Line data Source code
1 : // Copyright (c) 2011-2014 The Bitcoin Core developers
2 : // Distributed under the MIT software license, see the accompanying
3 : // file COPYING or http://www.opensource.org/licenses/mit-license.php.
4 :
5 : #include "data/script_invalid.json.h"
6 : #include "data/script_valid.json.h"
7 :
8 : #include "core_io.h"
9 : #include "key.h"
10 : #include "keystore.h"
11 : #include "script/script.h"
12 : #include "script/script_error.h"
13 : #include "script/sign.h"
14 : #include "util.h"
15 : #include "utilstrencodings.h"
16 : #include "test/test_bitcoin.h"
17 :
18 : #if defined(HAVE_CONSENSUS_LIB)
19 : #include "script/bitcoinconsensus.h"
20 : #endif
21 :
22 : #include <fstream>
23 : #include <stdint.h>
24 : #include <string>
25 : #include <vector>
26 :
27 : #include <boost/foreach.hpp>
28 : #include <boost/test/unit_test.hpp>
29 :
30 : #include <univalue.h>
31 :
32 : using namespace std;
33 :
34 : // Uncomment if you want to output updated JSON tests.
35 : // #define UPDATE_JSON_TESTS
36 :
37 : static const unsigned int flags = SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_STRICTENC;
38 :
39 : unsigned int ParseScriptFlags(string strFlags);
40 : string FormatScriptFlags(unsigned int flags);
41 :
42 : UniValue
43 12 : read_json(const std::string& jsondata)
44 : {
45 : UniValue v;
46 :
47 12 : if (!v.read(jsondata) || !v.isArray())
48 : {
49 0 : BOOST_ERROR("Parse error.");
50 0 : return UniValue(UniValue::VARR);
51 : }
52 12 : return v.get_array();
53 : }
54 :
55 1 : BOOST_FIXTURE_TEST_SUITE(script_tests, BasicTestingSetup)
56 :
57 1208 : CMutableTransaction BuildCreditingTransaction(const CScript& scriptPubKey)
58 : {
59 1208 : CMutableTransaction txCredit;
60 1208 : txCredit.nVersion = 1;
61 1208 : txCredit.nLockTime = 0;
62 2416 : txCredit.vin.resize(1);
63 2416 : txCredit.vout.resize(1);
64 1208 : txCredit.vin[0].prevout.SetNull();
65 4832 : txCredit.vin[0].scriptSig = CScript() << CScriptNum(0) << CScriptNum(0);
66 1208 : txCredit.vin[0].nSequence = std::numeric_limits<unsigned int>::max();
67 1208 : txCredit.vout[0].scriptPubKey = scriptPubKey;
68 1208 : txCredit.vout[0].nValue = 0;
69 :
70 1208 : return txCredit;
71 : }
72 :
73 1208 : CMutableTransaction BuildSpendingTransaction(const CScript& scriptSig, const CMutableTransaction& txCredit)
74 : {
75 1208 : CMutableTransaction txSpend;
76 1208 : txSpend.nVersion = 1;
77 1208 : txSpend.nLockTime = 0;
78 2416 : txSpend.vin.resize(1);
79 2416 : txSpend.vout.resize(1);
80 1208 : txSpend.vin[0].prevout.hash = txCredit.GetHash();
81 1208 : txSpend.vin[0].prevout.n = 0;
82 1208 : txSpend.vin[0].scriptSig = scriptSig;
83 1208 : txSpend.vin[0].nSequence = std::numeric_limits<unsigned int>::max();
84 2416 : txSpend.vout[0].scriptPubKey = CScript();
85 1208 : txSpend.vout[0].nValue = 0;
86 :
87 1208 : return txSpend;
88 : }
89 :
90 1126 : void DoTest(const CScript& scriptPubKey, const CScript& scriptSig, int flags, bool expect, const std::string& message)
91 : {
92 : ScriptError err;
93 2252 : CMutableTransaction tx = BuildSpendingTransaction(scriptSig, BuildCreditingTransaction(scriptPubKey));
94 1126 : CMutableTransaction tx2 = tx;
95 7882 : BOOST_CHECK_MESSAGE(VerifyScript(scriptSig, scriptPubKey, flags, MutableTransactionSignatureChecker(&tx, 0), &err) == expect, message);
96 12386 : BOOST_CHECK_MESSAGE(expect == (err == SCRIPT_ERR_OK), std::string(ScriptErrorString(err)) + ": " + message);
97 : #if defined(HAVE_CONSENSUS_LIB)
98 : CDataStream stream(SER_NETWORK, PROTOCOL_VERSION);
99 : stream << tx2;
100 12386 : BOOST_CHECK_MESSAGE(bitcoinconsensus_verify_script(begin_ptr(scriptPubKey), scriptPubKey.size(), (const unsigned char*)&stream[0], stream.size(), 0, flags, NULL) == expect,message);
101 : #endif
102 1126 : }
103 :
104 2 : void static NegateSignatureS(std::vector<unsigned char>& vchSig) {
105 : // Parse the signature.
106 : std::vector<unsigned char> r, s;
107 14 : r = std::vector<unsigned char>(vchSig.begin() + 4, vchSig.begin() + 4 + vchSig[3]);
108 22 : s = std::vector<unsigned char>(vchSig.begin() + 6 + vchSig[3], vchSig.begin() + 6 + vchSig[3] + vchSig[5 + vchSig[3]]);
109 :
110 : // Really ugly to implement mod-n negation here, but it would be feature creep to expose such functionality from libsecp256k1.
111 : static const unsigned char order[33] = {
112 : 0x00,
113 : 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
114 : 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE,
115 : 0xBA, 0xAE, 0xDC, 0xE6, 0xAF, 0x48, 0xA0, 0x3B,
116 : 0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41, 0x41
117 : };
118 10 : while (s.size() < 33) {
119 4 : s.insert(s.begin(), 0x00);
120 : }
121 : int carry = 0;
122 64 : for (int p = 32; p >= 1; p--) {
123 128 : int n = (int)order[p] - s[p] - carry;
124 64 : s[p] = (n + 256) & 0xFF;
125 64 : carry = (n < 0);
126 : }
127 2 : assert(carry == 0);
128 4 : if (s.size() > 1 && s[0] == 0 && s[1] < 0x80) {
129 : s.erase(s.begin());
130 : }
131 :
132 : // Reconstruct the signature.
