From 580f466a684679a4b7803aef248b12b7d5883610 Mon Sep 17 00:00:00 2001
From: Bob McElrath <bob_git@mcelrath.org>
Date: Fri, 8 Jul 2016 14:11:59 -0400
Subject: [PATCH 1/7] Initial segwit implementation, works with P2WPKH
 addresses

---
 .gitignore                |   3 +-
 bitcoin/core/__init__.py  | 112 ++++++++++++++++++++++++++++++++------
 bitcoin/core/script.py    |  35 ++++++++++++
 bitcoin/core/serialize.py |   9 +++
 4 files changed, 141 insertions(+), 18 deletions(-)

diff --git a/.gitignore b/.gitignore
index 97fa5c7..d8994c6 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,4 +1,4 @@
-
+*.sw?
 *.pyc
 
 local*.cfg
@@ -8,3 +8,4 @@ local*.cfg
 build/
 htmlcov/
 python_bitcoinlib.egg-info/
+dist/
diff --git a/bitcoin/core/__init__.py b/bitcoin/core/__init__.py
index a3d5580..a55ac73 100644
--- a/bitcoin/core/__init__.py
+++ b/bitcoin/core/__init__.py
@@ -16,7 +16,7 @@
 import sys
 import time
 
-from .script import CScript
+from .script import CScript, CScriptWitness
 
 from .serialize import *
 
@@ -304,11 +304,44 @@ def from_txout(cls, txout):
         """Create a fullly mutable copy of an existing TxOut"""
         return cls(txout.nValue, txout.scriptPubKey)
 
+
+class CTxInWitness(ImmutableSerializable):
+    """Witness data for a transaction input. """
+    __slots__ = ['scriptWitness']
+
+    def __init__(self, scriptWitness=CScriptWitness()):
+        object.__setattr__(self, 'scriptWitness', scriptWitness)
+
+    @classmethod
+    def stream_deserialize(cls, f):
+        scriptWitness = CScriptWitness.stream_deserialize(f)
+        return cls(scriptWitness)
+
+    def stream_serialize(self, f):
+        self.scriptWitness.stream_serialize(f)
+
+    def __repr__(self):
+        return "CTxInWitness(%s)" % (repr(self.scriptWitness))
+
+    @classmethod
+    def from_txinwitness(cls, txinwitness):
+        """Create an immutable copy of an existing TxInWitness
+
+        If txin is already immutable (txin.__class__ is CTxIn) it is returned
+        directly.
+        """
+        if txinwitness.__class__ is CTxInWitness:
+            return txinwitness
+
+        else:
+            return cls(txinwitness.scriptWitness)
+
+
 class CTransaction(ImmutableSerializable):
     """A transaction"""
-    __slots__ = ['nVersion', 'vin', 'vout', 'nLockTime']
+    __slots__ = ['nVersion', 'vin', 'vout', 'nLockTime', 'wit']
 
-    def __init__(self, vin=(), vout=(), nLockTime=0, nVersion=1):
+    def __init__(self, vin=(), vout=(), nLockTime=0, nVersion=1, witness=()):
         """Create a new transaction
 
         vin and vout are iterables of transaction inputs and outputs
@@ -322,26 +355,55 @@ def __init__(self, vin=(), vout=(), nLockTime=0, nVersion=1):
         object.__setattr__(self, 'nVersion', nVersion)
         object.__setattr__(self, 'vin', tuple(CTxIn.from_txin(txin) for txin in vin))
         object.__setattr__(self, 'vout', tuple(CTxOut.from_txout(txout) for txout in vout))
+        object.__setattr__(self, 'wit',
+                tuple(CTxInWitness.from_txinwitness(witness) for txinwitness in
+                    witness))
 
     @classmethod
     def stream_deserialize(cls, f):
         nVersion = struct.unpack(b"<i", ser_read(f,4))[0]
-        vin = VectorSerializer.stream_deserialize(CTxIn, f)
-        vout = VectorSerializer.stream_deserialize(CTxOut, f)
-        nLockTime = struct.unpack(b"<I", ser_read(f,4))[0]
-        return cls(vin, vout, nLockTime, nVersion)
+        pos = f.tell()
+        markerbyte = struct.unpack(b'B', ser_read(f, 1))[0]
+        if markerbyte == 0:
+            flagbyte = struct.unpack(b'B', ser_read(f, 1))[0]
+            if flagbyte != 1:
+                raise DeserializationFormatError
+            vin = VectorSerializer.stream_deserialize(CTxIn, f)
+            vout = VectorSerializer.stream_deserialize(CTxOut, f)
+            wit = VectorSerializer.stream_deserialize(CTxInWitness, f)
+            nLockTime = struct.unpack(b"<I", ser_read(f,4))[0]
+            return cls(vin, vout, nLockTime, nVersion, wit)
+        else:
+            f.seek(pos) # put marker byte back, since we don't have peek
+            vin = VectorSerializer.stream_deserialize(CTxIn, f)
+            vout = VectorSerializer.stream_deserialize(CTxOut, f)
+            nLockTime = struct.unpack(b"<I", ser_read(f,4))[0]
+            return cls(vin, vout, nLockTime, nVersion)
+
 
     def stream_serialize(self, f):
-        f.write(struct.pack(b"<i", self.nVersion))
-        VectorSerializer.stream_serialize(CTxIn, self.vin, f)
-        VectorSerializer.stream_serialize(CTxOut, self.vout, f)
-        f.write(struct.pack(b"<I", self.nLockTime))
+        if self.wit:
+            if len(self.wit) != len(self.vin):
+                raise SerializationMissingWitnessError
+            f.write(struct.pack(b"<i", self.nVersion))
+            f.write(b'\x00') # Marker
+            f.write(b'\x01') # Flag
+            VectorSerializer.stream_serialize(CTxIn, self.vin, f)
+            VectorSerializer.stream_serialize(CTxOut, self.vout, f)
+            for w in self.wit: w.stream_serialize(f)
+            f.write(struct.pack(b"<I", self.nLockTime))
+        else:
+            f.write(struct.pack(b"<i", self.nVersion))
+            VectorSerializer.stream_serialize(CTxIn, self.vin, f)
+            VectorSerializer.stream_serialize(CTxOut, self.vout, f)
+            f.write(struct.pack(b"<I", self.nLockTime))
 
     def is_coinbase(self):
         return len(self.vin) == 1 and self.vin[0].prevout.is_null()
 
     def __repr__(self):
-        return "CTransaction(%r, %r, %i, %i)" % (self.vin, self.vout, self.nLockTime, self.nVersion)
+        return "CTransaction(%r, %r, %i, %i, %r)" % (self.vin, self.vout,
+                self.nLockTime, self.nVersion, self.wit)
 
     @classmethod
     def from_tx(cls, tx):
@@ -354,7 +416,22 @@ def from_tx(cls, tx):
             return tx
 
         else:
-            return cls(tx.vin, tx.vout, tx.nLockTime, tx.nVersion)
+            return cls(tx.vin, tx.vout, tx.nLockTime, tx.nVersion, tx.wit)
+
+    def GetTxid(self):
+        """Get the transaction ID.  This differs from the transactions hash as
+            given by GetHash.  GetTxid excludes witness data, while GetHash
+            includes it. """
+        if self.wit:
+            wit = self.wit
+            self.wit = b''
+            txid = Hash(self.serialize())
+            self.wit = wit
+        else:
+            txid = Hash(self.serialize())
+        return txid
+
+
 
 
 @__make_mutable
@@ -362,7 +439,7 @@ class CMutableTransaction(CTransaction):
     """A mutable transaction"""
     __slots__ = []
 
-    def __init__(self, vin=None, vout=None, nLockTime=0, nVersion=1):
+    def __init__(self, vin=None, vout=None, nLockTime=0, nVersion=1, witness=CScriptWitness([])):
         if not (0 <= nLockTime <= 0xffffffff):
             raise ValueError('CTransaction: nLockTime must be in range 0x0 to 0xffffffff; got %x' % nLockTime)
         self.nLockTime = nLockTime
@@ -375,6 +452,7 @@ def __init__(self, vin=None, vout=None, nLockTime=0, nVersion=1):
             vout = []
         self.vout = vout
         self.nVersion = nVersion
+        self.wit = witness
 
     @classmethod
     def from_tx(cls, tx):
@@ -382,7 +460,7 @@ def from_tx(cls, tx):
         vin = [CMutableTxIn.from_txin(txin) for txin in tx.vin]
         vout = [CMutableTxOut.from_txout(txout) for txout in tx.vout]
 
-        return cls(vin, vout, tx.nLockTime, tx.nVersion)
+        return cls(vin, vout, tx.nLockTime, tx.nVersion, tx.wit)
 
 
 
