1 // Copyright (c) 2012-2020 The Bitcoin Core developers
2 // Distributed under the MIT software license, see the accompanying
3 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
4 
5 #include <consensus/consensus.h>
6 #include <consensus/tx_verify.h>
7 #include <key.h>
8 #include <pubkey.h>
9 #include <script/script.h>
10 #include <script/standard.h>
11 #include <test/util/setup_common.h>
12 #include <uint256.h>
13 
14 #include <vector>
15 
16 #include <boost/test/unit_test.hpp>
17 
18 // Helpers:
19 static std::vector<unsigned char>
Serialize(const CScript & s)20 Serialize(const CScript& s)
21 {
22     std::vector<unsigned char> sSerialized(s.begin(), s.end());
23     return sSerialized;
24 }
25 
BOOST_FIXTURE_TEST_SUITE(sigopcount_tests,BasicTestingSetup)26 BOOST_FIXTURE_TEST_SUITE(sigopcount_tests, BasicTestingSetup)
27 
28 BOOST_AUTO_TEST_CASE(GetSigOpCount)
29 {
30     // Test CScript::GetSigOpCount()
31     CScript s1;
32     BOOST_CHECK_EQUAL(s1.GetSigOpCount(false), 0U);
33     BOOST_CHECK_EQUAL(s1.GetSigOpCount(true), 0U);
34 
35     uint160 dummy;
36     s1 << OP_1 << ToByteVector(dummy) << ToByteVector(dummy) << OP_2 << OP_CHECKMULTISIG;
37     BOOST_CHECK_EQUAL(s1.GetSigOpCount(true), 2U);
38     s1 << OP_IF << OP_CHECKSIG << OP_ENDIF;
39     BOOST_CHECK_EQUAL(s1.GetSigOpCount(true), 3U);
40     BOOST_CHECK_EQUAL(s1.GetSigOpCount(false), 21U);
41 
42     CScript p2sh = GetScriptForDestination(ScriptHash(s1));
43     CScript scriptSig;
44     scriptSig << OP_0 << Serialize(s1);
45     BOOST_CHECK_EQUAL(p2sh.GetSigOpCount(scriptSig), 3U);
46 
47     std::vector<CPubKey> keys;
48     for (int i = 0; i < 3; i++)
49     {
50         CKey k;
51         k.MakeNewKey(true);
52         keys.push_back(k.GetPubKey());
53     }
54     CScript s2 = GetScriptForMultisig(1, keys);
55     BOOST_CHECK_EQUAL(s2.GetSigOpCount(true), 3U);
56     BOOST_CHECK_EQUAL(s2.GetSigOpCount(false), 20U);
57 
58     p2sh = GetScriptForDestination(ScriptHash(s2));
59     BOOST_CHECK_EQUAL(p2sh.GetSigOpCount(true), 0U);
60     BOOST_CHECK_EQUAL(p2sh.GetSigOpCount(false), 0U);
61     CScript scriptSig2;
62     scriptSig2 << OP_1 << ToByteVector(dummy) << ToByteVector(dummy) << Serialize(s2);
63     BOOST_CHECK_EQUAL(p2sh.GetSigOpCount(scriptSig2), 3U);
64 }
65 
66 /**
67  * Verifies script execution of the zeroth scriptPubKey of tx output and
68  * zeroth scriptSig and witness of tx input.
69  */
VerifyWithFlag(const CTransaction & output,const CMutableTransaction & input,int flags)70 static ScriptError VerifyWithFlag(const CTransaction& output, const CMutableTransaction& input, int flags)
71 {
72     ScriptError error;
73     CTransaction inputi(input);
74     bool ret = VerifyScript(inputi.vin[0].scriptSig, output.vout[0].scriptPubKey, &inputi.vin[0].scriptWitness, flags, TransactionSignatureChecker(&inputi, 0, output.vout[0].nValue, MissingDataBehavior::ASSERT_FAIL), &error);
75     BOOST_CHECK((ret == true) == (error == SCRIPT_ERR_OK));
76 
77     return error;
78 }
79 
80 /**
81  * Builds a creationTx from scriptPubKey and a spendingTx from scriptSig
82  * and witness such that spendingTx spends output zero of creationTx.
83  * Also inserts creationTx's output into the coins view.
