Bitcoin Core  27.99.0
P2P Digital Currency
script_tests.cpp
Go to the documentation of this file.
1 // Copyright (c) 2011-2022 The Bitcoin Core developers
2 // Distributed under the MIT software license, see the accompanying
3 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
4 
5 #include <test/data/script_tests.json.h>
6 #include <test/data/bip341_wallet_vectors.json.h>
7 
8 #include <common/system.h>
9 #include <core_io.h>
10 #include <key.h>
11 #include <rpc/util.h>
12 #include <script/script.h>
13 #include <script/script_error.h>
14 #include <script/sigcache.h>
15 #include <script/sign.h>
16 #include <script/signingprovider.h>
17 #include <script/solver.h>
18 #include <streams.h>
19 #include <test/util/json.h>
20 #include <test/util/random.h>
21 #include <test/util/setup_common.h>
23 #include <util/fs.h>
24 #include <util/strencodings.h>
25 
26 #include <cstdint>
27 #include <fstream>
28 #include <string>
29 #include <vector>
30 
31 #include <boost/test/unit_test.hpp>
32 
33 #include <univalue.h>
34 
35 // Uncomment if you want to output updated JSON tests.
36 // #define UPDATE_JSON_TESTS
37 
38 static const unsigned int gFlags = SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_STRICTENC;
39 
40 unsigned int ParseScriptFlags(std::string strFlags);
41 std::string FormatScriptFlags(unsigned int flags);
42 
44 {
46  const char *name;
47 };
48 
50  {SCRIPT_ERR_OK, "OK"},
51  {SCRIPT_ERR_UNKNOWN_ERROR, "UNKNOWN_ERROR"},
52  {SCRIPT_ERR_EVAL_FALSE, "EVAL_FALSE"},
53  {SCRIPT_ERR_OP_RETURN, "OP_RETURN"},
54  {SCRIPT_ERR_SCRIPT_SIZE, "SCRIPT_SIZE"},
55  {SCRIPT_ERR_PUSH_SIZE, "PUSH_SIZE"},
56  {SCRIPT_ERR_OP_COUNT, "OP_COUNT"},
57  {SCRIPT_ERR_STACK_SIZE, "STACK_SIZE"},
58  {SCRIPT_ERR_SIG_COUNT, "SIG_COUNT"},
59  {SCRIPT_ERR_PUBKEY_COUNT, "PUBKEY_COUNT"},
60  {SCRIPT_ERR_VERIFY, "VERIFY"},
61  {SCRIPT_ERR_EQUALVERIFY, "EQUALVERIFY"},
62  {SCRIPT_ERR_CHECKMULTISIGVERIFY, "CHECKMULTISIGVERIFY"},
63  {SCRIPT_ERR_CHECKSIGVERIFY, "CHECKSIGVERIFY"},
64  {SCRIPT_ERR_NUMEQUALVERIFY, "NUMEQUALVERIFY"},
65  {SCRIPT_ERR_BAD_OPCODE, "BAD_OPCODE"},
66  {SCRIPT_ERR_DISABLED_OPCODE, "DISABLED_OPCODE"},
67  {SCRIPT_ERR_INVALID_STACK_OPERATION, "INVALID_STACK_OPERATION"},
68  {SCRIPT_ERR_INVALID_ALTSTACK_OPERATION, "INVALID_ALTSTACK_OPERATION"},
69  {SCRIPT_ERR_UNBALANCED_CONDITIONAL, "UNBALANCED_CONDITIONAL"},
70  {SCRIPT_ERR_NEGATIVE_LOCKTIME, "NEGATIVE_LOCKTIME"},
71  {SCRIPT_ERR_UNSATISFIED_LOCKTIME, "UNSATISFIED_LOCKTIME"},
72  {SCRIPT_ERR_SIG_HASHTYPE, "SIG_HASHTYPE"},
73  {SCRIPT_ERR_SIG_DER, "SIG_DER"},
74  {SCRIPT_ERR_MINIMALDATA, "MINIMALDATA"},
75  {SCRIPT_ERR_SIG_PUSHONLY, "SIG_PUSHONLY"},
76  {SCRIPT_ERR_SIG_HIGH_S, "SIG_HIGH_S"},
77  {SCRIPT_ERR_SIG_NULLDUMMY, "SIG_NULLDUMMY"},
78  {SCRIPT_ERR_PUBKEYTYPE, "PUBKEYTYPE"},
79  {SCRIPT_ERR_CLEANSTACK, "CLEANSTACK"},
80  {SCRIPT_ERR_MINIMALIF, "MINIMALIF"},
81  {SCRIPT_ERR_SIG_NULLFAIL, "NULLFAIL"},
82  {SCRIPT_ERR_DISCOURAGE_UPGRADABLE_NOPS, "DISCOURAGE_UPGRADABLE_NOPS"},
83  {SCRIPT_ERR_DISCOURAGE_UPGRADABLE_WITNESS_PROGRAM, "DISCOURAGE_UPGRADABLE_WITNESS_PROGRAM"},
84  {SCRIPT_ERR_WITNESS_PROGRAM_WRONG_LENGTH, "WITNESS_PROGRAM_WRONG_LENGTH"},
85  {SCRIPT_ERR_WITNESS_PROGRAM_WITNESS_EMPTY, "WITNESS_PROGRAM_WITNESS_EMPTY"},
86  {SCRIPT_ERR_WITNESS_PROGRAM_MISMATCH, "WITNESS_PROGRAM_MISMATCH"},
87  {SCRIPT_ERR_WITNESS_MALLEATED, "WITNESS_MALLEATED"},
88  {SCRIPT_ERR_WITNESS_MALLEATED_P2SH, "WITNESS_MALLEATED_P2SH"},
89  {SCRIPT_ERR_WITNESS_UNEXPECTED, "WITNESS_UNEXPECTED"},
90  {SCRIPT_ERR_WITNESS_PUBKEYTYPE, "WITNESS_PUBKEYTYPE"},
91  {SCRIPT_ERR_OP_CODESEPARATOR, "OP_CODESEPARATOR"},
92  {SCRIPT_ERR_SIG_FINDANDDELETE, "SIG_FINDANDDELETE"},
93 };
94 
95 static std::string FormatScriptError(ScriptError_t err)
96 {
97  for (const auto& se : script_errors)
98  if (se.err == err)
99  return se.name;
100  BOOST_ERROR("Unknown scripterror enumeration value, update script_errors in script_tests.cpp.");
101  return "";
102 }
103 
104 static ScriptError_t ParseScriptError(const std::string& name)
105 {
106  for (const auto& se : script_errors)
107  if (se.name == name)
108  return se.err;
109  BOOST_ERROR("Unknown scripterror \"" << name << "\" in test description");
111 }
112 
113 BOOST_FIXTURE_TEST_SUITE(script_tests, BasicTestingSetup)
114 
115 void DoTest(const CScript& scriptPubKey, const CScript& scriptSig, const CScriptWitness& scriptWitness, uint32_t flags, const std::string& message, int scriptError, CAmount nValue = 0)
116 {
117  bool expect = (scriptError == SCRIPT_ERR_OK);
121  }
122  ScriptError err;
123  const CTransaction txCredit{BuildCreditingTransaction(scriptPubKey, nValue)};
124  CMutableTransaction tx = BuildSpendingTransaction(scriptSig, scriptWitness, txCredit);
125  CMutableTransaction tx2 = tx;
126  BOOST_CHECK_MESSAGE(VerifyScript(scriptSig, scriptPubKey, &scriptWitness, flags, MutableTransactionSignatureChecker(&tx, 0, txCredit.vout[0].nValue, MissingDataBehavior::ASSERT_FAIL), &err) == expect, message);
127  BOOST_CHECK_MESSAGE(err == scriptError, FormatScriptError(err) + " where " + FormatScriptError((ScriptError_t)scriptError) + " expected: " + message);
128 
129  // Verify that removing flags from a passing test or adding flags to a failing test does not change the result.
130  for (int i = 0; i < 16; ++i) {
131  uint32_t extra_flags(InsecureRandBits(16));
132  uint32_t combined_flags{expect ? (flags & ~extra_flags) : (flags | extra_flags)};
133  // Weed out some invalid flag combinations.
134  if (combined_flags & SCRIPT_VERIFY_CLEANSTACK && ~combined_flags & (SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS)) continue;
135  if (combined_flags & SCRIPT_VERIFY_WITNESS && ~combined_flags & SCRIPT_VERIFY_P2SH) continue;
136  BOOST_CHECK_MESSAGE(VerifyScript(scriptSig, scriptPubKey, &scriptWitness, combined_flags, MutableTransactionSignatureChecker(&tx, 0, txCredit.vout[0].nValue, MissingDataBehavior::ASSERT_FAIL), &err) == expect, message + strprintf(" (with flags %x)", combined_flags));
137  }
138 }
139 
140 void static NegateSignatureS(std::vector<unsigned char>& vchSig) {
141  // Parse the signature.
142  std::vector<unsigned char> r, s;
143  r = std::vector<unsigned char>(vchSig.begin() + 4, vchSig.begin() + 4 + vchSig[3]);
144  s = std::vector<unsigned char>(vchSig.begin() + 6 + vchSig[3], vchSig.begin() + 6 + vchSig[3] + vchSig[5 + vchSig[3]]);
145 
146  // Really ugly to implement mod-n negation here, but it would be feature creep to expose such functionality from libsecp256k1.
147  static const unsigned char order[33] = {
148  0x00,
149  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
150  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE,
151  0xBA, 0xAE, 0xDC, 0xE6, 0xAF, 0x48, 0xA0, 0x3B,
152  0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41, 0x41
153  };
154  while (s.size() < 33) {
155  s.insert(s.begin(), 0x00);
156  }
157  int carry = 0;
158  for (int p = 32; p >= 1; p--) {
159  int n = (int)order[p] - s[p] - carry;
160  s[p] = (n + 256) & 0xFF;
161  carry = (n < 0);
162  }
163  assert(carry == 0);
164  if (s.size() > 1 && s[0] == 0 && s[1] < 0x80) {
165  s.erase(s.begin());
166  }
167 
168  // Reconstruct the signature.
169  vchSig.clear();
170  vchSig.push_back(0x30);
171  vchSig.push_back(4 + r.size() + s.size());
172  vchSig.push_back(0x02);
173  vchSig.push_back(r.size());
174  vchSig.insert(vchSig.end(), r.begin(), r.end());
175  vchSig.push_back(0x02);
176  vchSig.push_back(s.size());
177  vchSig.insert(vchSig.end(), s.begin(), s.end());
178 }
179 
180 namespace
181 {
182 const unsigned char vchKey0[32] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1};
183 const unsigned char vchKey1[32] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0};
184 const unsigned char vchKey2[32] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0};
185 
186 struct KeyData
187 {
188  CKey key0, key0C, key1, key1C, key2, key2C;
189  CPubKey pubkey0, pubkey0C, pubkey0H;
190  CPubKey pubkey1, pubkey1C;
191  CPubKey pubkey2, pubkey2C;
192 
193  KeyData()
194  {
195  key0.Set(vchKey0, vchKey0 + 32, false);
196  key0C.Set(vchKey0, vchKey0 + 32, true);
197  pubkey0 = key0.GetPubKey();
198  pubkey0H = key0.GetPubKey();
199  pubkey0C = key0C.GetPubKey();
200  *const_cast<unsigned char*>(pubkey0H.data()) = 0x06 | (pubkey0H[64] & 1);
201 
202  key1.Set(vchKey1, vchKey1 + 32, false);
203  key1C.Set(vchKey1, vchKey1 + 32, true);
204  pubkey1 = key1.GetPubKey();
205  pubkey1C = key1C.GetPubKey();
206 
207  key2.Set(vchKey2, vchKey2 + 32, false);
208  key2C.Set(vchKey2, vchKey2 + 32, true);
209  pubkey2 = key2.GetPubKey();
210  pubkey2C = key2C.GetPubKey();
211  }
212 };
213 
214 enum class WitnessMode {
215  NONE,
216  PKH,
217  SH
218 };
219 
220 class TestBuilder
221 {
222 private:
224  CScript script;
226  CScript redeemscript;
228  CScript witscript;
229  CScriptWitness scriptWitness;
230  CTransactionRef creditTx;
231  CMutableTransaction spendTx;
232  bool havePush{false};
233  std::vector<unsigned char> push;
234  std::string comment;
235  uint32_t flags;
236  int scriptError{SCRIPT_ERR_OK};
237  CAmount nValue;
238 
239  void DoPush()
240  {
241  if (havePush) {
242  spendTx.vin[0].scriptSig << push;
243  havePush = false;
244  }
245  }
246 
247  void DoPush(const std::vector<unsigned char>& data)
248  {
249  DoPush();
250  push = data;
251  havePush = true;
252  }
253 
254 public:
255  TestBuilder(const CScript& script_, const std::string& comment_, uint32_t flags_, bool P2SH = false, WitnessMode wm = WitnessMode::NONE, int witnessversion = 0, CAmount nValue_ = 0) : script(script_), comment(comment_), flags(flags_), nValue(nValue_)
256  {
257  CScript scriptPubKey = script;
258  if (wm == WitnessMode::PKH) {
259  uint160 hash;
260  CHash160().Write(Span{script}.subspan(1)).Finalize(hash);
261  script = CScript() << OP_DUP << OP_HASH160 << ToByteVector(hash) << OP_EQUALVERIFY << OP_CHECKSIG;
262  scriptPubKey = CScript() << witnessversion << ToByteVector(hash);
263  } else if (wm == WitnessMode::SH) {
264  witscript = scriptPubKey;
265  uint256 hash;
266  CSHA256().Write(witscript.data(), witscript.size()).Finalize(hash.begin());
267  scriptPubKey = CScript() << witnessversion << ToByteVector(hash);
268  }
269  if (P2SH) {
270  redeemscript = scriptPubKey;
271  scriptPubKey = CScript() << OP_HASH160 << ToByteVector(CScriptID(redeemscript)) << OP_EQUAL;
272  }
273  creditTx = MakeTransactionRef(BuildCreditingTransaction(scriptPubKey, nValue));
274  spendTx = BuildSpendingTransaction(CScript(), CScriptWitness(), *creditTx);
275  }
276 
277  TestBuilder& ScriptError(ScriptError_t err)
278  {
279  scriptError = err;
280  return *this;
281  }
282 
283  TestBuilder& Opcode(const opcodetype& _op)
284  {
285  DoPush();
286  spendTx.vin[0].scriptSig << _op;
287  return *this;
288  }
289 
290  TestBuilder& Num(int num)
291  {
292  DoPush();
293  spendTx.vin[0].scriptSig << num;
294  return *this;
295  }
296 
297  TestBuilder& Push(const std::string& hex)
298  {
299  DoPush(ParseHex(hex));
300  return *this;
301  }
302 
303  TestBuilder& Push(const CScript& _script)
304  {
305  DoPush(std::vector<unsigned char>(_script.begin(), _script.end()));
306  return *this;
307  }
308 
309  TestBuilder& PushSig(const CKey& key, int nHashType = SIGHASH_ALL, unsigned int lenR = 32, unsigned int lenS = 32, SigVersion sigversion = SigVersion::BASE, CAmount amount = 0)
310  {
311  uint256 hash = SignatureHash(script, spendTx, 0, nHashType, amount, sigversion);
312  std::vector<unsigned char> vchSig, r, s;
313  uint32_t iter = 0;
314  do {
315  key.Sign(hash, vchSig, false, iter++);
316  if ((lenS == 33) != (vchSig[5 + vchSig[3]] == 33)) {
317  NegateSignatureS(vchSig);
318  }
319  r = std::vector<unsigned char>(vchSig.begin() + 4, vchSig.begin() + 4 + vchSig[3]);
320  s = std::vector<unsigned char>(vchSig.begin() + 6 + vchSig[3], vchSig.begin() + 6 + vchSig[3] + vchSig[5 + vchSig[3]]);
321  } while (lenR != r.size() || lenS != s.size());
322  vchSig.push_back(static_cast<unsigned char>(nHashType));
323  DoPush(vchSig);
324  return *this;
325  }
326 
327  TestBuilder& PushWitSig(const CKey& key, CAmount amount = -1, int nHashType = SIGHASH_ALL, unsigned int lenR = 32, unsigned int lenS = 32, SigVersion sigversion = SigVersion::WITNESS_V0)
328  {
329  if (amount == -1)
330  amount = nValue;
331  return PushSig(key, nHashType, lenR, lenS, sigversion, amount).AsWit();
332  }
333 
334  TestBuilder& Push(const CPubKey& pubkey)
335  {
336  DoPush(std::vector<unsigned char>(pubkey.begin(), pubkey.end()));
337  return *this;
338  }
339 
340  TestBuilder& PushRedeem()
341  {
342  DoPush(std::vector<unsigned char>(redeemscript.begin(), redeemscript.end()));
343  return *this;
344  }
345 
346  TestBuilder& PushWitRedeem()
347  {
348  DoPush(std::vector<unsigned char>(witscript.begin(), witscript.end()));
349  return AsWit();
350  }
351 
352  TestBuilder& EditPush(unsigned int pos, const std::string& hexin, const std::string& hexout)
353  {
354  assert(havePush);
355  std::vector<unsigned char> datain = ParseHex(hexin);
356  std::vector<unsigned char> dataout = ParseHex(hexout);
357  assert(pos + datain.size() <= push.size());
358  BOOST_CHECK_MESSAGE(std::vector<unsigned char>(push.begin() + pos, push.begin() + pos + datain.size()) == datain, comment);
359  push.erase(push.begin() + pos, push.begin() + pos + datain.size());
360  push.insert(push.begin() + pos, dataout.begin(), dataout.end());
361  return *this;
362  }
363 
364  TestBuilder& DamagePush(unsigned int pos)
365  {
366  assert(havePush);
367  assert(pos < push.size());
368  push[pos] ^= 1;
369  return *this;
