]> Git Repo - VerusCoin.git/blame - src/script.cpp
projects / VerusCoin.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge branch 'master' into async-ipv6-rpc
[VerusCoin.git] / src / script.cpp
CommitLineData
0a61b0df 1// Copyright (c) 2009-2010 Satoshi Nakamoto
88216419 2// Copyright (c) 2009-2012 The Bitcoin developers
0a61b0df 3// Distributed under the MIT/X11 software license, see the accompanying
3a25a2b9 4// file COPYING or http://www.opensource.org/licenses/mit-license.php.
ed6d0b5f 5#include <boost/foreach.hpp>
acf513cf 6#include <boost/tuple/tuple.hpp>
0a61b0df 7
223b6f1b
WL		 8using namespace std;
9using namespace boost;
10
ed6d0b5f
PW		 11#include "script.h"
12#include "keystore.h"
13#include "bignum.h"
14#include "key.h"
15#include "main.h"
acf513cf
GA		 16#include "sync.h"
17#include "util.h"
ed6d0b5f 18
0a61b0df 19bool CheckSig(vector<unsigned char> vchSig, vector<unsigned char> vchPubKey, CScript scriptCode, const CTransaction& txTo, unsigned int nIn, int nHashType);
20
21
22
23typedef vector<unsigned char> valtype;
24static const valtype vchFalse(0);
25static const valtype vchZero(0);
26static const valtype vchTrue(1, 1);
27static const CBigNum bnZero(0);
28static const CBigNum bnOne(1);
29static const CBigNum bnFalse(0);
30static const CBigNum bnTrue(1);
31static const size_t nMaxNumSize = 4;
32
33
34CBigNum CastToBigNum(const valtype& vch)
35{
36 if (vch.size() > nMaxNumSize)
37 throw runtime_error("CastToBigNum() : overflow");
38 // Get rid of extra leading zeros
39 return CBigNum(CBigNum(vch).getvch());
40}
41
42bool CastToBool(const valtype& vch)
43{
faf705a4 44 for (unsigned int i = 0; i < vch.size(); i++)
0a61b0df 45 {
46 if (vch[i] != 0)
47 {
48 // Can be negative zero
49 if (i == vch.size()-1 && vch[i] == 0x80)
50 return false;
51 return true;
52 }
53 }
54 return false;
55}
56
57void MakeSameSize(valtype& vch1, valtype& vch2)
58{
59 // Lengthen the shorter one
60 if (vch1.size() < vch2.size())
61 vch1.resize(vch2.size(), 0);
62 if (vch2.size() < vch1.size())
63 vch2.resize(vch1.size(), 0);
64}
65
66
67
68//
69// Script is a stack machine (like Forth) that evaluates a predicate
70// returning a bool indicating valid or not. There are no loops.
71//
72#define stacktop(i) (stack.at(stack.size()+(i)))
73#define altstacktop(i) (altstack.at(altstack.size()+(i)))
f1e1fb4b 74static inline void popstack(vector<valtype>& stack)
75{
76 if (stack.empty())
77 throw runtime_error("popstack() : stack empty");
78 stack.pop_back();
79}
80
0a61b0df 81
2a45a494 82const char* GetTxnOutputType(txnouttype t)
e679ec96
GA		 83{
84 switch (t)
85 {
86 case TX_NONSTANDARD: return "nonstandard";
87 case TX_PUBKEY: return "pubkey";
88 case TX_PUBKEYHASH: return "pubkeyhash";
89 case TX_SCRIPTHASH: return "scripthash";
90 case TX_MULTISIG: return "multisig";
91 }
92 return NULL;
93}
94
95
96const char* GetOpName(opcodetype opcode)
97{
98 switch (opcode)
99 {
100 // push value
101 case OP_0 : return "0";
102 case OP_PUSHDATA1 : return "OP_PUSHDATA1";
103 case OP_PUSHDATA2 : return "OP_PUSHDATA2";
104 case OP_PUSHDATA4 : return "OP_PUSHDATA4";
105 case OP_1NEGATE : return "-1";
106 case OP_RESERVED : return "OP_RESERVED";
107 case OP_1 : return "1";
108 case OP_2 : return "2";
109 case OP_3 : return "3";
110 case OP_4 : return "4";
111 case OP_5 : return "5";
112 case OP_6 : return "6";
113 case OP_7 : return "7";
114 case OP_8 : return "8";
115 case OP_9 : return "9";
116 case OP_10 : return "10";
117 case OP_11 : return "11";
118 case OP_12 : return "12";
119 case OP_13 : return "13";
120 case OP_14 : return "14";
121 case OP_15 : return "15";
122 case OP_16 : return "16";
123
124 // control
125 case OP_NOP : return "OP_NOP";
126 case OP_VER : return "OP_VER";
127 case OP_IF : return "OP_IF";
128 case OP_NOTIF : return "OP_NOTIF";
129 case OP_VERIF : return "OP_VERIF";
130 case OP_VERNOTIF : return "OP_VERNOTIF";
131 case OP_ELSE : return "OP_ELSE";
132 case OP_ENDIF : return "OP_ENDIF";
133 case OP_VERIFY : return "OP_VERIFY";
134 case OP_RETURN : return "OP_RETURN";
135
136 // stack ops
137 case OP_TOALTSTACK : return "OP_TOALTSTACK";
138 case OP_FROMALTSTACK : return "OP_FROMALTSTACK";
139 case OP_2DROP : return "OP_2DROP";
140 case OP_2DUP : return "OP_2DUP";
141 case OP_3DUP : return "OP_3DUP";
142 case OP_2OVER : return "OP_2OVER";
143 case OP_2ROT : return "OP_2ROT";
144 case OP_2SWAP : return "OP_2SWAP";
145 case OP_IFDUP : return "OP_IFDUP";
146 case OP_DEPTH : return "OP_DEPTH";
147 case OP_DROP : return "OP_DROP";
148 case OP_DUP : return "OP_DUP";
149 case OP_NIP : return "OP_NIP";
150 case OP_OVER : return "OP_OVER";
151 case OP_PICK : return "OP_PICK";
152 case OP_ROLL : return "OP_ROLL";
153 case OP_ROT : return "OP_ROT";
154 case OP_SWAP : return "OP_SWAP";
155 case OP_TUCK : return "OP_TUCK";
156
157 // splice ops
158 case OP_CAT : return "OP_CAT";
159 case OP_SUBSTR : return "OP_SUBSTR";
160 case OP_LEFT : return "OP_LEFT";
161 case OP_RIGHT : return "OP_RIGHT";
162 case OP_SIZE : return "OP_SIZE";
163
164 // bit logic
165 case OP_INVERT : return "OP_INVERT";
166 case OP_AND : return "OP_AND";
167 case OP_OR : return "OP_OR";
168 case OP_XOR : return "OP_XOR";
169 case OP_EQUAL : return "OP_EQUAL";
170 case OP_EQUALVERIFY : return "OP_EQUALVERIFY";
171 case OP_RESERVED1 : return "OP_RESERVED1";
172 case OP_RESERVED2 : return "OP_RESERVED2";
173
174 // numeric
175 case OP_1ADD : return "OP_1ADD";
176 case OP_1SUB : return "OP_1SUB";
177 case OP_2MUL : return "OP_2MUL";
178 case OP_2DIV : return "OP_2DIV";
179 case OP_NEGATE : return "OP_NEGATE";
180 case OP_ABS : return "OP_ABS";
181 case OP_NOT : return "OP_NOT";
182 case OP_0NOTEQUAL : return "OP_0NOTEQUAL";
183 case OP_ADD : return "OP_ADD";
184 case OP_SUB : return "OP_SUB";
185 case OP_MUL : return "OP_MUL";
186 case OP_DIV : return "OP_DIV";
187 case OP_MOD : return "OP_MOD";
188 case OP_LSHIFT : return "OP_LSHIFT";
189 case OP_RSHIFT : return "OP_RSHIFT";
190 case OP_BOOLAND : return "OP_BOOLAND";
191 case OP_BOOLOR : return "OP_BOOLOR";
192 case OP_NUMEQUAL : return "OP_NUMEQUAL";
193 case OP_NUMEQUALVERIFY : return "OP_NUMEQUALVERIFY";
194 case OP_NUMNOTEQUAL : return "OP_NUMNOTEQUAL";
195 case OP_LESSTHAN : return "OP_LESSTHAN";
196 case OP_GREATERTHAN : return "OP_GREATERTHAN";
197 case OP_LESSTHANOREQUAL : return "OP_LESSTHANOREQUAL";
198 case OP_GREATERTHANOREQUAL : return "OP_GREATERTHANOREQUAL";
199 case OP_MIN : return "OP_MIN";
