1 // Copyright (c) 2012-2020 The Bitcoin Core developers
2 // Distributed under the MIT software license, see the accompanying
3 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
4
5 #include <consensus/consensus.h>
6 #include <consensus/tx_verify.h>
7 #include <key.h>
8 #include <pubkey.h>
9 #include <script/script.h>
10 #include <script/standard.h>
11 #include <test/util/setup_common.h>
12 #include <uint256.h>
13
14 #include <vector>
15
16 #include <boost/test/unit_test.hpp>
17
18 // Helpers:
19 static std::vector<unsigned char>
Serialize(const CScript & s)20 Serialize(const CScript& s)
21 {
22 std::vector<unsigned char> sSerialized(s.begin(), s.end());
23 return sSerialized;
24 }
25
BOOST_FIXTURE_TEST_SUITE(sigopcount_tests,BasicTestingSetup)26 BOOST_FIXTURE_TEST_SUITE(sigopcount_tests, BasicTestingSetup)
27
28 BOOST_AUTO_TEST_CASE(GetSigOpCount)
29 {
30 // Test CScript::GetSigOpCount()
31 CScript s1;
32 BOOST_CHECK_EQUAL(s1.GetSigOpCount(false), 0U);
33 BOOST_CHECK_EQUAL(s1.GetSigOpCount(true), 0U);
34
35 uint160 dummy;
36 s1 << OP_1 << ToByteVector(dummy) << ToByteVector(dummy) << OP_2 << OP_CHECKMULTISIG;
37 BOOST_CHECK_EQUAL(s1.GetSigOpCount(true), 2U);
38 s1 << OP_IF << OP_CHECKSIG << OP_ENDIF;
39 BOOST_CHECK_EQUAL(s1.GetSigOpCount(true), 3U);
40 BOOST_CHECK_EQUAL(s1.GetSigOpCount(false), 21U);
41
42 CScript p2sh = GetScriptForDestination(ScriptHash(s1));
43 CScript scriptSig;
44 scriptSig << OP_0 << Serialize(s1);
45 BOOST_CHECK_EQUAL(p2sh.GetSigOpCount(scriptSig), 3U);
46
47 std::vector<CPubKey> keys;
48 for (int i = 0; i < 3; i++)
49 {
50 CKey k;
51 k.MakeNewKey(true);
52 keys.push_back(k.GetPubKey());
53 }
54 CScript s2 = GetScriptForMultisig(1, keys);
55 BOOST_CHECK_EQUAL(s2.GetSigOpCount(true), 3U);
56 BOOST_CHECK_EQUAL(s2.GetSigOpCount(false), 20U);
57
58 p2sh = GetScriptForDestination(ScriptHash(s2));
59 BOOST_CHECK_EQUAL(p2sh.GetSigOpCount(true), 0U);
60 BOOST_CHECK_EQUAL(p2sh.GetSigOpCount(false), 0U);
61 CScript scriptSig2;
62 scriptSig2 << OP_1 << ToByteVector(dummy) << ToByteVector(dummy) << Serialize(s2);
63 BOOST_CHECK_EQUAL(p2sh.GetSigOpCount(scriptSig2), 3U);
64 }
65
66 /**
67 * Verifies script execution of the zeroth scriptPubKey of tx output and
68 * zeroth scriptSig and witness of tx input.
69 */
VerifyWithFlag(const CTransaction & output,const CMutableTransaction & input,int flags)70 static ScriptError VerifyWithFlag(const CTransaction& output, const CMutableTransaction& input, int flags)
71 {
72 ScriptError error;
73 CTransaction inputi(input);
74 bool ret = VerifyScript(inputi.vin[0].scriptSig, output.vout[0].scriptPubKey, &inputi.vin[0].scriptWitness, flags, TransactionSignatureChecker(&inputi, 0, output.vout[0].nValue, MissingDataBehavior::ASSERT_FAIL), &error);
75 BOOST_CHECK((ret == true) == (error == SCRIPT_ERR_OK));
76
77 return error;
78 }
79
80 /**
81 * Builds a creationTx from scriptPubKey and a spendingTx from scriptSig
82 * and witness such that spendingTx spends output zero of creationTx.
83 * Also inserts creationTx's output into the coins view.
