Final segwit poc

src/main/java/co/rsk/bitcoinj/core/BtcECKey.java

@@ -432,7 +432,7 @@ public static ECPoint publicPointFromPrivate(BigInteger privKey) {
  /** Gets the hash160 form of the public key (as seen in addresses). */
  public byte[] getPubKeyHash() {
  if (pubKeyHash == null)
- pubKeyHash = Utils.sha256hash160(this.pub.getEncoded());
+ pubKeyHash = Utils.hash160(this.pub.getEncoded());
  return pubKeyHash;
  }
 

src/main/java/co/rsk/bitcoinj/core/BtcTransaction.java

@@ -30,6 +30,7 @@
 import com.google.common.primitives.Longs;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.spongycastle.crypto.params.KeyParameter;
 
 import javax.annotation.Nullable;
 import java.io.*;
@@ -105,7 +106,6 @@ public int compare(final BtcTransaction tx1, final BtcTransaction tx2) {
  private ArrayList<TransactionOutput> outputs;
  private ArrayList<TransactionWitness> witnesses;
 
-
  private long lockTime;
 
  // This is either the time the transaction was broadcast as measured from the local clock, or the time from the
@@ -1166,6 +1166,112 @@ public Sha256Hash hashForSignature(int inputIndex, byte[] connectedScript, byte
  }
  }
 
