526 lines
11 KiB
JavaScript
526 lines
11 KiB
JavaScript
/*!
|
|
* common.js - common script functions for bcoin
|
|
* Copyright (c) 2014-2015, Fedor Indutny (MIT License)
|
|
* Copyright (c) 2014-2017, Christopher Jeffrey (MIT License).
|
|
* https://github.com/bcoin-org/bcoin
|
|
*/
|
|
|
|
'use strict';
|
|
|
|
/**
|
|
* @module script/common
|
|
*/
|
|
|
|
const assert = require('assert');
|
|
const util = require('../utils/util');
|
|
const secp256k1 = require('../crypto/secp256k1');
|
|
const ScriptNum = require('./scriptnum');
|
|
|
|
/**
|
|
* Script opcodes.
|
|
* @enum {Number}
|
|
* @default
|
|
*/
|
|
|
|
exports.opcodes = {
|
|
// Push
|
|
OP_0: 0x00,
|
|
|
|
OP_PUSHDATA1: 0x4c,
|
|
OP_PUSHDATA2: 0x4d,
|
|
OP_PUSHDATA4: 0x4e,
|
|
|
|
OP_1NEGATE: 0x4f,
|
|
|
|
OP_RESERVED: 0x50,
|
|
|
|
OP_1: 0x51,
|
|
OP_2: 0x52,
|
|
OP_3: 0x53,
|
|
OP_4: 0x54,
|
|
OP_5: 0x55,
|
|
OP_6: 0x56,
|
|
OP_7: 0x57,
|
|
OP_8: 0x58,
|
|
OP_9: 0x59,
|
|
OP_10: 0x5a,
|
|
OP_11: 0x5b,
|
|
OP_12: 0x5c,
|
|
OP_13: 0x5d,
|
|
OP_14: 0x5e,
|
|
OP_15: 0x5f,
|
|
OP_16: 0x60,
|
|
|
|
// Control
|
|
OP_NOP: 0x61,
|
|
OP_VER: 0x62,
|
|
OP_IF: 0x63,
|
|
OP_NOTIF: 0x64,
|
|
OP_VERIF: 0x65,
|
|
OP_VERNOTIF: 0x66,
|
|
OP_ELSE: 0x67,
|
|
OP_ENDIF: 0x68,
|
|
OP_VERIFY: 0x69,
|
|
OP_RETURN: 0x6a,
|
|
|
|
// Stack
|
|
OP_TOALTSTACK: 0x6b,
|
|
OP_FROMALTSTACK: 0x6c,
|
|
OP_2DROP: 0x6d,
|
|
OP_2DUP: 0x6e,
|
|
OP_3DUP: 0x6f,
|
|
OP_2OVER: 0x70,
|
|
OP_2ROT: 0x71,
|
|
OP_2SWAP: 0x72,
|
|
OP_IFDUP: 0x73,
|
|
OP_DEPTH: 0x74,
|
|
OP_DROP: 0x75,
|
|
OP_DUP: 0x76,
|
|
OP_NIP: 0x77,
|
|
OP_OVER: 0x78,
|
|
OP_PICK: 0x79,
|
|
OP_ROLL: 0x7a,
|
|
OP_ROT: 0x7b,
|
|
OP_SWAP: 0x7c,
|
|
OP_TUCK: 0x7d,
|
|
|
|
// Splice
|
|
OP_CAT: 0x7e,
|
|
OP_SUBSTR: 0x7f,
|
|
OP_LEFT: 0x80,
|
|
OP_RIGHT: 0x81,
|
|
OP_SIZE: 0x82,
|
|
|
|
// Bit
|
|
OP_INVERT: 0x83,
|
|
OP_AND: 0x84,
|
|
OP_OR: 0x85,
|
|
OP_XOR: 0x86,
|
|
OP_EQUAL: 0x87,
|
|
OP_EQUALVERIFY: 0x88,
|
|
OP_RESERVED1: 0x89,
