@opcat-labs/opcat 2.1.2 → 2.1.3

package/CHANGELOG.md

@@ -1,5 +1,17 @@
 # @opcat-labs/opcat
 
+## 2.1.3
+
+### Patch Changes
+
+- refactor: reuse Interpreter methods for checkDataSig and add signData utility
+  - Refactor checkDataSig.ts to use Interpreter.checkDataSigSignatureEncoding() and checkPubkeyEncoding()
+  - Add signData(privateKey, message) utility for Oracle scenarios
+  - Add signDataWithInternalKey() using INTERNAL_KEY from ContextUtils
+  - Add end-to-end contract tests for CheckDataSig
+  - Add OP_CHECKSIGFROMSTACK and OP_CHECKSIGFROMSTACKVERIFY opcode tests
+  - Add TypeScript type declarations for checkDataSigSignatureEncoding and isDER
+
 ## 2.1.2
 
 ### Patch Changes

package/cjs/interpreter/interpreter.cjs

@@ -8,6 +8,7 @@ var BN = require('../crypto/bn.cjs');
 var Hash = require('../crypto/hash.cjs');
 var Signature = require('../crypto/signature.cjs');
 var PublicKey = require('../publickey.cjs');
+var ECDSA = require('../crypto/ecdsa.cjs');
 var Stack = require('./stack.cjs');
 var Transaction = require('../transaction/index.cjs');
 
@@ -443,6 +444,118 @@ Interpreter.prototype.checkPubkeyEncoding = function (buf) {
   return true;
 };
 
+
+/**
+ * Validates pure DER signature encoding (without sighash type).
+ * Used for OP_CHECKSIGFROMSTACK which expects signatures without trailing sighash byte.
+ * @param {Buffer} buf - The buffer containing the signature to verify
+ * @returns {boolean} True if the signature is valid DER-encoded, false otherwise
+ * @static
+ */
+Interpreter.isDER = function (buf) {
+  if (buf.length < 8) {
+    // Non-canonical signature: too short (min DER sig is 8 bytes)
+    return false;
+  }
+  if (buf.length > 72) {
+    // Non-canonical signature: too long (max DER sig is 72 bytes without sighash)
+    return false;
+  }
+  if (buf[0] !== 0x30) {
+    // Non-canonical signature: wrong type
+    return false;
+  }
+  if (buf[1] !== buf.length - 2) {
+    // Non-canonical signature: wrong length marker (for pure DER, length = buf.length - 2)
+    return false;
+  }
+  var nLenR = buf[3];
+  if (5 + nLenR >= buf.length) {
+    // Non-canonical signature: S length misplaced
+    return false;
+  }
+  var nLenS = buf[5 + nLenR];
+  if (nLenR + nLenS + 6 !== buf.length) {
+    // Non-canonical signature: R+S length mismatch (for pure DER, total = R + S + 6)
+    return false;
+  }
+
+  var R = buf.slice(4);
+  if (buf[4 - 2] !== 0x02) {
+    // Non-canonical signature: R value type mismatch
+    return false;
+  }
+  if (nLenR === 0) {
+    // Non-canonical signature: R length is zero
+    return false;
+  }
+  if (R[0] & 0x80) {
+    // Non-canonical signature: R value negative
+    return false;
+  }
+  if (nLenR > 1 && R[0] === 0x00 && !(R[1] & 0x80)) {
+    // Non-canonical signature: R value excessively padded
+    return false;
+  }
+
+  var S = buf.slice(6 + nLenR);
+  if (buf[6 + nLenR - 2] !== 0x02) {
+    // Non-canonical signature: S value type mismatch
+    return false;
+  }
+  if (nLenS === 0) {
+    // Non-canonical signature: S length is zero
+    return false;
+  }
+  if (S[0] & 0x80) {
+    // Non-canonical signature: S value negative
+    return false;
+  }
+  if (nLenS > 1 && S[0] === 0x00 && !(S[1] & 0x80)) {
+    // Non-canonical signature: S value excessively padded
+    return false;
+  }
+  return true;
+};
+
+
+/**
+ * Checks if a signature encoding is valid for OP_CHECKSIGFROMSTACK.
+ * Unlike checkSignatureEncoding, this expects pure DER signatures without sighash type.
+ * @param {Buffer} buf - The signature buffer to validate
+ * @returns {boolean} True if valid, false otherwise (sets errstr on failure)
+ */
+Interpreter.prototype.checkDataSigSignatureEncoding = function (buf) {
+  var sig;
+
+  // Empty signature is allowed
+  if (buf.length === 0) {
+    return true;
+  }
+
+  // For OP_CHECKSIGFROMSTACK, use pure DER validation (no sighash type)
+  if (
+    (this.flags &
+      (Interpreter.SCRIPT_VERIFY_DERSIG |
+        Interpreter.SCRIPT_VERIFY_LOW_S |
+        Interpreter.SCRIPT_VERIFY_STRICTENC)) !==
+      0 &&
+    !Interpreter.isDER(buf)
+  ) {
+    this.errstr = 'SCRIPT_ERR_SIG_DER_INVALID_FORMAT';
+    return false;
+  } else if ((this.flags & Interpreter.SCRIPT_VERIFY_LOW_S) !== 0) {
+    sig = Signature.fromDER(buf);
+    if (!sig.hasLowS()) {
+      this.errstr = 'SCRIPT_ERR_SIG_DER_HIGH_S';
+      return false;
+    }
+  }
+  // Note: No STRICTENC hashtype check for OP_CHECKSIGFROMSTACK since it has no sighash type
+
+  return true
+};
+
 /**
  * Checks if a buffer is minimally encoded (see https://github.com/bitcoincashorg/spec/blob/master/may-2018-reenabled-opcodes.md#op_bin2num) as a number.
  * @param {Buffer} buf - The buffer to check.
@@ -1979,6 +2092,65 @@ Interpreter.prototype.step = function (scriptType) {
         }
         break;
 
