Du kan inte välja fler än 25 ämnen Ämnen måste starta med en bokstav eller siffra, kan innehålla bindestreck ('-') och vara max 35 tecken långa.

script_tests.cpp 50KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988
  1. // Copyright (c) 2011-2014 The Bitcoin Core developers
  2. // Distributed under the MIT software license, see the accompanying
  3. // file COPYING or http://www.opensource.org/licenses/mit-license.php.
  4. #include "data/script_invalid.json.h"
  5. #include "data/script_valid.json.h"
  6. #include "core_io.h"
  7. #include "key.h"
  8. #include "keystore.h"
  9. #include "main.h"
  10. #include "script/script.h"
  11. #include "script/script_error.h"
  12. #include "script/sign.h"
  13. #include "util.h"
  14. #include "test/test_bitcoin.h"
  15. #if defined(HAVE_CONSENSUS_LIB)
  16. #include "script/bitcoinconsensus.h"
  17. #endif
  18. #include <fstream>
  19. #include <stdint.h>
  20. #include <string>
  21. #include <vector>
  22. #include <boost/foreach.hpp>
  23. #include <boost/test/unit_test.hpp>
  24. #include "json/json_spirit_reader_template.h"
  25. #include "json/json_spirit_utils.h"
  26. #include "json/json_spirit_writer_template.h"
  27. using namespace std;
  28. using namespace json_spirit;
  29. // Uncomment if you want to output updated JSON tests.
  30. // #define UPDATE_JSON_TESTS
  31. static const unsigned int flags = SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_STRICTENC;
  32. unsigned int ParseScriptFlags(string strFlags);
  33. string FormatScriptFlags(unsigned int flags);
  34. Array
  35. read_json(const std::string& jsondata)
  36. {
  37. Value v;
  38. if (!read_string(jsondata, v) || v.type() != array_type)
  39. {
  40. BOOST_ERROR("Parse error.");
  41. return Array();
  42. }
  43. return v.get_array();
  44. }
  45. BOOST_FIXTURE_TEST_SUITE(script_tests, BasicTestingSetup)
  46. CMutableTransaction BuildCreditingTransaction(const CScript& scriptPubKey)
  47. {
  48. CMutableTransaction txCredit;
  49. txCredit.nVersion = 1;
  50. txCredit.nLockTime = 0;
  51. txCredit.vin.resize(1);
  52. txCredit.vout.resize(1);
  53. txCredit.vin[0].prevout.SetNull();
  54. txCredit.vin[0].scriptSig = CScript() << CScriptNum(0) << CScriptNum(0);
  55. txCredit.vin[0].nSequence = std::numeric_limits<unsigned int>::max();
  56. txCredit.vout[0].scriptPubKey = scriptPubKey;
  57. txCredit.vout[0].nValue = 0;
  58. return txCredit;
  59. }
  60. CMutableTransaction BuildSpendingTransaction(const CScript& scriptSig, const CMutableTransaction& txCredit)
  61. {
  62. CMutableTransaction txSpend;
  63. txSpend.nVersion = 1;
  64. txSpend.nLockTime = 0;
  65. txSpend.vin.resize(1);
  66. txSpend.vout.resize(1);
  67. txSpend.vin[0].prevout.hash = txCredit.GetHash();
  68. txSpend.vin[0].prevout.n = 0;
  69. txSpend.vin[0].scriptSig = scriptSig;
  70. txSpend.vin[0].nSequence = std::numeric_limits<unsigned int>::max();
  71. txSpend.vout[0].scriptPubKey = CScript();
  72. txSpend.vout[0].nValue = 0;
  73. return txSpend;
  74. }
  75. void DoTest(const CScript& scriptPubKey, const CScript& scriptSig, int flags, bool expect, const std::string& message)
  76. {
  77. ScriptError err;
  78. CMutableTransaction tx = BuildSpendingTransaction(scriptSig, BuildCreditingTransaction(scriptPubKey));
  79. CMutableTransaction tx2 = tx;
  80. BOOST_CHECK_MESSAGE(VerifyScript(scriptSig, scriptPubKey, flags, MutableTransactionSignatureChecker(&tx, 0), &err) == expect, message);
  81. BOOST_CHECK_MESSAGE(expect == (err == SCRIPT_ERR_OK), std::string(ScriptErrorString(err)) + ": " + message);
  82. #if defined(HAVE_CONSENSUS_LIB)
  83. CDataStream stream(SER_NETWORK, PROTOCOL_VERSION);
  84. stream << tx2;
  85. BOOST_CHECK_MESSAGE(bitcoinconsensus_verify_script(begin_ptr(scriptPubKey), scriptPubKey.size(), (const unsigned char*)&stream[0], stream.size(), 0, flags, NULL) == expect,message);
  86. #endif
  87. }
  88. void static NegateSignatureS(std::vector<unsigned char>& vchSig) {
  89. // Parse the signature.
  90. std::vector<unsigned char> r, s;
  91. r = std::vector<unsigned char>(vchSig.begin() + 4, vchSig.begin() + 4 + vchSig[3]);
  92. s = std::vector<unsigned char>(vchSig.begin() + 6 + vchSig[3], vchSig.begin() + 6 + vchSig[3] + vchSig[5 + vchSig[3]]);
  93. // Really ugly to implement mod-n negation here, but it would be feature creep to expose such functionality from libsecp256k1.
  94. static const unsigned char order[33] = {
  95. 0x00,
  96. 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
  97. 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE,
  98. 0xBA, 0xAE, 0xDC, 0xE6, 0xAF, 0x48, 0xA0, 0x3B,
  99. 0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41, 0x41
  100. };
  101. while (s.size() < 33) {
  102. s.insert(s.begin(), 0x00);
  103. }
  104. int carry = 0;
  105. for (int p = 32; p >= 1; p--) {
  106. int n = (int)order[p] - s[p] - carry;
  107. s[p] = (n + 256) & 0xFF;
  108. carry = (n < 0);
  109. }
  110. assert(carry == 0);
  111. if (s.size() > 1 && s[0] == 0 && s[1] < 0x80) {
  112. s.erase(s.begin());
  113. }
  114. // Reconstruct the signature.
