btcruby 1.0.9 → 1.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 439c2a6b804d58bfcb7255211aeea92a5f986f29
-  data.tar.gz: 559235e43429aa8fba5ce4e709042bd20423fe12
+  metadata.gz: 64ee5200a38763d90afb6404bd5b5a5f527f144e
+  data.tar.gz: ebcc849873a50338a4d226bdd111bd6988928689
 SHA512:
-  metadata.gz: 0dc6aa566dc06fc01355faa49043655781567a46852d7d02dc100bc621bb0440017b69599eeb37f702cd1e4bb827cc5a1034e9bf939b340889a0aca5e859f183
-  data.tar.gz: e08ac7f8e1a52a2f257f1f68b51db79e9c0b77209a5809bd4595e508ecece588e2c65f4fb18698e53e367920d640964cb7bb6456abbcec9e430a462f6ed82abc
+  metadata.gz: 04c8322fc7e1ef83c2f8b4a03d54ec0741776955e95fe92210abcdc80c81fbf999899713d15389fd0875ec5983f770c4e30dcd5372ecbbeafebd5668b2ad8f50
+  data.tar.gz: 730d0a4c98735df953eaa01835055df65a1b24296bb17d06848ecbfd3aad2d3baa7b54f4379fcc47d7ec669fe6a896525eec1794e7d0e3d9610603c9613c2fb4

data/RELEASE_NOTES.md

@@ -2,6 +2,13 @@
 BTCRuby Release Notes
 =====================
 
+1.1 (July 29, 2015)
+--------------------
+
+* Added full script interpreter as in Bitcoin Core 0.11.
+* Added array encoding/decoding support to `BTC::WireFormat`.
+
+
 1.0.9 (July 20, 2015)
 --------------------
 

data/lib/btcruby.rb

@@ -27,9 +27,18 @@ require_relative 'btcruby/transaction.rb'
 require_relative 'btcruby/transaction_input.rb'
 require_relative 'btcruby/transaction_output.rb'
 require_relative 'btcruby/transaction_outpoint.rb'
-require_relative 'btcruby/script.rb'
-require_relative 'btcruby/opcode.rb'
-require_relative 'btcruby/signature_hashtype.rb'
+
+require_relative 'btcruby/script/script_error.rb'
+require_relative 'btcruby/script/script_flags.rb'
+require_relative 'btcruby/script/script_number.rb'
+require_relative 'btcruby/script/script.rb'
+require_relative 'btcruby/script/script_interpreter.rb'
+require_relative 'btcruby/script/opcode.rb'
+require_relative 'btcruby/script/signature_hashtype.rb'
+require_relative 'btcruby/script/signature_checker.rb'
+require_relative 'btcruby/script/test_signature_checker.rb'
+require_relative 'btcruby/script/transaction_signature_checker.rb'
+
 require_relative 'btcruby/transaction_builder.rb'
 require_relative 'btcruby/proof_of_work.rb'
 require_relative 'btcruby/block_header.rb'

data/lib/btcruby/open_assets/issuance_id.rb

@@ -17,7 +17,7 @@ module BTC
       if outpoint || amount
         raise ArgumentError, "Outpoint is missing" if !outpoint
         raise ArgumentError, "Amount is missing" if !amount || amount < 0
-        data = outpoint.transaction_hash + WireFormat.encode_uint32le(outpoint.index) + WireFormat.encode_uint64le(amount) 
+        data = outpoint.transaction_hash + WireFormat.encode_uint32be(outpoint.index) + WireFormat.encode_uint64le(amount) 
         super(hash: BTC.hash160(data), network: network)
       else
         super(string: string, hash: hash, network: network, _raw_data: _raw_data)

data/lib/btcruby/script/script_error.rb

@@ -0,0 +1,139 @@
+module BTC
+  SCRIPT_ERR_OK = 0
+  SCRIPT_ERR_UNKNOWN_ERROR = 1
+  SCRIPT_ERR_EVAL_FALSE = 2
+  SCRIPT_ERR_OP_RETURN = 3
+
+  # Max sizes
+  SCRIPT_ERR_SCRIPT_SIZE = 4
+  SCRIPT_ERR_PUSH_SIZE = 5
+  SCRIPT_ERR_OP_COUNT = 6
+  SCRIPT_ERR_STACK_SIZE = 7
+  SCRIPT_ERR_SIG_COUNT = 8
+  SCRIPT_ERR_PUBKEY_COUNT = 9
+
+  # Failed verify operations
+  SCRIPT_ERR_VERIFY = 10
+  SCRIPT_ERR_EQUALVERIFY = 11
+  SCRIPT_ERR_CHECKMULTISIGVERIFY = 12
+  SCRIPT_ERR_CHECKSIGVERIFY = 13
+  SCRIPT_ERR_NUMEQUALVERIFY = 14
+
+  # Logical/Format/Canonical errors
+  SCRIPT_ERR_BAD_OPCODE = 15
+  SCRIPT_ERR_DISABLED_OPCODE = 16
+  SCRIPT_ERR_INVALID_STACK_OPERATION = 17
+  SCRIPT_ERR_INVALID_ALTSTACK_OPERATION = 18
+  SCRIPT_ERR_UNBALANCED_CONDITIONAL = 19
+
+  # OP_CHECKLOCKTIMEVERIFY
+  SCRIPT_ERR_NEGATIVE_LOCKTIME = 20
+  SCRIPT_ERR_UNSATISFIED_LOCKTIME = 21
+
+  # BIP62
+  SCRIPT_ERR_SIG_HASHTYPE = 22
+  SCRIPT_ERR_SIG_DER = 23
+  SCRIPT_ERR_MINIMALDATA = 24
+  SCRIPT_ERR_SIG_PUSHONLY = 25
+  SCRIPT_ERR_SIG_HIGH_S = 26
+  SCRIPT_ERR_SIG_NULLDUMMY = 27
+  SCRIPT_ERR_PUBKEYTYPE = 28
+  SCRIPT_ERR_CLEANSTACK = 29
+
+  # softfork safeness
+  SCRIPT_ERR_DISCOURAGE_UPGRADABLE_NOPS = 30
