1// Copyright (c) 2013-2017 The btcsuite developers
2// Use of this source code is governed by an ISC
3// license that can be found in the LICENSE file.
4
5package txscript
6
7import (
8	"fmt"
9
10	"github.com/btcsuite/btcd/chaincfg"
11	"github.com/btcsuite/btcd/wire"
12	"github.com/btcsuite/btcutil"
13)
14
15const (
16	// MaxDataCarrierSize is the maximum number of bytes allowed in pushed
17	// data to be considered a nulldata transaction
18	MaxDataCarrierSize = 80
19
20	// StandardVerifyFlags are the script flags which are used when
21	// executing transaction scripts to enforce additional checks which
22	// are required for the script to be considered standard.  These checks
23	// help reduce issues related to transaction malleability as well as
24	// allow pay-to-script hash transactions.  Note these flags are
25	// different than what is required for the consensus rules in that they
26	// are more strict.
27	//
28	// TODO: This definition does not belong here.  It belongs in a policy
29	// package.
30	StandardVerifyFlags = ScriptBip16 |
31		ScriptVerifyDERSignatures |
32		ScriptVerifyStrictEncoding |
33		ScriptVerifyMinimalData |
34		ScriptStrictMultiSig |
35		ScriptDiscourageUpgradableNops |
36		ScriptVerifyCleanStack |
37		ScriptVerifyNullFail |
38		ScriptVerifyCheckLockTimeVerify |
39		ScriptVerifyCheckSequenceVerify |
40		ScriptVerifyLowS |
41		ScriptStrictMultiSig |
42		ScriptVerifyWitness |
43		ScriptVerifyDiscourageUpgradeableWitnessProgram |
44		ScriptVerifyMinimalIf |
45		ScriptVerifyWitnessPubKeyType
46)
47
48// ScriptClass is an enumeration for the list of standard types of script.
49type ScriptClass byte
50
51// Classes of script payment known about in the blockchain.
52const (
53	NonStandardTy         ScriptClass = iota // None of the recognized forms.
54	PubKeyTy                                 // Pay pubkey.
55	PubKeyHashTy                             // Pay pubkey hash.
56	WitnessV0PubKeyHashTy                    // Pay witness pubkey hash.
57	ScriptHashTy                             // Pay to script hash.
58	WitnessV0ScriptHashTy                    // Pay to witness script hash.
59	MultiSigTy                               // Multi signature.
60	NullDataTy                               // Empty data-only (provably prunable).
61)
62
63// scriptClassToName houses the human-readable strings which describe each
64// script class.
65var scriptClassToName = []string{
66	NonStandardTy:         "nonstandard",
67	PubKeyTy:              "pubkey",
68	PubKeyHashTy:          "pubkeyhash",
69	WitnessV0PubKeyHashTy: "witness_v0_keyhash",
70	ScriptHashTy:          "scripthash",
71	WitnessV0ScriptHashTy: "witness_v0_scripthash",
72	MultiSigTy:            "multisig",
73	NullDataTy:            "nulldata",
74}
75
76// String implements the Stringer interface by returning the name of
77// the enum script class. If the enum is invalid then "Invalid" will be
78// returned.
79func (t ScriptClass) String() string {
80	if int(t) > len(scriptClassToName) || int(t) < 0 {
81		return "Invalid"
82	}
83	return scriptClassToName[t]
84}
85
86// isPubkey returns true if the script passed is a pay-to-pubkey transaction,
87// false otherwise.
88func isPubkey(pops []parsedOpcode) bool {
89	// Valid pubkeys are either 33 or 65 bytes.
90	return len(pops) == 2 &&
91		(len(pops[0].data) == 33 || len(pops[0].data) == 65) &&
92		pops[1].opcode.value == OP_CHECKSIG
93}
94
95// isPubkeyHash returns true if the script passed is a pay-to-pubkey-hash
96// transaction, false otherwise.
