PRCYCoin  2.0.0.7rc1
P2P Digital Currency
interpreter.cpp
Go to the documentation of this file.
1 // Copyright (c) 2009-2010 Satoshi Nakamoto
2 // Copyright (c) 2009-2014 The Bitcoin developers
3 // Distributed under the MIT software license, see the accompanying
4 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
5 
6 #include "interpreter.h"
7 
8 #include "primitives/transaction.h"
9 #include "crypto/ripemd160.h"
10 #include "crypto/sha1.h"
11 #include "crypto/sha256.h"
12 #include "eccryptoverify.h"
13 #include "pubkey.h"
14 #include "script/script.h"
15 #include "uint256.h"
16 #include "util.h"
17 
18 
19 typedef std::vector<unsigned char> valtype;
20 
21 namespace {
22 
23 inline bool set_success(ScriptError* ret)
24 {
25  if (ret)
26  *ret = SCRIPT_ERR_OK;
27  return true;
28 }
29 
30 inline bool set_error(ScriptError* ret, const ScriptError serror)
31 {
32  if (ret)
33  *ret = serror;
34  return false;
35 }
36 
37 } // anon namespace
38 
39 bool CastToBool(const valtype& vch)
40 {
41  for (unsigned int i = 0; i < vch.size(); i++)
42  {
43  if (vch[i] != 0)
44  {
45  // Can be negative zero
46  if (i == vch.size()-1 && vch[i] == 0x80)
47  return false;
48  return true;
49  }
50  }
51  if (vch.size() == 0) {
52  return true;
53  }
54  return false;
55 }
56 
61 #define stacktop(i) (stack.at(stack.size()+(i)))
62 #define altstacktop(i) (altstack.at(altstack.size()+(i)))
63 static inline void popstack(std::vector<valtype>& stack)
64 {
65  if (stack.empty())
66  throw std::runtime_error("popstack() : stack empty");
67  stack.pop_back();
68 }
69 
70 bool static IsCompressedOrUncompressedPubKey(const valtype &vchPubKey) {
71  if (vchPubKey.size() < 33) {
72  // Non-canonical public key: too short
73  return false;
74  }
75  if (vchPubKey[0] == 0x04) {
76  if (vchPubKey.size() != 65) {
77  // Non-canonical public key: invalid length for uncompressed key
78  return false;
79  }
80  } else if (vchPubKey[0] == 0x02 || vchPubKey[0] == 0x03) {
81  if (vchPubKey.size() != 33) {
82  // Non-canonical public key: invalid length for compressed key
83  return false;
84  }
85  } else {
86  // Non-canonical public key: neither compressed nor uncompressed
87  return false;
88  }
89  return true;
90 }
91 
102 bool static IsValidSignatureEncoding(const std::vector<unsigned char> &sig) {
103  // Format: 0x30 [total-length] 0x02 [R-length] [R] 0x02 [S-length] [S] [sighash]
104  // * total-length: 1-byte length descriptor of everything that follows,
105  // excluding the sighash byte.
106  // * R-length: 1-byte length descriptor of the R value that follows.
107  // * R: arbitrary-length big-endian encoded R value. It must use the shortest
108  // possible encoding for a positive integers (which means no null bytes at
109  // the start, except a single one when the next byte has its highest bit set).
110  // * S-length: 1-byte length descriptor of the S value that follows.
111  // * S: arbitrary-length big-endian encoded S value. The same rules apply.
112  // * sighash: 1-byte value indicating what data is hashed (not part of the DER
113  // signature)
114 
115  // Minimum and maximum size constraints.
116  if (sig.size() < 9) return false;
117  if (sig.size() > 73) return false;
118 
119  // A signature is of type 0x30 (compound).
120  if (sig[0] != 0x30) return false;
121 
122  // Make sure the length covers the entire signature.
123  if (sig[1] != sig.size() - 3) return false;
124 
125  // Extract the length of the R element.
126  unsigned int lenR = sig[3];
127 
128  // Make sure the length of the S element is still inside the signature.
129  if (5 + lenR >= sig.size()) return false;
130 
131  // Extract the length of the S element.
132  unsigned int lenS = sig[5 + lenR];
133 
134  // Verify that the length of the signature matches the sum of the length
135  // of the elements.
136  if ((size_t)(lenR + lenS + 7) != sig.size()) return false;
137 
138  // Check whether the R element is an integer.
139  if (sig[2] != 0x02) return false;
140 
141  // Zero-length integers are not allowed for R.
142  if (lenR == 0) return false;
143 
144  // Negative numbers are not allowed for R.
145  if (sig[4] & 0x80) return false;
146 
147  // Null bytes at the start of R are not allowed, unless R would
148  // otherwise be interpreted as a negative number.
149  if (lenR > 1 && (sig[4] == 0x00) && !(sig[5] & 0x80)) return false;
150 
151  // Check whether the S element is an integer.
152  if (sig[lenR + 4] != 0x02) return false;
153 
154  // Zero-length integers are not allowed for S.
155  if (lenS == 0) return false;
156 
157  // Negative numbers are not allowed for S.
158  if (sig[lenR + 6] & 0x80) return false;
159 
160  // Null bytes at the start of S are not allowed, unless S would otherwise be
161  // interpreted as a negative number.
162  if (lenS > 1 && (sig[lenR + 6] == 0x00) && !(sig[lenR + 7] & 0x80)) return false;
163 
164  return true;
165 }
166 
167 bool static IsLowDERSignature(const valtype &vchSig, ScriptError* serror) {
168  if (!IsValidSignatureEncoding(vchSig)) {
169  return set_error(serror, SCRIPT_ERR_SIG_DER);
170  }
171  unsigned int nLenR = vchSig[3];
172  unsigned int nLenS = vchSig[5+nLenR];
173  const unsigned char *S = &vchSig[6+nLenR];
174  // If the S value is above the order of the curve divided by two, its
175  // complement modulo the order could have been used instead, which is
176  // one byte shorter when encoded correctly.
177  if (!eccrypto::CheckSignatureElement(S, nLenS, true))
178  return set_error(serror, SCRIPT_ERR_SIG_HIGH_S);
179 
180  return true;
181 }
182 
183 bool static IsDefinedHashtypeSignature(const valtype &vchSig) {
184  if (vchSig.size() == 0) {
185  return false;
186  }
187  unsigned char nHashType = vchSig[vchSig.size() - 1] & (~(SIGHASH_ANYONECANPAY));
188  if (nHashType < SIGHASH_ALL || nHashType > SIGHASH_SINGLE)
189  return false;
190 
191  return true;
192 }
193 
194 bool static CheckSignatureEncoding(const valtype &vchSig, unsigned int flags, ScriptError* serror) {
195  // Empty signature. Not strictly DER encoded, but allowed to provide a
196  // compact way to provide an invalid signature for use with CHECK(MULTI)SIG
197  if (vchSig.size() == 0) {
198  return true;
199  }
200  if ((flags & (SCRIPT_VERIFY_DERSIG | SCRIPT_VERIFY_LOW_S | SCRIPT_VERIFY_STRICTENC)) != 0 && !IsValidSignatureEncoding(vchSig)) {
201  return set_error(serror, SCRIPT_ERR_SIG_DER);
202  } else if ((flags & SCRIPT_VERIFY_LOW_S) != 0 && !IsLowDERSignature(vchSig, serror)) {
203  // serror is set
204  return false;
205  } else if ((flags & SCRIPT_VERIFY_STRICTENC) != 0 && !IsDefinedHashtypeSignature(vchSig)) {
206  return set_error(serror, SCRIPT_ERR_SIG_HASHTYPE);
207  }
208  return true;
209 }
210 
211 bool static CheckPubKeyEncoding(const valtype &vchSig, unsigned int flags, ScriptError* serror) {
212  if ((flags & SCRIPT_VERIFY_STRICTENC) != 0 && !IsCompressedOrUncompressedPubKey(vchSig)) {
213  return set_error(serror, SCRIPT_ERR_PUBKEYTYPE);
214  }
215  return true;
216 }
217 
218 bool static CheckMinimalPush(const valtype& data, opcodetype opcode) {
219  if (data.size() == 0) {
220  // Could have used OP_0.
221  return opcode == OP_0;
222  } else if (data.size() == 1 && data[0] >= 1 && data[0] <= 16) {
223  // Could have used OP_1 .. OP_16.
224  return opcode == OP_1 + (data[0] - 1);
225  } else if (data.size() == 1 && data[0] == 0x81) {
226  // Could have used OP_1NEGATE.
