|
|
|
'use strict';
|
|
|
|
|
|
|
|
var _ = require('lodash');
|
|
|
|
|
|
|
|
var Script = require('./script');
|
|
|
|
var Opcode = require('./opcode');
|
|
|
|
var BN = require('./crypto/bn');
|
|
|
|
var Hash = require('./crypto/hash');
|
|
|
|
var BufferReader = require('./encoding/bufferreader');
|
|
|
|
var BufferWriter = require('./encoding/bufferwriter');
|
|
|
|
var Signature = require('./crypto/signature');
|
|
|
|
var PublicKey = require('./publickey');
|
|
|
|
var Transaction = require('./transaction');
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Bitcoin transactions contain scripts. Each input has a script called the
|
|
|
|
* scriptSig, and each output has a script called the scriptPubkey. To validate
|
|
|
|
* an input, the input's script is concatenated with the referenced output script,
|
|
|
|
* and the result is executed. If at the end of execution the stack contains a
|
|
|
|
* "true" value, then the transaction is valid.
|
|
|
|
*
|
|
|
|
* The primary way to use this class is via the verify function.
|
|
|
|
* e.g., ScriptInterpreter().verify( ... );
|
|
|
|
*/
|
|
|
|
var ScriptInterpreter = function ScriptInterpreter(obj) {
|
|
|
|
if (!(this instanceof ScriptInterpreter)) {
|
|
|
|
return new ScriptInterpreter(obj);
|
|
|
|
}
|
|
|
|
if (obj) {
|
|
|
|
this.initialize();
|
|
|
|
this.set(obj);
|
|
|
|
} else {
|
|
|
|
this.initialize();
|
|
|
|
}
|
|
|
|
};
|
|
|
|
|
|
|
|
module.exports = ScriptInterpreter;
|
|
|
|
|
|
|
|
ScriptInterpreter.prototype.initialize = function(obj) {
|
|
|
|
this.stack = [];
|
|
|
|
this.altstack = [];
|
|
|
|
this.pc = 0;
|
|
|
|
this.pbegincodehash = 0;
|
|
|
|
this.nOpCount = 0;
|
|
|
|
this.vfExec = [];
|
|
|
|
this.errstr = '';
|
|
|
|
this.flags = 0;
|
|
|
|
};
|
|
|
|
|
|
|
|
ScriptInterpreter.prototype.set = function(obj) {
|
|
|
|
this.script = obj.script || this.script;
|
|
|
|
this.tx = obj.tx || this.tx;
|
|
|
|
this.nin = typeof obj.nin !== 'undefined' ? obj.nin : this.nin;
|
|
|
|
this.stack = obj.stack || this.stack;
|
|
|
|
this.altstack = obj.altack || this.altstack;
|
|
|
|
this.pc = typeof obj.pc !== 'undefined' ? obj.pc : this.pc;
|
|
|
|
this.pbegincodehash = typeof obj.pbegincodehash !== 'undefined' ? obj.pbegincodehash : this.pbegincodehash;
|
|
|
|
this.nOpCount = typeof obj.nOpCount !== 'undefined' ? obj.nOpCount : this.nOpCount;
|
|
|
|
this.vfExec = obj.vfExec || this.vfExec;
|
|
|
|
this.errstr = obj.errstr || this.errstr;
|
|
|
|
this.flags = typeof obj.flags !== 'undefined' ? obj.flags : this.flags;
|
|
|
|
};
|
|
|
|
|
|
|
|
ScriptInterpreter.true = new Buffer([1]);
|
|
|
|
ScriptInterpreter.false = new Buffer([]);
|
|
|
|
|
|
|
|
ScriptInterpreter.MAX_SCRIPT_ELEMENT_SIZE = 520;
|
|
|
|
|
|
|
|
// flags taken from bitcoind
|
|
|
|
// bitcoind commit: b5d1b1092998bc95313856d535c632ea5a8f9104
|
|
|
|
ScriptInterpreter.SCRIPT_VERIFY_NONE = 0;
|
|
|
|
|
|
|
|
// Evaluate P2SH subscripts (softfork safe, BIP16).
|
|
|
|
ScriptInterpreter.SCRIPT_VERIFY_P2SH = (1 << 0);
|
|
|
|
|
|
|
|
// Passing a non-strict-DER signature or one with undefined hashtype to a checksig operation causes script failure.
|
|
|
|
// Passing a pubkey that is not (0x04 + 64 bytes) or (0x02 or 0x03 + 32 bytes) to checksig causes that pubkey to be
|
|
|
|
// skipped (not softfork safe: this flag can widen the validity of OP_CHECKSIG OP_NOT).
|
|
|
|
ScriptInterpreter.SCRIPT_VERIFY_STRICTENC = (1 << 1);
|
|
|
|
|
|
|
|
// Passing a non-strict-DER signature to a checksig operation causes script failure (softfork safe, BIP62 rule 1)
|
|
|
|
ScriptInterpreter.SCRIPT_VERIFY_DERSIG = (1 << 2);
|
|
|
|
|
|
|
|
// Passing a non-strict-DER signature or one with S > order/2 to a checksig operation causes script failure
|
|
|
|
// (softfork safe, BIP62 rule 5).
|
|
|
|
ScriptInterpreter.SCRIPT_VERIFY_LOW_S = (1 << 3);
|
|
|
|
|
|
|
|
// verify dummy stack item consumed by CHECKMULTISIG is of zero-length (softfork safe, BIP62 rule 7).
|
|
|
|
ScriptInterpreter.SCRIPT_VERIFY_NULLDUMMY = (1 << 4);
|
|
|
|
|
|
|
|
// Using a non-push operator in the scriptSig causes script failure (softfork safe, BIP62 rule 2).
|
|
|
|
ScriptInterpreter.SCRIPT_VERIFY_SIGPUSHONLY = (1 << 5);
|
|
|
|
|
|
|
|
// Require minimal encodings for all push operations (OP_0... OP_16, OP_1NEGATE where possible, direct
|
|
|
|
// pushes up to 75 bytes, OP_PUSHDATA up to 255 bytes, OP_PUSHDATA2 for anything larger). Evaluating
|
|
|
|
// any other push causes the script to fail (BIP62 rule 3).
|
|
|
|
// In addition, whenever a stack element is interpreted as a number, it must be of minimal length (BIP62 rule 4).
|
|
|
|
// (softfork safe)
|
|
|
|
ScriptInterpreter.SCRIPT_VERIFY_MINIMALDATA = (1 << 6);
|
|
|
|
|
|
|
|
// Discourage use of NOPs reserved for upgrades (NOP1-10)
|
|
|
|
//
|
|
|
|
// Provided so that nodes can avoid accepting or mining transactions
|
|
|
|
// containing executed NOP's whose meaning may change after a soft-fork,
|
|
|
|
// thus rendering the script invalid; with this flag set executing
|
|
|
|
// discouraged NOPs fails the script. This verification flag will never be
|
|
|
|
// a mandatory flag applied to scripts in a block. NOPs that are not
|
|
|
|
// executed, e.g. within an unexecuted IF ENDIF block, are *not* rejected.
