-// Copyright (c) 2009-2010 Satoshi Nakamoto\r
-// Distributed under the MIT/X11 software license, see the accompanying\r
-// file license.txt or http://www.opensource.org/licenses/mit-license.php.\r
-\r
-#include "headers.h"\r
-\r
-bool CheckSig(vector<unsigned char> vchSig, vector<unsigned char> vchPubKey, CScript scriptCode, const CTransaction& txTo, unsigned int nIn, int nHashType);\r
-\r
-\r
-\r
-typedef vector<unsigned char> valtype;\r
-static const valtype vchFalse(0);\r
-static const valtype vchZero(0);\r
-static const valtype vchTrue(1, 1);\r
-static const CBigNum bnZero(0);\r
-static const CBigNum bnOne(1);\r
-static const CBigNum bnFalse(0);\r
-static const CBigNum bnTrue(1);\r
-\r
-\r
-bool CastToBool(const valtype& vch)\r
-{\r
- return (CBigNum(vch) != bnZero);\r
-}\r
-\r
-void MakeSameSize(valtype& vch1, valtype& vch2)\r
-{\r
- // Lengthen the shorter one\r
- if (vch1.size() < vch2.size())\r
- vch1.resize(vch2.size(), 0);\r
- if (vch2.size() < vch1.size())\r
- vch2.resize(vch1.size(), 0);\r
-}\r
-\r
-\r
-\r
-//\r
-// Script is a stack machine (like Forth) that evaluates a predicate\r
-// returning a bool indicating valid or not. There are no loops.\r
-//\r
-#define stacktop(i) (stack.at(stack.size()+(i)))\r
-#define altstacktop(i) (altstack.at(altstack.size()+(i)))\r
-\r
-bool EvalScript(const CScript& script, const CTransaction& txTo, unsigned int nIn, int nHashType,\r
- vector<vector<unsigned char> >* pvStackRet)\r
-{\r
- CAutoBN_CTX pctx;\r
- CScript::const_iterator pc = script.begin();\r
- CScript::const_iterator pend = script.end();\r
- CScript::const_iterator pbegincodehash = script.begin();\r
- vector<bool> vfExec;\r
- vector<valtype> stack;\r
- vector<valtype> altstack;\r
- if (pvStackRet)\r
- pvStackRet->clear();\r
-\r
-\r
- while (pc < pend)\r
- {\r
- bool fExec = !count(vfExec.begin(), vfExec.end(), false);\r
-\r
- //\r
- // Read instruction\r
- //\r
- opcodetype opcode;\r
- valtype vchPushValue;\r
- if (!script.GetOp(pc, opcode, vchPushValue))\r
- return false;\r
-\r
- if (fExec && opcode <= OP_PUSHDATA4)\r
- stack.push_back(vchPushValue);\r
- else if (fExec || (OP_IF <= opcode && opcode <= OP_ENDIF))\r
- switch (opcode)\r
- {\r
- //\r
- // Push value\r
- //\r
- case OP_1NEGATE:\r
- case OP_1:\r
- case OP_2:\r
- case OP_3:\r
- case OP_4:\r
- case OP_5:\r
- case OP_6:\r
- case OP_7:\r
- case OP_8:\r
- case OP_9:\r
- case OP_10:\r
- case OP_11:\r
- case OP_12:\r
- case OP_13:\r
- case OP_14:\r
- case OP_15:\r
- case OP_16:\r
- {\r
- // ( -- value)\r
- CBigNum bn((int)opcode - (int)(OP_1 - 1));\r
- stack.push_back(bn.getvch());\r
- }\r
- break;\r
-\r
-\r
- //\r
- // Control\r
- //\r
- case OP_NOP:\r
- break;\r
-\r
- case OP_VER:\r
- {\r
- CBigNum bn(VERSION);\r
- stack.push_back(bn.getvch());\r
- }\r
- break;\r
-\r
- case OP_IF:\r
- case OP_NOTIF:\r
- case OP_VERIF:\r
- case OP_VERNOTIF:\r
- {\r
- // <expression> if [statements] [else [statements]] endif\r
- bool fValue = false;\r
- if (fExec)\r
- {\r
- if (stack.size() < 1)\r
- return false;\r
- valtype& vch = stacktop(-1);\r
- if (opcode == OP_VERIF || opcode == OP_VERNOTIF)\r
- fValue = (CBigNum(VERSION) >= CBigNum(vch));\r
- else\r
- fValue = CastToBool(vch);\r
- if (opcode == OP_NOTIF || opcode == OP_VERNOTIF)\r
- fValue = !fValue;\r
- stack.pop_back();\r
- }\r
- vfExec.push_back(fValue);\r
- }\r
- break;\r
-\r
- case OP_ELSE:\r
- {\r
- if (vfExec.empty())\r
- return false;\r
- vfExec.back() = !vfExec.back();\r
- }\r
- break;\r
-\r
- case OP_ENDIF:\r
- {\r
- if (vfExec.empty())\r
- return false;\r
- vfExec.pop_back();\r
- }\r
- break;\r
-\r
- case OP_VERIFY:\r
- {\r
- // (true -- ) or\r
- // (false -- false) and return\r
- if (stack.size() < 1)\r
- return false;\r
- bool fValue = CastToBool(stacktop(-1));\r
- if (fValue)\r
- stack.pop_back();\r
- else\r
- pc = pend;\r
- }\r
- break;\r
-\r
- case OP_RETURN:\r
- {\r
- pc = pend;\r
- }\r
- break;\r
-\r
-\r
- //\r
- // Stack ops\r
- //\r
- case OP_TOALTSTACK:\r
- {\r
- if (stack.size() < 1)\r
- return false;\r
- altstack.push_back(stacktop(-1));\r
- stack.pop_back();\r
- }\r
- break;\r
-\r
- case OP_FROMALTSTACK:\r
- {\r
- if (altstack.size() < 1)\r
- return false;\r
- stack.push_back(altstacktop(-1));\r
- altstack.pop_back();\r
- }\r
- break;\r
-\r
- case OP_2DROP:\r
- {\r
- // (x1 x2 -- )\r
- stack.pop_back();\r
- stack.pop_back();\r
- }\r
- break;\r
-\r
- case OP_2DUP:\r
- {\r
- // (x1 x2 -- x1 x2 x1 x2)\r
- if (stack.size() < 2)\r
- return false;\r
- valtype vch1 = stacktop(-2);\r
- valtype vch2 = stacktop(-1);\r
- stack.push_back(vch1);\r
- stack.push_back(vch2);\r
- }\r
- break;\r
-\r
- case OP_3DUP:\r
- {\r
- // (x1 x2 x3 -- x1 x2 x3 x1 x2 x3)\r
- if (stack.size() < 3)\r
- return false;\r
- valtype vch1 = stacktop(-3);\r
- valtype vch2 = stacktop(-2);\r
- valtype vch3 = stacktop(-1);\r
- stack.push_back(vch1);\r
- stack.push_back(vch2);\r
- stack.push_back(vch3);\r
- }\r
- break;\r
-\r
- case OP_2OVER:\r
- {\r
- // (x1 x2 x3 x4 -- x1 x2 x3 x4 x1 x2)\r
- if (stack.size() < 4)\r
- return false;\r
- valtype vch1 = stacktop(-4);\r
- valtype vch2 = stacktop(-3);\r
- stack.push_back(vch1);\r
- stack.push_back(vch2);\r
- }\r
- break;\r
-\r
- case OP_2ROT:\r
- {\r
- // (x1 x2 x3 x4 x5 x6 -- x3 x4 x5 x6 x1 x2)\r
- if (stack.size() < 6)\r
- return false;\r
- valtype vch1 = stacktop(-6);\r
- valtype vch2 = stacktop(-5);\r
- stack.erase(stack.end()-6, stack.end()-4);\r
- stack.push_back(vch1);\r
- stack.push_back(vch2);\r
- }\r
- break;\r
-\r
- case OP_2SWAP:\r
- {\r
- // (x1 x2 x3 x4 -- x3 x4 x1 x2)\r
- if (stack.size() < 4)\r
- return false;\r
- swap(stacktop(-4), stacktop(-2));\r
- swap(stacktop(-3), stacktop(-1));\r
- }\r
- break;\r
-\r
- case OP_IFDUP:\r
- {\r
- // (x - 0 | x x)\r
- if (stack.size() < 1)\r
- return false;\r
- valtype vch = stacktop(-1);\r
- if (CastToBool(vch))\r
- stack.push_back(vch);\r
- }\r
- break;\r
-\r
- case OP_DEPTH:\r
- {\r
- // -- stacksize\r
- CBigNum bn(stack.size());\r
- stack.push_back(bn.getvch());\r
- }\r
- break;\r
-\r
- case OP_DROP:\r
- {\r
- // (x -- )\r
- if (stack.size() < 1)\r
- return false;\r
- stack.pop_back();\r
- }\r
- break;\r
-\r
- case OP_DUP:\r
- {\r
- // (x -- x x)\r
- if (stack.size() < 1)\r
- return false;\r
- valtype vch = stacktop(-1);\r
- stack.push_back(vch);\r
- }\r
- break;\r
-\r
- case OP_NIP:\r
- {\r
- // (x1 x2 -- x2)\r
- if (stack.size() < 2)\r
- return false;\r
- stack.erase(stack.end() - 2);\r
- }\r
- break;\r
-\r
- case OP_OVER:\r
- {\r
- // (x1 x2 -- x1 x2 x1)\r
- if (stack.size() < 2)\r
- return false;\r
- valtype vch = stacktop(-2);\r
- stack.push_back(vch);\r
- }\r
