tapyrus 0.1.0 → 0.2.0

data/lib/tapyrus/script/script_error.rb

@@ -78,24 +78,18 @@ module Tapyrus
         'Witness version reserved for soft-fork upgrades'
       when SCRIPT_ERR_PUBKEYTYPE
         'Public key is neither compressed or uncompressed'
-      when SCRIPT_ERR_WITNESS_PROGRAM_WRONG_LENGTH
-        'Witness program has incorrect length'
-      when SCRIPT_ERR_WITNESS_PROGRAM_WITNESS_EMPTY
-        'Witness program was passed an empty witness'
-      when SCRIPT_ERR_WITNESS_PROGRAM_MISMATCH
-        'Witness program hash mismatch'
-      when SCRIPT_ERR_WITNESS_MALLEATED
-        'Witness requires empty scriptSig'
-      when SCRIPT_ERR_WITNESS_MALLEATED_P2SH
-        'Witness requires only-redeemscript scriptSig'
-      when SCRIPT_ERR_WITNESS_UNEXPECTED
-        'Witness provided for non-witness script'
-      when SCRIPT_ERR_WITNESS_PUBKEYTYPE
-        'Using non-compressed keys in segwit'
       when SCRIPT_ERR_OP_CODESEPARATOR
         'Using OP_CODESEPARATOR in non-witness scrip'
       when SCRIPT_ERR_SIG_FINDANDDELETE
         'Signature is found in scriptCode'
+      when SCRIPT_ERR_OP_COLOR_UNEXPECTED
+        'Unexpected OP_COLOR in script'
+      when SCRIPT_ERR_OP_COLOR_ID_INVALID
+        'Invalid ColorId in script'
+      when SCRIPT_ERR_OP_COLOR_MULTIPLE
+        'Multiple OP_COLOR found in script'
+      when SCRIPT_ERR_OP_COLOR_IN_BRANCH
+        'OP_COLOR is not permitted in a script branch'
       when SCRIPT_ERR_UNKNOWN_ERROR, SCRIPT_ERR_ERROR_COUNT
         'unknown error'
       else

data/lib/tapyrus/script/script_interpreter.rb

@@ -32,32 +32,21 @@ module Tapyrus
     # eval script
     # @param [Tapyrus::Script] script_sig a signature script (unlock script which data push only)
     # @param [Tapyrus::Script] script_pubkey a script pubkey (locking script)
-    # @param [Tapyrus::ScriptWitness] witness a witness script
     # @return [Boolean] result
-    def verify_script(script_sig, script_pubkey, witness = ScriptWitness.new)
+    def verify_script(script_sig, script_pubkey)
 
       return set_error(SCRIPT_ERR_SIG_PUSHONLY) if flag?(SCRIPT_VERIFY_SIGPUSHONLY) && !script_sig.push_only?
 
       stack_copy = nil
-      had_witness = false
 
-      return false unless eval_script(script_sig, :base)
+      return false unless eval_script(script_sig, :base, false)
 
       stack_copy = stack.dup if flag?(SCRIPT_VERIFY_P2SH)
 
-      return false unless eval_script(script_pubkey, :base)
+      return false unless eval_script(script_pubkey, :base, false)
 
       return set_error(SCRIPT_ERR_EVAL_FALSE) if stack.empty? || !cast_to_bool(stack.last.htb)
 
