@vbyte/btc-dev 1.0.0

package/src/lib/sighash/segwit.ts

@@ -0,0 +1,152 @@
+import { Buff }             from '@vbyte/buff'
+import { hash160, hash256 } from '@vbyte/micro-lib/hash'
+import { Assert }           from '@vbyte/micro-lib'
+import { parse_txinput }    from './util.js'
+
+import {
+  prefix_script_size,
+  decode_script
+} from '@/lib/script/index.js'
+
+import {
+  encode_txin_vout,
+  encode_tx_locktime,
+  encode_txin_sequence,
+  encode_txin_txid,
+  encode_vout_value,
+  encode_tx_version,
+  parse_tx_data
+} from '@/lib/tx/index.js'
+
+import {
+  SigHashOptions,
+  TxData,
+  TxInput,
+  TxOutput
+} from '@/types/index.js'
+
+import * as CONST from '@/const.js'
+
+export function hash_segwit_tx (
+  txdata  : TxData,
+  options : SigHashOptions = {}
+) : Buff {
+  // Unpack the sigflag from our config object.
+  const { sigflag = 0x01, txindex } = options
+  // Normalize the tx into JSON format.
+  const tx = parse_tx_data(txdata)
+  // Check if the ANYONECANPAY flag is set.
+  const is_anypay = (sigflag & 0x80) === 0x80
+  // Save a normalized version of the sigflag.
+  const flag = sigflag % 0x80
+  // Check if the sigflag exists as a valid type.
+  if (!CONST.SIGHASH_SEGWIT.includes(flag)) {
+    throw new Error('Invalid hash type: ' + String(sigflag))
+  }
+  // Unpack the tx object.
+  const { version, vin, vout, locktime } = tx
+  // Parse the input we are signing from the config.
+  const txinput = parse_txinput(tx, options)
+  // Unpack the chosen input for signing.
+  const { txid, vout: prevIdx, prevout, sequence } = txinput
+  // Unpack the prevout for the chosen input.
+  const { value } = prevout ?? {}
+  // Check if a prevout value is provided.
+  if (value === undefined) {
+    throw new Error('Prevout value is empty!')
+  }
+  // Initialize our script variable from the config.
+  let { pubkey, script } = options
+  // Check if a pubkey is provided (instead of a script).
+  if (script === undefined && pubkey !== undefined) {
+    const pkhash = hash160(pubkey).hex
+    script = `76a914${String(pkhash)}88ac`
+  }
+  // Make sure that some form of script has been provided.
+  if (script === undefined) {
+    throw new Error('No pubkey / script has been set!')
+  }
+  // Throw if OP_CODESEPARATOR is used in a script.
+  if (decode_script(script).includes('OP_CODESEPARATOR')) {
+    throw new Error('This library does not currently support the use of OP_CODESEPARATOR in segwit scripts.')
+  }
+
+  const sighash = [
+    encode_tx_version(version),
+    hash_prevouts(vin, is_anypay),
+    hash_sequence(vin, flag, is_anypay),
+    encode_txin_txid(txid),
+    encode_txin_vout(prevIdx),
+    prefix_script_size(script),
+    encode_vout_value(value),
+    encode_txin_sequence(sequence),
+    hash_outputs(vout, flag, txindex),
+    encode_tx_locktime(locktime),
+    Buff.num(sigflag, 4).reverse()
+  ]
+
+  return hash256(Buff.join(sighash))
+}
+
+function hash_prevouts (
+  vin : TxInput[],
+  isAnypay ?: boolean
+) : Uint8Array {
+  if (isAnypay === true) {
+    return Buff.num(0, 32)
+  }
+
+  const stack = []
+
+  for (const { txid, vout } of vin) {
+    stack.push(encode_txin_txid(txid))
+    stack.push(encode_txin_vout(vout))
+  }
+
+  return hash256(Buff.join(stack))
+}
+
+function hash_sequence (
+  vin      : TxInput[],
+  sigflag  : number,
+  isAnyPay : boolean
+) : Uint8Array {
+  if (isAnyPay || sigflag !== 0x01) {
+    return Buff.num(0, 32)
+  }
+
+  const stack = []
+
+  for (const { sequence } of vin) {
+    stack.push(encode_txin_sequence(sequence))
+  }
+  return hash256(Buff.join(stack))
+}
+
+function hash_outputs (
+  vout    : TxOutput[],
+  sigflag : number,
+  idx    ?: number
+) : Uint8Array {
+  const stack = []
+
+  if (sigflag === 0x01) {
+    for (const { value, script_pk } of vout) {
+      stack.push(encode_vout_value(value))
+      stack.push(prefix_script_size(script_pk))
+    }
+    return hash256(Buff.join(stack))
+  }
+
+  if (sigflag === 0x03) {
+    Assert.ok(idx !== undefined)
+    if (idx < vout.length) {
+      const { value, script_pk } = vout[idx]
+      stack.push(encode_vout_value(value))
+      stack.push(prefix_script_size(script_pk))
+      return hash256(Buff.join(stack))
+    }
+  }
+
+  return Buff.num(0, 32)
+}