- break;\r
-\r
- case OP_PICK:\r
- case OP_ROLL:\r
- {\r
- // (xn ... x2 x1 x0 n - xn ... x2 x1 x0 xn)\r
- // (xn ... x2 x1 x0 n - ... x2 x1 x0 xn)\r
- if (stack.size() < 2)\r
- return false;\r
- int n = CBigNum(stacktop(-1)).getint();\r
- stack.pop_back();\r
- if (n < 0 || n >= stack.size())\r
- return false;\r
- valtype vch = stacktop(-n-1);\r
- if (opcode == OP_ROLL)\r
- stack.erase(stack.end()-n-1);\r
- stack.push_back(vch);\r
- }\r
- break;\r
-\r
- case OP_ROT:\r
- {\r
- // (x1 x2 x3 -- x2 x3 x1)\r
- // x2 x1 x3 after first swap\r
- // x2 x3 x1 after second swap\r
- if (stack.size() < 3)\r
- return false;\r
- swap(stacktop(-3), stacktop(-2));\r
- swap(stacktop(-2), stacktop(-1));\r
- }\r
- break;\r
-\r
- case OP_SWAP:\r
- {\r
- // (x1 x2 -- x2 x1)\r
- if (stack.size() < 2)\r
- return false;\r
- swap(stacktop(-2), stacktop(-1));\r
- }\r
- break;\r
-\r
- case OP_TUCK:\r
- {\r
- // (x1 x2 -- x2 x1 x2)\r
- if (stack.size() < 2)\r
- return false;\r
- valtype vch = stacktop(-1);\r
- stack.insert(stack.end()-2, vch);\r
- }\r
- break;\r
-\r
-\r
- //\r
- // Splice ops\r
- //\r
- case OP_CAT:\r
- {\r
- // (x1 x2 -- out)\r
- if (stack.size() < 2)\r
- return false;\r
- valtype& vch1 = stacktop(-2);\r
- valtype& vch2 = stacktop(-1);\r
- vch1.insert(vch1.end(), vch2.begin(), vch2.end());\r
- stack.pop_back();\r
- }\r
- break;\r
-\r
- case OP_SUBSTR:\r
- {\r
- // (in begin size -- out)\r
- if (stack.size() < 3)\r
- return false;\r
- valtype& vch = stacktop(-3);\r
- int nBegin = CBigNum(stacktop(-2)).getint();\r
- int nEnd = nBegin + CBigNum(stacktop(-1)).getint();\r
- if (nBegin < 0 || nEnd < nBegin)\r
- return false;\r
- if (nBegin > vch.size())\r
- nBegin = vch.size();\r
- if (nEnd > vch.size())\r
- nEnd = vch.size();\r
- vch.erase(vch.begin() + nEnd, vch.end());\r
- vch.erase(vch.begin(), vch.begin() + nBegin);\r
- stack.pop_back();\r
- stack.pop_back();\r
- }\r
- break;\r
-\r
- case OP_LEFT:\r
- case OP_RIGHT:\r
- {\r
- // (in size -- out)\r
- if (stack.size() < 2)\r
- return false;\r
- valtype& vch = stacktop(-2);\r
- int nSize = CBigNum(stacktop(-1)).getint();\r
- if (nSize < 0)\r
- return false;\r
- if (nSize > vch.size())\r
- nSize = vch.size();\r
- if (opcode == OP_LEFT)\r
- vch.erase(vch.begin() + nSize, vch.end());\r
- else\r
- vch.erase(vch.begin(), vch.end() - nSize);\r
- stack.pop_back();\r
- }\r
- break;\r
-\r
- case OP_SIZE:\r
- {\r
- // (in -- in size)\r
- if (stack.size() < 1)\r
- return false;\r
- CBigNum bn(stacktop(-1).size());\r
- stack.push_back(bn.getvch());\r
- }\r
- break;\r
-\r
-\r
- //\r
- // Bitwise logic\r
- //\r
- case OP_INVERT:\r
- {\r
- // (in - out)\r
- if (stack.size() < 1)\r
- return false;\r
- valtype& vch = stacktop(-1);\r
- for (int i = 0; i < vch.size(); i++)\r
- vch[i] = ~vch[i];\r
- }\r
- break;\r
-\r
- case OP_AND:\r
- case OP_OR:\r
- case OP_XOR:\r
- {\r
- // (x1 x2 - out)\r
- if (stack.size() < 2)\r
- return false;\r
- valtype& vch1 = stacktop(-2);\r
- valtype& vch2 = stacktop(-1);\r
- MakeSameSize(vch1, vch2);\r
- if (opcode == OP_AND)\r
- {\r
- for (int i = 0; i < vch1.size(); i++)\r
- vch1[i] &= vch2[i];\r
- }\r
- else if (opcode == OP_OR)\r
- {\r
- for (int i = 0; i < vch1.size(); i++)\r
- vch1[i] |= vch2[i];\r
- }\r
- else if (opcode == OP_XOR)\r
- {\r
- for (int i = 0; i < vch1.size(); i++)\r
- vch1[i] ^= vch2[i];\r
- }\r
- stack.pop_back();\r
- }\r
- break;\r
-\r
- case OP_EQUAL:\r
- case OP_EQUALVERIFY:\r
- //case OP_NOTEQUAL: // use OP_NUMNOTEQUAL\r
- {\r
- // (x1 x2 - bool)\r
- if (stack.size() < 2)\r
- return false;\r
- valtype& vch1 = stacktop(-2);\r
- valtype& vch2 = stacktop(-1);\r
- bool fEqual = (vch1 == vch2);\r
- // OP_NOTEQUAL is disabled because it would be too easy to say\r
- // something like n != 1 and have some wiseguy pass in 1 with extra\r
- // zero bytes after it (numerically, 0x01 == 0x0001 == 0x000001)\r
- //if (opcode == OP_NOTEQUAL)\r
- // fEqual = !fEqual;\r
- stack.pop_back();\r
- stack.pop_back();\r
- stack.push_back(fEqual ? vchTrue : vchFalse);\r
- if (opcode == OP_EQUALVERIFY)\r
- {\r
- if (fEqual)\r
- stack.pop_back();\r
- else\r
- pc = pend;\r
- }\r
- }\r
- break;\r
-\r
-\r
- //\r
- // Numeric\r
- //\r
- case OP_1ADD:\r
- case OP_1SUB:\r
- case OP_2MUL:\r
- case OP_2DIV:\r
- case OP_NEGATE:\r
- case OP_ABS:\r
- case OP_NOT:\r
- case OP_0NOTEQUAL:\r
- {\r
- // (in -- out)\r
- if (stack.size() < 1)\r
- return false;\r
- CBigNum bn(stacktop(-1));\r
- switch (opcode)\r
- {\r
- case OP_1ADD: bn += bnOne; break;\r
- case OP_1SUB: bn -= bnOne; break;\r
- case OP_2MUL: bn <<= 1; break;\r
- case OP_2DIV: bn >>= 1; break;\r
- case OP_NEGATE: bn = -bn; break;\r
- case OP_ABS: if (bn < bnZero) bn = -bn; break;\r
- case OP_NOT: bn = (bn == bnZero); break;\r
- case OP_0NOTEQUAL: bn = (bn != bnZero); break;\r
- }\r
- stack.pop_back();\r
- stack.push_back(bn.getvch());\r
- }\r
- break;\r
-\r
- case OP_ADD:\r
- case OP_SUB:\r
- case OP_MUL:\r
- case OP_DIV:\r
- case OP_MOD:\r
- case OP_LSHIFT:\r
- case OP_RSHIFT:\r
- case OP_BOOLAND:\r
- case OP_BOOLOR:\r
- case OP_NUMEQUAL:\r
- case OP_NUMEQUALVERIFY:\r
- case OP_NUMNOTEQUAL:\r
- case OP_LESSTHAN:\r
- case OP_GREATERTHAN:\r
- case OP_LESSTHANOREQUAL:\r
- case OP_GREATERTHANOREQUAL:\r
- case OP_MIN:\r
- case OP_MAX:\r
- {\r
- // (x1 x2 -- out)\r
- if (stack.size() < 2)\r
- return false;\r
- CBigNum bn1(stacktop(-2));\r
- CBigNum bn2(stacktop(-1));\r
- CBigNum bn;\r
- switch (opcode)\r
- {\r
- case OP_ADD:\r
- bn = bn1 + bn2;\r
- break;\r
-\r
- case OP_SUB:\r
- bn = bn1 - bn2;\r
- break;\r
-\r
- case OP_MUL:\r
- if (!BN_mul(&bn, &bn1, &bn2, pctx))\r
- return false;\r
- break;\r
-\r
- case OP_DIV:\r
- if (!BN_div(&bn, NULL, &bn1, &bn2, pctx))\r
- return false;\r
- break;\r
-\r
- case OP_MOD:\r
- if (!BN_mod(&bn, &bn1, &bn2, pctx))\r
- return false;\r
- break;\r
-\r
- case OP_LSHIFT:\r
- if (bn2 < bnZero)\r
- return false;\r
- bn = bn1 << bn2.getulong();\r
- break;\r
-\r
- case OP_RSHIFT:\r
- if (bn2 < bnZero)\r
- return false;\r
- bn = bn1 >> bn2.getulong();\r
- break;\r
-\r
- case OP_BOOLAND: bn = (bn1 != bnZero && bn2 != bnZero); break;\r
- case OP_BOOLOR: bn = (bn1 != bnZero || bn2 != bnZero); break;\r
- case OP_NUMEQUAL: bn = (bn1 == bn2); break;\r
- case OP_NUMEQUALVERIFY: bn = (bn1 == bn2); break;\r
- case OP_NUMNOTEQUAL: bn = (bn1 != bn2); break;\r
- case OP_LESSTHAN: bn = (bn1 < bn2); break;\r
- case OP_GREATERTHAN: bn = (bn1 > bn2); break;\r
- case OP_LESSTHANOREQUAL: bn = (bn1 <= bn2); break;\r
- case OP_GREATERTHANOREQUAL: bn = (bn1 >= bn2); break;\r
- case OP_MIN: bn = (bn1 < bn2 ? bn1 : bn2); break;\r
- case OP_MAX: bn = (bn1 > bn2 ? bn1 : bn2); break;\r