200 case OP_MAX : return "OP_MAX";
201 case OP_WITHIN : return "OP_WITHIN";
202
203 // crypto
204 case OP_RIPEMD160 : return "OP_RIPEMD160";
205 case OP_SHA1 : return "OP_SHA1";
206 case OP_SHA256 : return "OP_SHA256";
207 case OP_HASH160 : return "OP_HASH160";
208 case OP_HASH256 : return "OP_HASH256";
209 case OP_CODESEPARATOR : return "OP_CODESEPARATOR";
210 case OP_CHECKSIG : return "OP_CHECKSIG";
211 case OP_CHECKSIGVERIFY : return "OP_CHECKSIGVERIFY";
212 case OP_CHECKMULTISIG : return "OP_CHECKMULTISIG";
213 case OP_CHECKMULTISIGVERIFY : return "OP_CHECKMULTISIGVERIFY";
214
e679ec96 215 // expanson
922e8e29 216 case OP_NOP1 : return "OP_NOP1";
e679ec96
GA		 217 case OP_NOP2 : return "OP_NOP2";
218 case OP_NOP3 : return "OP_NOP3";
219 case OP_NOP4 : return "OP_NOP4";
220 case OP_NOP5 : return "OP_NOP5";
221 case OP_NOP6 : return "OP_NOP6";
222 case OP_NOP7 : return "OP_NOP7";
223 case OP_NOP8 : return "OP_NOP8";
224 case OP_NOP9 : return "OP_NOP9";
225 case OP_NOP10 : return "OP_NOP10";
226
227
228
229 // template matching params
e679ec96
GA		 230 case OP_PUBKEYHASH : return "OP_PUBKEYHASH";
231 case OP_PUBKEY : return "OP_PUBKEY";
232
233 case OP_INVALIDOPCODE : return "OP_INVALIDOPCODE";
234 default:
235 return "OP_UNKNOWN";
236 }
237}
238
922e8e29 239bool EvalScript(vector<vector<unsigned char> >& stack, const CScript& script, const CTransaction& txTo, unsigned int nIn, int nHashType)
0a61b0df 240{
241 CAutoBN_CTX pctx;
242 CScript::const_iterator pc = script.begin();
243 CScript::const_iterator pend = script.end();
922e8e29 244 CScript::const_iterator pbegincodehash = script.begin();
f1e1fb4b 245 opcodetype opcode;
246 valtype vchPushValue;
0a61b0df 247 vector<bool> vfExec;
248 vector<valtype> altstack;
249 if (script.size() > 10000)
250 return false;
922e8e29 251 int nOpCount = 0;
0a61b0df 252
253
254 try
255 {
256 while (pc < pend)
257 {
258 bool fExec = !count(vfExec.begin(), vfExec.end(), false);
259
260 //
261 // Read instruction
262 //
0a61b0df 263 if (!script.GetOp(pc, opcode, vchPushValue))
264 return false;
265 if (vchPushValue.size() > 520)
266 return false;
f1e1fb4b 267 if (opcode > OP_16 && ++nOpCount > 201)
0a61b0df 268 return false;
269
270 if (opcode == OP_CAT ||
271 opcode == OP_SUBSTR ||
272 opcode == OP_LEFT ||
273 opcode == OP_RIGHT ||
274 opcode == OP_INVERT ||
275 opcode == OP_AND ||
276 opcode == OP_OR ||
277 opcode == OP_XOR ||
278 opcode == OP_2MUL ||
279 opcode == OP_2DIV ||
280 opcode == OP_MUL ||
281 opcode == OP_DIV ||
282 opcode == OP_MOD ||
283 opcode == OP_LSHIFT ||
284 opcode == OP_RSHIFT)
285 return false;
286
f1e1fb4b 287 if (fExec && 0 <= opcode && opcode <= OP_PUSHDATA4)
0a61b0df 288 stack.push_back(vchPushValue);
289 else if (fExec || (OP_IF <= opcode && opcode <= OP_ENDIF))
290 switch (opcode)
291 {
292 //
293 // Push value
294 //
295 case OP_1NEGATE:
296 case OP_1:
297 case OP_2:
298 case OP_3:
299 case OP_4:
300 case OP_5:
301 case OP_6:
302 case OP_7:
303 case OP_8:
304 case OP_9:
305 case OP_10:
306 case OP_11:
307 case OP_12:
308 case OP_13:
309 case OP_14:
310 case OP_15:
311 case OP_16:
312 {
313 // ( -- value)
314 CBigNum bn((int)opcode - (int)(OP_1 - 1));
315 stack.push_back(bn.getvch());
316 }
317 break;
318
319
320 //
321 // Control
322 //
323 case OP_NOP:
922e8e29 324 case OP_NOP1: case OP_NOP2: case OP_NOP3: case OP_NOP4: case OP_NOP5:
0a61b0df 325 case OP_NOP6: case OP_NOP7: case OP_NOP8: case OP_NOP9: case OP_NOP10:
326 break;
327
0a61b0df 328 case OP_IF:
329 case OP_NOTIF:
330 {
331 // <expression> if [statements] [else [statements]] endif
332 bool fValue = false;
333 if (fExec)
334 {
335 if (stack.size() < 1)
336 return false;
337 valtype& vch = stacktop(-1);
338 fValue = CastToBool(vch);
339 if (opcode == OP_NOTIF)
340 fValue = !fValue;
f1e1fb4b 341 popstack(stack);
0a61b0df 342 }
343 vfExec.push_back(fValue);
344 }
345 break;
346
347 case OP_ELSE:
348 {
349 if (vfExec.empty())
350 return false;
351 vfExec.back() = !vfExec.back();
352 }
353 break;
354
355 case OP_ENDIF:
356 {
357 if (vfExec.empty())
358 return false;
359 vfExec.pop_back();
360 }
361 break;
362
363 case OP_VERIFY:
364 {
365 // (true -- ) or
366 // (false -- false) and return
367 if (stack.size() < 1)
368 return false;
369 bool fValue = CastToBool(stacktop(-1));
370 if (fValue)
f1e1fb4b 371 popstack(stack);
0a61b0df 372 else
373 return false;
374 }
375 break;
376
377 case OP_RETURN:
378 {
379 return false;
380 }
381 break;
382
383
384 //
385 // Stack ops
386 //
387 case OP_TOALTSTACK:
388 {
389 if (stack.size() < 1)
390 return false;
391 altstack.push_back(stacktop(-1));
f1e1fb4b 392 popstack(stack);
0a61b0df 393 }
394 break;
395
396 case OP_FROMALTSTACK:
397 {
398 if (altstack.size() < 1)
399 return false;
400 stack.push_back(altstacktop(-1));
f1e1fb4b 401 popstack(altstack);
0a61b0df 402 }
403 break;
404
405 case OP_2DROP:
406 {
407 // (x1 x2 -- )
f1e1fb4b 408 if (stack.size() < 2)
409 return false;
410 popstack(stack);
411 popstack(stack);
0a61b0df 412 }
413 break;
414
415 case OP_2DUP:
416 {
417 // (x1 x2 -- x1 x2 x1 x2)
418 if (stack.size() < 2)
419 return false;
420 valtype vch1 = stacktop(-2);
421 valtype vch2 = stacktop(-1);
422 stack.push_back(vch1);
423 stack.push_back(vch2);
424 }
425 break;
426
427 case OP_3DUP:
428 {
429 // (x1 x2 x3 -- x1 x2 x3 x1 x2 x3)
430 if (stack.size() < 3)
431 return false;
432 valtype vch1 = stacktop(-3);
433 valtype vch2 = stacktop(-2);
434 valtype vch3 = stacktop(-1);
435 stack.push_back(vch1);
436 stack.push_back(vch2);
437 stack.push_back(vch3);
438 }
439 break;
440
441 case OP_2OVER:
442 {
443 // (x1 x2 x3 x4 -- x1 x2 x3 x4 x1 x2)
444 if (stack.size() < 4)
445 return false;
446 valtype vch1 = stacktop(-4);
447 valtype vch2 = stacktop(-3);
448 stack.push_back(vch1);
449 stack.push_back(vch2);
450 }
451 break;
452
453 case OP_2ROT:
454 {
455 // (x1 x2 x3 x4 x5 x6 -- x3 x4 x5 x6 x1 x2)
456 if (stack.size() < 6)
457 return false;
458 valtype vch1 = stacktop(-6);
459 valtype vch2 = stacktop(-5);
460 stack.erase(stack.end()-6, stack.end()-4);
461 stack.push_back(vch1);
462 stack.push_back(vch2);
463 }
464 break;
465
466 case OP_2SWAP:
467 {
468 // (x1 x2 x3 x4 -- x3 x4 x1 x2)
469 if (stack.size() < 4)
470 return false;
471 swap(stacktop(-4), stacktop(-2));
472 swap(stacktop(-3), stacktop(-1));
473 }
474 break;
475
476 case OP_IFDUP:
477 {
478 // (x - 0 | x x)
479 if (stack.size() < 1)
480 return false;
481 valtype vch = stacktop(-1);
482 if (CastToBool(vch))
