2 * Novacoin classes library
3 * Copyright (C) 2015 Alex D. (balthazar.ad@gmail.com)
5 * This program is free software: you can redistribute it and/or modify
6 * it under the terms of the GNU Affero General Public License as
7 * published by the Free Software Foundation, either version 3 of the
8 * License, or (at your option) any later version.
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU Affero General Public License for more details.
15 * You should have received a copy of the GNU Affero General Public License
16 * along with this program. If not, see <http://www.gnu.org/licenses/>.
20 using System.Collections.Generic;
21 using System.Diagnostics.Contracts;
23 using System.Numerics;
29 /// Script instructions
31 public enum instruction
73 OP_FROMALTSTACK = 0x6c,
105 OP_EQUALVERIFY = 0x88,
130 OP_NUMEQUALVERIFY = 0x9d,
131 OP_NUMNOTEQUAL = 0x9e,
133 OP_GREATERTHAN = 0xa0,
134 OP_LESSTHANOREQUAL = 0xa1,
135 OP_GREATERTHANOREQUAL = 0xa2,
147 OP_CODESEPARATOR = 0xab,
149 OP_CHECKSIGVERIFY = 0xad,
150 OP_CHECKMULTISIG = 0xae,
151 OP_CHECKMULTISIGVERIFY = 0xaf,
165 // template matching params
167 OP_SMALLINTEGER = 0xfa,
169 OP_PUBKEYHASH = 0xfd,
172 OP_INVALIDOPCODE = 0xff,
176 /// Transaction output types.
178 public enum txnouttype
182 // 'standard' transaction types:
191 /// Signature hash types/flags
198 SIGHASH_ANYONECANPAY = 0x80,
201 /** Script verification flags */
202 public enum scriptflag
204 SCRIPT_VERIFY_NONE = 0,
205 SCRIPT_VERIFY_P2SH = (1 << 0), // evaluate P2SH (BIP16) subscripts
206 SCRIPT_VERIFY_STRICTENC = (1 << 1), // enforce strict conformance to DER and SEC2 for signatures and pubkeys
207 SCRIPT_VERIFY_LOW_S = (1 << 2), // enforce low S values in signatures (depends on STRICTENC)
208 SCRIPT_VERIFY_NOCACHE = (1 << 3), // do not store results in signature cache (but do query it)
209 SCRIPT_VERIFY_NULLDUMMY = (1 << 4), // verify dummy stack item consumed by CHECKMULTISIG is of zero-length
212 public static class ScriptCode
214 public static string GetTxnOutputType(txnouttype t)
218 case txnouttype.TX_NONSTANDARD: return "nonstandard";
219 case txnouttype.TX_PUBKEY: return "pubkey";
220 case txnouttype.TX_PUBKEYHASH: return "pubkeyhash";
221 case txnouttype.TX_SCRIPTHASH: return "scripthash";
222 case txnouttype.TX_MULTISIG: return "multisig";
223 case txnouttype.TX_NULL_DATA: return "nulldata";
229 /// Get the name of instruction
231 /// <param name="opcode">Instruction</param>
232 /// <returns>Instruction name</returns>
233 public static string GetOpName(instruction opcode)
235 if (opcode == instruction.OP_0) // OP_0 and OP_FALSE are synonyms
237 if (opcode == instruction.OP_1) // OP_1 and OP_TRUE are synonyms
240 return Enum.GetName(typeof(instruction), opcode);
244 /// Get next instruction from list of bytes and extract push arguments if there are some.
246 /// <param name="codeBytes">ByteQueue reference.</param>
247 /// <param name="opcodeRet">Found instruction.</param>
248 /// <param name="bytesRet">IEnumerable out param which is used to get the push arguments.</param>
249 /// <returns>Result of operation</returns>
250 public static bool GetOp(ref ByteQueue codeBytes, out instruction opcodeRet, out byte[] bytesRet)
252 bytesRet = new byte[0];
253 opcodeRet = instruction.OP_INVALIDOPCODE;
260 opcode = (instruction)codeBytes.Get();
262 catch (ByteQueueException)
264 // No instruction found there
269 if (opcode <= instruction.OP_PUSHDATA4)
271 var szBytes = new byte[4] { 0, 0, 0, 0 }; // Zero length
276 if (opcode < instruction.OP_PUSHDATA1)
278 // Zero value instructions (OP_0, OP_FALSE)
279 nSize = (int) opcode;
281 else if (opcode == instruction.OP_PUSHDATA1)
283 // The next byte contains the number of bytes to be pushed onto the stack,
284 // i.e. you have something like OP_PUSHDATA1 0x01 [0x5a]
285 nSize = codeBytes.Get();
287 else if (opcode == instruction.OP_PUSHDATA2)
289 // The next two bytes contain the number of bytes to be pushed onto the stack,
290 // i.e. now your operation will seem like this: OP_PUSHDATA2 0x01 0x00 [0x5a]
291 nSize = BitConverter.ToInt16(codeBytes.Get(2), 0);
293 else if (opcode == instruction.OP_PUSHDATA4)
295 // The next four bytes contain the number of bytes to be pushed onto the stack,
296 // OP_PUSHDATA4 0x01 0x00 0x00 0x00 [0x5a]
297 nSize = BitConverter.ToInt32(codeBytes.Get(4), 0);
300 catch (ByteQueueException)
302 // Unable to read operand length
308 // If nSize is greater than zero then there is some data available
311 // Read found number of bytes into list of OP_PUSHDATAn arguments.
