aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorjtimon <jtimon@blockstream.io>2014-08-27 20:11:41 +0200
committerPieter Wuille <pieter.wuille@gmail.com>2014-09-08 20:21:33 +0200
commitda03e6ed7c380d8942592626b9677579267f86fd (patch)
tree51bb4b2a76182c6c84fccfb9fcf3ef620d2e7338 /src
parentcbd22a50c4b3d2d0f133c5f8d34c9c7aca9c7f4f (diff)
Separate script/interpreter
Diffstat (limited to 'src')
-rw-r--r--src/Makefile.am2
-rw-r--r--src/script/interpreter.cpp1048
-rw-r--r--src/script/interpreter.h45
-rw-r--r--src/scriptutils.cpp1058
-rw-r--r--src/scriptutils.h27
-rw-r--r--src/test/canonical_tests.cpp4
-rw-r--r--src/test/multisig_tests.cpp1
-rw-r--r--src/test/sighash_tests.cpp2
8 files changed, 1101 insertions, 1086 deletions
diff --git a/src/Makefile.am b/src/Makefile.am
index a9f1ceeeba..a3fdd3ee6a 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -98,6 +98,7 @@ BITCOIN_CORE_H = \
rpcclient.h \
rpcprotocol.h \
rpcserver.h \
+ script/interpreter.h \
script/script.h \
scriptutils.h \
serialize.h \
@@ -207,6 +208,7 @@ libbitcoin_common_a_SOURCES = \
keystore.cpp \
netbase.cpp \
protocol.cpp \
+ script/interpreter.cpp \
script/script.cpp \
scriptutils.cpp \
$(BITCOIN_CORE_H)
diff --git a/src/script/interpreter.cpp b/src/script/interpreter.cpp
new file mode 100644
index 0000000000..4f4fdb6b7f
--- /dev/null
+++ b/src/script/interpreter.cpp
@@ -0,0 +1,1048 @@
+// Copyright (c) 2009-2010 Satoshi Nakamoto
+// Copyright (c) 2009-2013 The Bitcoin developers
+// Distributed under the MIT/X11 software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+#include "interpreter.h"
+
+#include "core.h"
+#include "crypto/ripemd160.h"
+#include "crypto/sha1.h"
+#include "crypto/sha2.h"
+#include "random.h"
+#include "script/script.h"
+#include "uint256.h"
+#include "util.h"
+
+#include <boost/thread.hpp>
+#include <boost/tuple/tuple_comparison.hpp>
+
+using namespace std;
+
+typedef vector<unsigned char> valtype;
+static const valtype vchFalse(0);
+static const valtype vchZero(0);
+static const valtype vchTrue(1, 1);
+static const CScriptNum bnZero(0);
+static const CScriptNum bnOne(1);
+static const CScriptNum bnFalse(0);
+static const CScriptNum bnTrue(1);
+
+bool CastToBool(const valtype& vch)
+{
+ for (unsigned int i = 0; i < vch.size(); i++)
+ {
+ if (vch[i] != 0)
+ {
+ // Can be negative zero
+ if (i == vch.size()-1 && vch[i] == 0x80)
+ return false;
+ return true;
+ }
+ }
+ return false;
+}
+
+//
+// Script is a stack machine (like Forth) that evaluates a predicate
+// returning a bool indicating valid or not. There are no loops.
+//
+#define stacktop(i) (stack.at(stack.size()+(i)))
+#define altstacktop(i) (altstack.at(altstack.size()+(i)))
+static inline void popstack(vector<valtype>& stack)
+{
+ if (stack.empty())
+ throw runtime_error("popstack() : stack empty");
+ stack.pop_back();
+}
+
+bool IsCanonicalPubKey(const valtype &vchPubKey, unsigned int flags) {
+ if (!(flags & SCRIPT_VERIFY_STRICTENC))
+ return true;
+
+ if (vchPubKey.size() < 33)
+ return error("Non-canonical public key: too short");
+ if (vchPubKey[0] == 0x04) {
+ if (vchPubKey.size() != 65)
+ return error("Non-canonical public key: invalid length for uncompressed key");
+ } else if (vchPubKey[0] == 0x02 || vchPubKey[0] == 0x03) {
+ if (vchPubKey.size() != 33)
+ return error("Non-canonical public key: invalid length for compressed key");
+ } else {
+ return error("Non-canonical public key: neither compressed nor uncompressed");
+ }
+ return true;
+}
+
+bool IsCanonicalSignature(const valtype &vchSig, unsigned int flags) {
+ if (!(flags & SCRIPT_VERIFY_STRICTENC))
+ return true;
+
+ // See https://bitcointalk.org/index.php?topic=8392.msg127623#msg127623
+ // A canonical signature exists of: <30> <total len> <02> <len R> <R> <02> <len S> <S> <hashtype>
+ // Where R and S are not negative (their first byte has its highest bit not set), and not
+ // excessively padded (do not start with a 0 byte, unless an otherwise negative number follows,
+ // in which case a single 0 byte is necessary and even required).
+ if (vchSig.size() < 9)
+ return error("Non-canonical signature: too short");
+ if (vchSig.size() > 73)
+ return error("Non-canonical signature: too long");
+ unsigned char nHashType = vchSig[vchSig.size() - 1] & (~(SIGHASH_ANYONECANPAY));
+ if (nHashType < SIGHASH_ALL || nHashType > SIGHASH_SINGLE)
+ return error("Non-canonical signature: unknown hashtype byte");
+ if (vchSig[0] != 0x30)
+ return error("Non-canonical signature: wrong type");
+ if (vchSig[1] != vchSig.size()-3)
+ return error("Non-canonical signature: wrong length marker");
+ unsigned int nLenR = vchSig[3];
+ if (5 + nLenR >= vchSig.size())
+ return error("Non-canonical signature: S length misplaced");
+ unsigned int nLenS = vchSig[5+nLenR];
+ if ((unsigned long)(nLenR+nLenS+7) != vchSig.size())
+ return error("Non-canonical signature: R+S length mismatch");
+
+ const unsigned char *R = &vchSig[4];
+ if (R[-2] != 0x02)
+ return error("Non-canonical signature: R value type mismatch");
+ if (nLenR == 0)
+ return error("Non-canonical signature: R length is zero");
+ if (R[0] & 0x80)
+ return error("Non-canonical signature: R value negative");
+ if (nLenR > 1 && (R[0] == 0x00) && !(R[1] & 0x80))
+ return error("Non-canonical signature: R value excessively padded");
+
+ const unsigned char *S = &vchSig[6+nLenR];
+ if (S[-2] != 0x02)
+ return error("Non-canonical signature: S value type mismatch");
+ if (nLenS == 0)
+ return error("Non-canonical signature: S length is zero");
+ if (S[0] & 0x80)
+ return error("Non-canonical signature: S value negative");
+ if (nLenS > 1 && (S[0] == 0x00) && !(S[1] & 0x80))
+ return error("Non-canonical signature: S value excessively padded");
+
+ if (flags & SCRIPT_VERIFY_LOW_S) {
+ // If the S value is above the order of the curve divided by two, its
+ // complement modulo the order could have been used instead, which is
+ // one byte shorter when encoded correctly.
+ if (!CKey::CheckSignatureElement(S, nLenS, true))
+ return error("Non-canonical signature: S value is unnecessarily high");
+ }
+
+ return true;
+}
+
+bool EvalScript(vector<vector<unsigned char> >& stack, const CScript& script, const CTransaction& txTo, unsigned int nIn, unsigned int flags, int nHashType)
+{
+ CScript::const_iterator pc = script.begin();
+ CScript::const_iterator pend = script.end();
+ CScript::const_iterator pbegincodehash = script.begin();
+ opcodetype opcode;
+ valtype vchPushValue;
+ vector<bool> vfExec;
+ vector<valtype> altstack;
+ if (script.size() > 10000)
+ return false;
+ int nOpCount = 0;
+
+ try
+ {
+ while (pc < pend)
+ {
+ bool fExec = !count(vfExec.begin(), vfExec.end(), false);
+
+ //
+ // Read instruction
+ //
+ if (!script.GetOp(pc, opcode, vchPushValue))
+ return false;
+ if (vchPushValue.size() > MAX_SCRIPT_ELEMENT_SIZE)
+ return false;
+
+ // Note how OP_RESERVED does not count towards the opcode limit.
+ if (opcode > OP_16 && ++nOpCount > 201)
+ return false;
+
+ if (opcode == OP_CAT ||
+ opcode == OP_SUBSTR ||
+ opcode == OP_LEFT ||
+ opcode == OP_RIGHT ||
+ opcode == OP_INVERT ||
+ opcode == OP_AND ||
+ opcode == OP_OR ||
+ opcode == OP_XOR ||
+ opcode == OP_2MUL ||
+ opcode == OP_2DIV ||
+ opcode == OP_MUL ||
+ opcode == OP_DIV ||
+ opcode == OP_MOD ||
+ opcode == OP_LSHIFT ||
+ opcode == OP_RSHIFT)
+ return false; // Disabled opcodes.
