bitcoinrb 0.0.1 → 0.1.1

data/lib/bitcoin/script/tx_checker.rb

@@ -21,23 +21,59 @@ module Bitcoin
       script_sig = script_sig.htb
       hash_type = script_sig[-1].unpack('C').first
       sig = script_sig[0..-2]
-      if sig_version == ScriptInterpreter::SIG_VERSION[:witness_v0]
-        sighash = tx.sighash_for_input(input_index: input_index, hash_type: hash_type,
-                                       script_code: script_code, amount: amount, sig_version: sig_version)
-      else
-        sighash = tx.sighash_for_input(input_index: input_index, hash_type: hash_type,
-                                       script_code: script_code, sig_version: sig_version)
-      end
-      key = Bitcoin::Key.new(pubkey: pubkey)
+      sighash = tx.sighash_for_input(input_index, script_code, hash_type: hash_type,
+                                     amount: amount, sig_version: sig_version)
+      key = Key.new(pubkey: pubkey)
       key.verify(sig, sighash)
     end
 
-    def check_locktime
-      # TODO
+    def check_locktime(locktime)
+      # There are two kinds of nLockTime: lock-by-blockheight and lock-by-blocktime,
+      # distinguished by whether nLockTime < LOCKTIME_THRESHOLD.
+
+      # We want to compare apples to apples, so fail the script unless the type of nLockTime being tested is the same as the nLockTime in the transaction.
+      unless ((tx.lock_time < LOCKTIME_THRESHOLD && locktime < LOCKTIME_THRESHOLD) ||
+          (tx.lock_time >= LOCKTIME_THRESHOLD && locktime >= LOCKTIME_THRESHOLD))
+        return false
+      end
+
+      # Now that we know we're comparing apples-to-apples, the comparison is a simple numeric one.
+      return false if locktime > tx.lock_time
+
+      # Finally the nLockTime feature can be disabled and thus CHECKLOCKTIMEVERIFY bypassed if every txin has been finalized by setting nSequence to maxint.
+      # The transaction would be allowed into the blockchain, making the opcode ineffective.
+      # Testing if this vin is not final is sufficient to prevent this condition.
+      # Alternatively we could test all inputs, but testing just this input minimizes the data required to prove correct CHECKLOCKTIMEVERIFY execution.
+      return false if TxIn::SEQUENCE_FINAL == tx.inputs[input_index].sequence
+
+      true
     end
 
-    def check_sequence
-      # TODO
+    def check_sequence(sequence)
+      tx_sequence = tx.inputs[input_index].sequence
+      # Fail if the transaction's version number is not set high enough to trigger BIP 68 rules.
+      return false if tx.version < 2
+
+      # Sequence numbers with their most significant bit set are not consensus constrained.
+      # Testing that the transaction's sequence number do not have this bit set prevents using this property to get around a CHECKSEQUENCEVERIFY check.
+      return false unless tx_sequence & TxIn::SEQUENCE_LOCKTIME_DISABLE_FLAG == 0
+
+      # Mask off any bits that do not have consensus-enforced meaning before doing the integer comparisons
+      locktime_mask = TxIn::SEQUENCE_LOCKTIME_TYPE_FLAG | TxIn::SEQUENCE_LOCKTIME_MASK
+      tx_sequence_masked = tx_sequence & locktime_mask
+      sequence_masked = sequence & locktime_mask
+
+      # There are two kinds of nSequence: lock-by-blockheight and lock-by-blocktime,
+      # distinguished by whether sequence_masked < TxIn#SEQUENCE_LOCKTIME_TYPE_FLAG.
+      # We want to compare apples to apples, so fail the script
+      # unless the type of nSequenceMasked being tested is the same as the nSequenceMasked in the transaction.
+      unless ((tx_sequence_masked < TxIn::SEQUENCE_LOCKTIME_TYPE_FLAG && sequence_masked < TxIn::SEQUENCE_LOCKTIME_TYPE_FLAG) ||
+          (tx_sequence_masked >= TxIn::SEQUENCE_LOCKTIME_TYPE_FLAG && sequence_masked >= TxIn::SEQUENCE_LOCKTIME_TYPE_FLAG))
+        return false
+      end
+
+      # Now that we know we're comparing apples-to-apples, the comparison is a simple numeric one.
+      sequence_masked <= tx_sequence_masked
     end
 
