class Bitcoin::TxChecker

Attributes

amount[R]
error_code[RW]
input_index[R]
prevouts[R]
tx[R]

Public Class Methods

new(tx: nil, amount: 0, input_index: nil, prevouts: []) click to toggle source
# File lib/bitcoin/script/tx_checker.rb, line 10
def initialize(tx: nil, amount: 0, input_index: nil, prevouts: [])
  @tx = tx
  @input_index = input_index
  @prevouts = prevouts
  @amount = input_index && prevouts[input_index] ? prevouts[input_index].value : amount
end

Public Instance Methods

check_locktime(locktime) click to toggle source
# File lib/bitcoin/script/tx_checker.rb, line 68
def check_locktime(locktime)
  # There are two kinds of nLockTime: lock-by-blockheight and lock-by-blocktime,
  # distinguished by whether nLockTime < LOCKTIME_THRESHOLD.

  # We want to compare apples to apples, so fail the script unless the type of nLockTime being tested is the same as the nLockTime in the transaction.
  unless ((tx.lock_time < LOCKTIME_THRESHOLD && locktime < LOCKTIME_THRESHOLD) ||
      (tx.lock_time >= LOCKTIME_THRESHOLD && locktime >= LOCKTIME_THRESHOLD))
    return false
  end

  # Now that we know we're comparing apples-to-apples, the comparison is a simple numeric one.
  return false if locktime > tx.lock_time

  # Finally the nLockTime feature can be disabled and thus CHECKLOCKTIMEVERIFY bypassed if every txin has been finalized by setting nSequence to maxint.
  # The transaction would be allowed into the blockchain, making the opcode ineffective.
  # Testing if this vin is not final is sufficient to prevent this condition.
  # Alternatively we could test all inputs, but testing just this input minimizes the data required to prove correct CHECKLOCKTIMEVERIFY execution.
  return false if TxIn::SEQUENCE_FINAL == tx.inputs[input_index].sequence

  true
end
check_schnorr_sig(sig, pubkey, sig_version, opts = {}) click to toggle source

check schnorr signature. @param [String] sig schnorr signature with hex format. @param [String] pubkey a public key with hex fromat. @param [Symbol] sig_version whether :taproot or :tapscript @return [Boolean] verification result

# File lib/bitcoin/script/tx_checker.rb, line 43
def check_schnorr_sig(sig, pubkey, sig_version, opts = {})
  return false unless [:taproot, :tapscript].include?(sig_version)
  return false if prevouts.size < input_index

  sig = sig.htb
  return set_error(SCRIPT_ERR_SCHNORR_SIG_SIZE) unless [64, 65].include?(sig.bytesize)

  hash_type = SIGHASH_TYPE[:default]
  if sig.bytesize == 65
    hash_type = sig[-1].unpack1('C')
    sig = sig[0..-2]
    return set_error(SCRIPT_ERR_SCHNORR_SIG_HASHTYPE) if hash_type == SIGHASH_TYPE[:default] # hash type can not specify 0x00.
  end

  return set_error(SCRIPT_ERR_SCHNORR_SIG_HASHTYPE) unless (hash_type <= 0x03 || (hash_type >= 0x81 && hash_type <= 0x83))

  begin
    sighash = tx.sighash_for_input(input_index, opts: opts, hash_type: hash_type, sig_version: sig_version, prevouts: prevouts)
    key = Key.from_xonly_pubkey(pubkey)
    key.verify(sig, sighash, algo: :schnorr)
  rescue ArgumentError
    return set_error(SCRIPT_ERR_SCHNORR_SIG_HASHTYPE)
  end
end
check_sequence(sequence) click to toggle source
# File lib/bitcoin/script/tx_checker.rb, line 90
def check_sequence(sequence)
  tx_sequence = tx.inputs[input_index].sequence
  # Fail if the transaction's version number is not set high enough to trigger BIP 68 rules.
  return false if tx.version < 2

  # Sequence numbers with their most significant bit set are not consensus constrained.
  # Testing that the transaction's sequence number do not have this bit set prevents using this property to get around a CHECKSEQUENCEVERIFY check.
  return false unless tx_sequence & TxIn::SEQUENCE_LOCKTIME_DISABLE_FLAG == 0

  # Mask off any bits that do not have consensus-enforced meaning before doing the integer comparisons
  locktime_mask = TxIn::SEQUENCE_LOCKTIME_TYPE_FLAG | TxIn::SEQUENCE_LOCKTIME_MASK
  tx_sequence_masked = tx_sequence & locktime_mask
  sequence_masked = sequence & locktime_mask

  # There are two kinds of nSequence: lock-by-blockheight and lock-by-blocktime,
  # distinguished by whether sequence_masked < TxIn#SEQUENCE_LOCKTIME_TYPE_FLAG.
  # We want to compare apples to apples, so fail the script
  # unless the type of nSequenceMasked being tested is the same as the nSequenceMasked in the transaction.
  unless ((tx_sequence_masked < TxIn::SEQUENCE_LOCKTIME_TYPE_FLAG && sequence_masked < TxIn::SEQUENCE_LOCKTIME_TYPE_FLAG) ||
      (tx_sequence_masked >= TxIn::SEQUENCE_LOCKTIME_TYPE_FLAG && sequence_masked >= TxIn::SEQUENCE_LOCKTIME_TYPE_FLAG))
    return false
  end

  # Now that we know we're comparing apples-to-apples, the comparison is a simple numeric one.
  sequence_masked <= tx_sequence_masked
end
check_sig(sig, pubkey, script_code, sig_version, allow_hybrid: false) click to toggle source

check ecdsa signature @param [String] sig signature with hex format @param [String] pubkey with hex format. @param [Bitcoin::Script] script_code @param [Integer] sig_version @return [Boolean] verification result

# File lib/bitcoin/script/tx_checker.rb, line 23
def check_sig(sig, pubkey, script_code, sig_version, allow_hybrid: false)
  return false if sig.empty?
  sig = sig.htb
  hash_type = sig[-1].unpack1('C')
  sig = sig[0..-2]
  sighash = tx.sighash_for_input(input_index, script_code, opts: {amount: amount}, hash_type: hash_type, sig_version: sig_version)
  key_type = pubkey.start_with?('02') || pubkey.start_with?('03') ? Key::TYPES[:compressed] : Key::TYPES[:uncompressed]
  begin
    key = Key.new(pubkey: pubkey, key_type: key_type, allow_hybrid: allow_hybrid)
    key.verify(sig, sighash)
  rescue Exception
    false
  end
end
has_error?() click to toggle source
# File lib/bitcoin/script/tx_checker.rb, line 117
def has_error?
  !@error_code.nil?
end

Private Instance Methods

set_error(code) click to toggle source
# File lib/bitcoin/script/tx_checker.rb, line 123
def set_error(code)
  @error_code = code
  false
end