312 bytesRet = codeBytes.Get(nSize);
314 catch (ByteQueueException)
316 // Unable to read data
328 /// Convert value bytes into readable representation.
330 /// If list lengh is equal or lesser than 4 bytes then bytes are interpreted as integer value. Otherwise you will get hex representation of supplied data.
332 /// <param name="bytes">Collection of value bytes.</param>
333 /// <returns>Formatted value.</returns>
334 public static string ValueString(byte[] bytes)
336 var sb = new StringBuilder();
338 if (bytes.Length <= 4)
340 sb.Append(new BigInteger(bytes));
344 return Interop.ToHex(bytes);
347 return sb.ToString();
351 /// Convert list of stack items into human readable representation.
353 /// <param name="stackList">List of stack items.</param>
354 /// <returns>Formatted value.</returns>
355 public static string StackString(IList<byte[]> stackList)
357 var sb = new StringBuilder();
358 foreach (var bytes in stackList)
360 sb.Append(ValueString(bytes));
363 return sb.ToString();
367 /// Decode instruction to integer value
369 /// <param name="opcode">Small integer instruction (OP_1_NEGATE and OP_0 - OP_16)</param>
370 /// <returns>Small integer</returns>
371 public static int DecodeOP_N(instruction opcode, bool AllowNegate = false)
373 // Only OP_n instructions are supported, throw exception otherwise.
374 Contract.Requires<ArgumentException>((opcode == instruction.OP_1NEGATE && AllowNegate) || (opcode >= instruction.OP_0 && opcode <= instruction.OP_16), "Invalid integer instruction.");
378 case instruction.OP_1NEGATE:
380 case instruction.OP_0:
383 return (int)opcode - (int)(instruction.OP_1 - 1);
388 /// Converts integer into instruction
390 /// <param name="n">Small integer from the range of -1 up to 16.</param>
391 /// <returns>Corresponding instruction.</returns>
392 public static instruction EncodeOP_N(int n, bool allowNegate = false)
394 // The n value must be in the range of 1 to 16.
395 Contract.Requires<ArgumentException>((n == -1 && allowNegate) || (n >= 0 && n <= 16), "Invalid integer value.");
400 return instruction.OP_1NEGATE;
402 return instruction.OP_0;
404 return (instruction.OP_1 + n - 1);
408 public static int ScriptSigArgsExpected(txnouttype t, IList<byte[]> solutions)
412 case txnouttype.TX_NONSTANDARD:
414 case txnouttype.TX_NULL_DATA:
416 case txnouttype.TX_PUBKEY:
418 case txnouttype.TX_PUBKEYHASH:
420 case txnouttype.TX_MULTISIG:
421 if (solutions.Count < 1 || solutions.First().Length < 1)
423 return solutions.First()[0] + 1;
424 case txnouttype.TX_SCRIPTHASH:
425 return 1; // doesn't include args needed by the script
431 /// Is it a standart type of scriptPubKey?
433 /// <param name="scriptPubKey">CScript instance</param>
434 /// <param name="whichType">utut type</param>
435 /// <returns>Checking result</returns>
436 public static bool IsStandard(CScript scriptPubKey, out txnouttype whichType)
438 IList<byte[]> solutions;
440 if (!Solver(scriptPubKey, out whichType, out solutions))
442 // No solutions found
446 if (whichType == txnouttype.TX_MULTISIG)
448 // Additional verification of OP_CHECKMULTISIG arguments
449 var m = solutions.First()[0];
450 var n = solutions.Last()[0];
452 // Support up to x-of-3 multisig txns as standard
463 return whichType != txnouttype.TX_NONSTANDARD;
467 /// Return public keys or hashes from scriptPubKey, for 'standard' transaction types.
469 /// <param name="scriptPubKey">CScript instance</param>
470 /// <param name="typeRet">Output type</param>
471 /// <param name="solutions">Set of solutions</param>
472 /// <returns>Result</returns>
473 public static bool Solver(CScript scriptPubKey, out txnouttype typeRet, out IList<byte[]> solutions)
475 byte[] scriptBytes = scriptPubKey;
477 solutions = new List<byte[]>();
479 // There are shortcuts for pay-to-script-hash and pay-to-pubkey-hash, which are more constrained than the other types.