   end

data/lib/bitcoin/secp256k1/native.rb

@@ -1,19 +1,153 @@
 module Bitcoin
   module Secp256k1
 
-    # secp256k1 module using libsecp256k1
+    # binding for secp256k1 (https://github.com/bitcoin/bitcoin/tree/v0.14.2/src/secp256k1)
+    # tag: v0.14.2
+    # this is not included by default, to enable set shared object path to ENV['SECP256K1_LIB_PATH']
+    # for linux, ENV['SECP256K1_LIB_PATH'] = '/usr/local/lib/libsecp256k1.so'
+    # for mac,
     module Native
+      include ::FFI::Library
+      extend self
 
+      SECP256K1_FLAGS_TYPE_MASK = ((1 << 8) - 1)
+      SECP256K1_FLAGS_TYPE_CONTEXT = (1 << 0)
+      SECP256K1_FLAGS_TYPE_COMPRESSION = (1 << 1)
+
+      SECP256K1_FLAGS_BIT_CONTEXT_VERIFY = (1 << 8)
+      SECP256K1_FLAGS_BIT_CONTEXT_SIGN = (1 << 9)
+      SECP256K1_FLAGS_BIT_COMPRESSION = (1 << 8)
+
+      # Flags to pass to secp256k1_context_create.
+      SECP256K1_CONTEXT_VERIFY = (SECP256K1_FLAGS_TYPE_CONTEXT | SECP256K1_FLAGS_BIT_CONTEXT_VERIFY)
+      SECP256K1_CONTEXT_SIGN = (SECP256K1_FLAGS_TYPE_CONTEXT | SECP256K1_FLAGS_BIT_CONTEXT_SIGN)
+
+      # Flag to pass to secp256k1_ec_pubkey_serialize and secp256k1_ec_privkey_export.
+      SECP256K1_EC_COMPRESSED = (SECP256K1_FLAGS_TYPE_COMPRESSION | SECP256K1_FLAGS_BIT_COMPRESSION)
+      SECP256K1_EC_UNCOMPRESSED = (SECP256K1_FLAGS_TYPE_COMPRESSION)
+
+      module_function
+
+      def init
+        raise 'secp256k1 library dose not found.' unless File.exist?(ENV['SECP256K1_LIB_PATH'])
+        ffi_lib(ENV['SECP256K1_LIB_PATH'])
+        load_functions
+      end
+
+      def load_functions
+        attach_function(:secp256k1_context_create, [:uint], :pointer)
+        attach_function(:secp256k1_context_destroy, [:pointer], :void)
+        attach_function(:secp256k1_context_randomize, [:pointer, :pointer], :int)
+        attach_function(:secp256k1_ec_pubkey_create, [:pointer, :pointer, :pointer], :int)
+        attach_function(:secp256k1_ec_seckey_verify, [:pointer, :pointer], :int)
+        attach_function(:secp256k1_ecdsa_sign, [:pointer, :pointer, :pointer, :pointer, :pointer, :pointer], :int)
+        attach_function(:secp256k1_ec_pubkey_serialize, [:pointer, :pointer, :pointer, :pointer, :uint], :int)
+        attach_function(:secp256k1_ecdsa_signature_serialize_der, [:pointer, :pointer, :pointer, :pointer], :int)
+        attach_function(:secp256k1_ec_pubkey_parse, [:pointer, :pointer, :pointer, :size_t], :int)
+        attach_function(:secp256k1_ecdsa_signature_parse_der, [:pointer, :pointer, :pointer, :size_t], :int)
+        attach_function(:secp256k1_ecdsa_signature_normalize, [:pointer, :pointer, :pointer], :int)
+        attach_function(:secp256k1_ecdsa_verify, [:pointer, :pointer, :pointer, :pointer], :int)
+      end
+
+      def with_context(flags: (SECP256K1_CONTEXT_VERIFY | SECP256K1_CONTEXT_SIGN))
+        init
+        begin
+          context = secp256k1_context_create(flags)
+          ret, tries, max = 0, 0, 20
+          while ret != 1
+            raise 'secp256k1_context_randomize failed.' if tries >= max
+            tries += 1
+            ret = secp256k1_context_randomize(context, FFI::MemoryPointer.from_string(SecureRandom.random_bytes(32)))
+          end
+          yield(context) if block_given?
+        ensure
+          secp256k1_context_destroy(context)
+        end
+      end
+
+      # generate ec private key and public key
       def generate_key_pair(compressed: true)
-        # TODO
+        with_context do |context|
+          ret, tries, max = 0, 0, 20
+          while ret != 1
+            raise 'secp256k1_ec_seckey_verify in generate_key_pair failed.' if tries >= max
+            tries += 1
+            priv_key = FFI::MemoryPointer.new(:uchar, 32).put_bytes(0, SecureRandom.random_bytes(32))
+            ret = secp256k1_ec_seckey_verify(context, priv_key)
+          end
+
+          internal_pubkey = FFI::MemoryPointer.new(:uchar, 64)
+          result = secp256k1_ec_pubkey_create(context, internal_pubkey, priv_key)
+          raise 'error creating pubkey' unless result
+
+          pubkey = FFI::MemoryPointer.new(:uchar, 65)
+          pubkey_len = FFI::MemoryPointer.new(:uint64)
+          result = if compressed
+                     pubkey_len.put_uint64(0, 33)
+                     secp256k1_ec_pubkey_serialize(context, pubkey, pubkey_len, internal_pubkey, SECP256K1_EC_COMPRESSED)
+                   else
+                     pubkey_len.put_uint64(0, 65)
+                     secp256k1_ec_pubkey_serialize(context, pubkey, pubkey_len, internal_pubkey, SECP256K1_EC_UNCOMPRESSED)
+                   end
+          raise 'error serialize pubkey' unless result || pubkey_len.read_uint64 > 0
+
+          [ priv_key.read_string(32).bth, pubkey.read_string(pubkey_len.read_uint64).bth ]
+        end
       end
 
