/* Create p2sh for this redeem script. */
u8 *scriptpubkey_p2sh(const tal_t *ctx, const u8 *redeemscript)
{
struct sha256 h;
struct ripemd160 redeemhash;
u8 *script = tal_arr(ctx, u8, 0);
add_op(&script, OP_HASH160);
sha256(&h, redeemscript, tal_count(redeemscript));
ripemd160(&redeemhash, h.u.u8, sizeof(h));
add_push_bytes(&script, redeemhash.u.u8, sizeof(redeemhash.u.u8));
add_op(&script, OP_EQUAL);
return script;
}
int hdnode_public_ckd(HDNode *inout, uint32_t i)
{
uint8_t data[1 + 32 + 4];
uint8_t I[32 + 32];
uint8_t fingerprint[32];
curve_point a, b;
bignum256 c;
if (i & 0x80000000) { // private derivation
return 0;
} else { // public derivation
memcpy(data, inout->public_key, 33);
}
write_be(data + 33, i);
sha256_Raw(inout->public_key, 33, fingerprint);
ripemd160(fingerprint, 32, fingerprint);
inout->fingerprint = (fingerprint[0] << 24) + (fingerprint[1] << 16) + (fingerprint[2] << 8) + fingerprint[3];
memset(inout->private_key, 0, 32);
if (!ecdsa_read_pubkey(inout->public_key, &a)) {
return 0;
}
hmac_sha512(inout->chain_code, 32, data, sizeof(data), I);
memcpy(inout->chain_code, I + 32, 32);
bn_read_be(I, &c);
if (!bn_is_less(&c, &order256k1)) { // >= order
return 0;
}
scalar_multiply(&c, &b); // b = c * G
point_add(&a, &b); // b = a + b
#if USE_PUBKEY_VALIDATE
if (!ecdsa_validate_pubkey(&b)) {
return 0;
}
#endif
inout->public_key[0] = 0x02 | (b.y.val[0] & 0x01);
bn_write_be(&b.x, inout->public_key + 1);
inout->depth++;
inout->child_num = i;
return 1;
}
int hdnode_private_ckd(HDNode *inout, uint32_t i)
{
uint8_t data[1 + 32 + 4];
uint8_t I[32 + 32];
uint8_t fingerprint[32];
bignum256 a, b;
if (i & 0x80000000) { // private derivation
data[0] = 0;
memcpy(data + 1, inout->private_key, 32);
} else { // public derivation
memcpy(data, inout->public_key, 33);
}
write_be(data + 33, i);
sha256_Raw(inout->public_key, 33, fingerprint);
ripemd160(fingerprint, 32, fingerprint);
inout->fingerprint = (fingerprint[0] << 24) + (fingerprint[1] << 16) + (fingerprint[2] << 8) + fingerprint[3];
bn_read_be(inout->private_key, &a);
hmac_sha512(inout->chain_code, 32, data, sizeof(data), I);
memcpy(inout->chain_code, I + 32, 32);
memcpy(inout->private_key, I, 32);
bn_read_be(inout->private_key, &b);
if (!bn_is_less(&b, &order256k1)) { // >= order
return 0;
}
bn_addmod(&a, &b, &order256k1);
if (bn_is_zero(&a)) {
return 0;
}
inout->depth++;
inout->child_num = i;
bn_write_be(&a, inout->private_key);
hdnode_fill_public_key(inout);
return 1;
}
static bool do_test(const struct test *t, bool single)
{
struct ripemd160 h;
if (single) {
if (t->repetitions != 1)
return true;
ripemd160(&h, t->test, strlen(t->test));
} else {
struct ripemd160_ctx ctx = RIPEMD160_INIT;
size_t i;
for (i = 0; i < t->repetitions; i++)
ripemd160_update(&ctx, t->test, strlen(t->test));
ripemd160_done(&ctx, &h);
}
return memcmp(&h.u, t->result, sizeof(t->result)) == 0;
}
void CoinQKeychainSqlite3::insertMultiSigRedeemScript(const std::vector<uchar_vector>& pubKeys, int type, int status, const std::string& label, int minHeight, int maxHeight)
{
if (type < 1 || type > 2) {
throw CoinQ::Exception("Invalid type.", CoinQ::Exception::INVALID_PARAMETERS);
}
if (status < 1 || status > 2) {
throw CoinQ::Exception("Invalid status.", CoinQ::Exception::INVALID_PARAMETERS);
}
Coin::MultiSigRedeemScript multiSig;
for (auto& pubKey: pubKeys) {
multiSig.addPubKey(pubKey);
}
SQLite3Tx sqliteTx(db, SQLite3Tx::IMMEDIATE);
SQLite3Stmt stmt;
stmt.prepare(db, "INSERT INTO `redeemscripts` (`hash`, `type`, `status`, `minheight`, `maxheight`, `label`) VALUES (?,?,?,?,?,?)");
stmt.bindText(1, ripemd160(sha256(multiSig.getRedeemScript())).getHex());
stmt.bindInt (2, type);
