Line data Source code
1 : // Copyright (c) 2012-2020 The Bitcoin Core developers
2 : // Distributed under the MIT software license, see the accompanying
3 : // file COPYING or http://www.opensource.org/licenses/mit-license.php.
4 :
5 : #include <consensus/tx_verify.h>
6 : #include <key.h>
7 : #include <policy/policy.h>
8 : #include <policy/settings.h>
9 : #include <script/script.h>
10 : #include <script/script_error.h>
11 : #include <script/sign.h>
12 : #include <script/signingprovider.h>
13 : #include <test/util/setup_common.h>
14 : #include <validation.h>
15 :
16 : #include <vector>
17 :
18 : #include <boost/test/unit_test.hpp>
19 :
20 : // Helpers:
21 : static std::vector<unsigned char>
22 4 : Serialize(const CScript& s)
23 : {
24 4 : std::vector<unsigned char> sSerialized(s.begin(), s.end());
25 : return sSerialized;
26 4 : }
27 :
28 : static bool
29 4 : Verify(const CScript& scriptSig, const CScript& scriptPubKey, bool fStrict, ScriptError& err)
30 : {
31 : // Create dummy to/from transactions:
32 4 : CMutableTransaction txFrom;
33 4 : txFrom.vout.resize(1);
34 4 : txFrom.vout[0].scriptPubKey = scriptPubKey;
35 :
36 4 : CMutableTransaction txTo;
37 4 : txTo.vin.resize(1);
38 4 : txTo.vout.resize(1);
39 4 : txTo.vin[0].prevout.n = 0;
40 4 : txTo.vin[0].prevout.hash = txFrom.GetHash();
41 4 : txTo.vin[0].scriptSig = scriptSig;
42 4 : txTo.vout[0].nValue = 1;
43 :
44 4 : return VerifyScript(scriptSig, scriptPubKey, nullptr, fStrict ? SCRIPT_VERIFY_P2SH : SCRIPT_VERIFY_NONE, MutableTransactionSignatureChecker(&txTo, 0, txFrom.vout[0].nValue), &err);
45 4 : }
46 :
47 :
48 89 : BOOST_FIXTURE_TEST_SUITE(script_p2sh_tests, BasicTestingSetup)
49 :
50 95 : BOOST_AUTO_TEST_CASE(sign)
51 : {
52 1 : LOCK(cs_main);
53 : // Pay-to-script-hash looks like this:
54 : // scriptSig: <sig> <sig...> <serialized_script>
55 : // scriptPubKey: HASH160 <hash> EQUAL
56 :
57 : // Test SignSignature() (and therefore the version of Solver() that signs transactions)
58 1 : FillableSigningProvider keystore;
59 4 : CKey key[4];
60 5 : for (int i = 0; i < 4; i++)
61 : {
62 4 : key[i].MakeNewKey(true);
63 4 : BOOST_CHECK(keystore.AddKey(key[i]));
64 : }
65 :
66 : // 8 Scripts: checking all combinations of
67 : // different keys, straight/P2SH, pubkey/pubkeyhash
68 4 : CScript standardScripts[4];
69 1 : standardScripts[0] << ToByteVector(key[0].GetPubKey()) << OP_CHECKSIG;
70 1 : standardScripts[1] = GetScriptForDestination(PKHash(key[1].GetPubKey()));
71 1 : standardScripts[2] << ToByteVector(key[1].GetPubKey()) << OP_CHECKSIG;
72 1 : standardScripts[3] = GetScriptForDestination(PKHash(key[2].GetPubKey()));
73 4 : CScript evalScripts[4];
74 5 : for (int i = 0; i < 4; i++)
75 : {
76 4 : BOOST_CHECK(keystore.AddCScript(standardScripts[i]));
77 4 : evalScripts[i] = GetScriptForDestination(ScriptHash(standardScripts[i]));
78 : }
79 :
80 1 : CMutableTransaction txFrom; // Funding transaction:
81 1 : std::string reason;
82 1 : txFrom.vout.resize(8);
83 5 : for (int i = 0; i < 4; i++)
84 : {
85 4 : txFrom.vout[i].scriptPubKey = evalScripts[i];
86 4 : txFrom.vout[i].nValue = COIN;
87 4 : txFrom.vout[i+4].scriptPubKey = standardScripts[i];
