5#include <test/data/script_tests.json.h>
6#include <test/data/bip341_wallet_vectors.json.h>
31#include <boost/test/unit_test.hpp>
103 BOOST_ERROR(
"Unknown scripterror enumeration value, update script_errors in script_tests.cpp.");
112 BOOST_ERROR(
"Unknown scripterror \"" <<
name <<
"\" in test description");
131 for (
int i = 0; i < 16; ++i) {
133 uint32_t combined_flags{
expect ? (
flags & ~extra_flags) : (
flags | extra_flags)};
137 BOOST_CHECK_MESSAGE(
VerifyScript(scriptSig, scriptPubKey, &scriptWitness, combined_flags,
MutableTransactionSignatureChecker(&tx, 0, txCredit.
vout[0].nValue,
MissingDataBehavior::ASSERT_FAIL), &err) ==
expect, message +
strprintf(
" (with flags %x)", combined_flags));
144 std::vector<unsigned char> r,
s;
145 r = std::vector<unsigned char>(vchSig.begin() + 4, vchSig.begin() + 4 + vchSig[3]);
146 s = std::vector<unsigned char>(vchSig.begin() + 6 + vchSig[3], vchSig.begin() + 6 + vchSig[3] + vchSig[5 + vchSig[3]]);
148 while (
s.size() < 33) {
149 s.insert(
s.begin(), 0x00);
164 vchSig.push_back(0x30);
165 vchSig.push_back(4 + r.size() +
s.size());
166 vchSig.push_back(0x02);
167 vchSig.push_back(r.size());
168 vchSig.insert(vchSig.end(), r.begin(), r.end());
169 vchSig.push_back(0x02);
170 vchSig.push_back(
s.size());
171 vchSig.insert(vchSig.end(),
s.begin(),
s.end());
176const unsigned char vchKey0[32] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1};
177const unsigned char vchKey1[32] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0};
178const unsigned char vchKey2[32] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0};
182 CKey key0, key0C, key1, key1C, key2, key2C;
183 CPubKey pubkey0, pubkey0C, pubkey0H;
189 key0.
Set(vchKey0, vchKey0 + 32,
false);
190 key0C.
Set(vchKey0, vchKey0 + 32,
true);
194 *
const_cast<unsigned char*
>(pubkey0H.
data()) = 0x06 | (pubkey0H[64] & 1);
196 key1.
Set(vchKey1, vchKey1 + 32,
false);
197 key1C.
Set(vchKey1, vchKey1 + 32,
true);
201 key2.
Set(vchKey2, vchKey2 + 32,
false);
202 key2C.
Set(vchKey2, vchKey2 + 32,
true);
208enum class WitnessMode {
226 bool havePush{
false};
227 std::vector<unsigned char> push;
236 spendTx.
vin[0].scriptSig << push;
241 void DoPush(
const std::vector<unsigned char>&
data)
249 TestBuilder(
const CScript& script_,
const std::string& comment_, uint32_t flags_,
bool P2SH =
false, WitnessMode wm =
WitnessMode::NONE,
int witnessversion = 0,
CAmount nValue_ = 0) :
script(script_), comment(comment_),
flags(flags_), nValue(nValue_)
252 if (wm == WitnessMode::PKH) {
257 }
else if (wm == WitnessMode::SH) {
258 witscript = scriptPubKey;
264 redeemscript = scriptPubKey;
280 spendTx.
vin[0].scriptSig << _op;
284 TestBuilder&
Num(
int num)
287 spendTx.
vin[0].scriptSig << num;
291 TestBuilder& Push(
const std::string& hex)
297 TestBuilder& Push(
const CScript& _script)
299 DoPush(std::vector<unsigned char>(_script.
begin(), _script.
end()));
306 std::vector<unsigned char> vchSig, r,
s;
309 key.
Sign(hash, vchSig,
false, iter++);
310 if ((lenS == 33) != (vchSig[5 + vchSig[3]] == 33)) {
313 r = std::vector<unsigned char>(vchSig.begin() + 4, vchSig.begin() + 4 + vchSig[3]);
314 s = std::vector<unsigned char>(vchSig.begin() + 6 + vchSig[3], vchSig.begin() + 6 + vchSig[3] + vchSig[5 + vchSig[3]]);
315 }
while (lenR != r.size() || lenS !=
s.size());
316 vchSig.push_back(
static_cast<unsigned char>(nHashType));
325 return PushSig(key, nHashType, lenR, lenS, sigversion, amount).AsWit();
328 TestBuilder& Push(
const CPubKey& pubkey)
330 DoPush(std::vector<unsigned char>(pubkey.
begin(), pubkey.
end()));
334 TestBuilder& PushRedeem()
336 DoPush(std::vector<unsigned char>(redeemscript.
begin(), redeemscript.
end()));
340 TestBuilder& PushWitRedeem()
342 DoPush(std::vector<unsigned char>(witscript.
begin(), witscript.
end()));
346 TestBuilder& EditPush(
unsigned int pos,
const std::string& hexin,
const std::string& hexout)
349 std::vector<unsigned char> datain =
ParseHex(hexin);
350 std::vector<unsigned char> dataout =
ParseHex(hexout);
351 assert(pos + datain.size() <= push.size());
352 BOOST_CHECK_MESSAGE(std::vector<unsigned char>(push.begin() + pos, push.begin() + pos + datain.size()) == datain, comment);
353 push.erase(push.begin() + pos, push.begin() + pos + datain.size());
354 push.insert(push.begin() + pos, dataout.begin(), dataout.end());
358 TestBuilder& DamagePush(
unsigned int pos)
361 assert(pos < push.size());
368 TestBuilder copy = *
this;
370 test.
