btcruby 1.1.1 → 1.1.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: b2ed39f95cdd06b5950c9164180c4086592519ef
-  data.tar.gz: 826463f6e12c74f02e122f696251d9c212cf9077
+  metadata.gz: e26eccf4e25b07bfb7c0a20d4757c73112ef36ac
+  data.tar.gz: 44f3ca44eb7f7c36e666a7a0987055c5a16efeb7
 SHA512:
-  metadata.gz: 26f331d4b44fc40c0e211693baca89866176b101600b6dd70860eef7a05bf4db2047c54f7e2a676cb4154683da2d17764b9bfd1c652de805af259f5ab33e9623
-  data.tar.gz: 96817a00e44da817f3a83d91890c24b6ebde7d5079499e1e759303a99df4002067439761b12f34203f76b26d1afc361d3cb2ff873abde04937fa7ff4a7706858
+  metadata.gz: 6c891533a5c79e2091f095ae8a9c103cf326cb5d6f532e62497dfc677e887ddf3b718cee7fc16f5b86c53b45b7f9a08320942b088cb55d92ec246aadf84c0f7b
+  data.tar.gz: 8c0dda6751152a16cf585c5472e5f9bb6ee0c0f2bca7fc64ff3e204ea85b9a93924c2d70e88ed70c20e04f36dfec04bc4032633c4ba0c99854fb6fee56c4b823

data/README.md

@@ -28,6 +28,7 @@ Please see [BTCRuby Reference](documentation/index.md) for API documentation and
   and [BIP62](https://github.com/bitcoin/bips/blob/master/bip-0062.mediawiki).
 * Automatic normalization of existing ECDSA signatures (see `BTC::Key#normalized_signature`).
 * Rich script analysis and compositing support (see `BTC::Script`).
+* Full script interpreter with [P2SH](https://github.com/bitcoin/bips/blob/master/bip-0016.mediawiki) and [CLTV](https://github.com/bitcoin/bips/blob/master/bip-0065.mediawiki) features.
 * Powerful diagnostics API covering the entire library (see `BTC::Diagnostics`).
 * Canonicality checks for transactions, public keys and script elements.
 * Fee computation and signature script simulation for building transactions without signing them.
@@ -36,7 +37,7 @@ Please see [BTCRuby Reference](documentation/index.md) for API documentation and
 ## Philosophy
 
 * We use clear, expressive names for all methods and classes.
-* Self-contained implementation. Only external dependency is `ffi` gem that helps linking directly with OpenSSL.
+* Self-contained implementation. Only external dependency is `ffi` gem that helps linking directly with OpenSSL and libsecp256k1.
 * For efficiency and consistency we use binary strings throughout the library (not the hex strings as in other libraries).
 * We do not pollute standard classes with our methods. To use utility extensions like `String#to_hex` you should explicitly `require 'btcruby/extensions'`.
 * We use OpenSSL `BIGNUM` implementation where compatibility is critical (instead of the built-in Ruby Bignum).
@@ -49,6 +50,7 @@ The goal is to provide a complete Bitcoin toolkit in Ruby.
 
 ```
 $ bundle install
+$ brew install ./vendor/homebrew/secp256k1.rb
 $ rake
 ```
 

data/RELEASE_NOTES.md

@@ -2,6 +2,14 @@
 BTCRuby Release Notes
 =====================
 
+1.1.2 (August 17, 2015)
+---------------------
+
+* Added scripts test suite from Bitcoin Core.
+* Added transactions test suite from Bitcoin Core.
+* As a result, fixed a few consensus bugs.
+* Renamed `TransactionOutpoint` to `Outpoint` (previous name kept for backwards compatibility).
+
 1.1.1 (July 30, 2015)
 ---------------------
 

data/lib/btcruby.rb

@@ -23,10 +23,11 @@ require_relative 'btcruby/key.rb'
 require_relative 'btcruby/keychain.rb'
 require_relative 'btcruby/wire_format.rb'
 require_relative 'btcruby/hash_id.rb'
+require_relative 'btcruby/outpoint.rb'
 require_relative 'btcruby/transaction.rb'
 require_relative 'btcruby/transaction_input.rb'
 require_relative 'btcruby/transaction_output.rb'
-require_relative 'btcruby/transaction_outpoint.rb'
+require_relative 'btcruby/validation.rb'
 
 require_relative 'btcruby/script/script_error.rb'
 require_relative 'btcruby/script/script_flags.rb'
@@ -39,6 +40,10 @@ require_relative 'btcruby/script/signature_checker.rb'
 require_relative 'btcruby/script/test_signature_checker.rb'
 require_relative 'btcruby/script/transaction_signature_checker.rb'
 