+
+ if (fExec && 0 <= opcode && opcode <= OP_PUSHDATA4)
+ stack.push_back(vchPushValue);
+ else if (fExec || (OP_IF <= opcode && opcode <= OP_ENDIF))
+ switch (opcode)
+ {
+ //
+ // Push value
+ //
+ case OP_1NEGATE:
+ case OP_1:
+ case OP_2:
+ case OP_3:
+ case OP_4:
+ case OP_5:
+ case OP_6:
+ case OP_7:
+ case OP_8:
+ case OP_9:
+ case OP_10:
+ case OP_11:
+ case OP_12:
+ case OP_13:
+ case OP_14:
+ case OP_15:
+ case OP_16:
+ {
+ // ( -- value)
+ CScriptNum bn((int)opcode - (int)(OP_1 - 1));
+ stack.push_back(bn.getvch());
+ }
+ break;
+
+
+ //
+ // Control
+ //
+ case OP_NOP:
+ case OP_NOP1: case OP_NOP2: case OP_NOP3: case OP_NOP4: case OP_NOP5:
+ case OP_NOP6: case OP_NOP7: case OP_NOP8: case OP_NOP9: case OP_NOP10:
+ break;
+
+ case OP_IF:
+ case OP_NOTIF:
+ {
+ // <expression> if [statements] [else [statements]] endif
+ bool fValue = false;
+ if (fExec)
+ {
+ if (stack.size() < 1)
+ return false;
+ valtype& vch = stacktop(-1);
+ fValue = CastToBool(vch);
+ if (opcode == OP_NOTIF)
+ fValue = !fValue;
+ popstack(stack);
+ }
+ vfExec.push_back(fValue);
+ }
+ break;
+
+ case OP_ELSE:
+ {
+ if (vfExec.empty())
+ return false;
+ vfExec.back() = !vfExec.back();
+ }
+ break;
+
+ case OP_ENDIF:
+ {
+ if (vfExec.empty())
+ return false;
+ vfExec.pop_back();
+ }
+ break;
+
+ case OP_VERIFY:
+ {
+ // (true -- ) or
+ // (false -- false) and return
+ if (stack.size() < 1)
+ return false;
+ bool fValue = CastToBool(stacktop(-1));
+ if (fValue)
+ popstack(stack);
+ else
+ return false;
+ }
+ break;
+
+ case OP_RETURN:
+ {
+ return false;
+ }
+ break;
+
+
+ //
+ // Stack ops
+ //
+ case OP_TOALTSTACK:
+ {
+ if (stack.size() < 1)
+ return false;
+ altstack.push_back(stacktop(-1));
+ popstack(stack);
+ }
+ break;
+
+ case OP_FROMALTSTACK:
+ {
+ if (altstack.size() < 1)
+ return false;
+ stack.push_back(altstacktop(-1));
+ popstack(altstack);
+ }
+ break;
+
+ case OP_2DROP:
+ {
+ // (x1 x2 -- )
+ if (stack.size() < 2)
+ return false;
+ popstack(stack);
+ popstack(stack);
+ }
+ break;
+
+ case OP_2DUP:
+ {
+ // (x1 x2 -- x1 x2 x1 x2)
+ if (stack.size() < 2)
+ return false;
+ valtype vch1 = stacktop(-2);
+ valtype vch2 = stacktop(-1);
+ stack.push_back(vch1);
+ stack.push_back(vch2);
+ }
+ break;
+
+ case OP_3DUP:
+ {
+ // (x1 x2 x3 -- x1 x2 x3 x1 x2 x3)
+ if (stack.size() < 3)
+ return false;
+ valtype vch1 = stacktop(-3);
+ valtype vch2 = stacktop(-2);
+ valtype vch3 = stacktop(-1);
+ stack.push_back(vch1);
+ stack.push_back(vch2);
+ stack.push_back(vch3);
+ }
+ break;
+
+ case OP_2OVER:
+ {
+ // (x1 x2 x3 x4 -- x1 x2 x3 x4 x1 x2)
+ if (stack.size() < 4)
+ return false;
+ valtype vch1 = stacktop(-4);
+ valtype vch2 = stacktop(-3);
+ stack.push_back(vch1);
+ stack.push_back(vch2);
+ }
+ break;
+
+ case OP_2ROT:
+ {
+ // (x1 x2 x3 x4 x5 x6 -- x3 x4 x5 x6 x1 x2)
+ if (stack.size() < 6)
+ return false;
+ valtype vch1 = stacktop(-6);
+ valtype vch2 = stacktop(-5);
+ stack.erase(stack.end()-6, stack.end()-4);
+ stack.push_back(vch1);
+ stack.push_back(vch2);
+ }
+ break;
+
+ case OP_2SWAP:
+ {
+ // (x1 x2 x3 x4 -- x3 x4 x1 x2)
+ if (stack.size() < 4)
+ return false;
+ swap(stacktop(-4), stacktop(-2));
+ swap(stacktop(-3), stacktop(-1));
+ }
+ break;
+
+ case OP_IFDUP:
+ {
+ // (x - 0 | x x)
+ if (stack.size() < 1)
+ return false;
+ valtype vch = stacktop(-1);
+ if (CastToBool(vch))
+ stack.push_back(vch);
+ }
+ break;
+
+ case OP_DEPTH:
+ {
+ // -- stacksize
+ CScriptNum bn(stack.size());
+ stack.push_back(bn.getvch());
+ }
+ break;
+
+ case OP_DROP:
+ {
+ // (x -- )
+ if (stack.size() < 1)
+ return false;
+ popstack(stack);
+ }
+ break;
+
+ case OP_DUP:
+ {
+ // (x -- x x)
+ if (stack.size() < 1)
+ return false;
+ valtype vch = stacktop(-1);
+ stack.push_back(vch);
+ }
+ break;
+
+ case OP_NIP:
+ {
+ // (x1 x2 -- x2)
+ if (stack.size() < 2)
+ return false;
+ stack.erase(stack.end() - 2);
+ }
+ break;
+
+ case OP_OVER:
+ {
+ // (x1 x2 -- x1 x2 x1)
+ if (stack.size() < 2)
+ return false;
+ valtype vch = stacktop(-2);
+ stack.push_back(vch);
+ }
+ break;
+
+ case OP_PICK:
+ case OP_ROLL:
+ {
+ // (xn ... x2 x1 x0 n - xn ... x2 x1 x0 xn)
+ // (xn ... x2 x1 x0 n - ... x2 x1 x0 xn)
+ if (stack.size() < 2)
+ return false;
+ int n = CScriptNum(stacktop(-1)).getint();
+ popstack(stack);
+ if (n < 0 || n >= (int)stack.size())
+ return false;
+ valtype vch = stacktop(-n-1);
+ if (opcode == OP_ROLL)
+ stack.erase(stack.end()-n-1);
+ stack.push_back(vch);
+ }
+ break;
+
+ case OP_ROT:
+ {
+ // (x1 x2 x3 -- x2 x3 x1)
+ // x2 x1 x3 after first swap
+ // x2 x3 x1 after second swap
+ if (stack.size() < 3)
+ return false;
+ swap(stacktop(-3), stacktop(-2));
+ swap(stacktop(-2), stacktop(-1));
+ }
+ break;
+
+ case OP_SWAP:
+ {
+ // (x1 x2 -- x2 x1)
+ if (stack.size() < 2)
+ return false;
+ swap(stacktop(-2), stacktop(-1));
+ }
+ break;
+
+ case OP_TUCK:
+ {
+ // (x1 x2 -- x2 x1 x2)
+ if (stack.size() < 2)
+ return false;
+ valtype vch = stacktop(-1);
+ stack.insert(stack.end()-2, vch);
+ }
+ break;
+
+
+ case OP_SIZE:
+ {
+ // (in -- in size)
+ if (stack.size() < 1)
+ return false;
+ CScriptNum bn(stacktop(-1).size());
+ stack.push_back(bn.getvch());
+ }
+ break;
+
+
+ //
+ // Bitwise logic
+ //
+ case OP_EQUAL:
+ case OP_EQUALVERIFY:
+ //case OP_NOTEQUAL: // use OP_NUMNOTEQUAL
+ {
+ // (x1 x2 - bool)
+ if (stack.size() < 2)
+ return false;
+ valtype& vch1 = stacktop(-2);
+ valtype& vch2 = stacktop(-1);
+ bool fEqual = (vch1 == vch2);
+ // OP_NOTEQUAL is disabled because it would be too easy to say
+ // something like n != 1 and have some wiseguy pass in 1 with extra
+ // zero bytes after it (numerically, 0x01 == 0x0001 == 0x000001)
+ //if (opcode == OP_NOTEQUAL)
+ // fEqual = !fEqual;
+ popstack(stack);
+ popstack(stack);
+ stack.push_back(fEqual ? vchTrue : vchFalse);
+ if (opcode == OP_EQUALVERIFY)
+ {
+ if (fEqual)
+ popstack(stack);
+ else
+ return false;
+ }
+ }
+ break;
+
+
+ //
+ // Numeric
+ //
+ case OP_1ADD:
+ case OP_1SUB:
+ case OP_NEGATE:
+ case OP_ABS:
+ case OP_NOT:
+ case OP_0NOTEQUAL:
+ {
+ // (in -- out)
+ if (stack.size() < 1)
+ return false;
+ CScriptNum bn(stacktop(-1));
+ switch (opcode)
+ {
+ case OP_1ADD: bn += bnOne; break;