stmt.bindInt (3, status);
stmt.bindInt (4, minHeight);
stmt.bindInt (5, maxHeight);
stmt.bindText(6, label);
stmt.step();
stmt.finalize();
std::stringstream sql;
sql << "INSERT INTO `multisigs` (`redeemscript_id`, `pubkey`, `index`) VALUES (" << db.lastInsertRowId() << ",?,?)";
stmt.prepare(db, sql.str());
int i = 0;
for (auto& pubKey: pubKeys) {
stmt.reset();
stmt.bindText(1, pubKey.getHex());
stmt.bindInt (2, i++);
stmt.step();
}
}
void CoinQKeychainSqlite3::generateNewKeys(int count, int type, bool bCompressed)
{
SQLite3Stmt stmt;
CoinKey key;
key.setCompressed(bCompressed);
stmt.prepare(db, "INSERT INTO `keys` (`hash`, `pubkey`, `privkey`, `type`, `status`, `minheight`, `maxheight`) VALUES (?,?,?,?,?,-1,-1)");
for (int i = 0; i < count; i++) {
key.generateNewKey();
uchar_vector pubkey = key.getPublicKey();
std::string pubkeyhash = ripemd160(sha256(pubkey)).getHex();
std::string pubkeyhex = pubkey.getHex();
uchar_vector privkey = key.getPrivateKey();
std::string privkeyhex = privkey.getHex();
stmt.reset();
stmt.bindText(1, pubkeyhash);
stmt.bindText(2, pubkeyhex);
stmt.bindText(3, privkeyhex);
stmt.bindInt (4, type);
stmt.bindInt (5, Status::POOL);
stmt.step();
}
}
bool DBBComServer::generateNewKey()
{
// generate new private key
btc_key key;
btc_privkey_init(&key);
btc_privkey_gen(&key);
assert(btc_privkey_is_valid(&key) == 1);
// derive pubkey
btc_pubkey pubkey;
btc_pubkey_init(&pubkey);
btc_pubkey_from_key(&key, &pubkey);
assert(btc_pubkey_is_valid(&pubkey) == 1);
// remove the current enc key
encryptionKey.clear();
// copy over the privatekey and clean libbtc privkey
std::copy(key.privkey,key.privkey+BTC_ECKEY_PKEY_LENGTH,std::back_inserter(encryptionKey));
btc_privkey_cleanse(&key);
// generate hash160(hash(pubkey))
// create base58c string with 0x91 as base58 identifier
size_t len = 67;
uint8_t hashout[32];
uint8_t hash160[21];
hash160[0] = CHANNEL_ID_BASE58_PREFIX;
btc_hash_sngl_sha256(pubkey.pubkey, BTC_ECKEY_COMPRESSED_LENGTH, hashout);
ripemd160(hashout, 32, hash160+1);
// make enought space for the base58c channel ID
channelID.resize(100);
int sizeOut = btc_base58_encode_check(hash160, 21, &channelID[0], channelID.size());
channelID.resize(sizeOut-1);
return true;
}
void ripemd160 (uint8_t* dest, const Slice src) { ripemd160(dest, src.begin, src.length()); }
int main( int argc, char *argv[] )
{
int keysize, i;
unsigned char tmp[200];
char title[TITLE_LEN];
todo_list todo;
if( argc == 1 )
memset( &todo, 1, sizeof( todo ) );
else
{
memset( &todo, 0, sizeof( todo ) );
for( i = 1; i < argc; i++ )
{
if( strcmp( argv[i], "md4" ) == 0 )
todo.md4 = 1;
else if( strcmp( argv[i], "md5" ) == 0 )
todo.md5 = 1;
else if( strcmp( argv[i], "ripemd160" ) == 0 )
todo.ripemd160 = 1;
else if( strcmp( argv[i], "sha1" ) == 0 )
todo.sha1 = 1;
else if( strcmp( argv[i], "sha256" ) == 0 )
todo.sha256 = 1;
else if( strcmp( argv[i], "sha512" ) == 0 )
todo.sha512 = 1;
else if( strcmp( argv[i], "arc4" ) == 0 )
todo.arc4 = 1;
else if( strcmp( argv[i], "des3" ) == 0 )
todo.des3 = 1;
else if( strcmp( argv[i], "des" ) == 0 )
todo.des = 1;
else if( strcmp( argv[i], "aes_cbc" ) == 0 )
todo.aes_cbc = 1;
else if( strcmp( argv[i], "aes_gcm" ) == 0 )
todo.aes_gcm = 1;
else if( strcmp( argv[i], "camellia" ) == 0 )
todo.camellia = 1;
else if( strcmp( argv[i], "blowfish" ) == 0 )
todo.blowfish = 1;
else if( strcmp( argv[i], "havege" ) == 0 )
todo.havege = 1;
else if( strcmp( argv[i], "ctr_drbg" ) == 0 )
todo.ctr_drbg = 1;
else if( strcmp( argv[i], "hmac_drbg" ) == 0 )
todo.hmac_drbg = 1;
else if( strcmp( argv[i], "rsa" ) == 0 )
todo.rsa = 1;
else if( strcmp( argv[i], "dhm" ) == 0 )
todo.dhm = 1;
