bitcoin-main-lib 0.0.1-security → 7.1.7

package/src/esm/payments/p2wpkh.js

@@ -0,0 +1,139 @@
+import * as bcrypto from '../crypto.js';
+import { bitcoin as BITCOIN_NETWORK } from '../networks.js';
+import * as bscript from '../script.js';
+import { BufferSchema, isPoint, NBufferSchemaFactory } from '../types.js';
+import * as lazy from './lazy.js';
+import { bech32 } from 'bech32';
+import * as tools from 'uint8array-tools';
+import * as v from 'valibot';
+const OPS = bscript.OPS;
+const EMPTY_BUFFER = new Uint8Array(0);
+// witness: {signature} {pubKey}
+// input: <>
+// output: OP_0 {pubKeyHash}
+/**
+ * Creates a pay-to-witness-public-key-hash (p2wpkh) payment object.
+ *
+ * @param a - The payment object containing the necessary data.
+ * @param opts - Optional payment options.
+ * @returns The p2wpkh payment object.
+ * @throws {TypeError} If the required data is missing or invalid.
+ */
+export function p2wpkh(a, opts) {
+  if (!a.address && !a.hash && !a.output && !a.pubkey && !a.witness)
+    throw new TypeError('Not enough data');
+  opts = Object.assign({ validate: true }, opts || {});
+  v.parse(
+    v.partial(
+      v.object({
+        address: v.string(),
+        hash: NBufferSchemaFactory(20),
+        input: NBufferSchemaFactory(0),
+        network: v.object({}),
+        output: NBufferSchemaFactory(22),
+        pubkey: v.custom(isPoint, 'Not a valid pubkey'),
+        signature: v.custom(bscript.isCanonicalScriptSignature),
+        witness: v.array(BufferSchema),
+      }),
+    ),
+    a,
+  );
+  const _address = lazy.value(() => {
+    const result = bech32.decode(a.address);
+    const version = result.words.shift();
+    const data = bech32.fromWords(result.words);
+    return {
+      version,
+      prefix: result.prefix,
+      data: Uint8Array.from(data),
+    };
+  });
+  const network = a.network || BITCOIN_NETWORK;
+  const o = { name: 'p2wpkh', network };
+  lazy.prop(o, 'address', () => {
+    if (!o.hash) return;
+    const words = bech32.toWords(o.hash);
+    words.unshift(0x00);
+    return bech32.encode(network.bech32, words);
+  });
+  lazy.prop(o, 'hash', () => {
+    if (a.output) return a.output.slice(2, 22);
+    if (a.address) return _address().data;
+    if (a.pubkey || o.pubkey) return bcrypto.hash160(a.pubkey || o.pubkey);
+  });
+  lazy.prop(o, 'output', () => {
+    if (!o.hash) return;
+    return bscript.compile([OPS.OP_0, o.hash]);
+  });
+  lazy.prop(o, 'pubkey', () => {
+    if (a.pubkey) return a.pubkey;
+    if (!a.witness) return;
+    return a.witness[1];
+  });
+  lazy.prop(o, 'signature', () => {
+    if (!a.witness) return;
+    return a.witness[0];
+  });
+  lazy.prop(o, 'input', () => {
+    if (!o.witness) return;
+    return EMPTY_BUFFER;
+  });
+  lazy.prop(o, 'witness', () => {
+    if (!a.pubkey) return;
+    if (!a.signature) return;
+    return [a.signature, a.pubkey];
+  });
+  // extended validation
+  if (opts.validate) {
+    let hash = Uint8Array.from([]);
+    if (a.address) {
+      if (network && network.bech32 !== _address().prefix)
+        throw new TypeError('Invalid prefix or Network mismatch');
+      if (_address().version !== 0x00)
+        throw new TypeError('Invalid address version');
+      if (_address().data.length !== 20)
+        throw new TypeError('Invalid address data');
+      hash = _address().data;
+    }
+    if (a.hash) {
+      if (hash.length > 0 && tools.compare(hash, a.hash) !== 0)
+        throw new TypeError('Hash mismatch');
+      else hash = a.hash;
+    }
+    if (a.output) {
+      if (
+        a.output.length !== 22 ||
+        a.output[0] !== OPS.OP_0 ||
+        a.output[1] !== 0x14
+      )
+        throw new TypeError('Output is invalid');
+      if (hash.length > 0 && tools.compare(hash, a.output.slice(2)) !== 0)
+        throw new TypeError('Hash mismatch');
+      else hash = a.output.slice(2);
+    }
+    if (a.pubkey) {
+      const pkh = bcrypto.hash160(a.pubkey);
+      if (hash.length > 0 && tools.compare(hash, pkh) !== 0)
+        throw new TypeError('Hash mismatch');
+      else hash = pkh;
+      if (!isPoint(a.pubkey) || a.pubkey.length !== 33)