133 : vchSig.clear();
134 2 : vchSig.push_back(0x30);
135 6 : vchSig.push_back(4 + r.size() + s.size());
136 2 : vchSig.push_back(0x02);
137 4 : vchSig.push_back(r.size());
138 2 : vchSig.insert(vchSig.end(), r.begin(), r.end());
139 2 : vchSig.push_back(0x02);
140 4 : vchSig.push_back(s.size());
141 2 : vchSig.insert(vchSig.end(), s.begin(), s.end());
142 2 : }
143 :
144 : namespace
145 : {
146 : const unsigned char vchKey0[32] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1};
147 : const unsigned char vchKey1[32] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0};
148 : const unsigned char vchKey2[32] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0};
149 :
150 7 : struct KeyData
151 : {
152 : CKey key0, key0C, key1, key1C, key2, key2C;
153 : CPubKey pubkey0, pubkey0C, pubkey0H;
154 : CPubKey pubkey1, pubkey1C;
155 : CPubKey pubkey2, pubkey2C;
156 :
157 1 : KeyData()
158 13 : {
159 :
160 1 : key0.Set(vchKey0, vchKey0 + 32, false);
161 1 : key0C.Set(vchKey0, vchKey0 + 32, true);
162 1 : pubkey0 = key0.GetPubKey();
163 1 : pubkey0H = key0.GetPubKey();
164 1 : pubkey0C = key0C.GetPubKey();
165 1 : *const_cast<unsigned char*>(&pubkey0H[0]) = 0x06 | (pubkey0H[64] & 1);
166 :
167 1 : key1.Set(vchKey1, vchKey1 + 32, false);
168 1 : key1C.Set(vchKey1, vchKey1 + 32, true);
169 1 : pubkey1 = key1.GetPubKey();
170 1 : pubkey1C = key1C.GetPubKey();
171 :
172 1 : key2.Set(vchKey2, vchKey2 + 32, false);
173 1 : key2C.Set(vchKey2, vchKey2 + 32, true);
174 1 : pubkey2 = key2.GetPubKey();
175 1 : pubkey2C = key2C.GetPubKey();
176 1 : }
177 : };
178 :
179 :
180 2983 : class TestBuilder
181 : {
182 : private:
183 : CScript scriptPubKey;
184 : CTransaction creditTx;
185 : CMutableTransaction spendTx;
186 : bool havePush;
187 : std::vector<unsigned char> push;
188 : std::string comment;
189 : int flags;
190 :
191 : void DoPush()
192 : {
193 309 : if (havePush) {
194 165 : spendTx.vin[0].scriptSig << push;
195 165 : havePush = false;
196 : }
197 : }
198 :
199 101 : void DoPush(const std::vector<unsigned char>& data)
200 : {
201 : DoPush();
202 101 : push = data;
203 101 : havePush = true;
204 101 : }
205 :
206 : public:
207 237 : TestBuilder(const CScript& redeemScript, const std::string& comment_, int flags_, bool P2SH = false) : scriptPubKey(redeemScript), havePush(false), comment(comment_), flags(flags_)
208 : {
209 79 : if (P2SH) {
210 54 : creditTx = BuildCreditingTransaction(CScript() << OP_HASH160 << ToByteVector(CScriptID(redeemScript)) << OP_EQUAL);
211 : } else {
212 210 : creditTx = BuildCreditingTransaction(redeemScript);
213 : }
214 395 : spendTx = BuildSpendingTransaction(CScript(), creditTx);
215 79 : }
216 :
217 2 : TestBuilder& Add(const CScript& script)
218 : {
219 : DoPush();
220 2 : spendTx.vin[0].scriptSig += script;
221 2 : return *this;
222 : }
223 :
224 48 : TestBuilder& Num(int num)
225 : {
226 : DoPush();
227 48 : spendTx.vin[0].scriptSig << num;
228 48 : return *this;
229 : }
230 :
231 : TestBuilder& Push(const std::string& hex)
232 : {
233 : DoPush(ParseHex(hex));
234 : return *this;
235 : }
236 :
237 88 : TestBuilder& PushSig(const CKey& key, int nHashType = SIGHASH_ALL, unsigned int lenR = 32, unsigned int lenS = 32)
238 : {
239 176 : uint256 hash = SignatureHash(scriptPubKey, spendTx, 0, nHashType);
240 : std::vector<unsigned char> vchSig, r, s;
241 88 : uint32_t iter = 0;
242 1229 : do {
243 1229 : key.Sign(hash, vchSig, iter++);
244 2458 : if ((lenS == 33) != (vchSig[5 + vchSig[3]] == 33)) {
245 2 : NegateSignatureS(vchSig);
246 : }
247 8603 : r = std::vector<unsigned char>(vchSig.begin() + 4, vchSig.begin() + 4 + vchSig[3]);
248 13519 : s = std::vector<unsigned char>(vchSig.begin() + 6 + vchSig[3], vchSig.begin() + 6 + vchSig[3] + vchSig[5 + vchSig[3]]);
249 2546 : } while (lenR != r.size() || lenS != s.size());
250 88 : vchSig.push_back(static_cast<unsigned char>(nHashType));
251 88 : DoPush(vchSig);
252 176 : return *this;
253 : }
254 :
255 2 : TestBuilder& Push(const CPubKey& pubkey)
256 : {
257 8 : DoPush(std::vector<unsigned char>(pubkey.begin(), pubkey.end()));
258 2 : return *this;
259 : }
260 :
261 11 : TestBuilder& PushRedeem()
262 : {
263 22 : DoPush(static_cast<std::vector<unsigned char> >(scriptPubKey));
264 11 : return *this;
265 : }
266 :
267 31 : TestBuilder& EditPush(unsigned int pos, const std::string& hexin, const std::string& hexout)
268 : {
269 31 : assert(havePush);
270 31 : std::vector<unsigned char> datain = ParseHex(hexin);
271 31 : std::vector<unsigned char> dataout = ParseHex(hexout);
272 93 : assert(pos + datain.size() <= push.size());
273 465 : BOOST_CHECK_MESSAGE(std::vector<unsigned char>(push.begin() + pos, push.begin() + pos + datain.size()) == datain, comment);
274 248 : push.erase(push.begin() + pos, push.begin() + pos + datain.size());
275 93 : push.insert(push.begin() + pos, dataout.begin(), dataout.end());
276 62 : return *this;
277 : }
278 :
279 13 : TestBuilder& DamagePush(unsigned int pos)
280 : {
281 13 : assert(havePush);
282 26 : assert(pos < push.size());
283 26 : push[pos] ^= 1;
284 13 : return *this;
285 : }
286 :
287 79 : TestBuilder& Test(bool expect)
288 : {
289 79 : TestBuilder copy = *this; // Make a copy so we can rollback the push.
