1#!/usr/bin/env python3 2# Copyright (c) 2015-2016 The Bitcoin Core developers 3# Distributed under the MIT software license, see the accompanying 4# file COPYING or http://www.opensource.org/licenses/mit-license.php. 5 6# 7# script.py 8# 9# This file is modified from python-bitcoinlib. 10# 11 12"""Scripts 13 14Functionality to build scripts, as well as SignatureHash(). 15""" 16 17 18from .mininode import CTransaction, CTxOut, sha256, hash256, uint256_from_str, ser_uint256, ser_string 19from binascii import hexlify 20import hashlib 21 22import sys 23bchr = chr 24bord = ord 25if sys.version > '3': 26 long = int 27 bchr = lambda x: bytes([x]) 28 bord = lambda x: x 29 30import struct 31 32from .bignum import bn2vch 33 34MAX_SCRIPT_SIZE = 10000 35MAX_SCRIPT_ELEMENT_SIZE = 520 36MAX_SCRIPT_OPCODES = 201 37 38OPCODE_NAMES = {} 39 40def hash160(s): 41 return hashlib.new('ripemd160', sha256(s)).digest() 42 43 44_opcode_instances = [] 45class CScriptOp(int): 46 """A single script opcode""" 47 __slots__ = [] 48 49 @staticmethod 50 def encode_op_pushdata(d): 51 """Encode a PUSHDATA op, returning bytes""" 52 if len(d) < 0x4c: 53 return b'' + bchr(len(d)) + d # OP_PUSHDATA 54 elif len(d) <= 0xff: 55 return b'\x4c' + bchr(len(d)) + d # OP_PUSHDATA1 56 elif len(d) <= 0xffff: 57 return b'\x4d' + struct.pack(b'<H', len(d)) + d # OP_PUSHDATA2 58 elif len(d) <= 0xffffffff: 59 return b'\x4e' + struct.pack(b'<I', len(d)) + d # OP_PUSHDATA4 60 else: 61 raise ValueError("Data too long to encode in a PUSHDATA op") 62 63 @staticmethod 64 def encode_op_n(n): 65 """Encode a small integer op, returning an opcode""" 66 if not (0 <= n <= 16): 67 raise ValueError('Integer must be in range 0 <= n <= 16, got %d' % n) 68 69 if n == 0: 70 return OP_0 71 else: 72 return CScriptOp(OP_1 + n-1) 73 74 def decode_op_n(self): 75 """Decode a small integer opcode, returning an integer""" 76 if self == OP_0: 77 return 0 78 79 if not (self == OP_0 or OP_1 <= self <= OP_16): 80 raise ValueError('op %r is not an OP_N' % self) 81 82 return int(self - OP_1+1) 83 84 def is_small_int(self): 85 """Return true if the op pushes a small integer to the stack""" 86 if 0x51 <= self <= 0x60 or self == 0: 87 return True 88 else: 89 return False 90 91 def __str__(self): 92 return repr(self) 93 94 def __repr__(self): 95 if self in OPCODE_NAMES: 96 return OPCODE_NAMES[self] 97 else: 98 return 'CScriptOp(0x%x)' % self 99 100 def __new__(cls, n): 101 try: 102 return _opcode_instances[n] 103 except IndexError: 104 assert len(_opcode_instances) == n 105 _opcode_instances.append(super(CScriptOp, cls).__new__(cls, n)) 106 return _opcode_instances[n] 107 108# Populate opcode instance table 109for n in range(0xff+1): 110 CScriptOp(n) 111 112 113# push value 114OP_0 = CScriptOp(0x00) 115OP_FALSE = OP_0 116OP_PUSHDATA1 = CScriptOp(0x4c) 117OP_PUSHDATA2 = CScriptOp(0x4d) 118OP_PUSHDATA4 = CScriptOp(0x4e) 119OP_1NEGATE = CScriptOp(0x4f) 120OP_RESERVED = CScriptOp(0x50) 121OP_1 = CScriptOp(0x51) 122OP_TRUE=OP_1 123OP_2 = CScriptOp(0x52) 124OP_3 = CScriptOp(0x53) 125OP_4 = CScriptOp(0x54) 126OP_5 = CScriptOp(0x55) 127OP_6 = CScriptOp(0x56) 128OP_7 = CScriptOp(0x57) 129OP_8 = CScriptOp(0x58) 130OP_9 = CScriptOp(0x59) 131OP_10 = CScriptOp(0x5a) 132OP_11 = CScriptOp(0x5b) 133OP_12 = CScriptOp(0x5c) 134OP_13 = CScriptOp(0x5d) 135OP_14 = CScriptOp(0x5e) 136OP_15 = CScriptOp(0x5f) 137OP_16 = CScriptOp(0x60) 138 139# control 140OP_NOP = CScriptOp(0x61) 141OP_VER = CScriptOp(0x62) 142OP_IF = CScriptOp(0x63) 143OP_NOTIF = CScriptOp(0x64) 144OP_VERIF = CScriptOp(0x65) 145OP_VERNOTIF = CScriptOp(0x66) 146OP_ELSE = CScriptOp(0x67) 147OP_ENDIF = CScriptOp(0x68) 148OP_VERIFY = CScriptOp(0x69) 149OP_RETURN = CScriptOp(0x6a) 150 151# stack ops 152OP_TOALTSTACK = CScriptOp(0x6b) 153OP_FROMALTSTACK = CScriptOp(0x6c) 154OP_2DROP = CScriptOp(0x6d) 155OP_2DUP = CScriptOp(0x6e) 156OP_3DUP = CScriptOp(0x6f) 157OP_2OVER = CScriptOp(0x70) 158OP_2ROT = CScriptOp(0x71) 159OP_2SWAP = CScriptOp(0x72) 160OP_IFDUP = CScriptOp(0x73) 161OP_DEPTH = CScriptOp(0x74) 162OP_DROP = CScriptOp(0x75) 163OP_DUP = CScriptOp(0x76) 164OP_NIP = CScriptOp(0x77) 165OP_OVER = CScriptOp(0x78) 166OP_PICK = CScriptOp(0x79) 167OP_ROLL = CScriptOp(0x7a) 168OP_ROT = CScriptOp(0x7b) 169OP_SWAP = CScriptOp(0x7c) 170OP_TUCK = CScriptOp(0x7d) 171 172# splice ops 173OP_CAT = CScriptOp(0x7e) 174OP_SUBSTR = CScriptOp(0x7f) 175OP_LEFT = CScriptOp(0x80) 176OP_RIGHT = CScriptOp(0x81) 177OP_SIZE = CScriptOp(0x82) 178 179# bit logic 180OP_INVERT = CScriptOp(0x83) 181OP_AND = CScriptOp(0x84) 182OP_OR = CScriptOp(0x85) 183OP_XOR = CScriptOp(0x86) 184OP_EQUAL = CScriptOp(0x87) 185OP_EQUALVERIFY = CScriptOp(0x88) 186OP_RESERVED1 = CScriptOp(0x89) 187OP_RESERVED2 = CScriptOp(0x8a) 188 189# numeric 190OP_1ADD = CScriptOp(0x8b) 191OP_1SUB = CScriptOp(0x8c) 192OP_2MUL = CScriptOp(0x8d) 193OP_2DIV = CScriptOp(0x8e) 194OP_NEGATE = CScriptOp(0x8f) 195OP_ABS = CScriptOp(0x90) 196OP_NOT = CScriptOp(0x91) 197OP_0NOTEQUAL = CScriptOp(0x92) 198 199OP_ADD = CScriptOp(0x93) 200OP_SUB = CScriptOp(0x94) 201OP_MUL = CScriptOp(0x95) 202OP_DIV = CScriptOp(0x96) 203OP_MOD = CScriptOp(0x97) 204OP_LSHIFT = CScriptOp(0x98) 205OP_RSHIFT = CScriptOp(0x99) 206 207OP_BOOLAND = CScriptOp(0x9a) 208OP_BOOLOR = CScriptOp(0x9b) 209OP_NUMEQUAL = CScriptOp(0x9c) 210OP_NUMEQUALVERIFY = CScriptOp(0x9d) 211OP_NUMNOTEQUAL = CScriptOp(0x9e) 212OP_LESSTHAN = CScriptOp(0x9f) 213OP_GREATERTHAN = CScriptOp(0xa0) 214OP_LESSTHANOREQUAL = CScriptOp(0xa1) 215OP_GREATERTHANOREQUAL = CScriptOp(0xa2) 216OP_MIN = CScriptOp(0xa3) 217OP_MAX = CScriptOp(0xa4) 218 219OP_WITHIN = CScriptOp(0xa5) 220 221# crypto 222OP_RIPEMD160 = CScriptOp(0xa6) 223OP_SHA1 = CScriptOp(0xa7) 224OP_SHA256 = CScriptOp(0xa8) 225OP_HASH160 = CScriptOp(0xa9) 226OP_HASH256 = CScriptOp(0xaa) 227OP_CODESEPARATOR = CScriptOp(0xab) 228OP_CHECKSIG = CScriptOp(0xac) 229OP_CHECKSIGVERIFY = CScriptOp(0xad) 230OP_CHECKMULTISIG = CScriptOp(0xae) 231OP_CHECKMULTISIGVERIFY = CScriptOp(0xaf) 232 233# expansion 234OP_NOP1 = CScriptOp(0xb0) 235OP_CHECKLOCKTIMEVERIFY = CScriptOp(0xb1) 236OP_CHECKSEQUENCEVERIFY = CScriptOp(0xb2) 237OP_NOP4 = CScriptOp(0xb3) 238OP_NOP5 = CScriptOp(0xb4) 239OP_NOP6 = CScriptOp(0xb5) 240OP_NOP7 = CScriptOp(0xb6) 