@@ -478,7 +556,7 @@ def build_merkle_tree_from_txids(txids):
     @staticmethod
     def build_merkle_tree_from_txs(txs):
         """Build a full merkle tree from transactions"""
-        txids = [tx.GetHash() for tx in txs]
+        txids = [tx.GetTxid() for tx in txs]
         return CBlock.build_merkle_tree_from_txids(txids)
 
     def calc_merkle_root(self):
@@ -730,7 +808,7 @@ def CheckBlock(block, fCheckPoW = True, fCheckMerkleRoot = True, cur_time=None):
 
         CheckTransaction(tx)
 
-        txid = tx.GetHash()
+        txid = tx.GetTxid()
         if txid in unique_txids:
             raise CheckBlockError("CheckBlock() : duplicate transaction")
         unique_txids.add(txid)
diff --git a/bitcoin/core/script.py b/bitcoin/core/script.py
index 31edf53..cec498d 100644
--- a/bitcoin/core/script.py
+++ b/bitcoin/core/script.py
@@ -30,6 +30,8 @@
 import bitcoin.core
 import bitcoin.core._bignum
 
+from .serialize import *
+
 MAX_SCRIPT_SIZE = 10000
 MAX_SCRIPT_ELEMENT_SIZE = 520
 MAX_SCRIPT_OPCODES = 201
@@ -773,6 +775,37 @@ def GetSigOpCount(self, fAccurate):
             lastOpcode = opcode
         return n
 
+class CScriptWitness(ImmutableSerializable):
+    """An encoding of the data elements on the initial stack for (segregated
+        witness)
+    """
+    __slots__ = ['stack']
+
+    def __init__(self, stack=()):
+        object.__setattr__(self, 'stack', stack)
+
+    def __len__(self):
+        return len(self.stack)
+
+    def __iter__(self):
+        return iter(self.stack)
+
+    def __repr__(self):
+
+        return 'CScriptWitness(' + ','.join("x('%s')" % bitcoin.core.b2x(s) for s in self.stack) + ')'
+
+    @classmethod
+    def stream_deserialize(cls, f):
+        n = VarIntSerializer.stream_deserialize(f)
+        self.stack = []
+        for i in range(n):
+            self.stack.append(BytesSerializer.stream_deserialize(f))
+
+    def stream_serialize(self, f):
+        VarIntSerializer.stream_serialize(len(self.stack), f)
+        for s in self.stack:
+            BytesSerializer.stream_serialize(s, f)
+
 
 SIGHASH_ALL = 1
 SIGHASH_NONE = 2
@@ -894,6 +927,7 @@ def RawSignatureHash(script, txTo, inIdx, hashtype):
         txtmp.vin = []
         txtmp.vin.append(tmp)
 
+    txtmp.wit = ()
     s = txtmp.serialize()
     s += struct.pack(b"<I", hashtype)
 
@@ -1048,6 +1082,7 @@ def SignatureHash(script, txTo, inIdx, hashtype):
         'CScriptInvalidError',
         'CScriptTruncatedPushDataError',
         'CScript',
+        'CScriptWitness',
         'SIGHASH_ALL',
         'SIGHASH_NONE',
         'SIGHASH_SINGLE',
diff --git a/bitcoin/core/serialize.py b/bitcoin/core/serialize.py
index 425d7ba..e320715 100644
--- a/bitcoin/core/serialize.py
+++ b/bitcoin/core/serialize.py
@@ -55,6 +55,10 @@ class SerializationTruncationError(SerializationError):
     Thrown by deserialize() and stream_deserialize()
     """
 
+class SerializationMissingWitnessError(SerializationError):
+    """Missing witness data when serializing a segregated witness transaction
+    """
+
 class DeserializationExtraDataError(SerializationError):
     """Deserialized data had extra data at the end
 
@@ -67,6 +71,11 @@ def __init__(self, msg, obj, padding):
         self.obj = obj
         self.padding = padding
 
+class DeserializationFormatError(SerializationError):
+    """Deserialized data does not have the correct marker or flag bytes for a
+        segwit serialization
+    """
+
 def ser_read(f, n):
     """Read from a stream safely
 

From f4d1d2acda4b92efa06b5e5e3ac2e934ef8e3059 Mon Sep 17 00:00:00 2001
From: Bob McElrath <bob_git@mcelrath.org>
Date: Thu, 14 Jul 2016 13:58:28 -0400
Subject: [PATCH 2/7] BIP143 implementation and test vectors

---
 bitcoin/core/__init__.py     |   2 +-
 bitcoin/core/script.py       |  75 +++++++++++++++++++++++-
 bitcoin/core/serialize.py    |   2 +
 bitcoin/tests/test_segwit.py | 110 +++++++++++++++++++++++++++++++++++
 bitcoin/wallet.py            |   8 ++-
 5 files changed, 193 insertions(+), 4 deletions(-)
 create mode 100644 bitcoin/tests/test_segwit.py

diff --git a/bitcoin/core/__init__.py b/bitcoin/core/__init__.py
index a55ac73..c5c47c7 100644
--- a/bitcoin/core/__init__.py
+++ b/bitcoin/core/__init__.py
@@ -439,7 +439,7 @@ class CMutableTransaction(CTransaction):
     """A mutable transaction"""
     __slots__ = []
 
-    def __init__(self, vin=None, vout=None, nLockTime=0, nVersion=1, witness=CScriptWitness([])):
+    def __init__(self, vin=None, vout=None, nLockTime=0, nVersion=1, witness=None):
         if not (0 <= nLockTime <= 0xffffffff):
             raise ValueError('CTransaction: nLockTime must be in range 0x0 to 0xffffffff; got %x' % nLockTime)
         self.nLockTime = nLockTime
diff --git a/bitcoin/core/script.py b/bitcoin/core/script.py
index cec498d..baf0d40 100644
--- a/bitcoin/core/script.py
+++ b/bitcoin/core/script.py
@@ -24,6 +24,9 @@
     long = int
     _bchr = lambda x: bytes([x])
     _bord = lambda x: x
+    from io import BytesIO as _BytesIO
+else:
+    from cStringIO import StringIO as _BytesIO
 
 import struct
 
@@ -674,6 +677,24 @@ def is_p2sh(self):
                 _bord(self[1]) == 0x14 and
                 _bord(self[22]) == OP_EQUAL)
 
+    def is_witness_scriptpubkey(self):
+        return 3 <= len(self) <= 42 and CScriptOp(self[0]).is_small_int()
+
+    def witness_version(self):
+        return next(iter(self))
+
+    def is_witness_v0_keyhash(self):
+        return len(self) == 22 and self[0:2] == b'\x00\x14'
+
+    def is_witness_v0_nested_keyhash(self):
+        return len(self) == 23 and self[0:3] == b'\x16\x00\x14'
+
+    def is_witness_v0_scripthash(self):
+        return len(self) == 34 and self[0:2] == b'\x00\x20'
+
+    def is_witness_v0_nested_scripthash(self):
+        return len(self) == 23 and self[0:2] == b'\xa9\x14' and self[-1] == b'\x87'
+
     def is_push_only(self):
         """Test if the script only contains pushdata ops
 
@@ -935,14 +956,63 @@ def RawSignatureHash(script, txTo, inIdx, hashtype):
 
     return (hash, None)
 
+SIGVERSION_BASE = 0
+SIGVERSION_WITNESS_V0 = 1
 
-def SignatureHash(script, txTo, inIdx, hashtype):
+def SignatureHash(script, txTo, inIdx, hashtype, amount=None, sigversion=SIGVERSION_BASE):
     """Calculate a signature hash
 