+require_relative 'btcruby/script/script_interpreter_plugin.rb'
+require_relative 'btcruby/script/p2sh_plugin.rb'
+require_relative 'btcruby/script/cltv_plugin.rb'
+
 require_relative 'btcruby/transaction_builder.rb'
 require_relative 'btcruby/proof_of_work.rb'
 require_relative 'btcruby/block_header.rb'

data/lib/btcruby/openssl.rb

@@ -269,7 +269,7 @@ module BTC
     # Nonce k is equal to HMAC-SHA256(data: hash, key: privkey)
     def ecdsa_signature(hash, privkey, normalized: true)
       raise ArgumentError, "Hash is missing" if !hash
-      raise ArgumentError, "Cannot make a ECDSA signature without the private key" if !privkey
+      raise ArgumentError, "Private key is missing" if !privkey
 
       # ECDSA signature is a pair of numbers: (Kx, s)
       # Where Kx = x coordinate of k*G mod n (n is the order of secp256k1).
@@ -345,6 +345,10 @@ module BTC
     # Normalizes S value of the signature and returns normalized signature.
     # Returns nil if signature is completely invalid.
     def ecdsa_normalized_signature(signature)
+      ecdsa_reserialize_signature(signature, normalize_s: true)
+    end
+    
+    def ecdsa_reserialize_signature(signature, normalize_s: false)
       raise ArgumentError, "Signature is missing" if !signature
 
       autorelease do |pool|
@@ -358,15 +362,19 @@ module BTC
         buf = FFI::MemoryPointer.from_string(signature)
         psig = d2i_ECDSA_SIG(nil, pointer_to_pointer(buf), buf.size-1)
         if psig.null?
-          raise BTCError, "OpenSSL failed to read ECDSA signature with DER: #{BTC.to_hex(signature).inspect}"
+          Diagnostics.current.add_message("OpenSSL failed to read ECDSA signature with DER during reserialize: #{BTC.to_hex(signature).inspect}")
+          return signature
+          #raise BTCError, "OpenSSL failed to read ECDSA signature with DER: #{BTC.to_hex(signature).inspect}"
         end
 
         sig = ECDSA_SIG.new(psig) # read sig from its pointer
-        s = sig[:s]
-
-        # Enforce low S values, by negating the value (modulo the order) if above order/2.
-        if BN_cmp(s, halfn) > 0
-          BN_sub(s, n, s)
+        
+        if normalize_s
+          # Enforce low S values, by negating the value (modulo the order) if above order/2.
+          s = sig[:s]
+          if BN_cmp(s, halfn) > 0
+            BN_sub(s, n, s)
+          end
         end
 
         # Note: we'll place new s value back to s bignum,
@@ -393,6 +401,9 @@ module BTC
       raise ArgumentError, "Signature is missing" if !signature
       raise ArgumentError, "Hash is missing" if !hash
       raise ArgumentError, "Public key is missing" if !public_key
+      
+      # New versions of OpenSSL will reject non-canonical DER signatures. de/re-serialize first.
+      signature = ecdsa_reserialize_signature(signature, normalize_s: false)
 
       autorelease do |pool|
         eckey = pool.new_ec_key
@@ -400,13 +411,14 @@ module BTC
         buf = FFI::MemoryPointer.from_string(public_key)
         eckey = o2i_ECPublicKey(pointer_to_pointer(eckey), pointer_to_pointer(buf), buf.size - 1)
         if eckey.null?
+          Diagnostics.current.add_message("OpenSSL failed to create EC_KEY with public key: #{BTC.to_hex(public_key).inspect}")
           raise BTCError, "OpenSSL failed to create EC_KEY with public key: #{BTC.to_hex(public_key).inspect}"
         end
 
