Line data Source code
1 : // Copyright (c) 2011-2021 The Bitcoin Core developers
2 : // Distributed under the MIT software license, see the accompanying
3 : // file COPYING or http://www.opensource.org/licenses/mit-license.php.
4 :
5 : #include <test/data/script_tests.json.h>
6 :
7 : #include <core_io.h>
8 : #include <key.h>
9 : #include <rpc/util.h>
10 : #include <script/script.h>
11 : #include <script/script_error.h>
12 : #include <script/sign.h>
13 : #include <script/signingprovider.h>
14 : #include <streams.h>
15 : #include <test/util/json.h>
16 : #include <test/util/random.h>
17 : #include <test/util/setup_common.h>
18 : #include <test/util/transaction_utils.h>
19 : #include <util/strencodings.h>
20 :
21 : #if defined(HAVE_CONSENSUS_LIB)
22 : #include <script/bitcoinconsensus.h>
23 : #endif
24 :
25 : #include <cstdint>
26 : #include <fstream>
27 : #include <string>
28 : #include <vector>
29 :
30 : #include <boost/test/unit_test.hpp>
31 :
32 : #include <univalue.h>
33 :
34 : // Uncomment if you want to output updated JSON tests.
35 : // #define UPDATE_JSON_TESTS
36 :
37 : static const unsigned int gFlags = SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_STRICTENC;
38 :
39 : unsigned int ParseScriptFlags(std::string strFlags);
40 : std::string FormatScriptFlags(unsigned int flags);
41 :
42 : struct ScriptErrorDesc
43 : {
44 : ScriptError_t err;
45 : const char *name;
46 : };
47 :
48 : static ScriptErrorDesc script_errors[]={
49 : {SCRIPT_ERR_OK, "OK"},
50 : {SCRIPT_ERR_UNKNOWN_ERROR, "UNKNOWN_ERROR"},
51 : {SCRIPT_ERR_EVAL_FALSE, "EVAL_FALSE"},
52 : {SCRIPT_ERR_OP_RETURN, "OP_RETURN"},
53 : {SCRIPT_ERR_SCRIPT_SIZE, "SCRIPT_SIZE"},
54 : {SCRIPT_ERR_PUSH_SIZE, "PUSH_SIZE"},
55 : {SCRIPT_ERR_OP_COUNT, "OP_COUNT"},
56 : {SCRIPT_ERR_STACK_SIZE, "STACK_SIZE"},
57 : {SCRIPT_ERR_SIG_COUNT, "SIG_COUNT"},
58 : {SCRIPT_ERR_PUBKEY_COUNT, "PUBKEY_COUNT"},
59 : {SCRIPT_ERR_VERIFY, "VERIFY"},
60 : {SCRIPT_ERR_EQUALVERIFY, "EQUALVERIFY"},
61 : {SCRIPT_ERR_CHECKMULTISIGVERIFY, "CHECKMULTISIGVERIFY"},
62 : {SCRIPT_ERR_CHECKSIGVERIFY, "CHECKSIGVERIFY"},
63 : {SCRIPT_ERR_CHECKDATASIGVERIFY, "CHECKDATASIGVERIFY"},
64 : {SCRIPT_ERR_NUMEQUALVERIFY, "NUMEQUALVERIFY"},
65 : {SCRIPT_ERR_BAD_OPCODE, "BAD_OPCODE"},
66 : {SCRIPT_ERR_DISABLED_OPCODE, "DISABLED_OPCODE"},
67 : {SCRIPT_ERR_INVALID_STACK_OPERATION, "INVALID_STACK_OPERATION"},
68 : {SCRIPT_ERR_INVALID_ALTSTACK_OPERATION, "INVALID_ALTSTACK_OPERATION"},
69 : {SCRIPT_ERR_UNBALANCED_CONDITIONAL, "UNBALANCED_CONDITIONAL"},
70 : {SCRIPT_ERR_NEGATIVE_LOCKTIME, "NEGATIVE_LOCKTIME"},
71 : {SCRIPT_ERR_UNSATISFIED_LOCKTIME, "UNSATISFIED_LOCKTIME"},
72 : {SCRIPT_ERR_SIG_HASHTYPE, "SIG_HASHTYPE"},
73 : {SCRIPT_ERR_SIG_DER, "SIG_DER"},
74 : {SCRIPT_ERR_MINIMALDATA, "MINIMALDATA"},
75 : {SCRIPT_ERR_SIG_PUSHONLY, "SIG_PUSHONLY"},
76 : {SCRIPT_ERR_SIG_HIGH_S, "SIG_HIGH_S"},
77 : {SCRIPT_ERR_SIG_NULLDUMMY, "SIG_NULLDUMMY"},
78 : {SCRIPT_ERR_PUBKEYTYPE, "PUBKEYTYPE"},
79 : {SCRIPT_ERR_CLEANSTACK, "CLEANSTACK"},
80 : {SCRIPT_ERR_SIG_NULLFAIL, "NULLFAIL"},
81 : {SCRIPT_ERR_DISCOURAGE_UPGRADABLE_NOPS, "DISCOURAGE_UPGRADABLE_NOPS"},
82 : {SCRIPT_ERR_INVALID_SPLIT_RANGE, "SPLIT_RANGE"},
83 : {SCRIPT_ERR_INVALID_OPERAND_SIZE, "OPERAND_SIZE"},
84 : {SCRIPT_ERR_INVALID_NUMBER_RANGE, "INVALID_NUMBER_RANGE"},
85 : {SCRIPT_ERR_DIV_BY_ZERO, "DIV_BY_ZERO"},
86 : {SCRIPT_ERR_MOD_BY_ZERO, "MOD_BY_ZERO"},
87 : {SCRIPT_ERR_OP_CODESEPARATOR, "OP_CODESEPARATOR"},
88 : {SCRIPT_ERR_SIG_FINDANDDELETE, "SIG_FINDANDDELETE"},
89 : };
90 :
91 2882 : static std::string FormatScriptError(ScriptError_t err)
92 : {
93 22593 : for (const auto& se : script_errors)
94 22593 : if (se.err == err)
95 2882 : return se.name;
96 0 : BOOST_ERROR("Unknown scripterror enumeration value, update script_errors in script_tests.cpp.");
97 0 : return "";
98 2882 : }
99 :
100 1282 : static ScriptError_t ParseScriptError(const std::string& name)
101 : {
102 9498 : for (const auto& se : script_errors)
103 9498 : if (se.name == name)
104 1282 : return se.err;
105 0 : BOOST_ERROR("Unknown scripterror \"" << name << "\" in test description");
106 0 : return SCRIPT_ERR_UNKNOWN_ERROR;
107 1282 : }
108 :
109 146 : BOOST_FIXTURE_TEST_SUITE(script_tests, BasicTestingSetup)
110 :
111 :
112 1388 : void DoTest(const CScript& scriptPubKey, const CScript& scriptSig, uint32_t flags, const std::string& message, int scriptError)
113 : {
114 1388 : bool expect = (scriptError == SCRIPT_ERR_OK);
115 : ScriptError err;
116 1388 : const CTransaction txCredit{BuildCreditingTransaction(scriptPubKey)};
117 1388 : const CMutableTransaction tx = BuildSpendingTransaction(scriptSig, txCredit);
118 1388 : BOOST_CHECK_MESSAGE(VerifyScript(scriptSig, scriptPubKey, flags, MutableTransactionSignatureChecker(&tx, 0, txCredit.vout[0].nValue, MissingDataBehavior::ASSERT_FAIL), &err) == expect, message);
119 1388 : BOOST_CHECK_MESSAGE(err == scriptError, FormatScriptError(err) + " where " + FormatScriptError((ScriptError_t)scriptError) + " expected: " + message);
120 :
121 : // Verify that removing flags from a passing test or adding flags to a failing test does not change the result.
122 23596 : for (int i = 0; i < 16; ++i) {
123 22208 : uint32_t extra_flags(InsecureRandBits(16));
124 22208 : uint32_t combined_flags{expect ? (flags & ~extra_flags) : (flags | extra_flags)};
125 : // Weed out some invalid flag combinations.
126 22208 : if (combined_flags & SCRIPT_VERIFY_CLEANSTACK && ~combined_flags & SCRIPT_VERIFY_P2SH) continue;
127 21337 : BOOST_CHECK_MESSAGE(VerifyScript(scriptSig, scriptPubKey, combined_flags, MutableTransactionSignatureChecker(&tx, 0, txCredit.vout[0].nValue, MissingDataBehavior::ASSERT_FAIL), &err) == expect, message + strprintf(" (with flags %x)", combined_flags));
128 21337 : }
129 :
130 : #if defined(HAVE_CONSENSUS_LIB)
131 1388 : CDataStream stream(SER_NETWORK, PROTOCOL_VERSION);
132 1388 : stream << tx;
133 1388 : uint32_t libconsensus_flags{flags & dashconsensus_SCRIPT_FLAGS_VERIFY_ALL};
134 1388 : if (libconsensus_flags == flags) {
135 239 : int expectedSuccessCode = expect ? 1 : 0;
136 239 : BOOST_CHECK_MESSAGE(dashconsensus_verify_script(scriptPubKey.data(), scriptPubKey.size(), UCharCast(stream.data()), stream.size(), 0, libconsensus_flags, nullptr) == expectedSuccessCode, message);
137 239 : }
138 : #endif
139 1388 : }
140 :
141 14 : void static NegateSignatureS(std::vector<unsigned char>& vchSig) {
142 : // Parse the signature.
143 14 : std::vector<unsigned char> r, s;
144 14 : r = std::vector<unsigned char>(vchSig.begin() + 4, vchSig.begin() + 4 + vchSig[3]);
145 14 : s = std::vector<unsigned char>(vchSig.begin() + 6 + vchSig[3], vchSig.begin() + 6 + vchSig[3] + vchSig[5 + vchSig[3]]);
146 :
147 : // Really ugly to implement mod-n negation here, but it would be feature creep to expose such functionality from libsecp256k1.
148 : static const unsigned char order[33] = {
149 : 0x00,
150 : 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
151 : 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE,
152 : 0xBA, 0xAE, 0xDC, 0xE6, 0xAF, 0x48, 0xA0, 0x3B,
153 : 0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41, 0x41
154 : };
155 28 : while (s.size() < 33) {
156 14 : s.insert(s.begin(), 0x00);
157 : }
158 14 : int carry = 0;
159 462 : for (int p = 32; p >= 1; p--) {
160 448 : int n = (int)order[p] - s[p] - carry;
161 448 : s[p] = (n + 256) & 0xFF;
162 448 : carry = (n < 0);
163 448 : }
164 14 : assert(carry == 0);
165 14 : if (s.size() > 1 && s[0] == 0 && s[1] < 0x80) {
166 0 : s.erase(s.begin());
167 0 : }
168 :
169 : // Reconstruct the signature.
