search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge #12079: Improve prioritisetransaction test coverage
[bitcoinplatinum.git] / src / test / script_tests.cpp
blobc7a497f3a73c4754c124bc784c1091dd4f7feaa4
1 // Copyright (c) 2011-2017 The Bitcoin Core developers
2 // Distributed under the MIT software license, see the accompanying
3 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
4
5 #include <test/data/script_tests.json.h>
6
7 #include <core_io.h>
8 #include <key.h>
9 #include <keystore.h>
10 #include <script/script.h>
11 #include <script/script_error.h>
12 #include <script/sign.h>
13 #include <util.h>
14 #include <utilstrencodings.h>
15 #include <test/test_bitcoin.h>
16 #include <rpc/server.h>
17
18 #if defined(HAVE_CONSENSUS_LIB)
19 #include <script/bitcoinconsensus.h>
20 #endif
21
22 #include <fstream>
23 #include <stdint.h>
24 #include <string>
25 #include <vector>
26
27 #include <boost/test/unit_test.hpp>
28
29 #include <univalue.h>
30
31 // Uncomment if you want to output updated JSON tests.
32 // #define UPDATE_JSON_TESTS
33
34 static const unsigned int gFlags = SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_STRICTENC;
35
36 unsigned int ParseScriptFlags(std::string strFlags);
37 std::string FormatScriptFlags(unsigned int flags);
38
39 UniValue
40 read_json(const std::string& jsondata)
41 {
42 UniValue v;
43
44 if (!v.read(jsondata) || !v.isArray())
45 {
46 BOOST_ERROR("Parse error.");
47 return UniValue(UniValue::VARR);
48 }
49 return v.get_array();
50 }
51
52 struct ScriptErrorDesc
53 {
54 ScriptError_t err;
55 const char *name;
56 };
57
58 static ScriptErrorDesc script_errors[]={
59 {SCRIPT_ERR_OK, "OK"},
60 {SCRIPT_ERR_UNKNOWN_ERROR, "UNKNOWN_ERROR"},
61 {SCRIPT_ERR_EVAL_FALSE, "EVAL_FALSE"},
62 {SCRIPT_ERR_OP_RETURN, "OP_RETURN"},
63 {SCRIPT_ERR_SCRIPT_SIZE, "SCRIPT_SIZE"},
64 {SCRIPT_ERR_PUSH_SIZE, "PUSH_SIZE"},
65 {SCRIPT_ERR_OP_COUNT, "OP_COUNT"},
66 {SCRIPT_ERR_STACK_SIZE, "STACK_SIZE"},
67 {SCRIPT_ERR_SIG_COUNT, "SIG_COUNT"},
68 {SCRIPT_ERR_PUBKEY_COUNT, "PUBKEY_COUNT"},
69 {SCRIPT_ERR_VERIFY, "VERIFY"},
70 {SCRIPT_ERR_EQUALVERIFY, "EQUALVERIFY"},
71 {SCRIPT_ERR_CHECKMULTISIGVERIFY, "CHECKMULTISIGVERIFY"},
72 {SCRIPT_ERR_CHECKSIGVERIFY, "CHECKSIGVERIFY"},
73 {SCRIPT_ERR_NUMEQUALVERIFY, "NUMEQUALVERIFY"},
74 {SCRIPT_ERR_BAD_OPCODE, "BAD_OPCODE"},
75 {SCRIPT_ERR_DISABLED_OPCODE, "DISABLED_OPCODE"},
76 {SCRIPT_ERR_INVALID_STACK_OPERATION, "INVALID_STACK_OPERATION"},
77 {SCRIPT_ERR_INVALID_ALTSTACK_OPERATION, "INVALID_ALTSTACK_OPERATION"},
78 {SCRIPT_ERR_UNBALANCED_CONDITIONAL, "UNBALANCED_CONDITIONAL"},
79 {SCRIPT_ERR_NEGATIVE_LOCKTIME, "NEGATIVE_LOCKTIME"},
80 {SCRIPT_ERR_UNSATISFIED_LOCKTIME, "UNSATISFIED_LOCKTIME"},
81 {SCRIPT_ERR_SIG_HASHTYPE, "SIG_HASHTYPE"},
82 {SCRIPT_ERR_SIG_DER, "SIG_DER"},
83 {SCRIPT_ERR_MINIMALDATA, "MINIMALDATA"},
84 {SCRIPT_ERR_SIG_PUSHONLY, "SIG_PUSHONLY"},
85 {SCRIPT_ERR_SIG_HIGH_S, "SIG_HIGH_S"},
86 {SCRIPT_ERR_SIG_NULLDUMMY, "SIG_NULLDUMMY"},
87 {SCRIPT_ERR_PUBKEYTYPE, "PUBKEYTYPE"},
88 {SCRIPT_ERR_CLEANSTACK, "CLEANSTACK"},
89 {SCRIPT_ERR_MINIMALIF, "MINIMALIF"},
90 {SCRIPT_ERR_SIG_NULLFAIL, "NULLFAIL"},
91 {SCRIPT_ERR_DISCOURAGE_UPGRADABLE_NOPS, "DISCOURAGE_UPGRADABLE_NOPS"},
92 {SCRIPT_ERR_DISCOURAGE_UPGRADABLE_WITNESS_PROGRAM, "DISCOURAGE_UPGRADABLE_WITNESS_PROGRAM"},
93 {SCRIPT_ERR_WITNESS_PROGRAM_WRONG_LENGTH, "WITNESS_PROGRAM_WRONG_LENGTH"},
94 {SCRIPT_ERR_WITNESS_PROGRAM_WITNESS_EMPTY, "WITNESS_PROGRAM_WITNESS_EMPTY"},
95 {SCRIPT_ERR_WITNESS_PROGRAM_MISMATCH, "WITNESS_PROGRAM_MISMATCH"},
96 {SCRIPT_ERR_WITNESS_MALLEATED, "WITNESS_MALLEATED"},
97 {SCRIPT_ERR_WITNESS_MALLEATED_P2SH, "WITNESS_MALLEATED_P2SH"},
98 {SCRIPT_ERR_WITNESS_UNEXPECTED, "WITNESS_UNEXPECTED"},
99 {SCRIPT_ERR_WITNESS_PUBKEYTYPE, "WITNESS_PUBKEYTYPE"},
100 };
101
102 const char *FormatScriptError(ScriptError_t err)
103 {
104 for (unsigned int i=0; i<ARRAYLEN(script_errors); ++i)
105 if (script_errors[i].err == err)
106 return script_errors[i].name;
107 BOOST_ERROR("Unknown scripterror enumeration value, update script_errors in script_tests.cpp.");
108 return "";
109 }
110
111 ScriptError_t ParseScriptError(const std::string &name)
112 {
113 for (unsigned int i=0; i<ARRAYLEN(script_errors); ++i)
114 if (script_errors[i].name == name)
115 return script_errors[i].err;
116 BOOST_ERROR("Unknown scripterror \"" << name << "\" in test description");
117 return SCRIPT_ERR_UNKNOWN_ERROR;
118 }
119
120 BOOST_FIXTURE_TEST_SUITE(script_tests, BasicTestingSetup)
121
122 CMutableTransaction BuildCreditingTransaction(const CScript& scriptPubKey, int nValue = 0)
123 {
124 CMutableTransaction txCredit;
125 txCredit.nVersion = 1;
126 txCredit.nLockTime = 0;
127 txCredit.vin.resize(1);
128 txCredit.vout.resize(1);
129 txCredit.vin[0].prevout.SetNull();
130 txCredit.vin[0].scriptSig = CScript() << CScriptNum(0) << CScriptNum(0);
131 txCredit.vin[0].nSequence = CTxIn::SEQUENCE_FINAL;
132 txCredit.vout[0].scriptPubKey = scriptPubKey;
133 txCredit.vout[0].nValue = nValue;
134
135 return txCredit;
136 }
137
138 CMutableTransaction BuildSpendingTransaction(const CScript& scriptSig, const CScriptWitness& scriptWitness, const CMutableTransaction& txCredit)
139 {
140 CMutableTransaction txSpend;
141 txSpend.nVersion = 1;
142 txSpend.nLockTime = 0;
143 txSpend.vin.resize(1);
144 txSpend.vout.resize(1);
145 txSpend.vin[0].scriptWitness = scriptWitness;
146 txSpend.vin[0].prevout.hash = txCredit.GetHash();
147 txSpend.vin[0].prevout.n = 0;
148 txSpend.vin[0].scriptSig = scriptSig;
149 txSpend.vin[0].nSequence = CTxIn::SEQUENCE_FINAL;
150 txSpend.vout[0].scriptPubKey = CScript();
151 txSpend.vout[0].nValue = txCredit.vout[0].nValue;
152
153 return txSpend;
154 }
155
156 void DoTest(const CScript& scriptPubKey, const CScript& scriptSig, const CScriptWitness& scriptWitness, int flags, const std::string& message, int scriptError, CAmount nValue = 0)
157 {
158 bool expect = (scriptError == SCRIPT_ERR_OK);
159 if (flags & SCRIPT_VERIFY_CLEANSTACK) {
160 flags |= SCRIPT_VERIFY_P2SH;
161 flags |= SCRIPT_VERIFY_WITNESS;
162 }
163 ScriptError err;
164 CMutableTransaction txCredit = BuildCreditingTransaction(scriptPubKey, nValue);
165 CMutableTransaction tx = BuildSpendingTransaction(scriptSig, scriptWitness, txCredit);
166 CMutableTransaction tx2 = tx;
167 BOOST_CHECK_MESSAGE(VerifyScript(scriptSig, scriptPubKey, &scriptWitness, flags, MutableTransactionSignatureChecker(&tx, 0, txCredit.vout[0].nValue), &err) == expect, message);
168 BOOST_CHECK_MESSAGE(err == scriptError, std::string(FormatScriptError(err)) + " where " + std::string(FormatScriptError((ScriptError_t)scriptError)) + " expected: " + message);
169
170 // Verify that removing flags from a passing test or adding flags to a failing test does not change the result.
171 for (int i = 0; i < 16; ++i) {
172 int extra_flags = InsecureRandBits(16);
173 int combined_flags = expect ? (flags & ~extra_flags) : (flags | extra_flags);
174 // Weed out some invalid flag combinations.
175 if (combined_flags & SCRIPT_VERIFY_CLEANSTACK && ~combined_flags & (SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS)) continue;
176 if (combined_flags & SCRIPT_VERIFY_WITNESS && ~combined_flags & SCRIPT_VERIFY_P2SH) continue;
177 BOOST_CHECK_MESSAGE(VerifyScript(scriptSig, scriptPubKey, &scriptWitness, combined_flags, MutableTransactionSignatureChecker(&tx, 0, txCredit.vout[0].nValue), &err) == expect, message + strprintf(" (with flags %x)", combined_flags));
178 }
179
180 #if defined(HAVE_CONSENSUS_LIB)
181 CDataStream stream(SER_NETWORK, PROTOCOL_VERSION);
182 stream << tx2;
183 int libconsensus_flags = flags & bitcoinconsensus_SCRIPT_FLAGS_VERIFY_ALL;
184 if (libconsensus_flags == flags) {
185 if (flags & bitcoinconsensus_SCRIPT_FLAGS_VERIFY_WITNESS) {
186 BOOST_CHECK_MESSAGE(bitcoinconsensus_verify_script_with_amount(scriptPubKey.data(), scriptPubKey.size(), txCredit.vout[0].nValue, (const unsigned char*)&stream[0], stream.size(), 0, libconsensus_flags, nullptr) == expect, message);
187 } else {
188 BOOST_CHECK_MESSAGE(bitcoinconsensus_verify_script_with_amount(scriptPubKey.data(), scriptPubKey.size(), 0, (const unsigned char*)&stream[0], stream.size(), 0, libconsensus_flags, nullptr) == expect, message);
189 BOOST_CHECK_MESSAGE(bitcoinconsensus_verify_script(scriptPubKey.data(), scriptPubKey.size(), (const unsigned char*)&stream[0], stream.size(), 0, libconsensus_flags, nullptr) == expect,message);
190 }
191 }
192 #endif
193 }
194
195 void static NegateSignatureS(std::vector<unsigned char>& vchSig) {
196 // Parse the signature.
