search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge #9911: Wshadow: various gcc fixes
[bitcoinplatinum.git] / src / test / script_tests.cpp
blob343c645cb1bf49be025cf770d9fef022780bf9d1
1 // Copyright (c) 2011-2016 The Bitcoin Core developers
2 // Distributed under the MIT software license, see the accompanying
3 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
4
5 #include "data/script_tests.json.h"
6
7 #include "core_io.h"
8 #include "key.h"
9 #include "keystore.h"
10 #include "script/script.h"
11 #include "script/script_error.h"
12 #include "script/sign.h"
13 #include "util.h"
14 #include "utilstrencodings.h"
15 #include "test/test_bitcoin.h"
16 #include "rpc/server.h"
17
18 #if defined(HAVE_CONSENSUS_LIB)
19 #include "script/bitcoinconsensus.h"
20 #endif
21
22 #include <fstream>
23 #include <stdint.h>
24 #include <string>
25 #include <vector>
26
27 #include <boost/foreach.hpp>
28 #include <boost/test/unit_test.hpp>
29
30 #include <univalue.h>
31
32 // Uncomment if you want to output updated JSON tests.
33 // #define UPDATE_JSON_TESTS
34
35 static const unsigned int gFlags = SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_STRICTENC;
36
37 unsigned int ParseScriptFlags(std::string strFlags);
38 std::string FormatScriptFlags(unsigned int flags);
39
40 UniValue
41 read_json(const std::string& jsondata)
42 {
43 UniValue v;
44
45 if (!v.read(jsondata) || !v.isArray())
46 {
47 BOOST_ERROR("Parse error.");
48 return UniValue(UniValue::VARR);
49 }
50 return v.get_array();
51 }
52
53 struct ScriptErrorDesc
54 {
55 ScriptError_t err;
56 const char *name;
57 };
58
59 static ScriptErrorDesc script_errors[]={
60 {SCRIPT_ERR_OK, "OK"},
61 {SCRIPT_ERR_UNKNOWN_ERROR, "UNKNOWN_ERROR"},
62 {SCRIPT_ERR_EVAL_FALSE, "EVAL_FALSE"},
63 {SCRIPT_ERR_OP_RETURN, "OP_RETURN"},
64 {SCRIPT_ERR_SCRIPT_SIZE, "SCRIPT_SIZE"},
65 {SCRIPT_ERR_PUSH_SIZE, "PUSH_SIZE"},
66 {SCRIPT_ERR_OP_COUNT, "OP_COUNT"},
67 {SCRIPT_ERR_STACK_SIZE, "STACK_SIZE"},
68 {SCRIPT_ERR_SIG_COUNT, "SIG_COUNT"},
69 {SCRIPT_ERR_PUBKEY_COUNT, "PUBKEY_COUNT"},
70 {SCRIPT_ERR_VERIFY, "VERIFY"},
71 {SCRIPT_ERR_EQUALVERIFY, "EQUALVERIFY"},
72 {SCRIPT_ERR_CHECKMULTISIGVERIFY, "CHECKMULTISIGVERIFY"},
73 {SCRIPT_ERR_CHECKSIGVERIFY, "CHECKSIGVERIFY"},
74 {SCRIPT_ERR_NUMEQUALVERIFY, "NUMEQUALVERIFY"},
75 {SCRIPT_ERR_BAD_OPCODE, "BAD_OPCODE"},
76 {SCRIPT_ERR_DISABLED_OPCODE, "DISABLED_OPCODE"},
77 {SCRIPT_ERR_INVALID_STACK_OPERATION, "INVALID_STACK_OPERATION"},
78 {SCRIPT_ERR_INVALID_ALTSTACK_OPERATION, "INVALID_ALTSTACK_OPERATION"},
79 {SCRIPT_ERR_UNBALANCED_CONDITIONAL, "UNBALANCED_CONDITIONAL"},
80 {SCRIPT_ERR_NEGATIVE_LOCKTIME, "NEGATIVE_LOCKTIME"},
81 {SCRIPT_ERR_UNSATISFIED_LOCKTIME, "UNSATISFIED_LOCKTIME"},
82 {SCRIPT_ERR_SIG_HASHTYPE, "SIG_HASHTYPE"},
83 {SCRIPT_ERR_SIG_DER, "SIG_DER"},
84 {SCRIPT_ERR_MINIMALDATA, "MINIMALDATA"},
85 {SCRIPT_ERR_SIG_PUSHONLY, "SIG_PUSHONLY"},
86 {SCRIPT_ERR_SIG_HIGH_S, "SIG_HIGH_S"},
87 {SCRIPT_ERR_SIG_NULLDUMMY, "SIG_NULLDUMMY"},
88 {SCRIPT_ERR_PUBKEYTYPE, "PUBKEYTYPE"},
89 {SCRIPT_ERR_CLEANSTACK, "CLEANSTACK"},
90 {SCRIPT_ERR_MINIMALIF, "MINIMALIF"},
91 {SCRIPT_ERR_SIG_NULLFAIL, "NULLFAIL"},
92 {SCRIPT_ERR_DISCOURAGE_UPGRADABLE_NOPS, "DISCOURAGE_UPGRADABLE_NOPS"},
93 {SCRIPT_ERR_DISCOURAGE_UPGRADABLE_WITNESS_PROGRAM, "DISCOURAGE_UPGRADABLE_WITNESS_PROGRAM"},
94 {SCRIPT_ERR_WITNESS_PROGRAM_WRONG_LENGTH, "WITNESS_PROGRAM_WRONG_LENGTH"},
95 {SCRIPT_ERR_WITNESS_PROGRAM_WITNESS_EMPTY, "WITNESS_PROGRAM_WITNESS_EMPTY"},
96 {SCRIPT_ERR_WITNESS_PROGRAM_MISMATCH, "WITNESS_PROGRAM_MISMATCH"},
97 {SCRIPT_ERR_WITNESS_MALLEATED, "WITNESS_MALLEATED"},
98 {SCRIPT_ERR_WITNESS_MALLEATED_P2SH, "WITNESS_MALLEATED_P2SH"},
99 {SCRIPT_ERR_WITNESS_UNEXPECTED, "WITNESS_UNEXPECTED"},
100 {SCRIPT_ERR_WITNESS_PUBKEYTYPE, "WITNESS_PUBKEYTYPE"},
101 };
102
103 const char *FormatScriptError(ScriptError_t err)
104 {
105 for (unsigned int i=0; i<ARRAYLEN(script_errors); ++i)
106 if (script_errors[i].err == err)
107 return script_errors[i].name;
108 BOOST_ERROR("Unknown scripterror enumeration value, update script_errors in script_tests.cpp.");
109 return "";
110 }
111
112 ScriptError_t ParseScriptError(const std::string &name)
113 {
114 for (unsigned int i=0; i<ARRAYLEN(script_errors); ++i)
115 if (script_errors[i].name == name)
116 return script_errors[i].err;
117 BOOST_ERROR("Unknown scripterror \"" << name << "\" in test description");
118 return SCRIPT_ERR_UNKNOWN_ERROR;
119 }
120
121 BOOST_FIXTURE_TEST_SUITE(script_tests, BasicTestingSetup)
122
123 CMutableTransaction BuildCreditingTransaction(const CScript& scriptPubKey, int nValue = 0)
124 {
125 CMutableTransaction txCredit;
126 txCredit.nVersion = 1;
127 txCredit.nLockTime = 0;
128 txCredit.vin.resize(1);
129 txCredit.vout.resize(1);
130 txCredit.vin[0].prevout.SetNull();
131 txCredit.vin[0].scriptSig = CScript() << CScriptNum(0) << CScriptNum(0);
132 txCredit.vin[0].nSequence = CTxIn::SEQUENCE_FINAL;
133 txCredit.vout[0].scriptPubKey = scriptPubKey;
134 txCredit.vout[0].nValue = nValue;
135
136 return txCredit;
137 }
138
139 CMutableTransaction BuildSpendingTransaction(const CScript& scriptSig, const CScriptWitness& scriptWitness, const CMutableTransaction& txCredit)
140 {
141 CMutableTransaction txSpend;
142 txSpend.nVersion = 1;
143 txSpend.nLockTime = 0;
144 txSpend.vin.resize(1);
145 txSpend.vout.resize(1);
146 txSpend.vin[0].scriptWitness = scriptWitness;
147 txSpend.vin[0].prevout.hash = txCredit.GetHash();
148 txSpend.vin[0].prevout.n = 0;
149 txSpend.vin[0].scriptSig = scriptSig;
150 txSpend.vin[0].nSequence = CTxIn::SEQUENCE_FINAL;
151 txSpend.vout[0].scriptPubKey = CScript();
152 txSpend.vout[0].nValue = txCredit.vout[0].nValue;
153
154 return txSpend;
155 }
156
157 void DoTest(const CScript& scriptPubKey, const CScript& scriptSig, const CScriptWitness& scriptWitness, int flags, const std::string& message, int scriptError, CAmount nValue = 0)
158 {
159 bool expect = (scriptError == SCRIPT_ERR_OK);
160 if (flags & SCRIPT_VERIFY_CLEANSTACK) {
161 flags |= SCRIPT_VERIFY_P2SH;
162 flags |= SCRIPT_VERIFY_WITNESS;
163 }
164 ScriptError err;
165 CMutableTransaction txCredit = BuildCreditingTransaction(scriptPubKey, nValue);
166 CMutableTransaction tx = BuildSpendingTransaction(scriptSig, scriptWitness, txCredit);
167 CMutableTransaction tx2 = tx;
168 BOOST_CHECK_MESSAGE(VerifyScript(scriptSig, scriptPubKey, &scriptWitness, flags, MutableTransactionSignatureChecker(&tx, 0, txCredit.vout[0].nValue), &err) == expect, message);
169 BOOST_CHECK_MESSAGE(err == scriptError, std::string(FormatScriptError(err)) + " where " + std::string(FormatScriptError((ScriptError_t)scriptError)) + " expected: " + message);
170 #if defined(HAVE_CONSENSUS_LIB)
171 CDataStream stream(SER_NETWORK, PROTOCOL_VERSION);
172 stream << tx2;
173 int libconsensus_flags = flags & bitcoinconsensus_SCRIPT_FLAGS_VERIFY_ALL;
174 if (libconsensus_flags == flags) {
175 if (flags & bitcoinconsensus_SCRIPT_FLAGS_VERIFY_WITNESS) {
176 BOOST_CHECK_MESSAGE(bitcoinconsensus_verify_script_with_amount(scriptPubKey.data(), scriptPubKey.size(), txCredit.vout[0].nValue, (const unsigned char*)&stream[0], stream.size(), 0, libconsensus_flags, NULL) == expect, message);
177 } else {
178 BOOST_CHECK_MESSAGE(bitcoinconsensus_verify_script_with_amount(scriptPubKey.data(), scriptPubKey.size(), 0, (const unsigned char*)&stream[0], stream.size(), 0, libconsensus_flags, NULL) == expect, message);
179 BOOST_CHECK_MESSAGE(bitcoinconsensus_verify_script(scriptPubKey.data(), scriptPubKey.size(), (const unsigned char*)&stream[0], stream.size(), 0, libconsensus_flags, NULL) == expect,message);
180 }
181 }
182 #endif
183 }
184
185 void static NegateSignatureS(std::vector<unsigned char>& vchSig) {
186 // Parse the signature.