170 14 : vchSig.clear();
171 14 : vchSig.push_back(0x30);
172 14 : vchSig.push_back(4 + r.size() + s.size());
173 14 : vchSig.push_back(0x02);
174 14 : vchSig.push_back(r.size());
175 14 : vchSig.insert(vchSig.end(), r.begin(), r.end());
176 14 : vchSig.push_back(0x02);
177 14 : vchSig.push_back(s.size());
178 14 : vchSig.insert(vchSig.end(), s.begin(), s.end());
179 14 : }
180 :
181 : namespace
182 : {
183 : const unsigned char vchKey0[32] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1};
184 : const unsigned char vchKey1[32] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0};
185 : const unsigned char vchKey2[32] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0};
186 :
187 : struct KeyData
188 : {
189 : CKey key0, key0C, key1, key1C, key2, key2C;
190 : CPubKey pubkey0, pubkey0C, pubkey0H;
191 : CPubKey pubkey1, pubkey1C;
192 : CPubKey pubkey2, pubkey2C;
193 :
194 2 : KeyData()
195 1 : {
196 1 : key0.Set(vchKey0, vchKey0 + 32, false);
197 1 : key0C.Set(vchKey0, vchKey0 + 32, true);
198 1 : pubkey0 = key0.GetPubKey();
199 1 : pubkey0H = key0.GetPubKey();
200 1 : pubkey0C = key0C.GetPubKey();
201 1 : *const_cast<unsigned char*>(pubkey0H.data()) = 0x06 | (pubkey0H[64] & 1);
202 :
203 1 : key1.Set(vchKey1, vchKey1 + 32, false);
204 1 : key1C.Set(vchKey1, vchKey1 + 32, true);
205 1 : pubkey1 = key1.GetPubKey();
206 1 : pubkey1C = key1C.GetPubKey();
207 :
208 1 : key2.Set(vchKey2, vchKey2 + 32, false);
209 1 : key2C.Set(vchKey2, vchKey2 + 32, true);
210 1 : pubkey2 = key2.GetPubKey();
211 1 : pubkey2C = key2C.GetPubKey();
212 2 : }
213 : };
214 :
215 :
216 212 : class TestBuilder
217 : {
218 : private:
219 : CScript scriptPubKey;
220 : CTransactionRef creditTx;
221 : CMutableTransaction spendTx;
222 106 : bool havePush{false};
223 : std::vector<unsigned char> push;
224 : std::string comment;
225 : uint32_t flags;
226 106 : int scriptError{SCRIPT_ERR_OK};
227 :
228 421 : void DoPush()
229 : {
230 421 : if (havePush) {
231 195 : spendTx.vin[0].scriptSig << push;
232 195 : havePush = false;
233 195 : }
234 421 : }
235 :
236 129 : void DoPush(const std::vector<unsigned char>& data)
237 : {
238 129 : DoPush();
239 129 : push = data;
240 129 : havePush = true;
241 129 : }
242 :
243 : public:
244 212 : TestBuilder(const CScript& script_, const std::string& comment_, uint32_t flags_, bool P2SH = false) : scriptPubKey(script_), comment(comment_), flags(flags_)
245 106 : {
246 106 : if (P2SH) {
247 13 : creditTx = MakeTransactionRef(BuildCreditingTransaction(CScript() << OP_HASH160 << ToByteVector(CScriptID(script_)) << OP_EQUAL));
248 13 : } else {
249 93 : creditTx = MakeTransactionRef(BuildCreditingTransaction(script_));
250 : }
251 106 : spendTx = BuildSpendingTransaction(CScript(), *creditTx);
252 212 : }
253 :
254 58 : TestBuilder& ScriptError(ScriptError_t err)
255 : {
256 58 : scriptError = err;
257 58 : return *this;
258 : }
259 :
260 6 : TestBuilder& Opcode(const opcodetype& _op)
261 : {
262 6 : DoPush();
263 6 : spendTx.vin[0].scriptSig << _op;
264 6 : return *this;
265 : }
266 :
267 74 : TestBuilder& Num(int num)
268 : {
269 74 : DoPush();
270 74 : spendTx.vin[0].scriptSig << num;
271 74 : return *this;
272 : }
273 :
274 : [[maybe_unused]] TestBuilder& Push(const std::string& hex)
275 : {
276 : DoPush(ParseHex(hex));
277 : return *this;
278 : }
279 :
280 : [[maybe_unused]] TestBuilder& Push(const uint256& hash)
281 : {
282 : DoPush(ToByteVector(hash));
283 : return *this;
284 : }
285 :
286 : [[maybe_unused]] TestBuilder& Push(const CScript& script)
287 : {
288 : DoPush(std::vector<unsigned char>(script.begin(), script.end()));
289 : return *this;
290 : }
291 :
292 113 : std::vector<uint8_t> DoSignECDSA(const CKey& key, const uint256& hash, unsigned int lenR = 32, unsigned int lenS = 32) const
293 : {
294 113 : std::vector<unsigned char> vchSig, r, s;
295 113 : uint32_t iter = 0;
296 113 : do {
297 1289 : key.Sign(hash, vchSig, false, iter++);
298 1289 : if ((lenS == 33) != (vchSig[5 + vchSig[3]] == 33)) {
299 14 : NegateSignatureS(vchSig);
300 14 : }
301 1289 : r = std::vector<unsigned char>(vchSig.begin() + 4, vchSig.begin() + 4 + vchSig[3]);
302 1289 : s = std::vector<unsigned char>(vchSig.begin() + 6 + vchSig[3], vchSig.begin() + 6 + vchSig[3] + vchSig[5 + vchSig[3]]);
303 1289 : } while (lenR != r.size() || lenS != s.size());
304 :
305 113 : return vchSig;
306 113 : }
307 :
308 91 : TestBuilder& PushSig(const CKey& key, int nHashType = SIGHASH_ALL, unsigned int lenR = 32, unsigned int lenS = 32)
309 : {
310 91 : uint256 hash = SignatureHash(scriptPubKey, spendTx, 0, nHashType, 0, SigVersion::BASE);
311 91 : std::vector<uint8_t> vchSig = DoSignECDSA(key, hash, lenR, lenS);
312 91 : vchSig.push_back(static_cast<unsigned char>(nHashType));
313 91 : DoPush(vchSig);
314 : return *this;
315 91 : }
316 :
317 22 : TestBuilder& PushDataSig(const CKey& key, const std::vector<uint8_t>& data, unsigned int lenR = 32, unsigned int lenS = 32)
318 : {
319 22 : std::vector<uint8_t> vchHash(32);
320 22 : CSHA256().Write(data.data(), data.size()).Finalize(vchHash.data());
321 :
322 22 : std::vector<uint8_t> vchSig = DoSignECDSA(key, uint256(vchHash), lenR, lenS);
323 22 : vchSig.push_back(static_cast<unsigned char>(SIGHASH_ALL));
324 :
325 22 : DoPush(vchSig);
326 : return *this;
327 22 : }
328 :
329 3 : TestBuilder& Push(const CPubKey& pubkey)
330 : {
331 3 : DoPush(std::vector<unsigned char>(pubkey.begin(), pubkey.end()));
332 3 : return *this;
333 0 : }
334 :
335 13 : TestBuilder& PushRedeem()
336 : {
337 13 : DoPush(std::vector<unsigned char>(scriptPubKey.begin(), scriptPubKey.end()));
338 13 : return *this;
339 0 : }
340 :
341 35 : TestBuilder& EditPush(unsigned int pos, const std::string& hexin, const std::string& hexout)
342 : {
343 35 : assert(havePush);
344 35 : std::vector<unsigned char> datain = ParseHex(hexin);
345 35 : std::vector<unsigned char> dataout = ParseHex(hexout);
346 35 : assert(pos + datain.size() <= push.size());
347 35 : BOOST_CHECK_MESSAGE(std::vector<unsigned char>(push.begin() + pos, push.begin() + pos + datain.size()) == datain, comment);
348 35 : push.erase(push.begin() + pos, push.begin() + pos + datain.size());
349 35 : push.insert(push.begin() + pos, dataout.begin(), dataout.end());
350 : return *this;
351 35 : }
352 :
353 17 : TestBuilder& DamagePush(unsigned int pos)
354 : {
355 17 : assert(havePush);
356 17 : assert(pos < push.size());
357 17 : push[pos] ^= 1;
358 17 : return *this;
359 : }
360 :
361 106 : TestBuilder& Test()
362 : {
363 106 : TestBuilder copy = *this; // Make a copy so we can rollback the push.
364 106 : DoPush();
365 106 : DoTest(creditTx->vout[0].scriptPubKey, spendTx.vin[0].scriptSig, flags, comment, scriptError);
366 106 : *this = copy;
367 : return *this;
368 106 : }
369 :
370 106 : UniValue GetJSON()
371 : {
372 106 : DoPush();
373 106 : UniValue array(UniValue::VARR);
374 106 : array.push_back(FormatScript(spendTx.vin[0].scriptSig));
375 106 : array.push_back(FormatScript(creditTx->vout[0].scriptPubKey));
376 106 : array.push_back(FormatScriptFlags(flags));
377 106 : array.push_back(FormatScriptError((ScriptError_t)scriptError));
378 106 : array.push_back(comment);
379 106 : return array;
380 106 : }
381 :
382 0 : std::string GetComment() const
383 : {
384 0 : return comment;
385 : }
386 : };
387 :
388 1440 : std::string JSONPrettyPrint(const UniValue& univalue)
389 : {
390 1440 : std::string ret = univalue.write(4);
391 : // Workaround for libunivalue pretty printer, which puts a space between commas and newlines
392 1440 : size_t pos = 0;
393 1440 : while ((pos = ret.find(" \n", pos)) != std::string::npos) {
394 0 : ret.replace(pos, 2, "\n");
395 0 : pos++;
396 : }
397 1440 : return ret;
398 1440 : }
399 : } // namespace
400 :
401 149 : BOOST_AUTO_TEST_CASE(script_build)
402 : {
403 1 : const KeyData keys;
404 :
405 1 : std::vector<TestBuilder> tests;
406 :
407 3 : tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
408 1 : "P2PK", 0
409 1 : ).PushSig(keys.key0));
410 3 : tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
411 1 : "P2PK, bad sig", 0
412 1 : ).PushSig(keys.key0).DamagePush(10).ScriptError(SCRIPT_ERR_EVAL_FALSE));
413 :
414 3 : tests.push_back(TestBuilder(CScript() << OP_DUP << OP_HASH160 << ToByteVector(keys.pubkey1C.GetID()) << OP_EQUALVERIFY << OP_CHECKSIG,
415 1 : "P2PKH", 0
416 1 : ).PushSig(keys.key1).Push(keys.pubkey1C));
417 3 : tests.push_back(TestBuilder(CScript() << OP_DUP << OP_HASH160 << ToByteVector(keys.pubkey2C.GetID()) << OP_EQUALVERIFY << OP_CHECKSIG,
418 1 : "P2PKH, bad pubkey", 0
419 1 : ).PushSig(keys.key2).Push(keys.pubkey2C).DamagePush(5).ScriptError(SCRIPT_ERR_EQUALVERIFY));
420 :
421 3 : tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG,
422 1 : "P2PK anyonecanpay", 0
423 1 : ).PushSig(keys.key1, SIGHASH_ALL | SIGHASH_ANYONECANPAY));
424 3 : tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG,
425 1 : "P2PK anyonecanpay marked with normal hashtype", 0
426 1 : ).PushSig(keys.key1, SIGHASH_ALL | SIGHASH_ANYONECANPAY).EditPush(70, "81", "01").ScriptError(SCRIPT_ERR_EVAL_FALSE));
427 :
428 3 : tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0C) << OP_CHECKSIG,
429 1 : "P2SH(P2PK)", SCRIPT_VERIFY_P2SH, true
430 1 : ).PushSig(keys.key0).PushRedeem());
431 3 : tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0C) << OP_CHECKSIG,
432 1 : "P2SH(P2PK), bad redeemscript", SCRIPT_VERIFY_P2SH, true
433 1 : ).PushSig(keys.key0).PushRedeem().DamagePush(10).ScriptError(SCRIPT_ERR_EVAL_FALSE));
434 :
435 3 : tests.push_back(TestBuilder(CScript() << OP_DUP << OP_HASH160 << ToByteVector(keys.pubkey0.GetID()) << OP_EQUALVERIFY << OP_CHECKSIG,
436 1 : "P2SH(P2PKH)", SCRIPT_VERIFY_P2SH, true
437 1 : ).PushSig(keys.key0).Push(keys.pubkey0).PushRedeem());
438 3 : tests.push_back(TestBuilder(CScript() << OP_DUP << OP_HASH160 << ToByteVector(keys.pubkey1.GetID()) << OP_EQUALVERIFY << OP_CHECKSIG,
439 1 : "P2SH(P2PKH), bad sig but no VERIFY_P2SH", 0, true