84  */
BuildTxs(CMutableTransaction & spendingTx,CCoinsViewCache & coins,CMutableTransaction & creationTx,const CScript & scriptPubKey,const CScript & scriptSig,const CScriptWitness & witness)85 static void BuildTxs(CMutableTransaction& spendingTx, CCoinsViewCache& coins, CMutableTransaction& creationTx, const CScript& scriptPubKey, const CScript& scriptSig, const CScriptWitness& witness)
86 {
87     creationTx.nVersion = 1;
88     creationTx.vin.resize(1);
89     creationTx.vin[0].prevout.SetNull();
90     creationTx.vin[0].scriptSig = CScript();
91     creationTx.vout.resize(1);
92     creationTx.vout[0].nValue = 1;
93     creationTx.vout[0].scriptPubKey = scriptPubKey;
94 
95     spendingTx.nVersion = 1;
96     spendingTx.vin.resize(1);
97     spendingTx.vin[0].prevout.hash = creationTx.GetHash();
98     spendingTx.vin[0].prevout.n = 0;
99     spendingTx.vin[0].scriptSig = scriptSig;
100     spendingTx.vin[0].scriptWitness = witness;
101     spendingTx.vout.resize(1);
102     spendingTx.vout[0].nValue = 1;
103     spendingTx.vout[0].scriptPubKey = CScript();
104 
105     AddCoins(coins, CTransaction(creationTx), 0);
106 }
107 
BOOST_AUTO_TEST_CASE(GetTxSigOpCost)108 BOOST_AUTO_TEST_CASE(GetTxSigOpCost)
109 {
110     // Transaction creates outputs
111     CMutableTransaction creationTx;
112     // Transaction that spends outputs and whose
113     // sig op cost is going to be tested
114     CMutableTransaction spendingTx;
115 
116     // Create utxo set
117     CCoinsView coinsDummy;
118     CCoinsViewCache coins(&coinsDummy);
119     // Create key
120     CKey key;
121     key.MakeNewKey(true);
122     CPubKey pubkey = key.GetPubKey();
123     // Default flags
124     int flags = SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH;
125 
126     // Multisig script (legacy counting)
127     {
128         CScript scriptPubKey = CScript() << 1 << ToByteVector(pubkey) << ToByteVector(pubkey) << 2 << OP_CHECKMULTISIGVERIFY;
129         // Do not use a valid signature to avoid using wallet operations.
130         CScript scriptSig = CScript() << OP_0 << OP_0;
131 
132         BuildTxs(spendingTx, coins, creationTx, scriptPubKey, scriptSig, CScriptWitness());
133         // Legacy counting only includes signature operations in scriptSigs and scriptPubKeys
134         // of a transaction and does not take the actual executed sig operations into account.
135         // spendingTx in itself does not contain a signature operation.
136         assert(GetTransactionSigOpCost(CTransaction(spendingTx), coins, flags) == 0);
137         // creationTx contains two signature operations in its scriptPubKey, but legacy counting
138         // is not accurate.
139         assert(GetTransactionSigOpCost(CTransaction(creationTx), coins, flags) == MAX_PUBKEYS_PER_MULTISIG * WITNESS_SCALE_FACTOR);
140         // Sanity check: script verification fails because of an invalid signature.
141         assert(VerifyWithFlag(CTransaction(creationTx), spendingTx, flags) == SCRIPT_ERR_CHECKMULTISIGVERIFY);
142     }
143 
144     // Multisig nested in P2SH
145     {
146         CScript redeemScript = CScript() << 1 << ToByteVector(pubkey) << ToByteVector(pubkey) << 2 << OP_CHECKMULTISIGVERIFY;
147         CScript scriptPubKey = GetScriptForDestination(ScriptHash(redeemScript));
148         CScript scriptSig = CScript() << OP_0 << OP_0 << ToByteVector(redeemScript);
149 
150         BuildTxs(spendingTx, coins, creationTx, scriptPubKey, scriptSig, CScriptWitness());
151         assert(GetTransactionSigOpCost(CTransaction(spendingTx), coins, flags) == 2 * WITNESS_SCALE_FACTOR);
152         assert(VerifyWithFlag(CTransaction(creationTx), spendingTx, flags) == SCRIPT_ERR_CHECKMULTISIGVERIFY);
153     }
154 
155     // P2WPKH witness program
156     {
157         CScript scriptPubKey = GetScriptForDestination(WitnessV0KeyHash(pubkey));
158         CScript scriptSig = CScript();
159         CScriptWitness scriptWitness;
160         scriptWitness.stack.push_back(std::vector<unsigned char>(0));
161         scriptWitness.stack.push_back(std::vector<unsigned char>(0));
162 
163 
164         BuildTxs(spendingTx, coins, creationTx, scriptPubKey, scriptSig, scriptWitness);
165         assert(GetTransactionSigOpCost(CTransaction(spendingTx), coins, flags) == 1);
166         // No signature operations if we don't verify the witness.