97func isPubkeyHash(pops []parsedOpcode) bool {
98	return len(pops) == 5 &&
99		pops[0].opcode.value == OP_DUP &&
100		pops[1].opcode.value == OP_HASH160 &&
101		pops[2].opcode.value == OP_DATA_20 &&
102		pops[3].opcode.value == OP_EQUALVERIFY &&
103		pops[4].opcode.value == OP_CHECKSIG
104
105}
106
107// isMultiSig returns true if the passed script is a multisig transaction, false
108// otherwise.
109func isMultiSig(pops []parsedOpcode) bool {
110	// The absolute minimum is 1 pubkey:
111	// OP_0/OP_1-16 <pubkey> OP_1 OP_CHECKMULTISIG
112	l := len(pops)
113	if l < 4 {
114		return false
115	}
116	if !isSmallInt(pops[0].opcode) {
117		return false
118	}
119	if !isSmallInt(pops[l-2].opcode) {
120		return false
121	}
122	if pops[l-1].opcode.value != OP_CHECKMULTISIG {
123		return false
124	}
125
126	// Verify the number of pubkeys specified matches the actual number
127	// of pubkeys provided.
128	if l-2-1 != asSmallInt(pops[l-2].opcode) {
129		return false
130	}
131
132	for _, pop := range pops[1 : l-2] {
133		// Valid pubkeys are either 33 or 65 bytes.
134		if len(pop.data) != 33 && len(pop.data) != 65 {
135			return false
136		}
137	}
138	return true
139}
140
141// isNullData returns true if the passed script is a null data transaction,
142// false otherwise.
143func isNullData(pops []parsedOpcode) bool {
144	// A nulldata transaction is either a single OP_RETURN or an
145	// OP_RETURN SMALLDATA (where SMALLDATA is a data push up to
146	// MaxDataCarrierSize bytes).
147	l := len(pops)
148	if l == 1 && pops[0].opcode.value == OP_RETURN {
149		return true
150	}
151
152	return l == 2 &&
153		pops[0].opcode.value == OP_RETURN &&
154		(isSmallInt(pops[1].opcode) || pops[1].opcode.value <=
155			OP_PUSHDATA4) &&
156		len(pops[1].data) <= MaxDataCarrierSize
157}
158
159// scriptType returns the type of the script being inspected from the known
160// standard types.
161func typeOfScript(pops []parsedOpcode) ScriptClass {
162	if isPubkey(pops) {
163		return PubKeyTy
164	} else if isPubkeyHash(pops) {
165		return PubKeyHashTy
166	} else if isWitnessPubKeyHash(pops) {
167		return WitnessV0PubKeyHashTy
168	} else if isScriptHash(pops) {
169		return ScriptHashTy
170	} else if isWitnessScriptHash(pops) {
171		return WitnessV0ScriptHashTy
172	} else if isMultiSig(pops) {
173		return MultiSigTy
174	} else if isNullData(pops) {
175		return NullDataTy
176	}
177	return NonStandardTy
178}
179
180// GetScriptClass returns the class of the script passed.
181//
182// NonStandardTy will be returned when the script does not parse.
183func GetScriptClass(script []byte) ScriptClass {
184	pops, err := parseScript(script)
185	if err != nil {
186		return NonStandardTy
187	}
188	return typeOfScript(pops)
189}
190
191// expectedInputs returns the number of arguments required by a script.
192// If the script is of unknown type such that the number can not be determined
193// then -1 is returned. We are an internal function and thus assume that class
194// is the real class of pops (and we can thus assume things that were determined
195// while finding out the type).
196func expectedInputs(pops []parsedOpcode, class ScriptClass) int {
197	switch class {
198	case PubKeyTy:
199		return 1
200
201	case PubKeyHashTy:
202		return 2
203
204	case WitnessV0PubKeyHashTy:
205		return 2
206
207	case ScriptHashTy:
208		// Not including script.  That is handled by the caller.
209		return 1
210
211	case WitnessV0ScriptHashTy:
212		// Not including script.  That is handled by the caller.