|
|
OP_RESERVED2: 0x8a,
|
|
|
|
// Numeric
|
|
OP_1ADD: 0x8b,
|
|
OP_1SUB: 0x8c,
|
|
OP_2MUL: 0x8d,
|
|
OP_2DIV: 0x8e,
|
|
OP_NEGATE: 0x8f,
|
|
OP_ABS: 0x90,
|
|
OP_NOT: 0x91,
|
|
OP_0NOTEQUAL: 0x92,
|
|
OP_ADD: 0x93,
|
|
OP_SUB: 0x94,
|
|
OP_MUL: 0x95,
|
|
OP_DIV: 0x96,
|
|
OP_MOD: 0x97,
|
|
OP_LSHIFT: 0x98,
|
|
OP_RSHIFT: 0x99,
|
|
OP_BOOLAND: 0x9a,
|
|
OP_BOOLOR: 0x9b,
|
|
OP_NUMEQUAL: 0x9c,
|
|
OP_NUMEQUALVERIFY: 0x9d,
|
|
OP_NUMNOTEQUAL: 0x9e,
|
|
OP_LESSTHAN: 0x9f,
|
|
OP_GREATERTHAN: 0xa0,
|
|
OP_LESSTHANOREQUAL: 0xa1,
|
|
OP_GREATERTHANOREQUAL: 0xa2,
|
|
OP_MIN: 0xa3,
|
|
OP_MAX: 0xa4,
|
|
OP_WITHIN: 0xa5,
|
|
|
|
// Crypto
|
|
OP_RIPEMD160: 0xa6,
|
|
OP_SHA1: 0xa7,
|
|
OP_SHA256: 0xa8,
|
|
OP_HASH160: 0xa9,
|
|
OP_HASH256: 0xaa,
|
|
OP_CODESEPARATOR: 0xab,
|
|
OP_CHECKSIG: 0xac,
|
|
OP_CHECKSIGVERIFY: 0xad,
|
|
OP_CHECKMULTISIG: 0xae,
|
|
OP_CHECKMULTISIGVERIFY: 0xaf,
|
|
|
|
// Expansion
|
|
OP_NOP1: 0xb0,
|
|
OP_CHECKLOCKTIMEVERIFY: 0xb1,
|
|
OP_CHECKSEQUENCEVERIFY: 0xb2,
|
|
OP_NOP4: 0xb3,
|
|
OP_NOP5: 0xb4,
|
|
OP_NOP6: 0xb5,
|
|
OP_NOP7: 0xb6,
|
|
OP_NOP8: 0xb7,
|
|
OP_NOP9: 0xb8,
|
|
OP_NOP10: 0xb9,
|
|
|
|
// Custom
|
|
OP_INVALIDOPCODE: 0xff
|
|
};
|
|
|
|
/**
|
|
* Opcodes by value.
|
|
* @const {RevMap}
|
|
*/
|
|
|
|
exports.opcodesByVal = util.reverse(exports.opcodes);
|
|
|
|
/**
|
|
* Small ints (1 indexed, 1==0).
|
|
* @const {Buffer[]}
|
|
*/
|
|
|
|
exports.small = [
|
|
Buffer.from([0x81]),
|
|
Buffer.from([]),
|
|
Buffer.from([0x01]),
|
|
Buffer.from([0x02]),
|
|
Buffer.from([0x03]),
|
|
Buffer.from([0x04]),
|
|
Buffer.from([0x05]),
|
|
Buffer.from([0x06]),
|
|
Buffer.from([0x07]),
|
|
Buffer.from([0x08]),
|
|
Buffer.from([0x09]),
|
|
Buffer.from([0x0a]),
|
|
Buffer.from([0x0b]),
|
|
Buffer.from([0x0c]),
|
|
Buffer.from([0x0d]),
|
|
Buffer.from([0x0e]),
|
|
Buffer.from([0x0f]),
|
|
Buffer.from([0x10])
|
|
];
|
|
|
|
/**
|
|
* Script and locktime flags. See {@link VerifyFlags}.