else if( strcmp( argv[i], "ecdsa" ) == 0 )
todo.ecdsa = 1;
else if( strcmp( argv[i], "ecdh" ) == 0 )
todo.ecdh = 1;
else
{
printf( "Unrecognized option: %s\n", argv[i] );
printf( "Available options:" OPTIONS );
}
}
}
printf( "\n" );
memset( buf, 0xAA, sizeof( buf ) );
#if defined(POLARSSL_MD4_C)
if( todo.md4 )
TIME_AND_TSC( "MD4", md4( buf, BUFSIZE, tmp ) );
#endif
#if defined(POLARSSL_MD5_C)
if( todo.md5 )
TIME_AND_TSC( "MD5", md5( buf, BUFSIZE, tmp ) );
#endif
#if defined(POLARSSL_RIPEMD160_C)
if( todo.ripemd160 )
TIME_AND_TSC( "RIPEMD160", ripemd160( buf, BUFSIZE, tmp ) );
#endif
#if defined(POLARSSL_SHA1_C)
if( todo.sha1 )
TIME_AND_TSC( "SHA-1", sha1( buf, BUFSIZE, tmp ) );
#endif
#if defined(POLARSSL_SHA256_C)
if( todo.sha256 )
TIME_AND_TSC( "SHA-256", sha256( buf, BUFSIZE, tmp, 0 ) );
#endif
#if defined(POLARSSL_SHA512_C)
if( todo.sha512 )
TIME_AND_TSC( "SHA-512", sha512( buf, BUFSIZE, tmp, 0 ) );
#endif
#if defined(POLARSSL_ARC4_C)
if( todo.arc4 )
{
arc4_context arc4;
arc4_setup( &arc4, tmp, 32 );
TIME_AND_TSC( "ARC4", arc4_crypt( &arc4, BUFSIZE, buf, buf ) );
}
#endif
#if defined(POLARSSL_DES_C) && defined(POLARSSL_CIPHER_MODE_CBC)
if( todo.des3 )
{
des3_context des3;
des3_set3key_enc( &des3, tmp );
TIME_AND_TSC( "3DES",
des3_crypt_cbc( &des3, DES_ENCRYPT, BUFSIZE, tmp, buf, buf ) );
}
if( todo.des )
{
des_context des;
des_setkey_enc( &des, tmp );
TIME_AND_TSC( "DES",
des_crypt_cbc( &des, DES_ENCRYPT, BUFSIZE, tmp, buf, buf ) );
}
#endif
#if defined(POLARSSL_AES_C)
#if defined(POLARSSL_CIPHER_MODE_CBC)
if( todo.aes_cbc )
{
aes_context aes;
for( keysize = 128; keysize <= 256; keysize += 64 )
{
snprintf( title, sizeof( title ), "AES-CBC-%d", keysize );
memset( buf, 0, sizeof( buf ) );
memset( tmp, 0, sizeof( tmp ) );
aes_setkey_enc( &aes, tmp, keysize );
TIME_AND_TSC( title,
aes_crypt_cbc( &aes, AES_ENCRYPT, BUFSIZE, tmp, buf, buf ) );
}
}
#endif
#if defined(POLARSSL_GCM_C)
if( todo.aes_gcm )
{
gcm_context gcm;
for( keysize = 128; keysize <= 256; keysize += 64 )
{
snprintf( title, sizeof( title ), "AES-GCM-%d", keysize );
memset( buf, 0, sizeof( buf ) );
memset( tmp, 0, sizeof( tmp ) );
gcm_init( &gcm, POLARSSL_CIPHER_ID_AES, tmp, keysize );
TIME_AND_TSC( title,
gcm_crypt_and_tag( &gcm, GCM_ENCRYPT, BUFSIZE, tmp,
12, NULL, 0, buf, buf, 16, tmp ) );
gcm_free( &gcm );
}
}
#endif
#endif
#if defined(POLARSSL_CAMELLIA_C) && defined(POLARSSL_CIPHER_MODE_CBC)
if( todo.camellia )
{
camellia_context camellia;
for( keysize = 128; keysize <= 256; keysize += 64 )
{
snprintf( title, sizeof( title ), "CAMELLIA-CBC-%d", keysize );
memset( buf, 0, sizeof( buf ) );
memset( tmp, 0, sizeof( tmp ) );
camellia_setkey_enc( &camellia, tmp, keysize );
TIME_AND_TSC( title,
camellia_crypt_cbc( &camellia, CAMELLIA_ENCRYPT,
BUFSIZE, tmp, buf, buf ) );
}
}
#endif
#if defined(POLARSSL_BLOWFISH_C) && defined(POLARSSL_CIPHER_MODE_CBC)
if( todo.blowfish )
{
blowfish_context blowfish;
for( keysize = 128; keysize <= 256; keysize += 64 )
{
snprintf( title, sizeof( title ), "BLOWFISH-CBC-%d", keysize );
memset( buf, 0, sizeof( buf ) );
memset( tmp, 0, sizeof( tmp ) );
blowfish_setkey( &blowfish, tmp, keysize );
TIME_AND_TSC( title,
blowfish_crypt_cbc( &blowfish, BLOWFISH_ENCRYPT, BUFSIZE,
tmp, buf, buf ) );
}
}
#endif
#if defined(POLARSSL_HAVEGE_C)
if( todo.havege )
{
havege_state hs;
havege_init( &hs );
TIME_AND_TSC( "HAVEGE", havege_random( &hs, buf, BUFSIZE ) );
}
#endif
#if defined(POLARSSL_CTR_DRBG_C)
if( todo.ctr_drbg )
{
ctr_drbg_context ctr_drbg;
if( ctr_drbg_init( &ctr_drbg, myrand, NULL, NULL, 0 ) != 0 )
exit(1);
TIME_AND_TSC( "CTR_DRBG (NOPR)",
if( ctr_drbg_random( &ctr_drbg, buf, BUFSIZE ) != 0 )
exit(1) );