213		return 1
214
215	case MultiSigTy:
216		// Standard multisig has a push a small number for the number
217		// of sigs and number of keys.  Check the first push instruction
218		// to see how many arguments are expected. typeOfScript already
219		// checked this so we know it'll be a small int.  Also, due to
220		// the original bitcoind bug where OP_CHECKMULTISIG pops an
221		// additional item from the stack, add an extra expected input
222		// for the extra push that is required to compensate.
223		return asSmallInt(pops[0].opcode) + 1
224
225	case NullDataTy:
226		fallthrough
227	default:
228		return -1
229	}
230}
231
232// ScriptInfo houses information about a script pair that is determined by
233// CalcScriptInfo.
234type ScriptInfo struct {
235	// PkScriptClass is the class of the public key script and is equivalent
236	// to calling GetScriptClass on it.
237	PkScriptClass ScriptClass
238
239	// NumInputs is the number of inputs provided by the public key script.
240	NumInputs int
241
242	// ExpectedInputs is the number of outputs required by the signature
243	// script and any pay-to-script-hash scripts. The number will be -1 if
244	// unknown.
245	ExpectedInputs int
246
247	// SigOps is the number of signature operations in the script pair.
248	SigOps int
249}
250
251// CalcScriptInfo returns a structure providing data about the provided script
252// pair.  It will error if the pair is in someway invalid such that they can not
253// be analysed, i.e. if they do not parse or the pkScript is not a push-only
254// script
255func CalcScriptInfo(sigScript, pkScript []byte, witness wire.TxWitness,
256	bip16, segwit bool) (*ScriptInfo, error) {
257
258	sigPops, err := parseScript(sigScript)
259	if err != nil {
260		return nil, err
261	}
262
263	pkPops, err := parseScript(pkScript)
264	if err != nil {
265		return nil, err
266	}
267
268	// Push only sigScript makes little sense.
269	si := new(ScriptInfo)
270	si.PkScriptClass = typeOfScript(pkPops)
271
272	// Can't have a signature script that doesn't just push data.
273	if !isPushOnly(sigPops) {
274		return nil, scriptError(ErrNotPushOnly,
275			"signature script is not push only")
276	}
277
278	si.ExpectedInputs = expectedInputs(pkPops, si.PkScriptClass)
279
280	switch {
281	// Count sigops taking into account pay-to-script-hash.
282	case si.PkScriptClass == ScriptHashTy && bip16 && !segwit:
283		// The pay-to-hash-script is the final data push of the
284		// signature script.
285		script := sigPops[len(sigPops)-1].data
286		shPops, err := parseScript(script)
287		if err != nil {
288			return nil, err
289		}
290
291		shInputs := expectedInputs(shPops, typeOfScript(shPops))
292		if shInputs == -1 {
293			si.ExpectedInputs = -1
294		} else {
295			si.ExpectedInputs += shInputs
296		}
297		si.SigOps = getSigOpCount(shPops, true)
298
299		// All entries pushed to stack (or are OP_RESERVED and exec
300		// will fail).
301		si.NumInputs = len(sigPops)
302
303	// If segwit is active, and this is a regular p2wkh output, then we'll
304	// treat the script as a p2pkh output in essence.
305	case si.PkScriptClass == WitnessV0PubKeyHashTy && segwit:
306
307		si.SigOps = GetWitnessSigOpCount(sigScript, pkScript, witness)
308		si.NumInputs = len(witness)
309
310	// We'll attempt to detect the nested p2sh case so we can accurately
311	// count the signature operations involved.
312	case si.PkScriptClass == ScriptHashTy &&
313		IsWitnessProgram(sigScript[1:]) && bip16 && segwit:
314
315		// Extract the pushed witness program from the sigScript so we
316		// can determine the number of expected inputs.
317		pkPops, _ := parseScript(sigScript[1:])
318		shInputs := expectedInputs(pkPops, typeOfScript(pkPops))
319		if shInputs == -1 {
320			si.ExpectedInputs = -1
321		} else {
322			si.ExpectedInputs += shInputs
323		}
324
325		si.SigOps = GetWitnessSigOpCount(sigScript, pkScript, witness)
326
327		si.NumInputs = len(witness)
328		si.NumInputs += len(sigPops)
329
330	// If segwit is active, and this is a p2wsh output, then we'll need to
331	// examine the witness script to generate accurate script info.
