script_p2sh_tests.cpp
1 // Copyright (c) 2012-2022 The Bitcoin Core developers 2 // Distributed under the MIT software license, see the accompanying 3 // file COPYING or http://www.opensource.org/licenses/mit-license.php. 4 5 #include <consensus/tx_verify.h> 6 #include <key.h> 7 #include <policy/policy.h> 8 #include <policy/settings.h> 9 #include <script/script.h> 10 #include <script/script_error.h> 11 #include <script/sign.h> 12 #include <script/signingprovider.h> 13 #include <test/util/setup_common.h> 14 #include <validation.h> 15 16 #include <vector> 17 18 #include <boost/test/unit_test.hpp> 19 20 // Helpers: 21 static bool IsStandardTx(const CTransaction& tx, bool permit_bare_multisig, std::string& reason) 22 { 23 return IsStandardTx(tx, std::nullopt, permit_bare_multisig, CFeeRate{DUST_RELAY_TX_FEE}, reason); 24 } 25 26 static bool IsStandardTx(const CTransaction& tx, std::string& reason) 27 { 28 return IsStandardTx(tx, std::nullopt, /*permit_bare_multisig=*/true, CFeeRate{DUST_RELAY_TX_FEE}, reason) && 29 IsStandardTx(tx, std::nullopt, /*permit_bare_multisig=*/false, CFeeRate{DUST_RELAY_TX_FEE}, reason); 30 } 31 32 static std::vector<unsigned char> Serialize(const CScript& s) 33 { 34 std::vector<unsigned char> sSerialized(s.begin(), s.end()); 35 return sSerialized; 36 } 37 38 static bool Verify(const CScript& scriptSig, const CScript& scriptPubKey, bool fStrict, ScriptError& err) 39 { 40 // Create dummy to/from transactions: 41 CMutableTransaction txFrom; 42 txFrom.vout.resize(1); 43 txFrom.vout[0].scriptPubKey = scriptPubKey; 44 45 CMutableTransaction txTo; 46 txTo.vin.resize(1); 47 txTo.vout.resize(1); 48 txTo.vin[0].prevout.n = 0; 49 txTo.vin[0].prevout.hash = txFrom.GetHash(); 50 txTo.vin[0].scriptSig = scriptSig; 51 txTo.vout[0].nValue = 1; 52 53 return VerifyScript(scriptSig, scriptPubKey, nullptr, fStrict ? SCRIPT_VERIFY_P2SH : SCRIPT_VERIFY_NONE, MutableTransactionSignatureChecker(&txTo, 0, txFrom.vout[0].nValue, MissingDataBehavior::ASSERT_FAIL), &err); 54 } 55 56 57 BOOST_FIXTURE_TEST_SUITE(script_p2sh_tests, BasicTestingSetup) 58 59 BOOST_AUTO_TEST_CASE(sign) 60 { 61 // Pay-to-script-hash looks like this: 62 // scriptSig: <sig> <sig...> <serialized_script> 63 // scriptPubKey: HASH160 <hash> EQUAL 64 65 // Test SignSignature() (and therefore the version of Solver() that signs transactions) 66 FillableSigningProvider keystore; 67 CKey key[4]; 68 for (int i = 0; i < 4; i++) 69 { 70 key[i].MakeNewKey(true); 71 BOOST_CHECK(keystore.AddKey(key[i])); 72 } 73 74 // 8 Scripts: checking all combinations of 75 // different keys, straight/P2SH, pubkey/pubkeyhash 76 CScript standardScripts[4]; 77 standardScripts[0] << ToByteVector(key[0].GetPubKey()) << OP_CHECKSIG; 78 standardScripts[1] = GetScriptForDestination(PKHash(key[1].GetPubKey())); 79 standardScripts[2] << ToByteVector(key[1].GetPubKey()) << OP_CHECKSIG; 80 standardScripts[3] = GetScriptForDestination(PKHash(key[2].GetPubKey())); 81 CScript evalScripts[4]; 82 for (int i = 0; i < 4; i++) 83 { 84 BOOST_CHECK(keystore.AddCScript(standardScripts[i])); 85 evalScripts[i] = GetScriptForDestination(ScriptHash(standardScripts[i])); 