DoTest(creditTx->vout[0].scriptPubKey, spendTx.
vin[0].scriptSig, scriptWitness,
flags, comment, scriptError, nValue);
378 scriptWitness.
stack.push_back(push);
387 if (!scriptWitness.
stack.empty()) {
389 for (
unsigned i = 0; i < scriptWitness.
stack.size(); i++) {
393 array.push_back(std::move(wit));
396 array.push_back(
FormatScript(creditTx->vout[0].scriptPubKey));
399 array.push_back(comment);
403 std::string GetComment()
const
409std::string JSONPrettyPrint(
const UniValue& univalue)
411 std::string
ret = univalue.
write(4);
414 while ((pos =
ret.find(
" \n", pos)) != std::string::npos) {
415 ret.replace(pos, 2,
"\n");
428 std::vector<TestBuilder>
tests;
432 ).PushSig(keys.key0));
439 ).PushSig(keys.key1).Push(keys.pubkey1C));
441 "P2PKH, bad pubkey", 0
445 "P2PK anyonecanpay", 0
448 "P2PK anyonecanpay marked with normal hashtype", 0
453 ).PushSig(keys.key0).PushRedeem());
460 ).PushSig(keys.key0).Push(keys.pubkey0).PushRedeem());
462 "P2SH(P2PKH), bad sig but no VERIFY_P2SH", 0,
true
463 ).PushSig(keys.key0).DamagePush(10).PushRedeem());
470 ).Num(0).PushSig(keys.key0).PushSig(keys.key1).PushSig(keys.key2));
477 ).Num(0).PushSig(keys.key1).PushSig(keys.key2).PushRedeem());
483 "P2PK with too much R padding but no DERSIG", 0
484 ).PushSig(keys.key1,
SIGHASH_ALL, 31, 32).EditPush(1,
"43021F",
"44022000"));
489 "P2PK with too much S padding but no DERSIG", 0
490 ).PushSig(keys.key1,
SIGHASH_ALL).EditPush(1,
"44",
"45").EditPush(37,
"20",
"2100"));
495 "P2PK with too little R padding but no DERSIG", 0
496 ).PushSig(keys.key1,
SIGHASH_ALL, 33, 32).EditPush(1,
"45022100",
"440220"));
501 "P2PK NOT with bad sig with too much R padding but no DERSIG", 0
502 ).PushSig(keys.key2,
SIGHASH_ALL, 31, 32).EditPush(1,
"43021F",
"44022000").DamagePush(10));
507 "P2PK NOT with too much R padding but no DERSIG", 0
514 "BIP66 example 1, without DERSIG", 0
515 ).PushSig(keys.key1,
SIGHASH_ALL, 33, 32).EditPush(1,
"45022100",
"440220"));
520 "BIP66 example 2, without DERSIG", 0
526 "BIP66 example 3, without DERSIG", 0
532 "BIP66 example 4, without DERSIG", 0
538 "BIP66 example 5, without DERSIG", 0
544 "BIP66 example 6, without DERSIG", 0
550 "BIP66 example 7, without DERSIG", 0
551 ).Num(0).PushSig(keys.key1,
SIGHASH_ALL, 33, 32).EditPush(1,
"45022100",
"440220").PushSig(keys.key2));
556 "BIP66 example 8, without DERSIG", 0
562 "BIP66 example 9, without DERSIG", 0
568 "BIP66 example 10, without DERSIG", 0
569 ).Num(0).Num(0).PushSig(keys.key2,
SIGHASH_ALL, 33, 32).EditPush(1,
"45022100",
"440220"));
574 "BIP66 example 11, without DERSIG", 0
580 "BIP66 example 12, without DERSIG", 0
581 ).Num(0).PushSig(keys.key1,
SIGHASH_ALL, 33, 32).EditPush(1,
"45022100",
"440220").Num(0));
584 ).Num(0).PushSig(keys.key1,
SIGHASH_ALL, 33, 32).EditPush(1,
"45022100",
"440220").Num(0));
586 "P2PK with multi-byte hashtype, without DERSIG", 0
587 ).PushSig(keys.key2,
SIGHASH_ALL).EditPush(70,
"01",
"0101"));
593 "P2PK with high S but no LOW_S", 0
600 "P2PK with hybrid pubkey but no STRICTENC", 0
606 "P2PK NOT with hybrid pubkey but no STRICTENC", 0
612 "P2PK NOT with invalid hybrid pubkey but no STRICTENC", 0
618 "1-of-2 with the second 1 hybrid pubkey and no STRICTENC", 0
628 "P2PK with undefined hashtype but no STRICTENC", 0
629 ).PushSig(keys.key1, 5));
634 "P2PK NOT with invalid sig and undefined hashtype but no STRICTENC", 0
635 ).PushSig(keys.key1, 5).DamagePush(10));
641 "3-of-3 with nonzero dummy but no NULLDUMMY", 0