241OP_NOP8 = CScriptOp(0xb7) 242OP_NOP9 = CScriptOp(0xb8) 243OP_NOP10 = CScriptOp(0xb9) 244 245# template matching params 246OP_SMALLINTEGER = CScriptOp(0xfa) 247OP_PUBKEYS = CScriptOp(0xfb) 248OP_PUBKEYHASH = CScriptOp(0xfd) 249OP_PUBKEY = CScriptOp(0xfe) 250 251OP_INVALIDOPCODE = CScriptOp(0xff) 252 253VALID_OPCODES = { 254 OP_1NEGATE, 255 OP_RESERVED, 256 OP_1, 257 OP_2, 258 OP_3, 259 OP_4, 260 OP_5, 261 OP_6, 262 OP_7, 263 OP_8, 264 OP_9, 265 OP_10, 266 OP_11, 267 OP_12, 268 OP_13, 269 OP_14, 270 OP_15, 271 OP_16, 272 273 OP_NOP, 274 OP_VER, 275 OP_IF, 276 OP_NOTIF, 277 OP_VERIF, 278 OP_VERNOTIF, 279 OP_ELSE, 280 OP_ENDIF, 281 OP_VERIFY, 282 OP_RETURN, 283 284 OP_TOALTSTACK, 285 OP_FROMALTSTACK, 286 OP_2DROP, 287 OP_2DUP, 288 OP_3DUP, 289 OP_2OVER, 290 OP_2ROT, 291 OP_2SWAP, 292 OP_IFDUP, 293 OP_DEPTH, 294 OP_DROP, 295 OP_DUP, 296 OP_NIP, 297 OP_OVER, 298 OP_PICK, 299 OP_ROLL, 300 OP_ROT, 301 OP_SWAP, 302 OP_TUCK, 303 304 OP_CAT, 305 OP_SUBSTR, 306 OP_LEFT, 307 OP_RIGHT, 308 OP_SIZE, 309 310 OP_INVERT, 311 OP_AND, 312 OP_OR, 313 OP_XOR, 314 OP_EQUAL, 315 OP_EQUALVERIFY, 316 OP_RESERVED1, 317 OP_RESERVED2, 318 319 OP_1ADD, 320 OP_1SUB, 321 OP_2MUL, 322 OP_2DIV, 323 OP_NEGATE, 324 OP_ABS, 325 OP_NOT, 326 OP_0NOTEQUAL, 327 328 OP_ADD, 329 OP_SUB, 330 OP_MUL, 331 OP_DIV, 332 OP_MOD, 333 OP_LSHIFT, 334 OP_RSHIFT, 335 336 OP_BOOLAND, 337 OP_BOOLOR, 338 OP_NUMEQUAL, 339 OP_NUMEQUALVERIFY, 340 OP_NUMNOTEQUAL, 341 OP_LESSTHAN, 342 OP_GREATERTHAN, 343 OP_LESSTHANOREQUAL, 344 OP_GREATERTHANOREQUAL, 345 OP_MIN, 346 OP_MAX, 347 348 OP_WITHIN, 349 350 OP_RIPEMD160, 351 OP_SHA1, 352 OP_SHA256, 353 OP_HASH160, 354 OP_HASH256, 355 OP_CODESEPARATOR, 356 OP_CHECKSIG, 357 OP_CHECKSIGVERIFY, 358 OP_CHECKMULTISIG, 359 OP_CHECKMULTISIGVERIFY, 360 361 OP_NOP1, 362 OP_CHECKLOCKTIMEVERIFY, 363 OP_CHECKSEQUENCEVERIFY, 364 OP_NOP4, 365 OP_NOP5, 366 OP_NOP6, 367 OP_NOP7, 368 OP_NOP8, 369 OP_NOP9, 370 OP_NOP10, 371 372 OP_SMALLINTEGER, 373 OP_PUBKEYS, 374 OP_PUBKEYHASH, 375 OP_PUBKEY, 376} 377 378OPCODE_NAMES.update({ 379 OP_0 : 'OP_0', 380 OP_PUSHDATA1 : 'OP_PUSHDATA1', 381 OP_PUSHDATA2 : 'OP_PUSHDATA2', 382 OP_PUSHDATA4 : 'OP_PUSHDATA4', 383 OP_1NEGATE : 'OP_1NEGATE', 384 OP_RESERVED : 'OP_RESERVED', 385 OP_1 : 'OP_1', 386 OP_2 : 'OP_2', 387 OP_3 : 'OP_3', 388 OP_4 : 'OP_4', 389 OP_5 : 'OP_5', 390 OP_6 : 'OP_6', 391 OP_7 : 'OP_7', 392 OP_8 : 'OP_8', 393 OP_9 : 'OP_9', 394 OP_10 : 'OP_10', 395 OP_11 : 'OP_11', 396 OP_12 : 'OP_12', 397 OP_13 : 'OP_13', 398 OP_14 : 'OP_14', 399 OP_15 : 'OP_15', 400 OP_16 : 'OP_16', 401 OP_NOP : 'OP_NOP', 402 OP_VER : 'OP_VER', 403 OP_IF : 'OP_IF', 404 OP_NOTIF : 'OP_NOTIF', 405 OP_VERIF : 'OP_VERIF', 406 OP_VERNOTIF : 'OP_VERNOTIF', 407 OP_ELSE : 'OP_ELSE', 408 OP_ENDIF : 'OP_ENDIF', 409 OP_VERIFY : 'OP_VERIFY', 410 OP_RETURN : 'OP_RETURN', 411 OP_TOALTSTACK : 'OP_TOALTSTACK', 412 OP_FROMALTSTACK : 'OP_FROMALTSTACK', 413 OP_2DROP : 'OP_2DROP', 414 OP_2DUP : 'OP_2DUP', 415 OP_3DUP : 'OP_3DUP', 416 OP_2OVER : 'OP_2OVER', 417 OP_2ROT : 'OP_2ROT', 418 OP_2SWAP : 'OP_2SWAP', 419 OP_IFDUP : 'OP_IFDUP', 420 OP_DEPTH : 'OP_DEPTH', 421 OP_DROP : 'OP_DROP', 