197 std::vector<unsigned char> r, s;
198 r = std::vector<unsigned char>(vchSig.begin() + 4, vchSig.begin() + 4 + vchSig[3]);
199 s = std::vector<unsigned char>(vchSig.begin() + 6 + vchSig[3], vchSig.begin() + 6 + vchSig[3] + vchSig[5 + vchSig[3]]);
200
201 // Really ugly to implement mod-n negation here, but it would be feature creep to expose such functionality from libsecp256k1.
202 static const unsigned char order[33] = {
203 0x00,
204 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
205 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE,
206 0xBA, 0xAE, 0xDC, 0xE6, 0xAF, 0x48, 0xA0, 0x3B,
207 0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41, 0x41
208 };
209 while (s.size() < 33) {
210 s.insert(s.begin(), 0x00);
211 }
212 int carry = 0;
213 for (int p = 32; p >= 1; p--) {
214 int n = (int)order[p] - s[p] - carry;
215 s[p] = (n + 256) & 0xFF;
216 carry = (n < 0);
217 }
218 assert(carry == 0);
219 if (s.size() > 1 && s[0] == 0 && s[1] < 0x80) {
220 s.erase(s.begin());
221 }
222
223 // Reconstruct the signature.
224 vchSig.clear();
225 vchSig.push_back(0x30);
226 vchSig.push_back(4 + r.size() + s.size());
227 vchSig.push_back(0x02);
228 vchSig.push_back(r.size());
229 vchSig.insert(vchSig.end(), r.begin(), r.end());
230 vchSig.push_back(0x02);
231 vchSig.push_back(s.size());
232 vchSig.insert(vchSig.end(), s.begin(), s.end());
233 }
234
235 namespace
236 {
237 const unsigned char vchKey0[32] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1};
238 const unsigned char vchKey1[32] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0};
239 const unsigned char vchKey2[32] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0};
240
241 struct KeyData
242 {
243 CKey key0, key0C, key1, key1C, key2, key2C;
244 CPubKey pubkey0, pubkey0C, pubkey0H;
245 CPubKey pubkey1, pubkey1C;
246 CPubKey pubkey2, pubkey2C;
247
248 KeyData()
249 {
250
251 key0.Set(vchKey0, vchKey0 + 32, false);
252 key0C.Set(vchKey0, vchKey0 + 32, true);
253 pubkey0 = key0.GetPubKey();
254 pubkey0H = key0.GetPubKey();
255 pubkey0C = key0C.GetPubKey();
256 *const_cast<unsigned char*>(&pubkey0H[0]) = 0x06 | (pubkey0H[64] & 1);
257
258 key1.Set(vchKey1, vchKey1 + 32, false);
259 key1C.Set(vchKey1, vchKey1 + 32, true);
260 pubkey1 = key1.GetPubKey();
261 pubkey1C = key1C.GetPubKey();
262
263 key2.Set(vchKey2, vchKey2 + 32, false);
264 key2C.Set(vchKey2, vchKey2 + 32, true);
265 pubkey2 = key2.GetPubKey();
266 pubkey2C = key2C.GetPubKey();
267 }
268 };
269
270 enum WitnessMode {
271 WITNESS_NONE,
272 WITNESS_PKH,
273 WITNESS_SH
274 };
275
276 class TestBuilder
277 {
278 private:
279 //! Actually executed script
280 CScript script;
281 //! The P2SH redeemscript
282 CScript redeemscript;
283 //! The Witness embedded script
284 CScript witscript;
285 CScriptWitness scriptWitness;
286 CTransactionRef creditTx;
287 CMutableTransaction spendTx;
288 bool havePush;
289 std::vector<unsigned char> push;
290 std::string comment;
291 int flags;
292 int scriptError;
293 CAmount nValue;
294
295 void DoPush()
296 {
297 if (havePush) {
298 spendTx.vin[0].scriptSig << push;
299 havePush = false;
300 }
301 }
302
303 void DoPush(const std::vector<unsigned char>& data)
304 {
305 DoPush();
306 push = data;
307 havePush = true;
308 }
309
310 public:
311 TestBuilder(const CScript& script_, const std::string& comment_, int flags_, bool P2SH = false, WitnessMode wm = WITNESS_NONE, int witnessversion = 0, CAmount nValue_ = 0) : script(script_), havePush(false), comment(comment_), flags(flags_), scriptError(SCRIPT_ERR_OK), nValue(nValue_)
312 {
313 CScript scriptPubKey = script;
314 if (wm == WITNESS_PKH) {
315 uint160 hash;
316 CHash160().Write(&script[1], script.size() - 1).Finalize(hash.begin());
317 script = CScript() << OP_DUP << OP_HASH160 << ToByteVector(hash) << OP_EQUALVERIFY << OP_CHECKSIG;
318 scriptPubKey = CScript() << witnessversion << ToByteVector(hash);
319 } else if (wm == WITNESS_SH) {
320 witscript = scriptPubKey;
321 uint256 hash;
322 CSHA256().Write(&witscript[0], witscript.size()).Finalize(hash.begin());
323 scriptPubKey = CScript() << witnessversion << ToByteVector(hash);
324 }
325 if (P2SH) {
326 redeemscript = scriptPubKey;
327 scriptPubKey = CScript() << OP_HASH160 << ToByteVector(CScriptID(redeemscript)) << OP_EQUAL;
328 }
329 creditTx = MakeTransactionRef(BuildCreditingTransaction(scriptPubKey, nValue));
330 spendTx = BuildSpendingTransaction(CScript(), CScriptWitness(), *creditTx);
331 }
332
333 TestBuilder& ScriptError(ScriptError_t err)
334 {
335 scriptError = err;
336 return *this;
337 }
338
339 TestBuilder& Add(const CScript& _script)
340 {
341 DoPush();
342 spendTx.vin[0].scriptSig += _script;
343 return *this;
344 }
345
346 TestBuilder& Num(int num)
347 {
348 DoPush();
349 spendTx.vin[0].scriptSig << num;
350 return *this;
351 }
352
353 TestBuilder& Push(const std::string& hex)
354 {
355 DoPush(ParseHex(hex));
356 return *this;
357 }
358
359 TestBuilder& Push(const CScript& _script) {
360 DoPush(std::vector<unsigned char>(_script.begin(), _script.end()));
361 return *this;
362 }
363
364 TestBuilder& PushSig(const CKey& key, int nHashType = SIGHASH_ALL, unsigned int lenR = 32, unsigned int lenS = 32, SigVersion sigversion = SIGVERSION_BASE, CAmount amount = 0)
365 {
366 uint256 hash = SignatureHash(script, spendTx, 0, nHashType, amount, sigversion);
367 std::vector<unsigned char> vchSig, r, s;
368 uint32_t iter = 0;
369 do {
370 key.Sign(hash, vchSig, iter++);
371 if ((lenS == 33) != (vchSig[5 + vchSig[3]] == 33)) {
372 NegateSignatureS(vchSig);
373 }
374 r = std::vector<unsigned char>(vchSig.begin() + 4, vchSig.begin() + 4 + vchSig[3]);
375 s = std::vector<unsigned char>(vchSig.begin() + 6 + vchSig[3], vchSig.begin() + 6 + vchSig[3] + vchSig[5 + vchSig[3]]);
376 } while (lenR != r.size() || lenS != s.size());
377 vchSig.push_back(static_cast<unsigned char>(nHashType));
378 DoPush(vchSig);
379 return *this;
380 }
381
382 TestBuilder& PushWitSig(const CKey& key, CAmount amount = -1, int nHashType = SIGHASH_ALL, unsigned int lenR = 32, unsigned int lenS = 32, SigVersion sigversion = SIGVERSION_WITNESS_V0)
383 {
384 if (amount == -1)
385 amount = nValue;
386 return PushSig(key, nHashType, lenR, lenS, sigversion, amount).AsWit();
387 }
388
389 TestBuilder& Push(const CPubKey& pubkey)
390 {
391 DoPush(std::vector<unsigned char>(pubkey.begin(), pubkey.end()));
392 return *this;
393 }
394
395 TestBuilder& PushRedeem()
396 {
397 DoPush(std::vector<unsigned char>(redeemscript.begin(), redeemscript.end()));
398 return *this;
399 }
400
401 TestBuilder& PushWitRedeem()
402 {
403 DoPush(std::vector<unsigned char>(witscript.begin(), witscript.end()));
404 return AsWit();
405 }
406
407 TestBuilder& EditPush(unsigned int pos, const std::string& hexin, const std::string& hexout)
408 {
409 assert(havePush);
410 std::vector<unsigned char> datain = ParseHex(hexin);
411 std::vector<unsigned char> dataout = ParseHex(hexout);
412 assert(pos + datain.size() <= push.size());
413 BOOST_CHECK_MESSAGE(std::vector<unsigned char>(push.begin() + pos, push.begin() + pos + datain.size()) == datain, comment);
414 push.erase(push.begin() + pos, push.begin() + pos + datain.size());
415 push.insert(push.begin() + pos, dataout.begin(), dataout.end());
416 return *this;
417 }
418
419 TestBuilder& DamagePush(unsigned int pos)
420 {
421 assert(havePush);
422 assert(pos < push.size());
423 push[pos] ^= 1;
424 return *this;