332	case si.PkScriptClass == WitnessV0ScriptHashTy && segwit:
333		// The witness script is the final element of the witness
334		// stack.
335		witnessScript := witness[len(witness)-1]
336		pops, _ := parseScript(witnessScript)
337
338		shInputs := expectedInputs(pops, typeOfScript(pops))
339		if shInputs == -1 {
340			si.ExpectedInputs = -1
341		} else {
342			si.ExpectedInputs += shInputs
343		}
344
345		si.SigOps = GetWitnessSigOpCount(sigScript, pkScript, witness)
346		si.NumInputs = len(witness)
347
348	default:
349		si.SigOps = getSigOpCount(pkPops, true)
350
351		// All entries pushed to stack (or are OP_RESERVED and exec
352		// will fail).
353		si.NumInputs = len(sigPops)
354	}
355
356	return si, nil
357}
358
359// CalcMultiSigStats returns the number of public keys and signatures from
360// a multi-signature transaction script.  The passed script MUST already be
361// known to be a multi-signature script.
362func CalcMultiSigStats(script []byte) (int, int, error) {
363	pops, err := parseScript(script)
364	if err != nil {
365		return 0, 0, err
366	}
367
368	// A multi-signature script is of the pattern:
369	//  NUM_SIGS PUBKEY PUBKEY PUBKEY... NUM_PUBKEYS OP_CHECKMULTISIG
370	// Therefore the number of signatures is the oldest item on the stack
371	// and the number of pubkeys is the 2nd to last.  Also, the absolute
372	// minimum for a multi-signature script is 1 pubkey, so at least 4
373	// items must be on the stack per:
374	//  OP_1 PUBKEY OP_1 OP_CHECKMULTISIG
375	if len(pops) < 4 {
376		str := fmt.Sprintf("script %x is not a multisig script", script)
377		return 0, 0, scriptError(ErrNotMultisigScript, str)
378	}
379
380	numSigs := asSmallInt(pops[0].opcode)
381	numPubKeys := asSmallInt(pops[len(pops)-2].opcode)
382	return numPubKeys, numSigs, nil
383}
384
385// payToPubKeyHashScript creates a new script to pay a transaction
386// output to a 20-byte pubkey hash. It is expected that the input is a valid
387// hash.
388func payToPubKeyHashScript(pubKeyHash []byte) ([]byte, error) {
389	return NewScriptBuilder().AddOp(OP_DUP).AddOp(OP_HASH160).
390		AddData(pubKeyHash).AddOp(OP_EQUALVERIFY).AddOp(OP_CHECKSIG).
391		Script()
392}
393
394// payToWitnessPubKeyHashScript creates a new script to pay to a version 0
395// pubkey hash witness program. The passed hash is expected to be valid.
396func payToWitnessPubKeyHashScript(pubKeyHash []byte) ([]byte, error) {
397	return NewScriptBuilder().AddOp(OP_0).AddData(pubKeyHash).Script()
398}
399
400// payToScriptHashScript creates a new script to pay a transaction output to a
401// script hash. It is expected that the input is a valid hash.
402func payToScriptHashScript(scriptHash []byte) ([]byte, error) {
403	return NewScriptBuilder().AddOp(OP_HASH160).AddData(scriptHash).
404		AddOp(OP_EQUAL).Script()
405}
406
407// payToWitnessPubKeyHashScript creates a new script to pay to a version 0
408// script hash witness program. The passed hash is expected to be valid.
409func payToWitnessScriptHashScript(scriptHash []byte) ([]byte, error) {
410	return NewScriptBuilder().AddOp(OP_0).AddData(scriptHash).Script()
411}
412
413// payToPubkeyScript creates a new script to pay a transaction output to a
414// public key. It is expected that the input is a valid pubkey.