+ public synchronized Sha256Hash hashForWitnessSignature(
+ int inputIndex,
+ byte[] scriptCode,
+ Coin prevValue,
+ SigHash type,
+ boolean anyoneCanPay) {
+ int sigHash = TransactionSignature.calcSigHashValue(type, anyoneCanPay);
+ return hashForWitnessSignature(inputIndex, scriptCode, prevValue, (byte) sigHash);
+ }
+
+ /**
+ * <p>Calculates a signature hash, that is, a hash of a simplified form of the transaction. How exactly the transaction
+ * is simplified is specified by the type and anyoneCanPay parameters.</p>
+ *
+ * <p>This is a low level API and when using the regular {@link Wallet} class you don't have to call this yourself.
+ * When working with more complex transaction types and contracts, it can be necessary. When signing a Witness output
+ * the scriptCode should be the script encoded into the scriptSig field, for normal transactions, it's the
+ * scriptPubKey of the output you're signing for. (See BIP143: https://github.com/bitcoin/bips/blob/master/bip-0143.mediawiki)</p>
+ *
+ * @param inputIndex input the signature is being calculated for. Tx signatures are always relative to an input.
+ * @param scriptCode the script that should be in the given input during signing.
+ * @param prevValue the value of the coin being spent
+ * @param type Should be SigHash.ALL
+ * @param anyoneCanPay should be false.
+ */
+ public synchronized Sha256Hash hashForWitnessSignature(
+ int inputIndex,
+ Script scriptCode,
+ Coin prevValue,
+ SigHash type,
+ boolean anyoneCanPay) {
+ return hashForWitnessSignature(inputIndex, scriptCode.getProgram(), prevValue, type, anyoneCanPay);
+ }
+
+ public synchronized Sha256Hash hashForWitnessSignature(
+ int inputIndex,
+ byte[] scriptCode,
+ Coin prevValue,
+ byte sigHashType){
+ ByteArrayOutputStream bos = new UnsafeByteArrayOutputStream(length == UNKNOWN_LENGTH ? 256 : length + 4);
+ try {
+ byte[] hashPrevouts = new byte[32];
+ byte[] hashSequence = new byte[32];
+ byte[] hashOutputs = new byte[32];
+ int basicSigHashType = sigHashType & 0x1f;
+ boolean anyoneCanPay = (sigHashType & SigHash.ANYONECANPAY.value) == SigHash.ANYONECANPAY.value;
+ boolean signAll = (basicSigHashType != SigHash.SINGLE.value) && (basicSigHashType != SigHash.NONE.value);
+
+ if (!anyoneCanPay) {
+ ByteArrayOutputStream bosHashPrevouts = new UnsafeByteArrayOutputStream(256);
+ for (int i = 0; i < this.inputs.size(); ++i) {
+ bosHashPrevouts.write(this.inputs.get(i).getOutpoint().getHash().getReversedBytes());
+ uint32ToByteStreamLE(this.inputs.get(i).getOutpoint().getIndex(), bosHashPrevouts);
+ }
+ hashPrevouts = Sha256Hash.hashTwice(bosHashPrevouts.toByteArray());
+ }
+
+ if (!anyoneCanPay && signAll) {
+ ByteArrayOutputStream bosSequence = new UnsafeByteArrayOutputStream(256);
+ for (int i = 0; i < this.inputs.size(); ++i) {
+ uint32ToByteStreamLE(this.inputs.get(i).getSequenceNumber(), bosSequence);
+ }
+ hashSequence = Sha256Hash.hashTwice(bosSequence.toByteArray());
+ }
+
+ if (signAll) {
+ ByteArrayOutputStream bosHashOutputs = new UnsafeByteArrayOutputStream(256);
+ for (int i = 0; i < this.outputs.size(); ++i) {
+ uint64ToByteStreamLE(
+ BigInteger.valueOf(this.outputs.get(i).getValue().getValue()),
+ bosHashOutputs
+ );
+ bosHashOutputs.write(new VarInt(this.outputs.get(i).getScriptBytes().length).encode());
+ bosHashOutputs.write(this.outputs.get(i).getScriptBytes());
+ }
+ hashOutputs = Sha256Hash.hashTwice(bosHashOutputs.toByteArray());
+ } else if (basicSigHashType == SigHash.SINGLE.value && inputIndex < outputs.size()) {
+ ByteArrayOutputStream bosHashOutputs = new UnsafeByteArrayOutputStream(256);
+ uint64ToByteStreamLE(
+ BigInteger.valueOf(this.outputs.get(inputIndex).getValue().getValue()),
+ bosHashOutputs
+ );
+ bosHashOutputs.write(new VarInt(this.outputs.get(inputIndex).getScriptBytes().length).encode());
+ bosHashOutputs.write(this.outputs.get(inputIndex).getScriptBytes());
+ hashOutputs = Sha256Hash.hashTwice(bosHashOutputs.toByteArray());
+ }
+ uint32ToByteStreamLE(version, bos);
+ bos.write(hashPrevouts);
+ bos.write(hashSequence);
+ bos.write(inputs.get(inputIndex).getOutpoint().getHash().getReversedBytes());
+ uint32ToByteStreamLE(inputs.get(inputIndex).getOutpoint().getIndex(), bos);
+ bos.write(new VarInt(scriptCode.length).encode());
+ bos.write(scriptCode);
+ uint64ToByteStreamLE(BigInteger.valueOf(prevValue.getValue()), bos);
+ uint32ToByteStreamLE(inputs.get(inputIndex).getSequenceNumber(), bos);
+ bos.write(hashOutputs);
+ uint32ToByteStreamLE(this.lockTime, bos);
+ uint32ToByteStreamLE(0x000000ff & sigHashType, bos);
+ } catch (IOException e) {
+ throw new RuntimeException(e); // Cannot happen.
+ }
+
+ return Sha256Hash.twiceOf(bos.toByteArray());
+ }
+
+
  @Override
  protected void bitcoinSerializeToStream(OutputStream stream) throws IOException {
  bitcoinSerializeToStream(stream, true);

src/main/java/co/rsk/bitcoinj/core/TransactionWitness.java

@@ -1,10 +1,12 @@
 package co.rsk.bitcoinj.core;
 
 import co.rsk.bitcoinj.crypto.TransactionSignature;
+import co.rsk.bitcoinj.script.Script;
 
 import javax.annotation.Nullable;
 import java.util.ArrayList;
 import java.util.List;
+import java.util.Objects;
 
 public class TransactionWitness {
  static TransactionWitness empty = new TransactionWitness(0);
@@ -13,12 +15,22 @@ public static TransactionWitness getEmpty() {
  return empty;
  }
 
