1 // Copyright (c) 2012-2018 The Bitcoin Core developers
2 // Distributed under the MIT software license, see the accompanying
3 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
4
5 #include <consensus/tx_verify.h>
6 #include <consensus/validation.h>
7 #include <pubkey.h>
8 #include <key.h>
9 #include <script/script.h>
10 #include <script/standard.h>
11 #include <uint256.h>
12 #include <test/test_bitcoin.h>
13
14 #include <vector>
15
16 #include <boost/test/unit_test.hpp>
17
18 // Helpers:
19 static std::vector<unsigned char>
Serialize(const CScript & s)20 Serialize(const CScript& s)
21 {
22 std::vector<unsigned char> sSerialized(s.begin(), s.end());
23 return sSerialized;
24 }
25
BOOST_FIXTURE_TEST_SUITE(sigopcount_tests,BasicTestingSetup)26 BOOST_FIXTURE_TEST_SUITE(sigopcount_tests, BasicTestingSetup)
27
28 BOOST_AUTO_TEST_CASE(GetSigOpCount)
29 {
30 // Test CScript::GetSigOpCount()
31 CScript s1;
32 BOOST_CHECK_EQUAL(s1.GetSigOpCount(false), 0U);
33 BOOST_CHECK_EQUAL(s1.GetSigOpCount(true), 0U);
34
35 uint160 dummy;
36 s1 << OP_1 << ToByteVector(dummy) << ToByteVector(dummy) << OP_2 << OP_CHECKMULTISIG;
37 BOOST_CHECK_EQUAL(s1.GetSigOpCount(true), 2U);
38 s1 << OP_IF << OP_CHECKSIG << OP_ENDIF;
39 BOOST_CHECK_EQUAL(s1.GetSigOpCount(true), 3U);
40 BOOST_CHECK_EQUAL(s1.GetSigOpCount(false), 21U);
41
42 CScript p2sh = GetScriptForDestination(CScriptID(s1));
43 CScript scriptSig;
44 scriptSig << OP_0 << Serialize(s1);
45 BOOST_CHECK_EQUAL(p2sh.GetSigOpCount(scriptSig), 3U);
46
47 std::vector<CPubKey> keys;
48 for (int i = 0; i < 3; i++)
49 {
50 CKey k;
51 k.MakeNewKey(true);
52 keys.push_back(k.GetPubKey());
53 }
54 CScript s2 = GetScriptForMultisig(1, keys);
55 BOOST_CHECK_EQUAL(s2.GetSigOpCount(true), 3U);
56 BOOST_CHECK_EQUAL(s2.GetSigOpCount(false), 20U);
57
58 p2sh = GetScriptForDestination(CScriptID(s2));
59 BOOST_CHECK_EQUAL(p2sh.GetSigOpCount(true), 0U);
60 BOOST_CHECK_EQUAL(p2sh.GetSigOpCount(false), 0U);
61 CScript scriptSig2;
62 scriptSig2 << OP_1 << ToByteVector(dummy) << ToByteVector(dummy) << Serialize(s2);
63 BOOST_CHECK_EQUAL(p2sh.GetSigOpCount(scriptSig2), 3U);
64 }
65
66 /**
67 * Verifies script execution of the zeroth scriptPubKey of tx output and
68 * zeroth scriptSig and witness of tx input.
69 */
VerifyWithFlag(const CTransaction & output,const CMutableTransaction & input,int flags)70 static ScriptError VerifyWithFlag(const CTransaction& output, const CMutableTransaction& input, int flags)
71 {
72 ScriptError error;
73 CTransaction inputi(input);
74 bool ret = VerifyScript(inputi.vin[0].scriptSig, output.vout[0].scriptPubKey, &inputi.vin[0].scriptWitness, flags, TransactionSignatureChecker(&inputi, 0, output.vout[0].nValue), &error);
75 BOOST_CHECK((ret == true) == (error == SCRIPT_ERR_OK));
76
77 return error;
78 }
79
80 /**
81 * Builds a creationTx from scriptPubKey and a spendingTx from scriptSig
82 * and witness such that spendingTx spends output zero of creationTx.
83 * Also inserts creationTx's output into the coins view.
