1 // Copyright (c) 2011-2017 The Bitcoin Core developers
2 // Distributed under the MIT software license, see the accompanying
3 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
5 #include <test/data/script_tests.json.h>
10 #include <script/script.h>
11 #include <script/script_error.h>
12 #include <script/sign.h>
14 #include <utilstrencodings.h>
15 #include <test/test_bitcoin.h>
16 #include <rpc/server.h>
18 #if defined(HAVE_CONSENSUS_LIB)
19 #include <script/bitcoinconsensus.h>
27 #include <boost/test/unit_test.hpp>
31 // Uncomment if you want to output updated JSON tests.
32 // #define UPDATE_JSON_TESTS
34 static const unsigned int gFlags
= SCRIPT_VERIFY_P2SH
| SCRIPT_VERIFY_STRICTENC
;
36 unsigned int ParseScriptFlags(std::string strFlags
);
37 std::string
FormatScriptFlags(unsigned int flags
);
40 read_json(const std::string
& jsondata
)
44 if (!v
.read(jsondata
) || !v
.isArray())
46 BOOST_ERROR("Parse error.");
47 return UniValue(UniValue::VARR
);
52 struct ScriptErrorDesc
58 static ScriptErrorDesc script_errors
[]={
59 {SCRIPT_ERR_OK
, "OK"},
60 {SCRIPT_ERR_UNKNOWN_ERROR
, "UNKNOWN_ERROR"},
61 {SCRIPT_ERR_EVAL_FALSE
, "EVAL_FALSE"},
62 {SCRIPT_ERR_OP_RETURN
, "OP_RETURN"},
63 {SCRIPT_ERR_SCRIPT_SIZE
, "SCRIPT_SIZE"},
64 {SCRIPT_ERR_PUSH_SIZE
, "PUSH_SIZE"},
65 {SCRIPT_ERR_OP_COUNT
, "OP_COUNT"},
66 {SCRIPT_ERR_STACK_SIZE
, "STACK_SIZE"},
67 {SCRIPT_ERR_SIG_COUNT
, "SIG_COUNT"},
68 {SCRIPT_ERR_PUBKEY_COUNT
, "PUBKEY_COUNT"},
69 {SCRIPT_ERR_VERIFY
, "VERIFY"},
70 {SCRIPT_ERR_EQUALVERIFY
, "EQUALVERIFY"},
71 {SCRIPT_ERR_CHECKMULTISIGVERIFY
, "CHECKMULTISIGVERIFY"},
72 {SCRIPT_ERR_CHECKSIGVERIFY
, "CHECKSIGVERIFY"},
73 {SCRIPT_ERR_NUMEQUALVERIFY
, "NUMEQUALVERIFY"},
74 {SCRIPT_ERR_BAD_OPCODE
, "BAD_OPCODE"},
75 {SCRIPT_ERR_DISABLED_OPCODE
, "DISABLED_OPCODE"},
76 {SCRIPT_ERR_INVALID_STACK_OPERATION
, "INVALID_STACK_OPERATION"},
77 {SCRIPT_ERR_INVALID_ALTSTACK_OPERATION
, "INVALID_ALTSTACK_OPERATION"},
78 {SCRIPT_ERR_UNBALANCED_CONDITIONAL
, "UNBALANCED_CONDITIONAL"},
79 {SCRIPT_ERR_NEGATIVE_LOCKTIME
, "NEGATIVE_LOCKTIME"},
80 {SCRIPT_ERR_UNSATISFIED_LOCKTIME
, "UNSATISFIED_LOCKTIME"},
81 {SCRIPT_ERR_SIG_HASHTYPE
, "SIG_HASHTYPE"},
82 {SCRIPT_ERR_SIG_DER
, "SIG_DER"},
83 {SCRIPT_ERR_MINIMALDATA
, "MINIMALDATA"},
84 {SCRIPT_ERR_SIG_PUSHONLY
, "SIG_PUSHONLY"},
85 {SCRIPT_ERR_SIG_HIGH_S
, "SIG_HIGH_S"},
86 {SCRIPT_ERR_SIG_NULLDUMMY
, "SIG_NULLDUMMY"},
87 {SCRIPT_ERR_PUBKEYTYPE
, "PUBKEYTYPE"},
88 {SCRIPT_ERR_CLEANSTACK
, "CLEANSTACK"},
89 {SCRIPT_ERR_MINIMALIF
, "MINIMALIF"},
90 {SCRIPT_ERR_SIG_NULLFAIL
, "NULLFAIL"},
91 {SCRIPT_ERR_DISCOURAGE_UPGRADABLE_NOPS
, "DISCOURAGE_UPGRADABLE_NOPS"},
92 {SCRIPT_ERR_DISCOURAGE_UPGRADABLE_WITNESS_PROGRAM
, "DISCOURAGE_UPGRADABLE_WITNESS_PROGRAM"},
93 {SCRIPT_ERR_WITNESS_PROGRAM_WRONG_LENGTH
, "WITNESS_PROGRAM_WRONG_LENGTH"},
94 {SCRIPT_ERR_WITNESS_PROGRAM_WITNESS_EMPTY
, "WITNESS_PROGRAM_WITNESS_EMPTY"},
95 {SCRIPT_ERR_WITNESS_PROGRAM_MISMATCH
, "WITNESS_PROGRAM_MISMATCH"},
96 {SCRIPT_ERR_WITNESS_MALLEATED
, "WITNESS_MALLEATED"},
97 {SCRIPT_ERR_WITNESS_MALLEATED_P2SH
, "WITNESS_MALLEATED_P2SH"},
98 {SCRIPT_ERR_WITNESS_UNEXPECTED
, "WITNESS_UNEXPECTED"},
99 {SCRIPT_ERR_WITNESS_PUBKEYTYPE
, "WITNESS_PUBKEYTYPE"},
102 const char *FormatScriptError(ScriptError_t err
)
104 for (unsigned int i
=0; i
<ARRAYLEN(script_errors
); ++i
)
105 if (script_errors
[i
].err
== err
)
106 return script_errors
[i
].name
;
107 BOOST_ERROR("Unknown scripterror enumeration value, update script_errors in script_tests.cpp.");
111 ScriptError_t
ParseScriptError(const std::string
&name
)
113 for (unsigned int i
=0; i
<ARRAYLEN(script_errors
); ++i
)
114 if (script_errors
[i
].name
== name
)
115 return script_errors
[i
].err
;
116 BOOST_ERROR("Unknown scripterror \"" << name
<< "\" in test description");
117 return SCRIPT_ERR_UNKNOWN_ERROR
;
120 BOOST_FIXTURE_TEST_SUITE(script_tests
, BasicTestingSetup
)
122 CMutableTransaction
BuildCreditingTransaction(const CScript
& scriptPubKey
, int nValue
= 0)
124 CMutableTransaction txCredit
;
125 txCredit
.nVersion
= 1;
126 txCredit
.nLockTime
= 0;
127 txCredit
.vin
.resize(1);
128 txCredit
.vout
.resize(1);
129 txCredit
.vin
[0].prevout
.SetNull();
130 txCredit
.vin
[0].scriptSig
= CScript() << CScriptNum(0) << CScriptNum(0);
131 txCredit
.vin
[0].nSequence
= CTxIn::SEQUENCE_FINAL
;
132 txCredit
.vout
[0].scriptPubKey
= scriptPubKey
;
133 txCredit
.vout
[0].nValue
= nValue
;
138 CMutableTransaction
BuildSpendingTransaction(const CScript
& scriptSig
, const CScriptWitness
& scriptWitness
, const CMutableTransaction
& txCredit
)
140 CMutableTransaction txSpend
;
141 txSpend
.nVersion
= 1;
142 txSpend
.nLockTime
= 0;
143 txSpend
.vin
.resize(1);
144 txSpend
.vout
.resize(1);
145 txSpend
.vin
[0].scriptWitness
= scriptWitness
;
146 txSpend
.vin
[0].prevout
.hash
= txCredit
.GetHash();
147 txSpend
.vin
[0].prevout
.n
= 0;
148 txSpend
.vin
[0].scriptSig
= scriptSig
;
149 txSpend
.vin
[0].nSequence
= CTxIn::SEQUENCE_FINAL
;
150 txSpend
.vout
[0].scriptPubKey
= CScript();
151 txSpend
.vout
[0].nValue
= txCredit
.vout
[0].nValue
;
156 void DoTest(const CScript
& scriptPubKey
, const CScript
& scriptSig
, const CScriptWitness
& scriptWitness
, int flags
, const std::string
& message
, int scriptError
, CAmount nValue
= 0)
158 bool expect
= (scriptError
== SCRIPT_ERR_OK
);
159 if (flags
& SCRIPT_VERIFY_CLEANSTACK
) {
160 flags
|= SCRIPT_VERIFY_P2SH
;
161 flags
|= SCRIPT_VERIFY_WITNESS
;
164 CMutableTransaction txCredit
= BuildCreditingTransaction(scriptPubKey
, nValue
);
165 CMutableTransaction tx
= BuildSpendingTransaction(scriptSig
, scriptWitness
, txCredit
);
166 CMutableTransaction tx2
= tx
;
167 BOOST_CHECK_MESSAGE(VerifyScript(scriptSig
, scriptPubKey
, &scriptWitness
, flags
, MutableTransactionSignatureChecker(&tx
, 0, txCredit
.vout
[0].nValue
), &err
) == expect
, message
);
168 BOOST_CHECK_MESSAGE(err
== scriptError
, std::string(FormatScriptError(err
)) + " where " + std::string(FormatScriptError((ScriptError_t
)scriptError
)) + " expected: " + message
);
170 // Verify that removing flags from a passing test or adding flags to a failing test does not change the result.
171 for (int i
= 0; i
< 16; ++i
) {
172 int extra_flags
= InsecureRandBits(16);
173 int combined_flags
= expect
? (flags
& ~extra_flags
) : (flags
| extra_flags
);
174 // Weed out some invalid flag combinations.
175 if (combined_flags
& SCRIPT_VERIFY_CLEANSTACK
&& ~combined_flags
& (SCRIPT_VERIFY_P2SH
| SCRIPT_VERIFY_WITNESS
)) continue;
176 if (combined_flags
& SCRIPT_VERIFY_WITNESS
&& ~combined_flags
& SCRIPT_VERIFY_P2SH
) continue;
177 BOOST_CHECK_MESSAGE(VerifyScript(scriptSig
, scriptPubKey
, &scriptWitness
, combined_flags
, MutableTransactionSignatureChecker(&tx
, 0, txCredit
.vout
[0].nValue
), &err
) == expect
, message
+ strprintf(" (with flags %x)", combined_flags
));
180 #if defined(HAVE_CONSENSUS_LIB)
181 CDataStream
stream(SER_NETWORK
, PROTOCOL_VERSION
);
183 int libconsensus_flags
= flags
& bitcoinconsensus_SCRIPT_FLAGS_VERIFY_ALL
;
184 if (libconsensus_flags
== flags
) {
185 if (flags
& bitcoinconsensus_SCRIPT_FLAGS_VERIFY_WITNESS
) {
186 BOOST_CHECK_MESSAGE(bitcoinconsensus_verify_script_with_amount(scriptPubKey
.data(), scriptPubKey
.size(), txCredit
.vout
[0].nValue
, (const unsigned char*)&stream
[0], stream
.size(), 0, libconsensus_flags
, nullptr) == expect
, message
);
188 BOOST_CHECK_MESSAGE(bitcoinconsensus_verify_script_with_amount(scriptPubKey
.data(), scriptPubKey
.size(), 0, (const unsigned char*)&stream
[0], stream
.size(), 0, libconsensus_flags
, nullptr) == expect
, message
);
189 BOOST_CHECK_MESSAGE(bitcoinconsensus_verify_script(scriptPubKey
.data(), scriptPubKey
.size(), (const unsigned char*)&stream
[0], stream
.size(), 0, libconsensus_flags
, nullptr) == expect
,message
);
195 void static NegateSignatureS(std::vector
<unsigned char>& vchSig
) {
196 // Parse the signature.
197 std::vector
<unsigned char> r
, s
;
198 r
= std::vector
<unsigned char>(vchSig
.begin() + 4, vchSig
.begin() + 4 + vchSig
[3]);
199 s
= std::vector
<unsigned char>(vchSig
.begin() + 6 + vchSig
[3], vchSig
.begin() + 6 + vchSig
[3] + vchSig
[5 + vchSig
[3]]);
201 // Really ugly to implement mod-n negation here, but it would be feature creep to expose such functionality from libsecp256k1.
202 static const unsigned char order
[33] = {
204 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
205 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE,
206 0xBA, 0xAE, 0xDC, 0xE6, 0xAF, 0x48, 0xA0, 0x3B,
207 0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41, 0x41
209 while (s
.size() < 33) {
210 s
.insert(s
.begin(), 0x00);
213 for (int p
= 32; p
>= 1; p
--) {
214 int n
= (int)order
[p
] - s
[p
] - carry
;
215 s
[p
] = (n
+ 256) & 0xFF;
219 if (s
.size() > 1 && s
[0] == 0 && s
[1] < 0x80) {
223 // Reconstruct the signature.