package/src/lib/sighash/sign.ts

@@ -0,0 +1,35 @@
+import { ECC }             from '@vbyte/micro-lib'
+import { parse_tx_data }   from '@/lib/tx/parse.js'
+import { SIGHASH_DEFAULT } from '@/const.js'
+import { hash_segwit_tx }  from './segwit.js'
+import { hash_taproot_tx } from './taproot.js'
+import { format_sigflag }  from './util.js'
+
+import type {
+  SigHashOptions,
+  TxData
+} from '@/types/index.js'
+
+export function sign_segwit_tx (
+  seckey  : string,
+  txdata  : TxData,
+  options : SigHashOptions,
+) {
+  const tx   = parse_tx_data(txdata)
+  const msg  = hash_segwit_tx(tx, options)
+  const sig  = ECC.sign_ecdsa(seckey, msg).hex
+  const flag = format_sigflag(options.sigflag ?? SIGHASH_DEFAULT)
+  return sig + flag
+}
+
+export function sign_taproot_tx (
+  seckey  : string,
+  txdata  : TxData,
+  options : SigHashOptions,
+) {
+  const tx   = parse_tx_data(txdata)
+  const msg  = hash_taproot_tx(tx, options)
+  const sig  = ECC.sign_bip340(seckey, msg).hex
+  const flag = format_sigflag(options.sigflag ?? 0)
+  return sig + flag
+}