-      # Bare witness programs
-      if flag?(SCRIPT_VERIFY_WITNESS) && script_pubkey.witness_program?
-        had_witness = true
-        return set_error(SCRIPT_ERR_WITNESS_MALLEATED) unless script_sig.size == 0
-        version, program = script_pubkey.witness_data
-        stack_copy = stack.dup
-        return false unless verify_witness_program(witness, version, program)
-      end
-
       # Additional validation for spend-to-script-hash transactions
       if flag?(SCRIPT_VERIFY_P2SH) && script_pubkey.p2sh?
         return set_error(SCRIPT_ERR_SIG_PUSHONLY) unless script_sig.push_only?
@@ -69,18 +58,8 @@ module Tapyrus
         rescue Exception => e
           return set_error(SCRIPT_ERR_BAD_OPCODE, "Failed to parse serialized redeem script for P2SH. #{e.message}")
         end
-        return false unless eval_script(redeem_script, :base)
+        return false unless eval_script(redeem_script, :base, true)
         return set_error(SCRIPT_ERR_EVAL_FALSE) if stack.empty? || !cast_to_bool(stack.last)
-
-        # P2SH witness program
-        if flag?(SCRIPT_VERIFY_WITNESS) && redeem_script.witness_program?
-          had_witness = true
-          # The scriptSig must be _exactly_ a single push of the redeemScript. Otherwise we reintroduce malleability.
-          return set_error(SCRIPT_ERR_WITNESS_MALLEATED_P2SH) unless script_sig == (Tapyrus::Script.new << redeem_script.to_payload.bth)
-
-          version, program = redeem_script.witness_data
-          return false unless verify_witness_program(witness, version, program)
-        end
       end
 
       # The CLEANSTACK check is only performed after potential P2SH evaluation,
@@ -93,11 +72,6 @@ module Tapyrus
         return set_error(SCRIPT_ERR_CLEANSTACK) unless stack.size == 1
       end
 
-      if flag?(SCRIPT_VERIFY_WITNESS)
-        raise 'assert' unless flag?(SCRIPT_VERIFY_P2SH)
-        return set_error(SCRIPT_ERR_WITNESS_UNEXPECTED) if !had_witness && !witness.empty?
-      end
-
       true
     end
 
@@ -106,45 +80,14 @@ module Tapyrus
       false
     end
 
-    def verify_witness_program(witness, version, program)
-      if version == 0
-        if program.bytesize == 32
-          return set_error(SCRIPT_ERR_WITNESS_PROGRAM_WITNESS_EMPTY) if witness.stack.size == 0
-          script_pubkey = Tapyrus::Script.parse_from_payload(witness.stack.last)
-          @stack = witness.stack[0..-2].map{|w|w.bth}
-          script_hash = Tapyrus.sha256(script_pubkey.to_payload)
-          return set_error(SCRIPT_ERR_WITNESS_PROGRAM_MISMATCH) unless script_hash == program
-        elsif program.bytesize == 20
-          return set_error(SCRIPT_ERR_WITNESS_PROGRAM_MISMATCH) unless witness.stack.size == 2
-          script_pubkey = Tapyrus::Script.to_p2pkh(program.bth)
-          @stack = witness.stack.map{|w|w.bth}
-        else
-          return set_error(SCRIPT_ERR_WITNESS_PROGRAM_WRONG_LENGTH)
-        end
-      elsif flag?(SCRIPT_VERIFY_DISCOURAGE_UPGRADABLE_WITNESS_PROGRAM)
-        return set_error(SCRIPT_ERR_DISCOURAGE_UPGRADABLE_WITNESS_PROGRAM)
-      else
-        return true # Higher version witness scripts return true for future softfork compatibility
-      end
-
-      stack.each do |s| # Disallow stack item size > MAX_SCRIPT_ELEMENT_SIZE in witness stack
-        return set_error(SCRIPT_ERR_PUSH_SIZE) if s.htb.bytesize > MAX_SCRIPT_ELEMENT_SIZE
-      end
-
-      return false unless eval_script(script_pubkey, :witness_v0)
-
-      return set_error(SCRIPT_ERR_EVAL_FALSE) unless stack.size == 1
-      return set_error(SCRIPT_ERR_EVAL_FALSE) unless cast_to_bool(stack.last)
-      true
-    end
-
-    def eval_script(script, sig_version)
+    def eval_script(script, sig_version, is_redeem_script)
       return set_error(SCRIPT_ERR_SCRIPT_SIZE) if script.size > MAX_SCRIPT_SIZE
       begin
         flow_stack = []
         alt_stack = []
         last_code_separator_index = 0
         op_count = 0
+        color_id = nil
 