|
|
|
|
ScriptInterpreter.SCRIPT_VERIFY_DISCOURAGE_UPGRADABLE_NOPS = (1 << 7);
|
|
|
|
|
|
|
|
ScriptInterpreter.castToBool = function(buf) {
|
|
|
|
for (var i = 0; i < buf.length; i++) {
|
|
|
|
if (buf[i] !== 0) {
|
|
|
|
// can be negative zero
|
|
|
|
if (i === buf.length - 1 && buf[i] === 0x80) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return false;
|
|
|
|
};
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Translated from bitcoind's CheckSignatureEncoding
|
|
|
|
*/
|
|
|
|
ScriptInterpreter.prototype.checkSignatureEncoding = function(buf) {
|
|
|
|
var sig;
|
|
|
|
if ((this.flags & (ScriptInterpreter.SCRIPT_VERIFY_DERSIG | ScriptInterpreter.SCRIPT_VERIFY_LOW_S | ScriptInterpreter.SCRIPT_VERIFY_STRICTENC)) !== 0 && !Signature.isTxDER(buf)) {
|
|
|
|
this.errstr = 'SCRIPT_ERR_SIG_DER_INVALID_FORMAT';
|
|
|
|
return false;
|
|
|
|
} else if ((this.flags & ScriptInterpreter.SCRIPT_VERIFY_LOW_S) !== 0) {
|
|
|
|
sig = Signature.fromTxFormat(buf);
|
|
|
|
if (!sig.hasLowS()) {
|
|
|
|
this.errstr = 'SCRIPT_ERR_SIG_DER_HIGH_S';
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
} else if ((this.flags & ScriptInterpreter.SCRIPT_VERIFY_STRICTENC) !== 0) {
|
|
|
|
sig = Signature.fromTxFormat(buf);
|
|
|
|
if (!sig.hasDefinedHashtype()) {
|
|
|
|
this.errstr = 'SCRIPT_ERR_SIG_HASHTYPE';
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return true;
|
|
|
|
};
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Translated from bitcoind's CheckPubKeyEncoding
|
|
|
|
*/
|
|
|
|
ScriptInterpreter.prototype.checkPubkeyEncoding = function(buf) {
|
|
|
|
if ((this.flags & ScriptInterpreter.SCRIPT_VERIFY_STRICTENC) !== 0 && !PublicKey.isValid(buf)) {
|
|
|
|
this.errstr = 'SCRIPT_ERR_PUBKEYTYPE';
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
return true;
|
|
|
|
};
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Based on bitcoind's EvalScript function, with the inner loop moved to
|
|
|
|
* ScriptInterpreter.prototype.step()
|
|
|
|
* bitcoind commit: b5d1b1092998bc95313856d535c632ea5a8f9104
|
|
|
|
*/
|
|
|
|
ScriptInterpreter.prototype.evaluate = function() {
|
|
|
|
if (this.script.toBuffer().length > 10000) {
|
|
|
|
this.errstr = 'SCRIPT_ERR_SCRIPT_SIZE';
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
try {
|
|
|
|
while (this.pc < this.script.chunks.length) {
|
|
|
|
var fSuccess = this.step();
|
|
|
|
if (!fSuccess) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// Size limits
|
|
|
|
if (this.stack.length + this.altstack.length > 1000) {
|
|
|
|
this.errstr = 'SCRIPT_ERR_STACK_SIZE';
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
} catch (e) {
|
|
|
|
this.errstr = 'SCRIPT_ERR_UNKNOWN_ERROR: ' + e;
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (this.vfExec.length > 0) {
|
|
|
|
this.errstr = 'SCRIPT_ERR_UNBALANCED_CONDITIONAL';
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
return true;
|
|
|
|
};
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Based on the inner loop of bitcoind's EvalScript function
|
|
|
|
* bitcoind commit: b5d1b1092998bc95313856d535c632ea5a8f9104
|
|
|
|
*/
|
|
|
|
ScriptInterpreter.prototype.step = function() {
|
|
|
|
|
|
|
|
var fRequireMinimal = (this.flags & ScriptInterpreter.SCRIPT_VERIFY_MINIMALDATA) !== 0;
|
|
|
|
|
|
|
|
//bool fExec = !count(vfExec.begin(), vfExec.end(), false);
|
|
|
|
var fExec = (this.vfExec.indexOf(false) === -1);
|
|
|
|
|
|
|
|
|
|
|
|
// Read instruction
|
|
|
|
var chunk = this.script.chunks[this.pc];
|
|
|
|
this.pc++;
|
|
|
|
var opcodenum = chunk.opcodenum;
|
|
|
|
if (_.isUndefined(opcodenum)) {
|
|
|
|
this.errstr = 'SCRIPT_ERR_UNDEFINED_OPCODE';
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
if (chunk.buf && chunk.buf.length > ScriptInterpreter.MAX_SCRIPT_ELEMENT_SIZE) {
|
|
|
|
this.errstr = 'SCRIPT_ERR_PUSH_SIZE';
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Note how Opcode.OP_RESERVED does not count towards the opcode limit.
