You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

1108 lines
32 KiB

var imports = require('soop').imports();
var config = imports.config || require('./config');
var log = imports.log || require('./util/log');
var util = imports.util || require('./util/util');
var Opcode = imports.Opcode || require('./Opcode');
var buffertools = imports.buffertools || require('buffertools');
var bignum = imports.bignum || require('bignum');
var Util = imports.Util || require('./util/util');
var Script = require('./Script');
var Key = require('./Key');
var SIGHASH_ALL = 1;
var SIGHASH_NONE = 2;
var SIGHASH_SINGLE = 3;
var SIGHASH_ANYONECANPAY = 80;
// Make opcodes available as pseudo-constants
for (var i in Opcode.map) {
eval(i + " = " + Opcode.map[i] + ";");
}
var intToBufferSM = Util.intToBufferSM
var bufferSMToInt = Util.bufferSMToInt;
function ScriptInterpreter(opts) {
this.opts = opts || {};
this.stack = [];
this.disableUnsafeOpcodes = true;
};
ScriptInterpreter.prototype.eval = function eval(script, tx, inIndex, hashType, callback) {
if ("function" !== typeof callback) {
throw new Error("ScriptInterpreter.eval() requires a callback");
}
console.log('eval script '+script.toHumanReadable());
var pc = 0;
var execStack = [];
var altStack = [];
var hashStart = 0;
var opCount = 0;
if (script.buffer.length > 10000) {
callback(new Error("Oversized script (> 10k bytes)"));
return this;
}
// Start execution by running the first step
executeStep.call(this, callback);
function executeStep(cb) {
// Once all chunks have been processed, execution ends
if (pc >= script.chunks.length) {
// Execution stack must be empty at the end of the script
if (execStack.length) {
cb(new Error("Execution stack ended non-empty"));
return;
}
// Execution successful (Note that we still have to check whether the
// final stack contains a truthy value.)
cb(null);
return;
}
// The execution bit is true if there are no "false" values in the
// execution stack. (A "false" value indicates that we're in the
// inactive branch of an if statement.)
var exec = !~execStack.indexOf(false);
var opcode = script.chunks[pc++];
if (opcode.length > 520) {
throw new Error("Max push value size exceeded (>520)");
}
if (opcode > OP_16 && ++opCount > 201) {
throw new Error("Opcode limit exceeded (>200)");
}
if (this.disableUnsafeOpcodes &&
"number" === typeof opcode &&
(opcode === OP_CAT ||
opcode === OP_SUBSTR ||
opcode === OP_LEFT ||
opcode === OP_RIGHT ||
opcode === OP_INVERT ||
opcode === OP_AND ||
opcode === OP_OR ||
opcode === OP_XOR ||
opcode === OP_2MUL ||
opcode === OP_2DIV ||
opcode === OP_MUL ||
opcode === OP_DIV ||
opcode === OP_MOD ||
opcode === OP_LSHIFT ||
opcode === OP_RSHIFT)) {
throw new Error("Encountered a disabled opcode");
}
if (exec && Buffer.isBuffer(opcode)) {
this.stack.push(opcode);
} else if (exec || (OP_IF <= opcode && opcode <= OP_ENDIF))
switch (opcode) {