84 */
BuildTxs(CMutableTransaction & spendingTx,CCoinsViewCache & coins,CMutableTransaction & creationTx,const CScript & scriptPubKey,const CScript & scriptSig,const CScriptWitness & witness)85 static void BuildTxs(CMutableTransaction& spendingTx, CCoinsViewCache& coins, CMutableTransaction& creationTx, const CScript& scriptPubKey, const CScript& scriptSig, const CScriptWitness& witness)
86 {
87 creationTx.nVersion = 1;
88 creationTx.vin.resize(1);
89 creationTx.vin[0].prevout.SetNull();
90 creationTx.vin[0].scriptSig = CScript();
91 creationTx.vout.resize(1);
92 creationTx.vout[0].nValue = 1;
93 creationTx.vout[0].scriptPubKey = scriptPubKey;
94
95 spendingTx.nVersion = 1;
96 spendingTx.vin.resize(1);
97 spendingTx.vin[0].prevout.hash = creationTx.GetHash();
98 spendingTx.vin[0].prevout.n = 0;
99 spendingTx.vin[0].scriptSig = scriptSig;
100 spendingTx.vin[0].scriptWitness = witness;
101 spendingTx.vout.resize(1);
102 spendingTx.vout[0].nValue = 1;
103 spendingTx.vout[0].scriptPubKey = CScript();
104
105 AddCoins(coins, CTransaction(creationTx), 0);
106 }
107
BOOST_AUTO_TEST_CASE(GetTxSigOpCost)108 BOOST_AUTO_TEST_CASE(GetTxSigOpCost)
109 {
110 // Transaction creates outputs
111 CMutableTransaction creationTx;
112 // Transaction that spends outputs and whose
113 // sig op cost is going to be tested
114 CMutableTransaction spendingTx;
115
116 // Create utxo set
117 CCoinsView coinsDummy;
118 CCoinsViewCache coins(&coinsDummy);
119 // Create key
120 CKey key;
121 key.MakeNewKey(true);
122 CPubKey pubkey = key.GetPubKey();
123 // Default flags
124 int flags = SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH;
125
126 // Multisig script (legacy counting)
127 {
128 CScript scriptPubKey = CScript() << 1 << ToByteVector(pubkey) << ToByteVector(pubkey) << 2 << OP_CHECKMULTISIGVERIFY;
129 // Do not use a valid signature to avoid using wallet operations.
130 CScript scriptSig = CScript() << OP_0 << OP_0;
131
132 BuildTxs(spendingTx, coins, creationTx, scriptPubKey, scriptSig, CScriptWitness());
133 // Legacy counting only includes signature operations in scriptSigs and scriptPubKeys
134 // of a transaction and does not take the actual executed sig operations into account.
135 // spendingTx in itself does not contain a signature operation.
136 assert(GetTransactionSigOpCost(CTransaction(spendingTx), coins, flags) == 0);
137 // creationTx contains two signature operations in its scriptPubKey, but legacy counting
138 // is not accurate.
139 assert(GetTransactionSigOpCost(CTransaction(creationTx), coins, flags) == MAX_PUBKEYS_PER_MULTISIG * WITNESS_SCALE_FACTOR);
140 // Sanity check: script verification fails because of an invalid signature.
141 assert(VerifyWithFlag(CTransaction(creationTx), spendingTx, flags) == SCRIPT_ERR_CHECKMULTISIGVERIFY);
142 }
143
144 // Multisig nested in P2SH
145 {
146 CScript redeemScript = CScript() << 1 << ToByteVector(pubkey) << ToByteVector(pubkey) << 2 << OP_CHECKMULTISIGVERIFY;
147 CScript scriptPubKey = GetScriptForDestination(ScriptHash(redeemScript));
148 CScript scriptSig = CScript() << OP_0 << OP_0 << ToByteVector(redeemScript);
149
150 BuildTxs(spendingTx, coins, creationTx, scriptPubKey, scriptSig, CScriptWitness());
151 assert(GetTransactionSigOpCost(CTransaction(spendingTx), coins, flags) == 2 * WITNESS_SCALE_FACTOR);
152 assert(VerifyWithFlag(CTransaction(creationTx), spendingTx, flags) == SCRIPT_ERR_CHECKMULTISIGVERIFY);
153 }
154
155 // P2WPKH witness program
156 {
157 CScript scriptPubKey = GetScriptForDestination(WitnessV0KeyHash(pubkey));
158 CScript scriptSig = CScript();
159 CScriptWitness scriptWitness;
160 scriptWitness.stack.push_back(std::vector<unsigned char>(0));
161 scriptWitness.stack.push_back(std::vector<unsigned char>(0));
162
163
164 BuildTxs(spendingTx, coins, creationTx, scriptPubKey, scriptSig, scriptWitness);
165 assert(GetTransactionSigOpCost(CTransaction(spendingTx), coins, flags) == 1);
166 // No signature operations if we don't verify the witness.