+      # generate bitcoin key object
       def generate_key(compressed: true)
-        # TODO
+        privkey, pubkey = generate_key_pair(compressed: compressed)
+        Bitcoin::Key.new(priv_key: privkey, pubkey: pubkey, compressed: compressed)
+      end
+
+      def sign_data(data, priv_key)
+        with_context do |context|
+          secret = FFI::MemoryPointer.new(:uchar, priv_key.htb.bytesize).put_bytes(0, priv_key.htb)
+          raise 'priv_key invalid' unless secp256k1_ec_seckey_verify(context, secret)
+
+          internal_signature = FFI::MemoryPointer.new(:uchar, 64)
+          msg32 = FFI::MemoryPointer.new(:uchar, 32).put_bytes(0, data)
+
+          ret, tries, max = 0, 0, 20
+          while ret != 1
+            raise 'secp256k1_ecdsa_sign failed.' if tries >= max
+            tries += 1
+            ret = secp256k1_ecdsa_sign(context, internal_signature, msg32, secret, nil, nil)
+          end
+
+          signature = FFI::MemoryPointer.new(:uchar, 72)
+          signature_len = FFI::MemoryPointer.new(:uint64).put_uint64(0, 72)
+          result = secp256k1_ecdsa_signature_serialize_der(context, signature, signature_len, internal_signature)
+          raise 'secp256k1_ecdsa_signature_serialize_der failed' unless result
+
+          signature.read_string(signature_len.read_uint64)
+        end
       end
 