422 OP_DUP : 'OP_DUP', 423 OP_NIP : 'OP_NIP', 424 OP_OVER : 'OP_OVER', 425 OP_PICK : 'OP_PICK', 426 OP_ROLL : 'OP_ROLL', 427 OP_ROT : 'OP_ROT', 428 OP_SWAP : 'OP_SWAP', 429 OP_TUCK : 'OP_TUCK', 430 OP_CAT : 'OP_CAT', 431 OP_SUBSTR : 'OP_SUBSTR', 432 OP_LEFT : 'OP_LEFT', 433 OP_RIGHT : 'OP_RIGHT', 434 OP_SIZE : 'OP_SIZE', 435 OP_INVERT : 'OP_INVERT', 436 OP_AND : 'OP_AND', 437 OP_OR : 'OP_OR', 438 OP_XOR : 'OP_XOR', 439 OP_EQUAL : 'OP_EQUAL', 440 OP_EQUALVERIFY : 'OP_EQUALVERIFY', 441 OP_RESERVED1 : 'OP_RESERVED1', 442 OP_RESERVED2 : 'OP_RESERVED2', 443 OP_1ADD : 'OP_1ADD', 444 OP_1SUB : 'OP_1SUB', 445 OP_2MUL : 'OP_2MUL', 446 OP_2DIV : 'OP_2DIV', 447 OP_NEGATE : 'OP_NEGATE', 448 OP_ABS : 'OP_ABS', 449 OP_NOT : 'OP_NOT', 450 OP_0NOTEQUAL : 'OP_0NOTEQUAL', 451 OP_ADD : 'OP_ADD', 452 OP_SUB : 'OP_SUB', 453 OP_MUL : 'OP_MUL', 454 OP_DIV : 'OP_DIV', 455 OP_MOD : 'OP_MOD', 456 OP_LSHIFT : 'OP_LSHIFT', 457 OP_RSHIFT : 'OP_RSHIFT', 458 OP_BOOLAND : 'OP_BOOLAND', 459 OP_BOOLOR : 'OP_BOOLOR', 460 OP_NUMEQUAL : 'OP_NUMEQUAL', 461 OP_NUMEQUALVERIFY : 'OP_NUMEQUALVERIFY', 462 OP_NUMNOTEQUAL : 'OP_NUMNOTEQUAL', 463 OP_LESSTHAN : 'OP_LESSTHAN', 464 OP_GREATERTHAN : 'OP_GREATERTHAN', 465 OP_LESSTHANOREQUAL : 'OP_LESSTHANOREQUAL', 466 OP_GREATERTHANOREQUAL : 'OP_GREATERTHANOREQUAL', 467 OP_MIN : 'OP_MIN', 468 OP_MAX : 'OP_MAX', 469 OP_WITHIN : 'OP_WITHIN', 470 OP_RIPEMD160 : 'OP_RIPEMD160', 471 OP_SHA1 : 'OP_SHA1', 472 OP_SHA256 : 'OP_SHA256', 473 OP_HASH160 : 'OP_HASH160', 474 OP_HASH256 : 'OP_HASH256', 475 OP_CODESEPARATOR : 'OP_CODESEPARATOR', 476 OP_CHECKSIG : 'OP_CHECKSIG', 477 OP_CHECKSIGVERIFY : 'OP_CHECKSIGVERIFY', 478 OP_CHECKMULTISIG : 'OP_CHECKMULTISIG', 479 OP_CHECKMULTISIGVERIFY : 'OP_CHECKMULTISIGVERIFY', 480 OP_NOP1 : 'OP_NOP1', 481 OP_CHECKLOCKTIMEVERIFY : 'OP_CHECKLOCKTIMEVERIFY', 482 OP_CHECKSEQUENCEVERIFY : 'OP_CHECKSEQUENCEVERIFY', 483 OP_NOP4 : 'OP_NOP4', 484 OP_NOP5 : 'OP_NOP5', 485 OP_NOP6 : 'OP_NOP6', 486 OP_NOP7 : 'OP_NOP7', 487 OP_NOP8 : 'OP_NOP8', 488 OP_NOP9 : 'OP_NOP9', 489 OP_NOP10 : 'OP_NOP10', 490 OP_SMALLINTEGER : 'OP_SMALLINTEGER', 491 OP_PUBKEYS : 'OP_PUBKEYS', 492 OP_PUBKEYHASH : 'OP_PUBKEYHASH', 493 OP_PUBKEY : 'OP_PUBKEY', 494 OP_INVALIDOPCODE : 'OP_INVALIDOPCODE', 495}) 496 497OPCODES_BY_NAME = { 498 'OP_0' : OP_0, 499 'OP_PUSHDATA1' : OP_PUSHDATA1, 500 'OP_PUSHDATA2' : OP_PUSHDATA2, 501 'OP_PUSHDATA4' : OP_PUSHDATA4, 502 'OP_1NEGATE' : OP_1NEGATE, 503 'OP_RESERVED' : OP_RESERVED, 504 'OP_1' : OP_1, 505 'OP_2' : OP_2, 506 'OP_3' : OP_3, 507 'OP_4' : OP_4, 508 'OP_5' : OP_5, 509 'OP_6' : OP_6, 510 'OP_7' : OP_7, 511 'OP_8' : OP_8, 512 'OP_9' : OP_9, 513 'OP_10' : OP_10, 514 'OP_11' : OP_11, 515 'OP_12' : OP_12, 516 'OP_13' : OP_13, 517 'OP_14' : OP_14, 518 'OP_15' : OP_15, 519 'OP_16' : OP_16, 520 'OP_NOP' : OP_NOP, 521 'OP_VER' : OP_VER, 522 'OP_IF' : OP_IF, 523 'OP_NOTIF' : OP_NOTIF, 524 'OP_VERIF' : OP_VERIF, 525 'OP_VERNOTIF' : OP_VERNOTIF, 526 'OP_ELSE' : OP_ELSE, 527 'OP_ENDIF' : OP_ENDIF, 528 'OP_VERIFY' : OP_VERIFY, 529 'OP_RETURN' : OP_RETURN, 530 'OP_TOALTSTACK' : OP_TOALTSTACK, 531 'OP_FROMALTSTACK' : OP_FROMALTSTACK, 