import { BufferReader, BufferWriter, reverseBuffer, varuint, } from './bufferutils'; import * as bcrypto from './crypto'; import * as bscript from './script'; import { OPS as opcodes } from './script'; import * as types from './types'; const { typeforce } = types; function varSliceSize(someScript: Buffer): number { const length = someScript.length; return varuint.encodingLength(length) + length; } function vectorSize(someVector: Buffer[]): number { const length = someVector.length; return ( varuint.encodingLength(length) + someVector.reduce((sum, witness) => { return sum + varSliceSize(witness); }, 0) ); } const EMPTY_BUFFER: Buffer = Buffer.allocUnsafe(0); const EMPTY_WITNESS: Buffer[] = []; const ZERO: Buffer = Buffer.from( '0000000000000000000000000000000000000000000000000000000000000000', 'hex', ); const ONE: Buffer = Buffer.from( '0000000000000000000000000000000000000000000000000000000000000001', 'hex', ); const VALUE_UINT64_MAX: Buffer = Buffer.from('ffffffffffffffff', 'hex'); const BLANK_OUTPUT = { script: EMPTY_BUFFER, valueBuffer: VALUE_UINT64_MAX, }; function isOutput(out: Output): boolean { return out.value !== undefined; } export interface Output { script: Buffer; value: number; } export interface Input { hash: Buffer; index: number; script: Buffer; sequence: number; witness: Buffer[]; } export class Transaction { static readonly DEFAULT_SEQUENCE = 0xffffffff; static readonly SIGHASH_DEFAULT = 0x00; static readonly SIGHASH_ALL = 0x01; static readonly SIGHASH_NONE = 0x02; static readonly SIGHASH_SINGLE = 0x03; static readonly SIGHASH_ANYONECANPAY = 0x80; static readonly SIGHASH_OUTPUT_MASK = 0x03; static readonly SIGHASH_INPUT_MASK = 0x80; static readonly ADVANCED_TRANSACTION_MARKER = 0x00; static readonly ADVANCED_TRANSACTION_FLAG = 0x01; static fromBuffer(buffer: Buffer, _NO_STRICT?: boolean): Transaction { const bufferReader = new BufferReader(buffer); const tx = new Transaction(); tx.version = bufferReader.readInt32(); const marker = bufferReader.readUInt8(); const flag = bufferReader.readUInt8(); let hasWitnesses = false; if ( marker === Transaction.ADVANCED_TRANSACTION_MARKER && flag === Transaction.ADVANCED_TRANSACTION_FLAG ) { hasWitnesses = true; } else { bufferReader.offset -= 2; } const vinLen = bufferReader.readVarInt(); for (let i = 0; i < vinLen; ++i) { tx.ins.push({ hash: bufferReader.readSlice(32), index: bufferReader.readUInt32(), script: bufferReader.readVarSlice(), sequence: bufferReader.readUInt32(), witness: EMPTY_WITNESS, }); } const voutLen = bufferReader.readVarInt(); for (let i = 0; i < voutLen; ++i) { tx.outs.push({ value: bufferReader.readUInt64(), script: bufferReader.readVarSlice(), }); } if (hasWitnesses) { for (let i = 0; i < vinLen; ++i) { tx.ins[i].witness = bufferReader.readVector(); } // was this pointless? if (!tx.hasWitnesses()) throw new Error('Transaction has superfluous witness data'); } tx.locktime = bufferReader.readUInt32(); if (_NO_STRICT) return tx; if (bufferReader.offset !== buffer.length) throw new Error('Transaction has unexpected data'); return tx; } static fromHex(hex: string): Transaction { return Transaction.fromBuffer(Buffer.from(hex, 'hex'), false); } static isCoinbaseHash(buffer: Buffer): boolean { typeforce(types.Hash256bit, buffer); for (let i = 0; i < 32; ++i) { if (buffer[i] !