- }\r
- stack.pop_back();\r
- stack.pop_back();\r
- stack.push_back(bn.getvch());\r
-\r
- if (opcode == OP_NUMEQUALVERIFY)\r
- {\r
- if (CastToBool(stacktop(-1)))\r
- stack.pop_back();\r
- else\r
- pc = pend;\r
- }\r
- }\r
- break;\r
-\r
- case OP_WITHIN:\r
- {\r
- // (x min max -- out)\r
- if (stack.size() < 3)\r
- return false;\r
- CBigNum bn1(stacktop(-3));\r
- CBigNum bn2(stacktop(-2));\r
- CBigNum bn3(stacktop(-1));\r
- bool fValue = (bn2 <= bn1 && bn1 < bn3);\r
- stack.pop_back();\r
- stack.pop_back();\r
- stack.pop_back();\r
- stack.push_back(fValue ? vchTrue : vchFalse);\r
- }\r
- break;\r
-\r
-\r
- //\r
- // Crypto\r
- //\r
- case OP_RIPEMD160:\r
- case OP_SHA1:\r
- case OP_SHA256:\r
- case OP_HASH160:\r
- case OP_HASH256:\r
- {\r
- // (in -- hash)\r
- if (stack.size() < 1)\r
- return false;\r
- valtype& vch = stacktop(-1);\r
- valtype vchHash((opcode == OP_RIPEMD160 || opcode == OP_SHA1 || opcode == OP_HASH160) ? 20 : 32);\r
- if (opcode == OP_RIPEMD160)\r
- RIPEMD160(&vch[0], vch.size(), &vchHash[0]);\r
- else if (opcode == OP_SHA1)\r
- SHA1(&vch[0], vch.size(), &vchHash[0]);\r
- else if (opcode == OP_SHA256)\r
- SHA256(&vch[0], vch.size(), &vchHash[0]);\r
- else if (opcode == OP_HASH160)\r
- {\r
- uint160 hash160 = Hash160(vch);\r
- memcpy(&vchHash[0], &hash160, sizeof(hash160));\r
- }\r
- else if (opcode == OP_HASH256)\r
- {\r
- uint256 hash = Hash(vch.begin(), vch.end());\r
- memcpy(&vchHash[0], &hash, sizeof(hash));\r
- }\r
- stack.pop_back();\r
- stack.push_back(vchHash);\r
- }\r
- break;\r
-\r
- case OP_CODESEPARATOR:\r
- {\r
- // Hash starts after the code separator\r
- pbegincodehash = pc;\r
- }\r
- break;\r
-\r
- case OP_CHECKSIG:\r
- case OP_CHECKSIGVERIFY:\r
- {\r
- // (sig pubkey -- bool)\r
- if (stack.size() < 2)\r
- return false;\r
-\r
- valtype& vchSig = stacktop(-2);\r
- valtype& vchPubKey = stacktop(-1);\r
-\r
- ////// debug print\r
- //PrintHex(vchSig.begin(), vchSig.end(), "sig: %s\n");\r
- //PrintHex(vchPubKey.begin(), vchPubKey.end(), "pubkey: %s\n");\r
-\r
- // Subset of script starting at the most recent codeseparator\r
- CScript scriptCode(pbegincodehash, pend);\r
-\r
- // Drop the signature, since there's no way for a signature to sign itself\r
- scriptCode.FindAndDelete(CScript(vchSig));\r
-\r
- bool fSuccess = CheckSig(vchSig, vchPubKey, scriptCode, txTo, nIn, nHashType);\r
-\r
- stack.pop_back();\r
- stack.pop_back();\r
- stack.push_back(fSuccess ? vchTrue : vchFalse);\r
- if (opcode == OP_CHECKSIGVERIFY)\r
- {\r
- if (fSuccess)\r
- stack.pop_back();\r
- else\r
- pc = pend;\r
- }\r
- }\r
- break;\r
-\r
- case OP_CHECKMULTISIG:\r
- case OP_CHECKMULTISIGVERIFY:\r
- {\r
- // ([sig ...] num_of_signatures [pubkey ...] num_of_pubkeys -- bool)\r
-\r
- int i = 1;\r
- if (stack.size() < i)\r
- return false;\r
-\r
- int nKeysCount = CBigNum(stacktop(-i)).getint();\r
- if (nKeysCount < 0)\r
- return false;\r
- int ikey = ++i;\r
- i += nKeysCount;\r
- if (stack.size() < i)\r
- return false;\r
-\r
- int nSigsCount = CBigNum(stacktop(-i)).getint();\r
- if (nSigsCount < 0 || nSigsCount > nKeysCount)\r
- return false;\r
- int isig = ++i;\r
- i += nSigsCount;\r
- if (stack.size() < i)\r
- return false;\r
-\r
- // Subset of script starting at the most recent codeseparator\r
- CScript scriptCode(pbegincodehash, pend);\r
-\r
- // Drop the signatures, since there's no way for a signature to sign itself\r
- for (int k = 0; k < nSigsCount; k++)\r
- {\r
- valtype& vchSig = stacktop(-isig-k);\r
- scriptCode.FindAndDelete(CScript(vchSig));\r
- }\r
-\r
- bool fSuccess = true;\r
- while (fSuccess && nSigsCount > 0)\r
- {\r
- valtype& vchSig = stacktop(-isig);\r
- valtype& vchPubKey = stacktop(-ikey);\r
-\r
- // Check signature\r
- if (CheckSig(vchSig, vchPubKey, scriptCode, txTo, nIn, nHashType))\r
- {\r
- isig++;\r
- nSigsCount--;\r
- }\r
- ikey++;\r
- nKeysCount--;\r
-\r
- // If there are more signatures left than keys left,\r
- // then too many signatures have failed\r
- if (nSigsCount > nKeysCount)\r
- fSuccess = false;\r
- }\r
-\r
- while (i-- > 0)\r
- stack.pop_back();\r
- stack.push_back(fSuccess ? vchTrue : vchFalse);\r
-\r
- if (opcode == OP_CHECKMULTISIGVERIFY)\r
- {\r
- if (fSuccess)\r
- stack.pop_back();\r
- else\r
- pc = pend;\r
- }\r
- }\r
- break;\r
-\r
- default:\r
- return false;\r
- }\r
- }\r
-\r
-\r
- if (pvStackRet)\r
- *pvStackRet = stack;\r
- return (stack.empty() ? false : CastToBool(stack.back()));\r
-}\r
-\r
-#undef top\r
-\r
-\r
-\r
-\r
-\r
-\r
-\r
-\r
-\r
-uint256 SignatureHash(CScript scriptCode, const CTransaction& txTo, unsigned int nIn, int nHashType)\r
-{\r
- if (nIn >= txTo.vin.size())\r
- {\r
- printf("ERROR: SignatureHash() : nIn=%d out of range\n", nIn);\r
- return 1;\r
- }\r
- CTransaction txTmp(txTo);\r
-\r
- // In case concatenating two scripts ends up with two codeseparators,\r
- // or an extra one at the end, this prevents all those possible incompatibilities.\r
- scriptCode.FindAndDelete(CScript(OP_CODESEPARATOR));\r
-\r
- // Blank out other inputs' signatures\r
- for (int i = 0; i < txTmp.vin.size(); i++)\r
- txTmp.vin[i].scriptSig = CScript();\r
- txTmp.vin[nIn].scriptSig = scriptCode;\r
-\r
- // Blank out some of the outputs\r
- if ((nHashType & 0x1f) == SIGHASH_NONE)\r
- {\r
- // Wildcard payee\r
- txTmp.vout.clear();\r
-\r
- // Let the others update at will\r
- for (int i = 0; i < txTmp.vin.size(); i++)\r
- if (i != nIn)\r
- txTmp.vin[i].nSequence = 0;\r
- }\r
- else if ((nHashType & 0x1f) == SIGHASH_SINGLE)\r
- {\r
- // Only lockin the txout payee at same index as txin\r
- unsigned int nOut = nIn;\r
- if (nOut >= txTmp.vout.size())\r
- {\r
- printf("ERROR: SignatureHash() : nOut=%d out of range\n", nOut);\r
- return 1;\r
- }\r
- txTmp.vout.resize(nOut+1);\r
- for (int i = 0; i < nOut; i++)\r
- txTmp.vout[i].SetNull();\r
-\r
- // Let the others update at will\r
- for (int i = 0; i < txTmp.vin.size(); i++)\r
- if (i != nIn)\r
- txTmp.vin[i].nSequence = 0;\r
- }\r
-\r
- // Blank out other inputs completely, not recommended for open transactions\r
- if (nHashType & SIGHASH_ANYONECANPAY)\r
- {\r
- txTmp.vin[0] = txTmp.vin[nIn];\r
- txTmp.vin.resize(1);\r
- }\r
-\r
- // Serialize and hash\r
- CDataStream ss(SER_GETHASH);\r
- ss.reserve(10000);\r
- ss << txTmp << nHashType;\r
- return Hash(ss.begin(), ss.end());\r
-}\r
-\r
-\r
-bool CheckSig(vector<unsigned char> vchSig, vector<unsigned char> vchPubKey, CScript scriptCode,\r
- const CTransaction& txTo, unsigned int nIn, int nHashType)\r
-{\r
- CKey key;\r
- if (!key.SetPubKey(vchPubKey))\r
- return false;\r
-\r
- // Hash type is one byte tacked on to the end of the signature\r
