smartledger-bsv 4.2.1 → 4.4.0

package/lib/script/interpreter.js

@@ -701,7 +701,7 @@ Interpreter.prototype.step = function () {
           return true
         }
         break
-        
+
       // Monolith opcodes are now enabled by default in SmartLedger BSV
       // These were activated in May 2018 and are part of standard BSV consensus
       case Opcode.OP_DIV:
@@ -715,7 +715,7 @@ Interpreter.prototype.step = function () {
       case Opcode.OP_NUM2BIN:
         // These opcodes are now always enabled - no flag required
         return false
-        
+
       default:
         break
     }
@@ -1757,6 +1757,56 @@ Interpreter.prototype.step = function () {
         this.stack[this.stack.length - 1] = n1.slice(position)
         break
 
+      case Opcode.OP_LEFT:
+      case Opcode.OP_RIGHT:
+        // (in size -- out)  OP_LEFT keeps the first `size` bytes; OP_RIGHT the last.
+        // Re-enabled string opcodes (BSV Chronicle). Original Satoshi semantics.
+        if (this.stack.length < 2) {
+          this.errstr = 'SCRIPT_ERR_INVALID_STACK_OPERATION'
+          return false
+        }
+        buf1 = stacktop(-2)
+        n = BN.fromScriptNumBuffer(stacktop(-1), fRequireMinimal).toNumber()
+        if (n < 0) {
+          this.errstr = 'SCRIPT_ERR_INVALID_NUMBER_RANGE'
+          return false
+        }
+        if (n > buf1.length) {
+          n = buf1.length
+        }
+        this.stack.pop()
+        if (opcodenum === Opcode.OP_LEFT) {
+          this.stack[this.stack.length - 1] = Buffer.from(buf1).slice(0, n)
+        } else {
+          this.stack[this.stack.length - 1] = Buffer.from(buf1).slice(buf1.length - n)
+        }
+        break
+
+      case Opcode.OP_SUBSTR:
+        // (in begin size -- out)  out = in[begin : begin + size]
+        // Re-enabled string opcode (BSV Chronicle). Original Satoshi semantics.
+        if (this.stack.length < 3) {
+          this.errstr = 'SCRIPT_ERR_INVALID_STACK_OPERATION'
+          return false
+        }
+        buf1 = stacktop(-3)
+        var subSize = BN.fromScriptNumBuffer(stacktop(-1), fRequireMinimal).toNumber()
+        var subBegin = BN.fromScriptNumBuffer(stacktop(-2), fRequireMinimal).toNumber()
+        if (subBegin < 0 || subSize < 0) {
+          this.errstr = 'SCRIPT_ERR_INVALID_NUMBER_RANGE'
+          return false
+        }
+        if (subBegin > buf1.length) {
+          subBegin = buf1.length
+        }
+        if (subBegin + subSize > buf1.length) {
+          subSize = buf1.length - subBegin
+        }
+        this.stack.pop()
+        this.stack.pop()
+        this.stack[this.stack.length - 1] = Buffer.from(buf1).slice(subBegin, subBegin + subSize)
+        break
+
         //
         // Conversion operations
         //

package/lib/smart_contract/covenant_helpers.js

@@ -18,13 +18,14 @@ var Signature = require('../crypto/signature')
 var SIGHASH = Signature.SIGHASH_ALL | Signature.SIGHASH_FORKID // 0x41
 
 // Post-Genesis consensus flags (big numbers, OP_CAT/OP_SPLIT/OP_MUL, FORKID,
-// CLTV/CSV). LOW_S is intentionally omitted so the in-script OP_PUSH_TX
-// signature (which may be high-S) verifies.
+// CLTV/CSV). LOW_S is enforced: the OP_PUSH_TX grind produces a canonical
+// (low-S) in-script signature, so these covenants meet mainnet standardness.
 function flags () {
   var I = bsv.Script.Interpreter
   return I.SCRIPT_VERIFY_P2SH |
     I.SCRIPT_VERIFY_STRICTENC |
     I.SCRIPT_VERIFY_DERSIG |
+    I.SCRIPT_VERIFY_LOW_S |
     I.SCRIPT_VERIFY_CHECKLOCKTIMEVERIFY |
     I.SCRIPT_VERIFY_CHECKSEQUENCEVERIFY |
     I.SCRIPT_ENABLE_SIGHASH_FORKID |