+ case OP_1SUB: bn -= bnOne; break;
+ case OP_NEGATE: bn = -bn; break;
+ case OP_ABS: if (bn < bnZero) bn = -bn; break;
+ case OP_NOT: bn = (bn == bnZero); break;
+ case OP_0NOTEQUAL: bn = (bn != bnZero); break;
+ default: assert(!"invalid opcode"); break;
+ }
+ popstack(stack);
+ stack.push_back(bn.getvch());
+ }
+ break;
+
+ case OP_ADD:
+ case OP_SUB:
+ case OP_BOOLAND:
+ case OP_BOOLOR:
+ case OP_NUMEQUAL:
+ case OP_NUMEQUALVERIFY:
+ case OP_NUMNOTEQUAL:
+ case OP_LESSTHAN:
+ case OP_GREATERTHAN:
+ case OP_LESSTHANOREQUAL:
+ case OP_GREATERTHANOREQUAL:
+ case OP_MIN:
+ case OP_MAX:
+ {
+ // (x1 x2 -- out)
+ if (stack.size() < 2)
+ return false;
+ CScriptNum bn1(stacktop(-2));
+ CScriptNum bn2(stacktop(-1));
+ CScriptNum bn(0);
+ switch (opcode)
+ {
+ case OP_ADD:
+ bn = bn1 + bn2;
+ break;
+
+ case OP_SUB:
+ bn = bn1 - bn2;
+ break;
+
+ case OP_BOOLAND: bn = (bn1 != bnZero && bn2 != bnZero); break;
+ case OP_BOOLOR: bn = (bn1 != bnZero || bn2 != bnZero); break;
+ case OP_NUMEQUAL: bn = (bn1 == bn2); break;
+ case OP_NUMEQUALVERIFY: bn = (bn1 == bn2); break;
+ case OP_NUMNOTEQUAL: bn = (bn1 != bn2); break;
+ case OP_LESSTHAN: bn = (bn1 < bn2); break;
+ case OP_GREATERTHAN: bn = (bn1 > bn2); break;
+ case OP_LESSTHANOREQUAL: bn = (bn1 <= bn2); break;
+ case OP_GREATERTHANOREQUAL: bn = (bn1 >= bn2); break;
+ case OP_MIN: bn = (bn1 < bn2 ? bn1 : bn2); break;
+ case OP_MAX: bn = (bn1 > bn2 ? bn1 : bn2); break;
+ default: assert(!"invalid opcode"); break;
+ }
+ popstack(stack);
+ popstack(stack);
+ stack.push_back(bn.getvch());
+
+ if (opcode == OP_NUMEQUALVERIFY)
+ {
+ if (CastToBool(stacktop(-1)))
+ popstack(stack);
+ else
+ return false;
+ }
+ }
+ break;
+
+ case OP_WITHIN:
+ {
+ // (x min max -- out)
+ if (stack.size() < 3)
+ return false;
+ CScriptNum bn1(stacktop(-3));
+ CScriptNum bn2(stacktop(-2));
+ CScriptNum bn3(stacktop(-1));
+ bool fValue = (bn2 <= bn1 && bn1 < bn3);
+ popstack(stack);
+ popstack(stack);
+ popstack(stack);
+ stack.push_back(fValue ? vchTrue : vchFalse);
+ }
+ break;
+
+
+ //
+ // Crypto
+ //
+ case OP_RIPEMD160:
+ case OP_SHA1:
+ case OP_SHA256:
+ case OP_HASH160:
+ case OP_HASH256:
+ {
+ // (in -- hash)
+ if (stack.size() < 1)
+ return false;
+ valtype& vch = stacktop(-1);
+ valtype vchHash((opcode == OP_RIPEMD160 || opcode == OP_SHA1 || opcode == OP_HASH160) ? 20 : 32);
+ if (opcode == OP_RIPEMD160)
+ CRIPEMD160().Write(&vch[0], vch.size()).Finalize(&vchHash[0]);
+ else if (opcode == OP_SHA1)
+ CSHA1().Write(&vch[0], vch.size()).Finalize(&vchHash[0]);
+ else if (opcode == OP_SHA256)
+ CSHA256().Write(&vch[0], vch.size()).Finalize(&vchHash[0]);
+ else if (opcode == OP_HASH160)
+ CHash160().Write(&vch[0], vch.size()).Finalize(&vchHash[0]);
+ else if (opcode == OP_HASH256)
+ CHash256().Write(&vch[0], vch.size()).Finalize(&vchHash[0]);
+ popstack(stack);
+ stack.push_back(vchHash);
+ }
+ break;
+
+ case OP_CODESEPARATOR:
+ {
+ // Hash starts after the code separator
+ pbegincodehash = pc;
+ }
+ break;
+
+ case OP_CHECKSIG:
+ case OP_CHECKSIGVERIFY:
+ {
+ // (sig pubkey -- bool)
+ if (stack.size() < 2)
+ return false;
+
+ valtype& vchSig = stacktop(-2);
+ valtype& vchPubKey = stacktop(-1);
+
+ // Subset of script starting at the most recent codeseparator
+ CScript scriptCode(pbegincodehash, pend);
+
+ // Drop the signature, since there's no way for a signature to sign itself
+ scriptCode.FindAndDelete(CScript(vchSig));
+
+ bool fSuccess = IsCanonicalSignature(vchSig, flags) && IsCanonicalPubKey(vchPubKey, flags) &&
+ CheckSig(vchSig, vchPubKey, scriptCode, txTo, nIn, nHashType, flags);
+
+ popstack(stack);
+ popstack(stack);
+ stack.push_back(fSuccess ? vchTrue : vchFalse);
+ if (opcode == OP_CHECKSIGVERIFY)
+ {
+ if (fSuccess)
+ popstack(stack);
+ else
+ return false;
+ }
+ }
+ break;
+
+ case OP_CHECKMULTISIG:
+ case OP_CHECKMULTISIGVERIFY:
+ {
+ // ([sig ...] num_of_signatures [pubkey ...] num_of_pubkeys -- bool)
+
+ int i = 1;
+ if ((int)stack.size() < i)
+ return false;
+
+ int nKeysCount = CScriptNum(stacktop(-i)).getint();
+ if (nKeysCount < 0 || nKeysCount > 20)
+ return false;
+ nOpCount += nKeysCount;
+ if (nOpCount > 201)
+ return false;
+ int ikey = ++i;
+ i += nKeysCount;
+ if ((int)stack.size() < i)
+ return false;
+
+ int nSigsCount = CScriptNum(stacktop(-i)).getint();
+ if (nSigsCount < 0 || nSigsCount > nKeysCount)
+ return false;
+ int isig = ++i;
+ i += nSigsCount;
+ if ((int)stack.size() < i)
+ return false;
+
+ // Subset of script starting at the most recent codeseparator
+ CScript scriptCode(pbegincodehash, pend);
+
+ // Drop the signatures, since there's no way for a signature to sign itself
+ for (int k = 0; k < nSigsCount; k++)
+ {
+ valtype& vchSig = stacktop(-isig-k);
+ scriptCode.FindAndDelete(CScript(vchSig));
+ }
+
+ bool fSuccess = true;
+ while (fSuccess && nSigsCount > 0)
+ {
+ valtype& vchSig = stacktop(-isig);
+ valtype& vchPubKey = stacktop(-ikey);
+
+ // Check signature
+ bool fOk = IsCanonicalSignature(vchSig, flags) && IsCanonicalPubKey(vchPubKey, flags) &&
+ CheckSig(vchSig, vchPubKey, scriptCode, txTo, nIn, nHashType, flags);
+
+ if (fOk) {
+ isig++;
+ nSigsCount--;
+ }
+ ikey++;
+ nKeysCount--;
+
+ // If there are more signatures left than keys left,
+ // then too many signatures have failed
+ if (nSigsCount > nKeysCount)
+ fSuccess = false;
+ }
+
+ // Clean up stack of actual arguments
+ while (i-- > 1)
+ popstack(stack);
+
+ // A bug causes CHECKMULTISIG to consume one extra argument
+ // whose contents were not checked in any way.
+ //
+ // Unfortunately this is a potential source of mutability,
+ // so optionally verify it is exactly equal to zero prior
+ // to removing it from the stack.
+ if (stack.size() < 1)
+ return false;
+ if ((flags & SCRIPT_VERIFY_NULLDUMMY) && stacktop(-1).size())
+ return error("CHECKMULTISIG dummy argument not null");
+ popstack(stack);
+
+ stack.push_back(fSuccess ? vchTrue : vchFalse);
+
+ if (opcode == OP_CHECKMULTISIGVERIFY)
+ {
+ if (fSuccess)
+ popstack(stack);
+ else
+ return false;
+ }
+ }
+ break;
+
+ default:
+ return false;
+ }
+
+ // Size limits
+ if (stack.size() + altstack.size() > 1000)
+ return false;
+ }
+ }
+ catch (...)
