3 # Electrum - lightweight Bitcoin client
4 # Copyright (C) 2011 thomasv@gitorious
6 # This program is free software: you can redistribute it and/or modify
7 # it under the terms of the GNU General Public License as published by
8 # the Free Software Foundation, either version 3 of the License, or
9 # (at your option) any later version.
11 # This program is distributed in the hope that it will be useful,
12 # but WITHOUT ANY WARRANTY; without even the implied warranty of
13 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 # GNU General Public License for more details.
16 # You should have received a copy of the GNU General Public License
17 # along with this program. If not, see <http://www.gnu.org/licenses/>.
20 # Note: The deserialization code originally comes from ABE.
25 from util import print_error
30 # Workalike python implementation of Bitcoin's CDataStream class.
38 class SerializationError(Exception):
39 """ Thrown when there's a problem deserializing or serializing """
41 class BCDataStream(object):
50 def write(self, bytes): # Initialize with string of bytes
51 if self.input is None:
56 def map_file(self, file, start): # Initialize with bytes from file
57 self.input = mmap.mmap(file.fileno(), 0, access=mmap.ACCESS_READ)
58 self.read_cursor = start
60 def seek_file(self, position):
61 self.read_cursor = position
66 def read_string(self):
67 # Strings are encoded depending on length:
68 # 0 to 252 : 1-byte-length followed by bytes (if any)
69 # 253 to 65,535 : byte'253' 2-byte-length followed by bytes
70 # 65,536 to 4,294,967,295 : byte '254' 4-byte-length followed by bytes
71 # ... and the Bitcoin client is coded to understand:
72 # greater than 4,294,967,295 : byte '255' 8-byte-length followed by bytes of string
73 # ... but I don't think it actually handles any strings that big.
74 if self.input is None:
75 raise SerializationError("call write(bytes) before trying to deserialize")
78 length = self.read_compact_size()
80 raise SerializationError("attempt to read past end of buffer")
82 return self.read_bytes(length)
84 def write_string(self, string):
85 # Length-encoded as with read-string
86 self.write_compact_size(len(string))
89 def read_bytes(self, length):
91 result = self.input[self.read_cursor:self.read_cursor+length]
92 self.read_cursor += length
95 raise SerializationError("attempt to read past end of buffer")
99 def read_boolean(self): return self.read_bytes(1)[0] != chr(0)
100 def read_int16(self): return self._read_num('<h')
101 def read_uint16(self): return self._read_num('<H')
102 def read_int32(self): return self._read_num('<i')
103 def read_uint32(self): return self._read_num('<I')
104 def read_int64(self): return self._read_num('<q')
105 def read_uint64(self): return self._read_num('<Q')
107 def write_boolean(self, val): return self.write(chr(1) if val else chr(0))
108 def write_int16(self, val): return self._write_num('<h', val)
109 def write_uint16(self, val): return self._write_num('<H', val)
110 def write_int32(self, val): return self._write_num('<i', val)
111 def write_uint32(self, val): return self._write_num('<I', val)
112 def write_int64(self, val): return self._write_num('<q', val)
113 def write_uint64(self, val): return self._write_num('<Q', val)
115 def read_compact_size(self):
116 size = ord(self.input[self.read_cursor])
117 self.read_cursor += 1
119 size = self._read_num('<H')
121 size = self._read_num('<I')
123 size = self._read_num('<Q')
126 def write_compact_size(self, size):
128 raise SerializationError("attempt to write size < 0")
130 self.write(chr(size))
133 self._write_num('<H', size)
136 self._write_num('<I', size)
139 self._write_num('<Q', size)
141 def _read_num(self, format):
142 (i,) = struct.unpack_from(format, self.input, self.read_cursor)
143 self.read_cursor += struct.calcsize(format)
146 def _write_num(self, format, num):
147 s = struct.pack(format, num)
152 # From the Python Cookbook, downloaded from http://code.activestate.com/recipes/67107/
154 import types, string, exceptions
156 class EnumException(exceptions.Exception):
160 def __init__(self, name, enumList):
168 if type(x) == types.TupleType:
170 if type(x) != types.StringType:
171 raise EnumException, "enum name is not a string: " + x
172 if type(i) != types.IntType:
173 raise EnumException, "enum value is not an integer: " + i
175 raise EnumException, "enum name is not unique: " + x
176 if i in uniqueValues:
177 raise EnumException, "enum value is not unique for " + x
178 uniqueNames.append(x)
179 uniqueValues.append(i)
184 self.reverseLookup = reverseLookup
185 def __getattr__(self, attr):
186 if not self.lookup.has_key(attr):
188 return self.lookup[attr]
189 def whatis(self, value):
190 return self.reverseLookup[value]
193 # This function comes from bitcointools, bct-LICENSE.txt.