== 0) return false; } return true; } version: number = 1; locktime: number = 0; ins: Input[] = []; outs: Output[] = []; isCoinbase(): boolean { return ( this.ins.length === 1 && Transaction.isCoinbaseHash(this.ins[0].hash) ); } addInput( hash: Buffer, index: number, sequence?: number, scriptSig?: Buffer, ): number { typeforce( types.tuple( types.Hash256bit, types.UInt32, types.maybe(types.UInt32), types.maybe(types.Buffer), ), arguments, ); if (types.Null(sequence)) { sequence = Transaction.DEFAULT_SEQUENCE; } // Add the input and return the input's index return ( this.ins.push({ hash, index, script: scriptSig || EMPTY_BUFFER, sequence: sequence as number, witness: EMPTY_WITNESS, }) - 1 ); } addOutput(scriptPubKey: Buffer, value: number): number { typeforce(types.tuple(types.Buffer, types.Satoshi), arguments); // Add the output and return the output's index return ( this.outs.push({ script: scriptPubKey, value, }) - 1 ); } hasWitnesses(): boolean { return this.ins.some(x => { return x.witness.length !== 0; }); } weight(): number { const base = this.byteLength(false); const total = this.byteLength(true); return base * 3 + total; } virtualSize(): number { return Math.ceil(this.weight() / 4); } byteLength(_ALLOW_WITNESS: boolean = true): number { const hasWitnesses = _ALLOW_WITNESS && this.hasWitnesses(); return ( (hasWitnesses ? 10 : 8) + varuint.encodingLength(this.ins.length) + varuint.encodingLength(this.outs.length) + this.ins.reduce((sum, input) => { return sum + 40 + varSliceSize(input.script); }, 0) + this.outs.reduce((sum, output) => { return sum + 8 + varSliceSize(output.script); }, 0) + (hasWitnesses ? this.ins.reduce((sum, input) => { return sum + vectorSize(input.witness); }, 0) : 0) ); } clone(): Transaction { const newTx = new Transaction(); newTx.version = this.version; newTx.locktime = this.locktime; newTx.ins = this.ins.map(txIn => { return { hash: txIn.hash, index: txIn.index, script: txIn.script, sequence: txIn.sequence, witness: txIn.witness, }; }); newTx.outs = this.outs.map(txOut => { return { script: txOut.script, value: txOut.value, }; }); return newTx; } /** * Hash transaction for signing a specific input. * * Bitcoin uses a different hash for each signed transaction input. * This method copies the transaction, makes the necessary changes based on the * hashType, and then hashes the result. * This hash can then be used to sign the provided transaction input. */ hashForSignature( inIndex: number, prevOutScript: Buffer, hashType: number, ): Buffer { typeforce( types.tuple(types.UInt32, types.Buffer, /* types.UInt8 */ types.Number), arguments, ); // https://github.com/bitcoin/bitcoin/blob/master/src/test/sighash_tests.cpp#L29 if (inIndex >= this.ins.length) return ONE; // ignore OP_CODESEPARATOR const ourScript = bscript.compile( bscript.decompile(prevOutScript)!.filter(x => { return x !