+      case Opcode.OP_CHECKSIGFROMSTACK:
+      case Opcode.OP_CHECKSIGFROMSTACKVERIFY:
+        // Stack order (bottom to top): <sig> <msg> <pubKey>
+        // (sig msg pubkey -- bool) for OP_CHECKSIGFROMSTACK
+        // (sig msg pubkey -- ) for OP_CHECKSIGFROMSTACKVERIFY
+        // Note: Unlike OP_CHECKSIG, signatures are pure DER without sighash type
+        if (this.stack.length < 3) {
+          this.errstr = 'SCRIPT_ERR_INVALID_STACK_OPERATION';
+          return false;
+        }
+
+        bufPubkey = stacktop(-1);  // pubKey at top
+        var bufMsg = stacktop(-2); // msg in middle
+        bufSig = stacktop(-3);     // sig at bottom
+
+        // Use checkDataSigSignatureEncoding for pure DER validation (no sighash type)
+        if (!this.checkDataSigSignatureEncoding(bufSig) || !this.checkPubkeyEncoding(bufPubkey)) {
+          return false;
+        }
+
+        fSuccess = false;
+        try {
+          // Compute SHA256 of msg (single hash, not double)
+          // Reverse to little-endian format (same as checkSig) for signature verification
+          var hashbuf = Hash.sha256(bufMsg).reverse();
+
+          // Use fromDER for pure DER signatures (no sighash type)
+          sig = Signature.fromDER(bufSig);
+          pubkey = PublicKey.fromBuffer(bufPubkey, false);
+
+          // Verify signature using ECDSA with little endian
+          fSuccess = ECDSA.verify(hashbuf, sig, pubkey, 'little');
+        } catch (e) {
+          // invalid sig or pubkey
+          fSuccess = false;
+        }
+
+        if (!fSuccess && this.flags & Interpreter.SCRIPT_VERIFY_NULLFAIL && bufSig.length) {
+          this.errstr = 'SCRIPT_ERR_NULLFAIL';
+          return false;
+        }
+
+        // Pop all 3 elements
+        this.stack.pop();
+        this.stack.pop();
+        this.stack.pop();
+
+        if (opcodenum === Opcode.OP_CHECKSIGFROMSTACKVERIFY) {
+          if (!fSuccess) {
+            this.errstr = 'SCRIPT_ERR_CHECKSIGFROMSTACKVERIFY';
+            return false;
+          }
+          // VERIFY variant doesn't push anything on success
+        } else {
+          // Push result for OP_CHECKSIGFROMSTACK
+          this.stack.push(fSuccess ? Interpreter.getTrue() : Interpreter.getFalse());
+        }
+        break;
+
       default:
         this.errstr = 'SCRIPT_ERR_BAD_OPCODE';
         return false;