  115. vchSig.clear();
  116. vchSig.push_back(0x30);
  117. vchSig.push_back(4 + r.size() + s.size());
  118. vchSig.push_back(0x02);
  119. vchSig.push_back(r.size());
  120. vchSig.insert(vchSig.end(), r.begin(), r.end());
  121. vchSig.push_back(0x02);
  122. vchSig.push_back(s.size());
  123. vchSig.insert(vchSig.end(), s.begin(), s.end());
  124. }
  125. namespace
  126. {
  127. const unsigned char vchKey0[32] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1};
  128. const unsigned char vchKey1[32] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0};
  129. const unsigned char vchKey2[32] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0};
  130. struct KeyData
  131. {
  132. CKey key0, key0C, key1, key1C, key2, key2C;
  133. CPubKey pubkey0, pubkey0C, pubkey0H;
  134. CPubKey pubkey1, pubkey1C;
  135. CPubKey pubkey2, pubkey2C;
  136. KeyData()
  137. {
  138. key0.Set(vchKey0, vchKey0 + 32, false);
  139. key0C.Set(vchKey0, vchKey0 + 32, true);
  140. pubkey0 = key0.GetPubKey();
  141. pubkey0H = key0.GetPubKey();
  142. pubkey0C = key0C.GetPubKey();
  143. *const_cast<unsigned char*>(&pubkey0H[0]) = 0x06 | (pubkey0H[64] & 1);
  144. key1.Set(vchKey1, vchKey1 + 32, false);
  145. key1C.Set(vchKey1, vchKey1 + 32, true);
  146. pubkey1 = key1.GetPubKey();
  147. pubkey1C = key1C.GetPubKey();
  148. key2.Set(vchKey2, vchKey2 + 32, false);
  149. key2C.Set(vchKey2, vchKey2 + 32, true);
  150. pubkey2 = key2.GetPubKey();
  151. pubkey2C = key2C.GetPubKey();
  152. }
  153. };
  154. class TestBuilder
  155. {
  156. private:
  157. CScript scriptPubKey;
  158. CTransaction creditTx;
  159. CMutableTransaction spendTx;
  160. bool havePush;
  161. std::vector<unsigned char> push;
  162. std::string comment;
  163. int flags;
  164. void DoPush()
  165. {
  166. if (havePush) {
  167. spendTx.vin[0].scriptSig << push;
  168. havePush = false;
  169. }
  170. }
  171. void DoPush(const std::vector<unsigned char>& data)
  172. {
  173. DoPush();
  174. push = data;
  175. havePush = true;
  176. }
  177. public:
  178. TestBuilder(const CScript& redeemScript, const std::string& comment_, int flags_, bool P2SH = false) : scriptPubKey(redeemScript), havePush(false), comment(comment_), flags(flags_)
  179. {
  180. if (P2SH) {
  181. creditTx = BuildCreditingTransaction(CScript() << OP_HASH160 << ToByteVector(CScriptID(redeemScript)) << OP_EQUAL);
  182. } else {
  183. creditTx = BuildCreditingTransaction(redeemScript);
  184. }
  185. spendTx = BuildSpendingTransaction(CScript(), creditTx);
  186. }
  187. TestBuilder& Add(const CScript& script)
  188. {
  189. DoPush();
  190. spendTx.vin[0].scriptSig += script;
  191. return *this;
  192. }
  193. TestBuilder& Num(int num)
  194. {
  195. DoPush();
  196. spendTx.vin[0].scriptSig << num;
  197. return *this;
  198. }
  199. TestBuilder& Push(const std::string& hex)
  200. {
  201. DoPush(ParseHex(hex));
  202. return *this;
  203. }
  204. TestBuilder& PushSig(const CKey& key, int nHashType = SIGHASH_ALL, unsigned int lenR = 32, unsigned int lenS = 32)
  205. {
  206. uint256 hash = SignatureHash(scriptPubKey, spendTx, 0, nHashType);
  207. std::vector<unsigned char> vchSig, r, s;
  208. uint32_t iter = 0;
  209. do {
  210. key.Sign(hash, vchSig, iter++);
  211. if ((lenS == 33) != (vchSig[5 + vchSig[3]] == 33)) {
  212. NegateSignatureS(vchSig);
  213. }
  214. r = std::vector<unsigned char>(vchSig.begin() + 4, vchSig.begin() + 4 + vchSig[3]);
  215. s = std::vector<unsigned char>(vchSig.begin() + 6 + vchSig[3], vchSig.begin() + 6 + vchSig[3] + vchSig[5 + vchSig[3]]);
  216. } while (lenR != r.size() || lenS != s.size());
  217. vchSig.push_back(static_cast<unsigned char>(nHashType));
  218. DoPush(vchSig);
  219. return *this;
  220. }
  221. TestBuilder& Push(const CPubKey& pubkey)
  222. {
  223. DoPush(std::vector<unsigned char>(pubkey.begin(), pubkey.end()));
  224. return *this;
  225. }
  226. TestBuilder& PushRedeem()
  227. {
  228. DoPush(static_cast<std::vector<unsigned char> >(scriptPubKey));
  229. return *this;
  230. }
  231. TestBuilder& EditPush(unsigned int pos, const std::string& hexin, const std::string& hexout)
  232. {
  233. assert(havePush);
  234. std::vector<unsigned char> datain = ParseHex(hexin);
  235. std::vector<unsigned char> dataout = ParseHex(hexout);
  236. assert(pos + datain.size() <= push.size());
  237. BOOST_CHECK_MESSAGE(std::vector<unsigned char>(push.begin() + pos, push.begin() + pos + datain.size()) == datain, comment);
  238. push.erase(push.begin() + pos, push.begin() + pos + datain.size());
  239. push.insert(push.begin() + pos, dataout.begin(), dataout.end());
  240. return *this;
  241. }
  242. TestBuilder& DamagePush(unsigned int pos)
  243. {
  244. assert(havePush);
  245. assert(pos < push.size());
  246. push[pos] ^= 1;
  247. return *this;