86 } 87 88 CMutableTransaction txFrom; // Funding transaction: 89 std::string reason; 90 txFrom.vout.resize(8); 91 for (int i = 0; i < 4; i++) 92 { 93 txFrom.vout[i].scriptPubKey = evalScripts[i]; 94 txFrom.vout[i].nValue = COIN; 95 txFrom.vout[i+4].scriptPubKey = standardScripts[i]; 96 txFrom.vout[i+4].nValue = COIN; 97 } 98 BOOST_CHECK(IsStandardTx(CTransaction(txFrom), reason)); 99 100 CMutableTransaction txTo[8]; // Spending transactions 101 for (int i = 0; i < 8; i++) 102 { 103 txTo[i].vin.resize(1); 104 txTo[i].vout.resize(1); 105 txTo[i].vin[0].prevout.n = i; 106 txTo[i].vin[0].prevout.hash = txFrom.GetHash(); 107 txTo[i].vout[0].nValue = 1; 108 } 109 for (int i = 0; i < 8; i++) 110 { 111 SignatureData empty; 112 BOOST_CHECK_MESSAGE(SignSignature(keystore, CTransaction(txFrom), txTo[i], 0, SIGHASH_ALL, empty), strprintf("SignSignature %d", i)); 113 } 114 // All of the above should be OK, and the txTos have valid signatures 115 // Check to make sure signature verification fails if we use the wrong ScriptSig: 116 for (int i = 0; i < 8; i++) { 117 PrecomputedTransactionData txdata(txTo[i]); 118 for (int j = 0; j < 8; j++) 119 { 120 CScript sigSave = txTo[i].vin[0].scriptSig; 121 txTo[i].vin[0].scriptSig = txTo[j].vin[0].scriptSig; 122 bool sigOK = CScriptCheck(txFrom.vout[txTo[i].vin[0].prevout.n], CTransaction(txTo[i]), 0, SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_STRICTENC, false, &txdata)(); 123 if (i == j) 124 BOOST_CHECK_MESSAGE(sigOK, strprintf("VerifySignature %d %d", i, j)); 125 else 126 BOOST_CHECK_MESSAGE(!sigOK, strprintf("VerifySignature %d %d", i, j)); 127 txTo[i].vin[0].scriptSig = sigSave; 128 } 129 } 130 } 131 132 BOOST_AUTO_TEST_CASE(norecurse) 133 { 134 ScriptError err; 135 // Make sure only the outer pay-to-script-hash does the 136 // extra-validation thing: 137 CScript invalidAsScript; 138 invalidAsScript << OP_INVALIDOPCODE << OP_INVALIDOPCODE; 139 140 CScript p2sh = GetScriptForDestination(ScriptHash(invalidAsScript)); 141 142 CScript scriptSig; 143 scriptSig << Serialize(invalidAsScript); 144 145 // Should not verify, because it will try to execute OP_INVALIDOPCODE 146 BOOST_CHECK(!Verify(scriptSig, p2sh, true, err)); 147 BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_BAD_OPCODE, ScriptErrorString(err)); 148 149 // Try to recur, and verification should succeed because 150 // the inner HASH160 <> EQUAL should only check the hash: 151 CScript p2sh2 = GetScriptForDestination(ScriptHash(p2sh)); 152 CScript scriptSig2; 153 scriptSig2 << Serialize(invalidAsScript) << Serialize(p2sh); 154 155 BOOST_CHECK(Verify(scriptSig2, p2sh2, true, err)); 156 BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err)); 157 } 158 159 BOOST_AUTO_TEST_CASE(set) 160 { 161 // Test the CScript::Set* methods 162 FillableSigningProvider keystore; 163 CKey key[4]; 164 std::vector<CPubKey> keys; 165 keys.reserve(4); 166 for (int i = 0; i < 4; i++) 167 { 168 key[i].MakeNewKey(true); 169 BOOST_CHECK(keystore.AddKey(key[i])); 170 keys.push_back(key[i].GetPubKey()); 171 } 172 173 CScript inner[4]; 174 