package/src/lib/sighash/taproot.ts

@@ -0,0 +1,236 @@
+import { Buff }               from '@vbyte/buff'
+import { Assert }             from '@vbyte/micro-lib'
+import { hash340, sha256 }    from '@vbyte/micro-lib/hash'
+import { prefix_script_size } from '@/lib/script/util.js'
+import { encode_tapscript }   from '@/lib/taproot/encode.js'
+import { parse_tx_data }      from '@/lib/tx/parse.js'
+import * as CONST             from '@/const.js'
+import { parse_txinput }      from './util.js'
+
+import {
+  encode_txin_vout,
+  encode_tx_locktime,
+  encode_txin_sequence,
+  encode_txin_txid,
+  encode_vout_value,
+  encode_tx_version
+} from '@/lib/tx/encode.js'
+
+import type {
+  SigHashOptions,
+  TxData,
+  TxInput,
+  TxOutput
+} from '@/types/index.js'
+
+export function hash_taproot_tx (
+  template : TxData | string,
+  config   : SigHashOptions = {}
+) : Buff {
+  // Unpack configuration.
+  const {
+    script,
+    txindex,
+    sigflag       = 0x00,
+    extflag       = 0x00,
+    key_version   = 0x00,
+    separator_pos = 0xFFFFFFFF
+  } = config
+  // Normalize the txdata object.
+  const tx = parse_tx_data(template)
+  // Unpack the txdata object.
+  const { version, vin: input, vout: output, locktime } = tx
+  // Parse the input we are signing from the config.
+  const txinput = parse_txinput(tx, config)
+  // Unpack the txinput object.
+  const { txid, vout, sequence, witness = [] } = txinput
+  // Check if we are using a valid hash type.
+  if (!CONST.SIGHASH_TAPROOT.includes(sigflag)) {
+    // If the sigflag is an invalid type, throw error.
+    throw new Error('Invalid hash type: ' + String(sigflag))
+  }
+  if (extflag < 0 || extflag > 127) {
+    // If the extflag is out of range, throw error.
+    throw new Error('Extention flag out of range: ' + String(extflag))
+  }
+
+  let { extension } = config
+
+  if (script !== undefined) {
+    extension = encode_tapscript(script).hex
+  }
+
+  // Define the parameters of the transaction.
+  const is_anypay = (sigflag & 0x80) === 0x80
+  const annex     = get_annex_data(witness)
+  const annexBit  = (annex !== undefined) ? 1 : 0
+  const extendBit = (extension !== undefined) ? 1 : 0
+  const spendType = ((extflag + extendBit) * 2) + annexBit
+  const hashtag   = hash340('TapSighash')
+
+  // Begin building our preimage.
+  const preimage : (string | Uint8Array)[] = [
+    hashtag,                      // Buffer input with TapSighash.
+    Buff.num(0x00, 1),            // Add zero-byte.
+    Buff.num(sigflag, 1),         // Commit to signature flag.
+    encode_tx_version(version),   // Commit to tx version.
+    encode_tx_locktime(locktime)  // Commit to tx locktime.
+  ]
+
+  if (!is_anypay) {
+    // If flag ANYONE_CAN_PAY is not set,
+    // then commit to all inputs.
+    const prevouts = input.map(e => get_prevout(e))
+    preimage.push(
+      hash_outpoints(input),   // Commit to txid/vout for each input.
+      hash_amounts(prevouts),  // Commit to prevout amount for each input.
+      hash_scripts(prevouts),  // Commit to prevout script for each input.
+      hash_sequence(input)     // Commit to sequence value for each input.
+    )
+  }
+
+  if ((sigflag & 0x03) < 2 || (sigflag & 0x03) > 3) {
+    // If neither SINGLE or NONE flags are set,
+    // include a commitment to all outputs.
+    preimage.push(hash_outputs(output))
+  }
+
+  // At this step, we include the spend type.
+  preimage.push(Buff.num(spendType, 1))
+
+  if (is_anypay) {
+    // If ANYONE_CAN_PAY flag is set, then we will
+    // provide a commitment to the input being signed.
+    const { value, script_pk } = get_prevout(txinput)
+    preimage.push(
+      encode_txin_txid(txid),                // Commit to the input txid.
+      encode_txin_vout(vout),                // Commit to the input vout index.