- if (vchSig.empty())\r
- return false;\r
- if (nHashType == 0)\r
- nHashType = vchSig.back();\r
- else if (nHashType != vchSig.back())\r
- return false;\r
- vchSig.pop_back();\r
-\r
- if (key.Verify(SignatureHash(scriptCode, txTo, nIn, nHashType), vchSig))\r
- return true;\r
-\r
- return false;\r
-}\r
-\r
-\r
-\r
-\r
-\r
-\r
-\r
-\r
-\r
-\r
-bool Solver(const CScript& scriptPubKey, vector<pair<opcodetype, valtype> >& vSolutionRet)\r
-{\r
- // Templates\r
- static vector<CScript> vTemplates;\r
- if (vTemplates.empty())\r
- {\r
- // Standard tx, sender provides pubkey, receiver adds signature\r
- vTemplates.push_back(CScript() << OP_PUBKEY << OP_CHECKSIG);\r
-\r
- // Bitcoin address tx, sender provides hash of pubkey, receiver provides signature and pubkey\r
- vTemplates.push_back(CScript() << OP_DUP << OP_HASH160 << OP_PUBKEYHASH << OP_EQUALVERIFY << OP_CHECKSIG);\r
- }\r
-\r
- // Scan templates\r
- const CScript& script1 = scriptPubKey;\r
- foreach(const CScript& script2, vTemplates)\r
- {\r
- vSolutionRet.clear();\r
- opcodetype opcode1, opcode2;\r
- vector<unsigned char> vch1, vch2;\r
-\r
- // Compare\r
- CScript::const_iterator pc1 = script1.begin();\r
- CScript::const_iterator pc2 = script2.begin();\r
- loop\r
- {\r
- bool f1 = script1.GetOp(pc1, opcode1, vch1);\r
- bool f2 = script2.GetOp(pc2, opcode2, vch2);\r
- if (!f1 && !f2)\r
- {\r
- // Success\r
- reverse(vSolutionRet.begin(), vSolutionRet.end());\r
- return true;\r
- }\r
- else if (f1 != f2)\r
- {\r
- break;\r
- }\r
- else if (opcode2 == OP_PUBKEY)\r
- {\r
- if (vch1.size() <= sizeof(uint256))\r
- break;\r
- vSolutionRet.push_back(make_pair(opcode2, vch1));\r
- }\r
- else if (opcode2 == OP_PUBKEYHASH)\r
- {\r
- if (vch1.size() != sizeof(uint160))\r
- break;\r
- vSolutionRet.push_back(make_pair(opcode2, vch1));\r
- }\r
- else if (opcode1 != opcode2)\r
- {\r
- break;\r
- }\r
- }\r
- }\r
-\r
- vSolutionRet.clear();\r
- return false;\r
-}\r
-\r
-\r
-bool Solver(const CScript& scriptPubKey, uint256 hash, int nHashType, CScript& scriptSigRet)\r
-{\r
- scriptSigRet.clear();\r
-\r
- vector<pair<opcodetype, valtype> > vSolution;\r
- if (!Solver(scriptPubKey, vSolution))\r
- return false;\r
-\r
- // Compile solution\r
- CRITICAL_BLOCK(cs_mapKeys)\r
- {\r
- foreach(PAIRTYPE(opcodetype, valtype)& item, vSolution)\r
- {\r
- if (item.first == OP_PUBKEY)\r
- {\r
- // Sign\r
- const valtype& vchPubKey = item.second;\r
- if (!mapKeys.count(vchPubKey))\r
- return false;\r
- if (hash != 0)\r
- {\r
- vector<unsigned char> vchSig;\r
- if (!CKey::Sign(mapKeys[vchPubKey], hash, vchSig))\r
- return false;\r
- vchSig.push_back((unsigned char)nHashType);\r
- scriptSigRet << vchSig;\r
- }\r
- }\r
- else if (item.first == OP_PUBKEYHASH)\r
- {\r
- // Sign and give pubkey\r
- map<uint160, valtype>::iterator mi = mapPubKeys.find(uint160(item.second));\r
- if (mi == mapPubKeys.end())\r
- return false;\r
- const vector<unsigned char>& vchPubKey = (*mi).second;\r
- if (!mapKeys.count(vchPubKey))\r
- return false;\r
- if (hash != 0)\r
- {\r
- vector<unsigned char> vchSig;\r
- if (!CKey::Sign(mapKeys[vchPubKey], hash, vchSig))\r
- return false;\r
- vchSig.push_back((unsigned char)nHashType);\r
- scriptSigRet << vchSig << vchPubKey;\r
- }\r
- }\r
- }\r
- }\r
-\r
- return true;\r
-}\r
-\r
-\r
-bool IsMine(const CScript& scriptPubKey)\r
-{\r
- CScript scriptSig;\r
- return Solver(scriptPubKey, 0, 0, scriptSig);\r
-}\r
-\r
-\r
-bool ExtractPubKey(const CScript& scriptPubKey, bool fMineOnly, vector<unsigned char>& vchPubKeyRet)\r
-{\r
- vchPubKeyRet.clear();\r
-\r
- vector<pair<opcodetype, valtype> > vSolution;\r
- if (!Solver(scriptPubKey, vSolution))\r
- return false;\r
-\r
- CRITICAL_BLOCK(cs_mapKeys)\r
- {\r
- foreach(PAIRTYPE(opcodetype, valtype)& item, vSolution)\r
- {\r
- valtype vchPubKey;\r
- if (item.first == OP_PUBKEY)\r
- {\r
- vchPubKey = item.second;\r
- }\r
- else if (item.first == OP_PUBKEYHASH)\r
- {\r
- map<uint160, valtype>::iterator mi = mapPubKeys.find(uint160(item.second));\r
- if (mi == mapPubKeys.end())\r
- continue;\r
- vchPubKey = (*mi).second;\r
- }\r
- if (!fMineOnly || mapKeys.count(vchPubKey))\r
- {\r
- vchPubKeyRet = vchPubKey;\r
- return true;\r
- }\r
- }\r
- }\r
- return false;\r
-}\r
-\r
-\r
-bool ExtractHash160(const CScript& scriptPubKey, uint160& hash160Ret)\r
-{\r
- hash160Ret = 0;\r
-\r
- vector<pair<opcodetype, valtype> > vSolution;\r
- if (!Solver(scriptPubKey, vSolution))\r
- return false;\r
-\r
- foreach(PAIRTYPE(opcodetype, valtype)& item, vSolution)\r
- {\r
- if (item.first == OP_PUBKEYHASH)\r
- {\r
- hash160Ret = uint160(item.second);\r
- return true;\r
- }\r
- }\r
- return false;\r
-}\r
-\r
-\r
-bool SignSignature(const CTransaction& txFrom, CTransaction& txTo, unsigned int nIn, int nHashType, CScript scriptPrereq)\r
-{\r
- assert(nIn < txTo.vin.size());\r
- CTxIn& txin = txTo.vin[nIn];\r
- assert(txin.prevout.n < txFrom.vout.size());\r
- const CTxOut& txout = txFrom.vout[txin.prevout.n];\r
-\r
- // Leave out the signature from the hash, since a signature can't sign itself.\r
- // The checksig op will also drop the signatures from its hash.\r
- uint256 hash = SignatureHash(scriptPrereq + txout.scriptPubKey, txTo, nIn, nHashType);\r
-\r
- if (!Solver(txout.scriptPubKey, hash, nHashType, txin.scriptSig))\r
- return false;\r
-\r
- txin.scriptSig = scriptPrereq + txin.scriptSig;\r
-\r
- // Test solution\r
- if (scriptPrereq.empty())\r
- if (!EvalScript(txin.scriptSig + CScript(OP_CODESEPARATOR) + txout.scriptPubKey, txTo, nIn))\r
- return false;\r
-\r
- return true;\r
-}\r
-\r
-\r
-bool VerifySignature(const CTransaction& txFrom, const CTransaction& txTo, unsigned int nIn, int nHashType)\r
-{\r
- assert(nIn < txTo.vin.size());\r
- const CTxIn& txin = txTo.vin[nIn];\r
- if (txin.prevout.n >= txFrom.vout.size())\r
- return false;\r
- const CTxOut& txout = txFrom.vout[txin.prevout.n];\r
-\r
- if (txin.prevout.hash != txFrom.GetHash())\r
- return false;\r
-\r
- if (!EvalScript(txin.scriptSig + CScript(OP_CODESEPARATOR) + txout.scriptPubKey, txTo, nIn, nHashType))\r
- return false;\r
-\r
- // Anytime a signature is successfully verified, it's proof the outpoint is spent,\r
- // so lets update the wallet spent flag if it doesn't know due to wallet.dat being\r
- // restored from backup or the user making copies of wallet.dat.\r
- WalletUpdateSpent(txin.prevout);\r
-\r
- return true;\r
-}\r
+// Copyright (c) 2009-2010 Satoshi Nakamoto
+// Distributed under the MIT/X11 software license, see the accompanying
+// file license.txt or http://www.opensource.org/licenses/mit-license.php.