415func payToPubKeyScript(serializedPubKey []byte) ([]byte, error) {
416	return NewScriptBuilder().AddData(serializedPubKey).
417		AddOp(OP_CHECKSIG).Script()
418}
419
420// PayToAddrScript creates a new script to pay a transaction output to a the
421// specified address.
422func PayToAddrScript(addr btcutil.Address) ([]byte, error) {
423	const nilAddrErrStr = "unable to generate payment script for nil address"
424
425	switch addr := addr.(type) {
426	case *btcutil.AddressPubKeyHash:
427		if addr == nil {
428			return nil, scriptError(ErrUnsupportedAddress,
429				nilAddrErrStr)
430		}
431		return payToPubKeyHashScript(addr.ScriptAddress())
432
433	case *btcutil.AddressScriptHash:
434		if addr == nil {
435			return nil, scriptError(ErrUnsupportedAddress,
436				nilAddrErrStr)
437		}
438		return payToScriptHashScript(addr.ScriptAddress())
439
440	case *btcutil.AddressPubKey:
441		if addr == nil {
442			return nil, scriptError(ErrUnsupportedAddress,
443				nilAddrErrStr)
444		}
445		return payToPubKeyScript(addr.ScriptAddress())
446
447	case *btcutil.AddressWitnessPubKeyHash:
448		if addr == nil {
449			return nil, scriptError(ErrUnsupportedAddress,
450				nilAddrErrStr)
451		}
452		return payToWitnessPubKeyHashScript(addr.ScriptAddress())
453	case *btcutil.AddressWitnessScriptHash:
454		if addr == nil {
455			return nil, scriptError(ErrUnsupportedAddress,
456				nilAddrErrStr)
457		}
458		return payToWitnessScriptHashScript(addr.ScriptAddress())
459	}
460
461	str := fmt.Sprintf("unable to generate payment script for unsupported "+
462		"address type %T", addr)
463	return nil, scriptError(ErrUnsupportedAddress, str)
464}
465
466// NullDataScript creates a provably-prunable script containing OP_RETURN
467// followed by the passed data.  An Error with the error code ErrTooMuchNullData
468// will be returned if the length of the passed data exceeds MaxDataCarrierSize.
469func NullDataScript(data []byte) ([]byte, error) {
470	if len(data) > MaxDataCarrierSize {
471		str := fmt.Sprintf("data size %d is larger than max "+
472			"allowed size %d", len(data), MaxDataCarrierSize)
473		return nil, scriptError(ErrTooMuchNullData, str)
474	}
475
476	return NewScriptBuilder().AddOp(OP_RETURN).AddData(data).Script()
477}
478
479// MultiSigScript returns a valid script for a multisignature redemption where
480// nrequired of the keys in pubkeys are required to have signed the transaction
481// for success.  An Error with the error code ErrTooManyRequiredSigs will be
482// returned if nrequired is larger than the number of keys provided.
483func MultiSigScript(pubkeys []*btcutil.AddressPubKey, nrequired int) ([]byte, error) {
484	if len(pubkeys) < nrequired {
485		str := fmt.Sprintf("unable to generate multisig script with "+
486			"%d required signatures when there are only %d public "+
487			"keys available", nrequired, len(pubkeys))
488		return nil, scriptError(ErrTooManyRequiredSigs, str)
489	}
490
491	builder := NewScriptBuilder().AddInt64(int64(nrequired))
492	for _, key := range pubkeys {
493		builder.AddData(key.ScriptAddress())
494	}
495	builder.AddInt64(int64(len(pubkeys)))
496	builder.AddOp(OP_CHECKMULTISIG)
497
498	return builder.Script()
499}
500
501// PushedData returns an array of byte slices containing any pushed data found
502// in the passed script.  This includes OP_0, but not OP_1 - OP_16.