package/lib/smart_contract/pels.js

@@ -44,8 +44,7 @@ function pelsCovenant (fee) {
 
   // 3. value (8B @ offsetFromEnd 52); newValue = value - fee, as 8-byte LE
   s.add(Opcode.OP_OVER)
-  s.add(Opcode.OP_SIZE).add(n(52)).add(Opcode.OP_SUB).add(Opcode.OP_SPLIT).add(Opcode.OP_NIP)
-  s.add(n(8)).add(Opcode.OP_SPLIT).add(Opcode.OP_DROP)
+  s.add(n(52)).add(Opcode.OP_RIGHT).add(n(8)).add(Opcode.OP_LEFT) // last 52 bytes, first 8 = value
   s.add(Opcode.OP_BIN2NUM).add(n(fee)).add(Opcode.OP_SUB)
   s.add(n(8)).add(Opcode.OP_NUM2BIN)
 

package/lib/smart_contract/pushtx.js

@@ -59,10 +59,18 @@ function pushTxCore (script) {
   script.add(gxLe).add(Opcode.OP_ADD) // e + Gx
   script.add(N_LE).add(Opcode.OP_MOD) // s = (e + Gx) mod n
   script.add(scriptNum(32)).add(Opcode.OP_NUM2BIN) // s -> 32-byte LE
-  reverseBytes(script, 32) // -> big-endian (DER INTEGER body)
-  script.add(DER_PREFIX).add(Opcode.OP_SWAP).add(Opcode.OP_CAT) // PREFIX || s
+  reverseBytes(script, 32) // -> big-endian (DER INTEGER body) ; stack: [s_be]
+  // Build the DER signature and the pubkey from a SINGLE Gx push (Gx is both the
+  // r-value inside the DER prefix and the body of the 02||Gx pubkey). Sharing it
+  // via the altstack saves a 32-byte constant vs. embedding Gx twice.
+  script.add(Gx).add(Opcode.OP_DUP) // [s_be, Gx, Gx]
+  script.add(Buffer.from([0x02])).add(Opcode.OP_SWAP).add(Opcode.OP_CAT) // pubkey = 02||Gx
+  script.add(Opcode.OP_TOALTSTACK) // park pubkey ; [s_be, Gx]
+  script.add(Buffer.from([0x30, 0x44, 0x02, 0x20])).add(Opcode.OP_SWAP).add(Opcode.OP_CAT) // 30440220||Gx
+  script.add(Buffer.from([0x02, 0x20])).add(Opcode.OP_CAT) // ||0220  => DER prefix
+  script.add(Opcode.OP_SWAP).add(Opcode.OP_CAT) // DER prefix || s_be
   script.add(SIGHASH_BYTE).add(Opcode.OP_CAT) // || sighash flag => full DER sig
-  script.add(PUBKEY).add(Opcode.OP_CHECKSIG) // verify against P = G
+  script.add(Opcode.OP_FROMALTSTACK).add(Opcode.OP_CHECKSIG) // pubkey ; verify against P = G
   return script
 }
 
@@ -73,9 +81,8 @@ function authenticator () {
 
 /** Extract the committed hashOutputs (item 9, offsetFromEnd 40, len 32) from a preimage on-stack. */
 function extractHashOutputs (script) {
-  script.add(Opcode.OP_SIZE).add(scriptNum(40)).add(Opcode.OP_SUB)
-    .add(Opcode.OP_SPLIT).add(Opcode.OP_NIP)
-    .add(scriptNum(32)).add(Opcode.OP_SPLIT).add(Opcode.OP_DROP)
+  // last 40 bytes, then the first 32 of those = hashOutputs. (BSV string opcodes.)
+  script.add(scriptNum(40)).add(Opcode.OP_RIGHT).add(scriptNum(32)).add(Opcode.OP_LEFT)
   return script
 }
 
@@ -98,12 +105,22 @@ function valueCovenant (expectedHashOutputs) {
   return script
 }
 
