search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
scripted-diff: Use the C++11 keyword nullptr to denote the pointer literal instead...
[bitcoinplatinum.git] / src / test / script_tests.cpp
blob06b8274f2d67b8e51f4db921c0000e98239c99b8
1 // Copyright (c) 2011-2016 The Bitcoin Core developers
2 // Distributed under the MIT software license, see the accompanying
3 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
4
5 #include "data/script_tests.json.h"
6
7 #include "core_io.h"
8 #include "key.h"
9 #include "keystore.h"
10 #include "script/script.h"
11 #include "script/script_error.h"
12 #include "script/sign.h"
13 #include "util.h"
14 #include "utilstrencodings.h"
15 #include "test/test_bitcoin.h"
16 #include "rpc/server.h"
17
18 #if defined(HAVE_CONSENSUS_LIB)
19 #include "script/bitcoinconsensus.h"
20 #endif
21
22 #include <fstream>
23 #include <stdint.h>
24 #include <string>
25 #include <vector>
26
27 #include <boost/test/unit_test.hpp>
28
29 #include <univalue.h>
30
31 // Uncomment if you want to output updated JSON tests.
32 // #define UPDATE_JSON_TESTS
33
34 static const unsigned int gFlags = SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_STRICTENC;
35
36 unsigned int ParseScriptFlags(std::string strFlags);
37 std::string FormatScriptFlags(unsigned int flags);
38
39 UniValue
40 read_json(const std::string& jsondata)
41 {
42 UniValue v;
43
44 if (!v.read(jsondata) || !v.isArray())
45 {
46 BOOST_ERROR("Parse error.");
47 return UniValue(UniValue::VARR);
48 }
49 return v.get_array();
50 }
51
52 struct ScriptErrorDesc
53 {
54 ScriptError_t err;
55 const char *name;
56 };
57
58 static ScriptErrorDesc script_errors[]={
59 {SCRIPT_ERR_OK, "OK"},
60 {SCRIPT_ERR_UNKNOWN_ERROR, "UNKNOWN_ERROR"},
61 {SCRIPT_ERR_EVAL_FALSE, "EVAL_FALSE"},
62 {SCRIPT_ERR_OP_RETURN, "OP_RETURN"},
63 {SCRIPT_ERR_SCRIPT_SIZE, "SCRIPT_SIZE"},
64 {SCRIPT_ERR_PUSH_SIZE, "PUSH_SIZE"},
65 {SCRIPT_ERR_OP_COUNT, "OP_COUNT"},
66 {SCRIPT_ERR_STACK_SIZE, "STACK_SIZE"},
67 {SCRIPT_ERR_SIG_COUNT, "SIG_COUNT"},
68 {SCRIPT_ERR_PUBKEY_COUNT, "PUBKEY_COUNT"},
69 {SCRIPT_ERR_VERIFY, "VERIFY"},
70 {SCRIPT_ERR_EQUALVERIFY, "EQUALVERIFY"},
71 {SCRIPT_ERR_CHECKMULTISIGVERIFY, "CHECKMULTISIGVERIFY"},
72 {SCRIPT_ERR_CHECKSIGVERIFY, "CHECKSIGVERIFY"},
73 {SCRIPT_ERR_NUMEQUALVERIFY, "NUMEQUALVERIFY"},
74 {SCRIPT_ERR_BAD_OPCODE, "BAD_OPCODE"},
75 {SCRIPT_ERR_DISABLED_OPCODE, "DISABLED_OPCODE"},
76 {SCRIPT_ERR_INVALID_STACK_OPERATION, "INVALID_STACK_OPERATION"},
77 {SCRIPT_ERR_INVALID_ALTSTACK_OPERATION, "INVALID_ALTSTACK_OPERATION"},
78 {SCRIPT_ERR_UNBALANCED_CONDITIONAL, "UNBALANCED_CONDITIONAL"},
79 {SCRIPT_ERR_NEGATIVE_LOCKTIME, "NEGATIVE_LOCKTIME"},
80 {SCRIPT_ERR_UNSATISFIED_LOCKTIME, "UNSATISFIED_LOCKTIME"},
81 {SCRIPT_ERR_SIG_HASHTYPE, "SIG_HASHTYPE"},
82 {SCRIPT_ERR_SIG_DER, "SIG_DER"},
83 {SCRIPT_ERR_MINIMALDATA, "MINIMALDATA"},
84 {SCRIPT_ERR_SIG_PUSHONLY, "SIG_PUSHONLY"},
85 {SCRIPT_ERR_SIG_HIGH_S, "SIG_HIGH_S"},
86 {SCRIPT_ERR_SIG_NULLDUMMY, "SIG_NULLDUMMY"},
87 {SCRIPT_ERR_PUBKEYTYPE, "PUBKEYTYPE"},
88 {SCRIPT_ERR_CLEANSTACK, "CLEANSTACK"},
89 {SCRIPT_ERR_MINIMALIF, "MINIMALIF"},
90 {SCRIPT_ERR_SIG_NULLFAIL, "NULLFAIL"},
91 {SCRIPT_ERR_DISCOURAGE_UPGRADABLE_NOPS, "DISCOURAGE_UPGRADABLE_NOPS"},
92 {SCRIPT_ERR_DISCOURAGE_UPGRADABLE_WITNESS_PROGRAM, "DISCOURAGE_UPGRADABLE_WITNESS_PROGRAM"},
93 {SCRIPT_ERR_WITNESS_PROGRAM_WRONG_LENGTH, "WITNESS_PROGRAM_WRONG_LENGTH"},
94 {SCRIPT_ERR_WITNESS_PROGRAM_WITNESS_EMPTY, "WITNESS_PROGRAM_WITNESS_EMPTY"},
95 {SCRIPT_ERR_WITNESS_PROGRAM_MISMATCH, "WITNESS_PROGRAM_MISMATCH"},
96 {SCRIPT_ERR_WITNESS_MALLEATED, "WITNESS_MALLEATED"},
97 {SCRIPT_ERR_WITNESS_MALLEATED_P2SH, "WITNESS_MALLEATED_P2SH"},
98 {SCRIPT_ERR_WITNESS_UNEXPECTED, "WITNESS_UNEXPECTED"},
99 {SCRIPT_ERR_WITNESS_PUBKEYTYPE, "WITNESS_PUBKEYTYPE"},
100 };
101
102 const char *FormatScriptError(ScriptError_t err)
103 {
104 for (unsigned int i=0; i<ARRAYLEN(script_errors); ++i)
105 if (script_errors[i].err == err)
106 return script_errors[i].name;
107 BOOST_ERROR("Unknown scripterror enumeration value, update script_errors in script_tests.cpp.");
108 return "";
109 }
110
111 ScriptError_t ParseScriptError(const std::string &name)
112 {
113 for (unsigned int i=0; i<ARRAYLEN(script_errors); ++i)
114 if (script_errors[i].name == name)
115 return script_errors[i].err;
116 BOOST_ERROR("Unknown scripterror \"" << name << "\" in test description");
117 return SCRIPT_ERR_UNKNOWN_ERROR;
118 }
119
120 BOOST_FIXTURE_TEST_SUITE(script_tests, BasicTestingSetup)
121
122 CMutableTransaction BuildCreditingTransaction(const CScript& scriptPubKey, int nValue = 0)
123 {
124 CMutableTransaction txCredit;
125 txCredit.nVersion = 1;
126 txCredit.nLockTime = 0;
127 txCredit.vin.resize(1);
128 txCredit.vout.resize(1);
129 txCredit.vin[0].prevout.SetNull();
130 txCredit.vin[0].scriptSig = CScript() << CScriptNum(0) << CScriptNum(0);
131 txCredit.vin[0].nSequence = CTxIn::SEQUENCE_FINAL;
132 txCredit.vout[0].scriptPubKey = scriptPubKey;
133 txCredit.vout[0].nValue = nValue;
134
135 return txCredit;
136 }
137
138 CMutableTransaction BuildSpendingTransaction(const CScript& scriptSig, const CScriptWitness& scriptWitness, const CMutableTransaction& txCredit)
139 {
140 CMutableTransaction txSpend;
141 txSpend.nVersion = 1;
142 txSpend.nLockTime = 0;
143 txSpend.vin.resize(1);
144 txSpend.vout.resize(1);
145 txSpend.vin[0].scriptWitness = scriptWitness;
146 txSpend.vin[0].prevout.hash = txCredit.GetHash();
147 txSpend.vin[0].prevout.n = 0;
148 txSpend.vin[0].scriptSig = scriptSig;
149 txSpend.vin[0].nSequence = CTxIn::SEQUENCE_FINAL;
150 txSpend.vout[0].scriptPubKey = CScript();
151 txSpend.vout[0].nValue = txCredit.vout[0].nValue;
152
153 return txSpend;
154 }
155
156 void DoTest(const CScript& scriptPubKey, const CScript& scriptSig, const CScriptWitness& scriptWitness, int flags, const std::string& message, int scriptError, CAmount nValue = 0)
157 {
158 bool expect = (scriptError == SCRIPT_ERR_OK);
159 if (flags & SCRIPT_VERIFY_CLEANSTACK) {
160 flags |= SCRIPT_VERIFY_P2SH;
161 flags |= SCRIPT_VERIFY_WITNESS;
162 }
163 ScriptError err;
164 CMutableTransaction txCredit = BuildCreditingTransaction(scriptPubKey, nValue);
165 CMutableTransaction tx = BuildSpendingTransaction(scriptSig, scriptWitness, txCredit);
166 CMutableTransaction tx2 = tx;
167 BOOST_CHECK_MESSAGE(VerifyScript(scriptSig, scriptPubKey, &scriptWitness, flags, MutableTransactionSignatureChecker(&tx, 0, txCredit.vout[0].nValue), &err) == expect, message);
168 BOOST_CHECK_MESSAGE(err == scriptError, std::string(FormatScriptError(err)) + " where " + std::string(FormatScriptError((ScriptError_t)scriptError)) + " expected: " + message);
169 #if defined(HAVE_CONSENSUS_LIB)
170 CDataStream stream(SER_NETWORK, PROTOCOL_VERSION);
171 stream << tx2;
172 int libconsensus_flags = flags & bitcoinconsensus_SCRIPT_FLAGS_VERIFY_ALL;
173 if (libconsensus_flags == flags) {
174 if (flags & bitcoinconsensus_SCRIPT_FLAGS_VERIFY_WITNESS) {
175 BOOST_CHECK_MESSAGE(bitcoinconsensus_verify_script_with_amount(scriptPubKey.data(), scriptPubKey.size(), txCredit.vout[0].nValue, (const unsigned char*)&stream[0], stream.size(), 0, libconsensus_flags, nullptr) == expect, message);
176 } else {
177 BOOST_CHECK_MESSAGE(bitcoinconsensus_verify_script_with_amount(scriptPubKey.data(), scriptPubKey.size(), 0, (const unsigned char*)&stream[0], stream.size(), 0, libconsensus_flags, nullptr) == expect, message);
178 BOOST_CHECK_MESSAGE(bitcoinconsensus_verify_script(scriptPubKey.data(), scriptPubKey.size(), (const unsigned char*)&stream[0], stream.size(), 0, libconsensus_flags, nullptr) == expect,message);
179 }
180 }
181 #endif
182 }
183
184 void static NegateSignatureS(std::vector<unsigned char>& vchSig) {
185 // Parse the signature.
