script_p2sh_tests.cpp
1 // Copyright (c) 2012-present The Bitcoin Core developers 2 // Distributed under the MIT software license, see the accompanying 3 // file COPYING or http://www.opensource.org/licenses/mit-license.php. 4 5 #include <consensus/tx_verify.h> 6 #include <key.h> 7 #include <policy/policy.h> 8 #include <policy/settings.h> 9 #include <script/script.h> 10 #include <script/script_error.h> 11 #include <script/sign.h> 12 #include <script/signingprovider.h> 13 #include <test/util/setup_common.h> 14 #include <test/util/transaction_utils.h> 15 #include <validation.h> 16 17 #include <vector> 18 19 #include <boost/test/unit_test.hpp> 20 21 // Helpers: 22 static bool IsStandardTx(const CTransaction& tx, bool permit_bare_multisig, std::string& reason) 23 { 24 return IsStandardTx(tx, std::nullopt, permit_bare_multisig, CFeeRate{DUST_RELAY_TX_FEE}, reason); 25 } 26 27 static bool IsStandardTx(const CTransaction& tx, std::string& reason) 28 { 29 return IsStandardTx(tx, std::nullopt, /*permit_bare_multisig=*/true, CFeeRate{DUST_RELAY_TX_FEE}, reason) && 30 IsStandardTx(tx, std::nullopt, /*permit_bare_multisig=*/false, CFeeRate{DUST_RELAY_TX_FEE}, reason); 31 } 32 33 static std::vector<unsigned char> Serialize(const CScript& s) 34 { 35 std::vector<unsigned char> sSerialized(s.begin(), s.end()); 36 return sSerialized; 37 } 38 39 static bool Verify(const CScript& scriptSig, const CScript& scriptPubKey, bool fStrict, ScriptError& err) 40 { 41 // Create dummy to/from transactions: 42 CMutableTransaction txFrom; 43 txFrom.vout.resize(1); 44 txFrom.vout[0].scriptPubKey = scriptPubKey; 45 46 CMutableTransaction txTo; 47 txTo.vin.resize(1); 48 txTo.vout.resize(1); 49 txTo.vin[0].prevout.n = 0; 50 txTo.vin[0].prevout.hash = txFrom.GetHash(); 51 txTo.vin[0].scriptSig = scriptSig; 52 txTo.vout[0].nValue = 1; 53 54 return VerifyScript(scriptSig, scriptPubKey, nullptr, fStrict ? SCRIPT_VERIFY_P2SH : SCRIPT_VERIFY_NONE, MutableTransactionSignatureChecker(&txTo, 0, txFrom.vout[0].nValue, MissingDataBehavior::ASSERT_FAIL), &err); 55 } 56 57 58 BOOST_FIXTURE_TEST_SUITE(script_p2sh_tests, BasicTestingSetup) 59 60 BOOST_AUTO_TEST_CASE(sign) 61 { 62 // Pay-to-script-hash looks like this: 63 // scriptSig: <sig> <sig...> <serialized_script> 64 // scriptPubKey: HASH160 <hash> EQUAL 65 66 // Test SignSignature() (and therefore the version of Solver() that signs transactions) 67 FillableSigningProvider keystore; 68 CKey key[4]; 69 for (int i = 0; i < 4; i++) 70 { 71 key[i].MakeNewKey(true); 72 BOOST_CHECK(keystore.AddKey(key[i])); 73 } 74 75 // 8 Scripts: checking all combinations of 76 // different keys, straight/P2SH, pubkey/pubkeyhash 77 CScript standardScripts[4]; 78 standardScripts[0] << ToByteVector(key[0].GetPubKey()) << OP_CHECKSIG; 79 standardScripts[1] = GetScriptForDestination(PKHash(key[1].GetPubKey())); 80 standardScripts[2] << ToByteVector(key[1].GetPubKey()) << OP_CHECKSIG; 81 standardScripts[3] = GetScriptForDestination(PKHash(key[2].GetPubKey())); 82 CScript evalScripts[4]; 83 for (int i = 0; i < 4; i++) 84 { 85 BOOST_CHECK(keystore.AddCScript(standardScripts[i])); 86 evalScripts[i] = GetScriptForDestination(ScriptHash(standardScripts[i])); 