  248. }
  249. TestBuilder& Test(bool expect)
  250. {
  251. TestBuilder copy = *this; // Make a copy so we can rollback the push.
  252. DoPush();
  253. DoTest(creditTx.vout[0].scriptPubKey, spendTx.vin[0].scriptSig, flags, expect, comment);
  254. *this = copy;
  255. return *this;
  256. }
  257. Array GetJSON()
  258. {
  259. DoPush();
  260. Array array;
  261. array.push_back(FormatScript(spendTx.vin[0].scriptSig));
  262. array.push_back(FormatScript(creditTx.vout[0].scriptPubKey));
  263. array.push_back(FormatScriptFlags(flags));
  264. array.push_back(comment);
  265. return array;
  266. }
  267. std::string GetComment()
  268. {
  269. return comment;
  270. }
  271. const CScript& GetScriptPubKey()
  272. {
  273. return creditTx.vout[0].scriptPubKey;
  274. }
  275. };
  276. }
  277. BOOST_AUTO_TEST_CASE(script_build)
  278. {
  279. const KeyData keys;
  280. std::vector<TestBuilder> good;
  281. std::vector<TestBuilder> bad;
  282. good.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
  283. "P2PK", 0
  284. ).PushSig(keys.key0));
  285. bad.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
  286. "P2PK, bad sig", 0
  287. ).PushSig(keys.key0).DamagePush(10));
  288. good.push_back(TestBuilder(CScript() << OP_DUP << OP_HASH160 << ToByteVector(keys.pubkey1C.GetID()) << OP_EQUALVERIFY << OP_CHECKSIG,
  289. "P2PKH", 0
  290. ).PushSig(keys.key1).Push(keys.pubkey1C));
  291. bad.push_back(TestBuilder(CScript() << OP_DUP << OP_HASH160 << ToByteVector(keys.pubkey2C.GetID()) << OP_EQUALVERIFY << OP_CHECKSIG,
  292. "P2PKH, bad pubkey", 0
  293. ).PushSig(keys.key2).Push(keys.pubkey2C).DamagePush(5));
  294. good.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG,
  295. "P2PK anyonecanpay", 0
  296. ).PushSig(keys.key1, SIGHASH_ALL | SIGHASH_ANYONECANPAY));
  297. bad.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG,
  298. "P2PK anyonecanpay marked with normal hashtype", 0
  299. ).PushSig(keys.key1, SIGHASH_ALL | SIGHASH_ANYONECANPAY).EditPush(70, "81", "01"));
  300. good.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0C) << OP_CHECKSIG,
  301. "P2SH(P2PK)", SCRIPT_VERIFY_P2SH, true
  302. ).PushSig(keys.key0).PushRedeem());
  303. bad.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0C) << OP_CHECKSIG,
  304. "P2SH(P2PK), bad redeemscript", SCRIPT_VERIFY_P2SH, true
  305. ).PushSig(keys.key0).PushRedeem().DamagePush(10));
  306. good.push_back(TestBuilder(CScript() << OP_DUP << OP_HASH160 << ToByteVector(keys.pubkey1.GetID()) << OP_EQUALVERIFY << OP_CHECKSIG,
  307. "P2SH(P2PKH), bad sig but no VERIFY_P2SH", 0, true
  308. ).PushSig(keys.key0).DamagePush(10).PushRedeem());
  309. bad.push_back(TestBuilder(CScript() << OP_DUP << OP_HASH160 << ToByteVector(keys.pubkey1.GetID()) << OP_EQUALVERIFY << OP_CHECKSIG,
  310. "P2SH(P2PKH), bad sig", SCRIPT_VERIFY_P2SH, true
  311. ).PushSig(keys.key0).DamagePush(10).PushRedeem());
  312. good.push_back(TestBuilder(CScript() << OP_3 << ToByteVector(keys.pubkey0C) << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_3 << OP_CHECKMULTISIG,
  313. "3-of-3", 0
  314. ).Num(0).PushSig(keys.key0).PushSig(keys.key1).PushSig(keys.key2));
  315. bad.push_back(TestBuilder(CScript() << OP_3 << ToByteVector(keys.pubkey0C) << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_3 << OP_CHECKMULTISIG,
  316. "3-of-3, 2 sigs", 0
  317. ).Num(0).PushSig(keys.key0).PushSig(keys.key1).Num(0));
  318. good.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey0C) << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_3 << OP_CHECKMULTISIG,
  319. "P2SH(2-of-3)", SCRIPT_VERIFY_P2SH, true
  320. ).Num(0).PushSig(keys.key1).PushSig(keys.key2).PushRedeem());
  321. bad.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey0C) << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_3 << OP_CHECKMULTISIG,
  322. "P2SH(2-of-3), 1 sig", SCRIPT_VERIFY_P2SH, true
  323. ).Num(0).PushSig(keys.key1).Num(0).PushRedeem());
  324. good.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
  325. "P2PK with too much R padding but no DERSIG", 0
  326. ).PushSig(keys.key1, SIGHASH_ALL, 31, 32).EditPush(1, "43021F", "44022000"));
  327. bad.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
  328. "P2PK with too much R padding", SCRIPT_VERIFY_DERSIG
  329. ).PushSig(keys.key1, SIGHASH_ALL, 31, 32).EditPush(1, "43021F", "44022000"));
  330. good.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
  331. "P2PK with too much S padding but no DERSIG", 0
  332. ).PushSig(keys.key1, SIGHASH_ALL).EditPush(1, "44", "45").EditPush(37, "20", "2100"));
  333. bad.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
  334. "P2PK with too much S padding", SCRIPT_VERIFY_DERSIG
  335. ).PushSig(keys.key1, SIGHASH_ALL).EditPush(1, "44", "45").EditPush(37, "20", "2100"));
  336. good.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
  337. "P2PK with too little R padding but no DERSIG", 0
  338. ).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220"));
  339. bad.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
  340. "P2PK with too little R padding", SCRIPT_VERIFY_DERSIG
  341. ).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220"));
  342. good.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG << OP_NOT,
  343. "P2PK NOT with bad sig with too much R padding but no DERSIG", 0
  344. ).PushSig(keys.key2, SIGHASH_ALL, 31, 32).EditPush(1, "43021F", "44022000").DamagePush(10));
  345. bad.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG << OP_NOT,
  346. "P2PK NOT with bad sig with too much R padding", SCRIPT_VERIFY_DERSIG
  347. ).PushSig(keys.key2, SIGHASH_ALL, 31, 32).EditPush(1, "43021F", "44022000").DamagePush(10));
  348. bad.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG << OP_NOT,
  349. "P2PK NOT with too much R padding but no DERSIG", 0
  350. ).PushSig(keys.key2, SIGHASH_ALL, 31, 32).EditPush(1, "43021F", "44022000"));
  351. bad.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG << OP_NOT,
  352. "P2PK NOT with too much R padding", SCRIPT_VERIFY_DERSIG
  353. ).PushSig(keys.key2, SIGHASH_ALL, 31, 32).EditPush(1, "43021F", "44022000"));
  354. good.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
  355. "BIP66 example 1, without DERSIG", 0
  356. ).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220"));
  357. bad.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
  358. "BIP66 example 1, with DERSIG", SCRIPT_VERIFY_DERSIG