88 4 : txFrom.vout[i+4].nValue = COIN;
89 : }
90 1 : BOOST_CHECK(IsStandardTx(CTransaction(txFrom), reason));
91 :
92 8 : CMutableTransaction txTo[8]; // Spending transactions
93 9 : for (int i = 0; i < 8; i++)
94 : {
95 8 : txTo[i].vin.resize(1);
96 8 : txTo[i].vout.resize(1);
97 8 : txTo[i].vin[0].prevout.n = i;
98 8 : txTo[i].vin[0].prevout.hash = txFrom.GetHash();
99 8 : txTo[i].vout[0].nValue = 1;
100 : }
101 9 : for (int i = 0; i < 8; i++)
102 : {
103 8 : BOOST_CHECK_MESSAGE(SignSignature(keystore, CTransaction(txFrom), txTo[i], 0, SIGHASH_ALL), strprintf("SignSignature %d", i));
104 : }
105 : // All of the above should be OK, and the txTos have valid signatures
106 : // Check to make sure signature verification fails if we use the wrong ScriptSig:
107 9 : for (int i = 0; i < 8; i++) {
108 8 : PrecomputedTransactionData txdata(txTo[i]);
109 72 : for (int j = 0; j < 8; j++)
110 : {
111 64 : CScript sigSave = txTo[i].vin[0].scriptSig;
112 64 : txTo[i].vin[0].scriptSig = txTo[j].vin[0].scriptSig;
113 64 : bool sigOK = CScriptCheck(txFrom.vout[txTo[i].vin[0].prevout.n], CTransaction(txTo[i]), 0, SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_STRICTENC, false, &txdata)();
114 64 : if (i == j)
115 8 : BOOST_CHECK_MESSAGE(sigOK, strprintf("VerifySignature %d %d", i, j));
116 : else
117 56 : BOOST_CHECK_MESSAGE(!sigOK, strprintf("VerifySignature %d %d", i, j));
118 64 : txTo[i].vin[0].scriptSig = sigSave;
119 64 : }
120 8 : }
121 17 : }
122 :
123 95 : BOOST_AUTO_TEST_CASE(norecurse)
124 : {
125 1 : ScriptError err;
126 : // Make sure only the outer pay-to-script-hash does the
127 : // extra-validation thing:
128 1 : CScript invalidAsScript;
129 1 : invalidAsScript << OP_INVALIDOPCODE << OP_INVALIDOPCODE;
130 :
131 1 : CScript p2sh = GetScriptForDestination(ScriptHash(invalidAsScript));
132 :
133 1 : CScript scriptSig;
134 1 : scriptSig << Serialize(invalidAsScript);
135 :
136 : // Should not verify, because it will try to execute OP_INVALIDOPCODE
137 1 : BOOST_CHECK(!Verify(scriptSig, p2sh, true, err));
138 1 : BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_BAD_OPCODE, ScriptErrorString(err));
139 :
140 : // Try to recur, and verification should succeed because
141 : // the inner HASH160 <> EQUAL should only check the hash:
142 1 : CScript p2sh2 = GetScriptForDestination(ScriptHash(p2sh));
143 1 : CScript scriptSig2;
144 1 : scriptSig2 << Serialize(invalidAsScript) << Serialize(p2sh);
145 :
146 1 : BOOST_CHECK(Verify(scriptSig2, p2sh2, true, err));
147 1 : BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
148 1 : }
149 :
150 95 : BOOST_AUTO_TEST_CASE(set)
151 : {
152 1 : LOCK(cs_main);
153 : // Test the CScript::Set* methods
154 1 : FillableSigningProvider keystore;
155 4 : CKey key[4];
156 1 : std::vector<CPubKey> keys;
157 5 : for (int i = 0; i < 4; i++)
158 : {
159 4 : key[i].MakeNewKey(true);
160 4 : BOOST_CHECK(keystore.AddKey(key[i]));
161 4 : keys.push_back(key[i].GetPubKey());
162 : }
163 :
164 4 : CScript inner[4];
165 1 : inner[0] = GetScriptForDestination(PKHash(key[0].GetPubKey()));
166 1 : inner[1] = GetScriptForMultisig(2, std::vector<CPubKey>(keys.begin(), keys.begin()+2));