87 } 88 89 CMutableTransaction txFrom; // Funding transaction: 90 std::string reason; 91 txFrom.vout.resize(8); 92 for (int i = 0; i < 4; i++) 93 { 94 txFrom.vout[i].scriptPubKey = evalScripts[i]; 95 txFrom.vout[i].nValue = COIN; 96 txFrom.vout[i+4].scriptPubKey = standardScripts[i]; 97 txFrom.vout[i+4].nValue = COIN; 98 } 99 BOOST_CHECK(IsStandardTx(CTransaction(txFrom), reason)); 100 101 CMutableTransaction txTo[8]; // Spending transactions 102 for (int i = 0; i < 8; i++) 103 { 104 txTo[i].vin.resize(1); 105 txTo[i].vout.resize(1); 106 txTo[i].vin[0].prevout.n = i; 107 txTo[i].vin[0].prevout.hash = txFrom.GetHash(); 108 txTo[i].vout[0].nValue = 1; 109 } 110 for (int i = 0; i < 8; i++) 111 { 112 SignatureData empty; 113 BOOST_CHECK_MESSAGE(SignSignature(keystore, CTransaction(txFrom), txTo[i], 0, SIGHASH_ALL, empty), strprintf("SignSignature %d", i)); 114 } 115 // All of the above should be OK, and the txTos have valid signatures 116 // Check to make sure signature verification fails if we use the wrong ScriptSig: 117 SignatureCache signature_cache{DEFAULT_SIGNATURE_CACHE_BYTES}; 118 for (int i = 0; i < 8; i++) { 119 PrecomputedTransactionData txdata(txTo[i]); 120 for (int j = 0; j < 8; j++) 121 { 122 CScript sigSave = txTo[i].vin[0].scriptSig; 123 txTo[i].vin[0].scriptSig = txTo[j].vin[0].scriptSig; 124 bool sigOK = !CScriptCheck(txFrom.vout[txTo[i].vin[0].prevout.n], CTransaction(txTo[i]), signature_cache, 0, SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_STRICTENC, false, &txdata)().has_value(); 125 if (i == j) 126 BOOST_CHECK_MESSAGE(sigOK, strprintf("VerifySignature %d %d", i, j)); 127 else 128 BOOST_CHECK_MESSAGE(!sigOK, strprintf("VerifySignature %d %d", i, j)); 129 txTo[i].vin[0].scriptSig = sigSave; 130 } 131 } 132 } 133 134 BOOST_AUTO_TEST_CASE(norecurse) 135 { 136 ScriptError err; 137 // Make sure only the outer pay-to-script-hash does the 138 // extra-validation thing: 139 CScript invalidAsScript; 140 invalidAsScript << OP_INVALIDOPCODE << OP_INVALIDOPCODE; 141 142 CScript p2sh = GetScriptForDestination(ScriptHash(invalidAsScript)); 143 144 CScript scriptSig; 145 scriptSig << Serialize(invalidAsScript); 146 147 // Should not verify, because it will try to execute OP_INVALIDOPCODE 148 BOOST_CHECK(!Verify(scriptSig, p2sh, true, err)); 149 BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_BAD_OPCODE, ScriptErrorString(err)); 150 151 // Try to recur, and verification should succeed because 152 // the inner HASH160 <> EQUAL should only check the hash: 153 CScript p2sh2 = GetScriptForDestination(ScriptHash(p2sh)); 154 CScript scriptSig2; 155 scriptSig2 << Serialize(invalidAsScript) << Serialize(p2sh); 156 157 BOOST_CHECK(Verify(scriptSig2, p2sh2, true, err)); 158 BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err)); 159 } 160 161 BOOST_AUTO_TEST_CASE(set) 162 { 163 // Test the CScript::Set* methods 164 FillableSigningProvider keystore; 165 CKey key[4]; 166 std::vector<CPubKey> keys; 167 keys.reserve(4); 168 for (int i = 0; i < 4; i++) 169 { 170 key[i].MakeNewKey(true); 171 BOOST_CHECK(keystore.AddKey(key[i])); 172 keys.push_back(key[i].GetPubKey()); 173 } 174 175 CScript inner[4]; 176 