Bitcoin Core 29.99.0
P2P Digital Currency
script_tests.cpp
Go to the documentation of this file.
1// Copyright (c) 2011-present The Bitcoin Core developers
2// Distributed under the MIT software license, see the accompanying
3// file COPYING or http://www.opensource.org/licenses/mit-license.php.
4
5#include <test/data/script_tests.json.h>
6#include <test/data/bip341_wallet_vectors.json.h>
7
8#include <common/system.h>
9#include <core_io.h>
10#include <key.h>
11#include <rpc/util.h>
12#include <script/script.h>
13#include <script/script_error.h>
14#include <script/sigcache.h>
15#include <script/sign.h>
17#include <script/solver.h>
18#include <streams.h>
19#include <test/util/json.h>
20#include <test/util/random.h>
23#include <util/fs.h>
24#include <util/strencodings.h>
25
26#include <cstdint>
27#include <fstream>
28#include <string>
29#include <vector>
30
31#include <boost/test/unit_test.hpp>
32
33#include <secp256k1.h>
34#include <univalue.h>
35
36// Uncomment if you want to output updated JSON tests.
37// #define UPDATE_JSON_TESTS
38
39using namespace util::hex_literals;
40
42
43unsigned int ParseScriptFlags(std::string strFlags);
44std::string FormatScriptFlags(unsigned int flags);
45
47{
49 const char *name;
50};
51
53 {SCRIPT_ERR_OK, "OK"},
54 {SCRIPT_ERR_UNKNOWN_ERROR, "UNKNOWN_ERROR"},
55 {SCRIPT_ERR_EVAL_FALSE, "EVAL_FALSE"},
56 {SCRIPT_ERR_OP_RETURN, "OP_RETURN"},
57 {SCRIPT_ERR_SCRIPT_SIZE, "SCRIPT_SIZE"},
58 {SCRIPT_ERR_PUSH_SIZE, "PUSH_SIZE"},
59 {SCRIPT_ERR_OP_COUNT, "OP_COUNT"},
60 {SCRIPT_ERR_STACK_SIZE, "STACK_SIZE"},
61 {SCRIPT_ERR_SIG_COUNT, "SIG_COUNT"},
62 {SCRIPT_ERR_PUBKEY_COUNT, "PUBKEY_COUNT"},
63 {SCRIPT_ERR_VERIFY, "VERIFY"},
64 {SCRIPT_ERR_EQUALVERIFY, "EQUALVERIFY"},
65 {SCRIPT_ERR_CHECKMULTISIGVERIFY, "CHECKMULTISIGVERIFY"},
66 {SCRIPT_ERR_CHECKSIGVERIFY, "CHECKSIGVERIFY"},
67 {SCRIPT_ERR_NUMEQUALVERIFY, "NUMEQUALVERIFY"},
68 {SCRIPT_ERR_BAD_OPCODE, "BAD_OPCODE"},
69 {SCRIPT_ERR_DISABLED_OPCODE, "DISABLED_OPCODE"},
70 {SCRIPT_ERR_INVALID_STACK_OPERATION, "INVALID_STACK_OPERATION"},
71 {SCRIPT_ERR_INVALID_ALTSTACK_OPERATION, "INVALID_ALTSTACK_OPERATION"},
72 {SCRIPT_ERR_UNBALANCED_CONDITIONAL, "UNBALANCED_CONDITIONAL"},
73 {SCRIPT_ERR_NEGATIVE_LOCKTIME, "NEGATIVE_LOCKTIME"},
74 {SCRIPT_ERR_UNSATISFIED_LOCKTIME, "UNSATISFIED_LOCKTIME"},
75 {SCRIPT_ERR_SIG_HASHTYPE, "SIG_HASHTYPE"},
76 {SCRIPT_ERR_SIG_DER, "SIG_DER"},
77 {SCRIPT_ERR_MINIMALDATA, "MINIMALDATA"},
78 {SCRIPT_ERR_SIG_PUSHONLY, "SIG_PUSHONLY"},
79 {SCRIPT_ERR_SIG_HIGH_S, "SIG_HIGH_S"},
80 {SCRIPT_ERR_SIG_NULLDUMMY, "SIG_NULLDUMMY"},
81 {SCRIPT_ERR_PUBKEYTYPE, "PUBKEYTYPE"},
82 {SCRIPT_ERR_CLEANSTACK, "CLEANSTACK"},
83 {SCRIPT_ERR_MINIMALIF, "MINIMALIF"},
84 {SCRIPT_ERR_SIG_NULLFAIL, "NULLFAIL"},
85 {SCRIPT_ERR_DISCOURAGE_UPGRADABLE_NOPS, "DISCOURAGE_UPGRADABLE_NOPS"},
86 {SCRIPT_ERR_DISCOURAGE_UPGRADABLE_WITNESS_PROGRAM, "DISCOURAGE_UPGRADABLE_WITNESS_PROGRAM"},
87 {SCRIPT_ERR_WITNESS_PROGRAM_WRONG_LENGTH, "WITNESS_PROGRAM_WRONG_LENGTH"},
88 {SCRIPT_ERR_WITNESS_PROGRAM_WITNESS_EMPTY, "WITNESS_PROGRAM_WITNESS_EMPTY"},
89 {SCRIPT_ERR_WITNESS_PROGRAM_MISMATCH, "WITNESS_PROGRAM_MISMATCH"},
90 {SCRIPT_ERR_WITNESS_MALLEATED, "WITNESS_MALLEATED"},
91 {SCRIPT_ERR_WITNESS_MALLEATED_P2SH, "WITNESS_MALLEATED_P2SH"},
92 {SCRIPT_ERR_WITNESS_UNEXPECTED, "WITNESS_UNEXPECTED"},
93 {SCRIPT_ERR_WITNESS_PUBKEYTYPE, "WITNESS_PUBKEYTYPE"},
94 {SCRIPT_ERR_OP_CODESEPARATOR, "OP_CODESEPARATOR"},
95 {SCRIPT_ERR_SIG_FINDANDDELETE, "SIG_FINDANDDELETE"},
96};
97
98static std::string FormatScriptError(ScriptError_t err)
99{
100 for (const auto& se : script_errors)
101 if (se.err == err)
102 return se.name;
103 BOOST_ERROR("Unknown scripterror enumeration value, update script_errors in script_tests.cpp.");
104 return "";
105}
106
107static ScriptError_t ParseScriptError(const std::string& name)
108{
109 for (const auto& se : script_errors)
110 if (se.name == name)
111 return se.err;
112 BOOST_ERROR("Unknown scripterror \"" << name << "\" in test description");
114}
115
117void DoTest(const CScript& scriptPubKey, const CScript& scriptSig, const CScriptWitness& scriptWitness, uint32_t flags, const std::string& message, int scriptError, CAmount nValue = 0)
118{
119 bool expect = (scriptError == SCRIPT_ERR_OK);
123 }
124 ScriptError err;
125 const CTransaction txCredit{BuildCreditingTransaction(scriptPubKey, nValue)};
126 CMutableTransaction tx = BuildSpendingTransaction(scriptSig, scriptWitness, txCredit);
127 BOOST_CHECK_MESSAGE(VerifyScript(scriptSig, scriptPubKey, &scriptWitness, flags, MutableTransactionSignatureChecker(&tx, 0, txCredit.vout[0].nValue, MissingDataBehavior::ASSERT_FAIL), &err) == expect, message);
128 BOOST_CHECK_MESSAGE(err == scriptError, FormatScriptError(err) + " where " + FormatScriptError((ScriptError_t)scriptError) + " expected: " + message);
129
130 // Verify that removing flags from a passing test or adding flags to a failing test does not change the result.
131 for (int i = 0; i < 16; ++i) {
132 uint32_t extra_flags(m_rng.randbits(16));
133 uint32_t combined_flags{expect ? (flags & ~extra_flags) : (flags | extra_flags)};
134 // Weed out some invalid flag combinations.
135 if (combined_flags & SCRIPT_VERIFY_CLEANSTACK && ~combined_flags & (SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS)) continue;
136 if (combined_flags & SCRIPT_VERIFY_WITNESS && ~combined_flags & SCRIPT_VERIFY_P2SH) continue;
137 BOOST_CHECK_MESSAGE(VerifyScript(scriptSig, scriptPubKey, &scriptWitness, combined_flags, MutableTransactionSignatureChecker(&tx, 0, txCredit.vout[0].nValue, MissingDataBehavior::ASSERT_FAIL), &err) == expect, message + strprintf(" (with flags %x)", combined_flags));
138 }
139}
140}; // struct ScriptTest
141
142void static NegateSignatureS(std::vector<unsigned char>& vchSig) {
143 // Parse the signature.
144 std::vector<unsigned char> r, s;
145 r = std::vector<unsigned char>(vchSig.begin() + 4, vchSig.begin() + 4 + vchSig[3]);
146 s = std::vector<unsigned char>(vchSig.begin() + 6 + vchSig[3], vchSig.begin() + 6 + vchSig[3] + vchSig[5 + vchSig[3]]);
147
148 while (s.size() < 33) {
149 s.insert(s.begin(), 0x00);
150 }
151 assert(s[0] == 0);
152 // Perform mod-n negation of s by (ab)using libsecp256k1
153 // (note that this function is meant to be used for negating secret keys,
154 // but it works for any non-zero scalar modulo the group order, i.e. also for s)
156 assert(ret);
157
158 if (s[1] < 0x80) {
159 s.erase(s.begin());
160 }
161
162 // Reconstruct the signature.
163 vchSig.clear();
164 vchSig.push_back(0x30);
165 vchSig.push_back(4 + r.size() + s.size());
166 vchSig.push_back(0x02);
167 vchSig.push_back(r.size());
168 vchSig.insert(vchSig.end(), r.begin(), r.end());
169 vchSig.push_back(0x02);
170 vchSig.push_back(s.size());
171 vchSig.insert(vchSig.end(), s.begin(), s.end());
172}
173
174namespace
175{
176const unsigned char vchKey0[32] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1};
177const unsigned char vchKey1[32] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0};
178const unsigned char vchKey2[32] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0};
179
180struct KeyData
181{
182 CKey key0, key0C, key1, key1C, key2, key2C;
183 CPubKey pubkey0, pubkey0C, pubkey0H;
184 CPubKey pubkey1, pubkey1C;
185 CPubKey pubkey2, pubkey2C;
186
187 KeyData()
188 {
189 key0.Set(vchKey0, vchKey0 + 32, false);
190 key0C.Set(vchKey0, vchKey0 + 32, true);
191 pubkey0 = key0.GetPubKey();
192 pubkey0H = key0.GetPubKey();
193 pubkey0C = key0C.GetPubKey();
194 *const_cast<unsigned char*>(pubkey0H.data()) = 0x06 | (pubkey0H[64] & 1);
195
196 key1.Set(vchKey1, vchKey1 + 32, false);
197 key1C.Set(vchKey1, vchKey1 + 32, true);
198 pubkey1 = key1.GetPubKey();
199 pubkey1C = key1C.GetPubKey();
200
201 key2.Set(vchKey2, vchKey2 + 32, false);
202 key2C.Set(vchKey2, vchKey2 + 32, true);
203 pubkey2 = key2.GetPubKey();
204 pubkey2C = key2C.GetPubKey();
205 }
206};
207
208enum class WitnessMode {
209 NONE,
210 PKH,
211 SH
212};
213
214class TestBuilder
215{
216private:
220 CScript redeemscript;
222 CScript witscript;
223 CScriptWitness scriptWitness;
224 CTransactionRef creditTx;
225 CMutableTransaction spendTx;
226 bool havePush{false};
227 std::vector<unsigned char> push;
228 std::string comment;
229 uint32_t flags;
230 int scriptError{SCRIPT_ERR_OK};
231 CAmount nValue;
232
233 void DoPush()
234 {
235 if (havePush) {
236 spendTx.vin[0].scriptSig << push;
237 havePush = false;
238 }
239 }
240
241 void DoPush(const std::vector<unsigned char>& data)
242 {
243 DoPush();
244 push = data;
245 havePush = true;
246 }
247
248public:
249 TestBuilder(const CScript& script_, const std::string& comment_, uint32_t flags_, bool P2SH = false, WitnessMode wm = WitnessMode::NONE, int witnessversion = 0, CAmount nValue_ = 0) : script(script_), comment(comment_), flags(flags_), nValue(nValue_)
250 {
251 CScript scriptPubKey = script;
252 if (wm == WitnessMode::PKH) {
253 uint160 hash;
254 CHash160().Write(std::span{script}.subspan(1)).Finalize(hash);
256 scriptPubKey = CScript() << witnessversion << ToByteVector(hash);
257 } else if (wm == WitnessMode::SH) {
258 witscript = scriptPubKey;
259 uint256 hash;
260 CSHA256().Write(witscript.data(), witscript.size()).Finalize(hash.begin());
261 scriptPubKey = CScript() << witnessversion << ToByteVector(hash);
262 }
263 if (P2SH) {
264 redeemscript = scriptPubKey;
265 scriptPubKey = CScript() << OP_HASH160 << ToByteVector(CScriptID(redeemscript)) << OP_EQUAL;
266 }
267 creditTx = MakeTransactionRef(BuildCreditingTransaction(scriptPubKey, nValue));
268 spendTx = BuildSpendingTransaction(CScript(), CScriptWitness(), *creditTx);
269 }
270
271 TestBuilder& ScriptError(ScriptError_t err)
272 {
273 scriptError = err;
274 return *this;
275 }
276
277 TestBuilder& Opcode(const opcodetype& _op)
278 {
279 DoPush();
280 spendTx.vin[0].scriptSig << _op;
281 return *this;
282 }
283
284 TestBuilder& Num(int num)
285 {
286 DoPush();
287 spendTx.vin[0].scriptSig << num;
288 return *this;
289 }
290
291 TestBuilder& Push(const std::string& hex)
292 {
293 DoPush(ParseHex(hex));
294 return *this;
295 }
296
297 TestBuilder& Push(const CScript& _script)
298 {
299 DoPush(std::vector<unsigned char>(_script.begin(), _script.end()));
300 return *this;
301 }
302
303 TestBuilder& PushSig(const CKey& key, int nHashType = SIGHASH_ALL, unsigned int lenR = 32, unsigned int lenS = 32, SigVersion sigversion = SigVersion::BASE, CAmount amount = 0)
304 {
305 uint256 hash = SignatureHash(script, spendTx, 0, nHashType, amount, sigversion);
306 std::vector<unsigned char> vchSig, r, s;
307 uint32_t iter = 0;
308 do {
309 key.Sign(hash, vchSig, false, iter++);
310 if ((lenS == 33) != (vchSig[5 + vchSig[3]] == 33)) {
311 NegateSignatureS(vchSig);
312 }
313 r = std::vector<unsigned char>(vchSig.begin() + 4, vchSig.begin() + 4 + vchSig[3]);
314 s = std::vector<unsigned char>(vchSig.begin() + 6 + vchSig[3], vchSig.begin() + 6 + vchSig[3] + vchSig[5 + vchSig[3]]);
315 } while (lenR != r.size() || lenS != s.size());
316 vchSig.push_back(static_cast<unsigned char>(nHashType));
317 DoPush(vchSig);
318 return *this;
319 }
320
321 TestBuilder& PushWitSig(const CKey& key, CAmount amount = -1, int nHashType = SIGHASH_ALL, unsigned int lenR = 32, unsigned int lenS = 32, SigVersion sigversion = SigVersion::WITNESS_V0)
322 {
323 if (amount == -1)
324 amount = nValue;
325 return PushSig(key, nHashType, lenR, lenS, sigversion, amount).AsWit();
326 }
327
328 TestBuilder& Push(const CPubKey& pubkey)
329 {
330 DoPush(std::vector<unsigned char>(pubkey.begin(), pubkey.end()));
331 return *this;
332 }
333
334 TestBuilder& PushRedeem()
335 {
336 DoPush(std::vector<unsigned char>(redeemscript.begin(), redeemscript.end()));
337 return *this;
338 }
339
340 TestBuilder& PushWitRedeem()
341 {
342 DoPush(std::vector<unsigned char>(witscript.begin(), witscript.end()));
343 return AsWit();
344 }
345
346 TestBuilder& EditPush(unsigned int pos, const std::string& hexin, const std::string& hexout)
347 {
348 assert(havePush);
349 std::vector<unsigned char> datain = ParseHex(hexin);
350 std::vector<unsigned char> dataout = ParseHex(hexout);
351 assert(pos + datain.size() <= push.size());
352 BOOST_CHECK_MESSAGE(std::vector<unsigned char>(push.begin() + pos, push.begin() + pos + datain.size()) == datain, comment);
353 push.erase(push.begin() + pos, push.begin() + pos + datain.size());
354 push.insert(push.begin() + pos, dataout.begin(), dataout.end());
355 return *this;
356 }
357
358 TestBuilder& DamagePush(unsigned int pos)
359 {
360 assert(havePush);
361 assert(pos < push.size());
362 push[pos] ^= 1;
363 return *this;
