-
+ E618531AACEECEFE505689A76254DA2CAD45AF6DB44DE26138E130B166D1D26B6A78D0CCF352B8C9C11878E5549010CE48B2083089E14EE026D949F06CD310F6bitcoin/src/script.cpp(0 . 0)(1 . 1203)
17691 // Copyright (c) 2009-2010 Satoshi Nakamoto
17692 // Copyright (c) 2011 The Bitcoin developers
17693 // Distributed under the MIT/X11 software license, see the accompanying
17694 // file license.txt or http://www.opensource.org/licenses/mit-license.php.
17695 #include "headers.h"
17696
17697 using namespace std;
17698 using namespace boost;
17699
17700 bool CheckSig(vector<unsigned char> vchSig, vector<unsigned char> vchPubKey, CScript scriptCode, const CTransaction& txTo, unsigned int nIn, int nHashType);
17701
17702
17703
17704 typedef vector<unsigned char> valtype;
17705 static const valtype vchFalse(0);
17706 static const valtype vchZero(0);
17707 static const valtype vchTrue(1, 1);
17708 static const CBigNum bnZero(0);
17709 static const CBigNum bnOne(1);
17710 static const CBigNum bnFalse(0);
17711 static const CBigNum bnTrue(1);
17712 static const size_t nMaxNumSize = 4;
17713
17714
17715 CBigNum CastToBigNum(const valtype& vch)
17716 {
17717 if (vch.size() > nMaxNumSize)
17718 throw runtime_error("CastToBigNum() : overflow");
17719 // Get rid of extra leading zeros
17720 return CBigNum(CBigNum(vch).getvch());
17721 }
17722
17723 bool CastToBool(const valtype& vch)
17724 {
17725 for (int i = 0; i < vch.size(); i++)
17726 {
17727 if (vch[i] != 0)
17728 {
17729 // Can be negative zero
17730 if (i == vch.size()-1 && vch[i] == 0x80)
17731 return false;
17732 return true;
17733 }
17734 }
17735 return false;
17736 }
17737
17738 void MakeSameSize(valtype& vch1, valtype& vch2)
17739 {
17740 // Lengthen the shorter one
17741 if (vch1.size() < vch2.size())
17742 vch1.resize(vch2.size(), 0);
17743 if (vch2.size() < vch1.size())
17744 vch2.resize(vch1.size(), 0);
17745 }
17746
17747
17748
17749 //
17750 // Script is a stack machine (like Forth) that evaluates a predicate
17751 // returning a bool indicating valid or not. There are no loops.
17752 //
17753 #define stacktop(i) (stack.at(stack.size()+(i)))
17754 #define altstacktop(i) (altstack.at(altstack.size()+(i)))
17755 static inline void popstack(vector<valtype>& stack)
17756 {
17757 if (stack.empty())
17758 throw runtime_error("popstack() : stack empty");
17759 stack.pop_back();
17760 }
17761
17762
17763 bool EvalScript(vector<vector<unsigned char> >& stack, const CScript& script, const CTransaction& txTo, unsigned int nIn, int nHashType)
17764 {
17765 CAutoBN_CTX pctx;
17766 CScript::const_iterator pc = script.begin();
17767 CScript::const_iterator pend = script.end();
17768 CScript::const_iterator pbegincodehash = script.begin();
17769 opcodetype opcode;
17770 valtype vchPushValue;
17771 vector<bool> vfExec;
17772 vector<valtype> altstack;
17773 if (script.size() > 10000)
17774 return false;
17775 int nOpCount = 0;
17776
17777
17778 try
17779 {
17780 while (pc < pend)
17781 {
17782 bool fExec = !count(vfExec.begin(), vfExec.end(), false);
17783
17784 //
17785 // Read instruction
17786 //
17787 if (!script.GetOp(pc, opcode, vchPushValue))
17788 return false;
17789 if (vchPushValue.size() > 520)
17790 return false;
17791 if (opcode > OP_16 && ++nOpCount > 201)
17792 return false;
17793
17794 if (opcode == OP_CAT ||
17795 opcode == OP_SUBSTR ||
17796 opcode == OP_LEFT ||
17797 opcode == OP_RIGHT ||
17798 opcode == OP_INVERT ||
17799 opcode == OP_AND ||
17800 opcode == OP_OR ||
17801 opcode == OP_XOR ||
17802 opcode == OP_2MUL ||
17803 opcode == OP_2DIV ||
17804 opcode == OP_MUL ||
17805 opcode == OP_DIV ||
17806 opcode == OP_MOD ||