         # -1 = error, 0 = bad sig, 1 = good
         hash_buf = FFI::MemoryPointer.from_string(hash)
         sig_buf = FFI::MemoryPointer.from_string(signature)
-        result = ECDSA_verify(0, hash_buf, hash_buf.size-1, sig_buf, sig_buf.size-1, eckey)
+        result = ECDSA_verify(0, hash_buf, hash.bytesize, sig_buf, signature.bytesize, eckey)
 
         if result == 1
           return true
@@ -415,7 +427,9 @@ module BTC
         if result == 0
           Diagnostics.current.add_message("OpenSSL detected invalid ECDSA signature. Signature: #{BTC.to_hex(signature).inspect}; Hash: #{BTC.to_hex(hash).inspect}; Pubkey: #{BTC.to_hex(public_key).inspect}")
         else
-          raise BTCError, "OpenSSL failed with error while verifying ECDSA signature. Signature: #{BTC.to_hex(signature).inspect}; Hash: #{BTC.to_hex(hash).inspect}; Pubkey: #{BTC.to_hex(public_key).inspect}"
+          Diagnostics.current.add_message("OpenSSL failed with error while verifying ECDSA signature. Signature: #{BTC.to_hex(signature).inspect}; Hash: #{BTC.to_hex(hash).inspect}; Pubkey: #{BTC.to_hex(public_key).inspect}; Result: #{result}")
+          return false
+          # raise BTCError, "OpenSSL failed with error while verifying ECDSA signature. Signature: #{BTC.to_hex(signature).inspect}; Hash: #{BTC.to_hex(hash).inspect}; Pubkey: #{BTC.to_hex(public_key).inspect}; Result: #{result}"
         end
         return false
       end

data/lib/btcruby/{transaction_outpoint.rb → outpoint.rb}

@@ -1,6 +1,9 @@
 module BTC
   # Represents a reference to a previous transaction.
-  class TransactionOutpoint
+  class Outpoint
+    INVALID_INDEX = 0xFFFFFFFF # aka "(unsigned int) -1" in BitcoinQT.
+    ZERO_HASH256  = ("\x00".b*32).freeze
+    
     attr_accessor :transaction_hash
     attr_accessor :transaction_id
     attr_accessor :index
@@ -8,6 +11,9 @@ module BTC
     def initialize(transaction_hash: nil, transaction_id: nil, index: 0)
       @transaction_hash = transaction_hash
       self.transaction_id = transaction_id if transaction_id
+      while index < 0
+        index += 2**32
+      end
       @index = index
     end
     
@@ -22,6 +28,10 @@ module BTC
     def outpoint_id
       %{#{transaction_id}:#{index}}
     end
+    
+    def null?
+      @index == INVALID_INDEX && @transaction_hash == ZERO_HASH256
+    end
 
     def ==(other)
       index == other.index &&
@@ -37,4 +47,7 @@ module BTC
       outpoint_id
     end
   end
+  
+  # For backwards compatibility keep the longer name.
+  TransactionOutpoint = Outpoint
 end

data/lib/btcruby/script/cltv_plugin.rb

@@ -0,0 +1,63 @@
+module BTC
+  # Performs CHECKLOCKTIMEVERIFY (BIP65) evaluation
+  class CLTVPlugin
+    include ScriptInterpreterPlugin
+
+    # Default `locktime_max_size` is 5.
+    # Default `lock_time_checker` equals current interpreter's signature checker.
+    def initialize(locktime_max_size: nil, lock_time_checker: nil)
+      @locktime_max_size = locktime_max_size || 5
+      @lock_time_checker = lock_time_checker
+    end
+
+    def extra_flags
+      SCRIPT_VERIFY_CHECKLOCKTIMEVERIFY
+    end
+
+    def should_handle_opcode(interpreter: nil, opcode: nil)
+      opcode == OP_CHECKLOCKTIMEVERIFY
+    end
+
+    # Returns `false` if failed to execute the opcode.
+    def handle_opcode(interpreter: nil, opcode: nil)
+      # We are not supposed to handle any other opcodes here.
+      return false if opcode != OP_CHECKLOCKTIMEVERIFY
+
+      if interpreter.stack.size < 1
+        return interpreter.set_error(SCRIPT_ERR_INVALID_STACK_OPERATION)
+      end
+
+      # Note that elsewhere numeric opcodes are limited to
+      # operands in the range -2**31+1 to 2**31-1, however it is
+      # legal for opcodes to produce results exceeding that
+      # range. This limitation is implemented by CScriptNum's
+      # default 4-byte limit.
+      #
+      # If we kept to that limit we'd have a year 2038 problem,
+      # even though the nLockTime field in transactions
+      # themselves is uint32 which only becomes meaningless
+      # after the year 2106.
+      #
+      # Thus as a special case we tell CScriptNum to accept up
+      # to 5-byte bignums, which are good until 2**39-1, well
+      # beyond the 2**32-1 limit of the nLockTime field itself.
+      locktime = interpreter.cast_to_number(interpreter.stack.last, max_size: @locktime_max_size)
+
+      # In the rare event that the argument may be < 0 due to
+      # some arithmetic being done first, you can always use
+      # 0 MAX CHECKLOCKTIMEVERIFY.
+      if locktime < 0
+        return interpreter.set_error(SCRIPT_ERR_NEGATIVE_LOCKTIME)
+      end
+
+      # Actually compare the specified lock time with the transaction.
+      checker = @lock_time_checker || interpreter.signature_checker
+      if !checker.check_lock_time(locktime)
+        return interpreter.set_error(SCRIPT_ERR_UNSATISFIED_LOCKTIME)
+      end
+
+      return true
+    end
+
+  end
+end