370  }
371 
372  TestBuilder& Test()
373  {
374  TestBuilder copy = *this; // Make a copy so we can rollback the push.
375  DoPush();
376  DoTest(creditTx->vout[0].scriptPubKey, spendTx.vin[0].scriptSig, scriptWitness, flags, comment, scriptError, nValue);
377  *this = copy;
378  return *this;
379  }
380 
381  TestBuilder& AsWit()
382  {
383  assert(havePush);
384  scriptWitness.stack.push_back(push);
385  havePush = false;
386  return *this;
387  }
388 
389  UniValue GetJSON()
390  {
391  DoPush();
392  UniValue array(UniValue::VARR);
393  if (!scriptWitness.stack.empty()) {
395  for (unsigned i = 0; i < scriptWitness.stack.size(); i++) {
396  wit.push_back(HexStr(scriptWitness.stack[i]));
397  }
398  wit.push_back(ValueFromAmount(nValue));
399  array.push_back(std::move(wit));
400  }
401  array.push_back(FormatScript(spendTx.vin[0].scriptSig));
402  array.push_back(FormatScript(creditTx->vout[0].scriptPubKey));
403  array.push_back(FormatScriptFlags(flags));
404  array.push_back(FormatScriptError((ScriptError_t)scriptError));
405  array.push_back(comment);
406  return array;
407  }
408 
409  std::string GetComment() const
410  {
411  return comment;
412  }
413 };
414 
415 std::string JSONPrettyPrint(const UniValue& univalue)
416 {
417  std::string ret = univalue.write(4);
418  // Workaround for libunivalue pretty printer, which puts a space between commas and newlines
419  size_t pos = 0;
420  while ((pos = ret.find(" \n", pos)) != std::string::npos) {
421  ret.replace(pos, 2, "\n");
422  pos++;
423  }
424  return ret;
425 }
426 } // namespace
427 
428 BOOST_AUTO_TEST_CASE(script_build)
429 {
430  const KeyData keys;
431 
432  std::vector<TestBuilder> tests;
433 
434  tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
435  "P2PK", 0
436  ).PushSig(keys.key0));
437  tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
438  "P2PK, bad sig", 0
439  ).PushSig(keys.key0).DamagePush(10).ScriptError(SCRIPT_ERR_EVAL_FALSE));
440 
441  tests.push_back(TestBuilder(CScript() << OP_DUP << OP_HASH160 << ToByteVector(keys.pubkey1C.GetID()) << OP_EQUALVERIFY << OP_CHECKSIG,
442  "P2PKH", 0
443  ).PushSig(keys.key1).Push(keys.pubkey1C));
444  tests.push_back(TestBuilder(CScript() << OP_DUP << OP_HASH160 << ToByteVector(keys.pubkey2C.GetID()) << OP_EQUALVERIFY << OP_CHECKSIG,
445  "P2PKH, bad pubkey", 0
446  ).PushSig(keys.key2).Push(keys.pubkey2C).DamagePush(5).ScriptError(SCRIPT_ERR_EQUALVERIFY));
447 
448  tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG,
449  "P2PK anyonecanpay", 0
450  ).PushSig(keys.key1, SIGHASH_ALL | SIGHASH_ANYONECANPAY));
451  tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG,
452  "P2PK anyonecanpay marked with normal hashtype", 0
453  ).PushSig(keys.key1, SIGHASH_ALL | SIGHASH_ANYONECANPAY).EditPush(70, "81", "01").ScriptError(SCRIPT_ERR_EVAL_FALSE));
454 
455  tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0C) << OP_CHECKSIG,
456  "P2SH(P2PK)", SCRIPT_VERIFY_P2SH, true
457  ).PushSig(keys.key0).PushRedeem());
458  tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0C) << OP_CHECKSIG,
459  "P2SH(P2PK), bad redeemscript", SCRIPT_VERIFY_P2SH, true
460  ).PushSig(keys.key0).PushRedeem().DamagePush(10).ScriptError(SCRIPT_ERR_EVAL_FALSE));
461 
462  tests.push_back(TestBuilder(CScript() << OP_DUP << OP_HASH160 << ToByteVector(keys.pubkey0.GetID()) << OP_EQUALVERIFY << OP_CHECKSIG,
463  "P2SH(P2PKH)", SCRIPT_VERIFY_P2SH, true
464  ).PushSig(keys.key0).Push(keys.pubkey0).PushRedeem());
465  tests.push_back(TestBuilder(CScript() << OP_DUP << OP_HASH160 << ToByteVector(keys.pubkey1.GetID()) << OP_EQUALVERIFY << OP_CHECKSIG,
466  "P2SH(P2PKH), bad sig but no VERIFY_P2SH", 0, true
467  ).PushSig(keys.key0).DamagePush(10).PushRedeem());
468  tests.push_back(TestBuilder(CScript() << OP_DUP << OP_HASH160 << ToByteVector(keys.pubkey1.GetID()) << OP_EQUALVERIFY << OP_CHECKSIG,
469  "P2SH(P2PKH), bad sig", SCRIPT_VERIFY_P2SH, true
470  ).PushSig(keys.key0).DamagePush(10).PushRedeem().ScriptError(SCRIPT_ERR_EQUALVERIFY));
471 
472  tests.push_back(TestBuilder(CScript() << OP_3 << ToByteVector(keys.pubkey0C) << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_3 << OP_CHECKMULTISIG,
473  "3-of-3", 0
474  ).Num(0).PushSig(keys.key0).PushSig(keys.key1).PushSig(keys.key2));
475  tests.push_back(TestBuilder(CScript() << OP_3 << ToByteVector(keys.pubkey0C) << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_3 << OP_CHECKMULTISIG,
476  "3-of-3, 2 sigs", 0
477  ).Num(0).PushSig(keys.key0).PushSig(keys.key1).Num(0).ScriptError(SCRIPT_ERR_EVAL_FALSE));
478 
479  tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey0C) << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_3 << OP_CHECKMULTISIG,
480  "P2SH(2-of-3)", SCRIPT_VERIFY_P2SH, true
481  ).Num(0).PushSig(keys.key1).PushSig(keys.key2).PushRedeem());
482  tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey0C) << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_3 << OP_CHECKMULTISIG,
483  "P2SH(2-of-3), 1 sig", SCRIPT_VERIFY_P2SH, true
484  ).Num(0).PushSig(keys.key1).Num(0).PushRedeem().ScriptError(SCRIPT_ERR_EVAL_FALSE));
485 
486  tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
487  "P2PK with too much R padding but no DERSIG", 0
488  ).PushSig(keys.key1, SIGHASH_ALL, 31, 32).EditPush(1, "43021F", "44022000"));
489  tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
490  "P2PK with too much R padding", SCRIPT_VERIFY_DERSIG
491  ).PushSig(keys.key1, SIGHASH_ALL, 31, 32).EditPush(1, "43021F", "44022000").ScriptError(SCRIPT_ERR_SIG_DER));
492  tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
493  "P2PK with too much S padding but no DERSIG", 0
494  ).PushSig(keys.key1, SIGHASH_ALL).EditPush(1, "44", "45").EditPush(37, "20", "2100"));
495  tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
496  "P2PK with too much S padding", SCRIPT_VERIFY_DERSIG
497  ).PushSig(keys.key1, SIGHASH_ALL).EditPush(1, "44", "45").EditPush(37, "20", "2100").ScriptError(SCRIPT_ERR_SIG_DER));
498  tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
499  "P2PK with too little R padding but no DERSIG", 0
500  ).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220"));
501  tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
502  "P2PK with too little R padding", SCRIPT_VERIFY_DERSIG
503  ).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").ScriptError(SCRIPT_ERR_SIG_DER));
504  tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG << OP_NOT,
505  "P2PK NOT with bad sig with too much R padding but no DERSIG", 0
506  ).PushSig(keys.key2, SIGHASH_ALL, 31, 32).EditPush(1, "43021F", "44022000").DamagePush(10));
507  tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG << OP_NOT,
508  "P2PK NOT with bad sig with too much R padding", SCRIPT_VERIFY_DERSIG
509  ).PushSig(keys.key2, SIGHASH_ALL, 31, 32).EditPush(1, "43021F", "44022000").DamagePush(10).ScriptError(SCRIPT_ERR_SIG_DER));
510  tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG << OP_NOT,
511  "P2PK NOT with too much R padding but no DERSIG", 0
512  ).PushSig(keys.key2, SIGHASH_ALL, 31, 32).EditPush(1, "43021F", "44022000").ScriptError(SCRIPT_ERR_EVAL_FALSE));
513  tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG << OP_NOT,
514  "P2PK NOT with too much R padding", SCRIPT_VERIFY_DERSIG
515  ).PushSig(keys.key2, SIGHASH_ALL, 31, 32).EditPush(1, "43021F", "44022000").ScriptError(SCRIPT_ERR_SIG_DER));
516 
517  tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
518  "BIP66 example 1, without DERSIG", 0
519  ).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220"));
520  tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
521  "BIP66 example 1, with DERSIG", SCRIPT_VERIFY_DERSIG
522  ).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").ScriptError(SCRIPT_ERR_SIG_DER));
523  tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG << OP_NOT,
524  "BIP66 example 2, without DERSIG", 0
525  ).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").ScriptError(SCRIPT_ERR_EVAL_FALSE));
526  tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG << OP_NOT,
527  "BIP66 example 2, with DERSIG", SCRIPT_VERIFY_DERSIG
528  ).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").ScriptError(SCRIPT_ERR_SIG_DER));
529  tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
530  "BIP66 example 3, without DERSIG", 0
531  ).Num(0).ScriptError(SCRIPT_ERR_EVAL_FALSE));
532  tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
533  "BIP66 example 3, with DERSIG", SCRIPT_VERIFY_DERSIG
534  ).Num(0).ScriptError(SCRIPT_ERR_EVAL_FALSE));
535  tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG << OP_NOT,
536  "BIP66 example 4, without DERSIG", 0
537  ).Num(0));
538  tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG << OP_NOT,
539  "BIP66 example 4, with DERSIG", SCRIPT_VERIFY_DERSIG
540  ).Num(0));
541  tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
542  "BIP66 example 5, without DERSIG", 0
543  ).Num(1).ScriptError(SCRIPT_ERR_EVAL_FALSE));
544  tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
545  "BIP66 example 5, with DERSIG", SCRIPT_VERIFY_DERSIG
546  ).Num(1).ScriptError(SCRIPT_ERR_SIG_DER));
547  tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG << OP_NOT,
548  "BIP66 example 6, without DERSIG", 0
549  ).Num(1));
550  tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG << OP_NOT,
551  "BIP66 example 6, with DERSIG", SCRIPT_VERIFY_DERSIG
552  ).Num(1).ScriptError(SCRIPT_ERR_SIG_DER));
553  tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG,
554  "BIP66 example 7, without DERSIG", 0
555  ).Num(0).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").PushSig(keys.key2));
556  tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG,
557  "BIP66 example 7, with DERSIG", SCRIPT_VERIFY_DERSIG
558  ).Num(0).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").PushSig(keys.key2).ScriptError(SCRIPT_ERR_SIG_DER));
559  tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG << OP_NOT,
560  "BIP66 example 8, without DERSIG", 0
561  ).Num(0).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").PushSig(keys.key2).ScriptError(SCRIPT_ERR_EVAL_FALSE));
562  tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG << OP_NOT,
563  "BIP66 example 8, with DERSIG", SCRIPT_VERIFY_DERSIG
564  ).Num(0).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").PushSig(keys.key2).ScriptError(SCRIPT_ERR_SIG_DER));
565  tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG,
566  "BIP66 example 9, without DERSIG", 0
567  ).Num(0).Num(0).PushSig(keys.key2, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").ScriptError(SCRIPT_ERR_EVAL_FALSE));
568  tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG,
569  "BIP66 example 9, with DERSIG", SCRIPT_VERIFY_DERSIG
570  ).Num(0).Num(0).PushSig(keys.key2, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").ScriptError(SCRIPT_ERR_SIG_DER));
571  tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG << OP_NOT,
572  "BIP66 example 10, without DERSIG", 0
573  ).Num(0).Num(0).PushSig(keys.key2, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220"));
574  tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG << OP_NOT,
575  "BIP66 example 10, with DERSIG", SCRIPT_VERIFY_DERSIG
576  ).Num(0).Num(0).PushSig(keys.key2, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").ScriptError(SCRIPT_ERR_SIG_DER));
577  tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG,
578  "BIP66 example 11, without DERSIG", 0
579  ).Num(0).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").Num(0).ScriptError(SCRIPT_ERR_EVAL_FALSE));
580  tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG,
581  "BIP66 example 11, with DERSIG", SCRIPT_VERIFY_DERSIG
582  ).Num(0).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").Num(0).ScriptError(SCRIPT_ERR_EVAL_FALSE));
583  tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG << OP_NOT,
584  "BIP66 example 12, without DERSIG", 0
585  ).Num(0).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").Num(0));
586  tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG << OP_NOT,
587  "BIP66 example 12, with DERSIG", SCRIPT_VERIFY_DERSIG
588  ).Num(0).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").Num(0));
589  tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG,
590  "P2PK with multi-byte hashtype, without DERSIG", 0
591  ).PushSig(keys.key2, SIGHASH_ALL).EditPush(70, "01", "0101"));
592  tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG,
593  "P2PK with multi-byte hashtype, with DERSIG", SCRIPT_VERIFY_DERSIG
594  ).PushSig(keys.key2, SIGHASH_ALL).EditPush(70, "01", "0101").ScriptError(SCRIPT_ERR_SIG_DER));
595 
596  tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG,
597  "P2PK with high S but no LOW_S", 0
598  ).PushSig(keys.key2, SIGHASH_ALL, 32, 33));
599  tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG,
600  "P2PK with high S", SCRIPT_VERIFY_LOW_S
601  ).PushSig(keys.key2, SIGHASH_ALL, 32, 33).ScriptError(SCRIPT_ERR_SIG_HIGH_S));
602 
603  tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0H) << OP_CHECKSIG,
604  "P2PK with hybrid pubkey but no STRICTENC", 0
605  ).PushSig(keys.key0, SIGHASH_ALL));
606  tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0H) << OP_CHECKSIG,
607  "P2PK with hybrid pubkey", SCRIPT_VERIFY_STRICTENC
608  ).PushSig(keys.key0, SIGHASH_ALL).ScriptError(SCRIPT_ERR_PUBKEYTYPE));
609  tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0H) << OP_CHECKSIG << OP_NOT,
610  "P2PK NOT with hybrid pubkey but no STRICTENC", 0
611  ).PushSig(keys.key0, SIGHASH_ALL).ScriptError(SCRIPT_ERR_EVAL_FALSE));
612  tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0H) << OP_CHECKSIG << OP_NOT,
613  "P2PK NOT with hybrid pubkey", SCRIPT_VERIFY_STRICTENC
614  ).PushSig(keys.key0, SIGHASH_ALL).ScriptError(SCRIPT_ERR_PUBKEYTYPE));
615  tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0H) << OP_CHECKSIG << OP_NOT,
616  "P2PK NOT with invalid hybrid pubkey but no STRICTENC", 0