225 vchSig
.push_back(0x30);
226 vchSig
.push_back(4 + r
.size() + s
.size());
227 vchSig
.push_back(0x02);
228 vchSig
.push_back(r
.size());
229 vchSig
.insert(vchSig
.end(), r
.begin(), r
.end());
230 vchSig
.push_back(0x02);
231 vchSig
.push_back(s
.size());
232 vchSig
.insert(vchSig
.end(), s
.begin(), s
.end());
237 const unsigned char vchKey0
[32] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1};
238 const unsigned char vchKey1
[32] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0};
239 const unsigned char vchKey2
[32] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0};
243 CKey key0
, key0C
, key1
, key1C
, key2
, key2C
;
244 CPubKey pubkey0
, pubkey0C
, pubkey0H
;
245 CPubKey pubkey1
, pubkey1C
;
246 CPubKey pubkey2
, pubkey2C
;
251 key0
.Set(vchKey0
, vchKey0
+ 32, false);
252 key0C
.Set(vchKey0
, vchKey0
+ 32, true);
253 pubkey0
= key0
.GetPubKey();
254 pubkey0H
= key0
.GetPubKey();
255 pubkey0C
= key0C
.GetPubKey();
256 *const_cast<unsigned char*>(&pubkey0H
[0]) = 0x06 | (pubkey0H
[64] & 1);
258 key1
.Set(vchKey1
, vchKey1
+ 32, false);
259 key1C
.Set(vchKey1
, vchKey1
+ 32, true);
260 pubkey1
= key1
.GetPubKey();
261 pubkey1C
= key1C
.GetPubKey();
263 key2
.Set(vchKey2
, vchKey2
+ 32, false);
264 key2C
.Set(vchKey2
, vchKey2
+ 32, true);
265 pubkey2
= key2
.GetPubKey();
266 pubkey2C
= key2C
.GetPubKey();
279 //! Actually executed script
281 //! The P2SH redeemscript
282 CScript redeemscript
;
283 //! The Witness embedded script
285 CScriptWitness scriptWitness
;
286 CTransactionRef creditTx
;
287 CMutableTransaction spendTx
;
289 std::vector
<unsigned char> push
;
298 spendTx
.vin
[0].scriptSig
<< push
;
303 void DoPush(const std::vector
<unsigned char>& data
)
311 TestBuilder(const CScript
& script_
, const std::string
& comment_
, int flags_
, bool P2SH
= false, WitnessMode wm
= WITNESS_NONE
, int witnessversion
= 0, CAmount nValue_
= 0) : script(script_
), havePush(false), comment(comment_
), flags(flags_
), scriptError(SCRIPT_ERR_OK
), nValue(nValue_
)
313 CScript scriptPubKey
= script
;
314 if (wm
== WITNESS_PKH
) {
316 CHash160().Write(&script
[1], script
.size() - 1).Finalize(hash
.begin());
317 script
= CScript() << OP_DUP
<< OP_HASH160
<< ToByteVector(hash
) << OP_EQUALVERIFY
<< OP_CHECKSIG
;
318 scriptPubKey
= CScript() << witnessversion
<< ToByteVector(hash
);
319 } else if (wm
== WITNESS_SH
) {
320 witscript
= scriptPubKey
;
322 CSHA256().Write(&witscript
[0], witscript
.size()).Finalize(hash
.begin());
323 scriptPubKey
= CScript() << witnessversion
<< ToByteVector(hash
);
326 redeemscript
= scriptPubKey
;
327 scriptPubKey
= CScript() << OP_HASH160
<< ToByteVector(CScriptID(redeemscript
)) << OP_EQUAL
;
329 creditTx
= MakeTransactionRef(BuildCreditingTransaction(scriptPubKey
, nValue
));
330 spendTx
= BuildSpendingTransaction(CScript(), CScriptWitness(), *creditTx
);
333 TestBuilder
& ScriptError(ScriptError_t err
)
339 TestBuilder
& Add(const CScript
& _script
)
342 spendTx
.vin
[0].scriptSig
+= _script
;
346 TestBuilder
& Num(int num
)
349 spendTx
.vin
[0].scriptSig
<< num
;
353 TestBuilder
& Push(const std::string
& hex
)
355 DoPush(ParseHex(hex
));
359 TestBuilder
& Push(const CScript
& _script
) {
360 DoPush(std::vector
<unsigned char>(_script
.begin(), _script
.end()));
364 TestBuilder
& PushSig(const CKey
& key
, int nHashType
= SIGHASH_ALL
, unsigned int lenR
= 32, unsigned int lenS
= 32, SigVersion sigversion
= SIGVERSION_BASE
, CAmount amount
= 0)
366 uint256 hash
= SignatureHash(script
, spendTx
, 0, nHashType
, amount
, sigversion
);
367 std::vector
<unsigned char> vchSig
, r
, s
;
370 key
.Sign(hash
, vchSig
, iter
++);
371 if ((lenS
== 33) != (vchSig
[5 + vchSig
[3]] == 33)) {
372 NegateSignatureS(vchSig
);
374 r
= std::vector
<unsigned char>(vchSig
.begin() + 4, vchSig
.begin() + 4 + vchSig
[3]);
375 s
= std::vector
<unsigned char>(vchSig
.begin() + 6 + vchSig
[3], vchSig
.begin() + 6 + vchSig
[3] + vchSig
[5 + vchSig
[3]]);
376 } while (lenR
!= r
.size() || lenS
!= s
.size());
377 vchSig
.push_back(static_cast<unsigned char>(nHashType
));
382 TestBuilder
& PushWitSig(const CKey
& key
, CAmount amount
= -1, int nHashType
= SIGHASH_ALL
, unsigned int lenR
= 32, unsigned int lenS
= 32, SigVersion sigversion
= SIGVERSION_WITNESS_V0
)
386 return PushSig(key
, nHashType
, lenR
, lenS
, sigversion
, amount
).AsWit();
389 TestBuilder
& Push(const CPubKey
& pubkey
)
391 DoPush(std::vector
<unsigned char>(pubkey
.begin(), pubkey
.end()));
395 TestBuilder
& PushRedeem()
397 DoPush(std::vector
<unsigned char>(redeemscript
.begin(), redeemscript
.end()));
401 TestBuilder
& PushWitRedeem()
403 DoPush(std::vector
<unsigned char>(witscript
.begin(), witscript
.end()));
407 TestBuilder
& EditPush(unsigned int pos
, const std::string
& hexin
, const std::string
& hexout
)
410 std::vector
<unsigned char> datain
= ParseHex(hexin
);
411 std::vector
<unsigned char> dataout
= ParseHex(hexout
);
412 assert(pos
+ datain
.size() <= push
.size());
413 BOOST_CHECK_MESSAGE(std::vector
<unsigned char>(push
.begin() + pos
, push
.begin() + pos
+ datain
.size()) == datain
, comment
);
414 push
.erase(push
.begin() + pos
, push
.begin() + pos
+ datain
.size());
415 push
.insert(push
.begin() + pos
, dataout
.begin(), dataout
.end());
419 TestBuilder
& DamagePush(unsigned int pos
)
422 assert(pos
< push
.size());
429 TestBuilder copy
= *this; // Make a copy so we can rollback the push.
431 DoTest(creditTx
->vout
[0].scriptPubKey
, spendTx
.vin
[0].scriptSig
, scriptWitness
, flags
, comment
, scriptError
, nValue
);
439 scriptWitness
.stack
.push_back(push
);
447 UniValue
array(UniValue::VARR
);
448 if (!scriptWitness
.stack
.empty()) {
449 UniValue
wit(UniValue::VARR
);
450 for (unsigned i
= 0; i
< scriptWitness
.stack
.size(); i
++) {
451 wit
.push_back(HexStr(scriptWitness
.stack
[i
]));
453 wit
.push_back(ValueFromAmount(nValue
));
454 array
.push_back(wit
);
456 array
.push_back(FormatScript(spendTx
.vin
[0].scriptSig
));
457 array
.push_back(FormatScript(creditTx
->vout
[0].scriptPubKey
));
458 array
.push_back(FormatScriptFlags(flags
));
459 array
.push_back(FormatScriptError((ScriptError_t
)scriptError
));
460 array
.push_back(comment
);
464 std::string
GetComment() const
470 std::string
JSONPrettyPrint(const UniValue
& univalue
)
472 std::string ret
= univalue
.write(4);
473 // Workaround for libunivalue pretty printer, which puts a space between commas and newlines
475 while ((pos
= ret
.find(" \n", pos
)) != std::string::npos
) {
476 ret
.replace(pos
, 2, "\n");
483 BOOST_AUTO_TEST_CASE(script_build
)
487 std::vector
<TestBuilder
> tests
;
489 tests
.push_back(TestBuilder(CScript() << ToByteVector(keys
.pubkey0
) << OP_CHECKSIG
,
491 ).PushSig(keys
.key0
));
492 tests
.push_back(TestBuilder(CScript() << ToByteVector(keys
.pubkey0
) << OP_CHECKSIG
,
494 ).PushSig(keys
.key0
).DamagePush(10).ScriptError(SCRIPT_ERR_EVAL_FALSE
));
496 tests
.push_back(TestBuilder(CScript() << OP_DUP
<< OP_HASH160
<< ToByteVector(keys
.pubkey1C
.GetID()) << OP_EQUALVERIFY
<< OP_CHECKSIG
,
498 ).PushSig(keys
.key1
).Push(keys
.pubkey1C
));
499 tests
.push_back(TestBuilder(CScript() << OP_DUP
<< OP_HASH160
<< ToByteVector(keys
.pubkey2C
.GetID()) << OP_EQUALVERIFY
<< OP_CHECKSIG
,
500 "P2PKH, bad pubkey", 0
501 ).PushSig(keys
.key2
).Push(keys
.pubkey2C
).DamagePush(5).ScriptError(SCRIPT_ERR_EQUALVERIFY
));
503 tests
.push_back(TestBuilder(CScript() << ToByteVector(keys
.pubkey1
) << OP_CHECKSIG
,
504 "P2PK anyonecanpay", 0
505 ).PushSig(keys
.key1
, SIGHASH_ALL
| SIGHASH_ANYONECANPAY
));
506 tests
.push_back(TestBuilder(CScript() << ToByteVector(keys
.pubkey1
) << OP_CHECKSIG
,
507 "P2PK anyonecanpay marked with normal hashtype", 0
508 ).PushSig(keys
.key1
, SIGHASH_ALL
| SIGHASH_ANYONECANPAY
).EditPush(70, "81", "01").ScriptError(SCRIPT_ERR_EVAL_FALSE
));
510 tests
.push_back(TestBuilder(CScript() << ToByteVector(keys
.pubkey0C
) << OP_CHECKSIG
,
511 "P2SH(P2PK)", SCRIPT_VERIFY_P2SH
, true
512 ).PushSig(keys
.key0
).PushRedeem());
513 tests
.push_back(TestBuilder(CScript() << ToByteVector(keys
.pubkey0C
) << OP_CHECKSIG
,
514 "P2SH(P2PK), bad redeemscript", SCRIPT_VERIFY_P2SH
, true
515 ).PushSig(keys
.key0
).PushRedeem().DamagePush(10).ScriptError(SCRIPT_ERR_EVAL_FALSE
));
517 tests
.push_back(TestBuilder(CScript() << OP_DUP
<< OP_HASH160
<< ToByteVector(keys
.pubkey0
.GetID()) << OP_EQUALVERIFY
<< OP_CHECKSIG
,
518 "P2SH(P2PKH)", SCRIPT_VERIFY_P2SH
, true
519 ).PushSig(keys
.key0
).Push(keys
.pubkey0
).PushRedeem());
520 tests
.push_back(TestBuilder(CScript() << OP_DUP
<< OP_HASH160
<< ToByteVector(keys
.pubkey1
.GetID()) << OP_EQUALVERIFY
<< OP_CHECKSIG
,
521 "P2SH(P2PKH), bad sig but no VERIFY_P2SH", 0, true
522 ).PushSig(keys
.key0
).DamagePush(10).PushRedeem());
523 tests
.push_back(TestBuilder(CScript() << OP_DUP
<< OP_HASH160
<< ToByteVector(keys
.pubkey1
.GetID()) << OP_EQUALVERIFY
<< OP_CHECKSIG
,
524 "P2SH(P2PKH), bad sig", SCRIPT_VERIFY_P2SH
, true
525 ).PushSig(keys
.key0
).DamagePush(10).PushRedeem().ScriptError(SCRIPT_ERR_EQUALVERIFY
));
527 tests
.push_back(TestBuilder(CScript() << OP_3
<< ToByteVector(keys
.pubkey0C
) << ToByteVector(keys
.pubkey1C
) << ToByteVector(keys
.pubkey2C
) << OP_3
<< OP_CHECKMULTISIG
,
529 ).Num(0).PushSig(keys
.key0
).PushSig(keys
.key1
).PushSig(keys
.key2
));
530 tests
.push_back(TestBuilder(CScript() << OP_3
<< ToByteVector(keys
.pubkey0C
) << ToByteVector(keys
.pubkey1C
) << ToByteVector(keys
.pubkey2C
) << OP_3
<< OP_CHECKMULTISIG
,
532 ).Num(0).PushSig(keys
.key0
).PushSig(keys
.key1
).Num(0).ScriptError(SCRIPT_ERR_EVAL_FALSE
));
534 tests
.push_back(TestBuilder(CScript() << OP_2
<< ToByteVector(keys
.pubkey0C
) << ToByteVector(keys
.pubkey1C
) << ToByteVector(keys
.pubkey2C
) << OP_3
<< OP_CHECKMULTISIG
,
535 "P2SH(2-of-3)", SCRIPT_VERIFY_P2SH
, true
536 ).Num(0).PushSig(keys
.key1
).PushSig(keys
.key2
).PushRedeem());
537 tests
.push_back(TestBuilder(CScript() << OP_2
<< ToByteVector(keys
.pubkey0C
) << ToByteVector(keys
.pubkey1C
) << ToByteVector(keys
.pubkey2C
) << OP_3
<< OP_CHECKMULTISIG