481 // It is always OP_HASH160 20 [20 byte hash] OP_EQUAL
482 if (scriptPubKey.IsPayToScriptHash)
484 typeRet = txnouttype.TX_SCRIPTHASH;
486 // Take 20 bytes with offset of 2 bytes
487 var hashBytes = scriptBytes.Skip(2).Take(20);
488 solutions.Add(hashBytes.ToArray());
493 // It is always OP_DUP OP_HASH160 20 [20 byte hash] OP_EQUALVERIFY OP_CHECKSIG
494 if (scriptPubKey.IsPayToPubKeyHash)
496 typeRet = txnouttype.TX_PUBKEYHASH;
498 // Take 20 bytes with offset of 3 bytes
499 var hashBytes = scriptBytes.Skip(3).Take(20);
500 solutions.Add(hashBytes.ToArray());
505 var templateTuples = new List<Tuple<txnouttype, byte[]>>();
507 // Sender provides pubkey, receiver adds signature
508 // [ECDSA public key] OP_CHECKSIG
510 new Tuple<txnouttype, byte[]>(
511 txnouttype.TX_PUBKEY,
513 (byte)instruction.OP_PUBKEY,
514 (byte)instruction.OP_CHECKSIG
518 // Sender provides N pubkeys, receivers provides M signatures
519 // N [pubkey1] [pubkey2] ... [pubkeyN] M OP_CHECKMULTISIG
520 // Where N and M are small integer instructions (OP1 ... OP_16)
522 new Tuple<txnouttype, byte[]>(
523 txnouttype.TX_MULTISIG,
525 (byte)instruction.OP_SMALLINTEGER,
526 (byte)instruction.OP_PUBKEYS,
527 (byte)instruction.OP_SMALLINTEGER,
528 (byte)instruction.OP_CHECKMULTISIG
532 // Data-carrying output
533 // OP_RETURN [up to 80 bytes of data]
535 new Tuple<txnouttype, byte[]>(
536 txnouttype.TX_NULL_DATA,
538 (byte)instruction.OP_RETURN,
539 (byte)instruction.OP_SMALLDATA
543 // Nonstandard tx output
544 typeRet = txnouttype.TX_NONSTANDARD;
546 foreach (var templateTuple in templateTuples)
548 var script1 = scriptPubKey;
549 var script2 = new CScript(templateTuple.Item2);
551 instruction opcode1, opcode2;
554 var bq1 = script1.GetByteQueue();
555 var bq2 = script2.GetByteQueue();
559 int last1 = ((byte[])script1).Length - 1;
560 int last2 = ((byte[])script2).Length - 1;
564 if (bq1.Index == last1 && bq2.Index == last2)
567 typeRet = templateTuple.Item1;
568 if (typeRet == txnouttype.TX_MULTISIG)
570 // Additional checks for TX_MULTISIG:
571 var m = solutions.First().First();
572 var n = solutions.Last().First();
574 if (m < 1 || n < 1 || m > n || solutions.Count - 2 != n)
582 if (!GetOp(ref bq1, out opcode1, out args1))
586 if (!GetOp(ref bq2, out opcode2, out args2))
591 // Template matching instructions:
592 if (opcode2 == instruction.OP_PUBKEYS)
594 while (args1.Count() >= 33 && args1.Count() <= 120)
596 solutions.Add(args1);
597 if (!GetOp(ref bq1, out opcode1, out args1))
602 if (!GetOp(ref bq2, out opcode2, out args2))
606 // Normal situation is to fall through
607 // to other if/else statements
609 if (opcode2 == instruction.OP_PUBKEY)
611 int PubKeyLen = args1.Count();
612 if (PubKeyLen < 33 || PubKeyLen > 120)
616 solutions.Add(args1);
618 else if (opcode2 == instruction.OP_PUBKEYHASH)
620 if (args1.Count() != 20) // hash160 size
624 solutions.Add(args1);
626 else if (opcode2 == instruction.OP_SMALLINTEGER)
628 // Single-byte small integer pushed onto solutions
631 var n = (byte)DecodeOP_N(opcode1);
632 solutions.Add(new byte[] { n });
639 else if (opcode2 == instruction.OP_SMALLDATA)
641 // small pushdata, <= 80 bytes
642 if (args1.Length > 80)
647 else if (opcode1 != opcode2 || !args1.SequenceEqual(args2))
649 // Others must match exactly
656 typeRet = txnouttype.TX_NONSTANDARD;
662 /// Generation of SignatureHash. This method is responsible for removal of transaction metadata. It's necessary signature can't sign itself.
664 /// <param name="script">Spending instructions</param>
665 /// <param name="txTo">Instance of transaction</param>
666 /// <param name="nIn">Input number</param>
667 /// <param name="nHashType">Hash type flag</param>
668 /// <returns></returns>
669 public static Hash256 SignatureHash(CScript script, CTransaction txTo, int nIn, int nHashType)
671 if (nIn >= txTo.vin.Length)
673 var sb = new StringBuilder();
674 sb.AppendFormat("ERROR: SignatureHash() : nIn={0} out of range\n", nIn);
675 throw new ArgumentOutOfRangeException("nIn", sb.ToString());
678 // Init a copy of transaction
679 var txTmp = new CTransaction(txTo);
681 // In case concatenating two scripts ends up with two codeseparators,
682 // or an extra one at the end, this prevents all those possible incompatibilities.