package/cjs/opcode.cjs

@@ -264,6 +264,10 @@ Opcode.map = {
   OP_CHECKLOCKTIMEVERIFY: 177,
   OP_CHECKSEQUENCEVERIFY: 178,
 
+  // OPCAT signature from stack
+  OP_CHECKSIGFROMSTACK: 186,      // 0xba
+  OP_CHECKSIGFROMSTACKVERIFY: 187, // 0xbb
+
   // expansion
   OP_NOP1: 176,
   OP_NOP2: 177,

package/esm/interpreter/interpreter.js

@@ -7,6 +7,7 @@ import BN from '../crypto/bn.js';
 import Hash from '../crypto/hash.js';
 import Signature from '../crypto/signature.js';
 import PublicKey from '../publickey.js';
+import ECDSA from '../crypto/ecdsa.js';
 import Stack from './stack.js';
 import Transaction from '../transaction/index.js';
 
@@ -442,6 +443,118 @@ Interpreter.prototype.checkPubkeyEncoding = function (buf) {
   return true;
 };
 
+
+/**
+ * Validates pure DER signature encoding (without sighash type).
+ * Used for OP_CHECKSIGFROMSTACK which expects signatures without trailing sighash byte.
+ * @param {Buffer} buf - The buffer containing the signature to verify
+ * @returns {boolean} True if the signature is valid DER-encoded, false otherwise
+ * @static
+ */
+Interpreter.isDER = function (buf) {
+  if (buf.length < 8) {
+    // Non-canonical signature: too short (min DER sig is 8 bytes)
+    return false;
+  }
+  if (buf.length > 72) {
+    // Non-canonical signature: too long (max DER sig is 72 bytes without sighash)
+    return false;
+  }
+  if (buf[0] !== 0x30) {
+    // Non-canonical signature: wrong type
+    return false;
+  }
+  if (buf[1] !== buf.length - 2) {
+    // Non-canonical signature: wrong length marker (for pure DER, length = buf.length - 2)
+    return false;
+  }
+  var nLenR = buf[3];
+  if (5 + nLenR >= buf.length) {
+    // Non-canonical signature: S length misplaced
+    return false;
+  }
+  var nLenS = buf[5 + nLenR];
+  if (nLenR + nLenS + 6 !== buf.length) {
+    // Non-canonical signature: R+S length mismatch (for pure DER, total = R + S + 6)
+    return false;
+  }
+
+  var R = buf.slice(4);
+  if (buf[4 - 2] !== 0x02) {
+    // Non-canonical signature: R value type mismatch
+    return false;
+  }
+  if (nLenR === 0) {
+    // Non-canonical signature: R length is zero
+    return false;
+  }
+  if (R[0] & 0x80) {
+    // Non-canonical signature: R value negative
+    return false;
+  }
+  if (nLenR > 1 && R[0] === 0x00 && !(R[1] & 0x80)) {
+    // Non-canonical signature: R value excessively padded
+    return false;
+  }
+
+  var S = buf.slice(6 + nLenR);
+  if (buf[6 + nLenR - 2] !== 0x02) {
+    // Non-canonical signature: S value type mismatch
+    return false;
+  }
+  if (nLenS === 0) {
+    // Non-canonical signature: S length is zero
+    return false;
+  }
+  if (S[0] & 0x80) {
+    // Non-canonical signature: S value negative
+    return false;
+  }
+  if (nLenS > 1 && S[0] === 0x00 && !(S[1] & 0x80)) {
+    // Non-canonical signature: S value excessively padded
+    return false;
+  }
+  return true;
+};
+
+
+/**
+ * Checks if a signature encoding is valid for OP_CHECKSIGFROMSTACK.
+ * Unlike checkSignatureEncoding, this expects pure DER signatures without sighash type.
+ * @param {Buffer} buf - The signature buffer to validate
+ * @returns {boolean} True if valid, false otherwise (sets errstr on failure)
+ */
+Interpreter.prototype.checkDataSigSignatureEncoding = function (buf) {
+  var sig;
+
+  // Empty signature is allowed
+  if (buf.length === 0) {
+    return true;
+  }
+
+  // For OP_CHECKSIGFROMSTACK, use pure DER validation (no sighash type)
+  if (
+    (this.flags &
+      (Interpreter.SCRIPT_VERIFY_DERSIG |
+        Interpreter.SCRIPT_VERIFY_LOW_S |
+        Interpreter.SCRIPT_VERIFY_STRICTENC)) !==
+      0 &&
+    !Interpreter.isDER(buf)
+  ) {
+    this.errstr = 'SCRIPT_ERR_SIG_DER_INVALID_FORMAT';
+    return false;
+  } else if ((this.flags & Interpreter.SCRIPT_VERIFY_LOW_S) !== 0) {
+    sig = Signature.fromDER(buf);
+    if (!sig.hasLowS()) {
+      this.errstr = 'SCRIPT_ERR_SIG_DER_HIGH_S';
+      return false;
+    }
+  }
+  // Note: No STRICTENC hashtype check for OP_CHECKSIGFROMSTACK since it has no sighash type
+
+  return true;
+};
+
 /**
  * Checks if a buffer is minimally encoded (see https://github.com/bitcoincashorg/spec/blob/master/may-2018-reenabled-opcodes.md#op_bin2num) as a number.
  * @param {Buffer} buf - The buffer to check.
@@ -1978,6 +2091,65 @@ Interpreter.prototype.step = function (scriptType) {
         }
         break;
 