,
538 "P2SH(2-of-3), 1 sig", SCRIPT_VERIFY_P2SH
, true
539 ).Num(0).PushSig(keys
.key1
).Num(0).PushRedeem().ScriptError(SCRIPT_ERR_EVAL_FALSE
));
541 tests
.push_back(TestBuilder(CScript() << ToByteVector(keys
.pubkey1C
) << OP_CHECKSIG
,
542 "P2PK with too much R padding but no DERSIG", 0
543 ).PushSig(keys
.key1
, SIGHASH_ALL
, 31, 32).EditPush(1, "43021F", "44022000"));
544 tests
.push_back(TestBuilder(CScript() << ToByteVector(keys
.pubkey1C
) << OP_CHECKSIG
,
545 "P2PK with too much R padding", SCRIPT_VERIFY_DERSIG
546 ).PushSig(keys
.key1
, SIGHASH_ALL
, 31, 32).EditPush(1, "43021F", "44022000").ScriptError(SCRIPT_ERR_SIG_DER
));
547 tests
.push_back(TestBuilder(CScript() << ToByteVector(keys
.pubkey1C
) << OP_CHECKSIG
,
548 "P2PK with too much S padding but no DERSIG", 0
549 ).PushSig(keys
.key1
, SIGHASH_ALL
).EditPush(1, "44", "45").EditPush(37, "20", "2100"));
550 tests
.push_back(TestBuilder(CScript() << ToByteVector(keys
.pubkey1C
) << OP_CHECKSIG
,
551 "P2PK with too much S padding", SCRIPT_VERIFY_DERSIG
552 ).PushSig(keys
.key1
, SIGHASH_ALL
).EditPush(1, "44", "45").EditPush(37, "20", "2100").ScriptError(SCRIPT_ERR_SIG_DER
));
553 tests
.push_back(TestBuilder(CScript() << ToByteVector(keys
.pubkey1C
) << OP_CHECKSIG
,
554 "P2PK with too little R padding but no DERSIG", 0
555 ).PushSig(keys
.key1
, SIGHASH_ALL
, 33, 32).EditPush(1, "45022100", "440220"));
556 tests
.push_back(TestBuilder(CScript() << ToByteVector(keys
.pubkey1C
) << OP_CHECKSIG
,
557 "P2PK with too little R padding", SCRIPT_VERIFY_DERSIG
558 ).PushSig(keys
.key1
, SIGHASH_ALL
, 33, 32).EditPush(1, "45022100", "440220").ScriptError(SCRIPT_ERR_SIG_DER
));
559 tests
.push_back(TestBuilder(CScript() << ToByteVector(keys
.pubkey2C
) << OP_CHECKSIG
<< OP_NOT
,
560 "P2PK NOT with bad sig with too much R padding but no DERSIG", 0
561 ).PushSig(keys
.key2
, SIGHASH_ALL
, 31, 32).EditPush(1, "43021F", "44022000").DamagePush(10));
562 tests
.push_back(TestBuilder(CScript() << ToByteVector(keys
.pubkey2C
) << OP_CHECKSIG
<< OP_NOT
,
563 "P2PK NOT with bad sig with too much R padding", SCRIPT_VERIFY_DERSIG
564 ).PushSig(keys
.key2
, SIGHASH_ALL
, 31, 32).EditPush(1, "43021F", "44022000").DamagePush(10).ScriptError(SCRIPT_ERR_SIG_DER
));
565 tests
.push_back(TestBuilder(CScript() << ToByteVector(keys
.pubkey2C
) << OP_CHECKSIG
<< OP_NOT
,
566 "P2PK NOT with too much R padding but no DERSIG", 0
567 ).PushSig(keys
.key2
, SIGHASH_ALL
, 31, 32).EditPush(1, "43021F", "44022000").ScriptError(SCRIPT_ERR_EVAL_FALSE
));
568 tests
.push_back(TestBuilder(CScript() << ToByteVector(keys
.pubkey2C
) << OP_CHECKSIG
<< OP_NOT
,
569 "P2PK NOT with too much R padding", SCRIPT_VERIFY_DERSIG
570 ).PushSig(keys
.key2
, SIGHASH_ALL
, 31, 32).EditPush(1, "43021F", "44022000").ScriptError(SCRIPT_ERR_SIG_DER
));
572 tests
.push_back(TestBuilder(CScript() << ToByteVector(keys
.pubkey1C
) << OP_CHECKSIG
,
573 "BIP66 example 1, without DERSIG", 0
574 ).PushSig(keys
.key1
, SIGHASH_ALL
, 33, 32).EditPush(1, "45022100", "440220"));
575 tests
.push_back(TestBuilder(CScript() << ToByteVector(keys
.pubkey1C
) << OP_CHECKSIG
,
576 "BIP66 example 1, with DERSIG", SCRIPT_VERIFY_DERSIG
577 ).PushSig(keys
.key1
, SIGHASH_ALL
, 33, 32).EditPush(1, "45022100", "440220").ScriptError(SCRIPT_ERR_SIG_DER
));
578 tests
.push_back(TestBuilder(CScript() << ToByteVector(keys
.pubkey1C
) << OP_CHECKSIG
<< OP_NOT
,
579 "BIP66 example 2, without DERSIG", 0
580 ).PushSig(keys
.key1
, SIGHASH_ALL
, 33, 32).EditPush(1, "45022100", "440220").ScriptError(SCRIPT_ERR_EVAL_FALSE
));
581 tests
.push_back(TestBuilder(CScript() << ToByteVector(keys
.pubkey1C
) << OP_CHECKSIG
<< OP_NOT
,
582 "BIP66 example 2, with DERSIG", SCRIPT_VERIFY_DERSIG
583 ).PushSig(keys
.key1
, SIGHASH_ALL
, 33, 32).EditPush(1, "45022100", "440220").ScriptError(SCRIPT_ERR_SIG_DER
));
584 tests
.push_back(TestBuilder(CScript() << ToByteVector(keys
.pubkey1C
) << OP_CHECKSIG
,
585 "BIP66 example 3, without DERSIG", 0
586 ).Num(0).ScriptError(SCRIPT_ERR_EVAL_FALSE
));
587 tests
.push_back(TestBuilder(CScript() << ToByteVector(keys
.pubkey1C
) << OP_CHECKSIG
,
588 "BIP66 example 3, with DERSIG", SCRIPT_VERIFY_DERSIG
589 ).Num(0).ScriptError(SCRIPT_ERR_EVAL_FALSE
));
590 tests
.push_back(TestBuilder(CScript() << ToByteVector(keys
.pubkey1C
) << OP_CHECKSIG
<< OP_NOT
,
591 "BIP66 example 4, without DERSIG", 0
593 tests
.push_back(TestBuilder(CScript() << ToByteVector(keys
.pubkey1C
) << OP_CHECKSIG
<< OP_NOT
,
594 "BIP66 example 4, with DERSIG", SCRIPT_VERIFY_DERSIG
596 tests
.push_back(TestBuilder(CScript() << ToByteVector(keys
.pubkey1C
) << OP_CHECKSIG
,
597 "BIP66 example 5, without DERSIG", 0
598 ).Num(1).ScriptError(SCRIPT_ERR_EVAL_FALSE
));
599 tests
.push_back(TestBuilder(CScript() << ToByteVector(keys
.pubkey1C
) << OP_CHECKSIG
,
600 "BIP66 example 5, with DERSIG", SCRIPT_VERIFY_DERSIG
601 ).Num(1).ScriptError(SCRIPT_ERR_SIG_DER
));
602 tests
.push_back(TestBuilder(CScript() << ToByteVector(keys
.pubkey1C
) << OP_CHECKSIG
<< OP_NOT
,
603 "BIP66 example 6, without DERSIG", 0
605 tests
.push_back(TestBuilder(CScript() << ToByteVector(keys
.pubkey1C
) << OP_CHECKSIG
<< OP_NOT
,
606 "BIP66 example 6, with DERSIG", SCRIPT_VERIFY_DERSIG
607 ).Num(1).ScriptError(SCRIPT_ERR_SIG_DER
));
608 tests
.push_back(TestBuilder(CScript() << OP_2
<< ToByteVector(keys
.pubkey1C
) << ToByteVector(keys
.pubkey2C
) << OP_2
<< OP_CHECKMULTISIG
,
609 "BIP66 example 7, without DERSIG", 0
610 ).Num(0).PushSig(keys
.key1
, SIGHASH_ALL
, 33, 32).EditPush(1, "45022100", "440220").PushSig(keys
.key2
));
611 tests
.push_back(TestBuilder(CScript() << OP_2
<< ToByteVector(keys
.pubkey1C
) << ToByteVector(keys
.pubkey2C
) << OP_2
<< OP_CHECKMULTISIG
,
612 "BIP66 example 7, with DERSIG", SCRIPT_VERIFY_DERSIG
613 ).Num(0).PushSig(keys
.key1
, SIGHASH_ALL
, 33, 32).EditPush(1, "45022100", "440220").PushSig(keys
.key2
).ScriptError(SCRIPT_ERR_SIG_DER
));
614 tests
.push_back(TestBuilder(CScript() << OP_2
<< ToByteVector(keys
.pubkey1C
) << ToByteVector(keys
.pubkey2C
) << OP_2
<< OP_CHECKMULTISIG
<< OP_NOT
,
615 "BIP66 example 8, without DERSIG", 0
616 ).Num(0).PushSig(keys
.key1
, SIGHASH_ALL
, 33, 32).EditPush(1, "45022100", "440220").PushSig(keys
.key2
).ScriptError(SCRIPT_ERR_EVAL_FALSE
));
617 tests
.push_back(TestBuilder(CScript() << OP_2
<< ToByteVector(keys
.pubkey1C
) << ToByteVector(keys
.pubkey2C
) << OP_2
<< OP_CHECKMULTISIG
<< OP_NOT
,
618 "BIP66 example 8, with DERSIG", SCRIPT_VERIFY_DERSIG
619 ).Num(0).PushSig(keys
.key1
, SIGHASH_ALL
, 33, 32).EditPush(1, "45022100", "440220").PushSig(keys
.key2
).ScriptError(SCRIPT_ERR_SIG_DER
));
620 tests
.push_back(TestBuilder(CScript() << OP_2
<< ToByteVector(keys
.pubkey1C
) << ToByteVector(keys
.pubkey2C
) << OP_2
<< OP_CHECKMULTISIG
,
621 "BIP66 example 9, without DERSIG", 0
622 ).Num(0).Num(0).PushSig(keys
.key2
, SIGHASH_ALL
, 33, 32).EditPush(1, "45022100", "440220").ScriptError(SCRIPT_ERR_EVAL_FALSE
));
623 tests
.push_back(TestBuilder(CScript() << OP_2
<< ToByteVector(keys
.pubkey1C
) << ToByteVector(keys
.pubkey2C
) << OP_2
<< OP_CHECKMULTISIG
,
624 "BIP66 example 9, with DERSIG", SCRIPT_VERIFY_DERSIG
625 ).Num(0).Num(0).PushSig(keys
.key2
, SIGHASH_ALL
, 33, 32).EditPush(1, "45022100", "440220").ScriptError(SCRIPT_ERR_SIG_DER
));
626 tests
.push_back(TestBuilder(CScript() << OP_2
<< ToByteVector(keys
.pubkey1C
) << ToByteVector(keys
.pubkey2C
) << OP_2
<< OP_CHECKMULTISIG
<< OP_NOT
,
627 "BIP66 example 10, without DERSIG", 0
628 ).Num(0).Num(0).PushSig(keys
.key2
, SIGHASH_ALL
, 33, 32).EditPush(1, "45022100", "440220"));
629 tests
.push_back(TestBuilder(CScript() << OP_2
<< ToByteVector(keys
.pubkey1C
) << ToByteVector(keys
.pubkey2C
) << OP_2
<< OP_CHECKMULTISIG
<< OP_NOT
,
630 "BIP66 example 10, with DERSIG", SCRIPT_VERIFY_DERSIG
631 ).Num(0).Num(0).PushSig(keys
.key2
, SIGHASH_ALL
, 33, 32).EditPush(1, "45022100", "440220").ScriptError(SCRIPT_ERR_SIG_DER
));
632 tests
.push_back(TestBuilder(CScript() << OP_2
<< ToByteVector(keys
.pubkey1C
) << ToByteVector(keys
.pubkey2C
) << OP_2
<< OP_CHECKMULTISIG
,
633 "BIP66 example 11, without DERSIG", 0
634 ).Num(0).PushSig(keys
.key1
, SIGHASH_ALL
, 33, 32).EditPush(1, "45022100", "440220").Num(0).ScriptError(SCRIPT_ERR_EVAL_FALSE
));
635 tests
.push_back(TestBuilder(CScript() << OP_2
<< ToByteVector(keys
.pubkey1C
) << ToByteVector(keys
.pubkey2C
) << OP_2
<< OP_CHECKMULTISIG
,
636 "BIP66 example 11, with DERSIG", SCRIPT_VERIFY_DERSIG
637 ).Num(0).PushSig(keys
.key1
, SIGHASH_ALL
, 33, 32).EditPush(1, "45022100", "440220").Num(0).ScriptError(SCRIPT_ERR_EVAL_FALSE
));
638 tests
.push_back(TestBuilder(CScript() << OP_2
<< ToByteVector(keys
.pubkey1C
) << ToByteVector(keys
.pubkey2C
) << OP_2
<< OP_CHECKMULTISIG
<< OP_NOT
,
639 "BIP66 example 12, without DERSIG", 0
640 ).Num(0).PushSig(keys
.key1
, SIGHASH_ALL
, 33, 32).EditPush(1, "45022100", "440220").Num(0));
641 tests
.push_back(TestBuilder(CScript() << OP_2
<< ToByteVector(keys
.pubkey1C
) << ToByteVector(keys
.pubkey2C
) << OP_2
<< OP_CHECKMULTISIG
<< OP_NOT
,
642 "BIP66 example 12, with DERSIG", SCRIPT_VERIFY_DERSIG
643 ).Num(0).PushSig(keys
.key1
, SIGHASH_ALL
, 33, 32).EditPush(1, "45022100", "440220").Num(0));
644 tests
.push_back(TestBuilder(CScript() << ToByteVector(keys
.pubkey2C
) << OP_CHECKSIG
,
645 "P2PK with multi-byte hashtype, without DERSIG", 0
646 ).PushSig(keys
.key2
, SIGHASH_ALL
).EditPush(70, "01", "0101"));
647 tests
.push_back(TestBuilder(CScript() << ToByteVector(keys
.pubkey2C
) << OP_CHECKSIG
,
648 "P2PK with multi-byte hashtype, with DERSIG", SCRIPT_VERIFY_DERSIG
649 ).PushSig(keys
.key2
, SIGHASH_ALL
).EditPush(70, "01", "0101").ScriptError(SCRIPT_ERR_SIG_DER
));
651 tests
.push_back(TestBuilder(CScript() << ToByteVector(keys
.pubkey2C
) << OP_CHECKSIG
,
652 "P2PK with high S but no LOW_S", 0
653 ).PushSig(keys
.key2
, SIGHASH_ALL
, 32, 33));
654 tests
.push_back(TestBuilder(CScript() << ToByteVector(keys
.pubkey2C
) << OP_CHECKSIG
,
655 "P2PK with high S", SCRIPT_VERIFY_LOW_S
656 ).PushSig(keys
.key2
, SIGHASH_ALL