17807 opcode == OP_LSHIFT ||
17808 opcode == OP_RSHIFT)
17809 return false;
17810
17811 if (fExec && 0 <= opcode && opcode <= OP_PUSHDATA4)
17812 stack.push_back(vchPushValue);
17813 else if (fExec || (OP_IF <= opcode && opcode <= OP_ENDIF))
17814 switch (opcode)
17815 {
17816 //
17817 // Push value
17818 //
17819 case OP_1NEGATE:
17820 case OP_1:
17821 case OP_2:
17822 case OP_3:
17823 case OP_4:
17824 case OP_5:
17825 case OP_6:
17826 case OP_7:
17827 case OP_8:
17828 case OP_9:
17829 case OP_10:
17830 case OP_11:
17831 case OP_12:
17832 case OP_13:
17833 case OP_14:
17834 case OP_15:
17835 case OP_16:
17836 {
17837 // ( -- value)
17838 CBigNum bn((int)opcode - (int)(OP_1 - 1));
17839 stack.push_back(bn.getvch());
17840 }
17841 break;
17842
17843
17844 //
17845 // Control
17846 //
17847 case OP_NOP:
17848 case OP_NOP1: case OP_NOP2: case OP_NOP3: case OP_NOP4: case OP_NOP5:
17849 case OP_NOP6: case OP_NOP7: case OP_NOP8: case OP_NOP9: case OP_NOP10:
17850 break;
17851
17852 case OP_IF:
17853 case OP_NOTIF:
17854 {
17855 // <expression> if [statements] [else [statements]] endif
17856 bool fValue = false;
17857 if (fExec)
17858 {
17859 if (stack.size() < 1)
17860 return false;
17861 valtype& vch = stacktop(-1);
17862 fValue = CastToBool(vch);
17863 if (opcode == OP_NOTIF)
17864 fValue = !fValue;
17865 popstack(stack);
17866 }
17867 vfExec.push_back(fValue);
17868 }
17869 break;
17870
17871 case OP_ELSE:
17872 {
17873 if (vfExec.empty())
17874 return false;
17875 vfExec.back() = !vfExec.back();
17876 }
17877 break;
17878
17879 case OP_ENDIF:
17880 {
17881 if (vfExec.empty())
17882 return false;
17883 vfExec.pop_back();
17884 }
17885 break;
17886
17887 case OP_VERIFY:
17888 {
17889 // (true -- ) or
17890 // (false -- false) and return
17891 if (stack.size() < 1)
17892 return false;
17893 bool fValue = CastToBool(stacktop(-1));
17894 if (fValue)
17895 popstack(stack);
17896 else
17897 return false;
17898 }
17899 break;
17900
17901 case OP_RETURN:
17902 {
17903 return false;
17904 }
17905 break;
17906
17907
17908 //
17909 // Stack ops
17910 //
17911 case OP_TOALTSTACK:
17912 {
17913 if (stack.size() < 1)
17914 return false;
17915 altstack.push_back(stacktop(-1));
17916 popstack(stack);
17917 }
17918 break;
17919
17920 case OP_FROMALTSTACK:
17921 {
17922 if (altstack.size() < 1)
17923 return false;
17924 stack.push_back(altstacktop(-1));
17925 popstack(altstack);
17926 }
17927 break;
17928
17929 case OP_2DROP:
17930 {
17931 // (x1 x2 -- )
17932 if (stack.size() < 2)
17933 return false;
17934 popstack(stack);
17935 popstack(stack);
17936 }
17937 break;
17938
17939 case OP_2DUP:
17940 {
17941 // (x1 x2 -- x1 x2 x1 x2)
17942 if (stack.size() < 2)
17943 return false;
17944 valtype vch1 = stacktop(-2);
17945 valtype vch2 = stacktop(-1);
17946 stack.push_back(vch1);
17947 stack.push_back(vch2);
17948 }
17949 break;
17950
17951 case OP_3DUP:
17952 {
17953 // (x1 x2 x3 -- x1 x2 x3 x1 x2 x3)
17954 if (stack.size() < 3)
17955 return false;
17956 valtype vch1 = stacktop(-3);
17957 valtype vch2 = stacktop(-2);
17958 valtype vch3 = stacktop(-1);
17959 stack.push_back(vch1);
17960 stack.push_back(vch2);
17961 stack.push_back(vch3);
17962 }
17963 break;
17964
17965 case OP_2OVER:
17966 {
17967 // (x1 x2 x3 x4 -- x1 x2 x3 x4 x1 x2)
17968 if (stack.size() < 4)
17969 return false;
17970 valtype vch1 = stacktop(-4);
17971 valtype vch2 = stacktop(-3);
17972 stack.push_back(vch1);
17973 stack.push_back(vch2);
17974 }
17975 break;
17976
17977 case OP_2ROT:
17978 {
17979 // (x1 x2 x3 x4 x5 x6 -- x3 x4 x5 x6 x1 x2)
17980 if (stack.size() < 6)
17981 return false;