data/lib/btcruby/script/p2sh_plugin.rb

@@ -0,0 +1,71 @@
+module BTC
+  # Performs Pay-to-Script-Hash (BIP16) evaluation
+  class P2SHPlugin
+    include ScriptInterpreterPlugin
+
+    # Returns additional flags to be available to #flag? checks during script execution.
+    # This way one plugin can affect evaluation of another.
+    def extra_flags
+      SCRIPT_VERIFY_P2SH
+    end
+
+    # Every plugin gets this callback. If plugin return `false`, execution is stopped and interpreter returns `false`.
+    # Default value is `true`.
+    def did_execute_signature_script(interpreter: nil, signature_script: nil)
+      @signature_script = signature_script
+      @stack_copy = interpreter.stack.dup
+      true
+    end
+
+    def did_execute_output_script(interpreter: nil, output_script: nil)
+      # Cleanup ivars
+      stack_copy = @stack_copy
+      @stack_copy = nil
+
+      signature_script = @signature_script
+      @signature_script = nil
+
+      # If output script is not P2SH, do nothing.
+      return true if !output_script.p2sh?
+
+      # Additional validation for pay-to-script-hash (P2SH) transactions:
+
+      # scriptSig must be literals-only or validation fails
+      if !signature_script.data_only?
+        return interpreter.set_error(SCRIPT_ERR_SIG_PUSHONLY)
+      end
+
+      # Restore stack.
+      interpreter.stack = stack_copy
+
+      # stack cannot be empty here, because if it was the
+      # P2SH  HASH <> EQUAL  scriptPubKey would be evaluated with
+      # an empty stack and the EvalScript above would return false.
+      raise "Stack cannot be empty" if stack_copy.empty?
+
+      serialized_redeem_script = interpreter.stack.pop
+      begin
+        redeem_script = BTC::Script.new(data: serialized_redeem_script)
+      rescue => e
+        return interpreter.set_error(SCRIPT_ERR_BAD_OPCODE, "Failed to parse serialized redeem script for P2SH. #{e.message}")
+      end
+
+      # Actually execute the script.
+      if !interpreter.run_script(redeem_script)
+        # error is set in run_script
+        return false
+      end
+
+      if interpreter.stack.empty?
+        return interpreter.set_error(SCRIPT_ERR_EVAL_FALSE)
+      end
+
+      if interpreter.cast_to_bool(interpreter.stack.last) == false
+        return interpreter.set_error(SCRIPT_ERR_EVAL_FALSE)
+      end
+
+      return true
+    end
+
+  end
+end

data/lib/btcruby/script/script.rb

@@ -421,9 +421,11 @@ module BTC
 
     # Appends an opcode (Integer), pushdata (String) or Script and returns self.
     # If Array is passed, this method is recursively called for each element in the array.
-    def <<(object)
+    def append(object)
       if object.is_a?(BTC::Script)
         append_script(object)
+      elsif object.is_a?(BTC::ScriptNumber)
+        append_pushdata(object.data)
       elsif object.is_a?(Integer)
         append_opcode(object)
       elsif object.is_a?(String)
@@ -439,6 +441,10 @@ module BTC
       end
       return self
     end
+    
+    def <<(object)
+      append(object)
+    end
 
     # Returns a new instance with concatenation of two scripts.
     def +(other)

data/lib/btcruby/script/script_error.rb

@@ -134,6 +134,6 @@ module BTC
 end
 
 if $0 == __FILE__
-  puts BTC::ScriptError.new(BTC::ScriptError::SCRIPT_ERR_SIG_HIGH_S).inspect
+  puts BTC::ScriptError.new(BTC::SCRIPT_ERR_SIG_HIGH_S).inspect
 end
 

data/lib/btcruby/script/script_interpreter.rb

@@ -13,51 +13,88 @@ module BTC
   class ScriptInterpreter
     include ScriptFlags
 