     'Cooked' version that checks if inIdx is out of bounds - this is *not*
     consensus-correct behavior, but is what you probably want for general
     wallet use.
     """
+
+    if sigversion == SIGVERSION_WITNESS_V0:
+        hashPrevouts = b'\x00'*32
+        hashSequence = b'\x00'*32
+        hashOutputs  = b'\x00'*32
+
+        if not (hashtype & SIGHASH_ANYONECANPAY):
+            serialize_prevouts = bytes()
+            for i in txTo.vin:
+                serialize_prevouts += i.prevout.serialize()
+            hashPrevouts = bitcoin.core.Hash(serialize_prevouts)
+
+        if (not (hashtype & SIGHASH_ANYONECANPAY) and (hashtype & 0x1f) != SIGHASH_SINGLE and (hashtype & 0x1f) != SIGHASH_NONE):
+            serialize_sequence = bytes()
+            for i in txTo.vin:
+                serialize_sequence += struct.pack("<I", i.nSequence)
+            hashSequence = bitcoin.core.Hash(serialize_sequence)
+
+        if ((hashtype & 0x1f) != SIGHASH_SINGLE and (hashtype & 0x1f) != SIGHASH_NONE):
+            serialize_outputs = bytes()
+            for o in txTo.vout:
+                serialize_outputs += o.serialize()
+            hashOutputs = bitcoin.core.Hash(serialize_outputs)
+        elif ((hashtype & 0x1f) == SIGHASH_SINGLE and inIdx < len(txTo.vout)):
+            serialize_outputs = txTo.vout[inIdx].serialize()
+            hashOutputs = bitcoin.core.Hash(serialize_outputs)
+
+        f = _BytesIO()
+        f.write(struct.pack("<i", txTo.nVersion))
+        f.write(hashPrevouts)
+        f.write(hashSequence)
+        txTo.vin[inIdx].prevout.stream_serialize(f)
+        BytesSerializer.stream_serialize(script, f)
+        f.write(struct.pack("<q", amount))
+        f.write(struct.pack("<I", txTo.vin[inIdx].nSequence))
+        f.write(hashOutputs)
+        f.write(struct.pack("<i", txTo.nLockTime))
+        f.write(struct.pack("<I", hashtype))
+
+        return bitcoin.core.Hash(f.getvalue())
+
+    if script.is_witness_scriptpubkey():
+        print("WARNING: You seem to be attempting to sign a scriptPubKey from an")
+        print("WARNING: output with segregated witness.  This is NOT the correct")
+        print("WARNING: thing to sign. You should pass SignatureHash the corresponding")
+        print("WARNING: P2WPKH or P2WSH script instead.")
+
     (h, err) = RawSignatureHash(script, txTo, inIdx, hashtype)
     if err is not None:
         raise ValueError(err)
@@ -1091,4 +1161,7 @@ def SignatureHash(script, txTo, inIdx, hashtype):
         'RawSignatureHash',
         'SignatureHash',
         'IsLowDERSignature',
+
+        'SIGVERSION_BASE',
+        'SIGVERSION_WITNESS_V0',
 )
diff --git a/bitcoin/core/serialize.py b/bitcoin/core/serialize.py
index e320715..4b8349c 100644
--- a/bitcoin/core/serialize.py
+++ b/bitcoin/core/serialize.py
@@ -371,7 +371,9 @@ def uint256_to_shortstr(u):
         'Hash160',
         'SerializationError',
         'SerializationTruncationError',
+        'SerializationMissingWitnessError',
         'DeserializationExtraDataError',
+        'DeserializationFormatError',
         'ser_read',
         'Serializable',
         'ImmutableSerializable',
diff --git a/bitcoin/tests/test_segwit.py b/bitcoin/tests/test_segwit.py
new file mode 100644
index 0000000..f10e2ae
--- /dev/null
+++ b/bitcoin/tests/test_segwit.py
@@ -0,0 +1,110 @@
+# Copyright (C) 2016 The python-bitcoinlib developers
+#
+# This file is part of python-bitcoinlib.
+#
+# It is subject to the license terms in the LICENSE file found in the top-level
+# directory of this distribution.
+#
+# No part of python-bitcoinlib, including this file, may be copied, modified,
+# propagated, or distributed except according to the terms contained in the
+# LICENSE file.
+
+from __future__ import absolute_import, division, print_function, unicode_literals
+
+import unittest
+
+from bitcoin.core import *
+from bitcoin.core.script import *
+from bitcoin.wallet import *
+
+# Test serialization
+
+
+class Test_Segwit(unittest.TestCase):
+
+    # Test BIP 143 vectors
+    def test_p2wpkh_signaturehash(self):
+        unsigned_tx  = x('0100000002fff7f7881a8099afa6940d42d1e7f6362bec38171ea3edf433541db4e4ad969f0000000000eeffffffef51e1b804cc89d182d279655c3aa89e815b1b309fe287d9b2b55d57b90ec68a0100000000ffffffff02202cb206000000001976a9148280b37df378db99f66f85c95a783a76ac7a6d5988ac9093510d000000001976a9143bde42dbee7e4dbe6a21b2d50ce2f0167faa815988ac11000000')
+        scriptpubkey  = CScript(x('00141d0f172a0ecb48aee1be1f2687d2963ae33f71a1'))
+        value         = int(6*COIN)
+
+        address = CBitcoinAddress.from_scriptPubKey(scriptpubkey)
+        self.assertEqual(SignatureHash(address.to_scriptPubKey(), CTransaction.deserialize(unsigned_tx), 
+                1, SIGHASH_ALL, value, SIGVERSION_WITNESS_V0), 
+            x('c37af31116d1b27caf68aae9e3ac82f1477929014d5b917657d0eb49478cb670'))
+
+    def test_p2sh_p2wpkh_signaturehash(self):
+        unsigned_tx   = x('0100000001db6b1b20aa0fd7b23880be2ecbd4a98130974cf4748fb66092ac4d3ceb1a54770100000000feffffff02b8b4eb0b000000001976a914a457b684d7f0d539a46a45bbc043f35b59d0d96388ac0008af2f000000001976a914fd270b1ee6abcaea97fea7ad0402e8bd8ad6d77c88ac92040000')
+        scriptpubkey  = CScript(x('a9144733f37cf4db86fbc2efed2500b4f4e49f31202387'))
+        redeemscript  = CScript(x('001479091972186c449eb1ded22b78e40d009bdf0089'))
+        value         = int(10*COIN)
+
+        address = CBitcoinAddress.from_scriptPubKey(redeemscript)
+        self.assertEqual(SignatureHash(address.to_scriptPubKey(), CTransaction.deserialize(unsigned_tx), 
+                0, SIGHASH_ALL, value, SIGVERSION_WITNESS_V0), 
+            x('64f3b0f4dd2bb3aa1ce8566d220cc74dda9df97d8490cc81d89d735c92e59fb6'))
+
+    def test_p2wsh_signaturehash1(self):
+        unsigned_tx   = x('0100000002fe3dc9208094f3ffd12645477b3dc56f60ec4fa8e6f5d67c565d1c6b9216b36e0000000000ffffffff0815cf020f013ed6cf91d29f4202e8a58726b1ac6c79da47c23d1bee0a6925f80000000000ffffffff0100f2052a010000001976a914a30741f8145e5acadf23f751864167f32e0963f788ac00000000')
+        scriptpubkey1 = CScript(x('21036d5c20fa14fb2f635474c1dc4ef5909d4568e5569b79fc94d3448486e14685f8ac'))
+        value1        = int(1.5625*COIN)
+        scriptpubkey2 = CScript(x('00205d1b56b63d714eebe542309525f484b7e9d6f686b3781b6f61ef925d66d6f6a0'))
+        value2        = int(49*COIN)
+        scriptcode1   = CScript(x('21026dccc749adc2a9d0d89497ac511f760f45c47dc5ed9cf352a58ac706453880aeadab210255a9626aebf5e29c0e6538428ba0d1dcf6ca98ffdf086aa8ced5e0d0215ea465ac'))
+        # This is the same script with everything up to the last executed OP_CODESEPARATOR, including that
+        # OP_CODESEPARATOR removed
+        scriptcode2   = CScript(x('210255a9626aebf5e29c0e6538428ba0d1dcf6ca98ffdf086aa8ced5e0d0215ea465ac'))
+
+        self.assertEqual(SignatureHash(scriptcode1, CTransaction.deserialize(unsigned_tx), 
+                1, SIGHASH_SINGLE, value2, SIGVERSION_WITNESS_V0), 
+            x('82dde6e4f1e94d02c2b7ad03d2115d691f48d064e9d52f58194a6637e4194391'))
+        self.assertEqual(SignatureHash(scriptcode2, CTransaction.deserialize(unsigned_tx), 
+                1, SIGHASH_SINGLE, value2, SIGVERSION_WITNESS_V0), 
+            x('fef7bd749cce710c5c052bd796df1af0d935e59cea63736268bcbe2d2134fc47'))
+
+    def test_p2wsh_signaturehash2(self): 
+        unsigned_tx   = x('0100000002e9b542c5176808107ff1df906f46bb1f2583b16112b95ee5380665ba7fcfc0010000000000ffffffff80e68831516392fcd100d186b3c2c7b95c80b53c77e77c35ba03a66b429a2a1b0000000000ffffffff0280969800000000001976a914de4b231626ef508c9a74a8517e6783c0546d6b2888ac80969800000000001976a9146648a8cd4531e1ec47f35916de8e259237294d1e88ac00000000')
+        scriptpubkey1 = CScript(x('0020ba468eea561b26301e4cf69fa34bde4ad60c81e70f059f045ca9a79931004a4d'))
+        value1        = int(0.16777215*COIN)
+        witnessscript1= CScript(x('0063ab68210392972e2eb617b2388771abe27235fd5ac44af8e61693261550447a4c3e39da98ac'))
+        scriptcode1   = CScript(x('0063ab68210392972e2eb617b2388771abe27235fd5ac44af8e61693261550447a4c3e39da98ac'))
+        scriptpubkey2 = CScript(x('0020d9bbfbe56af7c4b7f960a70d7ea107156913d9e5a26b0a71429df5e097ca6537'))
+        value2        = int(0.16777215*COIN)
+        witnessscript2= CScript(x('5163ab68210392972e2eb617b2388771abe27235fd5ac44af8e61693261550447a4c3e39da98ac'))
+        scriptcode2   = CScript(x('68210392972e2eb617b2388771abe27235fd5ac44af8e61693261550447a4c3e39da98ac'))
+
+        self.assertEqual(SignatureHash(scriptcode1, CTransaction.deserialize(unsigned_tx), 
+                0, SIGHASH_SINGLE|SIGHASH_ANYONECANPAY, value1, SIGVERSION_WITNESS_V0), 
+            x('e9071e75e25b8a1e298a72f0d2e9f4f95a0f5cdf86a533cda597eb402ed13b3a'))
+        self.assertEqual(SignatureHash(scriptcode2, CTransaction.deserialize(unsigned_tx), 
+                1, SIGHASH_SINGLE|SIGHASH_ANYONECANPAY, value2, SIGVERSION_WITNESS_V0), 
+            x('cd72f1f1a433ee9df816857fad88d8ebd97e09a75cd481583eb841c330275e54'))
+
+    def test_p2sh_p2wsh_signaturehash(self): 
+        unsigned_tx   = x('010000000136641869ca081e70f394c6948e8af409e18b619df2ed74aa106c1ca29787b96e0100000000ffffffff0200e9a435000000001976a914389ffce9cd9ae88dcc0631e88a821ffdbe9bfe2688acc0832f05000000001976a9147480a33f950689af511e6e84c138dbbd3c3ee41588ac00000000')
+
+        scriptPubKey = CScript(x('a9149993a429037b5d912407a71c252019287b8d27a587'))
+        value        = int(9.87654321*COIN)
+        redeemScript = CScript(x('0020a16b5755f7f6f96dbd65f5f0d6ab9418b89af4b1f14a1bb8a09062c35f0dcb54'))
+        witnessscript= CScript(x('56210307b8ae49ac90a048e9b53357a2354b3334e9c8bee813ecb98e99a7e07e8c3ba32103b28f0c28bfab54554ae8c658ac5c3e0ce6e79ad336331f78c428dd43eea8449b21034b8113d703413d57761b8b9781957b8c0ac1dfe69f492580ca4195f50376ba4a21033400f6afecb833092a9a21cfdf1ed1376e58c5d1f47de74683123987e967a8f42103a6d48b1131e94ba04d9737d61acdaa1322008af9602b3b14862c07a1789aac162102d8b661b0b3302ee2f162b09e07a55ad5dfbe673a9f01d9f0c19617681024306b56ae'))
+
+        self.assertEqual(SignatureHash(witnessscript, CTransaction.deserialize(unsigned_tx), 
+                0, SIGHASH_ALL, value, SIGVERSION_WITNESS_V0), 
+            x('185c0be5263dce5b4bb50a047973c1b6272bfbd0103a89444597dc40b248ee7c'))
+        self.assertEqual(SignatureHash(witnessscript, CTransaction.deserialize(unsigned_tx), 
+                0, SIGHASH_NONE, value, SIGVERSION_WITNESS_V0), 
+            x('e9733bc60ea13c95c6527066bb975a2ff29a925e80aa14c213f686cbae5d2f36'))
+        self.assertEqual(SignatureHash(witnessscript, CTransaction.deserialize(unsigned_tx), 
+                0, SIGHASH_SINGLE, value, SIGVERSION_WITNESS_V0), 
+            x('1e1f1c303dc025bd664acb72e583e933fae4cff9148bf78c157d1e8f78530aea'))
+        self.assertEqual(SignatureHash(witnessscript, CTransaction.deserialize(unsigned_tx), 
+                0, SIGHASH_ALL|SIGHASH_ANYONECANPAY, value, SIGVERSION_WITNESS_V0), 
+            x('2a67f03e63a6a422125878b40b82da593be8d4efaafe88ee528af6e5a9955c6e'))
+        self.assertEqual(SignatureHash(witnessscript, CTransaction.deserialize(unsigned_tx), 
+                0, SIGHASH_NONE|SIGHASH_ANYONECANPAY, value, SIGVERSION_WITNESS_V0), 
+            x('781ba15f3779d5542ce8ecb5c18716733a5ee42a6f51488ec96154934e2c890a'))
+        self.assertEqual(SignatureHash(witnessscript, CTransaction.deserialize(unsigned_tx), 
+                0, SIGHASH_SINGLE|SIGHASH_ANYONECANPAY, value, SIGVERSION_WITNESS_V0), 
+            x('511e8e52ed574121fc1b654970395502128263f62662e076dc6baf05c2e6a99b'))
+        
+
diff --git a/bitcoin/wallet.py b/bitcoin/wallet.py
index c6e6779..3c463a3 100644
--- a/bitcoin/wallet.py
+++ b/bitcoin/wallet.py
@@ -165,7 +165,11 @@ def from_scriptPubKey(cls, scriptPubKey, accept_non_canonical_pushdata=True, acc
             except bitcoin.core.script.CScriptInvalidError:
                 raise CBitcoinAddressError('not a P2PKH scriptPubKey: script is invalid')
 