  359. ).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220"));
  360. bad.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG << OP_NOT,
  361. "BIP66 example 2, without DERSIG", 0
  362. ).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220"));
  363. bad.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG << OP_NOT,
  364. "BIP66 example 2, with DERSIG", SCRIPT_VERIFY_DERSIG
  365. ).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220"));
  366. bad.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
  367. "BIP66 example 3, without DERSIG", 0
  368. ).Num(0));
  369. bad.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
  370. "BIP66 example 3, with DERSIG", SCRIPT_VERIFY_DERSIG
  371. ).Num(0));
  372. good.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG << OP_NOT,
  373. "BIP66 example 4, without DERSIG", 0
  374. ).Num(0));
  375. good.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG << OP_NOT,
  376. "BIP66 example 4, with DERSIG", SCRIPT_VERIFY_DERSIG
  377. ).Num(0));
  378. bad.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
  379. "BIP66 example 5, without DERSIG", 0
  380. ).Num(1));
  381. bad.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
  382. "BIP66 example 5, with DERSIG", SCRIPT_VERIFY_DERSIG
  383. ).Num(1));
  384. good.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG << OP_NOT,
  385. "BIP66 example 6, without DERSIG", 0
  386. ).Num(1));
  387. bad.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG << OP_NOT,
  388. "BIP66 example 6, with DERSIG", SCRIPT_VERIFY_DERSIG
  389. ).Num(1));
  390. good.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG,
  391. "BIP66 example 7, without DERSIG", 0
  392. ).Num(0).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").PushSig(keys.key2));
  393. bad.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG,
  394. "BIP66 example 7, with DERSIG", SCRIPT_VERIFY_DERSIG
  395. ).Num(0).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").PushSig(keys.key2));
  396. bad.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG << OP_NOT,
  397. "BIP66 example 8, without DERSIG", 0
  398. ).Num(0).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").PushSig(keys.key2));
  399. bad.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG << OP_NOT,
  400. "BIP66 example 8, with DERSIG", SCRIPT_VERIFY_DERSIG
  401. ).Num(0).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").PushSig(keys.key2));
  402. bad.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG,
  403. "BIP66 example 9, without DERSIG", 0
  404. ).Num(0).Num(0).PushSig(keys.key2, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220"));
  405. bad.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG,
  406. "BIP66 example 9, with DERSIG", SCRIPT_VERIFY_DERSIG
  407. ).Num(0).Num(0).PushSig(keys.key2, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220"));
  408. good.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG << OP_NOT,
  409. "BIP66 example 10, without DERSIG", 0
  410. ).Num(0).Num(0).PushSig(keys.key2, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220"));
  411. bad.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG << OP_NOT,
  412. "BIP66 example 10, with DERSIG", SCRIPT_VERIFY_DERSIG
  413. ).Num(0).Num(0).PushSig(keys.key2, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220"));
  414. bad.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG,
  415. "BIP66 example 11, without DERSIG", 0
  416. ).Num(0).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").Num(0));
  417. bad.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG,
  418. "BIP66 example 11, with DERSIG", SCRIPT_VERIFY_DERSIG
  419. ).Num(0).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").Num(0));
  420. good.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG << OP_NOT,
  421. "BIP66 example 12, without DERSIG", 0
  422. ).Num(0).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").Num(0));
  423. good.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG << OP_NOT,
  424. "BIP66 example 12, with DERSIG", SCRIPT_VERIFY_DERSIG
  425. ).Num(0).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").Num(0));
  426. good.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG,
  427. "P2PK with multi-byte hashtype, without DERSIG", 0
  428. ).PushSig(keys.key2, SIGHASH_ALL).EditPush(70, "01", "0101"));
  429. bad.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG,
  430. "P2PK with multi-byte hashtype, with DERSIG", SCRIPT_VERIFY_DERSIG
  431. ).PushSig(keys.key2, SIGHASH_ALL).EditPush(70, "01", "0101"));
  432. good.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG,
  433. "P2PK with high S but no LOW_S", 0
  434. ).PushSig(keys.key2, SIGHASH_ALL, 32, 33));
  435. bad.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG,
  436. "P2PK with high S", SCRIPT_VERIFY_LOW_S
  437. ).PushSig(keys.key2, SIGHASH_ALL, 32, 33));
  438. good.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0H) << OP_CHECKSIG,
  439. "P2PK with hybrid pubkey but no STRICTENC", 0
  440. ).PushSig(keys.key0, SIGHASH_ALL));
  441. bad.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0H) << OP_CHECKSIG,
  442. "P2PK with hybrid pubkey", SCRIPT_VERIFY_STRICTENC
  443. ).PushSig(keys.key0, SIGHASH_ALL));
  444. bad.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0H) << OP_CHECKSIG << OP_NOT,
  445. "P2PK NOT with hybrid pubkey but no STRICTENC", 0
  446. ).PushSig(keys.key0, SIGHASH_ALL));
  447. bad.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0H) << OP_CHECKSIG << OP_NOT,
  448. "P2PK NOT with hybrid pubkey", SCRIPT_VERIFY_STRICTENC
  449. ).PushSig(keys.key0, SIGHASH_ALL));
  450. good.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0H) << OP_CHECKSIG << OP_NOT,
  451. "P2PK NOT with invalid hybrid pubkey but no STRICTENC", 0
  452. ).PushSig(keys.key0, SIGHASH_ALL).DamagePush(10));
  453. bad.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0H) << OP_CHECKSIG << OP_NOT,
  454. "P2PK NOT with invalid hybrid pubkey", SCRIPT_VERIFY_STRICTENC
  455. ).PushSig(keys.key0, SIGHASH_ALL).DamagePush(10));
  456. good.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey0H) << ToByteVector(keys.pubkey1C) << OP_2 << OP_CHECKMULTISIG,
  457. "1-of-2 with the second 1 hybrid pubkey and no STRICTENC", 0
  458. ).Num(0).PushSig(keys.key1, SIGHASH_ALL));
  459. good.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey0H) << ToByteVector(keys.pubkey1C) << OP_2 << OP_CHECKMULTISIG,
