You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

p2p-segwit.py 91KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391139213931394139513961397139813991400140114021403140414051406140714081409141014111412141314141415141614171418141914201421142214231424142514261427142814291430143114321433143414351436143714381439144014411442144314441445144614471448144914501451145214531454145514561457145814591460146114621463146414651466146714681469147014711472147314741475147614771478147914801481148214831484148514861487148814891490149114921493149414951496149714981499150015011502150315041505150615071508150915101511151215131514151515161517151815191520152115221523152415251526152715281529153015311532153315341535153615371538153915401541154215431544154515461547154815491550155115521553155415551556155715581559156015611562156315641565156615671568156915701571157215731574157515761577157815791580158115821583158415851586158715881589159015911592159315941595159615971598159916001601160216031604160516061607160816091610161116121613161416151616161716181619162016211622162316241625162616271628162916301631163216331634163516361637163816391640164116421643164416451646164716481649165016511652165316541655165616571658165916601661166216631664166516661667166816691670167116721673167416751676167716781679168016811682168316841685168616871688168916901691169216931694169516961697169816991700170117021703170417051706170717081709171017111712171317141715171617171718171917201721172217231724172517261727172817291730173117321733173417351736173717381739174017411742174317441745174617471748174917501751175217531754175517561757175817591760176117621763176417651766176717681769177017711772177317741775177617771778177917801781178217831784178517861787178817891790179117921793179417951796179717981799180018011802180318041805180618071808180918101811181218131814181518161817181818191820182118221823182418251826182718281829183018311832183318341835183618371838183918401841184218431844184518461847184818491850185118521853185418551856185718581859186018611862186318641865186618671868186918701871187218731874187518761877187818791880188118821883188418851886188718881889189018911892189318941895189618971898189919001901190219031904190519061907190819091910191119121913191419151916191719181919192019211922192319241925192619271928192919301931193219331934193519361937193819391940194119421943194419451946194719481949195019511952195319541955195619571958195919601961196219631964196519661967196819691970197119721973197419751976197719781979198019811982198319841985198619871988198919901991199219931994199519961997199819992000200120022003200420052006200720082009201020112012201320142015201620172018201920202021202220232024202520262027202820292030203120322033
  1. #!/usr/bin/env python3
  2. # Copyright (c) 2016 The Bitcoin Core developers
  3. # Distributed under the MIT software license, see the accompanying
  4. # file COPYING or http://www.opensource.org/licenses/mit-license.php.
  5. """Test segwit transactions and blocks on P2P network."""
  6. from test_framework.mininode import *
  7. from test_framework.test_framework import BitcoinTestFramework
  8. from test_framework.util import *
  9. from test_framework.script import *
  10. from test_framework.blocktools import create_block, create_coinbase, add_witness_commitment, WITNESS_COMMITMENT_HEADER
  11. from test_framework.key import CECKey, CPubKey
  12. import time
  13. import random
  14. from binascii import hexlify
  15. # The versionbit bit used to signal activation of SegWit
  16. VB_WITNESS_BIT = 1
  17. VB_PERIOD = 144
  18. VB_ACTIVATION_THRESHOLD = 108
  19. VB_TOP_BITS = 0x20000000
  20. MAX_SIGOP_COST = 80000
  21. # Calculate the virtual size of a witness block:
  22. # (base + witness/4)
  23. def get_virtual_size(witness_block):
  24. base_size = len(witness_block.serialize())
  25. total_size = len(witness_block.serialize(with_witness=True))
  26. # the "+3" is so we round up
  27. vsize = int((3*base_size + total_size + 3)/4)
  28. return vsize
  29. # Note: we can reduce code by using SingleNodeConnCB (in master, not 0.12)
  30. class TestNode(NodeConnCB):
  31. def __init__(self):
  32. NodeConnCB.__init__(self)
  33. self.connection = None
  34. self.ping_counter = 1
  35. self.last_pong = msg_pong(0)
  36. self.sleep_time = 0.05
  37. self.getdataset = set()
  38. self.last_reject = None
  39. def add_connection(self, conn):
  40. self.connection = conn
  41. # Wrapper for the NodeConn's send_message function
  42. def send_message(self, message):
  43. self.connection.send_message(message)
  44. def on_inv(self, conn, message):
  45. self.last_inv = message
  46. def on_block(self, conn, message):
  47. self.last_block = message.block
  48. self.last_block.calc_sha256()
  49. def on_getdata(self, conn, message):
  50. for inv in message.inv:
  51. self.getdataset.add(inv.hash)
  52. self.last_getdata = message
  53. def on_getheaders(self, conn, message):
  54. self.last_getheaders = message
  55. def on_pong(self, conn, message):
  56. self.last_pong = message
  57. def on_reject(self, conn, message):
  58. self.last_reject = message
  59. # Syncing helpers
  60. def sync(self, test_function, timeout=60):
  61. while timeout > 0:
  62. with mininode_lock:
  63. if test_function():
  64. return
  65. time.sleep(self.sleep_time)
  66. timeout -= self.sleep_time
  67. raise AssertionError("Sync failed to complete")
  68. def sync_with_ping(self, timeout=60):
  69. self.send_message(msg_ping(nonce=self.ping_counter))
  70. test_function = lambda: self.last_pong.nonce == self.ping_counter
  71. self.sync(test_function, timeout)
  72. self.ping_counter += 1
  73. return
  74. def wait_for_block(self, blockhash, timeout=60):
  75. test_function = lambda: self.last_block != None and self.last_block.sha256 == blockhash
  76. self.sync(test_function, timeout)
  77. return
  78. def wait_for_getdata(self, timeout=60):
  79. test_function = lambda: self.last_getdata != None
  80. self.sync(test_function, timeout)
  81. def wait_for_getheaders(self, timeout=60):
  82. test_function = lambda: self.last_getheaders != None
  83. self.sync(test_function, timeout)
  84. def wait_for_inv(self, expected_inv, timeout=60):
  85. test_function = lambda: self.last_inv != expected_inv
  86. self.sync(test_function, timeout)
  87. def announce_tx_and_wait_for_getdata(self, tx, timeout=60):
  88. with mininode_lock:
  89. self.last_getdata = None
  90. self.send_message(msg_inv(inv=[CInv(1, tx.sha256)]))
  91. self.wait_for_getdata(timeout)
  92. return
  93. def announce_block_and_wait_for_getdata(self, block, use_header, timeout=60):
  94. with mininode_lock:
  95. self.last_getdata = None
  96. self.last_getheaders = None
  97. msg = msg_headers()
  98. msg.headers = [ CBlockHeader(block) ]
  99. if use_header:
  100. self.send_message(msg)
  101. else:
  102. self.send_message(msg_inv(inv=[CInv(2, block.sha256)]))
  103. self.wait_for_getheaders()
  104. self.send_message(msg)
  105. self.wait_for_getdata()
  106. return
  107. def announce_block(self, block, use_header):
  108. with mininode_lock:
  109. self.last_getdata = None
  110. if use_header:
  111. msg = msg_headers()
  112. msg.headers = [ CBlockHeader(block) ]
  113. self.send_message(msg)
  114. else:
  115. self.send_message(msg_inv(inv=[CInv(2, block.sha256)]))
  116. def request_block(self, blockhash, inv_type, timeout=60):
  117. with mininode_lock:
  118. self.last_block = None
  119. self.send_message(msg_getdata(inv=[CInv(inv_type, blockhash)]))
  120. self.wait_for_block(blockhash, timeout)
  121. return self.last_block
  122. def test_transaction_acceptance(self, tx, with_witness, accepted, reason=None):
  123. tx_message = msg_tx(tx)
  124. if with_witness:
  125. tx_message = msg_witness_tx(tx)
  126. self.send_message(tx_message)
  127. self.sync_with_ping()
  128. assert_equal(tx.hash in self.connection.rpc.getrawmempool(), accepted)
  129. if (reason != None and not accepted):
  130. # Check the rejection reason as well.
  131. with mininode_lock:
  132. assert_equal(self.last_reject.reason, reason)
  133. # Test whether a witness block had the correct effect on the tip
  134. def test_witness_block(self, block, accepted, with_witness=True):
  135. if with_witness:
  136. self.send_message(msg_witness_block(block))
  137. else:
  138. self.send_message(msg_block(block))
  139. self.sync_with_ping()
  140. assert_equal(self.connection.rpc.getbestblockhash() == block.hash, accepted)
  141. # Used to keep track of anyone-can-spend outputs that we can use in the tests
  142. class UTXO(object):
  143. def __init__(self, sha256, n, nValue):
  144. self.sha256 = sha256
  145. self.n = n
  146. self.nValue = nValue
  147. # Helper for getting the script associated with a P2PKH
  148. def GetP2PKHScript(pubkeyhash):
  149. return CScript([CScriptOp(OP_DUP), CScriptOp(OP_HASH160), pubkeyhash, CScriptOp(OP_EQUALVERIFY), CScriptOp(OP_CHECKSIG)])
  150. # Add signature for a P2PK witness program.
  151. def sign_P2PK_witness_input(script, txTo, inIdx, hashtype, value, key):
  152. tx_hash = SegwitVersion1SignatureHash(script, txTo, inIdx, hashtype, value)
  153. signature = key.sign(tx_hash) + chr(hashtype).encode('latin-1')
  154. txTo.wit.vtxinwit[inIdx].scriptWitness.stack = [signature, script]
  155. txTo.rehash()
  156. class SegWitTest(BitcoinTestFramework):
  157. def __init__(self):
  158. super().__init__()
  159. self.setup_clean_chain = True
  160. self.num_nodes = 3
  161. def setup_network(self):
  162. self.nodes = []
  163. self.nodes.append(start_node(0, self.options.tmpdir, ["-whitelist=127.0.0.1"]))
  164. # Start a node for testing IsStandard rules.
  165. self.nodes.append(start_node(1, self.options.tmpdir, ["-whitelist=127.0.0.1", "-acceptnonstdtxn=0"]))
  166. connect_nodes(self.nodes[0], 1)
  167. # Disable segwit's bip9 parameter to simulate upgrading after activation.
  168. self.nodes.append(start_node(2, self.options.tmpdir, ["-whitelist=127.0.0.1", "-bip9params=segwit:0:0"]))
  169. connect_nodes(self.nodes[0], 2)
  170. ''' Helpers '''
  171. # Build a block on top of node0's tip.
  172. def build_next_block(self, nVersion=4):
  173. tip = self.nodes[0].getbestblockhash()
  174. height = self.nodes[0].getblockcount() + 1
  175. block_time = self.nodes[0].getblockheader(tip)["mediantime"] + 1
  176. block = create_block(int(tip, 16), create_coinbase(height), block_time)
  177. block.nVersion = nVersion
  178. block.rehash()
  179. return block
  180. # Adds list of transactions to block, adds witness commitment, then solves.
  181. def update_witness_block_with_transactions(self, block, tx_list, nonce=0):
  182. block.vtx.extend(tx_list)
  183. add_witness_commitment(block, nonce)
  184. block.solve()
  185. return
  186. ''' Individual tests '''
  187. def test_witness_services(self):
  188. self.log.info("Verifying NODE_WITNESS service bit")
  189. assert((self.test_node.connection.nServices & NODE_WITNESS) != 0)
  190. # See if sending a regular transaction works, and create a utxo
  191. # to use in later tests.
  192. def test_non_witness_transaction(self):
  193. # Mine a block with an anyone-can-spend coinbase,
  194. # let it mature, then try to spend it.
  195. self.log.info("Testing non-witness transaction")
  196. block = self.build_next_block(nVersion=1)
  197. block.solve()
  198. self.test_node.send_message(msg_block(block))
  199. self.test_node.sync_with_ping() # make sure the block was processed
  200. txid = block.vtx[0].sha256
  201. self.nodes[0].generate(99) # let the block mature
  202. # Create a transaction that spends the coinbase
  203. tx = CTransaction()
  204. tx.vin.append(CTxIn(COutPoint(txid, 0), b""))
  205. tx.vout.append(CTxOut(49*100000000, CScript([OP_TRUE])))
  206. tx.calc_sha256()
  207. # Check that serializing it with or without witness is the same
  208. # This is a sanity check of our testing framework.
  209. assert_equal(msg_tx(tx).serialize(), msg_witness_tx(tx).serialize())
  210. self.test_node.send_message(msg_witness_tx(tx))
  211. self.test_node.sync_with_ping() # make sure the tx was processed
  212. assert(tx.hash in self.nodes[0].getrawmempool())
  213. # Save this transaction for later
  214. self.utxo.append(UTXO(tx.sha256, 0, 49*100000000))
  215. self.nodes[0].generate(1)
  216. # Verify that blocks with witnesses are rejected before activation.
  217. def test_unnecessary_witness_before_segwit_activation(self):
  218. self.log.info("Testing behavior of unnecessary witnesses")
  219. # For now, rely on earlier tests to have created at least one utxo for
  220. # us to use
  221. assert(len(self.utxo) > 0)
  222. assert(get_bip9_status(self.nodes[0], 'segwit')['status'] != 'active')
  223. tx = CTransaction()
  224. tx.vin.append(CTxIn(COutPoint(self.utxo[0].sha256, self.utxo[0].n), b""))
  225. tx.vout.append(CTxOut(self.utxo[0].nValue-1000, CScript([OP_TRUE])))
  226. tx.wit.vtxinwit.append(CTxInWitness())
  227. tx.wit.vtxinwit[0].scriptWitness.stack = [CScript([CScriptNum(1)])]
  228. # Verify the hash with witness differs from the txid
  229. # (otherwise our testing framework must be broken!)