- private List<byte[]> pushes;
+ private final List<byte[]> pushes;
 
  public TransactionWitness(int pushCount) {
  pushes = new ArrayList<byte[]>(Math.min(pushCount, Utils.MAX_INITIAL_ARRAY_LENGTH));
  }
 
+ public static TransactionWitness of(List<byte[]> pushes) {
+ return new TransactionWitness(pushes);
+ }
+
+ private TransactionWitness(List<byte[]> pushes) {
+ for (byte[] push : pushes)
+ Objects.requireNonNull(push);
+ this.pushes = pushes;
+ }
+
  public byte[] getPush(int i) {
  return pushes.get(i);
  }
@@ -46,6 +58,64 @@ public static TransactionWitness createWitness(@Nullable final TransactionSignat
  return witness;
  }
 
+ public static TransactionWitness createWitnessErpStandardScript(Script witnessScript, List<TransactionSignature> signatures) {
+ List<byte[]> pushes = new ArrayList<>(signatures.size() + 3);
+ pushes.add(new byte[] {});
+ for (TransactionSignature signature : signatures) {
+ pushes.add(signature.encodeToBitcoin());
+ }
+ pushes.add(new byte[] {}); // OP_NOTIF argument. If an empty vector is set it will validate against the standard keys, if a 1 is set it will validate against the emergency keys
+ pushes.add(witnessScript.getProgram());
+ return TransactionWitness.of(pushes);
+ }
+
+ public static TransactionWitness createWitnessErpEmergencyScript(Script witnessScript, List<TransactionSignature> signatures) {
+ List<byte[]> pushes = new ArrayList<>(signatures.size() + 3);
+ pushes.add(new byte[] {});
+ for (TransactionSignature signature : signatures) {
+ pushes.add(signature.encodeToBitcoin());
+ }
+ pushes.add(new byte[] {1}); // OP_NOTIF argument. If an empty vector is set it will validate against the standard keys, if a 1 is set it will validate against the emergency keys
+ pushes.add(witnessScript.getProgram());
+ return TransactionWitness.of(pushes);
+ }
+
+ public static TransactionWitness createWitnessErpStandardNewScript(Script witnessScript, List<TransactionSignature> thresholdSignatures, int signaturesSize) {
+ int zeroSignaturesSize = signaturesSize - thresholdSignatures.size();
+ List<byte[]> pushes = new ArrayList<>(signaturesSize + 2);
+
+ // signatures to be used
+ for (int i = 0; i < thresholdSignatures.size(); i++) {
+ pushes.add(thresholdSignatures.get(i).encodeToBitcoin());
+ }
+
+ // empty signatures
+ for (int i = 0; i < zeroSignaturesSize; i ++) {
+ pushes.add(new byte[0]);
+ }
+ pushes.add(new byte[] {}); // OP_NOTIF argument
+ pushes.add(witnessScript.getProgram());
+ return TransactionWitness.of(pushes);
+ }
+
+ public static TransactionWitness createWitnessErpEmergencyNewScript(Script witnessScript, List<TransactionSignature> thresholdSignatures, int signaturesSize) {
+ int zeroSignaturesSize = signaturesSize - thresholdSignatures.size();
+ List<byte[]> pushes = new ArrayList<>(signaturesSize + 2);
+
+ // signatures to be used
+ for (int i = 0; i < thresholdSignatures.size(); i++) {
+ pushes.add(thresholdSignatures.get(i).encodeToBitcoin());
+ }
+
+ // empty signatures
+ for (int i = 0; i < zeroSignaturesSize; i ++) {
+ pushes.add(new byte[0]);
+ }
+ pushes.add(new byte[] {1}); // OP_NOTIF argument
+ pushes.add(witnessScript.getProgram());
+ return TransactionWitness.of(pushes);
+ }
+
  public byte[] getScriptBytes() {
  if (getPushCount() == 0)
  return new byte[0];

src/main/java/co/rsk/bitcoinj/core/Utils.java

@@ -263,15 +263,19 @@ public static int readUint16BE(byte[] bytes, int offset) {
  }
 