+      case Opcode.OP_CHECKSIGFROMSTACK:
+      case Opcode.OP_CHECKSIGFROMSTACKVERIFY:
+        // Stack order (bottom to top): <sig> <msg> <pubKey>
+        // (sig msg pubkey -- bool) for OP_CHECKSIGFROMSTACK
+        // (sig msg pubkey -- ) for OP_CHECKSIGFROMSTACKVERIFY
+        // Note: Unlike OP_CHECKSIG, signatures are pure DER without sighash type
+        if (this.stack.length < 3) {
+          this.errstr = 'SCRIPT_ERR_INVALID_STACK_OPERATION';
+          return false;
+        }
+
+        bufPubkey = stacktop(-1);  // pubKey at top
+        var bufMsg = stacktop(-2); // msg in middle
+        bufSig = stacktop(-3);     // sig at bottom
+
+        // Use checkDataSigSignatureEncoding for pure DER validation (no sighash type)
+        if (!this.checkDataSigSignatureEncoding(bufSig) || !this.checkPubkeyEncoding(bufPubkey)) {
+          return false;
+        }
+
+        fSuccess = false;
+        try {
+          // Compute SHA256 of msg (single hash, not double)
+          // Reverse to little-endian format (same as checkSig) for signature verification
+          var hashbuf = Hash.sha256(bufMsg).reverse();
+
+          // Use fromDER for pure DER signatures (no sighash type)
+          sig = Signature.fromDER(bufSig);
+          pubkey = PublicKey.fromBuffer(bufPubkey, false);
+
+          // Verify signature using ECDSA with little endian
+          fSuccess = ECDSA.verify(hashbuf, sig, pubkey, 'little');
+        } catch (e) {
+          // invalid sig or pubkey
+          fSuccess = false;
+        }
+
+        if (!fSuccess && this.flags & Interpreter.SCRIPT_VERIFY_NULLFAIL && bufSig.length) {
+          this.errstr = 'SCRIPT_ERR_NULLFAIL';
+          return false;
+        }
+
+        // Pop all 3 elements
+        this.stack.pop();
+        this.stack.pop();
+        this.stack.pop();
+
+        if (opcodenum === Opcode.OP_CHECKSIGFROMSTACKVERIFY) {
+          if (!fSuccess) {
+            this.errstr = 'SCRIPT_ERR_CHECKSIGFROMSTACKVERIFY';
+            return false;
+          }
+          // VERIFY variant doesn't push anything on success
+        } else {
+          // Push result for OP_CHECKSIGFROMSTACK
+          this.stack.push(fSuccess ? Interpreter.getTrue() : Interpreter.getFalse());
+        }
+        break;
+
       default:
         this.errstr = 'SCRIPT_ERR_BAD_OPCODE';
         return false;