195 return bytes.encode('hex_codec')
197 # This function comes from bitcointools, bct-LICENSE.txt.
198 def short_hex(bytes):
199 t = bytes.encode('hex_codec')
202 return t[0:4]+"..."+t[-4:]
207 def parse_redeemScript(bytes):
208 dec = [ x for x in script_GetOp(bytes.decode('hex')) ]
211 match = [ opcodes.OP_2, opcodes.OP_PUSHDATA4, opcodes.OP_PUSHDATA4, opcodes.OP_2, opcodes.OP_CHECKMULTISIG ]
212 if match_decoded(dec, match):
213 pubkeys = [ dec[1][1].encode('hex'), dec[2][1].encode('hex') ]
217 match = [ opcodes.OP_2, opcodes.OP_PUSHDATA4, opcodes.OP_PUSHDATA4, opcodes.OP_PUSHDATA4, opcodes.OP_3, opcodes.OP_CHECKMULTISIG ]
218 if match_decoded(dec, match):
219 pubkeys = [ dec[1][1].encode('hex'), dec[2][1].encode('hex'), dec[3][1].encode('hex') ]
224 opcodes = Enumeration("Opcodes", [
225 ("OP_0", 0), ("OP_PUSHDATA1",76), "OP_PUSHDATA2", "OP_PUSHDATA4", "OP_1NEGATE", "OP_RESERVED",
226 "OP_1", "OP_2", "OP_3", "OP_4", "OP_5", "OP_6", "OP_7",
227 "OP_8", "OP_9", "OP_10", "OP_11", "OP_12", "OP_13", "OP_14", "OP_15", "OP_16",
228 "OP_NOP", "OP_VER", "OP_IF", "OP_NOTIF", "OP_VERIF", "OP_VERNOTIF", "OP_ELSE", "OP_ENDIF", "OP_VERIFY",
229 "OP_RETURN", "OP_TOALTSTACK", "OP_FROMALTSTACK", "OP_2DROP", "OP_2DUP", "OP_3DUP", "OP_2OVER", "OP_2ROT", "OP_2SWAP",
230 "OP_IFDUP", "OP_DEPTH", "OP_DROP", "OP_DUP", "OP_NIP", "OP_OVER", "OP_PICK", "OP_ROLL", "OP_ROT",
231 "OP_SWAP", "OP_TUCK", "OP_CAT", "OP_SUBSTR", "OP_LEFT", "OP_RIGHT", "OP_SIZE", "OP_INVERT", "OP_AND",
232 "OP_OR", "OP_XOR", "OP_EQUAL", "OP_EQUALVERIFY", "OP_RESERVED1", "OP_RESERVED2", "OP_1ADD", "OP_1SUB", "OP_2MUL",
233 "OP_2DIV", "OP_NEGATE", "OP_ABS", "OP_NOT", "OP_0NOTEQUAL", "OP_ADD", "OP_SUB", "OP_MUL", "OP_DIV",
234 "OP_MOD", "OP_LSHIFT", "OP_RSHIFT", "OP_BOOLAND", "OP_BOOLOR",
235 "OP_NUMEQUAL", "OP_NUMEQUALVERIFY", "OP_NUMNOTEQUAL", "OP_LESSTHAN",
236 "OP_GREATERTHAN", "OP_LESSTHANOREQUAL", "OP_GREATERTHANOREQUAL", "OP_MIN", "OP_MAX",
237 "OP_WITHIN", "OP_RIPEMD160", "OP_SHA1", "OP_SHA256", "OP_HASH160",
238 "OP_HASH256", "OP_CODESEPARATOR", "OP_CHECKSIG", "OP_CHECKSIGVERIFY", "OP_CHECKMULTISIG",
239 "OP_CHECKMULTISIGVERIFY",
240 ("OP_SINGLEBYTE_END", 0xF0),
241 ("OP_DOUBLEBYTE_BEGIN", 0xF000),
242 "OP_PUBKEY", "OP_PUBKEYHASH",
243 ("OP_INVALIDOPCODE", 0xFFFF),
247 def script_GetOp(bytes):
249 while i < len(bytes):
251 opcode = ord(bytes[i])
253 if opcode >= opcodes.OP_SINGLEBYTE_END:
255 opcode |= ord(bytes[i])
258 if opcode <= opcodes.OP_PUSHDATA4:
260 if opcode == opcodes.OP_PUSHDATA1:
261 nSize = ord(bytes[i])
263 elif opcode == opcodes.OP_PUSHDATA2:
264 (nSize,) = struct.unpack_from('<H', bytes, i)
266 elif opcode == opcodes.OP_PUSHDATA4:
267 (nSize,) = struct.unpack_from('<I', bytes, i)
269 vch = bytes[i:i+nSize]
272 yield (opcode, vch, i)
275 def script_GetOpName(opcode):
276 return (opcodes.whatis(opcode)).replace("OP_", "")
279 def decode_script(bytes):
281 for (opcode, vch, i) in script_GetOp(bytes):
282 if len(result) > 0: result += " "
283 if opcode <= opcodes.OP_PUSHDATA4:
284 result += "%d:"%(opcode,)
285 result += short_hex(vch)
287 result += script_GetOpName(opcode)