440 1 : ).PushSig(keys.key0).DamagePush(10).PushRedeem());
441 3 : tests.push_back(TestBuilder(CScript() << OP_DUP << OP_HASH160 << ToByteVector(keys.pubkey1.GetID()) << OP_EQUALVERIFY << OP_CHECKSIG,
442 1 : "P2SH(P2PKH), bad sig", SCRIPT_VERIFY_P2SH, true
443 1 : ).PushSig(keys.key0).DamagePush(10).PushRedeem().ScriptError(SCRIPT_ERR_EQUALVERIFY));
444 :
445 3 : tests.push_back(TestBuilder(CScript() << OP_3 << ToByteVector(keys.pubkey0C) << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_3 << OP_CHECKMULTISIG,
446 1 : "3-of-3", 0
447 1 : ).Num(0).PushSig(keys.key0).PushSig(keys.key1).PushSig(keys.key2));
448 3 : tests.push_back(TestBuilder(CScript() << OP_3 << ToByteVector(keys.pubkey0C) << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_3 << OP_CHECKMULTISIG,
449 1 : "3-of-3, 2 sigs", 0
450 1 : ).Num(0).PushSig(keys.key0).PushSig(keys.key1).Num(0).ScriptError(SCRIPT_ERR_EVAL_FALSE));
451 :
452 3 : tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey0C) << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_3 << OP_CHECKMULTISIG,
453 1 : "P2SH(2-of-3)", SCRIPT_VERIFY_P2SH, true
454 1 : ).Num(0).PushSig(keys.key1).PushSig(keys.key2).PushRedeem());
455 3 : tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey0C) << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_3 << OP_CHECKMULTISIG,
456 1 : "P2SH(2-of-3), 1 sig", SCRIPT_VERIFY_P2SH, true
457 1 : ).Num(0).PushSig(keys.key1).Num(0).PushRedeem().ScriptError(SCRIPT_ERR_EVAL_FALSE));
458 :
459 3 : tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
460 1 : "P2PK with too much R padding but no DERSIG", 0
461 1 : ).PushSig(keys.key1, SIGHASH_ALL, 31, 32).EditPush(1, "43021F", "44022000"));
462 3 : tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
463 1 : "P2PK with too much R padding", SCRIPT_VERIFY_DERSIG
464 1 : ).PushSig(keys.key1, SIGHASH_ALL, 31, 32).EditPush(1, "43021F", "44022000").ScriptError(SCRIPT_ERR_SIG_DER));
465 3 : tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
466 1 : "P2PK with too much S padding but no DERSIG", 0
467 1 : ).PushSig(keys.key1, SIGHASH_ALL).EditPush(1, "44", "45").EditPush(37, "20", "2100"));
468 3 : tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
469 1 : "P2PK with too much S padding", SCRIPT_VERIFY_DERSIG
470 1 : ).PushSig(keys.key1, SIGHASH_ALL).EditPush(1, "44", "45").EditPush(37, "20", "2100").ScriptError(SCRIPT_ERR_SIG_DER));
471 3 : tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
472 1 : "P2PK with too little R padding but no DERSIG", 0
473 1 : ).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220"));
474 3 : tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
475 1 : "P2PK with too little R padding", SCRIPT_VERIFY_DERSIG
476 1 : ).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").ScriptError(SCRIPT_ERR_SIG_DER));
477 3 : tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG << OP_NOT,
478 1 : "P2PK NOT with bad sig with too much R padding but no DERSIG", 0
479 1 : ).PushSig(keys.key2, SIGHASH_ALL, 31, 32).EditPush(1, "43021F", "44022000").DamagePush(10));
480 3 : tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG << OP_NOT,
481 1 : "P2PK NOT with bad sig with too much R padding", SCRIPT_VERIFY_DERSIG
482 1 : ).PushSig(keys.key2, SIGHASH_ALL, 31, 32).EditPush(1, "43021F", "44022000").DamagePush(10).ScriptError(SCRIPT_ERR_SIG_DER));
483 3 : tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG << OP_NOT,
484 1 : "P2PK NOT with too much R padding but no DERSIG", 0
485 1 : ).PushSig(keys.key2, SIGHASH_ALL, 31, 32).EditPush(1, "43021F", "44022000").ScriptError(SCRIPT_ERR_EVAL_FALSE));
486 3 : tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG << OP_NOT,
487 1 : "P2PK NOT with too much R padding", SCRIPT_VERIFY_DERSIG
488 1 : ).PushSig(keys.key2, SIGHASH_ALL, 31, 32).EditPush(1, "43021F", "44022000").ScriptError(SCRIPT_ERR_SIG_DER));
489 :
490 3 : tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
491 1 : "BIP66 example 1, without DERSIG", 0
492 1 : ).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220"));
493 3 : tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
494 1 : "BIP66 example 1, with DERSIG", SCRIPT_VERIFY_DERSIG
495 1 : ).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").ScriptError(SCRIPT_ERR_SIG_DER));
496 3 : tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG << OP_NOT,
497 1 : "BIP66 example 2, without DERSIG", 0
498 1 : ).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").ScriptError(SCRIPT_ERR_EVAL_FALSE));
499 3 : tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG << OP_NOT,
500 1 : "BIP66 example 2, with DERSIG", SCRIPT_VERIFY_DERSIG
501 1 : ).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").ScriptError(SCRIPT_ERR_SIG_DER));
502 3 : tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
503 1 : "BIP66 example 3, without DERSIG", 0
504 1 : ).Num(0).ScriptError(SCRIPT_ERR_EVAL_FALSE));
505 3 : tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
506 1 : "BIP66 example 3, with DERSIG", SCRIPT_VERIFY_DERSIG
507 1 : ).Num(0).ScriptError(SCRIPT_ERR_EVAL_FALSE));
508 3 : tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG << OP_NOT,
509 1 : "BIP66 example 4, without DERSIG", 0
510 1 : ).Num(0));
511 3 : tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG << OP_NOT,
512 1 : "BIP66 example 4, with DERSIG", SCRIPT_VERIFY_DERSIG
513 1 : ).Num(0));
514 3 : tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
515 1 : "BIP66 example 5, without DERSIG", 0
516 1 : ).Num(1).ScriptError(SCRIPT_ERR_EVAL_FALSE));
517 3 : tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
518 1 : "BIP66 example 5, with DERSIG", SCRIPT_VERIFY_DERSIG
519 1 : ).Num(1).ScriptError(SCRIPT_ERR_SIG_DER));
520 3 : tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG << OP_NOT,
521 1 : "BIP66 example 6, without DERSIG", 0
522 1 : ).Num(1));
523 3 : tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG << OP_NOT,
524 1 : "BIP66 example 6, with DERSIG", SCRIPT_VERIFY_DERSIG
525 1 : ).Num(1).ScriptError(SCRIPT_ERR_SIG_DER));
526 3 : tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG,
527 1 : "BIP66 example 7, without DERSIG", 0
528 1 : ).Num(0).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").PushSig(keys.key2));
529 3 : tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG,
530 1 : "BIP66 example 7, with DERSIG", SCRIPT_VERIFY_DERSIG
531 1 : ).Num(0).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").PushSig(keys.key2).ScriptError(SCRIPT_ERR_SIG_DER));
532 3 : tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG << OP_NOT,
533 1 : "BIP66 example 8, without DERSIG", 0
534 1 : ).Num(0).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").PushSig(keys.key2).ScriptError(SCRIPT_ERR_EVAL_FALSE));
535 3 : tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG << OP_NOT,
536 1 : "BIP66 example 8, with DERSIG", SCRIPT_VERIFY_DERSIG
537 1 : ).Num(0).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").PushSig(keys.key2).ScriptError(SCRIPT_ERR_SIG_DER));
538 3 : tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG,
539 1 : "BIP66 example 9, without DERSIG", 0
540 1 : ).Num(0).Num(0).PushSig(keys.key2, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").ScriptError(SCRIPT_ERR_EVAL_FALSE));
541 3 : tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG,
542 1 : "BIP66 example 9, with DERSIG", SCRIPT_VERIFY_DERSIG
543 1 : ).Num(0).Num(0).PushSig(keys.key2, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").ScriptError(SCRIPT_ERR_SIG_DER));
544 3 : tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG << OP_NOT,
545 1 : "BIP66 example 10, without DERSIG", 0
546 1 : ).Num(0).Num(0).PushSig(keys.key2, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220"));
547 3 : tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG << OP_NOT,
548 1 : "BIP66 example 10, with DERSIG", SCRIPT_VERIFY_DERSIG
549 1 : ).Num(0).Num(0).PushSig(keys.key2, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").ScriptError(SCRIPT_ERR_SIG_DER));
550 3 : tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG,
551 1 : "BIP66 example 11, without DERSIG", 0
552 1 : ).Num(0).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").Num(0).ScriptError(SCRIPT_ERR_EVAL_FALSE));
553 3 : tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG,
554 1 : "BIP66 example 11, with DERSIG", SCRIPT_VERIFY_DERSIG
555 1 : ).Num(0).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").Num(0).ScriptError(SCRIPT_ERR_EVAL_FALSE));
556 3 : tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG << OP_NOT,
557 1 : "BIP66 example 12, without DERSIG", 0
558 1 : ).Num(0).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").Num(0));
559 3 : tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG << OP_NOT,
560 1 : "BIP66 example 12, with DERSIG", SCRIPT_VERIFY_DERSIG
561 1 : ).Num(0).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").Num(0));
562 3 : tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG,
563 1 : "P2PK with multi-byte hashtype, without DERSIG", 0
564 1 : ).PushSig(keys.key2, SIGHASH_ALL).EditPush(70, "01", "0101"));
565 3 : tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG,
566 1 : "P2PK with multi-byte hashtype, with DERSIG", SCRIPT_VERIFY_DERSIG
567 1 : ).PushSig(keys.key2, SIGHASH_ALL).EditPush(70, "01", "0101").ScriptError(SCRIPT_ERR_SIG_DER));
568 :
569 3 : tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG,
570 1 : "P2PK with high S but no LOW_S", 0
571 1 : ).PushSig(keys.key2, SIGHASH_ALL, 32, 33));
572 3 : tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG,
573 1 : "P2PK with high S", SCRIPT_VERIFY_LOW_S
574 1 : ).PushSig(keys.key2, SIGHASH_ALL, 32, 33).ScriptError(SCRIPT_ERR_SIG_HIGH_S));
575 :
576 3 : tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0H) << OP_CHECKSIG,
577 1 : "P2PK with hybrid pubkey but no STRICTENC", 0
578 1 : ).PushSig(keys.key0, SIGHASH_ALL));