== opcodes.OP_CODESEPARATOR; }), ); const txTmp = this.clone(); // SIGHASH_NONE: ignore all outputs? (wildcard payee) if ((hashType & 0x1f) === Transaction.SIGHASH_NONE) { txTmp.outs = []; // ignore sequence numbers (except at inIndex) txTmp.ins.forEach((input, i) => { if (i === inIndex) return; input.sequence = 0; }); // SIGHASH_SINGLE: ignore all outputs, except at the same index? } else if ((hashType & 0x1f) === Transaction.SIGHASH_SINGLE) { // https://github.com/bitcoin/bitcoin/blob/master/src/test/sighash_tests.cpp#L60 if (inIndex >= this.outs.length) return ONE; // truncate outputs after txTmp.outs.length = inIndex + 1; // "blank" outputs before for (let i = 0; i < inIndex; i++) { (txTmp.outs as any)[i] = BLANK_OUTPUT; } // ignore sequence numbers (except at inIndex) txTmp.ins.forEach((input, y) => { if (y === inIndex) return; input.sequence = 0; }); } // SIGHASH_ANYONECANPAY: ignore inputs entirely? if (hashType & Transaction.SIGHASH_ANYONECANPAY) { txTmp.ins = [txTmp.ins[inIndex]]; txTmp.ins[0].script = ourScript; // SIGHASH_ALL: only ignore input scripts } else { // "blank" others input scripts txTmp.ins.forEach(input => { input.script = EMPTY_BUFFER; }); txTmp.ins[inIndex].script = ourScript; } // serialize and hash const buffer: Buffer = Buffer.allocUnsafe(txTmp.byteLength(false) + 4); buffer.writeInt32LE(hashType, buffer.length - 4); txTmp.__toBuffer(buffer, 0, false); return bcrypto.hash256(buffer); } hashForWitnessV1( inIndex: number, prevOutScripts: Buffer[], values: number[], hashType: number, leafHash?: Buffer, annex?: Buffer, ): Buffer { // https://github.com/bitcoin/bips/blob/master/bip-0341.mediawiki#common-signature-message typeforce( types.tuple( types.UInt32, typeforce.arrayOf(types.Buffer), typeforce.arrayOf(types.Satoshi), types.UInt32, ), arguments, ); if ( values.length !== this.ins.length || prevOutScripts.length !== this.ins.length ) { throw new Error('Must supply prevout script and value for all inputs'); } const outputType = hashType === Transaction.SIGHASH_DEFAULT ? Transaction.SIGHASH_ALL : hashType & Transaction.SIGHASH_OUTPUT_MASK; const inputType = hashType & Transaction.SIGHASH_INPUT_MASK; const isAnyoneCanPay = inputType === Transaction.SIGHASH_ANYONECANPAY; const isNone = outputType === Transaction.SIGHASH_NONE; const isSingle = outputType === Transaction.SIGHASH_SINGLE; let hashPrevouts = EMPTY_BUFFER; let hashAmounts = EMPTY_BUFFER; let hashScriptPubKeys = EMPTY_BUFFER; let hashSequences = EMPTY_BUFFER; let hashOutputs = EMPTY_BUFFER; if (!isAnyoneCanPay) { let bufferWriter = BufferWriter.withCapacity(36 * this.ins.length); this.ins.forEach(txIn => { bufferWriter.writeSlice(txIn.hash); bufferWriter.writeUInt32(txIn.index); }); hashPrevouts = bcrypto.sha256(bufferWriter.end()); bufferWriter = BufferWriter.withCapacity(8 * this.ins.length); values.forEach(value => bufferWriter.writeUInt64(value)); hashAmounts = bcrypto.sha256(bufferWriter.end()); bufferWriter = BufferWriter.withCapacity( prevOutScripts.map(varSliceSize).reduce((a, b) => a + b), ); prevOutScripts.forEach(prevOutScript => bufferWriter.writeVarSlice(prevOutScript), ); hashScriptPubKeys = bcrypto.sha256(bufferWriter.end()); bufferWriter = BufferWriter.withCapacity(4 * this.ins.length); this.ins.forEach(txIn => bufferWriter.writeUInt32(txIn.sequence)); hashSequences = bcrypto.sha256(bufferWriter.end()); } if (!(isNone || isSingle)) { const txOutsSize = this.outs .map(output => 8 + varSliceSize(output.script)) .reduce((a, b) => a + b); const bufferWriter = BufferWriter.withCapacity(txOutsSize); this.outs.forEach(out => { bufferWriter.writeUInt64(out.value); bufferWriter.writeVarSlice(out.script); }); hashOutputs = bcrypto.sha256(bufferWriter.end()); } else if (isSingle && inIndex < this.outs.length) { const output = this.outs[inIndex]; const bufferWriter = BufferWriter.withCapacity( 8 + varSliceSize(output.script), ); bufferWriter.writeUInt64(output.value); bufferWriter.writeVarSlice(output.script); hashOutputs = bcrypto.sha256(bufferWriter.end()); } const spendType = (leafHash ? 