+  
+  class ScriptError
+    attr_reader :code
+    attr_reader :message
+    attr_reader :description
+
+    def initialize(code, message = nil)
+      @code = code
+      @message = message
+    end
+    
+    def code_name
+      self.class.constants.find{|n| self.class.const_get(n) == @code }
+    end
+    
+    def inspect
+      "#<#{self.class}:#{code} #{description} (#{code_name})>"
+    end
+    
+    def description
+      builtin_description + (@message ? ". #{@message}." : "")
+    end
+    
+    def builtin_description
+      case @code
+      when SCRIPT_ERR_OK
+          return "No error"
+      when SCRIPT_ERR_EVAL_FALSE
+          return "Script evaluated without error but finished with a false/empty top stack element"
+      when SCRIPT_ERR_VERIFY
+          return "Script failed an OP_VERIFY operation"
+      when SCRIPT_ERR_EQUALVERIFY
+          return "Script failed an OP_EQUALVERIFY operation"
+      when SCRIPT_ERR_CHECKMULTISIGVERIFY
+          return "Script failed an OP_CHECKMULTISIGVERIFY operation"
+      when SCRIPT_ERR_CHECKSIGVERIFY
+          return "Script failed an OP_CHECKSIGVERIFY operation"
+      when SCRIPT_ERR_NUMEQUALVERIFY
+          return "Script failed an OP_NUMEQUALVERIFY operation"
+      when SCRIPT_ERR_SCRIPT_SIZE
+          return "Script is too big"
+      when SCRIPT_ERR_PUSH_SIZE
+          return "Push value size limit exceeded"
+      when SCRIPT_ERR_OP_COUNT
+          return "Operation limit exceeded"
+      when SCRIPT_ERR_STACK_SIZE
+          return "Stack size limit exceeded"
+      when SCRIPT_ERR_SIG_COUNT
+          return "Signature count negative or greater than pubkey count"
+      when SCRIPT_ERR_PUBKEY_COUNT
+          return "Pubkey count negative or limit exceeded"
+      when SCRIPT_ERR_BAD_OPCODE
+          return "Opcode missing or not understood"
+      when SCRIPT_ERR_DISABLED_OPCODE
+          return "Attempted to use a disabled opcode"
+      when SCRIPT_ERR_INVALID_STACK_OPERATION
+          return "Operation not valid with the current stack size"
+      when SCRIPT_ERR_INVALID_ALTSTACK_OPERATION
+          return "Operation not valid with the current altstack size"
+      when SCRIPT_ERR_OP_RETURN
+          return "OP_RETURN was encountered"
+      when SCRIPT_ERR_UNBALANCED_CONDITIONAL
+          return "Invalid OP_IF construction"
+      when SCRIPT_ERR_NEGATIVE_LOCKTIME
+          return "Negative locktime"
+      when SCRIPT_ERR_UNSATISFIED_LOCKTIME
+          return "Locktime requirement not satisfied"
+      when SCRIPT_ERR_SIG_HASHTYPE
+          return "Signature hash type missing or not understood"
+      when SCRIPT_ERR_SIG_DER
+          return "Non-canonical DER signature"
+      when SCRIPT_ERR_MINIMALDATA
+          return "Data push larger than necessary"
+      when SCRIPT_ERR_SIG_PUSHONLY
+          return "Only non-push operators allowed in signatures"
+      when SCRIPT_ERR_SIG_HIGH_S
+          return "Non-canonical signature: S value is unnecessarily high"
+      when SCRIPT_ERR_SIG_NULLDUMMY
+          return "Dummy CHECKMULTISIG argument must be zero"
+      when SCRIPT_ERR_DISCOURAGE_UPGRADABLE_NOPS
+          return "NOPx reserved for soft-fork upgrades"
+      when SCRIPT_ERR_PUBKEYTYPE
+          return "Public key is neither compressed or uncompressed"
+      when SCRIPT_ERR_UNKNOWN_ERROR
+      when SCRIPT_ERR_ERROR_COUNT
+      end
+      "unknown error"
+    end
+  end
+end
+
+if $0 == __FILE__
+  puts BTC::ScriptError.new(BTC::ScriptError::SCRIPT_ERR_SIG_HIGH_S).inspect
+end
+

data/lib/btcruby/script/script_flags.rb

@@ -0,0 +1,55 @@
+module BTC
+  module ScriptFlags
+    SCRIPT_VERIFY_NONE      = 0
+
+    # Evaluate P2SH subscripts (softfork safe, BIP16).
+    SCRIPT_VERIFY_P2SH      = (1 << 0)
+
+    # Passing a non-strict-DER signature or one with undefined hashtype to a checksig operation causes script failure.
+    # Evaluating a pubkey that is not (0x04 + 64 bytes) or (0x02 or 0x03 + 32 bytes) by checksig causes script failure.
+    # (softfork safe, but not used or intended as a consensus rule).