|
|
* @enum {Number}
|
|
*/
|
|
|
|
exports.flags = {
|
|
VERIFY_NONE: 0,
|
|
VERIFY_P2SH: 1 << 0,
|
|
VERIFY_STRICTENC: 1 << 1,
|
|
VERIFY_DERSIG: 1 << 2,
|
|
VERIFY_LOW_S: 1 << 3,
|
|
VERIFY_NULLDUMMY: 1 << 4,
|
|
VERIFY_SIGPUSHONLY: 1 << 5,
|
|
VERIFY_MINIMALDATA: 1 << 6,
|
|
VERIFY_DISCOURAGE_UPGRADABLE_NOPS: 1 << 7,
|
|
VERIFY_CLEANSTACK: 1 << 8,
|
|
VERIFY_CHECKLOCKTIMEVERIFY: 1 << 9,
|
|
VERIFY_CHECKSEQUENCEVERIFY: 1 << 10,
|
|
VERIFY_WITNESS: 1 << 11,
|
|
VERIFY_DISCOURAGE_UPGRADABLE_WITNESS_PROGRAM: 1 << 12,
|
|
VERIFY_MINIMALIF: 1 << 13,
|
|
VERIFY_NULLFAIL: 1 << 14,
|
|
VERIFY_WITNESS_PUBKEYTYPE: 1 << 15,
|
|
VERIFY_MAST: 1 << 16
|
|
};
|
|
|
|
/**
|
|
* Consensus verify flags (used for block validation).
|
|
* @const {VerifyFlags}
|
|
* @default
|
|
*/
|
|
|
|
exports.flags.MANDATORY_VERIFY_FLAGS = exports.flags.VERIFY_P2SH;
|
|
|
|
/**
|
|
* Standard verify flags (used for mempool validation).
|
|
* @const {VerifyFlags}
|
|
* @default
|
|
*/
|
|
|
|
exports.flags.STANDARD_VERIFY_FLAGS = 0
|
|
| exports.flags.MANDATORY_VERIFY_FLAGS
|
|
| exports.flags.VERIFY_DERSIG
|
|
| exports.flags.VERIFY_STRICTENC
|
|
| exports.flags.VERIFY_MINIMALDATA
|
|
| exports.flags.VERIFY_NULLDUMMY
|
|
| exports.flags.VERIFY_DISCOURAGE_UPGRADABLE_NOPS
|
|
| exports.flags.VERIFY_CLEANSTACK
|
|
| exports.flags.VERIFY_MINIMALIF
|
|
| exports.flags.VERIFY_NULLFAIL
|
|
| exports.flags.VERIFY_CHECKLOCKTIMEVERIFY
|
|
| exports.flags.VERIFY_CHECKSEQUENCEVERIFY
|
|
| exports.flags.VERIFY_LOW_S
|
|
| exports.flags.VERIFY_WITNESS
|
|
| exports.flags.VERIFY_DISCOURAGE_UPGRADABLE_WITNESS_PROGRAM
|
|
| exports.flags.VERIFY_WITNESS_PUBKEYTYPE;
|
|
|
|
/**
|
|
* Standard flags without mandatory bits.
|
|
* @const {VerifyFlags}
|
|
* @default
|
|
*/
|
|
|
|
exports.flags.ONLY_STANDARD_VERIFY_FLAGS =
|
|
exports.flags.STANDARD_VERIFY_FLAGS & ~exports.flags.MANDATORY_VERIFY_FLAGS;
|
|
|
|
/**
|
|
* Sighash Types.
|
|
* @enum {SighashType}
|
|
* @default
|
|
*/
|
|
|
|
exports.hashType = {
|
|
/*
|
|
* Sign all outputs.
|
|
*/
|
|
|
|
ALL: 1,
|
|
|
|
/*
|
|
* Do not sign outputs (zero sequences).
|
|
*/
|
|
|
|
NONE: 2,
|
|
|
|
/*
|
|
* Sign output at the same index (zero sequences).
|
|
*/
|
|
|
|
SINGLE: 3,
|
|
|
|
/*
|
|
* Sign only the current input (mask).