187 std::vector<unsigned char> r, s;
188 r = std::vector<unsigned char>(vchSig.begin() + 4, vchSig.begin() + 4 + vchSig[3]);
189 s = std::vector<unsigned char>(vchSig.begin() + 6 + vchSig[3], vchSig.begin() + 6 + vchSig[3] + vchSig[5 + vchSig[3]]);
190
191 // Really ugly to implement mod-n negation here, but it would be feature creep to expose such functionality from libsecp256k1.
192 static const unsigned char order[33] = {
193 0x00,
194 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
195 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE,
196 0xBA, 0xAE, 0xDC, 0xE6, 0xAF, 0x48, 0xA0, 0x3B,
197 0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41, 0x41
198 };
199 while (s.size() < 33) {
200 s.insert(s.begin(), 0x00);
201 }
202 int carry = 0;
203 for (int p = 32; p >= 1; p--) {
204 int n = (int)order[p] - s[p] - carry;
205 s[p] = (n + 256) & 0xFF;
206 carry = (n < 0);
207 }
208 assert(carry == 0);
209 if (s.size() > 1 && s[0] == 0 && s[1] < 0x80) {
210 s.erase(s.begin());
211 }
212
213 // Reconstruct the signature.
214 vchSig.clear();
215 vchSig.push_back(0x30);
216 vchSig.push_back(4 + r.size() + s.size());
217 vchSig.push_back(0x02);
218 vchSig.push_back(r.size());
219 vchSig.insert(vchSig.end(), r.begin(), r.end());
220 vchSig.push_back(0x02);
221 vchSig.push_back(s.size());
222 vchSig.insert(vchSig.end(), s.begin(), s.end());
223 }
224
225 namespace
226 {
227 const unsigned char vchKey0[32] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1};
228 const unsigned char vchKey1[32] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0};
229 const unsigned char vchKey2[32] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0};
230
231 struct KeyData
232 {
233 CKey key0, key0C, key1, key1C, key2, key2C;
234 CPubKey pubkey0, pubkey0C, pubkey0H;
235 CPubKey pubkey1, pubkey1C;
236 CPubKey pubkey2, pubkey2C;
237
238 KeyData()
239 {
240
241 key0.Set(vchKey0, vchKey0 + 32, false);
242 key0C.Set(vchKey0, vchKey0 + 32, true);
243 pubkey0 = key0.GetPubKey();
244 pubkey0H = key0.GetPubKey();
245 pubkey0C = key0C.GetPubKey();
246 *const_cast<unsigned char*>(&pubkey0H[0]) = 0x06 | (pubkey0H[64] & 1);
247
248 key1.Set(vchKey1, vchKey1 + 32, false);
249 key1C.Set(vchKey1, vchKey1 + 32, true);
250 pubkey1 = key1.GetPubKey();
251 pubkey1C = key1C.GetPubKey();
252
253 key2.Set(vchKey2, vchKey2 + 32, false);
254 key2C.Set(vchKey2, vchKey2 + 32, true);
255 pubkey2 = key2.GetPubKey();
256 pubkey2C = key2C.GetPubKey();
257 }
258 };
259
260 enum WitnessMode {
261 WITNESS_NONE,
262 WITNESS_PKH,
263 WITNESS_SH
264 };
265
266 class TestBuilder
267 {
268 private:
269 //! Actually executed script
270 CScript script;
271 //! The P2SH redeemscript
272 CScript redeemscript;
273 //! The Witness embedded script
274 CScript witscript;
275 CScriptWitness scriptWitness;
276 CTransactionRef creditTx;
277 CMutableTransaction spendTx;
278 bool havePush;
279 std::vector<unsigned char> push;
280 std::string comment;
281 int flags;
282 int scriptError;
283 CAmount nValue;
284
285 void DoPush()
286 {
287 if (havePush) {
288 spendTx.vin[0].scriptSig << push;
289 havePush = false;
290 }
291 }
292
293 void DoPush(const std::vector<unsigned char>& data)
294 {
295 DoPush();
296 push = data;
297 havePush = true;
298 }
299
300 public:
301 TestBuilder(const CScript& script_, const std::string& comment_, int flags_, bool P2SH = false, WitnessMode wm = WITNESS_NONE, int witnessversion = 0, CAmount nValue_ = 0) : script(script_), havePush(false), comment(comment_), flags(flags_), scriptError(SCRIPT_ERR_OK), nValue(nValue_)
302 {
303 CScript scriptPubKey = script;
304 if (wm == WITNESS_PKH) {
305 uint160 hash;
306 CHash160().Write(&script[1], script.size() - 1).Finalize(hash.begin());
307 script = CScript() << OP_DUP << OP_HASH160 << ToByteVector(hash) << OP_EQUALVERIFY << OP_CHECKSIG;
308 scriptPubKey = CScript() << witnessversion << ToByteVector(hash);
309 } else if (wm == WITNESS_SH) {
310 witscript = scriptPubKey;
311 uint256 hash;
312 CSHA256().Write(&witscript[0], witscript.size()).Finalize(hash.begin());
313 scriptPubKey = CScript() << witnessversion << ToByteVector(hash);
314 }
315 if (P2SH) {
316 redeemscript = scriptPubKey;
317 scriptPubKey = CScript() << OP_HASH160 << ToByteVector(CScriptID(redeemscript)) << OP_EQUAL;
318 }
319 creditTx = MakeTransactionRef(BuildCreditingTransaction(scriptPubKey, nValue));
320 spendTx = BuildSpendingTransaction(CScript(), CScriptWitness(), *creditTx);
321 }
322
323 TestBuilder& ScriptError(ScriptError_t err)
324 {
325 scriptError = err;
326 return *this;
327 }
328
329 TestBuilder& Add(const CScript& _script)
330 {
331 DoPush();
332 spendTx.vin[0].scriptSig += _script;
333 return *this;
334 }
335
336 TestBuilder& Num(int num)
337 {
338 DoPush();
339 spendTx.vin[0].scriptSig << num;
340 return *this;
341 }
342
343 TestBuilder& Push(const std::string& hex)
344 {
345 DoPush(ParseHex(hex));
346 return *this;
347 }
348
349 TestBuilder& Push(const CScript& _script) {
350 DoPush(std::vector<unsigned char>(_script.begin(), _script.end()));
351 return *this;
352 }
353
354 TestBuilder& PushSig(const CKey& key, int nHashType = SIGHASH_ALL, unsigned int lenR = 32, unsigned int lenS = 32, SigVersion sigversion = SIGVERSION_BASE, CAmount amount = 0)
355 {
356 uint256 hash = SignatureHash(script, spendTx, 0, nHashType, amount, sigversion);
357 std::vector<unsigned char> vchSig, r, s;
358 uint32_t iter = 0;
359 do {
360 key.Sign(hash, vchSig, iter++);
361 if ((lenS == 33) != (vchSig[5 + vchSig[3]] == 33)) {
362 NegateSignatureS(vchSig);
363 }
364 r = std::vector<unsigned char>(vchSig.begin() + 4, vchSig.begin() + 4 + vchSig[3]);
365 s = std::vector<unsigned char>(vchSig.begin() + 6 + vchSig[3], vchSig.begin() + 6 + vchSig[3] + vchSig[5 + vchSig[3]]);
366 } while (lenR != r.size() || lenS != s.size());
367 vchSig.push_back(static_cast<unsigned char>(nHashType));
368 DoPush(vchSig);
369 return *this;
370 }
371
372 TestBuilder& PushWitSig(const CKey& key, CAmount amount = -1, int nHashType = SIGHASH_ALL, unsigned int lenR = 32, unsigned int lenS = 32, SigVersion sigversion = SIGVERSION_WITNESS_V0)
373 {
374 if (amount == -1)
375 amount = nValue;
376 return PushSig(key, nHashType, lenR, lenS, sigversion, amount).AsWit();
377 }
378
379 TestBuilder& Push(const CPubKey& pubkey)
380 {
381 DoPush(std::vector<unsigned char>(pubkey.begin(), pubkey.end()));
382 return *this;
383 }
384
385 TestBuilder& PushRedeem()
386 {
387 DoPush(std::vector<unsigned char>(redeemscript.begin(), redeemscript.end()));
388 return *this;
389 }
390
391 TestBuilder& PushWitRedeem()
392 {
393 DoPush(std::vector<unsigned char>(witscript.begin(), witscript.end()));
394 return AsWit();
395 }
396
397 TestBuilder& EditPush(unsigned int pos, const std::string& hexin, const std::string& hexout)
398 {
399 assert(havePush);
400 std::vector<unsigned char> datain = ParseHex(hexin);
401 std::vector<unsigned char> dataout = ParseHex(hexout);
402 assert(pos + datain.size() <= push.size());
403 BOOST_CHECK_MESSAGE(std::vector<unsigned char>(push.begin() + pos, push.begin() + pos + datain.size()) == datain, comment);
404 push.erase(push.begin() + pos, push.begin() + pos + datain.size());
405 push.insert(push.begin() + pos, dataout.begin(), dataout.end());
406 return *this;
407 }
408
409 TestBuilder& DamagePush(unsigned int pos)
410 {
411 assert(havePush);
412 assert(pos < push.size());
413 push[pos] ^= 1;
414 return *this;