  230. tx.rehash()
  231. assert(tx.sha256 != tx.calc_sha256(with_witness=True))
  232. # Construct a segwit-signaling block that includes the transaction.
  233. block = self.build_next_block(nVersion=(VB_TOP_BITS|(1 << VB_WITNESS_BIT)))
  234. self.update_witness_block_with_transactions(block, [tx])
  235. # Sending witness data before activation is not allowed (anti-spam
  236. # rule).
  237. self.test_node.test_witness_block(block, accepted=False)
  238. # TODO: fix synchronization so we can test reject reason
  239. # Right now, bitcoind delays sending reject messages for blocks
  240. # until the future, making synchronization here difficult.
  241. #assert_equal(self.test_node.last_reject.reason, "unexpected-witness")
  242. # But it should not be permanently marked bad...
  243. # Resend without witness information.
  244. self.test_node.send_message(msg_block(block))
  245. self.test_node.sync_with_ping()
  246. assert_equal(self.nodes[0].getbestblockhash(), block.hash)
  247. sync_blocks(self.nodes)
  248. # Create a p2sh output -- this is so we can pass the standardness
  249. # rules (an anyone-can-spend OP_TRUE would be rejected, if not wrapped
  250. # in P2SH).
  251. p2sh_program = CScript([OP_TRUE])
  252. p2sh_pubkey = hash160(p2sh_program)
  253. scriptPubKey = CScript([OP_HASH160, p2sh_pubkey, OP_EQUAL])
  254. # Now check that unnecessary witnesses can't be used to blind a node
  255. # to a transaction, eg by violating standardness checks.
  256. tx2 = CTransaction()
  257. tx2.vin.append(CTxIn(COutPoint(tx.sha256, 0), b""))
  258. tx2.vout.append(CTxOut(tx.vout[0].nValue-1000, scriptPubKey))
  259. tx2.rehash()
  260. self.test_node.test_transaction_acceptance(tx2, False, True)
  261. self.nodes[0].generate(1)
  262. sync_blocks(self.nodes)
  263. # We'll add an unnecessary witness to this transaction that would cause
  264. # it to be non-standard, to test that violating policy with a witness before
  265. # segwit activation doesn't blind a node to a transaction. Transactions
  266. # rejected for having a witness before segwit activation shouldn't be added
  267. # to the rejection cache.
  268. tx3 = CTransaction()
  269. tx3.vin.append(CTxIn(COutPoint(tx2.sha256, 0), CScript([p2sh_program])))
  270. tx3.vout.append(CTxOut(tx2.vout[0].nValue-1000, scriptPubKey))
  271. tx3.wit.vtxinwit.append(CTxInWitness())
  272. tx3.wit.vtxinwit[0].scriptWitness.stack = [b'a'*400000]
  273. tx3.rehash()
  274. # Note that this should be rejected for the premature witness reason,
  275. # rather than a policy check, since segwit hasn't activated yet.
  276. self.std_node.test_transaction_acceptance(tx3, True, False, b'no-witness-yet')
  277. # If we send without witness, it should be accepted.
  278. self.std_node.test_transaction_acceptance(tx3, False, True)
  279. # Now create a new anyone-can-spend utxo for the next test.
  280. tx4 = CTransaction()
  281. tx4.vin.append(CTxIn(COutPoint(tx3.sha256, 0), CScript([p2sh_program])))
  282. tx4.vout.append(CTxOut(tx3.vout[0].nValue-1000, CScript([OP_TRUE])))
  283. tx4.rehash()
  284. self.test_node.test_transaction_acceptance(tx3, False, True)
  285. self.test_node.test_transaction_acceptance(tx4, False, True)
  286. self.nodes[0].generate(1)
  287. sync_blocks(self.nodes)
  288. # Update our utxo list; we spent the first entry.
  289. self.utxo.pop(0)
  290. self.utxo.append(UTXO(tx4.sha256, 0, tx4.vout[0].nValue))
  291. # Mine enough blocks for segwit's vb state to be 'started'.
  292. def advance_to_segwit_started(self):
  293. height = self.nodes[0].getblockcount()
  294. # Will need to rewrite the tests here if we are past the first period
  295. assert(height < VB_PERIOD - 1)
  296. # Genesis block is 'defined'.
  297. assert_equal(get_bip9_status(self.nodes[0], 'segwit')['status'], 'defined')
  298. # Advance to end of period, status should now be 'started'
  299. self.nodes[0].generate(VB_PERIOD-height-1)
  300. assert_equal(get_bip9_status(self.nodes[0], 'segwit')['status'], 'started')
  301. # Mine enough blocks to lock in segwit, but don't activate.
  302. # TODO: we could verify that lockin only happens at the right threshold of
  303. # signalling blocks, rather than just at the right period boundary.
  304. def advance_to_segwit_lockin(self):
  305. height = self.nodes[0].getblockcount()
  306. assert_equal(get_bip9_status(self.nodes[0], 'segwit')['status'], 'started')
  307. # Advance to end of period, and verify lock-in happens at the end
  308. self.nodes[0].generate(VB_PERIOD-1)
  309. height = self.nodes[0].getblockcount()
  310. assert((height % VB_PERIOD) == VB_PERIOD - 2)
  311. assert_equal(get_bip9_status(self.nodes[0], 'segwit')['status'], 'started')
  312. self.nodes[0].generate(1)
  313. assert_equal(get_bip9_status(self.nodes[0], 'segwit')['status'], 'locked_in')
  314. # Mine enough blocks to activate segwit.
  315. # TODO: we could verify that activation only happens at the right threshold
  316. # of signalling blocks, rather than just at the right period boundary.
  317. def advance_to_segwit_active(self):
  318. assert_equal(get_bip9_status(self.nodes[0], 'segwit')['status'], 'locked_in')
  319. height = self.nodes[0].getblockcount()
  320. self.nodes[0].generate(VB_PERIOD - (height%VB_PERIOD) - 2)
  321. assert_equal(get_bip9_status(self.nodes[0], 'segwit')['status'], 'locked_in')
  322. self.nodes[0].generate(1)
  323. assert_equal(get_bip9_status(self.nodes[0], 'segwit')['status'], 'active')
  324. # This test can only be run after segwit has activated
  325. def test_witness_commitments(self):
  326. self.log.info("Testing witness commitments")
  327. # First try a correct witness commitment.
  328. block = self.build_next_block()
  329. add_witness_commitment(block)
  330. block.solve()
  331. # Test the test -- witness serialization should be different
  332. assert(msg_witness_block(block).serialize() != msg_block(block).serialize())
  333. # This empty block should be valid.
  334. self.test_node.test_witness_block(block, accepted=True)
  335. # Try to tweak the nonce
  336. block_2 = self.build_next_block()
  337. add_witness_commitment(block_2, nonce=28)
  338. block_2.solve()
  339. # The commitment should have changed!
  340. assert(block_2.vtx[0].vout[-1] != block.vtx[0].vout[-1])
  341. # This should also be valid.
  342. self.test_node.test_witness_block(block_2, accepted=True)
  343. # Now test commitments with actual transactions
  344. assert (len(self.utxo) > 0)
  345. tx = CTransaction()
  346. tx.vin.append(CTxIn(COutPoint(self.utxo[0].sha256, self.utxo[0].n), b""))
  347. # Let's construct a witness program
  348. witness_program = CScript([OP_TRUE])
  349. witness_hash = sha256(witness_program)
  350. scriptPubKey = CScript([OP_0, witness_hash])
  351. tx.vout.append(CTxOut(self.utxo[0].nValue-1000, scriptPubKey))
  352. tx.rehash()
  353. # tx2 will spend tx1, and send back to a regular anyone-can-spend address
  354. tx2 = CTransaction()
  355. tx2.vin.append(CTxIn(COutPoint(tx.sha256, 0), b""))
  356. tx2.vout.append(CTxOut(tx.vout[0].nValue-1000, witness_program))
  357. tx2.wit.vtxinwit.append(CTxInWitness())
  358. tx2.wit.vtxinwit[0].scriptWitness.stack = [witness_program]
  359. tx2.rehash()
  360. block_3 = self.build_next_block()
  361. self.update_witness_block_with_transactions(block_3, [tx, tx2], nonce=1)
  362. # Add an extra OP_RETURN output that matches the witness commitment template,
  363. # even though it has extra data after the incorrect commitment.
  364. # This block should fail.
  365. block_3.vtx[0].vout.append(CTxOut(0, CScript([OP_RETURN, WITNESS_COMMITMENT_HEADER + ser_uint256(2), 10])))
  366. block_3.vtx[0].rehash()
  367. block_3.hashMerkleRoot = block_3.calc_merkle_root()
  368. block_3.rehash()
  369. block_3.solve()
  370. self.test_node.test_witness_block(block_3, accepted=False)
  371. # Add a different commitment with different nonce, but in the
  372. # right location, and with some funds burned(!).
  373. # This should succeed (nValue shouldn't affect finding the
  374. # witness commitment).
  375. add_witness_commitment(block_3, nonce=0)
  376. block_3.vtx[0].vout[0].nValue -= 1
  377. block_3.vtx[0].vout[-1].nValue += 1
  378. block_3.vtx[0].rehash()
  379. block_3.hashMerkleRoot = block_3.calc_merkle_root()
  380. block_3.rehash()
  381. assert(len(block_3.vtx[0].vout) == 4) # 3 OP_returns
  382. block_3.solve()
  383. self.test_node.test_witness_block(block_3, accepted=True)
  384. # Finally test that a block with no witness transactions can
  385. # omit the commitment.
  386. block_4 = self.build_next_block()
  387. tx3 = CTransaction()
  388. tx3.vin.append(CTxIn(COutPoint(tx2.sha256, 0), b""))
  389. tx3.vout.append(CTxOut(tx.vout[0].nValue-1000, witness_program))
  390. tx3.rehash()
  391. block_4.vtx.append(tx3)
  392. block_4.hashMerkleRoot = block_4.calc_merkle_root()
  393. block_4.solve()
  394. self.test_node.test_witness_block(block_4, with_witness=False, accepted=True)
  395. # Update available utxo's for use in later test.
  396. self.utxo.pop(0)
  397. self.utxo.append(UTXO(tx3.sha256, 0, tx3.vout[0].nValue))
  398. def test_block_malleability(self):
  399. self.log.info("Testing witness block malleability")
  400. # Make sure that a block that has too big a virtual size
  401. # because of a too-large coinbase witness is not permanently
  402. # marked bad.
  403. block = self.build_next_block()
  404. add_witness_commitment(block)
  405. block.solve()
  406. block.vtx[0].wit.vtxinwit[0].scriptWitness.stack.append(b'a'*5000000)
  407. assert(get_virtual_size(block) > MAX_BLOCK_BASE_SIZE)
  408. # We can't send over the p2p network, because this is too big to relay
  409. # TODO: repeat this test with a block that can be relayed
  410. self.nodes[0].submitblock(bytes_to_hex_str(block.serialize(True)))
  411. assert(self.nodes[0].getbestblockhash() != block.hash)
  412. block.vtx[0].wit.vtxinwit[0].scriptWitness.stack.pop()
  413. assert(get_virtual_size(block) < MAX_BLOCK_BASE_SIZE)
  414. self.nodes[0].submitblock(bytes_to_hex_str(block.serialize(True)))
  415. assert(self.nodes[0].getbestblockhash() == block.hash)
  416. # Now make sure that malleating the witness nonce doesn't
  417. # result in a block permanently marked bad.
  418. block = self.build_next_block()
  419. add_witness_commitment(block)
  420. block.solve()
  421. # Change the nonce -- should not cause the block to be permanently
  422. # failed
  423. block.vtx[0].wit.vtxinwit[0].scriptWitness.stack = [ ser_uint256(1) ]
  424. self.test_node.test_witness_block(block, accepted=False)
  425. # Changing the witness nonce doesn't change the block hash
  426. block.vtx[0].wit.vtxinwit[0].scriptWitness.stack = [ ser_uint256(0) ]
  427. self.test_node.test_witness_block(block, accepted=True)
  428. def test_witness_block_size(self):
  429. self.log.info("Testing witness block size limit")
  430. # TODO: Test that non-witness carrying blocks can't exceed 1MB
  431. # Skipping this test for now; this is covered in p2p-fullblocktest.py
  432. # Test that witness-bearing blocks are limited at ceil(base + wit/4) <= 1MB.
  433. block = self.build_next_block()
  434. assert(len(self.utxo) > 0)
  435. # Create a P2WSH transaction.
  436. # The witness program will be a bunch of OP_2DROP's, followed by OP_TRUE.
  437. # This should give us plenty of room to tweak the spending tx's
  438. # virtual size.