|
|
|
|
if (opcodenum > Opcode.OP_16 && ++(this.nOpCount) > 201) {
|
|
|
|
this.errstr = 'SCRIPT_ERR_OP_COUNT';
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
if (opcodenum === Opcode.OP_CAT ||
|
|
|
|
opcodenum === Opcode.OP_SUBSTR ||
|
|
|
|
opcodenum === Opcode.OP_LEFT ||
|
|
|
|
opcodenum === Opcode.OP_RIGHT ||
|
|
|
|
opcodenum === Opcode.OP_INVERT ||
|
|
|
|
opcodenum === Opcode.OP_AND ||
|
|
|
|
opcodenum === Opcode.OP_OR ||
|
|
|
|
opcodenum === Opcode.OP_XOR ||
|
|
|
|
opcodenum === Opcode.OP_2MUL ||
|
|
|
|
opcodenum === Opcode.OP_2DIV ||
|
|
|
|
opcodenum === Opcode.OP_MUL ||
|
|
|
|
opcodenum === Opcode.OP_DIV ||
|
|
|
|
opcodenum === Opcode.OP_MOD ||
|
|
|
|
opcodenum === Opcode.OP_LSHIFT ||
|
|
|
|
opcodenum === Opcode.OP_RSHIFT) {
|
|
|
|
this.errstr = 'SCRIPT_ERR_DISABLED_OPCODE';
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (fExec && 0 <= opcodenum && opcodenum <= Opcode.OP_PUSHDATA4) {
|
|
|
|
if (fRequireMinimal && !this.script.checkMinimalPush(this.pc - 1)) {
|
|
|
|
this.errstr = 'SCRIPT_ERR_MINIMALDATA';
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
if (!chunk.buf) {
|
|
|
|
this.stack.push(ScriptInterpreter.false);
|
|
|
|
} else if (chunk.len !== chunk.buf.length) {
|
|
|
|
throw new Error('Length of push value not equal to length of data');
|
|
|
|
} else {
|
|
|
|
this.stack.push(chunk.buf);
|
|
|
|
}
|
|
|
|
} else if (fExec || (Opcode.OP_IF <= opcodenum && opcodenum <= Opcode.OP_ENDIF)) {
|
|
|
|
switch (opcodenum) {
|
|
|
|
// Push value
|
|
|
|
case Opcode.OP_1NEGATE:
|
|
|
|
case Opcode.OP_1:
|
|
|
|
case Opcode.OP_2:
|
|
|
|
case Opcode.OP_3:
|
|
|
|
case Opcode.OP_4:
|
|
|
|
case Opcode.OP_5:
|
|
|
|
case Opcode.OP_6:
|
|
|
|
case Opcode.OP_7:
|
|
|
|
case Opcode.OP_8:
|
|
|
|
case Opcode.OP_9:
|
|
|
|
case Opcode.OP_10:
|
|
|
|
case Opcode.OP_11:
|
|
|
|
case Opcode.OP_12:
|
|
|
|
case Opcode.OP_13:
|
|
|
|
case Opcode.OP_14:
|
|
|
|
case Opcode.OP_15:
|
|
|
|
case Opcode.OP_16:
|
|
|
|
{
|
|
|
|
// ( -- value)
|
|
|
|
// ScriptNum bn((int)opcode - (int)(Opcode.OP_1 - 1));
|
|
|
|
var n = opcodenum - (Opcode.OP_1 - 1);
|
|
|
|
var buf = BN(n).toScriptNumBuffer();
|
|
|
|
this.stack.push(buf);
|
|
|
|
// The result of these opcodes should always be the minimal way to push the data
|
|
|
|
// they push, so no need for a CheckMinimalPush here.
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
|
|
//
|
|
|
|
// Control
|
|
|
|
//
|
|
|
|
case Opcode.OP_NOP:
|
|
|
|
break;
|
|
|
|
|
|
|
|
case Opcode.OP_NOP1:
|
|
|
|
case Opcode.OP_NOP2:
|
|
|
|
case Opcode.OP_NOP3:
|
|
|
|
case Opcode.OP_NOP4:
|
|
|
|
case Opcode.OP_NOP5:
|
|
|
|
case Opcode.OP_NOP6:
|
|
|
|
case Opcode.OP_NOP7:
|
|
|
|
case Opcode.OP_NOP8:
|
|
|
|
case Opcode.OP_NOP9:
|
|
|
|
case Opcode.OP_NOP10:
|
|
|
|
{
|
|
|
|
if (this.flags & ScriptInterpreter.SCRIPT_VERIFY_DISCOURAGE_UPGRADABLE_NOPS) {
|
|
|
|
this.errstr = 'SCRIPT_ERR_DISCOURAGE_UPGRADABLE_NOPS';
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
|
|
|
|
case Opcode.OP_IF:
|
|
|
|
case Opcode.OP_NOTIF:
|
|
|
|
{
|
|
|
|
// <expression> if [statements] [else [statements]] endif
|
|
|
|
// bool fValue = false;
|
|
|
|
var fValue = false;
|
|
|
|
if (fExec) {
|
|
|
|
if (this.stack.length < 1) {
|
|
|
|
this.errstr = 'SCRIPT_ERR_UNBALANCED_CONDITIONAL';
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
var buf = this.stack.pop();
|
|
|
|
fValue = ScriptInterpreter.castToBool(buf);
|
|
|
|
if (opcodenum === Opcode.OP_NOTIF)
|
|
|
|
fValue = !fValue;
|
|
|
|
}
|
|
|
|
this.vfExec.push(fValue);
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
|
|
|
|
case Opcode.OP_ELSE:
|
|
|
|
{
|
|
|
|
if (this.vfExec.length === 0) {
|
|
|
|
this.errstr = 'SCRIPT_ERR_UNBALANCED_CONDITIONAL';
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
this.vfExec[this.vfExec.length - 1] = !this.vfExec[this.vfExec.length - 1];
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
|
|
|
|
case Opcode.OP_ENDIF:
|
|
|
|
{
|
|
|
|
if (this.vfExec.length === 0) {
|
|
|
|
this.errstr = 'SCRIPT_ERR_UNBALANCED_CONDITIONAL';
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
this.vfExec.pop();
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
|
|
|
|
case Opcode.OP_VERIFY:
|
|
|
|
{
|
|
|
|
// (true -- ) or
|
|
|
|
// (false -- false) and return
|
|
|
|
if (this.stack.length < 1) {
|
|
|
|
this.errstr = 'SCRIPT_ERR_INVALID_STACK_OPERATION';
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
var buf = this.stack[this.stack.length - 1];
|
|
|
|
var fValue = ScriptInterpreter.castToBool(buf);
|
|
|
|
if (fValue)
|
|
|
|
this.stack.pop();
|
|
|
|
else {
|
|
|
|
this.errstr = 'SCRIPT_ERR_VERIFY';
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
|
|
|
|
case Opcode.OP_RETURN:
|
|
|
|
{
|
|
|
|
this.errstr = 'SCRIPT_ERR_OP_RETURN';
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
|
|
//
|
|
|
|
// Stack ops
|
|
|
|
//
|
|
|
|
case Opcode.OP_TOALTSTACK:
|
|
|
|
{
|
|
|
|
if (this.stack.length < 1) {
|
|