683 script.RemoveInstruction(instruction.OP_CODESEPARATOR);
685 // Blank out other inputs' signatures
686 for (int i = 0; i < txTmp.vin.Length; i++)
688 txTmp.vin[i].scriptSig = new CScript();
690 txTmp.vin[nIn].scriptSig = script;
692 // Blank out some of the outputs
693 if ((nHashType & 0x1f) == (int)sigflag.SIGHASH_NONE)
696 txTmp.vout = new CTxOut[0];
698 // Let the others update at will
699 for (int i = 0; i < txTmp.vin.Length; i++)
703 txTmp.vin[i].nSequence = 0;
707 else if ((nHashType & 0x1f) == (int)sigflag.SIGHASH_SINGLE)
709 // Only lock-in the txout payee at same index as txin
711 if (nOut >= txTmp.vout.Length)
713 StringBuilder sb = new StringBuilder();
714 sb.AppendFormat("ERROR: SignatureHash() : nOut={0} out of range\n", nOut);
715 throw new ArgumentOutOfRangeException("nOut", sb.ToString());
717 Array.Resize(ref txTmp.vout, nOut + 1);
719 for (int i = 0; i < nOut; i++)
721 txTmp.vout[i] = new CTxOut();
724 // Let the others update at will
725 for (int i = 0; i < txTmp.vin.Length; i++)
729 txTmp.vin[i].nSequence = 0;
734 // Blank out other inputs completely, not recommended for open transactions
735 if ((nHashType & (int)sigflag.SIGHASH_ANYONECANPAY) != 0)
737 txTmp.vin[0] = txTmp.vin[nIn];
738 Array.Resize(ref txTmp.vin, 1);
741 // Concatenate and hash
742 var txBytes = (byte[])txTmp;
743 var nHashTypeBytes = BitConverter.GetBytes(nHashType);
745 return Hash256.Compute256(ref txBytes, ref nHashTypeBytes);
749 // Script is a stack machine (like Forth) that evaluates a predicate
750 // returning a bool indicating valid or not. There are no loops.
754 /// Script machine exception
757 public class StackMachineException : Exception
759 public StackMachineException()
763 public StackMachineException(string message)
768 public StackMachineException(string message, Exception inner)
769 : base(message, inner)
775 /// Remove last element from stack
777 /// <param name="stack">Stack reference</param>
778 private static void popstack(ref List<byte[]> stack)
780 int nCount = stack.Count;
783 throw new StackMachineException("Stack is empty");
786 stack.RemoveAt(nCount - 1);
790 /// Get element at specified stack depth
792 /// <param name="stack">Stack reference</param>
793 /// <param name="nDepth">Depth</param>
794 /// <returns>Byte sequence</returns>
795 private static byte[] stacktop(ref List<byte[]> stack, int nDepth)
797 Contract.Requires<StackMachineException>(nDepth < 0, "Positive or zero stack depth makes no sense.");
798 Contract.Requires<StackMachineException>(stack.Count + nDepth >= 0, "Value exceeds real stack depth.");
800 return stack[stack.Count + nDepth];
804 /// Cast argument to boolean value
806 /// <param name="value">Some byte sequence</param>
807 /// <returns></returns>
808 private static bool CastToBool(byte[] arg)
810 for (var i = 0; i < arg.Length; i++)
814 // Can be negative zero
815 if (i == arg.Length - 1 && arg[i] == 0x80)
828 /// Cast argument to integer value
830 /// <param name="value"></param>
831 /// <returns></returns>
832 private static BigInteger CastToBigInteger(byte[] value)
834 Contract.Requires<StackMachineException>(value.Length <= 4, "Size limit failed.");
836 return new BigInteger(value);
840 /// Execution of script
842 /// <param name="stack"></param>
843 /// <param name="script">Script to execute</param>
844 /// <param name="txTo">Transaction instance</param>
845 /// <param name="nIn">Input number</param>
846 /// <param name="flags">Signature checking flags</param>
847 /// <param name="nHashType">Hash type flag</param>
848 /// <returns></returns>
849 public static bool EvalScript(ref List<byte[]> stack, CScript script, CTransaction txTo, int nIn, int flags, int nHashType)
851 var scriptBytes = ((byte[])script);
853 if (scriptBytes.Length > 10000)
855 return false; // Size limit failed
858 var vfExec = new List<bool>();
861 int nCodeHashBegin = 0;
863 var falseBytes = new byte[0];
864 var trueBytes = new byte[] { 0x01 };
866 var CodeQueue = script.GetByteQueue();
867 var altStack = new List<byte[]>();
876 while (GetOp(ref CodeQueue, out opcode, out pushArg)) // Read instructions
878 bool fExec = vfExec.IndexOf(false) == -1;