227  return opcode == OP_1NEGATE;
228  } else if (data.size() <= 75) {
229  // Could have used a direct push (opcode indicating number of bytes pushed + those bytes).
230  return opcode == data.size();
231  } else if (data.size() <= 255) {
232  // Could have used OP_PUSHDATA.
233  return opcode == OP_PUSHDATA1;
234  } else if (data.size() <= 65535) {
235  // Could have used OP_PUSHDATA2.
236  return opcode == OP_PUSHDATA2;
237  }
238  return true;
239 }
240 
241 bool EvalScript(std::vector<std::vector<unsigned char> >& stack, const CScript& script, unsigned int flags, const BaseSignatureChecker& checker, ScriptError* serror)
242 {
243  static const CScriptNum bnZero(0);
244  static const CScriptNum bnOne(1);
245  static const CScriptNum bnFalse(0);
246  static const CScriptNum bnTrue(1);
247  static const valtype vchFalse(0);
248  static const valtype vchZero(0);
249  static const valtype vchTrue(1, 1);
250 
251  CScript::const_iterator pc = script.begin();
252  CScript::const_iterator pend = script.end();
253  CScript::const_iterator pbegincodehash = script.begin();
254  opcodetype opcode;
255  valtype vchPushValue;
256  std::vector<bool> vfExec;
257  std::vector<valtype> altstack;
258  set_error(serror, SCRIPT_ERR_UNKNOWN_ERROR);
259  if (script.size() > 10000)
260  return set_error(serror, SCRIPT_ERR_SCRIPT_SIZE);
261  int nOpCount = 0;
262  bool fRequireMinimal = (flags & SCRIPT_VERIFY_MINIMALDATA) != 0;
263 
264  try
265  {
266  while (pc < pend)
267  {
268  bool fExec = !count(vfExec.begin(), vfExec.end(), false);
269 
270  //
271  // Read instruction
272  //
273  if (!script.GetOp(pc, opcode, vchPushValue))
274  return set_error(serror, SCRIPT_ERR_BAD_OPCODE);
275  if (vchPushValue.size() > MAX_SCRIPT_ELEMENT_SIZE)
276  return set_error(serror, SCRIPT_ERR_PUSH_SIZE);
277 
278  // Note how OP_RESERVED does not count towards the opcode limit.
279  if (opcode > OP_16 && ++nOpCount > 201)
280  return set_error(serror, SCRIPT_ERR_OP_COUNT);
281 
282  if (opcode == OP_CAT ||
283  opcode == OP_SUBSTR ||
284  opcode == OP_LEFT ||
285  opcode == OP_RIGHT ||
286  opcode == OP_INVERT ||
287  opcode == OP_AND ||
288  opcode == OP_OR ||
289  opcode == OP_XOR ||
290  opcode == OP_2MUL ||
291  opcode == OP_2DIV ||
292  opcode == OP_MUL ||
293  opcode == OP_DIV ||
294  opcode == OP_MOD ||
295  opcode == OP_LSHIFT ||
296  opcode == OP_RSHIFT)
297  return set_error(serror, SCRIPT_ERR_DISABLED_OPCODE); // Disabled opcodes.
298 
299  if (fExec && 0 <= opcode && opcode <= OP_PUSHDATA4) {
300  if (fRequireMinimal && !CheckMinimalPush(vchPushValue, opcode)) {
301  return set_error(serror, SCRIPT_ERR_MINIMALDATA);
302  }
303  stack.push_back(vchPushValue);
304  } else if (fExec || (OP_IF <= opcode && opcode <= OP_ENDIF))
305  switch (opcode)
306  {
307  //
308  // Push value
309  //
310  case OP_1NEGATE:
311  case OP_1:
312  case OP_2:
313  case OP_3:
314  case OP_4:
315  case OP_5:
316  case OP_6:
317  case OP_7:
318  case OP_8:
319  case OP_9:
320  case OP_10:
321  case OP_11:
322  case OP_12:
323  case OP_13:
324  case OP_14:
325  case OP_15:
326  case OP_16:
327  {
328  // ( -- value)
329  CScriptNum bn((int)opcode - (int)(OP_1 - 1));
330  stack.push_back(bn.getvch());
331  // The result of these opcodes should always be the minimal way to push the data
332  // they push, so no need for a CheckMinimalPush here.
333  }
334  break;
335 
336 
337  //
338  // Control
339  //
340  case OP_NOP:
341  break;
342 
343  case OP_CHECKLOCKTIMEVERIFY:
344  {
345  if (!(flags & SCRIPT_VERIFY_CHECKLOCKTIMEVERIFY)) {
346  // not enabled; treat as a NOP2
347  if (flags & SCRIPT_VERIFY_DISCOURAGE_UPGRADABLE_NOPS) {
348  return set_error(serror, SCRIPT_ERR_DISCOURAGE_UPGRADABLE_NOPS);
349  }
350  break;
351  }
352  if (stack.size() < 1)
353  return set_error(serror, SCRIPT_ERR_INVALID_STACK_OPERATION);
354 
355  // CLTV will only be verified if it is a supermajority.
356  // Otherwise it will be ignored and transaction will be treated as normal.
357 
358  // Note that elsewhere numeric opcodes are limited to
359  // operands in the range -2**31+1 to 2**31-1, however it is
360  // legal for opcodes to produce results exceeding that
361  // range. This limitation is implemented by CScriptNum's
362  // default 4-byte limit.
363  //
364  // If we kept to that limit we'd have a year 2038 problem,
365  // even though the nLockTime field in transactions
366  // themselves is uint32 which only becomes meaningless
367  // after the year 2106.
368  //
369  // Thus as a special case we tell CScriptNum to accept up
370  // to 5-byte bignums, which are good until 2**39-1, well
371  // beyond the 2**32-1 limit of the nLockTime field itself.
372  const CScriptNum nLockTime(stacktop(-1), fRequireMinimal, 5);
373 
374  // In the rare event that the argument may be < 0 due to
375  // some arithmetic being done first, you can always use
376  // 0 MAX CHECKLOCKTIMEVERIFY.
377  if (nLockTime < 0)
378  return set_error(serror, SCRIPT_ERR_NEGATIVE_LOCKTIME);
379 
380  // Actually compare the specified lock time with the transaction.