|
|
this.errstr = 'SCRIPT_ERR_INVALID_STACK_OPERATION';
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
this.altstack.push(this.stack.pop());
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
|
|
|
|
case Opcode.OP_FROMALTSTACK:
|
|
|
|
{
|
|
|
|
if (this.altstack.length < 1) {
|
|
|
|
this.errstr = 'SCRIPT_ERR_INVALID_ALTSTACK_OPERATION';
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
this.stack.push(this.altstack.pop());
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
|
|
|
|
case Opcode.OP_2DROP:
|
|
|
|
{
|
|
|
|
// (x1 x2 -- )
|
|
|
|
if (this.stack.length < 2) {
|
|
|
|
this.errstr = 'SCRIPT_ERR_INVALID_STACK_OPERATION';
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
this.stack.pop();
|
|
|
|
this.stack.pop();
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
|
|
|
|
case Opcode.OP_2DUP:
|
|
|
|
{
|
|
|
|
// (x1 x2 -- x1 x2 x1 x2)
|
|
|
|
if (this.stack.length < 2) {
|
|
|
|
this.errstr = 'SCRIPT_ERR_INVALID_STACK_OPERATION';
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
var buf1 = this.stack[this.stack.length - 2];
|
|
|
|
var buf2 = this.stack[this.stack.length - 1];
|
|
|
|
this.stack.push(buf1);
|
|
|
|
this.stack.push(buf2);
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
|
|
|
|
case Opcode.OP_3DUP:
|
|
|
|
{
|
|
|
|
// (x1 x2 x3 -- x1 x2 x3 x1 x2 x3)
|
|
|
|
if (this.stack.length < 3) {
|
|
|
|
this.errstr = 'SCRIPT_ERR_INVALID_STACK_OPERATION';
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
var buf1 = this.stack[this.stack.length - 3];
|
|
|
|
var buf2 = this.stack[this.stack.length - 2];
|
|
|
|
var buf3 = this.stack[this.stack.length - 1];
|
|
|
|
this.stack.push(buf1);
|
|
|
|
this.stack.push(buf2);
|
|
|
|
this.stack.push(buf3);
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
|
|
|
|
case Opcode.OP_2OVER:
|
|
|
|
{
|
|
|
|
// (x1 x2 x3 x4 -- x1 x2 x3 x4 x1 x2)
|
|
|
|
if (this.stack.length < 4) {
|
|
|
|
this.errstr = 'SCRIPT_ERR_INVALID_STACK_OPERATION';
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
var buf1 = this.stack[this.stack.length - 4];
|
|
|
|
var buf2 = this.stack[this.stack.length - 3];
|
|
|
|
this.stack.push(buf1);
|
|
|
|
this.stack.push(buf2);
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
|
|
|
|
case Opcode.OP_2ROT:
|
|
|
|
{
|
|
|
|
// (x1 x2 x3 x4 x5 x6 -- x3 x4 x5 x6 x1 x2)
|
|
|
|
if (this.stack.length < 6) {
|
|
|
|
this.errstr = 'SCRIPT_ERR_INVALID_STACK_OPERATION';
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
var spliced = this.stack.splice(this.stack.length - 6, 2);
|
|
|
|
this.stack.push(spliced[0]);
|
|
|
|
this.stack.push(spliced[1]);
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
|
|
|
|
case Opcode.OP_2SWAP:
|
|
|
|
{
|
|
|
|
// (x1 x2 x3 x4 -- x3 x4 x1 x2)
|
|
|
|
if (this.stack.length < 4) {
|
|
|
|
this.errstr = 'SCRIPT_ERR_INVALID_STACK_OPERATION';
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
var spliced = this.stack.splice(this.stack.length - 4, 2);
|
|
|
|
this.stack.push(spliced[0]);
|
|
|
|
this.stack.push(spliced[1]);
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
|
|
|
|
case Opcode.OP_IFDUP:
|
|
|
|
{
|
|
|
|
// (x - 0 | x x)
|
|
|
|
if (this.stack.length < 1) {
|
|
|
|
this.errstr = 'SCRIPT_ERR_INVALID_STACK_OPERATION';
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
var buf = this.stack[this.stack.length - 1];
|
|
|
|
var fValue = ScriptInterpreter.castToBool(buf);
|
|
|
|
if (fValue)
|
|
|
|
this.stack.push(buf);
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
|
|
|
|
case Opcode.OP_DEPTH:
|
|
|
|
{
|
|
|
|
// -- stacksize
|
|
|
|
var buf = BN(this.stack.length).toScriptNumBuffer();
|
|
|
|
this.stack.push(buf);
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
|
|
|
|
case Opcode.OP_DROP:
|
|
|
|
{
|
|
|
|
// (x -- )
|
|
|
|
if (this.stack.length < 1) {
|
|
|
|
this.errstr = 'SCRIPT_ERR_INVALID_STACK_OPERATION';
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
this.stack.pop();
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
|
|
|
|
case Opcode.OP_DUP:
|
|
|
|
{
|
|
|
|
// (x -- x x)
|
|
|
|
if (this.stack.length < 1) {
|
|
|
|
this.errstr = 'SCRIPT_ERR_INVALID_STACK_OPERATION';
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
this.stack.push(this.stack[this.stack.length - 1]);
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
|
|
|
|
case Opcode.OP_NIP:
|
|
|
|
{
|
|
|
|
// (x1 x2 -- x2)
|
|
|
|
if (this.stack.length < 2) {
|
|
|
|
this.errstr = 'SCRIPT_ERR_INVALID_STACK_OPERATION';
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
this.stack.splice(this.stack.length - 2, 1);
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
|
|
|
|
case Opcode.OP_OVER:
|
|
|
|
{
|
|
|
|
// (x1 x2 -- x1 x2 x1)
|
|
|
|
if (this.stack.length < 2) {
|
|
|
|
this.errstr = 'SCRIPT_ERR_INVALID_STACK_OPERATION';
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
this.stack.push(this.stack[this.stack.length - 2]);
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
|
|
|
|