17982 valtype vch1 = stacktop(-6);
17983 valtype vch2 = stacktop(-5);
17984 stack.erase(stack.end()-6, stack.end()-4);
17985 stack.push_back(vch1);
17986 stack.push_back(vch2);
17987 }
17988 break;
17989
17990 case OP_2SWAP:
17991 {
17992 // (x1 x2 x3 x4 -- x3 x4 x1 x2)
17993 if (stack.size() < 4)
17994 return false;
17995 swap(stacktop(-4), stacktop(-2));
17996 swap(stacktop(-3), stacktop(-1));
17997 }
17998 break;
17999
18000 case OP_IFDUP:
18001 {
18002 // (x - 0 | x x)
18003 if (stack.size() < 1)
18004 return false;
18005 valtype vch = stacktop(-1);
18006 if (CastToBool(vch))
18007 stack.push_back(vch);
18008 }
18009 break;
18010
18011 case OP_DEPTH:
18012 {
18013 // -- stacksize
18014 CBigNum bn(stack.size());
18015 stack.push_back(bn.getvch());
18016 }
18017 break;
18018
18019 case OP_DROP:
18020 {
18021 // (x -- )
18022 if (stack.size() < 1)
18023 return false;
18024 popstack(stack);
18025 }
18026 break;
18027
18028 case OP_DUP:
18029 {
18030 // (x -- x x)
18031 if (stack.size() < 1)
18032 return false;
18033 valtype vch = stacktop(-1);
18034 stack.push_back(vch);
18035 }
18036 break;
18037
18038 case OP_NIP:
18039 {
18040 // (x1 x2 -- x2)
18041 if (stack.size() < 2)
18042 return false;
18043 stack.erase(stack.end() - 2);
18044 }
18045 break;
18046
18047 case OP_OVER:
18048 {
18049 // (x1 x2 -- x1 x2 x1)
18050 if (stack.size() < 2)
18051 return false;
18052 valtype vch = stacktop(-2);
18053 stack.push_back(vch);
18054 }
18055 break;
18056
18057 case OP_PICK:
18058 case OP_ROLL:
18059 {
18060 // (xn ... x2 x1 x0 n - xn ... x2 x1 x0 xn)
18061 // (xn ... x2 x1 x0 n - ... x2 x1 x0 xn)
18062 if (stack.size() < 2)
18063 return false;
18064 int n = CastToBigNum(stacktop(-1)).getint();
18065 popstack(stack);
18066 if (n < 0 || n >= stack.size())
18067 return false;
18068 valtype vch = stacktop(-n-1);
18069 if (opcode == OP_ROLL)
18070 stack.erase(stack.end()-n-1);
18071 stack.push_back(vch);
18072 }
18073 break;
18074
18075 case OP_ROT:
18076 {
18077 // (x1 x2 x3 -- x2 x3 x1)
18078 // x2 x1 x3 after first swap
18079 // x2 x3 x1 after second swap
18080 if (stack.size() < 3)
18081 return false;
18082 swap(stacktop(-3), stacktop(-2));
18083 swap(stacktop(-2), stacktop(-1));
18084 }
18085 break;
18086
18087 case OP_SWAP:
18088 {
18089 // (x1 x2 -- x2 x1)
18090 if (stack.size() < 2)
18091 return false;
18092 swap(stacktop(-2), stacktop(-1));
18093 }
18094 break;
18095
18096 case OP_TUCK:
18097 {
18098 // (x1 x2 -- x2 x1 x2)
18099 if (stack.size() < 2)
18100 return false;
18101 valtype vch = stacktop(-1);
18102 stack.insert(stack.end()-2, vch);
18103 }
18104 break;
18105
18106
18107 //
18108 // Splice ops
18109 //
18110 case OP_CAT:
18111 {
18112 // (x1 x2 -- out)
18113 if (stack.size() < 2)
18114 return false;
18115 valtype& vch1 = stacktop(-2);
18116 valtype& vch2 = stacktop(-1);
18117 vch1.insert(vch1.end(), vch2.begin(), vch2.end());
18118 popstack(stack);
18119 if (stacktop(-1).size() > 520)
18120 return false;
18121 }
18122 break;
18123
18124 case OP_SUBSTR:
18125 {
18126 // (in begin size -- out)
18127 if (stack.size() < 3)
18128 return false;
18129 valtype& vch = stacktop(-3);
18130 int nBegin = CastToBigNum(stacktop(-2)).getint();
18131 int nEnd = nBegin + CastToBigNum(stacktop(-1)).getint();
18132 if (nBegin < 0 || nEnd < nBegin)
18133 return false;
18134 if (nBegin > vch.size())
18135 nBegin = vch.size();
18136 if (nEnd > vch.size())
18137 nEnd = vch.size();
18138 vch.erase(vch.begin() + nEnd, vch.end());
18139 vch.erase(vch.begin(), vch.begin() + nBegin);
18140 popstack(stack);
18141 popstack(stack);
18142 }
18143 break;
18144
18145 case OP_LEFT:
18146 case OP_RIGHT:
18147 {
18148 // (in size -- out)
18149 if (stack.size() < 2)
18150 return false;
18151 valtype& vch = stacktop(-2);
18152 int nSize = CastToBigNum(stacktop(-1)).getint();
18153 if (nSize < 0)
18154 return false;
18155 if (nSize > vch.size())
18156 nSize = vch.size();
18157 if (opcode == OP_LEFT)
18158 vch.erase(vch.begin() + nSize, vch.end());
18159 else
18160 vch.erase(vch.begin(), vch.end() - nSize);
18161 popstack(stack);
18162 }
18163 break;
18164
18165 case OP_SIZE:
18166 {
18167 // (in -- in size)
18168 if (stack.size() < 1)
18169 return false;
18170 CBigNum bn(stacktop(-1).size());
18171 stack.push_back(bn.getvch());
18172 }
18173 break;
18174
18175
18176 //
18177 // Bitwise logic
18178 //
18179 case OP_INVERT:
18180 {
18181 // (in - out)
18182 if (stack.size() < 1)
18183 return false;
18184 valtype& vch = stacktop(-1);
18185 for (int i = 0; i < vch.size(); i++)
18186 vch[i] = ~vch[i];
18187 }
18188 break;
18189
18190 case OP_AND:
18191 case OP_OR:
18192 case OP_XOR:
18193 {
18194 // (x1 x2 - out)
18195 if (stack.size() < 2)
18196 return false;
18197 valtype& vch1 = stacktop(-2);
18198 valtype& vch2 = stacktop(-1);
18199 MakeSameSize(vch1, vch2);
18200 if (opcode == OP_AND)
18201 {
18202 for (int i = 0; i < vch1.size(); i++)
18203 vch1[i] &= vch2[i];
18204 }
18205 else if (opcode == OP_OR)
18206 {
18207 for (int i = 0; i < vch1.size(); i++)
18208 vch1[i] |= vch2[i];
18209 }
18210 else if (opcode == OP_XOR)
18211 {
18212 for (int i = 0; i < vch1.size(); i++)
18213 vch1[i] ^= vch2[i];
18214 }
18215 popstack(stack);
18216 }
18217 break;
18218
18219 case OP_EQUAL:
18220 case OP_EQUALVERIFY:
18221 //case OP_NOTEQUAL: // use OP_NUMNOTEQUAL
18222 {
18223 // (x1 x2 - bool)
18224 if (stack.size() < 2)
18225 return false;
18226 valtype& vch1 = stacktop(-2);
18227 valtype& vch2 = stacktop(-1);
18228 bool fEqual = (vch1 == vch2);
18229 // OP_NOTEQUAL is disabled because it would be too easy to say
18230 // something like n != 1 and have some wiseguy pass in 1 with extra
18231 // zero bytes after it (numerically, 0x01 == 0x0001 == 0x000001)
18232 //if (opcode == OP_NOTEQUAL)
18233 // fEqual = !fEqual;
18234 popstack(stack);
18235 popstack(stack);
18236 stack.push_back(fEqual ? vchTrue : vchFalse);
18237 if (opcode == OP_EQUALVERIFY)
18238 {
18239 if (fEqual)
18240 popstack(stack);
18241 else
18242 return false;
18243 }
18244 }
18245 break;
18246
18247
18248 //
18249 // Numeric
18250 //
18251 case OP_1ADD:
18252 case OP_1SUB:
18253 case OP_2MUL:
18254 case OP_2DIV:
18255 case OP_NEGATE:
18256 case OP_ABS:
18257 case OP_NOT:
18258 case OP_0NOTEQUAL:
18259 {
18260 // (in -- out)
18261 if (stack.size() < 1)
18262 return false;
18263 CBigNum bn = CastToBigNum(stacktop(-1));
18264 switch (opcode)
18265 {
18266 case OP_1ADD: bn += bnOne; break;
18267 case OP_1SUB: bn -= bnOne; break;
18268 case OP_2MUL: bn <<= 1; break;
18269 case OP_2DIV: bn >>= 1; break;
18270 case OP_NEGATE: bn = -bn; break;
18271 case OP_ABS: if (bn < bnZero) bn = -bn; break;
18272 case OP_NOT: bn = (bn == bnZero); break;
18273 case OP_0NOTEQUAL: bn = (bn != bnZero); break;
18274 default: assert(!"invalid opcode"); break;
18275 }
18276 popstack(stack);
18277 stack.push_back(bn.getvch());
18278 }
18279 break;
18280
18281 case OP_ADD:
18282 case OP_SUB:
18283 case OP_MUL:
18284 case OP_DIV:
18285 case OP_MOD:
18286 case OP_LSHIFT:
18287 case OP_RSHIFT:
18288 case OP_BOOLAND:
18289 case OP_BOOLOR:
18290 case OP_NUMEQUAL:
18291 case OP_NUMEQUALVERIFY:
18292 case OP_NUMNOTEQUAL:
18293 case OP_LESSTHAN:
18294 case OP_GREATERTHAN:
18295 case OP_LESSTHANOREQUAL:
18296 case OP_GREATERTHANOREQUAL:
18297 case OP_MIN:
18298 case OP_MAX:
18299 {
18300 // (x1 x2 -- out)
18301 if (stack.size() < 2)
18302 return false;
18303 CBigNum bn1 = CastToBigNum(stacktop(-2));
18304 CBigNum bn2 = CastToBigNum(stacktop(-1));
18305 CBigNum bn;
18306 switch (opcode)
18307 {
18308 case OP_ADD:
18309 bn = bn1 + bn2;
18310 break;
18311
18312 case OP_SUB:
18313 bn = bn1 - bn2;
18314 break;
18315
18316 case OP_MUL:
18317 if (!BN_mul(&bn, &bn1, &bn2, pctx))
18318 return false;
18319 break;
18320
18321 case OP_DIV:
18322 if (!BN_div(&bn, NULL, &bn1, &bn2, pctx))
18323 return false;
18324 break;
18325
18326 case OP_MOD:
18327 if (!BN_mod(&bn, &bn1, &bn2, pctx))
18328 return false;
18329 break;
18330
18331 case OP_LSHIFT:
18332 if (bn2 < bnZero || bn2 > CBigNum(2048))
18333 return false;
18334 bn = bn1 << bn2.getulong();
18335 break;
18336
18337 case OP_RSHIFT:
18338 if (bn2 < bnZero || bn2 > CBigNum(2048))
18339 return false;
18340 bn = bn1 >> bn2.getulong();
18341 break;
18342
18343 case OP_BOOLAND: bn = (bn1 != bnZero && bn2 != bnZero); break;
18344 case OP_BOOLOR: bn = (bn1 != bnZero || bn2 != bnZero); break;
18345 case OP_NUMEQUAL: bn = (bn1 == bn2); break;
18346 case OP_NUMEQUALVERIFY: bn = (bn1 == bn2); break;
18347 case OP_NUMNOTEQUAL: bn = (bn1 != bn2); break;
18348 case OP_LESSTHAN: bn = (bn1 < bn2); break;
18349 case OP_GREATERTHAN: bn = (bn1 > bn2); break;
18350 case OP_LESSTHANOREQUAL: bn = (bn1 <= bn2); break;
18351 case OP_GREATERTHANOREQUAL: bn = (bn1 >= bn2); break;
18352 case OP_MIN: bn = (bn1 < bn2 ? bn1 : bn2); break;
18353 case OP_MAX: bn = (bn1 > bn2 ? bn1 : bn2); break;
18354 default: assert(!"invalid opcode"); break;
18355 }
18356 popstack(stack);
18357 popstack(stack);
18358 stack.push_back(bn.getvch());
18359
18360 if (opcode == OP_NUMEQUALVERIFY)
18361 {
18362 if (CastToBool(stacktop(-1)))
18363 popstack(stack);
18364 else
18365 return false;
18366 }
18367 }
18368 break;
18369
18370 case OP_WITHIN:
18371 {
18372 // (x min max -- out)
18373 if (stack.size() < 3)
18374 return false;
18375 CBigNum bn1 = CastToBigNum(stacktop(-3));
18376 CBigNum bn2 = CastToBigNum(stacktop(-2));
18377 CBigNum bn3 = CastToBigNum(stacktop(-1));
18378 bool fValue = (bn2 <= bn1 && bn1 < bn3);
18379 popstack(stack);
18380 popstack(stack);
18381 popstack(stack);
18382 stack.push_back(fValue ? vchTrue : vchFalse);
18383 }
18384 break;
18385
18386
18387 //
18388 // Crypto
18389 //
18390 case OP_RIPEMD160:
18391 case OP_SHA1:
18392 case OP_SHA256:
18393 case OP_HASH160:
18394 case OP_HASH256:
18395 {
18396 // (in -- hash)
18397 if (stack.size() < 1)
18398 return false;
18399 valtype& vch = stacktop(-1);
18400 valtype vchHash((opcode == OP_RIPEMD160 || opcode == OP_SHA1 || opcode == OP_HASH160) ? 20 : 32);
18401 if (opcode == OP_RIPEMD160)
18402 RIPEMD160(&vch[0], vch.size(), &vchHash[0]);
18403 else if (opcode == OP_SHA1)
18404 SHA1(&vch[0], vch.size(), &vchHash[0]);
18405 else if (opcode == OP_SHA256)
18406 SHA256(&vch[0], vch.size(), &vchHash[0]);
18407 else if (opcode == OP_HASH160)
18408 {
18409 uint160 hash160 = Hash160(vch);
18410 memcpy(&vchHash[0], &hash160, sizeof(hash160));
18411 }
18412 else if (opcode == OP_HASH256)
18413 {
18414 uint256 hash = Hash(vch.begin(), vch.end());
18415 memcpy(&vchHash[0], &hash, sizeof(hash));
18416 }
18417 popstack(stack);
18418 stack.push_back(vchHash);
18419 }
18420 break;
18421
18422 case OP_CODESEPARATOR:
18423 {
18424 // Hash starts after the code separator
18425 pbegincodehash = pc;
18426 }
18427 break;
18428
18429 case OP_CHECKSIG:
18430 case OP_CHECKSIGVERIFY:
18431 {
18432 // (sig pubkey -- bool)
18433 if (stack.size() < 2)