381  if (!checker.CheckLockTime(nLockTime))
382  return set_error(serror, SCRIPT_ERR_UNSATISFIED_LOCKTIME);
383 
384  break;
385  }
386 
387  case OP_NOP1: case OP_NOP3: case OP_NOP4: case OP_NOP5:
388  case OP_NOP6: case OP_NOP7: case OP_NOP8: case OP_NOP9: case OP_NOP10:
389  {
390  if (flags & SCRIPT_VERIFY_DISCOURAGE_UPGRADABLE_NOPS)
391  return set_error(serror, SCRIPT_ERR_DISCOURAGE_UPGRADABLE_NOPS);
392  }
393  break;
394 
395  case OP_IF:
396  case OP_NOTIF:
397  {
398  // <expression> if [statements] [else [statements]] endif
399  bool fValue = false;
400  if (fExec)
401  {
402  if (stack.size() < 1)
403  return set_error(serror, SCRIPT_ERR_UNBALANCED_CONDITIONAL);
404  valtype& vch = stacktop(-1);
405  fValue = CastToBool(vch);
406  if (opcode == OP_NOTIF)
407  fValue = !fValue;
408  popstack(stack);
409  }
410  vfExec.push_back(fValue);
411  }
412  break;
413 
414  case OP_ELSE:
415  {
416  if (vfExec.empty())
417  return set_error(serror, SCRIPT_ERR_UNBALANCED_CONDITIONAL);
418  vfExec.back() = !vfExec.back();
419  }
420  break;
421 
422  case OP_ENDIF:
423  {
424  if (vfExec.empty())
425  return set_error(serror, SCRIPT_ERR_UNBALANCED_CONDITIONAL);
426  vfExec.pop_back();
427  }
428  break;
429 
430  case OP_VERIFY:
431  {
432  // (true -- ) or
433  // (false -- false) and return
434  if (stack.size() < 1)
435  return set_error(serror, SCRIPT_ERR_INVALID_STACK_OPERATION);
436  bool fValue = CastToBool(stacktop(-1));
437  if (fValue)
438  popstack(stack);
439  else
440  return set_error(serror, SCRIPT_ERR_VERIFY);
441  }
442  break;
443 
444  case OP_RETURN:
445  {
446  return set_error(serror, SCRIPT_ERR_OP_RETURN);
447  }
448  break;
449 
450 
451  //
452  // Stack ops
453  //
454  case OP_TOALTSTACK:
455  {
456  if (stack.size() < 1)
457  return set_error(serror, SCRIPT_ERR_INVALID_STACK_OPERATION);
458  altstack.push_back(stacktop(-1));
459  popstack(stack);
460  }
461  break;
462 
463  case OP_FROMALTSTACK:
464  {
465  if (altstack.size() < 1)
466  return set_error(serror, SCRIPT_ERR_INVALID_ALTSTACK_OPERATION);
467  stack.push_back(altstacktop(-1));
468  popstack(altstack);
469  }
470  break;
471 
472  case OP_2DROP:
473  {
474  // (x1 x2 -- )
475  if (stack.size() < 2)
476  return set_error(serror, SCRIPT_ERR_INVALID_STACK_OPERATION);
477  popstack(stack);
478  popstack(stack);
479  }
480  break;
481 
482  case OP_2DUP:
483  {
484  // (x1 x2 -- x1 x2 x1 x2)
485  if (stack.size() < 2)
486  return set_error(serror, SCRIPT_ERR_INVALID_STACK_OPERATION);
487  valtype vch1 = stacktop(-2);
488  valtype vch2 = stacktop(-1);
489  stack.push_back(vch1);
490  stack.push_back(vch2);
491  }
492  break;
493 
494  case OP_3DUP:
495  {
496  // (x1 x2 x3 -- x1 x2 x3 x1 x2 x3)
497  if (stack.size() < 3)
498  return set_error(serror, SCRIPT_ERR_INVALID_STACK_OPERATION);
499  valtype vch1 = stacktop(-3);
500  valtype vch2 = stacktop(-2);
501  valtype vch3 = stacktop(-1);
502  stack.push_back(vch1);
503  stack.push_back(vch2);
504  stack.push_back(vch3);
505  }
506  break;
507 
508  case OP_2OVER:
509  {
510  // (x1 x2 x3 x4 -- x1 x2 x3 x4 x1 x2)
511  if (stack.size() < 4)
512  return set_error(serror, SCRIPT_ERR_INVALID_STACK_OPERATION);
513  valtype vch1 = stacktop(-4);
514  valtype vch2 = stacktop(-3);
515  stack.push_back(vch1);
516  stack.push_back(vch2);
517  }
518  break;
519 
520  case OP_2ROT:
521  {
522  // (x1 x2 x3 x4 x5 x6 -- x3 x4 x5 x6 x1 x2)
523  if (stack.size() < 6)
524  return set_error(serror, SCRIPT_ERR_INVALID_STACK_OPERATION);
525  valtype vch1 = stacktop(-6);
526  valtype vch2 = stacktop(-5);
527  stack.erase(stack.end()-6, stack.end()-4);
528  stack.push_back(vch1);
529  stack.push_back(vch2);
530  }
531  break;
532 
533  case OP_2SWAP:
534  {
535  // (x1 x2 x3 x4 -- x3 x4 x1 x2)
536  if (stack.size() < 4)
537  return set_error(serror, SCRIPT_ERR_INVALID_STACK_OPERATION);
538  swap(stacktop(-4), stacktop(-2));
539  swap(stacktop(-3), stacktop(-1));
540  }
541  break;
542 
543  case OP_IFDUP:
544  {
545  // (x - 0 | x x)
546  if (stack.size() < 1)
547  return set_error(serror, SCRIPT_ERR_INVALID_STACK_OPERATION);
548  valtype vch = stacktop(-1);
549  if (CastToBool(vch))
550  stack.push_back(vch);
551  }
552  break;
553 
554  case OP_DEPTH:
555  {
556  // -- stacksize
557  CScriptNum bn(stack.size());
558  stack.push_back(bn.getvch());
559  }
560  break;
561 
562  case OP_DROP:
563  {
564  // (x -- )
565  if (stack.size() < 1)
566  return set_error(serror, SCRIPT_ERR_INVALID_STACK_OPERATION);
567  popstack(stack);
568  }
569  break;
570 
571  case OP_DUP:
572  {
573  // (x -- x x)
574  if (stack.size() < 1)
575  return set_error(serror, SCRIPT_ERR_INVALID_STACK_OPERATION);
576  valtype vch = stacktop(-1);
577  stack.push_back(vch);
578  }
579  break;
580 
581  case OP_NIP:
582  {
583  // (x1 x2 -- x2)
584  if (stack.size() < 2)
585  return set_error(serror, SCRIPT_ERR_INVALID_STACK_OPERATION);
586  stack.erase(stack.end() - 2);
587  }
588  break;
589 
590  case OP_OVER:
591  {
592  // (x1 x2 -- x1 x2 x1)
593  if (stack.size() < 2)
594  return set_error(serror, SCRIPT_ERR_INVALID_STACK_OPERATION);
595  valtype vch = stacktop(-2);
596  stack.push_back(vch);
597  }
598  break;
599 
600  case OP_PICK:
601  case OP_ROLL:
602  {
603  // (xn ... x2 x1 x0 n - xn ... x2 x1 x0 xn)
604  // (xn ... x2 x1 x0 n - ... x2 x1 x0 xn)
605  if (stack.size() < 2)
606  return set_error(serror, SCRIPT_ERR_INVALID_STACK_OPERATION);
607  int n = CScriptNum(stacktop(-1), fRequireMinimal).getint();
608  popstack(stack);
609  if (n < 0 || n >= (int)stack.size())
610  return set_error(serror, SCRIPT_ERR_INVALID_STACK_OPERATION);
611  valtype vch = stacktop(-n-1);
612  if (opcode == OP_ROLL)
613  stack.erase(stack.end()-n-1);
614  stack.push_back(vch);
615  }
616  break;
617 
618  case OP_ROT:
619  {
620  // (x1 x2 x3 -- x2 x3 x1)
621  // x2 x1 x3 after first swap
622  // x2 x3 x1 after second swap
623  if (stack.size() < 3)
624  return set_error(serror, SCRIPT_ERR_INVALID_STACK_OPERATION);
625  swap(stacktop(-3), stacktop(-2));
626  swap(stacktop(-2), stacktop(-1));
627  }
628  break;
629 
630  case OP_SWAP:
631  {
632  // (x1 x2 -- x2 x1)
633  if (stack.size() < 2)
634  return set_error(serror, SCRIPT_ERR_INVALID_STACK_OPERATION);
635  swap(stacktop(-2), stacktop(-1));
636  }
637  break;
638 
639  case OP_TUCK:
640  {
641  // (x1 x2 -- x2 x1 x2)
642  if (stack.size() < 2)
643  return set_error(serror, SCRIPT_ERR_INVALID_STACK_OPERATION);
644  valtype vch = stacktop(-1);
645  stack.insert(stack.end()-2, vch);
646  }
647  break;
648 
649 
650  case OP_SIZE:
651  {
652  // (in -- in size)
653  if (stack.size() < 1)
654  return set_error(serror, SCRIPT_ERR_INVALID_STACK_OPERATION);
655  CScriptNum bn(stacktop(-1).size());
656  stack.push_back(bn.getvch());
657  }
658  break;
659 
660 
661  //
662  // Bitwise logic
663  //
664  case OP_EQUAL:
665  case OP_EQUALVERIFY:
666  //case OP_NOTEQUAL: // use OP_NUMNOTEQUAL
667  {
668  // (x1 x2 - bool)
669  if (stack.size() < 2)
670  return set_error(serror, SCRIPT_ERR_INVALID_STACK_OPERATION);
671  valtype& vch1 = stacktop(-2);
672  valtype& vch2 = stacktop(-1);
673  bool fEqual = (vch1 == vch2);
674  // OP_NOTEQUAL is disabled because it would be too easy to say