364 }
365
366 TestBuilder& Test(ScriptTest& test)
367 {
368 TestBuilder copy = *this; // Make a copy so we can rollback the push.
369 DoPush();
370 test.DoTest(creditTx->vout[0].scriptPubKey, spendTx.vin[0].scriptSig, scriptWitness, flags, comment, scriptError, nValue);
371 *this = copy;
372 return *this;
373 }
374
375 TestBuilder& AsWit()
376 {
377 assert(havePush);
378 scriptWitness.stack.push_back(push);
379 havePush = false;
380 return *this;
381 }
382
383 UniValue GetJSON()
384 {
385 DoPush();
387 if (!scriptWitness.stack.empty()) {
389 for (unsigned i = 0; i < scriptWitness.stack.size(); i++) {
390 wit.push_back(HexStr(scriptWitness.stack[i]));
391 }
392 wit.push_back(ValueFromAmount(nValue));
393 array.push_back(std::move(wit));
394 }
395 array.push_back(FormatScript(spendTx.vin[0].scriptSig));
396 array.push_back(FormatScript(creditTx->vout[0].scriptPubKey));
397 array.push_back(FormatScriptFlags(flags));
398 array.push_back(FormatScriptError((ScriptError_t)scriptError));
399 array.push_back(comment);
400 return array;
401 }
402
403 std::string GetComment() const
404 {
405 return comment;
406 }
407};
408
409std::string JSONPrettyPrint(const UniValue& univalue)
410{
411 std::string ret = univalue.write(4);
412 // Workaround for libunivalue pretty printer, which puts a space between commas and newlines
413 size_t pos = 0;
414 while ((pos = ret.find(" \n", pos)) != std::string::npos) {
415 ret.replace(pos, 2, "\n");
416 pos++;
417 }
418 return ret;
419}
420} // namespace
421
423
425{
426 const KeyData keys;
427
428 std::vector<TestBuilder> tests;
429
430 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
431 "P2PK", 0
432 ).PushSig(keys.key0));
433 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
434 "P2PK, bad sig", 0
435 ).PushSig(keys.key0).DamagePush(10).ScriptError(SCRIPT_ERR_EVAL_FALSE));
436
437 tests.push_back(TestBuilder(CScript() << OP_DUP << OP_HASH160 << ToByteVector(keys.pubkey1C.GetID()) << OP_EQUALVERIFY << OP_CHECKSIG,
438 "P2PKH", 0
439 ).PushSig(keys.key1).Push(keys.pubkey1C));
440 tests.push_back(TestBuilder(CScript() << OP_DUP << OP_HASH160 << ToByteVector(keys.pubkey2C.GetID()) << OP_EQUALVERIFY << OP_CHECKSIG,
441 "P2PKH, bad pubkey", 0
442 ).PushSig(keys.key2).Push(keys.pubkey2C).DamagePush(5).ScriptError(SCRIPT_ERR_EQUALVERIFY));
443
444 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG,
445 "P2PK anyonecanpay", 0
446 ).PushSig(keys.key1, SIGHASH_ALL | SIGHASH_ANYONECANPAY));
447 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG,
448 "P2PK anyonecanpay marked with normal hashtype", 0
449 ).PushSig(keys.key1, SIGHASH_ALL | SIGHASH_ANYONECANPAY).EditPush(70, "81", "01").ScriptError(SCRIPT_ERR_EVAL_FALSE));
450
451 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0C) << OP_CHECKSIG,
452 "P2SH(P2PK)", SCRIPT_VERIFY_P2SH, true
453 ).PushSig(keys.key0).PushRedeem());
454 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0C) << OP_CHECKSIG,
455 "P2SH(P2PK), bad redeemscript", SCRIPT_VERIFY_P2SH, true
456 ).PushSig(keys.key0).PushRedeem().DamagePush(10).ScriptError(SCRIPT_ERR_EVAL_FALSE));
457
458 tests.push_back(TestBuilder(CScript() << OP_DUP << OP_HASH160 << ToByteVector(keys.pubkey0.GetID()) << OP_EQUALVERIFY << OP_CHECKSIG,
459 "P2SH(P2PKH)", SCRIPT_VERIFY_P2SH, true
460 ).PushSig(keys.key0).Push(keys.pubkey0).PushRedeem());
461 tests.push_back(TestBuilder(CScript() << OP_DUP << OP_HASH160 << ToByteVector(keys.pubkey1.GetID()) << OP_EQUALVERIFY << OP_CHECKSIG,
462 "P2SH(P2PKH), bad sig but no VERIFY_P2SH", 0, true
463 ).PushSig(keys.key0).DamagePush(10).PushRedeem());
464 tests.push_back(TestBuilder(CScript() << OP_DUP << OP_HASH160 << ToByteVector(keys.pubkey1.GetID()) << OP_EQUALVERIFY << OP_CHECKSIG,
465 "P2SH(P2PKH), bad sig", SCRIPT_VERIFY_P2SH, true
466 ).PushSig(keys.key0).DamagePush(10).PushRedeem().ScriptError(SCRIPT_ERR_EQUALVERIFY));
467
468 tests.push_back(TestBuilder(CScript() << OP_3 << ToByteVector(keys.pubkey0C) << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_3 << OP_CHECKMULTISIG,
469 "3-of-3", 0
470 ).Num(0).PushSig(keys.key0).PushSig(keys.key1).PushSig(keys.key2));
471 tests.push_back(TestBuilder(CScript() << OP_3 << ToByteVector(keys.pubkey0C) << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_3 << OP_CHECKMULTISIG,
472 "3-of-3, 2 sigs", 0
473 ).Num(0).PushSig(keys.key0).PushSig(keys.key1).Num(0).ScriptError(SCRIPT_ERR_EVAL_FALSE));
474
475 tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey0C) << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_3 << OP_CHECKMULTISIG,
476 "P2SH(2-of-3)", SCRIPT_VERIFY_P2SH, true
477 ).Num(0).PushSig(keys.key1).PushSig(keys.key2).PushRedeem());
478 tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey0C) << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_3 << OP_CHECKMULTISIG,
479 "P2SH(2-of-3), 1 sig", SCRIPT_VERIFY_P2SH, true
480 ).Num(0).PushSig(keys.key1).Num(0).PushRedeem().ScriptError(SCRIPT_ERR_EVAL_FALSE));
481
482 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
483 "P2PK with too much R padding but no DERSIG", 0
484 ).PushSig(keys.key1, SIGHASH_ALL, 31, 32).EditPush(1, "43021F", "44022000"));
485 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
486 "P2PK with too much R padding", SCRIPT_VERIFY_DERSIG
487 ).PushSig(keys.key1, SIGHASH_ALL, 31, 32).EditPush(1, "43021F", "44022000").ScriptError(SCRIPT_ERR_SIG_DER));
488 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
489 "P2PK with too much S padding but no DERSIG", 0
490 ).PushSig(keys.key1, SIGHASH_ALL).EditPush(1, "44", "45").EditPush(37, "20", "2100"));
491 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
492 "P2PK with too much S padding", SCRIPT_VERIFY_DERSIG
493 ).PushSig(keys.key1, SIGHASH_ALL).EditPush(1, "44", "45").EditPush(37, "20", "2100").ScriptError(SCRIPT_ERR_SIG_DER));
494 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
495 "P2PK with too little R padding but no DERSIG", 0
496 ).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220"));
497 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
498 "P2PK with too little R padding", SCRIPT_VERIFY_DERSIG
499 ).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").ScriptError(SCRIPT_ERR_SIG_DER));
500 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG << OP_NOT,
501 "P2PK NOT with bad sig with too much R padding but no DERSIG", 0
502 ).PushSig(keys.key2, SIGHASH_ALL, 31, 32).EditPush(1, "43021F", "44022000").DamagePush(10));
503 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG << OP_NOT,
504 "P2PK NOT with bad sig with too much R padding", SCRIPT_VERIFY_DERSIG
505 ).PushSig(keys.key2, SIGHASH_ALL, 31, 32).EditPush(1, "43021F", "44022000").DamagePush(10).ScriptError(SCRIPT_ERR_SIG_DER));
506 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG << OP_NOT,
507 "P2PK NOT with too much R padding but no DERSIG", 0
508 ).PushSig(keys.key2, SIGHASH_ALL, 31, 32).EditPush(1, "43021F", "44022000").ScriptError(SCRIPT_ERR_EVAL_FALSE));
509 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG << OP_NOT,
510 "P2PK NOT with too much R padding", SCRIPT_VERIFY_DERSIG
511 ).PushSig(keys.key2, SIGHASH_ALL, 31, 32).EditPush(1, "43021F", "44022000").ScriptError(SCRIPT_ERR_SIG_DER));
512
513 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
514 "BIP66 example 1, without DERSIG", 0
515 ).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220"));
516 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
517 "BIP66 example 1, with DERSIG", SCRIPT_VERIFY_DERSIG
518 ).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").ScriptError(SCRIPT_ERR_SIG_DER));
519 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG << OP_NOT,
520 "BIP66 example 2, without DERSIG", 0
521 ).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").ScriptError(SCRIPT_ERR_EVAL_FALSE));
522 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG << OP_NOT,
523 "BIP66 example 2, with DERSIG", SCRIPT_VERIFY_DERSIG
524 ).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").ScriptError(SCRIPT_ERR_SIG_DER));
525 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
526 "BIP66 example 3, without DERSIG", 0
527 ).Num(0).ScriptError(SCRIPT_ERR_EVAL_FALSE));
528 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
529 "BIP66 example 3, with DERSIG", SCRIPT_VERIFY_DERSIG
530 ).Num(0).ScriptError(SCRIPT_ERR_EVAL_FALSE));
531 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG << OP_NOT,
532 "BIP66 example 4, without DERSIG", 0
533 ).Num(0));
534 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG << OP_NOT,
535 "BIP66 example 4, with DERSIG", SCRIPT_VERIFY_DERSIG
536 ).Num(0));
537 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
538 "BIP66 example 5, without DERSIG", 0
539 ).Num(1).ScriptError(SCRIPT_ERR_EVAL_FALSE));
540 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
541 "BIP66 example 5, with DERSIG", SCRIPT_VERIFY_DERSIG
542 ).Num(1).ScriptError(SCRIPT_ERR_SIG_DER));
543 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG << OP_NOT,
544 "BIP66 example 6, without DERSIG", 0
545 ).Num(1));
546 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG << OP_NOT,
547 "BIP66 example 6, with DERSIG", SCRIPT_VERIFY_DERSIG
548 ).Num(1).ScriptError(SCRIPT_ERR_SIG_DER));
549 tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG,
550 "BIP66 example 7, without DERSIG", 0
551 ).Num(0).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").PushSig(keys.key2));
552 tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG,
553 "BIP66 example 7, with DERSIG", SCRIPT_VERIFY_DERSIG
554 ).Num(0).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").PushSig(keys.key2).ScriptError(SCRIPT_ERR_SIG_DER));
555 tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG << OP_NOT,
556 "BIP66 example 8, without DERSIG", 0
557 ).Num(0).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").PushSig(keys.key2).ScriptError(SCRIPT_ERR_EVAL_FALSE));
558 tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG << OP_NOT,
559 "BIP66 example 8, with DERSIG", SCRIPT_VERIFY_DERSIG
560 ).Num(0).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").PushSig(keys.key2).ScriptError(SCRIPT_ERR_SIG_DER));
561 tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG,
562 "BIP66 example 9, without DERSIG", 0
563 ).Num(0).Num(0).PushSig(keys.key2, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").ScriptError(SCRIPT_ERR_EVAL_FALSE));
564 tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG,
565 "BIP66 example 9, with DERSIG", SCRIPT_VERIFY_DERSIG
566 ).Num(0).Num(0).PushSig(keys.key2, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").ScriptError(SCRIPT_ERR_SIG_DER));
567 tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG << OP_NOT,
568 "BIP66 example 10, without DERSIG", 0
569 ).Num(0).Num(0).PushSig(keys.key2, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220"));
570 tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG << OP_NOT,
571 "BIP66 example 10, with DERSIG", SCRIPT_VERIFY_DERSIG
572 ).Num(0).Num(0).PushSig(keys.key2, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").ScriptError(SCRIPT_ERR_SIG_DER));
573 tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG,
574 "BIP66 example 11, without DERSIG", 0
575 ).Num(0).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").Num(0).ScriptError(SCRIPT_ERR_EVAL_FALSE));
576 tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG,
577 "BIP66 example 11, with DERSIG", SCRIPT_VERIFY_DERSIG
578 ).Num(0).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").Num(0).ScriptError(SCRIPT_ERR_EVAL_FALSE));
579 tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG << OP_NOT,
580 "BIP66 example 12, without DERSIG", 0
581 ).Num(0).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").Num(0));
582 tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG << OP_NOT,
583 "BIP66 example 12, with DERSIG", SCRIPT_VERIFY_DERSIG
584 ).Num(0).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").Num(0));
585 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG,
586 "P2PK with multi-byte hashtype, without DERSIG", 0
587 ).PushSig(keys.key2, SIGHASH_ALL).EditPush(70, "01", "0101"));
588 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG,
589 "P2PK with multi-byte hashtype, with DERSIG", SCRIPT_VERIFY_DERSIG
590 ).PushSig(keys.key2, SIGHASH_ALL).EditPush(70, "01", "0101").ScriptError(SCRIPT_ERR_SIG_DER));
591
592 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG,
593 "P2PK with high S but no LOW_S", 0
594 ).PushSig(keys.key2, SIGHASH_ALL, 32, 33));
595 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG,
596 "P2PK with high S", SCRIPT_VERIFY_LOW_S
597 ).PushSig(keys.key2, SIGHASH_ALL, 32, 33).ScriptError(SCRIPT_ERR_SIG_HIGH_S));
598
599 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0H) << OP_CHECKSIG,
600 "P2PK with hybrid pubkey but no STRICTENC", 0
601 ).PushSig(keys.key0, SIGHASH_ALL));
602 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0H) << OP_CHECKSIG,
603 "P2PK with hybrid pubkey", SCRIPT_VERIFY_STRICTENC
604 ).PushSig(keys.key0, SIGHASH_ALL).ScriptError(SCRIPT_ERR_PUBKEYTYPE));
605 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0H) << OP_CHECKSIG << OP_NOT,
606 "P2PK NOT with hybrid pubkey but no STRICTENC", 0
607 ).PushSig(keys.key0, SIGHASH_ALL).ScriptError(SCRIPT_ERR_EVAL_FALSE));
608 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0H) << OP_CHECKSIG << OP_NOT,
609 "P2PK NOT with hybrid pubkey", SCRIPT_VERIFY_STRICTENC
610 ).PushSig(keys.key0, SIGHASH_ALL).ScriptError(SCRIPT_ERR_PUBKEYTYPE));
611 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0H) << OP_CHECKSIG << OP_NOT,
612 "P2PK NOT with invalid hybrid pubkey but no STRICTENC", 0
613 ).PushSig(keys.key0, SIGHASH_ALL).DamagePush(10));
614 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0H) << OP_CHECKSIG << OP_NOT,
615 "P2PK NOT with invalid hybrid pubkey", SCRIPT_VERIFY_STRICTENC
616 ).PushSig(keys.key0, SIGHASH_ALL).DamagePush(10).ScriptError(SCRIPT_ERR_PUBKEYTYPE));
617 tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey0H) << ToByteVector(keys.pubkey1C) << OP_2 << OP_CHECKMULTISIG,
618 "1-of-2 with the second 1 hybrid pubkey and no STRICTENC", 0
619 ).Num(0).PushSig(keys.key1, SIGHASH_ALL));