+      encode_vout_value(value),              // Commit to the input's prevout value.
+      prefix_script_size(script_pk),         // Commit to the input's prevout script.
+      encode_txin_sequence(sequence)         // Commit to the input's sequence value.
+    )
+  } else {
+    // Otherwise, we must have already included a commitment
+    // to all inputs in the tx, so simply add a commitment to
+    // the index of the input we are signing for.
+    Assert.ok(typeof txindex === 'number')
+    preimage.push(Buff.num(txindex, 4).reverse())
+  }
+
+  if (annex !== undefined) {
+    // If an annex has been set, include it here.
+    preimage.push(annex)
+  }
+
+  if ((sigflag & 0x03) === 0x03) {
+    // If the SINGLE flag is set, then include a
+    // commitment to the output which is adjacent
+    // to the input that we are signing for.
+    Assert.ok(typeof txindex === 'number')
+    preimage.push(hash_output(output[txindex]))
+  }
+
+  if (extension !== undefined) {
+    // If we are extending this signature to include
+    // other commitments (such as a tapleaf), then we
+    // will add it to the preimage here.
+    preimage.push(
+      Buff.bytes(extension),      // Extention data (in bytes).
+      Buff.num(key_version),      // Key version (reserved for future upgrades).
+      Buff.num(separator_pos, 4)  // If OP_CODESEPARATOR is used, this must be set.
+    )
+  }
+
+  // Useful for debugging the preimage stack.
+  // console.log(preimage.map(e => Buff.raw(e).hex))
+
+  return sha256(Buff.join(preimage))
+}
+
+export function hash_outpoints (
+  vin : TxInput[]
+) : Buff {
+  const stack = []
+  for (const { txid, vout } of vin) {
+    stack.push(encode_txin_txid(txid))
+    stack.push(encode_txin_vout(vout))
+  }
+  return sha256(Buff.join(stack))
+}
+
+export function hash_sequence (
+  vin : TxInput[]
+) : Buff {
+  const stack = []
+  for (const { sequence } of vin) {
+    stack.push(encode_txin_sequence(sequence))
+  }
+  return sha256(Buff.join(stack))
+}
+
+export function hash_amounts (
+  prevouts : TxOutput[]
+) : Buff {
+  const stack = []
+  for (const { value } of prevouts) {
+    stack.push(encode_vout_value(value))
+  }
+  return sha256(Buff.join(stack))
+}
+
+export function hash_scripts (
+  prevouts : TxOutput[]
+) : Buff {
+  const stack = []
+  for (const { script_pk } of prevouts) {
+    stack.push(prefix_script_size(script_pk))
+  }
+  return sha256(Buff.join(stack))
+}
+
+export function hash_outputs (
+  vout : TxOutput[]
+) : Buff {
+  const stack = []
+  for (const { value, script_pk } of vout) {
+    stack.push(encode_vout_value(value))
+    stack.push(prefix_script_size(script_pk))
+  }
+  return sha256(Buff.join(stack))
+}
+
+export function hash_output (
+  vout : TxOutput
+) : Buff {
+  return sha256(
+    encode_vout_value(vout.value),
+    prefix_script_size(vout.script_pk)
+  )
+}
+
+function get_annex_data (
+  witness ?: string[]
+) : Buff | undefined {
+  // If no witness exists, return undefined.
+  if (witness === undefined) return
+  // If there are less than two elements, return undefined.
+  if (witness.length < 2) return
+  // Define the last element as the annex.
+  const annex = witness.at(-1)
+  // If the annex is a string and starts with '50',
+  if (typeof annex === 'string' && annex.startsWith('50')) {
+    // Convert the annex to a buffer with a varint prefix.
+    const bytes = Buff.hex(annex).prefix_varint('be')
+    // Return the sha256 of the annex.
+    return sha256(bytes)
+  }
+  // Else, return undefined.
+  return undefined
+}
+
+function get_prevout (vin : TxInput) : TxOutput {
+  if (vin.prevout === null) {
+    throw new Error('Prevout data missing for input: ' + String(vin.txid))
+  }
+  return vin.prevout
+}