415 }
416
417 TestBuilder& Test()
418 {
419 TestBuilder copy = *this; // Make a copy so we can rollback the push.
420 DoPush();
421 DoTest(creditTx->vout[0].scriptPubKey, spendTx.vin[0].scriptSig, scriptWitness, flags, comment, scriptError, nValue);
422 *this = copy;
423 return *this;
424 }
425
426 TestBuilder& AsWit()
427 {
428 assert(havePush);
429 scriptWitness.stack.push_back(push);
430 havePush = false;
431 return *this;
432 }
433
434 UniValue GetJSON()
435 {
436 DoPush();
437 UniValue array(UniValue::VARR);
438 if (!scriptWitness.stack.empty()) {
439 UniValue wit(UniValue::VARR);
440 for (unsigned i = 0; i < scriptWitness.stack.size(); i++) {
441 wit.push_back(HexStr(scriptWitness.stack[i]));
442 }
443 wit.push_back(ValueFromAmount(nValue));
444 array.push_back(wit);
445 }
446 array.push_back(FormatScript(spendTx.vin[0].scriptSig));
447 array.push_back(FormatScript(creditTx->vout[0].scriptPubKey));
448 array.push_back(FormatScriptFlags(flags));
449 array.push_back(FormatScriptError((ScriptError_t)scriptError));
450 array.push_back(comment);
451 return array;
452 }
453
454 std::string GetComment()
455 {
456 return comment;
457 }
458 };
459
460 std::string JSONPrettyPrint(const UniValue& univalue)
461 {
462 std::string ret = univalue.write(4);
463 // Workaround for libunivalue pretty printer, which puts a space between commas and newlines
464 size_t pos = 0;
465 while ((pos = ret.find(" \n", pos)) != std::string::npos) {
466 ret.replace(pos, 2, "\n");
467 pos++;
468 }
469 return ret;
470 }
471 }
472
473 BOOST_AUTO_TEST_CASE(script_build)
474 {
475 const KeyData keys;
476
477 std::vector<TestBuilder> tests;
478
479 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
480 "P2PK", 0
481 ).PushSig(keys.key0));
482 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
483 "P2PK, bad sig", 0
484 ).PushSig(keys.key0).DamagePush(10).ScriptError(SCRIPT_ERR_EVAL_FALSE));
485
486 tests.push_back(TestBuilder(CScript() << OP_DUP << OP_HASH160 << ToByteVector(keys.pubkey1C.GetID()) << OP_EQUALVERIFY << OP_CHECKSIG,
487 "P2PKH", 0
488 ).PushSig(keys.key1).Push(keys.pubkey1C));
489 tests.push_back(TestBuilder(CScript() << OP_DUP << OP_HASH160 << ToByteVector(keys.pubkey2C.GetID()) << OP_EQUALVERIFY << OP_CHECKSIG,
490 "P2PKH, bad pubkey", 0
491 ).PushSig(keys.key2).Push(keys.pubkey2C).DamagePush(5).ScriptError(SCRIPT_ERR_EQUALVERIFY));
492
493 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG,
494 "P2PK anyonecanpay", 0
495 ).PushSig(keys.key1, SIGHASH_ALL | SIGHASH_ANYONECANPAY));
496 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG,
497 "P2PK anyonecanpay marked with normal hashtype", 0
498 ).PushSig(keys.key1, SIGHASH_ALL | SIGHASH_ANYONECANPAY).EditPush(70, "81", "01").ScriptError(SCRIPT_ERR_EVAL_FALSE));
499
500 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0C) << OP_CHECKSIG,
501 "P2SH(P2PK)", SCRIPT_VERIFY_P2SH, true
502 ).PushSig(keys.key0).PushRedeem());
503 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0C) << OP_CHECKSIG,
504 "P2SH(P2PK), bad redeemscript", SCRIPT_VERIFY_P2SH, true
505 ).PushSig(keys.key0).PushRedeem().DamagePush(10).ScriptError(SCRIPT_ERR_EVAL_FALSE));
506
507 tests.push_back(TestBuilder(CScript() << OP_DUP << OP_HASH160 << ToByteVector(keys.pubkey0.GetID()) << OP_EQUALVERIFY << OP_CHECKSIG,
508 "P2SH(P2PKH)", SCRIPT_VERIFY_P2SH, true
509 ).PushSig(keys.key0).Push(keys.pubkey0).PushRedeem());
510 tests.push_back(TestBuilder(CScript() << OP_DUP << OP_HASH160 << ToByteVector(keys.pubkey1.GetID()) << OP_EQUALVERIFY << OP_CHECKSIG,
511 "P2SH(P2PKH), bad sig but no VERIFY_P2SH", 0, true
512 ).PushSig(keys.key0).DamagePush(10).PushRedeem());
513 tests.push_back(TestBuilder(CScript() << OP_DUP << OP_HASH160 << ToByteVector(keys.pubkey1.GetID()) << OP_EQUALVERIFY << OP_CHECKSIG,
514 "P2SH(P2PKH), bad sig", SCRIPT_VERIFY_P2SH, true
515 ).PushSig(keys.key0).DamagePush(10).PushRedeem().ScriptError(SCRIPT_ERR_EQUALVERIFY));
516
517 tests.push_back(TestBuilder(CScript() << OP_3 << ToByteVector(keys.pubkey0C) << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_3 << OP_CHECKMULTISIG,
518 "3-of-3", 0
519 ).Num(0).PushSig(keys.key0).PushSig(keys.key1).PushSig(keys.key2));
520 tests.push_back(TestBuilder(CScript() << OP_3 << ToByteVector(keys.pubkey0C) << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_3 << OP_CHECKMULTISIG,
521 "3-of-3, 2 sigs", 0
522 ).Num(0).PushSig(keys.key0).PushSig(keys.key1).Num(0).ScriptError(SCRIPT_ERR_EVAL_FALSE));
523
524 tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey0C) << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_3 << OP_CHECKMULTISIG,
525 "P2SH(2-of-3)", SCRIPT_VERIFY_P2SH, true
526 ).Num(0).PushSig(keys.key1).PushSig(keys.key2).PushRedeem());
527 tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey0C) << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_3 << OP_CHECKMULTISIG,
528 "P2SH(2-of-3), 1 sig", SCRIPT_VERIFY_P2SH, true
529 ).Num(0).PushSig(keys.key1).Num(0).PushRedeem().ScriptError(SCRIPT_ERR_EVAL_FALSE));
530
531 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
532 "P2PK with too much R padding but no DERSIG", 0
533 ).PushSig(keys.key1, SIGHASH_ALL, 31, 32).EditPush(1, "43021F", "44022000"));
534 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
535 "P2PK with too much R padding", SCRIPT_VERIFY_DERSIG
536 ).PushSig(keys.key1, SIGHASH_ALL, 31, 32).EditPush(1, "43021F", "44022000").ScriptError(SCRIPT_ERR_SIG_DER));
537 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
538 "P2PK with too much S padding but no DERSIG", 0
539 ).PushSig(keys.key1, SIGHASH_ALL).EditPush(1, "44", "45").EditPush(37, "20", "2100"));
540 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
541 "P2PK with too much S padding", SCRIPT_VERIFY_DERSIG
542 ).PushSig(keys.key1, SIGHASH_ALL).EditPush(1, "44", "45").EditPush(37, "20", "2100").ScriptError(SCRIPT_ERR_SIG_DER));
543 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
544 "P2PK with too little R padding but no DERSIG", 0
545 ).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220"));
546 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
547 "P2PK with too little R padding", SCRIPT_VERIFY_DERSIG
548 ).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").ScriptError(SCRIPT_ERR_SIG_DER));
549 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG << OP_NOT,
550 "P2PK NOT with bad sig with too much R padding but no DERSIG", 0
551 ).PushSig(keys.key2, SIGHASH_ALL, 31, 32).EditPush(1, "43021F", "44022000").DamagePush(10));
552 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG << OP_NOT,
553 "P2PK NOT with bad sig with too much R padding", SCRIPT_VERIFY_DERSIG
554 ).PushSig(keys.key2, SIGHASH_ALL, 31, 32).EditPush(1, "43021F", "44022000").DamagePush(10).ScriptError(SCRIPT_ERR_SIG_DER));
555 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG << OP_NOT,
556 "P2PK NOT with too much R padding but no DERSIG", 0
557 ).PushSig(keys.key2, SIGHASH_ALL, 31, 32).EditPush(1, "43021F", "44022000").ScriptError(SCRIPT_ERR_EVAL_FALSE));
558 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG << OP_NOT,
559 "P2PK NOT with too much R padding", SCRIPT_VERIFY_DERSIG
560 ).PushSig(keys.key2, SIGHASH_ALL, 31, 32).EditPush(1, "43021F", "44022000").ScriptError(SCRIPT_ERR_SIG_DER));
561
562 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
563 "BIP66 example 1, without DERSIG", 0
564 ).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220"));
565 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
566 "BIP66 example 1, with DERSIG", SCRIPT_VERIFY_DERSIG
567 ).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").ScriptError(SCRIPT_ERR_SIG_DER));
568 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG << OP_NOT,
569 "BIP66 example 2, without DERSIG", 0
570 ).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").ScriptError(SCRIPT_ERR_EVAL_FALSE));
571 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG << OP_NOT,
572 "BIP66 example 2, with DERSIG", SCRIPT_VERIFY_DERSIG
573 ).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").ScriptError(SCRIPT_ERR_SIG_DER));
574 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
575 "BIP66 example 3, without DERSIG", 0
576 ).Num(0).ScriptError(SCRIPT_ERR_EVAL_FALSE));
577 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
578 "BIP66 example 3, with DERSIG", SCRIPT_VERIFY_DERSIG
579 ).Num(0).ScriptError(SCRIPT_ERR_EVAL_FALSE));
580 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG << OP_NOT,
581 "BIP66 example 4, without DERSIG", 0
582 ).Num(0));
583 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG << OP_NOT,
584 "BIP66 example 4, with DERSIG", SCRIPT_VERIFY_DERSIG
585 ).Num(0));
586 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
587 "BIP66 example 5, without DERSIG", 0
588 ).Num(1).ScriptError(SCRIPT_ERR_EVAL_FALSE));
589 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
590 "BIP66 example 5, with DERSIG", SCRIPT_VERIFY_DERSIG
591 ).Num(1).ScriptError(SCRIPT_ERR_SIG_DER));
592 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG << OP_NOT,
593 "BIP66 example 6, without DERSIG", 0
594 ).Num(1));
595 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG << OP_NOT,
596 "BIP66 example 6, with DERSIG", SCRIPT_VERIFY_DERSIG
597 ).Num(1).ScriptError(SCRIPT_ERR_SIG_DER));
598 tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG,
599 "BIP66 example 7, without DERSIG", 0
600 ).Num(0).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").PushSig(keys.key2));
601 tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG,
602 "BIP66 example 7, with DERSIG", SCRIPT_VERIFY_DERSIG
603 ).Num(0).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").PushSig(keys.key2).ScriptError(SCRIPT_ERR_SIG_DER));
604 tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG << OP_NOT,
605 "BIP66 example 8, without DERSIG", 0
606 ).Num(0).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").PushSig(keys.key2).ScriptError(SCRIPT_ERR_EVAL_FALSE));
607 tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG << OP_NOT,
608 "BIP66 example 8, with DERSIG", SCRIPT_VERIFY_DERSIG
609 ).Num(0).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").PushSig(keys.key2).ScriptError(SCRIPT_ERR_SIG_DER));
610 tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG,
611 "BIP66 example 9, without DERSIG", 0
612 ).Num(0).Num(0).PushSig(keys.key2, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").ScriptError(SCRIPT_ERR_EVAL_FALSE));
613 tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG,
614 "BIP66 example 9, with DERSIG", SCRIPT_VERIFY_DERSIG
615 ).Num(0).Num(0).PushSig(keys.key2, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").ScriptError(SCRIPT_ERR_SIG_DER));
616 tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG << OP_NOT,
617 "BIP66 example 10, without DERSIG", 0
618 ).Num(0).Num(0).PushSig(keys.key2, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220"));
619 tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG << OP_NOT,
620 "BIP66 example 10, with DERSIG", SCRIPT_VERIFY_DERSIG
621 ).Num(0).Num(0).PushSig(keys.key2, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").ScriptError(SCRIPT_ERR_SIG_DER));
622 tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG,
623 "BIP66 example 11, without DERSIG", 0
624 ).Num(0).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").Num(0).ScriptError(SCRIPT_ERR_EVAL_FALSE));
625 tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG,
626 "BIP66 example 11, with DERSIG", SCRIPT_VERIFY_DERSIG
627 ).Num(0).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").Num(0).ScriptError(SCRIPT_ERR_EVAL_FALSE));
628 tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG << OP_NOT,
629 "BIP66 example 12, without DERSIG", 0
630 ).Num(0).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").Num(0));
631 tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG << OP_NOT,
632 "BIP66 example 12, with DERSIG", SCRIPT_VERIFY_DERSIG
633 ).Num(0).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").Num(0));
634 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG,
635 "P2PK with multi-byte hashtype, without DERSIG", 0
636 ).PushSig(keys.key2, SIGHASH_ALL).EditPush(70, "01", "0101"));
637 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG,