290 : DoPush();
291 79 : DoTest(creditTx.vout[0].scriptPubKey, spendTx.vin[0].scriptSig, flags, expect, comment);
292 79 : *this = copy;
293 79 : return *this;
294 : }
295 :
296 79 : UniValue GetJSON()
297 : {
298 : DoPush();
299 237 : UniValue array(UniValue::VARR);
300 158 : array.push_back(FormatScript(spendTx.vin[0].scriptSig));
301 158 : array.push_back(FormatScript(creditTx.vout[0].scriptPubKey));
302 158 : array.push_back(FormatScriptFlags(flags));
303 79 : array.push_back(comment);
304 79 : return array;
305 : }
306 :
307 : std::string GetComment()
308 : {
309 0 : return comment;
310 : }
311 :
312 : const CScript& GetScriptPubKey()
313 : {
314 : return creditTx.vout[0].scriptPubKey;
315 : }
316 : };
317 : }
318 :
319 6 : BOOST_AUTO_TEST_CASE(script_build)
320 : {
321 1 : const KeyData keys;
322 :
323 1 : std::vector<TestBuilder> good;
324 1 : std::vector<TestBuilder> bad;
325 :
326 4 : good.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
327 : "P2PK", 0
328 4 : ).PushSig(keys.key0));
329 4 : bad.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
330 : "P2PK, bad sig", 0
331 4 : ).PushSig(keys.key0).DamagePush(10));
332 :
333 4 : good.push_back(TestBuilder(CScript() << OP_DUP << OP_HASH160 << ToByteVector(keys.pubkey1C.GetID()) << OP_EQUALVERIFY << OP_CHECKSIG,
334 : "P2PKH", 0
335 4 : ).PushSig(keys.key1).Push(keys.pubkey1C));
336 4 : bad.push_back(TestBuilder(CScript() << OP_DUP << OP_HASH160 << ToByteVector(keys.pubkey2C.GetID()) << OP_EQUALVERIFY << OP_CHECKSIG,
337 : "P2PKH, bad pubkey", 0
338 4 : ).PushSig(keys.key2).Push(keys.pubkey2C).DamagePush(5));
339 :
340 4 : good.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG,
341 : "P2PK anyonecanpay", 0
342 4 : ).PushSig(keys.key1, SIGHASH_ALL | SIGHASH_ANYONECANPAY));
343 4 : bad.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG,
344 : "P2PK anyonecanpay marked with normal hashtype", 0
345 8 : ).PushSig(keys.key1, SIGHASH_ALL | SIGHASH_ANYONECANPAY).EditPush(70, "81", "01"));
346 :
347 4 : good.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0C) << OP_CHECKSIG,
348 : "P2SH(P2PK)", SCRIPT_VERIFY_P2SH, true
349 4 : ).PushSig(keys.key0).PushRedeem());
350 4 : bad.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0C) << OP_CHECKSIG,
351 : "P2SH(P2PK), bad redeemscript", SCRIPT_VERIFY_P2SH, true
352 4 : ).PushSig(keys.key0).PushRedeem().DamagePush(10));
353 :
354 4 : good.push_back(TestBuilder(CScript() << OP_DUP << OP_HASH160 << ToByteVector(keys.pubkey1.GetID()) << OP_EQUALVERIFY << OP_CHECKSIG,
355 : "P2SH(P2PKH), bad sig but no VERIFY_P2SH", 0, true
356 4 : ).PushSig(keys.key0).DamagePush(10).PushRedeem());
357 4 : bad.push_back(TestBuilder(CScript() << OP_DUP << OP_HASH160 << ToByteVector(keys.pubkey1.GetID()) << OP_EQUALVERIFY << OP_CHECKSIG,
358 : "P2SH(P2PKH), bad sig", SCRIPT_VERIFY_P2SH, true
359 4 : ).PushSig(keys.key0).DamagePush(10).PushRedeem());
360 :
361 6 : good.push_back(TestBuilder(CScript() << OP_3 << ToByteVector(keys.pubkey0C) << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_3 << OP_CHECKMULTISIG,
362 : "3-of-3", 0
363 4 : ).Num(0).PushSig(keys.key0).PushSig(keys.key1).PushSig(keys.key2));
364 6 : bad.push_back(TestBuilder(CScript() << OP_3 << ToByteVector(keys.pubkey0C) << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_3 << OP_CHECKMULTISIG,
365 : "3-of-3, 2 sigs", 0
366 4 : ).Num(0).PushSig(keys.key0).PushSig(keys.key1).Num(0));
367 :
368 6 : good.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey0C) << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_3 << OP_CHECKMULTISIG,
369 : "P2SH(2-of-3)", SCRIPT_VERIFY_P2SH, true
370 4 : ).Num(0).PushSig(keys.key1).PushSig(keys.key2).PushRedeem());
371 6 : bad.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey0C) << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_3 << OP_CHECKMULTISIG,
372 : "P2SH(2-of-3), 1 sig", SCRIPT_VERIFY_P2SH, true
373 4 : ).Num(0).PushSig(keys.key1).Num(0).PushRedeem());
374 :
375 4 : good.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
376 : "P2PK with too much R padding but no DERSIG", 0
377 8 : ).PushSig(keys.key1, SIGHASH_ALL, 31, 32).EditPush(1, "43021F", "44022000"));
378 4 : bad.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
379 : "P2PK with too much R padding", SCRIPT_VERIFY_DERSIG
380 8 : ).PushSig(keys.key1, SIGHASH_ALL, 31, 32).EditPush(1, "43021F", "44022000"));
381 4 : good.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
382 : "P2PK with too much S padding but no DERSIG", 0
383 12 : ).PushSig(keys.key1, SIGHASH_ALL).EditPush(1, "44", "45").EditPush(37, "20", "2100"));
384 4 : bad.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
385 : "P2PK with too much S padding", SCRIPT_VERIFY_DERSIG
386 12 : ).PushSig(keys.key1, SIGHASH_ALL).EditPush(1, "44", "45").EditPush(37, "20", "2100"));
387 4 : good.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
388 : "P2PK with too little R padding but no DERSIG", 0
389 8 : ).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220"));
390 4 : bad.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
391 : "P2PK with too little R padding", SCRIPT_VERIFY_DERSIG
392 8 : ).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220"));
393 4 : good.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG << OP_NOT,
394 : "P2PK NOT with bad sig with too much R padding but no DERSIG", 0
395 8 : ).PushSig(keys.key2, SIGHASH_ALL, 31, 32).EditPush(1, "43021F", "44022000").DamagePush(10));
396 4 : bad.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG << OP_NOT,
397 : "P2PK NOT with bad sig with too much R padding", SCRIPT_VERIFY_DERSIG
398 8 : ).PushSig(keys.key2, SIGHASH_ALL, 31, 32).EditPush(1, "43021F", "44022000").DamagePush(10));
399 4 : bad.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG << OP_NOT,
400 : "P2PK NOT with too much R padding but no DERSIG", 0
401 8 : ).PushSig(keys.key2, SIGHASH_ALL, 31, 32).EditPush(1, "43021F", "44022000"));
402 4 : bad.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG << OP_NOT,
403 : "P2PK NOT with too much R padding", SCRIPT_VERIFY_DERSIG
404 8 : ).PushSig(keys.key2, SIGHASH_ALL, 31, 32).EditPush(1, "43021F", "44022000"));
405 :
406 4 : good.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
407 : "BIP66 example 1, without DERSIG", 0
408 8 : ).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220"));
409 4 : bad.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
410 : "BIP66 example 1, with DERSIG", SCRIPT_VERIFY_DERSIG
411 8 : ).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220"));
412 4 : bad.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG << OP_NOT,
413 : "BIP66 example 2, without DERSIG", 0
414 8 : ).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220"));
415 4 : bad.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG << OP_NOT,
416 : "BIP66 example 2, with DERSIG", SCRIPT_VERIFY_DERSIG
417 8 : ).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220"));
418 4 : bad.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
419 : "BIP66 example 3, without DERSIG", 0
420 4 : ).Num(0));
421 4 : bad.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
422 : "BIP66 example 3, with DERSIG", SCRIPT_VERIFY_DERSIG
423 4 : ).Num(0));