425 }
426
427 TestBuilder& Test()
428 {
429 TestBuilder copy = *this; // Make a copy so we can rollback the push.
430 DoPush();
431 DoTest(creditTx->vout[0].scriptPubKey, spendTx.vin[0].scriptSig, scriptWitness, flags, comment, scriptError, nValue);
432 *this = copy;
433 return *this;
434 }
435
436 TestBuilder& AsWit()
437 {
438 assert(havePush);
439 scriptWitness.stack.push_back(push);
440 havePush = false;
441 return *this;
442 }
443
444 UniValue GetJSON()
445 {
446 DoPush();
447 UniValue array(UniValue::VARR);
448 if (!scriptWitness.stack.empty()) {
449 UniValue wit(UniValue::VARR);
450 for (unsigned i = 0; i < scriptWitness.stack.size(); i++) {
451 wit.push_back(HexStr(scriptWitness.stack[i]));
452 }
453 wit.push_back(ValueFromAmount(nValue));
454 array.push_back(wit);
455 }
456 array.push_back(FormatScript(spendTx.vin[0].scriptSig));
457 array.push_back(FormatScript(creditTx->vout[0].scriptPubKey));
458 array.push_back(FormatScriptFlags(flags));
459 array.push_back(FormatScriptError((ScriptError_t)scriptError));
460 array.push_back(comment);
461 return array;
462 }
463
464 std::string GetComment() const
465 {
466 return comment;
467 }
468 };
469
470 std::string JSONPrettyPrint(const UniValue& univalue)
471 {
472 std::string ret = univalue.write(4);
473 // Workaround for libunivalue pretty printer, which puts a space between commas and newlines
474 size_t pos = 0;
475 while ((pos = ret.find(" \n", pos)) != std::string::npos) {
476 ret.replace(pos, 2, "\n");
477 pos++;
478 }
479 return ret;
480 }
481 } // namespace
482
483 BOOST_AUTO_TEST_CASE(script_build)
484 {
485 const KeyData keys;
486
487 std::vector<TestBuilder> tests;
488
489 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
490 "P2PK", 0
491 ).PushSig(keys.key0));
492 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
493 "P2PK, bad sig", 0
494 ).PushSig(keys.key0).DamagePush(10).ScriptError(SCRIPT_ERR_EVAL_FALSE));
495
496 tests.push_back(TestBuilder(CScript() << OP_DUP << OP_HASH160 << ToByteVector(keys.pubkey1C.GetID()) << OP_EQUALVERIFY << OP_CHECKSIG,
497 "P2PKH", 0
498 ).PushSig(keys.key1).Push(keys.pubkey1C));
499 tests.push_back(TestBuilder(CScript() << OP_DUP << OP_HASH160 << ToByteVector(keys.pubkey2C.GetID()) << OP_EQUALVERIFY << OP_CHECKSIG,
500 "P2PKH, bad pubkey", 0
501 ).PushSig(keys.key2).Push(keys.pubkey2C).DamagePush(5).ScriptError(SCRIPT_ERR_EQUALVERIFY));
502
503 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG,
504 "P2PK anyonecanpay", 0
505 ).PushSig(keys.key1, SIGHASH_ALL | SIGHASH_ANYONECANPAY));
506 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG,
507 "P2PK anyonecanpay marked with normal hashtype", 0
508 ).PushSig(keys.key1, SIGHASH_ALL | SIGHASH_ANYONECANPAY).EditPush(70, "81", "01").ScriptError(SCRIPT_ERR_EVAL_FALSE));
509
510 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0C) << OP_CHECKSIG,
511 "P2SH(P2PK)", SCRIPT_VERIFY_P2SH, true
512 ).PushSig(keys.key0).PushRedeem());
513 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0C) << OP_CHECKSIG,
514 "P2SH(P2PK), bad redeemscript", SCRIPT_VERIFY_P2SH, true
515 ).PushSig(keys.key0).PushRedeem().DamagePush(10).ScriptError(SCRIPT_ERR_EVAL_FALSE));
516
517 tests.push_back(TestBuilder(CScript() << OP_DUP << OP_HASH160 << ToByteVector(keys.pubkey0.GetID()) << OP_EQUALVERIFY << OP_CHECKSIG,
518 "P2SH(P2PKH)", SCRIPT_VERIFY_P2SH, true
519 ).PushSig(keys.key0).Push(keys.pubkey0).PushRedeem());
520 tests.push_back(TestBuilder(CScript() << OP_DUP << OP_HASH160 << ToByteVector(keys.pubkey1.GetID()) << OP_EQUALVERIFY << OP_CHECKSIG,
521 "P2SH(P2PKH), bad sig but no VERIFY_P2SH", 0, true
522 ).PushSig(keys.key0).DamagePush(10).PushRedeem());
523 tests.push_back(TestBuilder(CScript() << OP_DUP << OP_HASH160 << ToByteVector(keys.pubkey1.GetID()) << OP_EQUALVERIFY << OP_CHECKSIG,
524 "P2SH(P2PKH), bad sig", SCRIPT_VERIFY_P2SH, true
525 ).PushSig(keys.key0).DamagePush(10).PushRedeem().ScriptError(SCRIPT_ERR_EQUALVERIFY));
526
527 tests.push_back(TestBuilder(CScript() << OP_3 << ToByteVector(keys.pubkey0C) << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_3 << OP_CHECKMULTISIG,
528 "3-of-3", 0
529 ).Num(0).PushSig(keys.key0).PushSig(keys.key1).PushSig(keys.key2));
530 tests.push_back(TestBuilder(CScript() << OP_3 << ToByteVector(keys.pubkey0C) << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_3 << OP_CHECKMULTISIG,
531 "3-of-3, 2 sigs", 0
532 ).Num(0).PushSig(keys.key0).PushSig(keys.key1).Num(0).ScriptError(SCRIPT_ERR_EVAL_FALSE));
533
534 tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey0C) << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_3 << OP_CHECKMULTISIG,
535 "P2SH(2-of-3)", SCRIPT_VERIFY_P2SH, true
536 ).Num(0).PushSig(keys.key1).PushSig(keys.key2).PushRedeem());
537 tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey0C) << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_3 << OP_CHECKMULTISIG,
538 "P2SH(2-of-3), 1 sig", SCRIPT_VERIFY_P2SH, true
539 ).Num(0).PushSig(keys.key1).Num(0).PushRedeem().ScriptError(SCRIPT_ERR_EVAL_FALSE));
540
541 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
542 "P2PK with too much R padding but no DERSIG", 0
543 ).PushSig(keys.key1, SIGHASH_ALL, 31, 32).EditPush(1, "43021F", "44022000"));
544 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
545 "P2PK with too much R padding", SCRIPT_VERIFY_DERSIG
546 ).PushSig(keys.key1, SIGHASH_ALL, 31, 32).EditPush(1, "43021F", "44022000").ScriptError(SCRIPT_ERR_SIG_DER));
547 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
548 "P2PK with too much S padding but no DERSIG", 0
549 ).PushSig(keys.key1, SIGHASH_ALL).EditPush(1, "44", "45").EditPush(37, "20", "2100"));
550 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
551 "P2PK with too much S padding", SCRIPT_VERIFY_DERSIG
552 ).PushSig(keys.key1, SIGHASH_ALL).EditPush(1, "44", "45").EditPush(37, "20", "2100").ScriptError(SCRIPT_ERR_SIG_DER));
553 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
554 "P2PK with too little R padding but no DERSIG", 0
555 ).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220"));
556 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
557 "P2PK with too little R padding", SCRIPT_VERIFY_DERSIG
558 ).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").ScriptError(SCRIPT_ERR_SIG_DER));
559 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG << OP_NOT,
560 "P2PK NOT with bad sig with too much R padding but no DERSIG", 0
561 ).PushSig(keys.key2, SIGHASH_ALL, 31, 32).EditPush(1, "43021F", "44022000").DamagePush(10));
562 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG << OP_NOT,
563 "P2PK NOT with bad sig with too much R padding", SCRIPT_VERIFY_DERSIG
564 ).PushSig(keys.key2, SIGHASH_ALL, 31, 32).EditPush(1, "43021F", "44022000").DamagePush(10).ScriptError(SCRIPT_ERR_SIG_DER));
565 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG << OP_NOT,
566 "P2PK NOT with too much R padding but no DERSIG", 0
567 ).PushSig(keys.key2, SIGHASH_ALL, 31, 32).EditPush(1, "43021F", "44022000").ScriptError(SCRIPT_ERR_EVAL_FALSE));
568 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG << OP_NOT,
569 "P2PK NOT with too much R padding", SCRIPT_VERIFY_DERSIG
570 ).PushSig(keys.key2, SIGHASH_ALL, 31, 32).EditPush(1, "43021F", "44022000").ScriptError(SCRIPT_ERR_SIG_DER));
571
572 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
573 "BIP66 example 1, without DERSIG", 0
574 ).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220"));
575 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
576 "BIP66 example 1, with DERSIG", SCRIPT_VERIFY_DERSIG
577 ).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").ScriptError(SCRIPT_ERR_SIG_DER));
578 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG << OP_NOT,
579 "BIP66 example 2, without DERSIG", 0
580 ).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").ScriptError(SCRIPT_ERR_EVAL_FALSE));
581 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG << OP_NOT,
582 "BIP66 example 2, with DERSIG", SCRIPT_VERIFY_DERSIG
583 ).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").ScriptError(SCRIPT_ERR_SIG_DER));
584 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
585 "BIP66 example 3, without DERSIG", 0
586 ).Num(0).ScriptError(SCRIPT_ERR_EVAL_FALSE));
587 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
588 "BIP66 example 3, with DERSIG", SCRIPT_VERIFY_DERSIG
589 ).Num(0).ScriptError(SCRIPT_ERR_EVAL_FALSE));
590 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG << OP_NOT,
591 "BIP66 example 4, without DERSIG", 0
592 ).Num(0));
593 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG << OP_NOT,
594 "BIP66 example 4, with DERSIG", SCRIPT_VERIFY_DERSIG
595 ).Num(0));
596 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
597 "BIP66 example 5, without DERSIG", 0
598 ).Num(1).ScriptError(SCRIPT_ERR_EVAL_FALSE));
599 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
600 "BIP66 example 5, with DERSIG", SCRIPT_VERIFY_DERSIG
601 ).Num(1).ScriptError(SCRIPT_ERR_SIG_DER));
602 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG << OP_NOT,
603 "BIP66 example 6, without DERSIG", 0
604 ).Num(1));
605 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG << OP_NOT,
606 "BIP66 example 6, with DERSIG", SCRIPT_VERIFY_DERSIG
607 ).Num(1).ScriptError(SCRIPT_ERR_SIG_DER));
608 tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG,
609 "BIP66 example 7, without DERSIG", 0
610 ).Num(0).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").PushSig(keys.key2));
611 tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG,
612 "BIP66 example 7, with DERSIG", SCRIPT_VERIFY_DERSIG
613 ).Num(0).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").PushSig(keys.key2).ScriptError(SCRIPT_ERR_SIG_DER));
614 tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG << OP_NOT,
615 "BIP66 example 8, without DERSIG", 0
616 ).Num(0).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").PushSig(keys.key2).ScriptError(SCRIPT_ERR_EVAL_FALSE));
617 tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG << OP_NOT,
618 "BIP66 example 8, with DERSIG", SCRIPT_VERIFY_DERSIG
619 ).Num(0).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").PushSig(keys.key2).ScriptError(SCRIPT_ERR_SIG_DER));
620 tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG,
621 "BIP66 example 9, without DERSIG", 0
622 ).Num(0).Num(0).PushSig(keys.key2, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").ScriptError(SCRIPT_ERR_EVAL_FALSE));
623 tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG,
624 "BIP66 example 9, with DERSIG", SCRIPT_VERIFY_DERSIG
625 ).Num(0).Num(0).PushSig(keys.key2, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").ScriptError(SCRIPT_ERR_SIG_DER));
626 tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG << OP_NOT,
627 "BIP66 example 10, without DERSIG", 0
628 ).Num(0).Num(0).PushSig(keys.key2, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220"));
629 tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG << OP_NOT,
630 "BIP66 example 10, with DERSIG", SCRIPT_VERIFY_DERSIG
631 ).Num(0).Num(0).PushSig(keys.key2, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").ScriptError(SCRIPT_ERR_SIG_DER));
632 tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG,
633 "BIP66 example 11, without DERSIG", 0
634 ).Num(0).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").Num(0).ScriptError(SCRIPT_ERR_EVAL_FALSE));
635 tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG,
636 "BIP66 example 11, with DERSIG", SCRIPT_VERIFY_DERSIG
637 ).Num(0).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").Num(0).ScriptError(SCRIPT_ERR_EVAL_FALSE));
638 tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG << OP_NOT,
639 "BIP66 example 12, without DERSIG", 0
640 ).Num(0).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").Num(0));
641 tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG << OP_NOT,
642 "BIP66 example 12, with DERSIG", SCRIPT_VERIFY_DERSIG
643 ).Num(0).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").Num(0));
644 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG,
645 "P2PK with multi-byte hashtype, without DERSIG", 0
646 ).PushSig(keys.key2, SIGHASH_ALL).EditPush(70, "01", "0101"));
647 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG,
