Struct bitcoin::sighash::SighashCache

pub struct SighashCache<T: Borrow<Transaction>> { /* private fields */ }

Efficiently calculates signature hash message for legacy, segwit and taproot inputs.

Implementations

impl<R: Borrow<Transaction>> SighashCache<R>

pub fn new(tx: R) -> Self

Constructs a new SighashCache from an unsigned transaction.

The sighash components are computed in a lazy manner when required. For the generated sighashes to be valid, no fields in the transaction may change except for script_sig and witness.

pub fn transaction(&self) -> &Transaction

Returns the reference to the cached transaction.

pub fn into_transaction(self) -> R

Destroys the cache and recovers the stored transaction.

pub fn taproot_encode_signing_data_to<Write: Write, T: Borrow<TxOut>>( &mut self, writer: Write, input_index: usize, prevouts: &Prevouts<'_, T>, annex: Option<Annex<'_>>, leaf_hash_code_separator: Option<(TapLeafHash, u32)>, sighash_type: TapSighashType ) -> Result<(), Error>

Encodes the BIP341 signing data for any flag type into a given object implementing a io::Write trait.

pub fn taproot_signature_hash<T: Borrow<TxOut>>( &mut self, input_index: usize, prevouts: &Prevouts<'_, T>, annex: Option<Annex<'_>>, leaf_hash_code_separator: Option<(TapLeafHash, u32)>, sighash_type: TapSighashType ) -> Result<TapSighash, Error>

Computes the BIP341 sighash for any flag type.

pub fn taproot_key_spend_signature_hash<T: Borrow<TxOut>>( &mut self, input_index: usize, prevouts: &Prevouts<'_, T>, sighash_type: TapSighashType ) -> Result<TapSighash, Error>

Computes the BIP341 sighash for a key spend.

pub fn taproot_script_spend_signature_hash<S: Into<TapLeafHash>, T: Borrow<TxOut>>( &mut self, input_index: usize, prevouts: &Prevouts<'_, T>, leaf_hash: S, sighash_type: TapSighashType ) -> Result<TapSighash, Error>

Computes the BIP341 sighash for a script spend.

Assumes the default OP_CODESEPARATOR position of 0xFFFFFFFF. Custom values can be provided through the more fine-grained API of SighashCache::taproot_encode_signing_data_to.

pub fn segwit_encode_signing_data_to<Write: Write>( &mut self, writer: Write, input_index: usize, script_code: &Script, value: Amount, sighash_type: EcdsaSighashType ) -> Result<(), Error>

👎Deprecated since 0.31.0: use segwit_v0_encode_signing_data_to instead

Encodes the BIP143 signing data for any flag type into a given object implementing a std::io::Write trait.

pub fn segwit_v0_encode_signing_data_to<Write: Write>( &mut self, writer: Write, input_index: usize, script_code: &Script, value: Amount, sighash_type: EcdsaSighashType ) -> Result<(), Error>

Encodes the BIP143 signing data for any flag type into a given object implementing a std::io::Write trait.

script_code is dependent on the type of the spend transaction. For p2wpkh use Script::p2wpkh_script_code, for p2wsh just pass in the witness script. (Also see Self::p2wpkh_signature_hash and SighashCache::p2wsh_signature_hash.)

pub fn segwit_signature_hash( &mut self, input_index: usize, script_code: &Script, value: Amount, sighash_type: EcdsaSighashType ) -> Result<SegwitV0Sighash, Error>

👎Deprecated since 0.31.0: use (p2wpkh|p2wsh)_signature_hash instead

Computes the BIP143 sighash for any flag type.

pub fn p2wpkh_signature_hash( &mut self, input_index: usize, script_pubkey: &Script, value: Amount, sighash_type: EcdsaSighashType ) -> Result<SegwitV0Sighash, Error>

Computes the BIP143 sighash to spend a p2wpkh transaction for any flag type.

script_pubkey is the scriptPubkey (native segwit) of the spend transaction (TxOut::script_pubkey) or the redeemScript (wrapped segwit).

pub fn p2wsh_signature_hash( &mut self, input_index: usize, witness_script: &Script, value: Amount, sighash_type: EcdsaSighashType ) -> Result<SegwitV0Sighash, Error>

Computes the BIP143 sighash to spend a p2wsh transaction for any flag type.

pub fn legacy_encode_signing_data_to<Write: Write, U: Into<u32>>( &self, writer: Write, input_index: usize, script_pubkey: &Script, sighash_type: U ) -> EncodeSigningDataResult<Error>

Encodes the legacy signing data from which a signature hash for a given input index with a given sighash flag can be computed.

To actually produce a scriptSig, this hash needs to be run through an ECDSA signer, the EcdsaSighashType appended to the resulting sig, and a script written around this, but this is the general (and hard) part.

The sighash_type supports an arbitrary u32 value, instead of just EcdsaSighashType, because internally 4 bytes are being hashed, even though only the lowest byte is appended to signature in a transaction.

Warning

• Does NOT attempt to support OP_CODESEPARATOR. In general this would require evaluating script_pubkey to determine which separators get evaluated and which don’t, which we don’t have the information to determine.
• Does NOT handle the sighash single bug (see “Return type” section)

Returns

This function can’t handle the SIGHASH_SINGLE bug internally, so it returns EncodeSigningDataResult that must be handled by the caller (see EncodeSigningDataResult::is_sighash_single_bug).

pub fn legacy_signature_hash( &self, input_index: usize, script_pubkey: &Script, sighash_type: u32 ) -> Result<LegacySighash, Error>

Computes a legacy signature hash for a given input index with a given sighash flag.

To actually produce a scriptSig, this hash needs to be run through an ECDSA signer, the EcdsaSighashType appended to the resulting sig, and a script written around this, but this is the general (and hard) part.

The sighash_type supports an arbitrary u32 value, instead of just EcdsaSighashType, because internally 4 bytes are being hashed, even though only the lowest byte is appended to signature in a transaction.

This function correctly handles the sighash single bug by returning the ‘one array’. The sighash single bug becomes exploitable when one tries to sign a transaction with SIGHASH_SINGLE and there is not a corresponding output with the same index as the input.

Warning

Does NOT attempt to support OP_CODESEPARATOR. In general this would require evaluating script_pubkey to determine which separators get evaluated and which don’t, which we don’t have the information to determine.

impl<R: BorrowMut<Transaction>> SighashCache<R>

pub fn witness_mut(&mut self, input_index: usize) -> Option<&mut Witness>

When the SighashCache is initialized with a mutable reference to a transaction instead of a regular reference, this method is available to allow modification to the witnesses.

This allows in-line signing such as

use bitcoin::{absolute, transaction, Amount, Transaction, Script};
use bitcoin::sighash::{EcdsaSighashType, SighashCache};

let mut tx_to_sign = Transaction { version: transaction::Version::TWO, lock_time: absolute::LockTime::ZERO, input: Vec::new(), output: Vec::new() };
let input_count = tx_to_sign.input.len();

let mut sig_hasher = SighashCache::new(&mut tx_to_sign);
for inp in 0..input_count {
    let prevout_script = Script::new();
    let _sighash = sig_hasher.segwit_signature_hash(inp, prevout_script, Amount::ONE_SAT, EcdsaSighashType::All);
    // ... sign the sighash
    sig_hasher.witness_mut(inp).unwrap().push(&Vec::new());
}

Trait Implementations

impl<T: Debug + Borrow<Transaction>> Debug for SighashCache<T>

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.