424 4 : good.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG << OP_NOT,
425 : "BIP66 example 4, without DERSIG", 0
426 4 : ).Num(0));
427 4 : good.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG << OP_NOT,
428 : "BIP66 example 4, with DERSIG", SCRIPT_VERIFY_DERSIG
429 4 : ).Num(0));
430 4 : bad.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
431 : "BIP66 example 5, without DERSIG", 0
432 4 : ).Num(1));
433 4 : bad.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
434 : "BIP66 example 5, with DERSIG", SCRIPT_VERIFY_DERSIG
435 4 : ).Num(1));
436 4 : good.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG << OP_NOT,
437 : "BIP66 example 6, without DERSIG", 0
438 4 : ).Num(1));
439 4 : bad.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG << OP_NOT,
440 : "BIP66 example 6, with DERSIG", SCRIPT_VERIFY_DERSIG
441 4 : ).Num(1));
442 5 : good.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG,
443 : "BIP66 example 7, without DERSIG", 0
444 8 : ).Num(0).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").PushSig(keys.key2));
445 5 : bad.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG,
446 : "BIP66 example 7, with DERSIG", SCRIPT_VERIFY_DERSIG
447 8 : ).Num(0).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").PushSig(keys.key2));
448 5 : bad.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG << OP_NOT,
449 : "BIP66 example 8, without DERSIG", 0
450 8 : ).Num(0).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").PushSig(keys.key2));
451 5 : bad.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG << OP_NOT,
452 : "BIP66 example 8, with DERSIG", SCRIPT_VERIFY_DERSIG
453 8 : ).Num(0).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").PushSig(keys.key2));
454 5 : bad.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG,
455 : "BIP66 example 9, without DERSIG", 0
456 8 : ).Num(0).Num(0).PushSig(keys.key2, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220"));
457 5 : bad.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG,
458 : "BIP66 example 9, with DERSIG", SCRIPT_VERIFY_DERSIG
459 8 : ).Num(0).Num(0).PushSig(keys.key2, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220"));
460 5 : good.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG << OP_NOT,
461 : "BIP66 example 10, without DERSIG", 0
462 8 : ).Num(0).Num(0).PushSig(keys.key2, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220"));
463 5 : bad.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG << OP_NOT,
464 : "BIP66 example 10, with DERSIG", SCRIPT_VERIFY_DERSIG
465 8 : ).Num(0).Num(0).PushSig(keys.key2, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220"));
466 5 : bad.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG,
467 : "BIP66 example 11, without DERSIG", 0
468 8 : ).Num(0).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").Num(0));
469 5 : bad.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG,
470 : "BIP66 example 11, with DERSIG", SCRIPT_VERIFY_DERSIG
471 8 : ).Num(0).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").Num(0));
472 5 : good.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG << OP_NOT,
473 : "BIP66 example 12, without DERSIG", 0
474 8 : ).Num(0).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").Num(0));
475 5 : good.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG << OP_NOT,
476 : "BIP66 example 12, with DERSIG", SCRIPT_VERIFY_DERSIG
477 8 : ).Num(0).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").Num(0));
478 4 : good.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG,
479 : "P2PK with multi-byte hashtype, without DERSIG", 0
480 8 : ).PushSig(keys.key2, SIGHASH_ALL).EditPush(70, "01", "0101"));
481 4 : bad.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG,
482 : "P2PK with multi-byte hashtype, with DERSIG", SCRIPT_VERIFY_DERSIG
483 8 : ).PushSig(keys.key2, SIGHASH_ALL).EditPush(70, "01", "0101"));
484 :
485 4 : good.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG,
486 : "P2PK with high S but no LOW_S", 0
487 4 : ).PushSig(keys.key2, SIGHASH_ALL, 32, 33));
488 4 : bad.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG,
489 : "P2PK with high S", SCRIPT_VERIFY_LOW_S
490 4 : ).PushSig(keys.key2, SIGHASH_ALL, 32, 33));
491 :
492 4 : good.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0H) << OP_CHECKSIG,
493 : "P2PK with hybrid pubkey but no STRICTENC", 0
494 4 : ).PushSig(keys.key0, SIGHASH_ALL));
495 4 : bad.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0H) << OP_CHECKSIG,
496 : "P2PK with hybrid pubkey", SCRIPT_VERIFY_STRICTENC
497 4 : ).PushSig(keys.key0, SIGHASH_ALL));
498 4 : bad.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0H) << OP_CHECKSIG << OP_NOT,
499 : "P2PK NOT with hybrid pubkey but no STRICTENC", 0
500 4 : ).PushSig(keys.key0, SIGHASH_ALL));
501 4 : bad.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0H) << OP_CHECKSIG << OP_NOT,
502 : "P2PK NOT with hybrid pubkey", SCRIPT_VERIFY_STRICTENC
503 4 : ).PushSig(keys.key0, SIGHASH_ALL));
504 4 : good.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0H) << OP_CHECKSIG << OP_NOT,
505 : "P2PK NOT with invalid hybrid pubkey but no STRICTENC", 0
506 4 : ).PushSig(keys.key0, SIGHASH_ALL).DamagePush(10));
507 4 : bad.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0H) << OP_CHECKSIG << OP_NOT,
508 : "P2PK NOT with invalid hybrid pubkey", SCRIPT_VERIFY_STRICTENC
509 4 : ).PushSig(keys.key0, SIGHASH_ALL).DamagePush(10));
510 5 : good.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey0H) << ToByteVector(keys.pubkey1C) << OP_2 << OP_CHECKMULTISIG,
511 : "1-of-2 with the second 1 hybrid pubkey and no STRICTENC", 0
512 4 : ).Num(0).PushSig(keys.key1, SIGHASH_ALL));
513 5 : good.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey0H) << ToByteVector(keys.pubkey1C) << OP_2 << OP_CHECKMULTISIG,
514 : "1-of-2 with the second 1 hybrid pubkey", SCRIPT_VERIFY_STRICTENC
515 4 : ).Num(0).PushSig(keys.key1, SIGHASH_ALL));
516 5 : bad.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey0H) << OP_2 << OP_CHECKMULTISIG,
517 : "1-of-2 with the first 1 hybrid pubkey", SCRIPT_VERIFY_STRICTENC
518 4 : ).Num(0).PushSig(keys.key1, SIGHASH_ALL));
519 :
520 4 : good.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG,
521 : "P2PK with undefined hashtype but no STRICTENC", 0
522 4 : ).PushSig(keys.key1, 5));
523 4 : bad.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG,
524 : "P2PK with undefined hashtype", SCRIPT_VERIFY_STRICTENC
525 4 : ).PushSig(keys.key1, 5));
526 4 : good.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG << OP_NOT,
527 : "P2PK NOT with invalid sig and undefined hashtype but no STRICTENC", 0
528 4 : ).PushSig(keys.key1, 5).DamagePush(10));
529 4 : bad.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG << OP_NOT,
530 : "P2PK NOT with invalid sig and undefined hashtype", SCRIPT_VERIFY_STRICTENC
531 4 : ).PushSig(keys.key1, 5).DamagePush(10));
532 :
533 6 : good.push_back(TestBuilder(CScript() << OP_3 << ToByteVector(keys.pubkey0C) << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_3 << OP_CHECKMULTISIG,
534 : "3-of-3 with nonzero dummy but no NULLDUMMY", 0
535 4 : ).Num(1).PushSig(keys.key0).PushSig(keys.key1).PushSig(keys.key2));