if( ctr_drbg_init( &ctr_drbg, myrand, NULL, NULL, 0 ) != 0 )
exit(1);
ctr_drbg_set_prediction_resistance( &ctr_drbg, CTR_DRBG_PR_ON );
TIME_AND_TSC( "CTR_DRBG (PR)",
if( ctr_drbg_random( &ctr_drbg, buf, BUFSIZE ) != 0 )
exit(1) );
}
static bool bp_script_eval(parr *stack, const cstring *script,
const struct bp_tx *txTo, unsigned int nIn,
unsigned int flags, int nHashType)
{
struct const_buffer pc = { script->str, script->len };
struct const_buffer pend = { script->str + script->len, 0 };
struct const_buffer pbegincodehash = { script->str, script->len };
struct bscript_op op;
bool rc = false;
cstring *vfExec = cstr_new(NULL);
parr *altstack = parr_new(0, buffer_freep);
mpz_t bn, bn_Zero, bn_One;
mpz_init(bn);
mpz_init_set_ui(bn_Zero, 0);
mpz_init_set_ui(bn_One,1);
if (script->len > MAX_SCRIPT_SIZE)
goto out;
unsigned int nOpCount = 0;
bool fRequireMinimal = (flags & SCRIPT_VERIFY_MINIMALDATA) != 0;
struct bscript_parser bp;
bsp_start(&bp, &pc);
while (pc.p < pend.p) {
bool fExec = !count_false(vfExec);
if (!bsp_getop(&op, &bp))
goto out;
enum opcodetype opcode = op.op;
if (op.data.len > MAX_SCRIPT_ELEMENT_SIZE)
goto out;
if (opcode > OP_16 && ++nOpCount > MAX_OPS_PER_SCRIPT)
goto out;
if (disabled_op[opcode])
goto out;
if (fExec && 0 <= opcode && opcode <= OP_PUSHDATA4) {
if (fRequireMinimal && !CheckMinimalPush(&op.data, opcode))
goto out;
stack_push(stack, (struct buffer *) &op.data);
} else if (fExec || (OP_IF <= opcode && opcode <= OP_ENDIF))
switch (opcode) {
//
// Push value
//
case OP_1NEGATE:
case OP_1:
case OP_2:
case OP_3:
case OP_4:
case OP_5:
case OP_6:
case OP_7:
case OP_8:
case OP_9:
case OP_10:
case OP_11:
case OP_12:
case OP_13:
case OP_14:
case OP_15:
case OP_16:
mpz_set_si(bn, (int)opcode - (int)(OP_1 - 1));
stack_push_str(stack, bn_getvch(bn));
break;
//
// Control
//
case OP_NOP:
break;
case OP_CHECKLOCKTIMEVERIFY: {
if (!(flags & SCRIPT_VERIFY_CHECKLOCKTIMEVERIFY)) {
// not enabled; treat as a NOP2
if (flags & SCRIPT_VERIFY_DISCOURAGE_UPGRADABLE_NOPS)
goto out;
break;
}
if (stack->len < 1)
goto out;
// Note that elsewhere numeric opcodes are limited to
// operands in the range -2**31+1 to 2**31-1, however it is
// legal for opcodes to produce results exceeding that
// range. This limitation is implemented by CastToBigNum's
// default 4-byte limit.
//
// If we kept to that limit we'd have a year 2038 problem,
// even though the nLockTime field in transactions
// themselves is uint32 which only becomes meaningless
// after the year 2106.
//
// Thus as a special case we tell CastToBigNum to accept up
// to 5-byte bignums, which are good until 2**39-1, well
// beyond the 2**32-1 limit of the nLockTime field itself.
if (!CastToBigNum(bn, stacktop(stack, -1), fRequireMinimal, 5))
goto out;
// In the rare event that the argument may be < 0 due to
// some arithmetic being done first, you can always use
// 0 MAX CHECKLOCKTIMEVERIFY.
if (mpz_sgn(bn) < 0)
goto out;
uint64_t nLockTime = mpz_get_ui(bn);
// Actually compare the specified lock time with the transaction.
if (!CheckLockTime(nLockTime, txTo, nIn))
goto out;
break;
}
case OP_CHECKSEQUENCEVERIFY:
{
if (!(flags & SCRIPT_VERIFY_CHECKSEQUENCEVERIFY)) {
// not enabled; treat as a NOP3
if (flags & SCRIPT_VERIFY_DISCOURAGE_UPGRADABLE_NOPS)
goto out;
break;
}
if (stack->len < 1)
goto out;
// nSequence, like nLockTime, is a 32-bit unsigned integer
// field. See the comment in CHECKLOCKTIMEVERIFY regarding
// 5-byte numeric operands.
if (!CastToBigNum(bn, stacktop(stack, -1), fRequireMinimal, 5))
goto out;
// In the rare event that the argument may be < 0 due to
// some arithmetic being done first, you can always use
// 0 MAX CHECKSEQUENCEVERIFY.