291 def match_decoded(decoded, to_match):
292 if len(decoded) != len(to_match):
294 for i in range(len(decoded)):
295 if to_match[i] == opcodes.OP_PUSHDATA4 and decoded[i][0] <= opcodes.OP_PUSHDATA4 and decoded[i][0]>0:
296 continue # Opcodes below OP_PUSHDATA4 all just push data onto stack, and are equivalent.
297 if to_match[i] != decoded[i][0]:
302 def parse_sig(x_sig):
308 assert sig == NO_SIGNATURE
312 def is_extended_pubkey(x_pubkey):
313 return x_pubkey[0:2] in ['fe', 'ff']
315 def x_to_xpub(x_pubkey):
316 if x_pubkey[0:2] == 'ff':
317 from account import BIP32_Account
318 xpub, s = BIP32_Account.parse_xpubkey(x_pubkey)
323 def parse_xpub(x_pubkey):
324 if x_pubkey[0:2] == 'ff':
325 from account import BIP32_Account
326 xpub, s = BIP32_Account.parse_xpubkey(x_pubkey)
327 pubkey = BIP32_Account.get_pubkey_from_x(xpub, s[0], s[1])
328 elif x_pubkey[0:2] == 'fe':
329 from account import OldAccount
330 mpk, s = OldAccount.parse_xpubkey(x_pubkey)
331 pubkey = OldAccount.get_pubkey_from_mpk(mpk.decode('hex'), s[0], s[1])
337 def parse_scriptSig(d, bytes):
339 decoded = [ x for x in script_GetOp(bytes) ]
341 # coinbase transactions raise an exception
342 print_error("cannot find address in input script", bytes.encode('hex'))
346 match = [ opcodes.OP_PUSHDATA4 ]
347 if match_decoded(decoded, match):
350 # non-generated TxIn transactions push a signature
351 # (seventy-something bytes) and then their public key
352 # (65 bytes) onto the stack:
353 match = [ opcodes.OP_PUSHDATA4, opcodes.OP_PUSHDATA4 ]
354 if match_decoded(decoded, match):
355 sig = decoded[0][1].encode('hex')
356 x_pubkey = decoded[1][1].encode('hex')
358 signatures = parse_sig([sig])
359 pubkey = parse_xpub(x_pubkey)
362 traceback.print_exc(file=sys.stdout)
363 print_error("cannot find address in input script", bytes.encode('hex'))
365 d['signatures'] = signatures
366 d['x_pubkeys'] = [x_pubkey]
368 d['pubkeys'] = [pubkey]
369 d['address'] = public_key_to_bc_address(pubkey.decode('hex'))
372 # p2sh transaction, 2 of n
373 match = [ opcodes.OP_0 ]
374 while len(match) < len(decoded):
375 match.append(opcodes.OP_PUSHDATA4)
377 if not match_decoded(decoded, match):
378 print_error("cannot find address in input script", bytes.encode('hex'))
381 x_sig = map(lambda x:x[1].encode('hex'), decoded[1:-1])
382 d['signatures'] = parse_sig(x_sig)
385 dec2 = [ x for x in script_GetOp(decoded[-1][1]) ]
386 match_2of2 = [ opcodes.OP_2, opcodes.OP_PUSHDATA4, opcodes.OP_PUSHDATA4, opcodes.OP_2, opcodes.OP_CHECKMULTISIG ]
387 match_2of3 = [ opcodes.OP_2, opcodes.OP_PUSHDATA4, opcodes.OP_PUSHDATA4, opcodes.OP_PUSHDATA4, opcodes.OP_3, opcodes.OP_CHECKMULTISIG ]
388 if match_decoded(dec2, match_2of2):
389 x_pubkeys = [ dec2[1][1].encode('hex'), dec2[2][1].encode('hex') ]
390 elif match_decoded(dec2, match_2of3):
391 x_pubkeys = [ dec2[1][1].encode('hex'), dec2[2][1].encode('hex'), dec2[3][1].encode('hex') ]
393 print_error("cannot find address in input script", bytes.encode('hex'))
396 d['x_pubkeys'] = x_pubkeys
397 pubkeys = map(parse_xpub, x_pubkeys)
398 d['pubkeys'] = pubkeys
400 redeemScript = Transaction.multisig_script(pubkeys,2)