inner[0] = GetScriptForDestination(PKHash(key[0].GetPubKey())); 175 inner[1] = GetScriptForMultisig(2, std::vector<CPubKey>(keys.begin(), keys.begin()+2)); 176 inner[2] = GetScriptForMultisig(1, std::vector<CPubKey>(keys.begin(), keys.begin()+2)); 177 inner[3] = GetScriptForMultisig(2, std::vector<CPubKey>(keys.begin(), keys.begin()+3)); 178 179 CScript outer[4]; 180 for (int i = 0; i < 4; i++) 181 { 182 outer[i] = GetScriptForDestination(ScriptHash(inner[i])); 183 BOOST_CHECK(keystore.AddCScript(inner[i])); 184 } 185 186 CMutableTransaction txFrom; // Funding transaction: 187 std::string reason; 188 txFrom.vout.resize(4); 189 for (int i = 0; i < 4; i++) 190 { 191 txFrom.vout[i].scriptPubKey = outer[i]; 192 txFrom.vout[i].nValue = CENT; 193 } 194 BOOST_CHECK(IsStandardTx(CTransaction(txFrom), reason)); 195 196 CMutableTransaction txTo[4]; // Spending transactions 197 for (int i = 0; i < 4; i++) 198 { 199 txTo[i].vin.resize(1); 200 txTo[i].vout.resize(1); 201 txTo[i].vin[0].prevout.n = i; 202 txTo[i].vin[0].prevout.hash = txFrom.GetHash(); 203 txTo[i].vout[0].nValue = 1*CENT; 204 txTo[i].vout[0].scriptPubKey = inner[i]; 205 } 206 for (int i = 0; i < 4; i++) 207 { 208 SignatureData empty; 209 BOOST_CHECK_MESSAGE(SignSignature(keystore, CTransaction(txFrom), txTo[i], 0, SIGHASH_ALL, empty), strprintf("SignSignature %d", i)); 210 BOOST_CHECK_MESSAGE(IsStandardTx(CTransaction(txTo[i]), /*permit_bare_multisig=*/true, reason), strprintf("txTo[%d].IsStandard", i)); 211 bool no_pbms_is_std = IsStandardTx(CTransaction(txTo[i]), /*permit_bare_multisig=*/false, reason); 212 BOOST_CHECK_MESSAGE((i == 0 ? no_pbms_is_std : !no_pbms_is_std), strprintf("txTo[%d].IsStandard(permbaremulti=false)", i)); 213 } 214 } 215 216 BOOST_AUTO_TEST_CASE(is) 217 { 218 // Test CScript::IsPayToScriptHash() 219 uint160 dummy; 220 CScript p2sh; 221 p2sh << OP_HASH160 << ToByteVector(dummy) << OP_EQUAL; 222 BOOST_CHECK(p2sh.IsPayToScriptHash()); 223 224 std::vector<unsigned char> direct = {OP_HASH160, 20}; 225 direct.insert(direct.end(), 20, 0); 226 direct.push_back(OP_EQUAL); 227 BOOST_CHECK(CScript(direct.begin(), direct.end()).IsPayToScriptHash()); 228 229 // Not considered pay-to-script-hash if using one of the OP_PUSHDATA opcodes: 230 std::vector<unsigned char> pushdata1 = {OP_HASH160, OP_PUSHDATA1, 20}; 231 pushdata1.insert(pushdata1.end(), 20, 0); 232 pushdata1.push_back(OP_EQUAL); 233 BOOST_CHECK(!CScript(pushdata1.begin(), pushdata1.end()).IsPayToScriptHash()); 234 std::vector<unsigned char> pushdata2 = {OP_HASH160, OP_PUSHDATA2, 20, 0}; 235 pushdata2.insert(pushdata2.end(), 20, 0); 236 pushdata2.push_back(OP_EQUAL); 237 BOOST_CHECK(!CScript(pushdata2.begin(), pushdata2.end()).IsPayToScriptHash()); 238 std::vector<unsigned char> pushdata4 = {OP_HASH160, OP_PUSHDATA4, 20, 0, 0, 0}; 239 pushdata4.insert(pushdata4.end(), 20, 0); 240 pushdata4.push_back(OP_EQUAL); 241 BOOST_CHECK(!CScript(pushdata4.begin(), pushdata4.end()).IsPayToScriptHash()); 242 243 CScript not_p2sh; 244 BOOST_CHECK(!not_p2sh.IsPayToScriptHash()); 245 246 not_p2sh.clear(); not_p2sh << OP_HASH160 << ToByteVector(dummy) << ToByteVector(dummy) << OP_EQUAL; 247 BOOST_CHECK(!not_p2sh.IsPayToScriptHash()); 248 249 not_p2sh.clear(); not_p2sh << OP_NOP << ToByteVector(dummy) << OP_EQUAL; 250 BOOST_CHECK(!not_p2sh.IsPayToScriptHash()); 251 252 not_p2sh.clear(); not_p2sh << OP_HASH160 << ToByteVector(dummy) << OP_CHECKSIG; 253 BOOST_CHECK(!not_p2sh.IsPayToScriptHash()); 254 } 255 256 BOOST_AUTO_TEST_CASE(switchover) 257 { 258 // Test switch over code 259 CScript notValid; 260 ScriptError err; 261 notValid << OP_11 << OP_12 << OP_EQUALVERIFY; 262 CScript scriptSig; 263 scriptSig << Serialize(notValid); 264 265 CScript fund = GetScriptForDestination(ScriptHash(notValid)); 266 267 268 // Validation should succeed under old rules (hash is correct): 269 BOOST_CHECK(Verify(scriptSig, fund, false, err)); 270 BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err)); 271 // Fail under new: 272 BOOST_CHECK(!Verify(scriptSig, fund, true, err)); 273 BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_EQUALVERIFY, ScriptErrorString(err)); 274 } 275 276 BOOST_AUTO_TEST_CASE(AreInputsStandard) 277 { 278 CCoinsView coinsDummy; 279 CCoinsViewCache coins(&coinsDummy); 280 FillableSigningProvider keystore; 281 CKey key[6]; 282 for (int i = 0; i < 6; i++) 283 { 284 key[i].MakeNewKey(true); 285 BOOST_CHECK(keystore.AddKey(key[i])); 286 } 287 std::vector<CPubKey> keys; 288 keys.reserve(3); 289 for (int i = 0; i < 3; i++) 290 keys.push_back(key[i].GetPubKey()); 291 292 CMutableTransaction txFrom; 293 txFrom.vout.resize(7); 294 295 // First three are standard: 296 CScript pay1 = GetScriptForDestination(PKHash(key[0].GetPubKey())); 297 BOOST_CHECK(keystore.AddCScript(pay1)); 298 CScript pay1of3 = GetScriptForMultisig(1, keys); 299 300 txFrom.vout[0].scriptPubKey = GetScriptForDestination(ScriptHash(pay1)); // P2SH (OP_CHECKSIG) 301 txFrom.vout[0].nValue = 1000; 302 txFrom.vout[1].scriptPubKey = pay1; // ordinary OP_CHECKSIG 303 txFrom.vout[1].nValue = 2000; 304 txFrom.vout[2].scriptPubKey = pay1of3; // ordinary OP_CHECKMULTISIG 305 txFrom.vout[2].nValue = 3000; 306 307 // vout[3] is complicated 1-of-3 AND 2-of-3 308 // ... that is OK if wrapped in P2SH: 309 CScript oneAndTwo; 310 oneAndTwo << OP_1 << ToByteVector(key[0].GetPubKey()) << ToByteVector(key[1].GetPubKey()) << ToByteVector(key[2].GetPubKey()); 311 oneAndTwo << OP_3 << OP_CHECKMULTISIGVERIFY; 312 oneAndTwo << OP_2 << ToByteVector(key[3].GetPubKey()) << ToByteVector(key[4].GetPubKey()) << ToByteVector(key[5].GetPubKey()); 313 oneAndTwo << OP_3 << OP_CHECKMULTISIG; 314 BOOST_CHECK(keystore.AddCScript(oneAndTwo)); 315 txFrom.vout[3].scriptPubKey = GetScriptForDestination(ScriptHash(oneAndTwo)); 316 txFrom.vout[3].nValue = 4000; 317 318 // vout[4] is max sigops: 319 CScript fifteenSigops; fifteenSigops << OP_1; 320 for (unsigned i = 0; i < MAX_P2SH_SIGOPS; i++) 321 fifteenSigops << ToByteVector(key[i%3].GetPubKey()); 322 fifteenSigops << OP_15 << OP_CHECKMULTISIG; 323 BOOST_CHECK(keystore.AddCScript(fifteenSigops)); 324 txFrom.vout[4].scriptPubKey = GetScriptForDestination(ScriptHash(fifteenSigops)); 325 txFrom.vout[4].nValue = 