64bit arith cscriptnum no new opcodes

Author: Christewart

src/policy/policy.cpp

@@ -13,7 +13,7 @@
 #include <consensus/validation.h>
 #include <policy/feerate.h>
 #include <primitives/transaction.h>
-#include <script/interpreter.h>
+#include <script/sigversion.h>
 #include <script/script.h>
 #include <script/solver.h>
 #include <serialize.h>

src/rpc/util.cpp

@@ -17,7 +17,7 @@
 #include <pow.h>
 #include <rpc/util.h>
 #include <script/descriptor.h>
-#include <script/interpreter.h>
+#include <script/sigversion.h>
 #include <script/signingprovider.h>
 #include <script/solver.h>
 #include <tinyformat.h>

src/script/interpreter.cpp

@@ -10,6 +10,7 @@
 #include <crypto/sha256.h>
 #include <pubkey.h>
 #include <script/script.h>
+#include <script/sigversion.h>
 #include <uint256.h>
 
 typedef std::vector<unsigned char> valtype;
@@ -253,6 +254,20 @@ int FindAndDelete(CScript& script, const CScript& b)
     return nFound;
 }
 
+CScriptNum GetCScriptNum(const valtype& num, const bool fRequireMinimal, const SigVersion& sigversion)
+{
+    switch (sigversion)
+    {
+        case SigVersion::BASE:
+        case SigVersion::WITNESS_V0:
+        case SigVersion::TAPROOT:
+        case SigVersion::TAPSCRIPT:
+            return CScriptNum(num,fRequireMinimal,/*nMaximumSize=*/4);
+        case SigVersion::TAPSCRIPT_64BIT:
+            return CScriptNum(num,fRequireMinimal,/*nMaximumSize=*/8);
+    }
+}
+
 namespace {
 /** A data type to abstract out the condition stack during script execution.
  *
@@ -395,6 +410,7 @@ static bool EvalChecksig(const valtype& sig, const valtype& pubkey, CScript::con
     case SigVersion::WITNESS_V0:
         return EvalChecksigPreTapscript(sig, pubkey, pbegincodehash, pend, flags, checker, sigversion, serror, success);
     case SigVersion::TAPSCRIPT:
+    case SigVersion::TAPSCRIPT_64BIT:
         return EvalChecksigTapscript(sig, pubkey, execdata, flags, checker, sigversion, serror, success);
     case SigVersion::TAPROOT:
         // Key path spending in Taproot has no script, so this is unreachable.
@@ -414,7 +430,7 @@ bool EvalScript(std::vector<std::vector<unsigned char> >& stack, const CScript&
     static const valtype vchTrue(1, 1);
 
     // sigversion cannot be TAPROOT here, as it admits no script execution.
-    assert(sigversion == SigVersion::BASE || sigversion == SigVersion::WITNESS_V0 || sigversion == SigVersion::TAPSCRIPT);
+    assert(sigversion == SigVersion::BASE || sigversion == SigVersion::WITNESS_V0 || sigversion == SigVersion::TAPSCRIPT || sigversion == SigVersion::TAPSCRIPT_64BIT);
 