536 6 : bad.push_back(TestBuilder(CScript() << OP_3 << ToByteVector(keys.pubkey0C) << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_3 << OP_CHECKMULTISIG,
537 : "3-of-3 with nonzero dummy", SCRIPT_VERIFY_NULLDUMMY
538 4 : ).Num(1).PushSig(keys.key0).PushSig(keys.key1).PushSig(keys.key2));
539 6 : good.push_back(TestBuilder(CScript() << OP_3 << ToByteVector(keys.pubkey0C) << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_3 << OP_CHECKMULTISIG << OP_NOT,
540 : "3-of-3 NOT with invalid sig and nonzero dummy but no NULLDUMMY", 0
541 4 : ).Num(1).PushSig(keys.key0).PushSig(keys.key1).PushSig(keys.key2).DamagePush(10));
542 6 : bad.push_back(TestBuilder(CScript() << OP_3 << ToByteVector(keys.pubkey0C) << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_3 << OP_CHECKMULTISIG << OP_NOT,
543 : "3-of-3 NOT with invalid sig with nonzero dummy", SCRIPT_VERIFY_NULLDUMMY
544 4 : ).Num(1).PushSig(keys.key0).PushSig(keys.key1).PushSig(keys.key2).DamagePush(10));
545 :
546 5 : good.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey1C) << OP_2 << OP_CHECKMULTISIG,
547 : "2-of-2 with two identical keys and sigs pushed using OP_DUP but no SIGPUSHONLY", 0
548 5 : ).Num(0).PushSig(keys.key1).Add(CScript() << OP_DUP));
549 5 : bad.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey1C) << OP_2 << OP_CHECKMULTISIG,
550 : "2-of-2 with two identical keys and sigs pushed using OP_DUP", SCRIPT_VERIFY_SIGPUSHONLY
551 5 : ).Num(0).PushSig(keys.key1).Add(CScript() << OP_DUP));
552 4 : bad.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG,
553 : "P2SH(P2PK) with non-push scriptSig but no SIGPUSHONLY", 0
554 4 : ).PushSig(keys.key2).PushRedeem());
555 4 : bad.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG,
556 : "P2SH(P2PK) with non-push scriptSig", SCRIPT_VERIFY_SIGPUSHONLY
557 4 : ).PushSig(keys.key2).PushRedeem());
558 5 : good.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey1C) << OP_2 << OP_CHECKMULTISIG,
559 : "2-of-2 with two identical keys and sigs pushed", SCRIPT_VERIFY_SIGPUSHONLY
560 4 : ).Num(0).PushSig(keys.key1).PushSig(keys.key1));
561 :
562 4 : good.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
563 : "P2PK with unnecessary input but no CLEANSTACK", SCRIPT_VERIFY_P2SH
564 4 : ).Num(11).PushSig(keys.key0));
565 4 : bad.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
566 : "P2PK with unnecessary input", SCRIPT_VERIFY_CLEANSTACK | SCRIPT_VERIFY_P2SH
567 4 : ).Num(11).PushSig(keys.key0));
568 4 : good.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
569 : "P2SH with unnecessary input but no CLEANSTACK", SCRIPT_VERIFY_P2SH, true
570 4 : ).Num(11).PushSig(keys.key0).PushRedeem());
571 4 : bad.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
572 : "P2SH with unnecessary input", SCRIPT_VERIFY_CLEANSTACK | SCRIPT_VERIFY_P2SH, true
573 4 : ).Num(11).PushSig(keys.key0).PushRedeem());
574 4 : good.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
575 : "P2SH with CLEANSTACK", SCRIPT_VERIFY_CLEANSTACK | SCRIPT_VERIFY_P2SH, true
576 4 : ).PushSig(keys.key0).PushRedeem());
577 :
578 :
579 : std::set<std::string> tests_good;
580 : std::set<std::string> tests_bad;
581 :
582 : {
583 4 : UniValue json_good = read_json(std::string(json_tests::script_valid, json_tests::script_valid + sizeof(json_tests::script_valid)));
584 5 : UniValue json_bad = read_json(std::string(json_tests::script_invalid, json_tests::script_invalid + sizeof(json_tests::script_invalid)));
585 :
586 1248 : for (unsigned int idx = 0; idx < json_good.size(); idx++) {
587 623 : const UniValue& tv = json_good[idx];
588 1246 : tests_good.insert(tv.get_array().write());
589 : }
590 933 : for (unsigned int idx = 0; idx < json_bad.size(); idx++) {
591 466 : const UniValue& tv = json_bad[idx];
592 932 : tests_bad.insert(tv.get_array().write());
593 1 : }
594 : }
595 :
596 : std::string strGood;
597 : std::string strBad;
598 :
599 176 : BOOST_FOREACH(TestBuilder& test, good) {
600 34 : test.Test(true);
601 34 : std::string str = test.GetJSON().write();
602 : #ifndef UPDATE_JSON_TESTS
603 34 : if (tests_good.count(str) == 0) {
604 0 : BOOST_CHECK_MESSAGE(false, "Missing auto script_valid test: " + test.GetComment());
605 : }
606 : #endif
607 68 : strGood += str + ",\n";
608 : }
609 231 : BOOST_FOREACH(TestBuilder& test, bad) {
610 45 : test.Test(false);
611 45 : std::string str = test.GetJSON().write();
612 : #ifndef UPDATE_JSON_TESTS
613 45 : if (tests_bad.count(str) == 0) {
614 0 : BOOST_CHECK_MESSAGE(false, "Missing auto script_invalid test: " + test.GetComment());
615 : }
616 : #endif
617 90 : strBad += str + ",\n";
618 1 : }
619 :
620 : #ifdef UPDATE_JSON_TESTS
621 : FILE* valid = fopen("script_valid.json.gen", "w");
622 : fputs(strGood.c_str(), valid);
623 : fclose(valid);
624 : FILE* invalid = fopen("script_invalid.json.gen", "w");
625 : fputs(strBad.c_str(), invalid);
626 : fclose(invalid);
627 : #endif
628 1 : }
629 :
630 6 : BOOST_AUTO_TEST_CASE(script_valid)
631 : {
632 : // Read tests from test/data/script_valid.json
633 : // Format is an array of arrays
634 : // Inner arrays are [ "scriptSig", "scriptPubKey", "flags" ]
635 : // ... where scriptSig and scriptPubKey are stringified
636 : // scripts.
637 4 : UniValue tests = read_json(std::string(json_tests::script_valid, json_tests::script_valid + sizeof(json_tests::script_valid)));
638 :
639 1248 : for (unsigned int idx = 0; idx < tests.size(); idx++) {
640 623 : UniValue test = tests[idx];
641 623 : string strTest = test.write();
642 623 : if (test.size() < 3) // Allow size > 3; extra stuff ignored (useful for comments)
643 : {
644 25 : if (test.size() != 1) {
645 0 : BOOST_ERROR("Bad test: " << strTest);
646 : }
647 : continue;
648 : }
649 598 : string scriptSigString = test[0].get_str();
650 598 : CScript scriptSig = ParseScript(scriptSigString);
651 598 : string scriptPubKeyString = test[1].get_str();
652 598 : CScript scriptPubKey = ParseScript(scriptPubKeyString);
653 1196 : unsigned int scriptflags = ParseScriptFlags(test[2].get_str());
654 :
655 598 : DoTest(scriptPubKey, scriptSig, scriptflags, true, strTest);
656 599 : }
657 1 : }
658 :
659 6 : BOOST_AUTO_TEST_CASE(script_invalid)
660 : {
661 : // Scripts that should evaluate as invalid
662 4 : UniValue tests = read_json(std::string(json_tests::script_invalid, json_tests::script_invalid + sizeof(json_tests::script_invalid)));
663 :
664 934 : for (unsigned int idx = 0; idx < tests.size(); idx++) {
665 466 : UniValue test = tests[idx];
666 466 : string strTest = test.write();
667 466 : if (test.size() < 3) // Allow size > 2; extra stuff ignored (useful for comments)
668 : {
669 17 : if (test.size() != 1) {
670 0 : BOOST_ERROR("Bad test: " << strTest);
671 : }
672 : continue;
673 : }
674 449 : string scriptSigString = test[0].get_str();
675 449 : CScript scriptSig = ParseScript(scriptSigString);
676 449 : string scriptPubKeyString = test[1].get_str();
677 449 : CScript scriptPubKey = ParseScript(scriptPubKeyString);
678 898 : unsigned int scriptflags = ParseScriptFlags(test[2].get_str());
679 :
680 449 : DoTest(scriptPubKey, scriptSig, scriptflags, false, strTest);
681 450 : }
682 1 : }
683 :
684 6 : BOOST_AUTO_TEST_CASE(script_PushData)
685 : {
686 : // Check that PUSHDATA1, PUSHDATA2, and PUSHDATA4 create the same value on
687 : // the stack as the 1-75 opcodes do.