+    # Flags specified for this interpreter, not including flags added by plugins.
     attr_accessor :flags
+    attr_accessor :plugins
     attr_accessor :signature_checker
+    attr_accessor :raise_on_failure
+    attr_accessor :max_pushdata_size
+    attr_accessor :max_op_count
+    attr_accessor :max_stack_size
+    attr_accessor :max_script_size
+    attr_accessor :integer_max_size
+    attr_accessor :locktime_max_size
+    
+    # Execution state
     attr_accessor :stack
-    attr_accessor :altstack
+    attr_reader   :altstack
     attr_accessor :error # ScriptError instance
 
     # Instantiates interpreter with validation flags and an optional checker
     # (required if the scripts use signature-checking opcodes).
     # Checker can be transaction checker or block checker
     def initialize(flags:             SCRIPT_VERIFY_NONE,
+                   plugins:           nil,
                    signature_checker: nil,
                    raise_on_failure:  false,
                    max_pushdata_size: MAX_SCRIPT_ELEMENT_SIZE,
                    max_op_count:      MAX_OPS_PER_SCRIPT,
                    max_stack_size:    MAX_STACK_SIZE,
+                   max_script_size:   MAX_SCRIPT_SIZE,
                    integer_max_size:  4,
                    locktime_max_size: 5)
       @flags             = flags
+      @plugins           = plugins || []
       @signature_checker = signature_checker
+      
       @raise_on_failure  = raise_on_failure
       @max_pushdata_size = max_pushdata_size
       @max_op_count      = max_op_count
       @max_stack_size    = max_stack_size
+      @max_script_size   = max_script_size
       @integer_max_size  = integer_max_size
       @locktime_max_size = locktime_max_size
-
-      @stack = []
-      @altstack = []
     end
 
     # Returns true if succeeded or false in case of failure.
     # If fails, sets the error attribute.
     def verify_script(signature_script: nil, output_script: nil)
 
+      @stack = []
+      @altstack = []
+
       if flag?(SCRIPT_VERIFY_SIGPUSHONLY) && !signature_script.data_only?
         return set_error(SCRIPT_ERR_SIG_PUSHONLY)
       end
 
+      if plugin = plugin_to_handle_scripts(signature_script, output_script)
+        return plugin.handle_scripts(
+          interpreter: self,
+          signature_script: signature_script,
+          output_script: output_script
+        ) && verify_clean_stack_if_needed
+      end
+
       if !run_script(signature_script)
         # error is set in run_script
         return false
       end
 
-      stack_copy = if flag?(SCRIPT_VERIFY_P2SH)
-        @stack.dup
+      if !did_execute_signature_script(signature_script)
+        # error is set already
+        return false
+      end
+
+      # This is implemented in P2SHPlugin
+      # stack_copy = if flag?(SCRIPT_VERIFY_P2SH)
+      #   @stack.dup
+      # end
+
+      if plugin = plugin_to_handle_output_script(output_script)
+        return plugin.handle_output_script(
+          interpreter: self,
+          output_script: output_script
+        ) && verify_clean_stack_if_needed
       end
 
       if !run_script(output_script)
@@ -73,58 +110,15 @@ module BTC
         return set_error(SCRIPT_ERR_EVAL_FALSE)
       end
 
-      # Additional validation for pay-to-script-hash (P2SH) transactions:
-      if flag?(SCRIPT_VERIFY_P2SH) && output_script.p2sh?
-
-        # scriptSig must be literals-only or validation fails
-        if !signature_script.data_only?
-          return set_error(SCRIPT_ERR_SIG_PUSHONLY)
-        end
-
-        # Restore stack.
-        @stack = stack_copy
-
-        # stack cannot be empty here, because if it was the
-        # P2SH  HASH <> EQUAL  scriptPubKey would be evaluated with
-        # an empty stack and the EvalScript above would return false.
-        raise "Stack cannot be empty" if @stack.empty?
-
-        serialized_redeem_script = stack_pop
-        begin
-          redeem_script = BTC::Script.new(data: serialized_redeem_script)
-        rescue => e
-          return set_error(SCRIPT_ERR_BAD_OPCODE, "Failed to parse serialized redeem script for P2SH. #{e.message}")
-        end
-
-        if !run_script(redeem_script)
-          # error is set in run_script
-          return false
-        end
-
-        if @stack.empty?
-          return set_error(SCRIPT_ERR_EVAL_FALSE)
-        end
-
-        if cast_to_bool(@stack.last) == false
-          return set_error(SCRIPT_ERR_EVAL_FALSE)
-        end
+      if !did_execute_output_script(output_script)
+        # error is set already
+        return false
       end
 