  460. "1-of-2 with the second 1 hybrid pubkey", SCRIPT_VERIFY_STRICTENC
  461. ).Num(0).PushSig(keys.key1, SIGHASH_ALL));
  462. bad.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey0H) << OP_2 << OP_CHECKMULTISIG,
  463. "1-of-2 with the first 1 hybrid pubkey", SCRIPT_VERIFY_STRICTENC
  464. ).Num(0).PushSig(keys.key1, SIGHASH_ALL));
  465. good.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG,
  466. "P2PK with undefined hashtype but no STRICTENC", 0
  467. ).PushSig(keys.key1, 5));
  468. bad.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG,
  469. "P2PK with undefined hashtype", SCRIPT_VERIFY_STRICTENC
  470. ).PushSig(keys.key1, 5));
  471. good.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG << OP_NOT,
  472. "P2PK NOT with invalid sig and undefined hashtype but no STRICTENC", 0
  473. ).PushSig(keys.key1, 5).DamagePush(10));
  474. bad.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG << OP_NOT,
  475. "P2PK NOT with invalid sig and undefined hashtype", SCRIPT_VERIFY_STRICTENC
  476. ).PushSig(keys.key1, 5).DamagePush(10));
  477. good.push_back(TestBuilder(CScript() << OP_3 << ToByteVector(keys.pubkey0C) << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_3 << OP_CHECKMULTISIG,
  478. "3-of-3 with nonzero dummy but no NULLDUMMY", 0
  479. ).Num(1).PushSig(keys.key0).PushSig(keys.key1).PushSig(keys.key2));
  480. bad.push_back(TestBuilder(CScript() << OP_3 << ToByteVector(keys.pubkey0C) << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_3 << OP_CHECKMULTISIG,
  481. "3-of-3 with nonzero dummy", SCRIPT_VERIFY_NULLDUMMY
  482. ).Num(1).PushSig(keys.key0).PushSig(keys.key1).PushSig(keys.key2));
  483. good.push_back(TestBuilder(CScript() << OP_3 << ToByteVector(keys.pubkey0C) << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_3 << OP_CHECKMULTISIG << OP_NOT,
  484. "3-of-3 NOT with invalid sig and nonzero dummy but no NULLDUMMY", 0
  485. ).Num(1).PushSig(keys.key0).PushSig(keys.key1).PushSig(keys.key2).DamagePush(10));
  486. bad.push_back(TestBuilder(CScript() << OP_3 << ToByteVector(keys.pubkey0C) << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_3 << OP_CHECKMULTISIG << OP_NOT,
  487. "3-of-3 NOT with invalid sig with nonzero dummy", SCRIPT_VERIFY_NULLDUMMY
  488. ).Num(1).PushSig(keys.key0).PushSig(keys.key1).PushSig(keys.key2).DamagePush(10));
  489. good.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey1C) << OP_2 << OP_CHECKMULTISIG,
  490. "2-of-2 with two identical keys and sigs pushed using OP_DUP but no SIGPUSHONLY", 0
  491. ).Num(0).PushSig(keys.key1).Add(CScript() << OP_DUP));
  492. bad.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey1C) << OP_2 << OP_CHECKMULTISIG,
  493. "2-of-2 with two identical keys and sigs pushed using OP_DUP", SCRIPT_VERIFY_SIGPUSHONLY
  494. ).Num(0).PushSig(keys.key1).Add(CScript() << OP_DUP));
  495. bad.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG,
  496. "P2SH(P2PK) with non-push scriptSig but no SIGPUSHONLY", 0
  497. ).PushSig(keys.key2).PushRedeem());
  498. bad.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG,
  499. "P2SH(P2PK) with non-push scriptSig", SCRIPT_VERIFY_SIGPUSHONLY
  500. ).PushSig(keys.key2).PushRedeem());
  501. good.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey1C) << OP_2 << OP_CHECKMULTISIG,
  502. "2-of-2 with two identical keys and sigs pushed", SCRIPT_VERIFY_SIGPUSHONLY
  503. ).Num(0).PushSig(keys.key1).PushSig(keys.key1));
  504. good.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
  505. "P2PK with unnecessary input but no CLEANSTACK", SCRIPT_VERIFY_P2SH
  506. ).Num(11).PushSig(keys.key0));
  507. bad.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
  508. "P2PK with unnecessary input", SCRIPT_VERIFY_CLEANSTACK | SCRIPT_VERIFY_P2SH
  509. ).Num(11).PushSig(keys.key0));
  510. good.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
  511. "P2SH with unnecessary input but no CLEANSTACK", SCRIPT_VERIFY_P2SH, true
  512. ).Num(11).PushSig(keys.key0).PushRedeem());
  513. bad.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
  514. "P2SH with unnecessary input", SCRIPT_VERIFY_CLEANSTACK | SCRIPT_VERIFY_P2SH, true
  515. ).Num(11).PushSig(keys.key0).PushRedeem());
  516. good.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
  517. "P2SH with CLEANSTACK", SCRIPT_VERIFY_CLEANSTACK | SCRIPT_VERIFY_P2SH, true
  518. ).PushSig(keys.key0).PushRedeem());
  519. std::set<std::string> tests_good;
  520. std::set<std::string> tests_bad;
  521. {
  522. Array json_good = read_json(std::string(json_tests::script_valid, json_tests::script_valid + sizeof(json_tests::script_valid)));
  523. Array json_bad = read_json(std::string(json_tests::script_invalid, json_tests::script_invalid + sizeof(json_tests::script_invalid)));
  524. BOOST_FOREACH(Value& tv, json_good) {
  525. tests_good.insert(write_string(Value(tv.get_array()), true));
  526. }
  527. BOOST_FOREACH(Value& tv, json_bad) {
  528. tests_bad.insert(write_string(Value(tv.get_array()), true));
  529. }
  530. }
  531. std::string strGood;
  532. std::string strBad;
  533. BOOST_FOREACH(TestBuilder& test, good) {
  534. test.Test(true);
  535. std::string str = write_string(Value(test.GetJSON()), true);
  536. #ifndef UPDATE_JSON_TESTS
  537. if (tests_good.count(str) == 0) {
  538. BOOST_CHECK_MESSAGE(false, "Missing auto script_valid test: " + test.GetComment());
  539. }
  540. #endif
  541. strGood += str + ",\n";
  542. }
  543. BOOST_FOREACH(TestBuilder& test, bad) {
  544. test.Test(false);
  545. std::string str = write_string(Value(test.GetJSON()), true);
  546. #ifndef UPDATE_JSON_TESTS
  547. if (tests_bad.count(str) == 0) {
  548. BOOST_CHECK_MESSAGE(false, "Missing auto script_invalid test: " + test.GetComment());
  549. }
  550. #endif
  551. strBad += str + ",\n";
  552. }
  553. #ifdef UPDATE_JSON_TESTS
  554. FILE* valid = fopen("script_valid.json.gen", "w");
  555. fputs(strGood.c_str(), valid);
  556. fclose(valid);
  557. FILE* invalid = fopen("script_invalid.json.gen", "w");
  558. fputs(strBad.c_str(), invalid);
  559. fclose(invalid);
  560. #endif
  561. }
  562. BOOST_AUTO_TEST_CASE(script_valid)
  563. {
  564. // Read tests from test/data/script_valid.json
  565. // Format is an array of arrays
  566. // Inner arrays are [ "scriptSig", "scriptPubKey", "flags" ]
  567. // ... where scriptSig and scriptPubKey are stringified
  568. // scripts.