483 stack.push_back(vch);
484 }
485 break;
486
487 case OP_DEPTH:
488 {
489 // -- stacksize
490 CBigNum bn(stack.size());
491 stack.push_back(bn.getvch());
492 }
493 break;
494
495 case OP_DROP:
496 {
497 // (x -- )
498 if (stack.size() < 1)
499 return false;
f1e1fb4b 500 popstack(stack);
0a61b0df 501 }
502 break;
503
504 case OP_DUP:
505 {
506 // (x -- x x)
507 if (stack.size() < 1)
508 return false;
509 valtype vch = stacktop(-1);
510 stack.push_back(vch);
511 }
512 break;
513
514 case OP_NIP:
515 {
516 // (x1 x2 -- x2)
517 if (stack.size() < 2)
518 return false;
519 stack.erase(stack.end() - 2);
520 }
521 break;
522
523 case OP_OVER:
524 {
525 // (x1 x2 -- x1 x2 x1)
526 if (stack.size() < 2)
527 return false;
528 valtype vch = stacktop(-2);
529 stack.push_back(vch);
530 }
531 break;
532
533 case OP_PICK:
534 case OP_ROLL:
535 {
536 // (xn ... x2 x1 x0 n - xn ... x2 x1 x0 xn)
537 // (xn ... x2 x1 x0 n - ... x2 x1 x0 xn)
538 if (stack.size() < 2)
539 return false;
540 int n = CastToBigNum(stacktop(-1)).getint();
f1e1fb4b 541 popstack(stack);
1d8c7a95 542 if (n < 0 || n >= (int)stack.size())
0a61b0df 543 return false;
544 valtype vch = stacktop(-n-1);
545 if (opcode == OP_ROLL)
546 stack.erase(stack.end()-n-1);
547 stack.push_back(vch);
548 }
549 break;
550
551 case OP_ROT:
552 {
553 // (x1 x2 x3 -- x2 x3 x1)
554 // x2 x1 x3 after first swap
555 // x2 x3 x1 after second swap
556 if (stack.size() < 3)
557 return false;
558 swap(stacktop(-3), stacktop(-2));
559 swap(stacktop(-2), stacktop(-1));
560 }
561 break;
562
563 case OP_SWAP:
564 {
565 // (x1 x2 -- x2 x1)
566 if (stack.size() < 2)
567 return false;
568 swap(stacktop(-2), stacktop(-1));
569 }
570 break;
571
572 case OP_TUCK:
573 {
574 // (x1 x2 -- x2 x1 x2)
575 if (stack.size() < 2)
576 return false;
577 valtype vch = stacktop(-1);
578 stack.insert(stack.end()-2, vch);
579 }
580 break;
581
582
583 //
584 // Splice ops
585 //
586 case OP_CAT:
587 {
588 // (x1 x2 -- out)
589 if (stack.size() < 2)
590 return false;
591 valtype& vch1 = stacktop(-2);
592 valtype& vch2 = stacktop(-1);
593 vch1.insert(vch1.end(), vch2.begin(), vch2.end());
f1e1fb4b 594 popstack(stack);
0a61b0df 595 if (stacktop(-1).size() > 520)
596 return false;
597 }
598 break;
599
600 case OP_SUBSTR:
601 {
602 // (in begin size -- out)
603 if (stack.size() < 3)
604 return false;
605 valtype& vch = stacktop(-3);
606 int nBegin = CastToBigNum(stacktop(-2)).getint();
607 int nEnd = nBegin + CastToBigNum(stacktop(-1)).getint();
608 if (nBegin < 0 || nEnd < nBegin)
609 return false;
1d8c7a95 610 if (nBegin > (int)vch.size())
0a61b0df 611 nBegin = vch.size();
1d8c7a95 612 if (nEnd > (int)vch.size())
0a61b0df 613 nEnd = vch.size();
614 vch.erase(vch.begin() + nEnd, vch.end());
615 vch.erase(vch.begin(), vch.begin() + nBegin);
f1e1fb4b 616 popstack(stack);
617 popstack(stack);
0a61b0df 618 }
619 break;
620
621 case OP_LEFT:
622 case OP_RIGHT:
623 {
624 // (in size -- out)
625 if (stack.size() < 2)
626 return false;
627 valtype& vch = stacktop(-2);
628 int nSize = CastToBigNum(stacktop(-1)).getint();
629 if (nSize < 0)
630 return false;
1d8c7a95 631 if (nSize > (int)vch.size())
0a61b0df 632 nSize = vch.size();
633 if (opcode == OP_LEFT)
634 vch.erase(vch.begin() + nSize, vch.end());
635 else
636 vch.erase(vch.begin(), vch.end() - nSize);
f1e1fb4b 637 popstack(stack);
0a61b0df 638 }
639 break;
640
641 case OP_SIZE:
642 {
643 // (in -- in size)
644 if (stack.size() < 1)
645 return false;
646 CBigNum bn(stacktop(-1).size());
647 stack.push_back(bn.getvch());
648 }
649 break;
650
651
652 //
653 // Bitwise logic
654 //
655 case OP_INVERT:
656 {
657 // (in - out)
658 if (stack.size() < 1)
659 return false;
660 valtype& vch = stacktop(-1);
faf705a4 661 for (unsigned int i = 0; i < vch.size(); i++)
0a61b0df 662 vch[i] = ~vch[i];
663 }
664 break;
665
666 case OP_AND:
667 case OP_OR:
668 case OP_XOR:
669 {
670 // (x1 x2 - out)
671 if (stack.size() < 2)
672 return false;
673 valtype& vch1 = stacktop(-2);
674 valtype& vch2 = stacktop(-1);
675 MakeSameSize(vch1, vch2);
676 if (opcode == OP_AND)
677 {
faf705a4 678 for (unsigned int i = 0; i < vch1.size(); i++)
0a61b0df 679 vch1[i] &= vch2[i];
680 }
681 else if (opcode == OP_OR)
682 {
faf705a4 683 for (unsigned int i = 0; i < vch1.size(); i++)
0a61b0df 684 vch1[i] |= vch2[i];
685 }
686 else if (opcode == OP_XOR)
687 {
faf705a4 688 for (unsigned int i = 0; i < vch1.size(); i++)
0a61b0df 689 vch1[i] ^= vch2[i];
690 }
f1e1fb4b 691 popstack(stack);
0a61b0df 692 }
693 break;
694
695 case OP_EQUAL:
696 case OP_EQUALVERIFY:
697 //case OP_NOTEQUAL: // use OP_NUMNOTEQUAL
698 {
699 // (x1 x2 - bool)
700 if (stack.size() < 2)
701 return false;
702 valtype& vch1 = stacktop(-2);
703 valtype& vch2 = stacktop(-1);
704 bool fEqual = (vch1 == vch2);
705 // OP_NOTEQUAL is disabled because it would be too easy to say
706 // something like n != 1 and have some wiseguy pass in 1 with extra
707 // zero bytes after it (numerically, 0x01 == 0x0001 == 0x000001)
708 //if (opcode == OP_NOTEQUAL)
709 // fEqual = !fEqual;
f1e1fb4b 710 popstack(stack);
711 popstack(stack);
0a61b0df 712 stack.push_back(fEqual ? vchTrue : vchFalse);
713 if (opcode == OP_EQUALVERIFY)
714 {
715 if (fEqual)
f1e1fb4b 716 popstack(stack);
0a61b0df 717 else
718 return false;
719 }
720 }
721 break;
722
723
724 //
725 // Numeric
726 //
727 case OP_1ADD:
728 case OP_1SUB:
729 case OP_2MUL:
730 case OP_2DIV:
731 case OP_NEGATE:
732 case OP_ABS:
733 case OP_NOT:
734 case OP_0NOTEQUAL:
735 {
736 // (in -- out)
737 if (stack.size() < 1)
738 return false;
739 CBigNum bn = CastToBigNum(stacktop(-1));
740 switch (opcode)
741 {
742 case OP_1ADD: bn += bnOne; break;
743 case OP_1SUB: bn -= bnOne; break;
744 case OP_2MUL: bn <<= 1; break;
745 case OP_2DIV: bn >>= 1; break;
746 case OP_NEGATE: bn = -bn; break;
747 case OP_ABS: if (bn < bnZero) bn = -bn; break;
748 case OP_NOT: bn = (bn == bnZero); break;
749 case OP_0NOTEQUAL: bn = (bn != bnZero); break;
225f222c 750 default: assert(!"invalid opcode"); break;
0a61b0df 751 }
f1e1fb4b 752 popstack(stack);
0a61b0df 753 stack.push_back(bn.getvch());
754 }
755 break;
756
757 case OP_ADD:
758 case OP_SUB:
759 case OP_MUL:
760 case OP_DIV:
761 case OP_MOD:
762 case OP_LSHIFT:
763 case OP_RSHIFT:
764 case OP_BOOLAND:
765 case OP_BOOLOR:
766 case OP_NUMEQUAL:
767 case OP_NUMEQUALVERIFY:
768 case OP_NUMNOTEQUAL:
769 case OP_LESSTHAN:
770 case OP_GREATERTHAN:
771 case OP_LESSTHANOREQUAL:
772 case OP_GREATERTHANOREQUAL:
773 case OP_MIN:
774 case OP_MAX:
775 {
776 // (x1 x2 -- out)
777 if (stack.size() < 2)
778 return false;
779 CBigNum bn1 = CastToBigNum(stacktop(-2));
780 CBigNum bn2 = CastToBigNum(stacktop(-1));
781 CBigNum bn;
782 switch (opcode)
783 {
784 case OP_ADD:
785 bn = bn1 + bn2;
786 break;
787
788 case OP_SUB:
789 bn = bn1 - bn2;
790 break;
791
792 case OP_MUL:
793 if (!BN_mul(&bn, &bn1, &bn2, pctx))
794 return false;
795 break;
796
797 case OP_DIV:
798 if (!BN_div(&bn, NULL, &bn1, &bn2, pctx))
799 return false;
800 break;
801
802 case OP_MOD:
803 if (!BN_mod(&bn, &bn1, &bn2, pctx))
804 return false;
805 break;
806
807 case OP_LSHIFT:
808 if (bn2 < bnZero || bn2 > CBigNum(2048))
809 return false;
810 bn = bn1 << bn2.getulong();
811 break;
812
813 case OP_RSHIFT:
814 if (bn2 < bnZero || bn2 > CBigNum(2048))
815 return false;
816 bn = bn1 >> bn2.getulong();
817 break;
818
819 case OP_BOOLAND: bn = (bn1 != bnZero && bn2 != bnZero); break;
820 case OP_BOOLOR: bn = (bn1 != bnZero || bn2 != bnZero); break;
821 case OP_NUMEQUAL: bn = (bn1 == bn2); break;
822 case OP_NUMEQUALVERIFY: bn = (bn1 == bn2); break;
823 case OP_NUMNOTEQUAL: bn = (bn1 != bn2); break;
824 case OP_LESSTHAN: bn = (bn1 < bn2); break;
825 case OP_GREATERTHAN: bn = (bn1 > bn2); break;
826 case OP_LESSTHANOREQUAL: bn = (bn1 <= bn2); break;
827 case OP_GREATERTHANOREQUAL: bn = (bn1 >= bn2); break;
828 case OP_MIN: bn = (bn1 < bn2 ? bn1 : bn2); break;
829 case OP_MAX: bn = (bn1 > bn2 ? bn1 : bn2); break;
225f222c 830 default: assert(!"invalid opcode"); break;
0a61b0df 831 }
f1e1fb4b 832 popstack(stack);
833 popstack(stack);
0a61b0df 834 stack.push_back(bn.getvch());
835
836 if (opcode == OP_NUMEQUALVERIFY)
837 {
838 if (CastToBool(stacktop(-1)))
f1e1fb4b 839 popstack(stack);
0a61b0df 840 else
841 return false;
842 }
843 }
844 break;
845
846 case OP_WITHIN:
847 {
848 // (x min max -- out)
849 if (stack.size() < 3)
850 return false;
851 CBigNum bn1 = CastToBigNum(stacktop(-3));
852 CBigNum bn2 = CastToBigNum(stacktop(-2));
853 CBigNum bn3 = CastToBigNum(stacktop(-1));
854 bool fValue = (bn2 <= bn1 && bn1 < bn3);
f1e1fb4b 855 popstack(stack);
856 popstack(stack);
857 popstack(stack);
0a61b0df 858 stack.push_back(fValue ? vchTrue : vchFalse);
859 }
860 break;
861
862
863 //
864 // Crypto
865 //
866 case OP_RIPEMD160:
867 case OP_SHA1:
868 case OP_SHA256:
869 case OP_HASH160:
870 case OP_HASH256:
871 {
872 // (in -- hash)
873 if (stack.size() < 1)
874 return false;
875 valtype& vch = stacktop(-1);
876 valtype vchHash((opcode == OP_RIPEMD160 || opcode == OP_SHA1 || opcode == OP_HASH160) ? 20 : 32);
877 if (opcode == OP_RIPEMD160)
878 RIPEMD160(&vch[0], vch.size(), &vchHash[0]);
879 else if (opcode == OP_SHA1)
880 SHA1(&vch[0], vch.size(), &vchHash[0]);
881 else if (opcode == OP_SHA256)
882 SHA256(&vch[0], vch.size(), &vchHash[0]);
883 else if (opcode == OP_HASH160)
884 {
885 uint160 hash160 = Hash160(vch);
886 memcpy(&vchHash[0], &hash160, sizeof(hash160));
887 }
888 else if (opcode == OP_HASH256)
889 {
890 uint256 hash = Hash(vch.begin(), vch.end());
891 memcpy(&vchHash[0], &hash, sizeof(hash));
892 }
f1e1fb4b 893 popstack(stack);
0a61b0df 894 stack.push_back(vchHash);
895 }
896 break;
897
898 case OP_CODESEPARATOR:
899 {
900 // Hash starts after the code separator
901 pbegincodehash = pc;
902 }
903 break;
904
905 case OP_CHECKSIG:
906 case OP_CHECKSIGVERIFY:
907 {
908 // (sig pubkey -- bool)
909 if (stack.size() < 2)
910 return false;
911
912 valtype& vchSig = stacktop(-2);
913 valtype& vchPubKey = stacktop(-1);
914
915 ////// debug print
916 //PrintHex(vchSig.begin(), vchSig.end(), "sig: %s\n");
917 //PrintHex(vchPubKey.begin(), vchPubKey.end(), "pubkey: %s\n");
918
919 // Subset of script starting at the most recent codeseparator
922e8e29 920 CScript scriptCode(pbegincodehash, pend);
0a61b0df 921
922 // Drop the signature, since there's no way for a signature to sign itself
923 scriptCode.FindAndDelete(CScript(vchSig));
924
925 bool fSuccess = CheckSig(vchSig, vchPubKey, scriptCode, txTo, nIn, nHashType);
926
f1e1fb4b 927 popstack(stack);
928 popstack(stack);
0a61b0df 929 stack.push_back(fSuccess ? vchTrue : vchFalse);
930 if (opcode == OP_CHECKSIGVERIFY)
931 {
932 if (fSuccess)
f1e1fb4b 933 popstack(stack);
0a61b0df 934 else
935 return false;
936 }
937 }
938 break;
939
940 case OP_CHECKMULTISIG:
941 case OP_CHECKMULTISIGVERIFY:
942 {
943 // ([sig ...] num_of_signatures [pubkey ...] num_of_pubkeys -- bool)
944
08e663d7 945 int i = 1;
024fa1cb 946 if ((int)stack.size() < i)
0a61b0df 947 return false;
948
949 int nKeysCount = CastToBigNum(stacktop(-i)).getint();
5cbf7532 950 if (nKeysCount < 0 || nKeysCount > 20)
951 return false;
952 nOpCount += nKeysCount;
953 if (nOpCount > 201)
0a61b0df 954 return false;
955 int ikey = ++i;
956 i += nKeysCount;
024fa1cb 957 if ((int)stack.size() < i)
0a61b0df 958 return false;
959
960 int nSigsCount = CastToBigNum(stacktop(-i)).getint();
961 if (nSigsCount < 0 || nSigsCount > nKeysCount)
962 return false;
963 int isig = ++i;
964 i += nSigsCount;
024fa1cb 965 if ((int)stack.size() < i)
0a61b0df 966 return false;
967
968 // Subset of script starting at the most recent codeseparator
922e8e29 969 CScript scriptCode(pbegincodehash, pend);
0a61b0df 970
971 // Drop the signatures, since there's no way for a signature to sign itself
972 for (int k = 0; k < nSigsCount; k++)
973 {
974 valtype& vchSig = stacktop(-isig-k);
975 scriptCode.FindAndDelete(CScript(vchSig));
976 }
977
978 bool fSuccess = true;
979 while (fSuccess && nSigsCount > 0)
980 {
981 valtype& vchSig = stacktop(-isig);
982 valtype& vchPubKey = stacktop(-ikey);
983
984 // Check signature
985 if (CheckSig(vchSig, vchPubKey, scriptCode, txTo, nIn, nHashType))
986 {
987 isig++;
988 nSigsCount--;
989 }
990 ikey++;
991 nKeysCount--;
992
993 // If there are more signatures left than keys left,
994 // then too many signatures have failed
995 if (nSigsCount > nKeysCount)
996 fSuccess = false;
997 }
998
999 while (i-- > 0)
f1e1fb4b 1000 popstack(stack);
0a61b0df 1001 stack.push_back(fSuccess ? vchTrue : vchFalse);
1002
1003 if (opcode == OP_CHECKMULTISIGVERIFY)
1004 {
1005 if (fSuccess)
f1e1fb4b 1006 popstack(stack);
0a61b0df 1007 else
1008 return false;
1009 }
1010 }
1011 break;
1012
1013 default:
1014 return false;
1015 }
1016
1017 // Size limits
1018 if (stack.size() + altstack.size() > 1000)
1019 return false;
1020 }
1021 }
1022 catch (...)