  439. NUM_DROPS = 200 # 201 max ops per script!
  440. NUM_OUTPUTS = 50
  441. witness_program = CScript([OP_2DROP]*NUM_DROPS + [OP_TRUE])
  442. witness_hash = uint256_from_str(sha256(witness_program))
  443. scriptPubKey = CScript([OP_0, ser_uint256(witness_hash)])
  444. prevout = COutPoint(self.utxo[0].sha256, self.utxo[0].n)
  445. value = self.utxo[0].nValue
  446. parent_tx = CTransaction()
  447. parent_tx.vin.append(CTxIn(prevout, b""))
  448. child_value = int(value/NUM_OUTPUTS)
  449. for i in range(NUM_OUTPUTS):
  450. parent_tx.vout.append(CTxOut(child_value, scriptPubKey))
  451. parent_tx.vout[0].nValue -= 50000
  452. assert(parent_tx.vout[0].nValue > 0)
  453. parent_tx.rehash()
  454. child_tx = CTransaction()
  455. for i in range(NUM_OUTPUTS):
  456. child_tx.vin.append(CTxIn(COutPoint(parent_tx.sha256, i), b""))
  457. child_tx.vout = [CTxOut(value - 100000, CScript([OP_TRUE]))]
  458. for i in range(NUM_OUTPUTS):
  459. child_tx.wit.vtxinwit.append(CTxInWitness())
  460. child_tx.wit.vtxinwit[-1].scriptWitness.stack = [b'a'*195]*(2*NUM_DROPS) + [witness_program]
  461. child_tx.rehash()
  462. self.update_witness_block_with_transactions(block, [parent_tx, child_tx])
  463. vsize = get_virtual_size(block)
  464. additional_bytes = (MAX_BLOCK_BASE_SIZE - vsize)*4
  465. i = 0
  466. while additional_bytes > 0:
  467. # Add some more bytes to each input until we hit MAX_BLOCK_BASE_SIZE+1
  468. extra_bytes = min(additional_bytes+1, 55)
  469. block.vtx[-1].wit.vtxinwit[int(i/(2*NUM_DROPS))].scriptWitness.stack[i%(2*NUM_DROPS)] = b'a'*(195+extra_bytes)
  470. additional_bytes -= extra_bytes
  471. i += 1
  472. block.vtx[0].vout.pop() # Remove old commitment
  473. add_witness_commitment(block)
  474. block.solve()
  475. vsize = get_virtual_size(block)
  476. assert_equal(vsize, MAX_BLOCK_BASE_SIZE + 1)
  477. # Make sure that our test case would exceed the old max-network-message
  478. # limit
  479. assert(len(block.serialize(True)) > 2*1024*1024)
  480. self.test_node.test_witness_block(block, accepted=False)
  481. # Now resize the second transaction to make the block fit.
  482. cur_length = len(block.vtx[-1].wit.vtxinwit[0].scriptWitness.stack[0])
  483. block.vtx[-1].wit.vtxinwit[0].scriptWitness.stack[0] = b'a'*(cur_length-1)
  484. block.vtx[0].vout.pop()
  485. add_witness_commitment(block)
  486. block.solve()
  487. assert(get_virtual_size(block) == MAX_BLOCK_BASE_SIZE)
  488. self.test_node.test_witness_block(block, accepted=True)
  489. # Update available utxo's
  490. self.utxo.pop(0)
  491. self.utxo.append(UTXO(block.vtx[-1].sha256, 0, block.vtx[-1].vout[0].nValue))
  492. # submitblock will try to add the nonce automatically, so that mining
  493. # software doesn't need to worry about doing so itself.
  494. def test_submit_block(self):
  495. block = self.build_next_block()
  496. # Try using a custom nonce and then don't supply it.
  497. # This shouldn't possibly work.
  498. add_witness_commitment(block, nonce=1)
  499. block.vtx[0].wit = CTxWitness() # drop the nonce
  500. block.solve()
  501. self.nodes[0].submitblock(bytes_to_hex_str(block.serialize(True)))
  502. assert(self.nodes[0].getbestblockhash() != block.hash)
  503. # Now redo commitment with the standard nonce, but let bitcoind fill it in.
  504. add_witness_commitment(block, nonce=0)
  505. block.vtx[0].wit = CTxWitness()
  506. block.solve()
  507. self.nodes[0].submitblock(bytes_to_hex_str(block.serialize(True)))
  508. assert_equal(self.nodes[0].getbestblockhash(), block.hash)
  509. # This time, add a tx with non-empty witness, but don't supply
  510. # the commitment.
  511. block_2 = self.build_next_block()
  512. add_witness_commitment(block_2)
  513. block_2.solve()
  514. # Drop commitment and nonce -- submitblock should not fill in.
  515. block_2.vtx[0].vout.pop()
  516. block_2.vtx[0].wit = CTxWitness()
  517. self.nodes[0].submitblock(bytes_to_hex_str(block_2.serialize(True)))
  518. # Tip should not advance!
  519. assert(self.nodes[0].getbestblockhash() != block_2.hash)
  520. # Consensus tests of extra witness data in a transaction.
  521. def test_extra_witness_data(self):
  522. self.log.info("Testing extra witness data in tx")
  523. assert(len(self.utxo) > 0)
  524. block = self.build_next_block()
  525. witness_program = CScript([OP_DROP, OP_TRUE])
  526. witness_hash = sha256(witness_program)
  527. scriptPubKey = CScript([OP_0, witness_hash])
  528. # First try extra witness data on a tx that doesn't require a witness
  529. tx = CTransaction()
  530. tx.vin.append(CTxIn(COutPoint(self.utxo[0].sha256, self.utxo[0].n), b""))
  531. tx.vout.append(CTxOut(self.utxo[0].nValue-2000, scriptPubKey))
  532. tx.vout.append(CTxOut(1000, CScript([OP_TRUE]))) # non-witness output
  533. tx.wit.vtxinwit.append(CTxInWitness())
  534. tx.wit.vtxinwit[0].scriptWitness.stack = [CScript([])]
  535. tx.rehash()
  536. self.update_witness_block_with_transactions(block, [tx])
  537. # Extra witness data should not be allowed.
  538. self.test_node.test_witness_block(block, accepted=False)
  539. # Try extra signature data. Ok if we're not spending a witness output.
  540. block.vtx[1].wit.vtxinwit = []
  541. block.vtx[1].vin[0].scriptSig = CScript([OP_0])
  542. block.vtx[1].rehash()
  543. add_witness_commitment(block)
  544. block.solve()
  545. self.test_node.test_witness_block(block, accepted=True)
  546. # Now try extra witness/signature data on an input that DOES require a
  547. # witness
  548. tx2 = CTransaction()
  549. tx2.vin.append(CTxIn(COutPoint(tx.sha256, 0), b"")) # witness output
  550. tx2.vin.append(CTxIn(COutPoint(tx.sha256, 1), b"")) # non-witness
  551. tx2.vout.append(CTxOut(tx.vout[0].nValue, CScript([OP_TRUE])))
  552. tx2.wit.vtxinwit.extend([CTxInWitness(), CTxInWitness()])
  553. tx2.wit.vtxinwit[0].scriptWitness.stack = [ CScript([CScriptNum(1)]), CScript([CScriptNum(1)]), witness_program ]
  554. tx2.wit.vtxinwit[1].scriptWitness.stack = [ CScript([OP_TRUE]) ]
  555. block = self.build_next_block()
  556. self.update_witness_block_with_transactions(block, [tx2])
  557. # This has extra witness data, so it should fail.
  558. self.test_node.test_witness_block(block, accepted=False)
  559. # Now get rid of the extra witness, but add extra scriptSig data
  560. tx2.vin[0].scriptSig = CScript([OP_TRUE])
  561. tx2.vin[1].scriptSig = CScript([OP_TRUE])
  562. tx2.wit.vtxinwit[0].scriptWitness.stack.pop(0)
  563. tx2.wit.vtxinwit[1].scriptWitness.stack = []
  564. tx2.rehash()
  565. add_witness_commitment(block)
  566. block.solve()
  567. # This has extra signature data for a witness input, so it should fail.
  568. self.test_node.test_witness_block(block, accepted=False)
  569. # Now get rid of the extra scriptsig on the witness input, and verify
  570. # success (even with extra scriptsig data in the non-witness input)
  571. tx2.vin[0].scriptSig = b""
  572. tx2.rehash()
  573. add_witness_commitment(block)
  574. block.solve()
  575. self.test_node.test_witness_block(block, accepted=True)
  576. # Update utxo for later tests
  577. self.utxo.pop(0)
  578. self.utxo.append(UTXO(tx2.sha256, 0, tx2.vout[0].nValue))
  579. def test_max_witness_push_length(self):
  580. ''' Should only allow up to 520 byte pushes in witness stack '''
  581. self.log.info("Testing maximum witness push size")
  582. MAX_SCRIPT_ELEMENT_SIZE = 520
  583. assert(len(self.utxo))
  584. block = self.build_next_block()
  585. witness_program = CScript([OP_DROP, OP_TRUE])
  586. witness_hash = sha256(witness_program)
  587. scriptPubKey = CScript([OP_0, witness_hash])
  588. tx = CTransaction()
  589. tx.vin.append(CTxIn(COutPoint(self.utxo[0].sha256, self.utxo[0].n), b""))
  590. tx.vout.append(CTxOut(self.utxo[0].nValue-1000, scriptPubKey))
  591. tx.rehash()
  592. tx2 = CTransaction()
  593. tx2.vin.append(CTxIn(COutPoint(tx.sha256, 0), b""))
  594. tx2.vout.append(CTxOut(tx.vout[0].nValue-1000, CScript([OP_TRUE])))
  595. tx2.wit.vtxinwit.append(CTxInWitness())
  596. # First try a 521-byte stack element
  597. tx2.wit.vtxinwit[0].scriptWitness.stack = [ b'a'*(MAX_SCRIPT_ELEMENT_SIZE+1), witness_program ]
  598. tx2.rehash()
  599. self.update_witness_block_with_transactions(block, [tx, tx2])
  600. self.test_node.test_witness_block(block, accepted=False)
  601. # Now reduce the length of the stack element
  602. tx2.wit.vtxinwit[0].scriptWitness.stack[0] = b'a'*(MAX_SCRIPT_ELEMENT_SIZE)
  603. add_witness_commitment(block)
  604. block.solve()
  605. self.test_node.test_witness_block(block, accepted=True)
  606. # Update the utxo for later tests
  607. self.utxo.pop()
  608. self.utxo.append(UTXO(tx2.sha256, 0, tx2.vout[0].nValue))
  609. def test_max_witness_program_length(self):
  610. # Can create witness outputs that are long, but can't be greater than
  611. # 10k bytes to successfully spend
  612. self.log.info("Testing maximum witness program length")
  613. assert(len(self.utxo))
  614. MAX_PROGRAM_LENGTH = 10000
  615. # This program is 19 max pushes (9937 bytes), then 64 more opcode-bytes.
  616. long_witness_program = CScript([b'a'*520]*19 + [OP_DROP]*63 + [OP_TRUE])
  617. assert(len(long_witness_program) == MAX_PROGRAM_LENGTH+1)
  618. long_witness_hash = sha256(long_witness_program)
  619. long_scriptPubKey = CScript([OP_0, long_witness_hash])
  620. block = self.build_next_block()
  621. tx = CTransaction()
  622. tx.vin.append(CTxIn(COutPoint(self.utxo[0].sha256, self.utxo[0].n), b""))
  623. tx.vout.append(CTxOut(self.utxo[0].nValue-1000, long_scriptPubKey))
  624. tx.rehash()
  625. tx2 = CTransaction()
  626. tx2.vin.append(CTxIn(COutPoint(tx.sha256, 0), b""))
  627. tx2.vout.append(CTxOut(tx.vout[0].nValue-1000, CScript([OP_TRUE])))
  628. tx2.wit.vtxinwit.append(CTxInWitness())
  629. tx2.wit.vtxinwit[0].scriptWitness.stack = [b'a']*44 + [long_witness_program]
  630. tx2.rehash()
  631. self.update_witness_block_with_transactions(block, [tx, tx2])
  632. self.test_node.test_witness_block(block, accepted=False)
  633. # Try again with one less byte in the witness program
  634. witness_program = CScript([b'a'*520]*19 + [OP_DROP]*62 + [OP_TRUE])
  635. assert(len(witness_program) == MAX_PROGRAM_LENGTH)
  636. witness_hash = sha256(witness_program)
  637. scriptPubKey = CScript([OP_0, witness_hash])
  638. tx.vout[0] = CTxOut(tx.vout[0].nValue, scriptPubKey)
  639. tx.rehash()
  640. tx2.vin[0].prevout.hash = tx.sha256
  641. tx2.wit.vtxinwit[0].scriptWitness.stack = [b'a']*43 + [witness_program]
  642. tx2.rehash()
  643. block.vtx = [block.vtx[0]]
  644. self.update_witness_block_with_transactions(block, [tx, tx2])
  645. self.test_node.test_witness_block(block, accepted=True)
  646. self.utxo.pop()
  647. self.utxo.append(UTXO(tx2.sha256, 0, tx2.vout[0].nValue))
  648. def test_witness_input_length(self):
  649. ''' Ensure that vin length must match vtxinwit length '''
  650. self.log.info("Testing witness input length")
  651. assert(len(self.utxo))
  652. witness_program = CScript([OP_DROP, OP_TRUE])
  653. witness_hash = sha256(witness_program)
  654. scriptPubKey = CScript([OP_0, witness_hash])
  655. # Create a transaction that splits our utxo into many outputs
  656. tx = CTransaction()
  657. tx.vin.append(CTxIn(COutPoint(self.utxo[0].sha256, self.utxo[0].n), b""))
  658. nValue = self.utxo[0].nValue
  659. for i in range(10):
  660. tx.vout.append(CTxOut(int(nValue/10), scriptPubKey))
  661. tx.vout[0].nValue -= 1000
  662. assert(tx.vout[0].nValue >= 0)
  663. block = self.build_next_block()
  664. self.update_witness_block_with_transactions(block, [tx])
  665. self.test_node.test_witness_block(block, accepted=True)
  666. # Try various ways to spend tx that should all break.