675  // something like n != 1 and have some wiseguy pass in 1 with extra
676  // zero bytes after it (numerically, 0x01 == 0x0001 == 0x000001)
677  //if (opcode == OP_NOTEQUAL)
678  // fEqual = !fEqual;
679  popstack(stack);
680  popstack(stack);
681  stack.push_back(fEqual ? vchTrue : vchFalse);
682  if (opcode == OP_EQUALVERIFY)
683  {
684  if (fEqual)
685  popstack(stack);
686  else
687  return set_error(serror, SCRIPT_ERR_EQUALVERIFY);
688  }
689  }
690  break;
691 
692 
693  //
694  // Numeric
695  //
696  case OP_1ADD:
697  case OP_1SUB:
698  case OP_NEGATE:
699  case OP_ABS:
700  case OP_NOT:
701  case OP_0NOTEQUAL:
702  {
703  // (in -- out)
704  if (stack.size() < 1)
705  return set_error(serror, SCRIPT_ERR_INVALID_STACK_OPERATION);
706  CScriptNum bn(stacktop(-1), fRequireMinimal);
707  switch (opcode)
708  {
709  case OP_1ADD: bn += bnOne; break;
710  case OP_1SUB: bn -= bnOne; break;
711  case OP_NEGATE: bn = -bn; break;
712  case OP_ABS: if (bn < bnZero) bn = -bn; break;
713  case OP_NOT: bn = (bn == bnZero); break;
714  case OP_0NOTEQUAL: bn = (bn != bnZero); break;
715  default: assert(!"invalid opcode"); break;
716  }
717  popstack(stack);
718  stack.push_back(bn.getvch());
719  }
720  break;
721 
722  case OP_ADD:
723  case OP_SUB:
724  case OP_BOOLAND:
725  case OP_BOOLOR:
726  case OP_NUMEQUAL:
727  case OP_NUMEQUALVERIFY:
728  case OP_NUMNOTEQUAL:
729  case OP_LESSTHAN:
730  case OP_GREATERTHAN:
731  case OP_LESSTHANOREQUAL:
732  case OP_GREATERTHANOREQUAL:
733  case OP_MIN:
734  case OP_MAX:
735  {
736  // (x1 x2 -- out)
737  if (stack.size() < 2)
738  return set_error(serror, SCRIPT_ERR_INVALID_STACK_OPERATION);
739  CScriptNum bn1(stacktop(-2), fRequireMinimal);
740  CScriptNum bn2(stacktop(-1), fRequireMinimal);
741  CScriptNum bn(0);
742  switch (opcode)
743  {
744  case OP_ADD:
745  bn = bn1 + bn2;
746  break;
747 
748  case OP_SUB:
749  bn = bn1 - bn2;
750  break;
751 
752  case OP_BOOLAND: bn = (bn1 != bnZero && bn2 != bnZero); break;
753  case OP_BOOLOR: bn = (bn1 != bnZero || bn2 != bnZero); break;
754  case OP_NUMEQUAL: bn = (bn1 == bn2); break;
755  case OP_NUMEQUALVERIFY: bn = (bn1 == bn2); break;
756  case OP_NUMNOTEQUAL: bn = (bn1 != bn2); break;
757  case OP_LESSTHAN: bn = (bn1 < bn2); break;
758  case OP_GREATERTHAN: bn = (bn1 > bn2); break;
759  case OP_LESSTHANOREQUAL: bn = (bn1 <= bn2); break;
760  case OP_GREATERTHANOREQUAL: bn = (bn1 >= bn2); break;
761  case OP_MIN: bn = (bn1 < bn2 ? bn1 : bn2); break;
762  case OP_MAX: bn = (bn1 > bn2 ? bn1 : bn2); break;
763  default: assert(!"invalid opcode"); break;
764  }
765  popstack(stack);
766  popstack(stack);
767  stack.push_back(bn.getvch());
768 
769  if (opcode == OP_NUMEQUALVERIFY)
770  {
771  if (CastToBool(stacktop(-1)))
772  popstack(stack);
773  else
774  return set_error(serror, SCRIPT_ERR_NUMEQUALVERIFY);
775  }
776  }
777  break;
778 
779  case OP_WITHIN:
780  {
781  // (x min max -- out)
782  if (stack.size() < 3)
783  return set_error(serror, SCRIPT_ERR_INVALID_STACK_OPERATION);
784  CScriptNum bn1(stacktop(-3), fRequireMinimal);
785  CScriptNum bn2(stacktop(-2), fRequireMinimal);
786  CScriptNum bn3(stacktop(-1), fRequireMinimal);
787  bool fValue = (bn2 <= bn1 && bn1 < bn3);
788  popstack(stack);
789  popstack(stack);
790  popstack(stack);
791  stack.push_back(fValue ? vchTrue : vchFalse);
792  }
793  break;
794 
795 
796  //
797  // Crypto
798  //
799  case OP_RIPEMD160:
800  case OP_SHA1:
801  case OP_SHA256:
802  case OP_HASH160:
803  case OP_HASH256:
804  {
805  // (in -- hash)
806  if (stack.size() < 1)
807  return set_error(serror, SCRIPT_ERR_INVALID_STACK_OPERATION);
808  valtype& vch = stacktop(-1);
809  valtype vchHash((opcode == OP_RIPEMD160 || opcode == OP_SHA1 || opcode == OP_HASH160) ? 20 : 32);
810  if (opcode == OP_RIPEMD160)
811  CRIPEMD160().Write(vch.data(), vch.size()).Finalize(vchHash.data());
812  else if (opcode == OP_SHA1)
813  CSHA1().Write(vch.data(), vch.size()).Finalize(vchHash.data());
814  else if (opcode == OP_SHA256)
815  CSHA256().Write(vch.data(), vch.size()).Finalize(vchHash.data());
816  else if (opcode == OP_HASH160)
817  CHash160().Write(vch.data(), vch.size()).Finalize(vchHash.data());
818  else if (opcode == OP_HASH256)
819  CHash256().Write(vch.data(), vch.size()).Finalize(vchHash.data());
820  popstack(stack);
821  stack.push_back(vchHash);
822  }
823  break;
824 
825  case OP_CODESEPARATOR:
826  {
827  // Hash starts after the code separator
828  pbegincodehash = pc;
829  }
830  break;
831 
832  case OP_CHECKSIG:
833  case OP_CHECKSIGVERIFY:
834  {
835  // (sig pubkey -- bool)
836  if (stack.size() < 2)
837  return set_error(serror, SCRIPT_ERR_INVALID_STACK_OPERATION);
838 
839  valtype& vchSig = stacktop(-2);
840  valtype& vchPubKey = stacktop(-1);
841 
842  // Subset of script starting at the most recent codeseparator
843  CScript scriptCode(pbegincodehash, pend);
844 
845  // Drop the signature, since there's no way for a signature to sign itself
846  scriptCode.FindAndDelete(CScript(vchSig));
847 
848  if (!CheckSignatureEncoding(vchSig, flags, serror) || !CheckPubKeyEncoding(vchPubKey, flags, serror)) {
849  //serror is set
850  return false;
851  }
852  bool fSuccess = checker.CheckSig(vchSig, vchPubKey, scriptCode);
853 
854  popstack(stack);
855  popstack(stack);
856  stack.push_back(fSuccess ? vchTrue : vchFalse);
857  if (opcode == OP_CHECKSIGVERIFY)
858  {
859  if (fSuccess)
860  popstack(stack);
861  else
862  return set_error(serror, SCRIPT_ERR_CHECKSIGVERIFY);
863  }
864  }
865  break;
866 
867  case OP_CHECKMULTISIG:
868  case OP_CHECKMULTISIGVERIFY:
869  {
870  // ([sig ...] num_of_signatures [pubkey ...] num_of_pubkeys -- bool)
871 
872  int i = 1;
873  if ((int)stack.size() < i)
874  return set_error(serror, SCRIPT_ERR_INVALID_STACK_OPERATION);
875 
876  int nKeysCount = CScriptNum(stacktop(-i), fRequireMinimal).getint();
877  if (nKeysCount < 0 || nKeysCount > 20)
878  return set_error(serror, SCRIPT_ERR_PUBKEY_COUNT);
879  nOpCount += nKeysCount;
880  if (nOpCount > 201)
881  return set_error(serror, SCRIPT_ERR_OP_COUNT);
882  int ikey = ++i;
883  i += nKeysCount;
884  if ((int)stack.size() < i)
885  return set_error(serror, SCRIPT_ERR_INVALID_STACK_OPERATION);
886 
887  int nSigsCount = CScriptNum(stacktop(-i), fRequireMinimal).getint();
888  if (nSigsCount < 0 || nSigsCount > nKeysCount)
889  return set_error(serror, SCRIPT_ERR_SIG_COUNT);
890  int isig = ++i;
891  i += nSigsCount;
892  if ((int)stack.size() < i)
893  return set_error(serror, SCRIPT_ERR_INVALID_STACK_OPERATION);
894 
895  // Subset of script starting at the most recent codeseparator
896  CScript scriptCode(pbegincodehash, pend);
897 
898  // Drop the signatures, since there's no way for a signature to sign itself
899  for (int k = 0; k < nSigsCount; k++)
900  {
901  valtype& vchSig = stacktop(-isig-k);
902  scriptCode.FindAndDelete(CScript(vchSig));
903  }
904 
905  bool fSuccess = true;
906  while (fSuccess && nSigsCount > 0)
907  {
908  valtype& vchSig = stacktop(-isig);
909  valtype& vchPubKey = stacktop(-ikey);
910 
911  // Note how this makes the exact order of pubkey/signature evaluation
912  // distinguishable by CHECKMULTISIG NOT if the STRICTENC flag is set.