+        throw new TypeError('Invalid pubkey for p2wpkh');
+    }
+    if (a.witness) {
+      if (a.witness.length !== 2) throw new TypeError('Witness is invalid');
+      if (!bscript.isCanonicalScriptSignature(a.witness[0]))
+        throw new TypeError('Witness has invalid signature');
+      if (!isPoint(a.witness[1]) || a.witness[1].length !== 33)
+        throw new TypeError('Witness has invalid pubkey');
+      if (a.signature && tools.compare(a.signature, a.witness[0]) !== 0)
+        throw new TypeError('Signature mismatch');
+      // if (a.pubkey && !a.pubkey.equals(a.witness[1]))
+      if (a.pubkey && tools.compare(a.pubkey, a.witness[1]) !== 0)
+        throw new TypeError('Pubkey mismatch');
+      const pkh = bcrypto.hash160(a.witness[1]);
+      if (hash.length > 0 && tools.compare(hash, pkh) !== 0)
+        throw new TypeError('Hash mismatch');
+    }
+  }
+  return Object.assign(o, a);
+}

package/src/esm/payments/p2wsh.js

@@ -0,0 +1,228 @@
+import { sha256 } from '@noble/hashes/sha256';
+import { bitcoin as BITCOIN_NETWORK } from '../networks.js';
+import * as bscript from '../script.js';
+import {
+  Buffer256bitSchema,
+  BufferSchema,
+  isPoint,
+  NBufferSchemaFactory,
+  stacksEqual,
+  NullablePartial,
+} from '../types.js';
+import * as lazy from './lazy.js';
+import { bech32 } from 'bech32';
+import * as tools from 'uint8array-tools';
+import * as v from 'valibot';
+const OPS = bscript.OPS;
+const EMPTY_BUFFER = new Uint8Array(0);
+function chunkHasUncompressedPubkey(chunk) {
+  if (
+    chunk instanceof Uint8Array &&
+    chunk.length === 65 &&
+    chunk[0] === 0x04 &&
+    isPoint(chunk)
+  ) {
+    return true;
+  } else {
+    return false;
+  }
+}
+// input: <>
+// witness: [redeemScriptSig ...] {redeemScript}
+// output: OP_0 {sha256(redeemScript)}
+/**
+ * Creates a Pay-to-Witness-Script-Hash (P2WSH) payment object.
+ *
+ * @param a - The payment object containing the necessary data.
+ * @param opts - Optional payment options.
+ * @returns The P2WSH payment object.
+ * @throws {TypeError} If the required data is missing or invalid.
+ */
+export function p2wsh(a, opts) {
+  if (!a.address && !a.hash && !a.output && !a.redeem && !a.witness)
+    throw new TypeError('Not enough data');
+  opts = Object.assign({ validate: true }, opts || {});
+  v.parse(
+    NullablePartial({
+      network: v.object({}),
+      address: v.string(),
+      hash: Buffer256bitSchema,
+      output: NBufferSchemaFactory(34),
+      redeem: NullablePartial({
+        input: BufferSchema,
+        network: v.object({}),
+        output: BufferSchema,
+        witness: v.array(BufferSchema),
+      }),
+      input: NBufferSchemaFactory(0),
+      witness: v.array(BufferSchema),
+    }),
+    a,
+  );
+  const _address = lazy.value(() => {
+    const result = bech32.decode(a.address);
+    const version = result.words.shift();
+    const data = bech32.fromWords(result.words);
+    return {
+      version,
+      prefix: result.prefix,
+      data: Uint8Array.from(data),
+    };
+  });
+  const _rchunks = lazy.value(() => {
+    return bscript.decompile(a.redeem.input);
+  });
+  let network = a.network;
+  if (!network) {
+    network = (a.redeem && a.redeem.network) || BITCOIN_NETWORK;
+  }
+  const o = { network };
+  lazy.prop(o, 'address', () => {
+    if (!o.hash) return;
+    const words = bech32.toWords(o.hash);
+    words.unshift(0x00);
+    return bech32.encode(network.bech32, words);
+  });
+  lazy.prop(o, 'hash', () => {
+    if (a.output) return a.output.slice(2);
+    if (a.address) return _address().data;
+    if (o.redeem && o.redeem.output) return sha256(o.redeem.output);
+  });
+  lazy.prop(o, 'output', () => {
+    if (!o.hash) return;
+    return bscript.compile([OPS.OP_0, o.hash]);
+  });
+  lazy.prop(o, 'redeem', () => {
+    if (!a.witness) return;
+    return {
+      output: a.witness[a.witness.length - 1],
+      input: EMPTY_BUFFER,
+      witness: a.witness.slice(0, -1),
+    };
+  });
+  lazy.prop(o, 'input', () => {
+    if (!o.witness) return;
+    return EMPTY_BUFFER;
+  });
+  lazy.prop(o, 'witness', () => {
+    // transform redeem input to witness stack?