         script.chunks.each_with_index do |c, index|
           need_exec = !flow_stack.include?(false)
@@ -209,7 +152,7 @@ module Tapyrus
                   if need_exec
                     return set_error(SCRIPT_ERR_UNBALANCED_CONDITIONAL) if stack.size < 1
                     value = pop_string.htb
-                    if sig_version == :witness_v0 && flag?(SCRIPT_VERIFY_MINIMALIF)
+                    if flag?(SCRIPT_VERIFY_MINIMALIF)
                       if value.bytesize > 1 || (value.bytesize == 1 && value[0].unpack('C').first != 1)
                         return set_error(SCRIPT_ERR_MINIMALIF)
                       end
@@ -409,8 +352,8 @@ module Tapyrus
                     return set_error(SCRIPT_ERR_SIG_FINDANDDELETE) if flag?(SCRIPT_VERIFY_CONST_SCRIPTCODE) && tmp != subscript
                     subscript = tmp
                   end
-
-                  return false if !check_pubkey_encoding(pubkey, sig_version) || !check_signature_encoding(sig) # error already set.
+                  return false if (sig.htb.bytesize == Tapyrus::Key::COMPACT_SIGNATURE_SIZE ?
+                                       !check_schnorr_signature_encoding(sig) : !check_ecdsa_signature_encoding(sig)) || !check_pubkey_encoding(pubkey)
 
                   success = checker.check_sig(sig, pubkey, subscript, sig_version)
 
@@ -428,6 +371,19 @@ module Tapyrus
                       return set_error(SCRIPT_ERR_CHECKSIGVERIFY)
                     end
                   end
+                when OP_CHECKDATASIG, OP_CHECKDATASIGVERIFY
+                  return set_error(SCRIPT_ERR_INVALID_STACK_OPERATION)  if stack.size < 3
+                  sig, msg, pubkey = pop_string(3)
+                  # check signature encoding without hashtype byte
+                  return false if (sig.htb.bytesize != (Tapyrus::Key::COMPACT_SIGNATURE_SIZE - 1) && !check_ecdsa_signature_encoding(sig, true)) || !check_pubkey_encoding(pubkey)
+                  digest = Tapyrus.sha256(msg)
+                  success = checker.verify_sig(sig, pubkey, digest)
+                  return set_error(SCRIPT_ERR_SIG_NULLFAIL) if !success && flag?(SCRIPT_VERIFY_NULLFAIL) && sig.bytesize > 0
+                  push_int(success ? 1 : 0)
+                  if opcode == OP_CHECKDATASIGVERIFY
+                    stack.pop if success
+                    return set_error(SCRIPT_ERR_CHECKDATASIGVERIFY) unless success
+                  end
                 when OP_CHECKMULTISIG, OP_CHECKMULTISIGVERIFY
                   return set_error(SCRIPT_ERR_INVALID_STACK_OPERATION)  if stack.size < 1
                   pubkey_count = pop_int
@@ -463,10 +419,17 @@ module Tapyrus
                   end
 
                   success = true
+                  current_sig_scheme = nil
                   while success && sig_count > 0
                     sig = sigs.pop
                     pubkey = pubkeys.pop
-                    return false if !check_pubkey_encoding(pubkey, sig_version) || !check_signature_encoding(sig) # error already set.
+                    sig_scheme = sig.htb.bytesize == Tapyrus::Key::COMPACT_SIGNATURE_SIZE ? :schnorr : :ecdsa
+                    current_sig_scheme = sig_scheme if current_sig_scheme.nil?
+
+                    return false if (sig_scheme == :schnorr ? !check_schnorr_signature_encoding(sig) : !check_ecdsa_signature_encoding(sig)) || !check_pubkey_encoding(pubkey) # error already set.
+
+                    return set_error(SCRIPT_ERR_MIXED_SCHEME_MULTISIG) unless sig_scheme == current_sig_scheme
+
                     ok = checker.check_sig(sig, pubkey, subscript, sig_version)
                     if ok
                       sig_count -= 1
@@ -488,9 +451,8 @@ module Tapyrus
                   # Unfortunately this is a potential source of mutability,
                   # so optionally verify it is exactly equal to zero prior to removing it from the stack.
                   return set_error(SCRIPT_ERR_INVALID_STACK_OPERATION)  if stack.size < 1
-                  if flag?(SCRIPT_VERIFY_NULLDUMMY) && stack[-1].size > 0
-                    return set_error(SCRIPT_ERR_SIG_NULLDUMMY)
-                  end
+                  return set_error(SCRIPT_ERR_SIG_NULLDUMMY) if stack[-1].size > 0
+
                   stack.pop
 