579 3 : tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0H) << OP_CHECKSIG,
580 1 : "P2PK with hybrid pubkey", SCRIPT_VERIFY_STRICTENC
581 1 : ).PushSig(keys.key0, SIGHASH_ALL).ScriptError(SCRIPT_ERR_PUBKEYTYPE));
582 3 : tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0H) << OP_CHECKSIG << OP_NOT,
583 1 : "P2PK NOT with hybrid pubkey but no STRICTENC", 0
584 1 : ).PushSig(keys.key0, SIGHASH_ALL).ScriptError(SCRIPT_ERR_EVAL_FALSE));
585 3 : tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0H) << OP_CHECKSIG << OP_NOT,
586 1 : "P2PK NOT with hybrid pubkey", SCRIPT_VERIFY_STRICTENC
587 1 : ).PushSig(keys.key0, SIGHASH_ALL).ScriptError(SCRIPT_ERR_PUBKEYTYPE));
588 3 : tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0H) << OP_CHECKSIG << OP_NOT,
589 1 : "P2PK NOT with invalid hybrid pubkey but no STRICTENC", 0
590 1 : ).PushSig(keys.key0, SIGHASH_ALL).DamagePush(10));
591 3 : tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0H) << OP_CHECKSIG << OP_NOT,
592 1 : "P2PK NOT with invalid hybrid pubkey", SCRIPT_VERIFY_STRICTENC
593 1 : ).PushSig(keys.key0, SIGHASH_ALL).DamagePush(10).ScriptError(SCRIPT_ERR_PUBKEYTYPE));
594 3 : tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey0H) << ToByteVector(keys.pubkey1C) << OP_2 << OP_CHECKMULTISIG,
595 1 : "1-of-2 with the second 1 hybrid pubkey and no STRICTENC", 0
596 1 : ).Num(0).PushSig(keys.key1, SIGHASH_ALL));
597 3 : tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey0H) << ToByteVector(keys.pubkey1C) << OP_2 << OP_CHECKMULTISIG,
598 1 : "1-of-2 with the second 1 hybrid pubkey", SCRIPT_VERIFY_STRICTENC
599 1 : ).Num(0).PushSig(keys.key1, SIGHASH_ALL));
600 3 : tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey0H) << OP_2 << OP_CHECKMULTISIG,
601 1 : "1-of-2 with the first 1 hybrid pubkey", SCRIPT_VERIFY_STRICTENC
602 1 : ).Num(0).PushSig(keys.key1, SIGHASH_ALL).ScriptError(SCRIPT_ERR_PUBKEYTYPE));
603 :
604 3 : tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG,
605 1 : "P2PK with undefined hashtype but no STRICTENC", 0
606 1 : ).PushSig(keys.key1, 5));
607 3 : tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG,
608 1 : "P2PK with undefined hashtype", SCRIPT_VERIFY_STRICTENC
609 1 : ).PushSig(keys.key1, 5).ScriptError(SCRIPT_ERR_SIG_HASHTYPE));
610 3 : tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG << OP_NOT,
611 1 : "P2PK NOT with invalid sig and undefined hashtype but no STRICTENC", 0
612 1 : ).PushSig(keys.key1, 5).DamagePush(10));
613 3 : tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG << OP_NOT,
614 1 : "P2PK NOT with invalid sig and undefined hashtype", SCRIPT_VERIFY_STRICTENC
615 1 : ).PushSig(keys.key1, 5).DamagePush(10).ScriptError(SCRIPT_ERR_SIG_HASHTYPE));
616 :
617 3 : tests.push_back(TestBuilder(CScript() << OP_3 << ToByteVector(keys.pubkey0C) << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_3 << OP_CHECKMULTISIG,
618 1 : "3-of-3 with nonzero dummy but no NULLDUMMY", 0
619 1 : ).Num(1).PushSig(keys.key0).PushSig(keys.key1).PushSig(keys.key2));
620 3 : tests.push_back(TestBuilder(CScript() << OP_3 << ToByteVector(keys.pubkey0C) << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_3 << OP_CHECKMULTISIG,
621 1 : "3-of-3 with nonzero dummy", SCRIPT_VERIFY_NULLDUMMY
622 1 : ).Num(1).PushSig(keys.key0).PushSig(keys.key1).PushSig(keys.key2).ScriptError(SCRIPT_ERR_SIG_NULLDUMMY));
623 3 : tests.push_back(TestBuilder(CScript() << OP_3 << ToByteVector(keys.pubkey0C) << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_3 << OP_CHECKMULTISIG << OP_NOT,
624 1 : "3-of-3 NOT with invalid sig and nonzero dummy but no NULLDUMMY", 0
625 1 : ).Num(1).PushSig(keys.key0).PushSig(keys.key1).PushSig(keys.key2).DamagePush(10));
626 3 : tests.push_back(TestBuilder(CScript() << OP_3 << ToByteVector(keys.pubkey0C) << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_3 << OP_CHECKMULTISIG << OP_NOT,
627 1 : "3-of-3 NOT with invalid sig with nonzero dummy", SCRIPT_VERIFY_NULLDUMMY
628 1 : ).Num(1).PushSig(keys.key0).PushSig(keys.key1).PushSig(keys.key2).DamagePush(10).ScriptError(SCRIPT_ERR_SIG_NULLDUMMY));
629 :
630 3 : tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey1C) << OP_2 << OP_CHECKMULTISIG,
631 1 : "2-of-2 with two identical keys and sigs pushed using OP_DUP but no SIGPUSHONLY", 0
632 1 : ).Num(0).PushSig(keys.key1).Opcode(OP_DUP));
633 3 : tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey1C) << OP_2 << OP_CHECKMULTISIG,
634 1 : "2-of-2 with two identical keys and sigs pushed using OP_DUP", SCRIPT_VERIFY_SIGPUSHONLY
635 1 : ).Num(0).PushSig(keys.key1).Opcode(OP_DUP).ScriptError(SCRIPT_ERR_SIG_PUSHONLY));
636 3 : tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG,
637 1 : "P2SH(P2PK) with non-push scriptSig but no P2SH or SIGPUSHONLY", 0, true
638 1 : ).PushSig(keys.key2).Opcode(OP_NOP8).PushRedeem());
639 3 : tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG,
640 1 : "P2PK with non-push scriptSig but with P2SH validation", 0
641 1 : ).PushSig(keys.key2).Opcode(OP_NOP8));
642 3 : tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG,
643 1 : "P2SH(P2PK) with non-push scriptSig but no SIGPUSHONLY", SCRIPT_VERIFY_P2SH, true
644 1 : ).PushSig(keys.key2).Opcode(OP_NOP8).PushRedeem().ScriptError(SCRIPT_ERR_SIG_PUSHONLY));
645 3 : tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG,
646 1 : "P2SH(P2PK) with non-push scriptSig but not P2SH", SCRIPT_VERIFY_SIGPUSHONLY, true
647 1 : ).PushSig(keys.key2).Opcode(OP_NOP8).PushRedeem().ScriptError(SCRIPT_ERR_SIG_PUSHONLY));
648 3 : tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey1C) << OP_2 << OP_CHECKMULTISIG,
649 1 : "2-of-2 with two identical keys and sigs pushed", SCRIPT_VERIFY_SIGPUSHONLY
650 1 : ).Num(0).PushSig(keys.key1).PushSig(keys.key1));
651 3 : tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
652 1 : "P2PK with unnecessary input but no CLEANSTACK", SCRIPT_VERIFY_P2SH
653 1 : ).Num(11).PushSig(keys.key0));
654 3 : tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
655 1 : "P2PK with unnecessary input", SCRIPT_VERIFY_CLEANSTACK | SCRIPT_VERIFY_P2SH
656 1 : ).Num(11).PushSig(keys.key0).ScriptError(SCRIPT_ERR_CLEANSTACK));
657 3 : tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
658 1 : "P2SH with unnecessary input but no CLEANSTACK", SCRIPT_VERIFY_P2SH, true
659 1 : ).Num(11).PushSig(keys.key0).PushRedeem());
660 3 : tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
661 1 : "P2SH with unnecessary input", SCRIPT_VERIFY_CLEANSTACK | SCRIPT_VERIFY_P2SH, true
662 1 : ).Num(11).PushSig(keys.key0).PushRedeem().ScriptError(SCRIPT_ERR_CLEANSTACK));
663 3 : tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
664 1 : "P2SH with CLEANSTACK", SCRIPT_VERIFY_CLEANSTACK | SCRIPT_VERIFY_P2SH, true
665 1 : ).PushSig(keys.key0).PushRedeem());
666 :
667 : // Test OP_CHECKDATASIG
668 1 : const uint32_t checkdatasigflags = SCRIPT_VERIFY_STRICTENC |
669 : SCRIPT_VERIFY_NULLFAIL;
670 :
671 1 : tests.push_back(
672 2 : TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKDATASIG,
673 1 : "Standard CHECKDATASIG", checkdatasigflags)
674 1 : .PushDataSig(keys.key1, {})
675 1 : .Num(0));
676 3 : tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C)
677 1 : << OP_CHECKDATASIG << OP_NOT,
678 1 : "CHECKDATASIG with NULLFAIL flags",
679 : checkdatasigflags)
680 1 : .PushDataSig(keys.key1, {})
681 1 : .Num(1)
682 1 : .ScriptError(SCRIPT_ERR_SIG_NULLFAIL));
683 3 : tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C)
684 1 : << OP_CHECKDATASIG << OP_NOT,
685 1 : "CHECKDATASIG without NULLFAIL flags",
686 : checkdatasigflags & ~SCRIPT_VERIFY_NULLFAIL)
687 1 : .PushDataSig(keys.key1, {})
688 1 : .Num(1));
689 3 : tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C)
690 1 : << OP_CHECKDATASIG << OP_NOT,
691 1 : "CHECKDATASIG empty signature",
692 : checkdatasigflags)
693 1 : .Num(0)
694 1 : .Num(0));
695 1 : tests.push_back(
696 2 : TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKDATASIG,
697 1 : "CHECKDATASIG with High S but no Low S", checkdatasigflags)
698 1 : .PushDataSig(keys.key1, {}, 32, 33)
699 1 : .Num(0));
700 1 : tests.push_back(
701 2 : TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKDATASIG,
702 1 : "CHECKDATASIG with High S",
703 : checkdatasigflags | SCRIPT_VERIFY_LOW_S)
704 1 : .PushDataSig(keys.key1, {}, 32, 33)
705 1 : .Num(0)
706 1 : .ScriptError(SCRIPT_ERR_SIG_HIGH_S));
707 1 : tests.push_back(
708 2 : TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKDATASIG,
709 1 : "CHECKDATASIG with too little R padding but no DERSIG",
710 : checkdatasigflags & ~SCRIPT_VERIFY_STRICTENC)
711 1 : .PushDataSig(keys.key1, {}, 33, 32)
712 1 : .EditPush(1, "45022100", "440220")
713 1 : .Num(0));
714 1 : tests.push_back(
715 2 : TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKDATASIG,
716 1 : "CHECKDATASIG with too little R padding", checkdatasigflags)
717 1 : .PushDataSig(keys.key1, {}, 33, 32)
718 1 : .EditPush(1, "45022100", "440220")
719 1 : .Num(0)
720 1 : .ScriptError(SCRIPT_ERR_SIG_DER));
721 1 : tests.push_back(
722 2 : TestBuilder(CScript() << ToByteVector(keys.pubkey0H) << OP_CHECKDATASIG,
723 1 : "CHECKDATASIG with hybrid pubkey but no STRICTENC",
724 : checkdatasigflags & ~SCRIPT_VERIFY_STRICTENC)
725 1 : .PushDataSig(keys.key0, {})
726 1 : .Num(0));
727 1 : tests.push_back(
728 2 : TestBuilder(CScript() << ToByteVector(keys.pubkey0H) << OP_CHECKDATASIG,
729 1 : "CHECKDATASIG with hybrid pubkey", checkdatasigflags)
730 1 : .PushDataSig(keys.key0, {})
731 1 : .Num(0)
732 1 : .ScriptError(SCRIPT_ERR_PUBKEYTYPE));
733 1 : tests.push_back(
734 2 : TestBuilder(CScript() << ToByteVector(keys.pubkey0H) << OP_CHECKDATASIG
735 1 : << OP_NOT,
736 1 : "CHECKDATASIG with invalid hybrid pubkey but no STRICTENC",
737 : 0)
738 1 : .PushDataSig(keys.key0, {})
739 1 : .DamagePush(10)
740 1 : .Num(0));
741 1 : tests.push_back(
742 2 : TestBuilder(CScript() << ToByteVector(keys.pubkey0H) << OP_CHECKDATASIG,
743 1 : "CHECKDATASIG with invalid hybrid pubkey",