913  // See the script_(in)valid tests for details.
914  if (!CheckSignatureEncoding(vchSig, flags, serror) || !CheckPubKeyEncoding(vchPubKey, flags, serror)) {
915  // serror is set
916  return false;
917  }
918 
919  // Check signature
920  bool fOk = checker.CheckSig(vchSig, vchPubKey, scriptCode);
921 
922  if (fOk) {
923  isig++;
924  nSigsCount--;
925  }
926  ikey++;
927  nKeysCount--;
928 
929  // If there are more signatures left than keys left,
930  // then too many signatures have failed. Exit early,
931  // without checking any further signatures.
932  if (nSigsCount > nKeysCount)
933  fSuccess = false;
934  }
935 
936  // Clean up stack of actual arguments
937  while (i-- > 1)
938  popstack(stack);
939 
940  if (stack.size() < 1)
941  return set_error(serror, SCRIPT_ERR_INVALID_STACK_OPERATION);
942  if ((flags & SCRIPT_VERIFY_NULLDUMMY) && stacktop(-1).size())
943  return set_error(serror, SCRIPT_ERR_SIG_NULLDUMMY);
944  popstack(stack);
945 
946  stack.push_back(fSuccess ? vchTrue : vchFalse);
947 
948  if (opcode == OP_CHECKMULTISIGVERIFY)
949  {
950  if (fSuccess)
951  popstack(stack);
952  else
953  return set_error(serror, SCRIPT_ERR_CHECKMULTISIGVERIFY);
954  }
955  }
956  break;
957 
958  default:
959  return set_error(serror, SCRIPT_ERR_BAD_OPCODE);
960  }
961 
962  // Size limits
963  if (stack.size() + altstack.size() > 1000)
964  return set_error(serror, SCRIPT_ERR_STACK_SIZE);
965  }
966  }
967  catch (...)
968  {
969  return set_error(serror, SCRIPT_ERR_UNKNOWN_ERROR);
970  }
971 
972  if (!vfExec.empty())
973  return set_error(serror, SCRIPT_ERR_UNBALANCED_CONDITIONAL);
974 
975  return set_success(serror);
976 }
977 
978 namespace {
979 
984 class CTransactionSignatureSerializer {
985 private:
986  const CTransaction &txTo;
987  const CScript &scriptCode;
988  const unsigned int nIn;
989  const bool fAnyoneCanPay;
990  const bool fHashSingle;
991  const bool fHashNone;
992 
993 public:
994  CTransactionSignatureSerializer(const CTransaction &txToIn, const CScript &scriptCodeIn, unsigned int nInIn, int nHashTypeIn) :
995  txTo(txToIn), scriptCode(scriptCodeIn), nIn(nInIn),
996  fAnyoneCanPay(!!(nHashTypeIn & SIGHASH_ANYONECANPAY)),
997  fHashSingle((nHashTypeIn & 0x1f) == SIGHASH_SINGLE),
998  fHashNone((nHashTypeIn & 0x1f) == SIGHASH_NONE) {}
999 
1001  template<typename S>
1002  void SerializeScriptCode(S &s, int nType, int nVersion) const {
1003  CScript::const_iterator it = scriptCode.begin();
1004  CScript::const_iterator itBegin = it;
1005  opcodetype opcode;
1006  unsigned int nCodeSeparators = 0;
1007  while (scriptCode.GetOp(it, opcode)) {
1008  if (opcode == OP_CODESEPARATOR)
1009  nCodeSeparators++;
1010  }
1011  ::WriteCompactSize(s, scriptCode.size() - nCodeSeparators);
1012  it = itBegin;
1013  while (scriptCode.GetOp(it, opcode)) {
1014  if (opcode == OP_CODESEPARATOR) {
1015  s.write((char*)&itBegin[0], it-itBegin-1);
1016  itBegin = it;
1017  }
1018  }
1019  if (itBegin != scriptCode.end())
1020  s.write((char*)&itBegin[0], it-itBegin);
1021  }
1022 
1024  template<typename S>
1025  void SerializeInput(S &s, unsigned int nInput, int nType, int nVersion) const {
1026  // In case of SIGHASH_ANYONECANPAY, only the input being signed is serialized
1027  if (fAnyoneCanPay)
1028  nInput = nIn;
1029  // Serialize the prevout
1030  ::Serialize(s, txTo.vin[nInput].prevout, nType, nVersion);
1031  // Serialize the script
1032  if (nInput != nIn)
1033  // Blank out other inputs' signatures
1034  ::Serialize(s, CScriptBase(), nType, nVersion);
1035  else
1036  SerializeScriptCode(s, nType, nVersion);
1037  // Serialize the nSequence
1038  if (nInput != nIn && (fHashSingle || fHashNone))
1039  // let the others update at will
1040  ::Serialize(s, (int)0, nType, nVersion);
1041  else
1042  ::Serialize(s, txTo.vin[nInput].nSequence, nType, nVersion);
1043  }
1044 
1046  template<typename S>
1047  void SerializeOutput(S &s, unsigned int nOutput, int nType, int nVersion) const {
1048  if (fHashSingle && nOutput != nIn)
1049  // Do not lock-in the txout payee at other indices as txin
1050  ::Serialize(s, CTxOut(), nType, nVersion);
1051  else
1052  ::Serialize(s, txTo.vout[nOutput], nType, nVersion);
1053  }
1054 
1056  template<typename S>
1057  void Serialize(S &s, int nType, int nVersion) const {
1058  // Serialize nVersion
1059  ::Serialize(s, txTo.nVersion, nType, nVersion);
1060  // Serialize vin
1061  unsigned int nInputs = fAnyoneCanPay ? 1 : txTo.vin.size();
1062  ::WriteCompactSize(s, nInputs);
1063  for (unsigned int nInput = 0; nInput < nInputs; nInput++)
1064  SerializeInput(s, nInput, nType, nVersion);
1065  // Serialize vout
1066  unsigned int nOutputs = fHashNone ? 0 : (fHashSingle ? nIn+1 : txTo.vout.size());
1067  ::WriteCompactSize(s, nOutputs);
1068  for (unsigned int nOutput = 0; nOutput < nOutputs; nOutput++)
1069  SerializeOutput(s, nOutput, nType, nVersion);
1070  // Serialize nLockTime
1071  ::Serialize(s, txTo.nLockTime, nType, nVersion);
1072  }
1073 };
1074 
1075 } // anon namespace
1076 
1077 uint256 SignatureHash(const CScript& scriptCode, const CTransaction& txTo, unsigned int nIn, int nHashType)
1078 {
1079  if (nIn >= txTo.vin.size()) {
1080  // nIn out of range
1081  return UINT256_ONE;
1082  }
1083 
1084  // Check for invalid use of SIGHASH_SINGLE
1085  if ((nHashType & 0x1f) == SIGHASH_SINGLE) {
1086  if (nIn >= txTo.vout.size()) {
1087  // nOut out of range
1088  return UINT256_ONE;
1089  }
1090  }
1091 
1092  // Wrapper to serialize only the necessary parts of the transaction being signed
1093  CTransactionSignatureSerializer txTmp(txTo, scriptCode, nIn, nHashType);
1094 
1095  // Serialize and hash
1096  CHashWriter ss(SER_GETHASH, 0);
1097  ss << txTmp << nHashType;
1098  return ss.GetHash();
1099 }
1100 
1101 bool TransactionSignatureChecker::VerifySignature(const std::vector<unsigned char>& vchSig, const CPubKey& pubkey, const uint256& sighash) const
1102 {
1103  return pubkey.Verify(sighash, vchSig);
1104 }
1105 
1106 bool TransactionSignatureChecker::CheckSig(const std::vector<unsigned char>& vchSigIn, const std::vector<unsigned char>& vchPubKey, const CScript& scriptCode) const
1107 {
1108  CPubKey pubkey(vchPubKey);
1109  if (!pubkey.IsValid())
1110  return false;
1111 
1112  // Hash type is one byte tacked on to the end of the signature
1113  std::vector<unsigned char> vchSig(vchSigIn);
1114  if (vchSig.empty())
1115  return false;
1116  int nHashType = vchSig.back();
1117  vchSig.pop_back();
1118 
1119  uint256 sighash = SignatureHash(scriptCode, *txTo, nIn, nHashType);
1120 
1121  if (!VerifySignature(vchSig, pubkey, sighash))
1122  return false;
1123 
1124  return true;
1125 }
1126 
1127 bool TransactionSignatureChecker::CheckLockTime(const CScriptNum& nLockTime) const
1128 {
1129  // There are two times of nLockTime: lock-by-blockheight
1130  // and lock-by-blocktime, distinguished by whether
1131  // nLockTime < LOCKTIME_THRESHOLD.