648 "P2PK with multi-byte hashtype, with DERSIG", SCRIPT_VERIFY_DERSIG
649 ).PushSig(keys.key2, SIGHASH_ALL).EditPush(70, "01", "0101").ScriptError(SCRIPT_ERR_SIG_DER));
650
651 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG,
652 "P2PK with high S but no LOW_S", 0
653 ).PushSig(keys.key2, SIGHASH_ALL, 32, 33));
654 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG,
655 "P2PK with high S", SCRIPT_VERIFY_LOW_S
656 ).PushSig(keys.key2, SIGHASH_ALL, 32, 33).ScriptError(SCRIPT_ERR_SIG_HIGH_S));
657
658 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0H) << OP_CHECKSIG,
659 "P2PK with hybrid pubkey but no STRICTENC", 0
660 ).PushSig(keys.key0, SIGHASH_ALL));
661 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0H) << OP_CHECKSIG,
662 "P2PK with hybrid pubkey", SCRIPT_VERIFY_STRICTENC
663 ).PushSig(keys.key0, SIGHASH_ALL).ScriptError(SCRIPT_ERR_PUBKEYTYPE));
664 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0H) << OP_CHECKSIG << OP_NOT,
665 "P2PK NOT with hybrid pubkey but no STRICTENC", 0
666 ).PushSig(keys.key0, SIGHASH_ALL).ScriptError(SCRIPT_ERR_EVAL_FALSE));
667 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0H) << OP_CHECKSIG << OP_NOT,
668 "P2PK NOT with hybrid pubkey", SCRIPT_VERIFY_STRICTENC
669 ).PushSig(keys.key0, SIGHASH_ALL).ScriptError(SCRIPT_ERR_PUBKEYTYPE));
670 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0H) << OP_CHECKSIG << OP_NOT,
671 "P2PK NOT with invalid hybrid pubkey but no STRICTENC", 0
672 ).PushSig(keys.key0, SIGHASH_ALL).DamagePush(10));
673 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0H) << OP_CHECKSIG << OP_NOT,
674 "P2PK NOT with invalid hybrid pubkey", SCRIPT_VERIFY_STRICTENC
675 ).PushSig(keys.key0, SIGHASH_ALL).DamagePush(10).ScriptError(SCRIPT_ERR_PUBKEYTYPE));
676 tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey0H) << ToByteVector(keys.pubkey1C) << OP_2 << OP_CHECKMULTISIG,
677 "1-of-2 with the second 1 hybrid pubkey and no STRICTENC", 0
678 ).Num(0).PushSig(keys.key1, SIGHASH_ALL));
679 tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey0H) << ToByteVector(keys.pubkey1C) << OP_2 << OP_CHECKMULTISIG,
680 "1-of-2 with the second 1 hybrid pubkey", SCRIPT_VERIFY_STRICTENC
681 ).Num(0).PushSig(keys.key1, SIGHASH_ALL));
682 tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey0H) << OP_2 << OP_CHECKMULTISIG,
683 "1-of-2 with the first 1 hybrid pubkey", SCRIPT_VERIFY_STRICTENC
684 ).Num(0).PushSig(keys.key1, SIGHASH_ALL).ScriptError(SCRIPT_ERR_PUBKEYTYPE));
685
686 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG,
687 "P2PK with undefined hashtype but no STRICTENC", 0
688 ).PushSig(keys.key1, 5));
689 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG,
690 "P2PK with undefined hashtype", SCRIPT_VERIFY_STRICTENC
691 ).PushSig(keys.key1, 5).ScriptError(SCRIPT_ERR_SIG_HASHTYPE));
692 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG << OP_NOT,
693 "P2PK NOT with invalid sig and undefined hashtype but no STRICTENC", 0
694 ).PushSig(keys.key1, 5).DamagePush(10));
695 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG << OP_NOT,
696 "P2PK NOT with invalid sig and undefined hashtype", SCRIPT_VERIFY_STRICTENC
697 ).PushSig(keys.key1, 5).DamagePush(10).ScriptError(SCRIPT_ERR_SIG_HASHTYPE));
698
699 tests.push_back(TestBuilder(CScript() << OP_3 << ToByteVector(keys.pubkey0C) << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_3 << OP_CHECKMULTISIG,
700 "3-of-3 with nonzero dummy but no NULLDUMMY", 0
701 ).Num(1).PushSig(keys.key0).PushSig(keys.key1).PushSig(keys.key2));
702 tests.push_back(TestBuilder(CScript() << OP_3 << ToByteVector(keys.pubkey0C) << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_3 << OP_CHECKMULTISIG,
703 "3-of-3 with nonzero dummy", SCRIPT_VERIFY_NULLDUMMY
704 ).Num(1).PushSig(keys.key0).PushSig(keys.key1).PushSig(keys.key2).ScriptError(SCRIPT_ERR_SIG_NULLDUMMY));
705 tests.push_back(TestBuilder(CScript() << OP_3 << ToByteVector(keys.pubkey0C) << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_3 << OP_CHECKMULTISIG << OP_NOT,
706 "3-of-3 NOT with invalid sig and nonzero dummy but no NULLDUMMY", 0
707 ).Num(1).PushSig(keys.key0).PushSig(keys.key1).PushSig(keys.key2).DamagePush(10));
708 tests.push_back(TestBuilder(CScript() << OP_3 << ToByteVector(keys.pubkey0C) << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_3 << OP_CHECKMULTISIG << OP_NOT,
709 "3-of-3 NOT with invalid sig with nonzero dummy", SCRIPT_VERIFY_NULLDUMMY
710 ).Num(1).PushSig(keys.key0).PushSig(keys.key1).PushSig(keys.key2).DamagePush(10).ScriptError(SCRIPT_ERR_SIG_NULLDUMMY));
711
712 tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey1C) << OP_2 << OP_CHECKMULTISIG,
713 "2-of-2 with two identical keys and sigs pushed using OP_DUP but no SIGPUSHONLY", 0
714 ).Num(0).PushSig(keys.key1).Add(CScript() << OP_DUP));
715 tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey1C) << OP_2 << OP_CHECKMULTISIG,
716 "2-of-2 with two identical keys and sigs pushed using OP_DUP", SCRIPT_VERIFY_SIGPUSHONLY
717 ).Num(0).PushSig(keys.key1).Add(CScript() << OP_DUP).ScriptError(SCRIPT_ERR_SIG_PUSHONLY));
718 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG,
719 "P2SH(P2PK) with non-push scriptSig but no P2SH or SIGPUSHONLY", 0, true
720 ).PushSig(keys.key2).Add(CScript() << OP_NOP8).PushRedeem());
721 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG,
722 "P2PK with non-push scriptSig but with P2SH validation", 0
723 ).PushSig(keys.key2).Add(CScript() << OP_NOP8));
724 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG,
725 "P2SH(P2PK) with non-push scriptSig but no SIGPUSHONLY", SCRIPT_VERIFY_P2SH, true
726 ).PushSig(keys.key2).Add(CScript() << OP_NOP8).PushRedeem().ScriptError(SCRIPT_ERR_SIG_PUSHONLY));
727 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG,
728 "P2SH(P2PK) with non-push scriptSig but not P2SH", SCRIPT_VERIFY_SIGPUSHONLY, true
729 ).PushSig(keys.key2).Add(CScript() << OP_NOP8).PushRedeem().ScriptError(SCRIPT_ERR_SIG_PUSHONLY));
730 tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey1C) << OP_2 << OP_CHECKMULTISIG,
731 "2-of-2 with two identical keys and sigs pushed", SCRIPT_VERIFY_SIGPUSHONLY
732 ).Num(0).PushSig(keys.key1).PushSig(keys.key1));
733 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
734 "P2PK with unnecessary input but no CLEANSTACK", SCRIPT_VERIFY_P2SH
735 ).Num(11).PushSig(keys.key0));
736 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
737 "P2PK with unnecessary input", SCRIPT_VERIFY_CLEANSTACK | SCRIPT_VERIFY_P2SH
738 ).Num(11).PushSig(keys.key0).ScriptError(SCRIPT_ERR_CLEANSTACK));
739 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
740 "P2SH with unnecessary input but no CLEANSTACK", SCRIPT_VERIFY_P2SH, true
741 ).Num(11).PushSig(keys.key0).PushRedeem());
742 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
743 "P2SH with unnecessary input", SCRIPT_VERIFY_CLEANSTACK | SCRIPT_VERIFY_P2SH, true
744 ).Num(11).PushSig(keys.key0).PushRedeem().ScriptError(SCRIPT_ERR_CLEANSTACK));
745 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
746 "P2SH with CLEANSTACK", SCRIPT_VERIFY_CLEANSTACK | SCRIPT_VERIFY_P2SH, true
747 ).PushSig(keys.key0).PushRedeem());
748
749 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
750 "Basic P2WSH", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false, WITNESS_SH,
751 0, 1).PushWitSig(keys.key0).PushWitRedeem());
752 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0),
753 "Basic P2WPKH", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false, WITNESS_PKH,
754 0, 1).PushWitSig(keys.key0).Push(keys.pubkey0).AsWit());
755 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
756 "Basic P2SH(P2WSH)", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, true, WITNESS_SH,
757 0, 1).PushWitSig(keys.key0).PushWitRedeem().PushRedeem());
758 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0),
759 "Basic P2SH(P2WPKH)", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, true, WITNESS_PKH,
760 0, 1).PushWitSig(keys.key0).Push(keys.pubkey0).AsWit().PushRedeem());
761 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG,
762 "Basic P2WSH with the wrong key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false, WITNESS_SH
763 ).PushWitSig(keys.key0).PushWitRedeem().ScriptError(SCRIPT_ERR_EVAL_FALSE));
764 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1),
765 "Basic P2WPKH with the wrong key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false, WITNESS_PKH
766 ).PushWitSig(keys.key0).Push(keys.pubkey1).AsWit().ScriptError(SCRIPT_ERR_EVAL_FALSE));
767 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG,
768 "Basic P2SH(P2WSH) with the wrong key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, true, WITNESS_SH
769 ).PushWitSig(keys.key0).PushWitRedeem().PushRedeem().ScriptError(SCRIPT_ERR_EVAL_FALSE));
770 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1),
771 "Basic P2SH(P2WPKH) with the wrong key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, true, WITNESS_PKH
772 ).PushWitSig(keys.key0).Push(keys.pubkey1).AsWit().PushRedeem().ScriptError(SCRIPT_ERR_EVAL_FALSE));
773 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG,
774 "Basic P2WSH with the wrong key but no WITNESS", SCRIPT_VERIFY_P2SH, false, WITNESS_SH
775 ).PushWitSig(keys.key0).PushWitRedeem());
776 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1),
777 "Basic P2WPKH with the wrong key but no WITNESS", SCRIPT_VERIFY_P2SH, false, WITNESS_PKH
778 ).PushWitSig(keys.key0).Push(keys.pubkey1).AsWit());
779 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG,
780 "Basic P2SH(P2WSH) with the wrong key but no WITNESS", SCRIPT_VERIFY_P2SH, true, WITNESS_SH
781 ).PushWitSig(keys.key0).PushWitRedeem().PushRedeem());
782 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1),
783 "Basic P2SH(P2WPKH) with the wrong key but no WITNESS", SCRIPT_VERIFY_P2SH, true, WITNESS_PKH
784 ).PushWitSig(keys.key0).Push(keys.pubkey1).AsWit().PushRedeem());
785 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
786 "Basic P2WSH with wrong value", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false, WITNESS_SH,
787 0, 0).PushWitSig(keys.key0, 1).PushWitRedeem().ScriptError(SCRIPT_ERR_EVAL_FALSE));
788 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0),
789 "Basic P2WPKH with wrong value", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false, WITNESS_PKH,
790 0, 0).PushWitSig(keys.key0, 1).Push(keys.pubkey0).AsWit().ScriptError(SCRIPT_ERR_EVAL_FALSE));
791 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
792 "Basic P2SH(P2WSH) with wrong value", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, true, WITNESS_SH,
793 0, 0).PushWitSig(keys.key0, 1).PushWitRedeem().PushRedeem().ScriptError(SCRIPT_ERR_EVAL_FALSE));
794 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0),
795 "Basic P2SH(P2WPKH) with wrong value", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, true, WITNESS_PKH,
796 0, 0).PushWitSig(keys.key0, 1).Push(keys.pubkey0).AsWit().PushRedeem().ScriptError(SCRIPT_ERR_EVAL_FALSE));
797
798 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0),
799 "P2WPKH with future witness version", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH |
800 SCRIPT_VERIFY_DISCOURAGE_UPGRADABLE_WITNESS_PROGRAM, false, WITNESS_PKH, 1
801 ).PushWitSig(keys.key0).Push(keys.pubkey0).AsWit().ScriptError(SCRIPT_ERR_DISCOURAGE_UPGRADABLE_WITNESS_PROGRAM));
802 {
803 CScript witscript = CScript() << ToByteVector(keys.pubkey0);
804 uint256 hash;
805 CSHA256().Write(&witscript[0], witscript.size()).Finalize(hash.begin());
806 std::vector<unsigned char> hashBytes = ToByteVector(hash);
807 hashBytes.pop_back();
808 tests.push_back(TestBuilder(CScript() << OP_0 << hashBytes,
809 "P2WPKH with wrong witness program length", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false
810 ).PushWitSig(keys.key0).Push(keys.pubkey0).AsWit().ScriptError(SCRIPT_ERR_WITNESS_PROGRAM_WRONG_LENGTH));
811 }
812 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
813 "P2WSH with empty witness", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false, WITNESS_SH
814 ).ScriptError(SCRIPT_ERR_WITNESS_PROGRAM_WITNESS_EMPTY));
815 {
816 CScript witscript = CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG;