617  ).PushSig(keys.key0, SIGHASH_ALL).DamagePush(10));
618  tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0H) << OP_CHECKSIG << OP_NOT,
619  "P2PK NOT with invalid hybrid pubkey", SCRIPT_VERIFY_STRICTENC
620  ).PushSig(keys.key0, SIGHASH_ALL).DamagePush(10).ScriptError(SCRIPT_ERR_PUBKEYTYPE));
621  tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey0H) << ToByteVector(keys.pubkey1C) << OP_2 << OP_CHECKMULTISIG,
622  "1-of-2 with the second 1 hybrid pubkey and no STRICTENC", 0
623  ).Num(0).PushSig(keys.key1, SIGHASH_ALL));
624  tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey0H) << ToByteVector(keys.pubkey1C) << OP_2 << OP_CHECKMULTISIG,
625  "1-of-2 with the second 1 hybrid pubkey", SCRIPT_VERIFY_STRICTENC
626  ).Num(0).PushSig(keys.key1, SIGHASH_ALL));
627  tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey0H) << OP_2 << OP_CHECKMULTISIG,
628  "1-of-2 with the first 1 hybrid pubkey", SCRIPT_VERIFY_STRICTENC
629  ).Num(0).PushSig(keys.key1, SIGHASH_ALL).ScriptError(SCRIPT_ERR_PUBKEYTYPE));
630 
631  tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG,
632  "P2PK with undefined hashtype but no STRICTENC", 0
633  ).PushSig(keys.key1, 5));
634  tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG,
635  "P2PK with undefined hashtype", SCRIPT_VERIFY_STRICTENC
636  ).PushSig(keys.key1, 5).ScriptError(SCRIPT_ERR_SIG_HASHTYPE));
637  tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG << OP_NOT,
638  "P2PK NOT with invalid sig and undefined hashtype but no STRICTENC", 0
639  ).PushSig(keys.key1, 5).DamagePush(10));
640  tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG << OP_NOT,
641  "P2PK NOT with invalid sig and undefined hashtype", SCRIPT_VERIFY_STRICTENC
642  ).PushSig(keys.key1, 5).DamagePush(10).ScriptError(SCRIPT_ERR_SIG_HASHTYPE));
643 
644  tests.push_back(TestBuilder(CScript() << OP_3 << ToByteVector(keys.pubkey0C) << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_3 << OP_CHECKMULTISIG,
645  "3-of-3 with nonzero dummy but no NULLDUMMY", 0
646  ).Num(1).PushSig(keys.key0).PushSig(keys.key1).PushSig(keys.key2));
647  tests.push_back(TestBuilder(CScript() << OP_3 << ToByteVector(keys.pubkey0C) << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_3 << OP_CHECKMULTISIG,
648  "3-of-3 with nonzero dummy", SCRIPT_VERIFY_NULLDUMMY
649  ).Num(1).PushSig(keys.key0).PushSig(keys.key1).PushSig(keys.key2).ScriptError(SCRIPT_ERR_SIG_NULLDUMMY));
650  tests.push_back(TestBuilder(CScript() << OP_3 << ToByteVector(keys.pubkey0C) << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_3 << OP_CHECKMULTISIG << OP_NOT,
651  "3-of-3 NOT with invalid sig and nonzero dummy but no NULLDUMMY", 0
652  ).Num(1).PushSig(keys.key0).PushSig(keys.key1).PushSig(keys.key2).DamagePush(10));
653  tests.push_back(TestBuilder(CScript() << OP_3 << ToByteVector(keys.pubkey0C) << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_3 << OP_CHECKMULTISIG << OP_NOT,
654  "3-of-3 NOT with invalid sig with nonzero dummy", SCRIPT_VERIFY_NULLDUMMY
655  ).Num(1).PushSig(keys.key0).PushSig(keys.key1).PushSig(keys.key2).DamagePush(10).ScriptError(SCRIPT_ERR_SIG_NULLDUMMY));
656 
657  tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey1C) << OP_2 << OP_CHECKMULTISIG,
658  "2-of-2 with two identical keys and sigs pushed using OP_DUP but no SIGPUSHONLY", 0
659  ).Num(0).PushSig(keys.key1).Opcode(OP_DUP));
660  tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey1C) << OP_2 << OP_CHECKMULTISIG,
661  "2-of-2 with two identical keys and sigs pushed using OP_DUP", SCRIPT_VERIFY_SIGPUSHONLY
662  ).Num(0).PushSig(keys.key1).Opcode(OP_DUP).ScriptError(SCRIPT_ERR_SIG_PUSHONLY));
663  tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG,
664  "P2SH(P2PK) with non-push scriptSig but no P2SH or SIGPUSHONLY", 0, true
665  ).PushSig(keys.key2).Opcode(OP_NOP8).PushRedeem());
666  tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG,
667  "P2PK with non-push scriptSig but with P2SH validation", 0
668  ).PushSig(keys.key2).Opcode(OP_NOP8));
669  tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG,
670  "P2SH(P2PK) with non-push scriptSig but no SIGPUSHONLY", SCRIPT_VERIFY_P2SH, true
671  ).PushSig(keys.key2).Opcode(OP_NOP8).PushRedeem().ScriptError(SCRIPT_ERR_SIG_PUSHONLY));
672  tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG,
673  "P2SH(P2PK) with non-push scriptSig but not P2SH", SCRIPT_VERIFY_SIGPUSHONLY, true
674  ).PushSig(keys.key2).Opcode(OP_NOP8).PushRedeem().ScriptError(SCRIPT_ERR_SIG_PUSHONLY));
675  tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey1C) << OP_2 << OP_CHECKMULTISIG,
676  "2-of-2 with two identical keys and sigs pushed", SCRIPT_VERIFY_SIGPUSHONLY
677  ).Num(0).PushSig(keys.key1).PushSig(keys.key1));
678  tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
679  "P2PK with unnecessary input but no CLEANSTACK", SCRIPT_VERIFY_P2SH
680  ).Num(11).PushSig(keys.key0));
681  tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
682  "P2PK with unnecessary input", SCRIPT_VERIFY_CLEANSTACK | SCRIPT_VERIFY_P2SH
683  ).Num(11).PushSig(keys.key0).ScriptError(SCRIPT_ERR_CLEANSTACK));
684  tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
685  "P2SH with unnecessary input but no CLEANSTACK", SCRIPT_VERIFY_P2SH, true
686  ).Num(11).PushSig(keys.key0).PushRedeem());
687  tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
688  "P2SH with unnecessary input", SCRIPT_VERIFY_CLEANSTACK | SCRIPT_VERIFY_P2SH, true
689  ).Num(11).PushSig(keys.key0).PushRedeem().ScriptError(SCRIPT_ERR_CLEANSTACK));
690  tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
691  "P2SH with CLEANSTACK", SCRIPT_VERIFY_CLEANSTACK | SCRIPT_VERIFY_P2SH, true
692  ).PushSig(keys.key0).PushRedeem());
693 
694  tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
695  "Basic P2WSH", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false, WitnessMode::SH,
696  0, 1).PushWitSig(keys.key0).PushWitRedeem());
697  tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0),
698  "Basic P2WPKH", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false, WitnessMode::PKH,
699  0, 1).PushWitSig(keys.key0).Push(keys.pubkey0).AsWit());
700  tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
701  "Basic P2SH(P2WSH)", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, true, WitnessMode::SH,
702  0, 1).PushWitSig(keys.key0).PushWitRedeem().PushRedeem());
703  tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0),
704  "Basic P2SH(P2WPKH)", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, true, WitnessMode::PKH,
705  0, 1).PushWitSig(keys.key0).Push(keys.pubkey0).AsWit().PushRedeem());
706  tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG,
707  "Basic P2WSH with the wrong key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false, WitnessMode::SH
708  ).PushWitSig(keys.key0).PushWitRedeem().ScriptError(SCRIPT_ERR_EVAL_FALSE));
709  tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1),
710  "Basic P2WPKH with the wrong key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false, WitnessMode::PKH
711  ).PushWitSig(keys.key0).Push(keys.pubkey1).AsWit().ScriptError(SCRIPT_ERR_EVAL_FALSE));
712  tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG,
713  "Basic P2SH(P2WSH) with the wrong key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, true, WitnessMode::SH
714  ).PushWitSig(keys.key0).PushWitRedeem().PushRedeem().ScriptError(SCRIPT_ERR_EVAL_FALSE));
715  tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1),
716  "Basic P2SH(P2WPKH) with the wrong key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, true, WitnessMode::PKH
717  ).PushWitSig(keys.key0).Push(keys.pubkey1).AsWit().PushRedeem().ScriptError(SCRIPT_ERR_EVAL_FALSE));
718  tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG,
719  "Basic P2WSH with the wrong key but no WITNESS", SCRIPT_VERIFY_P2SH, false, WitnessMode::SH
720  ).PushWitSig(keys.key0).PushWitRedeem());
721  tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1),
722  "Basic P2WPKH with the wrong key but no WITNESS", SCRIPT_VERIFY_P2SH, false, WitnessMode::PKH
723  ).PushWitSig(keys.key0).Push(keys.pubkey1).AsWit());
724  tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG,
725  "Basic P2SH(P2WSH) with the wrong key but no WITNESS", SCRIPT_VERIFY_P2SH, true, WitnessMode::SH
726  ).PushWitSig(keys.key0).PushWitRedeem().PushRedeem());
727  tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1),
728  "Basic P2SH(P2WPKH) with the wrong key but no WITNESS", SCRIPT_VERIFY_P2SH, true, WitnessMode::PKH
729  ).PushWitSig(keys.key0).Push(keys.pubkey1).AsWit().PushRedeem());
730  tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
731  "Basic P2WSH with wrong value", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false, WitnessMode::SH,
732  0, 0).PushWitSig(keys.key0, 1).PushWitRedeem().ScriptError(SCRIPT_ERR_EVAL_FALSE));
733  tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0),
734  "Basic P2WPKH with wrong value", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false, WitnessMode::PKH,
735  0, 0).PushWitSig(keys.key0, 1).Push(keys.pubkey0).AsWit().ScriptError(SCRIPT_ERR_EVAL_FALSE));
736  tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
737  "Basic P2SH(P2WSH) with wrong value", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, true, WitnessMode::SH,
738  0, 0).PushWitSig(keys.key0, 1).PushWitRedeem().PushRedeem().ScriptError(SCRIPT_ERR_EVAL_FALSE));
739  tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0),
740  "Basic P2SH(P2WPKH) with wrong value", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, true, WitnessMode::PKH,
741  0, 0).PushWitSig(keys.key0, 1).Push(keys.pubkey0).AsWit().PushRedeem().ScriptError(SCRIPT_ERR_EVAL_FALSE));
742 
743  tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0),
744  "P2WPKH with future witness version", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH |
745  SCRIPT_VERIFY_DISCOURAGE_UPGRADABLE_WITNESS_PROGRAM, false, WitnessMode::PKH, 1
746  ).PushWitSig(keys.key0).Push(keys.pubkey0).AsWit().ScriptError(SCRIPT_ERR_DISCOURAGE_UPGRADABLE_WITNESS_PROGRAM));
747  {
748  CScript witscript = CScript() << ToByteVector(keys.pubkey0);
749  uint256 hash;
750  CSHA256().Write(witscript.data(), witscript.size()).Finalize(hash.begin());
751  std::vector<unsigned char> hashBytes = ToByteVector(hash);
752  hashBytes.pop_back();
753  tests.push_back(TestBuilder(CScript() << OP_0 << hashBytes,
754  "P2WPKH with wrong witness program length", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false
755  ).PushWitSig(keys.key0).Push(keys.pubkey0).AsWit().ScriptError(SCRIPT_ERR_WITNESS_PROGRAM_WRONG_LENGTH));
756  }
757  tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
758  "P2WSH with empty witness", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false, WitnessMode::SH
760  {
761  CScript witscript = CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG;
762  tests.push_back(TestBuilder(witscript,
763  "P2WSH with witness program mismatch", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false, WitnessMode::SH
764  ).PushWitSig(keys.key0).Push(witscript).DamagePush(0).AsWit().ScriptError(SCRIPT_ERR_WITNESS_PROGRAM_MISMATCH));
765  }
766  tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0),
767  "P2WPKH with witness program mismatch", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false, WitnessMode::PKH
768  ).PushWitSig(keys.key0).Push(keys.pubkey0).AsWit().Push("0").AsWit().ScriptError(SCRIPT_ERR_WITNESS_PROGRAM_MISMATCH));
769  tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0),
770  "P2WPKH with non-empty scriptSig", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false, WitnessMode::PKH
771  ).PushWitSig(keys.key0).Push(keys.pubkey0).AsWit().Num(11).ScriptError(SCRIPT_ERR_WITNESS_MALLEATED));
772  tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1),
773  "P2SH(P2WPKH) with superfluous push in scriptSig", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, true, WitnessMode::PKH
774  ).PushWitSig(keys.key0).Push(keys.pubkey1).AsWit().Num(11).PushRedeem().ScriptError(SCRIPT_ERR_WITNESS_MALLEATED_P2SH));
775  tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
776  "P2PK with witness", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH
777  ).PushSig(keys.key0).Push("0").AsWit().ScriptError(SCRIPT_ERR_WITNESS_UNEXPECTED));
778 
779  // Compressed keys should pass SCRIPT_VERIFY_WITNESS_PUBKEYTYPE
780  tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0C) << OP_CHECKSIG,
781  "Basic P2WSH with compressed key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, false, WitnessMode::SH,
782  0, 1).PushWitSig(keys.key0C).PushWitRedeem());
783  tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0C),
784  "Basic P2WPKH with compressed key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, false, WitnessMode::PKH,
785  0, 1).PushWitSig(keys.key0C).Push(keys.pubkey0C).AsWit());
786  tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0C) << OP_CHECKSIG,
787  "Basic P2SH(P2WSH) with compressed key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, true, WitnessMode::SH,
788  0, 1).PushWitSig(keys.key0C).PushWitRedeem().PushRedeem());
789  tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0C),
790  "Basic P2SH(P2WPKH) with compressed key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, true, WitnessMode::PKH,
791  0, 1).PushWitSig(keys.key0C).Push(keys.pubkey0C).AsWit().PushRedeem());
792 
793  // Testing uncompressed key in witness with SCRIPT_VERIFY_WITNESS_PUBKEYTYPE
794  tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
795  "Basic P2WSH", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, false, WitnessMode::SH,
796  0, 1).PushWitSig(keys.key0).PushWitRedeem().ScriptError(SCRIPT_ERR_WITNESS_PUBKEYTYPE));
797  tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0),
798  "Basic P2WPKH", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, false, WitnessMode::PKH,