  569. Array tests = read_json(std::string(json_tests::script_valid, json_tests::script_valid + sizeof(json_tests::script_valid)));
  570. BOOST_FOREACH(Value& tv, tests)
  571. {
  572. Array test = tv.get_array();
  573. string strTest = write_string(tv, false);
  574. if (test.size() < 3) // Allow size > 3; extra stuff ignored (useful for comments)
  575. {
  576. if (test.size() != 1) {
  577. BOOST_ERROR("Bad test: " << strTest);
  578. }
  579. continue;
  580. }
  581. string scriptSigString = test[0].get_str();
  582. CScript scriptSig = ParseScript(scriptSigString);
  583. string scriptPubKeyString = test[1].get_str();
  584. CScript scriptPubKey = ParseScript(scriptPubKeyString);
  585. unsigned int scriptflags = ParseScriptFlags(test[2].get_str());
  586. DoTest(scriptPubKey, scriptSig, scriptflags, true, strTest);
  587. }
  588. }
  589. BOOST_AUTO_TEST_CASE(script_invalid)
  590. {
  591. // Scripts that should evaluate as invalid
  592. Array tests = read_json(std::string(json_tests::script_invalid, json_tests::script_invalid + sizeof(json_tests::script_invalid)));
  593. BOOST_FOREACH(Value& tv, tests)
  594. {
  595. Array test = tv.get_array();
  596. string strTest = write_string(tv, false);
  597. if (test.size() < 3) // Allow size > 3; extra stuff ignored (useful for comments)
  598. {
  599. if (test.size() != 1) {
  600. BOOST_ERROR("Bad test: " << strTest);
  601. }
  602. continue;
  603. }
  604. string scriptSigString = test[0].get_str();
  605. CScript scriptSig = ParseScript(scriptSigString);
  606. string scriptPubKeyString = test[1].get_str();
  607. CScript scriptPubKey = ParseScript(scriptPubKeyString);
  608. unsigned int scriptflags = ParseScriptFlags(test[2].get_str());
  609. DoTest(scriptPubKey, scriptSig, scriptflags, false, strTest);
  610. }
  611. }
  612. BOOST_AUTO_TEST_CASE(script_PushData)
  613. {
  614. // Check that PUSHDATA1, PUSHDATA2, and PUSHDATA4 create the same value on
  615. // the stack as the 1-75 opcodes do.
  616. static const unsigned char direct[] = { 1, 0x5a };
  617. static const unsigned char pushdata1[] = { OP_PUSHDATA1, 1, 0x5a };
  618. static const unsigned char pushdata2[] = { OP_PUSHDATA2, 1, 0, 0x5a };
  619. static const unsigned char pushdata4[] = { OP_PUSHDATA4, 1, 0, 0, 0, 0x5a };
  620. ScriptError err;
  621. vector<vector<unsigned char> > directStack;
  622. BOOST_CHECK(EvalScript(directStack, CScript(&direct[0], &direct[sizeof(direct)]), SCRIPT_VERIFY_P2SH, BaseSignatureChecker(), &err));
  623. BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
  624. vector<vector<unsigned char> > pushdata1Stack;
  625. BOOST_CHECK(EvalScript(pushdata1Stack, CScript(&pushdata1[0], &pushdata1[sizeof(pushdata1)]), SCRIPT_VERIFY_P2SH, BaseSignatureChecker(), &err));
  626. BOOST_CHECK(pushdata1Stack == directStack);
  627. BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
  628. vector<vector<unsigned char> > pushdata2Stack;
  629. BOOST_CHECK(EvalScript(pushdata2Stack, CScript(&pushdata2[0], &pushdata2[sizeof(pushdata2)]), SCRIPT_VERIFY_P2SH, BaseSignatureChecker(), &err));
  630. BOOST_CHECK(pushdata2Stack == directStack);
  631. BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
  632. vector<vector<unsigned char> > pushdata4Stack;
  633. BOOST_CHECK(EvalScript(pushdata4Stack, CScript(&pushdata4[0], &pushdata4[sizeof(pushdata4)]), SCRIPT_VERIFY_P2SH, BaseSignatureChecker(), &err));
  634. BOOST_CHECK(pushdata4Stack == directStack);
  635. BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
  636. }
  637. CScript
  638. sign_multisig(CScript scriptPubKey, std::vector<CKey> keys, CTransaction transaction)
  639. {
  640. uint256 hash = SignatureHash(scriptPubKey, transaction, 0, SIGHASH_ALL);
  641. CScript result;
  642. //
  643. // NOTE: CHECKMULTISIG has an unfortunate bug; it requires
  644. // one extra item on the stack, before the signatures.
  645. // Putting OP_0 on the stack is the workaround;
  646. // fixing the bug would mean splitting the block chain (old
  647. // clients would not accept new CHECKMULTISIG transactions,
  648. // and vice-versa)
  649. //
  650. result << OP_0;
  651. BOOST_FOREACH(const CKey &key, keys)
  652. {
  653. vector<unsigned char> vchSig;
  654. BOOST_CHECK(key.Sign(hash, vchSig));
  655. vchSig.push_back((unsigned char)SIGHASH_ALL);
  656. result << vchSig;
  657. }
  658. return result;
  659. }
  660. CScript
  661. sign_multisig(CScript scriptPubKey, const CKey &key, CTransaction transaction)
  662. {
  663. std::vector<CKey> keys;
  664. keys.push_back(key);
  665. return sign_multisig(scriptPubKey, keys, transaction);
  666. }
  667. BOOST_AUTO_TEST_CASE(script_CHECKMULTISIG12)
  668. {
  669. ScriptError err;
  670. CKey key1, key2, key3;
  671. key1.MakeNewKey(true);
  672. key2.MakeNewKey(false);
  673. key3.MakeNewKey(true);
  674. CScript scriptPubKey12;
  675. scriptPubKey12 << OP_1 << ToByteVector(key1.GetPubKey()) << ToByteVector(key2.GetPubKey()) << OP_2 << OP_CHECKMULTISIG;
  676. CMutableTransaction txFrom12 = BuildCreditingTransaction(scriptPubKey12);
  677. CMutableTransaction txTo12 = BuildSpendingTransaction(CScript(), txFrom12);
  678. CScript goodsig1 = sign_multisig(scriptPubKey12, key1, txTo12);
  679. BOOST_CHECK(VerifyScript(goodsig1, scriptPubKey12, flags, MutableTransactionSignatureChecker(&txTo12, 0), &err));
  680. BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
  681. txTo12.vout[0].nValue = 2;
  682. BOOST_CHECK(!VerifyScript(goodsig1, scriptPubKey12, flags, MutableTransactionSignatureChecker(&txTo12, 0), &err));
  683. BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_EVAL_FALSE, ScriptErrorString(err));
  684. CScript goodsig2 = sign_multisig(scriptPubKey12, key2, txTo12);