817 tests.push_back(TestBuilder(witscript,
818 "P2WSH with witness program mismatch", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false, WITNESS_SH
819 ).PushWitSig(keys.key0).Push(witscript).DamagePush(0).AsWit().ScriptError(SCRIPT_ERR_WITNESS_PROGRAM_MISMATCH));
820 }
821 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0),
822 "P2WPKH with witness program mismatch", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false, WITNESS_PKH
823 ).PushWitSig(keys.key0).Push(keys.pubkey0).AsWit().Push("0").AsWit().ScriptError(SCRIPT_ERR_WITNESS_PROGRAM_MISMATCH));
824 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0),
825 "P2WPKH with non-empty scriptSig", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false, WITNESS_PKH
826 ).PushWitSig(keys.key0).Push(keys.pubkey0).AsWit().Num(11).ScriptError(SCRIPT_ERR_WITNESS_MALLEATED));
827 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1),
828 "P2SH(P2WPKH) with superfluous push in scriptSig", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, true, WITNESS_PKH
829 ).PushWitSig(keys.key0).Push(keys.pubkey1).AsWit().Num(11).PushRedeem().ScriptError(SCRIPT_ERR_WITNESS_MALLEATED_P2SH));
830 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
831 "P2PK with witness", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH
832 ).PushSig(keys.key0).Push("0").AsWit().ScriptError(SCRIPT_ERR_WITNESS_UNEXPECTED));
833
834 // Compressed keys should pass SCRIPT_VERIFY_WITNESS_PUBKEYTYPE
835 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0C) << OP_CHECKSIG,
836 "Basic P2WSH with compressed key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, false, WITNESS_SH,
837 0, 1).PushWitSig(keys.key0C).PushWitRedeem());
838 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0C),
839 "Basic P2WPKH with compressed key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, false, WITNESS_PKH,
840 0, 1).PushWitSig(keys.key0C).Push(keys.pubkey0C).AsWit());
841 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0C) << OP_CHECKSIG,
842 "Basic P2SH(P2WSH) with compressed key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, true, WITNESS_SH,
843 0, 1).PushWitSig(keys.key0C).PushWitRedeem().PushRedeem());
844 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0C),
845 "Basic P2SH(P2WPKH) with compressed key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, true, WITNESS_PKH,
846 0, 1).PushWitSig(keys.key0C).Push(keys.pubkey0C).AsWit().PushRedeem());
847
848 // Testing uncompressed key in witness with SCRIPT_VERIFY_WITNESS_PUBKEYTYPE
849 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
850 "Basic P2WSH", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, false, WITNESS_SH,
851 0, 1).PushWitSig(keys.key0).PushWitRedeem().ScriptError(SCRIPT_ERR_WITNESS_PUBKEYTYPE));
852 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0),
853 "Basic P2WPKH", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, false, WITNESS_PKH,
854 0, 1).PushWitSig(keys.key0).Push(keys.pubkey0).AsWit().ScriptError(SCRIPT_ERR_WITNESS_PUBKEYTYPE));
855 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
856 "Basic P2SH(P2WSH)", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, true, WITNESS_SH,
857 0, 1).PushWitSig(keys.key0).PushWitRedeem().PushRedeem().ScriptError(SCRIPT_ERR_WITNESS_PUBKEYTYPE));
858 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0),
859 "Basic P2SH(P2WPKH)", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, true, WITNESS_PKH,
860 0, 1).PushWitSig(keys.key0).Push(keys.pubkey0).AsWit().PushRedeem().ScriptError(SCRIPT_ERR_WITNESS_PUBKEYTYPE));
861
862 // P2WSH 1-of-2 multisig with compressed keys
863 tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey0C) << OP_2 << OP_CHECKMULTISIG,
864 "P2WSH CHECKMULTISIG with compressed keys", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, false, WITNESS_SH,
865 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key0C).PushWitRedeem());
866 tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey0C) << OP_2 << OP_CHECKMULTISIG,
867 "P2SH(P2WSH) CHECKMULTISIG with compressed keys", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, true, WITNESS_SH,
868 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key0C).PushWitRedeem().PushRedeem());
869 tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey0C) << OP_2 << OP_CHECKMULTISIG,
870 "P2WSH CHECKMULTISIG with compressed keys", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, false, WITNESS_SH,
871 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key1C).PushWitRedeem());
872 tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey0C) << OP_2 << OP_CHECKMULTISIG,
873 "P2SH(P2WSH) CHECKMULTISIG with compressed keys", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, true, WITNESS_SH,
874 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key1C).PushWitRedeem().PushRedeem());
875
876 // P2WSH 1-of-2 multisig with first key uncompressed
877 tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey0) << OP_2 << OP_CHECKMULTISIG,
878 "P2WSH CHECKMULTISIG with first key uncompressed and signing with the first key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false, WITNESS_SH,
879 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key0).PushWitRedeem());
880 tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey0) << OP_2 << OP_CHECKMULTISIG,
881 "P2SH(P2WSH) CHECKMULTISIG first key uncompressed and signing with the first key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, true, WITNESS_SH,
882 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key0).PushWitRedeem().PushRedeem());
883 tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey0) << OP_2 << OP_CHECKMULTISIG,
884 "P2WSH CHECKMULTISIG with first key uncompressed and signing with the first key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, false, WITNESS_SH,
885 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key0).PushWitRedeem().ScriptError(SCRIPT_ERR_WITNESS_PUBKEYTYPE));
886 tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey0) << OP_2 << OP_CHECKMULTISIG,
887 "P2SH(P2WSH) CHECKMULTISIG with first key uncompressed and signing with the first key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, true, WITNESS_SH,
888 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key0).PushWitRedeem().PushRedeem().ScriptError(SCRIPT_ERR_WITNESS_PUBKEYTYPE));
889 tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey0) << OP_2 << OP_CHECKMULTISIG,
890 "P2WSH CHECKMULTISIG with first key uncompressed and signing with the second key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false, WITNESS_SH,
891 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key1C).PushWitRedeem());
892 tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey0) << OP_2 << OP_CHECKMULTISIG,
893 "P2SH(P2WSH) CHECKMULTISIG with first key uncompressed and signing with the second key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, true, WITNESS_SH,
894 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key1C).PushWitRedeem().PushRedeem());
895 tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey0) << OP_2 << OP_CHECKMULTISIG,
896 "P2WSH CHECKMULTISIG with first key uncompressed and signing with the second key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, false, WITNESS_SH,
897 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key1C).PushWitRedeem().ScriptError(SCRIPT_ERR_WITNESS_PUBKEYTYPE));
898 tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey0) << OP_2 << OP_CHECKMULTISIG,
899 "P2SH(P2WSH) CHECKMULTISIG with first key uncompressed and signing with the second key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, true, WITNESS_SH,
900 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key1C).PushWitRedeem().PushRedeem().ScriptError(SCRIPT_ERR_WITNESS_PUBKEYTYPE));
901 // P2WSH 1-of-2 multisig with second key uncompressed
902 tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1) << ToByteVector(keys.pubkey0C) << OP_2 << OP_CHECKMULTISIG,
903 "P2WSH CHECKMULTISIG with second key uncompressed and signing with the first key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false, WITNESS_SH,
904 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key0C).PushWitRedeem());
905 tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1) << ToByteVector(keys.pubkey0C) << OP_2 << OP_CHECKMULTISIG,
906 "P2SH(P2WSH) CHECKMULTISIG second key uncompressed and signing with the first key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, true, WITNESS_SH,
907 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key0C).PushWitRedeem().PushRedeem());
908 tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1) << ToByteVector(keys.pubkey0C) << OP_2 << OP_CHECKMULTISIG,
909 "P2WSH CHECKMULTISIG with second key uncompressed and signing with the first key should pass as the uncompressed key is not used", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, false, WITNESS_SH,
910 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key0C).PushWitRedeem());
911 tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1) << ToByteVector(keys.pubkey0C) << OP_2 << OP_CHECKMULTISIG,
912 "P2SH(P2WSH) CHECKMULTISIG with second key uncompressed and signing with the first key should pass as the uncompressed key is not used", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, true, WITNESS_SH,
913 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key0C).PushWitRedeem().PushRedeem());
914 tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1) << ToByteVector(keys.pubkey0C) << OP_2 << OP_CHECKMULTISIG,
915 "P2WSH CHECKMULTISIG with second key uncompressed and signing with the second key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false, WITNESS_SH,
916 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key1).PushWitRedeem());
917 tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1) << ToByteVector(keys.pubkey0C) << OP_2 << OP_CHECKMULTISIG,
918 "P2SH(P2WSH) CHECKMULTISIG with second key uncompressed and signing with the second key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, true, WITNESS_SH,
919 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key1).PushWitRedeem().PushRedeem());
920 tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1) << ToByteVector(keys.pubkey0C) << OP_2 << OP_CHECKMULTISIG,
921 "P2WSH CHECKMULTISIG with second key uncompressed and signing with the second key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, false, WITNESS_SH,
922 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key1).PushWitRedeem().ScriptError(SCRIPT_ERR_WITNESS_PUBKEYTYPE));
923 tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1) << ToByteVector(keys.pubkey0C) << OP_2 << OP_CHECKMULTISIG,
924 "P2SH(P2WSH) CHECKMULTISIG with second key uncompressed and signing with the second key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, true, WITNESS_SH,
925 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key1).PushWitRedeem().PushRedeem().ScriptError(SCRIPT_ERR_WITNESS_PUBKEYTYPE));
926
927 std::set<std::string> tests_set;
928
929 {
930 UniValue json_tests = read_json(std::string(json_tests::script_tests, json_tests::script_tests + sizeof(json_tests::script_tests)));
931
932 for (unsigned int idx = 0; idx < json_tests.size(); idx++) {
933 const UniValue& tv = json_tests[idx];
934 tests_set.insert(JSONPrettyPrint(tv.get_array()));
935 }
936 }
937
938 std::string strGen;
939
940 for (TestBuilder& test : tests) {
941 test.Test();
942 std::string str = JSONPrettyPrint(test.GetJSON());
943 #ifndef UPDATE_JSON_TESTS
944 if (tests_set.count(str) == 0) {
945 BOOST_CHECK_MESSAGE(false, "Missing auto script_valid test: " + test.GetComment());
946 }
947 #endif
948 strGen += str + ",\n";
949 }
950
951 #ifdef UPDATE_JSON_TESTS
952 FILE* file = fopen("script_tests.json.gen", "w");
953 fputs(strGen.c_str(), file);
954 fclose(file);
955 #endif
956 }
957
958 BOOST_AUTO_TEST_CASE(script_json_test)
959 {
960 // Read tests from test/data/script_tests.json
961 // Format is an array of arrays
962 // Inner arrays are [ ["wit"..., nValue]?, "scriptSig", "scriptPubKey", "flags", "expected_scripterror" ]
963 // ... where scriptSig and scriptPubKey are stringified
964 // scripts.