2 : 0) + (annex ? 1 : 0); // Length calculation from: // https://github.com/bitcoin/bips/blob/master/bip-0341.mediawiki#cite_note-14 // With extension from: // https://github.com/bitcoin/bips/blob/master/bip-0342.mediawiki#signature-validation const sigMsgSize = 174 - (isAnyoneCanPay ? 49 : 0) - (isNone ? 32 : 0) + (annex ? 32 : 0) + (leafHash ? 37 : 0); const sigMsgWriter = BufferWriter.withCapacity(sigMsgSize); sigMsgWriter.writeUInt8(hashType); // Transaction sigMsgWriter.writeInt32(this.version); sigMsgWriter.writeUInt32(this.locktime); sigMsgWriter.writeSlice(hashPrevouts); sigMsgWriter.writeSlice(hashAmounts); sigMsgWriter.writeSlice(hashScriptPubKeys); sigMsgWriter.writeSlice(hashSequences); if (!(isNone || isSingle)) { sigMsgWriter.writeSlice(hashOutputs); } // Input sigMsgWriter.writeUInt8(spendType); if (isAnyoneCanPay) { const input = this.ins[inIndex]; sigMsgWriter.writeSlice(input.hash); sigMsgWriter.writeUInt32(input.index); sigMsgWriter.writeUInt64(values[inIndex]); sigMsgWriter.writeVarSlice(prevOutScripts[inIndex]); sigMsgWriter.writeUInt32(input.sequence); } else { sigMsgWriter.writeUInt32(inIndex); } if (annex) { const bufferWriter = BufferWriter.withCapacity(varSliceSize(annex)); bufferWriter.writeVarSlice(annex); sigMsgWriter.writeSlice(bcrypto.sha256(bufferWriter.end())); } // Output if (isSingle) { sigMsgWriter.writeSlice(hashOutputs); } // BIP342 extension if (leafHash) { sigMsgWriter.writeSlice(leafHash); sigMsgWriter.writeUInt8(0); sigMsgWriter.writeUInt32(0xffffffff); } // Extra zero byte because: // https://github.com/bitcoin/bips/blob/master/bip-0341.mediawiki#cite_note-19 return bcrypto.taggedHash( 'TapSighash', Buffer.concat([Buffer.of(0x00), sigMsgWriter.end()]), ); } hashForWitnessV0( inIndex: number, prevOutScript: Buffer, value: number, hashType: number, ): Buffer { typeforce( types.tuple(types.UInt32, types.Buffer, types.Satoshi, types.UInt32), arguments, ); let tbuffer: Buffer = Buffer.from([]); let bufferWriter: BufferWriter; let hashOutputs = ZERO; let hashPrevouts = ZERO; let hashSequence = ZERO; if (!(hashType & Transaction.SIGHASH_ANYONECANPAY)) { tbuffer = Buffer.allocUnsafe(36 * this.ins.length); bufferWriter = new BufferWriter(tbuffer, 0); this.ins.forEach(txIn => { bufferWriter.writeSlice(txIn.hash); bufferWriter.writeUInt32(txIn.index); }); hashPrevouts = bcrypto.hash256(tbuffer); } if ( !(hashType & Transaction.SIGHASH_ANYONECANPAY) && (hashType & 0x1f) !== Transaction.SIGHASH_SINGLE && (hashType & 0x1f) !== Transaction.SIGHASH_NONE ) { tbuffer = Buffer.allocUnsafe(4 * this.ins.length); bufferWriter = new BufferWriter(tbuffer, 0); this.ins.forEach(txIn => { bufferWriter.writeUInt32(txIn.sequence); }); hashSequence = bcrypto.hash256(tbuffer); } if ( (hashType & 0x1f) !== Transaction.SIGHASH_SINGLE && (hashType & 0x1f) !