case OP_0:
this.stack.push(new Buffer([]));
break;
case OP_1NEGATE:
case OP_1:
case OP_2:
case OP_3:
case OP_4:
case OP_5:
case OP_6:
case OP_7:
case OP_8:
case OP_9:
case OP_10:
case OP_11:
case OP_12:
case OP_13:
case OP_14:
case OP_15:
case OP_16:
var opint = opcode - OP_1 + 1;
var opbuf = intToBufferSM(opint);
this.stack.push(opbuf);
break;
case OP_NOP:
case OP_NOP1:
case OP_NOP2:
case OP_NOP3:
case OP_NOP4:
case OP_NOP5:
case OP_NOP6:
case OP_NOP7:
case OP_NOP8:
case OP_NOP9:
case OP_NOP10:
break;
case OP_IF:
case OP_NOTIF:
// <expression> if [statements] [else [statements]] endif
var value = false;
if (exec) {
value = castBool(this.stackPop());
if (opcode === OP_NOTIF) {
value = !value;
}
}
execStack.push(value);
break;
case OP_ELSE:
if (execStack.length < 1) {
throw new Error("Unmatched OP_ELSE");
}
execStack[execStack.length - 1] = !execStack[execStack.length - 1];
break;
case OP_ENDIF:
if (execStack.length < 1) {
throw new Error("Unmatched OP_ENDIF");
}
execStack.pop();
break;
case OP_VERIFY:
var value = castBool(this.stackTop());
if (value) {
this.stackPop();
} else {
throw new Error("OP_VERIFY negative");
}
break;
case OP_RETURN:
throw new Error("OP_RETURN");
case OP_TOALTSTACK:
altStack.push(this.stackPop());
break;
case OP_FROMALTSTACK:
if (altStack.length < 1) {
throw new Error("OP_FROMALTSTACK with alt stack empty");
}
this.stack.push(altStack.pop());
break;
case OP_2DROP:
// (x1 x2 -- )
this.stackPop();
this.stackPop();
break;
case OP_2DUP:
// (x1 x2 -- x1 x2 x1 x2)
var v1 = this.stackTop(2);
var v2 = this.stackTop(1);
this.stack.push(v1);
this.stack.push(v2);
break;
case OP_3DUP:
// (x1 x2 -- x1 x2 x1 x2)
var v1 = this.stackTop(3);
var v2 = this.stackTop(2);
var v3 = this.stackTop(1);
this.stack.push(v1);
this.stack.push(v2);
this.stack.push(v3);
break;
case OP_2OVER:
// (x1 x2 x3 x4 -- x1 x2 x3 x4 x1 x2)
var v1 = this.stackTop(4);
var v2 = this.stackTop(3);
this.stack.push(v1);
this.stack.push(v2);
break;
case OP_2ROT:
// (x1 x2 x3 x4 x5 x6 -- x3 x4 x5 x6 x1 x2)
var v1 = this.stackTop(6);
var v2 = this.stackTop(5);
this.stack.splice(this.stack.length - 6, 2);
this.stack.push(v1);
this.stack.push(v2);
break;
case OP_2SWAP:
// (x1 x2 x3 x4 -- x3 x4 x1 x2)
this.stackSwap(4, 2);
this.stackSwap(3, 1);
break;
case OP_IFDUP:
// (x - 0 | x x)
var value = this.stackTop();
if (castBool(value)) {
this.stack.push(value);
}
break;
case OP_DEPTH:
// -- stacksize
var value = bignum(this.stack.length);
this.stack.push(intToBufferSM(value));
break;
case OP_DROP:
// (x -- )
this.stackPop();
break;
case OP_DUP:
// (x -- x x)
this.stack.push(this.stackTop());
break;
case OP_NIP:
// (x1 x2 -- x2)
if (this.stack.length < 2) {
throw new Error("OP_NIP insufficient stack size");
}
this.stack.splice(this.stack.length - 2, 1);
break;
case OP_OVER:
// (x1 x2 -- x1 x2 x1)
this.stack.push(this.stackTop(2));
break;
case OP_PICK:
case OP_ROLL:
// (xn ... x2 x1 x0 n - xn ... x2 x1 x0 xn)
// (xn ... x2 x1 x0 n - ... x2 x1 x0 xn)
var n = castInt(this.stackPop());
if (n < 0 || n >= this.stack.length) {
throw new Error("OP_PICK/OP_ROLL insufficient stack size");
}
var value = this.stackTop(n + 1);
if (opcode === OP_ROLL) {
this.stack.splice(this.stack.length - n - 1, 1);
}
this.stack.push(value);
break;
case OP_ROT:
// (x1 x2 x3 -- x2 x3 x1)
// x2 x1 x3 after first swap
// x2 x3 x1 after second swap
this.stackSwap(3, 2);
this.stackSwap(2, 1);
break;
case OP_SWAP:
// (x1 x2 -- x2 x1)
this.stackSwap(2, 1);
break;
case OP_TUCK:
// (x1 x2 -- x2 x1 x2)
if (this.stack.length < 2) {
throw new Error("OP_TUCK insufficient stack size");
}
this.stack.splice(this.stack.length - 2, 0, this.stackTop());
break;
case OP_CAT:
// (x1 x2 -- out)
var v1 = this.stackTop(2);
var v2 = this.stackTop(1);
this.stackPop();
this.stackPop();
this.stack.push(Buffer.concat([v1, v2]));
break;
case OP_SUBSTR:
// (in begin size -- out)
var buf = this.stackTop(3);
var start = castInt(this.stackTop(2));
var len = castInt(this.stackTop(1));
if (start < 0 || len < 0) {
throw new Error("OP_SUBSTR start < 0 or len < 0");
}
if ((start + len) >= buf.length) {
throw new Error("OP_SUBSTR range out of bounds");
}
this.stackPop();
this.stackPop();
this.stack[this.stack.length - 1] = buf.slice(start, start + len);
break;
case OP_LEFT:
case OP_RIGHT:
// (in size -- out)
var buf = this.stackTop(2);
var size = castInt(this.stackTop(1));
if (size < 0) {
throw new Error("OP_LEFT/OP_RIGHT size < 0");
}
if (size > buf.length) {
size = buf.length;
}
this.stackPop();
if (opcode === OP_LEFT) {
this.stack[this.stack.length - 1] = buf.slice(0, size);
} else {
this.stack[this.stack.length - 1] = buf.slice(buf.length - size);
}
break;
case OP_SIZE:
// (in -- in size)
var value = bignum(this.stackTop().length);
this.stack.push(intToBufferSM(value));
break;
case OP_INVERT:
// (in - out)
var buf = this.stackTop();
for (var i = 0, l = buf.length; i < l; i++) {
buf[i] = ~buf[i];
}
break;
case OP_AND:
case OP_OR:
case OP_XOR:
// (x1 x2 - out)
var v1 = this.stackTop(2);
var v2 = this.stackTop(1);
this.stackPop();
this.stackPop();
var out = new Buffer(Math.max(v1.length, v2.length));
if (opcode === OP_AND) {
for (var i = 0, l = out.length; i < l; i++) {
out[i] = v1[i] & v2[i];
}
} else if (opcode === OP_OR) {
for (var i = 0, l = out.length; i < l; i++) {
out[i] = v1[i] | v2[i];
}
} else if (opcode === OP_XOR) {
for (var i = 0, l = out.length; i < l; i++) {
out[i] = v1[i] ^ v2[i];
}
}
this.stack.push(out);
break;
case OP_EQUAL:
case OP_EQUALVERIFY:
//case OP_NOTEQUAL: // use OP_NUMNOTEQUAL
// (x1 x2 - bool)
var v1 = this.stackTop(2);
var v2 = this.stackTop(1);
var value = buffertools.compare(v1, v2) === 0;
// OP_NOTEQUAL is disabled because it would be too easy to say
// something like n != 1 and have some wiseguy pass in 1 with extra