     CScript::const_iterator pc = script.begin();
     CScript::const_iterator pend = script.end();
@@ -925,7 +941,8 @@ bool EvalScript(std::vector<std::vector<unsigned char> >& stack, const CScript&
                     // (in -- out)
                     if (stack.size() < 1)
                         return set_error(serror, SCRIPT_ERR_INVALID_STACK_OPERATION);
-                    CScriptNum bn(stacktop(-1), fRequireMinimal);
+
+                    CScriptNum bn = GetCScriptNum(stacktop(-1), fRequireMinimal, sigversion);
                     switch (opcode)
                     {
                     case OP_1ADD:       bn += bnOne; break;
@@ -958,19 +975,17 @@ bool EvalScript(std::vector<std::vector<unsigned char> >& stack, const CScript&
                     // (x1 x2 -- out)
                     if (stack.size() < 2)
                         return set_error(serror, SCRIPT_ERR_INVALID_STACK_OPERATION);
-                    CScriptNum bn1(stacktop(-2), fRequireMinimal);
-                    CScriptNum bn2(stacktop(-1), fRequireMinimal);
+                    CScriptNum bn1 = GetCScriptNum(stacktop(-2), fRequireMinimal, sigversion);
+                    CScriptNum bn2 = GetCScriptNum(stacktop(-1), fRequireMinimal, sigversion);
                     CScriptNum bn(0);
                     switch (opcode)
                     {
                     case OP_ADD:
                         bn = bn1 + bn2;
                         break;
-
                     case OP_SUB:
                         bn = bn1 - bn2;
                         break;
-
                     case OP_BOOLAND:             bn = (bn1 != bnZero && bn2 != bnZero); break;
                     case OP_BOOLOR:              bn = (bn1 != bnZero || bn2 != bnZero); break;
                     case OP_NUMEQUAL:            bn = (bn1 == bn2); break;
@@ -987,7 +1002,6 @@ bool EvalScript(std::vector<std::vector<unsigned char> >& stack, const CScript&
                     popstack(stack);
                     popstack(stack);
                     stack.push_back(bn.getvch());
-
                     if (opcode == OP_NUMEQUALVERIFY)
                     {
                         if (CastToBool(stacktop(-1)))
@@ -1938,6 +1952,13 @@ static bool VerifyWitnessProgram(const CScriptWitness& witness, int witversion,
                 execdata.m_validation_weight_left_init = true;
                 return ExecuteWitnessScript(stack, exec_script, flags, SigVersion::TAPSCRIPT, checker, execdata, serror);
             }
+            if ((control[0] & TAPROOT_LEAF_MASK) == TAPROOT_LEAF_TAPSCRIPT_64BIT) {
+                // Tapscript (leaf version 0x66)
+                exec_script = CScript(script.begin(), script.end());
+                execdata.m_validation_weight_left = ::GetSerializeSize(witness.stack) + VALIDATION_WEIGHT_OFFSET;
+                execdata.m_validation_weight_left_init = true;
+                return ExecuteWitnessScript(stack, exec_script, flags, SigVersion::TAPSCRIPT_64BIT, checker, execdata, serror);
+            }
             if (flags & SCRIPT_VERIFY_DISCOURAGE_UPGRADABLE_TAPROOT_VERSION) {
                 return set_error(serror, SCRIPT_ERR_DISCOURAGE_UPGRADABLE_TAPROOT_VERSION);
             }

src/script/interpreter.h

@@ -187,14 +187,6 @@ struct PrecomputedTransactionData
     explicit PrecomputedTransactionData(const T& tx);
 };
 
-enum class SigVersion
-{
-    BASE = 0,        //!< Bare scripts and BIP16 P2SH-wrapped redeemscripts
-    WITNESS_V0 = 1,  //!< Witness v0 (P2WPKH and P2WSH); see BIP 141
-    TAPROOT = 2,     //!< Witness v1 with 32-byte program, not BIP16 P2SH-wrapped, key path spending; see BIP 341
-    TAPSCRIPT = 3,   //!< Witness v1 with 32-byte program, not BIP16 P2SH-wrapped, script path spending, leaf version 0xc0; see BIP 342
-};
-
 struct ScriptExecutionData
 {
     //! Whether m_tapleaf_hash is initialized.
@@ -230,6 +222,7 @@ static constexpr size_t WITNESS_V1_TAPROOT_SIZE = 32;
 
 static constexpr uint8_t TAPROOT_LEAF_MASK = 0xfe;
 static constexpr uint8_t TAPROOT_LEAF_TAPSCRIPT = 0xc0;
+static constexpr uint8_t TAPROOT_LEAF_TAPSCRIPT_64BIT = 0x66;
 static constexpr size_t TAPROOT_CONTROL_BASE_SIZE = 33;
 static constexpr size_t TAPROOT_CONTROL_NODE_SIZE = 32;
 static constexpr size_t TAPROOT_CONTROL_MAX_NODE_COUNT = 128;
@@ -240,7 +233,7 @@ extern const HashWriter HASHER_TAPLEAF;    //!< Hasher with tag "TapLeaf" pre-fe
 extern const HashWriter HASHER_TAPBRANCH;  //!< Hasher with tag "TapBranch" pre-fed to it.
 