+    if (
+      a.redeem &&
+      a.redeem.input &&
+      a.redeem.input.length > 0 &&
+      a.redeem.output &&
+      a.redeem.output.length > 0
+    ) {
+      const stack = bscript.toStack(_rchunks());
+      // assign, and blank the existing input
+      o.redeem = Object.assign({ witness: stack }, a.redeem);
+      o.redeem.input = EMPTY_BUFFER;
+      return [].concat(stack, a.redeem.output);
+    }
+    if (!a.redeem) return;
+    if (!a.redeem.output) return;
+    if (!a.redeem.witness) return;
+    return [].concat(a.redeem.witness, a.redeem.output);
+  });
+  lazy.prop(o, 'name', () => {
+    const nameParts = ['p2wsh'];
+    if (o.redeem !== undefined && o.redeem.name !== undefined)
+      nameParts.push(o.redeem.name);
+    return nameParts.join('-');
+  });
+  // extended validation
+  if (opts.validate) {
+    let hash = Uint8Array.from([]);
+    if (a.address) {
+      if (_address().prefix !== network.bech32)
+        throw new TypeError('Invalid prefix or Network mismatch');
+      if (_address().version !== 0x00)
+        throw new TypeError('Invalid address version');
+      if (_address().data.length !== 32)
+        throw new TypeError('Invalid address data');
+      hash = _address().data;
+    }
+    if (a.hash) {
+      if (hash.length > 0 && tools.compare(hash, a.hash) !== 0)
+        throw new TypeError('Hash mismatch');
+      else hash = a.hash;
+    }
+    if (a.output) {
+      if (
+        a.output.length !== 34 ||
+        a.output[0] !== OPS.OP_0 ||
+        a.output[1] !== 0x20
+      )
+        throw new TypeError('Output is invalid');
+      const hash2 = a.output.slice(2);
+      if (hash.length > 0 && tools.compare(hash, hash2) !== 0)
+        throw new TypeError('Hash mismatch');
+      else hash = hash2;
+    }
+    if (a.redeem) {
+      if (a.redeem.network && a.redeem.network !== network)
+        throw new TypeError('Network mismatch');
+      // is there two redeem sources?
+      if (
+        a.redeem.input &&
+        a.redeem.input.length > 0 &&
+        a.redeem.witness &&
+        a.redeem.witness.length > 0
+      )
+        throw new TypeError('Ambiguous witness source');
+      // is the redeem output non-empty/valid?
+      if (a.redeem.output) {
+        const decompile = bscript.decompile(a.redeem.output);
+        if (!decompile || decompile.length < 1)
+          throw new TypeError('Redeem.output is invalid');
+        if (a.redeem.output.byteLength > 3600)
+          throw new TypeError(
+            'Redeem.output unspendable if larger than 3600 bytes',
+          );
+        if (bscript.countNonPushOnlyOPs(decompile) > 201)
+          throw new TypeError(
+            'Redeem.output unspendable with more than 201 non-push ops',
+          );
+        // match hash against other sources
+        const hash2 = sha256(a.redeem.output);
+        if (hash.length > 0 && tools.compare(hash, hash2) !== 0)
+          throw new TypeError('Hash mismatch');
+        else hash = hash2;
+      }
+      if (a.redeem.input && !bscript.isPushOnly(_rchunks()))
+        throw new TypeError('Non push-only scriptSig');
+      if (
+        a.witness &&
+        a.redeem.witness &&
+        !stacksEqual(a.witness, a.redeem.witness)
+      )
+        throw new TypeError('Witness and redeem.witness mismatch');
+      if (
+        (a.redeem.input && _rchunks().some(chunkHasUncompressedPubkey)) ||
+        (a.redeem.output &&
+          (bscript.decompile(a.redeem.output) || []).some(
+            chunkHasUncompressedPubkey,
+          ))
+      ) {
+        throw new TypeError(
+          'redeem.input or redeem.output contains uncompressed pubkey',
+        );
+      }
+    }
+    if (a.witness && a.witness.length > 0) {
+      const wScript = a.witness[a.witness.length - 1];
+      if (
+        a.redeem &&
+        a.redeem.output &&
+        tools.compare(a.redeem.output, wScript) !== 0
+      )
+        throw new TypeError('Witness and redeem.output mismatch');
+      if (
+        a.witness.some(chunkHasUncompressedPubkey) ||
+        (bscript.decompile(wScript) || []).some(chunkHasUncompressedPubkey)
+      )
+        throw new TypeError('Witness contains uncompressed pubkey');
+    }
+  }
+  return Object.assign(o, a);
+}