+
+#include "headers.h"
+
+bool CheckSig(vector<unsigned char> vchSig, vector<unsigned char> vchPubKey, CScript scriptCode, const CTransaction& txTo, unsigned int nIn, int nHashType);
+
+
+
+typedef vector<unsigned char> valtype;
+static const valtype vchFalse(0);
+static const valtype vchZero(0);
+static const valtype vchTrue(1, 1);
+static const CBigNum bnZero(0);
+static const CBigNum bnOne(1);
+static const CBigNum bnFalse(0);
+static const CBigNum bnTrue(1);
+static const size_t nMaxNumSize = 4;
+
+
+CBigNum CastToBigNum(const valtype& vch)
+{
+ if (vch.size() > nMaxNumSize)
+ throw runtime_error("CastToBigNum() : overflow");
+ // Get rid of extra leading zeros
+ return CBigNum(CBigNum(vch).getvch());
+}
+
+bool CastToBool(const valtype& vch)
+{
+ for (int i = 0; i < vch.size(); i++)
+ {
+ if (vch[i] != 0)
+ {
+ // Can be negative zero
+ if (i == vch.size()-1 && vch[i] == 0x80)
+ return false;
+ return true;
+ }
+ }
+ return false;
+}
+
+void MakeSameSize(valtype& vch1, valtype& vch2)
+{
+ // Lengthen the shorter one
+ if (vch1.size() < vch2.size())
+ vch1.resize(vch2.size(), 0);
+ if (vch2.size() < vch1.size())
+ vch2.resize(vch1.size(), 0);
+}
+
+
+
+//
+// Script is a stack machine (like Forth) that evaluates a predicate
+// returning a bool indicating valid or not. There are no loops.
+//
+#define stacktop(i) (stack.at(stack.size()+(i)))
+#define altstacktop(i) (altstack.at(altstack.size()+(i)))
+static inline void popstack(vector<valtype>& stack)
+{
+ if (stack.empty())
+ throw runtime_error("popstack() : stack empty");
+ stack.pop_back();
+}
+
+
+bool EvalScript(vector<vector<unsigned char> >& stack, const CScript& script, const CTransaction& txTo, unsigned int nIn, int nHashType)
+{
+ CAutoBN_CTX pctx;
+ CScript::const_iterator pc = script.begin();
+ CScript::const_iterator pend = script.end();
+ CScript::const_iterator pbegincodehash = script.begin();
+ opcodetype opcode;
+ valtype vchPushValue;
+ vector<bool> vfExec;
+ vector<valtype> altstack;
+ if (script.size() > 10000)
+ return false;
+ int nOpCount = 0;
+
+
+ try
+ {
+ while (pc < pend)
+ {
+ bool fExec = !count(vfExec.begin(), vfExec.end(), false);
+
+ //
+ // Read instruction
+ //
+ if (!script.GetOp(pc, opcode, vchPushValue))
+ return false;
+ if (vchPushValue.size() > 520)
+ return false;
+ if (opcode > OP_16 && ++nOpCount > 201)
+ return false;
+
+ if (opcode == OP_CAT ||
+ opcode == OP_SUBSTR ||
+ opcode == OP_LEFT ||
+ opcode == OP_RIGHT ||
+ opcode == OP_INVERT ||
+ opcode == OP_AND ||
+ opcode == OP_OR ||
+ opcode == OP_XOR ||
+ opcode == OP_2MUL ||
+ opcode == OP_2DIV ||
+ opcode == OP_MUL ||
+ opcode == OP_DIV ||
+ opcode == OP_MOD ||
+ opcode == OP_LSHIFT ||
+ opcode == OP_RSHIFT)
+ return false;
+
+ if (fExec && 0 <= opcode && opcode <= OP_PUSHDATA4)
+ stack.push_back(vchPushValue);
+ else if (fExec || (OP_IF <= opcode && opcode <= OP_ENDIF))
+ switch (opcode)
+ {
+ //
+ // Push value
+ //
+ case OP_1NEGATE:
+ case OP_1:
+ case OP_2:
+ case OP_3:
+ case OP_4:
+ case OP_5:
+ case OP_6:
+ case OP_7:
+ case OP_8:
+ case OP_9:
+ case OP_10:
+ case OP_11:
+ case OP_12:
+ case OP_13:
+ case OP_14:
+ case OP_15:
+ case OP_16:
+ {
+ // ( -- value)
+ CBigNum bn((int)opcode - (int)(OP_1 - 1));
+ stack.push_back(bn.getvch());
+ }
+ break;
+
+
+ //
+ // Control
+ //
+ case OP_NOP:
+ case OP_NOP1: case OP_NOP2: case OP_NOP3: case OP_NOP4: case OP_NOP5:
+ case OP_NOP6: case OP_NOP7: case OP_NOP8: case OP_NOP9: case OP_NOP10:
+ break;
+
+ case OP_IF:
+ case OP_NOTIF:
+ {
+ // <expression> if [statements] [else [statements]] endif
+ bool fValue = false;
+ if (fExec)
+ {
+ if (stack.size() < 1)
+ return false;
+ valtype& vch = stacktop(-1);
+ fValue = CastToBool(vch);
+ if (opcode == OP_NOTIF)
+ fValue = !fValue;
+ popstack(stack);
+ }
+ vfExec.push_back(fValue);
+ }
+ break;
+
+ case OP_ELSE:
+ {
+ if (vfExec.empty())
+ return false;
+ vfExec.back() = !vfExec.back();
+ }
+ break;
+
+ case OP_ENDIF:
+ {
+ if (vfExec.empty())
+ return false;
+ vfExec.pop_back();
+ }
+ break;
+
+ case OP_VERIFY:
+ {
+ // (true -- ) or
+ // (false -- false) and return
+ if (stack.size() < 1)
+ return false;
+ bool fValue = CastToBool(stacktop(-1));
+ if (fValue)
+ popstack(stack);
+ else
+ return false;
+ }
+ break;
+
+ case OP_RETURN:
+ {
+ return false;
+ }
+ break;
+
+
+ //
+ // Stack ops
+ //
+ case OP_TOALTSTACK:
+ {
+ if (stack.size() < 1)
+ return false;
+ altstack.push_back(stacktop(-1));
+ popstack(stack);
+ }
+ break;
+
+ case OP_FROMALTSTACK:
+ {
+ if (altstack.size() < 1)
+ return false;
+ stack.push_back(altstacktop(-1));
+ popstack(altstack);
+ }
+ break;
+
+ case OP_2DROP:
+ {
+ // (x1 x2 -- )
+ if (stack.size() < 2)
+ return false;
+ popstack(stack);
+ popstack(stack);
+ }
+ break;
+
+ case OP_2DUP:
+ {
+ // (x1 x2 -- x1 x2 x1 x2)
+ if (stack.size() < 2)
+ return false;
+ valtype vch1 = stacktop(-2);
+ valtype vch2 = stacktop(-1);
+ stack.push_back(vch1);
+ stack.push_back(vch2);
+ }
+ break;
+
+ case OP_3DUP:
+ {
+ // (x1 x2 x3 -- x1 x2 x3 x1 x2 x3)
+ if (stack.size() < 3)
+ return false;
+ valtype vch1 = stacktop(-3);
+ valtype vch2 = stacktop(-2);
+ valtype vch3 = stacktop(-1);
+ stack.push_back(vch1);
+ stack.push_back(vch2);
+ stack.push_back(vch3);
+ }
+ break;
+
+ case OP_2OVER:
+ {
+ // (x1 x2 x3 x4 -- x1 x2 x3 x4 x1 x2)
+ if (stack.size() < 4)
+ return false;
+ valtype vch1 = stacktop(-4);
+ valtype vch2 = stacktop(-3);
+ stack.push_back(vch1);
+ stack.push_back(vch2);
+ }
+ break;
+
+ case OP_2ROT:
+ {
+ // (x1 x2 x3 x4 x5 x6 -- x3 x4 x5 x6 x1 x2)
+ if (stack.size() < 6)
+ return false;
+ valtype vch1 = stacktop(-6);
+ valtype vch2 = stacktop(-5);
+ stack.erase(stack.end()-6, stack.end()-4);
+ stack.push_back(vch1);
+ stack.push_back(vch2);
+ }
+ break;
+
+ case OP_2SWAP:
+ {
+ // (x1 x2 x3 x4 -- x3 x4 x1 x2)
+ if (stack.size() < 4)
+ return false;
+ swap(stacktop(-4), stacktop(-2));