// zero bytes after it (numerically, 0x01 == 0x0001 == 0x000001)
//if (opcode == OP_NOTEQUAL)
// fEqual = !fEqual;
this.stackPop();
this.stackPop();
this.stack.push(new Buffer([value ? 1 : 0]));
if (opcode === OP_EQUALVERIFY) {
if (value) {
this.stackPop();
} else {
throw new Error("OP_EQUALVERIFY negative");
}
}
break;
case OP_1ADD:
case OP_1SUB:
case OP_2MUL:
case OP_2DIV:
case OP_NEGATE:
case OP_ABS:
case OP_NOT:
case OP_0NOTEQUAL:
// (in -- out)
var num = bufferSMToInt(this.stackTop());
switch (opcode) {
case OP_1ADD:
num = num.add(bignum(1));
break;
case OP_1SUB:
num = num.sub(bignum(1));
break;
case OP_2MUL:
num = num.mul(bignum(2));
break;
case OP_2DIV:
num = num.div(bignum(2));
break;
case OP_NEGATE:
num = num.neg();
break;
case OP_ABS:
num = num.abs();
break;
case OP_NOT:
num = bignum(num.cmp(0) == 0 ? 1 : 0);
break;
case OP_0NOTEQUAL:
num = bignum(num.cmp(0) == 0 ? 0 : 1);
break;
}
this.stack[this.stack.length - 1] = intToBufferSM(num);
break;
case OP_ADD:
case OP_SUB:
case OP_MUL:
case OP_DIV:
case OP_MOD:
case OP_LSHIFT:
case OP_RSHIFT:
case OP_BOOLAND:
case OP_BOOLOR:
case OP_NUMEQUAL:
case OP_NUMEQUALVERIFY:
case OP_NUMNOTEQUAL:
case OP_LESSTHAN:
case OP_GREATERTHAN:
case OP_LESSTHANOREQUAL:
case OP_GREATERTHANOREQUAL:
case OP_MIN:
case OP_MAX:
// (x1 x2 -- out)
var v1 = bufferSMToInt(this.stackTop(2));
var v2 = bufferSMToInt(this.stackTop(1));
var num;
switch (opcode) {
case OP_ADD:
num = v1.add(v2);
break;
case OP_SUB:
num = v1.sub(v2);
break;
case OP_MUL:
num = v1.mul(v2);
break;
case OP_DIV:
num = v1.div(v2);
break;
case OP_MOD:
num = v1.mod(v2);
break;
case OP_LSHIFT:
if (v2.cmp(0) < 0 || v2.cmp(2048) > 0) {
throw new Error("OP_LSHIFT parameter out of bounds");
}
num = v1.shiftLeft(v2);
break;
case OP_RSHIFT:
if (v2.cmp(0) < 0 || v2.cmp(2048) > 0) {
throw new Error("OP_RSHIFT parameter out of bounds");
}
num = v1.shiftRight(v2);
break;
case OP_BOOLAND:
num = bignum((v1.cmp(0) != 0 && v2.cmp(0) != 0) ? 1 : 0);
break;
case OP_BOOLOR:
num = bignum((v1.cmp(0) != 0 || v2.cmp(0) != 0) ? 1 : 0);
break;
case OP_NUMEQUAL:
case OP_NUMEQUALVERIFY:
num = bignum(v1.cmp(v2) == 0 ? 1 : 0);
break;
case OP_NUMNOTEQUAL:
;
num = bignum(v1.cmp(v2) != 0 ? 1 : 0);
break;
case OP_LESSTHAN:
num = bignum(v1.lt(v2) ? 1 : 0);
break;
case OP_GREATERTHAN:
num = bignum(v1.gt(v2) ? 1 : 0);
break;
case OP_LESSTHANOREQUAL:
num = bignum(v1.gt(v2) ? 0 : 1);
break;
case OP_GREATERTHANOREQUAL:
num = bignum(v1.lt(v2) ? 0 : 1);
break;
case OP_MIN:
num = (v1.lt(v2) ? v1 : v2);
break;
case OP_MAX:
num = (v1.gt(v2) ? v1 : v2);
break;
}
this.stackPop();
this.stackPop();
this.stack.push(intToBufferSM(num));
if (opcode === OP_NUMEQUALVERIFY) {
if (castBool(this.stackTop())) {
this.stackPop();
} else {
throw new Error("OP_NUMEQUALVERIFY negative");
}
}
break;
case OP_WITHIN:
// (x min max -- out)
var v1 = bufferSMToInt(this.stackTop(3));