1132  //
1133  // We want to compare apples to apples, so fail the script
1134  // unless the type of nLockTime being tested is the same as
1135  // the nLockTime in the transaction.
1136  if (!(
1137  (txTo->nLockTime < LOCKTIME_THRESHOLD && nLockTime < LOCKTIME_THRESHOLD) ||
1138  (txTo->nLockTime >= LOCKTIME_THRESHOLD && nLockTime >= LOCKTIME_THRESHOLD)
1139  ))
1140  return false;
1141 
1142  // Now that we know we're comparing apples-to-apples, the
1143  // comparison is a simple numeric one.
1144  if (nLockTime > (int64_t)txTo->nLockTime)
1145  return false;
1146 
1147  // Finally the nLockTime feature can be disabled and thus
1148  // CHECKLOCKTIMEVERIFY bypassed if every txin has been
1149  // finalized by setting nSequence to maxint. The
1150  // transaction would be allowed into the blockchain, making
1151  // the opcode ineffective.
1152  //
1153  // Testing if this vin is not final is sufficient to
1154  // prevent this condition. Alternatively we could test all
1155  // inputs, but testing just this input minimizes the data
1156  // required to prove correct CHECKLOCKTIMEVERIFY execution.
1157  if (txTo->vin[nIn].IsFinal())
1158  return false;
1159 
1160  return true;
1161 }
1162 
1163 bool VerifyScript(const CScript& scriptSig, const CScript& scriptPubKey, unsigned int flags, const BaseSignatureChecker& checker, ScriptError* serror)
1164 {
1165  set_error(serror, SCRIPT_ERR_UNKNOWN_ERROR);
1166 
1167  if ((flags & SCRIPT_VERIFY_SIGPUSHONLY) != 0 && !scriptSig.IsPushOnly()) {
1168  return set_error(serror, SCRIPT_ERR_SIG_PUSHONLY);
1169  }
1170  std::vector<std::vector<unsigned char> > stack, stackCopy;
1171  if (!EvalScript(stack, scriptSig, flags, checker, serror)) {
1172  // serror is set
1173  return false;
1174  }
1175  if (flags & SCRIPT_VERIFY_P2SH)
1176  stackCopy = stack;
1177  if (!EvalScript(stack, scriptPubKey, flags, checker, serror)) {
1178  // serror is set
1179  return false;
1180  }
1181  if (stack.empty()) {
1182  return set_error(serror, SCRIPT_ERR_EVAL_FALSE);
1183  }
1184  if (CastToBool(stack.back()) == false) {
1185  return set_error(serror, SCRIPT_ERR_EVAL_FALSE);
1186  }
1187  // Additional validation for spend-to-script-hash transactions:
1188  if ((flags & SCRIPT_VERIFY_P2SH) && scriptPubKey.IsPayToScriptHash())
1189  {
1190  // scriptSig must be literals-only or validation fails
1191  if (!scriptSig.IsPushOnly())
1192  return set_error(serror, SCRIPT_ERR_SIG_PUSHONLY);
1193 
1194  // stackCopy cannot be empty here, because if it was the
1195  // P2SH HASH <> EQUAL scriptPubKey would be evaluated with
1196  // an empty stack and the EvalScript above would return false.
1197  assert(!stackCopy.empty());
1198 
1199  const valtype& pubKeySerialized = stackCopy.back();
1200  CScript pubKey2(pubKeySerialized.begin(), pubKeySerialized.end());
1201  popstack(stackCopy);
1202 
1203  if (!EvalScript(stackCopy, pubKey2, flags, checker, serror))
1204  // serror is set
1205  return false;
1206  if (stackCopy.empty())
1207  return set_error(serror, SCRIPT_ERR_EVAL_FALSE);
1208  if (!CastToBool(stackCopy.back()))
1209  return set_error(serror, SCRIPT_ERR_EVAL_FALSE);
1210  else
1211  return set_success(serror);
1212  }
1213  return set_success(serror);
1214 }
OP_NOP1
@ OP_NOP1
Definition: script.h:161
OP_LEFT
@ OP_LEFT
Definition: script.h:102
SIGHASH_ANYONECANPAY
@ SIGHASH_ANYONECANPAY
Definition: interpreter.h:27
OP_ROT
@ OP_ROT
Definition: script.h:95
SCRIPT_ERR_OP_COUNT
@ SCRIPT_ERR_OP_COUNT
Definition: script_error.h:19
OP_NUMEQUALVERIFY
@ OP_NUMEQUALVERIFY
Definition: script.h:137
CHash256::Finalize
void Finalize(unsigned char hash[OUTPUT_SIZE])
Definition: hash.h:41
SCRIPT_VERIFY_NULLDUMMY
@ SCRIPT_VERIFY_NULLDUMMY
Definition: interpreter.h:51
OP_0
@ OP_0
Definition: script.h:41
OP_SWAP
@ OP_SWAP
Definition: script.h:96
SCRIPT_ERR_NEGATIVE_LOCKTIME
@ SCRIPT_ERR_NEGATIVE_LOCKTIME
Definition: script_error.h:39
OP_2MUL
@ OP_2MUL
Definition: script.h:119
SCRIPT_ERR_INVALID_ALTSTACK_OPERATION
@ SCRIPT_ERR_INVALID_ALTSTACK_OPERATION
Definition: script_error.h:35
CSHA256::Write
CSHA256 & Write(const unsigned char *data, size_t len)
Definition: sha256.cpp:141
CRIPEMD160
A hasher class for RIPEMD-160.
Definition: ripemd160.h:12
OP_SUBSTR
@ OP_SUBSTR
Definition: script.h:101
OP_INVERT
@ OP_INVERT
Definition: script.h:107
SER_GETHASH
@ SER_GETHASH
Definition: serialize.h:161
prevector::const_iterator
Definition: prevector.h:97
transaction.h
OP_TOALTSTACK
@ OP_TOALTSTACK
Definition: script.h:79
OP_LESSTHANOREQUAL
@ OP_LESSTHANOREQUAL
Definition: script.h:141
OP_OR
@ OP_OR
Definition: script.h:109
OP_NOP
@ OP_NOP
Definition: script.h:67
OP_2SWAP
@ OP_2SWAP
Definition: script.h:86
OP_RSHIFT
@ OP_RSHIFT
Definition: script.h:132
OP_3DUP
@ OP_3DUP
Definition: script.h:83
sha1.h
OP_7
@ OP_7
Definition: script.h:55
SCRIPT_ERR_OK
@ SCRIPT_ERR_OK
Definition: script_error.h:11
OP_0NOTEQUAL
@ OP_0NOTEQUAL
Definition: script.h:124
eccrypto::CheckSignatureElement
bool CheckSignatureElement(const unsigned char *vch, int len, bool half)
Definition: eccryptoverify.cpp:62
CRIPEMD160::Finalize
void Finalize(unsigned char hash[OUTPUT_SIZE])
Definition: ripemd160.cpp:273
uint256.h
OP_NOP7
@ OP_NOP7
Definition: script.h:168
OP_SHA1
@ OP_SHA1
Definition: script.h:150
OP_2OVER
@ OP_2OVER
Definition: script.h:84
OP_NOP3
@ OP_NOP3
Definition: script.h:164
OP_11
@ OP_11
Definition: script.h:59
SCRIPT_ERR_SIG_DER
@ SCRIPT_ERR_SIG_DER
Definition: script_error.h:44
OP_10
@ OP_10
Definition: script.h:58
CTransaction::nLockTime
const uint32_t nLockTime
Definition: transaction.h:287
SCRIPT_ERR_OP_RETURN
@ SCRIPT_ERR_OP_RETURN
Definition: script_error.h:14
CScriptNum::getint
int getint() const
Definition: script.h:286
flags
int flags
Definition: prcycoin-tx.cpp:297
SCRIPT_ERR_SIG_PUSHONLY
@ SCRIPT_ERR_SIG_PUSHONLY
Definition: script_error.h:46
OP_NOP5
@ OP_NOP5
Definition: script.h:166
SCRIPT_VERIFY_MINIMALDATA
@ SCRIPT_VERIFY_MINIMALDATA
Definition: interpreter.h:61
OP_ABS
@ OP_ABS
Definition: script.h:122
interpreter.h
OP_1ADD
@ OP_1ADD
Definition: script.h:117
CSHA1::Finalize
void Finalize(unsigned char hash[OUTPUT_SIZE])
Definition: sha1.cpp:180
OP_HASH160
@ OP_HASH160
Definition: script.h:152
OP_SHA256
@ OP_SHA256
Definition: script.h:151
BaseSignatureChecker
Definition: interpreter.h:88
OP_GREATERTHAN
@ OP_GREATERTHAN
Definition: script.h:140
WriteCompactSize
void WriteCompactSize(Stream &os, uint64_t nSize)
Definition: serialize.h:255
SCRIPT_VERIFY_CHECKLOCKTIMEVERIFY
@ SCRIPT_VERIFY_CHECKLOCKTIMEVERIFY
Definition: interpreter.h:83
eccryptoverify.h
SCRIPT_ERR_EVAL_FALSE
@ SCRIPT_ERR_EVAL_FALSE
Definition: script_error.h:13
TransactionSignatureChecker::VerifySignature
virtual bool VerifySignature(const std::vector< unsigned char > &vchSig, const CPubKey &vchPubKey, const uint256 &sighash) const
Definition: interpreter.cpp:1101
CScript::IsPayToScriptHash
bool IsPayToScriptHash() const
Definition: script.cpp:235
SCRIPT_ERR_CHECKMULTISIGVERIFY
@ SCRIPT_ERR_CHECKMULTISIGVERIFY
Definition: script_error.h:27
SCRIPT_ERR_MINIMALDATA
@ SCRIPT_ERR_MINIMALDATA
Definition: script_error.h:45
pubkey.h
OP_WITHIN
@ OP_WITHIN
Definition: script.h:146
OP_BOOLAND
@ OP_BOOLAND
Definition: script.h:134
OP_DROP
@ OP_DROP
Definition: script.h:89
SCRIPT_VERIFY_DISCOURAGE_UPGRADABLE_NOPS
@ SCRIPT_VERIFY_DISCOURAGE_UPGRADABLE_NOPS
Definition: interpreter.h:71
OP_MIN
@ OP_MIN
Definition: script.h:143
CTransaction
The basic transaction that is broadcasted on the network and contained in blocks.