+ swap(stacktop(-3), stacktop(-1));
+ }
+ break;
+
+ case OP_IFDUP:
+ {
+ // (x - 0 | x x)
+ if (stack.size() < 1)
+ return false;
+ valtype vch = stacktop(-1);
+ if (CastToBool(vch))
+ stack.push_back(vch);
+ }
+ break;
+
+ case OP_DEPTH:
+ {
+ // -- stacksize
+ CBigNum bn(stack.size());
+ stack.push_back(bn.getvch());
+ }
+ break;
+
+ case OP_DROP:
+ {
+ // (x -- )
+ if (stack.size() < 1)
+ return false;
+ popstack(stack);
+ }
+ break;
+
+ case OP_DUP:
+ {
+ // (x -- x x)
+ if (stack.size() < 1)
+ return false;
+ valtype vch = stacktop(-1);
+ stack.push_back(vch);
+ }
+ break;
+
+ case OP_NIP:
+ {
+ // (x1 x2 -- x2)
+ if (stack.size() < 2)
+ return false;
+ stack.erase(stack.end() - 2);
+ }
+ break;
+
+ case OP_OVER:
+ {
+ // (x1 x2 -- x1 x2 x1)
+ if (stack.size() < 2)
+ return false;
+ valtype vch = stacktop(-2);
+ stack.push_back(vch);
+ }
+ break;
+
+ case OP_PICK:
+ case OP_ROLL:
+ {
+ // (xn ... x2 x1 x0 n - xn ... x2 x1 x0 xn)
+ // (xn ... x2 x1 x0 n - ... x2 x1 x0 xn)
+ if (stack.size() < 2)
+ return false;
+ int n = CastToBigNum(stacktop(-1)).getint();
+ popstack(stack);
+ if (n < 0 || n >= stack.size())
+ return false;
+ valtype vch = stacktop(-n-1);
+ if (opcode == OP_ROLL)
+ stack.erase(stack.end()-n-1);
+ stack.push_back(vch);
+ }
+ break;
+
+ case OP_ROT:
+ {
+ // (x1 x2 x3 -- x2 x3 x1)
+ // x2 x1 x3 after first swap
+ // x2 x3 x1 after second swap
+ if (stack.size() < 3)
+ return false;
+ swap(stacktop(-3), stacktop(-2));
+ swap(stacktop(-2), stacktop(-1));
+ }
+ break;
+
+ case OP_SWAP:
+ {
+ // (x1 x2 -- x2 x1)
+ if (stack.size() < 2)
+ return false;
+ swap(stacktop(-2), stacktop(-1));
+ }
+ break;
+
+ case OP_TUCK:
+ {
+ // (x1 x2 -- x2 x1 x2)
+ if (stack.size() < 2)
+ return false;
+ valtype vch = stacktop(-1);
+ stack.insert(stack.end()-2, vch);
+ }
+ break;
+
+
+ //
+ // Splice ops
+ //
+ case OP_CAT:
+ {
+ // (x1 x2 -- out)
+ if (stack.size() < 2)
+ return false;
+ valtype& vch1 = stacktop(-2);
+ valtype& vch2 = stacktop(-1);
+ vch1.insert(vch1.end(), vch2.begin(), vch2.end());
+ popstack(stack);
+ if (stacktop(-1).size() > 520)
+ return false;
+ }
+ break;
+
+ case OP_SUBSTR:
+ {
+ // (in begin size -- out)
+ if (stack.size() < 3)
+ return false;
+ valtype& vch = stacktop(-3);
+ int nBegin = CastToBigNum(stacktop(-2)).getint();
+ int nEnd = nBegin + CastToBigNum(stacktop(-1)).getint();
+ if (nBegin < 0 || nEnd < nBegin)
+ return false;
+ if (nBegin > vch.size())
+ nBegin = vch.size();
+ if (nEnd > vch.size())
+ nEnd = vch.size();
+ vch.erase(vch.begin() + nEnd, vch.end());
+ vch.erase(vch.begin(), vch.begin() + nBegin);
+ popstack(stack);
+ popstack(stack);
+ }
+ break;
+
+ case OP_LEFT:
+ case OP_RIGHT:
+ {
+ // (in size -- out)
+ if (stack.size() < 2)
+ return false;
+ valtype& vch = stacktop(-2);
+ int nSize = CastToBigNum(stacktop(-1)).getint();
+ if (nSize < 0)
+ return false;
+ if (nSize > vch.size())
+ nSize = vch.size();
+ if (opcode == OP_LEFT)
+ vch.erase(vch.begin() + nSize, vch.end());
+ else
+ vch.erase(vch.begin(), vch.end() - nSize);
+ popstack(stack);
+ }
+ break;
+
+ case OP_SIZE:
+ {
+ // (in -- in size)
+ if (stack.size() < 1)
+ return false;
+ CBigNum bn(stacktop(-1).size());
+ stack.push_back(bn.getvch());
+ }
+ break;
+
+
+ //
+ // Bitwise logic
+ //
+ case OP_INVERT:
+ {
+ // (in - out)
+ if (stack.size() < 1)
+ return false;
+ valtype& vch = stacktop(-1);
+ for (int i = 0; i < vch.size(); i++)
+ vch[i] = ~vch[i];
+ }
+ break;
+
+ case OP_AND:
+ case OP_OR:
+ case OP_XOR:
+ {
+ // (x1 x2 - out)
+ if (stack.size() < 2)
+ return false;
+ valtype& vch1 = stacktop(-2);
+ valtype& vch2 = stacktop(-1);
+ MakeSameSize(vch1, vch2);
+ if (opcode == OP_AND)
+ {
+ for (int i = 0; i < vch1.size(); i++)
+ vch1[i] &= vch2[i];
+ }
+ else if (opcode == OP_OR)
+ {
+ for (int i = 0; i < vch1.size(); i++)
+ vch1[i] |= vch2[i];
+ }
+ else if (opcode == OP_XOR)
+ {
+ for (int i = 0; i < vch1.size(); i++)
+ vch1[i] ^= vch2[i];
+ }
+ popstack(stack);
+ }
+ break;
+
+ case OP_EQUAL:
+ case OP_EQUALVERIFY:
+ //case OP_NOTEQUAL: // use OP_NUMNOTEQUAL
+ {
+ // (x1 x2 - bool)
+ if (stack.size() < 2)
+ return false;
+ valtype& vch1 = stacktop(-2);
+ valtype& vch2 = stacktop(-1);
+ bool fEqual = (vch1 == vch2);
+ // OP_NOTEQUAL is disabled because it would be too easy to say
+ // something like n != 1 and have some wiseguy pass in 1 with extra
+ // zero bytes after it (numerically, 0x01 == 0x0001 == 0x000001)
+ //if (opcode == OP_NOTEQUAL)
+ // fEqual = !fEqual;
+ popstack(stack);
+ popstack(stack);
+ stack.push_back(fEqual ? vchTrue : vchFalse);
+ if (opcode == OP_EQUALVERIFY)
+ {
+ if (fEqual)
+ popstack(stack);
+ else
+ return false;
+ }
+ }
+ break;
+
+
+ //
+ // Numeric
+ //
+ case OP_1ADD:
+ case OP_1SUB:
+ case OP_2MUL:
+ case OP_2DIV:
+ case OP_NEGATE:
+ case OP_ABS:
+ case OP_NOT:
+ case OP_0NOTEQUAL:
+ {
+ // (in -- out)
+ if (stack.size() < 1)
+ return false;
+ CBigNum bn = CastToBigNum(stacktop(-1));
+ switch (opcode)
+ {
+ case OP_1ADD: bn += bnOne; break;
+ case OP_1SUB: bn -= bnOne; break;
+ case OP_2MUL: bn <<= 1; break;
+ case OP_2DIV: bn >>= 1; break;
+ case OP_NEGATE: bn = -bn; break;
+ case OP_ABS: if (bn < bnZero) bn = -bn; break;
+ case OP_NOT: bn = (bn == bnZero); break;
+ case OP_0NOTEQUAL: bn = (bn != bnZero); break;
+ }
+ popstack(stack);
+ stack.push_back(bn.getvch());
+ }
+ break;
+
+ case OP_ADD:
+ case OP_SUB:
+ case OP_MUL:
+ case OP_DIV:
+ case OP_MOD:
+ case OP_LSHIFT:
+ case OP_RSHIFT:
+ case OP_BOOLAND:
+ case OP_BOOLOR:
+ case OP_NUMEQUAL:
+ case OP_NUMEQUALVERIFY:
+ case OP_NUMNOTEQUAL:
+ case OP_LESSTHAN:
+ case OP_GREATERTHAN:
+ case OP_LESSTHANOREQUAL:
+ case OP_GREATERTHANOREQUAL:
+ case OP_MIN:
+ case OP_MAX:
+ {
+ // (x1 x2 -- out)
+ if (stack.size() < 2)
+ return false;
+ CBigNum bn1 = CastToBigNum(stacktop(-2));
+ CBigNum bn2 = CastToBigNum(stacktop(-1));
+ CBigNum bn;