799  0, 1).PushWitSig(keys.key0).Push(keys.pubkey0).AsWit().ScriptError(SCRIPT_ERR_WITNESS_PUBKEYTYPE));
800  tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
801  "Basic P2SH(P2WSH)", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, true, WitnessMode::SH,
802  0, 1).PushWitSig(keys.key0).PushWitRedeem().PushRedeem().ScriptError(SCRIPT_ERR_WITNESS_PUBKEYTYPE));
803  tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0),
804  "Basic P2SH(P2WPKH)", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, true, WitnessMode::PKH,
805  0, 1).PushWitSig(keys.key0).Push(keys.pubkey0).AsWit().PushRedeem().ScriptError(SCRIPT_ERR_WITNESS_PUBKEYTYPE));
806 
807  // P2WSH 1-of-2 multisig with compressed keys
808  tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey0C) << OP_2 << OP_CHECKMULTISIG,
809  "P2WSH CHECKMULTISIG with compressed keys", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, false, WitnessMode::SH,
810  0, 1).Push(CScript()).AsWit().PushWitSig(keys.key0C).PushWitRedeem());
811  tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey0C) << OP_2 << OP_CHECKMULTISIG,
812  "P2SH(P2WSH) CHECKMULTISIG with compressed keys", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, true, WitnessMode::SH,
813  0, 1).Push(CScript()).AsWit().PushWitSig(keys.key0C).PushWitRedeem().PushRedeem());
814  tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey0C) << OP_2 << OP_CHECKMULTISIG,
815  "P2WSH CHECKMULTISIG with compressed keys", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, false, WitnessMode::SH,
816  0, 1).Push(CScript()).AsWit().PushWitSig(keys.key1C).PushWitRedeem());
817  tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey0C) << OP_2 << OP_CHECKMULTISIG,
818  "P2SH(P2WSH) CHECKMULTISIG with compressed keys", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, true, WitnessMode::SH,
819  0, 1).Push(CScript()).AsWit().PushWitSig(keys.key1C).PushWitRedeem().PushRedeem());
820 
821  // P2WSH 1-of-2 multisig with first key uncompressed
822  tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey0) << OP_2 << OP_CHECKMULTISIG,
823  "P2WSH CHECKMULTISIG with first key uncompressed and signing with the first key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false, WitnessMode::SH,
824  0, 1).Push(CScript()).AsWit().PushWitSig(keys.key0).PushWitRedeem());
825  tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey0) << OP_2 << OP_CHECKMULTISIG,
826  "P2SH(P2WSH) CHECKMULTISIG first key uncompressed and signing with the first key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, true, WitnessMode::SH,
827  0, 1).Push(CScript()).AsWit().PushWitSig(keys.key0).PushWitRedeem().PushRedeem());
828  tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey0) << OP_2 << OP_CHECKMULTISIG,
829  "P2WSH CHECKMULTISIG with first key uncompressed and signing with the first key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, false, WitnessMode::SH,
830  0, 1).Push(CScript()).AsWit().PushWitSig(keys.key0).PushWitRedeem().ScriptError(SCRIPT_ERR_WITNESS_PUBKEYTYPE));
831  tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey0) << OP_2 << OP_CHECKMULTISIG,
832  "P2SH(P2WSH) CHECKMULTISIG with first key uncompressed and signing with the first key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, true, WitnessMode::SH,
833  0, 1).Push(CScript()).AsWit().PushWitSig(keys.key0).PushWitRedeem().PushRedeem().ScriptError(SCRIPT_ERR_WITNESS_PUBKEYTYPE));
834  tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey0) << OP_2 << OP_CHECKMULTISIG,
835  "P2WSH CHECKMULTISIG with first key uncompressed and signing with the second key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false, WitnessMode::SH,
836  0, 1).Push(CScript()).AsWit().PushWitSig(keys.key1C).PushWitRedeem());
837  tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey0) << OP_2 << OP_CHECKMULTISIG,
838  "P2SH(P2WSH) CHECKMULTISIG with first key uncompressed and signing with the second key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, true, WitnessMode::SH,
839  0, 1).Push(CScript()).AsWit().PushWitSig(keys.key1C).PushWitRedeem().PushRedeem());
840  tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey0) << OP_2 << OP_CHECKMULTISIG,
841  "P2WSH CHECKMULTISIG with first key uncompressed and signing with the second key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, false, WitnessMode::SH,
842  0, 1).Push(CScript()).AsWit().PushWitSig(keys.key1C).PushWitRedeem().ScriptError(SCRIPT_ERR_WITNESS_PUBKEYTYPE));
843  tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey0) << OP_2 << OP_CHECKMULTISIG,
844  "P2SH(P2WSH) CHECKMULTISIG with first key uncompressed and signing with the second key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, true, WitnessMode::SH,
845  0, 1).Push(CScript()).AsWit().PushWitSig(keys.key1C).PushWitRedeem().PushRedeem().ScriptError(SCRIPT_ERR_WITNESS_PUBKEYTYPE));
846  // P2WSH 1-of-2 multisig with second key uncompressed
847  tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1) << ToByteVector(keys.pubkey0C) << OP_2 << OP_CHECKMULTISIG,
848  "P2WSH CHECKMULTISIG with second key uncompressed and signing with the first key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false, WitnessMode::SH,
849  0, 1).Push(CScript()).AsWit().PushWitSig(keys.key0C).PushWitRedeem());
850  tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1) << ToByteVector(keys.pubkey0C) << OP_2 << OP_CHECKMULTISIG,
851  "P2SH(P2WSH) CHECKMULTISIG second key uncompressed and signing with the first key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, true, WitnessMode::SH,
852  0, 1).Push(CScript()).AsWit().PushWitSig(keys.key0C).PushWitRedeem().PushRedeem());
853  tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1) << ToByteVector(keys.pubkey0C) << OP_2 << OP_CHECKMULTISIG,
854  "P2WSH CHECKMULTISIG with second key uncompressed and signing with the first key should pass as the uncompressed key is not used", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, false, WitnessMode::SH,
855  0, 1).Push(CScript()).AsWit().PushWitSig(keys.key0C).PushWitRedeem());
856  tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1) << ToByteVector(keys.pubkey0C) << OP_2 << OP_CHECKMULTISIG,
857  "P2SH(P2WSH) CHECKMULTISIG with second key uncompressed and signing with the first key should pass as the uncompressed key is not used", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, true, WitnessMode::SH,
858  0, 1).Push(CScript()).AsWit().PushWitSig(keys.key0C).PushWitRedeem().PushRedeem());
859  tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1) << ToByteVector(keys.pubkey0C) << OP_2 << OP_CHECKMULTISIG,
860  "P2WSH CHECKMULTISIG with second key uncompressed and signing with the second key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false, WitnessMode::SH,
861  0, 1).Push(CScript()).AsWit().PushWitSig(keys.key1).PushWitRedeem());
862  tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1) << ToByteVector(keys.pubkey0C) << OP_2 << OP_CHECKMULTISIG,
863  "P2SH(P2WSH) CHECKMULTISIG with second key uncompressed and signing with the second key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, true, WitnessMode::SH,
864  0, 1).Push(CScript()).AsWit().PushWitSig(keys.key1).PushWitRedeem().PushRedeem());
865  tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1) << ToByteVector(keys.pubkey0C) << OP_2 << OP_CHECKMULTISIG,
866  "P2WSH CHECKMULTISIG with second key uncompressed and signing with the second key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, false, WitnessMode::SH,
867  0, 1).Push(CScript()).AsWit().PushWitSig(keys.key1).PushWitRedeem().ScriptError(SCRIPT_ERR_WITNESS_PUBKEYTYPE));
868  tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1) << ToByteVector(keys.pubkey0C) << OP_2 << OP_CHECKMULTISIG,
869  "P2SH(P2WSH) CHECKMULTISIG with second key uncompressed and signing with the second key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, true, WitnessMode::SH,
870  0, 1).Push(CScript()).AsWit().PushWitSig(keys.key1).PushWitRedeem().PushRedeem().ScriptError(SCRIPT_ERR_WITNESS_PUBKEYTYPE));
871 
872  std::set<std::string> tests_set;
873 
874  {
875  UniValue json_tests = read_json(json_tests::script_tests);
876 
877  for (unsigned int idx = 0; idx < json_tests.size(); idx++) {
878  const UniValue& tv = json_tests[idx];
879  tests_set.insert(JSONPrettyPrint(tv.get_array()));
880  }
881  }
882 
883 #ifdef UPDATE_JSON_TESTS
884  std::string strGen;
885 #endif
886  for (TestBuilder& test : tests) {
887  test.Test();
888  std::string str = JSONPrettyPrint(test.GetJSON());
889 #ifdef UPDATE_JSON_TESTS
890  strGen += str + ",\n";
891 #else
892  if (tests_set.count(str) == 0) {
893  BOOST_CHECK_MESSAGE(false, "Missing auto script_valid test: " + test.GetComment());
894  }
895 #endif
896  }
897 
898 #ifdef UPDATE_JSON_TESTS
899  FILE* file = fsbridge::fopen("script_tests.json.gen", "w");
900  fputs(strGen.c_str(), file);
901  fclose(file);
902 #endif
903 }
904 
905 BOOST_AUTO_TEST_CASE(script_json_test)
906 {
907  // Read tests from test/data/script_tests.json
908  // Format is an array of arrays
909  // Inner arrays are [ ["wit"..., nValue]?, "scriptSig", "scriptPubKey", "flags", "expected_scripterror" ]
910  // ... where scriptSig and scriptPubKey are stringified
911  // scripts.
912  // If a witness is given, then the last value in the array should be the
913  // amount (nValue) to use in the crediting tx
914  UniValue tests = read_json(json_tests::script_tests);
915 
916  for (unsigned int idx = 0; idx < tests.size(); idx++) {
917  const UniValue& test = tests[idx];
918  std::string strTest = test.write();
919  CScriptWitness witness;
920  CAmount nValue = 0;
921  unsigned int pos = 0;
922  if (test.size() > 0 && test[pos].isArray()) {
923  unsigned int i=0;
924  for (i = 0; i < test[pos].size()-1; i++) {
925  witness.stack.push_back(ParseHex(test[pos][i].get_str()));
926  }
927  nValue = AmountFromValue(test[pos][i]);
928  pos++;
929  }
930  if (test.size() < 4 + pos) // Allow size > 3; extra stuff ignored (useful for comments)
931  {
932  if (test.size() != 1) {
933  BOOST_ERROR("Bad test: " << strTest);
934  }
935  continue;
936  }
937  std::string scriptSigString = test[pos++].get_str();
938  CScript scriptSig = ParseScript(scriptSigString);
939  std::string scriptPubKeyString = test[pos++].get_str();
940  CScript scriptPubKey = ParseScript(scriptPubKeyString);
941  unsigned int scriptflags = ParseScriptFlags(test[pos++].get_str());
942  int scriptError = ParseScriptError(test[pos++].get_str());
943 
944  DoTest(scriptPubKey, scriptSig, witness, scriptflags, strTest, scriptError, nValue);
945  }
946 }
947 
948 BOOST_AUTO_TEST_CASE(script_PushData)
949 {
950  // Check that PUSHDATA1, PUSHDATA2, and PUSHDATA4 create the same value on
951  // the stack as the 1-75 opcodes do.
952  static const unsigned char direct[] = { 1, 0x5a };
953  static const unsigned char pushdata1[] = { OP_PUSHDATA1, 1, 0x5a };
954  static const unsigned char pushdata2[] = { OP_PUSHDATA2, 1, 0, 0x5a };
955  static const unsigned char pushdata4[] = { OP_PUSHDATA4, 1, 0, 0, 0, 0x5a };
956 
957  ScriptError err;
958  std::vector<std::vector<unsigned char> > directStack;
959  BOOST_CHECK(EvalScript(directStack, CScript(direct, direct + sizeof(direct)), SCRIPT_VERIFY_P2SH, BaseSignatureChecker(), SigVersion::BASE, &err));
960  BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
961 
962  std::vector<std::vector<unsigned char> > pushdata1Stack;
963  BOOST_CHECK(EvalScript(pushdata1Stack, CScript(pushdata1, pushdata1 + sizeof(pushdata1)), SCRIPT_VERIFY_P2SH, BaseSignatureChecker(), SigVersion::BASE, &err));
964  BOOST_CHECK(pushdata1Stack == directStack);
965  BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
966 
967  std::vector<std::vector<unsigned char> > pushdata2Stack;
968  BOOST_CHECK(EvalScript(pushdata2Stack, CScript(pushdata2, pushdata2 + sizeof(pushdata2)), SCRIPT_VERIFY_P2SH, BaseSignatureChecker(), SigVersion::BASE, &err));
969  BOOST_CHECK(pushdata2Stack == directStack);
970  BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
971 
972  std::vector<std::vector<unsigned char> > pushdata4Stack;
973  BOOST_CHECK(EvalScript(pushdata4Stack, CScript(pushdata4, pushdata4 + sizeof(pushdata4)), SCRIPT_VERIFY_P2SH, BaseSignatureChecker(), SigVersion::BASE, &err));
974  BOOST_CHECK(pushdata4Stack == directStack);
975  BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
976 
977  const std::vector<unsigned char> pushdata1_trunc{OP_PUSHDATA1, 1};
978  const std::vector<unsigned char> pushdata2_trunc{OP_PUSHDATA2, 1, 0};
979  const std::vector<unsigned char> pushdata4_trunc{OP_PUSHDATA4, 1, 0, 0, 0};
980 
981  std::vector<std::vector<unsigned char>> stack_ignore;
982  BOOST_CHECK(!EvalScript(stack_ignore, CScript(pushdata1_trunc.begin(), pushdata1_trunc.end()), SCRIPT_VERIFY_P2SH, BaseSignatureChecker(), SigVersion::BASE, &err));
984  BOOST_CHECK(!EvalScript(stack_ignore, CScript(pushdata2_trunc.begin(), pushdata2_trunc.end()), SCRIPT_VERIFY_P2SH, BaseSignatureChecker(), SigVersion::BASE, &err));
986  BOOST_CHECK(!EvalScript(stack_ignore, CScript(pushdata4_trunc.begin(), pushdata4_trunc.end()), SCRIPT_VERIFY_P2SH, BaseSignatureChecker(), SigVersion::BASE, &err));
988 }
989 
990 BOOST_AUTO_TEST_CASE(script_cltv_truncated)
991 {
992  const auto script_cltv_trunc = CScript() << OP_CHECKLOCKTIMEVERIFY;
993 
994  std::vector<std::vector<unsigned char>> stack_ignore;
995  ScriptError err;
998 }
999 
1000 static CScript
1001 sign_multisig(const CScript& scriptPubKey, const std::vector<CKey>& keys, const CTransaction& transaction)
1002 {
1003  uint256 hash = SignatureHash(scriptPubKey, transaction, 0, SIGHASH_ALL, 0, SigVersion::BASE);
1004 
1005  CScript result;
1006  //
1007  // NOTE: CHECKMULTISIG has an unfortunate bug; it requires
1008  // one extra item on the stack, before the signatures.