503func PushedData(script []byte) ([][]byte, error) {
504	pops, err := parseScript(script)
505	if err != nil {
506		return nil, err
507	}
508
509	var data [][]byte
510	for _, pop := range pops {
511		if pop.data != nil {
512			data = append(data, pop.data)
513		} else if pop.opcode.value == OP_0 {
514			data = append(data, nil)
515		}
516	}
517	return data, nil
518}
519
520// ExtractPkScriptAddrs returns the type of script, addresses and required
521// signatures associated with the passed PkScript.  Note that it only works for
522// 'standard' transaction script types.  Any data such as public keys which are
523// invalid are omitted from the results.
524func ExtractPkScriptAddrs(pkScript []byte, chainParams *chaincfg.Params) (ScriptClass, []btcutil.Address, int, error) {
525	var addrs []btcutil.Address
526	var requiredSigs int
527
528	// No valid addresses or required signatures if the script doesn't
529	// parse.
530	pops, err := parseScript(pkScript)
531	if err != nil {
532		return NonStandardTy, nil, 0, err
533	}
534
535	scriptClass := typeOfScript(pops)
536	switch scriptClass {
537	case PubKeyHashTy:
538		// A pay-to-pubkey-hash script is of the form:
539		//  OP_DUP OP_HASH160 <hash> OP_EQUALVERIFY OP_CHECKSIG
540		// Therefore the pubkey hash is the 3rd item on the stack.
541		// Skip the pubkey hash if it's invalid for some reason.
542		requiredSigs = 1
543		addr, err := btcutil.NewAddressPubKeyHash(pops[2].data,
544			chainParams)
545		if err == nil {
546			addrs = append(addrs, addr)
547		}
548
549	case WitnessV0PubKeyHashTy:
550		// A pay-to-witness-pubkey-hash script is of thw form:
551		//  OP_0 <20-byte hash>
552		// Therefore, the pubkey hash is the second item on the stack.
553		// Skip the pubkey hash if it's invalid for some reason.
554		requiredSigs = 1
555		addr, err := btcutil.NewAddressWitnessPubKeyHash(pops[1].data,
556			chainParams)
557		if err == nil {
558			addrs = append(addrs, addr)
559		}
560
561	case PubKeyTy:
562		// A pay-to-pubkey script is of the form:
563		//  <pubkey> OP_CHECKSIG
564		// Therefore the pubkey is the first item on the stack.
565		// Skip the pubkey if it's invalid for some reason.
566		requiredSigs = 1
567		addr, err := btcutil.NewAddressPubKey(pops[0].data, chainParams)
568		if err == nil {
569			addrs = append(addrs, addr)
570		}
571
572	case ScriptHashTy:
573		// A pay-to-script-hash script is of the form:
574		//  OP_HASH160 <scripthash> OP_EQUAL
575		// Therefore the script hash is the 2nd item on the stack.
576		// Skip the script hash if it's invalid for some reason.
577		requiredSigs = 1
578		addr, err := btcutil.NewAddressScriptHashFromHash(pops[1].data,
579			chainParams)
580		if err == nil {
581			addrs = append(addrs, addr)
582		}
583
584	case WitnessV0ScriptHashTy:
585		// A pay-to-witness-script-hash script is of the form:
586		//  OP_0 <32-byte hash>
587		// Therefore, the script hash is the second item on the stack.
588		// Skip the script hash if it's invalid for some reason.
589		requiredSigs = 1
590		addr, err := btcutil.NewAddressWitnessScriptHash(pops[1].data,
591			chainParams)
592		if err == nil {
593			addrs = append(addrs, addr)
594		}
595
596	case MultiSigTy:
597		// A multi-signature script is of the form:
598		//  <numsigs> <pubkey> <pubkey> <pubkey>... <numpubkeys> OP_CHECKMULTISIG
599		// Therefore the number of required signatures is the 1st item
600		// on the stack and the number of public keys is the 2nd to last
601		// item on the stack.
602		requiredSigs = asSmallInt(pops[0].opcode)
603		numPubKeys := asSmallInt(pops[len(pops)-2].opcode)
604
605		// Extract the public keys while skipping any that are invalid.