-        if (len(scriptPubKey) == 25
+        if scriptPubKey.is_witness_v0_keyhash():
+            return cls.from_bytes(scriptPubKey[2:22], bitcoin.params.BASE58_PREFIXES['PUBKEY_ADDR'])
+        elif scriptPubKey.is_witness_v0_nested_keyhash():
+            return cls.from_bytes(scriptPubKey[3:23], bitcoin.params.BASE58_PREFIXES['PUBKEY_ADDR'])
+        elif (len(scriptPubKey) == 25
                 and _bord(scriptPubKey[0])  == script.OP_DUP
                 and _bord(scriptPubKey[1])  == script.OP_HASH160
                 and _bord(scriptPubKey[2])  == 0x14
@@ -195,7 +199,7 @@ def from_scriptPubKey(cls, scriptPubKey, accept_non_canonical_pushdata=True, acc
 
         raise CBitcoinAddressError('not a P2PKH scriptPubKey')
 
-    def to_scriptPubKey(self):
+    def to_scriptPubKey(self, nested=False):
         """Convert an address to a scriptPubKey"""
         assert self.nVersion == bitcoin.params.BASE58_PREFIXES['PUBKEY_ADDR']
         return script.CScript([script.OP_DUP, script.OP_HASH160, self, script.OP_EQUALVERIFY, script.OP_CHECKSIG])

From eca69b706ffb2dfb5abb9858685bac206d69f49d Mon Sep 17 00:00:00 2001
From: Bob McElrath <bob_git@mcelrath.org>
Date: Tue, 19 Jul 2016 19:31:59 -0400
Subject: [PATCH 3/7] CTxWitness class, new message types

---
 bitcoin/core/__init__.py | 70 +++++++++++++++++++++++++++++++---------
 bitcoin/core/script.py   | 18 ++++++++---
 bitcoin/messages.py      | 13 ++++++++
 bitcoin/net.py           |  3 +-
 4 files changed, 83 insertions(+), 21 deletions(-)

diff --git a/bitcoin/core/__init__.py b/bitcoin/core/__init__.py
index c5c47c7..d4d428c 100644
--- a/bitcoin/core/__init__.py
+++ b/bitcoin/core/__init__.py
@@ -306,12 +306,15 @@ def from_txout(cls, txout):
 
 
 class CTxInWitness(ImmutableSerializable):
-    """Witness data for a transaction input. """
+    """Witness data for a single transaction input. """
     __slots__ = ['scriptWitness']
 
     def __init__(self, scriptWitness=CScriptWitness()):
         object.__setattr__(self, 'scriptWitness', scriptWitness)
 
+    def is_null(self):
+        return self.scriptWitness.is_null()
+
     @classmethod
     def stream_deserialize(cls, f):
         scriptWitness = CScriptWitness.stream_deserialize(f)
@@ -336,12 +339,50 @@ def from_txinwitness(cls, txinwitness):
         else:
             return cls(txinwitness.scriptWitness)
 
+class CTxWitness(ImmutableSerializable):
+    """Witness data for all inputs to a transaction."""
+    __slots__ = ['vtxinwit']
+
+    def __init__(self, vtxinwit=()):
+        object.__setattr__(self, 'vtxinwit', vtxinwit)
+
+    def is_null(self):
+        for n in range(len(self.vtxinwit)):
+            if not self.vtxinwit[n].is_null(): return False
+        return True
+
+    # FIXME this cannot be a @classmethod like the others because we need to
+    # know how many items to deserialize, which comes from len(vin)
+    def stream_deserialize(self, f):
+        vtxinwit = tuple(CTxInWitness.stream_deserialize(f) for dummy in
+                range(len(self.vtxinwit)))
+        return CTxWitness(vtxinwit)
+
+    def stream_serialize(self, f):
+        for i in range(len(self.vtxinwit)):
+            self.vtxinwit[i].stream_serialize(f)
+
+    def __repr__(self):
+        return "CTxWitness(%s)" % (','.join(repr(w) for w in self.vtxinwit))
+
+    @classmethod
+    def from_txwitness(cls, txwitness):
+        """Create an immutable copy of an existing TxWitness
+
+        If txwitness is already immutable (txwitness.__class__ is CTxWitness) it is returned
+        directly.
+        """
+        if txwitness.__class__ is CTxWitness:
+            return txwitness
+        else:
+            return cls(txwitness.vtxinwit)
+
 
 class CTransaction(ImmutableSerializable):
     """A transaction"""
     __slots__ = ['nVersion', 'vin', 'vout', 'nLockTime', 'wit']
 
