into memory pool, and
|
|
|
|
|
* again when accepted into the block chain)
|
|
|
|
|
*/
|
2014-09-10 16:16:09 +02:00
|
|
|
class CSignatureCache
|
|
|
|
|
{
|
|
|
|
|
private:
|
2020-09-11 14:33:30 -07:00
|
|
|
//! Entries are SHA256(nonce || 'E' or 'S' || 31 zero bytes || signature hash || public key || signature):
|
|
|
|
|
CSHA256 m_salted_hasher_ecdsa;
|
|
|
|
|
CSHA256 m_salted_hasher_schnorr;
|
2016-10-05 16:58:47 -04:00
|
|
|
typedef CuckooCache::cache<uint256, SignatureCacheHasher> map_type;
|
2015-10-30 23:14:38 +01:00
|
|
|
map_type setValid;
|
2021-02-02 10:18:39 +08:00
|
|
|
std::shared_mutex cs_sigcache;
|
2014-09-10 16:16:09 +02:00
|
|
|
|
|
|
|
|
public:
|
2015-10-30 23:14:38 +01:00
|
|
|
CSignatureCache()
|
|
|
|
|
{
|
2018-05-09 11:05:46 -07:00
|
|
|
uint256 nonce = GetRandHash();
|
|
|
|
|
// We want the nonce to be 64 bytes long to force the hasher to process
|
|
|
|
|
// this chunk, which makes later hash computations more efficient. We
|
2020-09-11 14:33:30 -07:00
|
|
|
// just write our 32-byte entropy, and then pad with 'E' for ECDSA and
|
|
|
|
|
// 'S' for Schnorr (followed by 0 bytes).
|
|
|
|
|
static constexpr unsigned char PADDING_ECDSA[32] = {'E'};
|
|
|
|
|
static constexpr unsigned char PADDING_SCHNORR[32] = {'S'};
|
|
|
|
|
m_salted_hasher_ecdsa.Write(nonce.begin(), 32);
|
|
|
|
|
m_salted_hasher_ecdsa.Write(PADDING_ECDSA, 32);
|
|
|
|
|
m_salted_hasher_schnorr.Write(nonce.begin(), 32);
|
|
|
|
|
m_salted_hasher_schnorr.Write(PADDING_SCHNORR, 32);
|
2015-10-30 23:14:38 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void
|
2020-10-16 06:26:05 +00:00
|
|
|
ComputeEntryECDSA(uint256& entry, const uint256 &hash, const std::vector<unsigned char>& vchSig, const CPubKey& pubkey) const
|
2015-10-30 23:14:38 +01:00
|
|
|
{
|
2020-09-11 14:33:30 -07:00
|
|
|
CSHA256 hasher = m_salted_hasher_ecdsa;
|
2021-04-30 20:03:35 +02:00
|
|
|
hasher.Write(hash.begin(), 32).Write(pubkey.data(), pubkey.size()).Write(vchSig.data(), vchSig.size()).Finalize(entry.begin());
|
2015-10-30 23:14:38 +01:00
|
|
|
}
|
|
|
|
|
|
2020-09-11 14:33:30 -07:00
|
|
|
void
|
2020-10-16 06:26:05 +00:00
|
|
|
ComputeEntrySchnorr(uint256& entry, const uint256 &hash, Span<const unsigned char> sig, const XOnlyPubKey& pubkey) const
|
2020-09-11 14:33:30 -07:00
|
|
|
{
|
|
|
|
|
CSHA256 hasher = m_salted_hasher_schnorr;
|
2021-04-30 20:03:35 +02:00
|
|
|
hasher.Write(hash.begin(), 32).Write(pubkey.data(), pubkey.size()).Write(sig.data(), sig.size()).Finalize(entry.begin());
|
2020-09-11 14:33:30 -07:00
|
|
|
}
|
|
|
|
|
|
2014-09-10 16:16:09 +02:00
|
|
|
bool
|
2016-10-05 16:58:47 -04:00
|
|
|
Get(const uint256& entry, const bool erase)
|
2014-09-10 16:16:09 +02:00
|
|
|
{
|
2021-02-02 10:18:39 +08:00
|
|
|
std::shared_lock<std::shared_mutex> lock(cs_sigcache);
|
2016-10-05 16:58:47 -04:00
|
|
|
return setValid.contains(entry, erase);
|
2014-09-10 16:16:09 +02:00
|
|
|
}
|
|
|
|
|
|
2020-12-06 00:14:17 +00:00
|
|
|
void Set(const uint256& entry)
|
2015-10-30 23:38:40 +01:00
|
|
|
{
|
2021-02-02 10:18:39 +08:00
|
|
|
std::unique_lock<std::shared_mutex> lock(cs_sigcache);
|
2016-10-05 16:58:47 -04:00
|
|
|
setValid.insert(entry);
|
2015-10-30 23:38:40 +01:00
|
|
|
}
|
2016-10-05 16:58:47 -04:00
|
|
|
uint32_t setup_bytes(size_t n)
|
2014-09-10 16:16:09 +02:00
|
|
|
{
|
2016-10-05 16:58:47 -04:00
|
|
|
return setValid.setup_bytes(n);
|
2014-09-10 16:16:09 +02:00
|
|
|
}
|
|
|
|
|
};
|
|
|
|
|
|
2016-10-05 16:58:47 -04:00
|
|
|
/* In previous versions of this code, signatureCache was a local static variable
|
|
|
|
|
* in CachingTransactionSignatureChecker::VerifySignature. We initialize
|
|
|
|
|
* signatureCache outside of VerifySignature to avoid the atomic operation per
|
|
|
|
|
* call overhead associated with local static variables even though
|
|
|
|
|
* signatureCache could be made local to VerifySignature.