620 tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey0H) << ToByteVector(keys.pubkey1C) << OP_2 << OP_CHECKMULTISIG,
621 "1-of-2 with the second 1 hybrid pubkey", SCRIPT_VERIFY_STRICTENC
622 ).Num(0).PushSig(keys.key1, SIGHASH_ALL));
623 tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey0H) << OP_2 << OP_CHECKMULTISIG,
624 "1-of-2 with the first 1 hybrid pubkey", SCRIPT_VERIFY_STRICTENC
625 ).Num(0).PushSig(keys.key1, SIGHASH_ALL).ScriptError(SCRIPT_ERR_PUBKEYTYPE));
626
627 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG,
628 "P2PK with undefined hashtype but no STRICTENC", 0
629 ).PushSig(keys.key1, 5));
630 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG,
631 "P2PK with undefined hashtype", SCRIPT_VERIFY_STRICTENC
632 ).PushSig(keys.key1, 5).ScriptError(SCRIPT_ERR_SIG_HASHTYPE));
633 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG << OP_NOT,
634 "P2PK NOT with invalid sig and undefined hashtype but no STRICTENC", 0
635 ).PushSig(keys.key1, 5).DamagePush(10));
636 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG << OP_NOT,
637 "P2PK NOT with invalid sig and undefined hashtype", SCRIPT_VERIFY_STRICTENC
638 ).PushSig(keys.key1, 5).DamagePush(10).ScriptError(SCRIPT_ERR_SIG_HASHTYPE));
639
640 tests.push_back(TestBuilder(CScript() << OP_3 << ToByteVector(keys.pubkey0C) << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_3 << OP_CHECKMULTISIG,
641 "3-of-3 with nonzero dummy but no NULLDUMMY", 0
642 ).Num(1).PushSig(keys.key0).PushSig(keys.key1).PushSig(keys.key2));
643 tests.push_back(TestBuilder(CScript() << OP_3 << ToByteVector(keys.pubkey0C) << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_3 << OP_CHECKMULTISIG,
644 "3-of-3 with nonzero dummy", SCRIPT_VERIFY_NULLDUMMY
645 ).Num(1).PushSig(keys.key0).PushSig(keys.key1).PushSig(keys.key2).ScriptError(SCRIPT_ERR_SIG_NULLDUMMY));
646 tests.push_back(TestBuilder(CScript() << OP_3 << ToByteVector(keys.pubkey0C) << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_3 << OP_CHECKMULTISIG << OP_NOT,
647 "3-of-3 NOT with invalid sig and nonzero dummy but no NULLDUMMY", 0
648 ).Num(1).PushSig(keys.key0).PushSig(keys.key1).PushSig(keys.key2).DamagePush(10));
649 tests.push_back(TestBuilder(CScript() << OP_3 << ToByteVector(keys.pubkey0C) << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_3 << OP_CHECKMULTISIG << OP_NOT,
650 "3-of-3 NOT with invalid sig with nonzero dummy", SCRIPT_VERIFY_NULLDUMMY
651 ).Num(1).PushSig(keys.key0).PushSig(keys.key1).PushSig(keys.key2).DamagePush(10).ScriptError(SCRIPT_ERR_SIG_NULLDUMMY));
652
653 tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey1C) << OP_2 << OP_CHECKMULTISIG,
654 "2-of-2 with two identical keys and sigs pushed using OP_DUP but no SIGPUSHONLY", 0
655 ).Num(0).PushSig(keys.key1).Opcode(OP_DUP));
656 tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey1C) << OP_2 << OP_CHECKMULTISIG,
657 "2-of-2 with two identical keys and sigs pushed using OP_DUP", SCRIPT_VERIFY_SIGPUSHONLY
658 ).Num(0).PushSig(keys.key1).Opcode(OP_DUP).ScriptError(SCRIPT_ERR_SIG_PUSHONLY));
659 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG,
660 "P2SH(P2PK) with non-push scriptSig but no P2SH or SIGPUSHONLY", 0, true
661 ).PushSig(keys.key2).Opcode(OP_NOP8).PushRedeem());
662 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG,
663 "P2PK with non-push scriptSig but with P2SH validation", 0
664 ).PushSig(keys.key2).Opcode(OP_NOP8));
665 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG,
666 "P2SH(P2PK) with non-push scriptSig but no SIGPUSHONLY", SCRIPT_VERIFY_P2SH, true
667 ).PushSig(keys.key2).Opcode(OP_NOP8).PushRedeem().ScriptError(SCRIPT_ERR_SIG_PUSHONLY));
668 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG,
669 "P2SH(P2PK) with non-push scriptSig but not P2SH", SCRIPT_VERIFY_SIGPUSHONLY, true
670 ).PushSig(keys.key2).Opcode(OP_NOP8).PushRedeem().ScriptError(SCRIPT_ERR_SIG_PUSHONLY));
671 tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey1C) << OP_2 << OP_CHECKMULTISIG,
672 "2-of-2 with two identical keys and sigs pushed", SCRIPT_VERIFY_SIGPUSHONLY
673 ).Num(0).PushSig(keys.key1).PushSig(keys.key1));
674 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
675 "P2PK with unnecessary input but no CLEANSTACK", SCRIPT_VERIFY_P2SH
676 ).Num(11).PushSig(keys.key0));
677 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
678 "P2PK with unnecessary input", SCRIPT_VERIFY_CLEANSTACK | SCRIPT_VERIFY_P2SH
679 ).Num(11).PushSig(keys.key0).ScriptError(SCRIPT_ERR_CLEANSTACK));
680 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
681 "P2SH with unnecessary input but no CLEANSTACK", SCRIPT_VERIFY_P2SH, true
682 ).Num(11).PushSig(keys.key0).PushRedeem());
683 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
684 "P2SH with unnecessary input", SCRIPT_VERIFY_CLEANSTACK | SCRIPT_VERIFY_P2SH, true
685 ).Num(11).PushSig(keys.key0).PushRedeem().ScriptError(SCRIPT_ERR_CLEANSTACK));
686 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
687 "P2SH with CLEANSTACK", SCRIPT_VERIFY_CLEANSTACK | SCRIPT_VERIFY_P2SH, true
688 ).PushSig(keys.key0).PushRedeem());
689
690 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
691 "Basic P2WSH", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false, WitnessMode::SH,
692 0, 1).PushWitSig(keys.key0).PushWitRedeem());
693 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0),
694 "Basic P2WPKH", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false, WitnessMode::PKH,
695 0, 1).PushWitSig(keys.key0).Push(keys.pubkey0).AsWit());
696 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
697 "Basic P2SH(P2WSH)", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, true, WitnessMode::SH,
698 0, 1).PushWitSig(keys.key0).PushWitRedeem().PushRedeem());
699 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0),
700 "Basic P2SH(P2WPKH)", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, true, WitnessMode::PKH,
701 0, 1).PushWitSig(keys.key0).Push(keys.pubkey0).AsWit().PushRedeem());
702 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG,
703 "Basic P2WSH with the wrong key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false, WitnessMode::SH
704 ).PushWitSig(keys.key0).PushWitRedeem().ScriptError(SCRIPT_ERR_EVAL_FALSE));
705 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1),
706 "Basic P2WPKH with the wrong key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false, WitnessMode::PKH
707 ).PushWitSig(keys.key0).Push(keys.pubkey1).AsWit().ScriptError(SCRIPT_ERR_EVAL_FALSE));
708 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG,
709 "Basic P2SH(P2WSH) with the wrong key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, true, WitnessMode::SH
710 ).PushWitSig(keys.key0).PushWitRedeem().PushRedeem().ScriptError(SCRIPT_ERR_EVAL_FALSE));
711 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1),
712 "Basic P2SH(P2WPKH) with the wrong key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, true, WitnessMode::PKH
713 ).PushWitSig(keys.key0).Push(keys.pubkey1).AsWit().PushRedeem().ScriptError(SCRIPT_ERR_EVAL_FALSE));
714 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG,
715 "Basic P2WSH with the wrong key but no WITNESS", SCRIPT_VERIFY_P2SH, false, WitnessMode::SH
716 ).PushWitSig(keys.key0).PushWitRedeem());
717 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1),
718 "Basic P2WPKH with the wrong key but no WITNESS", SCRIPT_VERIFY_P2SH, false, WitnessMode::PKH
719 ).PushWitSig(keys.key0).Push(keys.pubkey1).AsWit());
720 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG,
721 "Basic P2SH(P2WSH) with the wrong key but no WITNESS", SCRIPT_VERIFY_P2SH, true, WitnessMode::SH
722 ).PushWitSig(keys.key0).PushWitRedeem().PushRedeem());
723 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1),
724 "Basic P2SH(P2WPKH) with the wrong key but no WITNESS", SCRIPT_VERIFY_P2SH, true, WitnessMode::PKH
725 ).PushWitSig(keys.key0).Push(keys.pubkey1).AsWit().PushRedeem());
726 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
727 "Basic P2WSH with wrong value", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false, WitnessMode::SH,
728 0, 0).PushWitSig(keys.key0, 1).PushWitRedeem().ScriptError(SCRIPT_ERR_EVAL_FALSE));
729 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0),
730 "Basic P2WPKH with wrong value", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false, WitnessMode::PKH,
731 0, 0).PushWitSig(keys.key0, 1).Push(keys.pubkey0).AsWit().ScriptError(SCRIPT_ERR_EVAL_FALSE));
732 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
733 "Basic P2SH(P2WSH) with wrong value", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, true, WitnessMode::SH,
734 0, 0).PushWitSig(keys.key0, 1).PushWitRedeem().PushRedeem().ScriptError(SCRIPT_ERR_EVAL_FALSE));
735 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0),
736 "Basic P2SH(P2WPKH) with wrong value", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, true, WitnessMode::PKH,
737 0, 0).PushWitSig(keys.key0, 1).Push(keys.pubkey0).AsWit().PushRedeem().ScriptError(SCRIPT_ERR_EVAL_FALSE));
738
739 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0),
740 "P2WPKH with future witness version", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH |
742 ).PushWitSig(keys.key0).Push(keys.pubkey0).AsWit().ScriptError(SCRIPT_ERR_DISCOURAGE_UPGRADABLE_WITNESS_PROGRAM));
743 {
744 CScript witscript = CScript() << ToByteVector(keys.pubkey0);
745 uint256 hash;
746 CSHA256().Write(witscript.data(), witscript.size()).Finalize(hash.begin());
747 std::vector<unsigned char> hashBytes = ToByteVector(hash);
748 hashBytes.pop_back();
749 tests.push_back(TestBuilder(CScript() << OP_0 << hashBytes,
750 "P2WPKH with wrong witness program length", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false
751 ).PushWitSig(keys.key0).Push(keys.pubkey0).AsWit().ScriptError(SCRIPT_ERR_WITNESS_PROGRAM_WRONG_LENGTH));
752 }
753 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
754 "P2WSH with empty witness", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false, WitnessMode::SH
756 {
757 CScript witscript = CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG;
758 tests.push_back(TestBuilder(witscript,
759 "P2WSH with witness program mismatch", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false, WitnessMode::SH
760 ).PushWitSig(keys.key0).Push(witscript).DamagePush(0).AsWit().ScriptError(SCRIPT_ERR_WITNESS_PROGRAM_MISMATCH));
761 }
762 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0),
763 "P2WPKH with witness program mismatch", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false, WitnessMode::PKH
764 ).PushWitSig(keys.key0).Push(keys.pubkey0).AsWit().Push("0").AsWit().ScriptError(SCRIPT_ERR_WITNESS_PROGRAM_MISMATCH));
765 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0),
766 "P2WPKH with non-empty scriptSig", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false, WitnessMode::PKH
767 ).PushWitSig(keys.key0).Push(keys.pubkey0).AsWit().Num(11).ScriptError(SCRIPT_ERR_WITNESS_MALLEATED));
768 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1),
769 "P2SH(P2WPKH) with superfluous push in scriptSig", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, true, WitnessMode::PKH
770 ).PushWitSig(keys.key0).Push(keys.pubkey1).AsWit().Num(11).PushRedeem().ScriptError(SCRIPT_ERR_WITNESS_MALLEATED_P2SH));
771 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
772 "P2PK with witness", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH
773 ).PushSig(keys.key0).Push("0").AsWit().ScriptError(SCRIPT_ERR_WITNESS_UNEXPECTED));
774
775 // Compressed keys should pass SCRIPT_VERIFY_WITNESS_PUBKEYTYPE
776 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0C) << OP_CHECKSIG,
777 "Basic P2WSH with compressed key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, false, WitnessMode::SH,
778 0, 1).PushWitSig(keys.key0C).PushWitRedeem());
779 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0C),
780 "Basic P2WPKH with compressed key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, false, WitnessMode::PKH,
781 0, 1).PushWitSig(keys.key0C).Push(keys.pubkey0C).AsWit());
782 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0C) << OP_CHECKSIG,
783 "Basic P2SH(P2WSH) with compressed key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, true, WitnessMode::SH,
784 0, 1).PushWitSig(keys.key0C).PushWitRedeem().PushRedeem());
785 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0C),
786 "Basic P2SH(P2WPKH) with compressed key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, true, WitnessMode::PKH,
787 0, 1).PushWitSig(keys.key0C).Push(keys.pubkey0C).AsWit().PushRedeem());
788
789 // Testing uncompressed key in witness with SCRIPT_VERIFY_WITNESS_PUBKEYTYPE
790 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
791 "Basic P2WSH", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, false, WitnessMode::SH,
792 0, 1).PushWitSig(keys.key0).PushWitRedeem().ScriptError(SCRIPT_ERR_WITNESS_PUBKEYTYPE));
793 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0),
794 "Basic P2WPKH", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, false, WitnessMode::PKH,
795 0, 1).PushWitSig(keys.key0).Push(keys.pubkey0).AsWit().ScriptError(SCRIPT_ERR_WITNESS_PUBKEYTYPE));
796 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
797 "Basic P2SH(P2WSH)", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, true, WitnessMode::SH,
798 0, 1).PushWitSig(keys.key0).PushWitRedeem().PushRedeem().ScriptError(SCRIPT_ERR_WITNESS_PUBKEYTYPE));
799 tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0),
800 "Basic P2SH(P2WPKH)", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, true, WitnessMode::PKH,
801 0, 1).PushWitSig(keys.key0).Push(keys.pubkey0).AsWit().PushRedeem().ScriptError(SCRIPT_ERR_WITNESS_PUBKEYTYPE));
802
803 // P2WSH 1-of-2 multisig with compressed keys
804 tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey0C) << OP_2 << OP_CHECKMULTISIG,
805 "P2WSH CHECKMULTISIG with compressed keys", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, false, WitnessMode::SH,
806 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key0C).PushWitRedeem());
807 tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey0C) << OP_2 << OP_CHECKMULTISIG,
808 "P2SH(P2WSH) CHECKMULTISIG with compressed keys", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, true, WitnessMode::SH,