+    SCRIPT_VERIFY_STRICTENC = (1 << 1)
+
+    # Passing a non-strict-DER signature to a checksig operation causes script failure (softfork safe, BIP62 rule 1)
+    SCRIPT_VERIFY_DERSIG    = (1 << 2)
+
+    # Passing a non-strict-DER signature or one with S > order/2 to a checksig operation causes script failure
+    # (softfork safe, BIP62 rule 5).
+    SCRIPT_VERIFY_LOW_S     = (1 << 3)
+
+    # verify dummy stack item consumed by CHECKMULTISIG is of zero-length (softfork safe, BIP62 rule 7).
+    SCRIPT_VERIFY_NULLDUMMY = (1 << 4)
+
+    # Using a non-push operator in the scriptSig causes script failure (softfork safe, BIP62 rule 2).
+    SCRIPT_VERIFY_SIGPUSHONLY = (1 << 5)
+
+    # Require minimal encodings for all push operations (OP_0... OP_16, OP_1NEGATE where possible, direct
+    # pushes up to 75 bytes, OP_PUSHDATA up to 255 bytes, OP_PUSHDATA2 for anything larger). Evaluating
+    # any other push causes the script to fail (BIP62 rule 3).
+    # In addition, whenever a stack element is interpreted as a number, it must be of minimal length (BIP62 rule 4).
+    # (softfork safe)
+    SCRIPT_VERIFY_MINIMALDATA = (1 << 6)
+
+    # Discourage use of NOPs reserved for upgrades (NOP1-10)
+    #
+    # Provided so that nodes can avoid accepting or mining transactions
+    # containing executed NOP's whose meaning may change after a soft-fork,
+    # thus rendering the script invalid; with this flag set executing
+    # discouraged NOPs fails the script. This verification flag will never be
+    # a mandatory flag applied to scripts in a block. NOPs that are not
+    # executed, e.g.  within an unexecuted IF ENDIF block, are *not* rejected.
+    SCRIPT_VERIFY_DISCOURAGE_UPGRADABLE_NOPS  = (1 << 7)
+
+    # Require that only a single stack element remains after evaluation. This changes the success criterion from
+    # "At least one stack element must remain, and when interpreted as a boolean, it must be true" to
+    # "Exactly one stack element must remain, and when interpreted as a boolean, it must be true".
+    # (softfork safe, BIP62 rule 6)
+    # Note: CLEANSTACK should never be used without P2SH.
+    SCRIPT_VERIFY_CLEANSTACK = (1 << 8)
+
+    # Verify CHECKLOCKTIMEVERIFY
+    #
+    # See BIP65 for details.
+    SCRIPT_VERIFY_CHECKLOCKTIMEVERIFY = (1 << 9)
+  end
+end

data/lib/btcruby/script/script_interpreter.rb

@@ -0,0 +1,886 @@
+if $0 == __FILE__
+  require 'btcruby'
+  require_relative 'script_flags.rb'
+  require_relative 'script_number.rb'
+end
+
+module BTC
+
+  MAX_STACK_SIZE = 1000
+
+  # Script is a stack machine (like Forth) that evaluates a predicate
+  # returning a bool indicating valid or not.  There are no loops.
+  class ScriptInterpreter
+    include ScriptFlags
+
+    attr_accessor :flags
+    attr_accessor :signature_checker
+    attr_accessor :stack
+    attr_accessor :altstack
+    attr_accessor :error # ScriptError instance
+
+    # Instantiates interpreter with validation flags and an optional checker
+    # (required if the scripts use signature-checking opcodes).
+    # Checker can be transaction checker or block checker
+    def initialize(flags:             SCRIPT_VERIFY_NONE,
+                   signature_checker: nil,
+                   raise_on_failure:  false,
+                   max_pushdata_size: MAX_SCRIPT_ELEMENT_SIZE,
+                   max_op_count:      MAX_OPS_PER_SCRIPT,
+                   max_stack_size:    MAX_STACK_SIZE,
+                   integer_max_size:  4,
+                   locktime_max_size: 5)
+      @flags             = flags
+      @signature_checker = signature_checker
+      @raise_on_failure  = raise_on_failure
+      @max_pushdata_size = max_pushdata_size
+      @max_op_count      = max_op_count
+      @max_stack_size    = max_stack_size
+      @integer_max_size  = integer_max_size
+      @locktime_max_size = locktime_max_size
+
+      @stack = []
+      @altstack = []
+    end
+
+    # Returns true if succeeded or false in case of failure.
+    # If fails, sets the error attribute.
+    def verify_script(signature_script: nil, output_script: nil)
+
+      if flag?(SCRIPT_VERIFY_SIGPUSHONLY) && !signature_script.data_only?
+        return set_error(SCRIPT_ERR_SIG_PUSHONLY)
+      end
+
+      if !run_script(signature_script)
+        # error is set in run_script
+        return false
+      end
+
+      stack_copy = if flag?(SCRIPT_VERIFY_P2SH)
+        @stack.dup
+      end
+
+      if !run_script(output_script)
+        # error is set in run_script
+        return false
+      end
+
+      if @stack.empty?
+        return set_error(SCRIPT_ERR_EVAL_FALSE)
+      end
+
+      if cast_to_bool(@stack.last) == false
+        return set_error(SCRIPT_ERR_EVAL_FALSE)
+      end
+
+      # Additional validation for pay-to-script-hash (P2SH) transactions:
+      if flag?(SCRIPT_VERIFY_P2SH) && output_script.p2sh?
+
+        # scriptSig must be literals-only or validation fails
+        if !signature_script.data_only?
+          return set_error(SCRIPT_ERR_SIG_PUSHONLY)
+        end
+
+        # Restore stack.