, 32, 33).ScriptError(SCRIPT_ERR_SIG_HIGH_S
));
658 tests
.push_back(TestBuilder(CScript() << ToByteVector(keys
.pubkey0H
) << OP_CHECKSIG
,
659 "P2PK with hybrid pubkey but no STRICTENC", 0
660 ).PushSig(keys
.key0
, SIGHASH_ALL
));
661 tests
.push_back(TestBuilder(CScript() << ToByteVector(keys
.pubkey0H
) << OP_CHECKSIG
,
662 "P2PK with hybrid pubkey", SCRIPT_VERIFY_STRICTENC
663 ).PushSig(keys
.key0
, SIGHASH_ALL
).ScriptError(SCRIPT_ERR_PUBKEYTYPE
));
664 tests
.push_back(TestBuilder(CScript() << ToByteVector(keys
.pubkey0H
) << OP_CHECKSIG
<< OP_NOT
,
665 "P2PK NOT with hybrid pubkey but no STRICTENC", 0
666 ).PushSig(keys
.key0
, SIGHASH_ALL
).ScriptError(SCRIPT_ERR_EVAL_FALSE
));
667 tests
.push_back(TestBuilder(CScript() << ToByteVector(keys
.pubkey0H
) << OP_CHECKSIG
<< OP_NOT
,
668 "P2PK NOT with hybrid pubkey", SCRIPT_VERIFY_STRICTENC
669 ).PushSig(keys
.key0
, SIGHASH_ALL
).ScriptError(SCRIPT_ERR_PUBKEYTYPE
));
670 tests
.push_back(TestBuilder(CScript() << ToByteVector(keys
.pubkey0H
) << OP_CHECKSIG
<< OP_NOT
,
671 "P2PK NOT with invalid hybrid pubkey but no STRICTENC", 0
672 ).PushSig(keys
.key0
, SIGHASH_ALL
).DamagePush(10));
673 tests
.push_back(TestBuilder(CScript() << ToByteVector(keys
.pubkey0H
) << OP_CHECKSIG
<< OP_NOT
,
674 "P2PK NOT with invalid hybrid pubkey", SCRIPT_VERIFY_STRICTENC
675 ).PushSig(keys
.key0
, SIGHASH_ALL
).DamagePush(10).ScriptError(SCRIPT_ERR_PUBKEYTYPE
));
676 tests
.push_back(TestBuilder(CScript() << OP_1
<< ToByteVector(keys
.pubkey0H
) << ToByteVector(keys
.pubkey1C
) << OP_2
<< OP_CHECKMULTISIG
,
677 "1-of-2 with the second 1 hybrid pubkey and no STRICTENC", 0
678 ).Num(0).PushSig(keys
.key1
, SIGHASH_ALL
));
679 tests
.push_back(TestBuilder(CScript() << OP_1
<< ToByteVector(keys
.pubkey0H
) << ToByteVector(keys
.pubkey1C
) << OP_2
<< OP_CHECKMULTISIG
,
680 "1-of-2 with the second 1 hybrid pubkey", SCRIPT_VERIFY_STRICTENC
681 ).Num(0).PushSig(keys
.key1
, SIGHASH_ALL
));
682 tests
.push_back(TestBuilder(CScript() << OP_1
<< ToByteVector(keys
.pubkey1C
) << ToByteVector(keys
.pubkey0H
) << OP_2
<< OP_CHECKMULTISIG
,
683 "1-of-2 with the first 1 hybrid pubkey", SCRIPT_VERIFY_STRICTENC
684 ).Num(0).PushSig(keys
.key1
, SIGHASH_ALL
).ScriptError(SCRIPT_ERR_PUBKEYTYPE
));
686 tests
.push_back(TestBuilder(CScript() << ToByteVector(keys
.pubkey1
) << OP_CHECKSIG
,
687 "P2PK with undefined hashtype but no STRICTENC", 0
688 ).PushSig(keys
.key1
, 5));
689 tests
.push_back(TestBuilder(CScript() << ToByteVector(keys
.pubkey1
) << OP_CHECKSIG
,
690 "P2PK with undefined hashtype", SCRIPT_VERIFY_STRICTENC
691 ).PushSig(keys
.key1
, 5).ScriptError(SCRIPT_ERR_SIG_HASHTYPE
));
692 tests
.push_back(TestBuilder(CScript() << ToByteVector(keys
.pubkey1
) << OP_CHECKSIG
<< OP_NOT
,
693 "P2PK NOT with invalid sig and undefined hashtype but no STRICTENC", 0
694 ).PushSig(keys
.key1
, 5).DamagePush(10));
695 tests
.push_back(TestBuilder(CScript() << ToByteVector(keys
.pubkey1
) << OP_CHECKSIG
<< OP_NOT
,
696 "P2PK NOT with invalid sig and undefined hashtype", SCRIPT_VERIFY_STRICTENC
697 ).PushSig(keys
.key1
, 5).DamagePush(10).ScriptError(SCRIPT_ERR_SIG_HASHTYPE
));
699 tests
.push_back(TestBuilder(CScript() << OP_3
<< ToByteVector(keys
.pubkey0C
) << ToByteVector(keys
.pubkey1C
) << ToByteVector(keys
.pubkey2C
) << OP_3
<< OP_CHECKMULTISIG
,
700 "3-of-3 with nonzero dummy but no NULLDUMMY", 0
701 ).Num(1).PushSig(keys
.key0
).PushSig(keys
.key1
).PushSig(keys
.key2
));
702 tests
.push_back(TestBuilder(CScript() << OP_3
<< ToByteVector(keys
.pubkey0C
) << ToByteVector(keys
.pubkey1C
) << ToByteVector(keys
.pubkey2C
) << OP_3
<< OP_CHECKMULTISIG
,
703 "3-of-3 with nonzero dummy", SCRIPT_VERIFY_NULLDUMMY
704 ).Num(1).PushSig(keys
.key0
).PushSig(keys
.key1
).PushSig(keys
.key2
).ScriptError(SCRIPT_ERR_SIG_NULLDUMMY
));
705 tests
.push_back(TestBuilder(CScript() << OP_3
<< ToByteVector(keys
.pubkey0C
) << ToByteVector(keys
.pubkey1C
) << ToByteVector(keys
.pubkey2C
) << OP_3
<< OP_CHECKMULTISIG
<< OP_NOT
,
706 "3-of-3 NOT with invalid sig and nonzero dummy but no NULLDUMMY", 0
707 ).Num(1).PushSig(keys
.key0
).PushSig(keys
.key1
).PushSig(keys
.key2
).DamagePush(10));
708 tests
.push_back(TestBuilder(CScript() << OP_3
<< ToByteVector(keys
.pubkey0C
) << ToByteVector(keys
.pubkey1C
) << ToByteVector(keys
.pubkey2C
) << OP_3
<< OP_CHECKMULTISIG
<< OP_NOT
,
709 "3-of-3 NOT with invalid sig with nonzero dummy", SCRIPT_VERIFY_NULLDUMMY
710 ).Num(1).PushSig(keys
.key0
).PushSig(keys
.key1
).PushSig(keys
.key2
).DamagePush(10).ScriptError(SCRIPT_ERR_SIG_NULLDUMMY
));
712 tests
.push_back(TestBuilder(CScript() << OP_2
<< ToByteVector(keys
.pubkey1C
) << ToByteVector(keys
.pubkey1C
) << OP_2
<< OP_CHECKMULTISIG
,
713 "2-of-2 with two identical keys and sigs pushed using OP_DUP but no SIGPUSHONLY", 0
714 ).Num(0).PushSig(keys
.key1
).Add(CScript() << OP_DUP
));
715 tests
.push_back(TestBuilder(CScript() << OP_2
<< ToByteVector(keys
.pubkey1C
) << ToByteVector(keys
.pubkey1C
) << OP_2
<< OP_CHECKMULTISIG
,
716 "2-of-2 with two identical keys and sigs pushed using OP_DUP", SCRIPT_VERIFY_SIGPUSHONLY
717 ).Num(0).PushSig(keys
.key1
).Add(CScript() << OP_DUP
).ScriptError(SCRIPT_ERR_SIG_PUSHONLY
));
718 tests
.push_back(TestBuilder(CScript() << ToByteVector(keys
.pubkey2C
) << OP_CHECKSIG
,
719 "P2SH(P2PK) with non-push scriptSig but no P2SH or SIGPUSHONLY", 0, true
720 ).PushSig(keys
.key2
).Add(CScript() << OP_NOP8
).PushRedeem());
721 tests
.push_back(TestBuilder(CScript() << ToByteVector(keys
.pubkey2C
) << OP_CHECKSIG
,
722 "P2PK with non-push scriptSig but with P2SH validation", 0
723 ).PushSig(keys
.key2
).Add(CScript() << OP_NOP8
));
724 tests
.push_back(TestBuilder(CScript() << ToByteVector(keys
.pubkey2C
) << OP_CHECKSIG
,
725 "P2SH(P2PK) with non-push scriptSig but no SIGPUSHONLY", SCRIPT_VERIFY_P2SH
, true
726 ).PushSig(keys
.key2
).Add(CScript() << OP_NOP8
).PushRedeem().ScriptError(SCRIPT_ERR_SIG_PUSHONLY
));
727 tests
.push_back(TestBuilder(CScript() << ToByteVector(keys
.pubkey2C
) << OP_CHECKSIG
,
728 "P2SH(P2PK) with non-push scriptSig but not P2SH", SCRIPT_VERIFY_SIGPUSHONLY
, true
729 ).PushSig(keys
.key2
).Add(CScript() << OP_NOP8
).PushRedeem().ScriptError(SCRIPT_ERR_SIG_PUSHONLY
));
730 tests
.push_back(TestBuilder(CScript() << OP_2
<< ToByteVector(keys
.pubkey1C
) << ToByteVector(keys
.pubkey1C
) << OP_2
<< OP_CHECKMULTISIG
,
731 "2-of-2 with two identical keys and sigs pushed", SCRIPT_VERIFY_SIGPUSHONLY
732 ).Num(0).PushSig(keys
.key1
).PushSig(keys
.key1
));
733 tests
.push_back(TestBuilder(CScript() << ToByteVector(keys
.pubkey0
) << OP_CHECKSIG
,
734 "P2PK with unnecessary input but no CLEANSTACK", SCRIPT_VERIFY_P2SH
735 ).Num(11).PushSig(keys
.key0
));
736 tests
.push_back(TestBuilder(CScript() << ToByteVector(keys
.pubkey0
) << OP_CHECKSIG
,
737 "P2PK with unnecessary input", SCRIPT_VERIFY_CLEANSTACK
| SCRIPT_VERIFY_P2SH
738 ).Num(11).PushSig(keys
.key0
).ScriptError(SCRIPT_ERR_CLEANSTACK
));
739 tests
.push_back(TestBuilder(CScript() << ToByteVector(keys
.pubkey0
) << OP_CHECKSIG
,
740 "P2SH with unnecessary input but no CLEANSTACK", SCRIPT_VERIFY_P2SH
, true
741 ).Num(11).PushSig(keys
.key0
).PushRedeem());
742 tests
.push_back(TestBuilder(CScript() << ToByteVector(keys
.pubkey0
) << OP_CHECKSIG
,
743 "P2SH with unnecessary input", SCRIPT_VERIFY_CLEANSTACK
| SCRIPT_VERIFY_P2SH
, true
744 ).Num(11).PushSig(keys
.key0
).PushRedeem().ScriptError(SCRIPT_ERR_CLEANSTACK
));
745 tests
.push_back(TestBuilder(CScript() << ToByteVector(keys
.pubkey0
) << OP_CHECKSIG
,
746 "P2SH with CLEANSTACK", SCRIPT_VERIFY_CLEANSTACK
| SCRIPT_VERIFY_P2SH
, true
747 ).PushSig(keys
.key0
).PushRedeem());
749 tests
.push_back(TestBuilder(CScript() << ToByteVector(keys
.pubkey0
) << OP_CHECKSIG
,
750 "Basic P2WSH", SCRIPT_VERIFY_WITNESS
| SCRIPT_VERIFY_P2SH
, false, WITNESS_SH
,
751 0, 1).PushWitSig(keys
.key0
).PushWitRedeem());
752 tests
.push_back(TestBuilder(CScript() << ToByteVector(keys
.pubkey0
),
753 "Basic P2WPKH", SCRIPT_VERIFY_WITNESS
| SCRIPT_VERIFY_P2SH
, false, WITNESS_PKH
,
754 0, 1).PushWitSig(keys
.key0
).Push(keys
.pubkey0
).AsWit());
755 tests
.push_back(TestBuilder(CScript() << ToByteVector(keys
.pubkey0
) << OP_CHECKSIG
,
756 "Basic P2SH(P2WSH)", SCRIPT_VERIFY_WITNESS
| SCRIPT_VERIFY_P2SH
, true, WITNESS_SH
,
757 0, 1).PushWitSig(keys
.key0
).PushWitRedeem().PushRedeem());
758 tests
.push_back(TestBuilder(CScript() << ToByteVector(keys
.pubkey0
),
759 "Basic P2SH(P2WPKH)", SCRIPT_VERIFY_WITNESS
| SCRIPT_VERIFY_P2SH
, true, WITNESS_PKH
,
760 0, 1).PushWitSig(keys
.key0
).Push(keys
.pubkey0
).AsWit().PushRedeem());
761 tests
.push_back(TestBuilder(CScript() << ToByteVector(keys
.pubkey1
) << OP_CHECKSIG
,
762 "Basic P2WSH with the wrong key", SCRIPT_VERIFY_WITNESS
| SCRIPT_VERIFY_P2SH
, false, WITNESS_SH
763 ).PushWitSig(keys
.key0
).PushWitRedeem().ScriptError(SCRIPT_ERR_EVAL_FALSE
));
764 tests
.push_back(TestBuilder(CScript() << ToByteVector(keys
.pubkey1
),
765 "Basic P2WPKH with the wrong key", SCRIPT_VERIFY_WITNESS
| SCRIPT_VERIFY_P2SH
, false, WITNESS_PKH
766 ).PushWitSig(keys
.key0
).Push(keys
.pubkey1
).AsWit().ScriptError(SCRIPT_ERR_EVAL_FALSE
));
767 tests
.push_back(TestBuilder(CScript() << ToByteVector(keys
.pubkey1
) << OP_CHECKSIG
,
768 "Basic P2SH(P2WSH) with the wrong key", SCRIPT_VERIFY_WITNESS
| SCRIPT_VERIFY_P2SH
, true, WITNESS_SH
769 ).PushWitSig(keys
.key0
).PushWitRedeem().PushRedeem().ScriptError(SCRIPT_ERR_EVAL_FALSE
));
770 tests
.push_back(TestBuilder(CScript() << ToByteVector(keys
.pubkey1
),
771 "Basic P2SH(P2WPKH) with the wrong key", SCRIPT_VERIFY_WITNESS
| SCRIPT_VERIFY_P2SH
, true, WITNESS_PKH
772 ).PushWitSig(keys
.key0
).Push(keys
.pubkey1
).AsWit().PushRedeem().ScriptError(SCRIPT_ERR_EVAL_FALSE
));
773 tests
.push_back(TestBuilder(CScript() << ToByteVector(keys
.pubkey1
) << OP_CHECKSIG
,
774 "Basic P2WSH with the wrong key but no WITNESS", SCRIPT_VERIFY_P2SH
, false, WITNESS_SH
775 ).PushWitSig(keys
.key0
).PushWitRedeem());
776 tests
.push_back(TestBuilder(CScript() << ToByteVector(keys