167 1 : inner[2] = GetScriptForMultisig(1, std::vector<CPubKey>(keys.begin(), keys.begin()+2));
168 1 : inner[3] = GetScriptForMultisig(2, std::vector<CPubKey>(keys.begin(), keys.begin()+3));
169 :
170 4 : CScript outer[4];
171 5 : for (int i = 0; i < 4; i++)
172 : {
173 4 : outer[i] = GetScriptForDestination(ScriptHash(inner[i]));
174 4 : BOOST_CHECK(keystore.AddCScript(inner[i]));
175 : }
176 :
177 1 : CMutableTransaction txFrom; // Funding transaction:
178 1 : std::string reason;
179 1 : txFrom.vout.resize(4);
180 5 : for (int i = 0; i < 4; i++)
181 : {
182 4 : txFrom.vout[i].scriptPubKey = outer[i];
183 4 : txFrom.vout[i].nValue = CENT;
184 : }
185 1 : BOOST_CHECK(IsStandardTx(CTransaction(txFrom), reason));
186 :
187 4 : CMutableTransaction txTo[4]; // Spending transactions
188 5 : for (int i = 0; i < 4; i++)
189 : {
190 4 : txTo[i].vin.resize(1);
191 4 : txTo[i].vout.resize(1);
192 4 : txTo[i].vin[0].prevout.n = i;
193 4 : txTo[i].vin[0].prevout.hash = txFrom.GetHash();
194 4 : txTo[i].vout[0].nValue = 1*CENT;
195 4 : txTo[i].vout[0].scriptPubKey = inner[i];
196 : }
197 5 : for (int i = 0; i < 4; i++)
198 : {
199 4 : BOOST_CHECK_MESSAGE(SignSignature(keystore, CTransaction(txFrom), txTo[i], 0, SIGHASH_ALL), strprintf("SignSignature %d", i));
200 4 : BOOST_CHECK_MESSAGE(IsStandardTx(CTransaction(txTo[i]), reason), strprintf("txTo[%d].IsStandard", i));
201 : }
202 13 : }
203 :
204 95 : BOOST_AUTO_TEST_CASE(is)
205 : {
206 : // Test CScript::IsPayToScriptHash()
207 1 : uint160 dummy;
208 1 : CScript p2sh;
209 1 : p2sh << OP_HASH160 << ToByteVector(dummy) << OP_EQUAL;
210 1 : BOOST_CHECK(p2sh.IsPayToScriptHash());
211 :
212 1 : std::vector<unsigned char> direct = {OP_HASH160, 20};
213 1 : direct.insert(direct.end(), 20, 0);
214 1 : direct.push_back(OP_EQUAL);
215 1 : BOOST_CHECK(CScript(direct.begin(), direct.end()).IsPayToScriptHash());
216 :
217 : // Not considered pay-to-script-hash if using one of the OP_PUSHDATA opcodes:
218 1 : std::vector<unsigned char> pushdata1 = {OP_HASH160, OP_PUSHDATA1, 20};
219 1 : pushdata1.insert(pushdata1.end(), 20, 0);
220 1 : pushdata1.push_back(OP_EQUAL);
221 1 : BOOST_CHECK(!CScript(pushdata1.begin(), pushdata1.end()).IsPayToScriptHash());
222 1 : std::vector<unsigned char> pushdata2 = {OP_HASH160, OP_PUSHDATA2, 20, 0};
223 1 : pushdata2.insert(pushdata2.end(), 20, 0);
224 1 : pushdata2.push_back(OP_EQUAL);
225 1 : BOOST_CHECK(!CScript(pushdata2.begin(), pushdata2.end()).IsPayToScriptHash());
226 1 : std::vector<unsigned char> pushdata4 = {OP_HASH160, OP_PUSHDATA4, 20, 0, 0, 0};
227 1 : pushdata4.insert(pushdata4.end(), 20, 0);
228 1 : pushdata4.push_back(OP_EQUAL);
229 1 : BOOST_CHECK(!CScript(pushdata4.begin(), pushdata4.end()).IsPayToScriptHash());
230 :
231 1 : CScript not_p2sh;
232 1 : BOOST_CHECK(!not_p2sh.IsPayToScriptHash());
233 :
234 1 : not_p2sh.clear(); not_p2sh << OP_HASH160 << ToByteVector(dummy) << ToByteVector(dummy) << OP_EQUAL;
235 1 : BOOST_CHECK(!not_p2sh.IsPayToScriptHash());
236 :
237 1 : not_p2sh.clear(); not_p2sh << OP_NOP << ToByteVector(dummy) << OP_EQUAL;
238 1 : BOOST_CHECK(!not_p2sh.IsPayToScriptHash());
239 :