532 'OP_2DROP' : OP_2DROP, 533 'OP_2DUP' : OP_2DUP, 534 'OP_3DUP' : OP_3DUP, 535 'OP_2OVER' : OP_2OVER, 536 'OP_2ROT' : OP_2ROT, 537 'OP_2SWAP' : OP_2SWAP, 538 'OP_IFDUP' : OP_IFDUP, 539 'OP_DEPTH' : OP_DEPTH, 540 'OP_DROP' : OP_DROP, 541 'OP_DUP' : OP_DUP, 542 'OP_NIP' : OP_NIP, 543 'OP_OVER' : OP_OVER, 544 'OP_PICK' : OP_PICK, 545 'OP_ROLL' : OP_ROLL, 546 'OP_ROT' : OP_ROT, 547 'OP_SWAP' : OP_SWAP, 548 'OP_TUCK' : OP_TUCK, 549 'OP_CAT' : OP_CAT, 550 'OP_SUBSTR' : OP_SUBSTR, 551 'OP_LEFT' : OP_LEFT, 552 'OP_RIGHT' : OP_RIGHT, 553 'OP_SIZE' : OP_SIZE, 554 'OP_INVERT' : OP_INVERT, 555 'OP_AND' : OP_AND, 556 'OP_OR' : OP_OR, 557 'OP_XOR' : OP_XOR, 558 'OP_EQUAL' : OP_EQUAL, 559 'OP_EQUALVERIFY' : OP_EQUALVERIFY, 560 'OP_RESERVED1' : OP_RESERVED1, 561 'OP_RESERVED2' : OP_RESERVED2, 562 'OP_1ADD' : OP_1ADD, 563 'OP_1SUB' : OP_1SUB, 564 'OP_2MUL' : OP_2MUL, 565 'OP_2DIV' : OP_2DIV, 566 'OP_NEGATE' : OP_NEGATE, 567 'OP_ABS' : OP_ABS, 568 'OP_NOT' : OP_NOT, 569 'OP_0NOTEQUAL' : OP_0NOTEQUAL, 570 'OP_ADD' : OP_ADD, 571 'OP_SUB' : OP_SUB, 572 'OP_MUL' : OP_MUL, 573 'OP_DIV' : OP_DIV, 574 'OP_MOD' : OP_MOD, 575 'OP_LSHIFT' : OP_LSHIFT, 576 'OP_RSHIFT' : OP_RSHIFT, 577 'OP_BOOLAND' : OP_BOOLAND, 578 'OP_BOOLOR' : OP_BOOLOR, 579 'OP_NUMEQUAL' : OP_NUMEQUAL, 580 'OP_NUMEQUALVERIFY' : OP_NUMEQUALVERIFY, 581 'OP_NUMNOTEQUAL' : OP_NUMNOTEQUAL, 582 'OP_LESSTHAN' : OP_LESSTHAN, 583 'OP_GREATERTHAN' : OP_GREATERTHAN, 584 'OP_LESSTHANOREQUAL' : OP_LESSTHANOREQUAL, 585 'OP_GREATERTHANOREQUAL' : OP_GREATERTHANOREQUAL, 586 'OP_MIN' : OP_MIN, 587 'OP_MAX' : OP_MAX, 588 'OP_WITHIN' : OP_WITHIN, 589 'OP_RIPEMD160' : OP_RIPEMD160, 590 'OP_SHA1' : OP_SHA1, 591 'OP_SHA256' : OP_SHA256, 592 'OP_HASH160' : OP_HASH160, 593 'OP_HASH256' : OP_HASH256, 594 'OP_CODESEPARATOR' : OP_CODESEPARATOR, 595 'OP_CHECKSIG' : OP_CHECKSIG, 596 'OP_CHECKSIGVERIFY' : OP_CHECKSIGVERIFY, 597 'OP_CHECKMULTISIG' : OP_CHECKMULTISIG, 598 'OP_CHECKMULTISIGVERIFY' : OP_CHECKMULTISIGVERIFY, 599 'OP_NOP1' : OP_NOP1, 600 'OP_CHECKLOCKTIMEVERIFY' : OP_CHECKLOCKTIMEVERIFY, 601 'OP_CHECKSEQUENCEVERIFY' : OP_CHECKSEQUENCEVERIFY, 602 'OP_NOP4' : OP_NOP4, 603 'OP_NOP5' : OP_NOP5, 604 'OP_NOP6' : OP_NOP6, 605 'OP_NOP7' : OP_NOP7, 606 'OP_NOP8' : OP_NOP8, 607 'OP_NOP9' : OP_NOP9, 608 'OP_NOP10' : OP_NOP10, 609 'OP_SMALLINTEGER' : OP_SMALLINTEGER, 610 'OP_PUBKEYS' : OP_PUBKEYS, 611 'OP_PUBKEYHASH' : OP_PUBKEYHASH, 612 'OP_PUBKEY' : OP_PUBKEY, 613} 614 615class CScriptInvalidError(Exception): 616 """Base class for CScript exceptions""" 617 pass 618 619class CScriptTruncatedPushDataError(CScriptInvalidError): 620 """Invalid pushdata due to truncation""" 621 def __init__(self, msg, data): 622 self.data = data 623 super(CScriptTruncatedPushDataError, self).__init__(msg) 624 625# This is used, eg, for blockchain heights in coinbase scripts (bip34) 626class CScriptNum(object): 627 def __init__(self, d=0): 628 self.value = d 629 630 @staticmethod 631 def encode(obj): 632 r = bytearray(0) 633 if obj.value == 0: 634 return bytes(r) 635 neg = obj.value < 0 636 absvalue = -obj.value if neg else obj.value 637 while (absvalue): 638 r.append(absvalue & 0xff) 639 absvalue >>= 8 640 if r[-1] & 0x80: 641 r.append(0x80 if neg else 0) 642 elif neg: 643 r[-1] |= 0x80 644 return bytes(bchr(len(r)) + r) 645 646 647class CScript(bytes): 648 """Serialized script 649 650 A bytes subclass, so you can use this directly whenever bytes are accepted. 