You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 

244 lines
6.4 KiB

'use strict';
// inspired in bitcoin core test:
// https://github.com/bitcoin/bitcoin/blob/7d49a9173ab636d118c2a81fc3c3562192e7813a/src/test/sighash_tests.cpp
var chai = chai || require('chai');
var should = chai.should();
var bitcore = bitcore || require('../bitcore');
var Transaction = bitcore.Transaction;
var Script = bitcore.Script;
var Opcode = bitcore.Opcode;
var util = bitcore.util;
var Put = bitcore.Put;
var Put = require('bufferput');
var buffertools = require('buffertools');
var testdata = testdata || require('./testdata');
var seed = 1;
// seedable pseudo-random function
var random = function() {
var x = Math.sin(seed++) * 10000;
return x - Math.floor(x);
};
var randInt = function(low, high) {
return Math.floor(random() * (high - low + 1) + low);
};
var randUIntN = function(nBits) {
return randInt(0, Math.pow(2, nBits));
};
var randUInt32 = function() {
return randUIntN(32);
};
var randBool = function() {
return random() < 0.5;
};
var hexAlphabet = '0123456789abcdef';
var randHex = function() {
return hexAlphabet[randInt(0, 15)];
};
var randHexN = function(n) {
var s = '';
while (n--) {
s += randHex();
}
return s;
};
var randTxHash = function() {
return randHexN(64);
};
var randPick = function(list) {
return list[randInt(0, list.length - 1)];
};
var opList = Opcode.asList();
var randomScript = function() {
var s = new Script();
var ops = randInt(0, 10);
for (var i = 0; i < ops; i++) {
var op = randPick(opList);
s.writeOp(Opcode.map[op]);
}
return s;
};
var randomTx = function(single) {
var tx = new Transaction({
version: randUInt32(),
lock_time: randBool() ? randUInt32() : 0
});
var insN = randInt(1, 5);
var outsN = single ? insN : randInt(1, 5);
for (var i = 0; i < insN; i++) {
var txin = new Transaction.In({
oTxHash: randTxHash(),
oIndex: randInt(0, 4),
script: randomScript().serialize(),
sequence: randBool() ? randUInt32() : 0xffffffff
});
tx.ins.push(txin);
}
for (i = 0; i < outsN; i++) {
var txout = new Transaction.Out({
value: new Buffer(8),
script: randomScript().serialize()
});
tx.outs.push(txout);
}
return tx;
};
var signatureHashOld = function(tx, script, inIndex, hashType) {
if (+inIndex !== inIndex ||
inIndex < 0 || inIndex >= tx.ins.length) {
throw new Error('Input index "' + inIndex + '" invalid or out of bounds ' +
'(' + tx.ins.length + ' inputs)');
}
// Clone transaction
var txTmp = new Transaction();
tx.ins.forEach(function(txin) {
txTmp.ins.push(new Transaction.In(txin));
});
tx.outs.forEach(function(txout) {
txTmp.outs.push(new Transaction.Out(txout));
});
txTmp.version = tx.version;
txTmp.lock_time = tx.lock_time;
// In case concatenating two scripts ends up with two codeseparators,
// or an extra one at the end, this prevents all those possible
// incompatibilities.
script.findAndDelete(Opcode.map.OP_CODESEPARATOR);
// Get mode portion of hashtype
var hashTypeMode = hashType & 0x1f;
// Generate modified transaction data for hash
var bytes = (new Put());
bytes.word32le(tx.version);
// Serialize inputs
if (hashType & Transaction.SIGHASH_ANYONECANPAY) {
// Blank out all inputs except current one, not recommended for open
// transactions.
bytes.varint(1);
bytes.put(tx.ins[inIndex].o);
bytes.varint(script.buffer.length);
bytes.put(script.buffer);
bytes.word32le(tx.ins[inIndex].q);
} else {
bytes.varint(tx.ins.length);
for (var i = 0, l = tx.ins.length; i < l; i++) {
var txin = tx.ins[i];
bytes.put(txin.o);
// Current input's script gets set to the script to be signed, all others
// get blanked.
if (inIndex === i) {
bytes.varint(script.buffer.length);
bytes.put(script.buffer);
} else {
bytes.varint(0);
}
if (hashTypeMode === Transaction.SIGHASH_NONE && inIndex !== i) {
bytes.word32le(0);
} else {
bytes.word32le(tx.ins[i].q);
}
}
}
// Serialize outputs
if (hashTypeMode === Transaction.SIGHASH_NONE) {
bytes.varint(0);
} else {
var outsLen;
if (hashTypeMode === Transaction.SIGHASH_SINGLE) {
if (inIndex >= txTmp.outs.length) {
// bug present in bitcoind which must be also present in bitcore
// Transaction.hashForSignature(): SIGHASH_SINGLE
// no corresponding txout found - out of bounds
var ret = new Buffer(1);
ret.writeUInt8(1, 0);
return ret; // return 1 bug
}
outsLen = inIndex + 1;
} else {
outsLen = tx.outs.length;
}
bytes.varint(outsLen);
for (var i = 0; i < outsLen; i++) {
if (hashTypeMode === Transaction.SIGHASH_SINGLE && i !== inIndex) {
// Zero all outs except the one we want to keep
bytes.put(util.INT64_MAX);
bytes.varint(0);
} else {
bytes.put(tx.outs[i].v);
bytes.varint(tx.outs[i].s.length);
bytes.put(tx.outs[i].s);
}
}
}
bytes.word32le(tx.lock_time);
var buffer = bytes.buffer();
// Append hashType
buffer = Buffer.concat([buffer, new Buffer([parseInt(hashType), 0, 0, 0])]);
return util.twoSha256(buffer);
};
describe('Transaction sighash (#hashForSignature)', function() {
for (var i = 0; i < 250; i++) {
it.skip('should hash correctly random tx #' + (i + 1), function() {
var tx = randomTx();
var l = tx.ins.length;
for (var i = 0; i < l; i++) {
var script = randomScript();
var hashType = randUInt32();
var h = buffertools.toHex(tx.hashForSignature(script, i, hashType));
var oh = buffertools.toHex(signatureHashOld(tx, script, i, hashType));
h.should.equal(oh);
}
});
}
testdata.dataSighash.forEach(function(datum) {
if (datum.length < 5) return;
var raw_tx = new Buffer(datum[0], 'hex');
var scriptPubKey = new Script(new Buffer(datum[1], 'hex'));
var input_index = parseInt(datum[2]);
var hashType = parseInt(datum[3]);
var sighash = datum[4];
it('should validate correctly ' + buffertools.toHex(raw_tx), function() {
var tx = new Transaction();
tx.parse(raw_tx);
var ser_tx = buffertools.toHex(tx.serialize());
ser_tx.should.equal(buffertools.toHex(raw_tx));
var h = buffertools.toHex(tx.hashForSignature(scriptPubKey, input_index, hashType));
h.should.equal(sighash); // compare our output with bitcoind's
});
});
});