401 d['redeemScript'] = redeemScript
402 d['address'] = hash_160_to_bc_address(hash_160(redeemScript.decode('hex')), 5)
407 def get_address_from_output_script(bytes):
408 decoded = [ x for x in script_GetOp(bytes) ]
410 # The Genesis Block, self-payments, and pay-by-IP-address payments look like:
411 # 65 BYTES:... CHECKSIG
412 match = [ opcodes.OP_PUSHDATA4, opcodes.OP_CHECKSIG ]
413 if match_decoded(decoded, match):
414 return True, public_key_to_bc_address(decoded[0][1])
416 # Pay-by-Bitcoin-address TxOuts look like:
417 # DUP HASH160 20 BYTES:... EQUALVERIFY CHECKSIG
418 match = [ opcodes.OP_DUP, opcodes.OP_HASH160, opcodes.OP_PUSHDATA4, opcodes.OP_EQUALVERIFY, opcodes.OP_CHECKSIG ]
419 if match_decoded(decoded, match):
420 return False, hash_160_to_bc_address(decoded[2][1])
423 match = [ opcodes.OP_HASH160, opcodes.OP_PUSHDATA4, opcodes.OP_EQUAL ]
424 if match_decoded(decoded, match):
425 return False, hash_160_to_bc_address(decoded[1][1],5)
427 return False, "(None)"
431 push_script = lambda x: op_push(len(x)/2) + x
435 def __init__(self, raw):
438 self.inputs = self.d['inputs']
439 self.outputs = self.d['outputs']
440 self.outputs = map(lambda x: (x['address'],x['value']), self.outputs)
441 self.locktime = self.d['lockTime']
447 def from_io(klass, inputs, outputs):
448 raw = klass.serialize(inputs, outputs, for_sig = None) # for_sig=-1 means do not sign
451 self.outputs = outputs
455 def sweep(klass, privkeys, network, to_address, fee):
457 for privkey in privkeys:
458 pubkey = public_key_from_private_key(privkey)
459 address = address_from_private_key(privkey)
460 u = network.synchronous_get([ ('blockchain.address.listunspent',[address])])[0]
461 pay_script = klass.pay_script(address)
463 item['scriptPubKey'] = pay_script
464 item['redeemPubkey'] = pubkey
465 item['address'] = address
466 item['prevout_hash'] = item['tx_hash']
467 item['prevout_n'] = item['tx_pos']
473 total = sum( map(lambda x:int(x.get('value')), inputs) ) - fee
474 outputs = [(to_address, total)]
475 self = klass.from_io(inputs, outputs)
476 self.sign({ pubkey:privkey })
480 def multisig_script(klass, public_keys, num=None):
482 if num is None: num = n
483 # supports only "2 of 2", and "2 of 3" transactions
484 assert num <= n and n in [2,3]
493 for k in public_keys:
494 s += op_push(len(k)/2)
508 def pay_script(self, addr):
509 if addr.startswith('OP_RETURN:'):
510 h = addr[10:].encode('hex')
511 return '6a' + push_script(h)
512 addrtype, hash_160 = bc_address_to_hash_160(addr)
514 script = '76a9' # op_dup, op_hash_160
515 script += push_script(hash_160.encode('hex'))
516 script += '88ac' # op_equalverify, op_checksig
518 script = 'a9' # op_hash_160
519 script += push_script(hash_160.encode('hex'))
520 script += '87' # op_equal
527 def serialize( klass, inputs, outputs, for_sig = None ):
529 s = int_to_hex(1,4) # version
530 s += var_int( len(inputs) ) # number of inputs
531 for i in range(len(inputs)):
534 s += txin['prevout_hash'].decode('hex')[::-1].encode('hex') # prev hash
535 s += int_to_hex(txin['prevout_n'],4) # prev index