84 */
BuildTxs(CMutableTransaction & spendingTx,CCoinsViewCache & coins,CMutableTransaction & creationTx,const CScript & scriptPubKey,const CScript & scriptSig,const CScriptWitness & witness)85 static void BuildTxs(CMutableTransaction& spendingTx, CCoinsViewCache& coins, CMutableTransaction& creationTx, const CScript& scriptPubKey, const CScript& scriptSig, const CScriptWitness& witness)
86 {
87 creationTx.nVersion = 1;
88 creationTx.vin.resize(1);
89 creationTx.vin[0].prevout.SetNull();
90 creationTx.vin[0].scriptSig = CScript();
91 creationTx.vout.resize(1);
92 creationTx.vout[0].nValue = 1;
93 creationTx.vout[0].scriptPubKey = scriptPubKey;
94
95 spendingTx.nVersion = 1;
96 spendingTx.vin.resize(1);
97 spendingTx.vin[0].prevout.hash = creationTx.GetHash();
98 spendingTx.vin[0].prevout.n = 0;
99 spendingTx.vin[0].scriptSig = scriptSig;
100 spendingTx.vin[0].scriptWitness = witness;
101 spendingTx.vout.resize(1);
102 spendingTx.vout[0].nValue = 1;
103 spendingTx.vout[0].scriptPubKey = CScript();
104
105 AddCoins(coins, CTransaction(creationTx), 0);
106 }
107
BOOST_AUTO_TEST_CASE(GetTxSigOpCost)108 BOOST_AUTO_TEST_CASE(GetTxSigOpCost)
109 {
110 // Transaction creates outputs
111 CMutableTransaction creationTx;
112 // Transaction that spends outputs and whose
113 // sig op cost is going to be tested
114 CMutableTransaction spendingTx;
115
116 // Create utxo set
117 CCoinsView coinsDummy;
118 CCoinsViewCache coins(&coinsDummy);
119 // Create key
120 CKey key;
121 key.MakeNewKey(true);
122 CPubKey pubkey = key.GetPubKey();
123 // Default flags
124 int flags = SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH;
125
126 // Multisig script (legacy counting)
127 {
128 CScript scriptPubKey = CScript() << 1 << ToByteVector(pubkey) << ToByteVector(pubkey) << 2 << OP_CHECKMULTISIGVERIFY;
129 // Do not use a valid signature to avoid using wallet operations.
130 CScript scriptSig = CScript() << OP_0 << OP_0;
131
132 BuildTxs(spendingTx, coins, creationTx, scriptPubKey, scriptSig, CScriptWitness());
133 // Legacy counting only includes signature operations in scriptSigs and scriptPubKeys
134 // of a transaction and does not take the actual executed sig operations into account.
135 // spendingTx in itself does not contain a signature operation.
136 assert(GetTransactionSigOpCost(CTransaction(spendingTx), coins, flags) == 0);
137 // creationTx contains two signature operations in its scriptPubKey, but legacy counting
138 // is not accurate.
139 assert(GetTransactionSigOpCost(CTransaction(creationTx), coins, flags) == MAX_PUBKEYS_PER_MULTISIG * WITNESS_SCALE_FACTOR);
140 // Sanity check: script verification fails because of an invalid signature.
141 assert(VerifyWithFlag(CTransaction(creationTx), spendingTx, flags) == SCRIPT_ERR_CHECKMULTISIGVERIFY);
142 }
143
144 // Multisig nested in P2SH
145 {
146 CScript redeemScript = CScript() << 1 << ToByteVector(pubkey) << ToByteVector(pubkey) << 2 << OP_CHECKMULTISIGVERIFY;
147 CScript scriptPubKey = GetScriptForDestination(CScriptID(redeemScript));
148 CScript scriptSig = CScript() << OP_0 << OP_0 << ToByteVector(redeemScript);
149
150 BuildTxs(spendingTx, coins, creationTx, scriptPubKey, scriptSig, CScriptWitness());
151 assert(GetTransactionSigOpCost(CTransaction(spendingTx), coins, flags) == 2 * WITNESS_SCALE_FACTOR);
152 assert(VerifyWithFlag(CTransaction(creationTx), spendingTx, flags) == SCRIPT_ERR_CHECKMULTISIGVERIFY);
153 }
154
155 // P2WPKH witness program
156 {
157 CScript p2pk = CScript() << ToByteVector(pubkey) << OP_CHECKSIG;
158 CScript scriptPubKey = GetScriptForWitness(p2pk);
159 CScript scriptSig = CScript();
160 CScriptWitness scriptWitness;
161 scriptWitness.stack.push_back(std::vector<unsigned char>(0));
162 scriptWitness.stack.push_back(std::vector<unsigned char>(0));
163
164
165 BuildTxs(spendingTx, coins, creationTx, scriptPubKey, scriptSig, scriptWitness);
166 assert(GetTransactionSigOpCost(CTransaction(spendingTx), coins, flags) == 1);
167 // No signature operations if we don't verify the witness.