                   push_int(success ? 1 : 0)
@@ -503,6 +465,25 @@ module Tapyrus
                   end
                 when OP_RETURN
                   return set_error(SCRIPT_ERR_OP_RETURN)
+                when OP_COLOR
+                  # Color id is not permitted in p2sh redeem script
+                  return set_error(SCRIPT_ERR_OP_COLOR_UNEXPECTED) if is_redeem_script
+
+                  # if Color id is already initialized this must be an extra
+                  return set_error(SCRIPT_ERR_OP_COLOR_MULTIPLE) if color_id && color_id.type != Tapyrus::Color::TokenTypes::NONE
+
+                  # color id is not allowed inside OP_IF
+                  return set_error(SCRIPT_ERR_OP_COLOR_IN_BRANCH) unless flow_stack.empty?
+
+                  # pop one stack element and verify that it exists
+                  return set_error(SCRIPT_ERR_INVALID_STACK_OPERATION) if stack.size() < 1
+
+                  color_id = Tapyrus::Color::ColorIdentifier.parse_from_payload(stack.last.htb)
+
+                  # check ColorIdentifier is valid
+                  return set_error(SCRIPT_ERR_OP_COLOR_ID_INVALID) unless color_id.valid?
+
+                  stack.pop
                 else
                   return set_error(SCRIPT_ERR_BAD_OPCODE)
               end
@@ -586,20 +567,26 @@ module Tapyrus
       end
     end
 
-    def check_signature_encoding(sig)
+    def check_ecdsa_signature_encoding(sig, data_sig = false)
       return true if sig.size.zero?
-      if (flag?(SCRIPT_VERIFY_DERSIG) || flag?(SCRIPT_VERIFY_LOW_S) || flag?(SCRIPT_VERIFY_STRICTENC)) && !Key.valid_signature_encoding?(sig.htb)
+      if !Key.valid_signature_encoding?(sig.htb, data_sig)
         return set_error(SCRIPT_ERR_SIG_DER)
-      elsif flag?(SCRIPT_VERIFY_LOW_S) && !low_der_signature?(sig)
+      elsif !low_der_signature?(sig, data_sig)
         return false
-      elsif flag?(SCRIPT_VERIFY_STRICTENC) && !defined_hashtype_signature?(sig)
+      elsif !data_sig && !defined_hashtype_signature?(sig)
         return set_error(SCRIPT_ERR_SIG_HASHTYPE)
       end
       true
     end
 
-    def low_der_signature?(sig)
-      return set_error(SCRIPT_ERR_SIG_DER) unless Key.valid_signature_encoding?(sig.htb)
+    def check_schnorr_signature_encoding(sig, data_sig = false)
+      return false unless sig.htb.bytesize == (data_sig ? 64 : 65)
+      return set_error(SCRIPT_ERR_SIG_HASHTYPE) if !data_sig && !defined_hashtype_signature?(sig)
+      true
+    end
+
+    def low_der_signature?(sig, data_sig = false)
+      return set_error(SCRIPT_ERR_SIG_DER) unless Key.valid_signature_encoding?(sig.htb, data_sig)
       return set_error(SCRIPT_ERR_SIG_HIGH_S) unless Key.low_signature?(sig.htb)
       true
     end
@@ -609,20 +596,12 @@ module Tapyrus
       return false if sig.empty?
       s = sig.unpack('C*')
       hash_type = s[-1] & (~(SIGHASH_TYPE[:anyonecanpay]))
-      hash_type &= (~(Tapyrus::SIGHASH_FORK_ID)) if Tapyrus.chain_params.fork_chain? # for fork coin.
       return false if hash_type < SIGHASH_TYPE[:all] || hash_type > SIGHASH_TYPE[:single]
       true
     end
 