638 "P2PK with multi-byte hashtype, with DERSIG", SCRIPT_VERIFY_DERSIG
639 ).PushSig(keys.key2, SIGHASH_ALL).EditPush(70, "01", "0101").ScriptError(SCRIPT_ERR_SIG_DER));
640
641 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG,
642 "P2PK with high S but no LOW_S", 0
643 ).PushSig(keys.key2, SIGHASH_ALL, 32, 33));
644 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG,
645 "P2PK with high S", SCRIPT_VERIFY_LOW_S
646 ).PushSig(keys.key2, SIGHASH_ALL, 32, 33).ScriptError(SCRIPT_ERR_SIG_HIGH_S));
647
648 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0H) << OP_CHECKSIG,
649 "P2PK with hybrid pubkey but no STRICTENC", 0
650 ).PushSig(keys.key0, SIGHASH_ALL));
651 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0H) << OP_CHECKSIG,
652 "P2PK with hybrid pubkey", SCRIPT_VERIFY_STRICTENC
653 ).PushSig(keys.key0, SIGHASH_ALL).ScriptError(SCRIPT_ERR_PUBKEYTYPE));
654 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0H) << OP_CHECKSIG << OP_NOT,
655 "P2PK NOT with hybrid pubkey but no STRICTENC", 0
656 ).PushSig(keys.key0, SIGHASH_ALL).ScriptError(SCRIPT_ERR_EVAL_FALSE));
657 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0H) << OP_CHECKSIG << OP_NOT,
658 "P2PK NOT with hybrid pubkey", SCRIPT_VERIFY_STRICTENC
659 ).PushSig(keys.key0, SIGHASH_ALL).ScriptError(SCRIPT_ERR_PUBKEYTYPE));
660 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0H) << OP_CHECKSIG << OP_NOT,
661 "P2PK NOT with invalid hybrid pubkey but no STRICTENC", 0
662 ).PushSig(keys.key0, SIGHASH_ALL).DamagePush(10));
663 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0H) << OP_CHECKSIG << OP_NOT,
664 "P2PK NOT with invalid hybrid pubkey", SCRIPT_VERIFY_STRICTENC
665 ).PushSig(keys.key0, SIGHASH_ALL).DamagePush(10).ScriptError(SCRIPT_ERR_PUBKEYTYPE));
666 tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey0H) << ToByteVector(keys.pubkey1C) << OP_2 << OP_CHECKMULTISIG,
667 "1-of-2 with the second 1 hybrid pubkey and no STRICTENC", 0
668 ).Num(0).PushSig(keys.key1, SIGHASH_ALL));
669 tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey0H) << ToByteVector(keys.pubkey1C) << OP_2 << OP_CHECKMULTISIG,
670 "1-of-2 with the second 1 hybrid pubkey", SCRIPT_VERIFY_STRICTENC
671 ).Num(0).PushSig(keys.key1, SIGHASH_ALL));
672 tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey0H) << OP_2 << OP_CHECKMULTISIG,
673 "1-of-2 with the first 1 hybrid pubkey", SCRIPT_VERIFY_STRICTENC
674 ).Num(0).PushSig(keys.key1, SIGHASH_ALL).ScriptError(SCRIPT_ERR_PUBKEYTYPE));
675
676 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG,
677 "P2PK with undefined hashtype but no STRICTENC", 0
678 ).PushSig(keys.key1, 5));
679 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG,
680 "P2PK with undefined hashtype", SCRIPT_VERIFY_STRICTENC
681 ).PushSig(keys.key1, 5).ScriptError(SCRIPT_ERR_SIG_HASHTYPE));
682 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG << OP_NOT,
683 "P2PK NOT with invalid sig and undefined hashtype but no STRICTENC", 0
684 ).PushSig(keys.key1, 5).DamagePush(10));
685 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG << OP_NOT,
686 "P2PK NOT with invalid sig and undefined hashtype", SCRIPT_VERIFY_STRICTENC
687 ).PushSig(keys.key1, 5).DamagePush(10).ScriptError(SCRIPT_ERR_SIG_HASHTYPE));
688
689 tests.push_back(TestBuilder(CScript() << OP_3 << ToByteVector(keys.pubkey0C) << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_3 << OP_CHECKMULTISIG,
690 "3-of-3 with nonzero dummy but no NULLDUMMY", 0
691 ).Num(1).PushSig(keys.key0).PushSig(keys.key1).PushSig(keys.key2));
692 tests.push_back(TestBuilder(CScript() << OP_3 << ToByteVector(keys.pubkey0C) << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_3 << OP_CHECKMULTISIG,
693 "3-of-3 with nonzero dummy", SCRIPT_VERIFY_NULLDUMMY
694 ).Num(1).PushSig(keys.key0).PushSig(keys.key1).PushSig(keys.key2).ScriptError(SCRIPT_ERR_SIG_NULLDUMMY));
695 tests.push_back(TestBuilder(CScript() << OP_3 << ToByteVector(keys.pubkey0C) << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_3 << OP_CHECKMULTISIG << OP_NOT,
696 "3-of-3 NOT with invalid sig and nonzero dummy but no NULLDUMMY", 0
697 ).Num(1).PushSig(keys.key0).PushSig(keys.key1).PushSig(keys.key2).DamagePush(10));
698 tests.push_back(TestBuilder(CScript() << OP_3 << ToByteVector(keys.pubkey0C) << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_3 << OP_CHECKMULTISIG << OP_NOT,
699 "3-of-3 NOT with invalid sig with nonzero dummy", SCRIPT_VERIFY_NULLDUMMY
700 ).Num(1).PushSig(keys.key0).PushSig(keys.key1).PushSig(keys.key2).DamagePush(10).ScriptError(SCRIPT_ERR_SIG_NULLDUMMY));
701
702 tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey1C) << OP_2 << OP_CHECKMULTISIG,
703 "2-of-2 with two identical keys and sigs pushed using OP_DUP but no SIGPUSHONLY", 0
704 ).Num(0).PushSig(keys.key1).Add(CScript() << OP_DUP));
705 tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey1C) << OP_2 << OP_CHECKMULTISIG,
706 "2-of-2 with two identical keys and sigs pushed using OP_DUP", SCRIPT_VERIFY_SIGPUSHONLY
707 ).Num(0).PushSig(keys.key1).Add(CScript() << OP_DUP).ScriptError(SCRIPT_ERR_SIG_PUSHONLY));
708 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG,
709 "P2SH(P2PK) with non-push scriptSig but no P2SH or SIGPUSHONLY", 0, true
710 ).PushSig(keys.key2).Add(CScript() << OP_NOP8).PushRedeem());
711 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG,
712 "P2PK with non-push scriptSig but with P2SH validation", 0
713 ).PushSig(keys.key2).Add(CScript() << OP_NOP8));
714 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG,
715 "P2SH(P2PK) with non-push scriptSig but no SIGPUSHONLY", SCRIPT_VERIFY_P2SH, true
716 ).PushSig(keys.key2).Add(CScript() << OP_NOP8).PushRedeem().ScriptError(SCRIPT_ERR_SIG_PUSHONLY));
717 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG,
718 "P2SH(P2PK) with non-push scriptSig but not P2SH", SCRIPT_VERIFY_SIGPUSHONLY, true
719 ).PushSig(keys.key2).Add(CScript() << OP_NOP8).PushRedeem().ScriptError(SCRIPT_ERR_SIG_PUSHONLY));
720 tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey1C) << OP_2 << OP_CHECKMULTISIG,
721 "2-of-2 with two identical keys and sigs pushed", SCRIPT_VERIFY_SIGPUSHONLY
722 ).Num(0).PushSig(keys.key1).PushSig(keys.key1));
723 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
724 "P2PK with unnecessary input but no CLEANSTACK", SCRIPT_VERIFY_P2SH
725 ).Num(11).PushSig(keys.key0));
726 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
727 "P2PK with unnecessary input", SCRIPT_VERIFY_CLEANSTACK | SCRIPT_VERIFY_P2SH
728 ).Num(11).PushSig(keys.key0).ScriptError(SCRIPT_ERR_CLEANSTACK));
729 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
730 "P2SH with unnecessary input but no CLEANSTACK", SCRIPT_VERIFY_P2SH, true
731 ).Num(11).PushSig(keys.key0).PushRedeem());
732 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
733 "P2SH with unnecessary input", SCRIPT_VERIFY_CLEANSTACK | SCRIPT_VERIFY_P2SH, true
734 ).Num(11).PushSig(keys.key0).PushRedeem().ScriptError(SCRIPT_ERR_CLEANSTACK));
735 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
736 "P2SH with CLEANSTACK", SCRIPT_VERIFY_CLEANSTACK | SCRIPT_VERIFY_P2SH, true
737 ).PushSig(keys.key0).PushRedeem());
738
739 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
740 "Basic P2WSH", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false, WITNESS_SH,
741 0, 1).PushWitSig(keys.key0).PushWitRedeem());
742 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0),
743 "Basic P2WPKH", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false, WITNESS_PKH,
744 0, 1).PushWitSig(keys.key0).Push(keys.pubkey0).AsWit());
745 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
746 "Basic P2SH(P2WSH)", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, true, WITNESS_SH,
747 0, 1).PushWitSig(keys.key0).PushWitRedeem().PushRedeem());
748 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0),
749 "Basic P2SH(P2WPKH)", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, true, WITNESS_PKH,
750 0, 1).PushWitSig(keys.key0).Push(keys.pubkey0).AsWit().PushRedeem());
751 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG,
752 "Basic P2WSH with the wrong key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false, WITNESS_SH
753 ).PushWitSig(keys.key0).PushWitRedeem().ScriptError(SCRIPT_ERR_EVAL_FALSE));
754 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1),
755 "Basic P2WPKH with the wrong key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false, WITNESS_PKH
756 ).PushWitSig(keys.key0).Push(keys.pubkey1).AsWit().ScriptError(SCRIPT_ERR_EVAL_FALSE));
757 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG,
758 "Basic P2SH(P2WSH) with the wrong key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, true, WITNESS_SH
759 ).PushWitSig(keys.key0).PushWitRedeem().PushRedeem().ScriptError(SCRIPT_ERR_EVAL_FALSE));
760 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1),
761 "Basic P2SH(P2WPKH) with the wrong key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, true, WITNESS_PKH
762 ).PushWitSig(keys.key0).Push(keys.pubkey1).AsWit().PushRedeem().ScriptError(SCRIPT_ERR_EVAL_FALSE));
763 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG,
764 "Basic P2WSH with the wrong key but no WITNESS", SCRIPT_VERIFY_P2SH, false, WITNESS_SH
765 ).PushWitSig(keys.key0).PushWitRedeem());
766 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1),
767 "Basic P2WPKH with the wrong key but no WITNESS", SCRIPT_VERIFY_P2SH, false, WITNESS_PKH
768 ).PushWitSig(keys.key0).Push(keys.pubkey1).AsWit());
769 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG,
770 "Basic P2SH(P2WSH) with the wrong key but no WITNESS", SCRIPT_VERIFY_P2SH, true, WITNESS_SH
771 ).PushWitSig(keys.key0).PushWitRedeem().PushRedeem());
772 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1),
773 "Basic P2SH(P2WPKH) with the wrong key but no WITNESS", SCRIPT_VERIFY_P2SH, true, WITNESS_PKH
774 ).PushWitSig(keys.key0).Push(keys.pubkey1).AsWit().PushRedeem());
775 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
776 "Basic P2WSH with wrong value", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false, WITNESS_SH,
777 0, 0).PushWitSig(keys.key0, 1).PushWitRedeem().ScriptError(SCRIPT_ERR_EVAL_FALSE));
778 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0),
779 "Basic P2WPKH with wrong value", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false, WITNESS_PKH,
780 0, 0).PushWitSig(keys.key0, 1).Push(keys.pubkey0).AsWit().ScriptError(SCRIPT_ERR_EVAL_FALSE));
781 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
782 "Basic P2SH(P2WSH) with wrong value", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, true, WITNESS_SH,
783 0, 0).PushWitSig(keys.key0, 1).PushWitRedeem().PushRedeem().ScriptError(SCRIPT_ERR_EVAL_FALSE));
784 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0),
785 "Basic P2SH(P2WPKH) with wrong value", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, true, WITNESS_PKH,
786 0, 0).PushWitSig(keys.key0, 1).Push(keys.pubkey0).AsWit().PushRedeem().ScriptError(SCRIPT_ERR_EVAL_FALSE));
787
788 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0),
789 "P2WPKH with future witness version", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH |
790 SCRIPT_VERIFY_DISCOURAGE_UPGRADABLE_WITNESS_PROGRAM, false, WITNESS_PKH, 1
791 ).PushWitSig(keys.key0).Push(keys.pubkey0).AsWit().ScriptError(SCRIPT_ERR_DISCOURAGE_UPGRADABLE_WITNESS_PROGRAM));
792 {
793 CScript witscript = CScript() << ToByteVector(keys.pubkey0);
794 uint256 hash;
795 CSHA256().Write(&witscript[0], witscript.size()).Finalize(hash.begin());
796 std::vector<unsigned char> hashBytes = ToByteVector(hash);
797 hashBytes.pop_back();
798 tests.push_back(TestBuilder(CScript() << OP_0 << hashBytes,
799 "P2WPKH with wrong witness program length", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false
800 ).PushWitSig(keys.key0).Push(keys.pubkey0).AsWit().ScriptError(SCRIPT_ERR_WITNESS_PROGRAM_WRONG_LENGTH));
801 }
802 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
803 "P2WSH with empty witness", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false, WITNESS_SH
804 ).ScriptError(SCRIPT_ERR_WITNESS_PROGRAM_WITNESS_EMPTY));
805 {
806 CScript witscript = CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG;