-      # The CLEANSTACK check is only performed after potential P2SH evaluation,
-      # as the non-P2SH evaluation of a P2SH script will obviously not result in
-      # a clean stack (the P2SH inputs remain).
-      if flag?(SCRIPT_VERIFY_CLEANSTACK)
-        # Disallow CLEANSTACK without P2SH, as otherwise a switch CLEANSTACK->P2SH+CLEANSTACK
-        # would be possible, which is not a softfork (and P2SH should be one).
-        if !flag?(SCRIPT_VERIFY_P2SH)
-          raise ArgumentError, "CLEANSTACK without P2SH is disallowed"
-        end
-        if @stack.size != 1
-          return set_error(SCRIPT_ERR_CLEANSTACK, "Stack must be clean (should contain one item 'true')")
-        end
-      end
-      
-      return true
+      # Additional validation for pay-to-script-hash (P2SH) transactions:
+      # See P2SHPlugin#did_execute_output_script.
+
+      return verify_clean_stack_if_needed
     end
 
 
@@ -140,6 +134,13 @@ module BTC
     # Used internally in `verify_script` and also in unit tests.
     def run_script(script)
 
+      if script.data.bytesize > @max_script_size
+        return set_error(SCRIPT_ERR_SCRIPT_SIZE)
+      end
+
+      # Altstack is not shared between individual runs, but we still store it in ivar to make available to the plugins.
+      @altstack = []
+
       number_zero  = ScriptNumber.new(integer: 0)
       number_one   = ScriptNumber.new(integer: 1)
       zero_value = "".b
@@ -165,32 +166,45 @@ module BTC
             return set_error(SCRIPT_ERR_OP_COUNT)
           end
         end
-
-        if opcode == OP_CAT ||
-           opcode == OP_SUBSTR ||
-           opcode == OP_LEFT ||
-           opcode == OP_RIGHT ||
-           opcode == OP_INVERT ||
-           opcode == OP_AND ||
-           opcode == OP_OR ||
-           opcode == OP_XOR ||
-           opcode == OP_2MUL ||
-           opcode == OP_2DIV ||
-           opcode == OP_MUL ||
-           opcode == OP_DIV ||
-           opcode == OP_MOD ||
-           opcode == OP_LSHIFT ||
-           opcode == OP_RSHIFT
-
-          return set_error(SCRIPT_ERR_DISABLED_OPCODE)
+        
+        # Check if there is a plugin for this opcode before we check for disabled opcodes.
+        opcode_plugin = plugin_to_handle_opcode(opcode)
+        
+        if !opcode_plugin
+          if opcode == OP_CAT ||
+             opcode == OP_SUBSTR ||
+             opcode == OP_LEFT ||
+             opcode == OP_RIGHT ||
+             opcode == OP_INVERT ||
+             opcode == OP_AND ||
+             opcode == OP_OR ||
+             opcode == OP_XOR ||
+             opcode == OP_2MUL ||
+             opcode == OP_2DIV ||
+             opcode == OP_MUL ||
+             opcode == OP_DIV ||
+             opcode == OP_MOD ||
+             opcode == OP_LSHIFT ||
+             opcode == OP_RSHIFT
+
+            return set_error(SCRIPT_ERR_DISABLED_OPCODE)
+          end
         end
 
         if should_execute && 0 <= opcode && opcode <= OP_PUSHDATA4
           # Pushdata (including OP_0).
-          if require_minimal && !chunk.canonical?
+          if require_minimal && !check_minimal_push(chunk.pushdata, opcode)
             return set_error(SCRIPT_ERR_MINIMALDATA)
           end
           stack_push(chunk.pushdata)
+
+        elsif should_execute && opcode_plugin
+          
+          if !opcode_plugin.handle_opcode(interpreter: self, opcode: opcode)
+            # error is set already
+            return false
+          end
+
         elsif should_execute || (OP_IF <= opcode && opcode <= OP_ENDIF)
 