-    def check_pubkey_encoding(pubkey, sig_version)
-      if flag?(SCRIPT_VERIFY_STRICTENC) && !Key.compress_or_uncompress_pubkey?(pubkey)
-        return set_error(SCRIPT_ERR_PUBKEYTYPE)
-      end
-      # Only compressed keys are accepted in segwit
-      if flag?(SCRIPT_VERIFY_WITNESS_PUBKEYTYPE) &&
-          sig_version == :witness_v0 && !Key.compress_pubkey?(pubkey)
-        return set_error(SCRIPT_ERR_WITNESS_PUBKEYTYPE)
-      end
+    def check_pubkey_encoding(pubkey)
+      return set_error(SCRIPT_ERR_PUBKEYTYPE) unless Key.compress_or_uncompress_pubkey?(pubkey)
       true
     end
 

data/lib/tapyrus/script/tx_checker.rb

@@ -12,10 +12,11 @@ module Tapyrus
     end
 
     # check signature
-    # @param [String] script_sig
-    # @param [String] pubkey
+    # @param [String] script_sig a signature with hex format.
+    # @param [String] pubkey a public key with hex format.
     # @param [Tapyrus::Script] script_code
     # @param [Integer] sig_version
+    # @return [Boolean] if check is passed return true, otherwise false.
     def check_sig(script_sig, pubkey, script_code, sig_version)
       return false if script_sig.empty?
       script_sig = script_sig.htb
@@ -23,9 +24,20 @@ module Tapyrus
       sig = script_sig[0..-2]
       sighash = tx.sighash_for_input(input_index, script_code, hash_type: hash_type,
                                      amount: amount, sig_version: sig_version)
+      verify_sig(sig.bth, pubkey, sighash)
+    end
+
+    # Check data signature.
+    # @param [String] sig a signature with hex format.
+    # @param [String] pubkey a public key with hex format.
+    # @param [String] digest a message digest with binary format to be verified.
+    # @return [Boolean] if check is passed return true, otherwise false.
+    def verify_sig(sig, pubkey, digest)
       key_type = pubkey.start_with?('02') || pubkey.start_with?('03') ? Key::TYPES[:compressed] : Key::TYPES[:uncompressed]
+      sig = sig.htb
+      algo = sig.bytesize == 64 ? :schnorr : :ecdsa
       key = Key.new(pubkey: pubkey, key_type: key_type)
-      key.verify(sig, sighash)
+      key.verify(sig, digest, algo: algo)
     end
 
     def check_locktime(locktime)
@@ -53,7 +65,7 @@ module Tapyrus
     def check_sequence(sequence)
       tx_sequence = tx.inputs[input_index].sequence
       # Fail if the transaction's version number is not set high enough to trigger BIP 68 rules.
-      return false if tx.version < 2
+      return false if tx.features < 2
 
       # Sequence numbers with their most significant bit set are not consensus constrained.
       # Testing that the transaction's sequence number do not have this bit set prevents using this property to get around a CHECKSEQUENCEVERIFY check.

data/lib/tapyrus/secp256k1.rb

@@ -6,6 +6,7 @@ module Tapyrus
 
     autoload :Ruby, 'tapyrus/secp256k1/ruby'
     autoload :Native, 'tapyrus/secp256k1/native'
+    autoload :RFC6979, 'tapyrus/secp256k1/rfc6979'
 