Definition: transaction.h:269
ScriptError
enum ScriptError_t ScriptError
OP_MOD
@ OP_MOD
Definition: script.h:130
CScript::IsPushOnly
bool IsPushOnly(const_iterator pc) const
Called by IsStandardTx and P2SH/BIP62 VerifyScript (which makes it consensus-critical).
Definition: script.cpp:244
CScriptNum
Definition: script.h:190
SCRIPT_ERR_DISABLED_OPCODE
@ SCRIPT_ERR_DISABLED_OPCODE
Definition: script_error.h:33
OP_XOR
@ OP_XOR
Definition: script.h:110
OP_LESSTHAN
@ OP_LESSTHAN
Definition: script.h:139
OP_NOTIF
@ OP_NOTIF
Definition: script.h:70
prevector::end
iterator end()
Definition: prevector.h:292
OP_2ROT
@ OP_2ROT
Definition: script.h:85
OP_RIPEMD160
@ OP_RIPEMD160
Definition: script.h:149
SCRIPT_ERR_SIG_COUNT
@ SCRIPT_ERR_SIG_COUNT
Definition: script_error.h:21
CHash160::Write
CHash160 & Write(const unsigned char *data, size_t len)
Definition: hash.h:108
OP_MAX
@ OP_MAX
Definition: script.h:144
OP_RETURN
@ OP_RETURN
Definition: script.h:76
OP_6
@ OP_6
Definition: script.h:54
OP_NUMNOTEQUAL
@ OP_NUMNOTEQUAL
Definition: script.h:138
OP_1SUB
@ OP_1SUB
Definition: script.h:118
SCRIPT_ERR_DISCOURAGE_UPGRADABLE_NOPS
@ SCRIPT_ERR_DISCOURAGE_UPGRADABLE_NOPS
Definition: script_error.h:52
CTxOut
An output of a transaction.
Definition: transaction.h:164
OP_2DROP
@ OP_2DROP
Definition: script.h:81
BaseSignatureChecker::CheckSig
virtual bool CheckSig(const std::vector< unsigned char > &scriptSig, const std::vector< unsigned char > &vchPubKey, const CScript &scriptCode) const
Definition: interpreter.h:91
CSHA1::Write
CSHA1 & Write(const unsigned char *data, size_t len)
Definition: sha1.cpp:154
OP_14
@ OP_14
Definition: script.h:62
CTransaction::vout
std::vector< CTxOut > vout
Definition: transaction.h:286
CHash160
A hasher class for Bitcoin's 160-bit hash (SHA-256 + RIPEMD-160).
Definition: hash.h:93
OP_3
@ OP_3
Definition: script.h:51
SCRIPT_ERR_PUSH_SIZE
@ SCRIPT_ERR_PUSH_SIZE
Definition: script_error.h:18
CPubKey::Verify
bool Verify(const uint256 &hash, const std::vector< unsigned char > &vchSig) const
Verify a DER signature (~72 bytes).
Definition: pubkey.cpp:15
OP_CHECKSIGVERIFY
@ OP_CHECKSIGVERIFY
Definition: script.h:156
OP_PUSHDATA4
@ OP_PUSHDATA4
Definition: script.h:45
OP_IFDUP
@ OP_IFDUP
Definition: script.h:87
OP_2DIV
@ OP_2DIV
Definition: script.h:120
OP_NEGATE
@ OP_NEGATE
Definition: script.h:121
OP_DUP
@ OP_DUP
Definition: script.h:90
SignatureHash
uint256 SignatureHash(const CScript &scriptCode, const CTransaction &txTo, unsigned int nIn, int nHashType)
Definition: interpreter.cpp:1077
SCRIPT_ERR_STACK_SIZE
@ SCRIPT_ERR_STACK_SIZE
Definition: script_error.h:20
UINT256_ONE
const uint256 UINT256_ONE
Definition: uint256.h:130
SCRIPT_ERR_EQUALVERIFY
@ SCRIPT_ERR_EQUALVERIFY
Definition: script_error.h:26
CRIPEMD160::Write
CRIPEMD160 & Write(const unsigned char *data, size_t len)
Definition: ripemd160.cpp:247
CScript::GetOp
bool GetOp(iterator &pc, opcodetype &opcodeRet, std::vector< unsigned char > &vchRet)
Definition: script.h:468
OP_CHECKMULTISIG
@ OP_CHECKMULTISIG
Definition: script.h:157
OP_NOT
@ OP_NOT
Definition: script.h:123
OP_AND
@ OP_AND
Definition: script.h:108
CScriptBase
prevector< 28, unsigned char > CScriptBase
We use a prevector for the script to reduce the considerable memory overhead of vectors in cases wher...
Definition: script.h:360
OP_2
@ OP_2
Definition: script.h:50
SCRIPT_ERR_SCRIPT_SIZE
@ SCRIPT_ERR_SCRIPT_SIZE
Definition: script_error.h:17
OP_VERIFY
@ OP_VERIFY
Definition: script.h:75
OP_BOOLOR
@ OP_BOOLOR
Definition: script.h:135
OP_4
@ OP_4
Definition: script.h:52
CHash160::Finalize
void Finalize(unsigned char hash[OUTPUT_SIZE])
Definition: hash.h:101
SCRIPT_ERR_SIG_HASHTYPE
@ SCRIPT_ERR_SIG_HASHTYPE
Definition: script_error.h:43
SCRIPT_ERR_INVALID_STACK_OPERATION
@ SCRIPT_ERR_INVALID_STACK_OPERATION
Definition: script_error.h:34
TransactionSignatureChecker::CheckLockTime
bool CheckLockTime(const CScriptNum &nLockTime) const
Definition: interpreter.cpp:1127
OP_OVER
@ OP_OVER
Definition: script.h:92
uint256
256-bit unsigned big integer.
Definition: uint256.h:38
OP_CHECKLOCKTIMEVERIFY
@ OP_CHECKLOCKTIMEVERIFY
Definition: script.h:163
OP_HASH256
@ OP_HASH256
Definition: script.h:153
CSHA256::Finalize
void Finalize(unsigned char hash[OUTPUT_SIZE])
Definition: sha256.cpp:167
altstacktop
#define altstacktop(i)
Definition: interpreter.cpp:62
stacktop
#define stacktop(i)
Script is a stack machine (like Forth) that evaluates a predicate returning a bool indicating valid o...