642 ).Num(1).PushSig(keys.key0).PushSig(keys.key1).PushSig(keys.key2));
647 "3-of-3 NOT with invalid sig and nonzero dummy but no NULLDUMMY", 0
648 ).Num(1).PushSig(keys.key0).PushSig(keys.key1).PushSig(keys.key2).DamagePush(10));
651 ).Num(1).PushSig(keys.key0).PushSig(keys.key1).PushSig(keys.key2).DamagePush(10).ScriptError(
SCRIPT_ERR_SIG_NULLDUMMY));
654 "2-of-2 with two identical keys and sigs pushed using OP_DUP but no SIGPUSHONLY", 0
655 ).Num(0).PushSig(keys.key1).Opcode(
OP_DUP));
660 "P2SH(P2PK) with non-push scriptSig but no P2SH or SIGPUSHONLY", 0,
true
661 ).PushSig(keys.key2).Opcode(
OP_NOP8).PushRedeem());
663 "P2PK with non-push scriptSig but with P2SH validation", 0
664 ).PushSig(keys.key2).Opcode(
OP_NOP8));
673 ).Num(0).PushSig(keys.key1).PushSig(keys.key1));
676 ).Num(11).PushSig(keys.key0));
682 ).Num(11).PushSig(keys.key0).PushRedeem());
688 ).PushSig(keys.key0).PushRedeem());
692 0, 1).PushWitSig(keys.key0).PushWitRedeem());
695 0, 1).PushWitSig(keys.key0).Push(keys.pubkey0).AsWit());
698 0, 1).PushWitSig(keys.key0).PushWitRedeem().PushRedeem());
701 0, 1).PushWitSig(keys.key0).Push(keys.pubkey0).AsWit().PushRedeem());
715 "Basic P2WSH with the wrong key but no WITNESS",
SCRIPT_VERIFY_P2SH,
false, WitnessMode::SH
716 ).PushWitSig(keys.key0).PushWitRedeem());
718 "Basic P2WPKH with the wrong key but no WITNESS",
SCRIPT_VERIFY_P2SH,
false, WitnessMode::PKH
719 ).PushWitSig(keys.key0).Push(keys.pubkey1).AsWit());
721 "Basic P2SH(P2WSH) with the wrong key but no WITNESS",
SCRIPT_VERIFY_P2SH,
true, WitnessMode::SH
722 ).PushWitSig(keys.key0).PushWitRedeem().PushRedeem());
724 "Basic P2SH(P2WPKH) with the wrong key but no WITNESS",
SCRIPT_VERIFY_P2SH,
true, WitnessMode::PKH
725 ).PushWitSig(keys.key0).Push(keys.pubkey1).AsWit().PushRedeem());
737 0, 0).PushWitSig(keys.key0, 1).Push(keys.pubkey0).AsWit().PushRedeem().ScriptError(
SCRIPT_ERR_EVAL_FALSE));
747 std::vector<unsigned char> hashBytes =
ToByteVector(hash);
748 hashBytes.pop_back();
758 tests.push_back(TestBuilder(witscript,
778 0, 1).PushWitSig(keys.key0C).PushWitRedeem());
781 0, 1).PushWitSig(keys.key0C).Push(keys.pubkey0C).AsWit());
784 0, 1).PushWitSig(keys.key0C).PushWitRedeem().PushRedeem());
787 0, 1).PushWitSig(keys.key0C).Push(keys.pubkey0C).AsWit().PushRedeem());
806 0, 1).Push(
CScript()).AsWit().PushWitSig(keys.key0C).PushWitRedeem());
809 0, 1).Push(
CScript()).AsWit().PushWitSig(keys.key0C).PushWitRedeem().PushRedeem());
812 0, 1).Push(
CScript()).AsWit().PushWitSig(keys.key1C).PushWitRedeem());
815 0, 1).Push(
CScript()).AsWit().PushWitSig(keys.key1C).PushWitRedeem().PushRedeem());
820 0, 1).Push(
CScript()).AsWit().PushWitSig(keys.key0).PushWitRedeem());
823 0, 1).Push(
CScript()).AsWit().PushWitSig(keys.key0).PushWitRedeem().PushRedeem());
832 0, 1).Push(
CScript()).AsWit().PushWitSig(keys.key1C).PushWitRedeem());
835 0, 1).Push(
CScript()).AsWit().PushWitSig(keys.key1C).PushWitRedeem().PushRedeem());
845 0, 1).Push(
CScript()).AsWit().PushWitSig(keys.key0C).PushWitRedeem());
848 0, 1).Push(
CScript()).AsWit().PushWitSig(keys.key0C).PushWitRedeem().PushRedeem());
851 0, 1).Push(
CScript()).AsWit().PushWitSig(keys.key0C).PushWitRedeem());
854 0, 1).Push(
CScript()).AsWit().PushWitSig(keys.key0C).PushWitRedeem().PushRedeem());
857 0, 1).Push(
CScript()).AsWit().PushWitSig(keys.key1).PushWitRedeem());
860 0, 1).Push(
CScript()).AsWit().PushWitSig(keys.key1).PushWitRedeem().PushRedeem());
868 std::set<std::string> tests_set;
873 for (
unsigned int idx = 0; idx < json_tests.
