/*! * common.js - common script functions for bcoin * Copyright (c) 2014-2015, Fedor Indutny (MIT License) * Copyright (c) 2014-2017, Christopher Jeffrey (MIT License). * https://github.com/bcoin-org/bcoin */'use strict';/** * @module script/common */const assert = require('bsert');const secp256k1 = require('bcrypto/lib/secp256k1');const ScriptNum = require('./scriptnum');/** * Script opcodes. * @enum {Number} * @default */exports.opcodes = { // Push OP_0: 0x00, OP_PUSHDATA1: 0x4c, OP_PUSHDATA2: 0x4d, OP_PUSHDATA4: 0x4e, OP_1NEGATE: 0x4f, OP_RESERVED: 0x50, OP_1: 0x51, OP_2: 0x52, OP_3: 0x53, OP_4: 0x54, OP_5: 0x55, OP_6: 0x56, OP_7: 0x57, OP_8: 0x58, OP_9: 0x59, OP_10: 0x5a, OP_11: 0x5b, OP_12: 0x5c, OP_13: 0x5d, OP_14: 0x5e, OP_15: 0x5f, OP_16: 0x60, // Control OP_NOP: 0x61, OP_VER: 0x62, OP_IF: 0x63, OP_NOTIF: 0x64, OP_VERIF: 0x65, OP_VERNOTIF: 0x66, OP_ELSE: 0x67, OP_ENDIF: 0x68, OP_VERIFY: 0x69, OP_RETURN: 0x6a, // Stack OP_TOALTSTACK: 0x6b, OP_FROMALTSTACK: 0x6c, OP_2DROP: 0x6d, OP_2DUP: 0x6e, OP_3DUP: 0x6f, OP_2OVER: 0x70, OP_2ROT: 0x71, OP_2SWAP: 0x72, OP_IFDUP: 0x73, OP_DEPTH: 0x74, OP_DROP: 0x75, OP_DUP: 0x76, OP_NIP: 0x77, OP_OVER: 0x78, OP_PICK: 0x79, OP_ROLL: 0x7a, OP_ROT: 0x7b, OP_SWAP: 0x7c, OP_TUCK: 0x7d, // Splice OP_CAT: 0x7e, OP_SUBSTR: 0x7f, OP_LEFT: 0x80, OP_RIGHT: 0x81, OP_SIZE: 0x82, // Bit OP_INVERT: 0x83, OP_AND: 0x84, OP_OR: 0x85, OP_XOR: 0x86, OP_EQUAL: 0x87, OP_EQUALVERIFY: 0x88, OP_RESERVED1: 0x89, OP_RESERVED2: 0x8a, // Numeric OP_1ADD: 0x8b, OP_1SUB: 0x8c, OP_2MUL: 0x8d, OP_2DIV: 0x8e, OP_NEGATE: 0x8f, OP_ABS: 0x90, OP_NOT: 0x91, OP_0NOTEQUAL: 0x92, OP_ADD: 0x93, OP_SUB: 0x94, OP_MUL: 0x95, OP_DIV: 0x96, OP_MOD: 0x97, OP_LSHIFT: 0x98, OP_RSHIFT: 0x99, OP_BOOLAND: 0x9a, OP_BOOLOR: 0x9b, OP_NUMEQUAL: 0x9c, OP_NUMEQUALVERIFY: 0x9d, OP_NUMNOTEQUAL: 0x9e, OP_LESSTHAN: 0x9f, OP_GREATERTHAN: 0xa0, OP_LESSTHANOREQUAL: 0xa1, OP_GREATERTHANOREQUAL: 0xa2, OP_MIN: 0xa3, OP_MAX: 0xa4, OP_WITHIN: 0xa5, // Crypto OP_RIPEMD160: 0xa6, OP_SHA1: 0xa7, OP_SHA256: 0xa8, OP_HASH160: 0xa9, OP_HASH256: 0xaa, OP_CODESEPARATOR: 0xab, OP_CHECKSIG: 0xac, OP_CHECKSIGVERIFY: 0xad, OP_CHECKMULTISIG: 0xae, OP_CHECKMULTISIGVERIFY: 0xaf, // Expansion OP_NOP1: 0xb0, OP_CHECKLOCKTIMEVERIFY: 0xb1, OP_CHECKSEQUENCEVERIFY: 0xb2, OP_NOP4: 0xb3, OP_NOP5: 0xb4, OP_NOP6: 0xb5, OP_NOP7: 0xb6, OP_NOP8: 0xb7, OP_NOP9: 0xb8, OP_NOP10: 0xb9, // Custom OP_INVALIDOPCODE: 0xff};/** * Opcodes by value. * @const {Object} */exports.opcodesByVal = { // Push 0x00: 'OP_0', 0x4c: 'OP_PUSHDATA1', 0x4d: 'OP_PUSHDATA2', 0x4e: 'OP_PUSHDATA4', 0x4f: 'OP_1NEGATE', 0x50: 'OP_RESERVED', 0x51: 'OP_1', 0x52: 'OP_2', 0x53: 'OP_3', 0x54: 'OP_4', 0x55: 'OP_5', 0x56: 'OP_6', 0x57: 'OP_7', 0x58: 'OP_8', 0x59: 'OP_9', 0x5a: 'OP_10', 0x5b: 'OP_11', 0x5c: 'OP_12', 0x5d: 'OP_13', 0x5e: 'OP_14', 0x5f: 'OP_15', 0x60: 'OP_16', // Control 0x61: 'OP_NOP', 0x62: 'OP_VER', 0x63: 'OP_IF', 0x64: 'OP_NOTIF', 0x65: 'OP_VERIF', 0x66: 'OP_VERNOTIF', 0x67: 'OP_ELSE', 0x68: 'OP_ENDIF', 0x69: 'OP_VERIFY', 0x6a: 'OP_RETURN', // Stack 0x6b: 'OP_TOALTSTACK', 0x6c: 'OP_FROMALTSTACK', 