-/** Compute s = (HASH256(preimage)+Gx) mod n; return its 32-byte BE form, or null if not a clean DER template. */
+// floor(n/2) — the canonical low-S boundary (matches Signature.hasLowS()).
+var HALF_N = new BN('7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0', 'hex')
+
+/**
+ * Compute s = (HASH256(preimage)+Gx) mod n; return its 32-byte BE form, or null
+ * if the resulting signature would not be a clean, CANONICAL (low-S) DER.
+ * Requiring s <= n/2 makes the in-script signature non-malleable and standard,
+ * so it passes nodes enforcing SCRIPT_VERIFY_LOW_S — at zero script-size cost
+ * (the burden is on the spender's grind, not extra opcodes).
+ */
 function sFromPreimage (preimage) {
   var z = Hash.sha256sha256(preimage)
   var s = new BN(z).add(new BN(Gx)).mod(N)
+  if (s.gt(HALF_N)) return null // enforce low-S (canonical / non-malleable)
   var sBE = s.toBuffer('be', 32)
-  return (sBE[0] >= 0x01 && sBE[0] <= 0x7f) ? sBE : null
+  return (sBE[0] >= 0x01) ? sBE : null // s <= n/2 already guarantees sBE[0] <= 0x7f
 }
 
 /**

package/lib/smart_contract/token.js

@@ -41,17 +41,15 @@ function ownershipToken (fee, ownerHash) {
 
   // park value (8B @ offsetFromEnd 52) and hashOutputs (32B @ offsetFromEnd 40)
   s.add(Opcode.OP_DUP)
-    .add(Opcode.OP_SIZE).add(n(52)).add(Opcode.OP_SUB).add(Opcode.OP_SPLIT).add(Opcode.OP_NIP)
-    .add(n(8)).add(Opcode.OP_SPLIT).add(Opcode.OP_DROP).add(Opcode.OP_TOALTSTACK) // alt:[value8]
+    .add(n(52)).add(Opcode.OP_RIGHT).add(n(8)).add(Opcode.OP_LEFT).add(Opcode.OP_TOALTSTACK) // alt:[value8]
   s.add(Opcode.OP_DUP); P.extractHashOutputs(s); s.add(Opcode.OP_TOALTSTACK) // alt:[value8, hashOutputs]
 
   // scriptChunk = preimage[104 : len-52] (consumes preimage)
   s.add(n(104)).add(Opcode.OP_SPLIT).add(Opcode.OP_NIP)
     .add(Opcode.OP_SIZE).add(n(52)).add(Opcode.OP_SUB).add(Opcode.OP_SPLIT).add(Opcode.OP_DROP)
 
-  // owner authorization: SHA256(ownerSecret) == ownerHash (chunk[4:36])
-  s.add(Opcode.OP_DUP).add(n(4)).add(Opcode.OP_SPLIT).add(Opcode.OP_NIP)
-    .add(n(32)).add(Opcode.OP_SPLIT).add(Opcode.OP_DROP)
+  // owner authorization: SHA256(ownerSecret) == ownerHash = chunk[4:36] (OP_SUBSTR)
+  s.add(Opcode.OP_DUP).add(n(4)).add(n(32)).add(Opcode.OP_SUBSTR)
   s.add(n(3)).add(Opcode.OP_ROLL)
   s.add(Opcode.OP_SHA256).add(Opcode.OP_EQUALVERIFY) // [newOwnerHash, scriptChunk]
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "smartledger-bsv",
-  "version": "4.2.1",
+  "version": "4.4.0",
   "description": "🚀 Complete Bitcoin SV development framework with legally-recognizable DID:web + W3C VC-JWT toolkit, Legal Token Protocol (LTP), Global Digital Attestation Framework (GDAF), StatusList2021 revocation, and 16 flexible loading options. Standards-based credentials with ES256/ES256K support, on-chain BSV anchoring, and comprehensive Bitcoin SV API. Perfect for legal tokens, verifiable credentials, DeFi, smart contracts, and secure Bitcoin applications.",
   "author": "SmartLedger Technology <hello@smartledger.technology> (https://smartledger.technology)",
   "homepage": "https://github.com/codenlighten/smartledger-bsv#readme",