+ {
+ return false;
+ }
+
+ if (!vfExec.empty())
+ return false;
+
+ return true;
+}
+
+namespace {
+
+/** Wrapper that serializes like CTransaction, but with the modifications
+ * required for the signature hash done in-place
+ */
+class CTransactionSignatureSerializer {
+private:
+ const CTransaction &txTo; // reference to the spending transaction (the one being serialized)
+ const CScript &scriptCode; // output script being consumed
+ const unsigned int nIn; // input index of txTo being signed
+ const bool fAnyoneCanPay; // whether the hashtype has the SIGHASH_ANYONECANPAY flag set
+ const bool fHashSingle; // whether the hashtype is SIGHASH_SINGLE
+ const bool fHashNone; // whether the hashtype is SIGHASH_NONE
+
+public:
+ CTransactionSignatureSerializer(const CTransaction &txToIn, const CScript &scriptCodeIn, unsigned int nInIn, int nHashTypeIn) :
+ txTo(txToIn), scriptCode(scriptCodeIn), nIn(nInIn),
+ fAnyoneCanPay(!!(nHashTypeIn & SIGHASH_ANYONECANPAY)),
+ fHashSingle((nHashTypeIn & 0x1f) == SIGHASH_SINGLE),
+ fHashNone((nHashTypeIn & 0x1f) == SIGHASH_NONE) {}
+
+ /** Serialize the passed scriptCode, skipping OP_CODESEPARATORs */
+ template<typename S>
+ void SerializeScriptCode(S &s, int nType, int nVersion) const {
+ CScript::const_iterator it = scriptCode.begin();
+ CScript::const_iterator itBegin = it;
+ opcodetype opcode;
+ unsigned int nCodeSeparators = 0;
+ while (scriptCode.GetOp(it, opcode)) {
+ if (opcode == OP_CODESEPARATOR)
+ nCodeSeparators++;
+ }
+ ::WriteCompactSize(s, scriptCode.size() - nCodeSeparators);
+ it = itBegin;
+ while (scriptCode.GetOp(it, opcode)) {
+ if (opcode == OP_CODESEPARATOR) {
+ s.write((char*)&itBegin[0], it-itBegin-1);
+ itBegin = it;
+ }
+ }
+ s.write((char*)&itBegin[0], it-itBegin);
+ }
+
+ /** Serialize an input of txTo */
+ template<typename S>
+ void SerializeInput(S &s, unsigned int nInput, int nType, int nVersion) const {
+ // In case of SIGHASH_ANYONECANPAY, only the input being signed is serialized
+ if (fAnyoneCanPay)
+ nInput = nIn;
+ // Serialize the prevout
+ ::Serialize(s, txTo.vin[nInput].prevout, nType, nVersion);
+ // Serialize the script
+ if (nInput != nIn)
+ // Blank out other inputs' signatures
+ ::Serialize(s, CScript(), nType, nVersion);
+ else
+ SerializeScriptCode(s, nType, nVersion);
+ // Serialize the nSequence
+ if (nInput != nIn && (fHashSingle || fHashNone))
+ // let the others update at will
+ ::Serialize(s, (int)0, nType, nVersion);
+ else
+ ::Serialize(s, txTo.vin[nInput].nSequence, nType, nVersion);
+ }
+
+ /** Serialize an output of txTo */
+ template<typename S>
+ void SerializeOutput(S &s, unsigned int nOutput, int nType, int nVersion) const {
+ if (fHashSingle && nOutput != nIn)
+ // Do not lock-in the txout payee at other indices as txin
+ ::Serialize(s, CTxOut(), nType, nVersion);
+ else
+ ::Serialize(s, txTo.vout[nOutput], nType, nVersion);
+ }
+
+ /** Serialize txTo */
+ template<typename S>
+ void Serialize(S &s, int nType, int nVersion) const {
+ // Serialize nVersion
+ ::Serialize(s, txTo.nVersion, nType, nVersion);
+ // Serialize vin
+ unsigned int nInputs = fAnyoneCanPay ? 1 : txTo.vin.size();
+ ::WriteCompactSize(s, nInputs);
+ for (unsigned int nInput = 0; nInput < nInputs; nInput++)
+ SerializeInput(s, nInput, nType, nVersion);
+ // Serialize vout
+ unsigned int nOutputs = fHashNone ? 0 : (fHashSingle ? nIn+1 : txTo.vout.size());
+ ::WriteCompactSize(s, nOutputs);
+ for (unsigned int nOutput = 0; nOutput < nOutputs; nOutput++)
+ SerializeOutput(s, nOutput, nType, nVersion);
+ // Serialie nLockTime
+ ::Serialize(s, txTo.nLockTime, nType, nVersion);
+ }
+};
+
+} // anon namespace
+
+uint256 SignatureHash(const CScript &scriptCode, const CTransaction& txTo, unsigned int nIn, int nHashType)
+{
+ if (nIn >= txTo.vin.size()) {
+ LogPrintf("ERROR: SignatureHash() : nIn=%d out of range\n", nIn);
+ return 1;
+ }
+
+ // Check for invalid use of SIGHASH_SINGLE
+ if ((nHashType & 0x1f) == SIGHASH_SINGLE) {
+ if (nIn >= txTo.vout.size()) {
+ LogPrintf("ERROR: SignatureHash() : nOut=%d out of range\n", nIn);
+ return 1;
+ }
+ }
+
+ // Wrapper to serialize only the necessary parts of the transaction being signed
+ CTransactionSignatureSerializer txTmp(txTo, scriptCode, nIn, nHashType);
+
+ // Serialize and hash
+ CHashWriter ss(SER_GETHASH, 0);
+ ss << txTmp << nHashType;
+ return ss.GetHash();
+}
+
+// Valid signature cache, to avoid doing expensive ECDSA signature checking
+// twice for every transaction (once when accepted into memory pool, and
+// again when accepted into the block chain)
+class CSignatureCache
+{
+private:
+ // sigdata_type is (signature hash, signature, public key):
+ typedef boost::tuple<uint256, std::vector<unsigned char>, CPubKey> sigdata_type;
+ std::set< sigdata_type> setValid;
+ boost::shared_mutex cs_sigcache;
+
+public:
+ bool
+ Get(const uint256 &hash, const std::vector<unsigned char>& vchSig, const CPubKey& pubKey)
+ {
+ boost::shared_lock<boost::shared_mutex> lock(cs_sigcache);
+
+ sigdata_type k(hash, vchSig, pubKey);
+ std::set<sigdata_type>::iterator mi = setValid.find(k);
+ if (mi != setValid.end())
+ return true;
+ return false;
+ }
+
+ void Set(const uint256 &hash, const std::vector<unsigned char>& vchSig, const CPubKey& pubKey)
+ {
+ // DoS prevention: limit cache size to less than 10MB
+ // (~200 bytes per cache entry times 50,000 entries)
+ // Since there are a maximum of 20,000 signature operations per block
+ // 50,000 is a reasonable default.
+ int64_t nMaxCacheSize = GetArg("-maxsigcachesize", 50000);
+ if (nMaxCacheSize <= 0) return;
+
+ boost::unique_lock<boost::shared_mutex> lock(cs_sigcache);
+
+ while (static_cast<int64_t>(setValid.size()) > nMaxCacheSize)
+ {
+ // Evict a random entry. Random because that helps
+ // foil would-be DoS attackers who might try to pre-generate
+ // and re-use a set of valid signatures just-slightly-greater
+ // than our cache size.
+ uint256 randomHash = GetRandHash();
+ std::vector<unsigned char> unused;
+ std::set<sigdata_type>::iterator it =
+ setValid.lower_bound(sigdata_type(randomHash, unused, unused));
+ if (it == setValid.end())
+ it = setValid.begin();
+ setValid.erase(*it);
+ }
+
+ sigdata_type k(hash, vchSig, pubKey);
+ setValid.insert(k);
+ }
+};
+
+bool CheckSig(vector<unsigned char> vchSig, const vector<unsigned char> &vchPubKey, const CScript &scriptCode, const CTransaction& txTo, unsigned int nIn, int nHashType, int flags)
+{
+ static CSignatureCache signatureCache;
+
+ CPubKey pubkey(vchPubKey);
+ if (!pubkey.IsValid())
+ return false;
+
+ // Hash type is one byte tacked on to the end of the signature
+ if (vchSig.empty())
+ return false;
+ if (nHashType == 0)
+ nHashType = vchSig.back();
+ else if (nHashType != vchSig.back())
+ return false;
+ vchSig.pop_back();
+
+ uint256 sighash = SignatureHash(scriptCode, txTo, nIn, nHashType);
+
+ if (signatureCache.Get(sighash, vchSig, pubkey))
+ return true;
+
+ if (!pubkey.Verify(sighash, vchSig))
+ return false;
+
+ if (!(flags & SCRIPT_VERIFY_NOCACHE))
+ signatureCache.Set(sighash, vchSig, pubkey);
+
+ return true;
+}
+
+bool VerifyScript(const CScript& scriptSig, const CScript& scriptPubKey, const CTransaction& txTo, unsigned int nIn,
+ unsigned int flags, int nHashType)
+{
+ vector<vector<unsigned char> > stack, stackCopy;
+ if (!EvalScript(stack, scriptSig, txTo, nIn, flags, nHashType))
+ return false;
+ if (flags & SCRIPT_VERIFY_P2SH)
+ stackCopy = stack;
+ if (!EvalScript(stack, scriptPubKey, txTo, nIn, flags, nHashType))
+ return false;
+ if (stack.empty())
+ return false;
+
+ if (CastToBool(stack.back()) == false)
+ return false;
+
+ // Additional validation for spend-to-script-hash transactions:
+ if ((flags & SCRIPT_VERIFY_P2SH) && scriptPubKey.IsPayToScriptHash())
+ {
+ if (!scriptSig.IsPushOnly()) // scriptSig must be literals-only
+ return false; // or validation fails
+
+ // stackCopy cannot be empty here, because if it was the
+ // P2SH HASH <> EQUAL scriptPubKey would be evaluated with
+ // an empty stack and the EvalScript above would return false.
+ assert(!stackCopy.empty());
+
+ const valtype& pubKeySerialized = stackCopy.back();
+ CScript pubKey2(pubKeySerialized.begin(), pubKeySerialized.end());
+ popstack(stackCopy);
+
+ if (!EvalScript(stackCopy, pubKey2, txTo, nIn, flags, nHashType))
+ return false;
+ if (stackCopy.empty())
+ return false;
+ return CastToBool(stackCopy.back());
+ }
+
+ return true;
+}
diff --git a/src/script/interpreter.h b/src/script/interpreter.h
new file mode 100644
index 0000000000..0c6f8b9d13
--- /dev/null
+++ b/src/script/interpreter.h
@@ -0,0 +1,45 @@
+// Copyright (c) 2009-2010 Satoshi Nakamoto
+// Copyright (c) 2009-2013 The Bitcoin developers
+// Distributed under the MIT/X11 software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+#ifndef H_BITCOIN_SCRIPT_INTERPRETER
+#define H_BITCOIN_SCRIPT_INTERPRETER
+
+#include <vector>
+#include <stdint.h>
+#include <string>
+
+class uint256;
+class CScript;
+class CTransaction;
+
+/** Signature hash types/flags */
+enum
+{
+ SIGHASH_ALL = 1,
+ SIGHASH_NONE = 2,
+ SIGHASH_SINGLE = 3,
+ SIGHASH_ANYONECANPAY = 0x80,
+};
+
+/** Script verification flags */
+enum
+{
+ SCRIPT_VERIFY_NONE = 0,
+ SCRIPT_VERIFY_P2SH = (1U << 0), // evaluate P2SH (BIP16) subscripts
+ SCRIPT_VERIFY_STRICTENC = (1U << 1), // enforce strict conformance to DER and SEC2 for signatures and pubkeys
+ SCRIPT_VERIFY_LOW_S = (1U << 2), // enforce low S values (<n/2) in signatures (depends on STRICTENC)
+ SCRIPT_VERIFY_NOCACHE = (1U << 3), // do not store results in signature cache (but do query it)
+ SCRIPT_VERIFY_NULLDUMMY = (1U << 4), // verify dummy stack item consumed by CHECKMULTISIG is of zero-length
+};
+
+bool IsCanonicalPubKey(const std::vector<unsigned char> &vchPubKey, unsigned int flags);
+bool IsCanonicalSignature(const std::vector<unsigned char> &vchSig, unsigned int flags);
+
+uint256 SignatureHash(const CScript &scriptCode, const CTransaction& txTo, unsigned int nIn, int nHashType);
+bool CheckSig(std::vector<unsigned char> vchSig, const std::vector<unsigned char> &vchPubKey, const CScript &scriptCode, const CTransaction& txTo, unsigned int nIn, int nHashType, int flags);
+bool EvalScript(std::vector<std::vector<unsigned char> >& stack, const CScript& script, const CTransaction& txTo, unsigned int nIn, unsigned int flags, int nHashType);
+bool VerifyScript(const CScript& scriptSig, const CScript& scriptPubKey, const CTransaction& txTo, unsigned int nIn, unsigned int flags, int nHashType);
+
+#endif
diff --git a/src/scriptutils.cpp b/src/scriptutils.cpp
index 56edc2c2dd..fb3766ab15 100644
--- a/src/scriptutils.cpp
+++ b/src/scriptutils.cpp
@@ -5,67 +5,17 @@
#include "scriptutils.h"
-#include "crypto/ripemd160.h"
-#include "crypto/sha1.h"
-#include "crypto/sha2.h"
#include "core.h"
-#include "hash.h"
#include "key.h"
#include "keystore.h"
-#include "random.h"
-#include "sync.h"
#include "uint256.h"
#include "util.h"
#include <boost/foreach.hpp>
-#include <boost/thread.hpp>
-#include <boost/tuple/tuple.hpp>
-#include <boost/tuple/tuple_comparison.hpp>
using namespace std;
-using namespace boost;
typedef vector<unsigned char> valtype;
-static const valtype vchFalse(0);
-static const valtype vchZero(0);
-static const valtype vchTrue(1, 1);
-static const CScriptNum bnZero(0);
-static const CScriptNum bnOne(1);
-static const CScriptNum bnFalse(0);
-static const CScriptNum bnTrue(1);
-
-bool CheckSig(vector<unsigned char> vchSig, const vector<unsigned char> &vchPubKey, const CScript &scriptCode, const CTransaction& txTo, unsigned int nIn, int nHashType, int flags);
-
-bool CastToBool(const valtype& vch)
-{
- for (unsigned int i = 0; i < vch.size(); i++)
- {
- if (vch[i] != 0)
- {
- // Can be negative zero
- if (i == vch.size()-1 && vch[i] == 0x80)
- return false;
- return true;
- }
- }
- return false;
-}
-
-
-
-//
-// Script is a stack machine (like Forth) that evaluates a predicate
-// returning a bool indicating valid or not. There are no loops.