0x6d: 'OP_2DROP', 0x6e: 'OP_2DUP', 0x6f: 'OP_3DUP', 0x70: 'OP_2OVER', 0x71: 'OP_2ROT', 0x72: 'OP_2SWAP', 0x73: 'OP_IFDUP', 0x74: 'OP_DEPTH', 0x75: 'OP_DROP', 0x76: 'OP_DUP', 0x77: 'OP_NIP', 0x78: 'OP_OVER', 0x79: 'OP_PICK', 0x7a: 'OP_ROLL', 0x7b: 'OP_ROT', 0x7c: 'OP_SWAP', 0x7d: 'OP_TUCK', // Splice 0x7e: 'OP_CAT', 0x7f: 'OP_SUBSTR', 0x80: 'OP_LEFT', 0x81: 'OP_RIGHT', 0x82: 'OP_SIZE', // Bit 0x83: 'OP_INVERT', 0x84: 'OP_AND', 0x85: 'OP_OR', 0x86: 'OP_XOR', 0x87: 'OP_EQUAL', 0x88: 'OP_EQUALVERIFY', 0x89: 'OP_RESERVED1', 0x8a: 'OP_RESERVED2', // Numeric 0x8b: 'OP_1ADD', 0x8c: 'OP_1SUB', 0x8d: 'OP_2MUL', 0x8e: 'OP_2DIV', 0x8f: 'OP_NEGATE', 0x90: 'OP_ABS', 0x91: 'OP_NOT', 0x92: 'OP_0NOTEQUAL', 0x93: 'OP_ADD', 0x94: 'OP_SUB', 0x95: 'OP_MUL', 0x96: 'OP_DIV', 0x97: 'OP_MOD', 0x98: 'OP_LSHIFT', 0x99: 'OP_RSHIFT', 0x9a: 'OP_BOOLAND', 0x9b: 'OP_BOOLOR', 0x9c: 'OP_NUMEQUAL', 0x9d: 'OP_NUMEQUALVERIFY', 0x9e: 'OP_NUMNOTEQUAL', 0x9f: 'OP_LESSTHAN', 0xa0: 'OP_GREATERTHAN', 0xa1: 'OP_LESSTHANOREQUAL', 0xa2: 'OP_GREATERTHANOREQUAL', 0xa3: 'OP_MIN', 0xa4: 'OP_MAX', 0xa5: 'OP_WITHIN', // Crypto 0xa6: 'OP_RIPEMD160', 0xa7: 'OP_SHA1', 0xa8: 'OP_SHA256', 0xa9: 'OP_HASH160', 0xaa: 'OP_HASH256', 0xab: 'OP_CODESEPARATOR', 0xac: 'OP_CHECKSIG', 0xad: 'OP_CHECKSIGVERIFY', 0xae: 'OP_CHECKMULTISIG', 0xaf: 'OP_CHECKMULTISIGVERIFY', // Expansion 0xb0: 'OP_NOP1', 0xb1: 'OP_CHECKLOCKTIMEVERIFY', 0xb2: 'OP_CHECKSEQUENCEVERIFY', 0xb3: 'OP_NOP4', 0xb4: 'OP_NOP5', 0xb5: 'OP_NOP6', 0xb6: 'OP_NOP7', 0xb7: 'OP_NOP8', 0xb8: 'OP_NOP9', 0xb9: 'OP_NOP10', // Custom 0xff: 'OP_INVALIDOPCODE'};/** * Small ints (1 indexed, 1==0). * @const {Buffer[]} */exports.small = [ Buffer.from([0x81]), Buffer.from([]), Buffer.from([0x01]), Buffer.from([0x02]), Buffer.from([0x03]), Buffer.from([0x04]), Buffer.from([0x05]), Buffer.from([0x06]), Buffer.from([0x07]), Buffer.from([0x08]), Buffer.from([0x09]), Buffer.from([0x0a]), Buffer.from([0x0b]), Buffer.from([0x0c]), Buffer.from([0x0d]), Buffer.from([0x0e]), Buffer.from([0x0f]), Buffer.from([0x10])];/** * Script and locktime flags. See {@link VerifyFlags}. * @enum {Number} */exports.flags = { VERIFY_NONE: 0, VERIFY_P2SH: 1 << 0, VERIFY_STRICTENC: 1 << 1, VERIFY_DERSIG: 1 << 2, VERIFY_LOW_S: 1 << 3, VERIFY_NULLDUMMY: 1 << 4, VERIFY_SIGPUSHONLY: 1 << 5, VERIFY_MINIMALDATA: 1 << 6, VERIFY_DISCOURAGE_UPGRADABLE_NOPS: 1 << 7, VERIFY_CLEANSTACK: 1 << 8, VERIFY_CHECKLOCKTIMEVERIFY: 1 << 9, VERIFY_CHECKSEQUENCEVERIFY: 1 << 10, VERIFY_WITNESS: 1 << 11, VERIFY_DISCOURAGE_UPGRADABLE_WITNESS_PROGRAM: 1 << 12, VERIFY_MINIMALIF: 1 << 13, VERIFY_NULLFAIL: 1 << 14, VERIFY_WITNESS_PUBKEYTYPE: 1 << 15, VERIFY_CONST_SCRIPTCODE: 1 << 16};/** * Consensus verify flags (used for block validation). * @const {VerifyFlags} * @default */exports.flags.MANDATORY_VERIFY_FLAGS = exports.flags.VERIFY_P2SH;/** * Standard verify flags (used for mempool validation). * @const {VerifyFlags} * @default */exports.flags.STANDARD_VERIFY_FLAGS = 0 | exports.flags.MANDATORY_VERIFY_FLAGS | exports.flags.VERIFY_DERSIG | exports.flags.VERIFY_STRICTENC | exports.flags.VERIFY_MINIMALDATA | exports.flags.VERIFY_NULLDUMMY | exports.flags.VERIFY_DISCOURAGE_UPGRADABLE_NOPS | exports.flags.VERIFY_CLEANSTACK | exports.flags.VERIFY_MINIMALIF | exports.flags.VERIFY_NULLFAIL | exports.flags.VERIFY_CHECKLOCKTIMEVERIFY | exports.flags.VERIFY_CHECKSEQUENCEVERIFY | exports.flags.VERIFY_LOW_S | exports.flags.VERIFY_WITNESS | exports.flags.VERIFY_DISCOURAGE_UPGRADABLE_WITNESS_PROGRAM | exports.flags.VERIFY_WITNESS_PUBKEYTYPE | exports.flags.VERIFY_CONST_SCRIPTCODE;/** * Standard flags without mandatory bits. * @const {VerifyFlags} * @default */exports.flags.ONLY_STANDARD_VERIFY_FLAGS = exports.flags.STANDARD_VERIFY_FLAGS & ~exports.flags.MANDATORY_VERIFY_FLAGS;/** * Sighash Types. * @enum {SighashType} * @default */exports.hashType = { /* * Sign all outputs. */ ALL: 1, /* * Do not sign outputs (zero sequences). */ NONE: 2, /* * Sign output at the same index (zero sequences). */ SINGLE: 3, /* * Sign only the current input (mask). */ ANYONECANPAY: 0x80};/** * Sighash types by value. * @const {Object} */exports.hashTypeByVal = { 1: 'ALL', 2: 'NONE', 3: 'SINGLE', 0x80: 'ANYONECANPAY'};/** * Output script types. * @enum {Number} */exports.types = { NONSTANDARD: 0, PUBKEY: 1, PUBKEYHASH: 2, SCRIPTHASH: 3, MULTISIG: 4, NULLDATA: 5, WITNESSMALFORMED: 0x80, WITNESSSCRIPTHASH: 0x81, WITNESSPUBKEYHASH: 0x82};/** * Output script types by value. * @const {Object} */exports.typesByVal = { 0: 'NONSTANDARD', 1: 'PUBKEY', 2: 'PUBKEYHASH', 3: 'SCRIPTHASH', 4: 'MULTISIG', 5: 'NULLDATA', 0x80: 'WITNESSMALFORMED', 0x81: 'WITNESSSCRIPTHASH', 0x82: 'WITNESSPUBKEYHASH'};/** * Test a signature to see whether it contains a valid sighash type. * @param {Buffer} sig * @returns {Boolean} */exports.isHashType = function isHashType(sig) { assert(Buffer.isBuffer(sig)); if (sig.length === 0) return false; const type = sig[sig.length - 1] & ~exports.hashType.ANYONECANPAY; if (type < exports.hashType.ALL || type > exports.hashType.SINGLE) return false; return true;};/** * Test a signature to see whether it contains a low S value. * @param {Buffer} sig * @returns {Boolean} */exports.isLowDER = function isLowDER(sig) { if (!exports.isSignatureEncoding(sig)) return false; return secp256k1.isLowDER(sig.slice(0, -1));};/** * Test whether the data element is a valid key. * @param {Buffer} key * @returns {Boolean} */exports.isKeyEncoding = function isKeyEncoding(key) { assert(Buffer.isBuffer(key)); if (key.length < 33) return false; if (key[0] === 0x04) { if (key.length !== 65) return false; } else if (key[0] === 0x02 || key[0] === 0x03) { if (key.length !== 33) return false; } else { return false; } return true;};/** * Test whether the data element is a compressed key. * @param {Buffer} key * @returns {Boolean} */exports.isCompressedEncoding = function isCompressedEncoding(key) { assert(Buffer.isBuffer(key)); if (key.length !== 33) return false; if (key[0] !== 0x02 && key[0] !