651 Note that this means that indexing does *not* work - you'll get an index by 652 byte rather than opcode. This format was chosen for efficiency so that the 653 general case would not require creating a lot of little CScriptOP objects. 654 655 iter(script) however does iterate by opcode. 656 """ 657 @classmethod 658 def __coerce_instance(cls, other): 659 # Coerce other into bytes 660 if isinstance(other, CScriptOp): 661 other = bchr(other) 662 elif isinstance(other, CScriptNum): 663 if (other.value == 0): 664 other = bchr(CScriptOp(OP_0)) 665 else: 666 other = CScriptNum.encode(other) 667 elif isinstance(other, int): 668 if 0 <= other <= 16: 669 other = bytes(bchr(CScriptOp.encode_op_n(other))) 670 elif other == -1: 671 other = bytes(bchr(OP_1NEGATE)) 672 else: 673 other = CScriptOp.encode_op_pushdata(bn2vch(other)) 674 elif isinstance(other, (bytes, bytearray)): 675 other = CScriptOp.encode_op_pushdata(other) 676 return other 677 678 def __add__(self, other): 679 # Do the coercion outside of the try block so that errors in it are 680 # noticed. 681 other = self.__coerce_instance(other) 682 683 try: 684 # bytes.__add__ always returns bytes instances unfortunately 685 return CScript(super(CScript, self).__add__(other)) 686 except TypeError: 687 raise TypeError('Can not add a %r instance to a CScript' % other.__class__) 688 689 def join(self, iterable): 690 # join makes no sense for a CScript() 691 raise NotImplementedError 692 693 def __new__(cls, value=b''): 694 if isinstance(value, bytes) or isinstance(value, bytearray): 695 return super(CScript, cls).__new__(cls, value) 696 else: 697 def coerce_iterable(iterable): 698 for instance in iterable: 699 yield cls.__coerce_instance(instance) 700 # Annoyingly on both python2 and python3 bytes.join() always 701 # returns a bytes instance even when subclassed. 702 return super(CScript, cls).__new__(cls, b''.join(coerce_iterable(value))) 703 704 def raw_iter(self): 705 """Raw iteration 706 707 Yields tuples of (opcode, data, sop_idx) so that the different possible 708 PUSHDATA encodings can be accurately distinguished, as well as 709 determining the exact opcode byte indexes. (sop_idx) 710 """ 711 i = 0 712 while i < len(self): 713 sop_idx = i 714 opcode = bord(self[i]) 715 i += 1 716 717 if opcode > OP_PUSHDATA4: 718 yield (opcode, None, sop_idx) 719 else: 720 datasize = None 721 pushdata_type = None 722 if opcode < OP_PUSHDATA1: 723 pushdata_type = 'PUSHDATA(%d)' % opcode 724 datasize = opcode 725 726 elif opcode == OP_PUSHDATA1: 727 pushdata_type = 'PUSHDATA1' 728 if i >= len(self): 729 raise CScriptInvalidError('PUSHDATA1: missing data length') 730 datasize = bord(self[i]) 731 i += 1 732 733 elif opcode == OP_PUSHDATA2: 734 pushdata_type = 'PUSHDATA2' 735 if i + 1 >= len(self): 736 raise