809 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key0C).PushWitRedeem().PushRedeem());
810 tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey0C) << OP_2 << OP_CHECKMULTISIG,
811 "P2WSH CHECKMULTISIG with compressed keys", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, false, WitnessMode::SH,
812 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key1C).PushWitRedeem());
813 tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey0C) << OP_2 << OP_CHECKMULTISIG,
814 "P2SH(P2WSH) CHECKMULTISIG with compressed keys", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, true, WitnessMode::SH,
815 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key1C).PushWitRedeem().PushRedeem());
816
817 // P2WSH 1-of-2 multisig with first key uncompressed
818 tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey0) << OP_2 << OP_CHECKMULTISIG,
819 "P2WSH CHECKMULTISIG with first key uncompressed and signing with the first key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false, WitnessMode::SH,
820 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key0).PushWitRedeem());
821 tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey0) << OP_2 << OP_CHECKMULTISIG,
822 "P2SH(P2WSH) CHECKMULTISIG first key uncompressed and signing with the first key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, true, WitnessMode::SH,
823 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key0).PushWitRedeem().PushRedeem());
824 tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey0) << OP_2 << OP_CHECKMULTISIG,
825 "P2WSH CHECKMULTISIG with first key uncompressed and signing with the first key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, false, WitnessMode::SH,
826 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key0).PushWitRedeem().ScriptError(SCRIPT_ERR_WITNESS_PUBKEYTYPE));
827 tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey0) << OP_2 << OP_CHECKMULTISIG,
828 "P2SH(P2WSH) CHECKMULTISIG with first key uncompressed and signing with the first key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, true, WitnessMode::SH,
829 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key0).PushWitRedeem().PushRedeem().ScriptError(SCRIPT_ERR_WITNESS_PUBKEYTYPE));
830 tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey0) << OP_2 << OP_CHECKMULTISIG,
831 "P2WSH CHECKMULTISIG with first key uncompressed and signing with the second key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false, WitnessMode::SH,
832 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key1C).PushWitRedeem());
833 tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey0) << OP_2 << OP_CHECKMULTISIG,
834 "P2SH(P2WSH) CHECKMULTISIG with first key uncompressed and signing with the second key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, true, WitnessMode::SH,
835 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key1C).PushWitRedeem().PushRedeem());
836 tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey0) << OP_2 << OP_CHECKMULTISIG,
837 "P2WSH CHECKMULTISIG with first key uncompressed and signing with the second key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, false, WitnessMode::SH,
838 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key1C).PushWitRedeem().ScriptError(SCRIPT_ERR_WITNESS_PUBKEYTYPE));
839 tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey0) << OP_2 << OP_CHECKMULTISIG,
840 "P2SH(P2WSH) CHECKMULTISIG with first key uncompressed and signing with the second key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, true, WitnessMode::SH,
841 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key1C).PushWitRedeem().PushRedeem().ScriptError(SCRIPT_ERR_WITNESS_PUBKEYTYPE));
842 // P2WSH 1-of-2 multisig with second key uncompressed
843 tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1) << ToByteVector(keys.pubkey0C) << OP_2 << OP_CHECKMULTISIG,
844 "P2WSH CHECKMULTISIG with second key uncompressed and signing with the first key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false, WitnessMode::SH,
845 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key0C).PushWitRedeem());
846 tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1) << ToByteVector(keys.pubkey0C) << OP_2 << OP_CHECKMULTISIG,
847 "P2SH(P2WSH) CHECKMULTISIG second key uncompressed and signing with the first key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, true, WitnessMode::SH,
848 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key0C).PushWitRedeem().PushRedeem());
849 tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1) << ToByteVector(keys.pubkey0C) << OP_2 << OP_CHECKMULTISIG,
850 "P2WSH CHECKMULTISIG with second key uncompressed and signing with the first key should pass as the uncompressed key is not used", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, false, WitnessMode::SH,
851 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key0C).PushWitRedeem());
852 tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1) << ToByteVector(keys.pubkey0C) << OP_2 << OP_CHECKMULTISIG,
853 "P2SH(P2WSH) CHECKMULTISIG with second key uncompressed and signing with the first key should pass as the uncompressed key is not used", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, true, WitnessMode::SH,
854 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key0C).PushWitRedeem().PushRedeem());
855 tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1) << ToByteVector(keys.pubkey0C) << OP_2 << OP_CHECKMULTISIG,
856 "P2WSH CHECKMULTISIG with second key uncompressed and signing with the second key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false, WitnessMode::SH,
857 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key1).PushWitRedeem());
858 tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1) << ToByteVector(keys.pubkey0C) << OP_2 << OP_CHECKMULTISIG,
859 "P2SH(P2WSH) CHECKMULTISIG with second key uncompressed and signing with the second key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, true, WitnessMode::SH,
860 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key1).PushWitRedeem().PushRedeem());
861 tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1) << ToByteVector(keys.pubkey0C) << OP_2 << OP_CHECKMULTISIG,
862 "P2WSH CHECKMULTISIG with second key uncompressed and signing with the second key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, false, WitnessMode::SH,
863 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key1).PushWitRedeem().ScriptError(SCRIPT_ERR_WITNESS_PUBKEYTYPE));
864 tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1) << ToByteVector(keys.pubkey0C) << OP_2 << OP_CHECKMULTISIG,
865 "P2SH(P2WSH) CHECKMULTISIG with second key uncompressed and signing with the second key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, true, WitnessMode::SH,
866 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key1).PushWitRedeem().PushRedeem().ScriptError(SCRIPT_ERR_WITNESS_PUBKEYTYPE));
867
868 std::set<std::string> tests_set;
869
870 {
871 UniValue json_tests = read_json(json_tests::script_tests);
872
873 for (unsigned int idx = 0; idx < json_tests.size(); idx++) {
874 const UniValue& tv = json_tests[idx];
875 tests_set.insert(JSONPrettyPrint(tv.get_array()));
876 }
877 }
878
879#ifdef UPDATE_JSON_TESTS
880 std::string strGen;
881#endif
882 for (TestBuilder& test : tests) {
883 test.Test(*this);
884 std::string str = JSONPrettyPrint(test.GetJSON());
885#ifdef UPDATE_JSON_TESTS
886 strGen += str + ",\n";
887#else
888 if (tests_set.count(str) == 0) {
889 BOOST_CHECK_MESSAGE(false, "Missing auto script_valid test: " + test.GetComment());
890 }
891#endif
892 }
893
894#ifdef UPDATE_JSON_TESTS
895 FILE* file = fsbridge::fopen("script_tests.json.gen", "w");
896 fputs(strGen.c_str(), file);
897 fclose(file);
898#endif
899}
900
901BOOST_AUTO_TEST_CASE(script_json_test)
902{
903 // Read tests from test/data/script_tests.json
904 // Format is an array of arrays
905 // Inner arrays are [ ["wit"..., nValue]?, "scriptSig", "scriptPubKey", "flags", "expected_scripterror" ]
906 // ... where scriptSig and scriptPubKey are stringified
907 // scripts.
908 // If a witness is given, then the last value in the array should be the
909 // amount (nValue) to use in the crediting tx
910 UniValue tests = read_json(json_tests::script_tests);
911
912 const KeyData keys;
913 for (unsigned int idx = 0; idx < tests.size(); idx++) {
914 const UniValue& test = tests[idx];
915 std::string strTest = test.write();
916 CScriptWitness witness;
917 TaprootBuilder taprootBuilder;
918 CAmount nValue = 0;
919 unsigned int pos = 0;
920 if (test.size() > 0 && test[pos].isArray()) {
921 unsigned int i=0;
922 for (i = 0; i < test[pos].size()-1; i++) {
923 auto element = test[pos][i].get_str();
924 // We use #SCRIPT# to flag a non-hex script that we can read using ParseScript
925 // Taproot script must be third from the last element in witness stack
926 static const std::string SCRIPT_FLAG{"#SCRIPT#"};
927 if (element.starts_with(SCRIPT_FLAG)) {
928 CScript script = ParseScript(element.substr(SCRIPT_FLAG.size()));
929 witness.stack.push_back(ToByteVector(script));
930 } else if (element == "#CONTROLBLOCK#") {
931 // Taproot script control block - second from the last element in witness stack
932 // If #CONTROLBLOCK# we auto-generate the control block
933 taprootBuilder.Add(/*depth=*/0, witness.stack.back(), TAPROOT_LEAF_TAPSCRIPT, /*track=*/true);
934 taprootBuilder.Finalize(XOnlyPubKey(keys.key0.GetPubKey()));
935 auto controlblocks = taprootBuilder.GetSpendData().scripts[{witness.stack.back(), TAPROOT_LEAF_TAPSCRIPT}];
936 witness.stack.push_back(*(controlblocks.begin()));
937 } else {
938 const auto witness_value{TryParseHex<unsigned char>(element)};
939 if (!witness_value.has_value()) {
940 BOOST_ERROR("Bad witness in test: " << strTest << " witness is not hex: " << element);
941 }
942 witness.stack.push_back(witness_value.value());
943 }
944 }
945 nValue = AmountFromValue(test[pos][i]);
946 pos++;
947 }
948 if (test.size() < 4 + pos) // Allow size > 3; extra stuff ignored (useful for comments)
949 {
950 if (test.size() != 1) {
951 BOOST_ERROR("Bad test: " << strTest);
952 }
953 continue;
954 }
955 std::string scriptSigString = test[pos++].get_str();
956 CScript scriptSig = ParseScript(scriptSigString);
957 std::string scriptPubKeyString = test[pos++].get_str();
958 CScript scriptPubKey;
959 // If requested, auto-generate the taproot output
960 if (scriptPubKeyString == "0x51 0x20 #TAPROOTOUTPUT#") {
961 BOOST_CHECK_MESSAGE(taprootBuilder.IsComplete(), "Failed to autogenerate Tapscript output key");
962 scriptPubKey = CScript() << OP_1 << ToByteVector(taprootBuilder.GetOutput());
963 } else {
964 scriptPubKey = ParseScript(scriptPubKeyString);
965 }
966 unsigned int scriptflags = ParseScriptFlags(test[pos++].get_str());
967 int scriptError = ParseScriptError(test[pos++].get_str());
968
969 DoTest(scriptPubKey, scriptSig, witness, scriptflags, strTest, scriptError, nValue);
970 }
971}
972
973BOOST_AUTO_TEST_CASE(script_PushData)
974{
975 // Check that PUSHDATA1, PUSHDATA2, and PUSHDATA4 create the same value on
976 // the stack as the 1-75 opcodes do.
977 static const unsigned char direct[] = { 1, 0x5a };
978 static const unsigned char pushdata1[] = { OP_PUSHDATA1, 1, 0x5a };
979 static const unsigned char pushdata2[] = { OP_PUSHDATA2, 1, 0, 0x5a };
980 static const unsigned char pushdata4[] = { OP_PUSHDATA4, 1, 0, 0, 0, 0x5a };
981
982 ScriptError err;
983 std::vector<std::vector<unsigned char> > directStack;
984 BOOST_CHECK(EvalScript(directStack, CScript(direct, direct + sizeof(direct)), SCRIPT_VERIFY_P2SH, BaseSignatureChecker(), SigVersion::BASE, &err));
985 BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
986
987 std::vector<std::vector<unsigned char> > pushdata1Stack;
988 BOOST_CHECK(EvalScript(pushdata1Stack, CScript(pushdata1, pushdata1 + sizeof(pushdata1)), SCRIPT_VERIFY_P2SH, BaseSignatureChecker(), SigVersion::BASE, &err));
989 BOOST_CHECK(pushdata1Stack == directStack);
990 BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
991
992 std::vector<std::vector<unsigned char> > pushdata2Stack;
993 BOOST_CHECK(EvalScript(pushdata2Stack, CScript(pushdata2, pushdata2 + sizeof(pushdata2)), SCRIPT_VERIFY_P2SH, BaseSignatureChecker(), SigVersion::BASE, &err));
994 BOOST_CHECK(pushdata2Stack == directStack);
995 BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
996
997 std::vector<std::vector<unsigned char> > pushdata4Stack;
998 BOOST_CHECK(EvalScript(pushdata4Stack, CScript(pushdata4, pushdata4 + sizeof(pushdata4)), SCRIPT_VERIFY_P2SH, BaseSignatureChecker(), SigVersion::BASE, &err));
999 BOOST_CHECK(pushdata4Stack == directStack);
1000 BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
1001
1002 const std::vector<unsigned char> pushdata1_trunc{OP_PUSHDATA1, 1};
1003 const std::vector<unsigned char> pushdata2_trunc{OP_PUSHDATA2, 1, 0};
1004 const std::vector<unsigned char> pushdata4_trunc{OP_PUSHDATA4, 1, 0, 0, 0};
1005
1006 std::vector<std::vector<unsigned char>> stack_ignore;
1007 BOOST_CHECK(!EvalScript(stack_ignore, CScript(pushdata1_trunc.begin(), pushdata1_trunc.end()), SCRIPT_VERIFY_P2SH, BaseSignatureChecker(), SigVersion::BASE, &err));
1009 BOOST_CHECK(!EvalScript(stack_ignore, CScript(pushdata2_trunc.begin(), pushdata2_trunc.end()), SCRIPT_VERIFY_P2SH, BaseSignatureChecker(), SigVersion::BASE, &err));
1011 BOOST_CHECK(!EvalScript(stack_ignore, CScript(pushdata4_trunc.begin(), pushdata4_trunc.end()), SCRIPT_VERIFY_P2SH, BaseSignatureChecker(), SigVersion::BASE, &err));
1013}
1014
1015BOOST_AUTO_TEST_CASE(script_cltv_truncated)
1016{
1017 const auto script_cltv_trunc = CScript() << OP_CHECKLOCKTIMEVERIFY;
1018
1019 std::vector<std::vector<unsigned char>> stack_ignore;
1020 ScriptError err;
1023}
1024
1025static CScript
1026sign_multisig(const CScript& scriptPubKey, const std::vector<CKey>& keys, const CTransaction& transaction)
1027{
1028 uint256 hash = SignatureHash(scriptPubKey, transaction, 0, SIGHASH_ALL, 0, SigVersion::BASE);
1029
1030 CScript result;
1031 //
1032 // NOTE: CHECKMULTISIG has an unfortunate bug; it requires
1033 // one extra item on the stack, before the signatures.