1023 {
1024 return false;
1025 }
1026
1027
1028 if (!vfExec.empty())
1029 return false;
1030
1031 return true;
1032}
1033
0a61b0df 1034
1035
1036
1037
1038
1039
1040
1041
1042uint256 SignatureHash(CScript scriptCode, const CTransaction& txTo, unsigned int nIn, int nHashType)
1043{
1044 if (nIn >= txTo.vin.size())
1045 {
1046 printf("ERROR: SignatureHash() : nIn=%d out of range\n", nIn);
1047 return 1;
1048 }
1049 CTransaction txTmp(txTo);
1050
1051 // In case concatenating two scripts ends up with two codeseparators,
1052 // or an extra one at the end, this prevents all those possible incompatibilities.
1053 scriptCode.FindAndDelete(CScript(OP_CODESEPARATOR));
1054
1055 // Blank out other inputs' signatures
faf705a4 1056 for (unsigned int i = 0; i < txTmp.vin.size(); i++)
0a61b0df 1057 txTmp.vin[i].scriptSig = CScript();
1058 txTmp.vin[nIn].scriptSig = scriptCode;
1059
1060 // Blank out some of the outputs
1061 if ((nHashType & 0x1f) == SIGHASH_NONE)
1062 {
1063 // Wildcard payee
1064 txTmp.vout.clear();
1065
1066 // Let the others update at will
faf705a4 1067 for (unsigned int i = 0; i < txTmp.vin.size(); i++)
0a61b0df 1068 if (i != nIn)
1069 txTmp.vin[i].nSequence = 0;
1070 }
1071 else if ((nHashType & 0x1f) == SIGHASH_SINGLE)
1072 {
1073 // Only lockin the txout payee at same index as txin
1074 unsigned int nOut = nIn;
1075 if (nOut >= txTmp.vout.size())
1076 {
1077 printf("ERROR: SignatureHash() : nOut=%d out of range\n", nOut);
1078 return 1;
1079 }
1080 txTmp.vout.resize(nOut+1);
faf705a4 1081 for (unsigned int i = 0; i < nOut; i++)
0a61b0df 1082 txTmp.vout[i].SetNull();
1083
1084 // Let the others update at will
faf705a4 1085 for (unsigned int i = 0; i < txTmp.vin.size(); i++)
0a61b0df 1086 if (i != nIn)
1087 txTmp.vin[i].nSequence = 0;
1088 }
1089
1090 // Blank out other inputs completely, not recommended for open transactions
1091 if (nHashType & SIGHASH_ANYONECANPAY)
1092 {
1093 txTmp.vin[0] = txTmp.vin[nIn];
1094 txTmp.vin.resize(1);
1095 }
1096
1097 // Serialize and hash
6b6aaa16 1098 CDataStream ss(SER_GETHASH, 0);
0a61b0df 1099 ss.reserve(10000);
1100 ss << txTmp << nHashType;
1101 return Hash(ss.begin(), ss.end());
1102}
1103
1104
acf513cf
GA		 1105// Valid signature cache, to avoid doing expensive ECDSA signature checking
1106// twice for every transaction (once when accepted into memory pool, and
1107// again when accepted into the block chain)
1108
1109class CSignatureCache
1110{
1111private:
1112 // sigdata_type is (signature hash, signature, public key):
1113 typedef boost::tuple<uint256, std::vector<unsigned char>, std::vector<unsigned char> > sigdata_type;
1114 std::set< sigdata_type> setValid;
1115 CCriticalSection cs_sigcache;
1116
1117public:
1118 bool
1119 Get(uint256 hash, const std::vector<unsigned char>& vchSig, const std::vector<unsigned char>& pubKey)
1120 {
1121 LOCK(cs_sigcache);
1122
1123 sigdata_type k(hash, vchSig, pubKey);
1124 std::set<sigdata_type>::iterator mi = setValid.find(k);
1125 if (mi != setValid.end())
1126 return true;
1127 return false;
1128 }
1129
1130 void
1131 Set(uint256 hash, const std::vector<unsigned char>& vchSig, const std::vector<unsigned char>& pubKey)
1132 {
1133 // DoS prevention: limit cache size to less than 10MB
1134 // (~200 bytes per cache entry times 50,000 entries)
1135 // Since there are a maximum of 20,000 signature operations per block
1136 // 50,000 is a reasonable default.
1137 int64 nMaxCacheSize = GetArg("-maxsigcachesize", 50000);
1138 if (nMaxCacheSize <= 0) return;
1139
1140 LOCK(cs_sigcache);
1141
1142 while (static_cast<int64>(setValid.size()) > nMaxCacheSize)
1143 {
1144 // Evict a random entry. Random because that helps
1145 // foil would-be DoS attackers who might try to pre-generate
1146 // and re-use a set of valid signatures just-slightly-greater
1147 // than our cache size.
1148 uint256 randomHash = GetRandHash();
1149 std::vector<unsigned char> unused;
1150 std::set<sigdata_type>::iterator it =
1151 setValid.lower_bound(sigdata_type(randomHash, unused, unused));
1152 if (it == setValid.end())
1153 it = setValid.begin();
1154 setValid.erase(*it);
1155 }
1156
1157 sigdata_type k(hash, vchSig, pubKey);
1158 setValid.insert(k);
1159 }
1160};
1161
0a61b0df 1162bool CheckSig(vector<unsigned char> vchSig, vector<unsigned char> vchPubKey, CScript scriptCode,
1163 const CTransaction& txTo, unsigned int nIn, int nHashType)
1164{
acf513cf 1165 static CSignatureCache signatureCache;
0a61b0df 1166
1167 // Hash type is one byte tacked on to the end of the signature
1168 if (vchSig.empty())
1169 return false;
1170 if (nHashType == 0)
1171 nHashType = vchSig.back();
1172 else if (nHashType != vchSig.back())
1173 return false;
1174 vchSig.pop_back();
1175
acf513cf
GA		 1176 uint256 sighash = SignatureHash(scriptCode, txTo, nIn, nHashType);
1177
1178 if (signatureCache.Get(sighash, vchSig, vchPubKey))
1179 return true;
1180
1181 CKey key;
1182 if (!key.SetPubKey(vchPubKey))
1183 return false;
1184
1185 if (!key.Verify(sighash, vchSig))
1186 return false;
1187
1188 signatureCache.Set(sighash, vchSig, vchPubKey);
1189 return true;
0a61b0df 1190}
1191
1192
1193
1194
1195
1196
1197
1198
1199
bf798734 1200//
e679ec96 1201// Return public keys or hashes from scriptPubKey, for 'standard' transaction types.