   end
 

data/lib/tapyrus/secp256k1/rfc6979.rb

@@ -0,0 +1,43 @@
+module Tapyrus
+  module Secp256k1
+    module RFC6979
+
+      INITIAL_V = '0101010101010101010101010101010101010101010101010101010101010101'.htb
+      INITIAL_K = '0000000000000000000000000000000000000000000000000000000000000000'.htb
+      ZERO_B = '00'.htb
+      ONE_B = '01'.htb
+
+      module_function
+
+      # generate temporary key k to be used when ECDSA sign.
+      # https://tools.ietf.org/html/rfc6979#section-3.2
+      # @param [String] key_data a data contains private key and message.
+      # @param [String] extra_entropy extra entropy with binary format.
+      # @return [Integer] a nonce.
+      def generate_rfc6979_nonce(key_data, extra_entropy)
+        v = INITIAL_V # 3.2.b
+        k = INITIAL_K # 3.2.c
+        # 3.2.d
+        k = Tapyrus.hmac_sha256(k, v + ZERO_B + key_data + extra_entropy)
+        # 3.2.e
+        v = Tapyrus.hmac_sha256(k, v)
+        # 3.2.f
+        k = Tapyrus.hmac_sha256(k, v + ONE_B + key_data + extra_entropy)
+        # 3.2.g
+        v = Tapyrus.hmac_sha256(k, v)
+        # 3.2.h
+        t = ''
+        10000.times do
+          v = Tapyrus.hmac_sha256(k, v)
+          t = (t + v)
+          t_num = t.bth.to_i(16)
+          return t_num if 1 <= t_num && t_num < Tapyrus::Secp256k1::GROUP.order
+          k = Tapyrus.hmac_sha256(k, v + '00'.htb)
+          v = Tapyrus.hmac_sha256(k, v)
+        end
+        raise 'A valid nonce was not found.'
+      end
+
+    end
+  end
+end

data/lib/tapyrus/secp256k1/ruby.rb

@@ -35,7 +35,7 @@ module Tapyrus
         privkey = privkey.htb
         private_key = ECDSA::Format::IntegerOctetString.decode(privkey)
         extra_entropy ||= ''
-        nonce = generate_rfc6979_nonce(data, privkey, extra_entropy)
+        nonce = RFC6979.generate_rfc6979_nonce(privkey + data, extra_entropy)
 
         # port form ecdsa gem.
         r_point = GROUP.new_point(nonce)
@@ -74,6 +74,10 @@ module Tapyrus
         end
       end
 
+      alias :valid_sig? :verify_sig
+
+      module_function :valid_sig?
+
       # if +pubkey+ is hybrid public key format, it convert uncompressed format.
       # https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2012-June/001578.html
       def repack_pubkey(pubkey)
@@ -87,36 +91,6 @@ module Tapyrus
         end
       end
 
-      INITIAL_V = '0101010101010101010101010101010101010101010101010101010101010101'.htb
-      INITIAL_K = '0000000000000000000000000000000000000000000000000000000000000000'.htb
-      ZERO_B = '00'.htb
-      ONE_B = '01'.htb
-
-      # generate temporary key k to be used when ECDSA sign.
-      # https://tools.ietf.org/html/rfc6979#section-3.2
-      def generate_rfc6979_nonce(data, privkey, extra_entropy)
-        v = INITIAL_V # 3.2.b
-        k = INITIAL_K # 3.2.c
-        # 3.2.d
-        k = Tapyrus.hmac_sha256(k, v + ZERO_B + privkey + data + extra_entropy)
-        # 3.2.e
-        v = Tapyrus.hmac_sha256(k, v)
-        # 3.2.f
-        k = Tapyrus.hmac_sha256(k, v + ONE_B + privkey + data + extra_entropy)
-        # 3.2.g
-        v = Tapyrus.hmac_sha256(k, v)
-        # 3.2.h
-        t = ''
-        10000.times do
-          v = Tapyrus.hmac_sha256(k, v)
-          t = (t + v)
-          t_num = t.bth.to_i(16)
-          return t_num if 1 <= t_num && t_num < GROUP.order
-          k = Tapyrus.hmac_sha256(k, v + '00'.htb)
-          v = Tapyrus.hmac_sha256(k, v)
-        end
-        raise 'A valid nonce was not found.'
-      end
     end
 
   end