240 1 : not_p2sh.clear(); not_p2sh << OP_HASH160 << ToByteVector(dummy) << OP_CHECKSIG;
241 1 : BOOST_CHECK(!not_p2sh.IsPayToScriptHash());
242 1 : }
243 :
244 95 : BOOST_AUTO_TEST_CASE(switchover)
245 : {
246 : // Test switch over code
247 1 : CScript notValid;
248 1 : ScriptError err;
249 1 : notValid << OP_11 << OP_12 << OP_EQUALVERIFY;
250 1 : CScript scriptSig;
251 1 : scriptSig << Serialize(notValid);
252 :
253 1 : CScript fund = GetScriptForDestination(ScriptHash(notValid));
254 :
255 :
256 : // Validation should succeed under old rules (hash is correct):
257 1 : BOOST_CHECK(Verify(scriptSig, fund, false, err));
258 1 : BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
259 : // Fail under new:
260 1 : BOOST_CHECK(!Verify(scriptSig, fund, true, err));
261 1 : BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_EQUALVERIFY, ScriptErrorString(err));
262 1 : }
263 :
264 95 : BOOST_AUTO_TEST_CASE(AreInputsStandard)
265 : {
266 1 : LOCK(cs_main);
267 1 : CCoinsView coinsDummy;
268 1 : CCoinsViewCache coins(&coinsDummy);
269 1 : FillableSigningProvider keystore;
270 6 : CKey key[6];
271 1 : std::vector<CPubKey> keys;
272 7 : for (int i = 0; i < 6; i++)
273 : {
274 6 : key[i].MakeNewKey(true);
275 6 : BOOST_CHECK(keystore.AddKey(key[i]));
276 : }
277 4 : for (int i = 0; i < 3; i++)
278 3 : keys.push_back(key[i].GetPubKey());
279 :
280 1 : CMutableTransaction txFrom;
281 1 : txFrom.vout.resize(7);
282 :
283 : // First three are standard:
284 1 : CScript pay1 = GetScriptForDestination(PKHash(key[0].GetPubKey()));
285 1 : BOOST_CHECK(keystore.AddCScript(pay1));
286 1 : CScript pay1of3 = GetScriptForMultisig(1, keys);
287 :
288 1 : txFrom.vout[0].scriptPubKey = GetScriptForDestination(ScriptHash(pay1)); // P2SH (OP_CHECKSIG)
289 1 : txFrom.vout[0].nValue = 1000;
290 1 : txFrom.vout[1].scriptPubKey = pay1; // ordinary OP_CHECKSIG
291 1 : txFrom.vout[1].nValue = 2000;
292 1 : txFrom.vout[2].scriptPubKey = pay1of3; // ordinary OP_CHECKMULTISIG
293 1 : txFrom.vout[2].nValue = 3000;
294 :
295 : // vout[3] is complicated 1-of-3 AND 2-of-3
296 : // ... that is OK if wrapped in P2SH:
297 1 : CScript oneAndTwo;
298 1 : oneAndTwo << OP_1 << ToByteVector(key[0].GetPubKey()) << ToByteVector(key[1].GetPubKey()) << ToByteVector(key[2].GetPubKey());
299 1 : oneAndTwo << OP_3 << OP_CHECKMULTISIGVERIFY;
300 1 : oneAndTwo << OP_2 << ToByteVector(key[3].GetPubKey()) << ToByteVector(key[4].GetPubKey()) << ToByteVector(key[5].GetPubKey());
301 1 : oneAndTwo << OP_3 << OP_CHECKMULTISIG;
302 1 : BOOST_CHECK(keystore.AddCScript(oneAndTwo));
303 1 : txFrom.vout[3].scriptPubKey = GetScriptForDestination(ScriptHash(oneAndTwo));
304 1 : txFrom.vout[3].nValue = 4000;
305 :
306 : // vout[4] is max sigops:
307 1 : CScript fifteenSigops; fifteenSigops << OP_1;
308 16 : for (unsigned i = 0; i < MAX_P2SH_SIGOPS; i++)
309 15 : fifteenSigops << ToByteVector(key[i%3].GetPubKey());
310 1 : fifteenSigops << OP_15 << OP_CHECKMULTISIG;
311 1 : BOOST_CHECK(keystore.AddCScript(fifteenSigops));
312 1 : txFrom.vout[4].scriptPubKey = GetScriptForDestination(ScriptHash(fifteenSigops));
313 1 : txFrom.vout[4].nValue = 5000;
314 :
315 : // vout[5/6] are non-standard because they exceed MAX_P2SH_SIGOPS