-      def sign_data(privkey, data)
-        # TODO
+      def verify_sig(data, sig, pub_key)
+        with_context do |context|
+          return false if data.bytesize == 0
+
+          pubkey = FFI::MemoryPointer.new(:uchar, pub_key.htb.bytesize).put_bytes(0, pub_key.htb)
+          internal_pubkey = FFI::MemoryPointer.new(:uchar, 64)
+          result = secp256k1_ec_pubkey_parse(context, internal_pubkey, pubkey, pubkey.size)
+          return false unless result
+
+          signature = FFI::MemoryPointer.new(:uchar, sig.bytesize).put_bytes(0, sig)
+          internal_signature = FFI::MemoryPointer.new(:uchar, 64)
+          result = secp256k1_ecdsa_signature_parse_der(context, internal_signature, signature, signature.size)
+          #result = ecdsa_signature_parse_der_lax(context, internal_signature, signature, signature.size)
+          return false unless result
+
+          # libsecp256k1's ECDSA verification requires lower-S signatures, which have not historically been enforced in Bitcoin, so normalize them first.
+          secp256k1_ecdsa_signature_normalize(context, internal_signature, internal_signature)
+
+          msg32 = FFI::MemoryPointer.new(:uchar, 32).put_bytes(0, data)
+          result = secp256k1_ecdsa_verify(context, internal_signature, msg32, internal_pubkey)
+
+          result ? true : false
+        end
       end
 
     end

data/lib/bitcoin/secp256k1/ruby.rb

@@ -9,7 +9,7 @@ module Bitcoin
 
       module_function
 
-      # generate ecdsa private key and public key
+      # generate ec private key and public key
       def generate_key_pair(compressed: true)
         private_key = 1 + SecureRandom.random_number(GROUP.order - 1)
         public_key = GROUP.generator.multiply_by_scalar(private_key)
@@ -18,23 +18,12 @@ module Bitcoin
         [privkey.bth, pubkey.bth]
       end
 
-      # generate bitcoin key
+      # generate bitcoin key object
       def generate_key(compressed: true)
         privkey, pubkey = generate_key_pair(compressed: compressed)
         Bitcoin::Key.new(priv_key: privkey, pubkey: pubkey, compressed: compressed)
       end
 
-      # generate publick key from private key
-      # @param [String] privkey a private key with string format
-      # @param [Boolean] compressed pubkey compressed?
-      # @return [String] a pubkey which generate from privkey
-      def generate_pubkey(privkey, compressed: true)
-        private_key = ECDSA::Format::IntegerOctetString.decode(privkey.htb)
-        public_key = GROUP.generator.multiply_by_scalar(private_key)
-        pubkey = ECDSA::Format::PointOctetString.encode(public_key, compression: compressed)
-        pubkey.bth
-      end
-
       # sign data.
       # @param [String] data a data to be signed
       # @param [String] privkey a private key using sign

data/lib/bitcoin/tx.rb

@@ -3,6 +3,11 @@ module Bitcoin
   # Transaction class
   class Tx
 
+    MAX_STANDARD_VERSION = 2
+
+    # The maximum weight for transactions we're willing to relay/mine
+    MAX_STANDARD_TX_WEIGHT = 400000
+
     MARKER = 0x00
     FLAG = 0x01
 
@@ -101,22 +106,90 @@ module Bitcoin
       inputs.map { |i| i.script_witness.to_payload }.join
     end
 