880 if (pushArg.Length > 520)
882 return false; // Script element size limit failed
885 if (opcode > instruction.OP_16 && ++nOpCount > 201)
890 if (fExec && 0 <= opcode && opcode <= instruction.OP_PUSHDATA4)
892 stack.Add(pushArg); // Push argument to stack
894 else if (fExec || (instruction.OP_IF <= opcode && opcode <= instruction.OP_ENDIF))
898 // Disabled instructions
900 case instruction.OP_CAT:
901 case instruction.OP_SUBSTR:
902 case instruction.OP_LEFT:
903 case instruction.OP_RIGHT:
904 case instruction.OP_INVERT:
905 case instruction.OP_AND:
906 case instruction.OP_OR:
907 case instruction.OP_XOR:
908 case instruction.OP_2MUL:
909 case instruction.OP_2DIV:
910 case instruction.OP_MUL:
911 case instruction.OP_DIV:
912 case instruction.OP_MOD:
913 case instruction.OP_LSHIFT:
914 case instruction.OP_RSHIFT:
918 // Push integer instructions
920 case instruction.OP_1NEGATE:
921 case instruction.OP_1:
922 case instruction.OP_2:
923 case instruction.OP_3:
924 case instruction.OP_4:
925 case instruction.OP_5:
926 case instruction.OP_6:
927 case instruction.OP_7:
928 case instruction.OP_8:
929 case instruction.OP_9:
930 case instruction.OP_10:
931 case instruction.OP_11:
932 case instruction.OP_12:
933 case instruction.OP_13:
934 case instruction.OP_14:
935 case instruction.OP_15:
936 case instruction.OP_16:
939 BigInteger bn = DecodeOP_N(opcode, true);
940 stack.Add(bn.ToByteArray());
947 case instruction.OP_NOP:
948 case instruction.OP_NOP1:
949 case instruction.OP_NOP2:
950 case instruction.OP_NOP3:
951 case instruction.OP_NOP4:
952 case instruction.OP_NOP5:
953 case instruction.OP_NOP6:
954 case instruction.OP_NOP7:
955 case instruction.OP_NOP8:
956 case instruction.OP_NOP9:
957 case instruction.OP_NOP10:
966 case instruction.OP_IF:
967 case instruction.OP_NOTIF:
969 // <expression> if [statements] [else [statements]] endif
973 if (stack.Count() < 1)
977 var vch = stacktop(ref stack, -1);
978 fValue = CastToBool(vch);
979 if (opcode == instruction.OP_NOTIF)
989 case instruction.OP_ELSE:
991 int nExecCount = vfExec.Count();
996 vfExec[nExecCount - 1] = !vfExec[nExecCount - 1];
1000 case instruction.OP_ENDIF:
1002 int nExecCount = vfExec.Count();
1003 if (nExecCount == 0)
1007 vfExec.RemoveAt(nExecCount - 1);
1011 case instruction.OP_VERIFY:
1014 // (false -- false) and return
1015 if (stack.Count() < 1)
1020 bool fValue = CastToBool(stacktop(ref stack, -1));
1023 popstack(ref stack);
1032 case instruction.OP_RETURN:
1040 case instruction.OP_TOALTSTACK:
1042 if (stack.Count() < 1)
1046 altStack.Add(stacktop(ref stack, -1));
1047 popstack(ref stack);
1051 case instruction.OP_FROMALTSTACK:
1053 if (altStack.Count() < 1)
1057 stack.Add(stacktop(ref stack, -1));
1058 popstack(ref altStack);
1062 case instruction.OP_2DROP:
1065 if (stack.Count() < 2)
1069 popstack(ref stack);
1070 popstack(ref stack);
1074 case instruction.OP_2DUP:
1076 // (x1 x2 -- x1 x2 x1 x2)
1077 if (stack.Count() < 2)
1081 var vch1 = stacktop(ref stack, -2);
1082 var vch2 = stacktop(ref stack, -1);
1088 case instruction.OP_3DUP:
1090 // (x1 x2 x3 -- x1 x2 x3 x1 x2 x3)
1091 if (stack.Count() < 3)
1095 var vch1 = stacktop(ref stack, -3);
1096 var vch2 = stacktop(ref stack, -2);
1097 var vch3 = stacktop(ref stack, -1);
1104 case instruction.OP_2OVER:
1106 // (x1 x2 x3 x4 -- x1 x2 x3 x4 x1 x2)
1107 if (stack.Count() < 4)
1111 var vch1 = stacktop(ref stack, -4);
1112 var vch2 = stacktop(ref stack, -3);
1118 case instruction.OP_2ROT:
1120 int nStackDepth = stack.Count();
1121 // (x1 x2 x3 x4 x5 x6 -- x3 x4 x5 x6 x1 x2)
1122 if (nStackDepth < 6)
1126 var vch1 = stacktop(ref stack, -6);
1127 var vch2 = stacktop(ref stack, -5);
1128 stack.RemoveRange(nStackDepth - 6, 2);
1134 case instruction.OP_2SWAP:
1136 // (x1 x2 x3 x4 -- x3 x4 x1 x2)
1137 int nStackDepth = stack.Count;
1138 if (nStackDepth < 4)
1142 stack.Swap(nStackDepth - 4, nStackDepth - 2);
1143 stack.Swap(nStackDepth - 3, nStackDepth - 1);
1147 case instruction.OP_IFDUP:
1150 if (stack.Count() < 1)
1155 var vch = stacktop(ref stack, -1);
1157 if (CastToBool(vch))
1164 case instruction.OP_DEPTH:
1167 BigInteger bn = new BigInteger((ushort)stack.Count());