var v2 = bufferSMToInt(this.stackTop(2));
var v3 = bufferSMToInt(this.stackTop(1));
this.stackPop();
this.stackPop();
this.stackPop();
var value = v1.cmp(v2) >= 0 && v1.cmp(v3) < 0;
this.stack.push(intToBufferSM(value ? 1 : 0));
break;
case OP_RIPEMD160:
case OP_SHA1:
case OP_SHA256:
case OP_HASH160:
case OP_HASH256:
// (in -- hash)
var value = this.stackPop();
var hash;
if (opcode === OP_RIPEMD160) {
hash = Util.ripe160(value);
} else if (opcode === OP_SHA1) {
hash = Util.sha1(value);
} else if (opcode === OP_SHA256) {
hash = Util.sha256(value);
} else if (opcode === OP_HASH160) {
hash = Util.sha256ripe160(value);
} else if (opcode === OP_HASH256) {
hash = Util.twoSha256(value);
}
this.stack.push(hash);
break;
case OP_CODESEPARATOR:
// Hash starts after the code separator
hashStart = pc;
break;
case OP_CHECKSIG:
case OP_CHECKSIGVERIFY:
// (sig pubkey -- bool)
var sig = this.stackTop(2);
var pubkey = this.stackTop(1);
// Get the part of this script since the last OP_CODESEPARATOR
var scriptChunks = script.chunks.slice(hashStart);
// Convert to binary
var scriptCode = Script.fromChunks(scriptChunks);
// Remove signature if present (a signature can't sign itself)
scriptCode.findAndDelete(sig);
// check canonical signature
this.isCanonicalSignature(new Buffer(sig));
// Verify signature
checkSig(sig, pubkey, scriptCode, tx, inIndex, hashType, function(e, result) {
var success;
if (e) {
// We intentionally ignore errors during signature verification and
// treat these cases as an invalid signature.
success = false;
} else {
success = result;
}
// Update stack
this.stackPop();
this.stackPop();
this.stack.push(new Buffer([success ? 1 : 0]));
if (opcode === OP_CHECKSIGVERIFY) {
if (success) {
this.stackPop();
} else {
throw new Error("OP_CHECKSIGVERIFY negative");
}
}
// Run next step
executeStep.call(this, cb);
}.bind(this));
// Note that for asynchronous opcodes we have to return here to prevent
// the next opcode from being executed.
return;
case OP_CHECKMULTISIG:
case OP_CHECKMULTISIGVERIFY:
// ([sig ...] num_of_signatures [pubkey ...] num_of_pubkeys -- bool)
var keysCount = castInt(this.stackPop());
if (keysCount < 0 || keysCount > 20) {
throw new Error("OP_CHECKMULTISIG keysCount out of bounds");
}
opCount += keysCount;
if (opCount > 201) {
throw new Error("Opcode limit exceeded (>200)");
}
var keys = [];
for (var i = 0, l = keysCount; i < l; i++) {
var pubkey = this.stackPop()
keys.push(pubkey);
}
var sigsCount = castInt(this.stackPop());
if (sigsCount < 0 || sigsCount > keysCount) {
throw new Error("OP_CHECKMULTISIG sigsCount out of bounds");
}
var sigs = [];
for (var i = 0, l = sigsCount; i < l; i++) {
sigs.push(this.stackPop());
}
// The original client has a bug where it pops an extra element off the
// stack. It can't be fixed without causing a chain split and we need to
// imitate this behavior as well.