case Opcode.OP_PICK:
|
|
|
|
case Opcode.OP_ROLL:
|
|
|
|
{
|
|
|
|
// (xn ... x2 x1 x0 n - xn ... x2 x1 x0 xn)
|
|
|
|
// (xn ... x2 x1 x0 n - ... x2 x1 x0 xn)
|
|
|
|
if (this.stack.length < 2) {
|
|
|
|
this.errstr = 'SCRIPT_ERR_INVALID_STACK_OPERATION';
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
var buf = this.stack[this.stack.length - 1];
|
|
|
|
var bn = BN().fromScriptNumBuffer(buf, fRequireMinimal);
|
|
|
|
var n = bn.toNumber();
|
|
|
|
this.stack.pop();
|
|
|
|
if (n < 0 || n >= this.stack.length) {
|
|
|
|
this.errstr = 'SCRIPT_ERR_INVALID_STACK_OPERATION';
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
var buf = this.stack[this.stack.length - n - 1];
|
|
|
|
if (opcodenum === Opcode.OP_ROLL)
|
|
|
|
this.stack.splice(this.stack.length - n - 1, 1);
|
|
|
|
this.stack.push(buf);
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
|
|
|
|
case Opcode.OP_ROT:
|
|
|
|
{
|
|
|
|
// (x1 x2 x3 -- x2 x3 x1)
|
|
|
|
// x2 x1 x3 after first swap
|
|
|
|
// x2 x3 x1 after second swap
|
|
|
|
if (this.stack.length < 3) {
|
|
|
|
this.errstr = 'SCRIPT_ERR_INVALID_STACK_OPERATION';
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
var x1 = this.stack[this.stack.length - 3];
|
|
|
|
var x2 = this.stack[this.stack.length - 2];
|
|
|
|
var x3 = this.stack[this.stack.length - 1];
|
|
|
|
this.stack[this.stack.length - 3] = x2;
|
|
|
|
this.stack[this.stack.length - 2] = x3;
|
|
|
|
this.stack[this.stack.length - 1] = x1;
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
|
|
|
|
case Opcode.OP_SWAP:
|
|
|
|
{
|
|
|
|
// (x1 x2 -- x2 x1)
|
|
|
|
if (this.stack.length < 2) {
|
|
|
|
this.errstr = 'SCRIPT_ERR_INVALID_STACK_OPERATION';
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
var x1 = this.stack[this.stack.length - 2];
|
|
|
|
var x2 = this.stack[this.stack.length - 1];
|
|
|
|
this.stack[this.stack.length - 2] = x2;
|
|
|
|
this.stack[this.stack.length - 1] = x1;
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
|
|
|
|
case Opcode.OP_TUCK:
|
|
|
|
{
|
|
|
|
// (x1 x2 -- x2 x1 x2)
|
|
|
|
if (this.stack.length < 2) {
|
|
|
|
this.errstr = 'SCRIPT_ERR_INVALID_STACK_OPERATION';
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
this.stack.splice(this.stack.length - 2, 0, this.stack[this.stack.length - 1]);
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
|
|
case Opcode.OP_SIZE:
|
|
|
|
{
|
|
|
|
// (in -- in size)
|
|
|
|
if (this.stack.length < 1) {
|
|
|
|
this.errstr = 'SCRIPT_ERR_INVALID_STACK_OPERATION';
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
var bn = BN(this.stack[this.stack.length - 1].length);
|
|
|
|
this.stack.push(bn.toScriptNumBuffer());
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
|
|
//
|
|
|
|
// Bitwise logic
|
|
|
|
//
|
|
|
|
case Opcode.OP_EQUAL:
|
|
|
|
case Opcode.OP_EQUALVERIFY:
|
|
|
|
//case Opcode.OP_NOTEQUAL: // use Opcode.OP_NUMNOTEQUAL
|
|
|
|
{
|
|
|
|
// (x1 x2 - bool)
|
|
|
|
if (this.stack.length < 2) {
|
|
|
|
this.errstr = 'SCRIPT_ERR_INVALID_STACK_OPERATION';
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
var buf1 = this.stack[this.stack.length - 2];
|
|
|
|
var buf2 = this.stack[this.stack.length - 1];
|
|
|
|
var fEqual = buf1.toString('hex') === buf2.toString('hex');
|
|
|
|
// Opcode.OP_NOTEQUAL is disabled because it would be too easy to say
|
|
|
|
// something like n != 1 and have some wiseguy pass in 1 with extra
|
|
|
|
// zero bytes after it (numerically, 0x01 == 0x0001 == 0x000001)
|
|
|
|
//if (opcode == Opcode.OP_NOTEQUAL)
|
|
|
|
// fEqual = !fEqual;
|
|
|
|
this.stack.pop();
|
|
|
|
this.stack.pop();
|
|
|
|
this.stack.push(fEqual ? ScriptInterpreter.true : ScriptInterpreter.false);
|
|
|
|
if (opcodenum === Opcode.OP_EQUALVERIFY) {
|
|
|
|
if (fEqual)
|
|
|
|
this.stack.pop();
|
|
|
|
else {
|
|
|
|
this.errstr = 'SCRIPT_ERR_EQUALVERIFY';
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
|
|
//
|
|
|
|
// Numeric
|
|
|
|
//
|
|
|
|
case Opcode.OP_1ADD:
|
|
|
|
case Opcode.OP_1SUB:
|
|
|
|
case Opcode.OP_NEGATE:
|
|
|
|
case Opcode.OP_ABS:
|
|
|
|
case Opcode.OP_NOT:
|
|
|
|
case Opcode.OP_0NOTEQUAL:
|
|
|
|
{
|
|
|
|
// (in -- out)
|
|
|
|
if (this.stack.length < 1) {
|
|
|
|
this.errstr = 'SCRIPT_ERR_INVALID_STACK_OPERATION';
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
var buf = this.stack[this.stack.length - 1];
|
|
|
|
var bn = BN().fromScriptNumBuffer(buf, fRequireMinimal);
|
|
|
|
switch (opcodenum) {
|
|
|
|
case Opcode.OP_1ADD:
|
|
|
|
bn = bn.add(1);
|
|
|
|
break;
|
|
|
|
case Opcode.OP_1SUB:
|
|
|
|
bn = bn.sub(1);
|
|
|
|
break;
|
|
|
|
case Opcode.OP_NEGATE:
|
|
|
|
bn = bn.neg();
|
|
|
|
break;
|
|
|
|
case Opcode.OP_ABS:
|
|
|
|
if (bn.cmp(0) < 0) bn = bn.neg();
|
|
|
|
break;
|
|
|
|
case Opcode.OP_NOT:
|
|
|
|
bn = BN((bn.cmp(0) === 0) + 0);
|
|
|
|
break;
|
|
|
|
case Opcode.OP_0NOTEQUAL:
|
|
|
|
bn = BN((bn.cmp(0) !== 0) + 0);
|
|
|
|
break;
|
|
|
|
//default: assert(!'invalid opcode'); break; // TODO: does this ever occur?