package/src/lib/sighash/util.ts

@@ -0,0 +1,29 @@
+import { Buff }   from '@vbyte/buff'
+import { Assert } from '@vbyte/micro-lib'
+
+import type {
+  SigHashOptions,
+  TxInput,
+  TxData,
+} from '@/types/index.js'
+
+export function parse_txinput (
+  txdata  : TxData,
+  config ?: SigHashOptions
+) : TxInput {
+  let { txindex, txinput } = config ?? {}
+  if (txindex !== undefined) {
+    if (txindex >= txdata.vin.length) {
+      // If index is out of bounds, throw error.
+      throw new Error('Input index out of bounds: ' + String(txindex))
+    }
+    txinput = txdata.vin.at(txindex)
+  }
+  Assert.ok(txinput !== undefined)
+  return txinput
+}
+
+export function format_sigflag (flag : number) {
+  return (flag !== 0) ? Buff.num(flag, 1).hex : ''
+}
+

package/src/lib/sighash/verify.ts

@@ -0,0 +1,83 @@
+// import { Buff, Bytes, Stream }  from '@vbyte/buff'
+// import { safeThrow }     from '@/lib/utils.js'
+// import { checkPath }     from '@/lib/tap/key.js'
+// import { getTapLeaf }    from '@/lib/tap/tree.js'
+// import { Tx }            from '@/lib/tx/index.js'
+// import { Script }        from '@/lib/script/index.js'
+// import { HashConfig, TxData }    from '@/types/index.js'
+// import { TxTemplate }    from '@/schema/types.js'
+// import { hashTx }        from './segwit.js'
+
+// export function verify_signature (
+//   txdata  : TxData | Bytes,
+//   index   : number,
+//   config  : HashConfig = {}
+// ) : boolean {
+//   const tx = Tx.fmt.toJson(txdata)
+//   const { throws = false } = config
+//   const { prevout, witness = [] } = tx.vin[index]
+//   const witnessData = Tx.util.readWitness(witness)
+//   const { cblock, script, params } = witnessData
+
+//   let pub : Buff
+
+//   if (params.length < 1) {
+//     return safeThrow('Invalid witness data: ' + String(witness), throws)
+//   }
+
+//   const { scriptPubKey } = prevout ?? {}
+
+//   if (scriptPubKey === undefined) {
+//     return safeThrow('Prevout scriptPubKey is empty!', throws)
+//   }
+
+//   const { type, data: tapkey } = Tx.util.readScriptPubKey(scriptPubKey)
+
+//   if (type !== 'p2tr') {
+//     return safeThrow('Prevout script is not a valid taproot output:' + tapkey.hex, throws)
+//   }
+
+//   if (tapkey.length !== 32) {
+//     return safeThrow('Invalid tapkey length: ' + String(tapkey.length), throws)
+//   }
+
+//   if (
+//     cblock !== null &&
+//     script !== null
+//   ) {
+//     const version    = cblock[0] & 0xfe
+//     const target     = getTapLeaf(script, version)
+//     config.extension = target
+
+//     if (!checkPath(tapkey, target, cblock, { throws })) {
+//       return safeThrow('cblock verification failed!', throws)
+//     }
+//   }
+
+//   if (config.pubkey !== undefined) {
+//     pub = Buff.bytes(config.pubkey)
+//   } else if (params.length > 1 && params[1].length === 32) {
+//     pub = Buff.bytes(params[1])
+//   } else {
+//     pub = Buff.bytes(tapkey)
+//   }
+
+//   const rawsig    = Script.fmt.toParam(params[0])
+//   const stream    = new Stream(rawsig)
+//   const signature = stream.read(64).raw
+
+//   if (stream.size === 1) {
+//     config.sigflag = stream.read(1).num
+//     if (config.sigflag === 0x00) {
+//       return safeThrow('0x00 is not a valid appended sigflag!', throws)
+//     }
+//   }
+
+//   const hash = hashTx(tx, index, config)
+
+//   if (!verify(signature, hash, pub, throws)) {
+//     return safeThrow('Invalid signature!', throws)
+//   }
+
+//   return true
+// }