186 std::vector<unsigned char> r, s;
187 r = std::vector<unsigned char>(vchSig.begin() + 4, vchSig.begin() + 4 + vchSig[3]);
188 s = std::vector<unsigned char>(vchSig.begin() + 6 + vchSig[3], vchSig.begin() + 6 + vchSig[3] + vchSig[5 + vchSig[3]]);
189
190 // Really ugly to implement mod-n negation here, but it would be feature creep to expose such functionality from libsecp256k1.
191 static const unsigned char order[33] = {
192 0x00,
193 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
194 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE,
195 0xBA, 0xAE, 0xDC, 0xE6, 0xAF, 0x48, 0xA0, 0x3B,
196 0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41, 0x41
197 };
198 while (s.size() < 33) {
199 s.insert(s.begin(), 0x00);
200 }
201 int carry = 0;
202 for (int p = 32; p >= 1; p--) {
203 int n = (int)order[p] - s[p] - carry;
204 s[p] = (n + 256) & 0xFF;
205 carry = (n < 0);
206 }
207 assert(carry == 0);
208 if (s.size() > 1 && s[0] == 0 && s[1] < 0x80) {
209 s.erase(s.begin());
210 }
211
212 // Reconstruct the signature.
213 vchSig.clear();
214 vchSig.push_back(0x30);
215 vchSig.push_back(4 + r.size() + s.size());
216 vchSig.push_back(0x02);
217 vchSig.push_back(r.size());
218 vchSig.insert(vchSig.end(), r.begin(), r.end());
219 vchSig.push_back(0x02);
220 vchSig.push_back(s.size());
221 vchSig.insert(vchSig.end(), s.begin(), s.end());
222 }
223
224 namespace
225 {
226 const unsigned char vchKey0[32] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1};
227 const unsigned char vchKey1[32] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0};
228 const unsigned char vchKey2[32] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0};
229
230 struct KeyData
231 {
232 CKey key0, key0C, key1, key1C, key2, key2C;
233 CPubKey pubkey0, pubkey0C, pubkey0H;
234 CPubKey pubkey1, pubkey1C;
235 CPubKey pubkey2, pubkey2C;
236
237 KeyData()
238 {
239
240 key0.Set(vchKey0, vchKey0 + 32, false);
241 key0C.Set(vchKey0, vchKey0 + 32, true);
242 pubkey0 = key0.GetPubKey();
243 pubkey0H = key0.GetPubKey();
244 pubkey0C = key0C.GetPubKey();
245 *const_cast<unsigned char*>(&pubkey0H[0]) = 0x06 | (pubkey0H[64] & 1);
246
247 key1.Set(vchKey1, vchKey1 + 32, false);
248 key1C.Set(vchKey1, vchKey1 + 32, true);
249 pubkey1 = key1.GetPubKey();
250 pubkey1C = key1C.GetPubKey();
251
252 key2.Set(vchKey2, vchKey2 + 32, false);
253 key2C.Set(vchKey2, vchKey2 + 32, true);
254 pubkey2 = key2.GetPubKey();
255 pubkey2C = key2C.GetPubKey();
256 }
257 };
258
259 enum WitnessMode {
260 WITNESS_NONE,
261 WITNESS_PKH,
262 WITNESS_SH
263 };
264
265 class TestBuilder
266 {
267 private:
268 //! Actually executed script
269 CScript script;
270 //! The P2SH redeemscript
271 CScript redeemscript;
272 //! The Witness embedded script
273 CScript witscript;
274 CScriptWitness scriptWitness;
275 CTransactionRef creditTx;
276 CMutableTransaction spendTx;
277 bool havePush;
278 std::vector<unsigned char> push;
279 std::string comment;
280 int flags;
281 int scriptError;
282 CAmount nValue;
283
284 void DoPush()
285 {
286 if (havePush) {
287 spendTx.vin[0].scriptSig << push;
288 havePush = false;
289 }
290 }
291
292 void DoPush(const std::vector<unsigned char>& data)
293 {
294 DoPush();
295 push = data;
296 havePush = true;
297 }
298
299 public:
300 TestBuilder(const CScript& script_, const std::string& comment_, int flags_, bool P2SH = false, WitnessMode wm = WITNESS_NONE, int witnessversion = 0, CAmount nValue_ = 0) : script(script_), havePush(false), comment(comment_), flags(flags_), scriptError(SCRIPT_ERR_OK), nValue(nValue_)
301 {
302 CScript scriptPubKey = script;
303 if (wm == WITNESS_PKH) {
304 uint160 hash;
305 CHash160().Write(&script[1], script.size() - 1).Finalize(hash.begin());
306 script = CScript() << OP_DUP << OP_HASH160 << ToByteVector(hash) << OP_EQUALVERIFY << OP_CHECKSIG;
307 scriptPubKey = CScript() << witnessversion << ToByteVector(hash);
308 } else if (wm == WITNESS_SH) {
309 witscript = scriptPubKey;
310 uint256 hash;
311 CSHA256().Write(&witscript[0], witscript.size()).Finalize(hash.begin());
312 scriptPubKey = CScript() << witnessversion << ToByteVector(hash);
313 }
314 if (P2SH) {
315 redeemscript = scriptPubKey;
316 scriptPubKey = CScript() << OP_HASH160 << ToByteVector(CScriptID(redeemscript)) << OP_EQUAL;
317 }
318 creditTx = MakeTransactionRef(BuildCreditingTransaction(scriptPubKey, nValue));
319 spendTx = BuildSpendingTransaction(CScript(), CScriptWitness(), *creditTx);
320 }
321
322 TestBuilder& ScriptError(ScriptError_t err)
323 {
324 scriptError = err;
325 return *this;
326 }
327
328 TestBuilder& Add(const CScript& _script)
329 {
330 DoPush();
331 spendTx.vin[0].scriptSig += _script;
332 return *this;
333 }
334
335 TestBuilder& Num(int num)
336 {
337 DoPush();
338 spendTx.vin[0].scriptSig << num;
339 return *this;
340 }
341
342 TestBuilder& Push(const std::string& hex)
343 {
344 DoPush(ParseHex(hex));
345 return *this;
346 }
347
348 TestBuilder& Push(const CScript& _script) {
349 DoPush(std::vector<unsigned char>(_script.begin(), _script.end()));
350 return *this;
351 }
352
353 TestBuilder& PushSig(const CKey& key, int nHashType = SIGHASH_ALL, unsigned int lenR = 32, unsigned int lenS = 32, SigVersion sigversion = SIGVERSION_BASE, CAmount amount = 0)
354 {
355 uint256 hash = SignatureHash(script, spendTx, 0, nHashType, amount, sigversion);
356 std::vector<unsigned char> vchSig, r, s;
357 uint32_t iter = 0;
358 do {
359 key.Sign(hash, vchSig, iter++);
360 if ((lenS == 33) != (vchSig[5 + vchSig[3]] == 33)) {
361 NegateSignatureS(vchSig);
362 }
363 r = std::vector<unsigned char>(vchSig.begin() + 4, vchSig.begin() + 4 + vchSig[3]);
364 s = std::vector<unsigned char>(vchSig.begin() + 6 + vchSig[3], vchSig.begin() + 6 + vchSig[3] + vchSig[5 + vchSig[3]]);
365 } while (lenR != r.size() || lenS != s.size());
366 vchSig.push_back(static_cast<unsigned char>(nHashType));
367 DoPush(vchSig);
368 return *this;
369 }
370
371 TestBuilder& PushWitSig(const CKey& key, CAmount amount = -1, int nHashType = SIGHASH_ALL, unsigned int lenR = 32, unsigned int lenS = 32, SigVersion sigversion = SIGVERSION_WITNESS_V0)
372 {
373 if (amount == -1)
374 amount = nValue;
375 return PushSig(key, nHashType, lenR, lenS, sigversion, amount).AsWit();
376 }
377
378 TestBuilder& Push(const CPubKey& pubkey)
379 {
380 DoPush(std::vector<unsigned char>(pubkey.begin(), pubkey.end()));
381 return *this;
382 }
383
384 TestBuilder& PushRedeem()
385 {
386 DoPush(std::vector<unsigned char>(redeemscript.begin(), redeemscript.end()));
387 return *this;
388 }
389
390 TestBuilder& PushWitRedeem()
391 {
392 DoPush(std::vector<unsigned char>(witscript.begin(), witscript.end()));
393 return AsWit();
394 }
395
396 TestBuilder& EditPush(unsigned int pos, const std::string& hexin, const std::string& hexout)
397 {
398 assert(havePush);
399 std::vector<unsigned char> datain = ParseHex(hexin);
400 std::vector<unsigned char> dataout = ParseHex(hexout);
401 assert(pos + datain.size() <= push.size());
402 BOOST_CHECK_MESSAGE(std::vector<unsigned char>(push.begin() + pos, push.begin() + pos + datain.size()) == datain, comment);
403 push.erase(push.begin() + pos, push.begin() + pos + datain.size());
404 push.insert(push.begin() + pos, dataout.begin(), dataout.end());
405 return *this;
406 }
407
408 TestBuilder& DamagePush(unsigned int pos)
409 {
410 assert(havePush);
411 assert(pos < push.size());
412 push[pos] ^= 1;
413 return *this;