package/esm/opcode.js

@@ -264,6 +264,10 @@ Opcode.map = {
   OP_CHECKLOCKTIMEVERIFY: 177,
   OP_CHECKSEQUENCEVERIFY: 178,
 
+  // OPCAT signature from stack
+  OP_CHECKSIGFROMSTACK: 186,      // 0xba
+  OP_CHECKSIGFROMSTACKVERIFY: 187, // 0xbb
+
   // expansion
   OP_NOP1: 176,
   OP_NOP2: 177,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@opcat-labs/opcat",
-  "version": "2.1.2",
+  "version": "2.1.3",
   "description": "opcat base SDK",
   "main": "./cjs/index.cjs",
   "module": "./esm/index.js",

package/test/opcode.cjs

@@ -83,8 +83,9 @@ describe('Opcode', function () {
   });
 
   describe('@map', function () {
-    it('should have a map containing 118 elements', function () {
-      Object.keys(Opcode.map).length.should.equal(118);
+    it('should have a map containing 120 elements', function () {
+      // 118 base opcodes + 2 new CHECKSIGFROMSTACK opcodes
+      Object.keys(Opcode.map).length.should.equal(120);
     });
   });
 

package/test/script/interpreter.cjs

@@ -731,4 +731,173 @@ describe('Interpreter', function () {
     testTxs(txValid, true);
     //testTxs(txInvalid, false);
   });
+
+  describe('OP_CHECKSIGFROMSTACK', function () {
+    var crypto = opcat.crypto;
+    var Hash = crypto.Hash;
+    var ECDSA = crypto.ECDSA;
+
+    it('should verify a valid signature with OP_CHECKSIGFROMSTACK', function () {
+      // Generate keypair
+      var privKey = opcat.PrivateKey.fromRandom();
+      var pubKey = privKey.toPublicKey();
+
+      // Message to sign
+      var message = Buffer.from('Test message for OP_CHECKSIGFROMSTACK', 'utf8');
+
+      // Hash the message with SHA256 (single hash) and reverse for little-endian
+      // The BVM does sha256(msg).reverse() before ECDSA.verify
+      var msgHash = Hash.sha256(message).reverse();
+
+      // Sign the hash
+      var signature = ECDSA.sign(msgHash, privKey, 'little');
+
+      // Use pure DER signature (NO sighash type for OP_CHECKSIGFROMSTACK)
+      var sigDER = signature.toDER();
+
+      // Build script: <sig> <msg> <pubkey> OP_CHECKSIGFROMSTACK
+      var scriptSig = new Script()
+        .add(sigDER)
+        .add(message)
+        .add(pubKey.toBuffer());
+
+      var scriptPubkey = new Script()
+        .add(Opcode.OP_CHECKSIGFROMSTACK);
+
+      // Create interpreter and verify
+      var interp = new Interpreter();
+      var result = interp.verify(scriptSig, scriptPubkey);
+
+      result.should.equal(true);
+      interp.errstr.should.equal('');
+    });
+
+    it('should fail with invalid signature using OP_CHECKSIGFROMSTACK', function () {
+      // Generate two keypairs
+      var privKey = opcat.PrivateKey.fromRandom();
+      var pubKey = privKey.toPublicKey();
+      var wrongPrivKey = opcat.PrivateKey.fromRandom();
+
+      // Message to sign
+      var message = Buffer.from('Test message', 'utf8');
+
+      // Hash the message with SHA256 and reverse for little-endian
+      var msgHash = Hash.sha256(message).reverse();
+
+      // Sign with wrong private key - use pure DER (no sighash type)
+      var signature = ECDSA.sign(msgHash, wrongPrivKey, 'little');
+      var sigDER = signature.toDER();
+
+      // Build script with correct pubkey but wrong signature
+      var scriptSig = new Script()
+        .add(sigDER)
+        .add(message)
+        .add(pubKey.toBuffer());
+
+      var scriptPubkey = new Script()
+        .add(Opcode.OP_CHECKSIGFROMSTACK);
+