744 : checkdatasigflags)
745 1 : .PushDataSig(keys.key0, {})
746 1 : .DamagePush(10)
747 1 : .Num(0)
748 1 : .ScriptError(SCRIPT_ERR_PUBKEYTYPE));
749 :
750 : // Test OP_CHECKDATASIGVERIFY
751 3 : tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C)
752 1 : << OP_CHECKDATASIGVERIFY << OP_TRUE,
753 1 : "Standard CHECKDATASIGVERIFY",
754 : checkdatasigflags)
755 1 : .PushDataSig(keys.key1, {})
756 1 : .Num(0));
757 3 : tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C)
758 1 : << OP_CHECKDATASIGVERIFY << OP_TRUE,
759 1 : "CHECKDATASIGVERIFY with NULLFAIL flags",
760 : checkdatasigflags)
761 1 : .PushDataSig(keys.key1, {})
762 1 : .Num(1)
763 1 : .ScriptError(SCRIPT_ERR_SIG_NULLFAIL));
764 3 : tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C)
765 1 : << OP_CHECKDATASIGVERIFY << OP_TRUE,
766 1 : "CHECKDATASIGVERIFY without NULLFAIL flags",
767 : checkdatasigflags & ~SCRIPT_VERIFY_NULLFAIL)
768 1 : .PushDataSig(keys.key1, {})
769 1 : .Num(1)
770 1 : .ScriptError(SCRIPT_ERR_CHECKDATASIGVERIFY));
771 3 : tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C)
772 1 : << OP_CHECKDATASIGVERIFY << OP_TRUE,
773 1 : "CHECKDATASIGVERIFY empty signature",
774 : checkdatasigflags)
775 1 : .Num(0)
776 1 : .Num(0)
777 1 : .ScriptError(SCRIPT_ERR_CHECKDATASIGVERIFY));
778 3 : tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C)
779 1 : << OP_CHECKDATASIGVERIFY << OP_TRUE,
780 1 : "CHECKDATASIG with High S but no Low S",
781 : checkdatasigflags)
782 1 : .PushDataSig(keys.key1, {}, 32, 33)
783 1 : .Num(0));
784 3 : tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C)
785 1 : << OP_CHECKDATASIGVERIFY << OP_TRUE,
786 1 : "CHECKDATASIG with High S",
787 : checkdatasigflags | SCRIPT_VERIFY_LOW_S)
788 1 : .PushDataSig(keys.key1, {}, 32, 33)
789 1 : .Num(0)
790 1 : .ScriptError(SCRIPT_ERR_SIG_HIGH_S));
791 1 : tests.push_back(
792 1 : TestBuilder(
793 1 : CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKDATASIGVERIFY
794 1 : << OP_TRUE,
795 1 : "CHECKDATASIGVERIFY with too little R padding but no DERSIG",
796 : checkdatasigflags & ~SCRIPT_VERIFY_STRICTENC)
797 1 : .PushDataSig(keys.key1, {}, 33, 32)
798 1 : .EditPush(1, "45022100", "440220")
799 1 : .Num(0));
800 3 : tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C)
801 1 : << OP_CHECKDATASIGVERIFY << OP_TRUE,
802 1 : "CHECKDATASIGVERIFY with too little R padding",
803 : checkdatasigflags)
804 1 : .PushDataSig(keys.key1, {}, 33, 32)
805 1 : .EditPush(1, "45022100", "440220")
806 1 : .Num(0)
807 1 : .ScriptError(SCRIPT_ERR_SIG_DER));
808 1 : tests.push_back(
809 2 : TestBuilder(CScript() << ToByteVector(keys.pubkey0H)
810 1 : << OP_CHECKDATASIGVERIFY << OP_TRUE,
811 1 : "CHECKDATASIGVERIFY with hybrid pubkey but no STRICTENC",
812 : checkdatasigflags & ~SCRIPT_VERIFY_STRICTENC)
813 1 : .PushDataSig(keys.key0, {})
814 1 : .Num(0));
815 3 : tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0H)
816 1 : << OP_CHECKDATASIGVERIFY << OP_TRUE,
817 1 : "CHECKDATASIGVERIFY with hybrid pubkey",
818 : checkdatasigflags)
819 1 : .PushDataSig(keys.key0, {})
820 1 : .Num(0)
821 1 : .ScriptError(SCRIPT_ERR_PUBKEYTYPE));
822 1 : tests.push_back(
823 1 : TestBuilder(
824 1 : CScript() << ToByteVector(keys.pubkey0H) << OP_CHECKDATASIGVERIFY
825 1 : << OP_TRUE,
826 1 : "CHECKDATASIGVERIFY with invalid hybrid pubkey but no STRICTENC",
827 : 0)
828 1 : .PushDataSig(keys.key0, {})
829 1 : .DamagePush(10)
830 1 : .Num(0)
831 1 : .ScriptError(SCRIPT_ERR_CHECKDATASIGVERIFY));
832 3 : tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0H)
833 1 : << OP_CHECKDATASIGVERIFY << OP_TRUE,
834 1 : "CHECKDATASIGVERIFY with invalid hybrid pubkey",
835 : checkdatasigflags)
836 1 : .PushDataSig(keys.key0, {})
837 1 : .DamagePush(10)
838 1 : .Num(0)
839 1 : .ScriptError(SCRIPT_ERR_PUBKEYTYPE));
840 :
841 1 : std::set<std::string> tests_set;
842 :
843 : {
844 1 : UniValue json_tests = read_json(std::string(json_tests::script_tests, json_tests::script_tests + sizeof(json_tests::script_tests)));
845 :
846 1335 : for (unsigned int idx = 0; idx < json_tests.size(); idx++) {
847 1334 : const UniValue& tv = json_tests[idx];
848 1334 : tests_set.insert(JSONPrettyPrint(tv.get_array()));
849 1334 : }
850 1 : }
851 :
852 : #ifdef UPDATE_JSON_TESTS
853 : std::string strGen;
854 : #endif
855 107 : for (TestBuilder& test : tests) {
856 106 : test.Test();
857 106 : std::string str = JSONPrettyPrint(test.GetJSON());
858 : #ifdef UPDATE_JSON_TESTS
859 : strGen += str + ",\n";
860 : #else
861 106 : if (tests_set.count(str) == 0) {
862 0 : BOOST_CHECK_MESSAGE(false, "Missing auto script_valid test: " + test.GetComment());
863 0 : }
864 : #endif
865 106 : }
866 :
867 : #ifdef UPDATE_JSON_TESTS
868 : FILE* file = fsbridge::fopen("script_tests.json.gen", "w");
869 : fputs(strGen.c_str(), file);
870 : fclose(file);
871 : #endif
872 1 : }
873 :
874 149 : BOOST_AUTO_TEST_CASE(script_json_test)
875 : {
876 : // Read tests from test/data/script_tests.json
877 : // Format is an array of arrays
878 : // Inner arrays are [ "scriptSig", "scriptPubKey", "flags", "expected_scripterror" ]
879 : // ... where scriptSig and scriptPubKey are stringified
880 : // scripts.
881 1 : UniValue tests = read_json(std::string(json_tests::script_tests, json_tests::script_tests + sizeof(json_tests::script_tests)));
882 :
883 1335 : for (unsigned int idx = 0; idx < tests.size(); idx++) {
884 1334 : const UniValue& test = tests[idx];
885 1334 : std::string strTest = test.write();
886 1334 : if (test.size() < 4) // Allow size > 3; extra stuff ignored (useful for comments)
887 : {
888 52 : if (test.size() != 1) {
889 0 : BOOST_ERROR("Bad test: " << strTest);
890 0 : }
891 52 : continue;
892 : }
893 1282 : std::string scriptSigString = test[0].get_str();
894 1282 : CScript scriptSig = ParseScript(scriptSigString);
895 1282 : std::string scriptPubKeyString = test[1].get_str();
896 1282 : CScript scriptPubKey = ParseScript(scriptPubKeyString);
897 1282 : unsigned int scriptflags = ParseScriptFlags(test[2].get_str());
898 1282 : int scriptError = ParseScriptError(test[3].get_str());
899 :
900 1282 : DoTest(scriptPubKey, scriptSig, scriptflags, strTest, scriptError);
901 1334 : }
902 1 : }
903 :
904 149 : BOOST_AUTO_TEST_CASE(script_PushData)
905 : {
906 : // Check that PUSHDATA1, PUSHDATA2, and PUSHDATA4 create the same value on
907 : // the stack as the 1-75 opcodes do.
908 : static const unsigned char direct[] = { 1, 0x5a };
909 : static const unsigned char pushdata1[] = { OP_PUSHDATA1, 1, 0x5a };
910 : static const unsigned char pushdata2[] = { OP_PUSHDATA2, 1, 0, 0x5a };
911 : static const unsigned char pushdata4[] = { OP_PUSHDATA4, 1, 0, 0, 0, 0x5a };
912 :
913 : ScriptError err;
914 1 : std::vector<std::vector<unsigned char> > directStack;
915 1 : BOOST_CHECK(EvalScript(directStack, CScript(direct, direct + sizeof(direct)), SCRIPT_VERIFY_P2SH, BaseSignatureChecker(), SigVersion::BASE, &err));
916 1 : BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
917 :
918 1 : std::vector<std::vector<unsigned char> > pushdata1Stack;
919 1 : BOOST_CHECK(EvalScript(pushdata1Stack, CScript(pushdata1, pushdata1 + sizeof(pushdata1)), SCRIPT_VERIFY_P2SH, BaseSignatureChecker(), SigVersion::BASE, &err));
920 1 : BOOST_CHECK(pushdata1Stack == directStack);
921 1 : BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
922 :
923 1 : std::vector<std::vector<unsigned char> > pushdata2Stack;
924 1 : BOOST_CHECK(EvalScript(pushdata2Stack, CScript(pushdata2, pushdata2 + sizeof(pushdata2)), SCRIPT_VERIFY_P2SH, BaseSignatureChecker(), SigVersion::BASE, &err));
925 1 : BOOST_CHECK(pushdata2Stack == directStack);
926 1 : BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
927 :
928 1 : std::vector<std::vector<unsigned char> > pushdata4Stack;
929 1 : BOOST_CHECK(EvalScript(pushdata4Stack, CScript(pushdata4, pushdata4 + sizeof(pushdata4)), SCRIPT_VERIFY_P2SH, BaseSignatureChecker(), SigVersion::BASE, &err));
930 1 : BOOST_CHECK(pushdata4Stack == directStack);
931 1 : BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
932 :
933 1 : const std::vector<unsigned char> pushdata1_trunc{OP_PUSHDATA1, 1};
934 1 : const std::vector<unsigned char> pushdata2_trunc{OP_PUSHDATA2, 1, 0};
935 1 : const std::vector<unsigned char> pushdata4_trunc{OP_PUSHDATA4, 1, 0, 0, 0};
936 :
937 1 : std::vector<std::vector<unsigned char>> stack_ignore;
938 1 : BOOST_CHECK(!EvalScript(stack_ignore, CScript(pushdata1_trunc.begin(), pushdata1_trunc.end()), SCRIPT_VERIFY_P2SH, BaseSignatureChecker(), SigVersion::BASE, &err));
939 1 : BOOST_CHECK_EQUAL(err, SCRIPT_ERR_BAD_OPCODE);
940 1 : BOOST_CHECK(!EvalScript(stack_ignore, CScript(pushdata2_trunc.begin(), pushdata2_trunc.end()), SCRIPT_VERIFY_P2SH, BaseSignatureChecker(), SigVersion::BASE, &err));
941 1 : BOOST_CHECK_EQUAL(err, SCRIPT_ERR_BAD_OPCODE);
942 1 : BOOST_CHECK(!EvalScript(stack_ignore, CScript(pushdata4_trunc.begin(), pushdata4_trunc.end()), SCRIPT_VERIFY_P2SH, BaseSignatureChecker(), SigVersion::BASE, &err));
943 1 : BOOST_CHECK_EQUAL(err, SCRIPT_ERR_BAD_OPCODE);
944 1 : }
945 :
946 149 : BOOST_AUTO_TEST_CASE(script_cltv_truncated)
947 : {
948 1 : const auto script_cltv_trunc = CScript() << OP_CHECKLOCKTIMEVERIFY;
949 :
950 1 : std::vector<std::vector<unsigned char>> stack_ignore;
951 : ScriptError err;
952 1 : BOOST_CHECK(!EvalScript(stack_ignore, script_cltv_trunc, SCRIPT_VERIFY_CHECKLOCKTIMEVERIFY, BaseSignatureChecker(), SigVersion::BASE, &err));
953 1 : BOOST_CHECK_EQUAL(err, SCRIPT_ERR_INVALID_STACK_OPERATION);
954 1 : }
955 :
956 : static CScript
957 12 : sign_multisig(const CScript& scriptPubKey, const std::vector<CKey>& keys, const CTransaction& transaction)
958 : {
959 12 : uint256 hash = SignatureHash(scriptPubKey, transaction, 0, SIGHASH_ALL, 0, SigVersion::BASE);
960 :
961 12 : CScript result;
962 : //
963 : // NOTE: CHECKMULTISIG has an unfortunate bug; it requires
964 : // one extra item on the stack, before the signatures.