Definition: interpreter.cpp:61
OP_CHECKSIG
@ OP_CHECKSIG
Definition: script.h:155
CScript
Serialized script, used inside transaction inputs and outputs.
Definition: script.h:363
SIGHASH_NONE
@ SIGHASH_NONE
Definition: interpreter.h:25
CHash256::Write
CHash256 & Write(const unsigned char *data, size_t len)
Definition: hash.h:48
OP_9
@ OP_9
Definition: script.h:57
OP_PUSHDATA1
@ OP_PUSHDATA1
Definition: script.h:43
OP_5
@ OP_5
Definition: script.h:53
EvalScript
bool EvalScript(std::vector< std::vector< unsigned char > > &stack, const CScript &script, unsigned int flags, const BaseSignatureChecker &checker, ScriptError *serror)
Definition: interpreter.cpp:241
CScriptNum::getvch
std::vector< unsigned char > getvch() const
Definition: script.h:295
OP_NOP9
@ OP_NOP9
Definition: script.h:170
SCRIPT_VERIFY_LOW_S
@ SCRIPT_VERIFY_LOW_S
Definition: interpreter.h:48
OP_NOP4
@ OP_NOP4
Definition: script.h:165
OP_ADD
@ OP_ADD
Definition: script.h:126
OP_ROLL
@ OP_ROLL
Definition: script.h:94
ripemd160.h
OP_NOP8
@ OP_NOP8
Definition: script.h:169
OP_16
@ OP_16
Definition: script.h:64
CSHA1
A hasher class for SHA1.
Definition: sha1.h:12
sha256.h
VerifyScript
bool VerifyScript(const CScript &scriptSig, const CScript &scriptPubKey, unsigned int flags, const BaseSignatureChecker &checker, ScriptError *serror)
Definition: interpreter.cpp:1163
OP_PICK
@ OP_PICK
Definition: script.h:93
TransactionSignatureChecker::CheckSig
bool CheckSig(const std::vector< unsigned char > &scriptSig, const std::vector< unsigned char > &vchPubKey, const CScript &scriptCode) const
Definition: interpreter.cpp:1106
OP_RIGHT
@ OP_RIGHT
Definition: script.h:103
OP_SIZE
@ OP_SIZE
Definition: script.h:104
OP_CODESEPARATOR
@ OP_CODESEPARATOR
Definition: script.h:154
CPubKey
An encapsulated public key.
Definition: pubkey.h:37
OP_NUMEQUAL
@ OP_NUMEQUAL
Definition: script.h:136
SCRIPT_ERR_CHECKSIGVERIFY
@ SCRIPT_ERR_CHECKSIGVERIFY
Definition: script_error.h:28
OP_SUB
@ OP_SUB
Definition: script.h:127
OP_TUCK
@ OP_TUCK
Definition: script.h:97
TransactionSignatureChecker::nIn
unsigned int nIn
Definition: interpreter.h:108
OP_LSHIFT
@ OP_LSHIFT
Definition: script.h:131
SCRIPT_ERR_UNBALANCED_CONDITIONAL
@ SCRIPT_ERR_UNBALANCED_CONDITIONAL
Definition: script_error.h:36
CScript::FindAndDelete
int FindAndDelete(const CScript &b)
Definition: script.h:563
CTransaction::vin
std::vector< CTxIn > vin
Definition: transaction.h:285
OP_12
@ OP_12
Definition: script.h:60
SCRIPT_ERR_PUBKEY_COUNT
@ SCRIPT_ERR_PUBKEY_COUNT
Definition: script_error.h:22
OP_2DUP
@ OP_2DUP
Definition: script.h:82
OP_FROMALTSTACK
@ OP_FROMALTSTACK
Definition: script.h:80
OP_PUSHDATA2
@ OP_PUSHDATA2
Definition: script.h:44
SCRIPT_VERIFY_SIGPUSHONLY
@ SCRIPT_VERIFY_SIGPUSHONLY
Definition: interpreter.h:54
OP_DIV
@ OP_DIV
Definition: script.h:129
TransactionSignatureChecker::txTo
const CTransaction * txTo
Definition: interpreter.h:107
Serialize
void Serialize(Stream &s, char a, int, int=0)
Definition: serialize.h:206
CHashWriter
A writer stream (for serialization) that computes a 256-bit hash.
Definition: hash.h:259
prevector::size
size_type size() const
Definition: prevector.h:282
OP_EQUAL
@ OP_EQUAL
Definition: script.h:111
OP_NOP10
@ OP_NOP10
Definition: script.h:171
prevector::begin
iterator begin()
Definition: prevector.h:290
SCRIPT_ERR_SIG_HIGH_S
@ SCRIPT_ERR_SIG_HIGH_S
Definition: script_error.h:47
SCRIPT_VERIFY_STRICTENC
@ SCRIPT_VERIFY_STRICTENC
Definition: interpreter.h:41
CSHA256
A hasher class for SHA-256.
Definition: sha256.h:12
SCRIPT_ERR_VERIFY
@ SCRIPT_ERR_VERIFY
Definition: script_error.h:25
OP_1NEGATE
@ OP_1NEGATE
Definition: script.h:46
SCRIPT_ERR_NUMEQUALVERIFY
@ SCRIPT_ERR_NUMEQUALVERIFY
Definition: script_error.h:29
OP_GREATERTHANOREQUAL
@ OP_GREATERTHANOREQUAL
Definition: script.h:142
SCRIPT_VERIFY_P2SH
@ SCRIPT_VERIFY_P2SH
Definition: interpreter.h:36
SIGHASH_SINGLE
@ SIGHASH_SINGLE
Definition: interpreter.h:26
OP_MUL
@ OP_MUL
Definition: script.h:128
valtype
std::vector< unsigned char > valtype
Definition: interpreter.cpp:19
OP_IF
@ OP_IF
Definition: script.h:69
script.h
CHash256
A hasher class for Bitcoin's 256-bit hash (double SHA-256).
Definition: hash.h:33
SCRIPT_ERR_SIG_NULLDUMMY
@ SCRIPT_ERR_SIG_NULLDUMMY
Definition: script_error.h:48
CPubKey::IsValid
bool IsValid() const
Definition: pubkey.h:159
OP_DEPTH
@ OP_DEPTH
Definition: script.h:88
CTransaction::nVersion
const int32_t nVersion
Definition: transaction.h:284
SCRIPT_ERR_BAD_OPCODE
@ SCRIPT_ERR_BAD_OPCODE
Definition: script_error.h:32
OP_CHECKMULTISIGVERIFY
@ OP_CHECKMULTISIGVERIFY
Definition: script.h:158
OP_CAT
@ OP_CAT
Definition: script.h:100
OP_13
@ OP_13
Definition: script.h:61
CHashWriter::GetHash
uint256 GetHash()
Definition: hash.h:277
OP_NIP
@ OP_NIP
Definition: script.h:91
SCRIPT_ERR_UNKNOWN_ERROR
@ SCRIPT_ERR_UNKNOWN_ERROR
Definition: script_error.h:12
SCRIPT_VERIFY_DERSIG
@ SCRIPT_VERIFY_DERSIG
Definition: interpreter.h:44
SCRIPT_ERR_UNSATISFIED_LOCKTIME
@ SCRIPT_ERR_UNSATISFIED_LOCKTIME
Definition: script_error.h:40
OP_NOP6
@ OP_NOP6
Definition: script.h:167
OP_EQUALVERIFY
@ OP_EQUALVERIFY
Definition: script.h:112
OP_1
@ OP_1
Definition: script.h:48
OP_8
@ OP_8
Definition: script.h:56
SCRIPT_ERR_PUBKEYTYPE
@ SCRIPT_ERR_PUBKEYTYPE
Definition: script_error.h:49
OP_ELSE
@ OP_ELSE
Definition: script.h:73
opcodetype
opcodetype
Script opcodes.
Definition: script.h:38
S
#define S(x0, x1, x2, x3, cb, r)
Definition: jh.c:494
BaseSignatureChecker::CheckLockTime
virtual bool CheckLockTime(const CScriptNum &nLockTime) const
Definition: interpreter.h:96
OP_15
@ OP_15
Definition: script.h:63
OP_ENDIF
@ OP_ENDIF
Definition: script.h:74
CastToBool
bool CastToBool(const valtype &vch)
Definition: interpreter.cpp:39
Generated on Tue Apr 28 2026 00:02:56 for PRCYCoin by   doxygen 1.8.17