this.stackPop();
// Get the part of this script since the last OP_CODESEPARATOR
var scriptChunks = script.chunks.slice(hashStart);
// Convert to binary
var scriptCode = Script.fromChunks(scriptChunks);
var that = this;
sigs.forEach(function(sig) {
// check each signature is canonical
that.isCanonicalSignature(new Buffer(sig));
// Drop the signatures for the subscript, since a signature can't sign itself
scriptCode.findAndDelete(sig);
});
var success = true,
isig = 0,
ikey = 0;
checkMultiSigStep.call(this);
function checkMultiSigStep() {
if (success && sigsCount > 0) {
var sig = sigs[isig];
var pubkey = keys[ikey];
checkSig(sig, pubkey, scriptCode, tx, inIndex, hashType, function(e, result) {
if (!e && result) {
console.log('sig '+isig+' succeeded with key '+ikey);
isig++;
sigsCount--;
} else {
console.log('key '+ikey+' failed to verify sig '+isig+': '+e +' '+result);
ikey++;
keysCount--;
// If there are more signatures than keys left, then too many
// signatures have failed
if (sigsCount > keysCount) {
console.log('CHECKMULTISIG sigsCount > keysCount');
success = false;
}
}
checkMultiSigStep.call(this);
}.bind(this));
} else {
this.stack.push(new Buffer([success ? 1 : 0]));
if (opcode === OP_CHECKMULTISIGVERIFY) {
if (success) {
this.stackPop();
} else {
throw new Error("OP_CHECKMULTISIGVERIFY negative");
}
}
// Run next step
executeStep.call(this, cb);
}
};
// Note that for asynchronous opcodes we have to return here to prevent
// the next opcode from being executed.
return;
default:
throw new Error("Unknown opcode encountered");
}
// Size limits
if ((this.stack.length + altStack.length) > 1000) {
throw new Error("Maximum stack size exceeded");
}
// Run next step
if (false && pc % 100) {
// V8 allows for much deeper stacks than Bitcoin's scripting language,
// but just to be safe, we'll reset the stack every 100 steps
process.nextTick(executeStep.bind(this, cb));
} else {
executeStep.call(this, cb);
}
}
};
ScriptInterpreter.prototype.evalTwo =
function evalTwo(scriptSig, scriptPubkey, tx, n, hashType, callback) {
var self = this;
self.eval(scriptSig, tx, n, hashType, function(e) {
if (e) {
callback(e)
return;
}
self.eval(scriptPubkey, tx, n, hashType, callback);
});
};
/**
* Get the top element of the stack.
*
* Using the offset parameter this function can also access lower elements
* from the stack.
*/
ScriptInterpreter.prototype.stackTop = function stackTop(offset) {
offset = +offset || 1;
if (offset < 1) offset = 1;
if (offset > this.stack.length) {
throw new Error('ScriptInterpreter.stackTop(): Stack underrun');
}
return this.stack[this.stack.length - offset];
};
ScriptInterpreter.prototype.stackBack = function stackBack() {
return this.stack[this.stack.length - 1];
};
/**
* Pop the top element off the stack and return it.
*/
ScriptInterpreter.prototype.stackPop = function stackPop() {
if (this.stack.length < 1) {
throw new Error('ScriptInterpreter.stackTop(): Stack underrun');
}
return this.stack.pop();
};
ScriptInterpreter.prototype.stackSwap = function stackSwap(a, b) {
if (this.stack.length < a || this.stack.length < b) {
throw new Error('ScriptInterpreter.stackTop(): Stack underrun');
}
var s = this.stack,
l = s.length;
var tmp = s[l - a];
s[l - a] = s[l - b];
s[l - b] = tmp;
};
/**
* Returns a version of the stack with only primitive types.
*
* The return value is an array. Any single byte buffer is converted to an
* integer. Any longer Buffer is converted to a hex string.