+    # check this tx is standard.
+    def standard?
+      return false if version > MAX_STANDARD_VERSION
+      return false if weight > MAX_STANDARD_TX_WEIGHT
+      inputs.each do |i|
+        # Biggest 'standard' txin is a 15-of-15 P2SH multisig with compressed keys (remember the 520 byte limit on redeemScript size).
+        # That works out to a (15*(33+1))+3=513 byte redeemScript, 513+1+15*(73+1)+3=1627
+        # bytes of scriptSig, which we round off to 1650 bytes for some minor future-proofing.
+        # That's also enough to spend a 20-of-20 CHECKMULTISIG scriptPubKey, though such a scriptPubKey is not considered standard.
+        return false if i.script_sig.size > 1650
+        return false unless i.script_sig.push_only?
+      end
+      data_count = 0
+      outputs.each do |o|
+        return false unless o.script_pubkey.standard?
+        data_count += 1 if o.script_pubkey.op_return?
+        # TODO add non P2SH multisig relay(permitbaremultisig)
+        # TODO add dust relay check
+      end
+      return false if data_count > 1
+      true
+    end
+
+    # The serialized transaction size
+    def size
+      to_payload.bytesize
+    end
+
+    # The virtual transaction size (differs from size for witness transactions)
+    def vsize
+      (weight.to_f / 4).ceil
+    end
+
+    # calculate tx weight
+    # weight = (legacy tx payload) * 3 + (witness tx payload)
+    def weight
+      if witness?
+        serialize_old_format.bytesize * (WITNESS_SCALE_FACTOR - 1) + serialize_witness_format.bytesize
+      else
+        serialize_old_format.bytesize * WITNESS_SCALE_FACTOR
+      end
+    end
+
     # get signature hash
     # @param [Integer] input_index input index.
     # @param [Integer] hash_type signature hash type
-    # @param [Bitcoin::Script] script_code script code
+    # @param [Bitcoin::Script] output_script script pubkey or script code. if script pubkey is P2WSH, set witness script to this.
     # @param [Integer] amount bitcoin amount locked in input. required for witness input only.
-    def sighash_for_input(input_index: nil, hash_type: Script::SIGHASH_TYPE[:all], script_code: nil,
-                          sig_version: ScriptInterpreter::SIG_VERSION[:base], amount: nil)
+    # @param [Integer] skip_separator_index If output_script is P2WSH and output_script contains any OP_CODESEPARATOR,
+    # the script code needs  is the witnessScript but removing everything up to and including the last executed OP_CODESEPARATOR before the signature checking opcode being executed.
+    def sighash_for_input(input_index, output_script, hash_type: SIGHASH_TYPE[:all],
+                          sig_version: :base, amount: nil, skip_separator_index: 0)
       raise ArgumentError, 'input_index must be specified.' unless input_index
       raise ArgumentError, 'does not exist input corresponding to input_index.' if input_index >= inputs.size
-      raise ArgumentError, 'script_pubkey must be specified.' unless script_code
+      raise ArgumentError, 'script_pubkey must be specified.' unless output_script
+      raise ArgumentError, 'unsupported sig version specified.' unless SIG_VERSION.include?(sig_version)
 
-      if sig_version == ScriptInterpreter::SIG_VERSION[:witness_v0]
+      if sig_version == :witness_v0
         raise ArgumentError, 'amount must be specified.' unless amount
-        sighash_for_witness(input_index, script_code, hash_type, amount)
+        sighash_for_witness(input_index, output_script, hash_type, amount, skip_separator_index)
+      else
+        sighash_for_legacy(input_index, output_script, hash_type)
+      end
+    end
+
+    # verify input signature.
+    # @param [Integer] input_index
+    # @param [Bitcoin::Script] script_pubkey the script pubkey for target input.
+    # @param [Integer] amount the amount of bitcoin, require for witness program only.
+    # @param [Array] flags the flags used when execute script interpreter.
+    def verify_input_sig(input_index, script_pubkey, amount: nil, flags: STANDARD_SCRIPT_VERIFY_FLAGS)
+      script_sig = inputs[input_index].script_sig
+      has_witness = inputs[input_index].has_witness?
+
+      if script_pubkey.p2sh?
+        flags << SCRIPT_VERIFY_P2SH
+        redeem_script = Script.parse_from_payload(script_sig.chunks.last)
+        script_pubkey = redeem_script if redeem_script.p2wpkh?
+      end
+
+      if has_witness
+        verify_input_sig_for_witness(input_index, script_pubkey, amount, flags)
       else
-        sighash_for_legacy(input_index, script_code, hash_type)
+        verify_input_sig_for_legacy(input_index, script_pubkey, flags)
       end
     end
 
