Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

how to calculate p2wsh signature? #1459

Open
wujing2019 opened this issue Jul 29, 2019 · 0 comments
Open

how to calculate p2wsh signature? #1459

wujing2019 opened this issue Jul 29, 2019 · 0 comments

Comments

@wujing2019
Copy link

I read bip 143, it told us how to calculate p2wsh signature:
A new transaction digest algorithm is defined, but only applicable to sigops in version 0 witness program
Double SHA256 of the serialization of:
1. nVersion of the transaction (4-byte little endian)
2. hashPrevouts (32-byte hash)
3. hashSequence (32-byte hash)
4. outpoint (32-byte hash + 4-byte little endian)
5. scriptCode of the input (serialized as scripts inside CTxOuts)
6. value of the output spent by this input (8-byte little endian)
7. nSequence of the input (4-byte little endian)
8. hashOutputs (32-byte hash)
9. nLocktime of the transaction (4-byte little endian)
10. sighash type of the signature (4-byte little endian)

The item 5:

For P2WPKH witness program, the scriptCode is 0x1976a914{20-byte-pubkey-hash}88ac.
For P2WSH witness program,
if the witnessScript does not contain any OP_CODESEPARATOR, the scriptCode is the witnessScript serialized as scripts inside CTxOut.
if the witnessScript contains any OP_CODESEPARATOR, the scriptCode is the witnessScript but removing everything up to and including the last executed OP_CODESEPARATOR before the signature checking opcode being executed, serialized as scripts inside CTxOut. (The exact semantics is demonstrated in the examples below)

I didn't understand the description about how to calculate scriptCode above, so I found out the function "calcWitnessSignatureHash" and saw the code below:

if isWitnessPubKeyHash(subScript) {
	// The script code for a p2wkh is a length prefix varint for
	// the next 25 bytes, followed by a re-creation of the original
	// p2pkh pk script.
	sigHash.Write([]byte{0x19})
	sigHash.Write([]byte{OP_DUP})
	sigHash.Write([]byte{OP_HASH160})
	sigHash.Write([]byte{OP_DATA_20})
	sigHash.Write(subScript[1].data)
	sigHash.Write([]byte{OP_EQUALVERIFY})
	sigHash.Write([]byte{OP_CHECKSIG})
} else {
	// For p2wsh outputs, and future outputs, the script code is
	// the original script, with all code separators removed,
	// serialized with a var int length prefix.
	rawScript, _ := unparseScript(subScript)
	wire.WriteVarBytes(&sigHash, 0, rawScript)
}

It seems different from the discription in bip143.
Did btcd implement the discription of "For P2WSH witness program..." in bip143?
If did, which function I could find the logic?
thanks a lot.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@wujing2019