A fix for transaction malleability
This PR fixes transaction malleability by not including the sigscript of transaction inputs and joinsplit sigs when hashing the txid.
This PR supercedes PR #1101 which was a minimal solution based on a new serialization flag.
This PR introduces GetTxid() to distinguish between getting a transaction id and the double sha256 hash.
The key changes are:
- Adding GetTxid() method to CTransaction which makes a copy of the transaction, clearing out the sigscript and joinsplitsig fields, before hashing.
- Verifying that every call to GetHash() actually wants a txid, and replacing with GetTxid().
- Renaming GetHash() to GetSerializeHash()
- Rationale: In future, upstream code we want to merge will use GetHash() but we don't know the intent. We should check to see if the intent is to receive a txid (most likely) in which case we replace with GetTxid(), or if upstream actually wants a double hash of the transaction we can use GetSerializeHash().
- Updated genesis data in chainparams.cpp
Note that coinbase transactions are excluded as they need the sigscript hashed to help avoid duplicate txids per BIP34:
- This modification is related to a question from @ebfull on PR #1101 - "Can we think of a way this change allows us to construct two transactions with the same txid which can simultaneously appear in the blockchain? My guess is it would be possible to construct a coinbase transaction of such a form... this surely breaks invariants."
This PR Passes all tests in test_bitcoin (test data was updated in bloom_tests, miner_tests and script_tests).
Remove the assumption that n/(k+1) is a multiple of 8
This version works, but generates the initial rows in a way that is probably
not what we want to specify.
Closes#1148
This version works, but generates the initial rows in a way that is not what we
want to specify. See #1175 for resolving this.
Co-author: Daira Hopwood <daira@jacaranda.org>
[WIP] Add more commands to run unit tests under valgrind.
This runs both zcash-gtest and test_bitcoin under valgrind. There's a corresponding PR to the buildbot config https://github.com/Electric-Coin-Company/bbotzc/pull/23. Closes#761.
Extend try catch block around call to libsnark verifier
As discussed in #1126.
@daira Per your [comment](https://github.com/zcash/zcash/pull/1126#issuecomment-234714939):
> I would like assertion errors during tests to cause a test failure (unless the test explicitly expects them). Can we split this into verify and verify_internal, where the former does the try/catch around a call to verify_internal, and the latter is called by verification unit tests?
Did you mean move everything inside the extended try/catch to verify_internal, or just the call to r1cs_ppzksnark_verifier_strong_IC?
When pulling from upstream we are now forced to examine GetHash() usage
and replace with GetSerializeHash() if the caller wants a double SHA256
hash, or with GetTxid() if the caller wants a transaction id.
Remove more from libsnark, and fix potential remote-DoS.
See https://github.com/zcash/libsnark/pull/1 as well.
[`59adbef`](59adbefcc8) removes a remote-DoS that can occur if proofs are not well-formed.
[`e3779f9`](e3779f9049) removes more files that we do not need from libsnark.
[`11242d8`](11242d8afe) replaces assertions that could be triggered by our verifier with exceptions.
Here in Zcash, we catch all exceptions from the verifier and return false.
Closes#459, Closes#69