@@ -126,10 +199,10 @@ module Bitcoin
     def sighash_for_legacy(index, script_code, hash_type)
       ins = inputs.map.with_index do |i, idx|
         if idx == index
-          i.to_payload(script_code)
+          i.to_payload(script_code.delete_opcode(Bitcoin::Opcodes::OP_CODESEPARATOR))
         else
           case hash_type & 0x1f
-            when Script::SIGHASH_TYPE[:none], Script::SIGHASH_TYPE[:single]
+            when SIGHASH_TYPE[:none], SIGHASH_TYPE[:single]
               i.to_payload(Bitcoin::Script.new, 0)
             else
               i.to_payload(Bitcoin::Script.new)
@@ -141,16 +214,16 @@ module Bitcoin
       out_size = Bitcoin.pack_var_int(outputs.size)
 
       case hash_type & 0x1f
-        when Script::SIGHASH_TYPE[:none]
+        when SIGHASH_TYPE[:none]
           outs = ''
           out_size = Bitcoin.pack_var_int(0)
-        when Script::SIGHASH_TYPE[:single]
+        when SIGHASH_TYPE[:single]
           return "\x01".ljust(32, "\x00") if index >= outputs.size
           outs = outputs[0...(index + 1)].map.with_index { |o, idx| (idx == index) ? o.to_payload : o.to_empty_payload }.join
           out_size = Bitcoin.pack_var_int(index + 1)
       end
 
-      if hash_type & Script::SIGHASH_TYPE[:anyonecanpay] != 0
+      if hash_type & SIGHASH_TYPE[:anyonecanpay] != 0
         ins = [ins[index]]
       end
 
@@ -162,7 +235,7 @@ module Bitcoin
 
     # generate sighash with BIP-143 format
     # https://github.com/bitcoin/bips/blob/master/bip-0143.mediawiki
-    def sighash_for_witness(index, script_code, hash_type, amount)
+    def sighash_for_witness(index, script_pubkey_or_script_code, hash_type, amount, skip_separator_index)
       hash_prevouts = Bitcoin.double_sha256(inputs.map{|i|i.out_point.to_payload}.join)
       hash_sequence = Bitcoin.double_sha256(inputs.map{|i|[i.sequence].pack('V')}.join)
       outpoint = inputs[index].out_point.to_payload
@@ -170,22 +243,46 @@ module Bitcoin
       nsequence = [inputs[index].sequence].pack('V')
       hash_outputs = Bitcoin.double_sha256(outputs.map{|o|o.to_payload}.join)
 
+      script_code = script_pubkey_or_script_code.to_script_code(skip_separator_index)
+
       case (hash_type & 0x1f)
-      when Script::SIGHASH_TYPE[:single]
+      when SIGHASH_TYPE[:single]
         hash_outputs = index >= outputs.size ? "\x00".ljust(32, "\x00") : Bitcoin.double_sha256(outputs[index].to_payload)
         hash_sequence = "\x00".ljust(32, "\x00")
-      when Script::SIGHASH_TYPE[:none]
+      when SIGHASH_TYPE[:none]
         hash_sequence = hash_outputs = "\x00".ljust(32, "\x00")
       end
 
-      if (hash_type & Script::SIGHASH_TYPE[:anyonecanpay]) != 0
+      if (hash_type & SIGHASH_TYPE[:anyonecanpay]) != 0
         hash_prevouts = hash_sequence ="\x00".ljust(32, "\x00")
       end
-      buf = [ [version].pack('V'), hash_prevouts, hash_sequence, outpoint, Bitcoin::Script.pack_pushdata(script_code.to_payload),
-              amount, nsequence, hash_outputs, [@lock_time, hash_type].pack('VV')].join
+      buf = [ [version].pack('V'), hash_prevouts, hash_sequence, outpoint,
+              script_code ,amount, nsequence, hash_outputs, [@lock_time, hash_type].pack('VV')].join
       Bitcoin.double_sha256(buf)
     end
 