  685. BOOST_CHECK(VerifyScript(goodsig2, scriptPubKey12, flags, MutableTransactionSignatureChecker(&txTo12, 0), &err));
  686. BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
  687. CScript badsig1 = sign_multisig(scriptPubKey12, key3, txTo12);
  688. BOOST_CHECK(!VerifyScript(badsig1, scriptPubKey12, flags, MutableTransactionSignatureChecker(&txTo12, 0), &err));
  689. BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_EVAL_FALSE, ScriptErrorString(err));
  690. }
  691. BOOST_AUTO_TEST_CASE(script_CHECKMULTISIG23)
  692. {
  693. ScriptError err;
  694. CKey key1, key2, key3, key4;
  695. key1.MakeNewKey(true);
  696. key2.MakeNewKey(false);
  697. key3.MakeNewKey(true);
  698. key4.MakeNewKey(false);
  699. CScript scriptPubKey23;
  700. scriptPubKey23 << OP_2 << ToByteVector(key1.GetPubKey()) << ToByteVector(key2.GetPubKey()) << ToByteVector(key3.GetPubKey()) << OP_3 << OP_CHECKMULTISIG;
  701. CMutableTransaction txFrom23 = BuildCreditingTransaction(scriptPubKey23);
  702. CMutableTransaction txTo23 = BuildSpendingTransaction(CScript(), txFrom23);
  703. std::vector<CKey> keys;
  704. keys.push_back(key1); keys.push_back(key2);
  705. CScript goodsig1 = sign_multisig(scriptPubKey23, keys, txTo23);
  706. BOOST_CHECK(VerifyScript(goodsig1, scriptPubKey23, flags, MutableTransactionSignatureChecker(&txTo23, 0), &err));
  707. BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
  708. keys.clear();
  709. keys.push_back(key1); keys.push_back(key3);
  710. CScript goodsig2 = sign_multisig(scriptPubKey23, keys, txTo23);
  711. BOOST_CHECK(VerifyScript(goodsig2, scriptPubKey23, flags, MutableTransactionSignatureChecker(&txTo23, 0), &err));
  712. BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
  713. keys.clear();
  714. keys.push_back(key2); keys.push_back(key3);
  715. CScript goodsig3 = sign_multisig(scriptPubKey23, keys, txTo23);
  716. BOOST_CHECK(VerifyScript(goodsig3, scriptPubKey23, flags, MutableTransactionSignatureChecker(&txTo23, 0), &err));
  717. BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
  718. keys.clear();
  719. keys.push_back(key2); keys.push_back(key2); // Can't re-use sig
  720. CScript badsig1 = sign_multisig(scriptPubKey23, keys, txTo23);
  721. BOOST_CHECK(!VerifyScript(badsig1, scriptPubKey23, flags, MutableTransactionSignatureChecker(&txTo23, 0), &err));
  722. BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_EVAL_FALSE, ScriptErrorString(err));
  723. keys.clear();
  724. keys.push_back(key2); keys.push_back(key1); // sigs must be in correct order
  725. CScript badsig2 = sign_multisig(scriptPubKey23, keys, txTo23);
  726. BOOST_CHECK(!VerifyScript(badsig2, scriptPubKey23, flags, MutableTransactionSignatureChecker(&txTo23, 0), &err));
  727. BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_EVAL_FALSE, ScriptErrorString(err));
  728. keys.clear();
  729. keys.push_back(key3); keys.push_back(key2); // sigs must be in correct order
  730. CScript badsig3 = sign_multisig(scriptPubKey23, keys, txTo23);
  731. BOOST_CHECK(!VerifyScript(badsig3, scriptPubKey23, flags, MutableTransactionSignatureChecker(&txTo23, 0), &err));
  732. BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_EVAL_FALSE, ScriptErrorString(err));
  733. keys.clear();
  734. keys.push_back(key4); keys.push_back(key2); // sigs must match pubkeys
  735. CScript badsig4 = sign_multisig(scriptPubKey23, keys, txTo23);
  736. BOOST_CHECK(!VerifyScript(badsig4, scriptPubKey23, flags, MutableTransactionSignatureChecker(&txTo23, 0), &err));
  737. BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_EVAL_FALSE, ScriptErrorString(err));
  738. keys.clear();
  739. keys.push_back(key1); keys.push_back(key4); // sigs must match pubkeys
  740. CScript badsig5 = sign_multisig(scriptPubKey23, keys, txTo23);
  741. BOOST_CHECK(!VerifyScript(badsig5, scriptPubKey23, flags, MutableTransactionSignatureChecker(&txTo23, 0), &err));
  742. BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_EVAL_FALSE, ScriptErrorString(err));
  743. keys.clear(); // Must have signatures
  744. CScript badsig6 = sign_multisig(scriptPubKey23, keys, txTo23);
  745. BOOST_CHECK(!VerifyScript(badsig6, scriptPubKey23, flags, MutableTransactionSignatureChecker(&txTo23, 0), &err));
  746. BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_INVALID_STACK_OPERATION, ScriptErrorString(err));
  747. }
  748. BOOST_AUTO_TEST_CASE(script_combineSigs)
  749. {
  750. // Test the CombineSignatures function
  751. CBasicKeyStore keystore;
  752. vector<CKey> keys;
  753. vector<CPubKey> pubkeys;
  754. for (int i = 0; i < 3; i++)
  755. {
  756. CKey key;
  757. key.MakeNewKey(i%2 == 1);
  758. keys.push_back(key);
  759. pubkeys.push_back(key.GetPubKey());
  760. keystore.AddKey(key);
  761. }
  762. CMutableTransaction txFrom = BuildCreditingTransaction(GetScriptForDestination(keys[0].GetPubKey().GetID()));
  763. CMutableTransaction txTo = BuildSpendingTransaction(CScript(), txFrom);
  764. CScript& scriptPubKey = txFrom.vout[0].scriptPubKey;
  765. CScript& scriptSig = txTo.vin[0].scriptSig;
  766. CScript empty;
  767. CScript combined = CombineSignatures(scriptPubKey, txTo, 0, empty, empty);
  768. BOOST_CHECK(combined.empty());
  769. // Single signature case:
  770. SignSignature(keystore, txFrom, txTo, 0); // changes scriptSig
  771. combined = CombineSignatures(scriptPubKey, txTo, 0, scriptSig, empty);
  772. BOOST_CHECK(combined == scriptSig);
  773. combined = CombineSignatures(scriptPubKey, txTo, 0, empty, scriptSig);
  774. BOOST_CHECK(combined == scriptSig);
  775. CScript scriptSigCopy = scriptSig;
  776. // Signing again will give a different, valid signature:
  777. SignSignature(keystore, txFrom, txTo, 0);