== 0x03) return false; return true;};/** * Test a signature to see if it abides by BIP66. * @see https://github.com/bitcoin/bips/blob/master/bip-0066.mediawiki * @param {Buffer} sig * @returns {Boolean} */exports.isSignatureEncoding = function isSignatureEncoding(sig) { assert(Buffer.isBuffer(sig)); // Format: // 0x30 [total-length] 0x02 [R-length] [R] 0x02 [S-length] [S] [sighash] // * total-length: 1-byte length descriptor of everything that follows, // excluding the sighash byte. // * R-length: 1-byte length descriptor of the R value that follows. // * R: arbitrary-length big-endian encoded R value. It must use the shortest // possible encoding for a positive integers (which means no null bytes at // the start, except a single one when the next byte has its highest bit // set). // * S-length: 1-byte length descriptor of the S value that follows. // * S: arbitrary-length big-endian encoded S value. The same rules apply. // * sighash: 1-byte value indicating what data is hashed (not part of the DER // signature) // Minimum and maximum size constraints. if (sig.length < 9) return false; if (sig.length > 73) return false; // A signature is of type 0x30 (compound). if (sig[0] !== 0x30) return false; // Make sure the length covers the entire signature. if (sig[1] !== sig.length - 3) return false; // Extract the length of the R element. const lenR = sig[3]; // Make sure the length of the S element is still inside the signature. if (5 + lenR >= sig.length) return false; // Extract the length of the S element. const lenS = sig[5 + lenR]; // Verify that the length of the signature matches the sum of the length // of the elements. if (lenR + lenS + 7 !== sig.length) return false; // Check whether the R element is an integer. if (sig[2] !== 0x02) return false; // Zero-length integers are not allowed for R. if (lenR === 0) return false; // Negative numbers are not allowed for R. if (sig[4] & 0x80) return false; // Null bytes at the start of R are not allowed, unless R would // otherwise be interpreted as a negative number. if (lenR > 1 && (sig[4] === 0x00) && !(sig[5] & 0x80)) return false; // Check whether the S element is an integer. if (sig[lenR + 4] !== 0x02) return false; // Zero-length integers are not allowed for S. if (lenS === 0) return false; // Negative numbers are not allowed for S. if (sig[lenR + 6] & 0x80) return false; // Null bytes at the start of S are not allowed, unless S would otherwise be // interpreted as a negative number. if (lenS > 1 && (sig[lenR + 6] === 0x00) && !(sig[lenR + 7] & 0x80)) return false; return true;};/** * Format stack item into bitcoind asm format. * @param {Buffer} item * @param {Boolean?} decode - Attempt to decode hash types. * @returns {String} Human-readable string. */exports.toASM = function toASM(item, decode) { if (item.length <= 4) { const num = ScriptNum.decode(item); return num.toString(10); } if (decode && exports.isSignatureEncoding(item)) { const type = item[item.length - 1]; let symbol = exports.hashTypeByVal[type & 0x1f] || ''; if (symbol) { if (type & exports.hashType.ANYONECANPAY) symbol += '|ANYONECANPAY'; symbol = `[${symbol}]`; } return item.slice(0, -1).toString('hex') + symbol; } return item.toString('hex');};