807 tests.push_back(TestBuilder(witscript,
808 "P2WSH with witness program mismatch", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false, WITNESS_SH
809 ).PushWitSig(keys.key0).Push(witscript).DamagePush(0).AsWit().ScriptError(SCRIPT_ERR_WITNESS_PROGRAM_MISMATCH));
810 }
811 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0),
812 "P2WPKH with witness program mismatch", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false, WITNESS_PKH
813 ).PushWitSig(keys.key0).Push(keys.pubkey0).AsWit().Push("0").AsWit().ScriptError(SCRIPT_ERR_WITNESS_PROGRAM_MISMATCH));
814 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0),
815 "P2WPKH with non-empty scriptSig", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false, WITNESS_PKH
816 ).PushWitSig(keys.key0).Push(keys.pubkey0).AsWit().Num(11).ScriptError(SCRIPT_ERR_WITNESS_MALLEATED));
817 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1),
818 "P2SH(P2WPKH) with superfluous push in scriptSig", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, true, WITNESS_PKH
819 ).PushWitSig(keys.key0).Push(keys.pubkey1).AsWit().Num(11).PushRedeem().ScriptError(SCRIPT_ERR_WITNESS_MALLEATED_P2SH));
820 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
821 "P2PK with witness", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH
822 ).PushSig(keys.key0).Push("0").AsWit().ScriptError(SCRIPT_ERR_WITNESS_UNEXPECTED));
823
824 // Compressed keys should pass SCRIPT_VERIFY_WITNESS_PUBKEYTYPE
825 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0C) << OP_CHECKSIG,
826 "Basic P2WSH with compressed key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, false, WITNESS_SH,
827 0, 1).PushWitSig(keys.key0C).PushWitRedeem());
828 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0C),
829 "Basic P2WPKH with compressed key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, false, WITNESS_PKH,
830 0, 1).PushWitSig(keys.key0C).Push(keys.pubkey0C).AsWit());
831 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0C) << OP_CHECKSIG,
832 "Basic P2SH(P2WSH) with compressed key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, true, WITNESS_SH,
833 0, 1).PushWitSig(keys.key0C).PushWitRedeem().PushRedeem());
834 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0C),
835 "Basic P2SH(P2WPKH) with compressed key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, true, WITNESS_PKH,
836 0, 1).PushWitSig(keys.key0C).Push(keys.pubkey0C).AsWit().PushRedeem());
837
838 // Testing uncompressed key in witness with SCRIPT_VERIFY_WITNESS_PUBKEYTYPE
839 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
840 "Basic P2WSH", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, false, WITNESS_SH,
841 0, 1).PushWitSig(keys.key0).PushWitRedeem().ScriptError(SCRIPT_ERR_WITNESS_PUBKEYTYPE));
842 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0),
843 "Basic P2WPKH", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, false, WITNESS_PKH,
844 0, 1).PushWitSig(keys.key0).Push(keys.pubkey0).AsWit().ScriptError(SCRIPT_ERR_WITNESS_PUBKEYTYPE));
845 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
846 "Basic P2SH(P2WSH)", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, true, WITNESS_SH,
847 0, 1).PushWitSig(keys.key0).PushWitRedeem().PushRedeem().ScriptError(SCRIPT_ERR_WITNESS_PUBKEYTYPE));
848 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0),
849 "Basic P2SH(P2WPKH)", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, true, WITNESS_PKH,
850 0, 1).PushWitSig(keys.key0).Push(keys.pubkey0).AsWit().PushRedeem().ScriptError(SCRIPT_ERR_WITNESS_PUBKEYTYPE));
851
852 // P2WSH 1-of-2 multisig with compressed keys
853 tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey0C) << OP_2 << OP_CHECKMULTISIG,
854 "P2WSH CHECKMULTISIG with compressed keys", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, false, WITNESS_SH,
855 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key0C).PushWitRedeem());
856 tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey0C) << OP_2 << OP_CHECKMULTISIG,
857 "P2SH(P2WSH) CHECKMULTISIG with compressed keys", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, true, WITNESS_SH,
858 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key0C).PushWitRedeem().PushRedeem());
859 tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey0C) << OP_2 << OP_CHECKMULTISIG,
860 "P2WSH CHECKMULTISIG with compressed keys", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, false, WITNESS_SH,
861 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key1C).PushWitRedeem());
862 tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey0C) << OP_2 << OP_CHECKMULTISIG,
863 "P2SH(P2WSH) CHECKMULTISIG with compressed keys", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, true, WITNESS_SH,
864 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key1C).PushWitRedeem().PushRedeem());
865
866 // P2WSH 1-of-2 multisig with first key uncompressed
867 tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey0) << OP_2 << OP_CHECKMULTISIG,
868 "P2WSH CHECKMULTISIG with first key uncompressed and signing with the first key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false, WITNESS_SH,
869 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key0).PushWitRedeem());
870 tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey0) << OP_2 << OP_CHECKMULTISIG,
871 "P2SH(P2WSH) CHECKMULTISIG first key uncompressed and signing with the first key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, true, WITNESS_SH,
872 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key0).PushWitRedeem().PushRedeem());
873 tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey0) << OP_2 << OP_CHECKMULTISIG,
874 "P2WSH CHECKMULTISIG with first key uncompressed and signing with the first key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, false, WITNESS_SH,
875 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key0).PushWitRedeem().ScriptError(SCRIPT_ERR_WITNESS_PUBKEYTYPE));
876 tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey0) << OP_2 << OP_CHECKMULTISIG,
877 "P2SH(P2WSH) CHECKMULTISIG with first key uncompressed and signing with the first key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, true, WITNESS_SH,
878 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key0).PushWitRedeem().PushRedeem().ScriptError(SCRIPT_ERR_WITNESS_PUBKEYTYPE));
879 tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey0) << OP_2 << OP_CHECKMULTISIG,
880 "P2WSH CHECKMULTISIG with first key uncompressed and signing with the second key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false, WITNESS_SH,
881 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key1C).PushWitRedeem());
882 tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey0) << OP_2 << OP_CHECKMULTISIG,
883 "P2SH(P2WSH) CHECKMULTISIG with first key uncompressed and signing with the second key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, true, WITNESS_SH,
884 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key1C).PushWitRedeem().PushRedeem());
885 tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey0) << OP_2 << OP_CHECKMULTISIG,
886 "P2WSH CHECKMULTISIG with first key uncompressed and signing with the second key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, false, WITNESS_SH,
887 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key1C).PushWitRedeem().ScriptError(SCRIPT_ERR_WITNESS_PUBKEYTYPE));
888 tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey0) << OP_2 << OP_CHECKMULTISIG,
889 "P2SH(P2WSH) CHECKMULTISIG with first key uncompressed and signing with the second key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, true, WITNESS_SH,
890 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key1C).PushWitRedeem().PushRedeem().ScriptError(SCRIPT_ERR_WITNESS_PUBKEYTYPE));
891 // P2WSH 1-of-2 multisig with second key uncompressed
892 tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1) << ToByteVector(keys.pubkey0C) << OP_2 << OP_CHECKMULTISIG,
893 "P2WSH CHECKMULTISIG with second key uncompressed and signing with the first key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false, WITNESS_SH,
894 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key0C).PushWitRedeem());
895 tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1) << ToByteVector(keys.pubkey0C) << OP_2 << OP_CHECKMULTISIG,
896 "P2SH(P2WSH) CHECKMULTISIG second key uncompressed and signing with the first key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, true, WITNESS_SH,
897 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key0C).PushWitRedeem().PushRedeem());
898 tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1) << ToByteVector(keys.pubkey0C) << OP_2 << OP_CHECKMULTISIG,
899 "P2WSH CHECKMULTISIG with second key uncompressed and signing with the first key should pass as the uncompressed key is not used", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, false, WITNESS_SH,
900 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key0C).PushWitRedeem());
901 tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1) << ToByteVector(keys.pubkey0C) << OP_2 << OP_CHECKMULTISIG,
902 "P2SH(P2WSH) CHECKMULTISIG with second key uncompressed and signing with the first key should pass as the uncompressed key is not used", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, true, WITNESS_SH,
903 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key0C).PushWitRedeem().PushRedeem());
904 tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1) << ToByteVector(keys.pubkey0C) << OP_2 << OP_CHECKMULTISIG,
905 "P2WSH CHECKMULTISIG with second key uncompressed and signing with the second key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false, WITNESS_SH,
906 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key1).PushWitRedeem());
907 tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1) << ToByteVector(keys.pubkey0C) << OP_2 << OP_CHECKMULTISIG,
908 "P2SH(P2WSH) CHECKMULTISIG with second key uncompressed and signing with the second key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, true, WITNESS_SH,
909 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key1).PushWitRedeem().PushRedeem());
910 tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1) << ToByteVector(keys.pubkey0C) << OP_2 << OP_CHECKMULTISIG,
911 "P2WSH CHECKMULTISIG with second key uncompressed and signing with the second key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, false, WITNESS_SH,
912 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key1).PushWitRedeem().ScriptError(SCRIPT_ERR_WITNESS_PUBKEYTYPE));
913 tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1) << ToByteVector(keys.pubkey0C) << OP_2 << OP_CHECKMULTISIG,
914 "P2SH(P2WSH) CHECKMULTISIG with second key uncompressed and signing with the second key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, true, WITNESS_SH,
915 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key1).PushWitRedeem().PushRedeem().ScriptError(SCRIPT_ERR_WITNESS_PUBKEYTYPE));
916
917 std::set<std::string> tests_set;
918
919 {
920 UniValue json_tests = read_json(std::string(json_tests::script_tests, json_tests::script_tests + sizeof(json_tests::script_tests)));
921
922 for (unsigned int idx = 0; idx < json_tests.size(); idx++) {
923 const UniValue& tv = json_tests[idx];
924 tests_set.insert(JSONPrettyPrint(tv.get_array()));
925 }
926 }
927
928 std::string strGen;
929
930 BOOST_FOREACH(TestBuilder& test, tests) {
931 test.Test();
932 std::string str = JSONPrettyPrint(test.GetJSON());
933 #ifndef UPDATE_JSON_TESTS
934 if (tests_set.count(str) == 0) {
935 BOOST_CHECK_MESSAGE(false, "Missing auto script_valid test: " + test.GetComment());
936 }
937 #endif
938 strGen += str + ",\n";
939 }
940
941 #ifdef UPDATE_JSON_TESTS
942 FILE* file = fopen("script_tests.json.gen", "w");
943 fputs(strGen.c_str(), file);
944 fclose(file);
945 #endif
946 }
947
948 BOOST_AUTO_TEST_CASE(script_json_test)
949 {
950 // Read tests from test/data/script_tests.json
951 // Format is an array of arrays
952 // Inner arrays are [ ["wit"..., nValue]?, "scriptSig", "scriptPubKey", "flags", "expected_scripterror" ]
953 // ... where scriptSig and scriptPubKey are stringified
954 // scripts.