  667. # This "broken" transaction serializer will not normalize
  668. # the length of vtxinwit.
  669. class BrokenCTransaction(CTransaction):
  670. def serialize_with_witness(self):
  671. flags = 0
  672. if not self.wit.is_null():
  673. flags |= 1
  674. r = b""
  675. r += struct.pack("<i", self.nVersion)
  676. if flags:
  677. dummy = []
  678. r += ser_vector(dummy)
  679. r += struct.pack("<B", flags)
  680. r += ser_vector(self.vin)
  681. r += ser_vector(self.vout)
  682. if flags & 1:
  683. r += self.wit.serialize()
  684. r += struct.pack("<I", self.nLockTime)
  685. return r
  686. tx2 = BrokenCTransaction()
  687. for i in range(10):
  688. tx2.vin.append(CTxIn(COutPoint(tx.sha256, i), b""))
  689. tx2.vout.append(CTxOut(nValue-3000, CScript([OP_TRUE])))
  690. # First try using a too long vtxinwit
  691. for i in range(11):
  692. tx2.wit.vtxinwit.append(CTxInWitness())
  693. tx2.wit.vtxinwit[i].scriptWitness.stack = [b'a', witness_program]
  694. block = self.build_next_block()
  695. self.update_witness_block_with_transactions(block, [tx2])
  696. self.test_node.test_witness_block(block, accepted=False)
  697. # Now try using a too short vtxinwit
  698. tx2.wit.vtxinwit.pop()
  699. tx2.wit.vtxinwit.pop()
  700. block.vtx = [block.vtx[0]]
  701. self.update_witness_block_with_transactions(block, [tx2])
  702. self.test_node.test_witness_block(block, accepted=False)
  703. # Now make one of the intermediate witnesses be incorrect
  704. tx2.wit.vtxinwit.append(CTxInWitness())
  705. tx2.wit.vtxinwit[-1].scriptWitness.stack = [b'a', witness_program]
  706. tx2.wit.vtxinwit[5].scriptWitness.stack = [ witness_program ]
  707. block.vtx = [block.vtx[0]]
  708. self.update_witness_block_with_transactions(block, [tx2])
  709. self.test_node.test_witness_block(block, accepted=False)
  710. # Fix the broken witness and the block should be accepted.
  711. tx2.wit.vtxinwit[5].scriptWitness.stack = [b'a', witness_program]
  712. block.vtx = [block.vtx[0]]
  713. self.update_witness_block_with_transactions(block, [tx2])
  714. self.test_node.test_witness_block(block, accepted=True)
  715. self.utxo.pop()
  716. self.utxo.append(UTXO(tx2.sha256, 0, tx2.vout[0].nValue))
  717. def test_witness_tx_relay_before_segwit_activation(self):
  718. self.log.info("Testing relay of witness transactions")
  719. # Generate a transaction that doesn't require a witness, but send it
  720. # with a witness. Should be rejected for premature-witness, but should
  721. # not be added to recently rejected list.
  722. assert(len(self.utxo))
  723. tx = CTransaction()
  724. tx.vin.append(CTxIn(COutPoint(self.utxo[0].sha256, self.utxo[0].n), b""))
  725. tx.vout.append(CTxOut(self.utxo[0].nValue-1000, CScript([OP_TRUE])))
  726. tx.wit.vtxinwit.append(CTxInWitness())
  727. tx.wit.vtxinwit[0].scriptWitness.stack = [ b'a' ]
  728. tx.rehash()
  729. tx_hash = tx.sha256
  730. tx_value = tx.vout[0].nValue
  731. # Verify that if a peer doesn't set nServices to include NODE_WITNESS,
  732. # the getdata is just for the non-witness portion.
  733. self.old_node.announce_tx_and_wait_for_getdata(tx)
  734. assert(self.old_node.last_getdata.inv[0].type == 1)
  735. # Since we haven't delivered the tx yet, inv'ing the same tx from
  736. # a witness transaction ought not result in a getdata.
  737. try:
  738. self.test_node.announce_tx_and_wait_for_getdata(tx, timeout=2)
  739. self.log.error("Error: duplicate tx getdata!")
  740. assert(False)
  741. except AssertionError as e:
  742. pass
  743. # Delivering this transaction with witness should fail (no matter who
  744. # its from)
  745. assert_equal(len(self.nodes[0].getrawmempool()), 0)
  746. assert_equal(len(self.nodes[1].getrawmempool()), 0)
  747. self.old_node.test_transaction_acceptance(tx, with_witness=True, accepted=False)
  748. self.test_node.test_transaction_acceptance(tx, with_witness=True, accepted=False)
  749. # But eliminating the witness should fix it
  750. self.test_node.test_transaction_acceptance(tx, with_witness=False, accepted=True)
  751. # Cleanup: mine the first transaction and update utxo
  752. self.nodes[0].generate(1)
  753. assert_equal(len(self.nodes[0].getrawmempool()), 0)
  754. self.utxo.pop(0)
  755. self.utxo.append(UTXO(tx_hash, 0, tx_value))
  756. # After segwit activates, verify that mempool:
  757. # - rejects transactions with unnecessary/extra witnesses
  758. # - accepts transactions with valid witnesses
  759. # and that witness transactions are relayed to non-upgraded peers.
  760. def test_tx_relay_after_segwit_activation(self):
  761. self.log.info("Testing relay of witness transactions")
  762. # Generate a transaction that doesn't require a witness, but send it
  763. # with a witness. Should be rejected because we can't use a witness
  764. # when spending a non-witness output.
  765. assert(len(self.utxo))
  766. tx = CTransaction()
  767. tx.vin.append(CTxIn(COutPoint(self.utxo[0].sha256, self.utxo[0].n), b""))
  768. tx.vout.append(CTxOut(self.utxo[0].nValue-1000, CScript([OP_TRUE])))
  769. tx.wit.vtxinwit.append(CTxInWitness())
  770. tx.wit.vtxinwit[0].scriptWitness.stack = [ b'a' ]
  771. tx.rehash()
  772. tx_hash = tx.sha256
  773. # Verify that unnecessary witnesses are rejected.
  774. self.test_node.announce_tx_and_wait_for_getdata(tx)
  775. assert_equal(len(self.nodes[0].getrawmempool()), 0)
  776. self.test_node.test_transaction_acceptance(tx, with_witness=True, accepted=False)
  777. # Verify that removing the witness succeeds.
  778. self.test_node.announce_tx_and_wait_for_getdata(tx)
  779. self.test_node.test_transaction_acceptance(tx, with_witness=False, accepted=True)
  780. # Now try to add extra witness data to a valid witness tx.
  781. witness_program = CScript([OP_TRUE])
  782. witness_hash = sha256(witness_program)
  783. scriptPubKey = CScript([OP_0, witness_hash])
  784. tx2 = CTransaction()
  785. tx2.vin.append(CTxIn(COutPoint(tx_hash, 0), b""))
  786. tx2.vout.append(CTxOut(tx.vout[0].nValue-1000, scriptPubKey))
  787. tx2.rehash()
  788. tx3 = CTransaction()
  789. tx3.vin.append(CTxIn(COutPoint(tx2.sha256, 0), b""))
  790. tx3.wit.vtxinwit.append(CTxInWitness())
  791. # Add too-large for IsStandard witness and check that it does not enter reject filter
  792. p2sh_program = CScript([OP_TRUE])
  793. p2sh_pubkey = hash160(p2sh_program)
  794. witness_program2 = CScript([b'a'*400000])
  795. tx3.vout.append(CTxOut(tx2.vout[0].nValue-1000, CScript([OP_HASH160, p2sh_pubkey, OP_EQUAL])))
  796. tx3.wit.vtxinwit[0].scriptWitness.stack = [witness_program2]
  797. tx3.rehash()
  798. # Node will not be blinded to the transaction
  799. self.std_node.announce_tx_and_wait_for_getdata(tx3)
  800. self.std_node.test_transaction_acceptance(tx3, True, False, b'tx-size')
  801. self.std_node.announce_tx_and_wait_for_getdata(tx3)
  802. self.std_node.test_transaction_acceptance(tx3, True, False, b'tx-size')
  803. # Remove witness stuffing, instead add extra witness push on stack
  804. tx3.vout[0] = CTxOut(tx2.vout[0].nValue-1000, CScript([OP_TRUE]))
  805. tx3.wit.vtxinwit[0].scriptWitness.stack = [CScript([CScriptNum(1)]), witness_program ]
  806. tx3.rehash()
  807. self.test_node.test_transaction_acceptance(tx2, with_witness=True, accepted=True)
  808. self.test_node.test_transaction_acceptance(tx3, with_witness=True, accepted=False)
  809. # Get rid of the extra witness, and verify acceptance.
  810. tx3.wit.vtxinwit[0].scriptWitness.stack = [ witness_program ]
  811. # Also check that old_node gets a tx announcement, even though this is
  812. # a witness transaction.
  813. self.old_node.wait_for_inv(CInv(1, tx2.sha256)) # wait until tx2 was inv'ed
  814. self.test_node.test_transaction_acceptance(tx3, with_witness=True, accepted=True)
  815. self.old_node.wait_for_inv(CInv(1, tx3.sha256))
  816. # Test that getrawtransaction returns correct witness information
  817. # hash, size, vsize
  818. raw_tx = self.nodes[0].getrawtransaction(tx3.hash, 1)
  819. assert_equal(int(raw_tx["hash"], 16), tx3.calc_sha256(True))
  820. assert_equal(raw_tx["size"], len(tx3.serialize_with_witness()))
  821. vsize = (len(tx3.serialize_with_witness()) + 3*len(tx3.serialize_without_witness()) + 3) / 4
  822. assert_equal(raw_tx["vsize"], vsize)
  823. assert_equal(len(raw_tx["vin"][0]["txinwitness"]), 1)
  824. assert_equal(raw_tx["vin"][0]["txinwitness"][0], hexlify(witness_program).decode('ascii'))
  825. assert(vsize != raw_tx["size"])
  826. # Cleanup: mine the transactions and update utxo for next test
  827. self.nodes[0].generate(1)
  828. assert_equal(len(self.nodes[0].getrawmempool()), 0)
  829. self.utxo.pop(0)
  830. self.utxo.append(UTXO(tx3.sha256, 0, tx3.vout[0].nValue))
  831. # Test that block requests to NODE_WITNESS peer are with MSG_WITNESS_FLAG
  832. # This is true regardless of segwit activation.
  833. # Also test that we don't ask for blocks from unupgraded peers
  834. def test_block_relay(self, segwit_activated):
  835. self.log.info("Testing block relay")
  836. blocktype = 2|MSG_WITNESS_FLAG
  837. # test_node has set NODE_WITNESS, so all getdata requests should be for
  838. # witness blocks.
  839. # Test announcing a block via inv results in a getdata, and that
  840. # announcing a version 4 or random VB block with a header results in a getdata
  841. block1 = self.build_next_block()
  842. block1.solve()
  843. self.test_node.announce_block_and_wait_for_getdata(block1, use_header=False)
  844. assert(self.test_node.last_getdata.inv[0].type == blocktype)
  845. self.test_node.test_witness_block(block1, True)
  846. block2 = self.build_next_block(nVersion=4)
  847. block2.solve()
  848. self.test_node.announce_block_and_wait_for_getdata(block2, use_header=True)
  849. assert(self.test_node.last_getdata.inv[0].type == blocktype)
  850. self.test_node.test_witness_block(block2, True)
  851. block3 = self.build_next_block(nVersion=(VB_TOP_BITS | (1<<15)))
  852. block3.solve()
  853. self.test_node.announce_block_and_wait_for_getdata(block3, use_header=True)
  854. assert(self.test_node.last_getdata.inv[0].type == blocktype)
  855. self.test_node.test_witness_block(block3, True)
  856. # Check that we can getdata for witness blocks or regular blocks,
  857. # and the right thing happens.
  858. if segwit_activated == False:
  859. # Before activation, we should be able to request old blocks with
  860. # or without witness, and they should be the same.
  861. chain_height = self.nodes[0].getblockcount()
  862. # Pick 10 random blocks on main chain, and verify that getdata's
  863. # for MSG_BLOCK, MSG_WITNESS_BLOCK, and rpc getblock() are equal.
  864. all_heights = list(range(chain_height+1))
  865. random.shuffle(all_heights)
  866. all_heights = all_heights[0:10]
  867. for height in all_heights:
  868. block_hash = self.nodes[0].getblockhash(height)
  869. rpc_block = self.nodes[0].getblock(block_hash, False)
  870. block_hash = int(block_hash, 16)
  871. block = self.test_node.request_block(block_hash, 2)
  872. wit_block = self.test_node.request_block(block_hash, 2|MSG_WITNESS_FLAG)
  873. assert_equal(block.serialize(True), wit_block.serialize(True))
  874. assert_equal(block.serialize(), hex_str_to_bytes(rpc_block))
  875. else:
  876. # After activation, witness blocks and non-witness blocks should
  877. # be different. Verify rpc getblock() returns witness blocks, while
  878. # getdata respects the requested type.
  879. block = self.build_next_block()
  880. self.update_witness_block_with_transactions(block, [])
  881. # This gives us a witness commitment.
  882. assert(len(block.vtx[0].wit.vtxinwit) == 1)
  883. assert(len(block.vtx[0].wit.vtxinwit[0].scriptWitness.stack) == 1)
  884. self.test_node.test_witness_block(block, accepted=True)
  885. # Now try to retrieve it...