965 // If a witness is given, then the last value in the array should be the
966 // amount (nValue) to use in the crediting tx
967 UniValue tests = read_json(std::string(json_tests::script_tests, json_tests::script_tests + sizeof(json_tests::script_tests)));
968
969 for (unsigned int idx = 0; idx < tests.size(); idx++) {
970 UniValue test = tests[idx];
971 std::string strTest = test.write();
972 CScriptWitness witness;
973 CAmount nValue = 0;
974 unsigned int pos = 0;
975 if (test.size() > 0 && test[pos].isArray()) {
976 unsigned int i=0;
977 for (i = 0; i < test[pos].size()-1; i++) {
978 witness.stack.push_back(ParseHex(test[pos][i].get_str()));
979 }
980 nValue = AmountFromValue(test[pos][i]);
981 pos++;
982 }
983 if (test.size() < 4 + pos) // Allow size > 3; extra stuff ignored (useful for comments)
984 {
985 if (test.size() != 1) {
986 BOOST_ERROR("Bad test: " << strTest);
987 }
988 continue;
989 }
990 std::string scriptSigString = test[pos++].get_str();
991 CScript scriptSig = ParseScript(scriptSigString);
992 std::string scriptPubKeyString = test[pos++].get_str();
993 CScript scriptPubKey = ParseScript(scriptPubKeyString);
994 unsigned int scriptflags = ParseScriptFlags(test[pos++].get_str());
995 int scriptError = ParseScriptError(test[pos++].get_str());
996
997 DoTest(scriptPubKey, scriptSig, witness, scriptflags, strTest, scriptError, nValue);
998 }
999 }
1000
1001 BOOST_AUTO_TEST_CASE(script_PushData)
1002 {
1003 // Check that PUSHDATA1, PUSHDATA2, and PUSHDATA4 create the same value on
1004 // the stack as the 1-75 opcodes do.
1005 static const unsigned char direct[] = { 1, 0x5a };
1006 static const unsigned char pushdata1[] = { OP_PUSHDATA1, 1, 0x5a };
1007 static const unsigned char pushdata2[] = { OP_PUSHDATA2, 1, 0, 0x5a };
1008 static const unsigned char pushdata4[] = { OP_PUSHDATA4, 1, 0, 0, 0, 0x5a };
1009
1010 ScriptError err;
1011 std::vector<std::vector<unsigned char> > directStack;
1012 BOOST_CHECK(EvalScript(directStack, CScript(&direct[0], &direct[sizeof(direct)]), SCRIPT_VERIFY_P2SH, BaseSignatureChecker(), SIGVERSION_BASE, &err));
1013 BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
1014
1015 std::vector<std::vector<unsigned char> > pushdata1Stack;
1016 BOOST_CHECK(EvalScript(pushdata1Stack, CScript(&pushdata1[0], &pushdata1[sizeof(pushdata1)]), SCRIPT_VERIFY_P2SH, BaseSignatureChecker(), SIGVERSION_BASE, &err));
1017 BOOST_CHECK(pushdata1Stack == directStack);
1018 BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
1019
1020 std::vector<std::vector<unsigned char> > pushdata2Stack;
1021 BOOST_CHECK(EvalScript(pushdata2Stack, CScript(&pushdata2[0], &pushdata2[sizeof(pushdata2)]), SCRIPT_VERIFY_P2SH, BaseSignatureChecker(), SIGVERSION_BASE, &err));
1022 BOOST_CHECK(pushdata2Stack == directStack);
1023 BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
1024
1025 std::vector<std::vector<unsigned char> > pushdata4Stack;
1026 BOOST_CHECK(EvalScript(pushdata4Stack, CScript(&pushdata4[0], &pushdata4[sizeof(pushdata4)]), SCRIPT_VERIFY_P2SH, BaseSignatureChecker(), SIGVERSION_BASE, &err));
1027 BOOST_CHECK(pushdata4Stack == directStack);
1028 BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
1029 }
1030
1031 CScript
1032 sign_multisig(CScript scriptPubKey, std::vector<CKey> keys, CTransaction transaction)
1033 {
1034 uint256 hash = SignatureHash(scriptPubKey, transaction, 0, SIGHASH_ALL, 0, SIGVERSION_BASE);
1035
1036 CScript result;
1037 //
1038 // NOTE: CHECKMULTISIG has an unfortunate bug; it requires
1039 // one extra item on the stack, before the signatures.
1040 // Putting OP_0 on the stack is the workaround;
1041 // fixing the bug would mean splitting the block chain (old
1042 // clients would not accept new CHECKMULTISIG transactions,
1043 // and vice-versa)
1044 //
1045 result << OP_0;
1046 for (const CKey &key : keys)
1047 {
1048 std::vector<unsigned char> vchSig;
1049 BOOST_CHECK(key.Sign(hash, vchSig));
1050 vchSig.push_back((unsigned char)SIGHASH_ALL);
1051 result << vchSig;
1052 }
1053 return result;
1054 }
1055 CScript
1056 sign_multisig(CScript scriptPubKey, const CKey &key, CTransaction transaction)
1057 {
1058 std::vector<CKey> keys;
1059 keys.push_back(key);
1060 return sign_multisig(scriptPubKey, keys, transaction);
1061 }
1062
1063 BOOST_AUTO_TEST_CASE(script_CHECKMULTISIG12)
1064 {
1065 ScriptError err;
1066 CKey key1, key2, key3;
1067 key1.MakeNewKey(true);
1068 key2.MakeNewKey(false);
1069 key3.MakeNewKey(true);
1070
1071 CScript scriptPubKey12;
1072 scriptPubKey12 << OP_1 << ToByteVector(key1.GetPubKey()) << ToByteVector(key2.GetPubKey()) << OP_2 << OP_CHECKMULTISIG;
1073
1074 CMutableTransaction txFrom12 = BuildCreditingTransaction(scriptPubKey12);
1075 CMutableTransaction txTo12 = BuildSpendingTransaction(CScript(), CScriptWitness(), txFrom12);
1076
1077 CScript goodsig1 = sign_multisig(scriptPubKey12, key1, txTo12);
1078 BOOST_CHECK(VerifyScript(goodsig1, scriptPubKey12, nullptr, gFlags, MutableTransactionSignatureChecker(&txTo12, 0, txFrom12.vout[0].nValue), &err));
1079 BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
1080 txTo12.vout[0].nValue = 2;
1081 BOOST_CHECK(!VerifyScript(goodsig1, scriptPubKey12, nullptr, gFlags, MutableTransactionSignatureChecker(&txTo12, 0, txFrom12.vout[0].nValue), &err));
1082 BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_EVAL_FALSE, ScriptErrorString(err));
1083
1084 CScript goodsig2 = sign_multisig(scriptPubKey12, key2, txTo12);
1085 BOOST_CHECK(VerifyScript(goodsig2, scriptPubKey12, nullptr, gFlags, MutableTransactionSignatureChecker(&txTo12, 0, txFrom12.vout[0].nValue), &err));
1086 BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
1087
1088 CScript badsig1 = sign_multisig(scriptPubKey12, key3, txTo12);
1089 BOOST_CHECK(!VerifyScript(badsig1, scriptPubKey12, nullptr, gFlags, MutableTransactionSignatureChecker(&txTo12, 0, txFrom12.vout[0].nValue), &err));
1090 BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_EVAL_FALSE, ScriptErrorString(err));
1091 }
1092
1093 BOOST_AUTO_TEST_CASE(script_CHECKMULTISIG23)
1094 {
1095 ScriptError err;
1096 CKey key1, key2, key3, key4;
1097 key1.MakeNewKey(true);
1098 key2.MakeNewKey(false);
1099 key3.MakeNewKey(true);
1100 key4.MakeNewKey(false);
1101
1102 CScript scriptPubKey23;
1103 scriptPubKey23 << OP_2 << ToByteVector(key1.GetPubKey()) << ToByteVector(key2.GetPubKey()) << ToByteVector(key3.GetPubKey()) << OP_3 << OP_CHECKMULTISIG;
1104
1105 CMutableTransaction txFrom23 = BuildCreditingTransaction(scriptPubKey23);
1106 CMutableTransaction txTo23 = BuildSpendingTransaction(CScript(), CScriptWitness(), txFrom23);
1107
1108 std::vector<CKey> keys;
1109 keys.push_back(key1); keys.push_back(key2);
1110 CScript goodsig1 = sign_multisig(scriptPubKey23, keys, txTo23);
1111 BOOST_CHECK(VerifyScript(goodsig1, scriptPubKey23, nullptr, gFlags, MutableTransactionSignatureChecker(&txTo23, 0, txFrom23.vout[0].nValue), &err));
1112 BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
1113
1114 keys.clear();
1115 keys.push_back(key1); keys.push_back(key3);
1116 CScript goodsig2 = sign_multisig(scriptPubKey23, keys, txTo23);
1117 BOOST_CHECK(VerifyScript(goodsig2, scriptPubKey23, nullptr, gFlags, MutableTransactionSignatureChecker(&txTo23, 0, txFrom23.vout[0].nValue), &err));
1118 BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
1119
1120 keys.clear();
1121 keys.push_back(key2); keys.push_back(key3);
1122 CScript goodsig3 = sign_multisig(scriptPubKey23, keys, txTo23);
1123 BOOST_CHECK(VerifyScript(goodsig3, scriptPubKey23, nullptr, gFlags, MutableTransactionSignatureChecker(&txTo23, 0, txFrom23.vout[0].nValue), &err));
1124 BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
1125
1126 keys.clear();
1127 keys.push_back(key2); keys.push_back(key2); // Can't re-use sig
1128 CScript badsig1 = sign_multisig(scriptPubKey23, keys, txTo23);
1129 BOOST_CHECK(!VerifyScript(badsig1, scriptPubKey23, nullptr, gFlags, MutableTransactionSignatureChecker(&txTo23, 0, txFrom23.vout[0].nValue), &err));
1130 BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_EVAL_FALSE, ScriptErrorString(err));
1131
1132 keys.clear();
1133 keys.push_back(key2); keys.push_back(key1); // sigs must be in correct order
1134 CScript badsig2 = sign_multisig(scriptPubKey23, keys, txTo23);
1135 BOOST_CHECK(!VerifyScript(badsig2, scriptPubKey23, nullptr, gFlags, MutableTransactionSignatureChecker(&txTo23, 0, txFrom23.vout[0].nValue), &err));
1136 BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_EVAL_FALSE, ScriptErrorString(err));
1137
1138 keys.clear();
1139 keys.push_back(key3); keys.push_back(key2); // sigs must be in correct order
1140 CScript badsig3 = sign_multisig(scriptPubKey23, keys, txTo23);
1141 BOOST_CHECK(!VerifyScript(badsig3, scriptPubKey23, nullptr, gFlags, MutableTransactionSignatureChecker(&txTo23, 0, txFrom23.vout[0].nValue), &err));
1142 BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_EVAL_FALSE, ScriptErrorString(err));
1143
1144 keys.clear();
1145 keys.push_back(key4); keys.push_back(key2); // sigs must match pubkeys
1146 CScript badsig4 = sign_multisig(scriptPubKey23, keys, txTo23);
1147 BOOST_CHECK(!VerifyScript(badsig4, scriptPubKey23, nullptr, gFlags, MutableTransactionSignatureChecker(&txTo23, 0, txFrom23.vout[0].nValue), &err));
1148 BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_EVAL_FALSE, ScriptErrorString(err));
