def extract_sig_info(self): """ Returns the signature and corresponding public key. Returns: dict: Contains three keys: 'hash_type': Integer 'signature': The DER-encoded signature 'public_key': The bytes corresponding the public key. """ if len(self) != 2: raise TypeError("Script is not a P2PKH signature script") if not isinstance(self[0], bytes) or \ not isinstance(self[1], bytes): raise TypeError( "Signature script must contain two push operations.") try: sig_bytes = self[0] hash_type = sig_bytes[-1] Signature.from_der(sig_bytes[:-1]) except ValueError: raise TypeError("Signature does not appear to be valid") try: PublicKey.from_bytes(self[1]) except ValueError: raise TypeError("Public key does not appear to be valid") return dict(hash_type=hash_type, signature=sig_bytes, public_key=self[1])
def _op_checksig(self): """ The entire transaction's outputs, inputs, and script (from the most recently-executed OP_CODESEPARATOR to the end) are hashed. The signature used by OP_CHECKSIG must be a valid signature for this hash and public key. If it is, 1 is returned, 0 otherwise. """ self._check_stack_len(2) self._check_txn() pub_key_bytes = self._stack.pop() s = self._stack.pop() sig_der, hash_type = s[:-1], s[-1] pub_key = PublicKey.from_bytes(pub_key_bytes) sig = Signature.from_der(sig_der) txn_copy = self._txn._copy_for_sig(input_index=self._input_index, hash_type=hash_type, sub_script=self._sub_script) msg = bytes(txn_copy) + utils.pack_u32(hash_type) tx_digest = hashlib.sha256(msg).digest() verified = pub_key.verify(tx_digest, sig) self._stack.append(verified)
def _op_checkmultisig(self, partial=False): """ Compares the first signature against each public key until it finds an ECDSA match. Starting with the subsequent public key, it compares the second signature against each remaining public key until it finds an ECDSA match. The process is repeated until all signatures have been checked or not enough public keys remain to produce a successful result. All signatures need to match a public key. Because public keys are not checked again if they fail any signature comparison, signatures must be placed in the scriptSig using the same order as their corresponding public keys were placed in the scriptPubKey or redeemScript. If all signatures are valid, 1 is returned, 0 otherwise. Due to a bug, one extra unused value is removed from the stack. """ self._check_stack_len(1) self._check_txn() num_keys = self._stack.pop() self._check_stack_len(num_keys) keys_bytes = [] for i in range(num_keys): keys_bytes.insert(0, self._stack.pop()) public_keys = [PublicKey.from_bytes(p) for p in keys_bytes] min_num_sigs = self._stack.pop() # Although "m" is the *minimum* number of required signatures, bitcoin # core only consumes "m" signatures and then expects an OP_0. This # means that if m < min_num_sigs <= n, bitcoin core will return a # script failure. See: # https://github.com/bitcoin/bitcoin/blob/0.10/src/script/interpreter.cpp#L840 # We will do the same. hash_types = set() sigs = [] for i in range(min_num_sigs): s = self._stack.pop() try: sig = Signature.from_der(s[:-1]) hash_types.add(s[-1]) sigs.insert(0, sig) except ValueError: if partial: # Put it back on stack self._stack.append(s) else: # If not a partial evaluation there are not enough # sigs rv = False break if len(hash_types) != 1: raise ScriptInterpreterError( "Not all signatures have the same hash type!") hash_type = hash_types.pop() txn_copy = self._txn._copy_for_sig(input_index=self._input_index, hash_type=hash_type, sub_script=self._sub_script) msg = bytes(txn_copy) + utils.pack_u32(hash_type) txn_digest = hashlib.sha256(msg).digest() # Now we verify last_match = -1 rv = True match_count = 0 for sig in sigs: matched_any = False for i, pub_key in enumerate(public_keys[last_match + 1:]): if pub_key.verify(txn_digest, sig): last_match = i match_count += 1 matched_any = True break if not matched_any: # Bail early if the sig couldn't be verified # by any public key rv = False break rv &= match_count >= min_num_sigs # Now make sure the last thing on the stack is OP_0 if len(self._stack) == 1: rv &= self._stack.pop() == b'' rv &= len(self._stack) == 0 else: rv = False self._stack.append(rv) if partial: self.match_count = match_count
def _op_checkmultisig(self, partial=False): """ Compares the first signature against each public key until it finds an ECDSA match. Starting with the subsequent public key, it compares the second signature against each remaining public key until it finds an ECDSA match. The process is repeated until all signatures have been checked or not enough public keys remain to produce a successful result. All signatures need to match a public key. Because public keys are not checked again if they fail any signature comparison, signatures must be placed in the scriptSig using the same order as their corresponding public keys were placed in the scriptPubKey or redeemScript. If all signatures are valid, 1 is returned, 0 otherwise. Due to a bug, one extra unused value is removed from the stack. """ self._check_stack_len(1) self._check_txn() num_keys = self._stack.pop() self._check_stack_len(num_keys) keys_bytes = [] for i in range(num_keys): keys_bytes.insert(0, self._stack.pop()) public_keys = [PublicKey.from_bytes(p) for p in keys_bytes] min_num_sigs = self._stack.pop() # Although "m" is the *minimum* number of required signatures, bitcoin # core only consumes "m" signatures and then expects an OP_0. This # means that if m < min_num_sigs <= n, bitcoin core will return a # script failure. See: # https://github.com/bitcoin/bitcoin/blob/0.10/src/script/interpreter.cpp#L840 # We will do the same. hash_types = set() sigs = [] for i in range(min_num_sigs): s = self._stack.pop() try: sig = Signature.from_der(s[:-1]) hash_types.add(s[-1]) sigs.insert(0, sig) except ValueError: if partial: # Put it back on stack self._stack.append(s) else: # If not a partial evaluation there are not enough # sigs rv = False break if len(hash_types) != 1: raise ScriptInterpreterError("Not all signatures have the same hash type!") hash_type = hash_types.pop() txn_copy = self._txn._copy_for_sig(input_index=self._input_index, hash_type=hash_type, sub_script=self._sub_script) msg = bytes(txn_copy) + utils.pack_u32(hash_type) txn_digest = hashlib.sha256(msg).digest() # Now we verify last_match = -1 rv = True match_count = 0 for sig in sigs: matched_any = False for i, pub_key in enumerate(public_keys[last_match+1:]): if pub_key.verify(txn_digest, sig): last_match = i match_count += 1 matched_any = True break if not matched_any: # Bail early if the sig couldn't be verified # by any public key rv = False break rv &= match_count >= min_num_sigs # Now make sure the last thing on the stack is OP_0 if len(self._stack) == 1: rv &= self._stack.pop() == b'' rv &= len(self._stack) == 0 else: rv = False self._stack.append(rv) if partial: self.match_count = match_count