+      var interp = new Interpreter();
+      var result = interp.verify(scriptSig, scriptPubkey);
+
+      result.should.equal(false);
+    });
+
+    it('should verify with OP_CHECKSIGFROMSTACKVERIFY and continue execution', function () {
+      // Generate keypair
+      var privKey = opcat.PrivateKey.fromRandom();
+      var pubKey = privKey.toPublicKey();
+
+      // Message to sign
+      var message = Buffer.from('VERIFY test', 'utf8');
+      var msgHash = Hash.sha256(message).reverse();
+      var signature = ECDSA.sign(msgHash, privKey, 'little');
+      // Use pure DER signature (no sighash type)
+      var sigDER = signature.toDER();
+
+      // Build script: <sig> <msg> <pubkey> OP_CHECKSIGFROMSTACKVERIFY OP_1
+      var scriptSig = new Script()
+        .add(sigDER)
+        .add(message)
+        .add(pubKey.toBuffer());
+
+      var scriptPubkey = new Script()
+        .add(Opcode.OP_CHECKSIGFROMSTACKVERIFY)
+        .add(Opcode.OP_1);
+
+      var interp = new Interpreter();
+      var result = interp.verify(scriptSig, scriptPubkey);
+
+      result.should.equal(true);
+    });
+
+    it('should fail OP_CHECKSIGFROMSTACKVERIFY with invalid signature', function () {
+      // Generate keypair
+      var privKey = opcat.PrivateKey.fromRandom();
+      var pubKey = privKey.toPublicKey();
+      var wrongPrivKey = opcat.PrivateKey.fromRandom();
+
+      var message = Buffer.from('VERIFY fail test', 'utf8');
+      var msgHash = Hash.sha256(message).reverse();
+      var signature = ECDSA.sign(msgHash, wrongPrivKey, 'little');
+      // Use pure DER signature (no sighash type)
+      var sigDER = signature.toDER();
+
+      var scriptSig = new Script()
+        .add(sigDER)
+        .add(message)
+        .add(pubKey.toBuffer());
+
+      var scriptPubkey = new Script()
+        .add(Opcode.OP_CHECKSIGFROMSTACKVERIFY)
+        .add(Opcode.OP_1);
+
+      var interp = new Interpreter();
+      var result = interp.verify(scriptSig, scriptPubkey);
+
+      result.should.equal(false);
+      interp.errstr.should.equal('SCRIPT_ERR_CHECKSIGFROMSTACKVERIFY');
+    });
+
+    it('should fail with insufficient stack elements', function () {
+      // Only provide 2 elements instead of 3
+      var scriptSig = new Script()
+        .add(Buffer.from('signature', 'utf8'))
+        .add(Buffer.from('message', 'utf8'));
+
+      var scriptPubkey = new Script()
+        .add(Opcode.OP_CHECKSIGFROMSTACK);
+
+      var interp = new Interpreter();
+      var result = interp.verify(scriptSig, scriptPubkey);
+
+      result.should.equal(false);
+      interp.errstr.should.equal('SCRIPT_ERR_INVALID_STACK_OPERATION');
+    });
+
+    it('should work with empty message', function () {
+      var privKey = opcat.PrivateKey.fromRandom();
+      var pubKey = privKey.toPublicKey();
+
+      // Empty message
+      var message = Buffer.from('', 'utf8');
+      var msgHash = Hash.sha256(message).reverse();
+      var signature = ECDSA.sign(msgHash, privKey, 'little');
+      // Use pure DER signature (no sighash type)
+      var sigDER = signature.toDER();
+
+      var scriptSig = new Script()
+        .add(sigDER)
+        .add(message)
+        .add(pubKey.toBuffer());
+
+      var scriptPubkey = new Script()
+        .add(Opcode.OP_CHECKSIGFROMSTACK);
+
+      var interp = new Interpreter();
+      var result = interp.verify(scriptSig, scriptPubkey);
+
+      result.should.equal(true);
+    });
+  });
 });