1168 stack.Add(bn.ToByteArray());
1172 case instruction.OP_DROP:
1175 if (stack.Count() < 1)
1180 popstack(ref stack);
1184 case instruction.OP_DUP:
1187 if (stack.Count() < 1)
1192 var vch = stacktop(ref stack, -1);
1197 case instruction.OP_NIP:
1200 int nStackDepth = stack.Count();
1201 if (nStackDepth < 2)
1206 stack.RemoveAt(nStackDepth - 2);
1210 case instruction.OP_OVER:
1212 // (x1 x2 -- x1 x2 x1)
1213 if (stack.Count() < 2)
1218 var vch = stacktop(ref stack, -2);
1223 case instruction.OP_PICK:
1224 case instruction.OP_ROLL:
1226 // (xn ... x2 x1 x0 n - xn ... x2 x1 x0 xn)
1227 // (xn ... x2 x1 x0 n - ... x2 x1 x0 xn)
1229 int nStackDepth = stack.Count();
1230 if (nStackDepth < 2)
1235 int n = (int)CastToBigInteger(stacktop(ref stack, -1));
1236 popstack(ref stack);
1238 if (n < 0 || n >= stack.Count())
1243 var vch = stacktop(ref stack, -n - 1);
1244 if (opcode == instruction.OP_ROLL)
1246 stack.RemoveAt(nStackDepth - n - 1);
1253 case instruction.OP_ROT:
1255 // (x1 x2 x3 -- x2 x3 x1)
1256 // x2 x1 x3 after first swap
1257 // x2 x3 x1 after second swap
1258 int nStackDepth = stack.Count();
1259 if (nStackDepth < 3)
1263 stack.Swap(nStackDepth - 3, nStackDepth - 2);
1264 stack.Swap(nStackDepth - 2, nStackDepth - 1);
1269 case instruction.OP_SWAP:
1272 int nStackDepth = stack.Count();
1273 if (nStackDepth < 2)
1277 stack.Swap(nStackDepth - 2, nStackDepth - 1);
1281 case instruction.OP_TUCK:
1283 // (x1 x2 -- x2 x1 x2)
1284 int nStackDepth = stack.Count();
1285 if (nStackDepth < 2)
1289 var vch = stacktop(ref stack, -1);
1290 stack.Insert(nStackDepth - 2, vch);
1295 case instruction.OP_SIZE:
1298 if (stack.Count() < 1)
1303 var bnSize = new BigInteger((ushort)stacktop(ref stack, -1).Count());
1304 stack.Add(bnSize.ToByteArray());
1312 case instruction.OP_EQUAL:
1313 case instruction.OP_EQUALVERIFY:
1314 //case instruction.OP_NOTEQUAL: // use OP_NUMNOTEQUAL
1317 if (stack.Count() < 2)
1322 var vch1 = stacktop(ref stack, -2);
1323 var vch2 = stacktop(ref stack, -1);
1324 bool fEqual = (vch1.SequenceEqual(vch2));
1325 // OP_NOTEQUAL is disabled because it would be too easy to say
1326 // something like n != 1 and have some wiseguy pass in 1 with extra
1327 // zero bytes after it (numerically, 0x01 == 0x0001 == 0x000001)
1328 //if (opcode == instruction.OP_NOTEQUAL)
1329 // fEqual = !fEqual;
1330 popstack(ref stack);
1331 popstack(ref stack);
1332 stack.Add(fEqual ? trueBytes : falseBytes);
1334 if (opcode == instruction.OP_EQUALVERIFY)
1338 popstack(ref stack);
1352 case instruction.OP_1ADD:
1353 case instruction.OP_1SUB:
1354 case instruction.OP_NEGATE:
1355 case instruction.OP_ABS:
1356 case instruction.OP_NOT:
1357 case instruction.OP_0NOTEQUAL:
1360 if (stack.Count() < 1)
1365 var bn = CastToBigInteger(stacktop(ref stack, -1));
1368 case instruction.OP_1ADD:
1371 case instruction.OP_1SUB:
1374 case instruction.OP_NEGATE:
1377 case instruction.OP_ABS:
1378 bn = BigInteger.Abs(bn);
1380 case instruction.OP_NOT:
1381 bn = bn == 0 ? 1 : 0;
1383 case instruction.OP_0NOTEQUAL:
1384 bn = bn != 0 ? 1 : 0;
1388 popstack(ref stack);
1389 stack.Add(bn.ToByteArray());
1393 case instruction.OP_ADD:
1394 case instruction.OP_SUB:
1395 case instruction.OP_BOOLAND:
1396 case instruction.OP_BOOLOR:
1397 case instruction.OP_NUMEQUAL:
1398 case instruction.OP_NUMEQUALVERIFY:
1399 case instruction.OP_NUMNOTEQUAL:
1400 case instruction.OP_LESSTHAN:
1401 case instruction.OP_GREATERTHAN:
1402 case instruction.OP_LESSTHANOREQUAL:
1403 case instruction.OP_GREATERTHANOREQUAL:
1404 case instruction.OP_MIN:
1405 case instruction.OP_MAX:
1408 if (stack.Count() < 2)
1413 var bn1 = CastToBigInteger(stacktop(ref stack, -2));
1414 var bn2 = CastToBigInteger(stacktop(ref stack, -1));
1419 case instruction.OP_ADD:
1422 case instruction.OP_SUB:
1425 case instruction.OP_BOOLAND:
1426 bn = (bn1 != 0 && bn2 != 0) ? 1 : 0;
1428 case instruction.OP_BOOLOR:
1429 bn = (bn1 != 0 || bn2 != 0) ? 1 : 0;
1431 case instruction.OP_NUMEQUAL:
1432 bn = (bn1 == bn2) ? 1 : 0;
1434 case instruction.OP_NUMEQUALVERIFY:
1435 bn = (bn1 == bn2) ? 1 : 0;
1437 case instruction.OP_NUMNOTEQUAL:
1438 bn = (bn1 != bn2) ? 1 : 0;
1440 case instruction.OP_LESSTHAN:
1441 bn = (bn1 < bn2) ? 1 : 0;
1443 case instruction.OP_GREATERTHAN:
1444 bn = (bn1 > bn2) ? 1 : 0;
1446 case instruction.OP_LESSTHANOREQUAL:
1447 bn = (bn1 <= bn2) ? 1 : 0;
1449 case instruction.OP_GREATERTHANOREQUAL:
1450 bn = (bn1 >= bn2) ? 1 : 0;
1452 case instruction.OP_MIN:
1453 bn = (bn1 < bn2 ? bn1 : bn2);
1455 case instruction.OP_MAX:
1456 bn = (bn1 > bn2 ? bn1 : bn2);
1460 popstack(ref stack);
1461 popstack(ref stack);
1462 stack.Add(bn.ToByteArray());
1464 if (opcode == instruction.OP_NUMEQUALVERIFY)
1466 if (CastToBool(stacktop(ref stack, -1)))
1468 popstack(ref stack);
1478 case instruction.OP_WITHIN:
1480 // (x min max -- out)
1481 if (stack.Count() < 3)
1486 var bn1 = CastToBigInteger(stacktop(ref stack, -3));
1487 var bn2 = CastToBigInteger(stacktop(ref stack, -2));
1488 var bn3 = CastToBigInteger(stacktop(ref stack, -1));
1490 bool fValue = (bn2 <= bn1 && bn1 < bn3);
1492 popstack(ref stack);
1493 popstack(ref stack);
1494 popstack(ref stack);
1496 stack.Add(fValue ? trueBytes : falseBytes);
1503 case instruction.OP_RIPEMD160:
1504 case instruction.OP_SHA1:
1505 case instruction.OP_SHA256:
1506 case instruction.OP_HASH160:
1507 case instruction.OP_HASH256:
1510 if (stack.Count() < 1)
1515 var data = stacktop(ref stack, -1);
1519 case instruction.OP_HASH160:
1520 hash = Hash160.Compute160(data);
1522 case instruction.OP_HASH256:
1523 hash = Hash256.Compute256(data);
1525 case instruction.OP_SHA1:
1526 hash = SHA1.Compute1(data);
1528 case instruction.OP_SHA256:
1529 hash = SHA256.Compute256(data);
1531 case instruction.OP_RIPEMD160:
1532 hash = RIPEMD160.Compute160(data);
1535 popstack(ref stack);
1540 case instruction.OP_CODESEPARATOR:
1542 // Hash starts after the code separator
1543 nCodeHashBegin = CodeQueue.Index;
1547 case instruction.OP_CHECKSIG:
1548 case instruction.OP_CHECKSIGVERIFY:
1550 // (sig pubkey -- bool)
1551 if (stack.Count() < 2)
1556 var sigBytes = stacktop(ref stack, -2);
1557 var pubkeyBytes = stacktop(ref stack, -1);
1559 // Subset of script starting at the most recent codeseparator
1560 var scriptCode = new CScript(scriptBytes.Skip(nCodeHashBegin).ToArray());
1562 // There's no way for a signature to sign itself
1563 scriptCode.RemovePattern(sigBytes);
1565 bool fSuccess = IsCanonicalSignature(sigBytes, flags) && IsCanonicalPubKey(pubkeyBytes, flags) && CheckSig(sigBytes, pubkeyBytes, scriptCode, txTo, nIn, nHashType, flags);
1567 popstack(ref stack);
1568 popstack(ref stack);
1570 stack.Add(fSuccess ? trueBytes : falseBytes);
1572 if (opcode == instruction.OP_CHECKSIGVERIFY)
1576 popstack(ref stack);
1586 case instruction.OP_CHECKMULTISIG:
1587 case instruction.OP_CHECKMULTISIGVERIFY:
1589 // ([sig ...] num_of_signatures [pubkey ...] num_of_pubkeys -- bool)
1592 if (stack.Count() < i)
1597 int nKeysCount = (int)CastToBigInteger(stacktop(ref stack, -i));
1598 if (nKeysCount < 0 || nKeysCount > 20)
1602 nOpCount += nKeysCount;
1609 if (stack.Count() < i)
1614 int nSigsCount = (int)CastToBigInteger(stacktop(ref stack, -i));
1615 if (nSigsCount < 0 || nSigsCount > nKeysCount)
1621 if (stack.Count() < i)
1626 // Subset of script starting at the most recent codeseparator
1627 var scriptCode = new CScript(scriptBytes.Skip(nCodeHashBegin).ToArray());
1629 // There is no way for a signature to sign itself, so we need to drop the signatures
1630 for (int k = 0; k < nSigsCount; k++)
1632 var vchSig = stacktop(ref stack, -isig - k);
1633 scriptCode.RemovePattern(vchSig);
1636 bool fSuccess = true;
1637 while (fSuccess && nSigsCount > 0)
1639 var sigBytes = stacktop(ref stack, -isig);
1640 var pubKeyBytes = stacktop(ref stack, -ikey);
1643 bool fOk = IsCanonicalSignature(sigBytes, flags) && IsCanonicalPubKey(pubKeyBytes, flags) && CheckSig(sigBytes, pubKeyBytes, scriptCode, txTo, nIn, nHashType, flags);
1653 // If there are more signatures left than keys left,
1654 // then too many signatures have failed
1655 if (nSigsCount > nKeysCount)
1663 popstack(ref stack);
1666 // A bug causes CHECKMULTISIG to consume one extra argument
1667 // whose contents were not checked in any way.