1009  // Putting OP_0 on the stack is the workaround;
1010  // fixing the bug would mean splitting the block chain (old
1011  // clients would not accept new CHECKMULTISIG transactions,
1012  // and vice-versa)
1013  //
1014  result << OP_0;
1015  for (const CKey &key : keys)
1016  {
1017  std::vector<unsigned char> vchSig;
1018  BOOST_CHECK(key.Sign(hash, vchSig));
1019  vchSig.push_back((unsigned char)SIGHASH_ALL);
1020  result << vchSig;
1021  }
1022  return result;
1023 }
1024 static CScript
1025 sign_multisig(const CScript& scriptPubKey, const CKey& key, const CTransaction& transaction)
1026 {
1027  std::vector<CKey> keys;
1028  keys.push_back(key);
1029  return sign_multisig(scriptPubKey, keys, transaction);
1030 }
1031 
1032 BOOST_AUTO_TEST_CASE(script_CHECKMULTISIG12)
1033 {
1034  ScriptError err;
1035  CKey key1 = GenerateRandomKey();
1036  CKey key2 = GenerateRandomKey(/*compressed=*/false);
1037  CKey key3 = GenerateRandomKey();
1038 
1039  CScript scriptPubKey12;
1040  scriptPubKey12 << OP_1 << ToByteVector(key1.GetPubKey()) << ToByteVector(key2.GetPubKey()) << OP_2 << OP_CHECKMULTISIG;
1041 
1042  const CTransaction txFrom12{BuildCreditingTransaction(scriptPubKey12)};
1044 
1045  CScript goodsig1 = sign_multisig(scriptPubKey12, key1, CTransaction(txTo12));
1046  BOOST_CHECK(VerifyScript(goodsig1, scriptPubKey12, nullptr, gFlags, MutableTransactionSignatureChecker(&txTo12, 0, txFrom12.vout[0].nValue, MissingDataBehavior::ASSERT_FAIL), &err));
1047  BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
1048  txTo12.vout[0].nValue = 2;
1049  BOOST_CHECK(!VerifyScript(goodsig1, scriptPubKey12, nullptr, gFlags, MutableTransactionSignatureChecker(&txTo12, 0, txFrom12.vout[0].nValue, MissingDataBehavior::ASSERT_FAIL), &err));
1050  BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_EVAL_FALSE, ScriptErrorString(err));
1051 
1052  CScript goodsig2 = sign_multisig(scriptPubKey12, key2, CTransaction(txTo12));
1053  BOOST_CHECK(VerifyScript(goodsig2, scriptPubKey12, nullptr, gFlags, MutableTransactionSignatureChecker(&txTo12, 0, txFrom12.vout[0].nValue, MissingDataBehavior::ASSERT_FAIL), &err));
1054  BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
1055 
1056  CScript badsig1 = sign_multisig(scriptPubKey12, key3, CTransaction(txTo12));
1057  BOOST_CHECK(!VerifyScript(badsig1, scriptPubKey12, nullptr, gFlags, MutableTransactionSignatureChecker(&txTo12, 0, txFrom12.vout[0].nValue, MissingDataBehavior::ASSERT_FAIL), &err));
1058  BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_EVAL_FALSE, ScriptErrorString(err));
1059 }
1060 
1061 BOOST_AUTO_TEST_CASE(script_CHECKMULTISIG23)
1062 {
1063  ScriptError err;
1064  CKey key1 = GenerateRandomKey();
1065  CKey key2 = GenerateRandomKey(/*compressed=*/false);
1066  CKey key3 = GenerateRandomKey();
1067  CKey key4 = GenerateRandomKey(/*compressed=*/false);
1068 
1069  CScript scriptPubKey23;
1070  scriptPubKey23 << OP_2 << ToByteVector(key1.GetPubKey()) << ToByteVector(key2.GetPubKey()) << ToByteVector(key3.GetPubKey()) << OP_3 << OP_CHECKMULTISIG;
1071 
1072  const CTransaction txFrom23{BuildCreditingTransaction(scriptPubKey23)};
1074 
1075  std::vector<CKey> keys;
1076  keys.push_back(key1); keys.push_back(key2);
1077  CScript goodsig1 = sign_multisig(scriptPubKey23, keys, CTransaction(txTo23));
1078  BOOST_CHECK(VerifyScript(goodsig1, scriptPubKey23, nullptr, gFlags, MutableTransactionSignatureChecker(&txTo23, 0, txFrom23.vout[0].nValue, MissingDataBehavior::ASSERT_FAIL), &err));
1079  BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
1080 
1081  keys.clear();
1082  keys.push_back(key1); keys.push_back(key3);
1083  CScript goodsig2 = sign_multisig(scriptPubKey23, keys, CTransaction(txTo23));
1084  BOOST_CHECK(VerifyScript(goodsig2, scriptPubKey23, nullptr, gFlags, MutableTransactionSignatureChecker(&txTo23, 0, txFrom23.vout[0].nValue, MissingDataBehavior::ASSERT_FAIL), &err));
1085  BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
1086 
1087  keys.clear();
1088  keys.push_back(key2); keys.push_back(key3);
1089  CScript goodsig3 = sign_multisig(scriptPubKey23, keys, CTransaction(txTo23));
1090  BOOST_CHECK(VerifyScript(goodsig3, scriptPubKey23, nullptr, gFlags, MutableTransactionSignatureChecker(&txTo23, 0, txFrom23.vout[0].nValue, MissingDataBehavior::ASSERT_FAIL), &err));
1091  BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
1092 
1093  keys.clear();
1094  keys.push_back(key2); keys.push_back(key2); // Can't reuse sig
1095  CScript badsig1 = sign_multisig(scriptPubKey23, keys, CTransaction(txTo23));
1096  BOOST_CHECK(!VerifyScript(badsig1, scriptPubKey23, nullptr, gFlags, MutableTransactionSignatureChecker(&txTo23, 0, txFrom23.vout[0].nValue, MissingDataBehavior::ASSERT_FAIL), &err));
1097  BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_EVAL_FALSE, ScriptErrorString(err));
1098 
1099  keys.clear();
1100  keys.push_back(key2); keys.push_back(key1); // sigs must be in correct order
1101  CScript badsig2 = sign_multisig(scriptPubKey23, keys, CTransaction(txTo23));
1102  BOOST_CHECK(!VerifyScript(badsig2, scriptPubKey23, nullptr, gFlags, MutableTransactionSignatureChecker(&txTo23, 0, txFrom23.vout[0].nValue, MissingDataBehavior::ASSERT_FAIL), &err));
1103  BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_EVAL_FALSE, ScriptErrorString(err));
1104 
1105  keys.clear();
1106  keys.push_back(key3); keys.push_back(key2); // sigs must be in correct order
1107  CScript badsig3 = sign_multisig(scriptPubKey23, keys, CTransaction(txTo23));
1108  BOOST_CHECK(!VerifyScript(badsig3, scriptPubKey23, nullptr, gFlags, MutableTransactionSignatureChecker(&txTo23, 0, txFrom23.vout[0].nValue, MissingDataBehavior::ASSERT_FAIL), &err));
1109  BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_EVAL_FALSE, ScriptErrorString(err));
1110 
1111  keys.clear();
1112  keys.push_back(key4); keys.push_back(key2); // sigs must match pubkeys
1113  CScript badsig4 = sign_multisig(scriptPubKey23, keys, CTransaction(txTo23));
1114  BOOST_CHECK(!VerifyScript(badsig4, scriptPubKey23, nullptr, gFlags, MutableTransactionSignatureChecker(&txTo23, 0, txFrom23.vout[0].nValue, MissingDataBehavior::ASSERT_FAIL), &err));
1115  BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_EVAL_FALSE, ScriptErrorString(err));
1116 
1117  keys.clear();
1118  keys.push_back(key1); keys.push_back(key4); // sigs must match pubkeys
1119  CScript badsig5 = sign_multisig(scriptPubKey23, keys, CTransaction(txTo23));
1120  BOOST_CHECK(!VerifyScript(badsig5, scriptPubKey23, nullptr, gFlags, MutableTransactionSignatureChecker(&txTo23, 0, txFrom23.vout[0].nValue, MissingDataBehavior::ASSERT_FAIL), &err));
1121  BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_EVAL_FALSE, ScriptErrorString(err));
1122 
1123  keys.clear(); // Must have signatures
1124  CScript badsig6 = sign_multisig(scriptPubKey23, keys, CTransaction(txTo23));
1125  BOOST_CHECK(!VerifyScript(badsig6, scriptPubKey23, nullptr, gFlags, MutableTransactionSignatureChecker(&txTo23, 0, txFrom23.vout[0].nValue, MissingDataBehavior::ASSERT_FAIL), &err));
1126  BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_INVALID_STACK_OPERATION, ScriptErrorString(err));
1127 }
1128 
1129 /* Wrapper around ProduceSignature to combine two scriptsigs */
1130 SignatureData CombineSignatures(const CTxOut& txout, const CMutableTransaction& tx, const SignatureData& scriptSig1, const SignatureData& scriptSig2)
1131 {
1132  SignatureData data;
1133  data.MergeSignatureData(scriptSig1);
1134  data.MergeSignatureData(scriptSig2);
1136  return data;
1137 }
1138 
1139 BOOST_AUTO_TEST_CASE(script_combineSigs)
1140 {
1141  // Test the ProduceSignature's ability to combine signatures function
1142  FillableSigningProvider keystore;
1143  std::vector<CKey> keys;
1144  std::vector<CPubKey> pubkeys;
1145  for (int i = 0; i < 3; i++)
1146  {
1147  CKey key = GenerateRandomKey(/*compressed=*/i%2 == 1);
1148  keys.push_back(key);
1149  pubkeys.push_back(key.GetPubKey());
1150  BOOST_CHECK(keystore.AddKey(key));
1151  }
1152 
1155  CScript& scriptPubKey = txFrom.vout[0].scriptPubKey;
1156  SignatureData scriptSig;
1157 
1158  SignatureData empty;
1159  SignatureData combined = CombineSignatures(txFrom.vout[0], txTo, empty, empty);
1160  BOOST_CHECK(combined.scriptSig.empty());
1161 
1162  // Single signature case:
1163  SignatureData dummy;
1164  BOOST_CHECK(SignSignature(keystore, CTransaction(txFrom), txTo, 0, SIGHASH_ALL, dummy)); // changes scriptSig
1165  scriptSig = DataFromTransaction(txTo, 0, txFrom.vout[0]);
1166  combined = CombineSignatures(txFrom.vout[0], txTo, scriptSig, empty);
1167  BOOST_CHECK(combined.scriptSig == scriptSig.scriptSig);
1168  combined = CombineSignatures(txFrom.vout[0], txTo, empty, scriptSig);
1169  BOOST_CHECK(combined.scriptSig == scriptSig.scriptSig);
1170  SignatureData scriptSigCopy = scriptSig;
1171  // Signing again will give a different, valid signature:
1172  SignatureData dummy_b;
1173  BOOST_CHECK(SignSignature(keystore, CTransaction(txFrom), txTo, 0, SIGHASH_ALL, dummy_b));
1174  scriptSig = DataFromTransaction(txTo, 0, txFrom.vout[0]);
1175  combined = CombineSignatures(txFrom.vout[0], txTo, scriptSigCopy, scriptSig);
1176  BOOST_CHECK(combined.scriptSig == scriptSigCopy.scriptSig || combined.scriptSig == scriptSig.scriptSig);
1177 
1178  // P2SH, single-signature case:
1179  CScript pkSingle; pkSingle << ToByteVector(keys[0].GetPubKey()) << OP_CHECKSIG;
1180  BOOST_CHECK(keystore.AddCScript(pkSingle));
1181  scriptPubKey = GetScriptForDestination(ScriptHash(pkSingle));
1182  SignatureData dummy_c;
1183  BOOST_CHECK(SignSignature(keystore, CTransaction(txFrom), txTo, 0, SIGHASH_ALL, dummy_c));
1184  scriptSig = DataFromTransaction(txTo, 0, txFrom.vout[0]);
1185  combined = CombineSignatures(txFrom.vout[0], txTo, scriptSig, empty);
1186  BOOST_CHECK(combined.scriptSig == scriptSig.scriptSig);
1187  combined = CombineSignatures(txFrom.vout[0], txTo, empty, scriptSig);
1188  BOOST_CHECK(combined.scriptSig == scriptSig.scriptSig);
1189  scriptSigCopy = scriptSig;
1190  SignatureData dummy_d;
1191  BOOST_CHECK(SignSignature(keystore, CTransaction(txFrom), txTo, 0, SIGHASH_ALL, dummy_d));
1192  scriptSig = DataFromTransaction(txTo, 0, txFrom.vout[0]);
1193  combined = CombineSignatures(txFrom.vout[0], txTo, scriptSigCopy, scriptSig);
1194  BOOST_CHECK(combined.scriptSig == scriptSigCopy.scriptSig || combined.scriptSig == scriptSig.scriptSig);
1195 
1196  // Hardest case: Multisig 2-of-3
1197  scriptPubKey = GetScriptForMultisig(2, pubkeys);
1198  BOOST_CHECK(keystore.AddCScript(scriptPubKey));
1199  SignatureData dummy_e;
1200  BOOST_CHECK(SignSignature(keystore, CTransaction(txFrom), txTo, 0, SIGHASH_ALL, dummy_e));
1201  scriptSig = DataFromTransaction(txTo, 0, txFrom.vout[0]);
1202  combined = CombineSignatures(txFrom.vout[0], txTo, scriptSig, empty);
1203  BOOST_CHECK(combined.scriptSig == scriptSig.scriptSig);
1204  combined = CombineSignatures(txFrom.vout[0], txTo, empty, scriptSig);
1205  BOOST_CHECK(combined.scriptSig == scriptSig.scriptSig);
1206 
1207  // A couple of partially-signed versions:
1208  std::vector<unsigned char> sig1;
1209  uint256 hash1 = SignatureHash(scriptPubKey, txTo, 0, SIGHASH_ALL, 0, SigVersion::BASE);
1210  BOOST_CHECK(keys[0].Sign(hash1, sig1));
1211  sig1.push_back(SIGHASH_ALL);
1212  std::vector<unsigned char> sig2;
1213  uint256 hash2 = SignatureHash(scriptPubKey, txTo, 0, SIGHASH_NONE, 0, SigVersion::BASE);
1214  BOOST_CHECK(keys[1].Sign(hash2, sig2));
1215  sig2.push_back(SIGHASH_NONE);
1216  std::vector<unsigned char> sig3;
1217  uint256 hash3 = SignatureHash(scriptPubKey, txTo, 0, SIGHASH_SINGLE, 0, SigVersion::BASE);
1218  BOOST_CHECK(keys[2].Sign(hash3, sig3));
1219  sig3.push_back(SIGHASH_SINGLE);
1220 
1221  // Not fussy about order (or even existence) of placeholders or signatures:
1222  CScript partial1a = CScript() << OP_0 << sig1 << OP_0;
1223  CScript partial1b = CScript() << OP_0 << OP_0 << sig1;
1224  CScript partial2a = CScript() << OP_0 << sig2;
1225  CScript partial2b = CScript() << sig2 << OP_0;
1226  CScript partial3a = CScript() << sig3;
1227  CScript partial3b = CScript() << OP_0 << OP_0 << sig3;
1228  CScript partial3c = CScript() << OP_0 << sig3 << OP_0;
1229  CScript complete12 = CScript() << OP_0 << sig1 << sig2;
1230  CScript complete13 = CScript() << OP_0 << sig1 << sig3;
1231  CScript complete23 = CScript() << OP_0 << sig2 << sig3;
1232  SignatureData partial1_sigs;
1233  partial1_sigs.signatures.emplace(keys[0].GetPubKey().GetID(), SigPair(keys[0].GetPubKey(), sig1));
1234  SignatureData partial2_sigs;
1235  partial2_sigs.signatures.emplace(keys[1].GetPubKey().GetID(), SigPair(keys[1].GetPubKey(), sig2));
1236  SignatureData partial3_sigs;
1237  partial3_sigs.signatures.emplace(keys[2].GetPubKey().GetID(), SigPair(keys[2].GetPubKey(), sig3));
1238 
1239  combined = CombineSignatures(txFrom.vout[0], txTo, partial1_sigs, partial1_sigs);
1240  BOOST_CHECK(combined.scriptSig == partial1a);
1241  combined = CombineSignatures(txFrom.vout[0], txTo, partial1_sigs, partial2_sigs);
1242  BOOST_CHECK(combined.scriptSig == complete12);
1243  combined = CombineSignatures(txFrom.vout[0], txTo, partial2_sigs, partial1_sigs);
1244  BOOST_CHECK(combined.scriptSig == complete12);
1245  combined = CombineSignatures(txFrom.vout[0], txTo, partial1_sigs, partial2_sigs);
1246  BOOST_CHECK(combined.scriptSig == complete12);
1247  combined = CombineSignatures(txFrom.vout[0], txTo, partial3_sigs, partial1_sigs);
1248  BOOST_CHECK(combined.scriptSig == complete13);
1249  combined = CombineSignatures(txFrom.vout[0], txTo, partial2_sigs, partial3_sigs);
1250  BOOST_CHECK(combined.scriptSig == complete23);
1251  combined = CombineSignatures(txFrom.vout[0], txTo, partial3_sigs, partial2_sigs);
1252  BOOST_CHECK(combined.scriptSig == complete23);
1253  combined = CombineSignatures(txFrom.vout[0], txTo, partial3_sigs, partial3_sigs);
1254  BOOST_CHECK(combined.scriptSig == partial3c);
1255 }
1256 
1260 BOOST_AUTO_TEST_CASE(sign_invalid_miniscript)
1261 {
1262  FillableSigningProvider keystore;
1263  SignatureData sig_data;
1264  CMutableTransaction prev, curr;
1265 
1266  // Create a Taproot output which contains a leaf in which a non-32 bytes push is used where a public key is expected
1267  // by the Miniscript parser. This offending Script was found by the RPC fuzzer.