  886. rpc_block = self.nodes[0].getblock(block.hash, False)
  887. non_wit_block = self.test_node.request_block(block.sha256, 2)
  888. wit_block = self.test_node.request_block(block.sha256, 2|MSG_WITNESS_FLAG)
  889. assert_equal(wit_block.serialize(True), hex_str_to_bytes(rpc_block))
  890. assert_equal(wit_block.serialize(False), non_wit_block.serialize())
  891. assert_equal(wit_block.serialize(True), block.serialize(True))
  892. # Test size, vsize, weight
  893. rpc_details = self.nodes[0].getblock(block.hash, True)
  894. assert_equal(rpc_details["size"], len(block.serialize(True)))
  895. assert_equal(rpc_details["strippedsize"], len(block.serialize(False)))
  896. weight = 3*len(block.serialize(False)) + len(block.serialize(True))
  897. assert_equal(rpc_details["weight"], weight)
  898. # Upgraded node should not ask for blocks from unupgraded
  899. block4 = self.build_next_block(nVersion=4)
  900. block4.solve()
  901. self.old_node.getdataset = set()
  902. # Blocks can be requested via direct-fetch (immediately upon processing the announcement)
  903. # or via parallel download (with an indeterminate delay from processing the announcement)
  904. # so to test that a block is NOT requested, we could guess a time period to sleep for,
  905. # and then check. We can avoid the sleep() by taking advantage of transaction getdata's
  906. # being processed after block getdata's, and announce a transaction as well,
  907. # and then check to see if that particular getdata has been received.
  908. self.old_node.announce_block(block4, use_header=False)
  909. self.old_node.announce_tx_and_wait_for_getdata(block4.vtx[0])
  910. assert(block4.sha256 not in self.old_node.getdataset)
  911. # V0 segwit outputs should be standard after activation, but not before.
  912. def test_standardness_v0(self, segwit_activated):
  913. self.log.info("Testing standardness of v0 outputs (%s activation)" % ("after" if segwit_activated else "before"))
  914. assert(len(self.utxo))
  915. witness_program = CScript([OP_TRUE])
  916. witness_hash = sha256(witness_program)
  917. scriptPubKey = CScript([OP_0, witness_hash])
  918. p2sh_pubkey = hash160(witness_program)
  919. p2sh_scriptPubKey = CScript([OP_HASH160, p2sh_pubkey, OP_EQUAL])
  920. # First prepare a p2sh output (so that spending it will pass standardness)
  921. p2sh_tx = CTransaction()
  922. p2sh_tx.vin = [CTxIn(COutPoint(self.utxo[0].sha256, self.utxo[0].n), b"")]
  923. p2sh_tx.vout = [CTxOut(self.utxo[0].nValue-1000, p2sh_scriptPubKey)]
  924. p2sh_tx.rehash()
  925. # Mine it on test_node to create the confirmed output.
  926. self.test_node.test_transaction_acceptance(p2sh_tx, with_witness=True, accepted=True)
  927. self.nodes[0].generate(1)
  928. sync_blocks(self.nodes)
  929. # Now test standardness of v0 P2WSH outputs.
  930. # Start by creating a transaction with two outputs.
  931. tx = CTransaction()
  932. tx.vin = [CTxIn(COutPoint(p2sh_tx.sha256, 0), CScript([witness_program]))]
  933. tx.vout = [CTxOut(p2sh_tx.vout[0].nValue-10000, scriptPubKey)]
  934. tx.vout.append(CTxOut(8000, scriptPubKey)) # Might burn this later
  935. tx.rehash()
  936. self.std_node.test_transaction_acceptance(tx, with_witness=True, accepted=segwit_activated)
  937. # Now create something that looks like a P2PKH output. This won't be spendable.
  938. scriptPubKey = CScript([OP_0, hash160(witness_hash)])
  939. tx2 = CTransaction()
  940. if segwit_activated:
  941. # if tx was accepted, then we spend the second output.
  942. tx2.vin = [CTxIn(COutPoint(tx.sha256, 1), b"")]
  943. tx2.vout = [CTxOut(7000, scriptPubKey)]
  944. tx2.wit.vtxinwit.append(CTxInWitness())
  945. tx2.wit.vtxinwit[0].scriptWitness.stack = [witness_program]
  946. else:
  947. # if tx wasn't accepted, we just re-spend the p2sh output we started with.
  948. tx2.vin = [CTxIn(COutPoint(p2sh_tx.sha256, 0), CScript([witness_program]))]
  949. tx2.vout = [CTxOut(p2sh_tx.vout[0].nValue-1000, scriptPubKey)]
  950. tx2.rehash()
  951. self.std_node.test_transaction_acceptance(tx2, with_witness=True, accepted=segwit_activated)
  952. # Now update self.utxo for later tests.
  953. tx3 = CTransaction()
  954. if segwit_activated:
  955. # tx and tx2 were both accepted. Don't bother trying to reclaim the
  956. # P2PKH output; just send tx's first output back to an anyone-can-spend.
  957. sync_mempools([self.nodes[0], self.nodes[1]])
  958. tx3.vin = [CTxIn(COutPoint(tx.sha256, 0), b"")]
  959. tx3.vout = [CTxOut(tx.vout[0].nValue-1000, CScript([OP_TRUE]))]
  960. tx3.wit.vtxinwit.append(CTxInWitness())
  961. tx3.wit.vtxinwit[0].scriptWitness.stack = [witness_program]
  962. tx3.rehash()
  963. self.test_node.test_transaction_acceptance(tx3, with_witness=True, accepted=True)
  964. else:
  965. # tx and tx2 didn't go anywhere; just clean up the p2sh_tx output.
  966. tx3.vin = [CTxIn(COutPoint(p2sh_tx.sha256, 0), CScript([witness_program]))]
  967. tx3.vout = [CTxOut(p2sh_tx.vout[0].nValue-1000, witness_program)]
  968. tx3.rehash()
  969. self.test_node.test_transaction_acceptance(tx3, with_witness=True, accepted=True)
  970. self.nodes[0].generate(1)
  971. sync_blocks(self.nodes)
  972. self.utxo.pop(0)
  973. self.utxo.append(UTXO(tx3.sha256, 0, tx3.vout[0].nValue))
  974. assert_equal(len(self.nodes[1].getrawmempool()), 0)
  975. # Verify that future segwit upgraded transactions are non-standard,
  976. # but valid in blocks. Can run this before and after segwit activation.
  977. def test_segwit_versions(self):
  978. self.log.info("Testing standardness/consensus for segwit versions (0-16)")
  979. assert(len(self.utxo))
  980. NUM_TESTS = 17 # will test OP_0, OP1, ..., OP_16
  981. if (len(self.utxo) < NUM_TESTS):
  982. tx = CTransaction()
  983. tx.vin.append(CTxIn(COutPoint(self.utxo[0].sha256, self.utxo[0].n), b""))
  984. split_value = (self.utxo[0].nValue - 4000) // NUM_TESTS
  985. for i in range(NUM_TESTS):
  986. tx.vout.append(CTxOut(split_value, CScript([OP_TRUE])))
  987. tx.rehash()
  988. block = self.build_next_block()
  989. self.update_witness_block_with_transactions(block, [tx])
  990. self.test_node.test_witness_block(block, accepted=True)
  991. self.utxo.pop(0)
  992. for i in range(NUM_TESTS):
  993. self.utxo.append(UTXO(tx.sha256, i, split_value))
  994. sync_blocks(self.nodes)
  995. temp_utxo = []
  996. tx = CTransaction()
  997. count = 0
  998. witness_program = CScript([OP_TRUE])
  999. witness_hash = sha256(witness_program)
  1000. assert_equal(len(self.nodes[1].getrawmempool()), 0)
  1001. for version in list(range(OP_1, OP_16+1)) + [OP_0]:
  1002. count += 1
  1003. # First try to spend to a future version segwit scriptPubKey.
  1004. scriptPubKey = CScript([CScriptOp(version), witness_hash])
  1005. tx.vin = [CTxIn(COutPoint(self.utxo[0].sha256, self.utxo[0].n), b"")]
  1006. tx.vout = [CTxOut(self.utxo[0].nValue-1000, scriptPubKey)]
  1007. tx.rehash()
  1008. self.std_node.test_transaction_acceptance(tx, with_witness=True, accepted=False)
  1009. self.test_node.test_transaction_acceptance(tx, with_witness=True, accepted=True)
  1010. self.utxo.pop(0)
  1011. temp_utxo.append(UTXO(tx.sha256, 0, tx.vout[0].nValue))
  1012. self.nodes[0].generate(1) # Mine all the transactions
  1013. sync_blocks(self.nodes)
  1014. assert(len(self.nodes[0].getrawmempool()) == 0)
  1015. # Finally, verify that version 0 -> version 1 transactions
  1016. # are non-standard
  1017. scriptPubKey = CScript([CScriptOp(OP_1), witness_hash])
  1018. tx2 = CTransaction()
  1019. tx2.vin = [CTxIn(COutPoint(tx.sha256, 0), b"")]
  1020. tx2.vout = [CTxOut(tx.vout[0].nValue-1000, scriptPubKey)]
  1021. tx2.wit.vtxinwit.append(CTxInWitness())
  1022. tx2.wit.vtxinwit[0].scriptWitness.stack = [ witness_program ]
  1023. tx2.rehash()
  1024. # Gets accepted to test_node, because standardness of outputs isn't
  1025. # checked with fRequireStandard
  1026. self.test_node.test_transaction_acceptance(tx2, with_witness=True, accepted=True)
  1027. self.std_node.test_transaction_acceptance(tx2, with_witness=True, accepted=False)
  1028. temp_utxo.pop() # last entry in temp_utxo was the output we just spent
  1029. temp_utxo.append(UTXO(tx2.sha256, 0, tx2.vout[0].nValue))
  1030. # Spend everything in temp_utxo back to an OP_TRUE output.
  1031. tx3 = CTransaction()
  1032. total_value = 0
  1033. for i in temp_utxo:
  1034. tx3.vin.append(CTxIn(COutPoint(i.sha256, i.n), b""))
  1035. tx3.wit.vtxinwit.append(CTxInWitness())
  1036. total_value += i.nValue
  1037. tx3.wit.vtxinwit[-1].scriptWitness.stack = [witness_program]
  1038. tx3.vout.append(CTxOut(total_value - 1000, CScript([OP_TRUE])))
  1039. tx3.rehash()
  1040. # Spending a higher version witness output is not allowed by policy,
  1041. # even with fRequireStandard=false.
  1042. self.test_node.test_transaction_acceptance(tx3, with_witness=True, accepted=False)
  1043. self.test_node.sync_with_ping()
  1044. with mininode_lock:
  1045. assert(b"reserved for soft-fork upgrades" in self.test_node.last_reject.reason)
  1046. # Building a block with the transaction must be valid, however.
  1047. block = self.build_next_block()
  1048. self.update_witness_block_with_transactions(block, [tx2, tx3])
  1049. self.test_node.test_witness_block(block, accepted=True)
  1050. sync_blocks(self.nodes)
  1051. # Add utxo to our list
  1052. self.utxo.append(UTXO(tx3.sha256, 0, tx3.vout[0].nValue))
  1053. def test_premature_coinbase_witness_spend(self):
  1054. self.log.info("Testing premature coinbase witness spend")
  1055. block = self.build_next_block()
  1056. # Change the output of the block to be a witness output.
  1057. witness_program = CScript([OP_TRUE])
  1058. witness_hash = sha256(witness_program)
  1059. scriptPubKey = CScript([OP_0, witness_hash])
  1060. block.vtx[0].vout[0].scriptPubKey = scriptPubKey
  1061. # This next line will rehash the coinbase and update the merkle
  1062. # root, and solve.
  1063. self.update_witness_block_with_transactions(block, [])
  1064. self.test_node.test_witness_block(block, accepted=True)
  1065. spend_tx = CTransaction()
  1066. spend_tx.vin = [CTxIn(COutPoint(block.vtx[0].sha256, 0), b"")]
  1067. spend_tx.vout = [CTxOut(block.vtx[0].vout[0].nValue, witness_program)]
  1068. spend_tx.wit.vtxinwit.append(CTxInWitness())
  1069. spend_tx.wit.vtxinwit[0].scriptWitness.stack = [ witness_program ]
  1070. spend_tx.rehash()
  1071. # Now test a premature spend.
  1072. self.nodes[0].generate(98)
  1073. sync_blocks(self.nodes)
  1074. block2 = self.build_next_block()
  1075. self.update_witness_block_with_transactions(block2, [spend_tx])
  1076. self.test_node.test_witness_block(block2, accepted=False)
  1077. # Advancing one more block should allow the spend.
  1078. self.nodes[0].generate(1)
  1079. block2 = self.build_next_block()
  1080. self.update_witness_block_with_transactions(block2, [spend_tx])
  1081. self.test_node.test_witness_block(block2, accepted=True)
  1082. sync_blocks(self.nodes)
  1083. def test_signature_version_1(self):
  1084. self.log.info("Testing segwit signature hash version 1")
  1085. key = CECKey()
  1086. key.set_secretbytes(b"9")
  1087. pubkey = CPubKey(key.get_pubkey())
  1088. witness_program = CScript([pubkey, CScriptOp(OP_CHECKSIG)])
  1089. witness_hash = sha256(witness_program)
  1090. scriptPubKey = CScript([OP_0, witness_hash])
  1091. # First create a witness output for use in the tests.