.pubkey1
),
777 "Basic P2WPKH with the wrong key but no WITNESS", SCRIPT_VERIFY_P2SH
, false, WITNESS_PKH
778 ).PushWitSig(keys
.key0
).Push(keys
.pubkey1
).AsWit());
779 tests
.push_back(TestBuilder(CScript() << ToByteVector(keys
.pubkey1
) << OP_CHECKSIG
,
780 "Basic P2SH(P2WSH) with the wrong key but no WITNESS", SCRIPT_VERIFY_P2SH
, true, WITNESS_SH
781 ).PushWitSig(keys
.key0
).PushWitRedeem().PushRedeem());
782 tests
.push_back(TestBuilder(CScript() << ToByteVector(keys
.pubkey1
),
783 "Basic P2SH(P2WPKH) with the wrong key but no WITNESS", SCRIPT_VERIFY_P2SH
, true, WITNESS_PKH
784 ).PushWitSig(keys
.key0
).Push(keys
.pubkey1
).AsWit().PushRedeem());
785 tests
.push_back(TestBuilder(CScript() << ToByteVector(keys
.pubkey0
) << OP_CHECKSIG
,
786 "Basic P2WSH with wrong value", SCRIPT_VERIFY_WITNESS
| SCRIPT_VERIFY_P2SH
, false, WITNESS_SH
,
787 0, 0).PushWitSig(keys
.key0
, 1).PushWitRedeem().ScriptError(SCRIPT_ERR_EVAL_FALSE
));
788 tests
.push_back(TestBuilder(CScript() << ToByteVector(keys
.pubkey0
),
789 "Basic P2WPKH with wrong value", SCRIPT_VERIFY_WITNESS
| SCRIPT_VERIFY_P2SH
, false, WITNESS_PKH
,
790 0, 0).PushWitSig(keys
.key0
, 1).Push(keys
.pubkey0
).AsWit().ScriptError(SCRIPT_ERR_EVAL_FALSE
));
791 tests
.push_back(TestBuilder(CScript() << ToByteVector(keys
.pubkey0
) << OP_CHECKSIG
,
792 "Basic P2SH(P2WSH) with wrong value", SCRIPT_VERIFY_WITNESS
| SCRIPT_VERIFY_P2SH
, true, WITNESS_SH
,
793 0, 0).PushWitSig(keys
.key0
, 1).PushWitRedeem().PushRedeem().ScriptError(SCRIPT_ERR_EVAL_FALSE
));
794 tests
.push_back(TestBuilder(CScript() << ToByteVector(keys
.pubkey0
),
795 "Basic P2SH(P2WPKH) with wrong value", SCRIPT_VERIFY_WITNESS
| SCRIPT_VERIFY_P2SH
, true, WITNESS_PKH
,
796 0, 0).PushWitSig(keys
.key0
, 1).Push(keys
.pubkey0
).AsWit().PushRedeem().ScriptError(SCRIPT_ERR_EVAL_FALSE
));
798 tests
.push_back(TestBuilder(CScript() << ToByteVector(keys
.pubkey0
),
799 "P2WPKH with future witness version", SCRIPT_VERIFY_WITNESS
| SCRIPT_VERIFY_P2SH
|
800 SCRIPT_VERIFY_DISCOURAGE_UPGRADABLE_WITNESS_PROGRAM
, false, WITNESS_PKH
, 1
801 ).PushWitSig(keys
.key0
).Push(keys
.pubkey0
).AsWit().ScriptError(SCRIPT_ERR_DISCOURAGE_UPGRADABLE_WITNESS_PROGRAM
));
803 CScript witscript
= CScript() << ToByteVector(keys
.pubkey0
);
805 CSHA256().Write(&witscript
[0], witscript
.size()).Finalize(hash
.begin());
806 std::vector
<unsigned char> hashBytes
= ToByteVector(hash
);
807 hashBytes
.pop_back();
808 tests
.push_back(TestBuilder(CScript() << OP_0
<< hashBytes
,
809 "P2WPKH with wrong witness program length", SCRIPT_VERIFY_WITNESS
| SCRIPT_VERIFY_P2SH
, false
810 ).PushWitSig(keys
.key0
).Push(keys
.pubkey0
).AsWit().ScriptError(SCRIPT_ERR_WITNESS_PROGRAM_WRONG_LENGTH
));
812 tests
.push_back(TestBuilder(CScript() << ToByteVector(keys
.pubkey0
) << OP_CHECKSIG
,
813 "P2WSH with empty witness", SCRIPT_VERIFY_WITNESS
| SCRIPT_VERIFY_P2SH
, false, WITNESS_SH
814 ).ScriptError(SCRIPT_ERR_WITNESS_PROGRAM_WITNESS_EMPTY
));
816 CScript witscript
= CScript() << ToByteVector(keys
.pubkey0
) << OP_CHECKSIG
;
817 tests
.push_back(TestBuilder(witscript
,
818 "P2WSH with witness program mismatch", SCRIPT_VERIFY_WITNESS
| SCRIPT_VERIFY_P2SH
, false, WITNESS_SH
819 ).PushWitSig(keys
.key0
).Push(witscript
).DamagePush(0).AsWit().ScriptError(SCRIPT_ERR_WITNESS_PROGRAM_MISMATCH
));
821 tests
.push_back(TestBuilder(CScript() << ToByteVector(keys
.pubkey0
),
822 "P2WPKH with witness program mismatch", SCRIPT_VERIFY_WITNESS
| SCRIPT_VERIFY_P2SH
, false, WITNESS_PKH
823 ).PushWitSig(keys
.key0
).Push(keys
.pubkey0
).AsWit().Push("0").AsWit().ScriptError(SCRIPT_ERR_WITNESS_PROGRAM_MISMATCH
));
824 tests
.push_back(TestBuilder(CScript() << ToByteVector(keys
.pubkey0
),
825 "P2WPKH with non-empty scriptSig", SCRIPT_VERIFY_WITNESS
| SCRIPT_VERIFY_P2SH
, false, WITNESS_PKH
826 ).PushWitSig(keys
.key0
).Push(keys
.pubkey0
).AsWit().Num(11).ScriptError(SCRIPT_ERR_WITNESS_MALLEATED
));
827 tests
.push_back(TestBuilder(CScript() << ToByteVector(keys
.pubkey1
),
828 "P2SH(P2WPKH) with superfluous push in scriptSig", SCRIPT_VERIFY_WITNESS
| SCRIPT_VERIFY_P2SH
, true, WITNESS_PKH
829 ).PushWitSig(keys
.key0
).Push(keys
.pubkey1
).AsWit().Num(11).PushRedeem().ScriptError(SCRIPT_ERR_WITNESS_MALLEATED_P2SH
));
830 tests
.push_back(TestBuilder(CScript() << ToByteVector(keys
.pubkey0
) << OP_CHECKSIG
,
831 "P2PK with witness", SCRIPT_VERIFY_WITNESS
| SCRIPT_VERIFY_P2SH
832 ).PushSig(keys
.key0
).Push("0").AsWit().ScriptError(SCRIPT_ERR_WITNESS_UNEXPECTED
));
834 // Compressed keys should pass SCRIPT_VERIFY_WITNESS_PUBKEYTYPE
835 tests
.push_back(TestBuilder(CScript() << ToByteVector(keys
.pubkey0C
) << OP_CHECKSIG
,
836 "Basic P2WSH with compressed key", SCRIPT_VERIFY_WITNESS
| SCRIPT_VERIFY_P2SH
| SCRIPT_VERIFY_WITNESS_PUBKEYTYPE
, false, WITNESS_SH
,
837 0, 1).PushWitSig(keys
.key0C
).PushWitRedeem());
838 tests
.push_back(TestBuilder(CScript() << ToByteVector(keys
.pubkey0C
),
839 "Basic P2WPKH with compressed key", SCRIPT_VERIFY_WITNESS
| SCRIPT_VERIFY_P2SH
| SCRIPT_VERIFY_WITNESS_PUBKEYTYPE
, false, WITNESS_PKH
,
840 0, 1).PushWitSig(keys
.key0C
).Push(keys
.pubkey0C
).AsWit());
841 tests
.push_back(TestBuilder(CScript() << ToByteVector(keys
.pubkey0C
) << OP_CHECKSIG
,
842 "Basic P2SH(P2WSH) with compressed key", SCRIPT_VERIFY_WITNESS
| SCRIPT_VERIFY_P2SH
| SCRIPT_VERIFY_WITNESS_PUBKEYTYPE
, true, WITNESS_SH
,
843 0, 1).PushWitSig(keys
.key0C
).PushWitRedeem().PushRedeem());
844 tests
.push_back(TestBuilder(CScript() << ToByteVector(keys
.pubkey0C
),
845 "Basic P2SH(P2WPKH) with compressed key", SCRIPT_VERIFY_WITNESS
| SCRIPT_VERIFY_P2SH
| SCRIPT_VERIFY_WITNESS_PUBKEYTYPE
, true, WITNESS_PKH
,
846 0, 1).PushWitSig(keys
.key0C
).Push(keys
.pubkey0C
).AsWit().PushRedeem());
848 // Testing uncompressed key in witness with SCRIPT_VERIFY_WITNESS_PUBKEYTYPE
849 tests
.push_back(TestBuilder(CScript() << ToByteVector(keys
.pubkey0
) << OP_CHECKSIG
,
850 "Basic P2WSH", SCRIPT_VERIFY_WITNESS
| SCRIPT_VERIFY_P2SH
| SCRIPT_VERIFY_WITNESS_PUBKEYTYPE
, false, WITNESS_SH
,
851 0, 1).PushWitSig(keys
.key0
).PushWitRedeem().ScriptError(SCRIPT_ERR_WITNESS_PUBKEYTYPE
));
852 tests
.push_back(TestBuilder(CScript() << ToByteVector(keys
.pubkey0
),
853 "Basic P2WPKH", SCRIPT_VERIFY_WITNESS
| SCRIPT_VERIFY_P2SH
| SCRIPT_VERIFY_WITNESS_PUBKEYTYPE
, false, WITNESS_PKH
,
854 0, 1).PushWitSig(keys
.key0
).Push(keys
.pubkey0
).AsWit().ScriptError(SCRIPT_ERR_WITNESS_PUBKEYTYPE
));
855 tests
.push_back(TestBuilder(CScript() << ToByteVector(keys
.pubkey0
) << OP_CHECKSIG
,
856 "Basic P2SH(P2WSH)", SCRIPT_VERIFY_WITNESS
| SCRIPT_VERIFY_P2SH
| SCRIPT_VERIFY_WITNESS_PUBKEYTYPE
, true, WITNESS_SH
,
857 0, 1).PushWitSig(keys
.key0
).PushWitRedeem().PushRedeem().ScriptError(SCRIPT_ERR_WITNESS_PUBKEYTYPE
));
858 tests
.push_back(TestBuilder(CScript() << ToByteVector(keys
.pubkey0
),
859 "Basic P2SH(P2WPKH)", SCRIPT_VERIFY_WITNESS
| SCRIPT_VERIFY_P2SH
| SCRIPT_VERIFY_WITNESS_PUBKEYTYPE
, true, WITNESS_PKH
,
860 0, 1).PushWitSig(keys
.key0
).Push(keys
.pubkey0
).AsWit().PushRedeem().ScriptError(SCRIPT_ERR_WITNESS_PUBKEYTYPE
));
862 // P2WSH 1-of-2 multisig with compressed keys
863 tests
.push_back(TestBuilder(CScript() << OP_1
<< ToByteVector(keys
.pubkey1C
) << ToByteVector(keys
.pubkey0C
) << OP_2
<< OP_CHECKMULTISIG
,
864 "P2WSH CHECKMULTISIG with compressed keys", SCRIPT_VERIFY_WITNESS
| SCRIPT_VERIFY_P2SH
| SCRIPT_VERIFY_WITNESS_PUBKEYTYPE
, false, WITNESS_SH
,
865 0, 1).Push(CScript()).AsWit().PushWitSig(keys
.key0C
).PushWitRedeem());
866 tests
.push_back(TestBuilder(CScript() << OP_1
<< ToByteVector(keys
.pubkey1C
) << ToByteVector(keys
.pubkey0C
) << OP_2
<< OP_CHECKMULTISIG
,
867 "P2SH(P2WSH) CHECKMULTISIG with compressed keys", SCRIPT_VERIFY_WITNESS
| SCRIPT_VERIFY_P2SH
| SCRIPT_VERIFY_WITNESS_PUBKEYTYPE
, true, WITNESS_SH
,
868 0, 1).Push(CScript()).AsWit().PushWitSig(keys
.key0C
).PushWitRedeem().PushRedeem());
869 tests
.push_back(TestBuilder(CScript() << OP_1
<< ToByteVector(keys
.pubkey1C
) << ToByteVector(keys
.pubkey0C
) << OP_2
<< OP_CHECKMULTISIG
,
870 "P2WSH CHECKMULTISIG with compressed keys", SCRIPT_VERIFY_WITNESS
| SCRIPT_VERIFY_P2SH
| SCRIPT_VERIFY_WITNESS_PUBKEYTYPE
, false, WITNESS_SH
,
871 0, 1).Push(CScript()).AsWit().PushWitSig(keys
.key1C
).PushWitRedeem());
872 tests
.push_back(TestBuilder(CScript() << OP_1
<< ToByteVector(keys
.pubkey1C
) << ToByteVector(keys
.pubkey0C
) << OP_2
<< OP_CHECKMULTISIG
,
873 "P2SH(P2WSH) CHECKMULTISIG with compressed keys", SCRIPT_VERIFY_WITNESS
| SCRIPT_VERIFY_P2SH
| SCRIPT_VERIFY_WITNESS_PUBKEYTYPE
, true, WITNESS_SH
,
874 0, 1).Push(CScript()).AsWit().PushWitSig(keys
.key1C
).PushWitRedeem().PushRedeem());
876 // P2WSH 1-of-2 multisig with first key uncompressed
877 tests
.push_back(TestBuilder(CScript() << OP_1
<< ToByteVector(keys
.pubkey1C
) << ToByteVector(keys
.pubkey0
) << OP_2
<< OP_CHECKMULTISIG
,
878 "P2WSH CHECKMULTISIG with first key uncompressed and signing with the first key", SCRIPT_VERIFY_WITNESS
| SCRIPT_VERIFY_P2SH
, false, WITNESS_SH
,
879 0, 1).Push(CScript()).AsWit().PushWitSig(keys
.key0
).PushWitRedeem());
880 tests
.push_back(TestBuilder(CScript() << OP_1
<< ToByteVector(keys
.pubkey1C
) << ToByteVector(keys
.pubkey0
) << OP_2
<< OP_CHECKMULTISIG
,
881 "P2SH(P2WSH) CHECKMULTISIG first key uncompressed and signing with the first key", SCRIPT_VERIFY_WITNESS
| SCRIPT_VERIFY_P2SH
, true, WITNESS_SH
,
882 0, 1).Push(CScript()).AsWit().PushWitSig(keys
.key0
).PushWitRedeem().PushRedeem());
883 tests
.push_back(TestBuilder(CScript() << OP_1
<< ToByteVector(keys
.pubkey1C
) << ToByteVector(keys
.pubkey0
) << OP_2
<< OP_CHECKMULTISIG
,
884 "P2WSH CHECKMULTISIG with first key uncompressed and signing with the first key", SCRIPT_VERIFY_WITNESS
| SCRIPT_VERIFY_P2SH
| SCRIPT_VERIFY_WITNESS_PUBKEYTYPE
, false, WITNESS_SH
,
885 0, 1).Push(CScript()).AsWit().PushWitSig(keys
.key0
).PushWitRedeem().ScriptError(SCRIPT_ERR_WITNESS_PUBKEYTYPE
));
886 tests
.push_back(TestBuilder(CScript() << OP_1
<< ToByteVector(keys
.pubkey1C
) << ToByteVector(keys