|
|
|
|
}
|
|
|
|
this.stack.pop();
|
|
|
|
this.stack.push(bn.toScriptNumBuffer());
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
|
|
|
|
case Opcode.OP_ADD:
|
|
|
|
case Opcode.OP_SUB:
|
|
|
|
case Opcode.OP_BOOLAND:
|
|
|
|
case Opcode.OP_BOOLOR:
|
|
|
|
case Opcode.OP_NUMEQUAL:
|
|
|
|
case Opcode.OP_NUMEQUALVERIFY:
|
|
|
|
case Opcode.OP_NUMNOTEQUAL:
|
|
|
|
case Opcode.OP_LESSTHAN:
|
|
|
|
case Opcode.OP_GREATERTHAN:
|
|
|
|
case Opcode.OP_LESSTHANOREQUAL:
|
|
|
|
case Opcode.OP_GREATERTHANOREQUAL:
|
|
|
|
case Opcode.OP_MIN:
|
|
|
|
case Opcode.OP_MAX:
|
|
|
|
{
|
|
|
|
// (x1 x2 -- out)
|
|
|
|
if (this.stack.length < 2) {
|
|
|
|
this.errstr = 'SCRIPT_ERR_INVALID_STACK_OPERATION';
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
var bn1 = BN().fromScriptNumBuffer(this.stack[this.stack.length - 2], fRequireMinimal);
|
|
|
|
var bn2 = BN().fromScriptNumBuffer(this.stack[this.stack.length - 1], fRequireMinimal);
|
|
|
|
var bn = BN(0);
|
|
|
|
|
|
|
|
switch (opcodenum) {
|
|
|
|
case Opcode.OP_ADD:
|
|
|
|
bn = bn1.add(bn2);
|
|
|
|
break;
|
|
|
|
|
|
|
|
case Opcode.OP_SUB:
|
|
|
|
bn = bn1.sub(bn2);
|
|
|
|
break;
|
|
|
|
|
|
|
|
// case Opcode.OP_BOOLAND: bn = (bn1 != bnZero && bn2 != bnZero); break;
|
|
|
|
case Opcode.OP_BOOLAND:
|
|
|
|
bn = BN(((bn1.cmp(0) !== 0) && (bn2.cmp(0) !== 0)) + 0);
|
|
|
|
break;
|
|
|
|
// case Opcode.OP_BOOLOR: bn = (bn1 != bnZero || bn2 != bnZero); break;
|
|
|
|
case Opcode.OP_BOOLOR:
|
|
|
|
bn = BN(((bn1.cmp(0) !== 0) || (bn2.cmp(0) !== 0)) + 0);
|
|
|
|
break;
|
|
|
|
// case Opcode.OP_NUMEQUAL: bn = (bn1 == bn2); break;
|
|
|
|
case Opcode.OP_NUMEQUAL:
|
|
|
|
bn = BN((bn1.cmp(bn2) === 0) + 0);
|
|
|
|
break;
|
|
|
|
// case Opcode.OP_NUMEQUALVERIFY: bn = (bn1 == bn2); break;
|
|
|
|
case Opcode.OP_NUMEQUALVERIFY:
|
|
|
|
bn = BN((bn1.cmp(bn2) === 0) + 0);
|
|
|
|
break;
|
|
|
|
// case Opcode.OP_NUMNOTEQUAL: bn = (bn1 != bn2); break;
|
|
|
|
case Opcode.OP_NUMNOTEQUAL:
|
|
|
|
bn = BN((bn1.cmp(bn2) !== 0) + 0);
|
|
|
|
break;
|
|
|
|
// case Opcode.OP_LESSTHAN: bn = (bn1 < bn2); break;
|
|
|
|
case Opcode.OP_LESSTHAN:
|
|
|
|
bn = BN((bn1.cmp(bn2) < 0) + 0);
|
|
|
|
break;
|
|
|
|
// case Opcode.OP_GREATERTHAN: bn = (bn1 > bn2); break;
|
|
|
|
case Opcode.OP_GREATERTHAN:
|
|
|
|
bn = BN((bn1.cmp(bn2) > 0) + 0);
|
|
|
|
break;
|
|
|
|
// case Opcode.OP_LESSTHANOREQUAL: bn = (bn1 <= bn2); break;
|
|
|
|
case Opcode.OP_LESSTHANOREQUAL:
|
|
|
|
bn = BN((bn1.cmp(bn2) <= 0) + 0);
|
|
|
|
break;
|
|
|
|
// case Opcode.OP_GREATERTHANOREQUAL: bn = (bn1 >= bn2); break;
|
|
|
|
case Opcode.OP_GREATERTHANOREQUAL:
|
|
|
|
bn = BN((bn1.cmp(bn2) >= 0) + 0);
|
|
|
|
break;
|
|
|
|
case Opcode.OP_MIN:
|
|
|
|
bn = (bn1.cmp(bn2) < 0 ? bn1 : bn2);
|
|
|
|
break;
|
|
|
|
case Opcode.OP_MAX:
|
|
|
|
bn = (bn1.cmp(bn2) > 0 ? bn1 : bn2);
|
|
|
|
break;
|
|
|
|
// default: assert(!'invalid opcode'); break; //TODO: does this ever occur?
|
|
|
|
}
|
|
|
|
this.stack.pop();
|
|
|
|
this.stack.pop();
|
|
|
|
this.stack.push(bn.toScriptNumBuffer());
|
|
|
|
|
|
|
|
if (opcodenum === Opcode.OP_NUMEQUALVERIFY) {
|
|
|
|
// if (CastToBool(stacktop(-1)))
|
|
|
|
if (ScriptInterpreter.castToBool(this.stack[this.stack.length - 1]))
|
|
|
|
this.stack.pop();
|
|
|
|
else {
|
|
|
|
this.errstr = 'SCRIPT_ERR_NUMEQUALVERIFY';
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
|
|
|
|
case Opcode.OP_WITHIN:
|
|
|
|
{
|
|
|
|
// (x min max -- out)
|
|
|
|
if (this.stack.length < 3) {
|
|
|
|
this.errstr = 'SCRIPT_ERR_INVALID_STACK_OPERATION';
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
var bn1 = BN().fromScriptNumBuffer(this.stack[this.stack.length - 3], fRequireMinimal);
|
|
|
|
var bn2 = BN().fromScriptNumBuffer(this.stack[this.stack.length - 2], fRequireMinimal);
|
|
|
|
var bn3 = BN().fromScriptNumBuffer(this.stack[this.stack.length - 1], fRequireMinimal);
|
|
|
|
//bool fValue = (bn2 <= bn1 && bn1 < bn3);
|
|
|
|
var fValue = (bn2.cmp(bn1) <= 0) && (bn1.cmp(bn3) < 0);
|
|
|
|
this.stack.pop();
|
|
|
|
this.stack.pop();
|
|
|
|
this.stack.pop();
|
|
|
|
this.stack.push(fValue ? ScriptInterpreter.true : ScriptInterpreter.false);
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
|
|
//
|
|
|
|
// Crypto
|
|
|
|
//
|
|
|
|
case Opcode.OP_RIPEMD160:
|
|
|
|
case Opcode.OP_SHA1:
|
|
|
|
case Opcode.OP_SHA256:
|
|
|
|
case Opcode.OP_HASH160:
|
|
|
|
case Opcode.OP_HASH256:
|
|
|
|
{
|
|
|
|
// (in -- hash)
|
|
|
|
if (this.stack.length < 1) {
|
|
|
|
this.errstr = 'SCRIPT_ERR_INVALID_STACK_OPERATION';
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
var buf = this.stack[this.stack.length - 1];
|
|
|
|
//valtype vchHash((opcode == Opcode.OP_RIPEMD160 || opcode == Opcode.OP_SHA1 || opcode == Opcode.OP_HASH160) ? 20 : 32);
|
|
|
|
var bufHash;
|
|
|
|
if (opcodenum === Opcode.OP_RIPEMD160)
|
|
|
|
bufHash = Hash.ripemd160(buf);
|
|
|
|
else if (opcodenum === Opcode.OP_SHA1)
|
|
|
|
bufHash = Hash.sha1(buf);
|
|
|
|
else if (opcodenum === Opcode.OP_SHA256)
|
|
|
|
bufHash = Hash.sha256(buf);
|
|
|
|
else if (opcodenum === Opcode.OP_HASH160)
|
|
|
|
bufHash = Hash.sha256ripemd160(buf);
|
|
|
|
else if (opcodenum === Opcode.OP_HASH256)
|
|
|
|
bufHash = Hash.sha256sha256(buf);
|
|