965 : // Putting OP_0 on the stack is the workaround;
966 : // fixing the bug would mean splitting the block chain (old
967 : // clients would not accept new CHECKMULTISIG transactions,
968 : // and vice-versa)
969 : //
970 12 : result << OP_0;
971 31 : for (const CKey &key : keys)
972 : {
973 19 : std::vector<unsigned char> vchSig;
974 19 : BOOST_CHECK(key.Sign(hash, vchSig));
975 19 : vchSig.push_back((unsigned char)SIGHASH_ALL);
976 19 : result << vchSig;
977 19 : }
978 12 : return result;
979 12 : }
980 : static CScript
981 3 : sign_multisig(const CScript& scriptPubKey, const CKey& key, const CTransaction& transaction)
982 : {
983 3 : std::vector<CKey> keys;
984 3 : keys.push_back(key);
985 3 : return sign_multisig(scriptPubKey, keys, transaction);
986 3 : }
987 :
988 149 : BOOST_AUTO_TEST_CASE(script_CHECKMULTISIG12)
989 : {
990 : ScriptError err;
991 1 : CKey key1 = GenerateRandomKey();
992 1 : CKey key2 = GenerateRandomKey(/*compressed=*/false);
993 1 : CKey key3 = GenerateRandomKey();
994 :
995 1 : CScript scriptPubKey12;
996 1 : scriptPubKey12 << OP_1 << ToByteVector(key1.GetPubKey()) << ToByteVector(key2.GetPubKey()) << OP_2 << OP_CHECKMULTISIG;
997 :
998 1 : const CTransaction txFrom12{BuildCreditingTransaction(scriptPubKey12)};
999 1 : CMutableTransaction txTo12 = BuildSpendingTransaction(CScript(), txFrom12);
1000 :
1001 1 : CScript goodsig1 = sign_multisig(scriptPubKey12, key1, CTransaction(txTo12));
1002 1 : BOOST_CHECK(VerifyScript(goodsig1, scriptPubKey12, gFlags, MutableTransactionSignatureChecker(&txTo12, 0, txFrom12.vout[0].nValue, MissingDataBehavior::ASSERT_FAIL), &err));
1003 1 : BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
1004 1 : txTo12.vout[0].nValue = 2;
1005 1 : BOOST_CHECK(!VerifyScript(goodsig1, scriptPubKey12, gFlags, MutableTransactionSignatureChecker(&txTo12, 0, txFrom12.vout[0].nValue, MissingDataBehavior::ASSERT_FAIL), &err));
1006 1 : BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_EVAL_FALSE, ScriptErrorString(err));
1007 :
1008 1 : CScript goodsig2 = sign_multisig(scriptPubKey12, key2, CTransaction(txTo12));
1009 1 : BOOST_CHECK(VerifyScript(goodsig2, scriptPubKey12, gFlags, MutableTransactionSignatureChecker(&txTo12, 0, txFrom12.vout[0].nValue, MissingDataBehavior::ASSERT_FAIL), &err));
1010 1 : BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
1011 :
1012 1 : CScript badsig1 = sign_multisig(scriptPubKey12, key3, CTransaction(txTo12));
1013 1 : BOOST_CHECK(!VerifyScript(badsig1, scriptPubKey12, gFlags, MutableTransactionSignatureChecker(&txTo12, 0, txFrom12.vout[0].nValue, MissingDataBehavior::ASSERT_FAIL), &err));
1014 1 : BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_EVAL_FALSE, ScriptErrorString(err));
1015 1 : }
1016 :
1017 149 : BOOST_AUTO_TEST_CASE(script_CHECKMULTISIG23)
1018 : {
1019 : ScriptError err;
1020 1 : CKey key1 = GenerateRandomKey();
1021 1 : CKey key2 = GenerateRandomKey(/*compressed=*/false);
1022 1 : CKey key3 = GenerateRandomKey();
1023 1 : CKey key4 = GenerateRandomKey(/*compressed=*/false);
1024 :
1025 1 : CScript scriptPubKey23;
1026 1 : scriptPubKey23 << OP_2 << ToByteVector(key1.GetPubKey()) << ToByteVector(key2.GetPubKey()) << ToByteVector(key3.GetPubKey()) << OP_3 << OP_CHECKMULTISIG;
1027 :
1028 1 : const CTransaction txFrom23{BuildCreditingTransaction(scriptPubKey23)};
1029 1 : CMutableTransaction txTo23 = BuildSpendingTransaction(CScript(), txFrom23);
1030 :
1031 1 : std::vector<CKey> keys;
1032 1 : keys.push_back(key1); keys.push_back(key2);
1033 1 : CScript goodsig1 = sign_multisig(scriptPubKey23, keys, CTransaction(txTo23));
1034 1 : BOOST_CHECK(VerifyScript(goodsig1, scriptPubKey23, gFlags, MutableTransactionSignatureChecker(&txTo23, 0, txFrom23.vout[0].nValue, MissingDataBehavior::ASSERT_FAIL), &err));
1035 1 : BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
1036 :
1037 1 : keys.clear();
1038 1 : keys.push_back(key1); keys.push_back(key3);
1039 1 : CScript goodsig2 = sign_multisig(scriptPubKey23, keys, CTransaction(txTo23));
1040 1 : BOOST_CHECK(VerifyScript(goodsig2, scriptPubKey23, gFlags, MutableTransactionSignatureChecker(&txTo23, 0, txFrom23.vout[0].nValue, MissingDataBehavior::ASSERT_FAIL), &err));
1041 1 : BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
1042 :
1043 1 : keys.clear();
1044 1 : keys.push_back(key2); keys.push_back(key3);
1045 1 : CScript goodsig3 = sign_multisig(scriptPubKey23, keys, CTransaction(txTo23));
1046 1 : BOOST_CHECK(VerifyScript(goodsig3, scriptPubKey23, gFlags, MutableTransactionSignatureChecker(&txTo23, 0, txFrom23.vout[0].nValue, MissingDataBehavior::ASSERT_FAIL), &err));
1047 1 : BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
1048 :
1049 1 : keys.clear();
1050 1 : keys.push_back(key2); keys.push_back(key2); // Can't reuse sig
1051 1 : CScript badsig1 = sign_multisig(scriptPubKey23, keys, CTransaction(txTo23));
1052 1 : BOOST_CHECK(!VerifyScript(badsig1, scriptPubKey23, gFlags, MutableTransactionSignatureChecker(&txTo23, 0, txFrom23.vout[0].nValue, MissingDataBehavior::ASSERT_FAIL), &err));
1053 1 : BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_EVAL_FALSE, ScriptErrorString(err));
1054 :
1055 1 : keys.clear();
1056 1 : keys.push_back(key2); keys.push_back(key1); // sigs must be in correct order
1057 1 : CScript badsig2 = sign_multisig(scriptPubKey23, keys, CTransaction(txTo23));
1058 1 : BOOST_CHECK(!VerifyScript(badsig2, scriptPubKey23, gFlags, MutableTransactionSignatureChecker(&txTo23, 0, txFrom23.vout[0].nValue, MissingDataBehavior::ASSERT_FAIL), &err));
1059 1 : BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_EVAL_FALSE, ScriptErrorString(err));
1060 :
1061 1 : keys.clear();
1062 1 : keys.push_back(key3); keys.push_back(key2); // sigs must be in correct order
1063 1 : CScript badsig3 = sign_multisig(scriptPubKey23, keys, CTransaction(txTo23));
1064 1 : BOOST_CHECK(!VerifyScript(badsig3, scriptPubKey23, gFlags, MutableTransactionSignatureChecker(&txTo23, 0, txFrom23.vout[0].nValue, MissingDataBehavior::ASSERT_FAIL), &err));
1065 1 : BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_EVAL_FALSE, ScriptErrorString(err));
1066 :
1067 1 : keys.clear();
1068 1 : keys.push_back(key4); keys.push_back(key2); // sigs must match pubkeys
1069 1 : CScript badsig4 = sign_multisig(scriptPubKey23, keys, CTransaction(txTo23));
1070 1 : BOOST_CHECK(!VerifyScript(badsig4, scriptPubKey23, gFlags, MutableTransactionSignatureChecker(&txTo23, 0, txFrom23.vout[0].nValue, MissingDataBehavior::ASSERT_FAIL), &err));
1071 1 : BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_EVAL_FALSE, ScriptErrorString(err));
1072 :
1073 1 : keys.clear();
1074 1 : keys.push_back(key1); keys.push_back(key4); // sigs must match pubkeys
1075 1 : CScript badsig5 = sign_multisig(scriptPubKey23, keys, CTransaction(txTo23));
1076 1 : BOOST_CHECK(!VerifyScript(badsig5, scriptPubKey23, gFlags, MutableTransactionSignatureChecker(&txTo23, 0, txFrom23.vout[0].nValue, MissingDataBehavior::ASSERT_FAIL), &err));
1077 1 : BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_EVAL_FALSE, ScriptErrorString(err));
1078 :
1079 1 : keys.clear(); // Must have signatures
1080 1 : CScript badsig6 = sign_multisig(scriptPubKey23, keys, CTransaction(txTo23));
1081 1 : BOOST_CHECK(!VerifyScript(badsig6, scriptPubKey23, gFlags, MutableTransactionSignatureChecker(&txTo23, 0, txFrom23.vout[0].nValue, MissingDataBehavior::ASSERT_FAIL), &err));
1082 1 : BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_INVALID_STACK_OPERATION, ScriptErrorString(err));
1083 1 : }
1084 :
1085 : /* Wrapper around ProduceSignature to combine two scriptsigs */
1086 17 : SignatureData CombineSignatures(const CTxOut& txout, const CMutableTransaction& tx, const SignatureData& scriptSig1, const SignatureData& scriptSig2)
1087 : {
1088 17 : SignatureData data;
1089 17 : data.MergeSignatureData(scriptSig1);
1090 17 : data.MergeSignatureData(scriptSig2);
1091 17 : ProduceSignature(DUMMY_SIGNING_PROVIDER, MutableTransactionSignatureCreator(tx, 0, txout.nValue), txout.scriptPubKey, data);
1092 17 : return data;
1093 17 : }
1094 :
1095 149 : BOOST_AUTO_TEST_CASE(script_combineSigs)
1096 : {
1097 : // Test the ProduceSignature's ability to combine signatures function
1098 1 : FillableSigningProvider keystore;
1099 1 : std::vector<CKey> keys;
1100 1 : std::vector<CPubKey> pubkeys;
1101 4 : for (int i = 0; i < 3; i++)
1102 : {
1103 3 : CKey key = GenerateRandomKey(/*compressed=*/i%2 == 1);
1104 3 : keys.push_back(key);
1105 3 : pubkeys.push_back(key.GetPubKey());
1106 3 : BOOST_CHECK(keystore.AddKey(key));
1107 3 : }
1108 :
1109 1 : CMutableTransaction txFrom = BuildCreditingTransaction(GetScriptForDestination(PKHash(keys[0].GetPubKey())));
1110 1 : CMutableTransaction txTo = BuildSpendingTransaction(CScript(), CTransaction(txFrom));
1111 1 : CScript& scriptPubKey = txFrom.vout[0].scriptPubKey;
1112 1 : SignatureData scriptSig;
1113 :
1114 1 : SignatureData empty;
1115 1 : SignatureData combined = CombineSignatures(txFrom.vout[0], txTo, empty, empty);
1116 1 : BOOST_CHECK(combined.scriptSig.empty());
1117 :
1118 : // Single signature case:
1119 1 : BOOST_CHECK(SignSignature(keystore, CTransaction(txFrom), txTo, 0, SIGHASH_ALL)); // changes scriptSig
1120 1 : scriptSig = DataFromTransaction(txTo, 0, txFrom.vout[0]);
1121 1 : combined = CombineSignatures(txFrom.vout[0], txTo, scriptSig, empty);
1122 1 : BOOST_CHECK(combined.scriptSig == scriptSig.scriptSig);
1123 1 : combined = CombineSignatures(txFrom.vout[0], txTo, empty, scriptSig);