size(); idx++) {
874 const UniValue& tv = json_tests[idx];
875 tests_set.insert(JSONPrettyPrint(tv.
get_array()));
879#ifdef UPDATE_JSON_TESTS
882 for (TestBuilder& test :
tests) {
884 std::string str = JSONPrettyPrint(test.GetJSON());
885#ifdef UPDATE_JSON_TESTS
886 strGen += str +
",\n";
888 if (tests_set.count(str) == 0) {
889 BOOST_CHECK_MESSAGE(
false,
"Missing auto script_valid test: " + test.GetComment());
894#ifdef UPDATE_JSON_TESTS
896 fputs(strGen.c_str(), file);
913 for (
unsigned int idx = 0; idx <
tests.size(); idx++) {
915 std::string strTest = test.
write();
919 unsigned int pos = 0;
922 for (i = 0; i < test[pos].
size()-1; i++) {
923 auto element = test[pos][i].
get_str();
926 static const std::string SCRIPT_FLAG{
"#SCRIPT#"};
927 if (element.starts_with(SCRIPT_FLAG)) {
930 }
else if (element ==
"#CONTROLBLOCK#") {
936 witness.
stack.push_back(*(controlblocks.begin()));
938 const auto witness_value{TryParseHex<unsigned char>(element)};
939 if (!witness_value.has_value()) {
940 BOOST_ERROR(
"Bad witness in test: " << strTest <<
" witness is not hex: " << element);
942 witness.
stack.push_back(witness_value.value());
948 if (test.
size() < 4 + pos)
950 if (test.
size() != 1) {
951 BOOST_ERROR(
"Bad test: " << strTest);
955 std::string scriptSigString = test[pos++].
get_str();
957 std::string scriptPubKeyString = test[pos++].
get_str();
960 if (scriptPubKeyString ==
"0x51 0x20 #TAPROOTOUTPUT#") {
961 BOOST_CHECK_MESSAGE(taprootBuilder.
IsComplete(),
"Failed to autogenerate Tapscript output key");
969 DoTest(scriptPubKey, scriptSig, witness, scriptflags, strTest, scriptError, nValue);
977 static const unsigned char direct[] = { 1, 0x5a };
978 static const unsigned char pushdata1[] = {
OP_PUSHDATA1, 1, 0x5a };
979 static const unsigned char pushdata2[] = {
OP_PUSHDATA2, 1, 0, 0x5a };
980 static const unsigned char pushdata4[] = {
OP_PUSHDATA4, 1, 0, 0, 0, 0x5a };
983 std::vector<std::vector<unsigned char> > directStack;
987 std::vector<std::vector<unsigned char> > pushdata1Stack;
992 std::vector<std::vector<unsigned char> > pushdata2Stack;
997 std::vector<std::vector<unsigned char> > pushdata4Stack;
1002 const std::vector<unsigned char> pushdata1_trunc{
OP_PUSHDATA1, 1};
1003 const std::vector<unsigned char> pushdata2_trunc{
OP_PUSHDATA2, 1, 0};
1004 const std::vector<unsigned char> pushdata4_trunc{
OP_PUSHDATA4, 1, 0, 0, 0};
1006 std::vector<std::vector<unsigned char>> stack_ignore;
1019 std::vector<std::vector<unsigned char>> stack_ignore;
1040 for (
const CKey &key : keys)
1042 std::vector<unsigned char> vchSig;
1052 std::vector<CKey> keys;
1073 txTo12.
vout[0].nValue = 2;
1100 std::vector<CKey> keys;
1101 keys.push_back(key1); keys.push_back(key2);
1107 keys.push_back(key1); keys.push_back(key3);
1113 keys.push_back(key2); keys.push_back(key3);
1119 keys.push_back(key2); keys.push_back(key2);
1125 keys.push_back(key2); keys.push_back(key1);
1131 keys.push_back(key3); keys.push_back(key2);
1137 keys.push_back(key4); keys.push_back(key2);
1143 keys.push_back(key1); keys.push_back(key4);
1158 data.MergeSignatureData(scriptSig1);
1159 data.MergeSignatureData(scriptSig2);
1168 std::vector<CKey> keys;
1169 std::vector<CPubKey> pubkeys;
1170 for (
int i = 0; i < 3; i++)
1173 keys.push_back(key);
1180 CScript& scriptPubKey = txFrom.
vout[0].scriptPubKey;
1214 scriptSigCopy = scriptSig;
1233 std::vector<unsigned char> sig1;
1237 std::vector<unsigned char> sig2;
1241 std::vector<unsigned char> sig3;
1293 const auto invalid_pubkey{
"173d36c8c9c9c9ffffffffffff0200000000021e1e37373721361818181818181e1e1e1e19000000000000000000b19292929292926b006c9b9b9292"_hex_u8};
1295 builder.