|
|
this.stack.pop();
|
|
|
|
this.stack.push(bufHash);
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
|
|
|
|
case Opcode.OP_CODESEPARATOR:
|
|
|
|
{
|
|
|
|
// Hash starts after the code separator
|
|
|
|
this.pbegincodehash = this.pc;
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
|
|
|
|
case Opcode.OP_CHECKSIG:
|
|
|
|
case Opcode.OP_CHECKSIGVERIFY:
|
|
|
|
{
|
|
|
|
// (sig pubkey -- bool)
|
|
|
|
if (this.stack.length < 2) {
|
|
|
|
this.errstr = 'SCRIPT_ERR_INVALID_STACK_OPERATION';
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
var bufSig = this.stack[this.stack.length - 2];
|
|
|
|
var bufPubkey = this.stack[this.stack.length - 1];
|
|
|
|
|
|
|
|
// Subset of script starting at the most recent codeseparator
|
|
|
|
// CScript scriptCode(pbegincodehash, pend);
|
|
|
|
var subscript = Script().set({
|
|
|
|
chunks: this.script.chunks.slice(this.pbegincodehash)
|
|
|
|
});
|
|
|
|
|
|
|
|
// Drop the signature, since there's no way for a signature to sign itself
|
|
|
|
var tmpScript = Script().add(bufSig);
|
|
|
|
subscript.findAndDelete(tmpScript);
|
|
|
|
|
|
|
|
if (!this.checkSignatureEncoding(bufSig) || !this.checkPubkeyEncoding(bufPubkey)) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
var fSuccess;
|
|
|
|
try {
|
|
|
|
var sig = Signature.fromTxFormat(bufSig);
|
|
|
|
var pubkey = PublicKey.fromBuffer(bufPubkey, false);
|
|
|
|
fSuccess = this.tx.verify(sig, pubkey, this.nin, subscript);
|
|
|
|
} catch (e) {
|
|
|
|
//invalid sig or pubkey
|
|
|
|
fSuccess = false;
|
|
|
|
}
|
|
|
|
|
|
|
|
this.stack.pop();
|
|
|
|
this.stack.pop();
|
|
|
|
// stack.push_back(fSuccess ? vchTrue : vchFalse);
|
|
|
|
this.stack.push(fSuccess ? ScriptInterpreter.true : ScriptInterpreter.false);
|
|
|
|
if (opcodenum === Opcode.OP_CHECKSIGVERIFY) {
|
|
|
|
if (fSuccess) {
|
|
|
|
this.stack.pop();
|
|
|
|
} else {
|
|
|
|
this.errstr = 'SCRIPT_ERR_CHECKSIGVERIFY';
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
|
|
|
|
case Opcode.OP_CHECKMULTISIG:
|
|
|
|
case Opcode.OP_CHECKMULTISIGVERIFY:
|
|
|
|
{
|
|
|
|
// ([sig ...] num_of_signatures [pubkey ...] num_of_pubkeys -- bool)
|
|
|
|
|
|
|
|
var i = 1;
|
|
|
|
if (this.stack.length < i) {
|
|
|
|
this.errstr = 'SCRIPT_ERR_INVALID_STACK_OPERATION';
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
var nKeysCount = BN().fromScriptNumBuffer(this.stack[this.stack.length - i], fRequireMinimal).toNumber();
|
|
|
|
if (nKeysCount < 0 || nKeysCount > 20) {
|
|
|
|
this.errstr = 'SCRIPT_ERR_PUBKEY_COUNT';
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
this.nOpCount += nKeysCount;
|
|
|
|
if (this.nOpCount > 201) {
|
|
|
|
this.errstr = 'SCRIPT_ERR_OP_COUNT';
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
// int ikey = ++i;
|
|
|
|
var ikey = ++i;
|
|
|
|
i += nKeysCount;
|
|
|
|
if (this.stack.length < i) {
|
|
|
|
this.errstr = 'SCRIPT_ERR_INVALID_STACK_OPERATION';
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
var nSigsCount = BN().fromScriptNumBuffer(this.stack[this.stack.length - i], fRequireMinimal).toNumber();
|
|
|
|
if (nSigsCount < 0 || nSigsCount > nKeysCount) {
|
|
|
|
this.errstr = 'SCRIPT_ERR_SIG_COUNT';
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
// int isig = ++i;
|
|
|
|
var isig = ++i;
|
|
|
|
i += nSigsCount;
|
|
|
|
if (this.stack.length < i) {
|
|
|
|
this.errstr = 'SCRIPT_ERR_INVALID_STACK_OPERATION';
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Subset of script starting at the most recent codeseparator
|
|
|
|
var subscript = Script().set({
|
|
|
|
chunks: this.script.chunks.slice(this.pbegincodehash)
|
|
|
|
});
|
|
|
|
|
|
|
|
// Drop the signatures, since there's no way for a signature to sign itself
|
|
|
|
for (var k = 0; k < nSigsCount; k++) {
|
|
|
|
var bufSig = this.stack[this.stack.length - isig - k];
|
|
|
|
subscript.findAndDelete(Script().add(bufSig));
|
|
|
|
}
|
|
|
|
|
|
|
|
var fSuccess = true;
|
|
|
|
while (fSuccess && nSigsCount > 0) {
|
|
|
|
// valtype& vchSig = stacktop(-isig);
|
|
|
|
var bufSig = this.stack[this.stack.length - isig];
|
|
|
|
// valtype& vchPubKey = stacktop(-ikey);
|
|
|
|
var bufPubkey = this.stack[this.stack.length - ikey];
|
|
|
|
|
|
|
|
if (!this.checkSignatureEncoding(bufSig) || !this.checkPubkeyEncoding(bufPubkey)) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
var fOk;
|
|
|
|
try {
|
|
|
|
var sig = Signature.fromTxFormat(bufSig);
|
|
|
|
var pubkey = PublicKey.fromBuffer(bufPubkey, false);
|
|
|
|
fOk = this.tx.verify(sig, pubkey, this.nin, subscript);
|
|
|
|
} catch (e) {
|
|
|
|
//invalid sig or pubkey
|
|
|
|
fOk = false;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (fOk) {
|
|
|
|
isig++;
|
|
|
|
nSigsCount--;
|
|
|
|
}
|
|
|
|
ikey++;
|
|
|
|
nKeysCount--;
|
|
|
|
|
|
|
|
// If there are more signatures left than keys left,
|
|
|
|
// then too many signatures have failed
|
|
|
|
if (nSigsCount > nKeysCount) {
|
|
|
|
fSuccess = false;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// Clean up stack of actual arguments
|
|
|
|
while (i-- > 1) {
|
|
|
|
this.stack.pop();
|
|
|
|
}
|
|
|
|
|
|
|
|
// A bug causes CHECKMULTISIG to consume one extra argument
|
|
|
|
// whose contents were not checked in any way.