537 p2sh = txin.get('redeemScript') is not None
538 num_sig = txin['num_sig']
539 address = txin['address']
541 x_signatures = txin['signatures']
542 signatures = filter(lambda x: x is not None, x_signatures)
543 is_complete = len(signatures) == num_sig
546 # if we have enough signatures, we use the actual pubkeys
547 # use extended pubkeys (with bip32 derivation)
550 pubkeys = txin['pubkeys']
551 for signature in signatures:
552 sig_list.append(signature + '01')
554 pubkeys = txin['x_pubkeys']
555 for signature in x_signatures:
556 sig_list.append((signature + '01') if signature is not None else NO_SIGNATURE)
558 sig_list = ''.join( map( lambda x: push_script(x), sig_list))
561 script += push_script(pubkeys[0])
565 redeem_script = klass.multisig_script(pubkeys,2)
566 script += push_script(redeem_script)
569 script = txin['redeemScript'] if p2sh else klass.pay_script(address)
572 s += var_int( len(script)/2 ) # script length
574 s += "ffffffff" # sequence
576 s += var_int( len(outputs) ) # number of outputs
577 for output in outputs:
578 addr, amount = output
579 s += int_to_hex( amount, 8) # amount
580 script = klass.pay_script(addr)
581 s += var_int( len(script)/2 ) # script length
583 s += int_to_hex(0,4) # lock time
584 if for_sig is not None and for_sig != -1:
585 s += int_to_hex(1, 4) # hash type
589 def tx_for_sig(self,i):
590 return self.serialize(self.inputs, self.outputs, for_sig = i)
594 return Hash(self.raw.decode('hex') )[::-1].encode('hex')
596 def add_signature(self, i, pubkey, sig):
597 print_error("adding signature for", pubkey)
598 txin = self.inputs[i]
599 pubkeys = txin['pubkeys']
600 ii = pubkeys.index(pubkey)
601 txin['signatures'][ii] = sig
602 txin['x_pubkeys'][ii] = pubkey
603 self.inputs[i] = txin
604 self.raw = self.serialize(self.inputs, self.outputs)
607 def signature_count(self):
610 for txin in self.inputs:
611 signatures = filter(lambda x: x is not None, txin['signatures'])
617 def is_complete(self):
618 s, r = self.signature_count()
622 def inputs_to_sign(self):
623 from account import BIP32_Account, OldAccount
626 for txin in self.inputs:
627 x_signatures = txin['signatures']
628 signatures = filter(lambda x: x is not None, x_signatures)
630 if len(signatures) == txin['num_sig']:
634 for k, x_pubkey in enumerate(txin['x_pubkeys']):
636 if x_signatures[k] is not None:
637 # this pubkey already signed
640 if x_pubkey[0:2] == 'ff':
641 xpub, sequence = BIP32_Account.parse_xpubkey(x_pubkey)
642 xpub_list.append((xpub,sequence))
643 elif x_pubkey[0:2] == 'fe':
644 xpub, sequence = OldAccount.parse_xpubkey(x_pubkey)
645 xpub_list.append((xpub,sequence))
647 addr_list.add(txin['address'])
649 return addr_list, xpub_list
652 def sign(self, keypairs):
653 print_error("tx.sign(), keypairs:", keypairs)
655 for i, txin in enumerate(self.inputs):
657 # continue if this txin is complete
658 signatures = filter(lambda x: x is not None, txin['signatures'])
659 num = txin['num_sig']
660 if len(signatures) == num:
663 redeem_pubkeys = txin['pubkeys']
664 for_sig = Hash(self.tx_for_sig(i).decode('hex'))
665 for pubkey in redeem_pubkeys:
666 if pubkey in keypairs.keys():
