void sha256_tx_for_sig(struct sha256_double *h, const struct bitcoin_tx *tx, unsigned int input_num, enum sighash_type stype, const u8 *witness_script) { size_t i; struct sha256_ctx ctx = SHA256_INIT; /* We only support this. */ assert(stype == SIGHASH_ALL); /* Caller should zero-out other scripts for signing! */ assert(input_num < tx->input_count); for (i = 0; i < tx->input_count; i++) if (i != input_num) assert(tx->input[i].script_length == 0); if (witness_script) { /* BIP143 hashing if OP_CHECKSIG is inside witness. */ hash_for_segwit(&ctx, tx, input_num, witness_script); } else { /* Otherwise signature hashing never includes witness. */ add_tx(tx, add_sha, &ctx, false); } sha256_le32(&ctx, stype); sha256_double_done(&ctx, h); }
/* Only does SIGHASH_ALL */ static void sha256_tx_one_input(struct bitcoin_tx *tx, size_t input_num, const u8 *script, size_t script_len, struct sha256_double *hash) { struct sha256_ctx ctx = SHA256_INIT; size_t i; assert(input_num < tx->input_count); /* You must have all inputs zeroed to start. */ for (i = 0; i < tx->input_count; i++) assert(tx->input[i].script_length == 0); tx->input[input_num].script_length = script_len; tx->input[input_num].script = cast_const(u8 *, script); sha256_init(&ctx); sha256_tx_for_sig(&ctx, tx, input_num); sha256_le32(&ctx, SIGHASH_ALL); sha256_double_done(&ctx, hash); /* Reset it for next time. */ tx->input[input_num].script_length = 0; tx->input[input_num].script = NULL; }
void bitcoin_txid(const struct bitcoin_tx *tx, struct sha256_double *txid) { struct sha256_ctx ctx = SHA256_INIT; /* For TXID, we never use extended form. */ add_tx(tx, add_sha, &ctx, false); sha256_double_done(&ctx, txid); }
/* If the sighash type is neither SINGLE nor NONE, hashOutputs is the * double SHA256 of the serialization of all output value (8-byte * little endian) with scriptPubKey (varInt for the length + * script); */ static void hash_outputs(struct sha256_double *h, const struct bitcoin_tx *tx) { struct sha256_ctx ctx; size_t i; sha256_init(&ctx); for (i = 0; i < tal_count(tx->output); i++) { push_le64(tx->output[i].amount, push_sha, &ctx); push_varint_blob(tx->output[i].script, push_sha, &ctx); } sha256_double_done(&ctx, h); }
static void hash_sequence(struct sha256_double *h, const struct bitcoin_tx *tx) { struct sha256_ctx ctx; size_t i; /* BIP143: If none of the ANYONECANPAY, SINGLE, NONE sighash type * is set, hashSequence is the double SHA256 of the serialization * of nSequence of all inputs */ sha256_init(&ctx); for (i = 0; i < tx->input_count; i++) add_le32(tx->input[i].sequence_number, add_sha, &ctx); sha256_double_done(&ctx, h); }
/* If the sighash type is neither SINGLE nor NONE, hashOutputs is the * double SHA256 of the serialization of all output value (8-byte * little endian) with scriptPubKey (varInt for the length + * script); */ static void hash_outputs(struct sha256_double *h, const struct bitcoin_tx *tx) { struct sha256_ctx ctx; size_t i; sha256_init(&ctx); for (i = 0; i < tx->output_count; i++) { add_le64(tx->output[i].amount, add_sha, &ctx); add_varint_blob(tx->output[i].script, tx->output[i].script_length, add_sha, &ctx); } sha256_double_done(&ctx, h); }
static void hash_prevouts(struct sha256_double *h, const struct bitcoin_tx *tx) { struct sha256_ctx ctx; size_t i; /* BIP143: If the ANYONECANPAY flag is not set, hashPrevouts is the * double SHA256 of the serialization of all input * outpoints */ sha256_init(&ctx); for (i = 0; i < tx->input_count; i++) { add_sha(&tx->input[i].txid, sizeof(tx->input[i].txid), &ctx); add_le32(tx->input[i].index, add_sha, &ctx); } sha256_double_done(&ctx, h); }