  1092. assert(len(self.utxo))
  1093. tx = CTransaction()
  1094. tx.vin.append(CTxIn(COutPoint(self.utxo[0].sha256, self.utxo[0].n), b""))
  1095. tx.vout.append(CTxOut(self.utxo[0].nValue-1000, scriptPubKey))
  1096. tx.rehash()
  1097. self.test_node.test_transaction_acceptance(tx, with_witness=True, accepted=True)
  1098. # Mine this transaction in preparation for following tests.
  1099. block = self.build_next_block()
  1100. self.update_witness_block_with_transactions(block, [tx])
  1101. self.test_node.test_witness_block(block, accepted=True)
  1102. sync_blocks(self.nodes)
  1103. self.utxo.pop(0)
  1104. # Test each hashtype
  1105. prev_utxo = UTXO(tx.sha256, 0, tx.vout[0].nValue)
  1106. for sigflag in [ 0, SIGHASH_ANYONECANPAY ]:
  1107. for hashtype in [SIGHASH_ALL, SIGHASH_NONE, SIGHASH_SINGLE]:
  1108. hashtype |= sigflag
  1109. block = self.build_next_block()
  1110. tx = CTransaction()
  1111. tx.vin.append(CTxIn(COutPoint(prev_utxo.sha256, prev_utxo.n), b""))
  1112. tx.vout.append(CTxOut(prev_utxo.nValue - 1000, scriptPubKey))
  1113. tx.wit.vtxinwit.append(CTxInWitness())
  1114. # Too-large input value
  1115. sign_P2PK_witness_input(witness_program, tx, 0, hashtype, prev_utxo.nValue+1, key)
  1116. self.update_witness_block_with_transactions(block, [tx])
  1117. self.test_node.test_witness_block(block, accepted=False)
  1118. # Too-small input value
  1119. sign_P2PK_witness_input(witness_program, tx, 0, hashtype, prev_utxo.nValue-1, key)
  1120. block.vtx.pop() # remove last tx
  1121. self.update_witness_block_with_transactions(block, [tx])
  1122. self.test_node.test_witness_block(block, accepted=False)
  1123. # Now try correct value
  1124. sign_P2PK_witness_input(witness_program, tx, 0, hashtype, prev_utxo.nValue, key)
  1125. block.vtx.pop()
  1126. self.update_witness_block_with_transactions(block, [tx])
  1127. self.test_node.test_witness_block(block, accepted=True)
  1128. prev_utxo = UTXO(tx.sha256, 0, tx.vout[0].nValue)
  1129. # Test combinations of signature hashes.
  1130. # Split the utxo into a lot of outputs.
  1131. # Randomly choose up to 10 to spend, sign with different hashtypes, and
  1132. # output to a random number of outputs. Repeat NUM_TESTS times.
  1133. # Ensure that we've tested a situation where we use SIGHASH_SINGLE with
  1134. # an input index > number of outputs.
  1135. NUM_TESTS = 500
  1136. temp_utxos = []
  1137. tx = CTransaction()
  1138. tx.vin.append(CTxIn(COutPoint(prev_utxo.sha256, prev_utxo.n), b""))
  1139. split_value = prev_utxo.nValue // NUM_TESTS
  1140. for i in range(NUM_TESTS):
  1141. tx.vout.append(CTxOut(split_value, scriptPubKey))
  1142. tx.wit.vtxinwit.append(CTxInWitness())
  1143. sign_P2PK_witness_input(witness_program, tx, 0, SIGHASH_ALL, prev_utxo.nValue, key)
  1144. for i in range(NUM_TESTS):
  1145. temp_utxos.append(UTXO(tx.sha256, i, split_value))
  1146. block = self.build_next_block()
  1147. self.update_witness_block_with_transactions(block, [tx])
  1148. self.test_node.test_witness_block(block, accepted=True)
  1149. block = self.build_next_block()
  1150. used_sighash_single_out_of_bounds = False
  1151. for i in range(NUM_TESTS):
  1152. # Ping regularly to keep the connection alive
  1153. if (not i % 100):
  1154. self.test_node.sync_with_ping()
  1155. # Choose random number of inputs to use.
  1156. num_inputs = random.randint(1, 10)
  1157. # Create a slight bias for producing more utxos
  1158. num_outputs = random.randint(1, 11)
  1159. random.shuffle(temp_utxos)
  1160. assert(len(temp_utxos) > num_inputs)
  1161. tx = CTransaction()
  1162. total_value = 0
  1163. for i in range(num_inputs):
  1164. tx.vin.append(CTxIn(COutPoint(temp_utxos[i].sha256, temp_utxos[i].n), b""))
  1165. tx.wit.vtxinwit.append(CTxInWitness())
  1166. total_value += temp_utxos[i].nValue
  1167. split_value = total_value // num_outputs
  1168. for i in range(num_outputs):
  1169. tx.vout.append(CTxOut(split_value, scriptPubKey))
  1170. for i in range(num_inputs):
  1171. # Now try to sign each input, using a random hashtype.
  1172. anyonecanpay = 0
  1173. if random.randint(0, 1):
  1174. anyonecanpay = SIGHASH_ANYONECANPAY
  1175. hashtype = random.randint(1, 3) | anyonecanpay
  1176. sign_P2PK_witness_input(witness_program, tx, i, hashtype, temp_utxos[i].nValue, key)
  1177. if (hashtype == SIGHASH_SINGLE and i >= num_outputs):
  1178. used_sighash_single_out_of_bounds = True
  1179. tx.rehash()
  1180. for i in range(num_outputs):
  1181. temp_utxos.append(UTXO(tx.sha256, i, split_value))
  1182. temp_utxos = temp_utxos[num_inputs:]
  1183. block.vtx.append(tx)
  1184. # Test the block periodically, if we're close to maxblocksize
  1185. if (get_virtual_size(block) > MAX_BLOCK_BASE_SIZE - 1000):
  1186. self.update_witness_block_with_transactions(block, [])
  1187. self.test_node.test_witness_block(block, accepted=True)
  1188. block = self.build_next_block()
  1189. if (not used_sighash_single_out_of_bounds):
  1190. self.log.info("WARNING: this test run didn't attempt SIGHASH_SINGLE with out-of-bounds index value")
  1191. # Test the transactions we've added to the block
  1192. if (len(block.vtx) > 1):
  1193. self.update_witness_block_with_transactions(block, [])
  1194. self.test_node.test_witness_block(block, accepted=True)
  1195. # Now test witness version 0 P2PKH transactions
  1196. pubkeyhash = hash160(pubkey)
  1197. scriptPKH = CScript([OP_0, pubkeyhash])
  1198. tx = CTransaction()
  1199. tx.vin.append(CTxIn(COutPoint(temp_utxos[0].sha256, temp_utxos[0].n), b""))
  1200. tx.vout.append(CTxOut(temp_utxos[0].nValue, scriptPKH))
  1201. tx.wit.vtxinwit.append(CTxInWitness())
  1202. sign_P2PK_witness_input(witness_program, tx, 0, SIGHASH_ALL, temp_utxos[0].nValue, key)
  1203. tx2 = CTransaction()
  1204. tx2.vin.append(CTxIn(COutPoint(tx.sha256, 0), b""))
  1205. tx2.vout.append(CTxOut(tx.vout[0].nValue, CScript([OP_TRUE])))
  1206. script = GetP2PKHScript(pubkeyhash)
  1207. sig_hash = SegwitVersion1SignatureHash(script, tx2, 0, SIGHASH_ALL, tx.vout[0].nValue)
  1208. signature = key.sign(sig_hash) + b'\x01' # 0x1 is SIGHASH_ALL
  1209. # Check that we can't have a scriptSig
  1210. tx2.vin[0].scriptSig = CScript([signature, pubkey])
  1211. block = self.build_next_block()
  1212. self.update_witness_block_with_transactions(block, [tx, tx2])
  1213. self.test_node.test_witness_block(block, accepted=False)
  1214. # Move the signature to the witness.
  1215. block.vtx.pop()
  1216. tx2.wit.vtxinwit.append(CTxInWitness())
  1217. tx2.wit.vtxinwit[0].scriptWitness.stack = [signature, pubkey]
  1218. tx2.vin[0].scriptSig = b""
  1219. tx2.rehash()
  1220. self.update_witness_block_with_transactions(block, [tx2])
  1221. self.test_node.test_witness_block(block, accepted=True)
  1222. temp_utxos.pop(0)
  1223. # Update self.utxos for later tests. Just spend everything in
  1224. # temp_utxos to a corresponding entry in self.utxos
  1225. tx = CTransaction()
  1226. index = 0
  1227. for i in temp_utxos:
  1228. # Just spend to our usual anyone-can-spend output
  1229. # Use SIGHASH_SINGLE|SIGHASH_ANYONECANPAY so we can build up
  1230. # the signatures as we go.
  1231. tx.vin.append(CTxIn(COutPoint(i.sha256, i.n), b""))
  1232. tx.vout.append(CTxOut(i.nValue, CScript([OP_TRUE])))
  1233. tx.wit.vtxinwit.append(CTxInWitness())
  1234. sign_P2PK_witness_input(witness_program, tx, index, SIGHASH_SINGLE|SIGHASH_ANYONECANPAY, i.nValue, key)
  1235. index += 1
  1236. block = self.build_next_block()
  1237. self.update_witness_block_with_transactions(block, [tx])
  1238. self.test_node.test_witness_block(block, accepted=True)
  1239. for i in range(len(tx.vout)):
  1240. self.utxo.append(UTXO(tx.sha256, i, tx.vout[i].nValue))
  1241. # Test P2SH wrapped witness programs.
  1242. def test_p2sh_witness(self, segwit_activated):
  1243. self.log.info("Testing P2SH witness transactions")
  1244. assert(len(self.utxo))
  1245. # Prepare the p2sh-wrapped witness output
  1246. witness_program = CScript([OP_DROP, OP_TRUE])
  1247. witness_hash = sha256(witness_program)
  1248. p2wsh_pubkey = CScript([OP_0, witness_hash])
  1249. p2sh_witness_hash = hash160(p2wsh_pubkey)
  1250. scriptPubKey = CScript([OP_HASH160, p2sh_witness_hash, OP_EQUAL])
  1251. scriptSig = CScript([p2wsh_pubkey]) # a push of the redeem script
  1252. # Fund the P2SH output
  1253. tx = CTransaction()
  1254. tx.vin.append(CTxIn(COutPoint(self.utxo[0].sha256, self.utxo[0].n), b""))
  1255. tx.vout.append(CTxOut(self.utxo[0].nValue-1000, scriptPubKey))
  1256. tx.rehash()
  1257. # Verify mempool acceptance and block validity
  1258. self.test_node.test_transaction_acceptance(tx, with_witness=False, accepted=True)
  1259. block = self.build_next_block()
  1260. self.update_witness_block_with_transactions(block, [tx])
  1261. self.test_node.test_witness_block(block, accepted=True, with_witness=segwit_activated)
  1262. sync_blocks(self.nodes)
  1263. # Now test attempts to spend the output.
  1264. spend_tx = CTransaction()
  1265. spend_tx.vin.append(CTxIn(COutPoint(tx.sha256, 0), scriptSig))
  1266. spend_tx.vout.append(CTxOut(tx.vout[0].nValue-1000, CScript([OP_TRUE])))
  1267. spend_tx.rehash()
  1268. # This transaction should not be accepted into the mempool pre- or
  1269. # post-segwit. Mempool acceptance will use SCRIPT_VERIFY_WITNESS which
  1270. # will require a witness to spend a witness program regardless of
  1271. # segwit activation. Note that older bitcoind's that are not
  1272. # segwit-aware would also reject this for failing CLEANSTACK.
  1273. self.test_node.test_transaction_acceptance(spend_tx, with_witness=False, accepted=False)
  1274. # Try to put the witness script in the scriptSig, should also fail.
  1275. spend_tx.vin[0].scriptSig = CScript([p2wsh_pubkey, b'a'])
  1276. spend_tx.rehash()
  1277. self.test_node.test_transaction_acceptance(spend_tx, with_witness=False, accepted=False)
  1278. # Now put the witness script in the witness, should succeed after
  1279. # segwit activates.
  1280. spend_tx.vin[0].scriptSig = scriptSig
  1281. spend_tx.rehash()
  1282. spend_tx.wit.vtxinwit.append(CTxInWitness())
  1283. spend_tx.wit.vtxinwit[0].scriptWitness.stack = [ b'a', witness_program ]
  1284. # Verify mempool acceptance
  1285. self.test_node.test_transaction_acceptance(spend_tx, with_witness=True, accepted=segwit_activated)
  1286. block = self.build_next_block()
  1287. self.update_witness_block_with_transactions(block, [spend_tx])
  1288. # If we're before activation, then sending this without witnesses
  1289. # should be valid. If we're after activation, then sending this with
  1290. # witnesses should be valid.
  1291. if segwit_activated:
  1292. self.test_node.test_witness_block(block, accepted=True)
  1293. else:
  1294. self.test_node.test_witness_block(block, accepted=True, with_witness=False)
  1295. # Update self.utxo
  1296. self.utxo.pop(0)
  1297. self.utxo.append(UTXO(spend_tx.sha256, 0, spend_tx.vout[0].nValue))
  1298. # Test the behavior of starting up a segwit-aware node after the softfork
  1299. # has activated. As segwit requires different block data than pre-segwit
  1300. # nodes would have stored, this requires special handling.