18434 return false;
18435
18436 valtype& vchSig = stacktop(-2);
18437 valtype& vchPubKey = stacktop(-1);
18438
18439 ////// debug print
18440 //PrintHex(vchSig.begin(), vchSig.end(), "sig: %s\n");
18441 //PrintHex(vchPubKey.begin(), vchPubKey.end(), "pubkey: %s\n");
18442
18443 // Subset of script starting at the most recent codeseparator
18444 CScript scriptCode(pbegincodehash, pend);
18445
18446 // Drop the signature, since there's no way for a signature to sign itself
18447 scriptCode.FindAndDelete(CScript(vchSig));
18448
18449 bool fSuccess = CheckSig(vchSig, vchPubKey, scriptCode, txTo, nIn, nHashType);
18450
18451 popstack(stack);
18452 popstack(stack);
18453 stack.push_back(fSuccess ? vchTrue : vchFalse);
18454 if (opcode == OP_CHECKSIGVERIFY)
18455 {
18456 if (fSuccess)
18457 popstack(stack);
18458 else
18459 return false;
18460 }
18461 }
18462 break;
18463
18464 case OP_CHECKMULTISIG:
18465 case OP_CHECKMULTISIGVERIFY:
18466 {
18467 // ([sig ...] num_of_signatures [pubkey ...] num_of_pubkeys -- bool)
18468
18469 int i = 1;
18470 if (stack.size() < i)
18471 return false;
18472
18473 int nKeysCount = CastToBigNum(stacktop(-i)).getint();
18474 if (nKeysCount < 0 || nKeysCount > 20)
18475 return false;
18476 nOpCount += nKeysCount;
18477 if (nOpCount > 201)
18478 return false;
18479 int ikey = ++i;
18480 i += nKeysCount;
18481 if (stack.size() < i)
18482 return false;
18483
18484 int nSigsCount = CastToBigNum(stacktop(-i)).getint();
18485 if (nSigsCount < 0 || nSigsCount > nKeysCount)
18486 return false;
18487 int isig = ++i;
18488 i += nSigsCount;
18489 if (stack.size() < i)
18490 return false;
18491
18492 // Subset of script starting at the most recent codeseparator
18493 CScript scriptCode(pbegincodehash, pend);
18494
18495 // Drop the signatures, since there's no way for a signature to sign itself
18496 for (int k = 0; k < nSigsCount; k++)
18497 {
18498 valtype& vchSig = stacktop(-isig-k);
18499 scriptCode.FindAndDelete(CScript(vchSig));
18500 }
18501
18502 bool fSuccess = true;
18503 while (fSuccess && nSigsCount > 0)
18504 {
18505 valtype& vchSig = stacktop(-isig);
18506 valtype& vchPubKey = stacktop(-ikey);
18507
18508 // Check signature
18509 if (CheckSig(vchSig, vchPubKey, scriptCode, txTo, nIn, nHashType))
18510 {
18511 isig++;
18512 nSigsCount--;
18513 }
18514 ikey++;
18515 nKeysCount--;
18516
18517 // If there are more signatures left than keys left,
18518 // then too many signatures have failed
18519 if (nSigsCount > nKeysCount)
18520 fSuccess = false;
18521 }
18522
18523 while (i-- > 0)
18524 popstack(stack);
18525 stack.push_back(fSuccess ? vchTrue : vchFalse);
18526
18527 if (opcode == OP_CHECKMULTISIGVERIFY)
18528 {
18529 if (fSuccess)
18530 popstack(stack);
18531 else
18532 return false;
18533 }
18534 }
18535 break;
18536
18537 default:
18538 return false;
18539 }
18540
18541 // Size limits
18542 if (stack.size() + altstack.size() > 1000)
18543 return false;
18544 }
18545 }
18546 catch (...)
18547 {
18548 return false;
18549 }
18550
18551
18552 if (!vfExec.empty())
18553 return false;
18554
18555 return true;
18556 }
18557
18558
18559
18560
18561
18562
18563
18564
18565
18566 uint256 SignatureHash(CScript scriptCode, const CTransaction& txTo, unsigned int nIn, int nHashType)
18567 {
18568 if (nIn >= txTo.vin.size())
18569 {
18570 printf("ERROR: SignatureHash() : nIn=%d out of range\n", nIn);
18571 return 1;
18572 }
18573 CTransaction txTmp(txTo);
18574
18575 // In case concatenating two scripts ends up with two codeseparators,
18576 // or an extra one at the end, this prevents all those possible incompatibilities.