== Transaction.SIGHASH_NONE ) { const txOutsSize = this.outs.reduce((sum, output) => { return sum + 8 + varSliceSize(output.script); }, 0); tbuffer = Buffer.allocUnsafe(txOutsSize); bufferWriter = new BufferWriter(tbuffer, 0); this.outs.forEach(out => { bufferWriter.writeUInt64(out.value); bufferWriter.writeVarSlice(out.script); }); hashOutputs = bcrypto.hash256(tbuffer); } else if ( (hashType & 0x1f) === Transaction.SIGHASH_SINGLE && inIndex < this.outs.length ) { const output = this.outs[inIndex]; tbuffer = Buffer.allocUnsafe(8 + varSliceSize(output.script)); bufferWriter = new BufferWriter(tbuffer, 0); bufferWriter.writeUInt64(output.value); bufferWriter.writeVarSlice(output.script); hashOutputs = bcrypto.hash256(tbuffer); } tbuffer = Buffer.allocUnsafe(156 + varSliceSize(prevOutScript)); bufferWriter = new BufferWriter(tbuffer, 0); const input = this.ins[inIndex]; bufferWriter.writeInt32(this.version); bufferWriter.writeSlice(hashPrevouts); bufferWriter.writeSlice(hashSequence); bufferWriter.writeSlice(input.hash); bufferWriter.writeUInt32(input.index); bufferWriter.writeVarSlice(prevOutScript); bufferWriter.writeUInt64(value); bufferWriter.writeUInt32(input.sequence); bufferWriter.writeSlice(hashOutputs); bufferWriter.writeUInt32(this.locktime); bufferWriter.writeUInt32(hashType); return bcrypto.hash256(tbuffer); } getHash(forWitness?: boolean): Buffer { // wtxid for coinbase is always 32 bytes of 0x00 if (forWitness && this.isCoinbase()) return Buffer.alloc(32, 0); return bcrypto.hash256(this.__toBuffer(undefined, undefined, forWitness)); } getId(): string { // transaction hash's are displayed in reverse order return reverseBuffer(this.getHash(false)).toString('hex'); } toBuffer(buffer?: Buffer, initialOffset?: number): Buffer { return this.__toBuffer(buffer, initialOffset, true); } toHex(): string { return this.toBuffer(undefined, undefined).toString('hex'); } setInputScript(index: number, scriptSig: Buffer): void { typeforce(types.tuple(types.Number, types.Buffer), arguments); this.ins[index].script = scriptSig; } setWitness(index: number, witness: Buffer[]): void { typeforce(types.tuple(types.Number, [types.Buffer]), arguments); this.ins[index].witness = witness; } private __toBuffer( buffer?: Buffer, initialOffset?: number, _ALLOW_WITNESS: boolean = false, ): Buffer { if (!buffer) buffer = Buffer.allocUnsafe(this.byteLength(_ALLOW_WITNESS)) as Buffer; const bufferWriter = new BufferWriter(buffer, initialOffset || 0); bufferWriter.writeInt32(this.version); const hasWitnesses = _ALLOW_WITNESS && this.hasWitnesses(); if (hasWitnesses) { bufferWriter.writeUInt8(Transaction.ADVANCED_TRANSACTION_MARKER); bufferWriter.writeUInt8(Transaction.ADVANCED_TRANSACTION_FLAG); } bufferWriter.writeVarInt(this.ins.length); this.ins.forEach(txIn => { bufferWriter.writeSlice(txIn.hash); bufferWriter.writeUInt32(txIn.index); bufferWriter.writeVarSlice(txIn.script); bufferWriter.writeUInt32(txIn.sequence); }); bufferWriter.writeVarInt(this.outs.length); this.outs.forEach(txOut => { if (isOutput(txOut)) { bufferWriter.writeUInt64(txOut.value); } else { bufferWriter.writeSlice((txOut as any).valueBuffer); } bufferWriter.writeVarSlice(txOut.script); }); if (hasWitnesses) { this.ins.forEach(input => { bufferWriter.writeVector(input.witness); }); } bufferWriter.writeUInt32(this.locktime); // avoid slicing unless necessary if (initialOffset !== undefined) return buffer.slice(initialOffset, bufferWriter.offset); return buffer; } }