167         assert(GetTransactionSigOpCost(CTransaction(spendingTx), coins, flags & ~SCRIPT_VERIFY_WITNESS) == 0);
168         assert(VerifyWithFlag(CTransaction(creationTx), spendingTx, flags) == SCRIPT_ERR_EQUALVERIFY);
169 
170         // The sig op cost for witness version != 0 is zero.
171         assert(scriptPubKey[0] == 0x00);
172         scriptPubKey[0] = 0x51;
173         BuildTxs(spendingTx, coins, creationTx, scriptPubKey, scriptSig, scriptWitness);
174         assert(GetTransactionSigOpCost(CTransaction(spendingTx), coins, flags) == 0);
175         scriptPubKey[0] = 0x00;
176         BuildTxs(spendingTx, coins, creationTx, scriptPubKey, scriptSig, scriptWitness);
177 
178         // The witness of a coinbase transaction is not taken into account.
179         spendingTx.vin[0].prevout.SetNull();
180         assert(GetTransactionSigOpCost(CTransaction(spendingTx), coins, flags) == 0);
181     }
182 
183     // P2WPKH nested in P2SH
184     {
185         CScript scriptSig = GetScriptForDestination(WitnessV0KeyHash(pubkey));
186         CScript scriptPubKey = GetScriptForDestination(ScriptHash(scriptSig));
187         scriptSig = CScript() << ToByteVector(scriptSig);
188         CScriptWitness scriptWitness;
189         scriptWitness.stack.push_back(std::vector<unsigned char>(0));
190         scriptWitness.stack.push_back(std::vector<unsigned char>(0));
191 
192         BuildTxs(spendingTx, coins, creationTx, scriptPubKey, scriptSig, scriptWitness);
193         assert(GetTransactionSigOpCost(CTransaction(spendingTx), coins, flags) == 1);
194         assert(VerifyWithFlag(CTransaction(creationTx), spendingTx, flags) == SCRIPT_ERR_EQUALVERIFY);
195     }
196 
197     // P2WSH witness program
198     {
199         CScript witnessScript = CScript() << 1 << ToByteVector(pubkey) << ToByteVector(pubkey) << 2 << OP_CHECKMULTISIGVERIFY;
200         CScript scriptPubKey = GetScriptForDestination(WitnessV0ScriptHash(witnessScript));
201         CScript scriptSig = CScript();
202         CScriptWitness scriptWitness;
203         scriptWitness.stack.push_back(std::vector<unsigned char>(0));
204         scriptWitness.stack.push_back(std::vector<unsigned char>(0));
205         scriptWitness.stack.push_back(std::vector<unsigned char>(witnessScript.begin(), witnessScript.end()));
206 
207         BuildTxs(spendingTx, coins, creationTx, scriptPubKey, scriptSig, scriptWitness);
208         assert(GetTransactionSigOpCost(CTransaction(spendingTx), coins, flags) == 2);
209         assert(GetTransactionSigOpCost(CTransaction(spendingTx), coins, flags & ~SCRIPT_VERIFY_WITNESS) == 0);
210         assert(VerifyWithFlag(CTransaction(creationTx), spendingTx, flags) == SCRIPT_ERR_CHECKMULTISIGVERIFY);
211     }
212 
213     // P2WSH nested in P2SH
214     {
215         CScript witnessScript = CScript() << 1 << ToByteVector(pubkey) << ToByteVector(pubkey) << 2 << OP_CHECKMULTISIGVERIFY;
216         CScript redeemScript = GetScriptForDestination(WitnessV0ScriptHash(witnessScript));
217         CScript scriptPubKey = GetScriptForDestination(ScriptHash(redeemScript));
218         CScript scriptSig = CScript() << ToByteVector(redeemScript);
219         CScriptWitness scriptWitness;
220         scriptWitness.stack.push_back(std::vector<unsigned char>(0));
221         scriptWitness.stack.push_back(std::vector<unsigned char>(0));
222         scriptWitness.stack.push_back(std::vector<unsigned char>(witnessScript.begin(), witnessScript.end()));
223 
224         BuildTxs(spendingTx, coins, creationTx, scriptPubKey, scriptSig, scriptWitness);
225         assert(GetTransactionSigOpCost(CTransaction(spendingTx), coins, flags) == 2);
226         assert(VerifyWithFlag(CTransaction(creationTx), spendingTx, flags) == SCRIPT_ERR_CHECKMULTISIGVERIFY);
227     }
228 }
229 
230 BOOST_AUTO_TEST_SUITE_END()
231