414 }
415
416 TestBuilder& Test()
417 {
418 TestBuilder copy = *this; // Make a copy so we can rollback the push.
419 DoPush();
420 DoTest(creditTx->vout[0].scriptPubKey, spendTx.vin[0].scriptSig, scriptWitness, flags, comment, scriptError, nValue);
421 *this = copy;
422 return *this;
423 }
424
425 TestBuilder& AsWit()
426 {
427 assert(havePush);
428 scriptWitness.stack.push_back(push);
429 havePush = false;
430 return *this;
431 }
432
433 UniValue GetJSON()
434 {
435 DoPush();
436 UniValue array(UniValue::VARR);
437 if (!scriptWitness.stack.empty()) {
438 UniValue wit(UniValue::VARR);
439 for (unsigned i = 0; i < scriptWitness.stack.size(); i++) {
440 wit.push_back(HexStr(scriptWitness.stack[i]));
441 }
442 wit.push_back(ValueFromAmount(nValue));
443 array.push_back(wit);
444 }
445 array.push_back(FormatScript(spendTx.vin[0].scriptSig));
446 array.push_back(FormatScript(creditTx->vout[0].scriptPubKey));
447 array.push_back(FormatScriptFlags(flags));
448 array.push_back(FormatScriptError((ScriptError_t)scriptError));
449 array.push_back(comment);
450 return array;
451 }
452
453 std::string GetComment()
454 {
455 return comment;
456 }
457 };
458
459 std::string JSONPrettyPrint(const UniValue& univalue)
460 {
461 std::string ret = univalue.write(4);
462 // Workaround for libunivalue pretty printer, which puts a space between commas and newlines
463 size_t pos = 0;
464 while ((pos = ret.find(" \n", pos)) != std::string::npos) {
465 ret.replace(pos, 2, "\n");
466 pos++;
467 }
468 return ret;
469 }
470 } // namespace
471
472 BOOST_AUTO_TEST_CASE(script_build)
473 {
474 const KeyData keys;
475
476 std::vector<TestBuilder> tests;
477
478 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
479 "P2PK", 0
480 ).PushSig(keys.key0));
481 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
482 "P2PK, bad sig", 0
483 ).PushSig(keys.key0).DamagePush(10).ScriptError(SCRIPT_ERR_EVAL_FALSE));
484
485 tests.push_back(TestBuilder(CScript() << OP_DUP << OP_HASH160 << ToByteVector(keys.pubkey1C.GetID()) << OP_EQUALVERIFY << OP_CHECKSIG,
486 "P2PKH", 0
487 ).PushSig(keys.key1).Push(keys.pubkey1C));
488 tests.push_back(TestBuilder(CScript() << OP_DUP << OP_HASH160 << ToByteVector(keys.pubkey2C.GetID()) << OP_EQUALVERIFY << OP_CHECKSIG,
489 "P2PKH, bad pubkey", 0
490 ).PushSig(keys.key2).Push(keys.pubkey2C).DamagePush(5).ScriptError(SCRIPT_ERR_EQUALVERIFY));
491
492 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG,
493 "P2PK anyonecanpay", 0
494 ).PushSig(keys.key1, SIGHASH_ALL | SIGHASH_ANYONECANPAY));
495 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG,
496 "P2PK anyonecanpay marked with normal hashtype", 0
497 ).PushSig(keys.key1, SIGHASH_ALL | SIGHASH_ANYONECANPAY).EditPush(70, "81", "01").ScriptError(SCRIPT_ERR_EVAL_FALSE));
498
499 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0C) << OP_CHECKSIG,
500 "P2SH(P2PK)", SCRIPT_VERIFY_P2SH, true
501 ).PushSig(keys.key0).PushRedeem());
502 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0C) << OP_CHECKSIG,
503 "P2SH(P2PK), bad redeemscript", SCRIPT_VERIFY_P2SH, true
504 ).PushSig(keys.key0).PushRedeem().DamagePush(10).ScriptError(SCRIPT_ERR_EVAL_FALSE));
505
506 tests.push_back(TestBuilder(CScript() << OP_DUP << OP_HASH160 << ToByteVector(keys.pubkey0.GetID()) << OP_EQUALVERIFY << OP_CHECKSIG,
507 "P2SH(P2PKH)", SCRIPT_VERIFY_P2SH, true
508 ).PushSig(keys.key0).Push(keys.pubkey0).PushRedeem());
509 tests.push_back(TestBuilder(CScript() << OP_DUP << OP_HASH160 << ToByteVector(keys.pubkey1.GetID()) << OP_EQUALVERIFY << OP_CHECKSIG,
510 "P2SH(P2PKH), bad sig but no VERIFY_P2SH", 0, true
511 ).PushSig(keys.key0).DamagePush(10).PushRedeem());
512 tests.push_back(TestBuilder(CScript() << OP_DUP << OP_HASH160 << ToByteVector(keys.pubkey1.GetID()) << OP_EQUALVERIFY << OP_CHECKSIG,
513 "P2SH(P2PKH), bad sig", SCRIPT_VERIFY_P2SH, true
514 ).PushSig(keys.key0).DamagePush(10).PushRedeem().ScriptError(SCRIPT_ERR_EQUALVERIFY));
515
516 tests.push_back(TestBuilder(CScript() << OP_3 << ToByteVector(keys.pubkey0C) << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_3 << OP_CHECKMULTISIG,
517 "3-of-3", 0
518 ).Num(0).PushSig(keys.key0).PushSig(keys.key1).PushSig(keys.key2));
519 tests.push_back(TestBuilder(CScript() << OP_3 << ToByteVector(keys.pubkey0C) << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_3 << OP_CHECKMULTISIG,
520 "3-of-3, 2 sigs", 0
521 ).Num(0).PushSig(keys.key0).PushSig(keys.key1).Num(0).ScriptError(SCRIPT_ERR_EVAL_FALSE));
522
523 tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey0C) << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_3 << OP_CHECKMULTISIG,
524 "P2SH(2-of-3)", SCRIPT_VERIFY_P2SH, true
525 ).Num(0).PushSig(keys.key1).PushSig(keys.key2).PushRedeem());
526 tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey0C) << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_3 << OP_CHECKMULTISIG,
527 "P2SH(2-of-3), 1 sig", SCRIPT_VERIFY_P2SH, true
528 ).Num(0).PushSig(keys.key1).Num(0).PushRedeem().ScriptError(SCRIPT_ERR_EVAL_FALSE));
529
530 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
531 "P2PK with too much R padding but no DERSIG", 0
532 ).PushSig(keys.key1, SIGHASH_ALL, 31, 32).EditPush(1, "43021F", "44022000"));
533 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
534 "P2PK with too much R padding", SCRIPT_VERIFY_DERSIG
535 ).PushSig(keys.key1, SIGHASH_ALL, 31, 32).EditPush(1, "43021F", "44022000").ScriptError(SCRIPT_ERR_SIG_DER));
536 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
537 "P2PK with too much S padding but no DERSIG", 0
538 ).PushSig(keys.key1, SIGHASH_ALL).EditPush(1, "44", "45").EditPush(37, "20", "2100"));
539 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
540 "P2PK with too much S padding", SCRIPT_VERIFY_DERSIG
541 ).PushSig(keys.key1, SIGHASH_ALL).EditPush(1, "44", "45").EditPush(37, "20", "2100").ScriptError(SCRIPT_ERR_SIG_DER));
542 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
543 "P2PK with too little R padding but no DERSIG", 0
544 ).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220"));
545 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
546 "P2PK with too little R padding", SCRIPT_VERIFY_DERSIG
547 ).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").ScriptError(SCRIPT_ERR_SIG_DER));
548 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG << OP_NOT,
549 "P2PK NOT with bad sig with too much R padding but no DERSIG", 0
550 ).PushSig(keys.key2, SIGHASH_ALL, 31, 32).EditPush(1, "43021F", "44022000").DamagePush(10));
551 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG << OP_NOT,
552 "P2PK NOT with bad sig with too much R padding", SCRIPT_VERIFY_DERSIG
553 ).PushSig(keys.key2, SIGHASH_ALL, 31, 32).EditPush(1, "43021F", "44022000").DamagePush(10).ScriptError(SCRIPT_ERR_SIG_DER));
554 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG << OP_NOT,
555 "P2PK NOT with too much R padding but no DERSIG", 0
556 ).PushSig(keys.key2, SIGHASH_ALL, 31, 32).EditPush(1, "43021F", "44022000").ScriptError(SCRIPT_ERR_EVAL_FALSE));
557 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG << OP_NOT,
558 "P2PK NOT with too much R padding", SCRIPT_VERIFY_DERSIG
559 ).PushSig(keys.key2, SIGHASH_ALL, 31, 32).EditPush(1, "43021F", "44022000").ScriptError(SCRIPT_ERR_SIG_DER));
560
561 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
562 "BIP66 example 1, without DERSIG", 0
563 ).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220"));
564 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
565 "BIP66 example 1, with DERSIG", SCRIPT_VERIFY_DERSIG
566 ).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").ScriptError(SCRIPT_ERR_SIG_DER));
567 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG << OP_NOT,
568 "BIP66 example 2, without DERSIG", 0
569 ).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").ScriptError(SCRIPT_ERR_EVAL_FALSE));
570 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG << OP_NOT,
571 "BIP66 example 2, with DERSIG", SCRIPT_VERIFY_DERSIG
572 ).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").ScriptError(SCRIPT_ERR_SIG_DER));
573 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
574 "BIP66 example 3, without DERSIG", 0
575 ).Num(0).ScriptError(SCRIPT_ERR_EVAL_FALSE));
576 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
577 "BIP66 example 3, with DERSIG", SCRIPT_VERIFY_DERSIG
578 ).Num(0).ScriptError(SCRIPT_ERR_EVAL_FALSE));
579 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG << OP_NOT,
580 "BIP66 example 4, without DERSIG", 0
581 ).Num(0));
582 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG << OP_NOT,
583 "BIP66 example 4, with DERSIG", SCRIPT_VERIFY_DERSIG
584 ).Num(0));
585 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
586 "BIP66 example 5, without DERSIG", 0
587 ).Num(1).ScriptError(SCRIPT_ERR_EVAL_FALSE));
588 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
589 "BIP66 example 5, with DERSIG", SCRIPT_VERIFY_DERSIG
590 ).Num(1).ScriptError(SCRIPT_ERR_SIG_DER));
591 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG << OP_NOT,
592 "BIP66 example 6, without DERSIG", 0
593 ).Num(1));
594 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG << OP_NOT,
595 "BIP66 example 6, with DERSIG", SCRIPT_VERIFY_DERSIG
596 ).Num(1).ScriptError(SCRIPT_ERR_SIG_DER));
597 tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG,
598 "BIP66 example 7, without DERSIG", 0
599 ).Num(0).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").PushSig(keys.key2));
600 tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG,
601 "BIP66 example 7, with DERSIG", SCRIPT_VERIFY_DERSIG
602 ).Num(0).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").PushSig(keys.key2).ScriptError(SCRIPT_ERR_SIG_DER));
603 tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG << OP_NOT,
604 "BIP66 example 8, without DERSIG", 0
605 ).Num(0).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").PushSig(keys.key2).ScriptError(SCRIPT_ERR_EVAL_FALSE));
606 tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG << OP_NOT,
607 "BIP66 example 8, with DERSIG", SCRIPT_VERIFY_DERSIG
608 ).Num(0).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").PushSig(keys.key2).ScriptError(SCRIPT_ERR_SIG_DER));
609 tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG,
610 "BIP66 example 9, without DERSIG", 0
611 ).Num(0).Num(0).PushSig(keys.key2, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").ScriptError(SCRIPT_ERR_EVAL_FALSE));
612 tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG,
613 "BIP66 example 9, with DERSIG", SCRIPT_VERIFY_DERSIG
614 ).Num(0).Num(0).PushSig(keys.key2, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").ScriptError(SCRIPT_ERR_SIG_DER));
615 tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG << OP_NOT,
616 "BIP66 example 10, without DERSIG", 0
617 ).Num(0).Num(0).PushSig(keys.key2, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220"));
618 tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG << OP_NOT,
619 "BIP66 example 10, with DERSIG", SCRIPT_VERIFY_DERSIG
620 ).Num(0).Num(0).PushSig(keys.key2, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").ScriptError(SCRIPT_ERR_SIG_DER));
621 tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG,
622 "BIP66 example 11, without DERSIG", 0
623 ).Num(0).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").Num(0).ScriptError(SCRIPT_ERR_EVAL_FALSE));
624 tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG,
625 "BIP66 example 11, with DERSIG", SCRIPT_VERIFY_DERSIG
626 ).Num(0).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").Num(0).ScriptError(SCRIPT_ERR_EVAL_FALSE));
627 tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG << OP_NOT,
628 "BIP66 example 12, without DERSIG", 0
629 ).Num(0).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").Num(0));
630 tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG << OP_NOT,
631 "BIP66 example 12, with DERSIG", SCRIPT_VERIFY_DERSIG
632 ).Num(0).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").Num(0));
633 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG,
634 "P2PK with multi-byte hashtype, without DERSIG", 0
635 ).PushSig(keys.key2, SIGHASH_ALL).EditPush(70, "01", "0101"));
636 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG,