+        @stack = stack_copy
+
+        # stack cannot be empty here, because if it was the
+        # P2SH  HASH <> EQUAL  scriptPubKey would be evaluated with
+        # an empty stack and the EvalScript above would return false.
+        raise "Stack cannot be empty" if @stack.empty?
+
+        serialized_redeem_script = stack_pop
+        begin
+          redeem_script = BTC::Script.new(data: serialized_redeem_script)
+        rescue => e
+          return set_error(SCRIPT_ERR_BAD_OPCODE, "Failed to parse serialized redeem script for P2SH. #{e.message}")
+        end
+
+        if !run_script(redeem_script)
+          # error is set in run_script
+          return false
+        end
+
+        if @stack.empty?
+          return set_error(SCRIPT_ERR_EVAL_FALSE)
+        end
+
+        if cast_to_bool(@stack.last) == false
+          return set_error(SCRIPT_ERR_EVAL_FALSE)
+        end
+      end
+
+      # The CLEANSTACK check is only performed after potential P2SH evaluation,
+      # as the non-P2SH evaluation of a P2SH script will obviously not result in
+      # a clean stack (the P2SH inputs remain).
+      if flag?(SCRIPT_VERIFY_CLEANSTACK)
+        # Disallow CLEANSTACK without P2SH, as otherwise a switch CLEANSTACK->P2SH+CLEANSTACK
+        # would be possible, which is not a softfork (and P2SH should be one).
+        if !flag?(SCRIPT_VERIFY_P2SH)
+          raise ArgumentError, "CLEANSTACK without P2SH is disallowed"
+        end
+        if @stack.size != 1
+          return set_error(SCRIPT_ERR_CLEANSTACK, "Stack must be clean (should contain one item 'true')")
+        end
+      end
+      
+      return true
+    end
+
+
+
+
+
+
+
+
+
+    # Returns true if succeeded or false in case of failure.
+    # If fails, sets the error attribute.
+    # Used internally in `verify_script` and also in unit tests.
+    def run_script(script)
+
+      number_zero  = ScriptNumber.new(integer: 0)
+      number_one   = ScriptNumber.new(integer: 1)
+      zero_value = "".b
+      false_value = "".b
+      true_value = "\x01".b
+
+      opcount = 0
+      require_minimal = flag?(SCRIPT_VERIFY_MINIMALDATA)
+      condition_flags = []
+      index_after_codeseparator = 0
+      script.chunks.each_with_index do |chunk, chunk_index|
+
+        opcode = chunk.opcode
+        should_execute = !condition_flags.include?(false)
+
+        if chunk.pushdata? && chunk.pushdata.bytesize > @max_pushdata_size
+          return set_error(SCRIPT_ERR_PUSH_SIZE)
+        end
+
+        # Note how OP_RESERVED does not count towards the opcode limit.
+        if opcode > OP_16
+          if (opcount += 1) > @max_op_count
+            return set_error(SCRIPT_ERR_OP_COUNT)
+          end
+        end
+
+        if opcode == OP_CAT ||
+           opcode == OP_SUBSTR ||
+           opcode == OP_LEFT ||
+           opcode == OP_RIGHT ||
+           opcode == OP_INVERT ||
+           opcode == OP_AND ||
+           opcode == OP_OR ||
+           opcode == OP_XOR ||
+           opcode == OP_2MUL ||
+           opcode == OP_2DIV ||
+           opcode == OP_MUL ||
+           opcode == OP_DIV ||
+           opcode == OP_MOD ||
+           opcode == OP_LSHIFT ||
+           opcode == OP_RSHIFT
+
+          return set_error(SCRIPT_ERR_DISABLED_OPCODE)
+        end
+
+        if should_execute && 0 <= opcode && opcode <= OP_PUSHDATA4
+          # Pushdata (including OP_0).
+          if require_minimal && !chunk.canonical?
+            return set_error(SCRIPT_ERR_MINIMALDATA)
+          end
+          stack_push(chunk.pushdata)
+        elsif should_execute || (OP_IF <= opcode && opcode <= OP_ENDIF)
+
+          case opcode
+          when OP_1NEGATE, OP_1..OP_16
+            # ( -- value)
+            num = ScriptNumber.new(integer: opcode - (OP_1 - 1))
+            stack_push(num.data)
+            # The result of these opcodes should always be the minimal way to push the data
+            # they push, so no need for a CheckMinimalPush here.
+
+
+          # Control Operators
+          # -----------------
+
+          when OP_NOP
+            # nothing
+
+          when OP_CHECKLOCKTIMEVERIFY
+            if !flag?(SCRIPT_VERIFY_CHECKLOCKTIMEVERIFY)
+              # not enabled; treat as a NOP2
+              if flag?(SCRIPT_VERIFY_DISCOURAGE_UPGRADABLE_NOPS)
+                return set_error(SCRIPT_ERR_DISCOURAGE_UPGRADABLE_NOPS)
+              end
+              break
+            end
+
+            if @stack.size < 1
+              return set_error(SCRIPT_ERR_INVALID_STACK_OPERATION)
+            end
+
+            # Note that elsewhere numeric opcodes are limited to
+            # operands in the range -2**31+1 to 2**31-1, however it is
+            # legal for opcodes to produce results exceeding that
+            # range. This limitation is implemented by CScriptNum's
+            # default 4-byte limit.
+            #
+            # If we kept to that limit we'd have a year 2038 problem,
+            # even though the nLockTime field in transactions
+            # themselves is uint32 which only becomes meaningless
+            # after the year 2106.
+            #
+            # Thus as a special case we tell CScriptNum to accept up
+            # to 5-byte bignums, which are good until 2**39-1, well
+            # beyond the 2**32-1 limit of the nLockTime field itself.