1268  const auto invalid_pubkey{ParseHex("173d36c8c9c9c9ffffffffffff0200000000021e1e37373721361818181818181e1e1e1e19000000000000000000b19292929292926b006c9b9b9292")};
1269  TaprootBuilder builder;
1270  builder.Add(0, {invalid_pubkey}, 0xc0);
1271  builder.Finalize(XOnlyPubKey::NUMS_H);
1272  prev.vout.emplace_back(0, GetScriptForDestination(builder.GetOutput()));
1273  curr.vin.emplace_back(COutPoint{prev.GetHash(), 0});
1274  sig_data.tr_spenddata = builder.GetSpendData();
1275 
1276  // SignSignature can fail but it shouldn't raise an exception (nor crash).
1277  BOOST_CHECK(!SignSignature(keystore, CTransaction(prev), curr, 0, SIGHASH_ALL, sig_data));
1278 }
1279 
1280 BOOST_AUTO_TEST_CASE(script_standard_push)
1281 {
1282  ScriptError err;
1283  for (int i=0; i<67000; i++) {
1284  CScript script;
1285  script << i;
1286  BOOST_CHECK_MESSAGE(script.IsPushOnly(), "Number " << i << " is not pure push.");
1287  BOOST_CHECK_MESSAGE(VerifyScript(script, CScript() << OP_1, nullptr, SCRIPT_VERIFY_MINIMALDATA, BaseSignatureChecker(), &err), "Number " << i << " push is not minimal data.");
1288  BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
1289  }
1290 
1291  for (unsigned int i=0; i<=MAX_SCRIPT_ELEMENT_SIZE; i++) {
1292  std::vector<unsigned char> data(i, '\111');
1293  CScript script;
1294  script << data;
1295  BOOST_CHECK_MESSAGE(script.IsPushOnly(), "Length " << i << " is not pure push.");
1296  BOOST_CHECK_MESSAGE(VerifyScript(script, CScript() << OP_1, nullptr, SCRIPT_VERIFY_MINIMALDATA, BaseSignatureChecker(), &err), "Length " << i << " push is not minimal data.");
1297  BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
1298  }
1299 }
1300 
1301 BOOST_AUTO_TEST_CASE(script_IsPushOnly_on_invalid_scripts)
1302 {
1303  // IsPushOnly returns false when given a script containing only pushes that
1304  // are invalid due to truncation. IsPushOnly() is consensus critical
1305  // because P2SH evaluation uses it, although this specific behavior should
1306  // not be consensus critical as the P2SH evaluation would fail first due to
1307  // the invalid push. Still, it doesn't hurt to test it explicitly.
1308  static const unsigned char direct[] = { 1 };
1309  BOOST_CHECK(!CScript(direct, direct+sizeof(direct)).IsPushOnly());
1310 }
1311 
1312 BOOST_AUTO_TEST_CASE(script_GetScriptAsm)
1313 {
1314  BOOST_CHECK_EQUAL("OP_CHECKLOCKTIMEVERIFY", ScriptToAsmStr(CScript() << OP_NOP2, true));
1315  BOOST_CHECK_EQUAL("OP_CHECKLOCKTIMEVERIFY", ScriptToAsmStr(CScript() << OP_CHECKLOCKTIMEVERIFY, true));
1316  BOOST_CHECK_EQUAL("OP_CHECKLOCKTIMEVERIFY", ScriptToAsmStr(CScript() << OP_NOP2));
1317  BOOST_CHECK_EQUAL("OP_CHECKLOCKTIMEVERIFY", ScriptToAsmStr(CScript() << OP_CHECKLOCKTIMEVERIFY));
1318 
1319  std::string derSig("304502207fa7a6d1e0ee81132a269ad84e68d695483745cde8b541e3bf630749894e342a022100c1f7ab20e13e22fb95281a870f3dcf38d782e53023ee313d741ad0cfbc0c5090");
1320  std::string pubKey("03b0da749730dc9b4b1f4a14d6902877a92541f5368778853d9c4a0cb7802dcfb2");
1321  std::vector<unsigned char> vchPubKey = ToByteVector(ParseHex(pubKey));
1322 
1323  BOOST_CHECK_EQUAL(derSig + "00 " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "00")) << vchPubKey, true));
1324  BOOST_CHECK_EQUAL(derSig + "80 " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "80")) << vchPubKey, true));
1325  BOOST_CHECK_EQUAL(derSig + "[ALL] " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "01")) << vchPubKey, true));
1326  BOOST_CHECK_EQUAL(derSig + "[NONE] " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "02")) << vchPubKey, true));
1327  BOOST_CHECK_EQUAL(derSig + "[SINGLE] " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "03")) << vchPubKey, true));
1328  BOOST_CHECK_EQUAL(derSig + "[ALL|ANYONECANPAY] " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "81")) << vchPubKey, true));
1329  BOOST_CHECK_EQUAL(derSig + "[NONE|ANYONECANPAY] " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "82")) << vchPubKey, true));
1330  BOOST_CHECK_EQUAL(derSig + "[SINGLE|ANYONECANPAY] " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "83")) << vchPubKey, true));
1331 
1332  BOOST_CHECK_EQUAL(derSig + "00 " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "00")) << vchPubKey));
1333  BOOST_CHECK_EQUAL(derSig + "80 " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "80")) << vchPubKey));
1334  BOOST_CHECK_EQUAL(derSig + "01 " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "01")) << vchPubKey));
1335  BOOST_CHECK_EQUAL(derSig + "02 " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "02")) << vchPubKey));
1336  BOOST_CHECK_EQUAL(derSig + "03 " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "03")) << vchPubKey));
1337  BOOST_CHECK_EQUAL(derSig + "81 " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "81")) << vchPubKey));
1338  BOOST_CHECK_EQUAL(derSig + "82 " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "82")) << vchPubKey));
1339  BOOST_CHECK_EQUAL(derSig + "83 " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "83")) << vchPubKey));
1340 }
1341 
1342 static CScript ScriptFromHex(const std::string& str)
1343 {
1344  std::vector<unsigned char> data = ParseHex(str);
1345  return CScript(data.begin(), data.end());
1346 }
1347 
1348 BOOST_AUTO_TEST_CASE(script_FindAndDelete)
1349 {
1350  // Exercise the FindAndDelete functionality
1351  CScript s;
1352  CScript d;
1353  CScript expect;
1354 
1355  s = CScript() << OP_1 << OP_2;
1356  d = CScript(); // delete nothing should be a no-op
1357  expect = s;
1358  BOOST_CHECK_EQUAL(FindAndDelete(s, d), 0);
1359  BOOST_CHECK(s == expect);
1360 
1361  s = CScript() << OP_1 << OP_2 << OP_3;
1362  d = CScript() << OP_2;
1363  expect = CScript() << OP_1 << OP_3;
1364  BOOST_CHECK_EQUAL(FindAndDelete(s, d), 1);
1365  BOOST_CHECK(s == expect);
1366 
1367  s = CScript() << OP_3 << OP_1 << OP_3 << OP_3 << OP_4 << OP_3;
1368  d = CScript() << OP_3;
1369  expect = CScript() << OP_1 << OP_4;
1370  BOOST_CHECK_EQUAL(FindAndDelete(s, d), 4);
1371  BOOST_CHECK(s == expect);
1372 
1373  s = ScriptFromHex("0302ff03"); // PUSH 0x02ff03 onto stack
1374  d = ScriptFromHex("0302ff03");
1375  expect = CScript();
1376  BOOST_CHECK_EQUAL(FindAndDelete(s, d), 1);
1377  BOOST_CHECK(s == expect);
1378 
1379  s = ScriptFromHex("0302ff030302ff03"); // PUSH 0x2ff03 PUSH 0x2ff03
1380  d = ScriptFromHex("0302ff03");
1381  expect = CScript();
1382  BOOST_CHECK_EQUAL(FindAndDelete(s, d), 2);
1383  BOOST_CHECK(s == expect);
1384 
1385  s = ScriptFromHex("0302ff030302ff03");
1386  d = ScriptFromHex("02");
1387  expect = s; // FindAndDelete matches entire opcodes
1388  BOOST_CHECK_EQUAL(FindAndDelete(s, d), 0);
1389  BOOST_CHECK(s == expect);
1390 
1391  s = ScriptFromHex("0302ff030302ff03");
1392  d = ScriptFromHex("ff");
1393  expect = s;
1394  BOOST_CHECK_EQUAL(FindAndDelete(s, d), 0);
1395  BOOST_CHECK(s == expect);
1396 
1397  // This is an odd edge case: strip of the push-three-bytes
1398  // prefix, leaving 02ff03 which is push-two-bytes:
1399  s = ScriptFromHex("0302ff030302ff03");
1400  d = ScriptFromHex("03");
1401  expect = CScript() << ParseHex("ff03") << ParseHex("ff03");
1402  BOOST_CHECK_EQUAL(FindAndDelete(s, d), 2);
1403  BOOST_CHECK(s == expect);
1404 
1405  // Byte sequence that spans multiple opcodes:
1406  s = ScriptFromHex("02feed5169"); // PUSH(0xfeed) OP_1 OP_VERIFY
1407  d = ScriptFromHex("feed51");
1408  expect = s;
1409  BOOST_CHECK_EQUAL(FindAndDelete(s, d), 0); // doesn't match 'inside' opcodes
1410  BOOST_CHECK(s == expect);
1411 
1412  s = ScriptFromHex("02feed5169"); // PUSH(0xfeed) OP_1 OP_VERIFY
1413  d = ScriptFromHex("02feed51");
1414  expect = ScriptFromHex("69");
1415  BOOST_CHECK_EQUAL(FindAndDelete(s, d), 1);
1416  BOOST_CHECK(s == expect);
1417 
1418  s = ScriptFromHex("516902feed5169");
1419  d = ScriptFromHex("feed51");
1420  expect = s;
1421  BOOST_CHECK_EQUAL(FindAndDelete(s, d), 0);
1422  BOOST_CHECK(s == expect);
1423 
1424  s = ScriptFromHex("516902feed5169");
1425  d = ScriptFromHex("02feed51");
1426  expect = ScriptFromHex("516969");
1427  BOOST_CHECK_EQUAL(FindAndDelete(s, d), 1);
1428  BOOST_CHECK(s == expect);
1429 
1430  s = CScript() << OP_0 << OP_0 << OP_1 << OP_1;
1431  d = CScript() << OP_0 << OP_1;
1432  expect = CScript() << OP_0 << OP_1; // FindAndDelete is single-pass
1433  BOOST_CHECK_EQUAL(FindAndDelete(s, d), 1);
1434  BOOST_CHECK(s == expect);
1435 
1436  s = CScript() << OP_0 << OP_0 << OP_1 << OP_0 << OP_1 << OP_1;
1437  d = CScript() << OP_0 << OP_1;
1438  expect = CScript() << OP_0 << OP_1; // FindAndDelete is single-pass
1439  BOOST_CHECK_EQUAL(FindAndDelete(s, d), 2);
1440  BOOST_CHECK(s == expect);
1441 
1442  // Another weird edge case:
1443  // End with invalid push (not enough data)...
1444  s = ScriptFromHex("0003feed");
1445  d = ScriptFromHex("03feed"); // ... can remove the invalid push
1446  expect = ScriptFromHex("00");
1447  BOOST_CHECK_EQUAL(FindAndDelete(s, d), 1);
1448  BOOST_CHECK(s == expect);
1449 
1450  s = ScriptFromHex("0003feed");
1451  d = ScriptFromHex("00");
1452  expect = ScriptFromHex("03feed");
1453  BOOST_CHECK_EQUAL(FindAndDelete(s, d), 1);
1454  BOOST_CHECK(s == expect);
1455 }
1456 
1457 BOOST_AUTO_TEST_CASE(script_HasValidOps)
1458 {
1459  // Exercise the HasValidOps functionality
1460  CScript script;
1461  script = ScriptFromHex("76a9141234567890abcdefa1a2a3a4a5a6a7a8a9a0aaab88ac"); // Normal script
1462  BOOST_CHECK(script.HasValidOps());
1463  script = ScriptFromHex("76a914ff34567890abcdefa1a2a3a4a5a6a7a8a9a0aaab88ac");
1464  BOOST_CHECK(script.HasValidOps());
1465  script = ScriptFromHex("ff88ac"); // Script with OP_INVALIDOPCODE explicit
1466  BOOST_CHECK(!script.HasValidOps());
1467  script = ScriptFromHex("88acc0"); // Script with undefined opcode
1468  BOOST_CHECK(!script.HasValidOps());
1469 }
1470 
1471 static CMutableTransaction TxFromHex(const std::string& str)
1472 {
1474  SpanReader{ParseHex(str)} >> TX_NO_WITNESS(tx);
1475  return tx;
1476 }
1477 
1478 static std::vector<CTxOut> TxOutsFromJSON(const UniValue& univalue)
1479 {
1480  assert(univalue.isArray());
1481  std::vector<CTxOut> prevouts;
1482  for (size_t i = 0; i < univalue.size(); ++i) {
1483  CTxOut txout;
1484  SpanReader{ParseHex(univalue[i].get_str())} >> txout;
1485  prevouts.push_back(std::move(txout));
1486  }
1487  return prevouts;
1488 }
1489 
1491 {
1492  assert(univalue.isArray());
1493  CScriptWitness scriptwitness;
1494  for (size_t i = 0; i < univalue.size(); ++i) {
1495  auto bytes = ParseHex(univalue[i].get_str());
1496  scriptwitness.stack.push_back(std::move(bytes));
1497  }
1498  return scriptwitness;
1499 }
1500 
1501 static std::vector<unsigned int> AllConsensusFlags()
1502 {
1503  std::vector<unsigned int> ret;
1504 
1505  for (unsigned int i = 0; i < 128; ++i) {
1506  unsigned int flag = 0;
1507  if (i & 1) flag |= SCRIPT_VERIFY_P2SH;
1508  if (i & 2) flag |= SCRIPT_VERIFY_DERSIG;
1509  if (i & 4) flag |= SCRIPT_VERIFY_NULLDUMMY;
1510  if (i & 8) flag |= SCRIPT_VERIFY_CHECKLOCKTIMEVERIFY;
1511  if (i & 16) flag |= SCRIPT_VERIFY_CHECKSEQUENCEVERIFY;
1512  if (i & 32) flag |= SCRIPT_VERIFY_WITNESS;
1513  if (i & 64) flag |= SCRIPT_VERIFY_TAPROOT;
1514 
1515  // SCRIPT_VERIFY_WITNESS requires SCRIPT_VERIFY_P2SH
1516  if (flag & SCRIPT_VERIFY_WITNESS && !(flag & SCRIPT_VERIFY_P2SH)) continue;
1517  // SCRIPT_VERIFY_TAPROOT requires SCRIPT_VERIFY_WITNESS
1518  if (flag & SCRIPT_VERIFY_TAPROOT && !(flag & SCRIPT_VERIFY_WITNESS)) continue;
1519 
1520  ret.push_back(flag);
1521  }
1522 
1523  return ret;
1524 }
1525 
1527 static const std::vector<unsigned int> ALL_CONSENSUS_FLAGS = AllConsensusFlags();
1528 
1529 static void AssetTest(const UniValue& test)
1530 {
1531  BOOST_CHECK(test.isObject());
1532 
1533  CMutableTransaction mtx = TxFromHex(test["tx"].get_str());
1534  const std::vector<CTxOut> prevouts = TxOutsFromJSON(test["prevouts"]);
1535  BOOST_CHECK(prevouts.size() == mtx.vin.size());
1536  size_t idx = test["index"].getInt<int64_t>();
1537  uint32_t test_flags{ParseScriptFlags(test["flags"].get_str())};
1538  bool fin = test.exists("final") && test["final"].get_bool();
1539 
1540  if (test.exists("success")) {
1541  mtx.vin[idx].scriptSig = ScriptFromHex(test["success"]["scriptSig"].get_str());
1542  mtx.vin[idx].scriptWitness = ScriptWitnessFromJSON(test["success"]["witness"]);
1543  CTransaction tx(mtx);
1545  txdata.Init(tx, std::vector<CTxOut>(prevouts));
1546  CachingTransactionSignatureChecker txcheck(&tx, idx, prevouts[idx].nValue, true, txdata);
1547 
1548  for (const auto flags : ALL_CONSENSUS_FLAGS) {
1549  // "final": true tests are valid for all flags. Others are only valid with flags that are
1550  // a subset of test_flags.