-//
-#define stacktop(i) (stack.at(stack.size()+(i)))
-#define altstacktop(i) (altstack.at(altstack.size()+(i)))
-static inline void popstack(vector<valtype>& stack)
-{
- if (stack.empty())
- throw runtime_error("popstack() : stack empty");
- stack.pop_back();
-}
-
const char* GetTxnOutputType(txnouttype t)
{
@@ -81,972 +31,6 @@ const char* GetTxnOutputType(txnouttype t)
return NULL;
}
-bool IsCanonicalPubKey(const valtype &vchPubKey, unsigned int flags) {
- if (!(flags & SCRIPT_VERIFY_STRICTENC))
- return true;
-
- if (vchPubKey.size() < 33)
- return error("Non-canonical public key: too short");
- if (vchPubKey[0] == 0x04) {
- if (vchPubKey.size() != 65)
- return error("Non-canonical public key: invalid length for uncompressed key");
- } else if (vchPubKey[0] == 0x02 || vchPubKey[0] == 0x03) {
- if (vchPubKey.size() != 33)
- return error("Non-canonical public key: invalid length for compressed key");
- } else {
- return error("Non-canonical public key: neither compressed nor uncompressed");
- }
- return true;
-}
-
-bool IsCanonicalSignature(const valtype &vchSig, unsigned int flags) {
- if (!(flags & SCRIPT_VERIFY_STRICTENC))
- return true;
-
- // See https://bitcointalk.org/index.php?topic=8392.msg127623#msg127623
- // A canonical signature exists of: <30> <total len> <02> <len R> <R> <02> <len S> <S> <hashtype>
- // Where R and S are not negative (their first byte has its highest bit not set), and not
- // excessively padded (do not start with a 0 byte, unless an otherwise negative number follows,
- // in which case a single 0 byte is necessary and even required).
- if (vchSig.size() < 9)
- return error("Non-canonical signature: too short");
- if (vchSig.size() > 73)
- return error("Non-canonical signature: too long");
- unsigned char nHashType = vchSig[vchSig.size() - 1] & (~(SIGHASH_ANYONECANPAY));
- if (nHashType < SIGHASH_ALL || nHashType > SIGHASH_SINGLE)
- return error("Non-canonical signature: unknown hashtype byte");
- if (vchSig[0] != 0x30)
- return error("Non-canonical signature: wrong type");
- if (vchSig[1] != vchSig.size()-3)
- return error("Non-canonical signature: wrong length marker");
- unsigned int nLenR = vchSig[3];
- if (5 + nLenR >= vchSig.size())
- return error("Non-canonical signature: S length misplaced");
- unsigned int nLenS = vchSig[5+nLenR];
- if ((unsigned long)(nLenR+nLenS+7) != vchSig.size())
- return error("Non-canonical signature: R+S length mismatch");
-
- const unsigned char *R = &vchSig[4];
- if (R[-2] != 0x02)
- return error("Non-canonical signature: R value type mismatch");
- if (nLenR == 0)
- return error("Non-canonical signature: R length is zero");
- if (R[0] & 0x80)
- return error("Non-canonical signature: R value negative");
- if (nLenR > 1 && (R[0] == 0x00) && !(R[1] & 0x80))
- return error("Non-canonical signature: R value excessively padded");
-
- const unsigned char *S = &vchSig[6+nLenR];
- if (S[-2] != 0x02)
- return error("Non-canonical signature: S value type mismatch");
- if (nLenS == 0)
- return error("Non-canonical signature: S length is zero");
- if (S[0] & 0x80)
- return error("Non-canonical signature: S value negative");
- if (nLenS > 1 && (S[0] == 0x00) && !(S[1] & 0x80))
- return error("Non-canonical signature: S value excessively padded");
-
- if (flags & SCRIPT_VERIFY_LOW_S) {
- // If the S value is above the order of the curve divided by two, its
- // complement modulo the order could have been used instead, which is
- // one byte shorter when encoded correctly.
- if (!CKey::CheckSignatureElement(S, nLenS, true))
- return error("Non-canonical signature: S value is unnecessarily high");
- }
-
- return true;
-}
-
-bool EvalScript(vector<vector<unsigned char> >& stack, const CScript& script, const CTransaction& txTo, unsigned int nIn, unsigned int flags, int nHashType)
-{
- CScript::const_iterator pc = script.begin();
- CScript::const_iterator pend = script.end();
- CScript::const_iterator pbegincodehash = script.begin();
- opcodetype opcode;
- valtype vchPushValue;
- vector<bool> vfExec;
- vector<valtype> altstack;
- if (script.size() > 10000)
- return false;
- int nOpCount = 0;
-
- try
- {
- while (pc < pend)
- {
- bool fExec = !count(vfExec.begin(), vfExec.end(), false);
-
- //
- // Read instruction
- //
- if (!script.GetOp(pc, opcode, vchPushValue))
- return false;
- if (vchPushValue.size() > MAX_SCRIPT_ELEMENT_SIZE)
- return false;
-
- // Note how OP_RESERVED does not count towards the opcode limit.
- if (opcode > OP_16 && ++nOpCount > 201)
- return false;
-
- if (opcode == OP_CAT ||
- opcode == OP_SUBSTR ||
- opcode == OP_LEFT ||
- opcode == OP_RIGHT ||
- opcode == OP_INVERT ||
- opcode == OP_AND ||
- opcode == OP_OR ||
- opcode == OP_XOR ||
- opcode == OP_2MUL ||
- opcode == OP_2DIV ||
- opcode == OP_MUL ||
- opcode == OP_DIV ||
- opcode == OP_MOD ||
- opcode == OP_LSHIFT ||
- opcode == OP_RSHIFT)
- return false; // Disabled opcodes.