+            locktime = cast_to_number(@stack.last, max_size: @locktime_max_size)
+
+            # In the rare event that the argument may be < 0 due to
+            # some arithmetic being done first, you can always use
+            # 0 MAX CHECKLOCKTIMEVERIFY.
+            if locktime < 0
+              return set_error(SCRIPT_ERR_NEGATIVE_LOCKTIME)
+            end
+
+            # Actually compare the specified lock time with the transaction.
+            if !signature_checker.check_lock_time(locktime)
+              return set_error(SCRIPT_ERR_UNSATISFIED_LOCKTIME)
+            end
+
+          when OP_NOP1..OP_NOP10
+            if flag?(SCRIPT_VERIFY_DISCOURAGE_UPGRADABLE_NOPS)
+              return set_error(SCRIPT_ERR_DISCOURAGE_UPGRADABLE_NOPS)
+            end
+
+          when OP_IF, OP_NOTIF
+            # <expression> if [statements] [else [statements]] endif
+            flag = false
+            if should_execute
+              if @stack.size < 1
+                return set_error(SCRIPT_ERR_UNBALANCED_CONDITIONAL)
+              end
+              flag = cast_to_bool(@stack.last)
+              if opcode == OP_NOTIF
+                flag = !flag
+              end
+              stack_pop
+            end
+            condition_flags.push(flag)
+
+          when OP_ELSE
+            if condition_flags.empty?
+              return set_error(SCRIPT_ERR_UNBALANCED_CONDITIONAL)
+            end
+            condition_flags[-1] = !condition_flags.last
+
+          when OP_ENDIF
+            if condition_flags.empty?
+              return set_error(SCRIPT_ERR_UNBALANCED_CONDITIONAL)
+            end
+            condition_flags.pop
+
+          when OP_VERIFY
+            # (true -- ) or
+            # (false -- false) and return
+            if @stack.size < 1
+              return set_error(SCRIPT_ERR_INVALID_STACK_OPERATION)
+            end
+            flag = cast_to_bool(@stack.last)
+            if flag
+              stack_pop
+            else
+              return set_error(SCRIPT_ERR_VERIFY)
+            end
+
+          when OP_RETURN
+            return set_error(SCRIPT_ERR_OP_RETURN)
+
+
+          # Stack Operations
+          # ----------------
+
+          when OP_TOALTSTACK
+            if @stack.size < 1
+              return set_error(SCRIPT_ERR_INVALID_STACK_OPERATION)
+            end
+            @altstack.push(stack_pop)
+
+          when OP_FROMALTSTACK
+            if @altstack.size < 1
+              return set_error(SCRIPT_ERR_INVALID_ALTSTACK_OPERATION)
+            end
+            stack_push(@altstack.pop)
+
+          when OP_2DROP
+            # (x1 x2 -- )
+            if @stack.size < 2
+              return set_error(SCRIPT_ERR_INVALID_STACK_OPERATION)
+            end
+            stack_pop
+            stack_pop
+
+          when OP_2DUP
+            # (x1 x2 -- x1 x2 x1 x2)
+            if @stack.size < 2
+              return set_error(SCRIPT_ERR_INVALID_STACK_OPERATION)
+            end
+            a = @stack[-2]
+            b = @stack[-1]
+            stack_push(a)
+            stack_push(b)
+
+          when OP_3DUP
+            # (x1 x2 x3 -- x1 x2 x3 x1 x2 x3)
+            if @stack.size < 3
+              return set_error(SCRIPT_ERR_INVALID_STACK_OPERATION)
+            end
+            a = @stack[-3]
+            b = @stack[-2]
+            c = @stack[-1]
+            stack_push(a)
+            stack_push(b)
+            stack_push(c)
+
+          when OP_2OVER
+            # (x1 x2 x3 x4 -- x1 x2 x3 x4 x1 x2)
+            if @stack.size < 4
+              return set_error(SCRIPT_ERR_INVALID_STACK_OPERATION)
+            end
+            a = @stack[-4]
+            b = @stack[-3]
+            stack_push(a)
+            stack_push(b)
+
+          when OP_2ROT
+            # (x1 x2 x3 x4 x5 x6 -- x3 x4 x5 x6 x1 x2)
+            if @stack.size < 6
+              return set_error(SCRIPT_ERR_INVALID_STACK_OPERATION)
+            end
+            a = @stack[-6]
+            b = @stack[-5]
+            @stack[-6...-4] = []
+            stack_push(a)
+            stack_push(b)
+
+          when OP_2SWAP
+            # (x1 x2 x3 x4 -- x3 x4 x1 x2)
+            if @stack.size < 4
+              return set_error(SCRIPT_ERR_INVALID_STACK_OPERATION)
+            end
+            x1x2 = @stack[-4...-2]
+            @stack[-4...-2] = []
+            @stack += x1x2
+
+          when OP_IFDUP
+            # (x - 0 | x x)
+            if @stack.size < 1
+              return set_error(SCRIPT_ERR_INVALID_STACK_OPERATION)
+            end
+            item = @stack.last
+            if cast_to_bool(item)
+              stack_push(item)
+            end
+
+          when OP_DEPTH
+            # -- stacksize
+            sn = ScriptNumber.new(integer: @stack.size)
+            stack_push(sn.data)
+
+          when OP_DROP
+            # (x -- )
+            if @stack.size < 1
+              return set_error(SCRIPT_ERR_INVALID_STACK_OPERATION)
+            end
+            stack_pop
+
+          when OP_DUP
+            # (x -- x x)
+            if @stack.size < 1
+              return set_error(SCRIPT_ERR_INVALID_STACK_OPERATION)
+            end
+            stack_push(@stack.last)
+
+          when OP_NIP
+            # (x1 x2 -- x2)
+            if @stack.size < 2