1551  if (fin || ((flags & test_flags) == flags)) {
1552  bool ret = VerifyScript(tx.vin[idx].scriptSig, prevouts[idx].scriptPubKey, &tx.vin[idx].scriptWitness, flags, txcheck, nullptr);
1553  BOOST_CHECK(ret);
1554  }
1555  }
1556  }
1557 
1558  if (test.exists("failure")) {
1559  mtx.vin[idx].scriptSig = ScriptFromHex(test["failure"]["scriptSig"].get_str());
1560  mtx.vin[idx].scriptWitness = ScriptWitnessFromJSON(test["failure"]["witness"]);
1561  CTransaction tx(mtx);
1563  txdata.Init(tx, std::vector<CTxOut>(prevouts));
1564  CachingTransactionSignatureChecker txcheck(&tx, idx, prevouts[idx].nValue, true, txdata);
1565 
1566  for (const auto flags : ALL_CONSENSUS_FLAGS) {
1567  // If a test is supposed to fail with test_flags, it should also fail with any superset thereof.
1568  if ((flags & test_flags) == test_flags) {
1569  bool ret = VerifyScript(tx.vin[idx].scriptSig, prevouts[idx].scriptPubKey, &tx.vin[idx].scriptWitness, flags, txcheck, nullptr);
1570  BOOST_CHECK(!ret);
1571  }
1572  }
1573  }
1574 }
1575 
1576 BOOST_AUTO_TEST_CASE(script_assets_test)
1577 {
1578  // See src/test/fuzz/script_assets_test_minimizer.cpp for information on how to generate
1579  // the script_assets_test.json file used by this test.
1580 
1581  const char* dir = std::getenv("DIR_UNIT_TEST_DATA");
1582  BOOST_WARN_MESSAGE(dir != nullptr, "Variable DIR_UNIT_TEST_DATA unset, skipping script_assets_test");
1583  if (dir == nullptr) return;
1584  auto path = fs::path(dir) / "script_assets_test.json";
1585  bool exists = fs::exists(path);
1586  BOOST_WARN_MESSAGE(exists, "File $DIR_UNIT_TEST_DATA/script_assets_test.json not found, skipping script_assets_test");
1587  if (!exists) return;
1588  std::ifstream file{path};
1589  BOOST_CHECK(file.is_open());
1590  file.seekg(0, std::ios::end);
1591  size_t length = file.tellg();
1592  file.seekg(0, std::ios::beg);
1593  std::string data(length, '\0');
1594  file.read(data.data(), data.size());
1595  UniValue tests = read_json(data);
1596  BOOST_CHECK(tests.isArray());
1597  BOOST_CHECK(tests.size() > 0);
1598 
1599  for (size_t i = 0; i < tests.size(); i++) {
1600  AssetTest(tests[i]);
1601  }
1602  file.close();
1603 }
1604 
1605 BOOST_AUTO_TEST_CASE(bip341_keypath_test_vectors)
1606 {
1607  UniValue tests;
1608  tests.read(json_tests::bip341_wallet_vectors);
1609 
1610  const auto& vectors = tests["keyPathSpending"];
1611 
1612  for (const auto& vec : vectors.getValues()) {
1613  auto txhex = ParseHex(vec["given"]["rawUnsignedTx"].get_str());
1615  SpanReader{txhex} >> TX_WITH_WITNESS(tx);
1616  std::vector<CTxOut> utxos;
1617  for (const auto& utxo_spent : vec["given"]["utxosSpent"].getValues()) {
1618  auto script_bytes = ParseHex(utxo_spent["scriptPubKey"].get_str());
1619  CScript script{script_bytes.begin(), script_bytes.end()};
1620  CAmount amount{utxo_spent["amountSats"].getInt<int>()};
1621  utxos.emplace_back(amount, script);
1622  }
1623 
1625  txdata.Init(tx, std::vector<CTxOut>{utxos}, true);
1626 
1628  BOOST_CHECK_EQUAL(HexStr(txdata.m_spent_amounts_single_hash), vec["intermediary"]["hashAmounts"].get_str());
1629  BOOST_CHECK_EQUAL(HexStr(txdata.m_outputs_single_hash), vec["intermediary"]["hashOutputs"].get_str());
1630  BOOST_CHECK_EQUAL(HexStr(txdata.m_prevouts_single_hash), vec["intermediary"]["hashPrevouts"].get_str());
1631  BOOST_CHECK_EQUAL(HexStr(txdata.m_spent_scripts_single_hash), vec["intermediary"]["hashScriptPubkeys"].get_str());
1632  BOOST_CHECK_EQUAL(HexStr(txdata.m_sequences_single_hash), vec["intermediary"]["hashSequences"].get_str());
1633 
1634  for (const auto& input : vec["inputSpending"].getValues()) {
1635  int txinpos = input["given"]["txinIndex"].getInt<int>();
1636  int hashtype = input["given"]["hashType"].getInt<int>();
1637 
1638  // Load key.
1639  auto privkey = ParseHex(input["given"]["internalPrivkey"].get_str());
1640  CKey key;
1641  key.Set(privkey.begin(), privkey.end(), true);
1642 
1643  // Load Merkle root.
1644  uint256 merkle_root;
1645  if (!input["given"]["merkleRoot"].isNull()) {
1646  merkle_root = uint256{ParseHex(input["given"]["merkleRoot"].get_str())};
1647  }
1648 
1649  // Compute and verify (internal) public key.
1650  XOnlyPubKey pubkey{key.GetPubKey()};
1651  BOOST_CHECK_EQUAL(HexStr(pubkey), input["intermediary"]["internalPubkey"].get_str());
1652 
1653  // Sign and verify signature.
1654  FlatSigningProvider provider;
1655  provider.keys[key.GetPubKey().GetID()] = key;
1656  MutableTransactionSignatureCreator creator(tx, txinpos, utxos[txinpos].nValue, &txdata, hashtype);
1657  std::vector<unsigned char> signature;
1658  BOOST_CHECK(creator.CreateSchnorrSig(provider, signature, pubkey, nullptr, &merkle_root, SigVersion::TAPROOT));
1659  BOOST_CHECK_EQUAL(HexStr(signature), input["expected"]["witness"][0].get_str());
1660 
1661  // We can't observe the tweak used inside the signing logic, so verify by recomputing it.
1662  BOOST_CHECK_EQUAL(HexStr(pubkey.ComputeTapTweakHash(merkle_root.IsNull() ? nullptr : &merkle_root)), input["intermediary"]["tweak"].get_str());
1663 
1664  // We can't observe the sighash used inside the signing logic, so verify by recomputing it.
1665  ScriptExecutionData sed;
1666  sed.m_annex_init = true;
1667  sed.m_annex_present = false;
1668  uint256 sighash;
1669  BOOST_CHECK(SignatureHashSchnorr(sighash, sed, tx, txinpos, hashtype, SigVersion::TAPROOT, txdata, MissingDataBehavior::FAIL));
1670  BOOST_CHECK_EQUAL(HexStr(sighash), input["intermediary"]["sigHash"].get_str());
1671 
1672  // To verify the sigmsg, hash the expected sigmsg, and compare it with the (expected) sighash.
1673  BOOST_CHECK_EQUAL(HexStr((HashWriter{HASHER_TAPSIGHASH} << Span{ParseHex(input["intermediary"]["sigMsg"].get_str())}).GetSHA256()), input["intermediary"]["sigHash"].get_str());
1674  }
1675 
1676  }
1677 }
1678 
1679 BOOST_AUTO_TEST_CASE(compute_tapbranch)
1680 {
1681  uint256 hash1 = uint256S("8ad69ec7cf41c2a4001fd1f738bf1e505ce2277acdcaa63fe4765192497f47a7");
1682  uint256 hash2 = uint256S("f224a923cd0021ab202ab139cc56802ddb92dcfc172b9212261a539df79a112a");
1683  uint256 result = uint256S("a64c5b7b943315f9b805d7a7296bedfcfd08919270a1f7a1466e98f8693d8cd9");
1684  BOOST_CHECK_EQUAL(ComputeTapbranchHash(hash1, hash2), result);
1685 }
1686 
1687 BOOST_AUTO_TEST_CASE(compute_tapleaf)
1688 {
1689  const uint8_t script[6] = {'f','o','o','b','a','r'};
1690  uint256 tlc0 = uint256S("edbc10c272a1215dcdcc11d605b9027b5ad6ed97cd45521203f136767b5b9c06");
1691  uint256 tlc2 = uint256S("8b5c4f90ae6bf76e259dbef5d8a59df06359c391b59263741b25eca76451b27a");
1692 
1693  BOOST_CHECK_EQUAL(ComputeTapleafHash(0xc0, Span(script)), tlc0);
1694  BOOST_CHECK_EQUAL(ComputeTapleafHash(0xc2, Span(script)), tlc2);
1695 }
1696 
CScript GetScriptForDestination(const CTxDestination &dest)
Generate a Bitcoin scriptPubKey for the given CTxDestination.
int64_t CAmount
Amount in satoshis (Can be negative)
Definition: amount.h:12
int ret
static CAmount AmountFromValue(const UniValue &value)
Definition: bitcoin-tx.cpp:553
int flags
Definition: bitcoin-tx.cpp:528
A hasher class for Bitcoin's 160-bit hash (SHA-256 + RIPEMD-160).
Definition: hash.h:49
void Finalize(Span< unsigned char > output)
Definition: hash.h:55
CHash160 & Write(Span< const unsigned char > input)
Definition: hash.h:62
An encapsulated private key.
Definition: key.h:33
bool Sign(const uint256 &hash, std::vector< unsigned char > &vchSig, bool grind=true, uint32_t test_case=0) const
Create a DER-serialized signature.
Definition: key.cpp:208
CPubKey GetPubKey() const
Compute the public key from a private key.
Definition: key.cpp:182
void Set(const T pbegin, const T pend, bool fCompressedIn)
Initialize using begin and end iterators to byte data.
Definition: key.h:99
An outpoint - a combination of a transaction hash and an index n into its vout.
Definition: transaction.h:29
An encapsulated public key.
Definition: pubkey.h:34
const unsigned char * end() const
Definition: pubkey.h:115
CKeyID GetID() const
Get the KeyID of this public key (hash of its serialization)
Definition: pubkey.h:164
const unsigned char * begin() const
Definition: pubkey.h:114
const unsigned char * data() const
Definition: pubkey.h:113
A hasher class for SHA-256.
Definition: sha256.h:14
void Finalize(unsigned char hash[OUTPUT_SIZE])
Definition: sha256.cpp:726
CSHA256 & Write(const unsigned char *data, size_t len)
Definition: sha256.cpp:700
Serialized script, used inside transaction inputs and outputs.
Definition: script.h:414
bool IsPushOnly(const_iterator pc) const
Called by IsStandardTx and P2SH/BIP62 VerifyScript (which makes it consensus-critical).
Definition: script.cpp:242
bool HasValidOps() const
Check if the script contains valid OP_CODES.
Definition: script.cpp:276
A reference to a CScript: the Hash160 of its serialization.
Definition: script.h:583
The basic transaction that is broadcasted on the network and contained in blocks.
Definition: transaction.h:296
const std::vector< CTxIn > vin
Definition: transaction.h:306
An output of a transaction.
Definition: transaction.h:150
CScript scriptPubKey
Definition: transaction.h:153
CAmount nValue
Definition: transaction.h:152
Fillable signing provider that keeps keys in an address->secret map.
virtual bool AddCScript(const CScript &redeemScript)
virtual bool AddKey(const CKey &key)
A writer stream (for serialization) that computes a 256-bit hash.
Definition: hash.h:101
A signature creator for transactions.
Definition: sign.h:40
bool CreateSchnorrSig(const SigningProvider &provider, std::vector< unsigned char > &sig, const XOnlyPubKey &pubkey, const uint256 *leaf_hash, const uint256 *merkle_root, SigVersion sigversion) const override
Definition: sign.cpp:62
A Span is an object that can refer to a contiguous sequence of objects.
Definition: span.h:98
Minimal stream for reading from an existing byte array by Span.
Definition: streams.h:101
Utility class to construct Taproot outputs from internal key and script tree.
WitnessV1Taproot GetOutput()
Compute scriptPubKey (after Finalize()).
TaprootSpendData GetSpendData() const
Compute spending data (after Finalize()).
TaprootBuilder & Add(int depth, Span< const unsigned char > script, int leaf_version, bool track=true)
Add a new script at a certain depth in the tree.
TaprootBuilder & Finalize(const XOnlyPubKey &internal_key)
Finalize the construction.
const std::string & get_str() const
bool isArray() const
Definition: univalue.h:85
@ VARR
Definition: univalue.h:24
std::string write(unsigned int prettyIndent=0, unsigned int indentLevel=0) const
size_t size() const
Definition: univalue.h:71
bool read(std::string_view raw)
Int getInt() const
Definition: univalue.h:138
const UniValue & get_array() const
bool exists(const std::string &key) const
Definition: univalue.h:77
bool get_bool() const
bool isObject() const
Definition: univalue.h:86
static const XOnlyPubKey NUMS_H
Nothing Up My Sleeve point H Used as an internal key for provably disabling the key path spend see BI...
Definition: pubkey.h:239
constexpr bool IsNull() const
Definition: uint256.h:42
constexpr unsigned char * begin()
Definition: uint256.h:68
Path class wrapper to block calls to the fs::path(std::string) implicit constructor and the fs::path:...