18577 scriptCode.FindAndDelete(CScript(OP_CODESEPARATOR));
18578
18579 // Blank out other inputs' signatures
18580 for (int i = 0; i < txTmp.vin.size(); i++)
18581 txTmp.vin[i].scriptSig = CScript();
18582 txTmp.vin[nIn].scriptSig = scriptCode;
18583
18584 // Blank out some of the outputs
18585 if ((nHashType & 0x1f) == SIGHASH_NONE)
18586 {
18587 // Wildcard payee
18588 txTmp.vout.clear();
18589
18590 // Let the others update at will
18591 for (int i = 0; i < txTmp.vin.size(); i++)
18592 if (i != nIn)
18593 txTmp.vin[i].nSequence = 0;
18594 }
18595 else if ((nHashType & 0x1f) == SIGHASH_SINGLE)
18596 {
18597 // Only lockin the txout payee at same index as txin
18598 unsigned int nOut = nIn;
18599 if (nOut >= txTmp.vout.size())
18600 {
18601 printf("ERROR: SignatureHash() : nOut=%d out of range\n", nOut);
18602 return 1;
18603 }
18604 txTmp.vout.resize(nOut+1);
18605 for (int i = 0; i < nOut; i++)
18606 txTmp.vout[i].SetNull();
18607
18608 // Let the others update at will
18609 for (int i = 0; i < txTmp.vin.size(); i++)
18610 if (i != nIn)
18611 txTmp.vin[i].nSequence = 0;
18612 }
18613
18614 // Blank out other inputs completely, not recommended for open transactions
18615 if (nHashType & SIGHASH_ANYONECANPAY)
18616 {
18617 txTmp.vin[0] = txTmp.vin[nIn];
18618 txTmp.vin.resize(1);
18619 }
18620
18621 // Serialize and hash
18622 CDataStream ss(SER_GETHASH);
18623 ss.reserve(10000);
18624 ss << txTmp << nHashType;
18625 return Hash(ss.begin(), ss.end());
18626 }
18627
18628
18629 bool CheckSig(vector<unsigned char> vchSig, vector<unsigned char> vchPubKey, CScript scriptCode,
18630 const CTransaction& txTo, unsigned int nIn, int nHashType)
18631 {
18632 CKey key;
18633 if (!key.SetPubKey(vchPubKey))
18634 return false;
18635
18636 // Hash type is one byte tacked on to the end of the signature
18637 if (vchSig.empty())
18638 return false;
18639 if (nHashType == 0)
18640 nHashType = vchSig.back();
18641 else if (nHashType != vchSig.back())
18642 return false;
18643 vchSig.pop_back();
18644
18645 return key.Verify(SignatureHash(scriptCode, txTo, nIn, nHashType), vchSig);
18646 }
18647
18648
18649
18650
18651
18652
18653
18654
18655
18656
18657 bool Solver(const CScript& scriptPubKey, vector<pair<opcodetype, valtype> >& vSolutionRet)
18658 {
18659 // Templates
18660 static vector<CScript> vTemplates;
18661 if (vTemplates.empty())
18662 {
18663 // Standard tx, sender provides pubkey, receiver adds signature
18664 vTemplates.push_back(CScript() << OP_PUBKEY << OP_CHECKSIG);
18665
18666 // Bitcoin address tx, sender provides hash of pubkey, receiver provides signature and pubkey
18667 vTemplates.push_back(CScript() << OP_DUP << OP_HASH160 << OP_PUBKEYHASH << OP_EQUALVERIFY << OP_CHECKSIG);
18668 }
18669
18670 // Scan templates
18671 const CScript& script1 = scriptPubKey;
18672 BOOST_FOREACH(const CScript& script2, vTemplates)
18673 {
18674 vSolutionRet.clear();
18675 opcodetype opcode1, opcode2;
18676 vector<unsigned char> vch1, vch2;
18677
18678 // Compare
18679 CScript::const_iterator pc1 = script1.begin();
18680 CScript::const_iterator pc2 = script2.begin();
18681 loop
18682 {
18683 if (pc1 == script1.end() && pc2 == script2.end())
18684 {
18685 // Found a match
18686 reverse(vSolutionRet.begin(), vSolutionRet.end());
18687 return true;
18688 }
18689 if (!script1.GetOp(pc1, opcode1, vch1))
18690 break;
18691 if (!script2.GetOp(pc2, opcode2, vch2))
18692 break;
18693 if (opcode2 == OP_PUBKEY)
18694 {
18695 if (vch1.size() < 33 || vch1.size() > 120)
18696 break;
18697 vSolutionRet.push_back(make_pair(opcode2, vch1));
18698 }
18699 else if (opcode2 == OP_PUBKEYHASH)
18700 {
18701 if (vch1.size() != sizeof(uint160))
18702 break;
18703 vSolutionRet.push_back(make_pair(opcode2, vch1));
18704 }
18705 else if (opcode1 != opcode2 || vch1 != vch2)
18706 {
18707 break;
18708 }
18709 }
18710 }
18711
18712 vSolutionRet.clear();
18713 return false;
18714 }
18715
18716
18717 bool Solver(const CKeyStore& keystore, const CScript& scriptPubKey, uint256 hash, int nHashType, CScript& scriptSigRet)
18718 {
18719 scriptSigRet.clear();
18720
18721 vector<pair<opcodetype, valtype> > vSolution;
18722 if (!Solver(scriptPubKey, vSolution))
18723 return false;
18724
18725 // Compile solution
18726 BOOST_FOREACH(PAIRTYPE(opcodetype, valtype)& item, vSolution)
18727 {
18728 if (item.first == OP_PUBKEY)
18729 {
18730 // Sign
18731 const valtype& vchPubKey = item.second;
18732 CKey key;
18733 if (!keystore.GetKey(Hash160(vchPubKey), key))
18734 return false;
18735 if (key.GetPubKey() != vchPubKey)
18736 return false;
18737 if (hash != 0)
18738 {