*/
ScriptInterpreter.prototype.getPrimitiveStack = function getPrimitiveStack() {
return this.stack.map(function(chunk) {
if (chunk.length > 2) {
return buffertools.toHex(chunk.slice(0));
}
var num = bufferSMToInt(chunk);
if (num.cmp(-128) >= 0 && num.cmp(127) <= 0) {
return num.toNumber();
} else {
return buffertools.toHex(chunk.slice(0));
}
});
};
var castBool = ScriptInterpreter.castBool = function castBool(v) {
for (var i = 0, l = v.length; i < l; i++) {
if (v[i] != 0) {
// Negative zero is still zero
if (i == (l - 1) && v[i] == 0x80) {
return false;
}
return true;
}
}
return false;
};
var castInt = ScriptInterpreter.castInt = function castInt(v) {
return bufferSMToInt(v).toNumber();
};
ScriptInterpreter.prototype.getResult = function getResult() {
if (this.stack.length === 0) {
throw new Error("Empty stack after script evaluation");
}
return castBool(this.stack[this.stack.length - 1]);
};
// WARN: Use ScriptInterpreter.verifyFull instead
ScriptInterpreter.verify =
function verify(scriptSig, scriptPubKey, tx, n, hashType, callback) {
if ("function" !== typeof callback) {
throw new Error("ScriptInterpreter.verify() requires a callback");
}
// Create execution environment
var si = new ScriptInterpreter();
// Evaluate scripts
si.evalTwo(scriptSig, scriptPubKey, tx, n, hashType, function(err) {
if (err) {
callback(err);
return;
}
// Cast result to bool
var result = si.getResult();
callback(null, result);
});
return si;
};
ScriptInterpreter.prototype.verifyStep4 = function(callback, siCopy) {
// 4th step, check P2SH subscript evaluated to true
if (siCopy.stack.length == 0) {
callback(null, false);
return;
}
callback(null, castBool(siCopy.stackBack()));
}
ScriptInterpreter.prototype.verifyStep3 = function(scriptSig,
scriptPubKey, tx, nIn, hashType, callback, siCopy) {
// 3rd step, check result (stack should contain true)
// if stack is empty, script considered invalid
if (this.stack.length === 0) {
console.log('3rd step: no stack');
callback(null, false);
return;
}
// if top of stack contains false, script evaluated to false
if (castBool(this.stackBack()) == false) {
console.log('3rd step: stack contains false');
callback(null, false);
return;
}
// if not P2SH, script evaluated to true
if (!this.opts.verifyP2SH || !scriptPubKey.isP2SH()) {
console.log('3rd step: done, true');
callback(null, true);
return;
}
// if P2SH, scriptSig should be push-only
if (!scriptSig.isPushOnly()) {
console.log('3rd step: scriptSig should be push only');
callback(null, false);
return;
}
// P2SH script should exist
if (siCopy.length === 0) {
throw new Error('siCopy should have length != 0');
}
var subscript = new Script(siCopy.stackPop());
var that = this;
// evaluate the P2SH subscript
siCopy.eval(subscript, tx, nIn, hashType, function(err) {
console.log('Err 3nd step: '+err);
if (err) return callback(err);
that.verifyStep4(callback, siCopy);
});
};
ScriptInterpreter.prototype.verifyStep2 = function(scriptSig, scriptPubKey,
tx, nIn, hashType, callback, siCopy) {
var siCopy;
if (this.opts.verifyP2SH) {
siCopy = new ScriptInterpreter(this.opts);
this.stack.forEach(function(item) {
siCopy.stack.push(item);
});
}
var that = this;
// 2nd step, evaluate scriptPubKey
this.eval(scriptPubKey, tx, nIn, hashType, function(err) {
console.log('Err 2nd step: '+err);
if (err) return callback(err);
that.verifyStep3(scriptSig, scriptPubKey, tx, nIn,
hashType, callback, siCopy);
});
};
ScriptInterpreter.prototype.verifyFull = function(scriptSig, scriptPubKey,
tx, nIn, hashType, callback) {
var that = this;
// 1st step, evaluate scriptSig
this.eval(scriptSig, tx, nIn, hashType, function(err) {
console.log('Err 1st step: '+err);
if (err) return callback(err);
that.verifyStep2(scriptSig, scriptPubKey, tx, nIn,
hashType, callback);
});
};
ScriptInterpreter.verifyFull =
function verifyFull(scriptSig, scriptPubKey, tx, nIn, hashType,
opts, callback) {
var si = new ScriptInterpreter(opts);
si.verifyFull(scriptSig, scriptPubKey,
tx, nIn, hashType, callback);
};
var checkSig = ScriptInterpreter.checkSig =
function(sig, pubkey, scriptCode, tx, n, hashType, callback) {
// https://en.bitcoin.it/wiki/OP_CHECKSIG#How_it_works
if (!sig.length) {
console.log('sig length 0');
callback(null, false);
return;
}
// If the hash-type value is 0, then it is replaced by the last_byte of the signature.