167 assert(GetTransactionSigOpCost(CTransaction(spendingTx), coins, flags & ~SCRIPT_VERIFY_WITNESS) == 0);
168 assert(VerifyWithFlag(CTransaction(creationTx), spendingTx, flags) == SCRIPT_ERR_EQUALVERIFY);
169
170 // The sig op cost for witness version != 0 is zero.
171 assert(scriptPubKey[0] == 0x00);
172 scriptPubKey[0] = 0x51;
173 BuildTxs(spendingTx, coins, creationTx, scriptPubKey, scriptSig, scriptWitness);
174 assert(GetTransactionSigOpCost(CTransaction(spendingTx), coins, flags) == 0);
175 scriptPubKey[0] = 0x00;
176 BuildTxs(spendingTx, coins, creationTx, scriptPubKey, scriptSig, scriptWitness);
177
178 // The witness of a coinbase transaction is not taken into account.
179 spendingTx.vin[0].prevout.SetNull();
180 assert(GetTransactionSigOpCost(CTransaction(spendingTx), coins, flags) == 0);
181 }
182
183 // P2WPKH nested in P2SH
184 {
185 CScript scriptSig = GetScriptForDestination(WitnessV0KeyHash(pubkey));
186 CScript scriptPubKey = GetScriptForDestination(ScriptHash(scriptSig));
187 scriptSig = CScript() << ToByteVector(scriptSig);
188 CScriptWitness scriptWitness;
189 scriptWitness.stack.push_back(std::vector<unsigned char>(0));
190 scriptWitness.stack.push_back(std::vector<unsigned char>(0));
191
192 BuildTxs(spendingTx, coins, creationTx, scriptPubKey, scriptSig, scriptWitness);
193 assert(GetTransactionSigOpCost(CTransaction(spendingTx), coins, flags) == 1);
194 assert(VerifyWithFlag(CTransaction(creationTx), spendingTx, flags) == SCRIPT_ERR_EQUALVERIFY);
195 }
196
197 // P2WSH witness program
198 {
199 CScript witnessScript = CScript() << 1 << ToByteVector(pubkey) << ToByteVector(pubkey) << 2 << OP_CHECKMULTISIGVERIFY;
200 CScript scriptPubKey = GetScriptForDestination(WitnessV0ScriptHash(witnessScript));
201 CScript scriptSig = CScript();
202 CScriptWitness scriptWitness;
203 scriptWitness.stack.push_back(std::vector<unsigned char>(0));
204 scriptWitness.stack.push_back(std::vector<unsigned char>(0));
205 scriptWitness.stack.push_back(std::vector<unsigned char>(witnessScript.begin(), witnessScript.end()));
206
207 BuildTxs(spendingTx, coins, creationTx, scriptPubKey, scriptSig, scriptWitness);
208 assert(GetTransactionSigOpCost(CTransaction(spendingTx), coins, flags) == 2);
209 assert(GetTransactionSigOpCost(CTransaction(spendingTx), coins, flags & ~SCRIPT_VERIFY_WITNESS) == 0);
210 assert(VerifyWithFlag(CTransaction(creationTx), spendingTx, flags) == SCRIPT_ERR_CHECKMULTISIGVERIFY);
211 }
212
213 // P2WSH nested in P2SH
214 {
215 CScript witnessScript = CScript() << 1 << ToByteVector(pubkey) << ToByteVector(pubkey) << 2 << OP_CHECKMULTISIGVERIFY;
216 CScript redeemScript = GetScriptForDestination(WitnessV0ScriptHash(witnessScript));
217 CScript scriptPubKey = GetScriptForDestination(ScriptHash(redeemScript));
218 CScript scriptSig = CScript() << ToByteVector(redeemScript);
219 CScriptWitness scriptWitness;
220 scriptWitness.stack.push_back(std::vector<unsigned char>(0));
221 scriptWitness.stack.push_back(std::vector<unsigned char>(0));
222 scriptWitness.stack.push_back(std::vector<unsigned char>(witnessScript.begin(), witnessScript.end()));
223
224 BuildTxs(spendingTx, coins, creationTx, scriptPubKey, scriptSig, scriptWitness);
225 assert(GetTransactionSigOpCost(CTransaction(spendingTx), coins, flags) == 2);
226 assert(VerifyWithFlag(CTransaction(creationTx), spendingTx, flags) == SCRIPT_ERR_CHECKMULTISIGVERIFY);
227 }
228 }
229
230 BOOST_AUTO_TEST_SUITE_END()
231