  /**
- * Calculates RIPEMD160(SHA256(input)). This is used in Address calculations.
+ * Hash160 calculates RIPEMD160(SHA256(input)). This is used in Address calculations.
  */
- public static byte[] sha256hash160(byte[] input) {
- byte[] sha256 = Sha256Hash.hash(input);
+
+ public static byte[] hash160(byte[] input) {
+ return digestRipeMd160(Sha256Hash.hash(input));
+ }
+
+ public static byte[] digestRipeMd160(byte[] sha256) {
  RIPEMD160Digest digest = new RIPEMD160Digest();
  digest.update(sha256, 0, sha256.length);
- byte[] out = new byte[20];
- digest.doFinal(out, 0);
- return out;
+ byte[] ripemdHash = new byte[20];
+ digest.doFinal(ripemdHash, 0);
+ return ripemdHash;
  }
 
  /**

src/main/java/co/rsk/bitcoinj/crypto/DeterministicKey.java

@@ -212,7 +212,7 @@ public byte[] getChainCode() {
  * Returns RIPE-MD160(SHA256(pub key bytes)).
  */
  public byte[] getIdentifier() {
- return Utils.sha256hash160(getPubKey());
+ return Utils.hash160(getPubKey());
  }
 
  /** Returns the first 32 bits of the result of {@link #getIdentifier()}. */

src/main/java/co/rsk/bitcoinj/script/P2shP2wshErpFederationNewRedeemScriptParser.java

@@ -0,0 +1,28 @@
+package co.rsk.bitcoinj.script;
+
+import co.rsk.bitcoinj.core.Utils;
+
+public class P2shP2wshErpFederationNewRedeemScriptParser {
+ public static Script createErpP2shP2wshNewRedeemScript(
+ Script defaultFederationRedeemScript,
+ Script erpFederationRedeemScript,
+ Long csvValue) {
+
+ byte[] serializedCsvValue = Utils.signedLongToByteArrayLE(csvValue);
+
+ ScriptBuilder scriptBuilder = new ScriptBuilder();
+
+ Script erpRedeemScript = scriptBuilder
+ .op(ScriptOpCodes.OP_NOTIF)
+ .addChunks(defaultFederationRedeemScript.getChunks())
+ .op(ScriptOpCodes.OP_ELSE)
+ .data(serializedCsvValue)
+ .op(ScriptOpCodes.OP_CHECKSEQUENCEVERIFY)
+ .op(ScriptOpCodes.OP_DROP)
+ .addChunks(erpFederationRedeemScript.getChunks())
+ .op(ScriptOpCodes.OP_ENDIF)
+ .build();
+
+ return erpRedeemScript;
+ }
+}

src/main/java/co/rsk/bitcoinj/script/P2shP2wshErpFederationRedeemScriptParser.java