|
|
|
|
//
|
|
|
|
// Unfortunately this is a potential source of mutability,
|
|
|
|
// so optionally verify it is exactly equal to zero prior
|
|
|
|
// to removing it from the stack.
|
|
|
|
if (this.stack.length < 1) {
|
|
|
|
this.errstr = 'SCRIPT_ERR_INVALID_STACK_OPERATION';
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
if ((this.flags & ScriptInterpreter.SCRIPT_VERIFY_NULLDUMMY) && this.stack[this.stack.length - 1].length) {
|
|
|
|
this.errstr = 'SCRIPT_ERR_SIG_NULLDUMMY';
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
this.stack.pop();
|
|
|
|
|
|
|
|
this.stack.push(fSuccess ? ScriptInterpreter.true : ScriptInterpreter.false);
|
|
|
|
|
|
|
|
if (opcodenum === Opcode.OP_CHECKMULTISIGVERIFY) {
|
|
|
|
if (fSuccess)
|
|
|
|
this.stack.pop();
|
|
|
|
else {
|
|
|
|
this.errstr = 'SCRIPT_ERR_CHECKMULTISIGVERIFY';
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
|
|
|
|
default:
|
|
|
|
this.errstr = 'SCRIPT_ERR_BAD_OPCODE';
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Verifies a Script by executing it and returns true if it is valid.
|
|
|
|
* This function needs to be provided with the scriptSig and the scriptPubkey
|
|
|
|
* separately.
|
|
|
|
* @param {Script} scriptSig - the script's first part (corresponding to the tx input)
|
|
|
|
* @param {Script} scriptPubkey - the script's last part (corresponding to the tx output)
|
|
|
|
* @param {Transaction} [tx] - the Transaction containing the scriptSig in one input (used
|
|
|
|
* to check signature validity for some opcodes like OP_CHECKSIG)
|
|
|
|
* @param {number} nin - index of the transaction input containing the scriptSig verified.
|
|
|
|
* @param {number} flags - evaluation flags. See ScriptInterpreter.SCRIPT_* constants
|
|
|
|
*
|
|
|
|
* Translated from bitcoind's VerifyScript
|
|
|
|
*/
|
|
|
|
ScriptInterpreter.prototype.verify = function(scriptSig, scriptPubkey, tx, nin, flags) {
|
|
|
|
if (_.isUndefined(tx)) {
|
|
|
|
tx = new Transaction();
|
|
|
|
}
|
|
|
|
if (_.isUndefined(nin)) {
|
|
|
|
nin = 0;
|
|
|
|
}
|
|
|
|
if (_.isUndefined(flags)) {
|
|
|
|
flags = 0;
|
|
|
|
}
|
|
|
|
this.set({
|
|
|
|
script: scriptSig,
|
|
|
|
tx: tx,
|
|
|
|
nin: nin,
|
|
|
|
flags: flags
|
|
|
|
});
|
|
|
|
|
|
|
|
if ((flags & ScriptInterpreter.SCRIPT_VERIFY_SIGPUSHONLY) != 0 && !scriptSig.isPushOnly()) {
|
|
|
|
this.errstr = 'SCRIPT_ERR_SIG_PUSHONLY';
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
// evaluate scriptSig
|
|
|
|
if (!this.evaluate()) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (flags & ScriptInterpreter.SCRIPT_VERIFY_P2SH)
|
|
|
|
var stackCopy = this.stack.slice();
|
|
|
|
|
|
|
|
var stack = this.stack;
|
|
|
|
this.initialize();
|
|
|
|
this.set({
|
|
|
|
script: scriptPubkey,
|
|
|
|
stack: stack,
|
|
|
|
tx: tx,
|
|
|
|
nin: nin,
|
|
|
|
flags: flags
|
|
|
|
});
|
|
|
|
|
|
|
|
// evaluate scriptPubkey
|
|
|
|
if (!this.evaluate())
|
|
|
|
return false;
|
|
|
|
|
|
|
|
if (this.stack.length === 0) {
|
|
|
|
this.errstr = 'SCRIPT_ERR_EVAL_FALSE_NO_RESULT';
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
var buf = this.stack[this.stack.length - 1];
|
|
|
|
if (!ScriptInterpreter.castToBool(buf)) {
|
|
|
|
this.errstr = 'SCRIPT_ERR_EVAL_FALSE_IN_STACK';
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Additional validation for spend-to-script-hash transactions:
|
|
|
|
if ((flags & ScriptInterpreter.SCRIPT_VERIFY_P2SH) && scriptPubkey.isScriptHashOut()) {
|
|
|
|
// scriptSig must be literals-only or validation fails
|
|
|
|
if (!scriptSig.isPushOnly()) {
|
|
|
|
this.errstr = 'SCRIPT_ERR_SIG_PUSHONLY';
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
// stackCopy cannot be empty here, because if it was the
|
|
|
|
// P2SH HASH <> EQUAL scriptPubKey would be evaluated with
|
|
|
|
// an empty stack and the EvalScript above would return false.
|
|
|
|
if (stackCopy.length === 0)
|
|
|
|
throw new Error('internal error - stack copy empty');
|
|
|
|
|
|
|
|
var redeemScriptSerialized = stackCopy[stackCopy.length - 1];
|
|
|
|
var redeemScript = Script.fromBuffer(redeemScriptSerialized);
|
|
|
|
stackCopy.pop();
|
|
|
|
|
|
|
|
this.initialize();
|
|
|
|
this.set({
|
|
|
|
script: redeemScript,
|
|
|
|
stack: stackCopy,
|
|
|
|
tx: tx,
|
|
|
|
nin: nin,
|
|
|
|
flags: flags
|
|
|
|
});
|
|
|
|
|
|
|
|
// evaluate redeemScript
|
|
|
|
if (!this.evaluate())
|
|
|
|
return false;
|
|
|
|
|
|
|
|
if (stackCopy.length === 0) {
|
|
|
|
this.errstr = 'SCRIPT_ERR_EVAL_FALSE_NO_P2SH_STACK';
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!ScriptInterpreter.castToBool(stackCopy[stackCopy.length - 1])) {
|
|
|
|
this.errstr = 'SCRIPT_ERR_EVAL_FALSE_IN_P2SH_STACK';
|
|
|
|
return false;
|
|
|
|
} else {
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return true;
|
|
|
|
};
|