 template <class T>
-uint256 SignatureHash(const CScript& scriptCode, const T& txTo, unsigned int nIn, int32_t nHashType, const CAmount& amount, SigVersion sigversion, const PrecomputedTransactionData* cache = nullptr);
+uint256 SignatureHash(const CScript& scriptCode, const T& txTo, unsigned int nIn, int nHashType, const CAmount& amount, SigVersion sigversion, const PrecomputedTransactionData* cache = nullptr);
 
 class BaseSignatureChecker
 {

src/script/script.h

@@ -13,16 +13,7 @@
 #include <uint256.h>
 #include <util/hash_type.h>
 
-#include <cassert>
-#include <cstdint>
-#include <cstring>
-#include <limits>
-#include <span>
-#include <stdexcept>
-#include <string>
-#include <type_traits>
-#include <utility>
-#include <vector>
+enum class SigVersion;
 
 // Maximum number of bytes pushable to the stack
 static const unsigned int MAX_SCRIPT_ELEMENT_SIZE = 520;
@@ -235,7 +226,7 @@ class CScriptNum
  */
 public:
 
-    explicit CScriptNum(const int64_t& n)
+    explicit CScriptNum(const __int128_t& n)
     {
         m_value = n;
     }
@@ -296,9 +287,15 @@ class CScriptNum
 
     inline CScriptNum& operator&=( const CScriptNum& rhs)       { return operator&=(rhs.m_value);  }
 
+    inline CScriptNum operator*(const __int128_t& rhs) const { return CScriptNum(m_value * rhs);}
+    inline CScriptNum operator*(const CScriptNum& rhs) const { return operator*(rhs.m_value);}
+
+    inline CScriptNum operator/(const __int128_t& rhs) const { return CScriptNum(m_value / rhs);}
+    inline CScriptNum operator/(const CScriptNum& rhs) const { return operator/(rhs.m_value);}
+
     inline CScriptNum operator-()                         const
     {
-        assert(m_value != std::numeric_limits<int64_t>::min());
+        assert(m_value != std::numeric_limits<__int128_t>::min());
         return CScriptNum(-m_value);
     }
 
@@ -310,16 +307,16 @@ class CScriptNum
 
     inline CScriptNum& operator+=( const int64_t& rhs)
     {
-        assert(rhs == 0 || (rhs > 0 && m_value <= std::numeric_limits<int64_t>::max() - rhs) ||
-                           (rhs < 0 && m_value >= std::numeric_limits<int64_t>::min() - rhs));
+        assert(rhs == 0 || (rhs > 0 && m_value <= std::numeric_limits<__int128_t>::max() - rhs) ||
+                           (rhs < 0 && m_value >= std::numeric_limits<__int128_t>::min() - rhs));
         m_value += rhs;
         return *this;
     }
 
     inline CScriptNum& operator-=( const int64_t& rhs)
     {
-        assert(rhs == 0 || (rhs > 0 && m_value >= std::numeric_limits<int64_t>::min() + rhs) ||
-                           (rhs < 0 && m_value <= std::numeric_limits<int64_t>::max() + rhs));
+        assert(rhs == 0 || (rhs > 0 && m_value >= std::numeric_limits<__int128_t>::min() + rhs) ||
+                           (rhs < 0 && m_value <= std::numeric_limits<__int128_t>::max() + rhs));
         m_value -= rhs;
         return *this;
     }
@@ -340,20 +337,21 @@ class CScriptNum
     }
 
     int64_t GetInt64() const { return m_value; }
-
+    __int128_t GetInt128() const {return m_value; }
     std::vector<unsigned char> getvch() const
     {
         return serialize(m_value);
     }
 
-    static std::vector<unsigned char> serialize(const int64_t& value)
+    static std::vector<unsigned char> serialize(const __int128_t& value)
     {
-        if(value == 0)
+        if(value == 0) {
             return std::vector<unsigned char>();
+        }
 
         std::vector<unsigned char> result;
         const bool neg = value < 0;
-        uint64_t absvalue = neg ? ~static_cast<uint64_t>(value) + 1 : static_cast<uint64_t>(value);
+        __uint128_t absvalue = neg ? ~static_cast<__uint128_t>(value) + 1 : static_cast<__uint128_t>(value);
 
         while(absvalue)
         {
@@ -371,33 +369,35 @@ class CScriptNum
 //    0x80 to it, since it will be subtracted and interpreted as a negative when
 //    converting to an integral.
 