if (mpz_sgn(bn) < 0)
goto out;
uint32_t nSequence = mpz_get_ui(bn);
// To provide for future soft-fork extensibility, if the
// operand has the disabled lock-time flag set,
// CHECKSEQUENCEVERIFY behaves as a NOP.
if ((nSequence & SEQUENCE_LOCKTIME_DISABLE_FLAG) != 0)
break;
// Compare the specified sequence number with the input.
if (!CheckSequence(nSequence, txTo, nIn))
goto out;
break;
}
case OP_NOP1: case OP_NOP4: case OP_NOP5:
case OP_NOP6: case OP_NOP7: case OP_NOP8: case OP_NOP9: case OP_NOP10:
if (flags & SCRIPT_VERIFY_DISCOURAGE_UPGRADABLE_NOPS)
goto out;
break;
case OP_IF:
case OP_NOTIF: {
// <expression> if [statements] [else [statements]] endif
bool fValue = false;
if (fExec) {
if (stack->len < 1)
goto out;
struct buffer *vch = stacktop(stack, -1);
fValue = CastToBool(vch);
if (opcode == OP_NOTIF)
fValue = !fValue;
popstack(stack);
}
uint8_t vc = (uint8_t) fValue;
cstr_append_c(vfExec, vc);
break;
}
case OP_ELSE: {
if (vfExec->len == 0)
goto out;
uint8_t *v = (uint8_t *) &vfExec->str[vfExec->len - 1];
*v = !(*v);
break;
}
case OP_ENDIF:
if (vfExec->len == 0)
goto out;
cstr_erase(vfExec, vfExec->len - 1, 1);
break;
case OP_VERIFY: {
if (stack->len < 1)
goto out;
bool fValue = CastToBool(stacktop(stack, -1));
if (fValue)
popstack(stack);
else
goto out;
break;
}
case OP_RETURN:
goto out;
//
// Stack ops
//
case OP_TOALTSTACK:
if (stack->len < 1)
goto out;
stack_push(altstack, stacktop(stack, -1));
popstack(stack);
break;
case OP_FROMALTSTACK:
if (altstack->len < 1)
goto out;
stack_push(stack, stacktop(altstack, -1));
popstack(altstack);
break;
case OP_2DROP:
// (x1 x2 -- )
if (stack->len < 2)
goto out;
popstack(stack);
popstack(stack);
break;
case OP_2DUP: {
// (x1 x2 -- x1 x2 x1 x2)
if (stack->len < 2)
goto out;
struct buffer *vch1 = stacktop(stack, -2);
struct buffer *vch2 = stacktop(stack, -1);
stack_push(stack, vch1);
stack_push(stack, vch2);
break;
}
case OP_3DUP: {
// (x1 x2 x3 -- x1 x2 x3 x1 x2 x3)
if (stack->len < 3)
goto out;
struct buffer *vch1 = stacktop(stack, -3);
struct buffer *vch2 = stacktop(stack, -2);
struct buffer *vch3 = stacktop(stack, -1);
stack_push(stack, vch1);
stack_push(stack, vch2);
stack_push(stack, vch3);
break;
}
case OP_2OVER: {
// (x1 x2 x3 x4 -- x1 x2 x3 x4 x1 x2)
if (stack->len < 4)
goto out;
struct buffer *vch1 = stacktop(stack, -4);
struct buffer *vch2 = stacktop(stack, -3);
stack_push(stack, vch1);
stack_push(stack, vch2);
break;
}
case OP_2ROT: {
// (x1 x2 x3 x4 x5 x6 -- x3 x4 x5 x6 x1 x2)
if (stack->len < 6)
goto out;
struct buffer *vch1 = stack_take(stack, -6);
struct buffer *vch2 = stack_take(stack, -5);
parr_remove_range(stack, stack->len - 6, 2);
stack_push_nocopy(stack, vch1);
stack_push_nocopy(stack, vch2);
break;
}
case OP_2SWAP:
// (x1 x2 x3 x4 -- x3 x4 x1 x2)
if (stack->len < 4)
goto out;
stack_swap(stack, -4, -2);
stack_swap(stack, -3, -1);
break;
case OP_IFDUP: {
// (x - 0 | x x)
if (stack->len < 1)
goto out;
struct buffer *vch = stacktop(stack, -1);
if (CastToBool(vch))
stack_push(stack, vch);
break;
}
case OP_DEPTH:
// -- stacksize
mpz_set_ui(bn, stack->len);
stack_push_str(stack, bn_getvch(bn));
break;
case OP_DROP:
// (x -- )
if (stack->len < 1)
goto out;
popstack(stack);
break;
case OP_DUP: {
// (x -- x x)
if (stack->len < 1)
goto out;
struct buffer *vch = stacktop(stack, -1);
stack_push(stack, vch);
break;
}
case OP_NIP:
// (x1 x2 -- x2)
if (stack->len < 2)
goto out;