Add(0, {invalid_pubkey}, 0xc0);
1321 for (
int i=0; i<67000; i++) {
1324 BOOST_CHECK_MESSAGE(
script.IsPushOnly(),
"Number " << i <<
" is not pure push.");
1330 std::vector<unsigned char>
data(i,
'\111');
1333 BOOST_CHECK_MESSAGE(
script.IsPushOnly(),
"Length " << i <<
" is not pure push.");
1346 static const unsigned char direct[] = { 1 };
1357 std::string derSig(
"304502207fa7a6d1e0ee81132a269ad84e68d695483745cde8b541e3bf630749894e342a022100c1f7ab20e13e22fb95281a870f3dcf38d782e53023ee313d741ad0cfbc0c5090");
1358 std::string pubKey(
"03b0da749730dc9b4b1f4a14d6902877a92541f5368778853d9c4a0cb7802dcfb2");
1380template <
typename T>
1384 return {span.begin(), span.end()};
1394 const CScript scriptPubKey1 =
CScript() <<
"04678afdb0fe5548271967f1a67130b7105cd6a828e03909a67962e0ea1f61deb649f6bc3f4cef38c4f35504e51ec112de5c384df7ba0b8d578a4c702b6bf11d5f"_hex_v_u8 <<
OP_CHECKSIG;
1395 const CScript scriptPubKey2 =
CScript() <<
"04678afdb0fe5548271967f1a67130b7105cd6a828e03909a67962e0ea1f61deb649f6bc3f4cef38c4f35504e51ec112de5c384df7ba0b8d578a4c702b6bf11d5f"_hex <<
OP_CHECKSIG;
1512 script =
ToScript(
"76a9141234567890abcdefa1a2a3a4a5a6a7a8a9a0aaab88ac"_hex);
1514 script =
ToScript(
"76a914ff34567890abcdefa1a2a3a4a5a6a7a8a9a0aaab88ac"_hex);
1532 std::vector<CTxOut> prevouts;
1533 for (
size_t i = 0; i < univalue.
size(); ++i) {
1536 prevouts.push_back(std::move(txout));
1545 for (
size_t i = 0; i < univalue.
size(); ++i) {
1546 auto bytes =
ParseHex(univalue[i].get_str());
1547 scriptwitness.
stack.push_back(std::move(bytes));
1549 return scriptwitness;
1554 std::vector<unsigned int>
ret;
1556 for (
unsigned int i = 0; i < 128; ++i) {
1557 unsigned int flag = 0;
1571 ret.push_back(flag);
1585 const std::vector<CTxOut> prevouts =
TxOutsFromJSON(test[
"prevouts"]);
1587 size_t idx = test[
"index"].
getInt<int64_t>();
1591 if (test.
exists(
"success")) {
1592 mtx.
vin[idx].scriptSig =
ScriptFromHex(test[
"success"][
"scriptSig"].get_str());
1596 txdata.
Init(tx, std::vector<CTxOut>(prevouts));
1602 if (fin || ((
flags & test_flags) ==
flags)) {
1603 bool ret =
VerifyScript(tx.
vin[idx].scriptSig, prevouts[idx].scriptPubKey, &tx.
vin[idx].scriptWitness,
flags, txcheck,
nullptr);
1609 if (test.
exists(
"failure")) {
1610 mtx.
vin[idx].scriptSig =
ScriptFromHex(test[
"failure"][
"scriptSig"].get_str());
1614 txdata.
Init(tx, std::vector<CTxOut>(prevouts));
1619 if ((
flags & test_flags) == test_flags) {
1620 bool ret =
VerifyScript(tx.
vin[idx].scriptSig, prevouts[idx].scriptPubKey, &tx.
vin[idx].scriptWitness,
flags, txcheck,
nullptr);
1633 const char* dir = std::getenv(
"DIR_UNIT_TEST_DATA");
1634 BOOST_WARN_MESSAGE(dir !=
nullptr,
"Variable DIR_UNIT_TEST_DATA unset, skipping script_assets_test");
1635 if (dir ==
nullptr)
return;
1636 auto path = fs::path(dir) /
"script_assets_test.json";
1638 BOOST_WARN_MESSAGE(exists,
"File $DIR_UNIT_TEST_DATA/script_assets_test.json not found, skipping script_assets_test");
1639 if (!exists)
return;
1640 std::ifstream file{path};
1642 file.seekg(0, std::ios::end);
1643 size_t length = file.tellg();
1644 file.seekg(0, std::ios::beg);
1645 std::string
data(length,
'\0');
1646 file.read(
data.data(),
data.size());
1651 for (
size_t i = 0; i <
tests.size(); i++) {
1660 tests.read(json_tests::bip341_wallet_vectors);
1662 const auto& vectors =
tests[
"keyPathSpending"];
1664 for (
const auto& vec : vectors.getValues()) {
1665 auto txhex =
ParseHex(vec[
"given"][
"rawUnsignedTx"].get_str());
1668 std::vector<CTxOut> utxos;
1669 for (
const auto& utxo_spent : vec[
"given"][
"utxosSpent"].getValues()) {
1670 auto script_bytes =
ParseHex(utxo_spent[
"scriptPubKey"].get_str());
1672 CAmount amount{utxo_spent[
"amountSats"].getInt<
int>()};
1673 utxos.emplace_back(amount,
script);
1677 txdata.
Init(tx, std::vector<CTxOut>{utxos},
true);
1686 for (
const auto& input : vec[
"inputSpending"].getValues()) {
1687 int txinpos = input[
"given"][
"txinIndex"].getInt<
int>();
1688 int hashtype = input[
"given"][
"hashType"].getInt<
int>();
1691 auto privkey =
ParseHex(input[
"given"][
"internalPrivkey"].get_str());
1693 key.