.pubkey0
) << OP_2
<< OP_CHECKMULTISIG
,
887 "P2SH(P2WSH) CHECKMULTISIG with first key uncompressed and signing with the first key", SCRIPT_VERIFY_WITNESS
| SCRIPT_VERIFY_P2SH
| SCRIPT_VERIFY_WITNESS_PUBKEYTYPE
, true, WITNESS_SH
,
888 0, 1).Push(CScript()).AsWit().PushWitSig(keys
.key0
).PushWitRedeem().PushRedeem().ScriptError(SCRIPT_ERR_WITNESS_PUBKEYTYPE
));
889 tests
.push_back(TestBuilder(CScript() << OP_1
<< ToByteVector(keys
.pubkey1C
) << ToByteVector(keys
.pubkey0
) << OP_2
<< OP_CHECKMULTISIG
,
890 "P2WSH CHECKMULTISIG with first key uncompressed and signing with the second key", SCRIPT_VERIFY_WITNESS
| SCRIPT_VERIFY_P2SH
, false, WITNESS_SH
,
891 0, 1).Push(CScript()).AsWit().PushWitSig(keys
.key1C
).PushWitRedeem());
892 tests
.push_back(TestBuilder(CScript() << OP_1
<< ToByteVector(keys
.pubkey1C
) << ToByteVector(keys
.pubkey0
) << OP_2
<< OP_CHECKMULTISIG
,
893 "P2SH(P2WSH) CHECKMULTISIG with first key uncompressed and signing with the second key", SCRIPT_VERIFY_WITNESS
| SCRIPT_VERIFY_P2SH
, true, WITNESS_SH
,
894 0, 1).Push(CScript()).AsWit().PushWitSig(keys
.key1C
).PushWitRedeem().PushRedeem());
895 tests
.push_back(TestBuilder(CScript() << OP_1
<< ToByteVector(keys
.pubkey1C
) << ToByteVector(keys
.pubkey0
) << OP_2
<< OP_CHECKMULTISIG
,
896 "P2WSH CHECKMULTISIG with first key uncompressed and signing with the second key", SCRIPT_VERIFY_WITNESS
| SCRIPT_VERIFY_P2SH
| SCRIPT_VERIFY_WITNESS_PUBKEYTYPE
, false, WITNESS_SH
,
897 0, 1).Push(CScript()).AsWit().PushWitSig(keys
.key1C
).PushWitRedeem().ScriptError(SCRIPT_ERR_WITNESS_PUBKEYTYPE
));
898 tests
.push_back(TestBuilder(CScript() << OP_1
<< ToByteVector(keys
.pubkey1C
) << ToByteVector(keys
.pubkey0
) << OP_2
<< OP_CHECKMULTISIG
,
899 "P2SH(P2WSH) CHECKMULTISIG with first key uncompressed and signing with the second key", SCRIPT_VERIFY_WITNESS
| SCRIPT_VERIFY_P2SH
| SCRIPT_VERIFY_WITNESS_PUBKEYTYPE
, true, WITNESS_SH
,
900 0, 1).Push(CScript()).AsWit().PushWitSig(keys
.key1C
).PushWitRedeem().PushRedeem().ScriptError(SCRIPT_ERR_WITNESS_PUBKEYTYPE
));
901 // P2WSH 1-of-2 multisig with second key uncompressed
902 tests
.push_back(TestBuilder(CScript() << OP_1
<< ToByteVector(keys
.pubkey1
) << ToByteVector(keys
.pubkey0C
) << OP_2
<< OP_CHECKMULTISIG
,
903 "P2WSH CHECKMULTISIG with second key uncompressed and signing with the first key", SCRIPT_VERIFY_WITNESS
| SCRIPT_VERIFY_P2SH
, false, WITNESS_SH
,
904 0, 1).Push(CScript()).AsWit().PushWitSig(keys
.key0C
).PushWitRedeem());
905 tests
.push_back(TestBuilder(CScript() << OP_1
<< ToByteVector(keys
.pubkey1
) << ToByteVector(keys
.pubkey0C
) << OP_2
<< OP_CHECKMULTISIG
,
906 "P2SH(P2WSH) CHECKMULTISIG second key uncompressed and signing with the first key", SCRIPT_VERIFY_WITNESS
| SCRIPT_VERIFY_P2SH
, true, WITNESS_SH
,
907 0, 1).Push(CScript()).AsWit().PushWitSig(keys
.key0C
).PushWitRedeem().PushRedeem());
908 tests
.push_back(TestBuilder(CScript() << OP_1
<< ToByteVector(keys
.pubkey1
) << ToByteVector(keys
.pubkey0C
) << OP_2
<< OP_CHECKMULTISIG
,
909 "P2WSH CHECKMULTISIG with second key uncompressed and signing with the first key should pass as the uncompressed key is not used", SCRIPT_VERIFY_WITNESS
| SCRIPT_VERIFY_P2SH
| SCRIPT_VERIFY_WITNESS_PUBKEYTYPE
, false, WITNESS_SH
,
910 0, 1).Push(CScript()).AsWit().PushWitSig(keys
.key0C
).PushWitRedeem());
911 tests
.push_back(TestBuilder(CScript() << OP_1
<< ToByteVector(keys
.pubkey1
) << ToByteVector(keys
.pubkey0C
) << OP_2
<< OP_CHECKMULTISIG
,
912 "P2SH(P2WSH) CHECKMULTISIG with second key uncompressed and signing with the first key should pass as the uncompressed key is not used", SCRIPT_VERIFY_WITNESS
| SCRIPT_VERIFY_P2SH
| SCRIPT_VERIFY_WITNESS_PUBKEYTYPE
, true, WITNESS_SH
,
913 0, 1).Push(CScript()).AsWit().PushWitSig(keys
.key0C
).PushWitRedeem().PushRedeem());
914 tests
.push_back(TestBuilder(CScript() << OP_1
<< ToByteVector(keys
.pubkey1
) << ToByteVector(keys
.pubkey0C
) << OP_2
<< OP_CHECKMULTISIG
,
915 "P2WSH CHECKMULTISIG with second key uncompressed and signing with the second key", SCRIPT_VERIFY_WITNESS
| SCRIPT_VERIFY_P2SH
, false, WITNESS_SH
,
916 0, 1).Push(CScript()).AsWit().PushWitSig(keys
.key1
).PushWitRedeem());
917 tests
.push_back(TestBuilder(CScript() << OP_1
<< ToByteVector(keys
.pubkey1
) << ToByteVector(keys
.pubkey0C
) << OP_2
<< OP_CHECKMULTISIG
,
918 "P2SH(P2WSH) CHECKMULTISIG with second key uncompressed and signing with the second key", SCRIPT_VERIFY_WITNESS
| SCRIPT_VERIFY_P2SH
, true, WITNESS_SH
,
919 0, 1).Push(CScript()).AsWit().PushWitSig(keys
.key1
).PushWitRedeem().PushRedeem());
920 tests
.push_back(TestBuilder(CScript() << OP_1
<< ToByteVector(keys
.pubkey1
) << ToByteVector(keys
.pubkey0C
) << OP_2
<< OP_CHECKMULTISIG
,
921 "P2WSH CHECKMULTISIG with second key uncompressed and signing with the second key", SCRIPT_VERIFY_WITNESS
| SCRIPT_VERIFY_P2SH
| SCRIPT_VERIFY_WITNESS_PUBKEYTYPE
, false, WITNESS_SH
,
922 0, 1).Push(CScript()).AsWit().PushWitSig(keys
.key1
).PushWitRedeem().ScriptError(SCRIPT_ERR_WITNESS_PUBKEYTYPE
));
923 tests
.push_back(TestBuilder(CScript() << OP_1
<< ToByteVector(keys
.pubkey1
) << ToByteVector(keys
.pubkey0C
) << OP_2
<< OP_CHECKMULTISIG
,
924 "P2SH(P2WSH) CHECKMULTISIG with second key uncompressed and signing with the second key", SCRIPT_VERIFY_WITNESS
| SCRIPT_VERIFY_P2SH
| SCRIPT_VERIFY_WITNESS_PUBKEYTYPE
, true, WITNESS_SH
,
925 0, 1).Push(CScript()).AsWit().PushWitSig(keys
.key1
).PushWitRedeem().PushRedeem().ScriptError(SCRIPT_ERR_WITNESS_PUBKEYTYPE
));
927 std::set
<std::string
> tests_set
;
930 UniValue json_tests
= read_json(std::string(json_tests::script_tests
, json_tests::script_tests
+ sizeof(json_tests::script_tests
)));
932 for (unsigned int idx
= 0; idx
< json_tests
.size(); idx
++) {
933 const UniValue
& tv
= json_tests
[idx
];
934 tests_set
.insert(JSONPrettyPrint(tv
.get_array()));
940 for (TestBuilder
& test
: tests
) {
942 std::string str
= JSONPrettyPrint(test
.GetJSON());
943 #ifndef UPDATE_JSON_TESTS
944 if (tests_set
.count(str
) == 0) {
945 BOOST_CHECK_MESSAGE(false, "Missing auto script_valid test: " + test
.GetComment());
948 strGen
+= str
+ ",\n";
951 #ifdef UPDATE_JSON_TESTS
952 FILE* file
= fopen("script_tests.json.gen", "w");
953 fputs(strGen
.c_str(), file
);
958 BOOST_AUTO_TEST_CASE(script_json_test
)
960 // Read tests from test/data/script_tests.json
961 // Format is an array of arrays
962 // Inner arrays are [ ["wit"..., nValue]?, "scriptSig", "scriptPubKey", "flags", "expected_scripterror" ]
963 // ... where scriptSig and scriptPubKey are stringified
965 // If a witness is given, then the last value in the array should be the
966 // amount (nValue) to use in the crediting tx
967 UniValue tests
= read_json(std::string(json_tests::script_tests
, json_tests::script_tests
+ sizeof(json_tests::script_tests
)));
969 for (unsigned int idx
= 0; idx
< tests
.size(); idx
++) {
970 UniValue test
= tests
[idx
];
971 std::string strTest
= test
.write();
972 CScriptWitness witness
;
974 unsigned int pos
= 0;
975 if (test
.size() > 0 && test
[pos
].isArray()) {
977 for (i
= 0; i
< test
[pos
].size()-1; i
++) {
978 witness
.stack
.push_back(ParseHex(test
[pos
][i
].get_str()));
980 nValue
= AmountFromValue(test
[pos
][i
]);
983 if (test
.size() < 4 + pos
) // Allow size > 3; extra stuff ignored (useful for comments)
985 if (test
.size() != 1) {
986 BOOST_ERROR("Bad test: " << strTest
);
990 std::string scriptSigString
= test
[pos
++].get_str();
991 CScript scriptSig
= ParseScript(scriptSigString
);
992 std::string scriptPubKeyString
= test
[pos
++].get_str();
993 CScript scriptPubKey
= ParseScript(scriptPubKeyString
);
994 unsigned int scriptflags
= ParseScriptFlags(test
[pos
++].get_str());
995 int scriptError
= ParseScriptError(test
[pos
++].get_str());
997 DoTest(scriptPubKey
, scriptSig
, witness
, scriptflags
, strTest
, scriptError
, nValue
);
1001 BOOST_AUTO_TEST_CASE(script_PushData
)
1003 // Check that PUSHDATA1, PUSHDATA2, and PUSHDATA4 create the same value on
1004 // the stack as the 1-75 opcodes do.
1005 static const unsigned char direct
[] = { 1, 0x5a };
1006 static const unsigned char pushdata1
[] = { OP_PUSHDATA1
, 1, 0x5a };
1007 static const unsigned char pushdata2
[] = { OP_PUSHDATA2
, 1, 0, 0x5a };
1008 static const unsigned char pushdata4
[] = { OP_PUSHDATA4
, 1, 0, 0, 0, 0x5a };
1011 std::vector
<std::vector
<unsigned char> > directStack
;
1012 BOOST_CHECK(EvalScript(directStack
, CScript(&direct
[0], &direct
[sizeof(direct
)]), SCRIPT_VERIFY_P2SH
, BaseSignatureChecker(), SIGVERSION_BASE
, &err
));
1013 BOOST_CHECK_MESSAGE(err
== SCRIPT_ERR_OK
, ScriptErrorString(err
));
1015 std::vector
<std::vector
<unsigned char> > pushdata1Stack
;
1016 BOOST_CHECK(EvalScript(pushdata1Stack
, CScript(&pushdata1
[0], &pushdata1
[sizeof(pushdata1
)]), SCRIPT_VERIFY_P2SH
, BaseSignatureChecker(), SIGVERSION_BASE
, &err
));
1017 BOOST_CHECK(pushdata1Stack
== directStack
);
1018 BOOST_CHECK_MESSAGE(err
== SCRIPT_ERR_OK
, ScriptErrorString(err
));
1020 std::vector
<std::vector
<unsigned char> > pushdata2Stack
;
1021 BOOST_CHECK(EvalScript(pushdata2Stack
, CScript(&pushdata2
[0], &pushdata2
[sizeof(pushdata2
)]), SCRIPT_VERIFY_P2SH
, BaseSignatureChecker(), SIGVERSION_BASE
, &err
));
1022 BOOST_CHECK(pushdata2Stack
== directStack
);
1023 BOOST_CHECK_MESSAGE(err
== SCRIPT_ERR_OK
, ScriptErrorString(err
));
1025 std::vector
<std::vector
<unsigned char> > pushdata4Stack
;
1026 BOOST_CHECK(EvalScript(pushdata4Stack
, CScript(&pushdata4
[0], &pushdata4
[sizeof(pushdata4
)]), SCRIPT_VERIFY_P2SH
, BaseSignatureChecker(), SIGVERSION_BASE
, &err
));
1027 BOOST_CHECK(pushdata4Stack
== directStack
);
1028 BOOST_CHECK_MESSAGE(err
== SCRIPT_ERR_OK
, ScriptErrorString(err
));
1032 sign_multisig(CScript scriptPubKey
, std::vector
<CKey
> keys
, CTransaction transaction
)
1034 uint256 hash
= SignatureHash(scriptPubKey
, transaction
, 0, SIGHASH_ALL
, 0, SIGVERSION_BASE
);
1038 // NOTE: CHECKMULTISIG has an unfortunate bug; it requires
1039 // one extra item on the stack, before the signatures.