CScriptInvalidError('PUSHDATA2: missing data length') 737 datasize = bord(self[i]) + (bord(self[i+1]) << 8) 738 i += 2 739 740 elif opcode == OP_PUSHDATA4: 741 pushdata_type = 'PUSHDATA4' 742 if i + 3 >= len(self): 743 raise CScriptInvalidError('PUSHDATA4: missing data length') 744 datasize = bord(self[i]) + (bord(self[i+1]) << 8) + (bord(self[i+2]) << 16) + (bord(self[i+3]) << 24) 745 i += 4 746 747 else: 748 assert False # shouldn't happen 749 750 751 data = bytes(self[i:i+datasize]) 752 753 # Check for truncation 754 if len(data) < datasize: 755 raise CScriptTruncatedPushDataError('%s: truncated data' % pushdata_type, data) 756 757 i += datasize 758 759 yield (opcode, data, sop_idx) 760 761 def __iter__(self): 762 """'Cooked' iteration 763 764 Returns either a CScriptOP instance, an integer, or bytes, as 765 appropriate. 766 767 See raw_iter() if you need to distinguish the different possible 768 PUSHDATA encodings. 769 """ 770 for (opcode, data, sop_idx) in self.raw_iter(): 771 if data is not None: 772 yield data 773 else: 774 opcode = CScriptOp(opcode) 775 776 if opcode.is_small_int(): 777 yield opcode.decode_op_n() 778 else: 779 yield CScriptOp(opcode) 780 781 def __repr__(self): 782 # For Python3 compatibility add b before strings so testcases don't 783 # need to change 784 def _repr(o): 785 if isinstance(o, bytes): 786 return b"x('%s')" % hexlify(o).decode('ascii') 787 else: 788 return repr(o) 789 790 ops = [] 791 i = iter(self) 792 while True: 793 op = None 794 try: 795 op = _repr(next(i)) 796 except CScriptTruncatedPushDataError as err: 797 op = '%s...<ERROR: %s>' % (_repr(err.data), err) 798 break 799 except CScriptInvalidError as err: 800 op = '<ERROR: %s>' % err 801 break 802 except StopIteration: 803 break 804 finally: 805 if op is not None: 806 ops.append(op) 807 808 return "CScript([%s])" % ', '.join(ops) 809 810 def GetSigOpCount(self, fAccurate): 811 """Get the SigOp count. 812 813 fAccurate - Accurately count CHECKMULTISIG, see BIP16 for details. 814 815 Note that this is consensus-critical. 816 """ 817 n = 0 818 lastOpcode = OP_INVALIDOPCODE 819 for (opcode, data, sop_idx) in self.raw_iter(): 820 if opcode in (OP_CHECKSIG, OP_CHECKSIGVERIFY): 821 n += 1 822 elif opcode in (OP_CHECKMULTISIG, OP_CHECKMULTISIGVERIFY): 823 if fAccurate and (OP_1 <= lastOpcode <= OP_16): 824 n += opcode.decode_op_n() 825 else: 826 n += 20 827 lastOpcode = opcode 828 return n 829 830 831SIGHASH_ALL = 1 832SIGHASH_NONE = 2 833SIGHASH_SINGLE = 3 834SIGHASH_ANYONECANPAY = 0x80 835 836def FindAndDelete(script, sig): 837 """Consensus critical, see FindAndDelete() in Satoshi codebase""" 838 r = b'' 839 last_sop_idx = sop_idx = 0 840 skip = True 841 for (opcode, data, sop_idx) in script.raw_iter(): 842 if not skip: 843 r += script[last_sop_idx:sop_idx] 844 last_sop_idx = sop_idx 845 if script[sop_idx:sop_idx + len(sig)] == sig: 846 skip = True 847 else: 848 skip = False 849 if not skip: 850 r += script[last_sop_idx:] 851 return CScript(r) 852 853 854def SignatureHash(script, txTo, inIdx, hashtype): 855 """Consensus-correct SignatureHash 856 857 Returns (hash, err) to precisely