Set(privkey.begin(), privkey.end(),
true);
1697 if (!input[
"given"][
"merkleRoot"].isNull()) {
1698 merkle_root =
uint256{
ParseHex(input[
"given"][
"merkleRoot"].get_str())};
1709 std::vector<unsigned char> signature;
1714 BOOST_CHECK_EQUAL(
HexStr(pubkey.ComputeTapTweakHash(merkle_root.
IsNull() ?
nullptr : &merkle_root)), input[
"intermediary"][
"tweak"].get_str());
1732 constexpr uint256 hash1{
"8ad69ec7cf41c2a4001fd1f738bf1e505ce2277acdcaa63fe4765192497f47a7"};
1733 constexpr uint256 hash2{
"f224a923cd0021ab202ab139cc56802ddb92dcfc172b9212261a539df79a112a"};
1734 constexpr uint256 result{
"a64c5b7b943315f9b805d7a7296bedfcfd08919270a1f7a1466e98f8693d8cd9"};
1740 constexpr uint8_t
script[6] = {
'f',
'o',
'o',
'b',
'a',
'r'};
1741 constexpr uint256 tlc0{
"edbc10c272a1215dcdcc11d605b9027b5ad6ed97cd45521203f136767b5b9c06"};
1742 constexpr uint256 tlc2{
"8b5c4f90ae6bf76e259dbef5d8a59df06359c391b59263741b25eca76451b27a"};
CScript GetScriptForDestination(const CTxDestination &dest)
Generate a Bitcoin scriptPubKey for the given CTxDestination.
int64_t CAmount
Amount in satoshis (Can be negative)
static CAmount AmountFromValue(const UniValue &value)
#define Assert(val)
Identity function.
A hasher class for Bitcoin's 160-bit hash (SHA-256 + RIPEMD-160).
CHash160 & Write(std::span< const unsigned char > input)
void Finalize(std::span< unsigned char > output)
An encapsulated private key.
bool Sign(const uint256 &hash, std::vector< unsigned char > &vchSig, bool grind=true, uint32_t test_case=0) const
Create a DER-serialized signature.
CPubKey GetPubKey() const
Compute the public key from a private key.
void Set(const T pbegin, const T pend, bool fCompressedIn)
Initialize using begin and end iterators to byte data.
An outpoint - a combination of a transaction hash and an index n into its vout.
An encapsulated public key.
const unsigned char * data() const
CKeyID GetID() const
Get the KeyID of this public key (hash of its serialization)
const unsigned char * end() const
const unsigned char * begin() const
A hasher class for SHA-256.
void Finalize(unsigned char hash[OUTPUT_SIZE])
CSHA256 & Write(const unsigned char *data, size_t len)
Serialized script, used inside transaction inputs and outputs.
A reference to a CScript: the Hash160 of its serialization.
The basic transaction that is broadcasted on the network and contained in blocks.
const std::vector< CTxIn > vin
An output of a transaction.
Fillable signing provider that keeps keys in an address->secret map.
virtual bool AddCScript(const CScript &redeemScript)
virtual bool AddKey(const CKey &key)
A writer stream (for serialization) that computes a 256-bit hash.
A signature creator for transactions.
bool CreateSchnorrSig(const SigningProvider &provider, std::vector< unsigned char > &sig, const XOnlyPubKey &pubkey, const uint256 *leaf_hash, const uint256 *merkle_root, SigVersion sigversion) const override
uint64_t randbits(int bits) noexcept
Generate a random (bits)-bit integer.
Valid signature cache, to avoid doing expensive ECDSA signature checking twice for every transaction ...
Minimal stream for reading from an existing byte array by std::span.
Utility class to construct Taproot outputs from internal key and script tree.
WitnessV1Taproot GetOutput()
Compute scriptPubKey (after Finalize()).
TaprootSpendData GetSpendData() const
Compute spending data (after Finalize()).
bool IsComplete() const
Return whether there were either no leaves, or the leaves form a Huffman tree.
TaprootBuilder & Add(int depth, std::span< const unsigned char > script, int leaf_version, bool track=true)
Add a new script at a certain depth in the tree.
TaprootBuilder & Finalize(const XOnlyPubKey &internal_key)
Finalize the construction.
const std::string & get_str() const
std::string write(unsigned int prettyIndent=0, unsigned int indentLevel=0) const
const UniValue & get_array() const
bool exists(const std::string &key) const
static const XOnlyPubKey NUMS_H
Nothing Up My Sleeve point H Used as an internal key for provably disabling the key path spend see BI...
constexpr bool IsNull() const
constexpr unsigned char * begin()
void push_back(const T &value)
CScript ParseScript(const std::string &s)
std::string FormatScript(const CScript &script)
std::string ScriptToAsmStr(const CScript &script, const bool fAttemptSighashDecode=false)
Create the assembly string representation of a CScript object.
UniValue ValueFromAmount(const CAmount amount)
BOOST_FIXTURE_TEST_SUITE(cuckoocache_tests, BasicTestingSetup)
Test Suite for CuckooCache.