bf798734 1202//
2a45a494 1203bool Solver(const CScript& scriptPubKey, txnouttype& typeRet, vector<vector<unsigned char> >& vSolutionsRet)
0a61b0df 1204{
1205 // Templates
2a45a494 1206 static map<txnouttype, CScript> mTemplates;
e679ec96 1207 if (mTemplates.empty())
0a61b0df 1208 {
1209 // Standard tx, sender provides pubkey, receiver adds signature
e679ec96 1210 mTemplates.insert(make_pair(TX_PUBKEY, CScript() << OP_PUBKEY << OP_CHECKSIG));
0a61b0df 1211
1212 // Bitcoin address tx, sender provides hash of pubkey, receiver provides signature and pubkey
e679ec96 1213 mTemplates.insert(make_pair(TX_PUBKEYHASH, CScript() << OP_DUP << OP_HASH160 << OP_PUBKEYHASH << OP_EQUALVERIFY << OP_CHECKSIG));
bf798734 1214
e679ec96
GA		 1215 // Sender provides N pubkeys, receivers provides M signatures
1216 mTemplates.insert(make_pair(TX_MULTISIG, CScript() << OP_SMALLINTEGER << OP_PUBKEYS << OP_SMALLINTEGER << OP_CHECKMULTISIG));
922e8e29 1217 }
bf798734 1218
922e8e29
GA		 1219 // Shortcut for pay-to-script-hash, which are more constrained than the other types:
1220 // it is always OP_HASH160 20 [20 byte hash] OP_EQUAL
1221 if (scriptPubKey.IsPayToScriptHash())
1222 {
1223 typeRet = TX_SCRIPTHASH;
1224 vector<unsigned char> hashBytes(scriptPubKey.begin()+2, scriptPubKey.begin()+22);
1225 vSolutionsRet.push_back(hashBytes);
1226 return true;
0a61b0df 1227 }
1228
1229 // Scan templates
1230 const CScript& script1 = scriptPubKey;
2a45a494 1231 BOOST_FOREACH(const PAIRTYPE(txnouttype, CScript)& tplate, mTemplates)
0a61b0df 1232 {
e679ec96 1233 const CScript& script2 = tplate.second;
bf798734
GA		 1234 vSolutionsRet.clear();
1235
0a61b0df 1236 opcodetype opcode1, opcode2;
1237 vector<unsigned char> vch1, vch2;
1238
1239 // Compare
1240 CScript::const_iterator pc1 = script1.begin();
1241 CScript::const_iterator pc2 = script2.begin();
1242 loop
1243 {
f1e1fb4b 1244 if (pc1 == script1.end() && pc2 == script2.end())
0a61b0df 1245 {
e679ec96
GA		 1246 // Found a match
1247 typeRet = tplate.first;
1248 if (typeRet == TX_MULTISIG)
1249 {
1250 // Additional checks for TX_MULTISIG:
1251 unsigned char m = vSolutionsRet.front()[0];
1252 unsigned char n = vSolutionsRet.back()[0];
1253 if (m < 1 || n < 1 || m > n || vSolutionsRet.size()-2 != n)
1254 return false;
1255 }
1256 return true;
0a61b0df 1257 }
f1e1fb4b 1258 if (!script1.GetOp(pc1, opcode1, vch1))
0a61b0df 1259 break;
f1e1fb4b 1260 if (!script2.GetOp(pc2, opcode2, vch2))
1261 break;
e679ec96
GA		 1262
1263 // Template matching opcodes:
1264 if (opcode2 == OP_PUBKEYS)
1265 {
1266 while (vch1.size() >= 33 && vch1.size() <= 120)
1267 {
1268 vSolutionsRet.push_back(vch1);
1269 if (!script1.GetOp(pc1, opcode1, vch1))
1270 break;
1271 }
1272 if (!script2.GetOp(pc2, opcode2, vch2))
1273 break;
1274 // Normal situation is to fall through
1275 // to other if/else statments
1276 }
1277
f1e1fb4b 1278 if (opcode2 == OP_PUBKEY)
0a61b0df 1279 {
82201801 1280 if (vch1.size() < 33 || vch1.size() > 120)
0a61b0df 1281 break;
e679ec96 1282 vSolutionsRet.push_back(vch1);
0a61b0df 1283 }
1284 else if (opcode2 == OP_PUBKEYHASH)
1285 {
1286 if (vch1.size() != sizeof(uint160))
1287 break;
e679ec96 1288 vSolutionsRet.push_back(vch1);
bf798734 1289 }
e679ec96
GA		 1290 else if (opcode2 == OP_SMALLINTEGER)
1291 { // Single-byte small integer pushed onto vSolutions
1292 if (opcode1 == OP_0 ||
1293 (opcode1 >= OP_1 && opcode1 <= OP_16))
bf798734 1294 {
e679ec96
GA		 1295 char n = (char)CScript::DecodeOP_N(opcode1);
1296 vSolutionsRet.push_back(valtype(1, n));
bf798734 1297 }
e679ec96
GA		 1298 else
1299 break;
0a61b0df 1300 }
f1e1fb4b 1301 else if (opcode1 != opcode2 || vch1 != vch2)
0a61b0df 1302 {
e679ec96 1303 // Others must match exactly
0a61b0df 1304 break;
1305 }
1306 }
1307 }
1308
bf798734 1309 vSolutionsRet.clear();
e679ec96 1310 typeRet = TX_NONSTANDARD;
0a61b0df 1311 return false;
1312}
1313
1314
10254401 1315bool Sign1(const CKeyID& address, const CKeyStore& keystore, uint256 hash, int nHashType, CScript& scriptSigRet)
0a61b0df 1316{
e679ec96
GA		 1317 CKey key;
1318 if (!keystore.GetKey(address, key))
1319 return false;
0a61b0df 1320
e679ec96
GA		 1321 vector<unsigned char> vchSig;
1322 if (!key.Sign(hash, vchSig))
0a61b0df 1323 return false;
e679ec96
GA		 1324 vchSig.push_back((unsigned char)nHashType);
1325 scriptSigRet << vchSig;
0a61b0df 1326
e679ec96
GA		 1327 return true;
1328}
bf798734 1329
e679ec96
GA		 1330bool SignN(const vector<valtype>& multisigdata, const CKeyStore& keystore, uint256 hash, int nHashType, CScript& scriptSigRet)
1331{
1332 int nSigned = 0;
1333 int nRequired = multisigdata.front()[0];
1334 for (vector<valtype>::const_iterator it = multisigdata.begin()+1; it != multisigdata.begin()+multisigdata.size()-1; it++)
1335 {
1336 const valtype& pubkey = *it;
10254401
PW		 1337 CKeyID keyID = CPubKey(pubkey).GetID();
1338 if (Sign1(keyID, keystore, hash, nHashType, scriptSigRet))
6cc4a62c 1339 {
e679ec96
GA		 1340 ++nSigned;
1341 if (nSigned == nRequired) break;
6cc4a62c 1342 }
0a61b0df 1343 }
e679ec96
GA		 1344 return nSigned==nRequired;
1345}
1346
1347//
1348// Sign scriptPubKey with private keys stored in keystore, given transaction hash and hash type.
922e8e29
GA		 1349// Signatures are returned in scriptSigRet (or returns false if scriptPubKey can't be signed),
1350// unless whichTypeRet is TX_SCRIPTHASH, in which case scriptSigRet is the redemption script.