-    def __init__(self, vin=(), vout=(), nLockTime=0, nVersion=1, witness=()):
+    def __init__(self, vin=(), vout=(), nLockTime=0, nVersion=1, witness=CTxWitness()):
         """Create a new transaction
 
         vin and vout are iterables of transaction inputs and outputs
@@ -351,13 +392,10 @@ def __init__(self, vin=(), vout=(), nLockTime=0, nVersion=1, witness=()):
         if not (0 <= nLockTime <= 0xffffffff):
             raise ValueError('CTransaction: nLockTime must be in range 0x0 to 0xffffffff; got %x' % nLockTime)
         object.__setattr__(self, 'nLockTime', nLockTime)
-
         object.__setattr__(self, 'nVersion', nVersion)
         object.__setattr__(self, 'vin', tuple(CTxIn.from_txin(txin) for txin in vin))
         object.__setattr__(self, 'vout', tuple(CTxOut.from_txout(txout) for txout in vout))
-        object.__setattr__(self, 'wit',
-                tuple(CTxInWitness.from_txinwitness(witness) for txinwitness in
-                    witness))
+        object.__setattr__(self, 'wit', CTxWitness.from_txwitness(witness))
 
     @classmethod
     def stream_deserialize(cls, f):
@@ -370,7 +408,8 @@ def stream_deserialize(cls, f):
                 raise DeserializationFormatError
             vin = VectorSerializer.stream_deserialize(CTxIn, f)
             vout = VectorSerializer.stream_deserialize(CTxOut, f)
-            wit = VectorSerializer.stream_deserialize(CTxInWitness, f)
+            wit = CTxWitness(tuple(0 for dummy in range(len(vin))))
+            wit = wit.stream_deserialize(f)
             nLockTime = struct.unpack(b"<I", ser_read(f,4))[0]
             return cls(vin, vout, nLockTime, nVersion, wit)
         else:
@@ -382,15 +421,15 @@ def stream_deserialize(cls, f):
 
 
     def stream_serialize(self, f):
-        if self.wit:
-            if len(self.wit) != len(self.vin):
+        if not self.wit.is_null():
+            if len(self.wit.vtxinwit) != len(self.vin):
                 raise SerializationMissingWitnessError
             f.write(struct.pack(b"<i", self.nVersion))
             f.write(b'\x00') # Marker
             f.write(b'\x01') # Flag
             VectorSerializer.stream_serialize(CTxIn, self.vin, f)
             VectorSerializer.stream_serialize(CTxOut, self.vout, f)
-            for w in self.wit: w.stream_serialize(f)
+            self.wit.stream_serialize(f)
             f.write(struct.pack(b"<I", self.nLockTime))
         else:
             f.write(struct.pack(b"<i", self.nVersion))
@@ -422,11 +461,9 @@ def GetTxid(self):
         """Get the transaction ID.  This differs from the transactions hash as
             given by GetHash.  GetTxid excludes witness data, while GetHash
             includes it. """
-        if self.wit:
-            wit = self.wit
-            self.wit = b''
-            txid = Hash(self.serialize())
-            self.wit = wit
+        if self.wit != CTxWitness():
+            txid = Hash(CTransaction(self.vin, self.vout, self.nLockTime,
+                self.nVersion).serialize())
         else:
             txid = Hash(self.serialize())
         return txid
@@ -452,6 +489,9 @@ def __init__(self, vin=None, vout=None, nLockTime=0, nVersion=1, witness=None):
             vout = []
         self.vout = vout
         self.nVersion = nVersion
+
+        if witness is None:
+            witness = CTxWitness([CTxInWitness() for dummy in range(len(vin))])
         self.wit = witness
 
     @classmethod
diff --git a/bitcoin/core/script.py b/bitcoin/core/script.py
index baf0d40..f98b484 100644
--- a/bitcoin/core/script.py
+++ b/bitcoin/core/script.py
@@ -678,21 +678,28 @@ def is_p2sh(self):
                 _bord(self[22]) == OP_EQUAL)
 
     def is_witness_scriptpubkey(self):
+        """Returns true if this is a scriptpubkey signaling segregated witness
+        data. """
         return 3 <= len(self) <= 42 and CScriptOp(self[0]).is_small_int()
 
     def witness_version(self):
+        """Returns the witness version on [0,16]. """
         return next(iter(self))
 
     def is_witness_v0_keyhash(self):
+        """Returns true if this is a scriptpubkey for V0 P2WPKH. """
         return len(self) == 22 and self[0:2] == b'\x00\x14'
 
     def is_witness_v0_nested_keyhash(self):
+        """Returns true if this is a scriptpubkey for V0 P2WPKH embedded in P2SH. """
         return len(self) == 23 and self[0:3] == b'\x16\x00\x14'
 
     def is_witness_v0_scripthash(self):
+        """Returns true if this is a scriptpubkey for V0 P2WSH. """
         return len(self) == 34 and self[0:2] == b'\x00\x20'
 
     def is_witness_v0_nested_scripthash(self):
+        """Returns true if this is a scriptpubkey for V0 P2WSH embedded in P2SH. """
         return len(self) == 23 and self[0:2] == b'\xa9\x14' and self[-1] == b'\x87'
 
     def is_push_only(self):
@@ -812,15 +819,16 @@ def __iter__(self):
         return iter(self.stack)
 
     def __repr__(self):
-
         return 'CScriptWitness(' + ','.join("x('%s')" % bitcoin.core.b2x(s) for s in self.stack) + ')'
 
+    def is_null(self):
+        return len(self.stack) == 0
+
     @classmethod
     def stream_deserialize(cls, f):
         n = VarIntSerializer.stream_deserialize(f)
-        self.stack = []
-        for i in range(n):
-            self.stack.append(BytesSerializer.stream_deserialize(f))
+        stack = tuple(BytesSerializer.stream_deserialize(f) for i in range(n))
+        return cls(stack)
 
     def stream_serialize(self, f):
         VarIntSerializer.stream_serialize(len(self.stack), f)
@@ -948,7 +956,7 @@ def RawSignatureHash(script, txTo, inIdx, hashtype):
         txtmp.vin = []
         txtmp.vin.append(tmp)
 
-    txtmp.wit = ()
+    txtmp.wit = bitcoin.core.CTxWitness()
     s = txtmp.serialize()
     s += struct.pack(b"<I", hashtype)
 
diff --git a/bitcoin/messages.py b/bitcoin/messages.py
index 27e9aaf..b19fa25 100644
--- a/bitcoin/messages.py
+++ b/bitcoin/messages.py
@@ -35,9 +35,16 @@
 from bitcoin.net import *
 import bitcoin
 
+MSG_WITNESS_FLAG = 1 << 30
+MSG_TYPE_MASK = 0xffffffff >> 2
+
 MSG_TX = 1
 MSG_BLOCK = 2
 MSG_FILTERED_BLOCK = 3
+MSG_CMPCT_BLOCK = 4
+MSG_WITNESS_BLOCK = MSG_BLOCK | MSG_WITNESS_FLAG,
+MSG_WITNESS_TX = MSG_TX | MSG_WITNESS_FLAG,
+MSG_FILTERED_WITNESS_BLOCK = MSG_FILTERED_BLOCK | MSG_WITNESS_FLAG,
 
 
 class MsgSerializable(Serializable):
@@ -499,6 +506,12 @@ def __repr__(self):
         'MSG_TX',
         'MSG_BLOCK',
         'MSG_FILTERED_BLOCK',
+        'MSG_CMPCT_BLOCK',
+        'MSG_TYPE_MASK',
+        'MSG_WITNESS_TX',
+        'MSG_WITNESS_BLOCK',
+        'MSG_WITNESS_FLAG',
+        'MSG_FILTERED_WITNESS_BLOCK',
         'MsgSerializable',
         'msg_version',
         'msg_verack',
diff --git a/bitcoin/net.py b/bitcoin/net.py
index aa49f5c..c0ddef9 100644
--- a/bitcoin/net.py
+++ b/bitcoin/net.py
@@ -76,7 +76,8 @@ class CInv(Serializable):
         0: "Error",
         1: "TX",
         2: "Block",
-        3: "FilteredBlock"}
+        3: "FilteredBlock",
+        4: "CompactBlock"}
 
     def __init__(self):
         self.type = 0

From 0c09892b002afdb8cd918d47ad31bc93f2400c8c Mon Sep 17 00:00:00 2001
From: Bob McElrath <bob_git@mcelrath.org>
Date: Wed, 20 Jul 2016 16:25:08 -0400
Subject: [PATCH 4/7] Encode hashtype as signed (following bitcoind)