+    # verify input signature for legacy tx.
+    def verify_input_sig_for_legacy(input_index, script_pubkey, flags)
+      script_sig = inputs[input_index].script_sig
+      checker = Bitcoin::TxChecker.new(tx: self, input_index: input_index)
+      interpreter = Bitcoin::ScriptInterpreter.new(checker: checker, flags: flags)
+
+      interpreter.verify_script(script_sig, script_pubkey)
+    end
+
+    # verify input signature for witness tx.
+    def verify_input_sig_for_witness(input_index, script_pubkey, amount, flags)
+      flags << SCRIPT_VERIFY_WITNESS
+      flags << SCRIPT_VERIFY_WITNESS_PUBKEYTYPE
+      checker = Bitcoin::TxChecker.new(tx: self, input_index: input_index, amount: amount)
+      interpreter = Bitcoin::ScriptInterpreter.new(checker: checker, flags: flags)
+      i = inputs[input_index]
+
+      script_sig = i.script_sig
+      witness = i.script_witness
+      interpreter.verify_script(script_sig, script_pubkey, witness)
+    end
+
   end
 
 end

data/lib/bitcoin/tx_in.rb

@@ -8,9 +8,20 @@ module Bitcoin
     attr_accessor :sequence
     attr_accessor :script_witness
 
-    DEFAULT_SEQUENCE = 0xFFFFFFFF
+    # Setting nSequence to this value for every input in a transaction disables nLockTime.
+    SEQUENCE_FINAL = 0xffffffff
 
-    def initialize(out_point: nil, script_sig: nil, script_witness: ScriptWitness.new, sequence: DEFAULT_SEQUENCE)
+    # If this flag set, TxIn#sequence is NOT interpreted as a relative lock-time.
+    SEQUENCE_LOCKTIME_DISABLE_FLAG = (1 << 31)
+
+    # If TxIn#sequence encodes a relative lock-time and this flag is set, the relative lock-time has units of 512 seconds,
+    # otherwise it specifies blocks with a granularity of 1.
+    SEQUENCE_LOCKTIME_TYPE_FLAG = (1 << 22)
+
+    # If TxIn#sequence encodes a relative lock-time, this mask is applied to extract that lock-time from the sequence field.
+    SEQUENCE_LOCKTIME_MASK = 0x0000ffff
+
+    def initialize(out_point: nil, script_sig: Bitcoin::Script.new, script_witness: ScriptWitness.new, sequence: SEQUENCE_FINAL)
       @out_point = out_point
       @script_sig = script_sig
       @script_witness = script_witness
@@ -24,8 +35,11 @@ module Bitcoin
       i.out_point = OutPoint.new(hash.reverse.bth, index)
       sig_length = Bitcoin.unpack_var_int_from_io(buf)
       sig = buf.read(sig_length)
-      i.script_sig = Script.new
-      i.script_sig.chunks[0] = sig
+      if i.coinbase?
+        i.script_sig.chunks[0] = sig
+      else
+        i.script_sig = Script.parse_from_payload(sig)
+      end
       i.sequence = buf.read(4).unpack('V').first
       i
     end
@@ -38,6 +52,11 @@ module Bitcoin
       p = out_point.to_payload
       p << Bitcoin.pack_var_int(script_sig.to_payload.bytesize)
       p << script_sig.to_payload << [sequence].pack('V')
+      p
+    end
+
+    def has_witness?
+      !script_witness.empty?
     end
 
   end

data/lib/bitcoin/tx_out.rb

@@ -13,7 +13,7 @@ module Bitcoin
 
     def self.parse_from_payload(payload)
       buf = payload.is_a?(String) ? StringIO.new(payload) : payload
-      value = buf.read(8).unpack('Q').first
+      value = buf.read(8).unpack('q').first
       script_size = Bitcoin.unpack_var_int_from_io(buf)
       new(value: value, script_pubkey: Script.parse_from_payload(buf.read(script_size)))
     end