1034 // Putting OP_0 on the stack is the workaround;
1035 // fixing the bug would mean splitting the block chain (old
1036 // clients would not accept new CHECKMULTISIG transactions,
1037 // and vice-versa)
1038 //
1039 result << OP_0;
1040 for (const CKey &key : keys)
1041 {
1042 std::vector<unsigned char> vchSig;
1043 BOOST_CHECK(key.Sign(hash, vchSig));
1044 vchSig.push_back((unsigned char)SIGHASH_ALL);
1045 result << vchSig;
1046 }
1047 return result;
1048}
1049static CScript
1050sign_multisig(const CScript& scriptPubKey, const CKey& key, const CTransaction& transaction)
1051{
1052 std::vector<CKey> keys;
1053 keys.push_back(key);
1054 return sign_multisig(scriptPubKey, keys, transaction);
1055}
1056
1057BOOST_AUTO_TEST_CASE(script_CHECKMULTISIG12)
1058{
1059 ScriptError err;
1060 CKey key1 = GenerateRandomKey();
1061 CKey key2 = GenerateRandomKey(/*compressed=*/false);
1062 CKey key3 = GenerateRandomKey();
1063
1064 CScript scriptPubKey12;
1065 scriptPubKey12 << OP_1 << ToByteVector(key1.GetPubKey()) << ToByteVector(key2.GetPubKey()) << OP_2 << OP_CHECKMULTISIG;
1066
1067 const CTransaction txFrom12{BuildCreditingTransaction(scriptPubKey12)};
1069
1070 CScript goodsig1 = sign_multisig(scriptPubKey12, key1, CTransaction(txTo12));
1071 BOOST_CHECK(VerifyScript(goodsig1, scriptPubKey12, nullptr, gFlags, MutableTransactionSignatureChecker(&txTo12, 0, txFrom12.vout[0].nValue, MissingDataBehavior::ASSERT_FAIL), &err));
1072 BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
1073 txTo12.vout[0].nValue = 2;
1074 BOOST_CHECK(!VerifyScript(goodsig1, scriptPubKey12, nullptr, gFlags, MutableTransactionSignatureChecker(&txTo12, 0, txFrom12.vout[0].nValue, MissingDataBehavior::ASSERT_FAIL), &err));
1075 BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_EVAL_FALSE, ScriptErrorString(err));
1076
1077 CScript goodsig2 = sign_multisig(scriptPubKey12, key2, CTransaction(txTo12));
1078 BOOST_CHECK(VerifyScript(goodsig2, scriptPubKey12, nullptr, gFlags, MutableTransactionSignatureChecker(&txTo12, 0, txFrom12.vout[0].nValue, MissingDataBehavior::ASSERT_FAIL), &err));
1079 BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
1080
1081 CScript badsig1 = sign_multisig(scriptPubKey12, key3, CTransaction(txTo12));
1082 BOOST_CHECK(!VerifyScript(badsig1, scriptPubKey12, nullptr, gFlags, MutableTransactionSignatureChecker(&txTo12, 0, txFrom12.vout[0].nValue, MissingDataBehavior::ASSERT_FAIL), &err));
1083 BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_EVAL_FALSE, ScriptErrorString(err));
1084}
1085
1086BOOST_AUTO_TEST_CASE(script_CHECKMULTISIG23)
1087{
1088 ScriptError err;
1089 CKey key1 = GenerateRandomKey();
1090 CKey key2 = GenerateRandomKey(/*compressed=*/false);
1091 CKey key3 = GenerateRandomKey();
1092 CKey key4 = GenerateRandomKey(/*compressed=*/false);
1093
1094 CScript scriptPubKey23;
1095 scriptPubKey23 << OP_2 << ToByteVector(key1.GetPubKey()) << ToByteVector(key2.GetPubKey()) << ToByteVector(key3.GetPubKey()) << OP_3 << OP_CHECKMULTISIG;
1096
1097 const CTransaction txFrom23{BuildCreditingTransaction(scriptPubKey23)};
1099
1100 std::vector<CKey> keys;
1101 keys.push_back(key1); keys.push_back(key2);
1102 CScript goodsig1 = sign_multisig(scriptPubKey23, keys, CTransaction(txTo23));
1103 BOOST_CHECK(VerifyScript(goodsig1, scriptPubKey23, nullptr, gFlags, MutableTransactionSignatureChecker(&txTo23, 0, txFrom23.vout[0].nValue, MissingDataBehavior::ASSERT_FAIL), &err));
1104 BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
1105
1106 keys.clear();
1107 keys.push_back(key1); keys.push_back(key3);
1108 CScript goodsig2 = sign_multisig(scriptPubKey23, keys, CTransaction(txTo23));
1109 BOOST_CHECK(VerifyScript(goodsig2, scriptPubKey23, nullptr, gFlags, MutableTransactionSignatureChecker(&txTo23, 0, txFrom23.vout[0].nValue, MissingDataBehavior::ASSERT_FAIL), &err));
1110 BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
1111
1112 keys.clear();
1113 keys.push_back(key2); keys.push_back(key3);
1114 CScript goodsig3 = sign_multisig(scriptPubKey23, keys, CTransaction(txTo23));
1115 BOOST_CHECK(VerifyScript(goodsig3, scriptPubKey23, nullptr, gFlags, MutableTransactionSignatureChecker(&txTo23, 0, txFrom23.vout[0].nValue, MissingDataBehavior::ASSERT_FAIL), &err));
1116 BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
1117
1118 keys.clear();
1119 keys.push_back(key2); keys.push_back(key2); // Can't reuse sig
1120 CScript badsig1 = sign_multisig(scriptPubKey23, keys, CTransaction(txTo23));
1121 BOOST_CHECK(!VerifyScript(badsig1, scriptPubKey23, nullptr, gFlags, MutableTransactionSignatureChecker(&txTo23, 0, txFrom23.vout[0].nValue, MissingDataBehavior::ASSERT_FAIL), &err));
1122 BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_EVAL_FALSE, ScriptErrorString(err));
1123
1124 keys.clear();
1125 keys.push_back(key2); keys.push_back(key1); // sigs must be in correct order
1126 CScript badsig2 = sign_multisig(scriptPubKey23, keys, CTransaction(txTo23));
1127 BOOST_CHECK(!VerifyScript(badsig2, scriptPubKey23, nullptr, gFlags, MutableTransactionSignatureChecker(&txTo23, 0, txFrom23.vout[0].nValue, MissingDataBehavior::ASSERT_FAIL), &err));
1128 BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_EVAL_FALSE, ScriptErrorString(err));
1129
1130 keys.clear();
1131 keys.push_back(key3); keys.push_back(key2); // sigs must be in correct order
1132 CScript badsig3 = sign_multisig(scriptPubKey23, keys, CTransaction(txTo23));
1133 BOOST_CHECK(!VerifyScript(badsig3, scriptPubKey23, nullptr, gFlags, MutableTransactionSignatureChecker(&txTo23, 0, txFrom23.vout[0].nValue, MissingDataBehavior::ASSERT_FAIL), &err));
1134 BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_EVAL_FALSE, ScriptErrorString(err));
1135
1136 keys.clear();
1137 keys.push_back(key4); keys.push_back(key2); // sigs must match pubkeys
1138 CScript badsig4 = sign_multisig(scriptPubKey23, keys, CTransaction(txTo23));
1139 BOOST_CHECK(!VerifyScript(badsig4, scriptPubKey23, nullptr, gFlags, MutableTransactionSignatureChecker(&txTo23, 0, txFrom23.vout[0].nValue, MissingDataBehavior::ASSERT_FAIL), &err));
1140 BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_EVAL_FALSE, ScriptErrorString(err));
1141
1142 keys.clear();
1143 keys.push_back(key1); keys.push_back(key4); // sigs must match pubkeys
1144 CScript badsig5 = sign_multisig(scriptPubKey23, keys, CTransaction(txTo23));
1145 BOOST_CHECK(!VerifyScript(badsig5, scriptPubKey23, nullptr, gFlags, MutableTransactionSignatureChecker(&txTo23, 0, txFrom23.vout[0].nValue, MissingDataBehavior::ASSERT_FAIL), &err));
1146 BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_EVAL_FALSE, ScriptErrorString(err));
1147
1148 keys.clear(); // Must have signatures
1149 CScript badsig6 = sign_multisig(scriptPubKey23, keys, CTransaction(txTo23));
1150 BOOST_CHECK(!VerifyScript(badsig6, scriptPubKey23, nullptr, gFlags, MutableTransactionSignatureChecker(&txTo23, 0, txFrom23.vout[0].nValue, MissingDataBehavior::ASSERT_FAIL), &err));
1151 BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_INVALID_STACK_OPERATION, ScriptErrorString(err));
1152}
1153
1154/* Wrapper around ProduceSignature to combine two scriptsigs */
1155SignatureData CombineSignatures(const CTxOut& txout, const CMutableTransaction& tx, const SignatureData& scriptSig1, const SignatureData& scriptSig2)
1156{
1158 data.MergeSignatureData(scriptSig1);
1159 data.MergeSignatureData(scriptSig2);
1161 return data;
1162}
1163
1164BOOST_AUTO_TEST_CASE(script_combineSigs)
1165{
1166 // Test the ProduceSignature's ability to combine signatures function
1167 FillableSigningProvider keystore;
1168 std::vector<CKey> keys;
1169 std::vector<CPubKey> pubkeys;
1170 for (int i = 0; i < 3; i++)
1171 {
1172 CKey key = GenerateRandomKey(/*compressed=*/i%2 == 1);
1173 keys.push_back(key);
1174 pubkeys.push_back(key.GetPubKey());
1175 BOOST_CHECK(keystore.AddKey(key));
1176 }
1177
1180 CScript& scriptPubKey = txFrom.vout[0].scriptPubKey;
1181 SignatureData scriptSig;
1182
1183 SignatureData empty;
1184 SignatureData combined = CombineSignatures(txFrom.vout[0], txTo, empty, empty);
1185 BOOST_CHECK(combined.scriptSig.empty());
1186
1187 // Single signature case:
1188 SignatureData dummy;
1189 BOOST_CHECK(SignSignature(keystore, CTransaction(txFrom), txTo, 0, SIGHASH_ALL, dummy)); // changes scriptSig
1190 scriptSig = DataFromTransaction(txTo, 0, txFrom.vout[0]);
1191 combined = CombineSignatures(txFrom.vout[0], txTo, scriptSig, empty);
1192 BOOST_CHECK(combined.scriptSig == scriptSig.scriptSig);
1193 combined = CombineSignatures(txFrom.vout[0], txTo, empty, scriptSig);
1194 BOOST_CHECK(combined.scriptSig == scriptSig.scriptSig);
1195 SignatureData scriptSigCopy = scriptSig;
1196 // Signing again will give a different, valid signature:
1197 SignatureData dummy_b;
1198 BOOST_CHECK(SignSignature(keystore, CTransaction(txFrom), txTo, 0, SIGHASH_ALL, dummy_b));
1199 scriptSig = DataFromTransaction(txTo, 0, txFrom.vout[0]);
1200 combined = CombineSignatures(txFrom.vout[0], txTo, scriptSigCopy, scriptSig);
1201 BOOST_CHECK(combined.scriptSig == scriptSigCopy.scriptSig || combined.scriptSig == scriptSig.scriptSig);
1202
1203 // P2SH, single-signature case:
1204 CScript pkSingle; pkSingle << ToByteVector(keys[0].GetPubKey()) << OP_CHECKSIG;
1205 BOOST_CHECK(keystore.AddCScript(pkSingle));
1206 scriptPubKey = GetScriptForDestination(ScriptHash(pkSingle));
1207 SignatureData dummy_c;
1208 BOOST_CHECK(SignSignature(keystore, CTransaction(txFrom), txTo, 0, SIGHASH_ALL, dummy_c));
1209 scriptSig = DataFromTransaction(txTo, 0, txFrom.vout[0]);
1210 combined = CombineSignatures(txFrom.vout[0], txTo, scriptSig, empty);
1211 BOOST_CHECK(combined.scriptSig == scriptSig.scriptSig);
1212 combined = CombineSignatures(txFrom.vout[0], txTo, empty, scriptSig);
1213 BOOST_CHECK(combined.scriptSig == scriptSig.scriptSig);
1214 scriptSigCopy = scriptSig;
1215 SignatureData dummy_d;
1216 BOOST_CHECK(SignSignature(keystore, CTransaction(txFrom), txTo, 0, SIGHASH_ALL, dummy_d));
1217 scriptSig = DataFromTransaction(txTo, 0, txFrom.vout[0]);
1218 combined = CombineSignatures(txFrom.vout[0], txTo, scriptSigCopy, scriptSig);
1219 BOOST_CHECK(combined.scriptSig == scriptSigCopy.scriptSig || combined.scriptSig == scriptSig.scriptSig);
1220
1221 // Hardest case: Multisig 2-of-3
1222 scriptPubKey = GetScriptForMultisig(2, pubkeys);
1223 BOOST_CHECK(keystore.AddCScript(scriptPubKey));
1224 SignatureData dummy_e;
1225 BOOST_CHECK(SignSignature(keystore, CTransaction(txFrom), txTo, 0, SIGHASH_ALL, dummy_e));
1226 scriptSig = DataFromTransaction(txTo, 0, txFrom.vout[0]);
1227 combined = CombineSignatures(txFrom.vout[0], txTo, scriptSig, empty);
1228 BOOST_CHECK(combined.scriptSig == scriptSig.scriptSig);
1229 combined = CombineSignatures(txFrom.vout[0], txTo, empty, scriptSig);
1230 BOOST_CHECK(combined.scriptSig == scriptSig.scriptSig);
1231
1232 // A couple of partially-signed versions:
1233 std::vector<unsigned char> sig1;
1234 uint256 hash1 = SignatureHash(scriptPubKey, txTo, 0, SIGHASH_ALL, 0, SigVersion::BASE);
1235 BOOST_CHECK(keys[0].Sign(hash1, sig1));
1236 sig1.push_back(SIGHASH_ALL);
1237 std::vector<unsigned char> sig2;
1238 uint256 hash2 = SignatureHash(scriptPubKey, txTo, 0, SIGHASH_NONE, 0, SigVersion::BASE);
1239 BOOST_CHECK(keys[1].Sign(hash2, sig2));
1240 sig2.push_back(SIGHASH_NONE);
1241 std::vector<unsigned char> sig3;
1242 uint256 hash3 = SignatureHash(scriptPubKey, txTo, 0, SIGHASH_SINGLE, 0, SigVersion::BASE);
1243 BOOST_CHECK(keys[2].Sign(hash3, sig3));
1244 sig3.push_back(SIGHASH_SINGLE);
1245
1246 // Not fussy about order (or even existence) of placeholders or signatures:
1247 CScript partial1a = CScript() << OP_0 << sig1 << OP_0;
1248 CScript partial1b = CScript() << OP_0 << OP_0 << sig1;
1249 CScript partial2a = CScript() << OP_0 << sig2;
1250 CScript partial2b = CScript() << sig2 << OP_0;
1251 CScript partial3a = CScript() << sig3;
1252 CScript partial3b = CScript() << OP_0 << OP_0 << sig3;
1253 CScript partial3c = CScript() << OP_0 << sig3 << OP_0;
1254 CScript complete12 = CScript() << OP_0 << sig1 << sig2;
1255 CScript complete13 = CScript() << OP_0 << sig1 << sig3;
1256 CScript complete23 = CScript() << OP_0 << sig2 << sig3;
1257 SignatureData partial1_sigs;
1258 partial1_sigs.signatures.emplace(keys[0].GetPubKey().GetID(), SigPair(keys[0].GetPubKey(), sig1));
1259 SignatureData partial2_sigs;
1260 partial2_sigs.signatures.emplace(keys[1].GetPubKey().GetID(), SigPair(keys[1].GetPubKey(), sig2));
1261 SignatureData partial3_sigs;
1262 partial3_sigs.signatures.emplace(keys[2].GetPubKey().GetID(), SigPair(keys[2].GetPubKey(), sig3));
1263
1264 combined = CombineSignatures(txFrom.vout[0], txTo, partial1_sigs, partial1_sigs);
1265 BOOST_CHECK(combined.scriptSig == partial1a);
1266 combined = CombineSignatures(txFrom.vout[0], txTo, partial1_sigs, partial2_sigs);
1267 BOOST_CHECK(combined.scriptSig == complete12);
1268 combined = CombineSignatures(txFrom.vout[0], txTo, partial2_sigs, partial1_sigs);
1269 BOOST_CHECK(combined.scriptSig == complete12);
1270 combined = CombineSignatures(txFrom.vout[0], txTo, partial1_sigs, partial2_sigs);
1271 BOOST_CHECK(combined.scriptSig == complete12);
1272 combined = CombineSignatures(txFrom.vout[0], txTo, partial3_sigs, partial1_sigs);
1273 BOOST_CHECK(combined.scriptSig == complete13);
1274 combined = CombineSignatures(txFrom.vout[0], txTo, partial2_sigs, partial3_sigs);
1275 BOOST_CHECK(combined.scriptSig == complete23);
1276 combined = CombineSignatures(txFrom.vout[0], txTo, partial3_sigs, partial2_sigs);
1277 BOOST_CHECK(combined.scriptSig == complete23);
1278 combined = CombineSignatures(txFrom.vout[0], txTo, partial3_sigs, partial3_sigs);
1279 BOOST_CHECK(combined.scriptSig == partial3c);
1280}
1281
1285BOOST_AUTO_TEST_CASE(sign_invalid_miniscript)
1286{
1287 FillableSigningProvider keystore;
1288 SignatureData sig_data;
1289 CMutableTransaction prev, curr;
1290
1291 // Create a Taproot output which contains a leaf in which a non-32 bytes push is used where a public key is expected
1292 // by the Miniscript parser. This offending Script was found by the RPC fuzzer.