955 // If a witness is given, then the last value in the array should be the
956 // amount (nValue) to use in the crediting tx
957 UniValue tests = read_json(std::string(json_tests::script_tests, json_tests::script_tests + sizeof(json_tests::script_tests)));
958
959 for (unsigned int idx = 0; idx < tests.size(); idx++) {
960 UniValue test = tests[idx];
961 std::string strTest = test.write();
962 CScriptWitness witness;
963 CAmount nValue = 0;
964 unsigned int pos = 0;
965 if (test.size() > 0 && test[pos].isArray()) {
966 unsigned int i=0;
967 for (i = 0; i < test[pos].size()-1; i++) {
968 witness.stack.push_back(ParseHex(test[pos][i].get_str()));
969 }
970 nValue = AmountFromValue(test[pos][i]);
971 pos++;
972 }
973 if (test.size() < 4 + pos) // Allow size > 3; extra stuff ignored (useful for comments)
974 {
975 if (test.size() != 1) {
976 BOOST_ERROR("Bad test: " << strTest);
977 }
978 continue;
979 }
980 std::string scriptSigString = test[pos++].get_str();
981 CScript scriptSig = ParseScript(scriptSigString);
982 std::string scriptPubKeyString = test[pos++].get_str();
983 CScript scriptPubKey = ParseScript(scriptPubKeyString);
984 unsigned int scriptflags = ParseScriptFlags(test[pos++].get_str());
985 int scriptError = ParseScriptError(test[pos++].get_str());
986
987 DoTest(scriptPubKey, scriptSig, witness, scriptflags, strTest, scriptError, nValue);
988 }
989 }
990
991 BOOST_AUTO_TEST_CASE(script_PushData)
992 {
993 // Check that PUSHDATA1, PUSHDATA2, and PUSHDATA4 create the same value on
994 // the stack as the 1-75 opcodes do.
995 static const unsigned char direct[] = { 1, 0x5a };
996 static const unsigned char pushdata1[] = { OP_PUSHDATA1, 1, 0x5a };
997 static const unsigned char pushdata2[] = { OP_PUSHDATA2, 1, 0, 0x5a };
998 static const unsigned char pushdata4[] = { OP_PUSHDATA4, 1, 0, 0, 0, 0x5a };
999
1000 ScriptError err;
1001 std::vector<std::vector<unsigned char> > directStack;
1002 BOOST_CHECK(EvalScript(directStack, CScript(&direct[0], &direct[sizeof(direct)]), SCRIPT_VERIFY_P2SH, BaseSignatureChecker(), SIGVERSION_BASE, &err));
1003 BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
1004
1005 std::vector<std::vector<unsigned char> > pushdata1Stack;
1006 BOOST_CHECK(EvalScript(pushdata1Stack, CScript(&pushdata1[0], &pushdata1[sizeof(pushdata1)]), SCRIPT_VERIFY_P2SH, BaseSignatureChecker(), SIGVERSION_BASE, &err));
1007 BOOST_CHECK(pushdata1Stack == directStack);
1008 BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
1009
1010 std::vector<std::vector<unsigned char> > pushdata2Stack;
1011 BOOST_CHECK(EvalScript(pushdata2Stack, CScript(&pushdata2[0], &pushdata2[sizeof(pushdata2)]), SCRIPT_VERIFY_P2SH, BaseSignatureChecker(), SIGVERSION_BASE, &err));
1012 BOOST_CHECK(pushdata2Stack == directStack);
1013 BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
1014
1015 std::vector<std::vector<unsigned char> > pushdata4Stack;
1016 BOOST_CHECK(EvalScript(pushdata4Stack, CScript(&pushdata4[0], &pushdata4[sizeof(pushdata4)]), SCRIPT_VERIFY_P2SH, BaseSignatureChecker(), SIGVERSION_BASE, &err));
1017 BOOST_CHECK(pushdata4Stack == directStack);
1018 BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
1019 }
1020
1021 CScript
1022 sign_multisig(CScript scriptPubKey, std::vector<CKey> keys, CTransaction transaction)
1023 {
1024 uint256 hash = SignatureHash(scriptPubKey, transaction, 0, SIGHASH_ALL, 0, SIGVERSION_BASE);
1025
1026 CScript result;
1027 //
1028 // NOTE: CHECKMULTISIG has an unfortunate bug; it requires
1029 // one extra item on the stack, before the signatures.
1030 // Putting OP_0 on the stack is the workaround;
1031 // fixing the bug would mean splitting the block chain (old
1032 // clients would not accept new CHECKMULTISIG transactions,
1033 // and vice-versa)
1034 //
1035 result << OP_0;
1036 BOOST_FOREACH(const CKey &key, keys)
1037 {
1038 std::vector<unsigned char> vchSig;
1039 BOOST_CHECK(key.Sign(hash, vchSig));
1040 vchSig.push_back((unsigned char)SIGHASH_ALL);
1041 result << vchSig;
1042 }
1043 return result;
1044 }
1045 CScript
1046 sign_multisig(CScript scriptPubKey, const CKey &key, CTransaction transaction)
1047 {
1048 std::vector<CKey> keys;
1049 keys.push_back(key);
1050 return sign_multisig(scriptPubKey, keys, transaction);
1051 }
1052
1053 BOOST_AUTO_TEST_CASE(script_CHECKMULTISIG12)
1054 {
1055 ScriptError err;
1056 CKey key1, key2, key3;
1057 key1.MakeNewKey(true);
1058 key2.MakeNewKey(false);
1059 key3.MakeNewKey(true);
1060
1061 CScript scriptPubKey12;
1062 scriptPubKey12 << OP_1 << ToByteVector(key1.GetPubKey()) << ToByteVector(key2.GetPubKey()) << OP_2 << OP_CHECKMULTISIG;
1063
1064 CMutableTransaction txFrom12 = BuildCreditingTransaction(scriptPubKey12);
1065 CMutableTransaction txTo12 = BuildSpendingTransaction(CScript(), CScriptWitness(), txFrom12);
1066
1067 CScript goodsig1 = sign_multisig(scriptPubKey12, key1, txTo12);
1068 BOOST_CHECK(VerifyScript(goodsig1, scriptPubKey12, NULL, gFlags, MutableTransactionSignatureChecker(&txTo12, 0, txFrom12.vout[0].nValue), &err));
1069 BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
1070 txTo12.vout[0].nValue = 2;
1071 BOOST_CHECK(!VerifyScript(goodsig1, scriptPubKey12, NULL, gFlags, MutableTransactionSignatureChecker(&txTo12, 0, txFrom12.vout[0].nValue), &err));
1072 BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_EVAL_FALSE, ScriptErrorString(err));
1073
1074 CScript goodsig2 = sign_multisig(scriptPubKey12, key2, txTo12);
1075 BOOST_CHECK(VerifyScript(goodsig2, scriptPubKey12, NULL, gFlags, MutableTransactionSignatureChecker(&txTo12, 0, txFrom12.vout[0].nValue), &err));
1076 BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
1077
1078 CScript badsig1 = sign_multisig(scriptPubKey12, key3, txTo12);
1079 BOOST_CHECK(!VerifyScript(badsig1, scriptPubKey12, NULL, gFlags, MutableTransactionSignatureChecker(&txTo12, 0, txFrom12.vout[0].nValue), &err));
1080 BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_EVAL_FALSE, ScriptErrorString(err));
1081 }
1082
1083 BOOST_AUTO_TEST_CASE(script_CHECKMULTISIG23)
1084 {
1085 ScriptError err;
1086 CKey key1, key2, key3, key4;
1087 key1.MakeNewKey(true);
1088 key2.MakeNewKey(false);
1089 key3.MakeNewKey(true);
1090 key4.MakeNewKey(false);
1091
1092 CScript scriptPubKey23;
1093 scriptPubKey23 << OP_2 << ToByteVector(key1.GetPubKey()) << ToByteVector(key2.GetPubKey()) << ToByteVector(key3.GetPubKey()) << OP_3 << OP_CHECKMULTISIG;
1094
1095 CMutableTransaction txFrom23 = BuildCreditingTransaction(scriptPubKey23);
1096 CMutableTransaction txTo23 = BuildSpendingTransaction(CScript(), CScriptWitness(), txFrom23);
1097
1098 std::vector<CKey> keys;
1099 keys.push_back(key1); keys.push_back(key2);
1100 CScript goodsig1 = sign_multisig(scriptPubKey23, keys, txTo23);
1101 BOOST_CHECK(VerifyScript(goodsig1, scriptPubKey23, NULL, gFlags, MutableTransactionSignatureChecker(&txTo23, 0, txFrom23.vout[0].nValue), &err));
1102 BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
1103
1104 keys.clear();
1105 keys.push_back(key1); keys.push_back(key3);
1106 CScript goodsig2 = sign_multisig(scriptPubKey23, keys, txTo23);
1107 BOOST_CHECK(VerifyScript(goodsig2, scriptPubKey23, NULL, gFlags, MutableTransactionSignatureChecker(&txTo23, 0, txFrom23.vout[0].nValue), &err));
1108 BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
1109
1110 keys.clear();
1111 keys.push_back(key2); keys.push_back(key3);
1112 CScript goodsig3 = sign_multisig(scriptPubKey23, keys, txTo23);
1113 BOOST_CHECK(VerifyScript(goodsig3, scriptPubKey23, NULL, gFlags, MutableTransactionSignatureChecker(&txTo23, 0, txFrom23.vout[0].nValue), &err));
1114 BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
1115
1116 keys.clear();
1117 keys.push_back(key2); keys.push_back(key2); // Can't re-use sig
1118 CScript badsig1 = sign_multisig(scriptPubKey23, keys, txTo23);
1119 BOOST_CHECK(!VerifyScript(badsig1, scriptPubKey23, NULL, gFlags, MutableTransactionSignatureChecker(&txTo23, 0, txFrom23.vout[0].nValue), &err));
1120 BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_EVAL_FALSE, ScriptErrorString(err));
1121
1122 keys.clear();
1123 keys.push_back(key2); keys.push_back(key1); // sigs must be in correct order
1124 CScript badsig2 = sign_multisig(scriptPubKey23, keys, txTo23);
1125 BOOST_CHECK(!VerifyScript(badsig2, scriptPubKey23, NULL, gFlags, MutableTransactionSignatureChecker(&txTo23, 0, txFrom23.vout[0].nValue), &err));
1126 BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_EVAL_FALSE, ScriptErrorString(err));
1127
1128 keys.clear();
1129 keys.push_back(key3); keys.push_back(key2); // sigs must be in correct order
1130 CScript badsig3 = sign_multisig(scriptPubKey23, keys, txTo23);
1131 BOOST_CHECK(!VerifyScript(badsig3, scriptPubKey23, NULL, gFlags, MutableTransactionSignatureChecker(&txTo23, 0, txFrom23.vout[0].nValue), &err));
1132 BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_EVAL_FALSE, ScriptErrorString(err));
1133
1134 keys.clear();
1135 keys.push_back(key4); keys.push_back(key2); // sigs must match pubkeys
1136 CScript badsig4 = sign_multisig(scriptPubKey23, keys, txTo23);
1137 BOOST_CHECK(!VerifyScript(badsig4, scriptPubKey23, NULL, gFlags, MutableTransactionSignatureChecker(&txTo23, 0, txFrom23.vout[0].nValue), &err));
1138 BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_EVAL_FALSE, ScriptErrorString(err));