BOOST_AUTO_TEST_SUITE_END()
static bool exists(const path &p)
std::string HexStr(const std::span< const uint8_t > s)
Convert a span of bytes to a lower-case hexadecimal string.
uint256 ComputeTapbranchHash(std::span< const unsigned char > a, std::span< const unsigned char > b)
Compute the BIP341 tapbranch hash from two branches.
bool SignatureHashSchnorr(uint256 &hash_out, ScriptExecutionData &execdata, const T &tx_to, uint32_t in_pos, uint8_t hash_type, SigVersion sigversion, const PrecomputedTransactionData &cache, MissingDataBehavior mdb)
int FindAndDelete(CScript &script, const CScript &b)
uint256 SignatureHash(const CScript &scriptCode, const T &txTo, unsigned int nIn, int32_t nHashType, const CAmount &amount, SigVersion sigversion, const PrecomputedTransactionData *cache)
uint256 ComputeTapleafHash(uint8_t leaf_version, std::span< const unsigned char > script)
Compute the BIP341 tapleaf hash from leaf version & script.
bool EvalScript(std::vector< std::vector< unsigned char > > &stack, const CScript &script, unsigned int flags, const BaseSignatureChecker &checker, SigVersion sigversion, ScriptExecutionData &execdata, ScriptError *serror)
bool VerifyScript(const CScript &scriptSig, const CScript &scriptPubKey, const CScriptWitness *witness, unsigned int flags, const BaseSignatureChecker &checker, ScriptError *serror)
const HashWriter HASHER_TAPSIGHASH
Hasher with tag "TapSighash" pre-fed to it.
@ TAPROOT
Witness v1 with 32-byte program, not BIP16 P2SH-wrapped, key path spending; see BIP 341.
@ BASE
Bare scripts and BIP16 P2SH-wrapped redeemscripts.
@ WITNESS_V0
Witness v0 (P2WPKH and P2WSH); see BIP 141.
GenericTransactionSignatureChecker< CMutableTransaction > MutableTransactionSignatureChecker
@ SCRIPT_VERIFY_NULLDUMMY
@ SCRIPT_VERIFY_SIGPUSHONLY
@ SCRIPT_VERIFY_CHECKLOCKTIMEVERIFY
@ SCRIPT_VERIFY_WITNESS_PUBKEYTYPE
@ SCRIPT_VERIFY_STRICTENC
@ SCRIPT_VERIFY_CLEANSTACK
@ SCRIPT_VERIFY_MINIMALDATA
@ SCRIPT_VERIFY_CHECKSEQUENCEVERIFY
@ SCRIPT_VERIFY_DISCOURAGE_UPGRADABLE_WITNESS_PROGRAM
static constexpr uint8_t TAPROOT_LEAF_TAPSCRIPT
@ SIGHASH_DEFAULT
Taproot only; implied when sighash byte is missing, and equivalent to SIGHASH_ALL.
@ ASSERT_FAIL
Abort execution through assertion failure (for consensus code)
@ FAIL
Just act as if the signature was invalid.
UniValue read_json(std::string_view jsondata)
CKey GenerateRandomKey(bool compressed) noexcept
FILE * fopen(const fs::path &p, const char *mode)
std::pair< opcodetype, std::vector< unsigned char > > Opcode
""_hex is a compile-time user-defined literal returning a std::array<std::byte>, equivalent to ParseH...
#define BOOST_CHECK_EQUAL(v1, v2)
#define BOOST_CHECK(expr)
static constexpr TransactionSerParams TX_NO_WITNESS
static constexpr TransactionSerParams TX_WITH_WITNESS
static CTransactionRef MakeTransactionRef(Tx &&txIn)
std::shared_ptr< const CTransaction > CTransactionRef
static const unsigned int MAX_SCRIPT_ELEMENT_SIZE
opcodetype
Script opcodes.
std::vector< unsigned char > ToByteVector(const T &in)
std::string ScriptErrorString(const ScriptError serror)
enum ScriptError_t ScriptError
@ SCRIPT_ERR_OP_CODESEPARATOR
@ SCRIPT_ERR_SIG_PUSHONLY
@ SCRIPT_ERR_NUMEQUALVERIFY
@ SCRIPT_ERR_DISABLED_OPCODE
@ SCRIPT_ERR_INVALID_ALTSTACK_OPERATION
@ SCRIPT_ERR_DISCOURAGE_UPGRADABLE_WITNESS_PROGRAM
@ SCRIPT_ERR_UNKNOWN_ERROR
@ SCRIPT_ERR_WITNESS_PROGRAM_WRONG_LENGTH
@ SCRIPT_ERR_SIG_HASHTYPE
@ SCRIPT_ERR_CHECKSIGVERIFY
@ SCRIPT_ERR_WITNESS_MALLEATED_P2SH
@ SCRIPT_ERR_WITNESS_MALLEATED
@ SCRIPT_ERR_DISCOURAGE_UPGRADABLE_NOPS
@ SCRIPT_ERR_INVALID_STACK_OPERATION
@ SCRIPT_ERR_WITNESS_UNEXPECTED
@ SCRIPT_ERR_NEGATIVE_LOCKTIME
@ SCRIPT_ERR_WITNESS_PROGRAM_MISMATCH
@ SCRIPT_ERR_SIG_NULLFAIL
@ SCRIPT_ERR_SIG_NULLDUMMY
@ SCRIPT_ERR_CHECKMULTISIGVERIFY
@ SCRIPT_ERR_UNSATISFIED_LOCKTIME
@ SCRIPT_ERR_WITNESS_PUBKEYTYPE
@ SCRIPT_ERR_SIG_FINDANDDELETE
@ SCRIPT_ERR_PUBKEY_COUNT
@ SCRIPT_ERR_WITNESS_PROGRAM_WITNESS_EMPTY
@ SCRIPT_ERR_UNBALANCED_CONDITIONAL
static std::string FormatScriptError(ScriptError_t err)
static void NegateSignatureS(std::vector< unsigned char > &vchSig)
static ScriptError_t ParseScriptError(const std::string &name)
static CScript ScriptFromHex(const std::string &str)
SignatureData CombineSignatures(const CTxOut &txout, const CMutableTransaction &tx, const SignatureData &scriptSig1, const SignatureData &scriptSig2)