           case opcode
@@ -207,47 +221,50 @@ module BTC
 
           when OP_NOP
             # nothing
-
-          when OP_CHECKLOCKTIMEVERIFY
-            if !flag?(SCRIPT_VERIFY_CHECKLOCKTIMEVERIFY)
-              # not enabled; treat as a NOP2
-              if flag?(SCRIPT_VERIFY_DISCOURAGE_UPGRADABLE_NOPS)
-                return set_error(SCRIPT_ERR_DISCOURAGE_UPGRADABLE_NOPS)
-              end
-              break
-            end
-
-            if @stack.size < 1
-              return set_error(SCRIPT_ERR_INVALID_STACK_OPERATION)
-            end
-
-            # Note that elsewhere numeric opcodes are limited to
-            # operands in the range -2**31+1 to 2**31-1, however it is
-            # legal for opcodes to produce results exceeding that
-            # range. This limitation is implemented by CScriptNum's
-            # default 4-byte limit.
-            #
-            # If we kept to that limit we'd have a year 2038 problem,
-            # even though the nLockTime field in transactions
-            # themselves is uint32 which only becomes meaningless
-            # after the year 2106.
-            #
-            # Thus as a special case we tell CScriptNum to accept up
-            # to 5-byte bignums, which are good until 2**39-1, well
-            # beyond the 2**32-1 limit of the nLockTime field itself.
-            locktime = cast_to_number(@stack.last, max_size: @locktime_max_size)
-
-            # In the rare event that the argument may be < 0 due to
-            # some arithmetic being done first, you can always use
-            # 0 MAX CHECKLOCKTIMEVERIFY.
-            if locktime < 0
-              return set_error(SCRIPT_ERR_NEGATIVE_LOCKTIME)
-            end
-
-            # Actually compare the specified lock time with the transaction.
-            if !signature_checker.check_lock_time(locktime)
-              return set_error(SCRIPT_ERR_UNSATISFIED_LOCKTIME)
-            end
+            
+          # See CLTVPlugin
+          # when OP_CHECKLOCKTIMEVERIFY
+          #   begin
+          #     if !flag?(SCRIPT_VERIFY_CHECKLOCKTIMEVERIFY)
+          #       # not enabled; treat as a NOP2
+          #       if flag?(SCRIPT_VERIFY_DISCOURAGE_UPGRADABLE_NOPS)
+          #         return set_error(SCRIPT_ERR_DISCOURAGE_UPGRADABLE_NOPS)
+          #       end
+          #       break # breaks out of begin ... end while false
+          #     end
+          # 
+          #     if @stack.size < 1
+          #       return set_error(SCRIPT_ERR_INVALID_STACK_OPERATION)
+          #     end
+          # 
+          #     # Note that elsewhere numeric opcodes are limited to
+          #     # operands in the range -2**31+1 to 2**31-1, however it is
+          #     # legal for opcodes to produce results exceeding that
+          #     # range. This limitation is implemented by CScriptNum's
+          #     # default 4-byte limit.
+          #     #
+          #     # If we kept to that limit we'd have a year 2038 problem,
+          #     # even though the nLockTime field in transactions
+          #     # themselves is uint32 which only becomes meaningless
+          #     # after the year 2106.
+          #     #
+          #     # Thus as a special case we tell CScriptNum to accept up
+          #     # to 5-byte bignums, which are good until 2**39-1, well
+          #     # beyond the 2**32-1 limit of the nLockTime field itself.
+          #     locktime = cast_to_number(@stack.last, max_size: @locktime_max_size)
+          # 
+          #     # In the rare event that the argument may be < 0 due to
+          #     # some arithmetic being done first, you can always use
+          #     # 0 MAX CHECKLOCKTIMEVERIFY.
+          #     if locktime < 0
+          #       return set_error(SCRIPT_ERR_NEGATIVE_LOCKTIME)
+          #     end
+          # 
+          #     # Actually compare the specified lock time with the transaction.
+          #     if !signature_checker.check_lock_time(locktime)
+          #       return set_error(SCRIPT_ERR_UNSATISFIED_LOCKTIME)
+          #     end
+          #   end while false
 
           when OP_NOP1..OP_NOP10
             if flag?(SCRIPT_VERIFY_DISCOURAGE_UPGRADABLE_NOPS)
@@ -567,9 +584,9 @@ module BTC
             when OP_GREATERTHANOREQUAL
               bn = ScriptNumber.new(boolean: (bn1 >= bn2))
             when OP_MIN
-              bn = ScriptNumber.new(boolean: (bn1 < bn2 ? bn1 : bn2))
+              bn = (bn1 < bn2 ? bn1 : bn2)
             when OP_MAX
-              bn = ScriptNumber.new(boolean: (bn1 > bn2 ? bn1 : bn2))
+              bn = (bn1 > bn2 ? bn1 : bn2)
             else
               raise "Invalid opcode"
             end
@@ -775,7 +792,7 @@ module BTC
             end
 
           else # unknown opcode
-            return set_error(SCRIPT_ERR_BAD_OPCODE)
+            return set_error(SCRIPT_ERR_BAD_OPCODE, "Unknown opcode 0x#{opcode.to_s(16)}")
 
           end # case opcode
         end # within IF scope
@@ -792,6 +809,8 @@ module BTC
       end
 
       return true
+    rescue ScriptNumberError => e
+      return set_error(SCRIPT_ERR_UNKNOWN_ERROR, e.message)
     end # run_script
 