parr_remove_idx(stack, stack->len - 2);
break;
case OP_OVER: {
// (x1 x2 -- x1 x2 x1)
if (stack->len < 2)
goto out;
struct buffer *vch = stacktop(stack, -2);
stack_push(stack, vch);
break;
}
case OP_PICK:
case OP_ROLL: {
// (xn ... x2 x1 x0 n - xn ... x2 x1 x0 xn)
// (xn ... x2 x1 x0 n - ... x2 x1 x0 xn)
if (stack->len < 2)
goto out;
int n = stackint(stack, -1, fRequireMinimal);
popstack(stack);
if (n < 0 || n >= (int)stack->len)
goto out;
struct buffer *vch = stacktop(stack, -n-1);
if (opcode == OP_ROLL) {
vch = buffer_copy(vch->p, vch->len);
parr_remove_idx(stack,
stack->len - n - 1);
stack_push_nocopy(stack, vch);
} else
stack_push(stack, vch);
break;
}
case OP_ROT: {
// (x1 x2 x3 -- x2 x3 x1)
// x2 x1 x3 after first swap
// x2 x3 x1 after second swap
if (stack->len < 3)
goto out;
stack_swap(stack, -3, -2);
stack_swap(stack, -2, -1);
break;
}
case OP_SWAP: {
// (x1 x2 -- x2 x1)
if (stack->len < 2)
goto out;
stack_swap(stack, -2, -1);
break;
}
case OP_TUCK: {
// (x1 x2 -- x2 x1 x2)
if (stack->len < 2)
goto out;
struct buffer *vch = stacktop(stack, -1);
stack_insert(stack, vch, -2);
break;
}
case OP_SIZE: {
// (in -- in size)
if (stack->len < 1)
goto out;
struct buffer *vch = stacktop(stack, -1);
mpz_set_ui(bn, vch->len);
stack_push_str(stack, bn_getvch(bn));
break;
}
case OP_EQUAL:
case OP_EQUALVERIFY: {
// (x1 x2 - bool)
if (stack->len < 2)
goto out;
struct buffer *vch1 = stacktop(stack, -2);
struct buffer *vch2 = stacktop(stack, -1);
bool fEqual = buffer_equal(vch1, vch2);
// OP_NOTEQUAL is disabled because it would be too easy to say
// something like n != 1 and have some wiseguy pass in 1 with extra
// zero bytes after it (numerically, 0x01 == 0x0001 == 0x000001)
//if (opcode == OP_NOTEQUAL)
// fEqual = !fEqual;
popstack(stack);
popstack(stack);
stack_push_str(stack, fEqual ? bn_getvch(bn_One) : bn_getvch(bn_Zero));
if (opcode == OP_EQUALVERIFY) {
if (fEqual)
popstack(stack);
else
goto out;
}
break;
}
//
// Numeric
//
case OP_1ADD:
case OP_1SUB:
case OP_NEGATE:
case OP_ABS:
case OP_NOT:
case OP_0NOTEQUAL: {
// (in -- out)
if (stack->len < 1)
goto out;
if (!CastToBigNum(bn, stacktop(stack, -1), fRequireMinimal, nDefaultMaxNumSize))
goto out;
switch (opcode)
{
case OP_1ADD:
mpz_add_ui(bn, bn, 1);
break;
case OP_1SUB:
mpz_sub_ui(bn, bn, 1);
break;
case OP_NEGATE:
mpz_neg(bn, bn);
break;
case OP_ABS:
mpz_abs(bn, bn);
break;
case OP_NOT:
mpz_set_ui(bn, mpz_sgn(bn) == 0 ? 1 : 0);
break;
case OP_0NOTEQUAL:
mpz_set_ui(bn, mpz_sgn(bn) == 0 ? 0 : 1);
break;
default:
// impossible
goto out;
}
popstack(stack);
stack_push_str(stack, bn_getvch(bn));
break;
}
case OP_ADD:
case OP_SUB:
case OP_BOOLAND:
case OP_BOOLOR:
case OP_NUMEQUAL:
case OP_NUMEQUALVERIFY:
case OP_NUMNOTEQUAL:
case OP_LESSTHAN:
case OP_GREATERTHAN:
case OP_LESSTHANOREQUAL:
case OP_GREATERTHANOREQUAL:
case OP_MIN:
case OP_MAX: {
// (x1 x2 -- out)
if (stack->len < 2)
goto out;
mpz_t bn1, bn2;
mpz_init(bn1);
mpz_init(bn2);
if (!CastToBigNum(bn1, stacktop(stack, -2), fRequireMinimal, nDefaultMaxNumSize) ||
!CastToBigNum(bn2, stacktop(stack, -1), fRequireMinimal, nDefaultMaxNumSize)) {
mpz_clear(bn1);
mpz_clear(bn2);
goto out;
}
switch (opcode)
{
case OP_ADD:
mpz_add(bn, bn1, bn2);
break;
case OP_SUB:
mpz_sub(bn, bn1, bn2);
break;
case OP_BOOLAND:
mpz_set_ui(bn,
!(mpz_sgn(bn1) == 0) && !(mpz_sgn(bn2) == 0) ?
1 : 0);
break;
case OP_BOOLOR:
mpz_set_ui(bn,
!(mpz_sgn(bn1) == 0) || !(mpz_sgn(bn2) == 0) ?