  1301. # To enable this test, pass --oldbinary=<path-to-pre-segwit-bitcoind> to
  1302. # the test.
  1303. def test_upgrade_after_activation(self, node, node_id):
  1304. self.log.info("Testing software upgrade after softfork activation")
  1305. assert(node_id != 0) # node0 is assumed to be a segwit-active bitcoind
  1306. # Make sure the nodes are all up
  1307. sync_blocks(self.nodes)
  1308. # Restart with the new binary
  1309. stop_node(node, node_id)
  1310. self.nodes[node_id] = start_node(node_id, self.options.tmpdir)
  1311. connect_nodes(self.nodes[0], node_id)
  1312. sync_blocks(self.nodes)
  1313. # Make sure that this peer thinks segwit has activated.
  1314. assert(get_bip9_status(node, 'segwit')['status'] == "active")
  1315. # Make sure this peers blocks match those of node0.
  1316. height = node.getblockcount()
  1317. while height >= 0:
  1318. block_hash = node.getblockhash(height)
  1319. assert_equal(block_hash, self.nodes[0].getblockhash(height))
  1320. assert_equal(self.nodes[0].getblock(block_hash), node.getblock(block_hash))
  1321. height -= 1
  1322. def test_witness_sigops(self):
  1323. '''Ensure sigop counting is correct inside witnesses.'''
  1324. self.log.info("Testing sigops limit")
  1325. assert(len(self.utxo))
  1326. # Keep this under MAX_OPS_PER_SCRIPT (201)
  1327. witness_program = CScript([OP_TRUE, OP_IF, OP_TRUE, OP_ELSE] + [OP_CHECKMULTISIG]*5 + [OP_CHECKSIG]*193 + [OP_ENDIF])
  1328. witness_hash = sha256(witness_program)
  1329. scriptPubKey = CScript([OP_0, witness_hash])
  1330. sigops_per_script = 20*5 + 193*1
  1331. # We'll produce 2 extra outputs, one with a program that would take us
  1332. # over max sig ops, and one with a program that would exactly reach max
  1333. # sig ops
  1334. outputs = (MAX_SIGOP_COST // sigops_per_script) + 2
  1335. extra_sigops_available = MAX_SIGOP_COST % sigops_per_script
  1336. # We chose the number of checkmultisigs/checksigs to make this work:
  1337. assert(extra_sigops_available < 100) # steer clear of MAX_OPS_PER_SCRIPT
  1338. # This script, when spent with the first
  1339. # N(=MAX_SIGOP_COST//sigops_per_script) outputs of our transaction,
  1340. # would push us just over the block sigop limit.
  1341. witness_program_toomany = CScript([OP_TRUE, OP_IF, OP_TRUE, OP_ELSE] + [OP_CHECKSIG]*(extra_sigops_available + 1) + [OP_ENDIF])
  1342. witness_hash_toomany = sha256(witness_program_toomany)
  1343. scriptPubKey_toomany = CScript([OP_0, witness_hash_toomany])
  1344. # If we spend this script instead, we would exactly reach our sigop
  1345. # limit (for witness sigops).
  1346. witness_program_justright = CScript([OP_TRUE, OP_IF, OP_TRUE, OP_ELSE] + [OP_CHECKSIG]*(extra_sigops_available) + [OP_ENDIF])
  1347. witness_hash_justright = sha256(witness_program_justright)
  1348. scriptPubKey_justright = CScript([OP_0, witness_hash_justright])
  1349. # First split our available utxo into a bunch of outputs
  1350. split_value = self.utxo[0].nValue // outputs
  1351. tx = CTransaction()
  1352. tx.vin.append(CTxIn(COutPoint(self.utxo[0].sha256, self.utxo[0].n), b""))
  1353. for i in range(outputs):
  1354. tx.vout.append(CTxOut(split_value, scriptPubKey))
  1355. tx.vout[-2].scriptPubKey = scriptPubKey_toomany
  1356. tx.vout[-1].scriptPubKey = scriptPubKey_justright
  1357. tx.rehash()
  1358. block_1 = self.build_next_block()
  1359. self.update_witness_block_with_transactions(block_1, [tx])
  1360. self.test_node.test_witness_block(block_1, accepted=True)
  1361. tx2 = CTransaction()
  1362. # If we try to spend the first n-1 outputs from tx, that should be
  1363. # too many sigops.
  1364. total_value = 0
  1365. for i in range(outputs-1):
  1366. tx2.vin.append(CTxIn(COutPoint(tx.sha256, i), b""))
  1367. tx2.wit.vtxinwit.append(CTxInWitness())
  1368. tx2.wit.vtxinwit[-1].scriptWitness.stack = [ witness_program ]
  1369. total_value += tx.vout[i].nValue
  1370. tx2.wit.vtxinwit[-1].scriptWitness.stack = [ witness_program_toomany ]
  1371. tx2.vout.append(CTxOut(total_value, CScript([OP_TRUE])))
  1372. tx2.rehash()
  1373. block_2 = self.build_next_block()
  1374. self.update_witness_block_with_transactions(block_2, [tx2])
  1375. self.test_node.test_witness_block(block_2, accepted=False)
  1376. # Try dropping the last input in tx2, and add an output that has
  1377. # too many sigops (contributing to legacy sigop count).
  1378. checksig_count = (extra_sigops_available // 4) + 1
  1379. scriptPubKey_checksigs = CScript([OP_CHECKSIG]*checksig_count)
  1380. tx2.vout.append(CTxOut(0, scriptPubKey_checksigs))
  1381. tx2.vin.pop()
  1382. tx2.wit.vtxinwit.pop()
  1383. tx2.vout[0].nValue -= tx.vout[-2].nValue
  1384. tx2.rehash()
  1385. block_3 = self.build_next_block()
  1386. self.update_witness_block_with_transactions(block_3, [tx2])
  1387. self.test_node.test_witness_block(block_3, accepted=False)
  1388. # If we drop the last checksig in this output, the tx should succeed.
  1389. block_4 = self.build_next_block()
  1390. tx2.vout[-1].scriptPubKey = CScript([OP_CHECKSIG]*(checksig_count-1))
  1391. tx2.rehash()
  1392. self.update_witness_block_with_transactions(block_4, [tx2])
  1393. self.test_node.test_witness_block(block_4, accepted=True)
  1394. # Reset the tip back down for the next test
  1395. sync_blocks(self.nodes)
  1396. for x in self.nodes:
  1397. x.invalidateblock(block_4.hash)
  1398. # Try replacing the last input of tx2 to be spending the last
  1399. # output of tx
  1400. block_5 = self.build_next_block()
  1401. tx2.vout.pop()
  1402. tx2.vin.append(CTxIn(COutPoint(tx.sha256, outputs-1), b""))
  1403. tx2.wit.vtxinwit.append(CTxInWitness())
  1404. tx2.wit.vtxinwit[-1].scriptWitness.stack = [ witness_program_justright ]
  1405. tx2.rehash()
  1406. self.update_witness_block_with_transactions(block_5, [tx2])
  1407. self.test_node.test_witness_block(block_5, accepted=True)
  1408. # TODO: test p2sh sigop counting
  1409. def test_getblocktemplate_before_lockin(self):
  1410. self.log.info("Testing getblocktemplate setting of segwit versionbit (before lockin)")
  1411. # Node0 is segwit aware, node2 is not.
  1412. for node in [self.nodes[0], self.nodes[2]]:
  1413. gbt_results = node.getblocktemplate()
  1414. block_version = gbt_results['version']
  1415. # If we're not indicating segwit support, we will still be
  1416. # signalling for segwit activation.
  1417. assert_equal((block_version & (1 << VB_WITNESS_BIT) != 0), node == self.nodes[0])
  1418. # If we don't specify the segwit rule, then we won't get a default
  1419. # commitment.
  1420. assert('default_witness_commitment' not in gbt_results)
  1421. # Workaround:
  1422. # Can either change the tip, or change the mempool and wait 5 seconds
  1423. # to trigger a recomputation of getblocktemplate.
  1424. txid = int(self.nodes[0].sendtoaddress(self.nodes[0].getnewaddress(), 1), 16)
  1425. # Using mocktime lets us avoid sleep()
  1426. sync_mempools(self.nodes)
  1427. self.nodes[0].setmocktime(int(time.time())+10)
  1428. self.nodes[2].setmocktime(int(time.time())+10)
  1429. for node in [self.nodes[0], self.nodes[2]]:
  1430. gbt_results = node.getblocktemplate({"rules" : ["segwit"]})
  1431. block_version = gbt_results['version']
  1432. if node == self.nodes[2]:
  1433. # If this is a non-segwit node, we should still not get a witness
  1434. # commitment, nor a version bit signalling segwit.
  1435. assert_equal(block_version & (1 << VB_WITNESS_BIT), 0)
  1436. assert('default_witness_commitment' not in gbt_results)
  1437. else:
  1438. # For segwit-aware nodes, check the version bit and the witness
  1439. # commitment are correct.
  1440. assert(block_version & (1 << VB_WITNESS_BIT) != 0)
  1441. assert('default_witness_commitment' in gbt_results)
  1442. witness_commitment = gbt_results['default_witness_commitment']
  1443. # TODO: this duplicates some code from blocktools.py, would be nice
  1444. # to refactor.
  1445. # Check that default_witness_commitment is present.
  1446. block = CBlock()
  1447. witness_root = block.get_merkle_root([ser_uint256(0), ser_uint256(txid)])
  1448. check_commitment = uint256_from_str(hash256(ser_uint256(witness_root)+ser_uint256(0)))
  1449. from test_framework.blocktools import WITNESS_COMMITMENT_HEADER
  1450. output_data = WITNESS_COMMITMENT_HEADER + ser_uint256(check_commitment)
  1451. script = CScript([OP_RETURN, output_data])
  1452. assert_equal(witness_commitment, bytes_to_hex_str(script))
  1453. # undo mocktime
  1454. self.nodes[0].setmocktime(0)
  1455. self.nodes[2].setmocktime(0)
  1456. # Uncompressed pubkeys are no longer supported in default relay policy,
  1457. # but (for now) are still valid in blocks.
  1458. def test_uncompressed_pubkey(self):
  1459. self.log.info("Testing uncompressed pubkeys")
  1460. # Segwit transactions using uncompressed pubkeys are not accepted
  1461. # under default policy, but should still pass consensus.
  1462. key = CECKey()
  1463. key.set_secretbytes(b"9")
  1464. key.set_compressed(False)
  1465. pubkey = CPubKey(key.get_pubkey())
  1466. assert_equal(len(pubkey), 65) # This should be an uncompressed pubkey
  1467. assert(len(self.utxo) > 0)
  1468. utxo = self.utxo.pop(0)
  1469. # Test 1: P2WPKH
  1470. # First create a P2WPKH output that uses an uncompressed pubkey
  1471. pubkeyhash = hash160(pubkey)
  1472. scriptPKH = CScript([OP_0, pubkeyhash])
  1473. tx = CTransaction()
  1474. tx.vin.append(CTxIn(COutPoint(utxo.sha256, utxo.n), b""))
  1475. tx.vout.append(CTxOut(utxo.nValue-1000, scriptPKH))
  1476. tx.rehash()
  1477. # Confirm it in a block.
  1478. block = self.build_next_block()
  1479. self.update_witness_block_with_transactions(block, [tx])
  1480. self.test_node.test_witness_block(block, accepted=True)
  1481. # Now try to spend it. Send it to a P2WSH output, which we'll
  1482. # use in the next test.
  1483. witness_program = CScript([pubkey, CScriptOp(OP_CHECKSIG)])
  1484. witness_hash = sha256(witness_program)
  1485. scriptWSH = CScript([OP_0, witness_hash])
  1486. tx2 = CTransaction()
  1487. tx2.vin.append(CTxIn(COutPoint(tx.sha256, 0), b""))
  1488. tx2.vout.append(CTxOut(tx.vout[0].nValue-1000, scriptWSH))
  1489. script = GetP2PKHScript(pubkeyhash)
  1490. sig_hash = SegwitVersion1SignatureHash(script, tx2, 0, SIGHASH_ALL, tx.vout[0].nValue)
  1491. signature = key.sign(sig_hash) + b'\x01' # 0x1 is SIGHASH_ALL
  1492. tx2.wit.vtxinwit.append(CTxInWitness())
  1493. tx2.wit.vtxinwit[0].scriptWitness.stack = [ signature, pubkey ]
  1494. tx2.rehash()
  1495. # Should fail policy test.
  1496. self.test_node.test_transaction_acceptance(tx2, True, False, b'non-mandatory-script-verify-flag (Using non-compressed keys in segwit)')
  1497. # But passes consensus.
  1498. block = self.build_next_block()
  1499. self.update_witness_block_with_transactions(block, [tx2])
  1500. self.test_node.test_witness_block(block, accepted=True)
  1501. # Test 2: P2WSH
  1502. # Try to spend the P2WSH output created in last test.
  1503. # Send it to a P2SH(P2WSH) output, which we'll use in the next test.