|
|
*/
|
|
|
|
ANYONECANPAY: 0x80,
|
|
|
|
/*
|
|
* Omit the Flo TX Comment from the signature
|
|
*/
|
|
|
|
OMIT_TX_COMMENT: (1 << 6)
|
|
};
|
|
|
|
/**
|
|
* Sighash types by value.
|
|
* @const {RevMap}
|
|
*/
|
|
|
|
exports.hashTypeByVal = util.reverse(exports.hashType);
|
|
|
|
/**
|
|
* Output script types.
|
|
* @enum {Number}
|
|
*/
|
|
|
|
exports.types = {
|
|
NONSTANDARD: 0,
|
|
PUBKEY: 1,
|
|
PUBKEYHASH: 2,
|
|
SCRIPTHASH: 3,
|
|
MULTISIG: 4,
|
|
NULLDATA: 5,
|
|
WITNESSMALFORMED: 0x80 | 0,
|
|
WITNESSSCRIPTHASH: 0x80 | 1,
|
|
WITNESSPUBKEYHASH: 0x80 | 2,
|
|
WITNESSMASTHASH: 0x80 | 3
|
|
};
|
|
|
|
/**
|
|
* Output script types by value.
|
|
* @const {RevMap}
|
|
*/
|
|
|
|
exports.typesByVal = util.reverse(exports.types);
|
|
|
|
/**
|
|
* Test a signature to see whether it contains a valid sighash type.
|
|
* @param {Buffer} sig
|
|
* @returns {Boolean}
|
|
*/
|
|
|
|
exports.isHashType = function isHashType(sig) {
|
|
assert(Buffer.isBuffer(sig));
|
|
|
|
if (sig.length === 0)
|
|
return false;
|
|
|
|
const type = sig[sig.length - 1] & ~exports.hashType.ANYONECANPAY;
|
|
|
|
if (!(type >= exports.hashType.ALL && type <= exports.hashType.SINGLE))
|
|
return false;
|
|
|
|
return true;
|
|
};
|
|
|
|
/**
|
|
* Test a signature to see whether it contains a low S value.
|
|
* @param {Buffer} sig
|
|
* @returns {Boolean}
|
|
*/
|
|
|
|
exports.isLowDER = function isLowDER(sig) {
|
|
if (!exports.isSignatureEncoding(sig))
|
|
return false;
|
|
|
|
return secp256k1.isLowS(sig.slice(0, -1));
|
|
};
|
|
|
|
/**
|
|
* Test whether the data element is a valid key.
|
|
* @param {Buffer} key
|
|
* @returns {Boolean}
|
|
*/
|
|
|
|
exports.isKeyEncoding = function isKeyEncoding(key) {
|
|
assert(Buffer.isBuffer(key));
|
|
|
|
if (key.length < 33)
|
|
return false;
|
|
|
|
if (key[0] === 0x04) {
|
|
if (key.length !== 65)
|
|
return false;
|
|
} else if (key[0] === 0x02 || key[0] === 0x03) {
|
|
if (key.length !== 33)
|
|
return false;
|
|
} else {
|
|
return false;
|
|
}
|
|
|
|
return true;
|
|
};
|
|
|
|
/**
|
|
* Test whether the data element is a compressed key.
|
|
* @param {Buffer} key
|
|
* @returns {Boolean}
|
|
*/
|
|
|
|
exports.isCompressedEncoding = function isCompressedEncoding(key) {
|
|
assert(Buffer.isBuffer(key));
|
|
|
|
if (key.length !== 33)
|
|
return false;
|
|
|
|
if (key[0] !== 0x02 && key[0] !== 0x03)
|
|
return false;
|
|
|
|
return true;
|
|
};
|
|
|
|
/**
|
|
* Test a signature to see if it abides by BIP66.
|
|
* @see https://github.com/bitcoin/bips/blob/master/bip-0066.mediawiki
|
|
* @param {Buffer} sig
|
|
* @returns {Boolean}
|
|
*/
|
|
|
|
exports.isSignatureEncoding = function isSignatureEncoding(sig) {
|
|
assert(Buffer.isBuffer(sig));
|
|
|
|
// Format:
|
|
// 0x30 [total-length] 0x02 [R-length] [R] 0x02 [S-length] [S] [sighash]
|
|
// * total-length: 1-byte length descriptor of everything that follows,
|
|
// excluding the sighash byte.