688 : static const unsigned char direct[] = { 1, 0x5a };
689 : static const unsigned char pushdata1[] = { OP_PUSHDATA1, 1, 0x5a };
690 : static const unsigned char pushdata2[] = { OP_PUSHDATA2, 1, 0, 0x5a };
691 : static const unsigned char pushdata4[] = { OP_PUSHDATA4, 1, 0, 0, 0, 0x5a };
692 :
693 : ScriptError err;
694 : vector<vector<unsigned char> > directStack;
695 11 : BOOST_CHECK(EvalScript(directStack, CScript(&direct[0], &direct[sizeof(direct)]), SCRIPT_VERIFY_P2SH, BaseSignatureChecker(), &err));
696 7 : BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
697 :
698 1 : vector<vector<unsigned char> > pushdata1Stack;
699 11 : BOOST_CHECK(EvalScript(pushdata1Stack, CScript(&pushdata1[0], &pushdata1[sizeof(pushdata1)]), SCRIPT_VERIFY_P2SH, BaseSignatureChecker(), &err));
700 8 : BOOST_CHECK(pushdata1Stack == directStack);
701 7 : BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
702 :
703 1 : vector<vector<unsigned char> > pushdata2Stack;
704 11 : BOOST_CHECK(EvalScript(pushdata2Stack, CScript(&pushdata2[0], &pushdata2[sizeof(pushdata2)]), SCRIPT_VERIFY_P2SH, BaseSignatureChecker(), &err));
705 8 : BOOST_CHECK(pushdata2Stack == directStack);
706 7 : BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
707 :
708 1 : vector<vector<unsigned char> > pushdata4Stack;
709 11 : BOOST_CHECK(EvalScript(pushdata4Stack, CScript(&pushdata4[0], &pushdata4[sizeof(pushdata4)]), SCRIPT_VERIFY_P2SH, BaseSignatureChecker(), &err));
710 8 : BOOST_CHECK(pushdata4Stack == directStack);
711 8 : BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
712 1 : }
713 :
714 : CScript
715 12 : sign_multisig(CScript scriptPubKey, std::vector<CKey> keys, CTransaction transaction)
716 : {
717 12 : uint256 hash = SignatureHash(scriptPubKey, transaction, 0, SIGHASH_ALL);
718 :
719 : CScript result;
720 : //
721 : // NOTE: CHECKMULTISIG has an unfortunate bug; it requires
722 : // one extra item on the stack, before the signatures.
723 : // Putting OP_0 on the stack is the workaround;
724 : // fixing the bug would mean splitting the block chain (old
725 : // clients would not accept new CHECKMULTISIG transactions,
726 : // and vice-versa)
727 : //
728 12 : result << OP_0;
729 167 : BOOST_FOREACH(const CKey &key, keys)
730 : {
731 : vector<unsigned char> vchSig;
732 152 : BOOST_CHECK(key.Sign(hash, vchSig));
733 19 : vchSig.push_back((unsigned char)SIGHASH_ALL);
734 19 : result << vchSig;
735 : }
736 12 : return result;
737 : }
738 : CScript
739 3 : sign_multisig(CScript scriptPubKey, const CKey &key, CTransaction transaction)
740 : {
741 : std::vector<CKey> keys;
742 3 : keys.push_back(key);
743 12 : return sign_multisig(scriptPubKey, keys, transaction);
744 : }
745 :
746 6 : BOOST_AUTO_TEST_CASE(script_CHECKMULTISIG12)
747 : {
748 : ScriptError err;
749 : CKey key1, key2, key3;
750 1 : key1.MakeNewKey(true);
751 1 : key2.MakeNewKey(false);
752 1 : key3.MakeNewKey(true);
753 :
754 : CScript scriptPubKey12;
755 3 : scriptPubKey12 << OP_1 << ToByteVector(key1.GetPubKey()) << ToByteVector(key2.GetPubKey()) << OP_2 << OP_CHECKMULTISIG;
756 :
757 1 : CMutableTransaction txFrom12 = BuildCreditingTransaction(scriptPubKey12);
758 2 : CMutableTransaction txTo12 = BuildSpendingTransaction(CScript(), txFrom12);
759 :
760 4 : CScript goodsig1 = sign_multisig(scriptPubKey12, key1, txTo12);
761 8 : BOOST_CHECK(VerifyScript(goodsig1, scriptPubKey12, flags, MutableTransactionSignatureChecker(&txTo12, 0), &err));
762 7 : BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
763 1 : txTo12.vout[0].nValue = 2;
764 8 : BOOST_CHECK(!VerifyScript(goodsig1, scriptPubKey12, flags, MutableTransactionSignatureChecker(&txTo12, 0), &err));
765 7 : BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_EVAL_FALSE, ScriptErrorString(err));
766 :
767 4 : CScript goodsig2 = sign_multisig(scriptPubKey12, key2, txTo12);
768 8 : BOOST_CHECK(VerifyScript(goodsig2, scriptPubKey12, flags, MutableTransactionSignatureChecker(&txTo12, 0), &err));
769 7 : BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
770 :
771 4 : CScript badsig1 = sign_multisig(scriptPubKey12, key3, txTo12);
772 8 : BOOST_CHECK(!VerifyScript(badsig1, scriptPubKey12, flags, MutableTransactionSignatureChecker(&txTo12, 0), &err));
773 7 : BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_EVAL_FALSE, ScriptErrorString(err));
774 1 : }
775 :
776 6 : BOOST_AUTO_TEST_CASE(script_CHECKMULTISIG23)
777 : {
778 : ScriptError err;
779 : CKey key1, key2, key3, key4;
780 1 : key1.MakeNewKey(true);
781 1 : key2.MakeNewKey(false);
782 1 : key3.MakeNewKey(true);
783 1 : key4.MakeNewKey(false);
784 :
785 : CScript scriptPubKey23;
786 4 : scriptPubKey23 << OP_2 << ToByteVector(key1.GetPubKey()) << ToByteVector(key2.GetPubKey()) << ToByteVector(key3.GetPubKey()) << OP_3 << OP_CHECKMULTISIG;
787 :
788 1 : CMutableTransaction txFrom23 = BuildCreditingTransaction(scriptPubKey23);
789 2 : CMutableTransaction txTo23 = BuildSpendingTransaction(CScript(), txFrom23);
790 :
791 1 : std::vector<CKey> keys;
792 1 : keys.push_back(key1); keys.push_back(key2);
793 4 : CScript goodsig1 = sign_multisig(scriptPubKey23, keys, txTo23);
794 8 : BOOST_CHECK(VerifyScript(goodsig1, scriptPubKey23, flags, MutableTransactionSignatureChecker(&txTo23, 0), &err));
795 7 : BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
796 :
797 : keys.clear();
798 1 : keys.push_back(key1); keys.push_back(key3);
799 4 : CScript goodsig2 = sign_multisig(scriptPubKey23, keys, txTo23);
800 8 : BOOST_CHECK(VerifyScript(goodsig2, scriptPubKey23, flags, MutableTransactionSignatureChecker(&txTo23, 0), &err));
801 7 : BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
802 :
803 : keys.clear();
804 1 : keys.push_back(key2); keys.push_back(key3);
805 4 : CScript goodsig3 = sign_multisig(scriptPubKey23, keys, txTo23);
806 8 : BOOST_CHECK(VerifyScript(goodsig3, scriptPubKey23, flags, MutableTransactionSignatureChecker(&txTo23, 0), &err));
807 7 : BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
808 :
809 : keys.clear();
810 1 : keys.push_back(key2); keys.push_back(key2); // Can't re-use sig
811 4 : CScript badsig1 = sign_multisig(scriptPubKey23, keys, txTo23);