inner[0] = GetScriptForDestination(PKHash(key[0].GetPubKey())); 177 inner[1] = GetScriptForMultisig(2, std::vector<CPubKey>(keys.begin(), keys.begin()+2)); 178 inner[2] = GetScriptForMultisig(1, std::vector<CPubKey>(keys.begin(), keys.begin()+2)); 179 inner[3] = GetScriptForMultisig(2, std::vector<CPubKey>(keys.begin(), keys.begin()+3)); 180 181 CScript outer[4]; 182 for (int i = 0; i < 4; i++) 183 { 184 outer[i] = GetScriptForDestination(ScriptHash(inner[i])); 185 BOOST_CHECK(keystore.AddCScript(inner[i])); 186 } 187 188 CMutableTransaction txFrom; // Funding transaction: 189 std::string reason; 190 txFrom.vout.resize(4); 191 for (int i = 0; i < 4; i++) 192 { 193 txFrom.vout[i].scriptPubKey = outer[i]; 194 txFrom.vout[i].nValue = CENT; 195 } 196 BOOST_CHECK(IsStandardTx(CTransaction(txFrom), reason)); 197 198 CMutableTransaction txTo[4]; // Spending transactions 199 for (int i = 0; i < 4; i++) 200 { 201 txTo[i].vin.resize(1); 202 txTo[i].vout.resize(1); 203 txTo[i].vin[0].prevout.n = i; 204 txTo[i].vin[0].prevout.hash = txFrom.GetHash(); 205 txTo[i].vout[0].nValue = 1*CENT; 206 txTo[i].vout[0].scriptPubKey = inner[i]; 207 } 208 for (int i = 0; i < 4; i++) 209 { 210 SignatureData empty; 211 BOOST_CHECK_MESSAGE(SignSignature(keystore, CTransaction(txFrom), txTo[i], 0, SIGHASH_ALL, empty), strprintf("SignSignature %d", i)); 212 BOOST_CHECK_MESSAGE(IsStandardTx(CTransaction(txTo[i]), /*permit_bare_multisig=*/true, reason), strprintf("txTo[%d].IsStandard", i)); 213 bool no_pbms_is_std = IsStandardTx(CTransaction(txTo[i]), /*permit_bare_multisig=*/false, reason); 214 BOOST_CHECK_MESSAGE((i == 0 ? no_pbms_is_std : !no_pbms_is_std), strprintf("txTo[%d].IsStandard(permbaremulti=false)", i)); 215 } 216 } 217 218 BOOST_AUTO_TEST_CASE(is) 219 { 220 // Test CScript::IsPayToScriptHash() 221 uint160 dummy; 222 CScript p2sh; 223 p2sh << OP_HASH160 << ToByteVector(dummy) << OP_EQUAL; 224 BOOST_CHECK(p2sh.IsPayToScriptHash()); 225 226 std::vector<unsigned char> direct = {OP_HASH160, 20}; 227 direct.insert(direct.end(), 20, 0); 228 direct.push_back(OP_EQUAL); 229 BOOST_CHECK(CScript(direct.begin(), direct.end()).IsPayToScriptHash()); 230 231 // Not considered pay-to-script-hash if using one of the OP_PUSHDATA opcodes: 232 std::vector<unsigned char> pushdata1 = {OP_HASH160, OP_PUSHDATA1, 20}; 233 pushdata1.insert(pushdata1.end(), 20, 0); 234 pushdata1.push_back(OP_EQUAL); 235 BOOST_CHECK(!CScript(pushdata1.begin(), pushdata1.end()).IsPayToScriptHash()); 236 std::vector<unsigned char> pushdata2 = {OP_HASH160, OP_PUSHDATA2, 20, 0}; 237 pushdata2.insert(pushdata2.end(), 20, 0); 238 pushdata2.push_back(OP_EQUAL); 239 BOOST_CHECK(!CScript(pushdata2.begin(), pushdata2.end()).IsPayToScriptHash()); 240 std::vector<unsigned char> pushdata4 = {OP_HASH160, OP_PUSHDATA4, 20, 0, 0, 0}; 241 pushdata4.insert(pushdata4.end(), 20, 0); 242 pushdata4.push_back(OP_EQUAL); 243 BOOST_CHECK(!CScript(pushdata4.begin(), pushdata4.end()).IsPayToScriptHash()); 244 245 CScript not_p2sh; 246 BOOST_CHECK(!not_p2sh.IsPayToScriptHash()); 247 248 not_p2sh.clear(); not_p2sh << OP_HASH160 << ToByteVector(dummy) << ToByteVector(dummy) << OP_EQUAL; 249 BOOST_CHECK(!not_p2sh.IsPayToScriptHash()); 