1669 // Unfortunately this is a potential source of mutability,
1670 // so optionally verify it is exactly equal to zero prior
1671 // to removing it from the stack.
1672 if (stack.Count() < 1)
1676 if ((flags & (int)scriptflag.SCRIPT_VERIFY_NULLDUMMY) != 0 && stacktop(ref stack, -1).Count() != 0)
1678 return false; // CHECKMULTISIG dummy argument not null
1680 popstack(ref stack);
1682 stack.Add(fSuccess ? trueBytes : falseBytes);
1684 if (opcode == instruction.OP_CHECKMULTISIGVERIFY)
1688 popstack(ref stack);
1703 if (stack.Count() + altStack.Count() > 1000)
1712 // If there are any exceptions then just return false.
1717 if (vfExec.Count() != 0)
1719 // Something went wrong with conditional instructions.
1727 public static bool IsCanonicalPubKey(byte[] pubKeyBytes, int flags)
1729 if ((flags & (int)scriptflag.SCRIPT_VERIFY_STRICTENC) == 0)
1732 if (pubKeyBytes.Length < 33)
1733 return false; // Non-canonical public key: too short
1734 if (pubKeyBytes[0] == 0x04)
1736 if (pubKeyBytes.Length != 65)
1737 return false; // Non-canonical public key: invalid length for uncompressed key
1739 else if (pubKeyBytes[0] == 0x02 || pubKeyBytes[0] == 0x03)
1741 if (pubKeyBytes.Length != 33)
1742 return false; // Non-canonical public key: invalid length for compressed key
1746 return false; // Non-canonical public key: compressed nor uncompressed
1751 public static bool IsCanonicalSignature(byte[] sigBytes, int flags)
1759 /// Check signature.
1761 /// <param name="sigBytes">Signature</param>
1762 /// <param name="pubkeyBytes">Public key</param>
1763 /// <param name="script">Spending script</param>
1764 /// <param name="txTo">CTransaction instance</param>
1765 /// <param name="nIn">Input number</param>
1766 /// <param name="nHashType">Hashing type flag</param>
1767 /// <param name="flags">Signature checking flags</param>
1768 /// <returns>Checking result</returns>
1769 public static bool CheckSig(byte[] sigBytes, byte[] pubkeyBytes, CScript script, CTransaction txTo, int nIn, int nHashType, int flags)
1775 // Trying to initialize the public key instance
1777 pubkey = new CPubKey(pubkeyBytes);
1781 // Exception occurred while initializing the public key
1786 if (!pubkey.IsValid)
1791 if (sigBytes.Length == 0)
1796 // Hash type is one byte tacked on to the end of the signature
1799 nHashType = sigBytes.Last();
1801 else if (nHashType != sigBytes.Last())
1807 Array.Resize(ref sigBytes, sigBytes.Length - 1);
1809 var sighash = SignatureHash(script, txTo, nIn, nHashType);
1811 if (!pubkey.VerifySignature(sighash, sigBytes))
1820 /// Evaluates the both scriptSig and scriptPubKey.
1822 /// <param name="scriptSig"></param>
1823 /// <param name="scriptPubKey"></param>
1824 /// <param name="txTo">Transaction</param>
1825 /// <param name="nIn">Input number</param>
1826 /// <param name="flags">Script validation flags</param>
1827 /// <param name="nHashType">Hash type flag</param>
1828 /// <returns></returns>
1829 public static bool VerifyScript(CScript scriptSig, CScript scriptPubKey, CTransaction txTo, int nIn, int flags, int nHashType)
1831 var stack = new List<byte[]>();
1832 List<byte[]> stackCopy = null;
1834 if (!EvalScript(ref stack, scriptSig, txTo, nIn, flags, nHashType))
1839 if ((flags & (int)scriptflag.SCRIPT_VERIFY_P2SH) != 0)
1841 stackCopy = new List<byte[]>(stack);
1844 if (!EvalScript(ref stack, scriptPubKey, txTo, nIn, flags, nHashType))
1849 if (stack.Count == 0 || CastToBool(stack.Last()) == false)
1854 // Additional validation for spend-to-script-hash transactions:
1855 if ((flags & (int)scriptflag.SCRIPT_VERIFY_P2SH) != 0 && scriptPubKey.IsPayToScriptHash)
1857 if (!scriptSig.IsPushOnly) // scriptSig must be literals-only
1862 // stackCopy cannot be empty here, because if it was the
1863 // P2SH HASH <> EQUAL scriptPubKey would be evaluated with
1864 // an empty stack and the EvalScript above would return false.
1866 if (stackCopy.Count == 0)
1868 throw new StackMachineException("Fatal script validation error.");
1871 var pubKey2 = new CScript(stackCopy.Last());
1872 popstack(ref stackCopy);
1874 if (!EvalScript(ref stackCopy, pubKey2, txTo, nIn, flags, nHashType))
1876 if (stackCopy.Count == 0)
1879 return CastToBool(stackCopy.Last());
git://git.novaco.in / NovacoinLibrary.git / blob