168 assert(GetTransactionSigOpCost(CTransaction(spendingTx), coins, flags & ~SCRIPT_VERIFY_WITNESS) == 0);
169 assert(VerifyWithFlag(CTransaction(creationTx), spendingTx, flags) == SCRIPT_ERR_EQUALVERIFY);
170
171 // The sig op cost for witness version != 0 is zero.
172 assert(scriptPubKey[0] == 0x00);
173 scriptPubKey[0] = 0x51;
174 BuildTxs(spendingTx, coins, creationTx, scriptPubKey, scriptSig, scriptWitness);
175 assert(GetTransactionSigOpCost(CTransaction(spendingTx), coins, flags) == 0);
176 scriptPubKey[0] = 0x00;
177 BuildTxs(spendingTx, coins, creationTx, scriptPubKey, scriptSig, scriptWitness);
178
179 // The witness of a coinbase transaction is not taken into account.
180 spendingTx.vin[0].prevout.SetNull();
181 assert(GetTransactionSigOpCost(CTransaction(spendingTx), coins, flags) == 0);
182 }
183
184 // P2WPKH nested in P2SH
185 {
186 CScript p2pk = CScript() << ToByteVector(pubkey) << OP_CHECKSIG;
187 CScript scriptSig = GetScriptForWitness(p2pk);
188 CScript scriptPubKey = GetScriptForDestination(CScriptID(scriptSig));
189 scriptSig = CScript() << ToByteVector(scriptSig);
190 CScriptWitness scriptWitness;
191 scriptWitness.stack.push_back(std::vector<unsigned char>(0));
192 scriptWitness.stack.push_back(std::vector<unsigned char>(0));
193
194 BuildTxs(spendingTx, coins, creationTx, scriptPubKey, scriptSig, scriptWitness);
195 assert(GetTransactionSigOpCost(CTransaction(spendingTx), coins, flags) == 1);
196 assert(VerifyWithFlag(CTransaction(creationTx), spendingTx, flags) == SCRIPT_ERR_EQUALVERIFY);
197 }
198
199 // P2WSH witness program
200 {
201 CScript witnessScript = CScript() << 1 << ToByteVector(pubkey) << ToByteVector(pubkey) << 2 << OP_CHECKMULTISIGVERIFY;
202 CScript scriptPubKey = GetScriptForWitness(witnessScript);
203 CScript scriptSig = CScript();
204 CScriptWitness scriptWitness;
205 scriptWitness.stack.push_back(std::vector<unsigned char>(0));
206 scriptWitness.stack.push_back(std::vector<unsigned char>(0));
207 scriptWitness.stack.push_back(std::vector<unsigned char>(witnessScript.begin(), witnessScript.end()));
208
209 BuildTxs(spendingTx, coins, creationTx, scriptPubKey, scriptSig, scriptWitness);
210 assert(GetTransactionSigOpCost(CTransaction(spendingTx), coins, flags) == 2);
211 assert(GetTransactionSigOpCost(CTransaction(spendingTx), coins, flags & ~SCRIPT_VERIFY_WITNESS) == 0);
212 assert(VerifyWithFlag(CTransaction(creationTx), spendingTx, flags) == SCRIPT_ERR_CHECKMULTISIGVERIFY);
213 }
214
215 // P2WSH nested in P2SH
216 {
217 CScript witnessScript = CScript() << 1 << ToByteVector(pubkey) << ToByteVector(pubkey) << 2 << OP_CHECKMULTISIGVERIFY;
218 CScript redeemScript = GetScriptForWitness(witnessScript);
219 CScript scriptPubKey = GetScriptForDestination(CScriptID(redeemScript));
220 CScript scriptSig = CScript() << ToByteVector(redeemScript);
221 CScriptWitness scriptWitness;
222 scriptWitness.stack.push_back(std::vector<unsigned char>(0));
223 scriptWitness.stack.push_back(std::vector<unsigned char>(0));
224 scriptWitness.stack.push_back(std::vector<unsigned char>(witnessScript.begin(), witnessScript.end()));
225
226 BuildTxs(spendingTx, coins, creationTx, scriptPubKey, scriptSig, scriptWitness);
227 assert(GetTransactionSigOpCost(CTransaction(spendingTx), coins, flags) == 2);
228 assert(VerifyWithFlag(CTransaction(creationTx), spendingTx, flags) == SCRIPT_ERR_CHECKMULTISIGVERIFY);
229 }
230 }
231
232 BOOST_AUTO_TEST_SUITE_END()
233