637 "P2PK with multi-byte hashtype, with DERSIG", SCRIPT_VERIFY_DERSIG
638 ).PushSig(keys.key2, SIGHASH_ALL).EditPush(70, "01", "0101").ScriptError(SCRIPT_ERR_SIG_DER));
639
640 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG,
641 "P2PK with high S but no LOW_S", 0
642 ).PushSig(keys.key2, SIGHASH_ALL, 32, 33));
643 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG,
644 "P2PK with high S", SCRIPT_VERIFY_LOW_S
645 ).PushSig(keys.key2, SIGHASH_ALL, 32, 33).ScriptError(SCRIPT_ERR_SIG_HIGH_S));
646
647 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0H) << OP_CHECKSIG,
648 "P2PK with hybrid pubkey but no STRICTENC", 0
649 ).PushSig(keys.key0, SIGHASH_ALL));
650 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0H) << OP_CHECKSIG,
651 "P2PK with hybrid pubkey", SCRIPT_VERIFY_STRICTENC
652 ).PushSig(keys.key0, SIGHASH_ALL).ScriptError(SCRIPT_ERR_PUBKEYTYPE));
653 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0H) << OP_CHECKSIG << OP_NOT,
654 "P2PK NOT with hybrid pubkey but no STRICTENC", 0
655 ).PushSig(keys.key0, SIGHASH_ALL).ScriptError(SCRIPT_ERR_EVAL_FALSE));
656 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0H) << OP_CHECKSIG << OP_NOT,
657 "P2PK NOT with hybrid pubkey", SCRIPT_VERIFY_STRICTENC
658 ).PushSig(keys.key0, SIGHASH_ALL).ScriptError(SCRIPT_ERR_PUBKEYTYPE));
659 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0H) << OP_CHECKSIG << OP_NOT,
660 "P2PK NOT with invalid hybrid pubkey but no STRICTENC", 0
661 ).PushSig(keys.key0, SIGHASH_ALL).DamagePush(10));
662 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0H) << OP_CHECKSIG << OP_NOT,
663 "P2PK NOT with invalid hybrid pubkey", SCRIPT_VERIFY_STRICTENC
664 ).PushSig(keys.key0, SIGHASH_ALL).DamagePush(10).ScriptError(SCRIPT_ERR_PUBKEYTYPE));
665 tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey0H) << ToByteVector(keys.pubkey1C) << OP_2 << OP_CHECKMULTISIG,
666 "1-of-2 with the second 1 hybrid pubkey and no STRICTENC", 0
667 ).Num(0).PushSig(keys.key1, SIGHASH_ALL));
668 tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey0H) << ToByteVector(keys.pubkey1C) << OP_2 << OP_CHECKMULTISIG,
669 "1-of-2 with the second 1 hybrid pubkey", SCRIPT_VERIFY_STRICTENC
670 ).Num(0).PushSig(keys.key1, SIGHASH_ALL));
671 tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey0H) << OP_2 << OP_CHECKMULTISIG,
672 "1-of-2 with the first 1 hybrid pubkey", SCRIPT_VERIFY_STRICTENC
673 ).Num(0).PushSig(keys.key1, SIGHASH_ALL).ScriptError(SCRIPT_ERR_PUBKEYTYPE));
674
675 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG,
676 "P2PK with undefined hashtype but no STRICTENC", 0
677 ).PushSig(keys.key1, 5));
678 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG,
679 "P2PK with undefined hashtype", SCRIPT_VERIFY_STRICTENC
680 ).PushSig(keys.key1, 5).ScriptError(SCRIPT_ERR_SIG_HASHTYPE));
681 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG << OP_NOT,
682 "P2PK NOT with invalid sig and undefined hashtype but no STRICTENC", 0
683 ).PushSig(keys.key1, 5).DamagePush(10));
684 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG << OP_NOT,
685 "P2PK NOT with invalid sig and undefined hashtype", SCRIPT_VERIFY_STRICTENC
686 ).PushSig(keys.key1, 5).DamagePush(10).ScriptError(SCRIPT_ERR_SIG_HASHTYPE));
687
688 tests.push_back(TestBuilder(CScript() << OP_3 << ToByteVector(keys.pubkey0C) << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_3 << OP_CHECKMULTISIG,
689 "3-of-3 with nonzero dummy but no NULLDUMMY", 0
690 ).Num(1).PushSig(keys.key0).PushSig(keys.key1).PushSig(keys.key2));
691 tests.push_back(TestBuilder(CScript() << OP_3 << ToByteVector(keys.pubkey0C) << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_3 << OP_CHECKMULTISIG,
692 "3-of-3 with nonzero dummy", SCRIPT_VERIFY_NULLDUMMY
693 ).Num(1).PushSig(keys.key0).PushSig(keys.key1).PushSig(keys.key2).ScriptError(SCRIPT_ERR_SIG_NULLDUMMY));
694 tests.push_back(TestBuilder(CScript() << OP_3 << ToByteVector(keys.pubkey0C) << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_3 << OP_CHECKMULTISIG << OP_NOT,
695 "3-of-3 NOT with invalid sig and nonzero dummy but no NULLDUMMY", 0
696 ).Num(1).PushSig(keys.key0).PushSig(keys.key1).PushSig(keys.key2).DamagePush(10));
697 tests.push_back(TestBuilder(CScript() << OP_3 << ToByteVector(keys.pubkey0C) << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_3 << OP_CHECKMULTISIG << OP_NOT,
698 "3-of-3 NOT with invalid sig with nonzero dummy", SCRIPT_VERIFY_NULLDUMMY
699 ).Num(1).PushSig(keys.key0).PushSig(keys.key1).PushSig(keys.key2).DamagePush(10).ScriptError(SCRIPT_ERR_SIG_NULLDUMMY));
700
701 tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey1C) << OP_2 << OP_CHECKMULTISIG,
702 "2-of-2 with two identical keys and sigs pushed using OP_DUP but no SIGPUSHONLY", 0
703 ).Num(0).PushSig(keys.key1).Add(CScript() << OP_DUP));
704 tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey1C) << OP_2 << OP_CHECKMULTISIG,
705 "2-of-2 with two identical keys and sigs pushed using OP_DUP", SCRIPT_VERIFY_SIGPUSHONLY
706 ).Num(0).PushSig(keys.key1).Add(CScript() << OP_DUP).ScriptError(SCRIPT_ERR_SIG_PUSHONLY));
707 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG,
708 "P2SH(P2PK) with non-push scriptSig but no P2SH or SIGPUSHONLY", 0, true
709 ).PushSig(keys.key2).Add(CScript() << OP_NOP8).PushRedeem());
710 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG,
711 "P2PK with non-push scriptSig but with P2SH validation", 0
712 ).PushSig(keys.key2).Add(CScript() << OP_NOP8));
713 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG,
714 "P2SH(P2PK) with non-push scriptSig but no SIGPUSHONLY", SCRIPT_VERIFY_P2SH, true
715 ).PushSig(keys.key2).Add(CScript() << OP_NOP8).PushRedeem().ScriptError(SCRIPT_ERR_SIG_PUSHONLY));
716 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG,
717 "P2SH(P2PK) with non-push scriptSig but not P2SH", SCRIPT_VERIFY_SIGPUSHONLY, true
718 ).PushSig(keys.key2).Add(CScript() << OP_NOP8).PushRedeem().ScriptError(SCRIPT_ERR_SIG_PUSHONLY));
719 tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey1C) << OP_2 << OP_CHECKMULTISIG,
720 "2-of-2 with two identical keys and sigs pushed", SCRIPT_VERIFY_SIGPUSHONLY
721 ).Num(0).PushSig(keys.key1).PushSig(keys.key1));
722 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
723 "P2PK with unnecessary input but no CLEANSTACK", SCRIPT_VERIFY_P2SH
724 ).Num(11).PushSig(keys.key0));
725 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
726 "P2PK with unnecessary input", SCRIPT_VERIFY_CLEANSTACK | SCRIPT_VERIFY_P2SH
727 ).Num(11).PushSig(keys.key0).ScriptError(SCRIPT_ERR_CLEANSTACK));
728 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
729 "P2SH with unnecessary input but no CLEANSTACK", SCRIPT_VERIFY_P2SH, true
730 ).Num(11).PushSig(keys.key0).PushRedeem());
731 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
732 "P2SH with unnecessary input", SCRIPT_VERIFY_CLEANSTACK | SCRIPT_VERIFY_P2SH, true
733 ).Num(11).PushSig(keys.key0).PushRedeem().ScriptError(SCRIPT_ERR_CLEANSTACK));
734 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
735 "P2SH with CLEANSTACK", SCRIPT_VERIFY_CLEANSTACK | SCRIPT_VERIFY_P2SH, true
736 ).PushSig(keys.key0).PushRedeem());
737
738 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
739 "Basic P2WSH", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false, WITNESS_SH,
740 0, 1).PushWitSig(keys.key0).PushWitRedeem());
741 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0),
742 "Basic P2WPKH", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false, WITNESS_PKH,
743 0, 1).PushWitSig(keys.key0).Push(keys.pubkey0).AsWit());
744 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
745 "Basic P2SH(P2WSH)", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, true, WITNESS_SH,
746 0, 1).PushWitSig(keys.key0).PushWitRedeem().PushRedeem());
747 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0),
748 "Basic P2SH(P2WPKH)", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, true, WITNESS_PKH,
749 0, 1).PushWitSig(keys.key0).Push(keys.pubkey0).AsWit().PushRedeem());
750 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG,
751 "Basic P2WSH with the wrong key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false, WITNESS_SH
752 ).PushWitSig(keys.key0).PushWitRedeem().ScriptError(SCRIPT_ERR_EVAL_FALSE));
753 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1),
754 "Basic P2WPKH with the wrong key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false, WITNESS_PKH
755 ).PushWitSig(keys.key0).Push(keys.pubkey1).AsWit().ScriptError(SCRIPT_ERR_EVAL_FALSE));
756 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG,
757 "Basic P2SH(P2WSH) with the wrong key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, true, WITNESS_SH
758 ).PushWitSig(keys.key0).PushWitRedeem().PushRedeem().ScriptError(SCRIPT_ERR_EVAL_FALSE));
759 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1),
760 "Basic P2SH(P2WPKH) with the wrong key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, true, WITNESS_PKH
761 ).PushWitSig(keys.key0).Push(keys.pubkey1).AsWit().PushRedeem().ScriptError(SCRIPT_ERR_EVAL_FALSE));
762 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG,
763 "Basic P2WSH with the wrong key but no WITNESS", SCRIPT_VERIFY_P2SH, false, WITNESS_SH
764 ).PushWitSig(keys.key0).PushWitRedeem());
765 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1),
766 "Basic P2WPKH with the wrong key but no WITNESS", SCRIPT_VERIFY_P2SH, false, WITNESS_PKH
767 ).PushWitSig(keys.key0).Push(keys.pubkey1).AsWit());
768 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG,
769 "Basic P2SH(P2WSH) with the wrong key but no WITNESS", SCRIPT_VERIFY_P2SH, true, WITNESS_SH
770 ).PushWitSig(keys.key0).PushWitRedeem().PushRedeem());
771 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1),
772 "Basic P2SH(P2WPKH) with the wrong key but no WITNESS", SCRIPT_VERIFY_P2SH, true, WITNESS_PKH
773 ).PushWitSig(keys.key0).Push(keys.pubkey1).AsWit().PushRedeem());
774 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
775 "Basic P2WSH with wrong value", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false, WITNESS_SH,
776 0, 0).PushWitSig(keys.key0, 1).PushWitRedeem().ScriptError(SCRIPT_ERR_EVAL_FALSE));
777 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0),
778 "Basic P2WPKH with wrong value", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false, WITNESS_PKH,
779 0, 0).PushWitSig(keys.key0, 1).Push(keys.pubkey0).AsWit().ScriptError(SCRIPT_ERR_EVAL_FALSE));
780 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
781 "Basic P2SH(P2WSH) with wrong value", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, true, WITNESS_SH,
782 0, 0).PushWitSig(keys.key0, 1).PushWitRedeem().PushRedeem().ScriptError(SCRIPT_ERR_EVAL_FALSE));
783 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0),
784 "Basic P2SH(P2WPKH) with wrong value", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, true, WITNESS_PKH,
785 0, 0).PushWitSig(keys.key0, 1).Push(keys.pubkey0).AsWit().PushRedeem().ScriptError(SCRIPT_ERR_EVAL_FALSE));
786
787 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0),
788 "P2WPKH with future witness version", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH |
789 SCRIPT_VERIFY_DISCOURAGE_UPGRADABLE_WITNESS_PROGRAM, false, WITNESS_PKH, 1
790 ).PushWitSig(keys.key0).Push(keys.pubkey0).AsWit().ScriptError(SCRIPT_ERR_DISCOURAGE_UPGRADABLE_WITNESS_PROGRAM));
791 {
792 CScript witscript = CScript() << ToByteVector(keys.pubkey0);
793 uint256 hash;
794 CSHA256().Write(&witscript[0], witscript.size()).Finalize(hash.begin());
795 std::vector<unsigned char> hashBytes = ToByteVector(hash);
796 hashBytes.pop_back();
797 tests.push_back(TestBuilder(CScript() << OP_0 << hashBytes,
798 "P2WPKH with wrong witness program length", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false
799 ).PushWitSig(keys.key0).Push(keys.pubkey0).AsWit().ScriptError(SCRIPT_ERR_WITNESS_PROGRAM_WRONG_LENGTH));
800 }
801 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
802 "P2WSH with empty witness", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false, WITNESS_SH
803 ).ScriptError(SCRIPT_ERR_WITNESS_PROGRAM_WITNESS_EMPTY));
804 {
805 CScript witscript = CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG;