1293 const auto invalid_pubkey{"173d36c8c9c9c9ffffffffffff0200000000021e1e37373721361818181818181e1e1e1e19000000000000000000b19292929292926b006c9b9b9292"_hex_u8};
1294 TaprootBuilder builder;
1295 builder.Add(0, {invalid_pubkey}, 0xc0);
1297 prev.vout.emplace_back(0, GetScriptForDestination(builder.GetOutput()));
1298 curr.vin.emplace_back(COutPoint{prev.GetHash(), 0});
1299 sig_data.tr_spenddata = builder.GetSpendData();
1300
1301 // SignSignature can fail but it shouldn't raise an exception (nor crash).
1302 BOOST_CHECK(!SignSignature(keystore, CTransaction(prev), curr, 0, SIGHASH_ALL, sig_data));
1303}
1304
1305/* P2A input should be considered signed. */
1306BOOST_AUTO_TEST_CASE(sign_paytoanchor)
1307{
1308 FillableSigningProvider keystore;
1309 SignatureData sig_data;
1310 CMutableTransaction prev, curr;
1311 prev.vout.emplace_back(0, GetScriptForDestination(PayToAnchor{}));
1312
1313 curr.vin.emplace_back(COutPoint{prev.GetHash(), 0});
1314
1315 BOOST_CHECK(SignSignature(keystore, CTransaction(prev), curr, 0, SIGHASH_ALL, sig_data));
1316}
1317
1318BOOST_AUTO_TEST_CASE(script_standard_push)
1319{
1320 ScriptError err;
1321 for (int i=0; i<67000; i++) {
1323 script << i;
1324 BOOST_CHECK_MESSAGE(script.IsPushOnly(), "Number " << i << " is not pure push.");
1325 BOOST_CHECK_MESSAGE(VerifyScript(script, CScript() << OP_1, nullptr, SCRIPT_VERIFY_MINIMALDATA, BaseSignatureChecker(), &err), "Number " << i << " push is not minimal data.");
1326 BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
1327 }
1328
1329 for (unsigned int i=0; i<=MAX_SCRIPT_ELEMENT_SIZE; i++) {
1330 std::vector<unsigned char> data(i, '\111');
1332 script << data;
1333 BOOST_CHECK_MESSAGE(script.IsPushOnly(), "Length " << i << " is not pure push.");
1334 BOOST_CHECK_MESSAGE(VerifyScript(script, CScript() << OP_1, nullptr, SCRIPT_VERIFY_MINIMALDATA, BaseSignatureChecker(), &err), "Length " << i << " push is not minimal data.");
1335 BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
1336 }
1337}
1338
1339BOOST_AUTO_TEST_CASE(script_IsPushOnly_on_invalid_scripts)
1340{
1341 // IsPushOnly returns false when given a script containing only pushes that
1342 // are invalid due to truncation. IsPushOnly() is consensus critical
1343 // because P2SH evaluation uses it, although this specific behavior should
1344 // not be consensus critical as the P2SH evaluation would fail first due to
1345 // the invalid push. Still, it doesn't hurt to test it explicitly.
1346 static const unsigned char direct[] = { 1 };
1347 BOOST_CHECK(!CScript(direct, direct+sizeof(direct)).IsPushOnly());
1348}
1349
1350BOOST_AUTO_TEST_CASE(script_GetScriptAsm)
1351{
1352 BOOST_CHECK_EQUAL("OP_CHECKLOCKTIMEVERIFY", ScriptToAsmStr(CScript() << OP_NOP2, true));
1353 BOOST_CHECK_EQUAL("OP_CHECKLOCKTIMEVERIFY", ScriptToAsmStr(CScript() << OP_CHECKLOCKTIMEVERIFY, true));
1354 BOOST_CHECK_EQUAL("OP_CHECKLOCKTIMEVERIFY", ScriptToAsmStr(CScript() << OP_NOP2));
1355 BOOST_CHECK_EQUAL("OP_CHECKLOCKTIMEVERIFY", ScriptToAsmStr(CScript() << OP_CHECKLOCKTIMEVERIFY));
1356
1357 std::string derSig("304502207fa7a6d1e0ee81132a269ad84e68d695483745cde8b541e3bf630749894e342a022100c1f7ab20e13e22fb95281a870f3dcf38d782e53023ee313d741ad0cfbc0c5090");
1358 std::string pubKey("03b0da749730dc9b4b1f4a14d6902877a92541f5368778853d9c4a0cb7802dcfb2");
1359 std::vector<unsigned char> vchPubKey = ToByteVector(ParseHex(pubKey));
1360
1361 BOOST_CHECK_EQUAL(derSig + "00 " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "00")) << vchPubKey, true));
1362 BOOST_CHECK_EQUAL(derSig + "80 " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "80")) << vchPubKey, true));
1363 BOOST_CHECK_EQUAL(derSig + "[ALL] " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "01")) << vchPubKey, true));
1364 BOOST_CHECK_EQUAL(derSig + "[NONE] " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "02")) << vchPubKey, true));
1365 BOOST_CHECK_EQUAL(derSig + "[SINGLE] " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "03")) << vchPubKey, true));
1366 BOOST_CHECK_EQUAL(derSig + "[ALL|ANYONECANPAY] " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "81")) << vchPubKey, true));
1367 BOOST_CHECK_EQUAL(derSig + "[NONE|ANYONECANPAY] " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "82")) << vchPubKey, true));
1368 BOOST_CHECK_EQUAL(derSig + "[SINGLE|ANYONECANPAY] " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "83")) << vchPubKey, true));
1369
1370 BOOST_CHECK_EQUAL(derSig + "00 " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "00")) << vchPubKey));
1371 BOOST_CHECK_EQUAL(derSig + "80 " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "80")) << vchPubKey));
1372 BOOST_CHECK_EQUAL(derSig + "01 " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "01")) << vchPubKey));
1373 BOOST_CHECK_EQUAL(derSig + "02 " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "02")) << vchPubKey));
1374 BOOST_CHECK_EQUAL(derSig + "03 " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "03")) << vchPubKey));
1375 BOOST_CHECK_EQUAL(derSig + "81 " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "81")) << vchPubKey));
1376 BOOST_CHECK_EQUAL(derSig + "82 " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "82")) << vchPubKey));
1377 BOOST_CHECK_EQUAL(derSig + "83 " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "83")) << vchPubKey));
1378}
1379
1380template <typename T>
1381CScript ToScript(const T& byte_container)
1382{
1383 auto span{MakeUCharSpan(byte_container)};
1384 return {span.begin(), span.end()};
1385}
1386
1387static CScript ScriptFromHex(const std::string& str)
1388{
1389 return ToScript(*Assert(TryParseHex(str)));
1390}
1391
1392BOOST_AUTO_TEST_CASE(script_byte_array_u8_vector_equivalence)
1393{
1394 const CScript scriptPubKey1 = CScript() << "04678afdb0fe5548271967f1a67130b7105cd6a828e03909a67962e0ea1f61deb649f6bc3f4cef38c4f35504e51ec112de5c384df7ba0b8d578a4c702b6bf11d5f"_hex_v_u8 << OP_CHECKSIG;
1395 const CScript scriptPubKey2 = CScript() << "04678afdb0fe5548271967f1a67130b7105cd6a828e03909a67962e0ea1f61deb649f6bc3f4cef38c4f35504e51ec112de5c384df7ba0b8d578a4c702b6bf11d5f"_hex << OP_CHECKSIG;
1396 BOOST_CHECK(scriptPubKey1 == scriptPubKey2);
1397}
1398
1399BOOST_AUTO_TEST_CASE(script_FindAndDelete)
1400{
1401 // Exercise the FindAndDelete functionality
1402 CScript s;
1403 CScript d;
1405
1406 s = CScript() << OP_1 << OP_2;
1407 d = CScript(); // delete nothing should be a no-op
1408 expect = s;
1410 BOOST_CHECK(s == expect);
1411
1412 s = CScript() << OP_1 << OP_2 << OP_3;
1413 d = CScript() << OP_2;
1414 expect = CScript() << OP_1 << OP_3;
1416 BOOST_CHECK(s == expect);
1417
1418 s = CScript() << OP_3 << OP_1 << OP_3 << OP_3 << OP_4 << OP_3;
1419 d = CScript() << OP_3;
1420 expect = CScript() << OP_1 << OP_4;
1422 BOOST_CHECK(s == expect);
1423
1424 s = ToScript("0302ff03"_hex); // PUSH 0x02ff03 onto stack
1425 d = ToScript("0302ff03"_hex);
1426 expect = CScript();
1428 BOOST_CHECK(s == expect);
1429
1430 s = ToScript("0302ff030302ff03"_hex); // PUSH 0x02ff03 PUSH 0x02ff03
1431 d = ToScript("0302ff03"_hex);
1432 expect = CScript();
1434 BOOST_CHECK(s == expect);
1435
1436 s = ToScript("0302ff030302ff03"_hex);
1437 d = ToScript("02"_hex);
1438 expect = s; // FindAndDelete matches entire opcodes
1440 BOOST_CHECK(s == expect);
1441
1442 s = ToScript("0302ff030302ff03"_hex);
1443 d = ToScript("ff"_hex);
1444 expect = s;
1446 BOOST_CHECK(s == expect);
1447
1448 // This is an odd edge case: strip of the push-three-bytes
1449 // prefix, leaving 02ff03 which is push-two-bytes:
1450 s = ToScript("0302ff030302ff03"_hex);
1451 d = ToScript("03"_hex);
1452 expect = CScript() << "ff03"_hex << "ff03"_hex;
1454 BOOST_CHECK(s == expect);
1455
1456 // Byte sequence that spans multiple opcodes:
1457 s = ToScript("02feed5169"_hex); // PUSH(0xfeed) OP_1 OP_VERIFY
1458 d = ToScript("feed51"_hex);
1459 expect = s;
1460 BOOST_CHECK_EQUAL(FindAndDelete(s, d), 0); // doesn't match 'inside' opcodes
1461 BOOST_CHECK(s == expect);
1462
1463 s = ToScript("02feed5169"_hex); // PUSH(0xfeed) OP_1 OP_VERIFY
1464 d = ToScript("02feed51"_hex);
1465 expect = ToScript("69"_hex);
1467 BOOST_CHECK(s == expect);
1468
1469 s = ToScript("516902feed5169"_hex);
1470 d = ToScript("feed51"_hex);
1471 expect = s;
1473 BOOST_CHECK(s == expect);
1474
1475 s = ToScript("516902feed5169"_hex);
1476 d = ToScript("02feed51"_hex);
1477 expect = ToScript("516969"_hex);
1479 BOOST_CHECK(s == expect);
1480
1481 s = CScript() << OP_0 << OP_0 << OP_1 << OP_1;
1482 d = CScript() << OP_0 << OP_1;
1483 expect = CScript() << OP_0 << OP_1; // FindAndDelete is single-pass
1485 BOOST_CHECK(s == expect);
1486
1487 s = CScript() << OP_0 << OP_0 << OP_1 << OP_0 << OP_1 << OP_1;
1488 d = CScript() << OP_0 << OP_1;
1489 expect = CScript() << OP_0 << OP_1; // FindAndDelete is single-pass
1491 BOOST_CHECK(s == expect);
1492
1493 // Another weird edge case:
1494 // End with invalid push (not enough data)...
1495 s = ToScript("0003feed"_hex);
1496 d = ToScript("03feed"_hex); // ... can remove the invalid push
1497 expect = ToScript("00"_hex);
1499 BOOST_CHECK(s == expect);
1500
1501 s = ToScript("0003feed"_hex);
1502 d = ToScript("00"_hex);
1503 expect = ToScript("03feed"_hex);
1505 BOOST_CHECK(s == expect);
1506}
1507
1508BOOST_AUTO_TEST_CASE(script_HasValidOps)
1509{
1510 // Exercise the HasValidOps functionality
1512 script = ToScript("76a9141234567890abcdefa1a2a3a4a5a6a7a8a9a0aaab88ac"_hex); // Normal script
1513 BOOST_CHECK(script.HasValidOps());
1514 script = ToScript("76a914ff34567890abcdefa1a2a3a4a5a6a7a8a9a0aaab88ac"_hex);
1515 BOOST_CHECK(script.HasValidOps());
1516 script = ToScript("ff88ac"_hex); // Script with OP_INVALIDOPCODE explicit
1517 BOOST_CHECK(!script.HasValidOps());
1518 script = ToScript("88acc0"_hex); // Script with undefined opcode
1519 BOOST_CHECK(!script.HasValidOps());
1520}
1521
1522static CMutableTransaction TxFromHex(const std::string& str)
1523{
1525 SpanReader{ParseHex(str)} >> TX_NO_WITNESS(tx);
1526 return tx;
1527}
1528
1529static std::vector<CTxOut> TxOutsFromJSON(const UniValue& univalue)
1530{
1531 assert(univalue.isArray());
1532 std::vector<CTxOut> prevouts;
1533 for (size_t i = 0; i < univalue.size(); ++i) {
1534 CTxOut txout;
1535 SpanReader{ParseHex(univalue[i].get_str())} >> txout;
1536 prevouts.push_back(std::move(txout));
1537 }
1538 return prevouts;
1539}
1540
1542{
1543 assert(univalue.isArray());
1544 CScriptWitness scriptwitness;
1545 for (size_t i = 0; i < univalue.size(); ++i) {
1546 auto bytes = ParseHex(univalue[i].get_str());
1547 scriptwitness.stack.push_back(std::move(bytes));
1548 }
1549 return scriptwitness;
1550}
1551
1552static std::vector<unsigned int> AllConsensusFlags()
1553{
1554 std::vector<unsigned int> ret;
1555
1556 for (unsigned int i = 0; i < 128; ++i) {
1557 unsigned int flag = 0;
1558 if (i & 1) flag |= SCRIPT_VERIFY_P2SH;
1559 if (i & 2) flag |= SCRIPT_VERIFY_DERSIG;
1560 if (i & 4) flag |= SCRIPT_VERIFY_NULLDUMMY;
1561 if (i & 8) flag |= SCRIPT_VERIFY_CHECKLOCKTIMEVERIFY;
1562 if (i & 16) flag |= SCRIPT_VERIFY_CHECKSEQUENCEVERIFY;
1563 if (i & 32) flag |= SCRIPT_VERIFY_WITNESS;
1564 if (i & 64) flag |= SCRIPT_VERIFY_TAPROOT;
1565
1566 // SCRIPT_VERIFY_WITNESS requires SCRIPT_VERIFY_P2SH
1567 if (flag & SCRIPT_VERIFY_WITNESS && !(flag & SCRIPT_VERIFY_P2SH)) continue;
1568 // SCRIPT_VERIFY_TAPROOT requires SCRIPT_VERIFY_WITNESS
1569 if (flag & SCRIPT_VERIFY_TAPROOT && !(flag & SCRIPT_VERIFY_WITNESS)) continue;
1570
1571 ret.push_back(flag);
1572 }
1573
1574 return ret;
1575}
1576
1578static const std::vector<unsigned int> ALL_CONSENSUS_FLAGS = AllConsensusFlags();
1579
1580static void AssetTest(const UniValue& test, SignatureCache& signature_cache)
1581{
1582 BOOST_CHECK(test.isObject());
1583
1584 CMutableTransaction mtx = TxFromHex(test["tx"].get_str());
1585 const std::vector<CTxOut> prevouts = TxOutsFromJSON(test["prevouts"]);
1586 BOOST_CHECK(prevouts.size() == mtx.vin.size());
1587 size_t idx = test["index"].getInt<int64_t>();
1588 uint32_t test_flags{ParseScriptFlags(test["flags"].get_str())};
1589 bool fin = test.exists("final") && test["final"].get_bool();
1590
1591 if (test.exists("success")) {
1592 mtx.vin[idx].scriptSig = ScriptFromHex(test["success"]["scriptSig"].get_str());
1593 mtx.vin[idx].scriptWitness = ScriptWitnessFromJSON(test["success"]["witness"]);
1594 CTransaction tx(mtx);
1596 txdata.Init(tx, std::vector<CTxOut>(prevouts));
1597 CachingTransactionSignatureChecker txcheck(&tx, idx, prevouts[idx].nValue, true, signature_cache, txdata);
1598
1599 for (const auto flags : ALL_CONSENSUS_FLAGS) {
1600 // "final": true tests are valid for all flags. Others are only valid with flags that are
1601 // a subset of test_flags.