18739 vector<unsigned char> vchSig;
18740 if (!key.Sign(hash, vchSig))
18741 return false;
18742 vchSig.push_back((unsigned char)nHashType);
18743 scriptSigRet << vchSig;
18744 }
18745 }
18746 else if (item.first == OP_PUBKEYHASH)
18747 {
18748 // Sign and give pubkey
18749 CKey key;
18750 if (!keystore.GetKey(uint160(item.second), key))
18751 return false;
18752 if (hash != 0)
18753 {
18754 vector<unsigned char> vchSig;
18755 if (!key.Sign(hash, vchSig))
18756 return false;
18757 vchSig.push_back((unsigned char)nHashType);
18758 scriptSigRet << vchSig << key.GetPubKey();
18759 }
18760 }
18761 else
18762 {
18763 return false;
18764 }
18765 }
18766
18767 return true;
18768 }
18769
18770
18771 bool IsStandard(const CScript& scriptPubKey)
18772 {
18773 vector<pair<opcodetype, valtype> > vSolution;
18774 return Solver(scriptPubKey, vSolution);
18775 }
18776
18777
18778 bool IsMine(const CKeyStore &keystore, const CScript& scriptPubKey)
18779 {
18780 vector<pair<opcodetype, valtype> > vSolution;
18781 if (!Solver(scriptPubKey, vSolution))
18782 return false;
18783
18784 // Compile solution
18785 BOOST_FOREACH(PAIRTYPE(opcodetype, valtype)& item, vSolution)
18786 {
18787 if (item.first == OP_PUBKEY)
18788 {
18789 const valtype& vchPubKey = item.second;
18790 vector<unsigned char> vchPubKeyFound;
18791 if (!keystore.GetPubKey(Hash160(vchPubKey), vchPubKeyFound))
18792 return false;
18793 if (vchPubKeyFound != vchPubKey)
18794 return false;
18795 }
18796 else if (item.first == OP_PUBKEYHASH)
18797 {
18798 if (!keystore.HaveKey(uint160(item.second)))
18799 return false;
18800 }
18801 else
18802 {
18803 return false;
18804 }
18805 }
18806
18807 return true;
18808 }
18809
18810 bool static ExtractAddressInner(const CScript& scriptPubKey, const CKeyStore* keystore, CBitcoinAddress& addressRet)
18811 {
18812 vector<pair<opcodetype, valtype> > vSolution;
18813 if (!Solver(scriptPubKey, vSolution))
18814 return false;
18815
18816 BOOST_FOREACH(PAIRTYPE(opcodetype, valtype)& item, vSolution)
18817 {
18818 if (item.first == OP_PUBKEY)
18819 addressRet.SetPubKey(item.second);
18820 else if (item.first == OP_PUBKEYHASH)
18821 addressRet.SetHash160((uint160)item.second);
18822 if (keystore == NULL || keystore->HaveKey(addressRet))
18823 return true;
18824 }
18825
18826 return false;
18827 }
18828
18829
18830 bool ExtractAddress(const CScript& scriptPubKey, const CKeyStore* keystore, CBitcoinAddress& addressRet)
18831 {
18832 if (keystore)
18833 return ExtractAddressInner(scriptPubKey, keystore, addressRet);
18834 else
18835 return ExtractAddressInner(scriptPubKey, NULL, addressRet);
18836 return false;
18837 }
18838
18839
18840 bool VerifyScript(const CScript& scriptSig, const CScript& scriptPubKey, const CTransaction& txTo, unsigned int nIn, int nHashType)
18841 {
18842 vector<vector<unsigned char> > stack;
18843 if (!EvalScript(stack, scriptSig, txTo, nIn, nHashType))
18844 return false;
18845 if (!EvalScript(stack, scriptPubKey, txTo, nIn, nHashType))
18846 return false;
18847 if (stack.empty())
18848 return false;
18849 return CastToBool(stack.back());
18850 }
18851
18852
18853 bool SignSignature(const CKeyStore &keystore, const CTransaction& txFrom, CTransaction& txTo, unsigned int nIn, int nHashType, CScript scriptPrereq)
18854 {
18855 assert(nIn < txTo.vin.size());
18856 CTxIn& txin = txTo.vin[nIn];
18857 assert(txin.prevout.n < txFrom.vout.size());
18858 const CTxOut& txout = txFrom.vout[txin.prevout.n];
18859
18860 // Leave out the signature from the hash, since a signature can't sign itself.
18861 // The checksig op will also drop the signatures from its hash.
18862 uint256 hash = SignatureHash(scriptPrereq + txout.scriptPubKey, txTo, nIn, nHashType);
18863
18864 if (!Solver(keystore, txout.scriptPubKey, hash, nHashType, txin.scriptSig))
18865 return false;
18866
18867 txin.scriptSig = scriptPrereq + txin.scriptSig;
18868
18869 // Test solution
18870 if (scriptPrereq.empty())
18871 if (!VerifyScript(txin.scriptSig, txout.scriptPubKey, txTo, nIn, 0))
18872 return false;
18873
18874 return true;
18875 }
18876
18877
18878 bool VerifySignature(const CTransaction& txFrom, const CTransaction& txTo, unsigned int nIn, int nHashType)
18879 {
18880 assert(nIn < txTo.vin.size());
18881 const CTxIn& txin = txTo.vin[nIn];
18882 if (txin.prevout.n >= txFrom.vout.size())
18883 return false;
18884 const CTxOut& txout = txFrom.vout[txin.prevout.n];
18885
18886 if (txin.prevout.hash != txFrom.GetHash())
18887 return false;
18888
18889 if (!VerifyScript(txin.scriptSig, txout.scriptPubKey, txTo, nIn, nHashType))
18890 return false;
18891
18892 return true;
18893 }