806 tests.push_back(TestBuilder(witscript,
807 "P2WSH with witness program mismatch", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false, WITNESS_SH
808 ).PushWitSig(keys.key0).Push(witscript).DamagePush(0).AsWit().ScriptError(SCRIPT_ERR_WITNESS_PROGRAM_MISMATCH));
809 }
810 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0),
811 "P2WPKH with witness program mismatch", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false, WITNESS_PKH
812 ).PushWitSig(keys.key0).Push(keys.pubkey0).AsWit().Push("0").AsWit().ScriptError(SCRIPT_ERR_WITNESS_PROGRAM_MISMATCH));
813 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0),
814 "P2WPKH with non-empty scriptSig", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false, WITNESS_PKH
815 ).PushWitSig(keys.key0).Push(keys.pubkey0).AsWit().Num(11).ScriptError(SCRIPT_ERR_WITNESS_MALLEATED));
816 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1),
817 "P2SH(P2WPKH) with superfluous push in scriptSig", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, true, WITNESS_PKH
818 ).PushWitSig(keys.key0).Push(keys.pubkey1).AsWit().Num(11).PushRedeem().ScriptError(SCRIPT_ERR_WITNESS_MALLEATED_P2SH));
819 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
820 "P2PK with witness", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH
821 ).PushSig(keys.key0).Push("0").AsWit().ScriptError(SCRIPT_ERR_WITNESS_UNEXPECTED));
822
823 // Compressed keys should pass SCRIPT_VERIFY_WITNESS_PUBKEYTYPE
824 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0C) << OP_CHECKSIG,
825 "Basic P2WSH with compressed key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, false, WITNESS_SH,
826 0, 1).PushWitSig(keys.key0C).PushWitRedeem());
827 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0C),
828 "Basic P2WPKH with compressed key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, false, WITNESS_PKH,
829 0, 1).PushWitSig(keys.key0C).Push(keys.pubkey0C).AsWit());
830 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0C) << OP_CHECKSIG,
831 "Basic P2SH(P2WSH) with compressed key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, true, WITNESS_SH,
832 0, 1).PushWitSig(keys.key0C).PushWitRedeem().PushRedeem());
833 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0C),
834 "Basic P2SH(P2WPKH) with compressed key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, true, WITNESS_PKH,
835 0, 1).PushWitSig(keys.key0C).Push(keys.pubkey0C).AsWit().PushRedeem());
836
837 // Testing uncompressed key in witness with SCRIPT_VERIFY_WITNESS_PUBKEYTYPE
838 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
839 "Basic P2WSH", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, false, WITNESS_SH,
840 0, 1).PushWitSig(keys.key0).PushWitRedeem().ScriptError(SCRIPT_ERR_WITNESS_PUBKEYTYPE));
841 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0),
842 "Basic P2WPKH", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, false, WITNESS_PKH,
843 0, 1).PushWitSig(keys.key0).Push(keys.pubkey0).AsWit().ScriptError(SCRIPT_ERR_WITNESS_PUBKEYTYPE));
844 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
845 "Basic P2SH(P2WSH)", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, true, WITNESS_SH,
846 0, 1).PushWitSig(keys.key0).PushWitRedeem().PushRedeem().ScriptError(SCRIPT_ERR_WITNESS_PUBKEYTYPE));
847 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0),
848 "Basic P2SH(P2WPKH)", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, true, WITNESS_PKH,
849 0, 1).PushWitSig(keys.key0).Push(keys.pubkey0).AsWit().PushRedeem().ScriptError(SCRIPT_ERR_WITNESS_PUBKEYTYPE));
850
851 // P2WSH 1-of-2 multisig with compressed keys
852 tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey0C) << OP_2 << OP_CHECKMULTISIG,
853 "P2WSH CHECKMULTISIG with compressed keys", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, false, WITNESS_SH,
854 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key0C).PushWitRedeem());
855 tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey0C) << OP_2 << OP_CHECKMULTISIG,
856 "P2SH(P2WSH) CHECKMULTISIG with compressed keys", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, true, WITNESS_SH,
857 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key0C).PushWitRedeem().PushRedeem());
858 tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey0C) << OP_2 << OP_CHECKMULTISIG,
859 "P2WSH CHECKMULTISIG with compressed keys", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, false, WITNESS_SH,
860 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key1C).PushWitRedeem());
861 tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey0C) << OP_2 << OP_CHECKMULTISIG,
862 "P2SH(P2WSH) CHECKMULTISIG with compressed keys", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, true, WITNESS_SH,
863 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key1C).PushWitRedeem().PushRedeem());
864
865 // P2WSH 1-of-2 multisig with first key uncompressed
866 tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey0) << OP_2 << OP_CHECKMULTISIG,
867 "P2WSH CHECKMULTISIG with first key uncompressed and signing with the first key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false, WITNESS_SH,
868 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key0).PushWitRedeem());
869 tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey0) << OP_2 << OP_CHECKMULTISIG,
870 "P2SH(P2WSH) CHECKMULTISIG first key uncompressed and signing with the first key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, true, WITNESS_SH,
871 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key0).PushWitRedeem().PushRedeem());
872 tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey0) << OP_2 << OP_CHECKMULTISIG,
873 "P2WSH CHECKMULTISIG with first key uncompressed and signing with the first key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, false, WITNESS_SH,
874 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key0).PushWitRedeem().ScriptError(SCRIPT_ERR_WITNESS_PUBKEYTYPE));
875 tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey0) << OP_2 << OP_CHECKMULTISIG,
876 "P2SH(P2WSH) CHECKMULTISIG with first key uncompressed and signing with the first key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, true, WITNESS_SH,
877 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key0).PushWitRedeem().PushRedeem().ScriptError(SCRIPT_ERR_WITNESS_PUBKEYTYPE));
878 tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey0) << OP_2 << OP_CHECKMULTISIG,
879 "P2WSH CHECKMULTISIG with first key uncompressed and signing with the second key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false, WITNESS_SH,
880 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key1C).PushWitRedeem());
881 tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey0) << OP_2 << OP_CHECKMULTISIG,
882 "P2SH(P2WSH) CHECKMULTISIG with first key uncompressed and signing with the second key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, true, WITNESS_SH,
883 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key1C).PushWitRedeem().PushRedeem());
884 tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey0) << OP_2 << OP_CHECKMULTISIG,
885 "P2WSH CHECKMULTISIG with first key uncompressed and signing with the second key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, false, WITNESS_SH,
886 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key1C).PushWitRedeem().ScriptError(SCRIPT_ERR_WITNESS_PUBKEYTYPE));
887 tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey0) << OP_2 << OP_CHECKMULTISIG,
888 "P2SH(P2WSH) CHECKMULTISIG with first key uncompressed and signing with the second key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, true, WITNESS_SH,
889 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key1C).PushWitRedeem().PushRedeem().ScriptError(SCRIPT_ERR_WITNESS_PUBKEYTYPE));
890 // P2WSH 1-of-2 multisig with second key uncompressed
891 tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1) << ToByteVector(keys.pubkey0C) << OP_2 << OP_CHECKMULTISIG,
892 "P2WSH CHECKMULTISIG with second key uncompressed and signing with the first key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false, WITNESS_SH,
893 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key0C).PushWitRedeem());
894 tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1) << ToByteVector(keys.pubkey0C) << OP_2 << OP_CHECKMULTISIG,
895 "P2SH(P2WSH) CHECKMULTISIG second key uncompressed and signing with the first key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, true, WITNESS_SH,
896 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key0C).PushWitRedeem().PushRedeem());
897 tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1) << ToByteVector(keys.pubkey0C) << OP_2 << OP_CHECKMULTISIG,
898 "P2WSH CHECKMULTISIG with second key uncompressed and signing with the first key should pass as the uncompressed key is not used", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, false, WITNESS_SH,
899 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key0C).PushWitRedeem());
900 tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1) << ToByteVector(keys.pubkey0C) << OP_2 << OP_CHECKMULTISIG,
901 "P2SH(P2WSH) CHECKMULTISIG with second key uncompressed and signing with the first key should pass as the uncompressed key is not used", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, true, WITNESS_SH,
902 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key0C).PushWitRedeem().PushRedeem());
903 tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1) << ToByteVector(keys.pubkey0C) << OP_2 << OP_CHECKMULTISIG,
904 "P2WSH CHECKMULTISIG with second key uncompressed and signing with the second key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false, WITNESS_SH,
905 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key1).PushWitRedeem());
906 tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1) << ToByteVector(keys.pubkey0C) << OP_2 << OP_CHECKMULTISIG,
907 "P2SH(P2WSH) CHECKMULTISIG with second key uncompressed and signing with the second key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, true, WITNESS_SH,
908 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key1).PushWitRedeem().PushRedeem());
909 tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1) << ToByteVector(keys.pubkey0C) << OP_2 << OP_CHECKMULTISIG,
910 "P2WSH CHECKMULTISIG with second key uncompressed and signing with the second key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, false, WITNESS_SH,
911 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key1).PushWitRedeem().ScriptError(SCRIPT_ERR_WITNESS_PUBKEYTYPE));
912 tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1) << ToByteVector(keys.pubkey0C) << OP_2 << OP_CHECKMULTISIG,
913 "P2SH(P2WSH) CHECKMULTISIG with second key uncompressed and signing with the second key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, true, WITNESS_SH,
914 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key1).PushWitRedeem().PushRedeem().ScriptError(SCRIPT_ERR_WITNESS_PUBKEYTYPE));
915
916 std::set<std::string> tests_set;
917
918 {
919 UniValue json_tests = read_json(std::string(json_tests::script_tests, json_tests::script_tests + sizeof(json_tests::script_tests)));
920
921 for (unsigned int idx = 0; idx < json_tests.size(); idx++) {
922 const UniValue& tv = json_tests[idx];
923 tests_set.insert(JSONPrettyPrint(tv.get_array()));
924 }
925 }
926
927 std::string strGen;
928
929 for (TestBuilder& test : tests) {
930 test.Test();
931 std::string str = JSONPrettyPrint(test.GetJSON());
932 #ifndef UPDATE_JSON_TESTS
933 if (tests_set.count(str) == 0) {
934 BOOST_CHECK_MESSAGE(false, "Missing auto script_valid test: " + test.GetComment());
935 }
936 #endif
937 strGen += str + ",\n";
938 }
939
940 #ifdef UPDATE_JSON_TESTS
941 FILE* file = fopen("script_tests.json.gen", "w");
942 fputs(strGen.c_str(), file);
943 fclose(file);
944 #endif
945 }
946
947 BOOST_AUTO_TEST_CASE(script_json_test)
948 {
949 // Read tests from test/data/script_tests.json
950 // Format is an array of arrays
951 // Inner arrays are [ ["wit"..., nValue]?, "scriptSig", "scriptPubKey", "flags", "expected_scripterror" ]
952 // ... where scriptSig and scriptPubKey are stringified
953 // scripts.