if (hashType === 0) {
hashType = sig[sig.length - 1];
} else if (hashType != sig[sig.length - 1]) {
console.log('wrong hashtype');
callback(null, false);
return;
}
// Then the last byte of the signature is always deleted. (hashType removed)
sig = sig.slice(0, sig.length - 1);
// Signature verification requires a special hash procedure
console.log('rawtx '+buffertools.toHex(tx.serialize()));
var hash = tx.hashForSignature(scriptCode, n, hashType);
console.log('n ='+n+'; hashType='+hashType);
console.log('hash ='+ buffertools.toHex(hash));
// Verify signature
var key = new Key();
//pubkey = buffertools.reverse(pubkey);
key.public = pubkey;
console.log('pubkey before verification: '+buffertools.toHex(key.public));
console.log('sig before verification: '+buffertools.toHex(sig));
console.log('hash before verification: '+buffertools.toHex(hash));
key.verifySignature(hash, sig, callback);
};
ScriptInterpreter.prototype.isCanonicalSignature = function(sig) {
// See https://bitcointalk.org/index.php?topic=8392.msg127623#msg127623
// A canonical signature exists of: <30> <total len> <02> <len R> <R> <02> <len S> <S> <hashtype>
// Where R and S are not negative (their first byte has its highest bit not set), and not
// excessively padded (do not start with a 0 byte, unless an otherwise negative number follows,
// in which case a single 0 byte is necessary and even required).
if (!Buffer.isBuffer(sig))
throw new Error("arg should be a Buffer");
// TODO: change to opts.verifyStrictEnc to make the default
// behavior not verify, as in bitcoin core
if (this.opts.dontVerifyStrictEnc) return true;
var l = sig.length;
if (l < 9) throw new Error("Non-canonical signature: too short");
if (l > 73) throw new Error("Non-canonical signature: too long");
var nHashType = sig[l - 1] & (~(SIGHASH_ANYONECANPAY));
if (nHashType < SIGHASH_ALL || nHashType > SIGHASH_SINGLE)
throw new Error("Non-canonical signature: unknown hashtype byte");
if (sig[0] !== 0x30)
throw new Error("Non-canonical signature: wrong type");
if (sig[1] !== l - 3)
throw new Error("Non-canonical signature: wrong length marker");
var nLenR = sig[3];
if (5 + nLenR >= l)
throw new Error("Non-canonical signature: S length misplaced");
var nLenS = sig[5 + nLenR];
if ((nLenR + nLenS + 7) !== l)
throw new Error("Non-canonical signature: R+S length mismatch");
var rPos = 4;
var R = new Buffer(nLenR);
sig.copy(R, 0, rPos, rPos + nLenR);
if (sig[rPos - 2] !== 0x02)
throw new Error("Non-canonical signature: R value type mismatch");
if (nLenR == 0)
throw new Error("Non-canonical signature: R length is zero");
if (R[0] & 0x80)
throw new Error("Non-canonical signature: R value negative");
if (nLenR > 1 && (R[0] == 0x00) && !(R[1] & 0x80))
throw new Error("Non-canonical signature: R value excessively padded");
var sPos = 6 + nLenR;
var S = new Buffer(nLenS);
sig.copy(S, 0, sPos, sPos + nLenS);
if (sig[sPos - 2] != 0x02)
throw new Error("Non-canonical signature: S value type mismatch");
if (nLenS == 0)
throw new Error("Non-canonical signature: S length is zero");
if (S[0] & 0x80)
throw new Error("Non-canonical signature: S value negative");
if (nLenS > 1 && (S[0] == 0x00) && !(S[1] & 0x80))
throw new Error("Non-canonical signature: S value excessively padded");
if (this.opts.verifyEvenS) {
if (S[nLenS - 1] & 1)
throw new Error("Non-canonical signature: S value odd");
}
return true;
};
module.exports = require('soop')(ScriptInterpreter);