1124 1 : BOOST_CHECK(combined.scriptSig == scriptSig.scriptSig);
1125 1 : SignatureData scriptSigCopy = scriptSig;
1126 : // Signing again will give a different, valid signature:
1127 1 : BOOST_CHECK(SignSignature(keystore, CTransaction(txFrom), txTo, 0, SIGHASH_ALL));
1128 1 : scriptSig = DataFromTransaction(txTo, 0, txFrom.vout[0]);
1129 1 : combined = CombineSignatures(txFrom.vout[0], txTo, scriptSigCopy, scriptSig);
1130 1 : BOOST_CHECK(combined.scriptSig == scriptSigCopy.scriptSig || combined.scriptSig == scriptSig.scriptSig);
1131 :
1132 : // P2SH, single-signature case:
1133 1 : CScript pkSingle; pkSingle << ToByteVector(keys[0].GetPubKey()) << OP_CHECKSIG;
1134 1 : BOOST_CHECK(keystore.AddCScript(pkSingle));
1135 1 : scriptPubKey = GetScriptForDestination(ScriptHash(pkSingle));
1136 1 : BOOST_CHECK(SignSignature(keystore, CTransaction(txFrom), txTo, 0, SIGHASH_ALL));
1137 1 : scriptSig = DataFromTransaction(txTo, 0, txFrom.vout[0]);
1138 1 : combined = CombineSignatures(txFrom.vout[0], txTo, scriptSig, empty);
1139 1 : BOOST_CHECK(combined.scriptSig == scriptSig.scriptSig);
1140 1 : combined = CombineSignatures(txFrom.vout[0], txTo, empty, scriptSig);
1141 1 : BOOST_CHECK(combined.scriptSig == scriptSig.scriptSig);
1142 1 : scriptSigCopy = scriptSig;
1143 1 : BOOST_CHECK(SignSignature(keystore, CTransaction(txFrom), txTo, 0, SIGHASH_ALL));
1144 1 : scriptSig = DataFromTransaction(txTo, 0, txFrom.vout[0]);
1145 1 : combined = CombineSignatures(txFrom.vout[0], txTo, scriptSigCopy, scriptSig);
1146 1 : BOOST_CHECK(combined.scriptSig == scriptSigCopy.scriptSig || combined.scriptSig == scriptSig.scriptSig);
1147 :
1148 : // Hardest case: Multisig 2-of-3
1149 1 : scriptPubKey = GetScriptForMultisig(2, pubkeys);
1150 1 : BOOST_CHECK(keystore.AddCScript(scriptPubKey));
1151 1 : BOOST_CHECK(SignSignature(keystore, CTransaction(txFrom), txTo, 0, SIGHASH_ALL));
1152 1 : scriptSig = DataFromTransaction(txTo, 0, txFrom.vout[0]);
1153 1 : combined = CombineSignatures(txFrom.vout[0], txTo, scriptSig, empty);
1154 1 : BOOST_CHECK(combined.scriptSig == scriptSig.scriptSig);
1155 1 : combined = CombineSignatures(txFrom.vout[0], txTo, empty, scriptSig);
1156 1 : BOOST_CHECK(combined.scriptSig == scriptSig.scriptSig);
1157 :
1158 : // A couple of partially-signed versions:
1159 1 : std::vector<unsigned char> sig1;
1160 1 : uint256 hash1 = SignatureHash(scriptPubKey, txTo, 0, SIGHASH_ALL, 0, SigVersion::BASE);
1161 1 : BOOST_CHECK(keys[0].Sign(hash1, sig1));
1162 1 : sig1.push_back(SIGHASH_ALL);
1163 1 : std::vector<unsigned char> sig2;
1164 1 : uint256 hash2 = SignatureHash(scriptPubKey, txTo, 0, SIGHASH_NONE, 0, SigVersion::BASE);
1165 1 : BOOST_CHECK(keys[1].Sign(hash2, sig2));
1166 1 : sig2.push_back(SIGHASH_NONE);
1167 1 : std::vector<unsigned char> sig3;
1168 1 : uint256 hash3 = SignatureHash(scriptPubKey, txTo, 0, SIGHASH_SINGLE, 0, SigVersion::BASE);
1169 1 : BOOST_CHECK(keys[2].Sign(hash3, sig3));
1170 1 : sig3.push_back(SIGHASH_SINGLE);
1171 :
1172 : // Not fussy about order (or even existence) of placeholders or signatures:
1173 1 : CScript partial1a = CScript() << OP_0 << sig1 << OP_0;
1174 1 : CScript partial1b = CScript() << OP_0 << OP_0 << sig1;
1175 1 : CScript partial2a = CScript() << OP_0 << sig2;
1176 1 : CScript partial2b = CScript() << sig2 << OP_0;
1177 1 : CScript partial3a = CScript() << sig3;
1178 1 : CScript partial3b = CScript() << OP_0 << OP_0 << sig3;
1179 1 : CScript partial3c = CScript() << OP_0 << sig3 << OP_0;
1180 1 : CScript complete12 = CScript() << OP_0 << sig1 << sig2;
1181 1 : CScript complete13 = CScript() << OP_0 << sig1 << sig3;
1182 1 : CScript complete23 = CScript() << OP_0 << sig2 << sig3;
1183 1 : SignatureData partial1_sigs;
1184 1 : partial1_sigs.signatures.emplace(keys[0].GetPubKey().GetID(), SigPair(keys[0].GetPubKey(), sig1));
1185 1 : SignatureData partial2_sigs;
1186 1 : partial2_sigs.signatures.emplace(keys[1].GetPubKey().GetID(), SigPair(keys[1].GetPubKey(), sig2));
1187 1 : SignatureData partial3_sigs;
1188 1 : partial3_sigs.signatures.emplace(keys[2].GetPubKey().GetID(), SigPair(keys[2].GetPubKey(), sig3));
1189 :
1190 1 : combined = CombineSignatures(txFrom.vout[0], txTo, partial1_sigs, partial1_sigs);
1191 1 : BOOST_CHECK(combined.scriptSig == partial1a);
1192 1 : combined = CombineSignatures(txFrom.vout[0], txTo, partial1_sigs, partial2_sigs);
1193 1 : BOOST_CHECK(combined.scriptSig == complete12);
1194 1 : combined = CombineSignatures(txFrom.vout[0], txTo, partial2_sigs, partial1_sigs);
1195 1 : BOOST_CHECK(combined.scriptSig == complete12);
1196 1 : combined = CombineSignatures(txFrom.vout[0], txTo, partial1_sigs, partial2_sigs);
1197 1 : BOOST_CHECK(combined.scriptSig == complete12);
1198 1 : combined = CombineSignatures(txFrom.vout[0], txTo, partial3_sigs, partial1_sigs);
1199 1 : BOOST_CHECK(combined.scriptSig == complete13);
1200 1 : combined = CombineSignatures(txFrom.vout[0], txTo, partial2_sigs, partial3_sigs);
1201 1 : BOOST_CHECK(combined.scriptSig == complete23);
1202 1 : combined = CombineSignatures(txFrom.vout[0], txTo, partial3_sigs, partial2_sigs);
1203 1 : BOOST_CHECK(combined.scriptSig == complete23);
1204 1 : combined = CombineSignatures(txFrom.vout[0], txTo, partial3_sigs, partial3_sigs);
1205 1 : BOOST_CHECK(combined.scriptSig == partial3c);
1206 1 : }
1207 :
1208 149 : BOOST_AUTO_TEST_CASE(script_standard_push)
1209 : {
1210 : ScriptError err;
1211 67001 : for (int i=0; i<67000; i++) {
1212 67000 : CScript script;
1213 67000 : script << i;
1214 67000 : BOOST_CHECK_MESSAGE(script.IsPushOnly(), "Number " << i << " is not pure push.");
1215 67000 : BOOST_CHECK_MESSAGE(VerifyScript(script, CScript() << OP_1, SCRIPT_VERIFY_MINIMALDATA, BaseSignatureChecker(), &err), "Number " << i << " push is not minimal data.");
1216 67000 : BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
1217 67000 : }
1218 :
1219 522 : for (unsigned int i=0; i<=MAX_SCRIPT_ELEMENT_SIZE; i++) {
1220 521 : std::vector<unsigned char> data(i, '\111');
1221 521 : CScript script;
1222 521 : script << data;
1223 521 : BOOST_CHECK_MESSAGE(script.IsPushOnly(), "Length " << i << " is not pure push.");
1224 521 : BOOST_CHECK_MESSAGE(VerifyScript(script, CScript() << OP_1, SCRIPT_VERIFY_MINIMALDATA, BaseSignatureChecker(), &err), "Length " << i << " push is not minimal data.");
1225 521 : BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
1226 521 : }
1227 1 : }
1228 :
1229 149 : BOOST_AUTO_TEST_CASE(script_IsPushOnly_on_invalid_scripts)
1230 : {
1231 : // IsPushOnly returns false when given a script containing only pushes that
1232 : // are invalid due to truncation. IsPushOnly() is consensus critical
1233 : // because P2SH evaluation uses it, although this specific behavior should
1234 : // not be consensus critical as the P2SH evaluation would fail first due to
1235 : // the invalid push. Still, it doesn't hurt to test it explicitly.
1236 : static const unsigned char direct[] = { 1 };
1237 1 : BOOST_CHECK(!CScript(direct, direct+sizeof(direct)).IsPushOnly());
1238 1 : }
1239 :
1240 149 : BOOST_AUTO_TEST_CASE(script_GetScriptAsm)
1241 : {
1242 1 : BOOST_CHECK_EQUAL("OP_CHECKLOCKTIMEVERIFY", ScriptToAsmStr(CScript() << OP_NOP2, true));
1243 1 : BOOST_CHECK_EQUAL("OP_CHECKLOCKTIMEVERIFY", ScriptToAsmStr(CScript() << OP_CHECKLOCKTIMEVERIFY, true));
1244 1 : BOOST_CHECK_EQUAL("OP_CHECKLOCKTIMEVERIFY", ScriptToAsmStr(CScript() << OP_NOP2));
1245 1 : BOOST_CHECK_EQUAL("OP_CHECKLOCKTIMEVERIFY", ScriptToAsmStr(CScript() << OP_CHECKLOCKTIMEVERIFY));
1246 :
1247 1 : std::string derSig("304502207fa7a6d1e0ee81132a269ad84e68d695483745cde8b541e3bf630749894e342a022100c1f7ab20e13e22fb95281a870f3dcf38d782e53023ee313d741ad0cfbc0c5090");
1248 1 : std::string pubKey("03b0da749730dc9b4b1f4a14d6902877a92541f5368778853d9c4a0cb7802dcfb2");
1249 1 : std::vector<unsigned char> vchPubKey = ToByteVector(ParseHex(pubKey));
1250 :
1251 1 : BOOST_CHECK_EQUAL(derSig + "00 " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "00")) << vchPubKey, true));
1252 1 : BOOST_CHECK_EQUAL(derSig + "80 " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "80")) << vchPubKey, true));
1253 1 : BOOST_CHECK_EQUAL(derSig + "[ALL] " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "01")) << vchPubKey, true));
1254 1 : BOOST_CHECK_EQUAL(derSig + "[NONE] " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "02")) << vchPubKey, true));
1255 1 : BOOST_CHECK_EQUAL(derSig + "[SINGLE] " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "03")) << vchPubKey, true));
1256 1 : BOOST_CHECK_EQUAL(derSig + "[ALL|ANYONECANPAY] " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "81")) << vchPubKey, true));
1257 1 : BOOST_CHECK_EQUAL(derSig + "[NONE|ANYONECANPAY] " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "82")) << vchPubKey, true));
1258 1 : BOOST_CHECK_EQUAL(derSig + "[SINGLE|ANYONECANPAY] " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "83")) << vchPubKey, true));
1259 :
1260 1 : BOOST_CHECK_EQUAL(derSig + "00 " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "00")) << vchPubKey));
1261 1 : BOOST_CHECK_EQUAL(derSig + "80 " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "80")) << vchPubKey));
1262 1 : BOOST_CHECK_EQUAL(derSig + "01 " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "01")) << vchPubKey));
1263 1 : BOOST_CHECK_EQUAL(derSig + "02 " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "02")) << vchPubKey));
1264 1 : BOOST_CHECK_EQUAL(derSig + "03 " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "03")) << vchPubKey));