1040 // Putting OP_0 on the stack is the workaround;
1041 // fixing the bug would mean splitting the block chain (old
1042 // clients would not accept new CHECKMULTISIG transactions,
1046 for (const CKey
&key
: keys
)
1048 std::vector
<unsigned char> vchSig
;
1049 BOOST_CHECK(key
.Sign(hash
, vchSig
));
1050 vchSig
.push_back((unsigned char)SIGHASH_ALL
);
1056 sign_multisig(CScript scriptPubKey
, const CKey
&key
, CTransaction transaction
)
1058 std::vector
<CKey
> keys
;
1059 keys
.push_back(key
);
1060 return sign_multisig(scriptPubKey
, keys
, transaction
);
1063 BOOST_AUTO_TEST_CASE(script_CHECKMULTISIG12
)
1066 CKey key1
, key2
, key3
;
1067 key1
.MakeNewKey(true);
1068 key2
.MakeNewKey(false);
1069 key3
.MakeNewKey(true);
1071 CScript scriptPubKey12
;
1072 scriptPubKey12
<< OP_1
<< ToByteVector(key1
.GetPubKey()) << ToByteVector(key2
.GetPubKey()) << OP_2
<< OP_CHECKMULTISIG
;
1074 CMutableTransaction txFrom12
= BuildCreditingTransaction(scriptPubKey12
);
1075 CMutableTransaction txTo12
= BuildSpendingTransaction(CScript(), CScriptWitness(), txFrom12
);
1077 CScript goodsig1
= sign_multisig(scriptPubKey12
, key1
, txTo12
);
1078 BOOST_CHECK(VerifyScript(goodsig1
, scriptPubKey12
, nullptr, gFlags
, MutableTransactionSignatureChecker(&txTo12
, 0, txFrom12
.vout
[0].nValue
), &err
));
1079 BOOST_CHECK_MESSAGE(err
== SCRIPT_ERR_OK
, ScriptErrorString(err
));
1080 txTo12
.vout
[0].nValue
= 2;
1081 BOOST_CHECK(!VerifyScript(goodsig1
, scriptPubKey12
, nullptr, gFlags
, MutableTransactionSignatureChecker(&txTo12
, 0, txFrom12
.vout
[0].nValue
), &err
));
1082 BOOST_CHECK_MESSAGE(err
== SCRIPT_ERR_EVAL_FALSE
, ScriptErrorString(err
));
1084 CScript goodsig2
= sign_multisig(scriptPubKey12
, key2
, txTo12
);
1085 BOOST_CHECK(VerifyScript(goodsig2
, scriptPubKey12
, nullptr, gFlags
, MutableTransactionSignatureChecker(&txTo12
, 0, txFrom12
.vout
[0].nValue
), &err
));
1086 BOOST_CHECK_MESSAGE(err
== SCRIPT_ERR_OK
, ScriptErrorString(err
));
1088 CScript badsig1
= sign_multisig(scriptPubKey12
, key3
, txTo12
);
1089 BOOST_CHECK(!VerifyScript(badsig1
, scriptPubKey12
, nullptr, gFlags
, MutableTransactionSignatureChecker(&txTo12
, 0, txFrom12
.vout
[0].nValue
), &err
));
1090 BOOST_CHECK_MESSAGE(err
== SCRIPT_ERR_EVAL_FALSE
, ScriptErrorString(err
));
1093 BOOST_AUTO_TEST_CASE(script_CHECKMULTISIG23
)
1096 CKey key1
, key2
, key3
, key4
;
1097 key1
.MakeNewKey(true);
1098 key2
.MakeNewKey(false);
1099 key3
.MakeNewKey(true);
1100 key4
.MakeNewKey(false);
1102 CScript scriptPubKey23
;
1103 scriptPubKey23
<< OP_2
<< ToByteVector(key1
.GetPubKey()) << ToByteVector(key2
.GetPubKey()) << ToByteVector(key3
.GetPubKey()) << OP_3
<< OP_CHECKMULTISIG
;
1105 CMutableTransaction txFrom23
= BuildCreditingTransaction(scriptPubKey23
);
1106 CMutableTransaction txTo23
= BuildSpendingTransaction(CScript(), CScriptWitness(), txFrom23
);
1108 std::vector
<CKey
> keys
;
1109 keys
.push_back(key1
); keys
.push_back(key2
);
1110 CScript goodsig1
= sign_multisig(scriptPubKey23
, keys
, txTo23
);
1111 BOOST_CHECK(VerifyScript(goodsig1
, scriptPubKey23
, nullptr, gFlags
, MutableTransactionSignatureChecker(&txTo23
, 0, txFrom23
.vout
[0].nValue
), &err
));
1112 BOOST_CHECK_MESSAGE(err
== SCRIPT_ERR_OK
, ScriptErrorString(err
));
1115 keys
.push_back(key1
); keys
.push_back(key3
);
1116 CScript goodsig2
= sign_multisig(scriptPubKey23
, keys
, txTo23
);
1117 BOOST_CHECK(VerifyScript(goodsig2
, scriptPubKey23
, nullptr, gFlags
, MutableTransactionSignatureChecker(&txTo23
, 0, txFrom23
.vout
[0].nValue
), &err
));
1118 BOOST_CHECK_MESSAGE(err
== SCRIPT_ERR_OK
, ScriptErrorString(err
));
1121 keys
.push_back(key2
); keys
.push_back(key3
);
1122 CScript goodsig3
= sign_multisig(scriptPubKey23
, keys
, txTo23
);
1123 BOOST_CHECK(VerifyScript(goodsig3
, scriptPubKey23
, nullptr, gFlags
, MutableTransactionSignatureChecker(&txTo23
, 0, txFrom23
.vout
[0].nValue
), &err
));
1124 BOOST_CHECK_MESSAGE(err
== SCRIPT_ERR_OK
, ScriptErrorString(err
));
1127 keys
.push_back(key2
); keys
.push_back(key2
); // Can't re-use sig
1128 CScript badsig1
= sign_multisig(scriptPubKey23
, keys
, txTo23
);
1129 BOOST_CHECK(!VerifyScript(badsig1
, scriptPubKey23
, nullptr, gFlags
, MutableTransactionSignatureChecker(&txTo23
, 0, txFrom23
.vout
[0].nValue
), &err
));
1130 BOOST_CHECK_MESSAGE(err
== SCRIPT_ERR_EVAL_FALSE
, ScriptErrorString(err
));
1133 keys
.push_back(key2
); keys
.push_back(key1
); // sigs must be in correct order
1134 CScript badsig2
= sign_multisig(scriptPubKey23
, keys
, txTo23
);
1135 BOOST_CHECK(!VerifyScript(badsig2
, scriptPubKey23
, nullptr, gFlags
, MutableTransactionSignatureChecker(&txTo23
, 0, txFrom23
.vout
[0].nValue
), &err
));
1136 BOOST_CHECK_MESSAGE(err
== SCRIPT_ERR_EVAL_FALSE
, ScriptErrorString(err
));
1139 keys
.push_back(key3
); keys
.push_back(key2
); // sigs must be in correct order
1140 CScript badsig3
= sign_multisig(scriptPubKey23
, keys
, txTo23
);
1141 BOOST_CHECK(!VerifyScript(badsig3
, scriptPubKey23
, nullptr, gFlags
, MutableTransactionSignatureChecker(&txTo23
, 0, txFrom23
.vout
[0].nValue
), &err
));
1142 BOOST_CHECK_MESSAGE(err
== SCRIPT_ERR_EVAL_FALSE
, ScriptErrorString(err
));
1145 keys
.push_back(key4
); keys
.push_back(key2
); // sigs must match pubkeys
1146 CScript badsig4
= sign_multisig(scriptPubKey23
, keys
, txTo23
);
1147 BOOST_CHECK(!VerifyScript(badsig4
, scriptPubKey23
, nullptr, gFlags
, MutableTransactionSignatureChecker(&txTo23
, 0, txFrom23
.vout
[0].nValue
), &err
));
1148 BOOST_CHECK_MESSAGE(err
== SCRIPT_ERR_EVAL_FALSE
, ScriptErrorString(err
));
1151 keys
.push_back(key1
); keys
.push_back(key4
); // sigs must match pubkeys
1152 CScript badsig5
= sign_multisig(scriptPubKey23
, keys
, txTo23
);
1153 BOOST_CHECK(!VerifyScript(badsig5
, scriptPubKey23
, nullptr, gFlags
, MutableTransactionSignatureChecker(&txTo23
, 0, txFrom23
.vout
[0].nValue
), &err
));
1154 BOOST_CHECK_MESSAGE(err
== SCRIPT_ERR_EVAL_FALSE
, ScriptErrorString(err
));
1156 keys
.clear(); // Must have signatures
1157 CScript badsig6
= sign_multisig(scriptPubKey23
, keys
, txTo23
);
1158 BOOST_CHECK(!VerifyScript(badsig6
, scriptPubKey23
, nullptr, gFlags
, MutableTransactionSignatureChecker(&txTo23
, 0, txFrom23
.vout
[0].nValue
), &err
));
1159 BOOST_CHECK_MESSAGE(err
== SCRIPT_ERR_INVALID_STACK_OPERATION
, ScriptErrorString(err
));
1162 BOOST_AUTO_TEST_CASE(script_combineSigs
)
1164 // Test the CombineSignatures function
1166 CBasicKeyStore keystore
;
1167 std::vector
<CKey
> keys
;
1168 std::vector
<CPubKey
> pubkeys
;
1169 for (int i
= 0; i
< 3; i
++)
1172 key
.MakeNewKey(i
%2 == 1);
1173 keys
.push_back(key
);
1174 pubkeys
.push_back(key
.GetPubKey());
1175 keystore
.AddKey(key
);
1178 CMutableTransaction txFrom
= BuildCreditingTransaction(GetScriptForDestination(keys
[0].GetPubKey().GetID()));
1179 CMutableTransaction txTo
= BuildSpendingTransaction(CScript(), CScriptWitness(), txFrom
);
1180 CScript
& scriptPubKey
= txFrom
.vout
[0].scriptPubKey
;
1181 CScript
& scriptSig
= txTo
.vin
[0].scriptSig
;
1183 SignatureData empty
;
1184 SignatureData combined
= CombineSignatures(scriptPubKey
, MutableTransactionSignatureChecker(&txTo
, 0, amount
), empty
, empty
);
1185 BOOST_CHECK(combined
.scriptSig
.empty());
1187 // Single signature case:
1188 SignSignature(keystore
, txFrom
, txTo
, 0, SIGHASH_ALL
); // changes scriptSig
1189 combined
= CombineSignatures(scriptPubKey
, MutableTransactionSignatureChecker(&txTo
, 0, amount
), SignatureData(scriptSig
), empty
);
1190 BOOST_CHECK(combined
.scriptSig
== scriptSig
);
1191 combined
= CombineSignatures(scriptPubKey
, MutableTransactionSignatureChecker(&txTo
, 0, amount
), empty
, SignatureData(scriptSig
));
1192 BOOST_CHECK(combined
.scriptSig
== scriptSig
);
1193 CScript scriptSigCopy
= scriptSig
;
1194 // Signing again will give a different, valid signature:
1195 SignSignature(keystore
, txFrom
, txTo
, 0, SIGHASH_ALL
);
1196 combined
= CombineSignatures(scriptPubKey
, MutableTransactionSignatureChecker(&txTo
, 0, amount
), SignatureData(scriptSigCopy
), SignatureData(scriptSig
));
1197 BOOST_CHECK(combined
.scriptSig
== scriptSigCopy
|| combined
.scriptSig
== scriptSig
);
1199 // P2SH, single-signature case:
1200 CScript pkSingle
; pkSingle
<< ToByteVector(keys
[0].GetPubKey()) << OP_CHECKSIG
;
1201 keystore
.AddCScript(pkSingle
);
1202 scriptPubKey
= GetScriptForDestination(CScriptID(pkSingle
));
1203 SignSignature(keystore
, txFrom
, txTo
, 0, SIGHASH_ALL
);
1204 combined
= CombineSignatures(scriptPubKey
, MutableTransactionSignatureChecker(&txTo
, 0, amount
), SignatureData(scriptSig
), empty
);
1205 BOOST_CHECK(combined
.scriptSig
== scriptSig
);
1206 combined
= CombineSignatures(scriptPubKey
, MutableTransactionSignatureChecker(&txTo
, 0, amount
), empty
, SignatureData(scriptSig
));
1207 BOOST_CHECK(combined
.scriptSig
== scriptSig
);
1208 scriptSigCopy
= scriptSig
;
1209 SignSignature(keystore
, txFrom
, txTo
, 0, SIGHASH_ALL
);
1210 combined
= CombineSignatures(scriptPubKey
, MutableTransactionSignatureChecker(&txTo
, 0, amount
), SignatureData(scriptSigCopy
), SignatureData(scriptSig
));
1211 BOOST_CHECK(combined
.scriptSig
== scriptSigCopy
|| combined
.scriptSig
== scriptSig
);
1212 // dummy scriptSigCopy with placeholder, should always choose non-placeholder:
1213 scriptSigCopy
= CScript() << OP_0
<< std::vector
<unsigned char>(pkSingle
.begin(), pkSingle
.end());
1214 combined
= CombineSignatures(scriptPubKey
, MutableTransactionSignatureChecker(&txTo
, 0, amount
), SignatureData(scriptSigCopy
), SignatureData(scriptSig
));
1215 BOOST_CHECK(combined
.scriptSig
== scriptSig
);
1216 combined
= CombineSignatures(scriptPubKey
, MutableTransactionSignatureChecker(&txTo
, 0, amount
), SignatureData(scriptSig
), SignatureData(scriptSigCopy
));
1217 BOOST_CHECK(combined
.scriptSig
== scriptSig
);
1219 // Hardest case: Multisig 2-of-3
1220 scriptPubKey
= GetScriptForMultisig(2, pubkeys
);
1221 keystore
.AddCScript(scriptPubKey
);
1222 SignSignature(keystore
, txFrom
, txTo
, 0, SIGHASH_ALL
);
1223 combined
= CombineSignatures(scriptPubKey
, MutableTransactionSignatureChecker(&txTo
, 0, amount
), SignatureData(scriptSig
), empty
);
1224 BOOST_CHECK(combined
.scriptSig
== scriptSig
);
1225 combined
= CombineSignatures(scriptPubKey
, MutableTransactionSignatureChecker(&txTo
, 0, amount
), empty
, SignatureData(scriptSig
));
1226 BOOST_CHECK(combined
.scriptSig
== scriptSig
);
1228 // A couple of partially-signed versions:
1229 std::vector
<unsigned char> sig1
;
1230 uint256 hash1
= SignatureHash(scriptPubKey
, txTo
, 0, SIGHASH_ALL
, 0, SIGVERSION_BASE
);
1231 BOOST_CHECK(keys
[0].Sign(hash1
, sig1
));
1232 sig1
.push_back(SIGHASH_ALL
);
1233 std::vector
<unsigned char> sig2
;
1234 uint256 hash2
= SignatureHash(scriptPubKey
, txTo
, 0, SIGHASH_NONE
, 0, SIGVERSION_BASE
);
1235 BOOST_CHECK(keys
[1].Sign(hash2
, sig2
));
1236 sig2
.push_back(SIGHASH_NONE
);
1237 std::vector
<unsigned char> sig3
;
1238 uint256 hash3
= SignatureHash(scriptPubKey
, txTo
, 0, SIGHASH_SINGLE
, 0, SIGVERSION_BASE
);
1239 BOOST_CHECK(keys
[2].Sign(hash3
, sig3
));
1240 sig3
.push_back(SIGHASH_SINGLE
);
1242 // Not fussy about order (or even existence) of placeholders or signatures:
1243 CScript partial1a
= CScript() << OP_0
<< sig1
<< OP_0
;
1244 CScript partial1b
= CScript() << OP_0
<< OP_0
<< sig1
;
1245 CScript partial2a
= CScript() << OP_0
<< sig2
;
1246 CScript partial2b
= CScript() << sig2
<< OP_0
;
1247 CScript partial3a
= CScript() << sig3
;
1248 CScript partial3b
= CScript() << OP_0
<< OP_0
<< sig3
;
1249 CScript partial3c
= CScript() << OP_0
<< sig3
<< OP_0
;
1250 CScript complete12
= CScript() << OP_0
<< sig1
<< sig2
;
1251 CScript complete13
= CScript() << OP_0
<< sig1
<< sig3
;
1252 CScript complete23
= CScript() << OP_0
<< sig2
<< sig3
;
1254 combined
= CombineSignatures(scriptPubKey
, MutableTransactionSignatureChecker(&txTo
, 0, amount
), SignatureData(partial1a
), SignatureData(partial1b
));
1255 BOOST_CHECK(combined
.scriptSig
== partial1a
);
1256 combined
= CombineSignatures(scriptPubKey
, MutableTransactionSignatureChecker(&txTo
, 0, amount
), SignatureData(partial1a
), SignatureData(partial2a
));
1257 BOOST_CHECK(combined
.scriptSig
== complete12
);
1258 combined
= CombineSignatures(scriptPubKey
, MutableTransactionSignatureChecker(&txTo
, 0, amount
), SignatureData(partial2a
), SignatureData(partial1a
));
1259 BOOST_CHECK(combined
.scriptSig
== complete12
);
1260 combined
= CombineSignatures(scriptPubKey
, MutableTransactionSignatureChecker(&txTo
, 0, amount
), SignatureData(partial1b
), SignatureData(partial2b
));
1261 BOOST_CHECK(combined
.scriptSig
== complete12
);
1262 combined
= CombineSignatures(scriptPubKey
, MutableTransactionSignatureChecker(&txTo
, 0, amount
), SignatureData(partial3b
), SignatureData(partial1b
));
1263 BOOST_CHECK(combined
.scriptSig
== complete13
);
1264 combined
= CombineSignatures(scriptPubKey
, MutableTransactionSignatureChecker(&txTo
, 0, amount
), SignatureData(partial2a
), SignatureData(partial3a
));
1265 BOOST_CHECK(combined
.scriptSig
== complete23
);
1266 combined
= CombineSignatures(scriptPubKey
, MutableTransactionSignatureChecker(&txTo
, 0, amount
), SignatureData(partial3b
), SignatureData(partial2b
));
1267 BOOST_CHECK(combined
.scriptSig
== complete23
);
1268 combined
= CombineSignatures(scriptPubKey
, MutableTransactionSignatureChecker(&txTo
, 0, amount
), SignatureData(partial3b
), SignatureData(partial3a
));
1269 BOOST_CHECK(combined
.scriptSig
== partial3c
);
1272 BOOST_AUTO_TEST_CASE(script_standard_push
)
1275 for (int i
=0; i
<67000; i
++) {
1278 BOOST_CHECK_MESSAGE(script
.IsPushOnly(), "Number " << i
<< " is not pure push.");
1279 BOOST_CHECK_MESSAGE(VerifyScript(script
, CScript() << OP_1
, nullptr, SCRIPT_VERIFY_MINIMALDATA
, BaseSignatureChecker(), &err
), "Number " << i
<< " push is not minimal data.");
1280 BOOST_CHECK_MESSAGE(err
== SCRIPT_ERR_OK
, ScriptErrorString(err
));
1283 for (unsigned int i
=0; i
<=MAX_SCRIPT_ELEMENT_SIZE
; i
++) {
1284 std::vector
<unsigned char> data(i
, '\111');
1287 BOOST_CHECK_MESSAGE(script
.IsPushOnly(), "Length " << i
<< " is not pure push.");
1288 BOOST_CHECK_MESSAGE(VerifyScript(script
, CScript() << OP_1
, nullptr, SCRIPT_VERIFY_MINIMALDATA
, BaseSignatureChecker(), &err
), "Length " << i
<< " push is not minimal data.");
1289 BOOST_CHECK_MESSAGE(err
== SCRIPT_ERR_OK
, ScriptErrorString(err
));
1293 BOOST_AUTO_TEST_CASE(script_IsPushOnly_on_invalid_scripts
)
1295 // IsPushOnly returns false when given a script containing only pushes that
1296 // are invalid due to truncation. IsPushOnly() is consensus critical
1297 // because P2SH evaluation uses it, although this specific behavior should
1298 // not be consensus critical as the P2SH evaluation would fail first due to
1299 // the invalid push. Still, it doesn't hurt to test it explicitly.