668 sec = keypairs[pubkey]
669 pkey = regenerate_key(sec)
671 private_key = ecdsa.SigningKey.from_secret_exponent( secexp, curve = SECP256k1 )
672 public_key = private_key.get_verifying_key()
673 sig = private_key.sign_digest_deterministic( for_sig, hashfunc=hashlib.sha256, sigencode = ecdsa.util.sigencode_der )
674 assert public_key.verify_digest( sig, for_sig, sigdecode = ecdsa.util.sigdecode_der)
675 self.add_signature(i, pubkey, sig.encode('hex'))
678 print_error("is_complete", self.is_complete())
679 self.raw = self.serialize( self.inputs, self.outputs )
683 def deserialize(self):
685 vds.write(self.raw.decode('hex'))
687 start = vds.read_cursor
688 d['version'] = vds.read_int32()
689 n_vin = vds.read_compact_size()
691 for i in xrange(n_vin):
692 d['inputs'].append(self.parse_input(vds))
693 n_vout = vds.read_compact_size()
695 for i in xrange(n_vout):
696 d['outputs'].append(self.parse_output(vds, i))
697 d['lockTime'] = vds.read_uint32()
702 def parse_input(self, vds):
704 prevout_hash = hash_encode(vds.read_bytes(32))
705 prevout_n = vds.read_uint32()
706 scriptSig = vds.read_bytes(vds.read_compact_size())
707 sequence = vds.read_uint32()
709 if prevout_hash == '00'*32:
710 d['is_coinbase'] = True
712 d['is_coinbase'] = False
713 d['prevout_hash'] = prevout_hash
714 d['prevout_n'] = prevout_n
715 d['sequence'] = sequence
721 parse_scriptSig(d, scriptSig)
725 def parse_output(self, vds, i):
727 d['value'] = vds.read_int64()
728 scriptPubKey = vds.read_bytes(vds.read_compact_size())
729 is_pubkey, address = get_address_from_output_script(scriptPubKey)
730 d['is_pubkey'] = is_pubkey
731 d['address'] = address
732 d['scriptPubKey'] = scriptPubKey.encode('hex')
737 def add_extra_addresses(self, txlist):
738 for i in self.inputs:
739 if i.get("address") == "(pubkey)":
740 prev_tx = txlist.get(i.get('prevout_hash'))
742 address, value = prev_tx.outputs[i.get('prevout_n')]
743 print_error("found pay-to-pubkey address:", address)
744 i["address"] = address
747 def has_address(self, addr):
749 for txin in self.inputs:
750 if addr == txin.get('address'):
753 for txout in self.outputs:
760 def get_value(self, addresses, prevout_values):
761 # return the balance for that tx
766 v_in = v_out = v_out_mine = 0
768 for item in self.inputs:
769 addr = item.get('address')
770 if addr in addresses:
773 key = item['prevout_hash'] + ':%d'%item['prevout_n']
774 value = prevout_values.get( key )
782 if not is_send: is_partial = False
784 for item in self.outputs:
787 if addr in addresses:
792 # some inputs are mine:
795 v = v_out_mine - v_out
801 v = v_out_mine - v_in
804 # some inputs are mine, but not all
808 # all inputs are mine
811 return is_relevant, is_send, v, fee
818 "complete":self.is_complete()
823 def requires_fee(self, verifier):
824 # see https://en.bitcoin.it/wiki/Transaction_fees
826 size = len(self.raw)/2
830 for o in self.outputs:
835 for i in self.inputs:
836 age = verifier.get_confirmations(i["prevout_hash"])[0]
837 sum += i["value"] * age
838 priority = sum / size
839 print_error(priority, threshold)
840 return priority < threshold