void sha256_tx_for_sig(struct sha256_double *h, const struct bitcoin_tx *tx,
unsigned int input_num, enum sighash_type stype,
const u8 *witness_script)
{
size_t i;
struct sha256_ctx ctx = SHA256_INIT;
/* We only support this. */
assert(stype == SIGHASH_ALL);
/* Caller should zero-out other scripts for signing! */
assert(input_num < tx->input_count);
for (i = 0; i < tx->input_count; i++)
if (i != input_num)
assert(tx->input[i].script_length == 0);
if (witness_script) {
/* BIP143 hashing if OP_CHECKSIG is inside witness. */
hash_for_segwit(&ctx, tx, input_num, witness_script);
} else {
/* Otherwise signature hashing never includes witness. */
add_tx(tx, add_sha, &ctx, false);
}
sha256_le32(&ctx, stype);
sha256_double_done(&ctx, h);
}
/* Only does SIGHASH_ALL */
static void sha256_tx_one_input(struct bitcoin_tx *tx,
size_t input_num,
const u8 *script, size_t script_len,
struct sha256_double *hash)
{
struct sha256_ctx ctx = SHA256_INIT;
size_t i;
assert(input_num < tx->input_count);
/* You must have all inputs zeroed to start. */
for (i = 0; i < tx->input_count; i++)
assert(tx->input[i].script_length == 0);
tx->input[input_num].script_length = script_len;
tx->input[input_num].script = cast_const(u8 *, script);
sha256_init(&ctx);
sha256_tx_for_sig(&ctx, tx, input_num);
sha256_le32(&ctx, SIGHASH_ALL);
sha256_double_done(&ctx, hash);
/* Reset it for next time. */
tx->input[input_num].script_length = 0;
tx->input[input_num].script = NULL;
}
void bitcoin_txid(const struct bitcoin_tx *tx, struct sha256_double *txid)
{
struct sha256_ctx ctx = SHA256_INIT;
/* For TXID, we never use extended form. */
add_tx(tx, add_sha, &ctx, false);
sha256_double_done(&ctx, txid);
}
/* If the sighash type is neither SINGLE nor NONE, hashOutputs is the
* double SHA256 of the serialization of all output value (8-byte
* little endian) with scriptPubKey (varInt for the length +
* script); */
static void hash_outputs(struct sha256_double *h, const struct bitcoin_tx *tx)
{
struct sha256_ctx ctx;
size_t i;
sha256_init(&ctx);
for (i = 0; i < tal_count(tx->output); i++) {
push_le64(tx->output[i].amount, push_sha, &ctx);
push_varint_blob(tx->output[i].script, push_sha, &ctx);
}
sha256_double_done(&ctx, h);
}
static void hash_sequence(struct sha256_double *h, const struct bitcoin_tx *tx)
{
struct sha256_ctx ctx;
size_t i;
/* BIP143: If none of the ANYONECANPAY, SINGLE, NONE sighash type
* is set, hashSequence is the double SHA256 of the serialization
* of nSequence of all inputs */
sha256_init(&ctx);
for (i = 0; i < tx->input_count; i++)
add_le32(tx->input[i].sequence_number, add_sha, &ctx);
sha256_double_done(&ctx, h);
}
/* If the sighash type is neither SINGLE nor NONE, hashOutputs is the
* double SHA256 of the serialization of all output value (8-byte
* little endian) with scriptPubKey (varInt for the length +
* script); */
static void hash_outputs(struct sha256_double *h, const struct bitcoin_tx *tx)
{
struct sha256_ctx ctx;
size_t i;
sha256_init(&ctx);
for (i = 0; i < tx->output_count; i++) {
add_le64(tx->output[i].amount, add_sha, &ctx);
add_varint_blob(tx->output[i].script,
tx->output[i].script_length,
add_sha, &ctx);
}
sha256_double_done(&ctx, h);
}
static void hash_prevouts(struct sha256_double *h, const struct bitcoin_tx *tx)
{
struct sha256_ctx ctx;
size_t i;
/* BIP143: If the ANYONECANPAY flag is not set, hashPrevouts is the
* double SHA256 of the serialization of all input
* outpoints */
sha256_init(&ctx);
for (i = 0; i < tx->input_count; i++) {
add_sha(&tx->input[i].txid, sizeof(tx->input[i].txid), &ctx);
add_le32(tx->input[i].index, add_sha, &ctx);
}
sha256_double_done(&ctx, h);
}
