sigopcount_tests.cpp
1 // Copyright (c) 2012-2022 The Bitcoin Core developers 2 // Distributed under the MIT software license, see the accompanying 3 // file COPYING or http://www.opensource.org/licenses/mit-license.php. 4 5 #include <addresstype.h> 6 #include <coins.h> 7 #include <consensus/consensus.h> 8 #include <consensus/tx_verify.h> 9 #include <key.h> 10 #include <pubkey.h> 11 #include <script/interpreter.h> 12 #include <script/script.h> 13 #include <script/solver.h> 14 #include <test/util/setup_common.h> 15 #include <uint256.h> 16 17 #include <vector> 18 19 #include <boost/test/unit_test.hpp> 20 21 // Helpers: 22 static std::vector<unsigned char> 23 Serialize(const CScript& s) 24 { 25 std::vector<unsigned char> sSerialized(s.begin(), s.end()); 26 return sSerialized; 27 } 28 29 BOOST_FIXTURE_TEST_SUITE(sigopcount_tests, BasicTestingSetup) 30 31 BOOST_AUTO_TEST_CASE(GetSigOpCount) 32 { 33 // Test CScript::GetSigOpCount() 34 CScript s1; 35 BOOST_CHECK_EQUAL(s1.GetSigOpCount(false), 0U); 36 BOOST_CHECK_EQUAL(s1.GetSigOpCount(true), 0U); 37 38 uint160 dummy; 39 s1 << OP_1 << ToByteVector(dummy) << ToByteVector(dummy) << OP_2 << OP_CHECKMULTISIG; 40 BOOST_CHECK_EQUAL(s1.GetSigOpCount(true), 2U); 41 s1 << OP_IF << OP_CHECKSIG << OP_ENDIF; 42 BOOST_CHECK_EQUAL(s1.GetSigOpCount(true), 3U); 43 BOOST_CHECK_EQUAL(s1.GetSigOpCount(false), 21U); 44 45 CScript p2sh = GetScriptForDestination(ScriptHash(s1)); 46 CScript scriptSig; 47 scriptSig << OP_0 << Serialize(s1); 48 BOOST_CHECK_EQUAL(p2sh.GetSigOpCount(scriptSig), 3U); 49 50 std::vector<CPubKey> keys; 51 for (int i = 0; i < 3; i++) 52 { 53 CKey k = GenerateRandomKey(); 54 keys.push_back(k.GetPubKey()); 55 } 56 CScript s2 = GetScriptForMultisig(1, keys); 57 BOOST_CHECK_EQUAL(s2.GetSigOpCount(true), 3U); 58 BOOST_CHECK_EQUAL(s2.GetSigOpCount(false), 20U); 59 60 p2sh = GetScriptForDestination(ScriptHash(s2)); 61 BOOST_CHECK_EQUAL(p2sh.GetSigOpCount(true), 0U); 62 BOOST_CHECK_EQUAL(p2sh.GetSigOpCount(false), 0U); 63 CScript scriptSig2; 64 scriptSig2 << OP_1 << ToByteVector(dummy) << ToByteVector(dummy) << Serialize(s2); 65 BOOST_CHECK_EQUAL(p2sh.GetSigOpCount(scriptSig2), 3U); 66 } 67 68 /** 69 * Verifies script execution of the zeroth scriptPubKey of tx output and 70 * zeroth scriptSig and witness of tx input. 71 */ 72 static ScriptError VerifyWithFlag(const CTransaction& output, const CMutableTransaction& input, uint32_t flags) 73 { 74 ScriptError error; 75 CTransaction inputi(input); 76 bool ret = VerifyScript(inputi.vin[0].scriptSig, output.vout[0].scriptPubKey, &inputi.vin[0].scriptWitness, flags, TransactionSignatureChecker(&inputi, 0, output.vout[0].nValue, MissingDataBehavior::ASSERT_FAIL), &error); 77 BOOST_CHECK((ret == true) == (error == SCRIPT_ERR_OK)); 78 79 return error; 80 } 81 82 /** 83 * Builds a creationTx from scriptPubKey and a spendingTx from scriptSig 84 * and witness such that spendingTx spends output zero of creationTx. 