954 // If a witness is given, then the last value in the array should be the
955 // amount (nValue) to use in the crediting tx
956 UniValue tests = read_json(std::string(json_tests::script_tests, json_tests::script_tests + sizeof(json_tests::script_tests)));
957
958 for (unsigned int idx = 0; idx < tests.size(); idx++) {
959 UniValue test = tests[idx];
960 std::string strTest = test.write();
961 CScriptWitness witness;
962 CAmount nValue = 0;
963 unsigned int pos = 0;
964 if (test.size() > 0 && test[pos].isArray()) {
965 unsigned int i=0;
966 for (i = 0; i < test[pos].size()-1; i++) {
967 witness.stack.push_back(ParseHex(test[pos][i].get_str()));
968 }
969 nValue = AmountFromValue(test[pos][i]);
970 pos++;
971 }
972 if (test.size() < 4 + pos) // Allow size > 3; extra stuff ignored (useful for comments)
973 {
974 if (test.size() != 1) {
975 BOOST_ERROR("Bad test: " << strTest);
976 }
977 continue;
978 }
979 std::string scriptSigString = test[pos++].get_str();
980 CScript scriptSig = ParseScript(scriptSigString);
981 std::string scriptPubKeyString = test[pos++].get_str();
982 CScript scriptPubKey = ParseScript(scriptPubKeyString);
983 unsigned int scriptflags = ParseScriptFlags(test[pos++].get_str());
984 int scriptError = ParseScriptError(test[pos++].get_str());
985
986 DoTest(scriptPubKey, scriptSig, witness, scriptflags, strTest, scriptError, nValue);
987 }
988 }
989
990 BOOST_AUTO_TEST_CASE(script_PushData)
991 {
992 // Check that PUSHDATA1, PUSHDATA2, and PUSHDATA4 create the same value on
993 // the stack as the 1-75 opcodes do.
994 static const unsigned char direct[] = { 1, 0x5a };
995 static const unsigned char pushdata1[] = { OP_PUSHDATA1, 1, 0x5a };
996 static const unsigned char pushdata2[] = { OP_PUSHDATA2, 1, 0, 0x5a };
997 static const unsigned char pushdata4[] = { OP_PUSHDATA4, 1, 0, 0, 0, 0x5a };
998
999 ScriptError err;
1000 std::vector<std::vector<unsigned char> > directStack;
1001 BOOST_CHECK(EvalScript(directStack, CScript(&direct[0], &direct[sizeof(direct)]), SCRIPT_VERIFY_P2SH, BaseSignatureChecker(), SIGVERSION_BASE, &err));
1002 BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
1003
1004 std::vector<std::vector<unsigned char> > pushdata1Stack;
1005 BOOST_CHECK(EvalScript(pushdata1Stack, CScript(&pushdata1[0], &pushdata1[sizeof(pushdata1)]), SCRIPT_VERIFY_P2SH, BaseSignatureChecker(), SIGVERSION_BASE, &err));
1006 BOOST_CHECK(pushdata1Stack == directStack);
1007 BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
1008
1009 std::vector<std::vector<unsigned char> > pushdata2Stack;
1010 BOOST_CHECK(EvalScript(pushdata2Stack, CScript(&pushdata2[0], &pushdata2[sizeof(pushdata2)]), SCRIPT_VERIFY_P2SH, BaseSignatureChecker(), SIGVERSION_BASE, &err));
1011 BOOST_CHECK(pushdata2Stack == directStack);
1012 BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
1013
1014 std::vector<std::vector<unsigned char> > pushdata4Stack;
1015 BOOST_CHECK(EvalScript(pushdata4Stack, CScript(&pushdata4[0], &pushdata4[sizeof(pushdata4)]), SCRIPT_VERIFY_P2SH, BaseSignatureChecker(), SIGVERSION_BASE, &err));
1016 BOOST_CHECK(pushdata4Stack == directStack);
1017 BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
1018 }
1019
1020 CScript
1021 sign_multisig(CScript scriptPubKey, std::vector<CKey> keys, CTransaction transaction)
1022 {
1023 uint256 hash = SignatureHash(scriptPubKey, transaction, 0, SIGHASH_ALL, 0, SIGVERSION_BASE);
1024
1025 CScript result;
1026 //
1027 // NOTE: CHECKMULTISIG has an unfortunate bug; it requires
1028 // one extra item on the stack, before the signatures.
1029 // Putting OP_0 on the stack is the workaround;
1030 // fixing the bug would mean splitting the block chain (old
1031 // clients would not accept new CHECKMULTISIG transactions,
1032 // and vice-versa)
1033 //
1034 result << OP_0;
1035 for (const CKey &key : keys)
1036 {
1037 std::vector<unsigned char> vchSig;
1038 BOOST_CHECK(key.Sign(hash, vchSig));
1039 vchSig.push_back((unsigned char)SIGHASH_ALL);
1040 result << vchSig;
1041 }
1042 return result;
1043 }
1044 CScript
1045 sign_multisig(CScript scriptPubKey, const CKey &key, CTransaction transaction)
1046 {
1047 std::vector<CKey> keys;
1048 keys.push_back(key);
1049 return sign_multisig(scriptPubKey, keys, transaction);
1050 }
1051
1052 BOOST_AUTO_TEST_CASE(script_CHECKMULTISIG12)
1053 {
1054 ScriptError err;
1055 CKey key1, key2, key3;
1056 key1.MakeNewKey(true);
1057 key2.MakeNewKey(false);
1058 key3.MakeNewKey(true);
1059
1060 CScript scriptPubKey12;
1061 scriptPubKey12 << OP_1 << ToByteVector(key1.GetPubKey()) << ToByteVector(key2.GetPubKey()) << OP_2 << OP_CHECKMULTISIG;
1062
1063 CMutableTransaction txFrom12 = BuildCreditingTransaction(scriptPubKey12);
1064 CMutableTransaction txTo12 = BuildSpendingTransaction(CScript(), CScriptWitness(), txFrom12);
1065
1066 CScript goodsig1 = sign_multisig(scriptPubKey12, key1, txTo12);
1067 BOOST_CHECK(VerifyScript(goodsig1, scriptPubKey12, nullptr, gFlags, MutableTransactionSignatureChecker(&txTo12, 0, txFrom12.vout[0].nValue), &err));
1068 BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
1069 txTo12.vout[0].nValue = 2;
1070 BOOST_CHECK(!VerifyScript(goodsig1, scriptPubKey12, nullptr, gFlags, MutableTransactionSignatureChecker(&txTo12, 0, txFrom12.vout[0].nValue), &err));
1071 BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_EVAL_FALSE, ScriptErrorString(err));
1072
1073 CScript goodsig2 = sign_multisig(scriptPubKey12, key2, txTo12);
1074 BOOST_CHECK(VerifyScript(goodsig2, scriptPubKey12, nullptr, gFlags, MutableTransactionSignatureChecker(&txTo12, 0, txFrom12.vout[0].nValue), &err));
1075 BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
1076
1077 CScript badsig1 = sign_multisig(scriptPubKey12, key3, txTo12);
1078 BOOST_CHECK(!VerifyScript(badsig1, scriptPubKey12, nullptr, gFlags, MutableTransactionSignatureChecker(&txTo12, 0, txFrom12.vout[0].nValue), &err));
1079 BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_EVAL_FALSE, ScriptErrorString(err));
1080 }
1081
1082 BOOST_AUTO_TEST_CASE(script_CHECKMULTISIG23)
1083 {
1084 ScriptError err;
1085 CKey key1, key2, key3, key4;
1086 key1.MakeNewKey(true);
1087 key2.MakeNewKey(false);
1088 key3.MakeNewKey(true);
1089 key4.MakeNewKey(false);
1090
1091 CScript scriptPubKey23;
1092 scriptPubKey23 << OP_2 << ToByteVector(key1.GetPubKey()) << ToByteVector(key2.GetPubKey()) << ToByteVector(key3.GetPubKey()) << OP_3 << OP_CHECKMULTISIG;
1093
1094 CMutableTransaction txFrom23 = BuildCreditingTransaction(scriptPubKey23);
1095 CMutableTransaction txTo23 = BuildSpendingTransaction(CScript(), CScriptWitness(), txFrom23);
1096
1097 std::vector<CKey> keys;
1098 keys.push_back(key1); keys.push_back(key2);
1099 CScript goodsig1 = sign_multisig(scriptPubKey23, keys, txTo23);
1100 BOOST_CHECK(VerifyScript(goodsig1, scriptPubKey23, nullptr, gFlags, MutableTransactionSignatureChecker(&txTo23, 0, txFrom23.vout[0].nValue), &err));
1101 BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
1102
1103 keys.clear();
1104 keys.push_back(key1); keys.push_back(key3);
1105 CScript goodsig2 = sign_multisig(scriptPubKey23, keys, txTo23);
1106 BOOST_CHECK(VerifyScript(goodsig2, scriptPubKey23, nullptr, gFlags, MutableTransactionSignatureChecker(&txTo23, 0, txFrom23.vout[0].nValue), &err));
1107 BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
1108
1109 keys.clear();
1110 keys.push_back(key2); keys.push_back(key3);
1111 CScript goodsig3 = sign_multisig(scriptPubKey23, keys, txTo23);
1112 BOOST_CHECK(VerifyScript(goodsig3, scriptPubKey23, nullptr, gFlags, MutableTransactionSignatureChecker(&txTo23, 0, txFrom23.vout[0].nValue), &err));
1113 BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
1114
1115 keys.clear();
1116 keys.push_back(key2); keys.push_back(key2); // Can't re-use sig
1117 CScript badsig1 = sign_multisig(scriptPubKey23, keys, txTo23);
1118 BOOST_CHECK(!VerifyScript(badsig1, scriptPubKey23, nullptr, gFlags, MutableTransactionSignatureChecker(&txTo23, 0, txFrom23.vout[0].nValue), &err));
1119 BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_EVAL_FALSE, ScriptErrorString(err));
1120
1121 keys.clear();
1122 keys.push_back(key2); keys.push_back(key1); // sigs must be in correct order
1123 CScript badsig2 = sign_multisig(scriptPubKey23, keys, txTo23);
1124 BOOST_CHECK(!VerifyScript(badsig2, scriptPubKey23, nullptr, gFlags, MutableTransactionSignatureChecker(&txTo23, 0, txFrom23.vout[0].nValue), &err));
1125 BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_EVAL_FALSE, ScriptErrorString(err));
1126
1127 keys.clear();
1128 keys.push_back(key3); keys.push_back(key2); // sigs must be in correct order
1129 CScript badsig3 = sign_multisig(scriptPubKey23, keys, txTo23);
1130 BOOST_CHECK(!VerifyScript(badsig3, scriptPubKey23, nullptr, gFlags, MutableTransactionSignatureChecker(&txTo23, 0, txFrom23.vout[0].nValue), &err));
1131 BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_EVAL_FALSE, ScriptErrorString(err));
1132
1133 keys.clear();
1134 keys.push_back(key4); keys.push_back(key2); // sigs must match pubkeys
1135 CScript badsig4 = sign_multisig(scriptPubKey23, keys, txTo23);
1136 BOOST_CHECK(!VerifyScript(badsig4, scriptPubKey23, nullptr, gFlags, MutableTransactionSignatureChecker(&txTo23, 0, txFrom23.vout[0].nValue), &err));
1137 BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_EVAL_FALSE, ScriptErrorString(err));