1265 1 : BOOST_CHECK_EQUAL(derSig + "81 " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "81")) << vchPubKey));
1266 1 : BOOST_CHECK_EQUAL(derSig + "82 " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "82")) << vchPubKey));
1267 1 : BOOST_CHECK_EQUAL(derSig + "83 " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "83")) << vchPubKey));
1268 1 : }
1269 :
1270 : static CScript
1271 26 : ScriptFromHex(const char* hex)
1272 : {
1273 26 : std::vector<unsigned char> data = ParseHex(hex);
1274 26 : return CScript(data.begin(), data.end());
1275 26 : }
1276 :
1277 :
1278 149 : BOOST_AUTO_TEST_CASE(script_FindAndDelete)
1279 : {
1280 : // Exercise the FindAndDelete functionality
1281 1 : CScript s;
1282 1 : CScript d;
1283 1 : CScript expect;
1284 :
1285 1 : s = CScript() << OP_1 << OP_2;
1286 1 : d = CScript(); // delete nothing should be a no-op
1287 1 : expect = s;
1288 1 : BOOST_CHECK_EQUAL(FindAndDelete(s, d), 0);
1289 1 : BOOST_CHECK(s == expect);
1290 :
1291 1 : s = CScript() << OP_1 << OP_2 << OP_3;
1292 1 : d = CScript() << OP_2;
1293 1 : expect = CScript() << OP_1 << OP_3;
1294 1 : BOOST_CHECK_EQUAL(FindAndDelete(s, d), 1);
1295 1 : BOOST_CHECK(s == expect);
1296 :
1297 1 : s = CScript() << OP_3 << OP_1 << OP_3 << OP_3 << OP_4 << OP_3;
1298 1 : d = CScript() << OP_3;
1299 1 : expect = CScript() << OP_1 << OP_4;
1300 1 : BOOST_CHECK_EQUAL(FindAndDelete(s, d), 4);
1301 1 : BOOST_CHECK(s == expect);
1302 :
1303 1 : s = ScriptFromHex("0302ff03"); // PUSH 0x02ff03 onto stack
1304 1 : d = ScriptFromHex("0302ff03");
1305 1 : expect = CScript();
1306 1 : BOOST_CHECK_EQUAL(FindAndDelete(s, d), 1);
1307 1 : BOOST_CHECK(s == expect);
1308 :
1309 1 : s = ScriptFromHex("0302ff030302ff03"); // PUSH 0x2ff03 PUSH 0x2ff03
1310 1 : d = ScriptFromHex("0302ff03");
1311 1 : expect = CScript();
1312 1 : BOOST_CHECK_EQUAL(FindAndDelete(s, d), 2);
1313 1 : BOOST_CHECK(s == expect);
1314 :
1315 1 : s = ScriptFromHex("0302ff030302ff03");
1316 1 : d = ScriptFromHex("02");
1317 1 : expect = s; // FindAndDelete matches entire opcodes
1318 1 : BOOST_CHECK_EQUAL(FindAndDelete(s, d), 0);
1319 1 : BOOST_CHECK(s == expect);
1320 :
1321 1 : s = ScriptFromHex("0302ff030302ff03");
1322 1 : d = ScriptFromHex("ff");
1323 1 : expect = s;
1324 1 : BOOST_CHECK_EQUAL(FindAndDelete(s, d), 0);
1325 1 : BOOST_CHECK(s == expect);
1326 :
1327 : // This is an odd edge case: strip of the push-three-bytes
1328 : // prefix, leaving 02ff03 which is push-two-bytes:
1329 1 : s = ScriptFromHex("0302ff030302ff03");
1330 1 : d = ScriptFromHex("03");
1331 1 : expect = CScript() << ParseHex("ff03") << ParseHex("ff03");
1332 1 : BOOST_CHECK_EQUAL(FindAndDelete(s, d), 2);
1333 1 : BOOST_CHECK(s == expect);
1334 :
1335 : // Byte sequence that spans multiple opcodes:
1336 1 : s = ScriptFromHex("02feed5169"); // PUSH(0xfeed) OP_1 OP_VERIFY
1337 1 : d = ScriptFromHex("feed51");
1338 1 : expect = s;
1339 1 : BOOST_CHECK_EQUAL(FindAndDelete(s, d), 0); // doesn't match 'inside' opcodes
1340 1 : BOOST_CHECK(s == expect);
1341 :
1342 1 : s = ScriptFromHex("02feed5169"); // PUSH(0xfeed) OP_1 OP_VERIFY
1343 1 : d = ScriptFromHex("02feed51");
1344 1 : expect = ScriptFromHex("69");
1345 1 : BOOST_CHECK_EQUAL(FindAndDelete(s, d), 1);
1346 1 : BOOST_CHECK(s == expect);
1347 :
1348 1 : s = ScriptFromHex("516902feed5169");
1349 1 : d = ScriptFromHex("feed51");
1350 1 : expect = s;
1351 1 : BOOST_CHECK_EQUAL(FindAndDelete(s, d), 0);
1352 1 : BOOST_CHECK(s == expect);
1353 :
1354 1 : s = ScriptFromHex("516902feed5169");
1355 1 : d = ScriptFromHex("02feed51");
1356 1 : expect = ScriptFromHex("516969");
1357 1 : BOOST_CHECK_EQUAL(FindAndDelete(s, d), 1);
1358 1 : BOOST_CHECK(s == expect);
1359 :
1360 1 : s = CScript() << OP_0 << OP_0 << OP_1 << OP_1;
1361 1 : d = CScript() << OP_0 << OP_1;
1362 1 : expect = CScript() << OP_0 << OP_1; // FindAndDelete is single-pass
1363 1 : BOOST_CHECK_EQUAL(FindAndDelete(s, d), 1);
1364 1 : BOOST_CHECK(s == expect);
1365 :
1366 1 : s = CScript() << OP_0 << OP_0 << OP_1 << OP_0 << OP_1 << OP_1;
1367 1 : d = CScript() << OP_0 << OP_1;
1368 1 : expect = CScript() << OP_0 << OP_1; // FindAndDelete is single-pass
1369 1 : BOOST_CHECK_EQUAL(FindAndDelete(s, d), 2);
1370 1 : BOOST_CHECK(s == expect);
1371 :
1372 : // Another weird edge case:
1373 : // End with invalid push (not enough data)...
1374 1 : s = ScriptFromHex("0003feed");
1375 1 : d = ScriptFromHex("03feed"); // ... can remove the invalid push
1376 1 : expect = ScriptFromHex("00");
1377 1 : BOOST_CHECK_EQUAL(FindAndDelete(s, d), 1);
1378 1 : BOOST_CHECK(s == expect);
1379 :
1380 1 : s = ScriptFromHex("0003feed");
1381 1 : d = ScriptFromHex("00");
1382 1 : expect = ScriptFromHex("03feed");
1383 1 : BOOST_CHECK_EQUAL(FindAndDelete(s, d), 1);
1384 1 : BOOST_CHECK(s == expect);
1385 1 : }
1386 :
1387 : #if defined(HAVE_CONSENSUS_LIB)
1388 :
1389 : /* Test simple (successful) usage of dashconsensus_verify_script */
1390 149 : BOOST_AUTO_TEST_CASE(dashconsensus_verify_script_returns_true)
1391 : {
1392 1 : unsigned int libconsensus_flags = 0;
1393 1 : int nIn = 0;
1394 :
1395 1 : CScript scriptPubKey;
1396 1 : CScript scriptSig;
1397 :
1398 1 : scriptPubKey << OP_1;
1399 1 : CTransaction creditTx{BuildCreditingTransaction(scriptPubKey)};
1400 1 : CTransaction spendTx{BuildSpendingTransaction(scriptSig, creditTx)};
1401 :
1402 1 : CDataStream stream(SER_NETWORK, PROTOCOL_VERSION);
1403 1 : stream << spendTx;
1404 :
1405 : dashconsensus_error err;
1406 1 : int result = dashconsensus_verify_script(scriptPubKey.data(), scriptPubKey.size(), UCharCast(stream.data()), stream.size(), nIn, libconsensus_flags, &err);
1407 1 : BOOST_CHECK_EQUAL(result, 1);
1408 1 : BOOST_CHECK_EQUAL(err, dashconsensus_ERR_OK);
1409 1 : }
1410 :
1411 : /* Test dashconsensus_verify_script returns invalid tx index err*/
1412 149 : BOOST_AUTO_TEST_CASE(dashconsensus_verify_script_tx_index_err)
1413 : {
1414 1 : unsigned int libconsensus_flags = 0;
1415 1 : int nIn = 3;
1416 :
1417 1 : CScript scriptPubKey;
1418 1 : CScript scriptSig;
1419 :
1420 1 : scriptPubKey << OP_EQUAL;
1421 1 : CTransaction creditTx{BuildCreditingTransaction(scriptPubKey)};
1422 1 : CTransaction spendTx{BuildSpendingTransaction(scriptSig, creditTx)};
1423 :
1424 1 : CDataStream stream(SER_NETWORK, PROTOCOL_VERSION);
1425 1 : stream << spendTx;
1426 :
1427 : dashconsensus_error err;
1428 1 : int result = dashconsensus_verify_script(scriptPubKey.data(), scriptPubKey.size(), UCharCast(stream.data()), stream.size(), nIn, libconsensus_flags, &err);
1429 1 : BOOST_CHECK_EQUAL(result, 0);
1430 1 : BOOST_CHECK_EQUAL(err, dashconsensus_ERR_TX_INDEX);
1431 1 : }
1432 :
1433 : /* Test dashconsensus_verify_script returns tx size mismatch err*/
1434 149 : BOOST_AUTO_TEST_CASE(dashconsensus_verify_script_tx_size)
1435 : {
1436 1 : unsigned int libconsensus_flags = 0;
1437 1 : int nIn = 0;
1438 :
1439 1 : CScript scriptPubKey;
1440 1 : CScript scriptSig;
1441 :
1442 1 : scriptPubKey << OP_EQUAL;
1443 1 : CTransaction creditTx{BuildCreditingTransaction(scriptPubKey)};
1444 1 : CTransaction spendTx{BuildSpendingTransaction(scriptSig, creditTx)};
1445 :
1446 1 : CDataStream stream(SER_NETWORK, PROTOCOL_VERSION);
1447 1 : stream << spendTx;
1448 :
1449 : dashconsensus_error err;
1450 1 : int result = dashconsensus_verify_script(scriptPubKey.data(), scriptPubKey.size(), UCharCast(stream.data()), stream.size() * 2, nIn, libconsensus_flags, &err);
1451 1 : BOOST_CHECK_EQUAL(result, 0);
1452 1 : BOOST_CHECK_EQUAL(err, dashconsensus_ERR_TX_SIZE_MISMATCH);
1453 1 : }
1454 :
1455 : /* Test dashconsensus_verify_script returns invalid tx serialization error */
1456 149 : BOOST_AUTO_TEST_CASE(dashconsensus_verify_script_tx_serialization)
1457 : {
1458 1 : unsigned int libconsensus_flags = 0;
1459 1 : int nIn = 0;
1460 :
1461 1 : CScript scriptPubKey;
1462 1 : CScript scriptSig;
1463 :
1464 1 : scriptPubKey << OP_EQUAL;
1465 1 : CTransaction creditTx{BuildCreditingTransaction(scriptPubKey)};
1466 1 : CTransaction spendTx{BuildSpendingTransaction(scriptSig, creditTx)};
1467 :
1468 1 : CDataStream stream(SER_NETWORK, PROTOCOL_VERSION);
1469 1 : stream << 0xffffffff;
1470 :
1471 : dashconsensus_error err;
1472 1 : int result = dashconsensus_verify_script(scriptPubKey.data(), scriptPubKey.size(), UCharCast(stream.data()), stream.size(), nIn, libconsensus_flags, &err);
1473 1 : BOOST_CHECK_EQUAL(result, 0);
1474 1 : BOOST_CHECK_EQUAL(err, dashconsensus_ERR_TX_DESERIALIZE);
1475 1 : }
1476 :
1477 : /* Test dashconsensus_verify_script returns invalid flags err */
1478 149 : BOOST_AUTO_TEST_CASE(dashconsensus_verify_script_invalid_flags)
1479 : {
1480 1 : unsigned int libconsensus_flags = 1 << 3;
1481 1 : int nIn = 0;
1482 :
1483 1 : CScript scriptPubKey;
1484 1 : CScript scriptSig;
1485 :
1486 1 : scriptPubKey << OP_EQUAL;
1487 1 : CTransaction creditTx{BuildCreditingTransaction(scriptPubKey)};
1488 1 : CTransaction spendTx{BuildSpendingTransaction(scriptSig, creditTx)};
1489 :
1490 1 : CDataStream stream(SER_NETWORK, PROTOCOL_VERSION);
1491 1 : stream << spendTx;
1492 :
1493 : dashconsensus_error err;
1494 1 : int result = dashconsensus_verify_script(scriptPubKey.data(), scriptPubKey.size(), UCharCast(stream.data()), stream.size(), nIn, libconsensus_flags, &err);
1495 1 : BOOST_CHECK_EQUAL(result, 0);
1496 1 : BOOST_CHECK_EQUAL(err, dashconsensus_ERR_INVALID_FLAGS);
1497 1 : }
1498 :
1499 : #endif
1500 146 : BOOST_AUTO_TEST_SUITE_END()
|