+              return set_error(SCRIPT_ERR_INVALID_STACK_OPERATION)
+            end
+            @stack.delete_at(-2)
+
+          when OP_OVER
+            # (x1 x2 -- x1 x2 x1)
+            if @stack.size < 2
+              return set_error(SCRIPT_ERR_INVALID_STACK_OPERATION)
+            end
+            stack_push(@stack[-2])
+
+          when OP_PICK, OP_ROLL
+            # (xn ... x2 x1 x0 n - xn ... x2 x1 x0 xn)
+            # (xn ... x2 x1 x0 n - ... x2 x1 x0 xn)
+            if @stack.size < 2
+              return set_error(SCRIPT_ERR_INVALID_STACK_OPERATION)
+            end
+            n = cast_to_number(@stack.last).to_i
+            stack_pop
+            if n < 0 || n >= @stack.size
+              return set_error(SCRIPT_ERR_INVALID_STACK_OPERATION)
+            end
+            item = @stack[-n-1]
+            if opcode == OP_ROLL
+              @stack.delete_at(-n-1)
+            end
+            stack_push(item)
+
+          when OP_ROT
+            # (x1 x2 x3 -- x2 x3 x1)
+            #  x2 x1 x3  after first swap
+            #  x2 x3 x1  after second swap
+            if @stack.size < 3
+              return set_error(SCRIPT_ERR_INVALID_STACK_OPERATION)
+            end
+            x1 = @stack[-3]
+            @stack.delete_at(-3)
+            stack_push(x1)
+
+          when OP_SWAP
+            # (x1 x2 -- x2 x1)
+            if @stack.size < 2
+              return set_error(SCRIPT_ERR_INVALID_STACK_OPERATION)
+            end
+            x1 = @stack[-2]
+            @stack.delete_at(-2)
+            stack_push(x1)
+
+          when OP_TUCK
+            # (x1 x2 -- x2 x1 x2)
+            if @stack.size < 2
+              return set_error(SCRIPT_ERR_INVALID_STACK_OPERATION)
+            end
+            item = @stack[-1]
+            @stack.insert(-3, item) # -1 inserts in the end, -2 before the last item.
+
+          when OP_SIZE
+            # (in -- in size)
+            if @stack.size < 1
+              return set_error(SCRIPT_ERR_INVALID_STACK_OPERATION)
+            end
+            sn = ScriptNumber.new(integer: @stack.last.size)
+            stack_push(sn.data)
+
+
+          # Bitwise Logic
+          # -------------
+
+          when OP_EQUAL, OP_EQUALVERIFY
+          # there is no OP_NOTEQUAL, use OP_NUMNOTEQUAL instead
+            # (x1 x2 - bool)
+            if @stack.size < 2
+              return set_error(SCRIPT_ERR_INVALID_STACK_OPERATION)
+            end
+            a = @stack[-2]
+            b = @stack[-1]
+            equal = (a == b)
+            # OP_NOTEQUAL is disabled because it would be too easy to say
+            # something like n != 1 and have some wiseguy pass in 1 with extra
+            # zero bytes after it (numerically, 0x01 == 0x0001 == 0x000001)
+            # if opcode == OP_NOTEQUAL
+            #   equal = !equal
+            # end
+            stack_pop
+            stack_pop
+            stack_push(equal ? true_value : false_value)
+            if opcode == OP_EQUALVERIFY
+              if equal
+                stack_pop
+              else
+                return set_error(SCRIPT_ERR_EQUALVERIFY)
+              end
+            end
+
+
+          # Numeric
+          # -------
+
+          when OP_1ADD,
+               OP_1SUB,
+               OP_NEGATE,
+               OP_ABS,
+               OP_NOT,
+               OP_0NOTEQUAL
+            # (in -- out)
+            if @stack.size < 1
+              return set_error(SCRIPT_ERR_INVALID_STACK_OPERATION)
+            end
+
+            bn = cast_to_number(@stack.last)
+            case opcode
+            when OP_1ADD
+              bn += 1
+            when OP_1SUB
+              bn -= 1
+            when OP_NEGATE
+              bn = -bn
+            when OP_ABS
+              bn = -bn if bn < 0
+            when OP_NOT
+              bn = ScriptNumber.new(boolean: (bn == 0))
+            when OP_0NOTEQUAL
+              bn = ScriptNumber.new(boolean: (bn != 0))
+            else
+              raise "invalid opcode"
+            end
+            stack_pop
+            stack_push(bn.data);
+
+
+          when OP_ADD, OP_SUB, OP_BOOLAND..OP_MAX
+            # (x1 x2 -- out)
+            if @stack.size < 2
+              return set_error(SCRIPT_ERR_INVALID_STACK_OPERATION)
+            end
+
+            bn1 = cast_to_number(@stack[-2])
+            bn2 = cast_to_number(@stack[-1])
+            bn = ScriptNumber.new(integer: 0)
+
+            case opcode
+            when OP_ADD
+              bn = bn1 + bn2
+            when OP_SUB
+              bn = bn1 - bn2
+            when OP_BOOLAND
+              bn = ScriptNumber.new(boolean: ((bn1 != 0) && (bn2 != 0)))
+            when OP_BOOLOR
+              bn = ScriptNumber.new(boolean: ((bn1 != 0) || (bn2 != 0)))
+            when OP_NUMEQUAL, OP_NUMEQUALVERIFY
+              bn = ScriptNumber.new(boolean: (bn1 == bn2))
+            when OP_NUMNOTEQUAL
+              bn = ScriptNumber.new(boolean: (bn1 != bn2))
+            when OP_LESSTHAN
+              bn = ScriptNumber.new(boolean: (bn1 < bn2))
+            when OP_GREATERTHAN
+              bn = ScriptNumber.new(boolean: (bn1 > bn2))
+            when OP_LESSTHANOREQUAL
+              bn = ScriptNumber.new(boolean: (bn1 <= bn2))
+            when OP_GREATERTHANOREQUAL