5000; 326 327 // vout[5/6] are non-standard because they exceed MAX_P2SH_SIGOPS 328 CScript sixteenSigops; sixteenSigops << OP_16 << OP_CHECKMULTISIG; 329 BOOST_CHECK(keystore.AddCScript(sixteenSigops)); 330 txFrom.vout[5].scriptPubKey = GetScriptForDestination(ScriptHash(sixteenSigops)); 331 txFrom.vout[5].nValue = 5000; 332 CScript twentySigops; twentySigops << OP_CHECKMULTISIG; 333 BOOST_CHECK(keystore.AddCScript(twentySigops)); 334 txFrom.vout[6].scriptPubKey = GetScriptForDestination(ScriptHash(twentySigops)); 335 txFrom.vout[6].nValue = 6000; 336 337 AddCoins(coins, CTransaction(txFrom), 0); 338 339 CMutableTransaction txTo; 340 txTo.vout.resize(1); 341 txTo.vout[0].scriptPubKey = GetScriptForDestination(PKHash(key[1].GetPubKey())); 342 343 txTo.vin.resize(5); 344 for (int i = 0; i < 5; i++) 345 { 346 txTo.vin[i].prevout.n = i; 347 txTo.vin[i].prevout.hash = txFrom.GetHash(); 348 } 349 SignatureData empty; 350 BOOST_CHECK(SignSignature(keystore, CTransaction(txFrom), txTo, 0, SIGHASH_ALL, empty)); 351 SignatureData empty_b; 352 BOOST_CHECK(SignSignature(keystore, CTransaction(txFrom), txTo, 1, SIGHASH_ALL, empty_b)); 353 SignatureData empty_c; 354 BOOST_CHECK(SignSignature(keystore, CTransaction(txFrom), txTo, 2, SIGHASH_ALL, empty_c)); 355 // SignSignature doesn't know how to sign these. We're 356 // not testing validating signatures, so just create 357 // dummy signatures that DO include the correct P2SH scripts: 358 txTo.vin[3].scriptSig << OP_11 << OP_11 << std::vector<unsigned char>(oneAndTwo.begin(), oneAndTwo.end()); 359 txTo.vin[4].scriptSig << std::vector<unsigned char>(fifteenSigops.begin(), fifteenSigops.end()); 360 361 BOOST_CHECK(::AreInputsStandard(CTransaction(txTo), coins)); 362 // 22 P2SH sigops for all inputs (1 for vin[0], 6 for vin[3], 15 for vin[4] 363 BOOST_CHECK_EQUAL(GetP2SHSigOpCount(CTransaction(txTo), coins), 22U); 364 365 CMutableTransaction txToNonStd1; 366 txToNonStd1.vout.resize(1); 367 txToNonStd1.vout[0].scriptPubKey = GetScriptForDestination(PKHash(key[1].GetPubKey())); 368 txToNonStd1.vout[0].nValue = 1000; 369 txToNonStd1.vin.resize(1); 370 txToNonStd1.vin[0].prevout.n = 5; 371 txToNonStd1.vin[0].prevout.hash = txFrom.GetHash(); 372 txToNonStd1.vin[0].scriptSig << std::vector<unsigned char>(sixteenSigops.begin(), sixteenSigops.end()); 373 374 BOOST_CHECK(!::AreInputsStandard(CTransaction(txToNonStd1), coins)); 375 BOOST_CHECK_EQUAL(GetP2SHSigOpCount(CTransaction(txToNonStd1), coins), 16U); 376 377 CMutableTransaction txToNonStd2; 378 txToNonStd2.vout.resize(1); 379 txToNonStd2.vout[0].scriptPubKey = GetScriptForDestination(PKHash(key[1].GetPubKey())); 380 txToNonStd2.vout[0].nValue = 1000; 381 txToNonStd2.vin.resize(1); 382 txToNonStd2.vin[0].prevout.n = 6; 383 txToNonStd2.vin[0].prevout.hash = txFrom.GetHash(); 384 txToNonStd2.vin[0].scriptSig << std::vector<unsigned char>(twentySigops.begin(), twentySigops.end()); 385 386 BOOST_CHECK(!::AreInputsStandard(CTransaction(txToNonStd2), coins)); 387 BOOST_CHECK_EQUAL(GetP2SHSigOpCount(CTransaction(txToNonStd2), coins), 20U); 388 } 389 390 BOOST_AUTO_TEST_SUITE_END()