85 * Also inserts creationTx's output into the coins view. 86 */ 87 static void BuildTxs(CMutableTransaction& spendingTx, CCoinsViewCache& coins, CMutableTransaction& creationTx, const CScript& scriptPubKey, const CScript& scriptSig, const CScriptWitness& witness) 88 { 89 creationTx.nVersion = 1; 90 creationTx.vin.resize(1); 91 creationTx.vin[0].prevout.SetNull(); 92 creationTx.vin[0].scriptSig = CScript(); 93 creationTx.vout.resize(1); 94 creationTx.vout[0].nValue = 1; 95 creationTx.vout[0].scriptPubKey = scriptPubKey; 96 97 spendingTx.nVersion = 1; 98 spendingTx.vin.resize(1); 99 spendingTx.vin[0].prevout.hash = creationTx.GetHash(); 100 spendingTx.vin[0].prevout.n = 0; 101 spendingTx.vin[0].scriptSig = scriptSig; 102 spendingTx.vin[0].scriptWitness = witness; 103 spendingTx.vout.resize(1); 104 spendingTx.vout[0].nValue = 1; 105 spendingTx.vout[0].scriptPubKey = CScript(); 106 107 AddCoins(coins, CTransaction(creationTx), 0); 108 } 109 110 BOOST_AUTO_TEST_CASE(GetTxSigOpCost) 111 { 112 // Transaction creates outputs 113 CMutableTransaction creationTx; 114 // Transaction that spends outputs and whose 115 // sig op cost is going to be tested 116 CMutableTransaction spendingTx; 117 118 // Create utxo set 119 CCoinsView coinsDummy; 120 CCoinsViewCache coins(&coinsDummy); 121 // Create key 122 CKey key = GenerateRandomKey(); 123 CPubKey pubkey = key.GetPubKey(); 124 // Default flags 125 const uint32_t flags{SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH}; 126 127 // Multisig script (legacy counting) 128 { 129 CScript scriptPubKey = CScript() << 1 << ToByteVector(pubkey) << ToByteVector(pubkey) << 2 << OP_CHECKMULTISIGVERIFY; 130 // Do not use a valid signature to avoid using wallet operations. 131 CScript scriptSig = CScript() << OP_0 << OP_0; 132 133 BuildTxs(spendingTx, coins, creationTx, scriptPubKey, scriptSig, CScriptWitness()); 134 // Legacy counting only includes signature operations in scriptSigs and scriptPubKeys 135 // of a transaction and does not take the actual executed sig operations into account. 136 // spendingTx in itself does not contain a signature operation. 137 assert(GetTransactionSigOpCost(CTransaction(spendingTx), coins, flags) == 0); 138 // creationTx contains two signature operations in its scriptPubKey, but legacy counting 139 // is not accurate. 140 assert(GetTransactionSigOpCost(CTransaction(creationTx), coins, flags) == MAX_PUBKEYS_PER_MULTISIG * WITNESS_SCALE_FACTOR); 141 // Sanity check: script verification fails because of an invalid signature. 142 assert(VerifyWithFlag(CTransaction(creationTx), spendingTx, flags) == SCRIPT_ERR_CHECKMULTISIGVERIFY); 143 } 144 145 // Multisig nested in P2SH 146 { 147 CScript redeemScript = CScript() << 1 << ToByteVector(pubkey) << ToByteVector(pubkey) << 2 << OP_CHECKMULTISIGVERIFY; 148 CScript scriptPubKey = GetScriptForDestination(ScriptHash(redeemScript)); 149 CScript scriptSig = CScript() << OP_0 << OP_0 << ToByteVector(redeemScript); 150 151 BuildTxs(spendingTx, coins, creationTx, scriptPubKey, scriptSig, CScriptWitness()); 152 assert(GetTransactionSigOpCost(CTransaction(spendingTx), coins, flags) == 2 * WITNESS_SCALE_FACTOR); 153 assert(VerifyWithFlag(CTransaction(creationTx), spendingTx, flags) == SCRIPT_ERR_CHECKMULTISIGVERIFY); 154 } 155 156 // P2WPKH witness program 157 { 158 CScript scriptPubKey = GetScriptForDestination(WitnessV0KeyHash(pubkey)); 159 CScript scriptSig = CScript(); 160 CScriptWitness scriptWitness; 161 scriptWitness.stack.emplace_back(0); 162 scriptWitness.stack.emplace_back(0); 163 164 165 BuildTxs(spendingTx, coins, creationTx, scriptPubKey, scriptSig, scriptWitness); 166 assert(GetTransactionSigOpCost(CTransaction(spendingTx), coins, flags) == 1); 167 // No signature operations if we don't verify the witness. 