316 1 : CScript sixteenSigops; sixteenSigops << OP_16 << OP_CHECKMULTISIG;
317 1 : BOOST_CHECK(keystore.AddCScript(sixteenSigops));
318 1 : txFrom.vout[5].scriptPubKey = GetScriptForDestination(ScriptHash(sixteenSigops));
319 1 : txFrom.vout[5].nValue = 5000;
320 1 : CScript twentySigops; twentySigops << OP_CHECKMULTISIG;
321 1 : BOOST_CHECK(keystore.AddCScript(twentySigops));
322 1 : txFrom.vout[6].scriptPubKey = GetScriptForDestination(ScriptHash(twentySigops));
323 1 : txFrom.vout[6].nValue = 6000;
324 :
325 1 : AddCoins(coins, CTransaction(txFrom), 0);
326 :
327 1 : CMutableTransaction txTo;
328 1 : txTo.vout.resize(1);
329 1 : txTo.vout[0].scriptPubKey = GetScriptForDestination(PKHash(key[1].GetPubKey()));
330 :
331 1 : txTo.vin.resize(5);
332 6 : for (int i = 0; i < 5; i++)
333 : {
334 5 : txTo.vin[i].prevout.n = i;
335 5 : txTo.vin[i].prevout.hash = txFrom.GetHash();
336 : }
337 1 : BOOST_CHECK(SignSignature(keystore, CTransaction(txFrom), txTo, 0, SIGHASH_ALL));
338 1 : BOOST_CHECK(SignSignature(keystore, CTransaction(txFrom), txTo, 1, SIGHASH_ALL));
339 1 : BOOST_CHECK(SignSignature(keystore, CTransaction(txFrom), txTo, 2, SIGHASH_ALL));
340 : // SignSignature doesn't know how to sign these. We're
341 : // not testing validating signatures, so just create
342 : // dummy signatures that DO include the correct P2SH scripts:
343 1 : txTo.vin[3].scriptSig << OP_11 << OP_11 << std::vector<unsigned char>(oneAndTwo.begin(), oneAndTwo.end());
344 1 : txTo.vin[4].scriptSig << std::vector<unsigned char>(fifteenSigops.begin(), fifteenSigops.end());
345 :
346 1 : BOOST_CHECK(::AreInputsStandard(CTransaction(txTo), coins));
347 : // 22 P2SH sigops for all inputs (1 for vin[0], 6 for vin[3], 15 for vin[4]
348 1 : BOOST_CHECK_EQUAL(GetP2SHSigOpCount(CTransaction(txTo), coins), 22U);
349 :
350 1 : CMutableTransaction txToNonStd1;
351 1 : txToNonStd1.vout.resize(1);
352 1 : txToNonStd1.vout[0].scriptPubKey = GetScriptForDestination(PKHash(key[1].GetPubKey()));
353 1 : txToNonStd1.vout[0].nValue = 1000;
354 1 : txToNonStd1.vin.resize(1);
355 1 : txToNonStd1.vin[0].prevout.n = 5;
356 1 : txToNonStd1.vin[0].prevout.hash = txFrom.GetHash();
357 1 : txToNonStd1.vin[0].scriptSig << std::vector<unsigned char>(sixteenSigops.begin(), sixteenSigops.end());
358 :
359 1 : BOOST_CHECK(!::AreInputsStandard(CTransaction(txToNonStd1), coins));
360 1 : BOOST_CHECK_EQUAL(GetP2SHSigOpCount(CTransaction(txToNonStd1), coins), 16U);
361 :
362 1 : CMutableTransaction txToNonStd2;
363 1 : txToNonStd2.vout.resize(1);
364 1 : txToNonStd2.vout[0].scriptPubKey = GetScriptForDestination(PKHash(key[1].GetPubKey()));
365 1 : txToNonStd2.vout[0].nValue = 1000;
366 1 : txToNonStd2.vin.resize(1);
367 1 : txToNonStd2.vin[0].prevout.n = 6;
368 1 : txToNonStd2.vin[0].prevout.hash = txFrom.GetHash();
369 1 : txToNonStd2.vin[0].scriptSig << std::vector<unsigned char>(twentySigops.begin(), twentySigops.end());
370 :
371 1 : BOOST_CHECK(!::AreInputsStandard(CTransaction(txToNonStd2), coins));
372 1 : BOOST_CHECK_EQUAL(GetP2SHSigOpCount(CTransaction(txToNonStd2), coins), 20U);
373 6 : }
374 :
375 89 : BOOST_AUTO_TEST_SUITE_END()
|