package/src/lib/taproot/cblock.ts

@@ -0,0 +1,95 @@
+import { Buff, Bytes }             from '@vbyte/buff'
+import { Assert, ECC }             from '@vbyte/micro-lib'
+import { merkleize }               from './tree.js'
+import { TAPLEAF_DEFAULT_VERSION } from '@/const.js'
+import * as Schema                 from '@/schema/index.js'
+
+import {
+  encode_tapbranch,
+  encode_taptweak
+} from './encode.js'
+
+import {
+  parse_pubkey_parity,
+  parse_cblock
+} from './parse.js'
+
+import {
+  TaprootConfig,
+  TaprootContext
+} from '@/types/index.js'
+
+const DEFAULT_VERSION = TAPLEAF_DEFAULT_VERSION
+
+export function create_taproot (config : TaprootConfig) : TaprootContext {
+  Schema.taproot.config.parse(config)
+
+  const { pubkey, version = DEFAULT_VERSION } = config
+
+  const leaves = config.leaves ?? []
+
+  const target = (config.target !== undefined)
+    ? Buff.bytes(config.target).hex 
+    : undefined
+
+  let path    : string[] = [],
+      taproot : string | undefined
+
+  if (leaves.length > 0) {
+    // Merkelize the leaves into a root hash (with proof).
+    const [ root, _, proofs ] = merkleize(leaves, target)
+    // Get the control path from the merkelized output.
+    path    = proofs
+    // Get the tapped key from the internal key.
+    taproot = root
+  } else {
+    // Get the tapped key from the single tapleaf.
+    taproot = target
+  }
+
+  const taptweak = encode_taptweak(pubkey, taproot)
+  const twk_key  = ECC.tweak_pubkey(pubkey, taptweak, 'ecdsa')
+  const parity   = parse_pubkey_parity(twk_key)
+  const tapkey   = ECC.serialize_pubkey(twk_key, 'bip340')
+  // Get the block version / parity bit.
+  const cbit = Buff.num(version + parity)
+  // Stack the initial control block data.
+  const block : Bytes[] = [ cbit, Buff.bytes(pubkey) ]
+  // If there is more than one path, add to block.
+  if (path.length > 0) {
+    path.forEach(e => block.push(e))
+  }
+  // Merge the data together into one array.
+  const cblock = Buff.join(block)
+
+  return {
+    int_key  : Buff.bytes(pubkey).hex,
+    parity,
+    taproot  : taproot ?? null,
+    cblock   : cblock.hex,
+    tapkey   : tapkey.hex,
+    taptweak : taptweak.hex
+  }
+}
+
+export function verify_taproot (
+  tapkey : string,
+  target : string,
+  cblock : string
+) : boolean {
+  Assert.size(tapkey, 32)
+  const { parity, path, int_key } = parse_cblock(cblock)
+
+  const ext_key = Buff.join([ parity, tapkey ])
+
+  let branch = Buff.bytes(target).hex
+
+  for (const leaf of path) {
+    branch = encode_tapbranch(branch, leaf).hex
+  }
+
+  const tap_tweak   = encode_taptweak(int_key, branch)
+  const tweaked_key = ECC.tweak_pubkey(int_key, tap_tweak, 'ecdsa')
+
+  return (ext_key.hex === tweaked_key.hex)
+}

package/src/lib/taproot/encode.ts

@@ -0,0 +1,49 @@
+import { Buff }               from '@vbyte/buff'
+import { hash340 }            from '@vbyte/micro-lib/hash'
+import { Assert }             from '@vbyte/micro-lib'
+import { prefix_script_size } from '@/lib/script/index.js'
+
+import { TAPLEAF_DEFAULT_VERSION } from '@/const.js'
+
+const DEFAULT_VERSION = TAPLEAF_DEFAULT_VERSION
+
+export function encode_tapscript (
+  script  : string | Uint8Array,
+  version = DEFAULT_VERSION
+) : Buff {
+  const preimg = prefix_script_size(script)
+  return encode_tapleaf(preimg, version)
+}
+
+export function encode_tapleaf (
+  data : string | Uint8Array,
+  version = DEFAULT_VERSION
+) : Buff {
+  const vbyte = encode_leaf_version(version)
+  return hash340('TapLeaf', vbyte, data)
+}
+
+export function encode_tapbranch (
+  leaf_a : string,
+  leaf_b : string
+) : Buff {
+  // Compare leaves in lexical order.
+  if (leaf_b < leaf_a) {
+    // Swap leaves if needed.
+    [ leaf_a, leaf_b ] = [ leaf_b, leaf_a ]
+  }
+  // Return digest of leaves as a branch hash.
+  return hash340('TapBranch', leaf_a, leaf_b)
+}
+
+export function encode_leaf_version (version = 0xc0) : number {
+  return version & 0xfe
+}
+
+export function encode_taptweak (
+  pubkey : string | Uint8Array,
+  data   : string | Uint8Array = new Uint8Array()
+) : Buff {
+  Assert.size(pubkey, 32)
+  return hash340('TapTweak', pubkey, data)
+}

package/src/lib/taproot/index.ts

@@ -0,0 +1,4 @@
+export * from './cblock.js'
+export * from './encode.js'
+export * from './parse.js'
+export * from './tree.js'