1602 if (fin || ((flags & test_flags) == flags)) {
1603 bool ret = VerifyScript(tx.vin[idx].scriptSig, prevouts[idx].scriptPubKey, &tx.vin[idx].scriptWitness, flags, txcheck, nullptr);
1605 }
1606 }
1607 }
1608
1609 if (test.exists("failure")) {
1610 mtx.vin[idx].scriptSig = ScriptFromHex(test["failure"]["scriptSig"].get_str());
1611 mtx.vin[idx].scriptWitness = ScriptWitnessFromJSON(test["failure"]["witness"]);
1612 CTransaction tx(mtx);
1614 txdata.Init(tx, std::vector<CTxOut>(prevouts));
1615 CachingTransactionSignatureChecker txcheck(&tx, idx, prevouts[idx].nValue, true, signature_cache, txdata);
1616
1617 for (const auto flags : ALL_CONSENSUS_FLAGS) {
1618 // If a test is supposed to fail with test_flags, it should also fail with any superset thereof.
1619 if ((flags & test_flags) == test_flags) {
1620 bool ret = VerifyScript(tx.vin[idx].scriptSig, prevouts[idx].scriptPubKey, &tx.vin[idx].scriptWitness, flags, txcheck, nullptr);
1621 BOOST_CHECK(!ret);
1622 }
1623 }
1624 }
1625}
1626
1627BOOST_AUTO_TEST_CASE(script_assets_test)
1628{
1629 // See src/test/fuzz/script_assets_test_minimizer.cpp for information on how to generate
1630 // the script_assets_test.json file used by this test.
1632
1633 const char* dir = std::getenv("DIR_UNIT_TEST_DATA");
1634 BOOST_WARN_MESSAGE(dir != nullptr, "Variable DIR_UNIT_TEST_DATA unset, skipping script_assets_test");
1635 if (dir == nullptr) return;
1636 auto path = fs::path(dir) / "script_assets_test.json";
1637 bool exists = fs::exists(path);
1638 BOOST_WARN_MESSAGE(exists, "File $DIR_UNIT_TEST_DATA/script_assets_test.json not found, skipping script_assets_test");
1639 if (!exists) return;
1640 std::ifstream file{path};
1641 BOOST_CHECK(file.is_open());
1642 file.seekg(0, std::ios::end);
1643 size_t length = file.tellg();
1644 file.seekg(0, std::ios::beg);
1645 std::string data(length, '\0');
1646 file.read(data.data(), data.size());
1648 BOOST_CHECK(tests.isArray());
1649 BOOST_CHECK(tests.size() > 0);
1650
1651 for (size_t i = 0; i < tests.size(); i++) {
1652 AssetTest(tests[i], signature_cache);
1653 }
1654 file.close();
1655}
1656
1657BOOST_AUTO_TEST_CASE(bip341_keypath_test_vectors)
1658{
1660 tests.read(json_tests::bip341_wallet_vectors);
1661
1662 const auto& vectors = tests["keyPathSpending"];
1663
1664 for (const auto& vec : vectors.getValues()) {
1665 auto txhex = ParseHex(vec["given"]["rawUnsignedTx"].get_str());
1667 SpanReader{txhex} >> TX_WITH_WITNESS(tx);
1668 std::vector<CTxOut> utxos;
1669 for (const auto& utxo_spent : vec["given"]["utxosSpent"].getValues()) {
1670 auto script_bytes = ParseHex(utxo_spent["scriptPubKey"].get_str());
1671 CScript script{script_bytes.begin(), script_bytes.end()};
1672 CAmount amount{utxo_spent["amountSats"].getInt<int>()};
1673 utxos.emplace_back(amount, script);
1674 }
1675
1677 txdata.Init(tx, std::vector<CTxOut>{utxos}, true);
1678
1680 BOOST_CHECK_EQUAL(HexStr(txdata.m_spent_amounts_single_hash), vec["intermediary"]["hashAmounts"].get_str());
1681 BOOST_CHECK_EQUAL(HexStr(txdata.m_outputs_single_hash), vec["intermediary"]["hashOutputs"].get_str());
1682 BOOST_CHECK_EQUAL(HexStr(txdata.m_prevouts_single_hash), vec["intermediary"]["hashPrevouts"].get_str());
1683 BOOST_CHECK_EQUAL(HexStr(txdata.m_spent_scripts_single_hash), vec["intermediary"]["hashScriptPubkeys"].get_str());
1684 BOOST_CHECK_EQUAL(HexStr(txdata.m_sequences_single_hash), vec["intermediary"]["hashSequences"].get_str());
1685
1686 for (const auto& input : vec["inputSpending"].getValues()) {
1687 int txinpos = input["given"]["txinIndex"].getInt<int>();
1688 int hashtype = input["given"]["hashType"].getInt<int>();
1689
1690 // Load key.
1691 auto privkey = ParseHex(input["given"]["internalPrivkey"].get_str());
1692 CKey key;
1693 key.Set(privkey.begin(), privkey.end(), true);
1694
1695 // Load Merkle root.
1696 uint256 merkle_root;
1697 if (!input["given"]["merkleRoot"].isNull()) {
1698 merkle_root = uint256{ParseHex(input["given"]["merkleRoot"].get_str())};
1699 }
1700
1701 // Compute and verify (internal) public key.
1702 XOnlyPubKey pubkey{key.GetPubKey()};
1703 BOOST_CHECK_EQUAL(HexStr(pubkey), input["intermediary"]["internalPubkey"].get_str());
1704
1705 // Sign and verify signature.
1706 FlatSigningProvider provider;
1707 provider.keys[key.GetPubKey().GetID()] = key;
1708 MutableTransactionSignatureCreator creator(tx, txinpos, utxos[txinpos].nValue, &txdata, hashtype);
1709 std::vector<unsigned char> signature;
1710 BOOST_CHECK(creator.CreateSchnorrSig(provider, signature, pubkey, nullptr, &merkle_root, SigVersion::TAPROOT));
1711 BOOST_CHECK_EQUAL(HexStr(signature), input["expected"]["witness"][0].get_str());
1712
1713 // We can't observe the tweak used inside the signing logic, so verify by recomputing it.
1714 BOOST_CHECK_EQUAL(HexStr(pubkey.ComputeTapTweakHash(merkle_root.IsNull() ? nullptr : &merkle_root)), input["intermediary"]["tweak"].get_str());
1715
1716 // We can't observe the sighash used inside the signing logic, so verify by recomputing it.
1718 sed.m_annex_init = true;
1719 sed.m_annex_present = false;
1720 uint256 sighash;
1721 BOOST_CHECK(SignatureHashSchnorr(sighash, sed, tx, txinpos, hashtype, SigVersion::TAPROOT, txdata, MissingDataBehavior::FAIL));
1722 BOOST_CHECK_EQUAL(HexStr(sighash), input["intermediary"]["sigHash"].get_str());
1723
1724 // To verify the sigmsg, hash the expected sigmsg, and compare it with the (expected) sighash.
1725 BOOST_CHECK_EQUAL(HexStr((HashWriter{HASHER_TAPSIGHASH} << std::span<const uint8_t>{ParseHex(input["intermediary"]["sigMsg"].get_str())}).GetSHA256()), input["intermediary"]["sigHash"].get_str());
1726 }
1727 }
1728}
1729
1730BOOST_AUTO_TEST_CASE(compute_tapbranch)
1731{
1732 constexpr uint256 hash1{"8ad69ec7cf41c2a4001fd1f738bf1e505ce2277acdcaa63fe4765192497f47a7"};
1733 constexpr uint256 hash2{"f224a923cd0021ab202ab139cc56802ddb92dcfc172b9212261a539df79a112a"};
1734 constexpr uint256 result{"a64c5b7b943315f9b805d7a7296bedfcfd08919270a1f7a1466e98f8693d8cd9"};
1735 BOOST_CHECK_EQUAL(ComputeTapbranchHash(hash1, hash2), result);
1736}
1737
1738BOOST_AUTO_TEST_CASE(compute_tapleaf)
1739{
1740 constexpr uint8_t script[6] = {'f','o','o','b','a','r'};
1741 constexpr uint256 tlc0{"edbc10c272a1215dcdcc11d605b9027b5ad6ed97cd45521203f136767b5b9c06"};
1742 constexpr uint256 tlc2{"8b5c4f90ae6bf76e259dbef5d8a59df06359c391b59263741b25eca76451b27a"};
1743
1744 BOOST_CHECK_EQUAL(ComputeTapleafHash(0xc0, std::span(script)), tlc0);
1745 BOOST_CHECK_EQUAL(ComputeTapleafHash(0xc2, std::span(script)), tlc2);
1746}
1747
CScript GetScriptForDestination(const CTxDestination &dest)
Generate a Bitcoin scriptPubKey for the given CTxDestination.
int64_t CAmount
Amount in satoshis (Can be negative)
Definition: amount.h:12
int ret
static CAmount AmountFromValue(const UniValue &value)
Definition: bitcoin-tx.cpp:554
int flags
Definition: bitcoin-tx.cpp:529
#define Assert(val)
Identity function.
Definition: check.h:106
A hasher class for Bitcoin's 160-bit hash (SHA-256 + RIPEMD-160).
Definition: hash.h:49
CHash160 & Write(std::span< const unsigned char > input)
Definition: hash.h:62
void Finalize(std::span< unsigned char > output)
Definition: hash.h:55
An encapsulated private key.
Definition: key.h:35
bool Sign(const uint256 &hash, std::vector< unsigned char > &vchSig, bool grind=true, uint32_t test_case=0) const
Create a DER-serialized signature.
Definition: key.cpp:208
CPubKey GetPubKey() const
Compute the public key from a private key.
Definition: key.cpp:182
void Set(const T pbegin, const T pend, bool fCompressedIn)
Initialize using begin and end iterators to byte data.
Definition: key.h:103
An outpoint - a combination of a transaction hash and an index n into its vout.
Definition: transaction.h:29
An encapsulated public key.
Definition: pubkey.h:34
const unsigned char * data() const
Definition: pubkey.h:113
CKeyID GetID() const
Get the KeyID of this public key (hash of its serialization)
Definition: pubkey.h:164
const unsigned char * end() const
Definition: pubkey.h:115
const unsigned char * begin() const
Definition: pubkey.h:114
A hasher class for SHA-256.
Definition: sha256.h:14
void Finalize(unsigned char hash[OUTPUT_SIZE])
Definition: sha256.cpp:725
CSHA256 & Write(const unsigned char *data, size_t len)
Definition: sha256.cpp:699
Serialized script, used inside transaction inputs and outputs.
Definition: script.h:415
A reference to a CScript: the Hash160 of its serialization.
Definition: script.h:604
The basic transaction that is broadcasted on the network and contained in blocks.
Definition: transaction.h:296
const std::vector< CTxIn > vin
Definition: transaction.h:306
An output of a transaction.
Definition: transaction.h:150
CScript scriptPubKey
Definition: transaction.h:153
CAmount nValue
Definition: transaction.h:152
Fillable signing provider that keeps keys in an address->secret map.
virtual bool AddCScript(const CScript &redeemScript)
virtual bool AddKey(const CKey &key)
A writer stream (for serialization) that computes a 256-bit hash.
Definition: hash.h:101
A signature creator for transactions.
Definition: sign.h:40
bool CreateSchnorrSig(const SigningProvider &provider, std::vector< unsigned char > &sig, const XOnlyPubKey &pubkey, const uint256 *leaf_hash, const uint256 *merkle_root, SigVersion sigversion) const override
Definition: sign.cpp:62
uint64_t randbits(int bits) noexcept
Generate a random (bits)-bit integer.
Definition: random.h:204
Valid signature cache, to avoid doing expensive ECDSA signature checking twice for every transaction ...
Definition: sigcache.h:39
Minimal stream for reading from an existing byte array by std::span.
Definition: streams.h:101
Utility class to construct Taproot outputs from internal key and script tree.
WitnessV1Taproot GetOutput()
Compute scriptPubKey (after Finalize()).
TaprootSpendData GetSpendData() const
Compute spending data (after Finalize()).
bool IsComplete() const
Return whether there were either no leaves, or the leaves form a Huffman tree.
TaprootBuilder & Add(int depth, std::span< const unsigned char > script, int leaf_version, bool track=true)
Add a new script at a certain depth in the tree.
TaprootBuilder & Finalize(const XOnlyPubKey &internal_key)
Finalize the construction.
const std::string & get_str() const
bool isArray() const
Definition: univalue.h:85
@ VARR
Definition: univalue.h:24
std::string write(unsigned int prettyIndent=0, unsigned int indentLevel=0) const
size_t size() const
Definition: univalue.h:71
Int getInt() const
Definition: univalue.h:138
const UniValue & get_array() const
bool exists(const std::string &key) const
Definition: univalue.h:77
bool get_bool() const
bool isObject() const
Definition: univalue.h:86
static const XOnlyPubKey NUMS_H
Nothing Up My Sleeve point H Used as an internal key for provably disabling the key path spend see BI...
Definition: pubkey.h:239
constexpr bool IsNull() const
Definition: uint256.h:48
constexpr unsigned char * begin()
Definition: uint256.h:101
bool empty() const
Definition: prevector.h:257
size_type size() const
Definition: prevector.h:253
value_type * data()
Definition: prevector.h:487
iterator begin()
Definition: prevector.h:261
iterator end()
Definition: prevector.h:263
void push_back(const T &value)
Definition: prevector.h:398
160-bit opaque blob.
Definition: uint256.h:184
256-bit opaque blob.
Definition: uint256.h:196
CScript ParseScript(const std::string &s)
Definition: core_read.cpp:63
std::string FormatScript(const CScript &script)
Definition: core_write.cpp:39
std::string ScriptToAsmStr(const CScript &script, const bool fAttemptSighashDecode=false)
Create the assembly string representation of a CScript object.
Definition: core_write.cpp:98
UniValue ValueFromAmount(const CAmount amount)
Definition: core_write.cpp:26
BOOST_FIXTURE_TEST_SUITE(cuckoocache_tests, BasicTestingSetup)
Test Suite for CuckooCache.
BOOST_AUTO_TEST_SUITE_END()
static bool exists(const path &p)
Definition: fs.h:89
std::string HexStr(const std::span< const uint8_t > s)
Convert a span of bytes to a lower-case hexadecimal string.