1351// Returns false if scriptPubKey could not be completely satisified.
e679ec96 1352//
922e8e29
GA		 1353bool Solver(const CKeyStore& keystore, const CScript& scriptPubKey, uint256 hash, int nHashType,
1354 CScript& scriptSigRet, txnouttype& whichTypeRet)
e679ec96
GA		 1355{
1356 scriptSigRet.clear();
1357
e679ec96 1358 vector<valtype> vSolutions;
922e8e29 1359 if (!Solver(scriptPubKey, whichTypeRet, vSolutions))
bf798734
GA		 1360 return false;
1361
10254401 1362 CKeyID keyID;
922e8e29 1363 switch (whichTypeRet)
bf798734 1364 {
e679ec96
GA		 1365 case TX_NONSTANDARD:
1366 return false;
1367 case TX_PUBKEY:
10254401
PW		 1368 keyID = CPubKey(vSolutions[0]).GetID();
1369 return Sign1(keyID, keystore, hash, nHashType, scriptSigRet);
e679ec96 1370 case TX_PUBKEYHASH:
10254401
PW		 1371 keyID = CKeyID(uint160(vSolutions[0]));
1372 if (!Sign1(keyID, keystore, hash, nHashType, scriptSigRet))
e679ec96
GA		 1373 return false;
1374 else
1375 {
fd61d6f5 1376 CPubKey vch;
10254401 1377 keystore.GetPubKey(keyID, vch);
e679ec96
GA		 1378 scriptSigRet << vch;
1379 }
922e8e29 1380 return true;
e679ec96 1381 case TX_SCRIPTHASH:
922e8e29
GA		 1382 return keystore.GetCScript(uint160(vSolutions[0]), scriptSigRet);
1383
e679ec96
GA		 1384 case TX_MULTISIG:
1385 scriptSigRet << OP_0; // workaround CHECKMULTISIG bug
1386 return (SignN(vSolutions, keystore, hash, nHashType, scriptSigRet));
bf798734 1387 }
922e8e29 1388 return false;
0a61b0df 1389}
1390
39f0d968
GA		 1391int ScriptSigArgsExpected(txnouttype t, const std::vector<std::vector<unsigned char> >& vSolutions)
1392{
1393 switch (t)
1394 {
1395 case TX_NONSTANDARD:
1396 return -1;
1397 case TX_PUBKEY:
1398 return 1;
1399 case TX_PUBKEYHASH:
1400 return 2;
1401 case TX_MULTISIG:
1402 if (vSolutions.size() < 1 || vSolutions[0].size() < 1)
1403 return -1;
1404 return vSolutions[0][0] + 1;
1405 case TX_SCRIPTHASH:
1406 return 1; // doesn't include args needed by the script
1407 }
1408 return -1;
1409}
0a61b0df 1410
a206a239 1411bool IsStandard(const CScript& scriptPubKey)
1412{
e679ec96 1413 vector<valtype> vSolutions;
2a45a494 1414 txnouttype whichType;
e679ec96
GA		 1415 if (!Solver(scriptPubKey, whichType, vSolutions))
1416 return false;
1417
1418 if (whichType == TX_MULTISIG)
1419 {
1420 unsigned char m = vSolutions.front()[0];
1421 unsigned char n = vSolutions.back()[0];
1422 // Support up to x-of-3 multisig txns as standard
1423 if (n < 1 || n > 3)
1424 return false;
1425 if (m < 1 || m > n)
1426 return false;
1427 }
1428
1429 return whichType != TX_NONSTANDARD;
a206a239 1430}
1431
1432
7bd9c3a3 1433unsigned int HaveKeys(const vector<valtype>& pubkeys, const CKeyStore& keystore)
e679ec96 1434{
7bd9c3a3 1435 unsigned int nResult = 0;
e679ec96
GA		 1436 BOOST_FOREACH(const valtype& pubkey, pubkeys)
1437 {
10254401
PW		 1438 CKeyID keyID = CPubKey(pubkey).GetID();
1439 if (keystore.HaveKey(keyID))
e679ec96
GA		 1440 ++nResult;
1441 }
1442 return nResult;
1443}
1444
10254401
PW		 1445
1446class CKeyStoreIsMineVisitor : public boost::static_visitor<bool>
1447{
1448private:
1449 const CKeyStore *keystore;
1450public:
1451 CKeyStoreIsMineVisitor(const CKeyStore *keystoreIn) : keystore(keystoreIn) { }
1452 bool operator()(const CNoDestination &dest) const { return false; }
1453 bool operator()(const CKeyID &keyID) const { return keystore->HaveKey(keyID); }
1454 bool operator()(const CScriptID &scriptID) const { return keystore->HaveCScript(scriptID); }
1455};
1456
1457bool IsMine(const CKeyStore &keystore, const CTxDestination &dest)
1458{
1459 return boost::apply_visitor(CKeyStoreIsMineVisitor(&keystore), dest);
1460}
1461
64c7ee7e 1462bool IsMine(const CKeyStore &keystore, const CScript& scriptPubKey)
0a61b0df 1463{
e679ec96 1464 vector<valtype> vSolutions;
2a45a494 1465 txnouttype whichType;
e679ec96 1466 if (!Solver(scriptPubKey, whichType, vSolutions))
4e87d341
MC		 1467 return false;
1468
10254401 1469 CKeyID keyID;
e679ec96 1470 switch (whichType)
4e87d341 1471 {
e679ec96
GA		 1472 case TX_NONSTANDARD:
1473 return false;
1474 case TX_PUBKEY:
10254401
PW		 1475 keyID = CPubKey(vSolutions[0]).GetID();
1476 return keystore.HaveKey(keyID);
e679ec96 1477 case TX_PUBKEYHASH:
10254401
PW		 1478 keyID = CKeyID(uint160(vSolutions[0]));
1479 return keystore.HaveKey(keyID);
e679ec96
GA		 1480 case TX_SCRIPTHASH:
1481 {
2a45a494 1482 CScript subscript;
10254401 1483 if (!keystore.GetCScript(CScriptID(uint160(vSolutions[0])), subscript))
e679ec96 1484 return false;
2a45a494 1485 return IsMine(keystore, subscript);
4e87d341 1486 }
e679ec96
GA		 1487 case TX_MULTISIG:
1488 {
1489 // Only consider transactions "mine" if we own ALL the
1490 // keys involved. multi-signature transactions that are
1491 // partially owned (somebody else has a key that can spend
1492 // them) enable spend-out-from-under-you attacks, especially
1493 // in shared-wallet situations.
1494 vector<valtype> keys(vSolutions.begin()+1, vSolutions.begin()+vSolutions.size()-1);
6ec76ca0 1495 return HaveKeys(keys, keystore) == keys.size();
e679ec96
GA		 1496 }
1497 }
1498 return false;
0a61b0df 1499}
1500
10254401 1501bool ExtractDestination(const CScript& scriptPubKey, CTxDestination& addressRet)
0a61b0df 1502{
e679ec96 1503 vector<valtype> vSolutions;
2a45a494 1504 txnouttype whichType;
e679ec96 1505 if (!Solver(scriptPubKey, whichType, vSolutions))
0a61b0df 1506 return false;
1507
e679ec96 1508 if (whichType == TX_PUBKEY)
0a61b0df 1509 {
10254401 1510 addressRet = CPubKey(vSolutions[0]).GetID();
e679ec96 1511 return true;
0a61b0df 1512 }
e679ec96
GA		 1513 else if (whichType == TX_PUBKEYHASH)
1514 {
10254401 1515 addressRet = CKeyID(uint160(vSolutions[0]));
e679ec96
GA		 1516 return true;
1517 }
1518 else if (whichType == TX_SCRIPTHASH)
1519 {
10254401 1520 addressRet = CScriptID(uint160(vSolutions[0]));
e679ec96
GA		 1521 return true;
1522 }
1523 // Multisig txns have more than one address...