1138
1139 keys.clear();
1140 keys.push_back(key1); keys.push_back(key4); // sigs must match pubkeys
1141 CScript badsig5 = sign_multisig(scriptPubKey23, keys, txTo23);
1142 BOOST_CHECK(!VerifyScript(badsig5, scriptPubKey23, nullptr, gFlags, MutableTransactionSignatureChecker(&txTo23, 0, txFrom23.vout[0].nValue), &err));
1143 BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_EVAL_FALSE, ScriptErrorString(err));
1144
1145 keys.clear(); // Must have signatures
1146 CScript badsig6 = sign_multisig(scriptPubKey23, keys, txTo23);
1147 BOOST_CHECK(!VerifyScript(badsig6, scriptPubKey23, nullptr, gFlags, MutableTransactionSignatureChecker(&txTo23, 0, txFrom23.vout[0].nValue), &err));
1148 BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_INVALID_STACK_OPERATION, ScriptErrorString(err));
1149 }
1150
1151 BOOST_AUTO_TEST_CASE(script_combineSigs)
1152 {
1153 // Test the CombineSignatures function
1154 CAmount amount = 0;
1155 CBasicKeyStore keystore;
1156 std::vector<CKey> keys;
1157 std::vector<CPubKey> pubkeys;
1158 for (int i = 0; i < 3; i++)
1159 {
1160 CKey key;
1161 key.MakeNewKey(i%2 == 1);
1162 keys.push_back(key);
1163 pubkeys.push_back(key.GetPubKey());
1164 keystore.AddKey(key);
1165 }
1166
1167 CMutableTransaction txFrom = BuildCreditingTransaction(GetScriptForDestination(keys[0].GetPubKey().GetID()));
1168 CMutableTransaction txTo = BuildSpendingTransaction(CScript(), CScriptWitness(), txFrom);
1169 CScript& scriptPubKey = txFrom.vout[0].scriptPubKey;
1170 CScript& scriptSig = txTo.vin[0].scriptSig;
1171
1172 SignatureData empty;
1173 SignatureData combined = CombineSignatures(scriptPubKey, MutableTransactionSignatureChecker(&txTo, 0, amount), empty, empty);
1174 BOOST_CHECK(combined.scriptSig.empty());
1175
1176 // Single signature case:
1177 SignSignature(keystore, txFrom, txTo, 0, SIGHASH_ALL); // changes scriptSig
1178 combined = CombineSignatures(scriptPubKey, MutableTransactionSignatureChecker(&txTo, 0, amount), SignatureData(scriptSig), empty);
1179 BOOST_CHECK(combined.scriptSig == scriptSig);
1180 combined = CombineSignatures(scriptPubKey, MutableTransactionSignatureChecker(&txTo, 0, amount), empty, SignatureData(scriptSig));
1181 BOOST_CHECK(combined.scriptSig == scriptSig);
1182 CScript scriptSigCopy = scriptSig;
1183 // Signing again will give a different, valid signature:
1184 SignSignature(keystore, txFrom, txTo, 0, SIGHASH_ALL);
1185 combined = CombineSignatures(scriptPubKey, MutableTransactionSignatureChecker(&txTo, 0, amount), SignatureData(scriptSigCopy), SignatureData(scriptSig));
1186 BOOST_CHECK(combined.scriptSig == scriptSigCopy || combined.scriptSig == scriptSig);
1187
1188 // P2SH, single-signature case:
1189 CScript pkSingle; pkSingle << ToByteVector(keys[0].GetPubKey()) << OP_CHECKSIG;
1190 keystore.AddCScript(pkSingle);
1191 scriptPubKey = GetScriptForDestination(CScriptID(pkSingle));
1192 SignSignature(keystore, txFrom, txTo, 0, SIGHASH_ALL);
1193 combined = CombineSignatures(scriptPubKey, MutableTransactionSignatureChecker(&txTo, 0, amount), SignatureData(scriptSig), empty);
1194 BOOST_CHECK(combined.scriptSig == scriptSig);
1195 combined = CombineSignatures(scriptPubKey, MutableTransactionSignatureChecker(&txTo, 0, amount), empty, SignatureData(scriptSig));
1196 BOOST_CHECK(combined.scriptSig == scriptSig);
1197 scriptSigCopy = scriptSig;
1198 SignSignature(keystore, txFrom, txTo, 0, SIGHASH_ALL);
1199 combined = CombineSignatures(scriptPubKey, MutableTransactionSignatureChecker(&txTo, 0, amount), SignatureData(scriptSigCopy), SignatureData(scriptSig));
1200 BOOST_CHECK(combined.scriptSig == scriptSigCopy || combined.scriptSig == scriptSig);
1201 // dummy scriptSigCopy with placeholder, should always choose non-placeholder:
1202 scriptSigCopy = CScript() << OP_0 << std::vector<unsigned char>(pkSingle.begin(), pkSingle.end());
1203 combined = CombineSignatures(scriptPubKey, MutableTransactionSignatureChecker(&txTo, 0, amount), SignatureData(scriptSigCopy), SignatureData(scriptSig));
1204 BOOST_CHECK(combined.scriptSig == scriptSig);
1205 combined = CombineSignatures(scriptPubKey, MutableTransactionSignatureChecker(&txTo, 0, amount), SignatureData(scriptSig), SignatureData(scriptSigCopy));
1206 BOOST_CHECK(combined.scriptSig == scriptSig);
1207
1208 // Hardest case: Multisig 2-of-3
1209 scriptPubKey = GetScriptForMultisig(2, pubkeys);
1210 keystore.AddCScript(scriptPubKey);
1211 SignSignature(keystore, txFrom, txTo, 0, SIGHASH_ALL);
1212 combined = CombineSignatures(scriptPubKey, MutableTransactionSignatureChecker(&txTo, 0, amount), SignatureData(scriptSig), empty);
1213 BOOST_CHECK(combined.scriptSig == scriptSig);
1214 combined = CombineSignatures(scriptPubKey, MutableTransactionSignatureChecker(&txTo, 0, amount), empty, SignatureData(scriptSig));
1215 BOOST_CHECK(combined.scriptSig == scriptSig);
1216
1217 // A couple of partially-signed versions:
1218 std::vector<unsigned char> sig1;
1219 uint256 hash1 = SignatureHash(scriptPubKey, txTo, 0, SIGHASH_ALL, 0, SIGVERSION_BASE);
1220 BOOST_CHECK(keys[0].Sign(hash1, sig1));
1221 sig1.push_back(SIGHASH_ALL);
1222 std::vector<unsigned char> sig2;
1223 uint256 hash2 = SignatureHash(scriptPubKey, txTo, 0, SIGHASH_NONE, 0, SIGVERSION_BASE);
1224 BOOST_CHECK(keys[1].Sign(hash2, sig2));
1225 sig2.push_back(SIGHASH_NONE);
1226 std::vector<unsigned char> sig3;
1227 uint256 hash3 = SignatureHash(scriptPubKey, txTo, 0, SIGHASH_SINGLE, 0, SIGVERSION_BASE);
1228 BOOST_CHECK(keys[2].Sign(hash3, sig3));
1229 sig3.push_back(SIGHASH_SINGLE);
1230
1231 // Not fussy about order (or even existence) of placeholders or signatures:
1232 CScript partial1a = CScript() << OP_0 << sig1 << OP_0;
1233 CScript partial1b = CScript() << OP_0 << OP_0 << sig1;
1234 CScript partial2a = CScript() << OP_0 << sig2;
1235 CScript partial2b = CScript() << sig2 << OP_0;
1236 CScript partial3a = CScript() << sig3;
1237 CScript partial3b = CScript() << OP_0 << OP_0 << sig3;
1238 CScript partial3c = CScript() << OP_0 << sig3 << OP_0;
1239 CScript complete12 = CScript() << OP_0 << sig1 << sig2;
1240 CScript complete13 = CScript() << OP_0 << sig1 << sig3;
1241 CScript complete23 = CScript() << OP_0 << sig2 << sig3;
1242
1243 combined = CombineSignatures(scriptPubKey, MutableTransactionSignatureChecker(&txTo, 0, amount), SignatureData(partial1a), SignatureData(partial1b));
1244 BOOST_CHECK(combined.scriptSig == partial1a);
1245 combined = CombineSignatures(scriptPubKey, MutableTransactionSignatureChecker(&txTo, 0, amount), SignatureData(partial1a), SignatureData(partial2a));
1246 BOOST_CHECK(combined.scriptSig == complete12);
1247 combined = CombineSignatures(scriptPubKey, MutableTransactionSignatureChecker(&txTo, 0, amount), SignatureData(partial2a), SignatureData(partial1a));
1248 BOOST_CHECK(combined.scriptSig == complete12);
1249 combined = CombineSignatures(scriptPubKey, MutableTransactionSignatureChecker(&txTo, 0, amount), SignatureData(partial1b), SignatureData(partial2b));
1250 BOOST_CHECK(combined.scriptSig == complete12);
1251 combined = CombineSignatures(scriptPubKey, MutableTransactionSignatureChecker(&txTo, 0, amount), SignatureData(partial3b), SignatureData(partial1b));
1252 BOOST_CHECK(combined.scriptSig == complete13);
1253 combined = CombineSignatures(scriptPubKey, MutableTransactionSignatureChecker(&txTo, 0, amount), SignatureData(partial2a), SignatureData(partial3a));
1254 BOOST_CHECK(combined.scriptSig == complete23);
1255 combined = CombineSignatures(scriptPubKey, MutableTransactionSignatureChecker(&txTo, 0, amount), SignatureData(partial3b), SignatureData(partial2b));
1256 BOOST_CHECK(combined.scriptSig == complete23);
1257 combined = CombineSignatures(scriptPubKey, MutableTransactionSignatureChecker(&txTo, 0, amount), SignatureData(partial3b), SignatureData(partial3a));
1258 BOOST_CHECK(combined.scriptSig == partial3c);
1259 }
1260
1261 BOOST_AUTO_TEST_CASE(script_standard_push)
1262 {
1263 ScriptError err;
1264 for (int i=0; i<67000; i++) {
1265 CScript script;
1266 script << i;
1267 BOOST_CHECK_MESSAGE(script.IsPushOnly(), "Number " << i << " is not pure push.");
1268 BOOST_CHECK_MESSAGE(VerifyScript(script, CScript() << OP_1, nullptr, SCRIPT_VERIFY_MINIMALDATA, BaseSignatureChecker(), &err), "Number " << i << " push is not minimal data.");
1269 BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
1270 }
1271
1272 for (unsigned int i=0; i<=MAX_SCRIPT_ELEMENT_SIZE; i++) {
1273 std::vector<unsigned char> data(i, '\111');
1274 CScript script;
1275 script << data;
1276 BOOST_CHECK_MESSAGE(script.IsPushOnly(), "Length " << i << " is not pure push.");
1277 BOOST_CHECK_MESSAGE(VerifyScript(script, CScript() << OP_1, nullptr, SCRIPT_VERIFY_MINIMALDATA, BaseSignatureChecker(), &err), "Length " << i << " push is not minimal data.");
1278 BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
1279 }
1280 }
1281
1282 BOOST_AUTO_TEST_CASE(script_IsPushOnly_on_invalid_scripts)
1283 {
1284 // IsPushOnly returns false when given a script containing only pushes that
1285 // are invalid due to truncation. IsPushOnly() is consensus critical
1286 // because P2SH evaluation uses it, although this specific behavior should
1287 // not be consensus critical as the P2SH evaluation would fail first due to
1288 // the invalid push. Still, it doesn't hurt to test it explicitly.