-
- if (fExec && 0 <= opcode && opcode <= OP_PUSHDATA4)
- stack.push_back(vchPushValue);
- else if (fExec || (OP_IF <= opcode && opcode <= OP_ENDIF))
- switch (opcode)
- {
- //
- // Push value
- //
- case OP_1NEGATE:
- case OP_1:
- case OP_2:
- case OP_3:
- case OP_4:
- case OP_5:
- case OP_6:
- case OP_7:
- case OP_8:
- case OP_9:
- case OP_10:
- case OP_11:
- case OP_12:
- case OP_13:
- case OP_14:
- case OP_15:
- case OP_16:
- {
- // ( -- value)
- CScriptNum bn((int)opcode - (int)(OP_1 - 1));
- stack.push_back(bn.getvch());
- }
- break;
-
-
- //
- // Control
- //
- case OP_NOP:
- case OP_NOP1: case OP_NOP2: case OP_NOP3: case OP_NOP4: case OP_NOP5:
- case OP_NOP6: case OP_NOP7: case OP_NOP8: case OP_NOP9: case OP_NOP10:
- break;
-
- case OP_IF:
- case OP_NOTIF:
- {
- // <expression> if [statements] [else [statements]] endif
- bool fValue = false;
- if (fExec)
- {
- if (stack.size() < 1)
- return false;
- valtype& vch = stacktop(-1);
- fValue = CastToBool(vch);
- if (opcode == OP_NOTIF)
- fValue = !fValue;
- popstack(stack);
- }
- vfExec.push_back(fValue);
- }
- break;
-
- case OP_ELSE:
- {
- if (vfExec.empty())
- return false;
- vfExec.back() = !vfExec.back();
- }
- break;
-
- case OP_ENDIF:
- {
- if (vfExec.empty())
- return false;
- vfExec.pop_back();
- }
- break;
-
- case OP_VERIFY:
- {
- // (true -- ) or
- // (false -- false) and return
- if (stack.size() < 1)
- return false;
- bool fValue = CastToBool(stacktop(-1));
- if (fValue)
- popstack(stack);
- else
- return false;
- }
- break;
-
- case OP_RETURN:
- {
- return false;
- }
- break;
-
-
- //
- // Stack ops
- //
- case OP_TOALTSTACK:
- {
- if (stack.size() < 1)
- return false;
- altstack.push_back(stacktop(-1));
- popstack(stack);
- }
- break;
-
- case OP_FROMALTSTACK:
- {
- if (altstack.size() < 1)
- return false;
- stack.push_back(altstacktop(-1));
- popstack(altstack);
- }
- break;
-
- case OP_2DROP:
- {
- // (x1 x2 -- )
- if (stack.size() < 2)
- return false;
- popstack(stack);
- popstack(stack);
- }
- break;
-
- case OP_2DUP:
- {
- // (x1 x2 -- x1 x2 x1 x2)
- if (stack.size() < 2)
- return false;
- valtype vch1 = stacktop(-2);
- valtype vch2 = stacktop(-1);
- stack.push_back(vch1);
- stack.push_back(vch2);
- }
- break;
-
- case OP_3DUP:
- {
- // (x1 x2 x3 -- x1 x2 x3 x1 x2 x3)
- if (stack.size() < 3)
- return false;
- valtype vch1 = stacktop(-3);
- valtype vch2 = stacktop(-2);
- valtype vch3 = stacktop(-1);
- stack.push_back(vch1);
- stack.push_back(vch2);
- stack.push_back(vch3);
- }
- break;
-
- case OP_2OVER:
- {
- // (x1 x2 x3 x4 -- x1 x2 x3 x4 x1 x2)
- if (stack.size() < 4)
- return false;
- valtype vch1 = stacktop(-4);
- valtype vch2 = stacktop(-3);
- stack.push_back(vch1);
- stack.push_back(vch2);
- }
- break;
-
- case OP_2ROT:
- {
- // (x1 x2 x3 x4 x5 x6 -- x3 x4 x5 x6 x1 x2)
- if (stack.size() < 6)
- return false;
- valtype vch1 = stacktop(-6);
- valtype vch2 = stacktop(-5);
- stack.erase(stack.end()-6, stack.end()-4);
- stack.push_back(vch1);
- stack.push_back(vch2);
- }
- break;
-
- case OP_2SWAP:
- {
- // (x1 x2 x3 x4 -- x3 x4 x1 x2)
- if (stack.size() < 4)
- return false;
- swap(stacktop(-4), stacktop(-2));
- swap(stacktop(-3), stacktop(-1));
- }
- break;
-
- case OP_IFDUP:
- {
- // (x - 0 | x x)
- if (stack.size() < 1)
- return false;
- valtype vch = stacktop(-1);
- if (CastToBool(vch))
- stack.push_back(vch);
- }
- break;
-
- case OP_DEPTH:
- {
- // -- stacksize
- CScriptNum bn(stack.size());
- stack.push_back(bn.getvch());
- }
- break;
-
- case OP_DROP:
- {
- // (x -- )
- if (stack.size() < 1)
- return false;
- popstack(stack);
- }
- break;
-
- case OP_DUP:
- {
- // (x -- x x)
- if (stack.size() < 1)
- return false;
- valtype vch = stacktop(-1);
- stack.push_back(vch);
- }
- break;
-
- case OP_NIP:
- {
- // (x1 x2 -- x2)
- if (stack.size() < 2)
- return false;
- stack.erase(stack.end() - 2);
- }
- break;
-
- case OP_OVER:
- {
- // (x1 x2 -- x1 x2 x1)
- if (stack.size() < 2)
- return false;
- valtype vch = stacktop(-2);
- stack.push_back(vch);
- }
- break;
-
- case OP_PICK:
- case OP_ROLL:
- {
- // (xn ... x2 x1 x0 n - xn ... x2 x1 x0 xn)
- // (xn ... x2 x1 x0 n - ... x2 x1 x0 xn)
- if (stack.size() < 2)
- return false;
- int n = CScriptNum(stacktop(-1)).getint();
- popstack(stack);
- if (n < 0 || n >= (int)stack.size())
- return false;
- valtype vch = stacktop(-n-1);
- if (opcode == OP_ROLL)
- stack.erase(stack.end()-n-1);
- stack.push_back(vch);
- }
- break;
-
- case OP_ROT:
- {
- // (x1 x2 x3 -- x2 x3 x1)
- // x2 x1 x3 after first swap
- // x2 x3 x1 after second swap
- if (stack.size() < 3)
- return false;
- swap(stacktop(-3), stacktop(-2));
- swap(stacktop(-2), stacktop(-1));
- }
- break;
-
- case OP_SWAP:
- {
- // (x1 x2 -- x2 x1)
- if (stack.size() < 2)
- return false;
- swap(stacktop(-2), stacktop(-1));
- }
- break;
-
- case OP_TUCK:
- {
- // (x1 x2 -- x2 x1 x2)
- if (stack.size() < 2)
- return false;
- valtype vch = stacktop(-1);
- stack.insert(stack.end()-2, vch);
- }
- break;
-
-
- case OP_SIZE:
- {
- // (in -- in size)
- if (stack.size() < 1)
- return false;
- CScriptNum bn(stacktop(-1).size());
- stack.push_back(bn.getvch());
- }
- break;
-
-
- //
- // Bitwise logic
- //
- case OP_EQUAL:
- case OP_EQUALVERIFY:
- //case OP_NOTEQUAL: // use OP_NUMNOTEQUAL
- {
- // (x1 x2 - bool)
- if (stack.size() < 2)
- return false;
- valtype& vch1 = stacktop(-2);
- valtype& vch2 = stacktop(-1);
- bool fEqual = (vch1 == vch2);
- // OP_NOTEQUAL is disabled because it would be too easy to say
- // something like n != 1 and have some wiseguy pass in 1 with extra
- // zero bytes after it (numerically, 0x01 == 0x0001 == 0x000001)
- //if (opcode == OP_NOTEQUAL)
- // fEqual = !fEqual;
- popstack(stack);
- popstack(stack);
- stack.push_back(fEqual ? vchTrue : vchFalse);
- if (opcode == OP_EQUALVERIFY)
- {
- if (fEqual)
- popstack(stack);
- else
- return false;
- }
- }
- break;
-
-
- //
- // Numeric
- //
- case OP_1ADD:
- case OP_1SUB:
- case OP_NEGATE:
- case OP_ABS:
- case OP_NOT:
- case OP_0NOTEQUAL:
- {
- // (in -- out)
- if (stack.size() < 1)
- return false;
- CScriptNum bn(stacktop(-1));
- switch (opcode)
- {
- case OP_1ADD: bn += bnOne; break;
- case OP_1SUB: bn -= bnOne; break;
- case OP_NEGATE: bn = -bn; break;
- case OP_ABS: if (bn < bnZero) bn = -bn; break;
- case OP_NOT: bn = (bn == bnZero); break;
- case OP_0NOTEQUAL: bn = (bn != bnZero); break;
- default: assert(!"invalid opcode"); break;
- }
- popstack(stack);
- stack.push_back(bn.getvch());
- }
- break;
-
- case OP_ADD:
- case OP_SUB:
- case OP_BOOLAND:
- case OP_BOOLOR:
- case OP_NUMEQUAL:
- case OP_NUMEQUALVERIFY:
- case OP_NUMNOTEQUAL:
- case OP_LESSTHAN:
- case OP_GREATERTHAN:
- case OP_LESSTHANOREQUAL:
- case OP_GREATERTHANOREQUAL:
- case OP_MIN:
- case OP_MAX:
- {
- // (x1 x2 -- out)
- if (stack.size() < 2)
- return false;
- CScriptNum bn1(stacktop(-2));
- CScriptNum bn2(stacktop(-1));
- CScriptNum bn(0);
- switch (opcode)
- {
- case OP_ADD:
- bn = bn1 + bn2;
- break;
-
- case OP_SUB:
- bn = bn1 - bn2;
- break;
-
- case OP_BOOLAND: bn = (bn1 != bnZero && bn2 != bnZero); break;
- case OP_BOOLOR: bn = (bn1 != bnZero || bn2 != bnZero); break;
- case OP_NUMEQUAL: bn = (bn1 == bn2); break;
- case OP_NUMEQUALVERIFY: bn = (bn1 == bn2); break;
- case OP_NUMNOTEQUAL: bn = (bn1 != bn2); break;
- case OP_LESSTHAN: bn = (bn1 < bn2); break;
- case OP_GREATERTHAN: bn = (bn1 > bn2); break;
- case OP_LESSTHANOREQUAL: bn = (bn1 <= bn2); break;
- case OP_GREATERTHANOREQUAL: bn = (bn1 >= bn2); break;
- case OP_MIN: bn = (bn1 < bn2 ? bn1 : bn2); break;
- case OP_MAX: bn = (bn1 > bn2 ? bn1 : bn2); break;
- default: assert(!"invalid opcode"); break;
- }
- popstack(stack);
- popstack(stack);
- stack.push_back(bn.getvch());
-
- if (opcode == OP_NUMEQUALVERIFY)
- {
- if (CastToBool(stacktop(-1)))
- popstack(stack);
- else
- return false;
- }
- }
- break;
-
- case OP_WITHIN:
- {
- // (x min max -- out)
- if (stack.size() < 3)
- return false;
- CScriptNum bn1(stacktop(-3));
- CScriptNum bn2(stacktop(-2));
- CScriptNum bn3(stacktop(-1));
- bool fValue = (bn2 <= bn1 && bn1 < bn3);
- popstack(stack);
- popstack(stack);
- popstack(stack);
- stack.push_back(fValue ? vchTrue : vchFalse);
- }
- break;
-
-
- //
- // Crypto
- //
- case OP_RIPEMD160:
- case OP_SHA1:
- case OP_SHA256:
- case OP_HASH160:
- case OP_HASH256:
- {
- // (in -- hash)
- if (stack.size() < 1)
- return false;
- valtype& vch = stacktop(-1);
- valtype vchHash((opcode == OP_RIPEMD160 || opcode == OP_SHA1 || opcode == OP_HASH160) ? 20 : 32);
- if (opcode == OP_RIPEMD160)
- CRIPEMD160().Write(&vch[0], vch.size()).Finalize(&vchHash[0]);
- else if (opcode == OP_SHA1)
- CSHA1().Write(&vch[0], vch.size()).Finalize(&vchHash[0]);
- else if (opcode == OP_SHA256)
- CSHA256().Write(&vch[0], vch.size()).Finalize(&vchHash[0]);
- else if (opcode == OP_HASH160)
- CHash160().Write(&vch[0], vch.size()).Finalize(&vchHash[0]);
- else if (opcode == OP_HASH256)