+              bn = ScriptNumber.new(boolean: (bn1 >= bn2))
+            when OP_MIN
+              bn = ScriptNumber.new(boolean: (bn1 < bn2 ? bn1 : bn2))
+            when OP_MAX
+              bn = ScriptNumber.new(boolean: (bn1 > bn2 ? bn1 : bn2))
+            else
+              raise "Invalid opcode"
+            end
+            stack_pop
+            stack_pop
+            stack_push(bn.data)
+
+            if opcode == OP_NUMEQUALVERIFY
+              if cast_to_bool(@stack[-1])
+                stack_pop
+              else
+                return set_error(SCRIPT_ERR_NUMEQUALVERIFY)
+              end
+            end
+
+          when OP_WITHIN
+            # (x min max -- out)
+            if @stack.size < 3
+              return set_error(SCRIPT_ERR_INVALID_STACK_OPERATION)
+            end
+            bn1 = cast_to_number(@stack[-3])
+            bn2 = cast_to_number(@stack[-2])
+            bn3 = cast_to_number(@stack[-1])
+            flag = ((bn2 <= bn1) && (bn1 < bn3))
+            stack_pop
+            stack_pop
+            stack_pop
+            stack_push(flag ? true_value : false_value)
+
+          # Crypto
+          # ------
+
+          when OP_RIPEMD160..OP_HASH256
+            # (in -- hash)
+            if @stack.size < 1
+              return set_error(SCRIPT_ERR_INVALID_STACK_OPERATION)
+            end
+            item = @stack[-1]
+            hash = case opcode
+            when OP_RIPEMD160
+              BTC.ripemd160(item)
+            when OP_SHA1
+              BTC.sha1(item)
+            when OP_SHA256
+              BTC.sha256(item)
+            when OP_HASH160
+              BTC.hash160(item)
+            when OP_HASH256
+              BTC.hash256(item)
+            end
+            stack_pop
+            stack_push(hash)
+
+          when OP_CODESEPARATOR
+            # Hash starts after the code separator
+            index_after_codeseparator = chunk_index + 1
+
+          when OP_CHECKSIG, OP_CHECKSIGVERIFY
+            # (sig pubkey -- bool)
+            if @stack.size < 2
+              return set_error(SCRIPT_ERR_INVALID_STACK_OPERATION)
+            end
+
+            sig = @stack[-2]
+            pubkey    = @stack[-1]
+
+            # Subset of script starting at the most recent codeseparator
+            subscript = script.subscript(index_after_codeseparator..-1)
+
+            # Drop the signature, since there's no way for a signature to sign itself
+            # Consensus-critical code: must replace sig with minimal encoding.
+            subscript = subscript.find_and_delete(BTC::Script.new << sig)
+
+            if !check_signature_encoding(sig) || !check_pubkey_encoding(pubkey)
+              # error is set already
+              return false
+            end
+
+            success = signature_checker.check_signature(
+              script_signature: sig,
+              public_key:       pubkey,
+              script:           subscript
+            )
+
+            stack_pop
+            stack_pop
+            stack_push(success ? true_value : false_value)
+
+            if opcode == OP_CHECKSIGVERIFY
+              if success
+                stack_pop
+              else
+                return set_error(SCRIPT_ERR_CHECKSIGVERIFY)
+              end
+            end
+
+
+          when OP_CHECKMULTISIG, OP_CHECKMULTISIGVERIFY
+            # ([sig ...] num_of_signatures [pubkey ...] num_of_pubkeys -- bool)
+
+            i = 1
+            if @stack.size < i
+              return set_error(SCRIPT_ERR_INVALID_STACK_OPERATION)
+            end
+
+            keys_count = cast_to_number(@stack[-i]).to_i
+            if keys_count < 0 || keys_count > 20
+              return set_error(SCRIPT_ERR_PUBKEY_COUNT)
+            end
+            opcount += keys_count
+            if opcount > @max_op_count
+              return set_error(SCRIPT_ERR_OP_COUNT)
+            end
+            ikey = (i+=1)
+            i += keys_count
+            if @stack.size < i
+              return set_error(SCRIPT_ERR_INVALID_STACK_OPERATION)
+            end
+
+            sigs_count = cast_to_number(@stack[-i]).to_i
+            if sigs_count < 0 || sigs_count > keys_count
+              return set_error(SCRIPT_ERR_SIG_COUNT)
+            end
+
+            isig = (i+=1)
+            i += sigs_count
+
+            if @stack.size < i
+              return set_error(SCRIPT_ERR_INVALID_STACK_OPERATION)
+            end
+
+            # Subset of script starting at the most recent codeseparator
+
+            # Subset of script starting at the most recent codeseparator
+            subscript = script.subscript(index_after_codeseparator..-1)
+
+            # Drop the signatures, since there's no way for a signature to sign itself
+            # Consensus-critical code: must replace sig with minimal encoding.
+            sigs_count.times do |k|
+              sig = @stack[-isig-k]
+              subscript = subscript.find_and_delete(BTC::Script.new << sig)
+            end
+
+            success = true
+            while success && sigs_count > 0
+              sig = @stack[-isig]
+              pubkey = @stack[-ikey]
+              # Note how this makes the exact order of pubkey/signature evaluation
+              # distinguishable by CHECKMULTISIG NOT if the STRICTENC flag is set.