data/lib/bitcoin/validation.rb

@@ -0,0 +1,93 @@
+module Bitcoin
+
+  class Validation
+
+    # check transaction validation
+    def check_tx(tx, state)
+      # Basic checks that don't depend on any context
+      if tx.inputs.empty?
+        return state.DoS(10, reject_code: Message::Reject::CODE_INVALID, reject_resoin: 'bad-txns-vin-empty')
+      end
+
+      if tx.outputs.empty?
+        return state.DoS(100, reject_code: Message::Reject::CODE_INVALID, reject_resoin: 'bad-txns-vout-empty')
+      end
+
+      # Size limits (this doesn't take the witness into account, as that hasn't been checked for malleability)
+      if tx.serialize_old_format.bytesize * Bitcoin::WITNESS_SCALE_FACTOR > Bitcoin::MAX_BLOCK_WEIGHT
+        return state.DoS(100, reject_code: Message::Reject::CODE_INVALID, reject_resoin: 'bad-txns-oversize')
+      end
+
+      # Check for negative or overflow output values
+      amount = 0
+      tx.outputs.each do |o|
+        return state.DoS(100, reject_code: Message::Reject::CODE_INVALID, reject_resoin: 'bad-txns-vout-negative') if o.value < 0
+        return state.DoS(100, reject_code: Message::Reject::CODE_INVALID, reject_resoin: 'bad-txns-vout-toolarge') if MAX_MONEY < o.value
+        amount += o.value
+        return state.DoS(100, reject_code: Message::Reject::CODE_INVALID, reject_resoin: 'bad-txns-vout-toolarge') if MAX_MONEY < amount
+      end
+
+      # Check for duplicate inputs - note that this check is slow so we skip it in CheckBlock
+      out_points = tx.inputs.map{|i|i.out_point.to_payload}
+      unless out_points.size == out_points.uniq.size
+        return state.DoS(100, reject_code: Message::Reject::CODE_INVALID, reject_resoin: 'bad-txns-inputs-duplicate')
+      end
+
+      if tx.coinbase_tx?
+        if tx.inputs[0].script_sig.size < 2 || tx.inputs[0].script_sig.size > 100
+          return state.DoS(100, reject_code: Message::Reject::CODE_INVALID, reject_resoin: 'bad-cb-length')
+        end
+      else
+        tx.inputs.each do |i|
+          if i.out_point.nil? || !i.out_point.valid?
+            return state.DoS(10, reject_code: Message::Reject::CODE_INVALID, reject_resoin: 'bad-txns-prevout-null')
+          end
+        end
+      end
+      true
+    end
+
+  end
+
+  class ValidationState
+
+    MODE = {valid: 0, invlid: 1, error: 2}
+
+    attr_accessor :mode
+    attr_accessor :n_dos
+    attr_accessor :reject_reason
+    attr_accessor :reject_code
+    attr_accessor :corruption_possible
+    attr_accessor :debug_message
+
+    def initialize
+      @mode = MODE[:valid]
+      @n_dos = 0
+      @reject_code = 0
+      @corruption_possible = false
+    end
+
+    def DoS(level, ret: false, reject_code: 0, reject_resoin: '', corruption_in: false, debug_message: '')
+      @reject_code = reject_code
+      @reject_reason = reject_resoin
+      @corruption_possible = corruption_in
+      @debug_message = debug_message
+      return ret if mode == MODE[:error]
+      @n_dos += level
+      @mode = MODE[:invalid]
+      ret
+    end
+
+    def valid?
+      mode == MODE[:valid]
+    end
+
+    def invalid?
+      mode == MODE[:invalid]
+    end
+
+    def error?
+      mode == MODE[:error]
+    end
+  end
+end

data/lib/bitcoin/version.rb

@@ -1,3 +1,3 @@
 module Bitcoin
-  VERSION = "0.0.1"
+  VERSION = "0.1.1"
 end