250 251 not_p2sh.clear(); not_p2sh << OP_NOP << ToByteVector(dummy) << OP_EQUAL; 252 BOOST_CHECK(!not_p2sh.IsPayToScriptHash()); 253 254 not_p2sh.clear(); not_p2sh << OP_HASH160 << ToByteVector(dummy) << OP_CHECKSIG; 255 BOOST_CHECK(!not_p2sh.IsPayToScriptHash()); 256 } 257 258 BOOST_AUTO_TEST_CASE(switchover) 259 { 260 // Test switch over code 261 CScript notValid; 262 ScriptError err; 263 notValid << OP_11 << OP_12 << OP_EQUALVERIFY; 264 CScript scriptSig; 265 scriptSig << Serialize(notValid); 266 267 CScript fund = GetScriptForDestination(ScriptHash(notValid)); 268 269 270 // Validation should succeed under old rules (hash is correct): 271 BOOST_CHECK(Verify(scriptSig, fund, false, err)); 272 BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err)); 273 // Fail under new: 274 BOOST_CHECK(!Verify(scriptSig, fund, true, err)); 275 BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_EQUALVERIFY, ScriptErrorString(err)); 276 } 277 278 BOOST_AUTO_TEST_CASE(AreInputsStandard) 279 { 280 CCoinsView coinsDummy; 281 CCoinsViewCache coins(&coinsDummy); 282 FillableSigningProvider keystore; 283 CKey key[6]; 284 for (int i = 0; i < 6; i++) 285 { 286 key[i].MakeNewKey(true); 287 BOOST_CHECK(keystore.AddKey(key[i])); 288 } 289 std::vector<CPubKey> keys; 290 keys.reserve(3); 291 for (int i = 0; i < 3; i++) 292 keys.push_back(key[i].GetPubKey()); 293 294 CMutableTransaction txFrom; 295 txFrom.vout.resize(7); 296 297 // First three are standard: 298 CScript pay1 = GetScriptForDestination(PKHash(key[0].GetPubKey())); 299 BOOST_CHECK(keystore.AddCScript(pay1)); 300 CScript pay1of3 = GetScriptForMultisig(1, keys); 301 302 txFrom.vout[0].scriptPubKey = GetScriptForDestination(ScriptHash(pay1)); // P2SH (OP_CHECKSIG) 303 txFrom.vout[0].nValue = 1000; 304 txFrom.vout[1].scriptPubKey = pay1; // ordinary OP_CHECKSIG 305 txFrom.vout[1].nValue = 2000; 306 txFrom.vout[2].scriptPubKey = pay1of3; // ordinary OP_CHECKMULTISIG 307 txFrom.vout[2].nValue = 3000; 308 309 // vout[3] is complicated 1-of-3 AND 2-of-3 310 // ... that is OK if wrapped in P2SH: 311 CScript oneAndTwo; 312 oneAndTwo << OP_1 << ToByteVector(key[0].GetPubKey()) << ToByteVector(key[1].GetPubKey()) << ToByteVector(key[2].GetPubKey()); 313 oneAndTwo << OP_3 << OP_CHECKMULTISIGVERIFY; 314 oneAndTwo << OP_2 << ToByteVector(key[3].GetPubKey()) << ToByteVector(key[4].GetPubKey()) << ToByteVector(key[5].GetPubKey()); 315 oneAndTwo << OP_3 << OP_CHECKMULTISIG; 316 BOOST_CHECK(keystore.AddCScript(oneAndTwo)); 317 txFrom.vout[3].scriptPubKey = GetScriptForDestination(ScriptHash(oneAndTwo)); 318 txFrom.vout[3].nValue = 4000; 319 320 // vout[4] is max sigops: 321 CScript fifteenSigops; fifteenSigops << OP_1; 322 for (unsigned i = 0; i < MAX_P2SH_SIGOPS; i++) 323 fifteenSigops << ToByteVector(key[i%3].GetPubKey()); 324 fifteenSigops << OP_15 << OP_CHECKMULTISIG; 325 BOOST_CHECK(keystore.AddCScript(fifteenSigops)); 326 txFrom.vout[4].scriptPubKey = GetScriptForDestination(ScriptHash(fifteenSigops)); 327 txFrom.vout[4].nValue = 5000; 328 329 // vout[5/6] are non-standard because they exceed MAX_P2SH_SIGOPS 330 CScript sixteenSigops; sixteenSigops << OP_16 << OP_CHECKMULTISIG; 331 