core: Add PrecomputedTransactionData

CHANGELOG.md

@@ -7,6 +7,13 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+### Added
+- Added a `PrecomputedTransactionData` struct for holding transaction hashes required for script verification. It may be initialized with and without an array of outputs spent by the transaction. If no outputs are passed, no taproot verification is possible.
+
+### Changed
+- Updated to latest libbitcoinkernel-sys with btck_PrecomputedTransactionData` changes.
+- The `verify` function now takes a `PrecomputedTransactionData` instead of an array of outputs spent by the transaction. The user is now always required to pass this struct to the function. This is done to encourage its use and protect against quadratic hashing costs.
+
 ## [0.1.1] - 2025-24-11
 
 ### Fixed

fuzz/fuzz_targets/script_verify.rs

@@ -4,7 +4,8 @@ use arbitrary::Arbitrary;
 use libfuzzer_sys::fuzz_target;
 
 use bitcoinkernel::{
-    verify, KernelError, ScriptPubkey, ScriptVerifyError, Transaction, TxOut, VERIFY_WITNESS,
+    verify::{verify, PrecomputedTransactionData},
+    KernelError, ScriptPubkey, ScriptVerifyError, Transaction, TxOut, VERIFY_WITNESS,
 };
 
 #[derive(Debug, Arbitrary)]
@@ -41,13 +42,19 @@ fuzz_target!(|data: VerifyInput| {
         return;
     };
 
+    let tx_data = if let Ok(res) = PrecomputedTransactionData::new(&transaction, &spent_outputs) {
+        res
+    } else {
+        return;
+    };
+
     let res = verify(
         &script_pubkey,
         data.amount,
         &transaction,
         data.input_index,
         data.flags,
-        &spent_outputs,
+        &tx_data,
     );
 
     match res {

libbitcoinkernel-sys/CHANGELOG.md

@@ -9,9 +9,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Added
 - New `btck_block_tree_entry_equals` function for comparing BlockTreeEntry objects (096924d39d64)
+- New `btck_PrecomputedTransactionData` object for holding transaction hashes required when validating scripts (eb0594e23f0c)
 
 ### Changed
 - `data_directory` and `blocks_directory` parameters in `btck_chainstate_manager_options_create` now allow null values to represent empty paths (6657bcbdb4d0)
+- `btck_script_pubkey_verify` now takes a `btck_PrecomputedTransactionData` instead of an array of outputs for verifying taproot outputs (eb0594e23f0c)
 
 ## [0.1.1] - 2025-24-11
 

libbitcoinkernel-sys/bitcoin/.github/workflows/ci.yml

@@ -30,7 +30,7 @@ defaults:
 
 jobs:
   runners:
-    name: 'determine runners'
+    name: '[meta] determine runners'
     runs-on: ubuntu-latest
     outputs:
       provider: ${{ steps.runners.outputs.provider }}
@@ -56,17 +56,17 @@ jobs:
           fi
 
   test-each-commit:
-    name: 'test each commit'
+    name: 'test max 6 ancestor commits'
     runs-on: ubuntu-24.04
     if: github.event_name == 'pull_request' && github.event.pull_request.commits != 1
     timeout-minutes: 360  # Use maximum time, see https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#jobsjob_idtimeout-minutes. Assuming a worst case time of 1 hour per commit, this leads to a --max-count=6 below.
     env:
-      MAX_COUNT: 6
+      MAX_COUNT: 6  # Keep in sync with name above
     steps:
       - name: Determine fetch depth
         run: echo "FETCH_DEPTH=$((${{ github.event.pull_request.commits }} + 2))" >> "$GITHUB_ENV"
       - *ANNOTATION_PR_NUMBER
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
         with:
           ref: ${{ github.event.pull_request.head.sha }}
           fetch-depth: ${{ env.FETCH_DEPTH }}
@@ -148,7 +148,7 @@ jobs:
 
       - &CHECKOUT
         name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
         with:
           # Ensure the latest merged pull request state is used, even on re-runs.
           ref: &CHECKOUT_REF_TMPL ${{ github.event_name == 'pull_request' && github.ref || '' }}
@@ -343,9 +343,23 @@ jobs:
         run: |
           py -3 test/fuzz/test_runner.py --par $NUMBER_OF_PROCESSORS --loglevel DEBUG "${RUNNER_TEMP}/qa-assets/fuzz_corpora"
 
+  record-frozen-commit:
+    # Record frozen commit, so that the native tests on cross-builds can run on
+    # the exact same commit id of the build.
+    name: '[meta] record frozen commit'
+    runs-on: ubuntu-latest
+    outputs:
+      commit: ${{ steps.record-commit.outputs.commit }}
+    steps:
+      - *ANNOTATION_PR_NUMBER
+      - *CHECKOUT
+      - name: Record commit
+        id: record-commit
+        run: echo "commit=$(git rev-parse HEAD)" >> "$GITHUB_OUTPUT"
+
   windows-cross:
     name: 'Windows-cross to x86_64, ${{ matrix.crt }}'
-    needs: runners
+    needs: [runners, record-frozen-commit]
     runs-on: ${{ needs.runners.outputs.provider == 'cirrus' && 'ghcr.io/cirruslabs/ubuntu-runner-amd64:24.04-sm' || 'ubuntu-24.04' }}
     if: ${{ vars.SKIP_BRANCH_PUSH != 'true' || github.event_name == 'pull_request' }}
 
@@ -368,7 +382,10 @@ jobs:
     steps:
       - *ANNOTATION_PR_NUMBER
 
-      - *CHECKOUT
+      - name: Checkout
+        uses: actions/checkout@v6
+        with:
+          ref: ${{ needs.record-frozen-commit.outputs.commit }}
 