1289 static const unsigned char direct[] = { 1 };
1290 BOOST_CHECK(!CScript(direct, direct+sizeof(direct)).IsPushOnly());
1291 }
1292
1293 BOOST_AUTO_TEST_CASE(script_GetScriptAsm)
1294 {
1295 BOOST_CHECK_EQUAL("OP_CHECKLOCKTIMEVERIFY", ScriptToAsmStr(CScript() << OP_NOP2, true));
1296 BOOST_CHECK_EQUAL("OP_CHECKLOCKTIMEVERIFY", ScriptToAsmStr(CScript() << OP_CHECKLOCKTIMEVERIFY, true));
1297 BOOST_CHECK_EQUAL("OP_CHECKLOCKTIMEVERIFY", ScriptToAsmStr(CScript() << OP_NOP2));
1298 BOOST_CHECK_EQUAL("OP_CHECKLOCKTIMEVERIFY", ScriptToAsmStr(CScript() << OP_CHECKLOCKTIMEVERIFY));
1299
1300 std::string derSig("304502207fa7a6d1e0ee81132a269ad84e68d695483745cde8b541e3bf630749894e342a022100c1f7ab20e13e22fb95281a870f3dcf38d782e53023ee313d741ad0cfbc0c5090");
1301 std::string pubKey("03b0da749730dc9b4b1f4a14d6902877a92541f5368778853d9c4a0cb7802dcfb2");
1302 std::vector<unsigned char> vchPubKey = ToByteVector(ParseHex(pubKey));
1303
1304 BOOST_CHECK_EQUAL(derSig + "00 " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "00")) << vchPubKey, true));
1305 BOOST_CHECK_EQUAL(derSig + "80 " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "80")) << vchPubKey, true));
1306 BOOST_CHECK_EQUAL(derSig + "[ALL] " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "01")) << vchPubKey, true));
1307 BOOST_CHECK_EQUAL(derSig + "[NONE] " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "02")) << vchPubKey, true));
1308 BOOST_CHECK_EQUAL(derSig + "[SINGLE] " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "03")) << vchPubKey, true));
1309 BOOST_CHECK_EQUAL(derSig + "[ALL|ANYONECANPAY] " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "81")) << vchPubKey, true));
1310 BOOST_CHECK_EQUAL(derSig + "[NONE|ANYONECANPAY] " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "82")) << vchPubKey, true));
1311 BOOST_CHECK_EQUAL(derSig + "[SINGLE|ANYONECANPAY] " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "83")) << vchPubKey, true));
1312
1313 BOOST_CHECK_EQUAL(derSig + "00 " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "00")) << vchPubKey));
1314 BOOST_CHECK_EQUAL(derSig + "80 " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "80")) << vchPubKey));
1315 BOOST_CHECK_EQUAL(derSig + "01 " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "01")) << vchPubKey));
1316 BOOST_CHECK_EQUAL(derSig + "02 " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "02")) << vchPubKey));
1317 BOOST_CHECK_EQUAL(derSig + "03 " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "03")) << vchPubKey));
1318 BOOST_CHECK_EQUAL(derSig + "81 " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "81")) << vchPubKey));
1319 BOOST_CHECK_EQUAL(derSig + "82 " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "82")) << vchPubKey));
1320 BOOST_CHECK_EQUAL(derSig + "83 " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "83")) << vchPubKey));
1321 }
1322
1323 static CScript
1324 ScriptFromHex(const char* hex)
1325 {
1326 std::vector<unsigned char> data = ParseHex(hex);
1327 return CScript(data.begin(), data.end());
1328 }
1329
1330
1331 BOOST_AUTO_TEST_CASE(script_FindAndDelete)
1332 {
1333 // Exercise the FindAndDelete functionality
1334 CScript s;
1335 CScript d;
1336 CScript expect;
1337
1338 s = CScript() << OP_1 << OP_2;
1339 d = CScript(); // delete nothing should be a no-op
1340 expect = s;
1341 BOOST_CHECK_EQUAL(s.FindAndDelete(d), 0);
1342 BOOST_CHECK(s == expect);
1343
1344 s = CScript() << OP_1 << OP_2 << OP_3;
1345 d = CScript() << OP_2;
1346 expect = CScript() << OP_1 << OP_3;
1347 BOOST_CHECK_EQUAL(s.FindAndDelete(d), 1);
1348 BOOST_CHECK(s == expect);
1349
1350 s = CScript() << OP_3 << OP_1 << OP_3 << OP_3 << OP_4 << OP_3;
1351 d = CScript() << OP_3;
1352 expect = CScript() << OP_1 << OP_4;
1353 BOOST_CHECK_EQUAL(s.FindAndDelete(d), 4);
1354 BOOST_CHECK(s == expect);
1355
1356 s = ScriptFromHex("0302ff03"); // PUSH 0x02ff03 onto stack
1357 d = ScriptFromHex("0302ff03");
1358 expect = CScript();
1359 BOOST_CHECK_EQUAL(s.FindAndDelete(d), 1);
1360 BOOST_CHECK(s == expect);
1361
1362 s = ScriptFromHex("0302ff030302ff03"); // PUSH 0x2ff03 PUSH 0x2ff03
1363 d = ScriptFromHex("0302ff03");
1364 expect = CScript();
1365 BOOST_CHECK_EQUAL(s.FindAndDelete(d), 2);
1366 BOOST_CHECK(s == expect);
1367
1368 s = ScriptFromHex("0302ff030302ff03");
1369 d = ScriptFromHex("02");
1370 expect = s; // FindAndDelete matches entire opcodes
1371 BOOST_CHECK_EQUAL(s.FindAndDelete(d), 0);
1372 BOOST_CHECK(s == expect);
1373
1374 s = ScriptFromHex("0302ff030302ff03");
1375 d = ScriptFromHex("ff");
1376 expect = s;
1377 BOOST_CHECK_EQUAL(s.FindAndDelete(d), 0);
1378 BOOST_CHECK(s == expect);
1379
1380 // This is an odd edge case: strip of the push-three-bytes
1381 // prefix, leaving 02ff03 which is push-two-bytes:
1382 s = ScriptFromHex("0302ff030302ff03");
1383 d = ScriptFromHex("03");
1384 expect = CScript() << ParseHex("ff03") << ParseHex("ff03");
1385 BOOST_CHECK_EQUAL(s.FindAndDelete(d), 2);
1386 BOOST_CHECK(s == expect);
1387
1388 // Byte sequence that spans multiple opcodes:
1389 s = ScriptFromHex("02feed5169"); // PUSH(0xfeed) OP_1 OP_VERIFY
1390 d = ScriptFromHex("feed51");
1391 expect = s;
1392 BOOST_CHECK_EQUAL(s.FindAndDelete(d), 0); // doesn't match 'inside' opcodes
1393 BOOST_CHECK(s == expect);
1394
1395 s = ScriptFromHex("02feed5169"); // PUSH(0xfeed) OP_1 OP_VERIFY
1396 d = ScriptFromHex("02feed51");
1397 expect = ScriptFromHex("69");
1398 BOOST_CHECK_EQUAL(s.FindAndDelete(d), 1);
1399 BOOST_CHECK(s == expect);
1400
1401 s = ScriptFromHex("516902feed5169");
1402 d = ScriptFromHex("feed51");
1403 expect = s;
1404 BOOST_CHECK_EQUAL(s.FindAndDelete(d), 0);
1405 BOOST_CHECK(s == expect);
1406
1407 s = ScriptFromHex("516902feed5169");
1408 d = ScriptFromHex("02feed51");
1409 expect = ScriptFromHex("516969");
1410 BOOST_CHECK_EQUAL(s.FindAndDelete(d), 1);
1411 BOOST_CHECK(s == expect);
1412
1413 s = CScript() << OP_0 << OP_0 << OP_1 << OP_1;
1414 d = CScript() << OP_0 << OP_1;
1415 expect = CScript() << OP_0 << OP_1; // FindAndDelete is single-pass
1416 BOOST_CHECK_EQUAL(s.FindAndDelete(d), 1);
1417 BOOST_CHECK(s == expect);
1418
1419 s = CScript() << OP_0 << OP_0 << OP_1 << OP_0 << OP_1 << OP_1;
1420 d = CScript() << OP_0 << OP_1;
1421 expect = CScript() << OP_0 << OP_1; // FindAndDelete is single-pass
1422 BOOST_CHECK_EQUAL(s.FindAndDelete(d), 2);
1423 BOOST_CHECK(s == expect);
1424
1425 // Another weird edge case:
1426 // End with invalid push (not enough data)...
1427 s = ScriptFromHex("0003feed");
1428 d = ScriptFromHex("03feed"); // ... can remove the invalid push
1429 expect = ScriptFromHex("00");
1430 BOOST_CHECK_EQUAL(s.FindAndDelete(d), 1);
1431 BOOST_CHECK(s == expect);
1432
1433 s = ScriptFromHex("0003feed");
1434 d = ScriptFromHex("00");
1435 expect = ScriptFromHex("03feed");
1436 BOOST_CHECK_EQUAL(s.FindAndDelete(d), 1);
1437 BOOST_CHECK(s == expect);
1438 }
1439
1440 BOOST_AUTO_TEST_CASE(script_HasValidOps)
1441 {
1442 // Exercise the HasValidOps functionality
1443 CScript script;
1444 script = ScriptFromHex("76a9141234567890abcdefa1a2a3a4a5a6a7a8a9a0aaab88ac"); // Normal script
1445 BOOST_CHECK(script.HasValidOps());
1446 script = ScriptFromHex("76a914ff34567890abcdefa1a2a3a4a5a6a7a8a9a0aaab88ac");
1447 BOOST_CHECK(script.HasValidOps());
1448 script = ScriptFromHex("ff88ac"); // Script with OP_INVALIDOPCODE explicit
1449 BOOST_CHECK(!script.HasValidOps());
1450 script = ScriptFromHex("88acc0"); // Script with undefined opcode
1451 BOOST_CHECK(!script.HasValidOps());
1452 }
1453
1454 BOOST_AUTO_TEST_SUITE_END()