168 assert(GetTransactionSigOpCost(CTransaction(spendingTx), coins, flags & ~SCRIPT_VERIFY_WITNESS) == 0); 169 assert(VerifyWithFlag(CTransaction(creationTx), spendingTx, flags) == SCRIPT_ERR_EQUALVERIFY); 170 171 // The sig op cost for witness version != 0 is zero. 172 assert(scriptPubKey[0] == 0x00); 173 scriptPubKey[0] = 0x51; 174 BuildTxs(spendingTx, coins, creationTx, scriptPubKey, scriptSig, scriptWitness); 175 assert(GetTransactionSigOpCost(CTransaction(spendingTx), coins, flags) == 0); 176 scriptPubKey[0] = 0x00; 177 BuildTxs(spendingTx, coins, creationTx, scriptPubKey, scriptSig, scriptWitness); 178 179 // The witness of a coinbase transaction is not taken into account. 180 spendingTx.vin[0].prevout.SetNull(); 181 assert(GetTransactionSigOpCost(CTransaction(spendingTx), coins, flags) == 0); 182 } 183 184 // P2WPKH nested in P2SH 185 { 186 CScript scriptSig = GetScriptForDestination(WitnessV0KeyHash(pubkey)); 187 CScript scriptPubKey = GetScriptForDestination(ScriptHash(scriptSig)); 188 scriptSig = CScript() << ToByteVector(scriptSig); 189 CScriptWitness scriptWitness; 190 scriptWitness.stack.emplace_back(0); 191 scriptWitness.stack.emplace_back(0); 192 193 BuildTxs(spendingTx, coins, creationTx, scriptPubKey, scriptSig, scriptWitness); 194 assert(GetTransactionSigOpCost(CTransaction(spendingTx), coins, flags) == 1); 195 assert(VerifyWithFlag(CTransaction(creationTx), spendingTx, flags) == SCRIPT_ERR_EQUALVERIFY); 196 } 197 198 // P2WSH witness program 199 { 200 CScript witnessScript = CScript() << 1 << ToByteVector(pubkey) << ToByteVector(pubkey) << 2 << OP_CHECKMULTISIGVERIFY; 201 CScript scriptPubKey = GetScriptForDestination(WitnessV0ScriptHash(witnessScript)); 202 CScript scriptSig = CScript(); 203 CScriptWitness scriptWitness; 204 scriptWitness.stack.emplace_back(0); 205 scriptWitness.stack.emplace_back(0); 206 scriptWitness.stack.emplace_back(witnessScript.begin(), witnessScript.end()); 207 208 BuildTxs(spendingTx, coins, creationTx, scriptPubKey, scriptSig, scriptWitness); 209 assert(GetTransactionSigOpCost(CTransaction(spendingTx), coins, flags) == 2); 210 assert(GetTransactionSigOpCost(CTransaction(spendingTx), coins, flags & ~SCRIPT_VERIFY_WITNESS) == 0); 211 assert(VerifyWithFlag(CTransaction(creationTx), spendingTx, flags) == SCRIPT_ERR_CHECKMULTISIGVERIFY); 212 } 213 214 // P2WSH nested in P2SH 215 { 216 CScript witnessScript = CScript() << 1 << ToByteVector(pubkey) << ToByteVector(pubkey) << 2 << OP_CHECKMULTISIGVERIFY; 217 CScript redeemScript = GetScriptForDestination(WitnessV0ScriptHash(witnessScript)); 218 CScript scriptPubKey = GetScriptForDestination(ScriptHash(redeemScript)); 219 CScript scriptSig = CScript() << ToByteVector(redeemScript); 220 CScriptWitness scriptWitness; 221 scriptWitness.stack.emplace_back(0); 222 scriptWitness.stack.emplace_back(0); 223 scriptWitness.stack.emplace_back(witnessScript.begin(), witnessScript.end()); 224 225 BuildTxs(spendingTx, coins, creationTx, scriptPubKey, scriptSig, scriptWitness); 226 assert(GetTransactionSigOpCost(CTransaction(spendingTx), coins, flags) == 2); 227 assert(VerifyWithFlag(CTransaction(creationTx), spendingTx, flags) == SCRIPT_ERR_CHECKMULTISIGVERIFY); 228 } 229 } 230 231 BOOST_AUTO_TEST_SUITE_END()