BOOST_CHECK(keystore.AddCScript(sixteenSigops)); 332 txFrom.vout[5].scriptPubKey = GetScriptForDestination(ScriptHash(sixteenSigops)); 333 txFrom.vout[5].nValue = 5000; 334 CScript twentySigops; twentySigops << OP_CHECKMULTISIG; 335 BOOST_CHECK(keystore.AddCScript(twentySigops)); 336 txFrom.vout[6].scriptPubKey = GetScriptForDestination(ScriptHash(twentySigops)); 337 txFrom.vout[6].nValue = 6000; 338 339 AddCoins(coins, CTransaction(txFrom), 0); 340 341 CMutableTransaction txTo; 342 txTo.vout.resize(1); 343 txTo.vout[0].scriptPubKey = GetScriptForDestination(PKHash(key[1].GetPubKey())); 344 345 txTo.vin.resize(5); 346 for (int i = 0; i < 5; i++) 347 { 348 txTo.vin[i].prevout.n = i; 349 txTo.vin[i].prevout.hash = txFrom.GetHash(); 350 } 351 SignatureData empty; 352 BOOST_CHECK(SignSignature(keystore, CTransaction(txFrom), txTo, 0, SIGHASH_ALL, empty)); 353 SignatureData empty_b; 354 BOOST_CHECK(SignSignature(keystore, CTransaction(txFrom), txTo, 1, SIGHASH_ALL, empty_b)); 355 SignatureData empty_c; 356 BOOST_CHECK(SignSignature(keystore, CTransaction(txFrom), txTo, 2, SIGHASH_ALL, empty_c)); 357 // SignSignature doesn't know how to sign these. We're 358 // not testing validating signatures, so just create 359 // dummy signatures that DO include the correct P2SH scripts: 360 txTo.vin[3].scriptSig << OP_11 << OP_11 << std::vector<unsigned char>(oneAndTwo.begin(), oneAndTwo.end()); 361 txTo.vin[4].scriptSig << std::vector<unsigned char>(fifteenSigops.begin(), fifteenSigops.end()); 362 363 BOOST_CHECK(::AreInputsStandard(CTransaction(txTo), coins)); 364 // 22 P2SH sigops for all inputs (1 for vin[0], 6 for vin[3], 15 for vin[4] 365 BOOST_CHECK_EQUAL(GetP2SHSigOpCount(CTransaction(txTo), coins), 22U); 366 367 CMutableTransaction coinbase_tx_mut; 368 coinbase_tx_mut.vin.resize(1); 369 CTransaction coinbase_tx{coinbase_tx_mut}; 370 BOOST_CHECK(coinbase_tx.IsCoinBase()); 371 BOOST_CHECK_EQUAL(GetP2SHSigOpCount(coinbase_tx, coins), 0U); 372 373 CMutableTransaction txToNonStd1; 374 txToNonStd1.vout.resize(1); 375 txToNonStd1.vout[0].scriptPubKey = GetScriptForDestination(PKHash(key[1].GetPubKey())); 376 txToNonStd1.vout[0].nValue = 1000; 377 txToNonStd1.vin.resize(1); 378 txToNonStd1.vin[0].prevout.n = 5; 379 txToNonStd1.vin[0].prevout.hash = txFrom.GetHash(); 380 txToNonStd1.vin[0].scriptSig << std::vector<unsigned char>(sixteenSigops.begin(), sixteenSigops.end()); 381 382 BOOST_CHECK(!::AreInputsStandard(CTransaction(txToNonStd1), coins)); 383 BOOST_CHECK_EQUAL(GetP2SHSigOpCount(CTransaction(txToNonStd1), coins), 16U); 384 385 CMutableTransaction txToNonStd2; 386 txToNonStd2.vout.resize(1); 387 txToNonStd2.vout[0].scriptPubKey = GetScriptForDestination(PKHash(key[1].GetPubKey())); 388 txToNonStd2.vout[0].nValue = 1000; 389 txToNonStd2.vin.resize(1); 390 txToNonStd2.vin[0].prevout.n = 6; 391 txToNonStd2.vin[0].prevout.hash = txFrom.GetHash(); 392 txToNonStd2.vin[0].scriptSig << std::vector<unsigned char>(twentySigops.begin(), twentySigops.end()); 393 394 BOOST_CHECK(!::AreInputsStandard(CTransaction(txToNonStd2), coins)); 395 BOOST_CHECK_EQUAL(GetP2SHSigOpCount(CTransaction(txToNonStd2), coins), 20U); 396 } 397 398 BOOST_AUTO_TEST_SUITE_END()