+ switch (opcode)
+ {
+ case OP_ADD:
+ bn = bn1 + bn2;
+ break;
+
+ case OP_SUB:
+ bn = bn1 - bn2;
+ break;
+
+ case OP_MUL:
+ if (!BN_mul(&bn, &bn1, &bn2, pctx))
+ return false;
+ break;
+
+ case OP_DIV:
+ if (!BN_div(&bn, NULL, &bn1, &bn2, pctx))
+ return false;
+ break;
+
+ case OP_MOD:
+ if (!BN_mod(&bn, &bn1, &bn2, pctx))
+ return false;
+ break;
+
+ case OP_LSHIFT:
+ if (bn2 < bnZero || bn2 > CBigNum(2048))
+ return false;
+ bn = bn1 << bn2.getulong();
+ break;
+
+ case OP_RSHIFT:
+ if (bn2 < bnZero || bn2 > CBigNum(2048))
+ return false;
+ bn = bn1 >> bn2.getulong();
+ break;
+
+ case OP_BOOLAND: bn = (bn1 != bnZero && bn2 != bnZero); break;
+ case OP_BOOLOR: bn = (bn1 != bnZero || bn2 != bnZero); break;
+ case OP_NUMEQUAL: bn = (bn1 == bn2); break;
+ case OP_NUMEQUALVERIFY: bn = (bn1 == bn2); break;
+ case OP_NUMNOTEQUAL: bn = (bn1 != bn2); break;
+ case OP_LESSTHAN: bn = (bn1 < bn2); break;
+ case OP_GREATERTHAN: bn = (bn1 > bn2); break;
+ case OP_LESSTHANOREQUAL: bn = (bn1 <= bn2); break;
+ case OP_GREATERTHANOREQUAL: bn = (bn1 >= bn2); break;
+ case OP_MIN: bn = (bn1 < bn2 ? bn1 : bn2); break;
+ case OP_MAX: bn = (bn1 > bn2 ? bn1 : bn2); break;
+ }
+ popstack(stack);
+ popstack(stack);
+ stack.push_back(bn.getvch());
+
+ if (opcode == OP_NUMEQUALVERIFY)
+ {
+ if (CastToBool(stacktop(-1)))
+ popstack(stack);
+ else
+ return false;
+ }
+ }
+ break;
+
+ case OP_WITHIN:
+ {
+ // (x min max -- out)
+ if (stack.size() < 3)
+ return false;
+ CBigNum bn1 = CastToBigNum(stacktop(-3));
+ CBigNum bn2 = CastToBigNum(stacktop(-2));
+ CBigNum bn3 = CastToBigNum(stacktop(-1));
+ bool fValue = (bn2 <= bn1 && bn1 < bn3);
+ popstack(stack);
+ popstack(stack);
+ popstack(stack);
+ stack.push_back(fValue ? vchTrue : vchFalse);
+ }
+ break;
+
+
+ //
+ // Crypto
+ //
+ case OP_RIPEMD160:
+ case OP_SHA1:
+ case OP_SHA256:
+ case OP_HASH160:
+ case OP_HASH256:
+ {
+ // (in -- hash)
+ if (stack.size() < 1)
+ return false;
+ valtype& vch = stacktop(-1);
+ valtype vchHash((opcode == OP_RIPEMD160 || opcode == OP_SHA1 || opcode == OP_HASH160) ? 20 : 32);
+ if (opcode == OP_RIPEMD160)
+ RIPEMD160(&vch[0], vch.size(), &vchHash[0]);
+ else if (opcode == OP_SHA1)
+ SHA1(&vch[0], vch.size(), &vchHash[0]);
+ else if (opcode == OP_SHA256)
+ SHA256(&vch[0], vch.size(), &vchHash[0]);
+ else if (opcode == OP_HASH160)
+ {
+ uint160 hash160 = Hash160(vch);
+ memcpy(&vchHash[0], &hash160, sizeof(hash160));
+ }
+ else if (opcode == OP_HASH256)
+ {
+ uint256 hash = Hash(vch.begin(), vch.end());
+ memcpy(&vchHash[0], &hash, sizeof(hash));
+ }
+ popstack(stack);
+ stack.push_back(vchHash);
+ }
+ break;
+
+ case OP_CODESEPARATOR:
+ {
+ // Hash starts after the code separator
+ pbegincodehash = pc;
+ }
+ break;
+
+ case OP_CHECKSIG:
+ case OP_CHECKSIGVERIFY:
+ {
+ // (sig pubkey -- bool)
+ if (stack.size() < 2)
+ return false;
+
+ valtype& vchSig = stacktop(-2);
+ valtype& vchPubKey = stacktop(-1);
+
+ ////// debug print
+ //PrintHex(vchSig.begin(), vchSig.end(), "sig: %s\n");
+ //PrintHex(vchPubKey.begin(), vchPubKey.end(), "pubkey: %s\n");
+
+ // Subset of script starting at the most recent codeseparator
+ CScript scriptCode(pbegincodehash, pend);
+
+ // Drop the signature, since there's no way for a signature to sign itself
+ scriptCode.FindAndDelete(CScript(vchSig));
+
+ bool fSuccess = CheckSig(vchSig, vchPubKey, scriptCode, txTo, nIn, nHashType);
+
+ popstack(stack);
+ popstack(stack);
+ stack.push_back(fSuccess ? vchTrue : vchFalse);
+ if (opcode == OP_CHECKSIGVERIFY)
+ {
+ if (fSuccess)
+ popstack(stack);
+ else
+ return false;
+ }
+ }
+ break;
+
+ case OP_CHECKMULTISIG:
+ case OP_CHECKMULTISIGVERIFY:
+ {
+ // ([sig ...] num_of_signatures [pubkey ...] num_of_pubkeys -- bool)
+
+ int i = 1;
+ if (stack.size() < i)
+ return false;
+
+ int nKeysCount = CastToBigNum(stacktop(-i)).getint();
+ if (nKeysCount < 0 || nKeysCount > 20)
+ return false;
+ nOpCount += nKeysCount;
+ if (nOpCount > 201)
+ return false;
+ int ikey = ++i;
+ i += nKeysCount;
+ if (stack.size() < i)
+ return false;
+
+ int nSigsCount = CastToBigNum(stacktop(-i)).getint();
+ if (nSigsCount < 0 || nSigsCount > nKeysCount)
+ return false;
+ int isig = ++i;
+ i += nSigsCount;
+ if (stack.size() < i)
+ return false;
+
+ // Subset of script starting at the most recent codeseparator
+ CScript scriptCode(pbegincodehash, pend);
+
+ // Drop the signatures, since there's no way for a signature to sign itself
+ for (int k = 0; k < nSigsCount; k++)
+ {
+ valtype& vchSig = stacktop(-isig-k);
+ scriptCode.FindAndDelete(CScript(vchSig));
+ }
+
+ bool fSuccess = true;
+ while (fSuccess && nSigsCount > 0)
+ {
+ valtype& vchSig = stacktop(-isig);
+ valtype& vchPubKey = stacktop(-ikey);
+
+ // Check signature
+ if (CheckSig(vchSig, vchPubKey, scriptCode, txTo, nIn, nHashType))
+ {
+ isig++;
+ nSigsCount--;
+ }
+ ikey++;
+ nKeysCount--;
+
+ // If there are more signatures left than keys left,
+ // then too many signatures have failed
+ if (nSigsCount > nKeysCount)
+ fSuccess = false;
+ }
+
+ while (i-- > 0)
+ popstack(stack);
+ stack.push_back(fSuccess ? vchTrue : vchFalse);
+
+ if (opcode == OP_CHECKMULTISIGVERIFY)
+ {
+ if (fSuccess)
+ popstack(stack);
+ else
+ return false;
+ }
+ }
+ break;
+
+ default:
+ return false;
+ }
+
+ // Size limits
+ if (stack.size() + altstack.size() > 1000)
+ return false;
+ }
+ }
+ catch (...)
+ {
+ return false;
+ }
+
+
+ if (!vfExec.empty())
+ return false;
+
+ return true;
+}
+
+
+
+
+
+
+
+
+
+uint256 SignatureHash(CScript scriptCode, const CTransaction& txTo, unsigned int nIn, int nHashType)
+{
+ if (nIn >= txTo.vin.size())
+ {
+ printf("ERROR: SignatureHash() : nIn=%d out of range\n", nIn);
+ return 1;
+ }
+ CTransaction txTmp(txTo);
+
+ // In case concatenating two scripts ends up with two codeseparators,
+ // or an extra one at the end, this prevents all those possible incompatibilities.