Definition: hex_base.cpp:29
uint256 ComputeTapbranchHash(std::span< const unsigned char > a, std::span< const unsigned char > b)
Compute the BIP341 tapbranch hash from two branches.
bool SignatureHashSchnorr(uint256 &hash_out, ScriptExecutionData &execdata, const T &tx_to, uint32_t in_pos, uint8_t hash_type, SigVersion sigversion, const PrecomputedTransactionData &cache, MissingDataBehavior mdb)
int FindAndDelete(CScript &script, const CScript &b)
uint256 SignatureHash(const CScript &scriptCode, const T &txTo, unsigned int nIn, int32_t nHashType, const CAmount &amount, SigVersion sigversion, const PrecomputedTransactionData *cache)
uint256 ComputeTapleafHash(uint8_t leaf_version, std::span< const unsigned char > script)
Compute the BIP341 tapleaf hash from leaf version & script.
bool EvalScript(std::vector< std::vector< unsigned char > > &stack, const CScript &script, unsigned int flags, const BaseSignatureChecker &checker, SigVersion sigversion, ScriptExecutionData &execdata, ScriptError *serror)
bool VerifyScript(const CScript &scriptSig, const CScript &scriptPubKey, const CScriptWitness *witness, unsigned int flags, const BaseSignatureChecker &checker, ScriptError *serror)
const HashWriter HASHER_TAPSIGHASH
Hasher with tag "TapSighash" pre-fed to it.
SigVersion
Definition: interpreter.h:191
@ TAPROOT
Witness v1 with 32-byte program, not BIP16 P2SH-wrapped, key path spending; see BIP 341.
@ BASE
Bare scripts and BIP16 P2SH-wrapped redeemscripts.
@ WITNESS_V0
Witness v0 (P2WPKH and P2WSH); see BIP 141.
GenericTransactionSignatureChecker< CMutableTransaction > MutableTransactionSignatureChecker
Definition: interpreter.h:307
@ SCRIPT_VERIFY_NULLDUMMY
Definition: interpreter.h:64
@ SCRIPT_VERIFY_P2SH
Definition: interpreter.h:49
@ SCRIPT_VERIFY_SIGPUSHONLY
Definition: interpreter.h:67
@ SCRIPT_VERIFY_WITNESS
Definition: interpreter.h:108
@ SCRIPT_VERIFY_LOW_S
Definition: interpreter.h:61
@ SCRIPT_VERIFY_CHECKLOCKTIMEVERIFY
Definition: interpreter.h:99
@ SCRIPT_VERIFY_WITNESS_PUBKEYTYPE
Definition: interpreter.h:126
@ SCRIPT_VERIFY_TAPROOT
Definition: interpreter.h:134
@ SCRIPT_VERIFY_STRICTENC
Definition: interpreter.h:54
@ SCRIPT_VERIFY_DERSIG
Definition: interpreter.h:57
@ SCRIPT_VERIFY_CLEANSTACK
Definition: interpreter.h:94
@ SCRIPT_VERIFY_MINIMALDATA
Definition: interpreter.h:73
@ SCRIPT_VERIFY_CHECKSEQUENCEVERIFY
Definition: interpreter.h:104
@ SCRIPT_VERIFY_DISCOURAGE_UPGRADABLE_WITNESS_PROGRAM
Definition: interpreter.h:112
static constexpr uint8_t TAPROOT_LEAF_TAPSCRIPT
Definition: interpreter.h:232
@ SIGHASH_ANYONECANPAY
Definition: interpreter.h:33
@ SIGHASH_DEFAULT
Taproot only; implied when sighash byte is missing, and equivalent to SIGHASH_ALL.
Definition: interpreter.h:35
@ SIGHASH_ALL
Definition: interpreter.h:30
@ SIGHASH_NONE
Definition: interpreter.h:31
@ SIGHASH_SINGLE
Definition: interpreter.h:32
@ ASSERT_FAIL
Abort execution through assertion failure (for consensus code)
@ FAIL
Just act as if the signature was invalid.
UniValue read_json(std::string_view jsondata)
Definition: json.cpp:12
CKey GenerateRandomKey(bool compressed) noexcept
Definition: key.cpp:352
@ NONE
Definition: logging.h:42
FILE * fopen(const fs::path &p, const char *mode)
Definition: fs.cpp:26
std::pair< opcodetype, std::vector< unsigned char > > Opcode
Definition: miniscript.h:189
""_hex is a compile-time user-defined literal returning a std::array<std::byte>, equivalent to ParseH...
Definition: strencodings.h:384
#define BOOST_CHECK_EQUAL(v1, v2)
Definition: object.cpp:18
#define BOOST_CHECK(expr)
Definition: object.cpp:17
static constexpr TransactionSerParams TX_NO_WITNESS
Definition: transaction.h:196
static constexpr TransactionSerParams TX_WITH_WITNESS
Definition: transaction.h:195
static CTransactionRef MakeTransactionRef(Tx &&txIn)
Definition: transaction.h:424
std::shared_ptr< const CTransaction > CTransactionRef
Definition: transaction.h:423
const char * name
Definition: rest.cpp:49
static const unsigned int MAX_SCRIPT_ELEMENT_SIZE
Definition: script.h:28
opcodetype
Script opcodes.
Definition: script.h:74
@ OP_2
Definition: script.h:85
@ OP_PUSHDATA4
Definition: script.h:80
@ OP_CHECKMULTISIG
Definition: script.h:192
@ OP_CHECKSIG
Definition: script.h:190
@ OP_CHECKLOCKTIMEVERIFY
Definition: script.h:197
@ OP_NOT
Definition: script.h:158
@ OP_EQUAL
Definition: script.h:146
@ OP_4
Definition: script.h:87
@ OP_DUP
Definition: script.h:125
@ OP_NOP2
Definition: script.h:198
@ OP_NOP8
Definition: script.h:205
@ OP_HASH160
Definition: script.h:187
@ OP_1
Definition: script.h:83
@ OP_PUSHDATA1
Definition: script.h:78
@ OP_3
Definition: script.h:86
@ OP_PUSHDATA2
Definition: script.h:79
@ OP_0
Definition: script.h:76
@ OP_EQUALVERIFY
Definition: script.h:147
std::vector< unsigned char > ToByteVector(const T &in)
Definition: script.h:67
std::string ScriptErrorString(const ScriptError serror)
enum ScriptError_t ScriptError
ScriptError_t
Definition: script_error.h:12
@ SCRIPT_ERR_OP_CODESEPARATOR
Definition: script_error.h:82
@ SCRIPT_ERR_SIG_PUSHONLY
Definition: script_error.h:48
@ SCRIPT_ERR_OP_COUNT
Definition: script_error.h:21
@ SCRIPT_ERR_EVAL_FALSE
Definition: script_error.h:15
@ SCRIPT_ERR_NUMEQUALVERIFY
Definition: script_error.h:31
@ SCRIPT_ERR_VERIFY
Definition: script_error.h:27
@ SCRIPT_ERR_DISABLED_OPCODE
Definition: script_error.h:35
@ SCRIPT_ERR_INVALID_ALTSTACK_OPERATION
Definition: script_error.h:37
@ SCRIPT_ERR_DISCOURAGE_UPGRADABLE_WITNESS_PROGRAM
Definition: script_error.h:58
@ SCRIPT_ERR_SCRIPT_SIZE
Definition: script_error.h:19
@ SCRIPT_ERR_UNKNOWN_ERROR
Definition: script_error.h:14
@ SCRIPT_ERR_WITNESS_PROGRAM_WRONG_LENGTH
Definition: script_error.h:64
@ SCRIPT_ERR_SIG_HASHTYPE
Definition: script_error.h:45
@ SCRIPT_ERR_MINIMALDATA
Definition: script_error.h:47
@ SCRIPT_ERR_CHECKSIGVERIFY
Definition: script_error.h:30
@ SCRIPT_ERR_STACK_SIZE
Definition: script_error.h:22
@ SCRIPT_ERR_WITNESS_MALLEATED_P2SH
Definition: script_error.h:68
@ SCRIPT_ERR_WITNESS_MALLEATED
Definition: script_error.h:67
@ SCRIPT_ERR_DISCOURAGE_UPGRADABLE_NOPS
Definition: script_error.h:57
@ SCRIPT_ERR_EQUALVERIFY
Definition: script_error.h:28
@ SCRIPT_ERR_INVALID_STACK_OPERATION
Definition: script_error.h:36
@ SCRIPT_ERR_SIG_COUNT
Definition: script_error.h:23
@ SCRIPT_ERR_SIG_HIGH_S
Definition: script_error.h:49
@ SCRIPT_ERR_SIG_DER
Definition: script_error.h:46
@ SCRIPT_ERR_WITNESS_UNEXPECTED
Definition: script_error.h:69
@ SCRIPT_ERR_NEGATIVE_LOCKTIME
Definition: script_error.h:41
@ SCRIPT_ERR_WITNESS_PROGRAM_MISMATCH
Definition: script_error.h:66
@ SCRIPT_ERR_OP_RETURN
Definition: script_error.h:16
@ SCRIPT_ERR_PUSH_SIZE
Definition: script_error.h:20
@ SCRIPT_ERR_SIG_NULLFAIL
Definition: script_error.h:54
@ SCRIPT_ERR_OK
Definition: script_error.h:13
@ SCRIPT_ERR_SIG_NULLDUMMY
Definition: script_error.h:50
@ SCRIPT_ERR_PUBKEYTYPE
Definition: script_error.h:51
@ SCRIPT_ERR_CHECKMULTISIGVERIFY
Definition: script_error.h:29
@ SCRIPT_ERR_UNSATISFIED_LOCKTIME
Definition: script_error.h:42
@ SCRIPT_ERR_WITNESS_PUBKEYTYPE
Definition: script_error.h:70
@ SCRIPT_ERR_SIG_FINDANDDELETE
Definition: script_error.h:83
@ SCRIPT_ERR_BAD_OPCODE
Definition: script_error.h:34
@ SCRIPT_ERR_PUBKEY_COUNT
Definition: script_error.h:24
@ SCRIPT_ERR_WITNESS_PROGRAM_WITNESS_EMPTY
Definition: script_error.h:65
@ SCRIPT_ERR_CLEANSTACK
Definition: script_error.h:52
@ SCRIPT_ERR_UNBALANCED_CONDITIONAL
Definition: script_error.h:38
@ SCRIPT_ERR_MINIMALIF
Definition: script_error.h:53
static std::string FormatScriptError(ScriptError_t err)
static void NegateSignatureS(std::vector< unsigned char > &vchSig)
static ScriptError_t ParseScriptError(const std::string &name)
static CScript ScriptFromHex(const std::string &str)
SignatureData CombineSignatures(const CTxOut &txout, const CMutableTransaction &tx, const SignatureData &scriptSig1, const SignatureData &scriptSig2)
static ScriptErrorDesc script_errors[]
static CMutableTransaction TxFromHex(const std::string &str)
CScript ToScript(const T &byte_container)
static CScript sign_multisig(const CScript &scriptPubKey, const std::vector< CKey > &keys, const CTransaction &transaction)
unsigned int ParseScriptFlags(std::string strFlags)
static std::vector< unsigned int > AllConsensusFlags()
BOOST_AUTO_TEST_CASE(script_build)
std::string FormatScriptFlags(unsigned int flags)
static const unsigned int gFlags
static std::vector< CTxOut > TxOutsFromJSON(const UniValue &univalue)
static void AssetTest(const UniValue &test, SignatureCache &signature_cache)
static CScriptWitness ScriptWitnessFromJSON(const UniValue &univalue)
static const std::vector< unsigned int > ALL_CONSENSUS_FLAGS
Precomputed list of all valid combinations of consensus-relevant script validation flags.
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_seckey_negate(const secp256k1_context *ctx, unsigned char *seckey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2)
Negates a secret key in place.
Definition: secp256k1.c:622
SECP256K1_API const secp256k1_context *const secp256k1_context_static
A built-in constant secp256k1 context object with static storage duration, to be used in conjunction ...
Definition: secp256k1.h:233
static constexpr size_t DEFAULT_SIGNATURE_CACHE_BYTES
Definition: sigcache.h:29
bool ProduceSignature(const SigningProvider &provider, const BaseSignatureCreator &creator, const CScript &fromPubKey, SignatureData &sigdata)
Produce a script signature using a generic signature creator.
Definition: sign.cpp:502
static bool GetPubKey(const SigningProvider &provider, const SignatureData &sigdata, const CKeyID &address, CPubKey &pubkey)
Definition: sign.cpp:109
SignatureData DataFromTransaction(const CMutableTransaction &tx, unsigned int nIn, const CTxOut &txout)
Extract signature data from a transaction input, and insert it.
Definition: sign.cpp:610
std::pair< CPubKey, std::vector< unsigned char > > SigPair
Definition: sign.h:63
const SigningProvider & DUMMY_SIGNING_PROVIDER
CScript GetScriptForMultisig(int nRequired, const std::vector< CPubKey > &keys)
Generate a multisig script.
Definition: solver.cpp:218
constexpr auto MakeUCharSpan(const V &v) -> decltype(UCharSpanCast(std::span{v}))
Like the std::span constructor, but for (const) unsigned char member types only.
Definition: span.h:111
std::vector< Byte > ParseHex(std::string_view hex_str)
Like TryParseHex, but returns an empty vector on invalid input.
Definition: strencodings.h:68
Basic testing setup.
Definition: setup_common.h:64
FastRandomContext m_rng
Definition: setup_common.h:68
A mutable version of CTransaction.
Definition: transaction.h:378
std::vector< CTxOut > vout
Definition: transaction.h:380
Txid GetHash() const
Compute the hash of this CMutableTransaction.
Definition: transaction.cpp:69
std::vector< CTxIn > vin
Definition: transaction.h:379
std::vector< std::vector< unsigned char > > stack
Definition: script.h:590
std::map< CKeyID, CKey > keys
A type to represent integers in the type system.
Definition: lintrans.h:13
void Init(const T &tx, std::vector< CTxOut > &&spent_outputs, bool force=false)
Initialize this PrecomputedTransactionData with transaction data.
bool m_bip341_taproot_ready
Whether the 5 fields above are initialized.
Definition: interpreter.h:163
ScriptError_t err
const char * name
bool m_annex_present
Whether an annex is present.
Definition: interpreter.h:213
bool m_annex_init
Whether m_annex_present and (when needed) m_annex_hash are initialized.
Definition: interpreter.h:211
void DoTest(const CScript &scriptPubKey, const CScript &scriptSig, const CScriptWitness &scriptWitness, uint32_t flags, const std::string &message, int scriptError, CAmount nValue=0)
std::map< CKeyID, SigPair > signatures
BIP 174 style partial signatures for the input. May contain all signatures necessary for producing a ...
Definition: sign.h:77
TaprootSpendData tr_spenddata
Taproot spending data.
Definition: sign.h:75
CScript scriptSig
The scriptSig of an input. Contains complete signatures or the traditional partial signatures format.
Definition: sign.h:71
std::map< std::pair< std::vector< unsigned char >, int >, std::set< std::vector< unsigned char >, ShortestVectorFirstComparator > > scripts
Map from (script, leaf_version) to (sets of) control blocks.
#define strprintf
Format arguments and return the string or write to given std::ostream (see tinyformat::format doc for...
Definition: tinyformat.h:1172
CMutableTransaction BuildSpendingTransaction(const CScript &scriptSig, const CScriptWitness &scriptWitness, const CTransaction &txCredit)
bool SignSignature(const SigningProvider &provider, const CScript &fromPubKey, CMutableTransaction &txTo, unsigned int nIn, const CAmount &amount, int nHashType, SignatureData &sig_data)
Produce a satisfying script (scriptSig or witness).
CMutableTransaction BuildCreditingTransaction(const CScript &scriptPubKey, int nValue)
constexpr std::array tests
Definition: unitester.cpp:100
#define expect(bit)
std::optional< std::vector< Byte > > TryParseHex(std::string_view str)
Parse the hex string into bytes (uint8_t or std::byte).
assert(!tx.IsCoinBase())