       - name: Configure environment
         uses: ./.github/actions/configure-environment
@@ -402,7 +419,7 @@ jobs:
   windows-native-test:
     name: 'Windows, ${{ matrix.crt }}, test cross-built'
     runs-on: windows-2022
-    needs: windows-cross
+    needs: [windows-cross, record-frozen-commit]
 
     strategy:
       fail-fast: false
@@ -421,7 +438,10 @@ jobs:
     steps:
       - *ANNOTATION_PR_NUMBER
 
-      - *CHECKOUT
+      - name: Checkout
+        uses: actions/checkout@v6
+        with:
+          ref: ${{ needs.record-frozen-commit.outputs.commit }}
 
       - name: Download built executables
         uses: actions/download-artifact@v5
@@ -502,6 +522,12 @@ jobs:
       fail-fast: false
       matrix:
         include:
+          - name: 'iwyu'
+            cirrus-runner: 'ghcr.io/cirruslabs/ubuntu-runner-amd64:24.04-md'
+            fallback-runner: 'ubuntu-24.04'
+            timeout-minutes: 120
+            file-env: './ci/test/00_setup_env_native_iwyu.sh'
+
           - name: '32 bit ARM'
             cirrus-runner: 'ubuntu-24.04-arm' # Cirrus' Arm runners are Apple (with virtual Linux aarch64), which doesn't support 32-bit mode
             fallback-runner: 'ubuntu-24.04-arm'
@@ -637,7 +663,7 @@ jobs:
       - *ANNOTATION_PR_NUMBER
 
       - name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
         with:
           ref: *CHECKOUT_REF_TMPL
           fetch-depth: 0

libbitcoinkernel-sys/bitcoin/.gitignore

@@ -12,6 +12,7 @@
 
 # Only ignore unexpected patches
 *.patch
+!ci/test/*.patch
 !contrib/guix/patches/*.patch
 !depends/patches/**/*.patch
 

libbitcoinkernel-sys/bitcoin/ci/lint/01_install.sh

@@ -40,7 +40,6 @@ command -v python3
 python3 --version
 
 ${CI_RETRY_EXE} pip3 install \
-  codespell==2.4.1 \
   lief==0.16.6 \
   mypy==1.18.2 \
   pyzmq==27.1.0 \

libbitcoinkernel-sys/bitcoin/ci/test/00_setup_env_native_iwyu.sh

@@ -0,0 +1,25 @@
+#!/usr/bin/env bash
+#
+# Copyright (c) 2023-present The Bitcoin Core developers
+# Distributed under the MIT software license, see the accompanying
+# file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+export LC_ALL=C.UTF-8
+
+export CI_IMAGE_NAME_TAG="mirror.gcr.io/debian:trixie"  # To build codegen, CMake must be 3.31 or newer.
+export CONTAINER_NAME=ci_native_iwyu
+export TIDY_LLVM_V="21"
+export APT_LLVM_V="${TIDY_LLVM_V}"
+export PACKAGES="clang-${TIDY_LLVM_V} clang-format-${TIDY_LLVM_V} libclang-${TIDY_LLVM_V}-dev llvm-${TIDY_LLVM_V}-dev jq libevent-dev libboost-dev libzmq3-dev systemtap-sdt-dev qt6-base-dev qt6-tools-dev qt6-l10n-tools libqrencode-dev libsqlite3-dev libcapnp-dev capnproto"
+export NO_DEPENDS=1
+export RUN_UNIT_TESTS=false
+export RUN_FUNCTIONAL_TESTS=false
+export RUN_FUZZ_TESTS=false
+export RUN_CHECK_DEPS=false
+export RUN_IWYU=true
+export GOAL="codegen"
+export BITCOIN_CONFIG="\
+ --preset dev-mode -DBUILD_GUI=OFF \
+ -DCMAKE_C_COMPILER=clang-${TIDY_LLVM_V} \
+ -DCMAKE_CXX_COMPILER=clang++-${TIDY_LLVM_V} \
+"

libbitcoinkernel-sys/bitcoin/ci/test/00_setup_env_win64.sh

@@ -9,7 +9,6 @@ export LC_ALL=C.UTF-8
 export CONTAINER_NAME=ci_win64
 export CI_IMAGE_NAME_TAG="mirror.gcr.io/debian:trixie"  # Check that https://packages.debian.org/trixie/g++-mingw-w64-ucrt64 can cross-compile
 export HOST=x86_64-w64-mingw32ucrt
-export DEP_OPTS="CC=${HOST}-gcc CXX=${HOST}-g++"
 export PACKAGES="g++-mingw-w64-ucrt64 nsis"
 export RUN_UNIT_TESTS=false
 export RUN_FUNCTIONAL_TESTS=false

libbitcoinkernel-sys/bitcoin/ci/test/01_base_install.sh

@@ -79,8 +79,9 @@ if [[ -n "${USE_INSTRUMENTED_LIBCPP}" ]]; then
   rm -rf /llvm-project
 fi
 
-if [[ "${RUN_TIDY}" == "true" ]]; then
+if [[ "${RUN_IWYU}" == true ]]; then
   ${CI_RETRY_EXE} git clone --depth=1 https://github.com/include-what-you-use/include-what-you-use -b clang_"${TIDY_LLVM_V}" /include-what-you-use
+  (cd /include-what-you-use && patch -p1 < /ci_container_base/ci/test/01_iwyu.patch)
   cmake -B /iwyu-build/ -G 'Unix Makefiles' -DCMAKE_PREFIX_PATH=/usr/lib/llvm-"${TIDY_LLVM_V}" -S /include-what-you-use
   make -C /iwyu-build/ install "$MAKEJOBS"
 fi