1149
1150 keys.clear();
1151 keys.push_back(key1); keys.push_back(key4); // sigs must match pubkeys
1152 CScript badsig5 = sign_multisig(scriptPubKey23, keys, txTo23);
1153 BOOST_CHECK(!VerifyScript(badsig5, scriptPubKey23, nullptr, gFlags, MutableTransactionSignatureChecker(&txTo23, 0, txFrom23.vout[0].nValue), &err));
1154 BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_EVAL_FALSE, ScriptErrorString(err));
1155
1156 keys.clear(); // Must have signatures
1157 CScript badsig6 = sign_multisig(scriptPubKey23, keys, txTo23);
1158 BOOST_CHECK(!VerifyScript(badsig6, scriptPubKey23, nullptr, gFlags, MutableTransactionSignatureChecker(&txTo23, 0, txFrom23.vout[0].nValue), &err));
1159 BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_INVALID_STACK_OPERATION, ScriptErrorString(err));
1160 }
1161
1162 BOOST_AUTO_TEST_CASE(script_combineSigs)
1163 {
1164 // Test the CombineSignatures function
1165 CAmount amount = 0;
1166 CBasicKeyStore keystore;
1167 std::vector<CKey> keys;
1168 std::vector<CPubKey> pubkeys;
1169 for (int i = 0; i < 3; i++)
1170 {
1171 CKey key;
1172 key.MakeNewKey(i%2 == 1);
1173 keys.push_back(key);
1174 pubkeys.push_back(key.GetPubKey());
1175 keystore.AddKey(key);
1176 }
1177
1178 CMutableTransaction txFrom = BuildCreditingTransaction(GetScriptForDestination(keys[0].GetPubKey().GetID()));
1179 CMutableTransaction txTo = BuildSpendingTransaction(CScript(), CScriptWitness(), txFrom);
1180 CScript& scriptPubKey = txFrom.vout[0].scriptPubKey;
1181 CScript& scriptSig = txTo.vin[0].scriptSig;
1182
1183 SignatureData empty;
1184 SignatureData combined = CombineSignatures(scriptPubKey, MutableTransactionSignatureChecker(&txTo, 0, amount), empty, empty);
1185 BOOST_CHECK(combined.scriptSig.empty());
1186
1187 // Single signature case:
1188 SignSignature(keystore, txFrom, txTo, 0, SIGHASH_ALL); // changes scriptSig
1189 combined = CombineSignatures(scriptPubKey, MutableTransactionSignatureChecker(&txTo, 0, amount), SignatureData(scriptSig), empty);
1190 BOOST_CHECK(combined.scriptSig == scriptSig);
1191 combined = CombineSignatures(scriptPubKey, MutableTransactionSignatureChecker(&txTo, 0, amount), empty, SignatureData(scriptSig));
1192 BOOST_CHECK(combined.scriptSig == scriptSig);
1193 CScript scriptSigCopy = scriptSig;
1194 // Signing again will give a different, valid signature:
1195 SignSignature(keystore, txFrom, txTo, 0, SIGHASH_ALL);
1196 combined = CombineSignatures(scriptPubKey, MutableTransactionSignatureChecker(&txTo, 0, amount), SignatureData(scriptSigCopy), SignatureData(scriptSig));
1197 BOOST_CHECK(combined.scriptSig == scriptSigCopy || combined.scriptSig == scriptSig);
1198
1199 // P2SH, single-signature case:
1200 CScript pkSingle; pkSingle << ToByteVector(keys[0].GetPubKey()) << OP_CHECKSIG;
1201 keystore.AddCScript(pkSingle);
1202 scriptPubKey = GetScriptForDestination(CScriptID(pkSingle));
1203 SignSignature(keystore, txFrom, txTo, 0, SIGHASH_ALL);
1204 combined = CombineSignatures(scriptPubKey, MutableTransactionSignatureChecker(&txTo, 0, amount), SignatureData(scriptSig), empty);
1205 BOOST_CHECK(combined.scriptSig == scriptSig);
1206 combined = CombineSignatures(scriptPubKey, MutableTransactionSignatureChecker(&txTo, 0, amount), empty, SignatureData(scriptSig));
1207 BOOST_CHECK(combined.scriptSig == scriptSig);
1208 scriptSigCopy = scriptSig;
1209 SignSignature(keystore, txFrom, txTo, 0, SIGHASH_ALL);
1210 combined = CombineSignatures(scriptPubKey, MutableTransactionSignatureChecker(&txTo, 0, amount), SignatureData(scriptSigCopy), SignatureData(scriptSig));
1211 BOOST_CHECK(combined.scriptSig == scriptSigCopy || combined.scriptSig == scriptSig);
1212 // dummy scriptSigCopy with placeholder, should always choose non-placeholder:
1213 scriptSigCopy = CScript() << OP_0 << std::vector<unsigned char>(pkSingle.begin(), pkSingle.end());
1214 combined = CombineSignatures(scriptPubKey, MutableTransactionSignatureChecker(&txTo, 0, amount), SignatureData(scriptSigCopy), SignatureData(scriptSig));
1215 BOOST_CHECK(combined.scriptSig == scriptSig);
1216 combined = CombineSignatures(scriptPubKey, MutableTransactionSignatureChecker(&txTo, 0, amount), SignatureData(scriptSig), SignatureData(scriptSigCopy));
1217 BOOST_CHECK(combined.scriptSig == scriptSig);
1218
1219 // Hardest case: Multisig 2-of-3
1220 scriptPubKey = GetScriptForMultisig(2, pubkeys);
1221 keystore.AddCScript(scriptPubKey);
1222 SignSignature(keystore, txFrom, txTo, 0, SIGHASH_ALL);
1223 combined = CombineSignatures(scriptPubKey, MutableTransactionSignatureChecker(&txTo, 0, amount), SignatureData(scriptSig), empty);
1224 BOOST_CHECK(combined.scriptSig == scriptSig);
1225 combined = CombineSignatures(scriptPubKey, MutableTransactionSignatureChecker(&txTo, 0, amount), empty, SignatureData(scriptSig));
1226 BOOST_CHECK(combined.scriptSig == scriptSig);
1227
1228 // A couple of partially-signed versions:
1229 std::vector<unsigned char> sig1;
1230 uint256 hash1 = SignatureHash(scriptPubKey, txTo, 0, SIGHASH_ALL, 0, SIGVERSION_BASE);
1231 BOOST_CHECK(keys[0].Sign(hash1, sig1));
1232 sig1.push_back(SIGHASH_ALL);
1233 std::vector<unsigned char> sig2;
1234 uint256 hash2 = SignatureHash(scriptPubKey, txTo, 0, SIGHASH_NONE, 0, SIGVERSION_BASE);
1235 BOOST_CHECK(keys[1].Sign(hash2, sig2));
1236 sig2.push_back(SIGHASH_NONE);
1237 std::vector<unsigned char> sig3;
1238 uint256 hash3 = SignatureHash(scriptPubKey, txTo, 0, SIGHASH_SINGLE, 0, SIGVERSION_BASE);
1239 BOOST_CHECK(keys[2].Sign(hash3, sig3));
1240 sig3.push_back(SIGHASH_SINGLE);
1241
1242 // Not fussy about order (or even existence) of placeholders or signatures:
1243 CScript partial1a = CScript() << OP_0 << sig1 << OP_0;
1244 CScript partial1b = CScript() << OP_0 << OP_0 << sig1;
1245 CScript partial2a = CScript() << OP_0 << sig2;
1246 CScript partial2b = CScript() << sig2 << OP_0;
1247 CScript partial3a = CScript() << sig3;
1248 CScript partial3b = CScript() << OP_0 << OP_0 << sig3;
1249 CScript partial3c = CScript() << OP_0 << sig3 << OP_0;
1250 CScript complete12 = CScript() << OP_0 << sig1 << sig2;
1251 CScript complete13 = CScript() << OP_0 << sig1 << sig3;
1252 CScript complete23 = CScript() << OP_0 << sig2 << sig3;
1253
1254 combined = CombineSignatures(scriptPubKey, MutableTransactionSignatureChecker(&txTo, 0, amount), SignatureData(partial1a), SignatureData(partial1b));
1255 BOOST_CHECK(combined.scriptSig == partial1a);
1256 combined = CombineSignatures(scriptPubKey, MutableTransactionSignatureChecker(&txTo, 0, amount), SignatureData(partial1a), SignatureData(partial2a));
1257 BOOST_CHECK(combined.scriptSig == complete12);
1258 combined = CombineSignatures(scriptPubKey, MutableTransactionSignatureChecker(&txTo, 0, amount), SignatureData(partial2a), SignatureData(partial1a));
1259 BOOST_CHECK(combined.scriptSig == complete12);
1260 combined = CombineSignatures(scriptPubKey, MutableTransactionSignatureChecker(&txTo, 0, amount), SignatureData(partial1b), SignatureData(partial2b));
1261 BOOST_CHECK(combined.scriptSig == complete12);
1262 combined = CombineSignatures(scriptPubKey, MutableTransactionSignatureChecker(&txTo, 0, amount), SignatureData(partial3b), SignatureData(partial1b));
1263 BOOST_CHECK(combined.scriptSig == complete13);
1264 combined = CombineSignatures(scriptPubKey, MutableTransactionSignatureChecker(&txTo, 0, amount), SignatureData(partial2a), SignatureData(partial3a));
1265 BOOST_CHECK(combined.scriptSig == complete23);
1266 combined = CombineSignatures(scriptPubKey, MutableTransactionSignatureChecker(&txTo, 0, amount), SignatureData(partial3b), SignatureData(partial2b));
1267 BOOST_CHECK(combined.scriptSig == complete23);
1268 combined = CombineSignatures(scriptPubKey, MutableTransactionSignatureChecker(&txTo, 0, amount), SignatureData(partial3b), SignatureData(partial3a));
1269 BOOST_CHECK(combined.scriptSig == partial3c);
1270 }
1271
1272 BOOST_AUTO_TEST_CASE(script_standard_push)
1273 {
1274 ScriptError err;
1275 for (int i=0; i<67000; i++) {
1276 CScript script;
1277 script << i;
1278 BOOST_CHECK_MESSAGE(script.IsPushOnly(), "Number " << i << " is not pure push.");
1279 BOOST_CHECK_MESSAGE(VerifyScript(script, CScript() << OP_1, nullptr, SCRIPT_VERIFY_MINIMALDATA, BaseSignatureChecker(), &err), "Number " << i << " push is not minimal data.");
1280 BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
1281 }
1282
1283 for (unsigned int i=0; i<=MAX_SCRIPT_ELEMENT_SIZE; i++) {
1284 std::vector<unsigned char> data(i, '\111');
1285 CScript script;
1286 script << data;
1287 BOOST_CHECK_MESSAGE(script.IsPushOnly(), "Length " << i << " is not pure push.");
1288 BOOST_CHECK_MESSAGE(VerifyScript(script, CScript() << OP_1, nullptr, SCRIPT_VERIFY_MINIMALDATA, BaseSignatureChecker(), &err), "Length " << i << " push is not minimal data.");
1289 BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
1290 }
1291 }
1292
1293 BOOST_AUTO_TEST_CASE(script_IsPushOnly_on_invalid_scripts)
1294 {
1295 // IsPushOnly returns false when given a script containing only pushes that
1296 // are invalid due to truncation. IsPushOnly() is consensus critical
1297 // because P2SH evaluation uses it, although this specific behavior should
1298 // not be consensus critical as the P2SH evaluation would fail first due to
1299 // the invalid push. Still, it doesn't hurt to test it explicitly.