@@ -0,0 +1,54 @@
+package co.rsk.bitcoinj.script;
+
+import co.rsk.bitcoinj.core.Sha256Hash;
+import co.rsk.bitcoinj.core.Utils;
+
+public class P2shP2wshErpFederationRedeemScriptParser {
+ public static Script createP2shP2wshErpRedeemScript(
+ Script defaultFederationRedeemScript,
+ Script erpFederationRedeemScript,
+ Long csvValue
+ ) {
+ byte[] serializedCsvValue = Utils.signedLongToByteArrayLE(csvValue);
+
+ ScriptBuilder scriptBuilder = new ScriptBuilder();
+
+ Script erpP2shP2wshRedeemScript = scriptBuilder
+ .op(ScriptOpCodes.OP_NOTIF)
+ .addChunks(defaultFederationRedeemScript.getChunks())
+ .op(ScriptOpCodes.OP_ELSE)
+ .data(serializedCsvValue)
+ .op(ScriptOpCodes.OP_CHECKSEQUENCEVERIFY)
+ .op(ScriptOpCodes.OP_DROP)
+ .addChunks(erpFederationRedeemScript.getChunks())
+ .op(ScriptOpCodes.OP_ENDIF)
+ .build();
+ return erpP2shP2wshRedeemScript;
+ }
+
+ public static Script createP2shP2wshErpRedeemScriptWithFlyover(
+ Script defaultFederationRedeemScript,
+ Script erpFederationRedeemScript,
+ Sha256Hash derivationPath,
+ Long csvValue
+ ) {
+ byte[] serializedCsvValue = Utils.signedLongToByteArrayLE(csvValue);
+
+ ScriptBuilder scriptBuilder = new ScriptBuilder();
+
+ Script erpP2shP2wshRedeemScript = scriptBuilder
+ .data(derivationPath.getBytes())
+ .op(ScriptOpCodes.OP_DROP)
+ .op(ScriptOpCodes.OP_NOTIF)
+ .addChunks(defaultFederationRedeemScript.getChunks())
+ .op(ScriptOpCodes.OP_ELSE)
+ .data(serializedCsvValue)
+ .op(ScriptOpCodes.OP_CHECKSEQUENCEVERIFY)
+ .op(ScriptOpCodes.OP_DROP)
+ .addChunks(erpFederationRedeemScript.getChunks())
+ .op(ScriptOpCodes.OP_ENDIF)
+ .build();
+
+ return erpP2shP2wshRedeemScript;
+ }
+}

src/main/java/co/rsk/bitcoinj/script/Script.java

@@ -96,7 +96,7 @@ public enum VerifyFlag {
 
  private static final Logger log = LoggerFactory.getLogger(Script.class);
  public static final long MAX_SCRIPT_ELEMENT_SIZE = 520; // bytes
- public static final int SIG_SIZE = 75;
+ public static final int SIG_SIZE = 73;
  /** Max number of sigops allowed in a standard p2sh redeem script */
  public static final int MAX_P2SH_SIGOPS = 15;
 
@@ -325,7 +325,7 @@ public BigInteger getCLTVPaymentChannelExpiry() {
  */
  @Deprecated
  public Address getFromAddress(NetworkParameters params) throws ScriptException {
- return new Address(params, Utils.sha256hash160(getPubKey()));
+ return new Address(params, Utils.hash160(getPubKey()));
  }
 
  /**
@@ -610,7 +610,12 @@ public int getNumberOfBytesRequiredToSpend(@Nullable BtcECKey pubKey, @Nullable
  if (isPayToScriptHash()) {
  // scriptSig: <sig> [sig] [sig...] <redeemscript>
  checkArgument(redeemScript != null, "P2SH script requires redeemScript to be spent");
- return redeemScript.getNumberOfSignaturesRequiredToSpend() * SIG_SIZE + redeemScript.getProgram().length;
+ int bytesRequired = redeemScript.getNumberOfSignaturesRequiredToSpend() * SIG_SIZE;
+ bytesRequired += redeemScript.getProgram().length;
+ bytesRequired += 1; // 1 byte for first empty byte
+ bytesRequired += 1; // 1 byte for op_notif argument
+ bytesRequired += 5; // redeemScript bytes-size in hexa (approx)
+ return bytesRequired;
  } else if (isSentToMultiSig()) {
  // scriptSig: OP_0 <sig> [sig] [sig...]
  return getNumberOfSignaturesRequiredToSpend() * SIG_SIZE + 1;
@@ -1263,7 +1268,7 @@ public static void executeScript(@Nullable BtcTransaction txContainingThis, long
  case OP_HASH160:
  if (stack.size() < 1)
  throw new ScriptException("Attempted OP_HASH160 on an empty stack");
- stack.add(Utils.sha256hash160(stack.pollLast()));
+ stack.add(Utils.hash160(stack.pollLast()));
  break;
  case OP_HASH256:
  if (stack.size() < 1)