1139
1140 keys.clear();
1141 keys.push_back(key1); keys.push_back(key4); // sigs must match pubkeys
1142 CScript badsig5 = sign_multisig(scriptPubKey23, keys, txTo23);
1143 BOOST_CHECK(!VerifyScript(badsig5, scriptPubKey23, NULL, gFlags, MutableTransactionSignatureChecker(&txTo23, 0, txFrom23.vout[0].nValue), &err));
1144 BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_EVAL_FALSE, ScriptErrorString(err));
1145
1146 keys.clear(); // Must have signatures
1147 CScript badsig6 = sign_multisig(scriptPubKey23, keys, txTo23);
1148 BOOST_CHECK(!VerifyScript(badsig6, scriptPubKey23, NULL, gFlags, MutableTransactionSignatureChecker(&txTo23, 0, txFrom23.vout[0].nValue), &err));
1149 BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_INVALID_STACK_OPERATION, ScriptErrorString(err));
1150 }
1151
1152 BOOST_AUTO_TEST_CASE(script_combineSigs)
1153 {
1154 // Test the CombineSignatures function
1155 CAmount amount = 0;
1156 CBasicKeyStore keystore;
1157 std::vector<CKey> keys;
1158 std::vector<CPubKey> pubkeys;
1159 for (int i = 0; i < 3; i++)
1160 {
1161 CKey key;
1162 key.MakeNewKey(i%2 == 1);
1163 keys.push_back(key);
1164 pubkeys.push_back(key.GetPubKey());
1165 keystore.AddKey(key);
1166 }
1167
1168 CMutableTransaction txFrom = BuildCreditingTransaction(GetScriptForDestination(keys[0].GetPubKey().GetID()));
1169 CMutableTransaction txTo = BuildSpendingTransaction(CScript(), CScriptWitness(), txFrom);
1170 CScript& scriptPubKey = txFrom.vout[0].scriptPubKey;
1171 CScript& scriptSig = txTo.vin[0].scriptSig;
1172
1173 SignatureData empty;
1174 SignatureData combined = CombineSignatures(scriptPubKey, MutableTransactionSignatureChecker(&txTo, 0, amount), empty, empty);
1175 BOOST_CHECK(combined.scriptSig.empty());
1176
1177 // Single signature case:
1178 SignSignature(keystore, txFrom, txTo, 0, SIGHASH_ALL); // changes scriptSig
1179 combined = CombineSignatures(scriptPubKey, MutableTransactionSignatureChecker(&txTo, 0, amount), SignatureData(scriptSig), empty);
1180 BOOST_CHECK(combined.scriptSig == scriptSig);
1181 combined = CombineSignatures(scriptPubKey, MutableTransactionSignatureChecker(&txTo, 0, amount), empty, SignatureData(scriptSig));
1182 BOOST_CHECK(combined.scriptSig == scriptSig);
1183 CScript scriptSigCopy = scriptSig;
1184 // Signing again will give a different, valid signature:
1185 SignSignature(keystore, txFrom, txTo, 0, SIGHASH_ALL);
1186 combined = CombineSignatures(scriptPubKey, MutableTransactionSignatureChecker(&txTo, 0, amount), SignatureData(scriptSigCopy), SignatureData(scriptSig));
1187 BOOST_CHECK(combined.scriptSig == scriptSigCopy || combined.scriptSig == scriptSig);
1188
1189 // P2SH, single-signature case:
1190 CScript pkSingle; pkSingle << ToByteVector(keys[0].GetPubKey()) << OP_CHECKSIG;
1191 keystore.AddCScript(pkSingle);
1192 scriptPubKey = GetScriptForDestination(CScriptID(pkSingle));
1193 SignSignature(keystore, txFrom, txTo, 0, SIGHASH_ALL);
1194 combined = CombineSignatures(scriptPubKey, MutableTransactionSignatureChecker(&txTo, 0, amount), SignatureData(scriptSig), empty);
1195 BOOST_CHECK(combined.scriptSig == scriptSig);
1196 combined = CombineSignatures(scriptPubKey, MutableTransactionSignatureChecker(&txTo, 0, amount), empty, SignatureData(scriptSig));
1197 BOOST_CHECK(combined.scriptSig == scriptSig);
1198 scriptSigCopy = scriptSig;
1199 SignSignature(keystore, txFrom, txTo, 0, SIGHASH_ALL);
1200 combined = CombineSignatures(scriptPubKey, MutableTransactionSignatureChecker(&txTo, 0, amount), SignatureData(scriptSigCopy), SignatureData(scriptSig));
1201 BOOST_CHECK(combined.scriptSig == scriptSigCopy || combined.scriptSig == scriptSig);
1202 // dummy scriptSigCopy with placeholder, should always choose non-placeholder:
1203 scriptSigCopy = CScript() << OP_0 << std::vector<unsigned char>(pkSingle.begin(), pkSingle.end());
1204 combined = CombineSignatures(scriptPubKey, MutableTransactionSignatureChecker(&txTo, 0, amount), SignatureData(scriptSigCopy), SignatureData(scriptSig));
1205 BOOST_CHECK(combined.scriptSig == scriptSig);
1206 combined = CombineSignatures(scriptPubKey, MutableTransactionSignatureChecker(&txTo, 0, amount), SignatureData(scriptSig), SignatureData(scriptSigCopy));
1207 BOOST_CHECK(combined.scriptSig == scriptSig);
1208
1209 // Hardest case: Multisig 2-of-3
1210 scriptPubKey = GetScriptForMultisig(2, pubkeys);
1211 keystore.AddCScript(scriptPubKey);
1212 SignSignature(keystore, txFrom, txTo, 0, SIGHASH_ALL);
1213 combined = CombineSignatures(scriptPubKey, MutableTransactionSignatureChecker(&txTo, 0, amount), SignatureData(scriptSig), empty);
1214 BOOST_CHECK(combined.scriptSig == scriptSig);
1215 combined = CombineSignatures(scriptPubKey, MutableTransactionSignatureChecker(&txTo, 0, amount), empty, SignatureData(scriptSig));
1216 BOOST_CHECK(combined.scriptSig == scriptSig);
1217
1218 // A couple of partially-signed versions:
1219 std::vector<unsigned char> sig1;
1220 uint256 hash1 = SignatureHash(scriptPubKey, txTo, 0, SIGHASH_ALL, 0, SIGVERSION_BASE);
1221 BOOST_CHECK(keys[0].Sign(hash1, sig1));
1222 sig1.push_back(SIGHASH_ALL);
1223 std::vector<unsigned char> sig2;
1224 uint256 hash2 = SignatureHash(scriptPubKey, txTo, 0, SIGHASH_NONE, 0, SIGVERSION_BASE);
1225 BOOST_CHECK(keys[1].Sign(hash2, sig2));
1226 sig2.push_back(SIGHASH_NONE);
1227 std::vector<unsigned char> sig3;
1228 uint256 hash3 = SignatureHash(scriptPubKey, txTo, 0, SIGHASH_SINGLE, 0, SIGVERSION_BASE);
1229 BOOST_CHECK(keys[2].Sign(hash3, sig3));
1230 sig3.push_back(SIGHASH_SINGLE);
1231
1232 // Not fussy about order (or even existence) of placeholders or signatures:
1233 CScript partial1a = CScript() << OP_0 << sig1 << OP_0;
1234 CScript partial1b = CScript() << OP_0 << OP_0 << sig1;
1235 CScript partial2a = CScript() << OP_0 << sig2;
1236 CScript partial2b = CScript() << sig2 << OP_0;
1237 CScript partial3a = CScript() << sig3;
1238 CScript partial3b = CScript() << OP_0 << OP_0 << sig3;
1239 CScript partial3c = CScript() << OP_0 << sig3 << OP_0;
1240 CScript complete12 = CScript() << OP_0 << sig1 << sig2;
1241 CScript complete13 = CScript() << OP_0 << sig1 << sig3;
1242 CScript complete23 = CScript() << OP_0 << sig2 << sig3;
1243
1244 combined = CombineSignatures(scriptPubKey, MutableTransactionSignatureChecker(&txTo, 0, amount), SignatureData(partial1a), SignatureData(partial1b));
1245 BOOST_CHECK(combined.scriptSig == partial1a);
1246 combined = CombineSignatures(scriptPubKey, MutableTransactionSignatureChecker(&txTo, 0, amount), SignatureData(partial1a), SignatureData(partial2a));
1247 BOOST_CHECK(combined.scriptSig == complete12);
1248 combined = CombineSignatures(scriptPubKey, MutableTransactionSignatureChecker(&txTo, 0, amount), SignatureData(partial2a), SignatureData(partial1a));
1249 BOOST_CHECK(combined.scriptSig == complete12);
1250 combined = CombineSignatures(scriptPubKey, MutableTransactionSignatureChecker(&txTo, 0, amount), SignatureData(partial1b), SignatureData(partial2b));
1251 BOOST_CHECK(combined.scriptSig == complete12);
1252 combined = CombineSignatures(scriptPubKey, MutableTransactionSignatureChecker(&txTo, 0, amount), SignatureData(partial3b), SignatureData(partial1b));
1253 BOOST_CHECK(combined.scriptSig == complete13);
1254 combined = CombineSignatures(scriptPubKey, MutableTransactionSignatureChecker(&txTo, 0, amount), SignatureData(partial2a), SignatureData(partial3a));
1255 BOOST_CHECK(combined.scriptSig == complete23);
1256 combined = CombineSignatures(scriptPubKey, MutableTransactionSignatureChecker(&txTo, 0, amount), SignatureData(partial3b), SignatureData(partial2b));
1257 BOOST_CHECK(combined.scriptSig == complete23);
1258 combined = CombineSignatures(scriptPubKey, MutableTransactionSignatureChecker(&txTo, 0, amount), SignatureData(partial3b), SignatureData(partial3a));
1259 BOOST_CHECK(combined.scriptSig == partial3c);
1260 }
1261
1262 BOOST_AUTO_TEST_CASE(script_standard_push)
1263 {
1264 ScriptError err;
1265 for (int i=0; i<67000; i++) {
1266 CScript script;
1267 script << i;
1268 BOOST_CHECK_MESSAGE(script.IsPushOnly(), "Number " << i << " is not pure push.");
1269 BOOST_CHECK_MESSAGE(VerifyScript(script, CScript() << OP_1, NULL, SCRIPT_VERIFY_MINIMALDATA, BaseSignatureChecker(), &err), "Number " << i << " push is not minimal data.");
1270 BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
1271 }
1272
1273 for (unsigned int i=0; i<=MAX_SCRIPT_ELEMENT_SIZE; i++) {
1274 std::vector<unsigned char> data(i, '\111');
1275 CScript script;
1276 script << data;
1277 BOOST_CHECK_MESSAGE(script.IsPushOnly(), "Length " << i << " is not pure push.");
1278 BOOST_CHECK_MESSAGE(VerifyScript(script, CScript() << OP_1, NULL, SCRIPT_VERIFY_MINIMALDATA, BaseSignatureChecker(), &err), "Length " << i << " push is not minimal data.");
1279 BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
1280 }
1281 }
1282
1283 BOOST_AUTO_TEST_CASE(script_IsPushOnly_on_invalid_scripts)
1284 {
1285 // IsPushOnly returns false when given a script containing only pushes that
1286 // are invalid due to truncation. IsPushOnly() is consensus critical
1287 // because P2SH evaluation uses it, although this specific behavior should
1288 // not be consensus critical as the P2SH evaluation would fail first due to
1289 // the invalid push. Still, it doesn't hurt to test it explicitly.