 
@@ -806,6 +825,30 @@ module BTC
       #puts "PUSHED TO STACK:   #{@stack.map{|s|s.to_hex}.join(' ')}"
     end
 
+    # aka CheckMinimalPush(const valtype& data, opcodetype opcode)
+    def check_minimal_push(data, opcode)
+      if data.bytesize == 0
+        # Could have used OP_0.
+        return opcode == OP_0
+      elsif data.bytesize == 1 && data.bytes[0] >= 1 && data.bytes[0] <= 16
+        # Could have used OP_1 .. OP_16.
+        return opcode == OP_1 + (data.bytes[0] - 1)
+      elsif data.bytesize == 1 && data.bytes[0] == 0x81
+        # Could have used OP_1NEGATE.
+        return opcode == OP_1NEGATE
+      elsif data.bytesize <= 75
+        # Could have used a direct push (opcode indicating number of bytes pushed + those bytes).
+        return opcode == data.bytesize
+      elsif data.bytesize <= 255
+        # Could have used OP_PUSHDATA.
+        return opcode == OP_PUSHDATA1
+      elsif (data.bytesize <= 65535)
+        # Could have used OP_PUSHDATA2.
+        return opcode == OP_PUSHDATA2
+      end
+      return true
+    end
+
     def check_signature_encoding(sig)
       # Empty signature. Not strictly DER encoded, but allowed to provide a
       # compact way to provide an invalid signature for use with CHECK(MULTI)SIG
@@ -847,7 +890,13 @@ module BTC
 
     # If multiple flags are provided, returns true if any of them are present
     def flag?(flags)
-      (@flags & flags) != 0
+      (all_flags & flags) != 0
+    end
+
+    def all_flags
+      @plugins.inject(@flags) do |f, p|
+        f | p.extra_flags
+      end
     end
 
     def cast_to_number(data,
@@ -876,6 +925,67 @@ module BTC
       false
     end
 
+    private
+
+    def plugin_to_handle_scripts(signature_script, output_script)
+      @plugins.each do |plugin|
+        if plugin.should_handle_scripts(interpreter: self, signature_script: signature_script, output_script: output_script)
+          return plugin
+        end
+      end
+      nil
+    end
+
+    def plugin_to_handle_output_script(output_script)
+      @plugins.each do |plugin|
+        if plugin.should_handle_output_script(interpreter: self, output_script: output_script)
+          return plugin
+        end
+      end
+      nil
+    end
+
+    def plugin_to_handle_opcode(opcode)
+      @plugins.each do |plugin|
+        if plugin.should_handle_opcode(interpreter: self, opcode: opcode)
+          return plugin
+        end
+      end
+      nil
+    end
+
+    def did_execute_signature_script(signature_script)
+      @plugins.each do |plugin|
+        if !plugin.did_execute_signature_script(interpreter: self, signature_script: signature_script)
+          return false
+        end
+      end
+    end
+
+    def did_execute_output_script(output_script)
+      @plugins.each do |plugin|
+        if !plugin.did_execute_output_script(interpreter: self, output_script: output_script)
+          return false
+        end
+      end
+    end
+
+    def verify_clean_stack_if_needed
+      # The CLEANSTACK check is only performed after potential P2SH evaluation,
+      # as the non-P2SH evaluation of a P2SH script will obviously not result in
+      # a clean stack (the P2SH inputs remain).
+      if flag?(SCRIPT_VERIFY_CLEANSTACK)
+        # Disallow CLEANSTACK without P2SH, as otherwise a switch CLEANSTACK->P2SH+CLEANSTACK
+        # would be possible, which is not a softfork (and P2SH should be one).
+        if !flag?(SCRIPT_VERIFY_P2SH)
+          raise ArgumentError, "CLEANSTACK without P2SH is disallowed"
+        end
+        if @stack.size != 1
+          return set_error(SCRIPT_ERR_CLEANSTACK, "Stack must be clean (should contain one item 'true')")
+        end
+      end
+      return true
+    end
 
   end
 end