  778. combined = CombineSignatures(scriptPubKey, txTo, 0, scriptSigCopy, scriptSig);
  779. BOOST_CHECK(combined == scriptSigCopy || combined == scriptSig);
  780. // P2SH, single-signature case:
  781. CScript pkSingle; pkSingle << ToByteVector(keys[0].GetPubKey()) << OP_CHECKSIG;
  782. keystore.AddCScript(pkSingle);
  783. scriptPubKey = GetScriptForDestination(CScriptID(pkSingle));
  784. SignSignature(keystore, txFrom, txTo, 0);
  785. combined = CombineSignatures(scriptPubKey, txTo, 0, scriptSig, empty);
  786. BOOST_CHECK(combined == scriptSig);
  787. combined = CombineSignatures(scriptPubKey, txTo, 0, empty, scriptSig);
  788. BOOST_CHECK(combined == scriptSig);
  789. scriptSigCopy = scriptSig;
  790. SignSignature(keystore, txFrom, txTo, 0);
  791. combined = CombineSignatures(scriptPubKey, txTo, 0, scriptSigCopy, scriptSig);
  792. BOOST_CHECK(combined == scriptSigCopy || combined == scriptSig);
  793. // dummy scriptSigCopy with placeholder, should always choose non-placeholder:
  794. scriptSigCopy = CScript() << OP_0 << static_cast<vector<unsigned char> >(pkSingle);
  795. combined = CombineSignatures(scriptPubKey, txTo, 0, scriptSigCopy, scriptSig);
  796. BOOST_CHECK(combined == scriptSig);
  797. combined = CombineSignatures(scriptPubKey, txTo, 0, scriptSig, scriptSigCopy);
  798. BOOST_CHECK(combined == scriptSig);
  799. // Hardest case: Multisig 2-of-3
  800. scriptPubKey = GetScriptForMultisig(2, pubkeys);
  801. keystore.AddCScript(scriptPubKey);
  802. SignSignature(keystore, txFrom, txTo, 0);
  803. combined = CombineSignatures(scriptPubKey, txTo, 0, scriptSig, empty);
  804. BOOST_CHECK(combined == scriptSig);
  805. combined = CombineSignatures(scriptPubKey, txTo, 0, empty, scriptSig);
  806. BOOST_CHECK(combined == scriptSig);
  807. // A couple of partially-signed versions:
  808. vector<unsigned char> sig1;
  809. uint256 hash1 = SignatureHash(scriptPubKey, txTo, 0, SIGHASH_ALL);
  810. BOOST_CHECK(keys[0].Sign(hash1, sig1));
  811. sig1.push_back(SIGHASH_ALL);
  812. vector<unsigned char> sig2;
  813. uint256 hash2 = SignatureHash(scriptPubKey, txTo, 0, SIGHASH_NONE);
  814. BOOST_CHECK(keys[1].Sign(hash2, sig2));
  815. sig2.push_back(SIGHASH_NONE);
  816. vector<unsigned char> sig3;
  817. uint256 hash3 = SignatureHash(scriptPubKey, txTo, 0, SIGHASH_SINGLE);
  818. BOOST_CHECK(keys[2].Sign(hash3, sig3));
  819. sig3.push_back(SIGHASH_SINGLE);
  820. // Not fussy about order (or even existence) of placeholders or signatures:
  821. CScript partial1a = CScript() << OP_0 << sig1 << OP_0;
  822. CScript partial1b = CScript() << OP_0 << OP_0 << sig1;
  823. CScript partial2a = CScript() << OP_0 << sig2;
  824. CScript partial2b = CScript() << sig2 << OP_0;
  825. CScript partial3a = CScript() << sig3;
  826. CScript partial3b = CScript() << OP_0 << OP_0 << sig3;
  827. CScript partial3c = CScript() << OP_0 << sig3 << OP_0;
  828. CScript complete12 = CScript() << OP_0 << sig1 << sig2;
  829. CScript complete13 = CScript() << OP_0 << sig1 << sig3;
  830. CScript complete23 = CScript() << OP_0 << sig2 << sig3;
  831. combined = CombineSignatures(scriptPubKey, txTo, 0, partial1a, partial1b);
  832. BOOST_CHECK(combined == partial1a);
  833. combined = CombineSignatures(scriptPubKey, txTo, 0, partial1a, partial2a);
  834. BOOST_CHECK(combined == complete12);
  835. combined = CombineSignatures(scriptPubKey, txTo, 0, partial2a, partial1a);
  836. BOOST_CHECK(combined == complete12);
  837. combined = CombineSignatures(scriptPubKey, txTo, 0, partial1b, partial2b);
  838. BOOST_CHECK(combined == complete12);
  839. combined = CombineSignatures(scriptPubKey, txTo, 0, partial3b, partial1b);
  840. BOOST_CHECK(combined == complete13);
  841. combined = CombineSignatures(scriptPubKey, txTo, 0, partial2a, partial3a);
  842. BOOST_CHECK(combined == complete23);
  843. combined = CombineSignatures(scriptPubKey, txTo, 0, partial3b, partial2b);
  844. BOOST_CHECK(combined == complete23);
  845. combined = CombineSignatures(scriptPubKey, txTo, 0, partial3b, partial3a);
  846. BOOST_CHECK(combined == partial3c);
  847. }
  848. BOOST_AUTO_TEST_CASE(script_standard_push)
  849. {
  850. ScriptError err;
  851. for (int i=0; i<67000; i++) {
  852. CScript script;
  853. script << i;
  854. BOOST_CHECK_MESSAGE(script.IsPushOnly(), "Number " << i << " is not pure push.");
  855. BOOST_CHECK_MESSAGE(VerifyScript(script, CScript() << OP_1, SCRIPT_VERIFY_MINIMALDATA, BaseSignatureChecker(), &err), "Number " << i << " push is not minimal data.");
  856. BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
  857. }
  858. for (unsigned int i=0; i<=MAX_SCRIPT_ELEMENT_SIZE; i++) {
  859. std::vector<unsigned char> data(i, '\111');
  860. CScript script;
  861. script << data;
  862. BOOST_CHECK_MESSAGE(script.IsPushOnly(), "Length " << i << " is not pure push.");
  863. BOOST_CHECK_MESSAGE(VerifyScript(script, CScript() << OP_1, SCRIPT_VERIFY_MINIMALDATA, BaseSignatureChecker(), &err), "Length " << i << " push is not minimal data.");
  864. BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
  865. }
  866. }
  867. BOOST_AUTO_TEST_CASE(script_IsPushOnly_on_invalid_scripts)
  868. {
  869. // IsPushOnly returns false when given a script containing only pushes that
  870. // are invalid due to truncation. IsPushOnly() is consensus critical
  871. // because P2SH evaluation uses it, although this specific behavior should
  872. // not be consensus critical as the P2SH evaluation would fail first due to
  873. // the invalid push. Still, it doesn't hurt to test it explicitly.
  874. static const unsigned char direct[] = { 1 };
  875. BOOST_CHECK(!CScript(direct, direct+sizeof(direct)).IsPushOnly());
  876. }
  877. BOOST_AUTO_TEST_SUITE_END()