812 8 : BOOST_CHECK(!VerifyScript(badsig1, scriptPubKey23, flags, MutableTransactionSignatureChecker(&txTo23, 0), &err));
813 7 : BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_EVAL_FALSE, ScriptErrorString(err));
814 :
815 : keys.clear();
816 1 : keys.push_back(key2); keys.push_back(key1); // sigs must be in correct order
817 4 : CScript badsig2 = sign_multisig(scriptPubKey23, keys, txTo23);
818 8 : BOOST_CHECK(!VerifyScript(badsig2, scriptPubKey23, flags, MutableTransactionSignatureChecker(&txTo23, 0), &err));
819 7 : BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_EVAL_FALSE, ScriptErrorString(err));
820 :
821 : keys.clear();
822 1 : keys.push_back(key3); keys.push_back(key2); // sigs must be in correct order
823 4 : CScript badsig3 = sign_multisig(scriptPubKey23, keys, txTo23);
824 8 : BOOST_CHECK(!VerifyScript(badsig3, scriptPubKey23, flags, MutableTransactionSignatureChecker(&txTo23, 0), &err));
825 7 : BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_EVAL_FALSE, ScriptErrorString(err));
826 :
827 : keys.clear();
828 1 : keys.push_back(key4); keys.push_back(key2); // sigs must match pubkeys
829 4 : CScript badsig4 = sign_multisig(scriptPubKey23, keys, txTo23);
830 8 : BOOST_CHECK(!VerifyScript(badsig4, scriptPubKey23, flags, MutableTransactionSignatureChecker(&txTo23, 0), &err));
831 7 : BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_EVAL_FALSE, ScriptErrorString(err));
832 :
833 : keys.clear();
834 1 : keys.push_back(key1); keys.push_back(key4); // sigs must match pubkeys
835 4 : CScript badsig5 = sign_multisig(scriptPubKey23, keys, txTo23);
836 8 : BOOST_CHECK(!VerifyScript(badsig5, scriptPubKey23, flags, MutableTransactionSignatureChecker(&txTo23, 0), &err));
837 7 : BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_EVAL_FALSE, ScriptErrorString(err));
838 :
839 : keys.clear(); // Must have signatures
840 4 : CScript badsig6 = sign_multisig(scriptPubKey23, keys, txTo23);
841 8 : BOOST_CHECK(!VerifyScript(badsig6, scriptPubKey23, flags, MutableTransactionSignatureChecker(&txTo23, 0), &err));
842 7 : BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_INVALID_STACK_OPERATION, ScriptErrorString(err));
843 1 : }
844 :
845 6 : BOOST_AUTO_TEST_CASE(script_combineSigs)
846 : {
847 : // Test the CombineSignatures function
848 1 : CBasicKeyStore keystore;
849 1 : vector<CKey> keys;
850 : vector<CPubKey> pubkeys;
851 4 : for (int i = 0; i < 3; i++)
852 : {
853 : CKey key;
854 3 : key.MakeNewKey(i%2 == 1);
855 3 : keys.push_back(key);
856 3 : pubkeys.push_back(key.GetPubKey());
857 3 : keystore.AddKey(key);
858 : }
859 :
860 4 : CMutableTransaction txFrom = BuildCreditingTransaction(GetScriptForDestination(keys[0].GetPubKey().GetID()));
861 2 : CMutableTransaction txTo = BuildSpendingTransaction(CScript(), txFrom);
862 1 : CScript& scriptPubKey = txFrom.vout[0].scriptPubKey;
863 1 : CScript& scriptSig = txTo.vin[0].scriptSig;
864 :
865 : CScript empty;
866 2 : CScript combined = CombineSignatures(scriptPubKey, txTo, 0, empty, empty);
867 8 : BOOST_CHECK(combined.empty());
868 :
869 : // Single signature case:
870 2 : SignSignature(keystore, txFrom, txTo, 0); // changes scriptSig
871 3 : combined = CombineSignatures(scriptPubKey, txTo, 0, scriptSig, empty);
872 8 : BOOST_CHECK(combined == scriptSig);
873 3 : combined = CombineSignatures(scriptPubKey, txTo, 0, empty, scriptSig);
874 8 : BOOST_CHECK(combined == scriptSig);
875 : CScript scriptSigCopy = scriptSig;
876 : // Signing again will give a different, valid signature:
877 2 : SignSignature(keystore, txFrom, txTo, 0);
878 3 : combined = CombineSignatures(scriptPubKey, txTo, 0, scriptSigCopy, scriptSig);
879 8 : BOOST_CHECK(combined == scriptSigCopy || combined == scriptSig);
880 :
881 : // P2SH, single-signature case:
882 2 : CScript pkSingle; pkSingle << ToByteVector(keys[0].GetPubKey()) << OP_CHECKSIG;
883 1 : keystore.AddCScript(pkSingle);
884 4 : scriptPubKey = GetScriptForDestination(CScriptID(pkSingle));
885 2 : SignSignature(keystore, txFrom, txTo, 0);
886 3 : combined = CombineSignatures(scriptPubKey, txTo, 0, scriptSig, empty);
887 8 : BOOST_CHECK(combined == scriptSig);
888 3 : combined = CombineSignatures(scriptPubKey, txTo, 0, empty, scriptSig);
889 8 : BOOST_CHECK(combined == scriptSig);
890 : scriptSigCopy = scriptSig;
891 2 : SignSignature(keystore, txFrom, txTo, 0);
892 3 : combined = CombineSignatures(scriptPubKey, txTo, 0, scriptSigCopy, scriptSig);
893 8 : BOOST_CHECK(combined == scriptSigCopy || combined == scriptSig);
894 : // dummy scriptSigCopy with placeholder, should always choose non-placeholder:
895 4 : scriptSigCopy = CScript() << OP_0 << static_cast<vector<unsigned char> >(pkSingle);
896 3 : combined = CombineSignatures(scriptPubKey, txTo, 0, scriptSigCopy, scriptSig);
897 8 : BOOST_CHECK(combined == scriptSig);
898 3 : combined = CombineSignatures(scriptPubKey, txTo, 0, scriptSig, scriptSigCopy);
899 8 : BOOST_CHECK(combined == scriptSig);
900 :
901 : // Hardest case: Multisig 2-of-3
902 2 : scriptPubKey = GetScriptForMultisig(2, pubkeys);
903 1 : keystore.AddCScript(scriptPubKey);
904 2 : SignSignature(keystore, txFrom, txTo, 0);
905 3 : combined = CombineSignatures(scriptPubKey, txTo, 0, scriptSig, empty);
906 8 : BOOST_CHECK(combined == scriptSig);
907 3 : combined = CombineSignatures(scriptPubKey, txTo, 0, empty, scriptSig);
908 8 : BOOST_CHECK(combined == scriptSig);
909 :
910 : // A couple of partially-signed versions:
911 : vector<unsigned char> sig1;
912 2 : uint256 hash1 = SignatureHash(scriptPubKey, txTo, 0, SIGHASH_ALL);
913 8 : BOOST_CHECK(keys[0].Sign(hash1, sig1));
914 1 : sig1.push_back(SIGHASH_ALL);
915 : vector<unsigned char> sig2;
916 2 : uint256 hash2 = SignatureHash(scriptPubKey, txTo, 0, SIGHASH_NONE);
917 9 : BOOST_CHECK(keys[1].Sign(hash2, sig2));
918 1 : sig2.push_back(SIGHASH_NONE);
919 : vector<unsigned char> sig3;
920 2 : uint256 hash3 = SignatureHash(scriptPubKey, txTo, 0, SIGHASH_SINGLE);
921 9 : BOOST_CHECK(keys[2].Sign(hash3, sig3));
922 1 : sig3.push_back(SIGHASH_SINGLE);
923 :
924 : // Not fussy about order (or even existence) of placeholders or signatures:
925 2 : CScript partial1a = CScript() << OP_0 << sig1 << OP_0;
926 2 : CScript partial1b = CScript() << OP_0 << OP_0 << sig1;
927 2 : CScript partial2a = CScript() << OP_0 << sig2;
928 2 : CScript partial2b = CScript() << sig2 << OP_0;
929 2 : CScript partial3a = CScript() << sig3;
930 2 : CScript partial3b = CScript() << OP_0 << OP_0 << sig3;
931 2 : CScript partial3c = CScript() << OP_0 << sig3 << OP_0;
932 2 : CScript complete12 = CScript() << OP_0 << sig1 << sig2;
933 2 : CScript complete13 = CScript() << OP_0 << sig1 << sig3;
934 2 : CScript complete23 = CScript() << OP_0 << sig2 << sig3;
935 :
936 3 : combined = CombineSignatures(scriptPubKey, txTo, 0, partial1a, partial1b);
937 8 : BOOST_CHECK(combined == partial1a);
938 3 : combined = CombineSignatures(scriptPubKey, txTo, 0, partial1a, partial2a);
939 8 : BOOST_CHECK(combined == complete12);
940 3 : combined = CombineSignatures(scriptPubKey, txTo, 0, partial2a, partial1a);
941 8 : BOOST_CHECK(combined == complete12);
942 3 : combined = CombineSignatures(scriptPubKey, txTo, 0, partial1b, partial2b);
943 8 : BOOST_CHECK(combined == complete12);
944 3 : combined = CombineSignatures(scriptPubKey, txTo, 0, partial3b, partial1b);
945 8 : BOOST_CHECK(combined == complete13);
946 3 : combined = CombineSignatures(scriptPubKey, txTo, 0, partial2a, partial3a);
947 8 : BOOST_CHECK(combined == complete23);
948 3 : combined = CombineSignatures(scriptPubKey, txTo, 0, partial3b, partial2b);
949 8 : BOOST_CHECK(combined == complete23);
950 3 : combined = CombineSignatures(scriptPubKey, txTo, 0, partial3b, partial3a);
951 9 : BOOST_CHECK(combined == partial3c);
952 1 : }
953 :
954 6 : BOOST_AUTO_TEST_CASE(script_standard_push)
955 : {
956 : ScriptError err;
957 67001 : for (int i=0; i<67000; i++) {
958 : CScript script;
959 67000 : script << i;
960 603000 : BOOST_CHECK_MESSAGE(script.IsPushOnly(), "Number " << i << " is not pure push.");
961 804000 : BOOST_CHECK_MESSAGE(VerifyScript(script, CScript() << OP_1, SCRIPT_VERIFY_MINIMALDATA, BaseSignatureChecker(), &err), "Number " << i << " push is not minimal data.");
962 469000 : BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
963 : }
964 :
965 522 : for (unsigned int i=0; i<=MAX_SCRIPT_ELEMENT_SIZE; i++) {
966 1042 : std::vector<unsigned char> data(i, '\111');
967 : CScript script;
968 521 : script << data;
969 4689 : BOOST_CHECK_MESSAGE(script.IsPushOnly(), "Length " << i << " is not pure push.");
970 6252 : BOOST_CHECK_MESSAGE(VerifyScript(script, CScript() << OP_1, SCRIPT_VERIFY_MINIMALDATA, BaseSignatureChecker(), &err), "Length " << i << " push is not minimal data.");
971 3647 : BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
972 : }
973 1 : }
974 :
975 6 : BOOST_AUTO_TEST_CASE(script_IsPushOnly_on_invalid_scripts)
976 : {
977 : // IsPushOnly returns false when given a script containing only pushes that
978 : // are invalid due to truncation. IsPushOnly() is consensus critical
979 : // because P2SH evaluation uses it, although this specific behavior should
980 : // not be consensus critical as the P2SH evaluation would fail first due to
981 : // the invalid push. Still, it doesn't hurt to test it explicitly.
982 : static const unsigned char direct[] = { 1 };
983 9 : BOOST_CHECK(!CScript(direct, direct+sizeof(direct)).IsPushOnly());
984 1 : }
985 :
986 6 : BOOST_AUTO_TEST_CASE(script_GetScriptAsm)
987 : {
988 8 : BOOST_CHECK_EQUAL("OP_NOP2", ScriptToAsmStr(CScript() << OP_NOP2, true));
989 8 : BOOST_CHECK_EQUAL("OP_NOP2", ScriptToAsmStr(CScript() << OP_CHECKLOCKTIMEVERIFY, true));
990 8 : BOOST_CHECK_EQUAL("OP_NOP2", ScriptToAsmStr(CScript() << OP_NOP2));
991 8 : BOOST_CHECK_EQUAL("OP_NOP2", ScriptToAsmStr(CScript() << OP_CHECKLOCKTIMEVERIFY));
992 :
993 2 : string derSig("304502207fa7a6d1e0ee81132a269ad84e68d695483745cde8b541e3bf630749894e342a022100c1f7ab20e13e22fb95281a870f3dcf38d782e53023ee313d741ad0cfbc0c5090");
994 2 : string pubKey("03b0da749730dc9b4b1f4a14d6902877a92541f5368778853d9c4a0cb7802dcfb2");
995 2 : vector<unsigned char> vchPubKey = ToByteVector(ParseHex(pubKey));
996 :
997 13 : BOOST_CHECK_EQUAL(derSig + "00 " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "00")) << vchPubKey, true));
998 13 : BOOST_CHECK_EQUAL(derSig + "80 " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "80")) << vchPubKey, true));
999 13 : BOOST_CHECK_EQUAL(derSig + "[ALL] " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "01")) << vchPubKey, true));
1000 13 : BOOST_CHECK_EQUAL(derSig + "[NONE] " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "02")) << vchPubKey, true));
1001 13 : BOOST_CHECK_EQUAL(derSig + "[SINGLE] " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "03")) << vchPubKey, true));
1002 13 : BOOST_CHECK_EQUAL(derSig + "[ALL|ANYONECANPAY] " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "81")) << vchPubKey, true));
1003 13 : BOOST_CHECK_EQUAL(derSig + "[NONE|ANYONECANPAY] " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "82")) << vchPubKey, true));
1004 13 : BOOST_CHECK_EQUAL(derSig + "[SINGLE|ANYONECANPAY] " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "83")) << vchPubKey, true));
1005 :
1006 13 : BOOST_CHECK_EQUAL(derSig + "00 " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "00")) << vchPubKey));
1007 13 : BOOST_CHECK_EQUAL(derSig + "80 " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "80")) << vchPubKey));
1008 13 : BOOST_CHECK_EQUAL(derSig + "01 " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "01")) << vchPubKey));
1009 13 : BOOST_CHECK_EQUAL(derSig + "02 " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "02")) << vchPubKey));
1010 13 : BOOST_CHECK_EQUAL(derSig + "03 " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "03")) << vchPubKey));
1011 13 : BOOST_CHECK_EQUAL(derSig + "81 " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "81")) << vchPubKey));
1012 13 : BOOST_CHECK_EQUAL(derSig + "82 " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "82")) << vchPubKey));
1013 13 : BOOST_CHECK_EQUAL(derSig + "83 " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "83")) << vchPubKey));
1014 1 : }
1015 :
1016 3 : BOOST_AUTO_TEST_SUITE_END()
|
