|
|
|
|
// Copyright (c) 2009-2010 Satoshi Nakamoto
|
|
|
|
|
// Copyright (c) 2009-2016 The Bitcoin Core developers
|
|
|
|
|
// Distributed under the MIT software license, see the accompanying
|
|
|
|
|
// file COPYING or http://www.opensource.org/licenses/mit-license.php.
|
|
|
|
|
|
|
|
|
|
#include "sigcache.h"
|
|
|
|
|
|
|
|
|
|
#include "memusage.h"
|
|
|
|
|
#include "pubkey.h"
|
|
|
|
|
#include "random.h"
|
|
|
|
|
#include "uint256.h"
|
|
|
|
|
#include "util.h"
|
|
|
|
|
|
|
|
|
|
#include "cuckoocache.h"
|
|
|
|
|
#include <boost/thread.hpp>
|
|
|
|
|
|
|
|
|
|
namespace {
|
|
|
|
|
/**
|
|
|
|
|
* Valid signature cache, to avoid doing expensive ECDSA signature checking
|
|
|
|
|
* twice for every transaction (once when accepted into memory pool, and
|
|
|
|
|
* again when accepted into the block chain)
|
|
|
|
|
*/
|
|
|
|
|
class CSignatureCache
|
|
|
|
|
{
|
|
|
|
|
private:
|
|
|
|
|
//! Entries are SHA256(nonce || signature hash || public key || signature):
|
|
|
|
|
uint256 nonce;
|
|
|
|
|
typedef CuckooCache::cache<uint256, SignatureCacheHasher> map_type;
|
|
|
|
|
map_type setValid;
|
|
|
|
|
boost::shared_mutex cs_sigcache;
|
|
|
|
|
|
|
|
|
|
public:
|
|
|
|
|
CSignatureCache()
|
|
|
|
|
{
|
|
|
|
|
GetRandBytes(nonce.begin(), 32);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void
|
|
|
|
|
ComputeEntry(uint256& entry, const uint256 &hash, const std::vector<unsigned char>& vchSig, const CPubKey& pubkey)
|
|
|
|
|
{
|
|
|
|
|
CSHA256().Write(nonce.begin(), 32).Write(hash.begin(), 32).Write(&pubkey[0], pubkey.size()).Write(&vchSig[0], vchSig.size()).Finalize(entry.begin());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
bool
|
|
|
|
|
Get(const uint256& entry, const bool erase)
|
|
|
|
|
{
|
|
|
|
|
boost::shared_lock<boost::shared_mutex> lock(cs_sigcache);
|
|
|
|
|
return setValid.contains(entry, erase);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void Set(uint256& entry)
|
|
|
|
|
{
|
|
|
|
|
boost::unique_lock<boost::shared_mutex> lock(cs_sigcache);
|
|
|
|
|
setValid.insert(entry);
|
|
|
|
|
}
|
|
|
|
|
uint32_t setup_bytes(size_t n)
|
|
|
|
|
{
|
|
|
|
|
return setValid.setup_bytes(n);
|
|
|
|
|
}
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
/* In previous versions of this code, signatureCache was a local static variable
|
|
|
|
|
* in CachingTransactionSignatureChecker::VerifySignature. We initialize
|
|
|
|
|
* signatureCache outside of VerifySignature to avoid the atomic operation per
|
|
|
|
|
* call overhead associated with local static variables even though
|
|
|
|
|
* signatureCache could be made local to VerifySignature.
|
|
|
|
|
*/
|
|
|
|
|
static CSignatureCache signatureCache;
|
|
|
|
|
} // namespace
|
|
|
|
|
|
|
|
|
|
// To be called once in AppInitMain/BasicTestingSetup to initialize the
|
|
|
|
|
// signatureCache.
|
|
|
|
|
void InitSignatureCache()
|
|
|
|
|
{
|
|
|
|
|
// nMaxCacheSize is unsigned. If -maxsigcachesize is set to zero,
|
|
|
|
|
// setup_bytes creates the minimum possible cache (2 elements).
|
Cache full script execution results in addition to signatures
This adds a new CuckooCache in validation, caching whether all of a
transaction's scripts were valid with a given set of script flags.
Unlike previous attempts at caching an entire transaction's
validity, which have nearly universally introduced consensus
failures, this only caches the validity of a transaction's
scriptSigs. As these are pure functions of the transaction and
data it commits to, this should be much safer.
This is somewhat duplicative with the sigcache, as entries in the
new cache will also have several entries in the sigcache. However,
the sigcache is kept both as ATMP relies on it and because it
prevents malleability-based DoS attacks on the new higher-level
cache. Instead, the -sigcachesize option is re-used - cutting the
sigcache size in half and using the newly freed memory for the
script execution cache.
Transactions which match the script execution cache never even have
entries in the script check thread's workqueue created.
Note that the cache is indexed only on the script execution flags
and the transaction's witness hash. While this is sufficient to
make the CScriptCheck() calls pure functions, this introduces
dependancies on the mempool calculating things such as the
PrecomputedTransactionData object, filling the CCoinsViewCache, etc
in the exact same way as ConnectBlock. I belive this is a reasonable
assumption, but should be noted carefully.
In a rather naive benchmark (reindex-chainstate up to block 284k
with cuckoocache always returning true for contains(),
-assumevalid=0 and a very large dbcache), this connected blocks
~1.7x faster.
8 years ago
|
|
|
size_t nMaxCacheSize = std::min(std::max((int64_t)0, GetArg("-maxsigcachesize", DEFAULT_MAX_SIG_CACHE_SIZE) / 2), MAX_MAX_SIG_CACHE_SIZE) * ((size_t) 1 << 20);
|
|
|
|
|
size_t nElems = signatureCache.setup_bytes(nMaxCacheSize);
|
|
|
|
|
LogPrintf("Using %zu MiB out of %zu/2 requested for signature cache, able to store %zu elements\n",
|
|
|
|
|
(nElems*sizeof(uint256)) >>20, (nMaxCacheSize*2)>>20, nElems);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
bool CachingTransactionSignatureChecker::VerifySignature(const std::vector<unsigned char>& vchSig, const CPubKey& pubkey, const uint256& sighash) const
|
|
|
|
|
{
|
|
|
|
|
uint256 entry;
|
|
|
|
|
signatureCache.ComputeEntry(entry, sighash, vchSig, pubkey);
|
|
|
|
|
if (signatureCache.Get(entry, !store))
|
|
|
|
|
return true;
|
|
|
|
|
if (!TransactionSignatureChecker::VerifySignature(vchSig, pubkey, sighash))
|
|
|
|
|
return false;
|
|
|
|
|
if (store)
|
|
|
|
|
signatureCache.Set(entry);
|
|
|
|
|
return true;
|
|
|
|
|
}
|