---
 bitcoin/core/script.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/bitcoin/core/script.py b/bitcoin/core/script.py
index f98b484..b5ffdfa 100644
--- a/bitcoin/core/script.py
+++ b/bitcoin/core/script.py
@@ -958,7 +958,7 @@ def RawSignatureHash(script, txTo, inIdx, hashtype):
 
     txtmp.wit = bitcoin.core.CTxWitness()
     s = txtmp.serialize()
-    s += struct.pack(b"<I", hashtype)
+    s += struct.pack(b"<i", hashtype)
 
     hash = bitcoin.core.Hash(s)
 
@@ -1011,7 +1011,7 @@ def SignatureHash(script, txTo, inIdx, hashtype, amount=None, sigversion=SIGVERS
         f.write(struct.pack("<I", txTo.vin[inIdx].nSequence))
         f.write(hashOutputs)
         f.write(struct.pack("<i", txTo.nLockTime))
-        f.write(struct.pack("<I", hashtype))
+        f.write(struct.pack("<i", hashtype))
 
         return bitcoin.core.Hash(f.getvalue())
 

From d8a1a0f35639a8443052584a5bbd0310069631eb Mon Sep 17 00:00:00 2001
From: Bob McElrath <bob_git@mcelrath.org>
Date: Wed, 20 Jul 2016 18:30:29 -0400
Subject: [PATCH 5/7] Closely match Core's (de-)serialization; remove old test
 case

---
 bitcoin/core/__init__.py           | 23 +++++++++++++----------
 bitcoin/core/serialize.py          | 11 -----------
 bitcoin/tests/data/tx_invalid.json |  5 -----
 3 files changed, 13 insertions(+), 26 deletions(-)

diff --git a/bitcoin/core/__init__.py b/bitcoin/core/__init__.py
index d4d428c..5360cb3 100644
--- a/bitcoin/core/__init__.py
+++ b/bitcoin/core/__init__.py
@@ -399,13 +399,19 @@ def __init__(self, vin=(), vout=(), nLockTime=0, nVersion=1, witness=CTxWitness(
 
     @classmethod
     def stream_deserialize(cls, f):
+        """Deserialize a transaction.  This implementation corresponds to
+            Bitcoin's SerializeTransaction() and consensus behavior.  Note that
+            Bitcoin's DecodeHexTx() also has the option to attempt deserializing
+            as a non-witness transaction first, falling back to the consensus
+            behavior if it fails.  The difference lies in transactions which
+            have zero inputs: they are invalid but may be (de-)serialized anyway
+            for the purpose of signing them and adding inputs.  If the behavior
+            of DecodeHexTx() is needed it could be added, but not here.  """
         nVersion = struct.unpack(b"<i", ser_read(f,4))[0]
         pos = f.tell()
         markerbyte = struct.unpack(b'B', ser_read(f, 1))[0]
-        if markerbyte == 0:
-            flagbyte = struct.unpack(b'B', ser_read(f, 1))[0]
-            if flagbyte != 1:
-                raise DeserializationFormatError
+        flagbyte = struct.unpack(b'B', ser_read(f, 1))[0]
+        if markerbyte == 0 and flagbyte == 1:
             vin = VectorSerializer.stream_deserialize(CTxIn, f)
             vout = VectorSerializer.stream_deserialize(CTxOut, f)
             wit = CTxWitness(tuple(0 for dummy in range(len(vin))))
@@ -421,21 +427,18 @@ def stream_deserialize(cls, f):
 
 
     def stream_serialize(self, f):
+        f.write(struct.pack(b"<i", self.nVersion))
         if not self.wit.is_null():
-            if len(self.wit.vtxinwit) != len(self.vin):
-                raise SerializationMissingWitnessError
-            f.write(struct.pack(b"<i", self.nVersion))
+            assert(len(self.wit.vtxinwit) <= len(self.vin))
             f.write(b'\x00') # Marker
             f.write(b'\x01') # Flag
             VectorSerializer.stream_serialize(CTxIn, self.vin, f)
             VectorSerializer.stream_serialize(CTxOut, self.vout, f)
             self.wit.stream_serialize(f)
-            f.write(struct.pack(b"<I", self.nLockTime))
         else:
-            f.write(struct.pack(b"<i", self.nVersion))
             VectorSerializer.stream_serialize(CTxIn, self.vin, f)
             VectorSerializer.stream_serialize(CTxOut, self.vout, f)
-            f.write(struct.pack(b"<I", self.nLockTime))
+        f.write(struct.pack(b"<I", self.nLockTime))
 
     def is_coinbase(self):
         return len(self.vin) == 1 and self.vin[0].prevout.is_null()
diff --git a/bitcoin/core/serialize.py b/bitcoin/core/serialize.py
index 4b8349c..425d7ba 100644
--- a/bitcoin/core/serialize.py
+++ b/bitcoin/core/serialize.py
@@ -55,10 +55,6 @@ class SerializationTruncationError(SerializationError):
     Thrown by deserialize() and stream_deserialize()
     """
 
-class SerializationMissingWitnessError(SerializationError):
-    """Missing witness data when serializing a segregated witness transaction
-    """
-
 class DeserializationExtraDataError(SerializationError):
     """Deserialized data had extra data at the end
 
@@ -71,11 +67,6 @@ def __init__(self, msg, obj, padding):
         self.obj = obj
         self.padding = padding
 
-class DeserializationFormatError(SerializationError):
-    """Deserialized data does not have the correct marker or flag bytes for a
-        segwit serialization
-    """
-
 def ser_read(f, n):
     """Read from a stream safely
 
@@ -371,9 +362,7 @@ def uint256_to_shortstr(u):
         'Hash160',
         'SerializationError',
         'SerializationTruncationError',
-        'SerializationMissingWitnessError',
         'DeserializationExtraDataError',
-        'DeserializationFormatError',
         'ser_read',
         'Serializable',
         'ImmutableSerializable',
diff --git a/bitcoin/tests/data/tx_invalid.json b/bitcoin/tests/data/tx_invalid.json
index faf40ef..2bfe7c7 100644
--- a/bitcoin/tests/data/tx_invalid.json
+++ b/bitcoin/tests/data/tx_invalid.json
@@ -23,11 +23,6 @@
 [[["0000000000000000000000000000000000000000000000000000000000000100", 0, "HASH160 0x14 0x7a052c840ba73af26755de42cf01cc9e0a49fef0 EQUAL"]],
 "010000000100010000000000000000000000000000000000000000000000000000000000000000000009085768617420697320ffffffff010000000000000000015100000000", true],
 
-["Tests for CheckTransaction()"],
-["No inputs"],
-[[["0000000000000000000000000000000000000000000000000000000000000100", 0, "HASH160 0x14 0x7a052c840ba73af26755de42cf01cc9e0a49fef0 EQUAL"]],
-"0100000000010000000000000000015100000000", true],
-
 ["No outputs"],
 [[["0000000000000000000000000000000000000000000000000000000000000100", 0, "HASH160 0x14 0x05ab9e14d983742513f0f451e105ffb4198d1dd4 EQUAL"]],
 "01000000010001000000000000000000000000000000000000000000000000000000000000000000006d483045022100f16703104aab4e4088317c862daec83440242411b039d14280e03dd33b487ab802201318a7be236672c5c56083eb7a5a195bc57a40af7923ff8545016cd3b571e2a601232103c40e5d339df3f30bf753e7e04450ae4ef76c9e45587d1d993bdc4cd06f0651c7acffffffff0000000000", true],

From 2b505965269db1fc00ff5a523f6aa31c20043415 Mon Sep 17 00:00:00 2001
From: the9ull <the9ull@users.noreply.github.com>
Date: Thu, 2 Feb 2017 17:28:49 +0100
Subject: [PATCH 6/7] Add segwit block (de)serialization. (#9)

Add witness merkle tree;
Add parameters to stream_(de)serialize and (de)serialize methods;
Check witness merkle tree.
CheckBlock:
 - check MAX_BLOCK_WEIGHT;
 - check witness witnessScript;
 - check witness commitment.
---
 bitcoin/core/__init__.py     | 123 +++++++++++++++++++++++++++++++----
 bitcoin/core/serialize.py    |  20 +++---
 bitcoin/tests/test_segwit.py |  31 +++++++++
 3 files changed, 152 insertions(+), 22 deletions(-)

diff --git a/bitcoin/core/__init__.py b/bitcoin/core/__init__.py
index 5360cb3..2b1d0dc 100644
--- a/bitcoin/core/__init__.py
+++ b/bitcoin/core/__init__.py
@@ -16,14 +16,21 @@
 import sys
 import time
 