|
|
// * R-length: 1-byte length descriptor of the R value that follows.
|
|
// * R: arbitrary-length big-endian encoded R value. It must use the shortest
|
|
// possible encoding for a positive integers (which means no null bytes at
|
|
// the start, except a single one when the next byte has its highest bit
|
|
// set).
|
|
// * S-length: 1-byte length descriptor of the S value that follows.
|
|
// * S: arbitrary-length big-endian encoded S value. The same rules apply.
|
|
// * sighash: 1-byte value indicating what data is hashed (not part of the DER
|
|
// signature)
|
|
|
|
// Minimum and maximum size constraints.
|
|
if (sig.length < 9)
|
|
return false;
|
|
|
|
if (sig.length > 73)
|
|
return false;
|
|
|
|
// A signature is of type 0x30 (compound).
|
|
if (sig[0] !== 0x30)
|
|
return false;
|
|
|
|
// Make sure the length covers the entire signature.
|
|
if (sig[1] !== sig.length - 3)
|
|
return false;
|
|
|
|
// Extract the length of the R element.
|
|
const lenR = sig[3];
|
|
|
|
// Make sure the length of the S element is still inside the signature.
|
|
if (5 + lenR >= sig.length)
|
|
return false;
|
|
|
|
// Extract the length of the S element.
|
|
const lenS = sig[5 + lenR];
|
|
|
|
// Verify that the length of the signature matches the sum of the length
|
|
// of the elements.
|
|
if (lenR + lenS + 7 !== sig.length)
|
|
return false;
|
|
|
|
// Check whether the R element is an integer.
|
|
if (sig[2] !== 0x02)
|
|
return false;
|
|
|
|
// Zero-length integers are not allowed for R.
|
|
if (lenR === 0)
|
|
return false;
|
|
|
|
// Negative numbers are not allowed for R.
|
|
if (sig[4] & 0x80)
|
|
return false;
|
|
|
|
// Null bytes at the start of R are not allowed, unless R would
|
|
// otherwise be interpreted as a negative number.
|
|
if (lenR > 1 && (sig[4] === 0x00) && !(sig[5] & 0x80))
|
|
return false;
|
|
|
|
// Check whether the S element is an integer.
|
|
if (sig[lenR + 4] !== 0x02)
|
|
return false;
|
|
|
|
// Zero-length integers are not allowed for S.
|
|
if (lenS === 0)
|
|
return false;
|
|
|
|
// Negative numbers are not allowed for S.
|
|
if (sig[lenR + 6] & 0x80)
|
|
return false;
|
|
|
|
// Null bytes at the start of S are not allowed, unless S would otherwise be
|
|
// interpreted as a negative number.
|
|
if (lenS > 1 && (sig[lenR + 6] === 0x00) && !(sig[lenR + 7] & 0x80))
|
|
return false;
|
|
|
|
return true;
|
|
};
|
|
|
|
/**
|
|
* Format stack item into bitcoind asm format.
|
|
* @param {Buffer} item
|
|
* @param {Boolean?} decode - Attempt to decode hash types.
|
|
* @returns {String} Human-readable string.
|
|
*/
|
|
|
|
exports.toASM = function toASM(item, decode) {
|
|
if (item.length <= 4) {
|
|
const num = ScriptNum.decode(item);
|
|
return num.toString(10);
|
|
}
|
|
|
|
if (decode && exports.isSignatureEncoding(item)) {
|
|
const type = item[item.length - 1];
|
|
|
|
let symbol = exports.hashTypeByVal[type & 0x1f] || '';
|
|
|
|
if (symbol) {
|
|
if (type & exports.hashType.ANYONECANPAY)
|
|
symbol += '|ANYONECANPAY';
|
|
symbol = `[${symbol}]`;
|
|
}
|
|
|
|
return item.slice(0, -1).toString('hex') + symbol;
|
|
}
|
|
|
|
return item.toString('hex');
|
|
};
|