package/test/script/script.cjs

@@ -871,7 +871,8 @@ describe('Script', function () {
 
   describe('#add and #prepend', function () {
     it('should add these ops', function () {
-      Script().add(1).add(10).add(186).toString().should.equal('1 0x0a 0xba');
+      // 186 (0xba) is now OP_CHECKSIGFROMSTACK
+      Script().add(1).add(10).add(186).toString().should.equal('1 0x0a OP_CHECKSIGFROMSTACK');
       Script().add(Buffer.from('03e8', 'hex')).toString().should.equal('2 0x03e8');
       Script().add('OP_CHECKMULTISIG').toString().should.equal('OP_CHECKMULTISIG');
       Script().add('OP_1').add('OP_2').toString().should.equal('OP_1 OP_2');
@@ -894,6 +895,15 @@ describe('Script', function () {
         .should.equal('OP_4 OP_2 OP_1 OP_3');
     });
 
+    it('should recognize OP_CHECKSIGFROMSTACK and OP_CHECKSIGFROMSTACKVERIFY opcodes', function () {
+      // Test adding by opcode number
+      Script().add(186).toString().should.equal('OP_CHECKSIGFROMSTACK');
+      Script().add(187).toString().should.equal('OP_CHECKSIGFROMSTACKVERIFY');
+      // Test adding by opcode name
+      Script().add('OP_CHECKSIGFROMSTACK').toString().should.equal('OP_CHECKSIGFROMSTACK');
+      Script().add('OP_CHECKSIGFROMSTACKVERIFY').toString().should.equal('OP_CHECKSIGFROMSTACKVERIFY');
+    });
+
     it('should add these push data', function () {
       var buf = Buffer.alloc(1);
       buf.fill(0);

package/types/interpreter/interpreter.d.cts

@@ -118,6 +118,13 @@ declare class Interpreter {
      * @returns {boolean} True if valid, false otherwise (with error string set).
      */
     checkPubkeyEncoding(buf: Buffer): boolean;
+    /**
+     * Checks if a signature encoding is valid for OP_CHECKSIGFROMSTACK.
+     * Unlike checkSignatureEncoding, this expects pure DER signatures without sighash type.
+     * @param {Buffer} buf - The signature buffer to validate
+     * @returns {boolean} True if valid, false otherwise (sets errstr on failure)
+     */
+    checkDataSigSignatureEncoding(buf: Buffer): boolean;
     /**
      * Evaluates a script by executing each opcode step-by-step.
      * Performs size checks on the script and stacks before execution.
@@ -169,6 +176,13 @@ declare class Interpreter {
 declare namespace Interpreter {
     function getTrue(): Buffer;
     function getFalse(): Buffer;
+    /**
+     * Validates pure DER signature encoding (without sighash type).
+     * Used for OP_CHECKSIGFROMSTACK which expects signatures without trailing sighash byte.
+     * @param {Buffer} buf - The buffer containing the signature to verify
+     * @returns {boolean} True if the signature is valid DER-encoded, false otherwise
+     */
+    function isDER(buf: Buffer): boolean;
     let MAX_SCRIPT_ELEMENT_SIZE: number;
     let MAXIMUM_ELEMENT_SIZE: number;
     let LOCKTIME_THRESHOLD: number;