606		addrs = make([]btcutil.Address, 0, numPubKeys)
607		for i := 0; i < numPubKeys; i++ {
608			addr, err := btcutil.NewAddressPubKey(pops[i+1].data,
609				chainParams)
610			if err == nil {
611				addrs = append(addrs, addr)
612			}
613		}
614
615	case NullDataTy:
616		// Null data transactions have no addresses or required
617		// signatures.
618
619	case NonStandardTy:
620		// Don't attempt to extract addresses or required signatures for
621		// nonstandard transactions.
622	}
623
624	return scriptClass, addrs, requiredSigs, nil
625}
626
627// AtomicSwapDataPushes houses the data pushes found in atomic swap contracts.
628type AtomicSwapDataPushes struct {
629	RecipientHash160 [20]byte
630	RefundHash160    [20]byte
631	SecretHash       [32]byte
632	SecretSize       int64
633	LockTime         int64
634}
635
636// ExtractAtomicSwapDataPushes returns the data pushes from an atomic swap
637// contract.  If the script is not an atomic swap contract,
638// ExtractAtomicSwapDataPushes returns (nil, nil).  Non-nil errors are returned
639// for unparsable scripts.
640//
641// NOTE: Atomic swaps are not considered standard script types by the dcrd
642// mempool policy and should be used with P2SH.  The atomic swap format is also
643// expected to change to use a more secure hash function in the future.
644//
645// This function is only defined in the txscript package due to API limitations
646// which prevent callers using txscript to parse nonstandard scripts.
647func ExtractAtomicSwapDataPushes(version uint16, pkScript []byte) (*AtomicSwapDataPushes, error) {
648	pops, err := parseScript(pkScript)
649	if err != nil {
650		return nil, err
651	}
652
653	if len(pops) != 20 {
654		return nil, nil
655	}
656	isAtomicSwap := pops[0].opcode.value == OP_IF &&
657		pops[1].opcode.value == OP_SIZE &&
658		canonicalPush(pops[2]) &&
659		pops[3].opcode.value == OP_EQUALVERIFY &&
660		pops[4].opcode.value == OP_SHA256 &&
661		pops[5].opcode.value == OP_DATA_32 &&
662		pops[6].opcode.value == OP_EQUALVERIFY &&
663		pops[7].opcode.value == OP_DUP &&
664		pops[8].opcode.value == OP_HASH160 &&
665		pops[9].opcode.value == OP_DATA_20 &&
666		pops[10].opcode.value == OP_ELSE &&
667		canonicalPush(pops[11]) &&
668		pops[12].opcode.value == OP_CHECKLOCKTIMEVERIFY &&
669		pops[13].opcode.value == OP_DROP &&
670		pops[14].opcode.value == OP_DUP &&
671		pops[15].opcode.value == OP_HASH160 &&
672		pops[16].opcode.value == OP_DATA_20 &&
673		pops[17].opcode.value == OP_ENDIF &&
674		pops[18].opcode.value == OP_EQUALVERIFY &&
675		pops[19].opcode.value == OP_CHECKSIG
676	if !isAtomicSwap {
677		return nil, nil
678	}
679
680	pushes := new(AtomicSwapDataPushes)
681	copy(pushes.SecretHash[:], pops[5].data)
682	copy(pushes.RecipientHash160[:], pops[9].data)
683	copy(pushes.RefundHash160[:], pops[16].data)
684	if pops[2].data != nil {
685		locktime, err := makeScriptNum(pops[2].data, true, 5)
686		if err != nil {
687			return nil, nil
688		}
689		pushes.SecretSize = int64(locktime)
690	} else if op := pops[2].opcode; isSmallInt(op) {
691		pushes.SecretSize = int64(asSmallInt(op))
692	} else {
693		return nil, nil
694	}
695	if pops[11].data != nil {
696		locktime, err := makeScriptNum(pops[11].data, true, 5)
697		if err != nil {
698			return nil, nil
699		}
700		pushes.LockTime = int64(locktime)
701	} else if op := pops[11].opcode; isSmallInt(op) {
702		pushes.LockTime = int64(asSmallInt(op))
703	} else {
704		return nil, nil
705	}
706	return pushes, nil
707}
708