1300 static const unsigned char direct
[] = { 1 };
1301 BOOST_CHECK(!CScript(direct
, direct
+sizeof(direct
)).IsPushOnly());
1304 BOOST_AUTO_TEST_CASE(script_GetScriptAsm
)
1306 BOOST_CHECK_EQUAL("OP_CHECKLOCKTIMEVERIFY", ScriptToAsmStr(CScript() << OP_NOP2
, true));
1307 BOOST_CHECK_EQUAL("OP_CHECKLOCKTIMEVERIFY", ScriptToAsmStr(CScript() << OP_CHECKLOCKTIMEVERIFY
, true));
1308 BOOST_CHECK_EQUAL("OP_CHECKLOCKTIMEVERIFY", ScriptToAsmStr(CScript() << OP_NOP2
));
1309 BOOST_CHECK_EQUAL("OP_CHECKLOCKTIMEVERIFY", ScriptToAsmStr(CScript() << OP_CHECKLOCKTIMEVERIFY
));
1311 std::string
derSig("304502207fa7a6d1e0ee81132a269ad84e68d695483745cde8b541e3bf630749894e342a022100c1f7ab20e13e22fb95281a870f3dcf38d782e53023ee313d741ad0cfbc0c5090");
1312 std::string
pubKey("03b0da749730dc9b4b1f4a14d6902877a92541f5368778853d9c4a0cb7802dcfb2");
1313 std::vector
<unsigned char> vchPubKey
= ToByteVector(ParseHex(pubKey
));
1315 BOOST_CHECK_EQUAL(derSig
+ "00 " + pubKey
, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig
+ "00")) << vchPubKey
, true));
1316 BOOST_CHECK_EQUAL(derSig
+ "80 " + pubKey
, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig
+ "80")) << vchPubKey
, true));
1317 BOOST_CHECK_EQUAL(derSig
+ "[ALL] " + pubKey
, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig
+ "01")) << vchPubKey
, true));
1318 BOOST_CHECK_EQUAL(derSig
+ "[NONE] " + pubKey
, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig
+ "02")) << vchPubKey
, true));
1319 BOOST_CHECK_EQUAL(derSig
+ "[SINGLE] " + pubKey
, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig
+ "03")) << vchPubKey
, true));
1320 BOOST_CHECK_EQUAL(derSig
+ "[ALL|ANYONECANPAY] " + pubKey
, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig
+ "81")) << vchPubKey
, true));
1321 BOOST_CHECK_EQUAL(derSig
+ "[NONE|ANYONECANPAY] " + pubKey
, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig
+ "82")) << vchPubKey
, true));
1322 BOOST_CHECK_EQUAL(derSig
+ "[SINGLE|ANYONECANPAY] " + pubKey
, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig
+ "83")) << vchPubKey
, true));
1324 BOOST_CHECK_EQUAL(derSig
+ "00 " + pubKey
, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig
+ "00")) << vchPubKey
));
1325 BOOST_CHECK_EQUAL(derSig
+ "80 " + pubKey
, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig
+ "80")) << vchPubKey
));
1326 BOOST_CHECK_EQUAL(derSig
+ "01 " + pubKey
, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig
+ "01")) << vchPubKey
));
1327 BOOST_CHECK_EQUAL(derSig
+ "02 " + pubKey
, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig
+ "02")) << vchPubKey
));
1328 BOOST_CHECK_EQUAL(derSig
+ "03 " + pubKey
, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig
+ "03")) << vchPubKey
));
1329 BOOST_CHECK_EQUAL(derSig
+ "81 " + pubKey
, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig
+ "81")) << vchPubKey
));
1330 BOOST_CHECK_EQUAL(derSig
+ "82 " + pubKey
, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig
+ "82")) << vchPubKey
));
1331 BOOST_CHECK_EQUAL(derSig
+ "83 " + pubKey
, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig
+ "83")) << vchPubKey
));
1335 ScriptFromHex(const char* hex
)
1337 std::vector
<unsigned char> data
= ParseHex(hex
);
1338 return CScript(data
.begin(), data
.end());
1342 BOOST_AUTO_TEST_CASE(script_FindAndDelete
)
1344 // Exercise the FindAndDelete functionality
1349 s
= CScript() << OP_1
<< OP_2
;
1350 d
= CScript(); // delete nothing should be a no-op
1352 BOOST_CHECK_EQUAL(s
.FindAndDelete(d
), 0);
1353 BOOST_CHECK(s
== expect
);
1355 s
= CScript() << OP_1
<< OP_2
<< OP_3
;
1356 d
= CScript() << OP_2
;
1357 expect
= CScript() << OP_1
<< OP_3
;
1358 BOOST_CHECK_EQUAL(s
.FindAndDelete(d
), 1);
1359 BOOST_CHECK(s
== expect
);
1361 s
= CScript() << OP_3
<< OP_1
<< OP_3
<< OP_3
<< OP_4
<< OP_3
;
1362 d
= CScript() << OP_3
;
1363 expect
= CScript() << OP_1
<< OP_4
;
1364 BOOST_CHECK_EQUAL(s
.FindAndDelete(d
), 4);
1365 BOOST_CHECK(s
== expect
);
1367 s
= ScriptFromHex("0302ff03"); // PUSH 0x02ff03 onto stack
1368 d
= ScriptFromHex("0302ff03");
1370 BOOST_CHECK_EQUAL(s
.FindAndDelete(d
), 1);
1371 BOOST_CHECK(s
== expect
);
1373 s
= ScriptFromHex("0302ff030302ff03"); // PUSH 0x2ff03 PUSH 0x2ff03
1374 d
= ScriptFromHex("0302ff03");
1376 BOOST_CHECK_EQUAL(s
.FindAndDelete(d
), 2);
1377 BOOST_CHECK(s
== expect
);
1379 s
= ScriptFromHex("0302ff030302ff03");
1380 d
= ScriptFromHex("02");
1381 expect
= s
; // FindAndDelete matches entire opcodes
1382 BOOST_CHECK_EQUAL(s
.FindAndDelete(d
), 0);
1383 BOOST_CHECK(s
== expect
);
1385 s
= ScriptFromHex("0302ff030302ff03");
1386 d
= ScriptFromHex("ff");
1388 BOOST_CHECK_EQUAL(s
.FindAndDelete(d
), 0);
1389 BOOST_CHECK(s
== expect
);
1391 // This is an odd edge case: strip of the push-three-bytes
1392 // prefix, leaving 02ff03 which is push-two-bytes:
1393 s
= ScriptFromHex("0302ff030302ff03");
1394 d
= ScriptFromHex("03");
1395 expect
= CScript() << ParseHex("ff03") << ParseHex("ff03");
1396 BOOST_CHECK_EQUAL(s
.FindAndDelete(d
), 2);
1397 BOOST_CHECK(s
== expect
);
1399 // Byte sequence that spans multiple opcodes:
1400 s
= ScriptFromHex("02feed5169"); // PUSH(0xfeed) OP_1 OP_VERIFY
1401 d
= ScriptFromHex("feed51");
1403 BOOST_CHECK_EQUAL(s
.FindAndDelete(d
), 0); // doesn't match 'inside' opcodes
1404 BOOST_CHECK(s
== expect
);
1406 s
= ScriptFromHex("02feed5169"); // PUSH(0xfeed) OP_1 OP_VERIFY
1407 d
= ScriptFromHex("02feed51");
1408 expect
= ScriptFromHex("69");
1409 BOOST_CHECK_EQUAL(s
.FindAndDelete(d
), 1);
1410 BOOST_CHECK(s
== expect
);
1412 s
= ScriptFromHex("516902feed5169");
1413 d
= ScriptFromHex("feed51");
1415 BOOST_CHECK_EQUAL(s
.FindAndDelete(d
), 0);
1416 BOOST_CHECK(s
== expect
);
1418 s
= ScriptFromHex("516902feed5169");
1419 d
= ScriptFromHex("02feed51");
1420 expect
= ScriptFromHex("516969");
1421 BOOST_CHECK_EQUAL(s
.FindAndDelete(d
), 1);
1422 BOOST_CHECK(s
== expect
);
1424 s
= CScript() << OP_0
<< OP_0
<< OP_1
<< OP_1
;
1425 d
= CScript() << OP_0
<< OP_1
;
1426 expect
= CScript() << OP_0
<< OP_1
; // FindAndDelete is single-pass
1427 BOOST_CHECK_EQUAL(s
.FindAndDelete(d
), 1);
1428 BOOST_CHECK(s
== expect
);
1430 s
= CScript() << OP_0
<< OP_0
<< OP_1
<< OP_0
<< OP_1
<< OP_1
;
1431 d
= CScript() << OP_0
<< OP_1
;
1432 expect
= CScript() << OP_0
<< OP_1
; // FindAndDelete is single-pass
1433 BOOST_CHECK_EQUAL(s
.FindAndDelete(d
), 2);
1434 BOOST_CHECK(s
== expect
);
1436 // Another weird edge case:
1437 // End with invalid push (not enough data)...
1438 s
= ScriptFromHex("0003feed");
1439 d
= ScriptFromHex("03feed"); // ... can remove the invalid push
1440 expect
= ScriptFromHex("00");
1441 BOOST_CHECK_EQUAL(s
.FindAndDelete(d
), 1);
1442 BOOST_CHECK(s
== expect
);
1444 s
= ScriptFromHex("0003feed");
1445 d
= ScriptFromHex("00");
1446 expect
= ScriptFromHex("03feed");
1447 BOOST_CHECK_EQUAL(s
.FindAndDelete(d
), 1);
1448 BOOST_CHECK(s
== expect
);
1451 BOOST_AUTO_TEST_CASE(script_HasValidOps
)
1453 // Exercise the HasValidOps functionality
1455 script
= ScriptFromHex("76a9141234567890abcdefa1a2a3a4a5a6a7a8a9a0aaab88ac"); // Normal script
1456 BOOST_CHECK(script
.HasValidOps());
1457 script
= ScriptFromHex("76a914ff34567890abcdefa1a2a3a4a5a6a7a8a9a0aaab88ac");
1458 BOOST_CHECK(script
.HasValidOps());
1459 script
= ScriptFromHex("ff88ac"); // Script with OP_INVALIDOPCODE explicit
1460 BOOST_CHECK(!script
.HasValidOps());
1461 script
= ScriptFromHex("88acc0"); // Script with undefined opcode
1462 BOOST_CHECK(!script
.HasValidOps());
1465 BOOST_AUTO_TEST_CASE(script_can_append_self
)
1469 s
= ScriptFromHex("00");
1471 d
= ScriptFromHex("0000");
1472 BOOST_CHECK(s
== d
);
1474 // check doubling a script that's large enough to require reallocation
1475 static const char hex
[] = "04678afdb0fe5548271967f1a67130b7105cd6a828e03909a67962e0ea1f61deb649f6bc3f4cef38c4f35504e51ec112de5c384df7ba0b8d578a4c702b6bf11d5f";
1476 s
= CScript() << ParseHex(hex
) << OP_CHECKSIG
;
1477 d
= CScript() << ParseHex(hex
) << OP_CHECKSIG
<< ParseHex(hex
) << OP_CHECKSIG
;
1479 BOOST_CHECK(s
== d
);
1482 BOOST_AUTO_TEST_SUITE_END()