- CHash256().Write(&vch[0], vch.size()).Finalize(&vchHash[0]);
- popstack(stack);
- stack.push_back(vchHash);
- }
- break;
-
- case OP_CODESEPARATOR:
- {
- // Hash starts after the code separator
- pbegincodehash = pc;
- }
- break;
-
- case OP_CHECKSIG:
- case OP_CHECKSIGVERIFY:
- {
- // (sig pubkey -- bool)
- if (stack.size() < 2)
- return false;
-
- valtype& vchSig = stacktop(-2);
- valtype& vchPubKey = stacktop(-1);
-
- // Subset of script starting at the most recent codeseparator
- CScript scriptCode(pbegincodehash, pend);
-
- // Drop the signature, since there's no way for a signature to sign itself
- scriptCode.FindAndDelete(CScript(vchSig));
-
- bool fSuccess = IsCanonicalSignature(vchSig, flags) && IsCanonicalPubKey(vchPubKey, flags) &&
- CheckSig(vchSig, vchPubKey, scriptCode, txTo, nIn, nHashType, flags);
-
- popstack(stack);
- popstack(stack);
- stack.push_back(fSuccess ? vchTrue : vchFalse);
- if (opcode == OP_CHECKSIGVERIFY)
- {
- if (fSuccess)
- popstack(stack);
- else
- return false;
- }
- }
- break;
-
- case OP_CHECKMULTISIG:
- case OP_CHECKMULTISIGVERIFY:
- {
- // ([sig ...] num_of_signatures [pubkey ...] num_of_pubkeys -- bool)
-
- int i = 1;
- if ((int)stack.size() < i)
- return false;
-
- int nKeysCount = CScriptNum(stacktop(-i)).getint();
- if (nKeysCount < 0 || nKeysCount > 20)
- return false;
- nOpCount += nKeysCount;
- if (nOpCount > 201)
- return false;
- int ikey = ++i;
- i += nKeysCount;
- if ((int)stack.size() < i)
- return false;
-
- int nSigsCount = CScriptNum(stacktop(-i)).getint();
- if (nSigsCount < 0 || nSigsCount > nKeysCount)
- return false;
- int isig = ++i;
- i += nSigsCount;
- if ((int)stack.size() < i)
- return false;
-
- // Subset of script starting at the most recent codeseparator
- CScript scriptCode(pbegincodehash, pend);
-
- // Drop the signatures, since there's no way for a signature to sign itself
- for (int k = 0; k < nSigsCount; k++)
- {
- valtype& vchSig = stacktop(-isig-k);
- scriptCode.FindAndDelete(CScript(vchSig));
- }
-
- bool fSuccess = true;
- while (fSuccess && nSigsCount > 0)
- {
- valtype& vchSig = stacktop(-isig);
- valtype& vchPubKey = stacktop(-ikey);
-
- // Check signature
- bool fOk = IsCanonicalSignature(vchSig, flags) && IsCanonicalPubKey(vchPubKey, flags) &&
- CheckSig(vchSig, vchPubKey, scriptCode, txTo, nIn, nHashType, flags);
-
- if (fOk) {
- isig++;
- nSigsCount--;
- }
- ikey++;
- nKeysCount--;
-
- // If there are more signatures left than keys left,
- // then too many signatures have failed
- if (nSigsCount > nKeysCount)
- fSuccess = false;
- }
-
- // Clean up stack of actual arguments
- while (i-- > 1)
- popstack(stack);
-
- // A bug causes CHECKMULTISIG to consume one extra argument
- // whose contents were not checked in any way.
- //
- // Unfortunately this is a potential source of mutability,
- // so optionally verify it is exactly equal to zero prior
- // to removing it from the stack.
- if (stack.size() < 1)
- return false;
- if ((flags & SCRIPT_VERIFY_NULLDUMMY) && stacktop(-1).size())
- return error("CHECKMULTISIG dummy argument not null");
- popstack(stack);
-
- stack.push_back(fSuccess ? vchTrue : vchFalse);
-
- if (opcode == OP_CHECKMULTISIGVERIFY)
- {
- if (fSuccess)
- popstack(stack);
- else
- return false;
- }
- }
- break;
-
- default:
- return false;
- }
-
- // Size limits
- if (stack.size() + altstack.size() > 1000)
- return false;
- }
- }
- catch (...)
- {
- return false;
- }
-
-
- if (!vfExec.empty())
- return false;
-
- return true;
-}
-
-
-
-
-
-
-
-namespace {
-
-/** Wrapper that serializes like CTransaction, but with the modifications
- * required for the signature hash done in-place
- */
-class CTransactionSignatureSerializer {
-private:
- const CTransaction &txTo; // reference to the spending transaction (the one being serialized)
- const CScript &scriptCode; // output script being consumed
- const unsigned int nIn; // input index of txTo being signed
- const bool fAnyoneCanPay; // whether the hashtype has the SIGHASH_ANYONECANPAY flag set
- const bool fHashSingle; // whether the hashtype is SIGHASH_SINGLE
- const bool fHashNone; // whether the hashtype is SIGHASH_NONE
-
-public:
- CTransactionSignatureSerializer(const CTransaction &txToIn, const CScript &scriptCodeIn, unsigned int nInIn, int nHashTypeIn) :
- txTo(txToIn), scriptCode(scriptCodeIn), nIn(nInIn),
- fAnyoneCanPay(!!(nHashTypeIn & SIGHASH_ANYONECANPAY)),
- fHashSingle((nHashTypeIn & 0x1f) == SIGHASH_SINGLE),
- fHashNone((nHashTypeIn & 0x1f) == SIGHASH_NONE) {}
-
- /** Serialize the passed scriptCode, skipping OP_CODESEPARATORs */
- template<typename S>
- void SerializeScriptCode(S &s, int nType, int nVersion) const {
- CScript::const_iterator it = scriptCode.begin();
- CScript::const_iterator itBegin = it;
- opcodetype opcode;
- unsigned int nCodeSeparators = 0;
- while (scriptCode.GetOp(it, opcode)) {
- if (opcode == OP_CODESEPARATOR)
- nCodeSeparators++;
- }
- ::WriteCompactSize(s, scriptCode.size() - nCodeSeparators);
- it = itBegin;
- while (scriptCode.GetOp(it, opcode)) {
- if (opcode == OP_CODESEPARATOR) {
- s.write((char*)&itBegin[0], it-itBegin-1);
- itBegin = it;
- }
- }
- s.write((char*)&itBegin[0], it-itBegin);
- }
-
- /** Serialize an input of txTo */
- template<typename S>
- void SerializeInput(S &s, unsigned int nInput, int nType, int nVersion) const {
- // In case of SIGHASH_ANYONECANPAY, only the input being signed is serialized
- if (fAnyoneCanPay)
- nInput = nIn;
- // Serialize the prevout
- ::Serialize(s, txTo.vin[nInput].prevout, nType, nVersion);
- // Serialize the script
- if (nInput != nIn)
- // Blank out other inputs' signatures
- ::Serialize(s, CScript(), nType, nVersion);
- else
- SerializeScriptCode(s, nType, nVersion);
- // Serialize the nSequence
- if (nInput != nIn && (fHashSingle || fHashNone))
- // let the others update at will
- ::Serialize(s, (int)0, nType, nVersion);
- else
- ::Serialize(s, txTo.vin[nInput].nSequence, nType, nVersion);
- }
-
- /** Serialize an output of txTo */
- template<typename S>
- void SerializeOutput(S &s, unsigned int nOutput, int nType, int nVersion) const {
- if (fHashSingle && nOutput != nIn)
- // Do not lock-in the txout payee at other indices as txin
- ::Serialize(s, CTxOut(), nType, nVersion);
- else
- ::Serialize(s, txTo.vout[nOutput], nType, nVersion);
- }
-
- /** Serialize txTo */
- template<typename S>
- void Serialize(S &s, int nType, int nVersion) const {
- // Serialize nVersion
- ::Serialize(s, txTo.nVersion, nType, nVersion);
- // Serialize vin
- unsigned int nInputs = fAnyoneCanPay ? 1 : txTo.vin.size();
- ::WriteCompactSize(s, nInputs);
- for (unsigned int nInput = 0; nInput < nInputs; nInput++)
- SerializeInput(s, nInput, nType, nVersion);
- // Serialize vout
- unsigned int nOutputs = fHashNone ? 0 : (fHashSingle ? nIn+1 : txTo.vout.size());
- ::WriteCompactSize(s, nOutputs);
- for (unsigned int nOutput = 0; nOutput < nOutputs; nOutput++)
- SerializeOutput(s, nOutput, nType, nVersion);
- // Serialie nLockTime
- ::Serialize(s, txTo.nLockTime, nType, nVersion);
- }
-};
-
-} // anon namespace
-
-uint256 SignatureHash(const CScript &scriptCode, const CTransaction& txTo, unsigned int nIn, int nHashType)
-{
- if (nIn >= txTo.vin.size()) {
- LogPrintf("ERROR: SignatureHash() : nIn=%d out of range\n", nIn);
- return 1;
- }
-
- // Check for invalid use of SIGHASH_SINGLE
- if ((nHashType & 0x1f) == SIGHASH_SINGLE) {
- if (nIn >= txTo.vout.size()) {
- LogPrintf("ERROR: SignatureHash() : nOut=%d out of range\n", nIn);
- return 1;
- }
- }
-
- // Wrapper to serialize only the necessary parts of the transaction being signed
- CTransactionSignatureSerializer txTmp(txTo, scriptCode, nIn, nHashType);
-
- // Serialize and hash
- CHashWriter ss(SER_GETHASH, 0);
- ss << txTmp << nHashType;
- return ss.GetHash();
-}
-
-// Valid signature cache, to avoid doing expensive ECDSA signature checking
-// twice for every transaction (once when accepted into memory pool, and
-// again when accepted into the block chain)
-class CSignatureCache
-{
-private:
- // sigdata_type is (signature hash, signature, public key):
- typedef boost::tuple<uint256, std::vector<unsigned char>, CPubKey> sigdata_type;
- std::set< sigdata_type> setValid;
- boost::shared_mutex cs_sigcache;
-
-public:
- bool
- Get(const uint256 &hash, const std::vector<unsigned char>& vchSig, const CPubKey& pubKey)
- {
- boost::shared_lock<boost::shared_mutex> lock(cs_sigcache);
-
- sigdata_type k(hash, vchSig, pubKey);
- std::set<sigdata_type>::iterator mi = setValid.find(k);
- if (mi != setValid.end())
- return true;
- return false;
- }
-
- void Set(const uint256 &hash, const std::vector<unsigned char>& vchSig, const CPubKey& pubKey)
- {
- // DoS prevention: limit cache size to less than 10MB
- // (~200 bytes per cache entry times 50,000 entries)
- // Since there are a maximum of 20,000 signature operations per block
- // 50,000 is a reasonable default.