-from .script import CScript, CScriptWitness
+from .script import CScript, CScriptWitness, CScriptOp, OP_RETURN
 
 from .serialize import *
 
+if sys.version > '3':
+    _bytes = bytes
+else:
+    _bytes = lambda x: bytes(bytearray(x))
+
 # Core definitions
 COIN = 100000000
 MAX_BLOCK_SIZE = 1000000
+MAX_BLOCK_WEIGHT = 4000000
 MAX_BLOCK_SIGOPS = MAX_BLOCK_SIZE/50
+WITNESS_COINBASE_SCRIPTPUBKEY_MAGIC = _bytes([OP_RETURN, 0x24, 0xaa, 0x21, 0xa9, 0xed])
 
 def MoneyRange(nValue, params=None):
     global coreparams
@@ -426,9 +433,9 @@ def stream_deserialize(cls, f):
             return cls(vin, vout, nLockTime, nVersion)
 
 
-    def stream_serialize(self, f):
+    def stream_serialize(self, f, include_witness=True):
         f.write(struct.pack(b"<i", self.nVersion))
-        if not self.wit.is_null():
+        if include_witness and not self.wit.is_null():
             assert(len(self.wit.vtxinwit) <= len(self.vin))
             f.write(b'\x00') # Marker
             f.write(b'\x01') # Flag
@@ -443,6 +450,10 @@ def stream_serialize(self, f):
     def is_coinbase(self):
         return len(self.vin) == 1 and self.vin[0].prevout.is_null()
 
+    def has_witness(self):
+        """True if witness"""
+        return not self.wit.is_null()
+
     def __repr__(self):
         return "CTransaction(%r, %r, %i, %i, %r)" % (self.vin, self.vout,
                 self.nLockTime, self.nVersion, self.wit)
@@ -561,9 +572,12 @@ def __repr__(self):
                 (self.__class__.__name__, self.nVersion, b2lx(self.hashPrevBlock), b2lx(self.hashMerkleRoot),
                  self.nTime, self.nBits, self.nNonce)
 
+class NoWitnessData(Exception):
+    """The block does not have witness data"""
+
 class CBlock(CBlockHeader):
     """A block including all transactions in it"""
-    __slots__ = ['vtx', 'vMerkleTree']
+    __slots__ = ['vtx', 'vMerkleTree', 'vWitnessMerkleTree']
 
     @staticmethod
     def build_merkle_tree_from_txids(txids):
@@ -612,12 +626,60 @@ def calc_merkle_root(self):
             raise ValueError('Block contains no transactions')
         return self.build_merkle_tree_from_txs(self.vtx)[-1]
 
+    @staticmethod
+    def build_witness_merkle_tree_from_txs(txs):
+        """Calculate the witness merkle tree from transactions"""
+        has_witness = False
+        hashes = []
+        for tx in txs:
+            hashes.append(tx.GetHash())
+            has_witness |= tx.has_witness()
+        if not has_witness:
+            raise NoWitnessData
+        hashes[0] = b'\x00' * 32
+        return CBlock.build_merkle_tree_from_txids(hashes)
+
+    def calc_witness_merkle_root(self):
+        """Calculate the witness merkle root
+
+        The calculated merkle root is not cached; every invocation
+        re-calculates it from scratch.
+        """
+        if not len(self.vtx):
+            raise ValueError('Block contains no transactions')
+        return self.build_witness_merkle_tree_from_txs(self.vtx)[-1]
+
+    def get_witness_commitment_index(self):
+        """Return None or an index"""
+        if not len(self.vtx):
+            raise ValueError('Block contains no transactions')
+        commit_pos = None
+        for index, out in enumerate(self.vtx[0].vout):
+            script = out.scriptPubKey
+            if len(script) >= 38 and script[:6] == WITNESS_COINBASE_SCRIPTPUBKEY_MAGIC:
+                commit_pos = index
+        if commit_pos is None:
+            raise ValueError('The witness commitment is missed')
+        return commit_pos
+
     def __init__(self, nVersion=2, hashPrevBlock=b'\x00'*32, hashMerkleRoot=b'\x00'*32, nTime=0, nBits=0, nNonce=0, vtx=()):
         """Create a new block"""
+        if vtx:
+            vMerkleTree = tuple(CBlock.build_merkle_tree_from_txs(vtx))
+            if hashMerkleRoot == b'\x00'*32:
+                hashMerkleRoot = vMerkleTree[-1]
+            elif hashMerkleRoot != vMerkleTree[-1]:
+                raise CheckBlockError("CBlock : hashMerkleRoot is not compatible with vtx")
+        else:
+            vMerkleTree = ()
         super(CBlock, self).__init__(nVersion, hashPrevBlock, hashMerkleRoot, nTime, nBits, nNonce)
 
-        vMerkleTree = tuple(CBlock.build_merkle_tree_from_txs(vtx))
         object.__setattr__(self, 'vMerkleTree', vMerkleTree)
+        try:
+            vWitnessMerkleTree = tuple(CBlock.build_witness_merkle_tree_from_txs(vtx))
+        except NoWitnessData:
+            vWitnessMerkleTree = ()
+        object.__setattr__(self, 'vWitnessMerkleTree', vWitnessMerkleTree)
         object.__setattr__(self, 'vtx', tuple(CTransaction.from_tx(tx) for tx in vtx))
 
     @classmethod
@@ -627,13 +689,18 @@ def stream_deserialize(cls, f):
         vtx = VectorSerializer.stream_deserialize(CTransaction, f)
         vMerkleTree = tuple(CBlock.build_merkle_tree_from_txs(vtx))
         object.__setattr__(self, 'vMerkleTree', vMerkleTree)
+        try:
+            vWitnessMerkleTree = tuple(CBlock.build_witness_merkle_tree_from_txs(vtx))
+        except NoWitnessData:
+            vWitnessMerkleTree = ()
+        object.__setattr__(self, 'vWitnessMerkleTree', vWitnessMerkleTree)
         object.__setattr__(self, 'vtx', tuple(vtx))
 
         return self
 
-    def stream_serialize(self, f):
+    def stream_serialize(self, f, include_witness=True):
         super(CBlock, self).stream_serialize(f)
-        VectorSerializer.stream_serialize(CTransaction, self.vtx, f)
+        VectorSerializer.stream_serialize(CTransaction, self.vtx, f, dict(include_witness=include_witness))
 
     def get_header(self):
         """Return the block header
@@ -660,6 +727,10 @@ def GetHash(self):
             object.__setattr__(self, '_cached_GetHash', _cached_GetHash)
             return _cached_GetHash
 
+    def GetWeight(self):
+        """Return the block weight: (stripped_size * 3) + total_size"""
+        return len(self.serialize(dict(include_witness=False))) * 3 + len(self.serialize())
+
 class CoreChainParams(object):
     """Define consensus-critical parameters of a given instance of the Bitcoin system"""
     MAX_MONEY = None
@@ -721,7 +792,8 @@ def CheckTransaction(tx):
         raise CheckTransactionError("CheckTransaction() : vout empty")
 
     # Size limits
-    if len(tx.serialize()) > MAX_BLOCK_SIZE:
+    base_tx = CTransaction(tx.vin, tx.vout, tx.nLockTime, tx.nVersion)
+    if len(base_tx.serialize()) > MAX_BLOCK_SIZE:
         raise CheckTransactionError("CheckTransaction() : size limits failed")
 
     # Check for negative or overflow output values
@@ -820,7 +892,8 @@ def CheckBlock(block, fCheckPoW = True, fCheckMerkleRoot = True, cur_time=None):
 
     fCheckPoW        - Check proof-of-work.
 
-    fCheckMerkleRoot - Check merkle root matches transactions.
+    fCheckMerkleRoot - Check merkle root and witness merkle root matches transactions.
+                     - Check witness commitment in coinbase
 
     cur_time         - Current time. Defaults to time.time()
     """
@@ -831,9 +904,12 @@ def CheckBlock(block, fCheckPoW = True, fCheckMerkleRoot = True, cur_time=None):
     # Size limits
     if not block.vtx:
         raise CheckBlockError("CheckBlock() : vtx empty")
-    if len(block.serialize()) > MAX_BLOCK_SIZE:
+    if len(block.serialize(dict(include_witness=False))) > MAX_BLOCK_SIZE:
         raise CheckBlockError("CheckBlock() : block larger than MAX_BLOCK_SIZE")
 
+    if block.GetWeight() > MAX_BLOCK_WEIGHT:
+        raise CheckBlockError("CheckBlock() : block larger than MAX_BLOCK_WEIGHT")
+
     # First transaction must be coinbase
     if not block.vtx[0].is_coinbase():
         raise CheckBlockError("CheckBlock() : first tx is not coinbase")
@@ -861,8 +937,29 @@ def CheckBlock(block, fCheckPoW = True, fCheckMerkleRoot = True, cur_time=None):
             raise CheckBlockError("CheckBlock() : out-of-bounds SigOpCount")
 