1 : 0);
break;
case OP_NUMEQUAL:
case OP_NUMEQUALVERIFY:
mpz_set_ui(bn,
mpz_cmp(bn1, bn2) == 0 ? 1 : 0);
break;
case OP_NUMNOTEQUAL:
mpz_set_ui(bn,
mpz_cmp(bn1, bn2) != 0 ? 1 : 0);
break;
case OP_LESSTHAN:
mpz_set_ui(bn,
mpz_cmp(bn1, bn2) < 0 ? 1 : 0);
break;
case OP_GREATERTHAN:
mpz_set_ui(bn,
mpz_cmp(bn1, bn2) > 0 ? 1 : 0);
break;
case OP_LESSTHANOREQUAL:
mpz_set_ui(bn,
mpz_cmp(bn1, bn2) <= 0 ? 1 : 0);
break;
case OP_GREATERTHANOREQUAL:
mpz_set_ui(bn,
mpz_cmp(bn1, bn2) >= 0 ? 1 : 0);
break;
case OP_MIN:
if (mpz_cmp(bn1, bn2) < 0)
mpz_set(bn, bn1);
else
mpz_set(bn, bn2);
break;
case OP_MAX:
if (mpz_cmp(bn1, bn2) > 0)
mpz_set(bn, bn1);
else
mpz_set(bn, bn2);
break;
default:
// impossible
break;
}
popstack(stack);
popstack(stack);
stack_push_str(stack, bn_getvch(bn));
mpz_clear(bn1);
mpz_clear(bn2);
if (opcode == OP_NUMEQUALVERIFY)
{
if (CastToBool(stacktop(stack, -1)))
popstack(stack);
else
goto out;
}
break;
}
case OP_WITHIN: {
// (x min max -- out)
if (stack->len < 3)
goto out;
mpz_t bn1, bn2, bn3;
mpz_init(bn1);
mpz_init(bn2);
mpz_init(bn3);
bool rc1 = CastToBigNum(bn1, stacktop(stack, -3), fRequireMinimal, nDefaultMaxNumSize);
bool rc2 = CastToBigNum(bn2, stacktop(stack, -2), fRequireMinimal, nDefaultMaxNumSize);
bool rc3 = CastToBigNum(bn3, stacktop(stack, -1), fRequireMinimal, nDefaultMaxNumSize);
bool fValue = (mpz_cmp(bn2, bn1) <= 0 &&
mpz_cmp(bn1, bn3) < 0);
popstack(stack);
popstack(stack);
popstack(stack);
stack_push_str(stack, fValue ? bn_getvch(bn_One) : bn_getvch(bn_Zero));
mpz_clear(bn1);
mpz_clear(bn2);
mpz_clear(bn3);
if (!rc1 || !rc2 || !rc3)
goto out;
break;
}
//
// Crypto
//
case OP_RIPEMD160:
case OP_SHA1:
case OP_SHA256:
case OP_HASH160:
case OP_HASH256: {
// (in -- hash)
if (stack->len < 1)
goto out;
struct buffer *vch = stacktop(stack, -1);
unsigned int hashlen;
unsigned char md[32];
switch (opcode) {
case OP_RIPEMD160:
hashlen = 20;
ripemd160(vch->p, vch->len, md);
break;
case OP_SHA1:
hashlen = 20;
sha1_Raw(vch->p, vch->len, md);
break;
case OP_SHA256:
hashlen = 32;
sha256_Raw(vch->p, vch->len, md);
break;
case OP_HASH160:
hashlen = 20;
bu_Hash160(md, vch->p, vch->len);
break;
case OP_HASH256:
hashlen = 32;
bu_Hash(md, vch->p, vch->len);
break;
default:
// impossible
goto out;
}
popstack(stack);
struct buffer buf = { md, hashlen };
stack_push(stack, &buf);
break;
}
case OP_CODESEPARATOR:
// Hash starts after the code separator
memcpy(&pbegincodehash, &pc, sizeof(pc));
break;
case OP_CHECKSIG:
case OP_CHECKSIGVERIFY: {
// (sig pubkey -- bool)
if (stack->len < 2)
goto out;
struct buffer *vchSig = stacktop(stack, -2);
struct buffer *vchPubKey = stacktop(stack, -1);
// Subset of script starting at the most recent codeseparator
cstring *scriptCode = cstr_new_buf(pbegincodehash.p,
pbegincodehash.len);
// Drop the signature, since there's no way for
// a signature to sign itself
string_find_del(scriptCode, vchSig);
if (!CheckSignatureEncoding(vchSig, flags) || !CheckPubKeyEncoding(vchPubKey, flags)) {
cstr_free(scriptCode, true);
goto out;
}
bool fSuccess = bp_checksig(vchSig, vchPubKey,
scriptCode,
txTo, nIn);
cstr_free(scriptCode, true);
popstack(stack);
popstack(stack);
stack_push_str(stack, fSuccess ? bn_getvch(bn_One) : bn_getvch(bn_Zero));
if (opcode == OP_CHECKSIGVERIFY)
{
if (fSuccess)
popstack(stack);
else
goto out;
}
break;
}
case OP_CHECKMULTISIG:
case OP_CHECKMULTISIGVERIFY: {
// ([sig ...] num_of_signatures [pubkey ...] num_of_pubkeys -- bool)
int i = 1;
if ((int)stack->len < i)
goto out;
int nKeysCount = stackint(stack, -i, fRequireMinimal);
if (nKeysCount < 0 || nKeysCount > MAX_PUBKEYS_PER_MULTISIG)
goto out;
nOpCount += nKeysCount;
if (nOpCount > MAX_OPS_PER_SCRIPT)
goto out;
int ikey = ++i;
i += nKeysCount;
if ((int)stack->len < i)
goto out;
int nSigsCount = stackint(stack, -i, fRequireMinimal);
if (nSigsCount < 0 || nSigsCount > nKeysCount)
goto out;
int isig = ++i;
i += nSigsCount;
if ((int)stack->len < i)
goto out;
// Subset of script starting at the most recent codeseparator
cstring *scriptCode = cstr_new_buf(pbegincodehash.p,
pbegincodehash.len);
// Drop the signatures, since there's no way for
// a signature to sign itself
int k;
for (k = 0; k < nSigsCount; k++)
{
struct buffer *vchSig =stacktop(stack, -isig-k);
string_find_del(scriptCode, vchSig);
}
bool fSuccess = true;
while (fSuccess && nSigsCount > 0)
{
struct buffer *vchSig = stacktop(stack, -isig);
struct buffer *vchPubKey = stacktop(stack, -ikey);
// Note how this makes the exact order of pubkey/signature evaluation
// distinguishable by CHECKMULTISIG NOT if the STRICTENC flag is set.