0a61b0df 1524 return false;
1525}
1526
10254401 1527bool ExtractDestinations(const CScript& scriptPubKey, txnouttype& typeRet, vector<CTxDestination>& addressRet, int& nRequiredRet)
e679ec96
GA		 1528{
1529 addressRet.clear();
1530 typeRet = TX_NONSTANDARD;
1531 vector<valtype> vSolutions;
1532 if (!Solver(scriptPubKey, typeRet, vSolutions))
1533 return false;
0a61b0df 1534
e679ec96
GA		 1535 if (typeRet == TX_MULTISIG)
1536 {
1537 nRequiredRet = vSolutions.front()[0];
faf705a4 1538 for (unsigned int i = 1; i < vSolutions.size()-1; i++)
e679ec96 1539 {
10254401 1540 CTxDestination address = CPubKey(vSolutions[i]).GetID();
e679ec96
GA		 1541 addressRet.push_back(address);
1542 }
1543 }
1544 else
1545 {
1546 nRequiredRet = 1;
10254401
PW		 1547 CTxDestination address;
1548 if (!ExtractDestination(scriptPubKey, address))
1549 return false;
e679ec96
GA		 1550 addressRet.push_back(address);
1551 }
b63241d4 1552
e679ec96
GA		 1553 return true;
1554}
1555
922e8e29
GA		 1556bool VerifyScript(const CScript& scriptSig, const CScript& scriptPubKey, const CTransaction& txTo, unsigned int nIn,
1557 bool fValidatePayToScriptHash, int nHashType)
0a61b0df 1558{
922e8e29
GA		 1559 vector<vector<unsigned char> > stack, stackCopy;
1560 if (!EvalScript(stack, scriptSig, txTo, nIn, nHashType))
0a61b0df 1561 return false;
922e8e29
GA		 1562 if (fValidatePayToScriptHash)
1563 stackCopy = stack;
1564 if (!EvalScript(stack, scriptPubKey, txTo, nIn, nHashType))
0a61b0df 1565 return false;
1566 if (stack.empty())
1567 return false;
e679ec96 1568
922e8e29
GA		 1569 if (CastToBool(stack.back()) == false)
1570 return false;
1571
1572 // Additional validation for spend-to-script-hash transactions:
1573 if (fValidatePayToScriptHash && scriptPubKey.IsPayToScriptHash())
1574 {
1575 if (!scriptSig.IsPushOnly()) // scriptSig must be literals-only
1576 return false; // or validation fails
1577
1578 const valtype& pubKeySerialized = stackCopy.back();
1579 CScript pubKey2(pubKeySerialized.begin(), pubKeySerialized.end());
1580 popstack(stackCopy);
e679ec96 1581
922e8e29
GA		 1582 if (!EvalScript(stackCopy, pubKey2, txTo, nIn, nHashType))
1583 return false;
1584 if (stackCopy.empty())
1585 return false;
1586 return CastToBool(stackCopy.back());
1587 }
1588
1589 return true;
0a61b0df 1590}
1591
1592
d11a58a2 1593bool SignSignature(const CKeyStore &keystore, const CTransaction& txFrom, CTransaction& txTo, unsigned int nIn, int nHashType)
0a61b0df 1594{
1595 assert(nIn < txTo.vin.size());
1596 CTxIn& txin = txTo.vin[nIn];
1597 assert(txin.prevout.n < txFrom.vout.size());
1598 const CTxOut& txout = txFrom.vout[txin.prevout.n];
1599
1600 // Leave out the signature from the hash, since a signature can't sign itself.
1601 // The checksig op will also drop the signatures from its hash.
d11a58a2 1602 uint256 hash = SignatureHash(txout.scriptPubKey, txTo, nIn, nHashType);
0a61b0df 1603
922e8e29
GA		 1604 txnouttype whichType;
1605 if (!Solver(keystore, txout.scriptPubKey, hash, nHashType, txin.scriptSig, whichType))
0a61b0df 1606 return false;
1607
922e8e29
GA		 1608 if (whichType == TX_SCRIPTHASH)
1609 {
1610 // Solver returns the subscript that need to be evaluated;
1611 // the final scriptSig is the signatures from that
1612 // and then the serialized subscript:
1613 CScript subscript = txin.scriptSig;
1614
1615 // Recompute txn hash using subscript in place of scriptPubKey:
1616 uint256 hash2 = SignatureHash(subscript, txTo, nIn, nHashType);
1617 txnouttype subType;
1618 if (!Solver(keystore, subscript, hash2, nHashType, txin.scriptSig, subType))
1619 return false;
1620 if (subType == TX_SCRIPTHASH)
1621 return false;
1622 txin.scriptSig << static_cast<valtype>(subscript); // Append serialized subscript
1623 }
1624
0a61b0df 1625 // Test solution
922e8e29 1626 if (!VerifyScript(txin.scriptSig, txout.scriptPubKey, txTo, nIn, true, 0))
d11a58a2 1627 return false;
0a61b0df 1628
1629 return true;
1630}
1631
1632
922e8e29 1633bool VerifySignature(const CTransaction& txFrom, const CTransaction& txTo, unsigned int nIn, bool fValidatePayToScriptHash, int nHashType)
0a61b0df 1634{
1635 assert(nIn < txTo.vin.size());
1636 const CTxIn& txin = txTo.vin[nIn];
1637 if (txin.prevout.n >= txFrom.vout.size())
1638 return false;
1639 const CTxOut& txout = txFrom.vout[txin.prevout.n];
1640
1641 if (txin.prevout.hash != txFrom.GetHash())
1642 return false;
1643
922e8e29 1644 if (!VerifyScript(txin.scriptSig, txout.scriptPubKey, txTo, nIn, fValidatePayToScriptHash, nHashType))
0a61b0df 1645 return false;
1646
0a61b0df 1647 return true;
1648}
bf798734 1649
7bd9c3a3 1650unsigned int CScript::GetSigOpCount(bool fAccurate) const
922e8e29 1651{
7bd9c3a3 1652 unsigned int n = 0;
922e8e29
GA		 1653 const_iterator pc = begin();
1654 opcodetype lastOpcode = OP_INVALIDOPCODE;
1655 while (pc < end())
1656 {
1657 opcodetype opcode;
1658 if (!GetOp(pc, opcode))
1659 break;
1660 if (opcode == OP_CHECKSIG || opcode == OP_CHECKSIGVERIFY)
1661 n++;
1662 else if (opcode == OP_CHECKMULTISIG || opcode == OP_CHECKMULTISIGVERIFY)
1663 {
1664 if (fAccurate && lastOpcode >= OP_1 && lastOpcode <= OP_16)
1665 n += DecodeOP_N(lastOpcode);
1666 else
1667 n += 20;
1668 }
1669 lastOpcode = opcode;
1670 }
1671 return n;
1672}
1673
7bd9c3a3 1674unsigned int CScript::GetSigOpCount(const CScript& scriptSig) const
922e8e29
GA		 1675{
1676 if (!IsPayToScriptHash())
1677 return GetSigOpCount(true);
1678
1679 // This is a pay-to-script-hash scriptPubKey;
1680 // get the last item that the scriptSig
1681 // pushes onto the stack:
1682 const_iterator pc = scriptSig.begin();
1683 vector<unsigned char> data;
1684 while (pc < scriptSig.end())
1685 {
1686 opcodetype opcode;
1687 if (!scriptSig.GetOp(pc, opcode, data))
1688 return 0;
1689 if (opcode > OP_16)
1690 return 0;
1691 }
1692
1693 /// ... and return it's opcount:
1694 CScript subscript(data.begin(), data.end());
1695 return subscript.GetSigOpCount(true);
1696}
1697
1698bool CScript::IsPayToScriptHash() const
1699{
1700 // Extra-fast test for pay-to-script-hash CScripts:
1701 return (this->size() == 23 &&
1702 this->at(0) == OP_HASH160 &&
1703 this->at(1) == 0x14 &&
1704 this->at(22) == OP_EQUAL);
1705}
1706
10254401 1707class CScriptVisitor : public boost::static_visitor<bool>
bf798734 1708{
10254401
PW		 1709private:
1710 CScript *script;
1711public:
1712 CScriptVisitor(CScript *scriptin) { script = scriptin; }
1713
1714 bool operator()(const CNoDestination &dest) const {
1715 script->clear();
1716 return false;
1717 }
1718
1719 bool operator()(const CKeyID &keyID) const {
1720 script->clear();
1721 *script << OP_DUP << OP_HASH160 << keyID << OP_EQUALVERIFY << OP_CHECKSIG;
1722 return true;
1723 }
1724
1725 bool operator()(const CScriptID &scriptID) const {
1726 script->clear();
1727 *script << OP_HASH160 << scriptID << OP_EQUAL;
1728 return true;
1729 }
1730};
1731
1732void CScript::SetDestination(const CTxDestination& dest)
1733{
1734 boost::apply_visitor(CScriptVisitor(this), dest);
bf798734 1735}
e679ec96
GA		 1736
1737void CScript::SetMultisig(int nRequired, const std::vector<CKey>& keys)
bf798734 1738{
bf798734 1739 this->clear();
e679ec96
GA		 1740
1741 *this << EncodeOP_N(nRequired);
1742 BOOST_FOREACH(const CKey& key, keys)
1743 *this << key.GetPubKey();
1744 *this << EncodeOP_N(keys.size()) << OP_CHECKMULTISIG;
bf798734 1745}
Empty description
This page took 0.313638 seconds and 4 git commands to generate.