|
|
|
|
|
*/
|
|
|
|
|
static CSignatureCache signatureCache;
|
2017-05-31 22:21:25 +02:00
|
|
|
} // namespace
|
2014-09-10 16:16:09 +02:00
|
|
|
|
2017-02-23 16:38:41 +09:00
|
|
|
// To be called once in AppInitMain/BasicTestingSetup to initialize the
|
|
|
|
|
// signatureCache.
|
2016-10-05 16:58:47 -04:00
|
|
|
void InitSignatureCache()
|
2014-09-10 16:16:09 +02:00
|
|
|
{
|
2017-02-15 14:19:16 -05:00
|
|
|
// nMaxCacheSize is unsigned. If -maxsigcachesize is set to zero,
|
|
|
|
|
// setup_bytes creates the minimum possible cache (2 elements).
|
2019-08-22 21:40:41 -04:00
|
|
|
size_t nMaxCacheSize = std::min(std::max((int64_t)0, gArgs.GetIntArg("-maxsigcachesize", DEFAULT_MAX_SIG_CACHE_SIZE) / 2), MAX_MAX_SIG_CACHE_SIZE) * ((size_t) 1 << 20);
|
2016-10-05 16:58:47 -04:00
|
|
|
size_t nElems = signatureCache.setup_bytes(nMaxCacheSize);
|
2017-04-21 16:38:12 -04:00
|
|
|
LogPrintf("Using %zu MiB out of %zu/2 requested for signature cache, able to store %zu elements\n",
|
|
|
|
|
(nElems*sizeof(uint256)) >>20, (nMaxCacheSize*2)>>20, nElems);
|
2016-10-05 16:58:47 -04:00
|
|
|
}
|
2014-09-10 16:16:09 +02:00
|
|
|
|
2020-09-11 14:33:23 -07:00
|
|
|
bool CachingTransactionSignatureChecker::VerifyECDSASignature(const std::vector<unsigned char>& vchSig, const CPubKey& pubkey, const uint256& sighash) const
|
2016-10-05 16:58:47 -04:00
|
|
|
{
|
2015-10-30 23:14:38 +01:00
|
|
|
uint256 entry;
|
2020-09-11 14:33:23 -07:00
|
|
|
signatureCache.ComputeEntryECDSA(entry, sighash, vchSig, pubkey);
|
2016-10-05 16:58:47 -04:00
|
|
|
if (signatureCache.Get(entry, !store))
|
2014-09-10 16:16:09 +02:00
|
|
|
return true;
|
2020-09-11 14:33:23 -07:00
|
|
|
if (!TransactionSignatureChecker::VerifyECDSASignature(vchSig, pubkey, sighash))
|
2014-09-10 16:16:09 +02:00
|
|
|
return false;
|
2016-10-05 16:58:47 -04:00
|
|
|
if (store)
|
2015-10-30 23:14:38 +01:00
|
|
|
signatureCache.Set(entry);
|
2014-09-10 16:16:09 +02:00
|
|
|
return true;
|
|
|
|
|
}
|
2020-09-11 14:33:30 -07:00
|
|
|
|
|
|
|
|
bool CachingTransactionSignatureChecker::VerifySchnorrSignature(Span<const unsigned char> sig, const XOnlyPubKey& pubkey, const uint256& sighash) const
|
|
|
|
|
{
|
|
|
|
|
uint256 entry;
|
|
|
|
|
signatureCache.ComputeEntrySchnorr(entry, sighash, sig, pubkey);
|
|
|
|
|
if (signatureCache.Get(entry, !store)) return true;
|
|
|
|
|
if (!TransactionSignatureChecker::VerifySchnorrSignature(sig, pubkey, sighash)) return false;
|
|
|
|
|
if (store) signatureCache.Set(entry);
|
|
|
|
|
return true;
|
|
|
|
|
}
|