-        if (result.back() & 0x80)
+        if (result.back() & 0x80) {
             result.push_back(neg ? 0x80 : 0);
-        else if (neg)
+        }
+        else if (neg) {
             result.back() |= 0x80;
+        }
 
         return result;
     }
 
 private:
-    static int64_t set_vch(const std::vector<unsigned char>& vch)
+    static __int128_t set_vch(const std::vector<unsigned char>& vch)
     {
       if (vch.empty())
           return 0;
 
-      int64_t result = 0;
+      __int128_t result = 0;
       for (size_t i = 0; i != vch.size(); ++i)
-          result |= static_cast<int64_t>(vch[i]) << 8*i;
+          result |= static_cast<__int128_t>(vch[i]) << 8*i;
 
       // If the input vector's most significant byte is 0x80, remove it from
       // the result's msb and return a negative.
       if (vch.back() & 0x80)
-          return -((int64_t)(result & ~(0x80ULL << (8 * (vch.size() - 1)))));
+          return -((__int128_t)(result & ~(0x80ULL << (8 * (vch.size() - 1)))));
 
       return result;
     }
 
-    int64_t m_value;
+    __int128_t m_value;
 };
 
 /**

src/script/script_error.cpp

@@ -115,6 +115,8 @@ std::string ScriptErrorString(const ScriptError serror)
             return "Using OP_CODESEPARATOR in non-witness script";
         case SCRIPT_ERR_SIG_FINDANDDELETE:
             return "Signature is found in scriptCode";
+        case SCRIPT_ERR_ARITHMETIC64:
+            return "Arithmetic opcode error";
         case SCRIPT_ERR_UNKNOWN_ERROR:
         case SCRIPT_ERR_ERROR_COUNT:
         default: break;

src/script/script_error.h

@@ -82,7 +82,11 @@ typedef enum ScriptError_t
     SCRIPT_ERR_OP_CODESEPARATOR,
     SCRIPT_ERR_SIG_FINDANDDELETE,
 
-    SCRIPT_ERR_ERROR_COUNT
+    SCRIPT_ERR_ERROR_COUNT,
+
+    /* 64bit arithmetic opcode errors */
+    SCRIPT_ERR_ARITHMETIC64
+
 } ScriptError;
 
 #define SCRIPT_ERR_LAST SCRIPT_ERR_ERROR_COUNT

src/script/sign.h

@@ -13,6 +13,7 @@
 #include <script/interpreter.h>
 #include <script/keyorigin.h>
 #include <script/signingprovider.h>
+#include <script/sigversion.h>
 #include <uint256.h>
 
 class CKey;

src/script/sigversion.h

@@ -0,0 +1,11 @@
+#ifndef BITCOIN_SCRIPT_SIGVERSION_H
+#define BITCOIN_SCRIPT_SIGVERSION_H
+enum class SigVersion
+{
+    BASE = 0,        //!< Bare scripts and BIP16 P2SH-wrapped redeemscripts
+    WITNESS_V0 = 1,  //!< Witness v0 (P2WPKH and P2WSH); see BIP 141
+    TAPROOT = 2,     //!< Witness v1 with 32-byte program, not BIP16 P2SH-wrapped, key path spending; see BIP 341
+    TAPSCRIPT = 3,   //!< Witness v1 with 32-byte program, not BIP16 P2SH-wrapped, script path spending, leaf version 0xc0; see BIP 342
+    TAPSCRIPT_64BIT = 4, //!< Witness v1 with 32 byte program script path spending with 64bit arithmetic
+};
+#endif // BITCOIN_SCRIPT_SIGVERSION_H

src/test/script_tests.cpp

@@ -1700,8 +1700,9 @@ BOOST_AUTO_TEST_CASE(bip341_keypath_test_vectors)
             BOOST_CHECK_EQUAL(HexStr(sighash), input["intermediary"]["sigHash"].get_str());
 
             // To verify the sigmsg, hash the expected sigmsg, and compare it with the (expected) sighash.
-            BOOST_CHECK_EQUAL(HexStr((HashWriter{HASHER_TAPSIGHASH} << std::span<const uint8_t>{ParseHex(input["intermediary"]["sigMsg"].get_str())}).GetSHA256()), input["intermediary"]["sigHash"].get_str());
+            BOOST_CHECK_EQUAL(HexStr((HashWriter{HASHER_TAPSIGHASH} << Span{ParseHex(input["intermediary"]["sigMsg"].get_str())}).GetSHA256()), input["intermediary"]["sigHash"].get_str());
         }
+
     }
 }