+ scriptCode.FindAndDelete(CScript(OP_CODESEPARATOR));
+
+ // Blank out other inputs' signatures
+ for (int i = 0; i < txTmp.vin.size(); i++)
+ txTmp.vin[i].scriptSig = CScript();
+ txTmp.vin[nIn].scriptSig = scriptCode;
+
+ // Blank out some of the outputs
+ if ((nHashType & 0x1f) == SIGHASH_NONE)
+ {
+ // Wildcard payee
+ txTmp.vout.clear();
+
+ // Let the others update at will
+ for (int i = 0; i < txTmp.vin.size(); i++)
+ if (i != nIn)
+ txTmp.vin[i].nSequence = 0;
+ }
+ else if ((nHashType & 0x1f) == SIGHASH_SINGLE)
+ {
+ // Only lockin the txout payee at same index as txin
+ unsigned int nOut = nIn;
+ if (nOut >= txTmp.vout.size())
+ {
+ printf("ERROR: SignatureHash() : nOut=%d out of range\n", nOut);
+ return 1;
+ }
+ txTmp.vout.resize(nOut+1);
+ for (int i = 0; i < nOut; i++)
+ txTmp.vout[i].SetNull();
+
+ // Let the others update at will
+ for (int i = 0; i < txTmp.vin.size(); i++)
+ if (i != nIn)
+ txTmp.vin[i].nSequence = 0;
+ }
+
+ // Blank out other inputs completely, not recommended for open transactions
+ if (nHashType & SIGHASH_ANYONECANPAY)
+ {
+ txTmp.vin[0] = txTmp.vin[nIn];
+ txTmp.vin.resize(1);
+ }
+
+ // Serialize and hash
+ CDataStream ss(SER_GETHASH);
+ ss.reserve(10000);
+ ss << txTmp << nHashType;
+ return Hash(ss.begin(), ss.end());
+}
+
+
+bool CheckSig(vector<unsigned char> vchSig, vector<unsigned char> vchPubKey, CScript scriptCode,
+ const CTransaction& txTo, unsigned int nIn, int nHashType)
+{
+ CKey key;
+ if (!key.SetPubKey(vchPubKey))
+ return false;
+
+ // Hash type is one byte tacked on to the end of the signature
+ if (vchSig.empty())
+ return false;
+ if (nHashType == 0)
+ nHashType = vchSig.back();
+ else if (nHashType != vchSig.back())
+ return false;
+ vchSig.pop_back();
+
+ return key.Verify(SignatureHash(scriptCode, txTo, nIn, nHashType), vchSig);
+}
+
+
+
+
+
+
+
+
+
+
+bool Solver(const CScript& scriptPubKey, vector<pair<opcodetype, valtype> >& vSolutionRet)
+{
+ // Templates
+ static vector<CScript> vTemplates;
+ if (vTemplates.empty())
+ {
+ // Standard tx, sender provides pubkey, receiver adds signature
+ vTemplates.push_back(CScript() << OP_PUBKEY << OP_CHECKSIG);
+
+ // Bitcoin address tx, sender provides hash of pubkey, receiver provides signature and pubkey
+ vTemplates.push_back(CScript() << OP_DUP << OP_HASH160 << OP_PUBKEYHASH << OP_EQUALVERIFY << OP_CHECKSIG);
+ }
+
+ // Scan templates
+ const CScript& script1 = scriptPubKey;
+ foreach(const CScript& script2, vTemplates)
+ {
+ vSolutionRet.clear();
+ opcodetype opcode1, opcode2;
+ vector<unsigned char> vch1, vch2;
+
+ // Compare
+ CScript::const_iterator pc1 = script1.begin();
+ CScript::const_iterator pc2 = script2.begin();
+ loop
+ {
+ if (pc1 == script1.end() && pc2 == script2.end())
+ {
+ // Found a match
+ reverse(vSolutionRet.begin(), vSolutionRet.end());
+ return true;
+ }
+ if (!script1.GetOp(pc1, opcode1, vch1))
+ break;
+ if (!script2.GetOp(pc2, opcode2, vch2))
+ break;
+ if (opcode2 == OP_PUBKEY)
+ {
+ if (vch1.size() < 33)
+ break;
+ vSolutionRet.push_back(make_pair(opcode2, vch1));
+ }
+ else if (opcode2 == OP_PUBKEYHASH)
+ {
+ if (vch1.size() != sizeof(uint160))
+ break;
+ vSolutionRet.push_back(make_pair(opcode2, vch1));
+ }
+ else if (opcode1 != opcode2 || vch1 != vch2)
+ {
+ break;
+ }
+ }
+ }
+
+ vSolutionRet.clear();
+ return false;
+}
+
+
+bool Solver(const CScript& scriptPubKey, uint256 hash, int nHashType, CScript& scriptSigRet)
+{
+ scriptSigRet.clear();
+
+ vector<pair<opcodetype, valtype> > vSolution;
+ if (!Solver(scriptPubKey, vSolution))
+ return false;
+
+ // Compile solution
+ CRITICAL_BLOCK(cs_mapKeys)
+ {
+ foreach(PAIRTYPE(opcodetype, valtype)& item, vSolution)
+ {
+ if (item.first == OP_PUBKEY)
+ {
+ // Sign
+ const valtype& vchPubKey = item.second;
+ if (!mapKeys.count(vchPubKey))
+ return false;
+ if (hash != 0)
+ {
+ vector<unsigned char> vchSig;
+ if (!CKey::Sign(mapKeys[vchPubKey], hash, vchSig))
+ return false;
+ vchSig.push_back((unsigned char)nHashType);
+ scriptSigRet << vchSig;
+ }
+ }
+ else if (item.first == OP_PUBKEYHASH)
+ {
+ // Sign and give pubkey
+ map<uint160, valtype>::iterator mi = mapPubKeys.find(uint160(item.second));
+ if (mi == mapPubKeys.end())
+ return false;
+ const vector<unsigned char>& vchPubKey = (*mi).second;
+ if (!mapKeys.count(vchPubKey))
+ return false;
+ if (hash != 0)
+ {
+ vector<unsigned char> vchSig;
+ if (!CKey::Sign(mapKeys[vchPubKey], hash, vchSig))
+ return false;
+ vchSig.push_back((unsigned char)nHashType);
+ scriptSigRet << vchSig << vchPubKey;
+ }
+ }
+ else
+ {
+ return false;
+ }
+ }
+ }
+
+ return true;
+}
+
+
+bool IsMine(const CScript& scriptPubKey)
+{
+ CScript scriptSig;
+ return Solver(scriptPubKey, 0, 0, scriptSig);
+}
+
+
+bool ExtractPubKey(const CScript& scriptPubKey, bool fMineOnly, vector<unsigned char>& vchPubKeyRet)
+{
+ vchPubKeyRet.clear();
+
+ vector<pair<opcodetype, valtype> > vSolution;
+ if (!Solver(scriptPubKey, vSolution))
+ return false;
+
+ CRITICAL_BLOCK(cs_mapKeys)
+ {
+ foreach(PAIRTYPE(opcodetype, valtype)& item, vSolution)
+ {
+ valtype vchPubKey;
+ if (item.first == OP_PUBKEY)
+ {
+ vchPubKey = item.second;
+ }
+ else if (item.first == OP_PUBKEYHASH)
+ {
+ map<uint160, valtype>::iterator mi = mapPubKeys.find(uint160(item.second));
+ if (mi == mapPubKeys.end())
+ continue;
+ vchPubKey = (*mi).second;
+ }
+ if (!fMineOnly || mapKeys.count(vchPubKey))
+ {
+ vchPubKeyRet = vchPubKey;
+ return true;
+ }
+ }
+ }
+ return false;
+}
+
+
+bool ExtractHash160(const CScript& scriptPubKey, uint160& hash160Ret)
+{
+ hash160Ret = 0;
+
+ vector<pair<opcodetype, valtype> > vSolution;
+ if (!Solver(scriptPubKey, vSolution))
+ return false;
+
+ foreach(PAIRTYPE(opcodetype, valtype)& item, vSolution)
+ {
+ if (item.first == OP_PUBKEYHASH)
+ {
+ hash160Ret = uint160(item.second);
+ return true;
+ }
+ }
+ return false;
+}
+
+
+bool VerifyScript(const CScript& scriptSig, const CScript& scriptPubKey, const CTransaction& txTo, unsigned int nIn, int nHashType)
+{
+ vector<vector<unsigned char> > stack;
+ if (!EvalScript(stack, scriptSig, txTo, nIn, nHashType))
+ return false;
+ if (!EvalScript(stack, scriptPubKey, txTo, nIn, nHashType))
+ return false;
+ if (stack.empty())
+ return false;
+ return CastToBool(stack.back());
+}
+
+
+bool SignSignature(const CTransaction& txFrom, CTransaction& txTo, unsigned int nIn, int nHashType, CScript scriptPrereq)
+{
+ assert(nIn < txTo.vin.size());
+ CTxIn& txin = txTo.vin[nIn];
+ assert(txin.prevout.n < txFrom.vout.size());
+ const CTxOut& txout = txFrom.vout[txin.prevout.n];
+
+ // Leave out the signature from the hash, since a signature can't sign itself.
+ // The checksig op will also drop the signatures from its hash.
+ uint256 hash = SignatureHash(scriptPrereq + txout.scriptPubKey, txTo, nIn, nHashType);
+
+ if (!Solver(txout.scriptPubKey, hash, nHashType, txin.scriptSig))
+ return false;
+
+ txin.scriptSig = scriptPrereq + txin.scriptSig;
+
+ // Test solution
+ if (scriptPrereq.empty())
+ if (!VerifyScript(txin.scriptSig, txout.scriptPubKey, txTo, nIn, 0))
+ return false;
+
+ return true;
+}
+
+
+bool VerifySignature(const CTransaction& txFrom, const CTransaction& txTo, unsigned int nIn, int nHashType)
+{
+ assert(nIn < txTo.vin.size());
+ const CTxIn& txin = txTo.vin[nIn];
+ if (txin.prevout.n >= txFrom.vout.size())
+ return false;
+ const CTxOut& txout = txFrom.vout[txin.prevout.n];
+
+ if (txin.prevout.hash != txFrom.GetHash())
+ return false;
+
+ if (!VerifyScript(txin.scriptSig, txout.scriptPubKey, txTo, nIn, nHashType))
+ return false;
+
+ // Anytime a signature is successfully verified, it's proof the outpoint is spent,
+ // so lets update the wallet spent flag if it doesn't know due to wallet.dat being
+ // restored from backup or the user making copies of wallet.dat.
+ WalletUpdateSpent(txin.prevout);
+
+ return true;
+}