- int64_t nMaxCacheSize = GetArg("-maxsigcachesize", 50000);
- if (nMaxCacheSize <= 0) return;
-
- boost::unique_lock<boost::shared_mutex> lock(cs_sigcache);
-
- while (static_cast<int64_t>(setValid.size()) > nMaxCacheSize)
- {
- // Evict a random entry. Random because that helps
- // foil would-be DoS attackers who might try to pre-generate
- // and re-use a set of valid signatures just-slightly-greater
- // than our cache size.
- uint256 randomHash = GetRandHash();
- std::vector<unsigned char> unused;
- std::set<sigdata_type>::iterator it =
- setValid.lower_bound(sigdata_type(randomHash, unused, unused));
- if (it == setValid.end())
- it = setValid.begin();
- setValid.erase(*it);
- }
-
- sigdata_type k(hash, vchSig, pubKey);
- setValid.insert(k);
- }
-};
-
-bool CheckSig(vector<unsigned char> vchSig, const vector<unsigned char> &vchPubKey, const CScript &scriptCode,
- const CTransaction& txTo, unsigned int nIn, int nHashType, int flags)
-{
- static CSignatureCache signatureCache;
-
- CPubKey pubkey(vchPubKey);
- if (!pubkey.IsValid())
- return false;
-
- // Hash type is one byte tacked on to the end of the signature
- if (vchSig.empty())
- return false;
- if (nHashType == 0)
- nHashType = vchSig.back();
- else if (nHashType != vchSig.back())
- return false;
- vchSig.pop_back();
-
- uint256 sighash = SignatureHash(scriptCode, txTo, nIn, nHashType);
-
- if (signatureCache.Get(sighash, vchSig, pubkey))
- return true;
-
- if (!pubkey.Verify(sighash, vchSig))
- return false;
-
- if (!(flags & SCRIPT_VERIFY_NOCACHE))
- signatureCache.Set(sighash, vchSig, pubkey);
-
- return true;
-}
-
-
-
-
-
-
-
-
-
//
// Return public keys or hashes from scriptPubKey, for 'standard' transaction types.
//
@@ -1459,48 +443,6 @@ void ExtractAffectedKeys(const CKeyStore &keystore, const CScript& scriptPubKey,
CAffectedKeysVisitor(keystore, vKeys).Process(scriptPubKey);
}
-bool VerifyScript(const CScript& scriptSig, const CScript& scriptPubKey, const CTransaction& txTo, unsigned int nIn,
- unsigned int flags, int nHashType)
-{
- vector<vector<unsigned char> > stack, stackCopy;
- if (!EvalScript(stack, scriptSig, txTo, nIn, flags, nHashType))
- return false;
- if (flags & SCRIPT_VERIFY_P2SH)
- stackCopy = stack;
- if (!EvalScript(stack, scriptPubKey, txTo, nIn, flags, nHashType))
- return false;
- if (stack.empty())
- return false;
-
- if (CastToBool(stack.back()) == false)
- return false;
-
- // Additional validation for spend-to-script-hash transactions:
- if ((flags & SCRIPT_VERIFY_P2SH) && scriptPubKey.IsPayToScriptHash())
- {
- if (!scriptSig.IsPushOnly()) // scriptSig must be literals-only
- return false; // or validation fails
-
- // stackCopy cannot be empty here, because if it was the
- // P2SH HASH <> EQUAL scriptPubKey would be evaluated with
- // an empty stack and the EvalScript above would return false.
- assert(!stackCopy.empty());
-
- const valtype& pubKeySerialized = stackCopy.back();
- CScript pubKey2(pubKeySerialized.begin(), pubKeySerialized.end());
- popstack(stackCopy);
-
- if (!EvalScript(stackCopy, pubKey2, txTo, nIn, flags, nHashType))
- return false;
- if (stackCopy.empty())
- return false;
- return CastToBool(stackCopy.back());
- }
-
- return true;
-}
-
-
bool SignSignature(const CKeyStore &keystore, const CScript& fromPubKey, CMutableTransaction& txTo, unsigned int nIn, int nHashType)
{
assert(nIn < txTo.vin.size());
diff --git a/src/scriptutils.h b/src/scriptutils.h
index 4f29f7ab29..1df95b1fa0 100644
--- a/src/scriptutils.h
+++ b/src/scriptutils.h
@@ -8,6 +8,7 @@
#include "key.h"
#include "script/script.h"
+#include "script/interpreter.h"
#include <stdexcept>
#include <stdint.h>
@@ -20,26 +21,6 @@ struct CMutableTransaction;
static const unsigned int MAX_OP_RETURN_RELAY = 40; // bytes
-/** Signature hash types/flags */
-enum
-{
- SIGHASH_ALL = 1,
- SIGHASH_NONE = 2,
- SIGHASH_SINGLE = 3,
- SIGHASH_ANYONECANPAY = 0x80,
-};
-
-/** Script verification flags */
-enum
-{
- SCRIPT_VERIFY_NONE = 0,
- SCRIPT_VERIFY_P2SH = (1U << 0), // evaluate P2SH (BIP16) subscripts
- SCRIPT_VERIFY_STRICTENC = (1U << 1), // enforce strict conformance to DER and SEC2 for signatures and pubkeys
- SCRIPT_VERIFY_LOW_S = (1U << 2), // enforce low S values (<n/2) in signatures (depends on STRICTENC)
- SCRIPT_VERIFY_NOCACHE = (1U << 3), // do not store results in signature cache (but do query it)
- SCRIPT_VERIFY_NULLDUMMY = (1U << 4), // verify dummy stack item consumed by CHECKMULTISIG is of zero-length
-};
-
/** IsMine() return codes */
enum isminetype
{
@@ -156,11 +137,6 @@ public:
}
};
-bool IsCanonicalPubKey(const std::vector<unsigned char> &vchPubKey, unsigned int flags);
-bool IsCanonicalSignature(const std::vector<unsigned char> &vchSig, unsigned int flags);
-
-bool EvalScript(std::vector<std::vector<unsigned char> >& stack, const CScript& script, const CTransaction& txTo, unsigned int nIn, unsigned int flags, int nHashType);
-uint256 SignatureHash(const CScript &scriptCode, const CTransaction& txTo, unsigned int nIn, int nHashType);
bool Solver(const CScript& scriptPubKey, txnouttype& typeRet, std::vector<std::vector<unsigned char> >& vSolutionsRet);
int ScriptSigArgsExpected(txnouttype t, const std::vector<std::vector<unsigned char> >& vSolutions);
bool IsStandard(const CScript& scriptPubKey, txnouttype& whichType);
@@ -171,7 +147,6 @@ bool ExtractDestination(const CScript& scriptPubKey, CTxDestination& addressRet)
bool ExtractDestinations(const CScript& scriptPubKey, txnouttype& typeRet, std::vector<CTxDestination>& addressRet, int& nRequiredRet);
bool SignSignature(const CKeyStore& keystore, const CScript& fromPubKey, CMutableTransaction& txTo, unsigned int nIn, int nHashType=SIGHASH_ALL);
bool SignSignature(const CKeyStore& keystore, const CTransaction& txFrom, CMutableTransaction& txTo, unsigned int nIn, int nHashType=SIGHASH_ALL);
-bool VerifyScript(const CScript& scriptSig, const CScript& scriptPubKey, const CTransaction& txTo, unsigned int nIn, unsigned int flags, int nHashType);
// Given two sets of signatures for scriptPubKey, possibly with OP_0 placeholders,
// combine them intelligently and return the result.
diff --git a/src/test/canonical_tests.cpp b/src/test/canonical_tests.cpp
index 2d2a600740..a17099de72 100644
--- a/src/test/canonical_tests.cpp
+++ b/src/test/canonical_tests.cpp
@@ -8,9 +8,11 @@
#include "data/sig_noncanonical.json.h"
#include "data/sig_canonical.json.h"
+#include "key.h"
#include "random.h"
-#include "scriptutils.h"
+#include "script/interpreter.h"
#include "util.h"
+#include "utilstrencodings.h"
#include <boost/foreach.hpp>
#include <boost/test/unit_test.hpp>
diff --git a/src/test/multisig_tests.cpp b/src/test/multisig_tests.cpp
index aa9b0de4ce..e28682522b 100644
--- a/src/test/multisig_tests.cpp
+++ b/src/test/multisig_tests.cpp
@@ -6,6 +6,7 @@
#include "keystore.h"
#include "main.h"
#include "script/script.h"
+#include "script/interpreter.h"
#include "scriptutils.h"
#include "uint256.h"
diff --git a/src/test/sighash_tests.cpp b/src/test/sighash_tests.cpp
index 1421288eed..8abde887ce 100644
--- a/src/test/sighash_tests.cpp
+++ b/src/test/sighash_tests.cpp
@@ -7,7 +7,7 @@
#include "random.h"
#include "serialize.h"
#include "script/script.h"
-#include "scriptutils.h"
+#include "script/interpreter.h"
#include "util.h"
#include "version.h"