static ScriptErrorDesc script_errors[]
static CMutableTransaction TxFromHex(const std::string &str)
CScript ToScript(const T &byte_container)
static CScript sign_multisig(const CScript &scriptPubKey, const std::vector< CKey > &keys, const CTransaction &transaction)
unsigned int ParseScriptFlags(std::string strFlags)
static std::vector< unsigned int > AllConsensusFlags()
BOOST_AUTO_TEST_CASE(script_build)
std::string FormatScriptFlags(unsigned int flags)
static const unsigned int gFlags
static std::vector< CTxOut > TxOutsFromJSON(const UniValue &univalue)
static void AssetTest(const UniValue &test, SignatureCache &signature_cache)
static CScriptWitness ScriptWitnessFromJSON(const UniValue &univalue)
static const std::vector< unsigned int > ALL_CONSENSUS_FLAGS
Precomputed list of all valid combinations of consensus-relevant script validation flags.
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_seckey_negate(const secp256k1_context *ctx, unsigned char *seckey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2)
Negates a secret key in place.
SECP256K1_API const secp256k1_context *const secp256k1_context_static
A built-in constant secp256k1 context object with static storage duration, to be used in conjunction ...
static constexpr size_t DEFAULT_SIGNATURE_CACHE_BYTES
bool ProduceSignature(const SigningProvider &provider, const BaseSignatureCreator &creator, const CScript &fromPubKey, SignatureData &sigdata)
Produce a script signature using a generic signature creator.
static bool GetPubKey(const SigningProvider &provider, const SignatureData &sigdata, const CKeyID &address, CPubKey &pubkey)
SignatureData DataFromTransaction(const CMutableTransaction &tx, unsigned int nIn, const CTxOut &txout)
Extract signature data from a transaction input, and insert it.
std::pair< CPubKey, std::vector< unsigned char > > SigPair
const SigningProvider & DUMMY_SIGNING_PROVIDER
CScript GetScriptForMultisig(int nRequired, const std::vector< CPubKey > &keys)
Generate a multisig script.
constexpr auto MakeUCharSpan(const V &v) -> decltype(UCharSpanCast(std::span{v}))
Like the std::span constructor, but for (const) unsigned char member types only.
std::vector< Byte > ParseHex(std::string_view hex_str)
Like TryParseHex, but returns an empty vector on invalid input.
A mutable version of CTransaction.
std::vector< CTxOut > vout
Txid GetHash() const
Compute the hash of this CMutableTransaction.
std::vector< std::vector< unsigned char > > stack
std::map< CKeyID, CKey > keys
A type to represent integers in the type system.
void Init(const T &tx, std::vector< CTxOut > &&spent_outputs, bool force=false)
Initialize this PrecomputedTransactionData with transaction data.
uint256 m_sequences_single_hash
bool m_bip341_taproot_ready
Whether the 5 fields above are initialized.
uint256 m_prevouts_single_hash
uint256 m_spent_amounts_single_hash
uint256 m_spent_scripts_single_hash
uint256 m_outputs_single_hash
bool m_annex_present
Whether an annex is present.
bool m_annex_init
Whether m_annex_present and (when needed) m_annex_hash are initialized.
void DoTest(const CScript &scriptPubKey, const CScript &scriptSig, const CScriptWitness &scriptWitness, uint32_t flags, const std::string &message, int scriptError, CAmount nValue=0)
std::map< CKeyID, SigPair > signatures
BIP 174 style partial signatures for the input. May contain all signatures necessary for producing a ...
TaprootSpendData tr_spenddata
Taproot spending data.
CScript scriptSig
The scriptSig of an input. Contains complete signatures or the traditional partial signatures format.
std::map< std::pair< std::vector< unsigned char >, int >, std::set< std::vector< unsigned char >, ShortestVectorFirstComparator > > scripts
Map from (script, leaf_version) to (sets of) control blocks.
CMutableTransaction BuildSpendingTransaction(const CScript &scriptSig, const CScriptWitness &scriptWitness, const CTransaction &txCredit)
bool SignSignature(const SigningProvider &provider, const CScript &fromPubKey, CMutableTransaction &txTo, unsigned int nIn, const CAmount &amount, int nHashType, SignatureData &sig_data)
Produce a satisfying script (scriptSig or witness).
CMutableTransaction BuildCreditingTransaction(const CScript &scriptPubKey, int nValue)
constexpr std::array tests
std::optional< std::vector< Byte > > TryParseHex(std::string_view str)
Parse the hex string into bytes (uint8_t or std::byte).