1300 static const unsigned char direct[] = { 1 };
1301 BOOST_CHECK(!CScript(direct, direct+sizeof(direct)).IsPushOnly());
1302 }
1303
1304 BOOST_AUTO_TEST_CASE(script_GetScriptAsm)
1305 {
1306 BOOST_CHECK_EQUAL("OP_CHECKLOCKTIMEVERIFY", ScriptToAsmStr(CScript() << OP_NOP2, true));
1307 BOOST_CHECK_EQUAL("OP_CHECKLOCKTIMEVERIFY", ScriptToAsmStr(CScript() << OP_CHECKLOCKTIMEVERIFY, true));
1308 BOOST_CHECK_EQUAL("OP_CHECKLOCKTIMEVERIFY", ScriptToAsmStr(CScript() << OP_NOP2));
1309 BOOST_CHECK_EQUAL("OP_CHECKLOCKTIMEVERIFY", ScriptToAsmStr(CScript() << OP_CHECKLOCKTIMEVERIFY));
1310
1311 std::string derSig("304502207fa7a6d1e0ee81132a269ad84e68d695483745cde8b541e3bf630749894e342a022100c1f7ab20e13e22fb95281a870f3dcf38d782e53023ee313d741ad0cfbc0c5090");
1312 std::string pubKey("03b0da749730dc9b4b1f4a14d6902877a92541f5368778853d9c4a0cb7802dcfb2");
1313 std::vector<unsigned char> vchPubKey = ToByteVector(ParseHex(pubKey));
1314
1315 BOOST_CHECK_EQUAL(derSig + "00 " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "00")) << vchPubKey, true));
1316 BOOST_CHECK_EQUAL(derSig + "80 " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "80")) << vchPubKey, true));
1317 BOOST_CHECK_EQUAL(derSig + "[ALL] " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "01")) << vchPubKey, true));
1318 BOOST_CHECK_EQUAL(derSig + "[NONE] " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "02")) << vchPubKey, true));
1319 BOOST_CHECK_EQUAL(derSig + "[SINGLE] " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "03")) << vchPubKey, true));
1320 BOOST_CHECK_EQUAL(derSig + "[ALL|ANYONECANPAY] " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "81")) << vchPubKey, true));
1321 BOOST_CHECK_EQUAL(derSig + "[NONE|ANYONECANPAY] " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "82")) << vchPubKey, true));
1322 BOOST_CHECK_EQUAL(derSig + "[SINGLE|ANYONECANPAY] " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "83")) << vchPubKey, true));
1323
1324 BOOST_CHECK_EQUAL(derSig + "00 " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "00")) << vchPubKey));
1325 BOOST_CHECK_EQUAL(derSig + "80 " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "80")) << vchPubKey));
1326 BOOST_CHECK_EQUAL(derSig + "01 " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "01")) << vchPubKey));
1327 BOOST_CHECK_EQUAL(derSig + "02 " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "02")) << vchPubKey));
1328 BOOST_CHECK_EQUAL(derSig + "03 " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "03")) << vchPubKey));
1329 BOOST_CHECK_EQUAL(derSig + "81 " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "81")) << vchPubKey));
1330 BOOST_CHECK_EQUAL(derSig + "82 " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "82")) << vchPubKey));
1331 BOOST_CHECK_EQUAL(derSig + "83 " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "83")) << vchPubKey));
1332 }
1333
1334 static CScript
1335 ScriptFromHex(const char* hex)
1336 {
1337 std::vector<unsigned char> data = ParseHex(hex);
1338 return CScript(data.begin(), data.end());
1339 }
1340
1341
1342 BOOST_AUTO_TEST_CASE(script_FindAndDelete)
1343 {
1344 // Exercise the FindAndDelete functionality
1345 CScript s;
1346 CScript d;
1347 CScript expect;
1348
1349 s = CScript() << OP_1 << OP_2;
1350 d = CScript(); // delete nothing should be a no-op
1351 expect = s;
1352 BOOST_CHECK_EQUAL(s.FindAndDelete(d), 0);
1353 BOOST_CHECK(s == expect);
1354
1355 s = CScript() << OP_1 << OP_2 << OP_3;
1356 d = CScript() << OP_2;
1357 expect = CScript() << OP_1 << OP_3;
1358 BOOST_CHECK_EQUAL(s.FindAndDelete(d), 1);
1359 BOOST_CHECK(s == expect);
1360
1361 s = CScript() << OP_3 << OP_1 << OP_3 << OP_3 << OP_4 << OP_3;
1362 d = CScript() << OP_3;
1363 expect = CScript() << OP_1 << OP_4;
1364 BOOST_CHECK_EQUAL(s.FindAndDelete(d), 4);
1365 BOOST_CHECK(s == expect);
1366
1367 s = ScriptFromHex("0302ff03"); // PUSH 0x02ff03 onto stack
1368 d = ScriptFromHex("0302ff03");
1369 expect = CScript();
1370 BOOST_CHECK_EQUAL(s.FindAndDelete(d), 1);
1371 BOOST_CHECK(s == expect);
1372
1373 s = ScriptFromHex("0302ff030302ff03"); // PUSH 0x2ff03 PUSH 0x2ff03
1374 d = ScriptFromHex("0302ff03");
1375 expect = CScript();
1376 BOOST_CHECK_EQUAL(s.FindAndDelete(d), 2);
1377 BOOST_CHECK(s == expect);
1378
1379 s = ScriptFromHex("0302ff030302ff03");
1380 d = ScriptFromHex("02");
1381 expect = s; // FindAndDelete matches entire opcodes
1382 BOOST_CHECK_EQUAL(s.FindAndDelete(d), 0);
1383 BOOST_CHECK(s == expect);
1384
1385 s = ScriptFromHex("0302ff030302ff03");
1386 d = ScriptFromHex("ff");
1387 expect = s;
1388 BOOST_CHECK_EQUAL(s.FindAndDelete(d), 0);
1389 BOOST_CHECK(s == expect);
1390
1391 // This is an odd edge case: strip of the push-three-bytes
1392 // prefix, leaving 02ff03 which is push-two-bytes:
1393 s = ScriptFromHex("0302ff030302ff03");
1394 d = ScriptFromHex("03");
1395 expect = CScript() << ParseHex("ff03") << ParseHex("ff03");
1396 BOOST_CHECK_EQUAL(s.FindAndDelete(d), 2);
1397 BOOST_CHECK(s == expect);
1398
1399 // Byte sequence that spans multiple opcodes:
1400 s = ScriptFromHex("02feed5169"); // PUSH(0xfeed) OP_1 OP_VERIFY
1401 d = ScriptFromHex("feed51");
1402 expect = s;
1403 BOOST_CHECK_EQUAL(s.FindAndDelete(d), 0); // doesn't match 'inside' opcodes
1404 BOOST_CHECK(s == expect);
1405
1406 s = ScriptFromHex("02feed5169"); // PUSH(0xfeed) OP_1 OP_VERIFY
1407 d = ScriptFromHex("02feed51");
1408 expect = ScriptFromHex("69");
1409 BOOST_CHECK_EQUAL(s.FindAndDelete(d), 1);
1410 BOOST_CHECK(s == expect);
1411
1412 s = ScriptFromHex("516902feed5169");
1413 d = ScriptFromHex("feed51");
1414 expect = s;
1415 BOOST_CHECK_EQUAL(s.FindAndDelete(d), 0);
1416 BOOST_CHECK(s == expect);
1417
1418 s = ScriptFromHex("516902feed5169");
1419 d = ScriptFromHex("02feed51");
1420 expect = ScriptFromHex("516969");
1421 BOOST_CHECK_EQUAL(s.FindAndDelete(d), 1);
1422 BOOST_CHECK(s == expect);
1423
1424 s = CScript() << OP_0 << OP_0 << OP_1 << OP_1;
1425 d = CScript() << OP_0 << OP_1;
1426 expect = CScript() << OP_0 << OP_1; // FindAndDelete is single-pass
1427 BOOST_CHECK_EQUAL(s.FindAndDelete(d), 1);
1428 BOOST_CHECK(s == expect);
1429
1430 s = CScript() << OP_0 << OP_0 << OP_1 << OP_0 << OP_1 << OP_1;
1431 d = CScript() << OP_0 << OP_1;
1432 expect = CScript() << OP_0 << OP_1; // FindAndDelete is single-pass
1433 BOOST_CHECK_EQUAL(s.FindAndDelete(d), 2);
1434 BOOST_CHECK(s == expect);
1435
1436 // Another weird edge case:
1437 // End with invalid push (not enough data)...
1438 s = ScriptFromHex("0003feed");
1439 d = ScriptFromHex("03feed"); // ... can remove the invalid push
1440 expect = ScriptFromHex("00");
1441 BOOST_CHECK_EQUAL(s.FindAndDelete(d), 1);
1442 BOOST_CHECK(s == expect);
1443
1444 s = ScriptFromHex("0003feed");
1445 d = ScriptFromHex("00");
1446 expect = ScriptFromHex("03feed");
1447 BOOST_CHECK_EQUAL(s.FindAndDelete(d), 1);
1448 BOOST_CHECK(s == expect);
1449 }
1450
1451 BOOST_AUTO_TEST_CASE(script_HasValidOps)
1452 {
1453 // Exercise the HasValidOps functionality
1454 CScript script;
1455 script = ScriptFromHex("76a9141234567890abcdefa1a2a3a4a5a6a7a8a9a0aaab88ac"); // Normal script
1456 BOOST_CHECK(script.HasValidOps());
1457 script = ScriptFromHex("76a914ff34567890abcdefa1a2a3a4a5a6a7a8a9a0aaab88ac");
1458 BOOST_CHECK(script.HasValidOps());
1459 script = ScriptFromHex("ff88ac"); // Script with OP_INVALIDOPCODE explicit
1460 BOOST_CHECK(!script.HasValidOps());
1461 script = ScriptFromHex("88acc0"); // Script with undefined opcode
1462 BOOST_CHECK(!script.HasValidOps());
1463 }
1464
1465 BOOST_AUTO_TEST_CASE(script_can_append_self)
1466 {
1467 CScript s, d;
1468
1469 s = ScriptFromHex("00");
1470 s += s;
1471 d = ScriptFromHex("0000");
1472 BOOST_CHECK(s == d);
1473
1474 // check doubling a script that's large enough to require reallocation
1475 static const char hex[] = "04678afdb0fe5548271967f1a67130b7105cd6a828e03909a67962e0ea1f61deb649f6bc3f4cef38c4f35504e51ec112de5c384df7ba0b8d578a4c702b6bf11d5f";
1476 s = CScript() << ParseHex(hex) << OP_CHECKSIG;
1477 d = CScript() << ParseHex(hex) << OP_CHECKSIG << ParseHex(hex) << OP_CHECKSIG;
1478 s += s;
1479 BOOST_CHECK(s == d);
1480 }
1481
1482 BOOST_AUTO_TEST_SUITE_END()