1290 static const unsigned char direct[] = { 1 };
1291 BOOST_CHECK(!CScript(direct, direct+sizeof(direct)).IsPushOnly());
1292 }
1293
1294 BOOST_AUTO_TEST_CASE(script_GetScriptAsm)
1295 {
1296 BOOST_CHECK_EQUAL("OP_CHECKLOCKTIMEVERIFY", ScriptToAsmStr(CScript() << OP_NOP2, true));
1297 BOOST_CHECK_EQUAL("OP_CHECKLOCKTIMEVERIFY", ScriptToAsmStr(CScript() << OP_CHECKLOCKTIMEVERIFY, true));
1298 BOOST_CHECK_EQUAL("OP_CHECKLOCKTIMEVERIFY", ScriptToAsmStr(CScript() << OP_NOP2));
1299 BOOST_CHECK_EQUAL("OP_CHECKLOCKTIMEVERIFY", ScriptToAsmStr(CScript() << OP_CHECKLOCKTIMEVERIFY));
1300
1301 std::string derSig("304502207fa7a6d1e0ee81132a269ad84e68d695483745cde8b541e3bf630749894e342a022100c1f7ab20e13e22fb95281a870f3dcf38d782e53023ee313d741ad0cfbc0c5090");
1302 std::string pubKey("03b0da749730dc9b4b1f4a14d6902877a92541f5368778853d9c4a0cb7802dcfb2");
1303 std::vector<unsigned char> vchPubKey = ToByteVector(ParseHex(pubKey));
1304
1305 BOOST_CHECK_EQUAL(derSig + "00 " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "00")) << vchPubKey, true));
1306 BOOST_CHECK_EQUAL(derSig + "80 " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "80")) << vchPubKey, true));
1307 BOOST_CHECK_EQUAL(derSig + "[ALL] " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "01")) << vchPubKey, true));
1308 BOOST_CHECK_EQUAL(derSig + "[NONE] " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "02")) << vchPubKey, true));
1309 BOOST_CHECK_EQUAL(derSig + "[SINGLE] " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "03")) << vchPubKey, true));
1310 BOOST_CHECK_EQUAL(derSig + "[ALL|ANYONECANPAY] " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "81")) << vchPubKey, true));
1311 BOOST_CHECK_EQUAL(derSig + "[NONE|ANYONECANPAY] " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "82")) << vchPubKey, true));
1312 BOOST_CHECK_EQUAL(derSig + "[SINGLE|ANYONECANPAY] " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "83")) << vchPubKey, true));
1313
1314 BOOST_CHECK_EQUAL(derSig + "00 " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "00")) << vchPubKey));
1315 BOOST_CHECK_EQUAL(derSig + "80 " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "80")) << vchPubKey));
1316 BOOST_CHECK_EQUAL(derSig + "01 " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "01")) << vchPubKey));
1317 BOOST_CHECK_EQUAL(derSig + "02 " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "02")) << vchPubKey));
1318 BOOST_CHECK_EQUAL(derSig + "03 " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "03")) << vchPubKey));
1319 BOOST_CHECK_EQUAL(derSig + "81 " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "81")) << vchPubKey));
1320 BOOST_CHECK_EQUAL(derSig + "82 " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "82")) << vchPubKey));
1321 BOOST_CHECK_EQUAL(derSig + "83 " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "83")) << vchPubKey));
1322 }
1323
1324 static CScript
1325 ScriptFromHex(const char* hex)
1326 {
1327 std::vector<unsigned char> data = ParseHex(hex);
1328 return CScript(data.begin(), data.end());
1329 }
1330
1331
1332 BOOST_AUTO_TEST_CASE(script_FindAndDelete)
1333 {
1334 // Exercise the FindAndDelete functionality
1335 CScript s;
1336 CScript d;
1337 CScript expect;
1338
1339 s = CScript() << OP_1 << OP_2;
1340 d = CScript(); // delete nothing should be a no-op
1341 expect = s;
1342 BOOST_CHECK_EQUAL(s.FindAndDelete(d), 0);
1343 BOOST_CHECK(s == expect);
1344
1345 s = CScript() << OP_1 << OP_2 << OP_3;
1346 d = CScript() << OP_2;
1347 expect = CScript() << OP_1 << OP_3;
1348 BOOST_CHECK_EQUAL(s.FindAndDelete(d), 1);
1349 BOOST_CHECK(s == expect);
1350
1351 s = CScript() << OP_3 << OP_1 << OP_3 << OP_3 << OP_4 << OP_3;
1352 d = CScript() << OP_3;
1353 expect = CScript() << OP_1 << OP_4;
1354 BOOST_CHECK_EQUAL(s.FindAndDelete(d), 4);
1355 BOOST_CHECK(s == expect);
1356
1357 s = ScriptFromHex("0302ff03"); // PUSH 0x02ff03 onto stack
1358 d = ScriptFromHex("0302ff03");
1359 expect = CScript();
1360 BOOST_CHECK_EQUAL(s.FindAndDelete(d), 1);
1361 BOOST_CHECK(s == expect);
1362
1363 s = ScriptFromHex("0302ff030302ff03"); // PUSH 0x2ff03 PUSH 0x2ff03
1364 d = ScriptFromHex("0302ff03");
1365 expect = CScript();
1366 BOOST_CHECK_EQUAL(s.FindAndDelete(d), 2);
1367 BOOST_CHECK(s == expect);
1368
1369 s = ScriptFromHex("0302ff030302ff03");
1370 d = ScriptFromHex("02");
1371 expect = s; // FindAndDelete matches entire opcodes
1372 BOOST_CHECK_EQUAL(s.FindAndDelete(d), 0);
1373 BOOST_CHECK(s == expect);
1374
1375 s = ScriptFromHex("0302ff030302ff03");
1376 d = ScriptFromHex("ff");
1377 expect = s;
1378 BOOST_CHECK_EQUAL(s.FindAndDelete(d), 0);
1379 BOOST_CHECK(s == expect);
1380
1381 // This is an odd edge case: strip of the push-three-bytes
1382 // prefix, leaving 02ff03 which is push-two-bytes:
1383 s = ScriptFromHex("0302ff030302ff03");
1384 d = ScriptFromHex("03");
1385 expect = CScript() << ParseHex("ff03") << ParseHex("ff03");
1386 BOOST_CHECK_EQUAL(s.FindAndDelete(d), 2);
1387 BOOST_CHECK(s == expect);
1388
1389 // Byte sequence that spans multiple opcodes:
1390 s = ScriptFromHex("02feed5169"); // PUSH(0xfeed) OP_1 OP_VERIFY
1391 d = ScriptFromHex("feed51");
1392 expect = s;
1393 BOOST_CHECK_EQUAL(s.FindAndDelete(d), 0); // doesn't match 'inside' opcodes
1394 BOOST_CHECK(s == expect);
1395
1396 s = ScriptFromHex("02feed5169"); // PUSH(0xfeed) OP_1 OP_VERIFY
1397 d = ScriptFromHex("02feed51");
1398 expect = ScriptFromHex("69");
1399 BOOST_CHECK_EQUAL(s.FindAndDelete(d), 1);
1400 BOOST_CHECK(s == expect);
1401
1402 s = ScriptFromHex("516902feed5169");
1403 d = ScriptFromHex("feed51");
1404 expect = s;
1405 BOOST_CHECK_EQUAL(s.FindAndDelete(d), 0);
1406 BOOST_CHECK(s == expect);
1407
1408 s = ScriptFromHex("516902feed5169");
1409 d = ScriptFromHex("02feed51");
1410 expect = ScriptFromHex("516969");
1411 BOOST_CHECK_EQUAL(s.FindAndDelete(d), 1);
1412 BOOST_CHECK(s == expect);
1413
1414 s = CScript() << OP_0 << OP_0 << OP_1 << OP_1;
1415 d = CScript() << OP_0 << OP_1;
1416 expect = CScript() << OP_0 << OP_1; // FindAndDelete is single-pass
1417 BOOST_CHECK_EQUAL(s.FindAndDelete(d), 1);
1418 BOOST_CHECK(s == expect);
1419
1420 s = CScript() << OP_0 << OP_0 << OP_1 << OP_0 << OP_1 << OP_1;
1421 d = CScript() << OP_0 << OP_1;
1422 expect = CScript() << OP_0 << OP_1; // FindAndDelete is single-pass
1423 BOOST_CHECK_EQUAL(s.FindAndDelete(d), 2);
1424 BOOST_CHECK(s == expect);
1425
1426 // Another weird edge case:
1427 // End with invalid push (not enough data)...
1428 s = ScriptFromHex("0003feed");
1429 d = ScriptFromHex("03feed"); // ... can remove the invalid push
1430 expect = ScriptFromHex("00");
1431 BOOST_CHECK_EQUAL(s.FindAndDelete(d), 1);
1432 BOOST_CHECK(s == expect);
1433
1434 s = ScriptFromHex("0003feed");
1435 d = ScriptFromHex("00");
1436 expect = ScriptFromHex("03feed");
1437 BOOST_CHECK_EQUAL(s.FindAndDelete(d), 1);
1438 BOOST_CHECK(s == expect);
1439 }
1440
1441 BOOST_AUTO_TEST_SUITE_END()