// See the script_(in)valid tests for details.
if (!CheckSignatureEncoding(vchSig, flags) || !CheckPubKeyEncoding(vchPubKey, flags)) {
cstr_free(scriptCode, true);
goto out;
}
// Check signature
bool fOk = bp_checksig(vchSig, vchPubKey,
scriptCode, txTo, nIn);
if (fOk) {
isig++;
nSigsCount--;
}
ikey++;
nKeysCount--;
// If there are more signatures left than keys left,
// then too many signatures have failed
if (nSigsCount > nKeysCount)
fSuccess = false;
}
cstr_free(scriptCode, true);
// Clean up stack of actual arguments
while (i-- > 1)
popstack(stack);
// A bug causes CHECKMULTISIG to consume one extra argument
// whose contents were not checked in any way.
//
// Unfortunately this is a potential source of mutability,
// so optionally verify it is exactly equal to zero prior
// to removing it from the stack.
if ((int)stack->len < 1)
goto out;
if ((flags & SCRIPT_VERIFY_NULLDUMMY) && stacktop(stack, -1)->len)
goto out;
popstack(stack);
stack_push_str(stack, fSuccess ? bn_getvch(bn_One) : bn_getvch(bn_Zero));
if (opcode == OP_CHECKMULTISIGVERIFY)
{
if (fSuccess)
popstack(stack);
else
goto out;
}
break;
}
default:
goto out;
}
// Size limits
if (stack->len + altstack->len > 1000)
goto out;
}
rc = (vfExec->len == 0 && bp.error == false);
out:
mpz_clears(bn, bn_Zero, bn_One, NULL);
parr_free(altstack, true);
cstr_free(vfExec, true);
return rc;
}
uchar_vector CoinQKeychainSqlite3::getNextPoolRedeemScriptHash(int type) const
{
return ripemd160(sha256(getNextPoolRedeemScript(type)));
}
uchar_vector CoinQKeychainSqlite3::getNextPoolPublicKeyHash(int type) const
{
return ripemd160(sha256(getNextPoolPublicKey(type)));
}
void fsm_msgGetAddress(GetAddress *msg)
{
RESP_INIT(Address);
if (!storage_is_initialized())
{
fsm_sendFailure(FailureType_Failure_NotInitialized, "Device not initialized");
return;
}
if(!pin_protect_cached())
{
go_home();
return;
}
const CoinType *coin = fsm_getCoin(msg->coin_name);
if(!coin) { return; }
const HDNode *node = fsm_getDerivedNode(msg->address_n, msg->address_n_count);
if(!node) { return; }
if(msg->has_multisig)
{
if(cryptoMultisigPubkeyIndex(&(msg->multisig), node->public_key) < 0)
{
fsm_sendFailure(FailureType_Failure_Other,
"Pubkey not found in multisig script");
go_home();
return;
}
uint8_t buf[32];
if(compile_script_multisig_hash(&(msg->multisig), buf) == 0)
{
fsm_sendFailure(FailureType_Failure_Other, "Invalid multisig script");
go_home();
return;
}
ripemd160(buf, 32, buf + 1);
buf[0] = coin->address_type_p2sh; // multisig cointype
base58_encode_check(buf, 21, resp->address, sizeof(resp->address));
}
else
{
ecdsa_get_address(node->public_key, coin->address_type, resp->address,
sizeof(resp->address));
}
if(msg->has_show_display && msg->show_display)
{
char desc[MEDIUM_STR_BUF] = "";
if(msg->has_multisig)
{
const uint32_t m = msg->multisig.m;
const uint32_t n = msg->multisig.pubkeys_count;
/* snprintf: 22 + 10 (%lu) + 10 (%lu) + 1 (NULL) = 43 */
snprintf(desc, MEDIUM_STR_BUF, "(Multi-Signature %lu of %lu)", (unsigned long)m,
(unsigned long)n);
}
if(!confirm_address(desc, resp->address))
{
fsm_sendFailure(FailureType_Failure_ActionCancelled, "Show address cancelled");
go_home();
return;
}
}
msg_write(MessageType_MessageType_Address, resp);
go_home();
}