     # Check merkle root
-    if fCheckMerkleRoot and block.hashMerkleRoot != block.calc_merkle_root():
-        raise CheckBlockError("CheckBlock() : hashMerkleRoot mismatch")
+    if fCheckMerkleRoot:
+        if block.hashMerkleRoot != block.calc_merkle_root():
+            raise CheckBlockError("CheckBlock() : hashMerkleRoot mismatch")
+        if len(block.vWitnessMerkleTree):
+            # At least 1 tx has witness: check witness merkle tree
+            root = block.vWitnessMerkleTree[-1]
+            # vtx[0]: coinbase
+            # vtxinwit[0]: first input
+            nonce_script = block.vtx[0].wit.vtxinwit[0].scriptWitness
+            nonce = nonce_script.stack[0]
+            if len(nonce_script.stack) != 1 or len(nonce) != 32:
+                raise CheckBlockError("CheckBlock() : invalid coinbase witnessScript")
+            try:
+                index = block.get_witness_commitment_index()
+            except ValueError as e:
+                raise CheckBlockError("CheckBlock() : " + str(e))
+            commit_script = block.vtx[0].vout[index].scriptPubKey
+            if not (6 + 32 <= len(commit_script) <= 6 + 32 + 1):
+                raise CheckBlockError("CheckBlock() : invalid segwit commitment length")
+            commitment = commit_script[6:6 + 32]
+            commit = commit_script[6:6 + 32]
+            if commit != Hash(root + nonce):
+                raise CheckBlockError("CheckBlock() : invalid segwit commitment")
 
 __all__ = (
         'Hash',
@@ -885,6 +982,8 @@ def CheckBlock(block, fCheckPoW = True, fCheckMerkleRoot = True, cur_time=None):
         'CMutableTxOut',
         'CTransaction',
         'CMutableTransaction',
+        'CTxWitness',
+        'CTxInWitness',
         'CBlockHeader',
         'CBlock',
         'CoreChainParams',
diff --git a/bitcoin/core/serialize.py b/bitcoin/core/serialize.py
index 425d7ba..78f3315 100644
--- a/bitcoin/core/serialize.py
+++ b/bitcoin/core/serialize.py
@@ -87,23 +87,23 @@ class Serializable(object):
 
     __slots__ = []
 
-    def stream_serialize(self, f):
+    def stream_serialize(self, f, **kwargs):
         """Serialize to a stream"""
         raise NotImplementedError
 
     @classmethod
-    def stream_deserialize(cls, f):
+    def stream_deserialize(cls, f, **kwargs):
         """Deserialize from a stream"""
         raise NotImplementedError
 
-    def serialize(self):
+    def serialize(self, params={}):
         """Serialize, returning bytes"""
         f = _BytesIO()
-        self.stream_serialize(f)
+        self.stream_serialize(f, **params)
         return f.getvalue()
 
     @classmethod
-    def deserialize(cls, buf, allow_padding=False):
+    def deserialize(cls, buf, allow_padding=False, params={}):
         """Deserialize bytes, returning an instance
 
         allow_padding - Allow buf to include extra padding. (default False)
@@ -112,7 +112,7 @@ def deserialize(cls, buf, allow_padding=False):
         deserialization DeserializationExtraDataError will be raised.
         """
         fd = _BytesIO(buf)
-        r = cls.stream_deserialize(fd)
+        r = cls.stream_deserialize(fd, **params)
         if not allow_padding:
             padding = fd.read()
             if len(padding) != 0:
@@ -242,17 +242,17 @@ class VectorSerializer(Serializer):
     # and should be rethought at some point.
 
     @classmethod
-    def stream_serialize(cls, inner_cls, objs, f):
+    def stream_serialize(cls, inner_cls, objs, f, inner_params={}):
         VarIntSerializer.stream_serialize(len(objs), f)
         for obj in objs:
-            inner_cls.stream_serialize(obj, f)
+            inner_cls.stream_serialize(obj, f, **inner_params)
 
     @classmethod
-    def stream_deserialize(cls, inner_cls, f):
+    def stream_deserialize(cls, inner_cls, f, inner_params={}):
         n = VarIntSerializer.stream_deserialize(f)
         r = []
         for i in range(n):
-            r.append(inner_cls.stream_deserialize(f))
+            r.append(inner_cls.stream_deserialize(f, **inner_params))
         return r
 
 
diff --git a/bitcoin/tests/test_segwit.py b/bitcoin/tests/test_segwit.py
index f10e2ae..f00b01d 100644
--- a/bitcoin/tests/test_segwit.py
+++ b/bitcoin/tests/test_segwit.py
@@ -12,11 +12,19 @@
 from __future__ import absolute_import, division, print_function, unicode_literals
 
 import unittest
+import random
+import sys
 
+import bitcoin
 from bitcoin.core import *
 from bitcoin.core.script import *
 from bitcoin.wallet import *
 
+if sys.version > '3':
+    _bytes = bytes
+else:
+    _bytes = lambda x: bytes(bytearray(x))
+
 # Test serialization
 
 
@@ -107,4 +115,27 @@ def test_p2sh_p2wsh_signaturehash(self):
                 0, SIGHASH_SINGLE|SIGHASH_ANYONECANPAY, value, SIGVERSION_WITNESS_V0), 
             x('511e8e52ed574121fc1b654970395502128263f62662e076dc6baf05c2e6a99b'))
         
+    def test_checkblock(self):
+        # (No witness) coinbase generated by Bitcoin Core
+        str_coinbase = '01000000010000000000000000000000000000000000000000000000000000000000000000ffffffff03520101ffffffff0100f2052a01000000232102960c90bc04a631cb17922e4f5d80ac75fd590a88b8baaa5a3d5086ac85e4d788ac00000000'
+        # No witness transaction
+        str_tx = '0100000001e3d0c1d051a3abe79d5951dcab86f71d8926aff5caed5ff9bd72cb593e4ebaf5010000006b483045022100a28e1c57e160296953e1af85c5034bb1b907c12c50367da75ba547874a8a8c52022040682e888ddce7fd5c72519a9f28f22f5164c8af864d33332bbc7f65596ad4ae012102db30394fd5cc8288bed607b9382338240c014a98c9c0febbfb380db74ceb30a3ffffffff020d920000000000001976a914ad781c8ffcc18b2155433cba2da4601180a66eef88aca3170000000000001976a914bacb1c4b0725e61e385c7093b4260533953c8e1688ac00000000'
+        # SegWit transaction
+        str_w_tx = '0100000000010115e180dc28a2327e687facc33f10f2a20da717e5548406f7ae8b4c811072f8560100000000ffffffff0100b4f505000000001976a9141d7cd6c75c2e86f4cbf98eaed221b30bd9a0b92888ac02483045022100df7b7e5cda14ddf91290e02ea10786e03eb11ee36ec02dd862fe9a326bbcb7fd02203f5b4496b667e6e281cc654a2da9e4f08660c620a1051337fa8965f727eb19190121038262a6c6cec93c2d3ecd6c6072efea86d02ff8e3328bbd0242b20af3425990ac00000000'
+        witness_nonce = _bytes(random.getrandbits(8) for _ in range(32))
+
+        coinbase = CMutableTransaction.deserialize(x(str_coinbase))
+        coinbase.wit = CTxWitness([CTxInWitness(CScriptWitness([witness_nonce]))])
+
+        tx_legacy = CTransaction.deserialize(x(str_tx))
+        tx_segwit = CTransaction.deserialize(x(str_w_tx))
+
+        witness_merkle_root = CBlock.build_witness_merkle_tree_from_txs((coinbase, tx_legacy, tx_segwit))[-1]
+
+        commitment = Hash(witness_merkle_root + witness_nonce)
+        commitment_script = bitcoin.core.WITNESS_COINBASE_SCRIPTPUBKEY_MAGIC + commitment
+        coinbase.vout.append(CTxOut(0, CScript(commitment_script)))
+
+        block = CBlock(2, b'\x00'*32, b'\x00'*32, 0, 0, 0, (coinbase, tx_legacy, tx_segwit))
 
+        CheckBlock(block, False, True)

From 5cd34672d7085ca4d55693a1008101c02ceeb7e9 Mon Sep 17 00:00:00 2001
From: Surya Bakshi <sbaks0820@gmail.com>
Date: Sun, 1 Jan 2017 18:34:21 -0600
Subject: [PATCH 7/7] fixed issue in is_witness_scriptpubkey where self[0] is
 interpretted as str instead of the necessary int

---
 bitcoin/core/script.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/bitcoin/core/script.py b/bitcoin/core/script.py
index b5ffdfa..baca69b 100644
--- a/bitcoin/core/script.py
+++ b/bitcoin/core/script.py
@@ -680,7 +680,7 @@ def is_p2sh(self):
     def is_witness_scriptpubkey(self):
         """Returns true if this is a scriptpubkey signaling segregated witness
         data. """
-        return 3 <= len(self) <= 42 and CScriptOp(self[0]).is_small_int()
+        return 3 <= len(self) <= 42 and CScriptOp(struct.unpack('<b',self[0])[0]).is_small_int()
 
     def witness_version(self):
         """Returns the witness version on [0,16]. """