+              # See the script_(in)valid tests for details.
+              if !check_signature_encoding(sig) || !check_pubkey_encoding(pubkey)
+                # error is set already
+                return false
+              end
+
+              # Check signature
+              ok = signature_checker.check_signature(
+                script_signature: sig,
+                public_key:       pubkey,
+                script:           subscript
+              )
+              if ok
+                isig += 1
+                sigs_count -= 1
+              end
+              ikey += 1
+              keys_count -= 1
+
+              # If there are more signatures left than keys left,
+              # then too many signatures have failed. Exit early,
+              # without checking any further signatures.
+              if sigs_count > keys_count
+                success = false
+              end
+            end
+
+            # Clean up stack of actual arguments
+            while (i-=1) > 0  # Bitcoin Core: while (i-- > 1)
+              stack_pop
+            end
+
+            # A bug causes CHECKMULTISIG to consume one extra argument
+            # whose contents were not checked in any way.
+            #
+            # Unfortunately this is a potential source of mutability,
+            # so optionally verify it is exactly equal to zero prior
+            # to removing it from the stack.
+            if @stack.size < 1
+              return set_error(SCRIPT_ERR_INVALID_STACK_OPERATION)
+            end
+
+            if flag?(SCRIPT_VERIFY_NULLDUMMY) && @stack[-1].size > 0
+              return set_error(SCRIPT_ERR_SIG_NULLDUMMY)
+            end
+            stack_pop
+            stack_push(success ? true_value : false_value)
+            if opcode == OP_CHECKMULTISIGVERIFY
+              if success
+                stack_pop
+              else
+                return set_error(SCRIPT_ERR_CHECKMULTISIGVERIFY)
+              end
+            end
+
+          else # unknown opcode
+            return set_error(SCRIPT_ERR_BAD_OPCODE)
+
+          end # case opcode
+        end # within IF scope
+
+        # Size limits
+        if @stack.size + @altstack.size > @max_stack_size
+          return set_error(SCRIPT_ERR_STACK_SIZE)
+        end
+
+      end # each chunk
+
+      if !condition_flags.empty?
+        return set_error(SCRIPT_ERR_UNBALANCED_CONDITIONAL)
+      end
+
+      return true
+    end # run_script
+
+
+    def stack_pop
+      r = @stack.pop
+      #puts "POPPED FROM STACK: #{@stack.map{|s|s.to_hex}.join(' ')}"
+      r
+    end
+
+    def stack_push(x)
+      @stack.push(x)
+      #puts "PUSHED TO STACK:   #{@stack.map{|s|s.to_hex}.join(' ')}"
+    end
+
+    def check_signature_encoding(sig)
+      # Empty signature. Not strictly DER encoded, but allowed to provide a
+      # compact way to provide an invalid signature for use with CHECK(MULTI)SIG
+      if sig.size == 0
+        return true
+      end
+      if flag?(SCRIPT_VERIFY_DERSIG | SCRIPT_VERIFY_LOW_S | SCRIPT_VERIFY_STRICTENC) && !valid_signature_encoding(sig)
+        return set_error(SCRIPT_ERR_SIG_DER)
+      elsif flag?(SCRIPT_VERIFY_LOW_S) && !low_der_signature(sig)
+        return set_error(SCRIPT_ERR_SIG_HIGH_S)
+      elsif flag?(SCRIPT_VERIFY_STRICTENC) && !defined_hashtype_signature(sig)
+        return set_error(SCRIPT_ERR_SIG_HASHTYPE)
+      end
+      return true
+    end
+
+    def check_pubkey_encoding(pubkey)
+      if flag?(SCRIPT_VERIFY_STRICTENC) && !compressed_or_uncompressed_pubkey(pubkey)
+        return set_error(SCRIPT_ERR_PUBKEYTYPE)
+      end
+      return true
+    end
+
+    def valid_signature_encoding(sig)
+      BTC::Key.validate_script_signature(sig, verify_lower_s: false, verify_hashtype: false)
+    end
+
+    def low_der_signature(sig)
+      BTC::Key.validate_script_signature(sig, verify_lower_s: true, verify_hashtype: false)
+    end
+
+    def defined_hashtype_signature(sig)
+      BTC::Key.validate_script_signature(sig, verify_lower_s: false, verify_hashtype: true)
+    end
+
+    def compressed_or_uncompressed_pubkey(pubkey)
+      BTC::Key.validate_public_key(pubkey)
+    end
+
+    # If multiple flags are provided, returns true if any of them are present
+    def flag?(flags)
+      (@flags & flags) != 0
+    end
+
+    def cast_to_number(data,
+                       require_minimal: flag?(SCRIPT_VERIFY_MINIMALDATA),
+                       max_size: @integer_max_size)
+      ScriptNumber.new(data: data, require_minimal: require_minimal, max_size: max_size)
+    end
+
+    def cast_to_bool(data)
+      data.bytes.each_with_index do |byte, i|
+        if byte != 0
+          # Can be negative zero
+          if byte == 0x80 && i == (data.bytesize - 1)
+            return false
+          end
+          return true
+        end
+      end
+      return false
+    end
+
+    def set_error(code, message = nil)
+      error = ScriptError.new(code, message)
+      raise "#{error.description} (#{code.inspect})" if @raise_on_failure
+      @error = error
+      false
+    end
+
+
+  end
+end
+
+if $0 == __FILE__
+  require 'btcruby'
+
+end