  1504. p2sh_witness_hash = hash160(scriptWSH)
  1505. scriptP2SH = CScript([OP_HASH160, p2sh_witness_hash, OP_EQUAL])
  1506. scriptSig = CScript([scriptWSH])
  1507. tx3 = CTransaction()
  1508. tx3.vin.append(CTxIn(COutPoint(tx2.sha256, 0), b""))
  1509. tx3.vout.append(CTxOut(tx2.vout[0].nValue-1000, scriptP2SH))
  1510. tx3.wit.vtxinwit.append(CTxInWitness())
  1511. sign_P2PK_witness_input(witness_program, tx3, 0, SIGHASH_ALL, tx2.vout[0].nValue, key)
  1512. # Should fail policy test.
  1513. self.test_node.test_transaction_acceptance(tx3, True, False, b'non-mandatory-script-verify-flag (Using non-compressed keys in segwit)')
  1514. # But passes consensus.
  1515. block = self.build_next_block()
  1516. self.update_witness_block_with_transactions(block, [tx3])
  1517. self.test_node.test_witness_block(block, accepted=True)
  1518. # Test 3: P2SH(P2WSH)
  1519. # Try to spend the P2SH output created in the last test.
  1520. # Send it to a P2PKH output, which we'll use in the next test.
  1521. scriptPubKey = GetP2PKHScript(pubkeyhash)
  1522. tx4 = CTransaction()
  1523. tx4.vin.append(CTxIn(COutPoint(tx3.sha256, 0), scriptSig))
  1524. tx4.vout.append(CTxOut(tx3.vout[0].nValue-1000, scriptPubKey))
  1525. tx4.wit.vtxinwit.append(CTxInWitness())
  1526. sign_P2PK_witness_input(witness_program, tx4, 0, SIGHASH_ALL, tx3.vout[0].nValue, key)
  1527. # Should fail policy test.
  1528. self.test_node.test_transaction_acceptance(tx4, True, False, b'non-mandatory-script-verify-flag (Using non-compressed keys in segwit)')
  1529. block = self.build_next_block()
  1530. self.update_witness_block_with_transactions(block, [tx4])
  1531. self.test_node.test_witness_block(block, accepted=True)
  1532. # Test 4: Uncompressed pubkeys should still be valid in non-segwit
  1533. # transactions.
  1534. tx5 = CTransaction()
  1535. tx5.vin.append(CTxIn(COutPoint(tx4.sha256, 0), b""))
  1536. tx5.vout.append(CTxOut(tx4.vout[0].nValue-1000, CScript([OP_TRUE])))
  1537. (sig_hash, err) = SignatureHash(scriptPubKey, tx5, 0, SIGHASH_ALL)
  1538. signature = key.sign(sig_hash) + b'\x01' # 0x1 is SIGHASH_ALL
  1539. tx5.vin[0].scriptSig = CScript([signature, pubkey])
  1540. tx5.rehash()
  1541. # Should pass policy and consensus.
  1542. self.test_node.test_transaction_acceptance(tx5, True, True)
  1543. block = self.build_next_block()
  1544. self.update_witness_block_with_transactions(block, [tx5])
  1545. self.test_node.test_witness_block(block, accepted=True)
  1546. self.utxo.append(UTXO(tx5.sha256, 0, tx5.vout[0].nValue))
  1547. def test_non_standard_witness(self):
  1548. self.log.info("Testing detection of non-standard P2WSH witness")
  1549. pad = chr(1).encode('latin-1')
  1550. # Create scripts for tests
  1551. scripts = []
  1552. scripts.append(CScript([OP_DROP] * 100))
  1553. scripts.append(CScript([OP_DROP] * 99))
  1554. scripts.append(CScript([pad * 59] * 59 + [OP_DROP] * 60))
  1555. scripts.append(CScript([pad * 59] * 59 + [OP_DROP] * 61))
  1556. p2wsh_scripts = []
  1557. assert(len(self.utxo))
  1558. tx = CTransaction()
  1559. tx.vin.append(CTxIn(COutPoint(self.utxo[0].sha256, self.utxo[0].n), b""))
  1560. # For each script, generate a pair of P2WSH and P2SH-P2WSH output.
  1561. outputvalue = (self.utxo[0].nValue - 1000) // (len(scripts) * 2)
  1562. for i in scripts:
  1563. p2wsh = CScript([OP_0, sha256(i)])
  1564. p2sh = hash160(p2wsh)
  1565. p2wsh_scripts.append(p2wsh)
  1566. tx.vout.append(CTxOut(outputvalue, p2wsh))
  1567. tx.vout.append(CTxOut(outputvalue, CScript([OP_HASH160, p2sh, OP_EQUAL])))
  1568. tx.rehash()
  1569. txid = tx.sha256
  1570. self.test_node.test_transaction_acceptance(tx, with_witness=False, accepted=True)
  1571. self.nodes[0].generate(1)
  1572. sync_blocks(self.nodes)
  1573. # Creating transactions for tests
  1574. p2wsh_txs = []
  1575. p2sh_txs = []
  1576. for i in range(len(scripts)):
  1577. p2wsh_tx = CTransaction()
  1578. p2wsh_tx.vin.append(CTxIn(COutPoint(txid,i*2)))
  1579. p2wsh_tx.vout.append(CTxOut(outputvalue - 5000, CScript([OP_0, hash160(hex_str_to_bytes(""))])))
  1580. p2wsh_tx.wit.vtxinwit.append(CTxInWitness())
  1581. p2wsh_tx.rehash()
  1582. p2wsh_txs.append(p2wsh_tx)
  1583. p2sh_tx = CTransaction()
  1584. p2sh_tx.vin.append(CTxIn(COutPoint(txid,i*2+1), CScript([p2wsh_scripts[i]])))
  1585. p2sh_tx.vout.append(CTxOut(outputvalue - 5000, CScript([OP_0, hash160(hex_str_to_bytes(""))])))
  1586. p2sh_tx.wit.vtxinwit.append(CTxInWitness())
  1587. p2sh_tx.rehash()
  1588. p2sh_txs.append(p2sh_tx)
  1589. # Testing native P2WSH
  1590. # Witness stack size, excluding witnessScript, over 100 is non-standard
  1591. p2wsh_txs[0].wit.vtxinwit[0].scriptWitness.stack = [pad] * 101 + [scripts[0]]
  1592. self.std_node.test_transaction_acceptance(p2wsh_txs[0], True, False, b'bad-witness-nonstandard')
  1593. # Non-standard nodes should accept
  1594. self.test_node.test_transaction_acceptance(p2wsh_txs[0], True, True)
  1595. # Stack element size over 80 bytes is non-standard
  1596. p2wsh_txs[1].wit.vtxinwit[0].scriptWitness.stack = [pad * 81] * 100 + [scripts[1]]
  1597. self.std_node.test_transaction_acceptance(p2wsh_txs[1], True, False, b'bad-witness-nonstandard')
  1598. # Non-standard nodes should accept
  1599. self.test_node.test_transaction_acceptance(p2wsh_txs[1], True, True)
  1600. # Standard nodes should accept if element size is not over 80 bytes
  1601. p2wsh_txs[1].wit.vtxinwit[0].scriptWitness.stack = [pad * 80] * 100 + [scripts[1]]
  1602. self.std_node.test_transaction_acceptance(p2wsh_txs[1], True, True)
  1603. # witnessScript size at 3600 bytes is standard
  1604. p2wsh_txs[2].wit.vtxinwit[0].scriptWitness.stack = [pad, pad, scripts[2]]
  1605. self.test_node.test_transaction_acceptance(p2wsh_txs[2], True, True)
  1606. self.std_node.test_transaction_acceptance(p2wsh_txs[2], True, True)
  1607. # witnessScript size at 3601 bytes is non-standard
  1608. p2wsh_txs[3].wit.vtxinwit[0].scriptWitness.stack = [pad, pad, pad, scripts[3]]
  1609. self.std_node.test_transaction_acceptance(p2wsh_txs[3], True, False, b'bad-witness-nonstandard')
  1610. # Non-standard nodes should accept
  1611. self.test_node.test_transaction_acceptance(p2wsh_txs[3], True, True)
  1612. # Repeating the same tests with P2SH-P2WSH
  1613. p2sh_txs[0].wit.vtxinwit[0].scriptWitness.stack = [pad] * 101 + [scripts[0]]
  1614. self.std_node.test_transaction_acceptance(p2sh_txs[0], True, False, b'bad-witness-nonstandard')
  1615. self.test_node.test_transaction_acceptance(p2sh_txs[0], True, True)
  1616. p2sh_txs[1].wit.vtxinwit[0].scriptWitness.stack = [pad * 81] * 100 + [scripts[1]]
  1617. self.std_node.test_transaction_acceptance(p2sh_txs[1], True, False, b'bad-witness-nonstandard')
  1618. self.test_node.test_transaction_acceptance(p2sh_txs[1], True, True)
  1619. p2sh_txs[1].wit.vtxinwit[0].scriptWitness.stack = [pad * 80] * 100 + [scripts[1]]
  1620. self.std_node.test_transaction_acceptance(p2sh_txs[1], True, True)
  1621. p2sh_txs[2].wit.vtxinwit[0].scriptWitness.stack = [pad, pad, scripts[2]]
  1622. self.test_node.test_transaction_acceptance(p2sh_txs[2], True, True)
  1623. self.std_node.test_transaction_acceptance(p2sh_txs[2], True, True)
  1624. p2sh_txs[3].wit.vtxinwit[0].scriptWitness.stack = [pad, pad, pad, scripts[3]]
  1625. self.std_node.test_transaction_acceptance(p2sh_txs[3], True, False, b'bad-witness-nonstandard')
  1626. self.test_node.test_transaction_acceptance(p2sh_txs[3], True, True)
  1627. self.nodes[0].generate(1) # Mine and clean up the mempool of non-standard node
  1628. # Valid but non-standard transactions in a block should be accepted by standard node
  1629. sync_blocks(self.nodes)
  1630. assert_equal(len(self.nodes[0].getrawmempool()), 0)
  1631. assert_equal(len(self.nodes[1].getrawmempool()), 0)
  1632. self.utxo.pop(0)
  1633. def run_test(self):
  1634. # Setup the p2p connections and start up the network thread.
  1635. self.test_node = TestNode() # sets NODE_WITNESS|NODE_NETWORK
  1636. self.old_node = TestNode() # only NODE_NETWORK
  1637. self.std_node = TestNode() # for testing node1 (fRequireStandard=true)
  1638. self.p2p_connections = [self.test_node, self.old_node]
  1639. self.connections = []
  1640. self.connections.append(NodeConn('127.0.0.1', p2p_port(0), self.nodes[0], self.test_node, services=NODE_NETWORK|NODE_WITNESS))
  1641. self.connections.append(NodeConn('127.0.0.1', p2p_port(0), self.nodes[0], self.old_node, services=NODE_NETWORK))
  1642. self.connections.append(NodeConn('127.0.0.1', p2p_port(1), self.nodes[1], self.std_node, services=NODE_NETWORK|NODE_WITNESS))
  1643. self.test_node.add_connection(self.connections[0])
  1644. self.old_node.add_connection(self.connections[1])
  1645. self.std_node.add_connection(self.connections[2])
  1646. NetworkThread().start() # Start up network handling in another thread
  1647. # Keep a place to store utxo's that can be used in later tests
  1648. self.utxo = []
  1649. # Test logic begins here
  1650. self.test_node.wait_for_verack()
  1651. self.log.info("Starting tests before segwit lock in:")
  1652. self.test_witness_services() # Verifies NODE_WITNESS
  1653. self.test_non_witness_transaction() # non-witness tx's are accepted
  1654. self.test_unnecessary_witness_before_segwit_activation()
  1655. self.test_block_relay(segwit_activated=False)
  1656. # Advance to segwit being 'started'
  1657. self.advance_to_segwit_started()
  1658. sync_blocks(self.nodes)
  1659. self.test_getblocktemplate_before_lockin()
  1660. sync_blocks(self.nodes)
  1661. # At lockin, nothing should change.
  1662. self.log.info("Testing behavior post lockin, pre-activation")
  1663. self.advance_to_segwit_lockin()
  1664. # Retest unnecessary witnesses
  1665. self.test_unnecessary_witness_before_segwit_activation()
  1666. self.test_witness_tx_relay_before_segwit_activation()
  1667. self.test_block_relay(segwit_activated=False)
  1668. self.test_p2sh_witness(segwit_activated=False)
  1669. self.test_standardness_v0(segwit_activated=False)
  1670. sync_blocks(self.nodes)
  1671. # Now activate segwit
  1672. self.log.info("Testing behavior after segwit activation")
  1673. self.advance_to_segwit_active()
  1674. sync_blocks(self.nodes)
  1675. # Test P2SH witness handling again
  1676. self.test_p2sh_witness(segwit_activated=True)
  1677. self.test_witness_commitments()
  1678. self.test_block_malleability()
  1679. self.test_witness_block_size()
  1680. self.test_submit_block()
  1681. self.test_extra_witness_data()
  1682. self.test_max_witness_push_length()
  1683. self.test_max_witness_program_length()
  1684. self.test_witness_input_length()
  1685. self.test_block_relay(segwit_activated=True)
  1686. self.test_tx_relay_after_segwit_activation()
  1687. self.test_standardness_v0(segwit_activated=True)
  1688. self.test_segwit_versions()
  1689. self.test_premature_coinbase_witness_spend()
  1690. self.test_uncompressed_pubkey()
  1691. self.test_signature_version_1()
  1692. self.test_non_standard_witness()
  1693. sync_blocks(self.nodes)
  1694. self.test_upgrade_after_activation(self.nodes[2], 2)
  1695. self.test_witness_sigops()
  1696. if __name__ == '__main__':
  1697. SegWitTest().main()