Definition: fs.h:33
bool empty() const
Definition: prevector.h:300
size_type size() const
Definition: prevector.h:296
value_type * data()
Definition: prevector.h:532
iterator begin()
Definition: prevector.h:304
iterator end()
Definition: prevector.h:306
void push_back(const T &value)
Definition: prevector.h:443
160-bit opaque blob.
Definition: uint256.h:95
256-bit opaque blob.
Definition: uint256.h:106
CScript ParseScript(const std::string &s)
Definition: core_read.cpp:61
std::string FormatScript(const CScript &script)
Definition: core_write.cpp:39
std::string ScriptToAsmStr(const CScript &script, const bool fAttemptSighashDecode=false)
Create the assembly string representation of a CScript object.
Definition: core_write.cpp:98
UniValue ValueFromAmount(const CAmount amount)
Definition: core_write.cpp:26
BOOST_AUTO_TEST_SUITE_END()
bool SignatureHashSchnorr(uint256 &hash_out, ScriptExecutionData &execdata, const T &tx_to, uint32_t in_pos, uint8_t hash_type, SigVersion sigversion, const PrecomputedTransactionData &cache, MissingDataBehavior mdb)
int FindAndDelete(CScript &script, const CScript &b)
uint256 ComputeTapleafHash(uint8_t leaf_version, Span< const unsigned char > script)
Compute the BIP341 tapleaf hash from leaf version & script.
uint256 SignatureHash(const CScript &scriptCode, const T &txTo, unsigned int nIn, int nHashType, const CAmount &amount, SigVersion sigversion, const PrecomputedTransactionData *cache)
uint256 ComputeTapbranchHash(Span< const unsigned char > a, Span< const unsigned char > b)
Compute the BIP341 tapbranch hash from two branches.
bool EvalScript(std::vector< std::vector< unsigned char > > &stack, const CScript &script, unsigned int flags, const BaseSignatureChecker &checker, SigVersion sigversion, ScriptExecutionData &execdata, ScriptError *serror)
bool VerifyScript(const CScript &scriptSig, const CScript &scriptPubKey, const CScriptWitness *witness, unsigned int flags, const BaseSignatureChecker &checker, ScriptError *serror)
const HashWriter HASHER_TAPSIGHASH
Hasher with tag "TapSighash" pre-fed to it.
SigVersion
Definition: interpreter.h:191
@ TAPROOT
Witness v1 with 32-byte program, not BIP16 P2SH-wrapped, key path spending; see BIP 341.
@ BASE
Bare scripts and BIP16 P2SH-wrapped redeemscripts.
@ WITNESS_V0
Witness v0 (P2WPKH and P2WSH); see BIP 141.
GenericTransactionSignatureChecker< CMutableTransaction > MutableTransactionSignatureChecker
Definition: interpreter.h:307
@ SCRIPT_VERIFY_NULLDUMMY
Definition: interpreter.h:64
@ SCRIPT_VERIFY_P2SH
Definition: interpreter.h:49
@ SCRIPT_VERIFY_SIGPUSHONLY
Definition: interpreter.h:67
@ SCRIPT_VERIFY_WITNESS
Definition: interpreter.h:108
@ SCRIPT_VERIFY_LOW_S
Definition: interpreter.h:61
@ SCRIPT_VERIFY_CHECKLOCKTIMEVERIFY
Definition: interpreter.h:99
@ SCRIPT_VERIFY_WITNESS_PUBKEYTYPE
Definition: interpreter.h:126
@ SCRIPT_VERIFY_TAPROOT
Definition: interpreter.h:134
@ SCRIPT_VERIFY_STRICTENC
Definition: interpreter.h:54
@ SCRIPT_VERIFY_DERSIG
Definition: interpreter.h:57
@ SCRIPT_VERIFY_CLEANSTACK
Definition: interpreter.h:94
@ SCRIPT_VERIFY_MINIMALDATA
Definition: interpreter.h:73
@ SCRIPT_VERIFY_CHECKSEQUENCEVERIFY
Definition: interpreter.h:104
@ SCRIPT_VERIFY_DISCOURAGE_UPGRADABLE_WITNESS_PROGRAM
Definition: interpreter.h:112
@ SIGHASH_ANYONECANPAY
Definition: interpreter.h:33
@ SIGHASH_DEFAULT
Taproot only; implied when sighash byte is missing, and equivalent to SIGHASH_ALL.
Definition: interpreter.h:35
@ SIGHASH_ALL
Definition: interpreter.h:30
@ SIGHASH_NONE
Definition: interpreter.h:31
@ SIGHASH_SINGLE
Definition: interpreter.h:32
@ ASSERT_FAIL
Abort execution through assertion failure (for consensus code)
@ FAIL
Just act as if the signature was invalid.
UniValue read_json(const std::string &jsondata)
Definition: json.cpp:12
CKey GenerateRandomKey(bool compressed) noexcept
Definition: key.cpp:366
@ NONE
Definition: logging.h:40
static bool exists(const path &p)
Definition: fs.h:89
FILE * fopen(const fs::path &p, const char *mode)
Definition: fs.cpp:26
std::pair< opcodetype, std::vector< unsigned char > > Opcode
Definition: miniscript.h:184
#define BOOST_CHECK_EQUAL(v1, v2)
Definition: object.cpp:18
#define BOOST_CHECK(expr)
Definition: object.cpp:17
static constexpr TransactionSerParams TX_NO_WITNESS
Definition: transaction.h:196
static constexpr TransactionSerParams TX_WITH_WITNESS
Definition: transaction.h:195
static CTransactionRef MakeTransactionRef(Tx &&txIn)
Definition: transaction.h:424
std::shared_ptr< const CTransaction > CTransactionRef
Definition: transaction.h:423
const char * name
Definition: rest.cpp:48
static const unsigned int MAX_SCRIPT_ELEMENT_SIZE
Definition: script.h:27
std::vector< unsigned char > ToByteVector(const T &in)
Definition: script.h:66
opcodetype
Script opcodes.
Definition: script.h:73
@ OP_2
Definition: script.h:84
@ OP_PUSHDATA4
Definition: script.h:79
@ OP_CHECKMULTISIG
Definition: script.h:191
@ OP_CHECKSIG
Definition: script.h:189
@ OP_CHECKLOCKTIMEVERIFY
Definition: script.h:196
@ OP_NOT
Definition: script.h:157
@ OP_EQUAL
Definition: script.h:145
@ OP_4
Definition: script.h:86
@ OP_DUP
Definition: script.h:124
@ OP_NOP2
Definition: script.h:197
@ OP_NOP8
Definition: script.h:204
@ OP_HASH160
Definition: script.h:186
@ OP_1
Definition: script.h:82
@ OP_PUSHDATA1
Definition: script.h:77
@ OP_3
Definition: script.h:85
@ OP_PUSHDATA2
Definition: script.h:78
@ OP_0
Definition: script.h:75
@ OP_EQUALVERIFY
Definition: script.h:146
std::string ScriptErrorString(const ScriptError serror)
enum ScriptError_t ScriptError
ScriptError_t
Definition: script_error.h:12
@ SCRIPT_ERR_OP_CODESEPARATOR
Definition: script_error.h:82
@ SCRIPT_ERR_SIG_PUSHONLY
Definition: script_error.h:48
@ SCRIPT_ERR_OP_COUNT
Definition: script_error.h:21
@ SCRIPT_ERR_EVAL_FALSE
Definition: script_error.h:15
@ SCRIPT_ERR_NUMEQUALVERIFY
Definition: script_error.h:31
@ SCRIPT_ERR_VERIFY
Definition: script_error.h:27
@ SCRIPT_ERR_DISABLED_OPCODE
Definition: script_error.h:35
@ SCRIPT_ERR_INVALID_ALTSTACK_OPERATION
Definition: script_error.h:37
@ SCRIPT_ERR_DISCOURAGE_UPGRADABLE_WITNESS_PROGRAM
Definition: script_error.h:58
@ SCRIPT_ERR_SCRIPT_SIZE
Definition: script_error.h:19
@ SCRIPT_ERR_UNKNOWN_ERROR
Definition: script_error.h:14
@ SCRIPT_ERR_WITNESS_PROGRAM_WRONG_LENGTH
Definition: script_error.h:64
@ SCRIPT_ERR_SIG_HASHTYPE
Definition: script_error.h:45
@ SCRIPT_ERR_MINIMALDATA
Definition: script_error.h:47
@ SCRIPT_ERR_CHECKSIGVERIFY
Definition: script_error.h:30
@ SCRIPT_ERR_STACK_SIZE
Definition: script_error.h:22
@ SCRIPT_ERR_WITNESS_MALLEATED_P2SH
Definition: script_error.h:68
@ SCRIPT_ERR_WITNESS_MALLEATED
Definition: script_error.h:67
@ SCRIPT_ERR_DISCOURAGE_UPGRADABLE_NOPS
Definition: script_error.h:57
@ SCRIPT_ERR_EQUALVERIFY
Definition: script_error.h:28
@ SCRIPT_ERR_INVALID_STACK_OPERATION
Definition: script_error.h:36
@ SCRIPT_ERR_SIG_COUNT
Definition: script_error.h:23
@ SCRIPT_ERR_SIG_HIGH_S
Definition: script_error.h:49
@ SCRIPT_ERR_SIG_DER
Definition: script_error.h:46
@ SCRIPT_ERR_WITNESS_UNEXPECTED
Definition: script_error.h:69
@ SCRIPT_ERR_NEGATIVE_LOCKTIME
Definition: script_error.h:41
@ SCRIPT_ERR_WITNESS_PROGRAM_MISMATCH
Definition: script_error.h:66
@ SCRIPT_ERR_OP_RETURN
Definition: script_error.h:16
@ SCRIPT_ERR_PUSH_SIZE
Definition: script_error.h:20
@ SCRIPT_ERR_SIG_NULLFAIL
Definition: script_error.h:54
@ SCRIPT_ERR_OK
Definition: script_error.h:13
@ SCRIPT_ERR_SIG_NULLDUMMY
Definition: script_error.h:50
@ SCRIPT_ERR_PUBKEYTYPE
Definition: script_error.h:51
@ SCRIPT_ERR_CHECKMULTISIGVERIFY
Definition: script_error.h:29
@ SCRIPT_ERR_UNSATISFIED_LOCKTIME
Definition: script_error.h:42
@ SCRIPT_ERR_WITNESS_PUBKEYTYPE
Definition: script_error.h:70
@ SCRIPT_ERR_SIG_FINDANDDELETE
Definition: script_error.h:83
@ SCRIPT_ERR_BAD_OPCODE
Definition: script_error.h:34
@ SCRIPT_ERR_PUBKEY_COUNT
Definition: script_error.h:24
@ SCRIPT_ERR_WITNESS_PROGRAM_WITNESS_EMPTY
Definition: script_error.h:65
@ SCRIPT_ERR_CLEANSTACK
Definition: script_error.h:52
@ SCRIPT_ERR_UNBALANCED_CONDITIONAL
Definition: script_error.h:38
@ SCRIPT_ERR_MINIMALIF
Definition: script_error.h:53
static std::string FormatScriptError(ScriptError_t err)
static void NegateSignatureS(std::vector< unsigned char > &vchSig)
static ScriptError_t ParseScriptError(const std::string &name)
static CScript ScriptFromHex(const std::string &str)
SignatureData CombineSignatures(const CTxOut &txout, const CMutableTransaction &tx, const SignatureData &scriptSig1, const SignatureData &scriptSig2)
static ScriptErrorDesc script_errors[]
static CMutableTransaction TxFromHex(const std::string &str)
void DoTest(const CScript &scriptPubKey, const CScript &scriptSig, const CScriptWitness &scriptWitness, uint32_t flags, const std::string &message, int scriptError, CAmount nValue=0)
static void AssetTest(const UniValue &test)
static CScript sign_multisig(const CScript &scriptPubKey, const std::vector< CKey > &keys, const CTransaction &transaction)
unsigned int ParseScriptFlags(std::string strFlags)
static std::vector< unsigned int > AllConsensusFlags()
BOOST_AUTO_TEST_CASE(script_build)
std::string FormatScriptFlags(unsigned int flags)
static const unsigned int gFlags
static CScriptWitness ScriptWitnessFromJSON(const UniValue &univalue)
static std::vector< CTxOut > TxOutsFromJSON(const UniValue &univalue)
static const std::vector< unsigned int > ALL_CONSENSUS_FLAGS
Precomputed list of all valid combinations of consensus-relevant script validation flags.
bool ProduceSignature(const SigningProvider &provider, const BaseSignatureCreator &creator, const CScript &fromPubKey, SignatureData &sigdata)
Produce a script signature using a generic signature creator.
Definition: sign.cpp:499
static bool GetPubKey(const SigningProvider &provider, const SignatureData &sigdata, const CKeyID &address, CPubKey &pubkey)
Definition: sign.cpp:109
SignatureData DataFromTransaction(const CMutableTransaction &tx, unsigned int nIn, const CTxOut &txout)
Extract signature data from a transaction input, and insert it.
Definition: sign.cpp:607
bool SignSignature(const SigningProvider &provider, const CScript &fromPubKey, CMutableTransaction &txTo, unsigned int nIn, const CAmount &amount, int nHashType, SignatureData &sig_data)
Produce a satisfying script (scriptSig or witness).
Definition: sign.cpp:694
std::pair< CPubKey, std::vector< unsigned char > > SigPair
Definition: sign.h:63
const SigningProvider & DUMMY_SIGNING_PROVIDER
CScript GetScriptForMultisig(int nRequired, const std::vector< CPubKey > &keys)
Generate a multisig script.
Definition: solver.cpp:214
Span(T *, EndOrSize) -> Span< T >
std::vector< Byte > ParseHex(std::string_view hex_str)
Like TryParseHex, but returns an empty vector on invalid input.
Definition: strencodings.h:65
Basic testing setup.
Definition: setup_common.h:54
A mutable version of CTransaction.
Definition: transaction.h:378
std::vector< CTxOut > vout
Definition: transaction.h:380
Txid GetHash() const
Compute the hash of this CMutableTransaction.
Definition: transaction.cpp:69
std::vector< CTxIn > vin
Definition: transaction.h:379
std::vector< std::vector< unsigned char > > stack
Definition: script.h:569
std::map< CKeyID, CKey > keys
A type to represent integers in the type system.
Definition: lintrans.h:13
void Init(const T &tx, std::vector< CTxOut > &&spent_outputs, bool force=false)
Initialize this PrecomputedTransactionData with transaction data.
bool m_bip341_taproot_ready
Whether the 5 fields above are initialized.
Definition: interpreter.h:163
ScriptError_t err
const char * name
bool m_annex_present
Whether an annex is present.
Definition: interpreter.h:213
bool m_annex_init
Whether m_annex_present and (when needed) m_annex_hash are initialized.
Definition: interpreter.h:211
void MergeSignatureData(SignatureData sigdata)
Definition: sign.cpp:678
std::map< CKeyID, SigPair > signatures
BIP 174 style partial signatures for the input. May contain all signatures necessary for producing a ...
Definition: sign.h:77
TaprootSpendData tr_spenddata
Taproot spending data.
Definition: sign.h:75
CScript scriptSig
The scriptSig of an input. Contains complete signatures or the traditional partial signatures format.
Definition: sign.h:71
static uint64_t InsecureRandBits(int bits)
Definition: random.h:54
#define strprintf
Format arguments and return the string or write to given std::ostream (see tinyformat::format doc for...
Definition: tinyformat.h:1162
CMutableTransaction BuildSpendingTransaction(const CScript &scriptSig, const CScriptWitness &scriptWitness, const CTransaction &txCredit)
CMutableTransaction BuildCreditingTransaction(const CScript &scriptPubKey, int nValue)
uint256 uint256S(const char *str)
Definition: uint256.h:119
#define expect(bit)
std::string HexStr(const Span< const uint8_t > s)
Convert a span of bytes to a lower-case hexadecimal string.
assert(!tx.IsCoinBase())