match the consensus-critical behavior of 858 the SIGHASH_SINGLE bug. (inIdx is *not* checked for validity) 859 """ 860 HASH_ONE = b'\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' 861 862 if inIdx >= len(txTo.vin): 863 return (HASH_ONE, "inIdx %d out of range (%d)" % (inIdx, len(txTo.vin))) 864 txtmp = CTransaction(txTo) 865 866 for txin in txtmp.vin: 867 txin.scriptSig = b'' 868 txtmp.vin[inIdx].scriptSig = FindAndDelete(script, CScript([OP_CODESEPARATOR])) 869 870 if (hashtype & 0x1f) == SIGHASH_NONE: 871 txtmp.vout = [] 872 873 for i in range(len(txtmp.vin)): 874 if i != inIdx: 875 txtmp.vin[i].nSequence = 0 876 877 elif (hashtype & 0x1f) == SIGHASH_SINGLE: 878 outIdx = inIdx 879 if outIdx >= len(txtmp.vout): 880 return (HASH_ONE, "outIdx %d out of range (%d)" % (outIdx, len(txtmp.vout))) 881 882 tmp = txtmp.vout[outIdx] 883 txtmp.vout = [] 884 for i in range(outIdx): 885 txtmp.vout.append(CTxOut(-1)) 886 txtmp.vout.append(tmp) 887 888 for i in range(len(txtmp.vin)): 889 if i != inIdx: 890 txtmp.vin[i].nSequence = 0 891 892 if hashtype & SIGHASH_ANYONECANPAY: 893 tmp = txtmp.vin[inIdx] 894 txtmp.vin = [] 895 txtmp.vin.append(tmp) 896 897 s = txtmp.serialize() 898 s += struct.pack(b"<I", hashtype) 899 900 hash = hash256(s) 901 902 return (hash, None) 903 904# TODO: Allow cached hashPrevouts/hashSequence/hashOutputs to be provided. 905# Performance optimization probably not necessary for python tests, however. 906# Note that this corresponds to sigversion == 1 in EvalScript, which is used 907# for version 0 witnesses. 908def SegwitVersion1SignatureHash(script, txTo, inIdx, hashtype, amount): 909 910 hashPrevouts = 0 911 hashSequence = 0 912 hashOutputs = 0 913 914 if not (hashtype & SIGHASH_ANYONECANPAY): 915 serialize_prevouts = bytes() 916 for i in txTo.vin: 917 serialize_prevouts += i.prevout.serialize() 918 hashPrevouts = uint256_from_str(hash256(serialize_prevouts)) 919 920 if (not (hashtype & SIGHASH_ANYONECANPAY) and (hashtype & 0x1f) != SIGHASH_SINGLE and (hashtype & 0x1f) != SIGHASH_NONE): 921 serialize_sequence = bytes() 922 for i in txTo.vin: 923 serialize_sequence += struct.pack("<I", i.nSequence) 924 hashSequence = uint256_from_str(hash256(serialize_sequence)) 925 926 if ((hashtype & 0x1f) != SIGHASH_SINGLE and (hashtype & 0x1f) != SIGHASH_NONE): 927 serialize_outputs = bytes() 928 for o in txTo.vout: 929 serialize_outputs += o.serialize() 930 hashOutputs = uint256_from_str(hash256(serialize_outputs)) 931 elif ((hashtype & 0x1f) == SIGHASH_SINGLE and inIdx < len(txTo.vout)): 932 serialize_outputs = txTo.vout[inIdx].serialize() 933 hashOutputs = uint256_from_str(hash256(serialize_outputs)) 934 935 ss = bytes() 936 ss += struct.pack("<i", txTo.nVersion) 937 ss += ser_uint256(hashPrevouts) 938 ss += ser_uint256(hashSequence) 939 ss += txTo.vin[inIdx].prevout.serialize() 940 ss += ser_string(script) 941 ss += struct.pack("<q", amount) 942 ss += struct.pack("<I", txTo.vin[inIdx].nSequence) 943 ss += ser_uint256(hashOutputs) 944 ss += struct.pack("<i", txTo.nLockTime) 945 ss += struct.pack("<I", hashtype) 946 947 return hash256(ss) 948