1 // Copyright (c) 2012-2018 The Bitcoin Core developers
2 // Distributed under the MIT software license, see the accompanying
3 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
4 
5 #include <consensus/tx_verify.h>
6 #include <consensus/validation.h>
7 #include <pubkey.h>
8 #include <key.h>
9 #include <script/script.h>
10 #include <script/standard.h>
11 #include <uint256.h>
12 #include <test/test_bitcoin.h>
13 
14 #include <vector>
15 
16 #include <boost/test/unit_test.hpp>
17 
18 // Helpers:
19 static std::vector<unsigned char>
Serialize(const CScript & s)20 Serialize(const CScript& s)
21 {
22     std::vector<unsigned char> sSerialized(s.begin(), s.end());
23     return sSerialized;
24 }
25 
BOOST_FIXTURE_TEST_SUITE(sigopcount_tests,BasicTestingSetup)26 BOOST_FIXTURE_TEST_SUITE(sigopcount_tests, BasicTestingSetup)
27 
28 BOOST_AUTO_TEST_CASE(GetSigOpCount)
29 {
30     // Test CScript::GetSigOpCount()
31     CScript s1;
32     BOOST_CHECK_EQUAL(s1.GetSigOpCount(false), 0U);
33     BOOST_CHECK_EQUAL(s1.GetSigOpCount(true), 0U);
34 
35     uint160 dummy;
36     s1 << OP_1 << ToByteVector(dummy) << ToByteVector(dummy) << OP_2 << OP_CHECKMULTISIG;
37     BOOST_CHECK_EQUAL(s1.GetSigOpCount(true), 2U);
38     s1 << OP_IF << OP_CHECKSIG << OP_ENDIF;
39     BOOST_CHECK_EQUAL(s1.GetSigOpCount(true), 3U);
40     BOOST_CHECK_EQUAL(s1.GetSigOpCount(false), 21U);
41 
42     CScript p2sh = GetScriptForDestination(CScriptID(s1));
43     CScript scriptSig;
44     scriptSig << OP_0 << Serialize(s1);
45     BOOST_CHECK_EQUAL(p2sh.GetSigOpCount(scriptSig), 3U);
46 
47     std::vector<CPubKey> keys;
48     for (int i = 0; i < 3; i++)
49     {
50         CKey k;
51         k.MakeNewKey(true);
52         keys.push_back(k.GetPubKey());
53     }
54     CScript s2 = GetScriptForMultisig(1, keys);
55     BOOST_CHECK_EQUAL(s2.GetSigOpCount(true), 3U);
56     BOOST_CHECK_EQUAL(s2.GetSigOpCount(false), 20U);
57 
58     p2sh = GetScriptForDestination(CScriptID(s2));
59     BOOST_CHECK_EQUAL(p2sh.GetSigOpCount(true), 0U);
60     BOOST_CHECK_EQUAL(p2sh.GetSigOpCount(false), 0U);
61     CScript scriptSig2;
62     scriptSig2 << OP_1 << ToByteVector(dummy) << ToByteVector(dummy) << Serialize(s2);
63     BOOST_CHECK_EQUAL(p2sh.GetSigOpCount(scriptSig2), 3U);
64 }
65 
66 /**
67  * Verifies script execution of the zeroth scriptPubKey of tx output and
68  * zeroth scriptSig and witness of tx input.
69  */
VerifyWithFlag(const CTransaction & output,const CMutableTransaction & input,int flags)70 static ScriptError VerifyWithFlag(const CTransaction& output, const CMutableTransaction& input, int flags)
71 {
72     ScriptError error;
73     CTransaction inputi(input);
74     bool ret = VerifyScript(inputi.vin[0].scriptSig, output.vout[0].scriptPubKey, &inputi.vin[0].scriptWitness, flags, TransactionSignatureChecker(&inputi, 0, output.vout[0].nValue), &error);
75     BOOST_CHECK((ret == true) == (error == SCRIPT_ERR_OK));
76 
77     return error;
78 }
79 
80 /**
81  * Builds a creationTx from scriptPubKey and a spendingTx from scriptSig
82  * and witness such that spendingTx spends output zero of creationTx.
83  * Also inserts creationTx's output into the coins view.
84  */
BuildTxs(CMutableTransaction & spendingTx,CCoinsViewCache & coins,CMutableTransaction & creationTx,const CScript & scriptPubKey,const CScript & scriptSig,const CScriptWitness & witness)85 static void BuildTxs(CMutableTransaction& spendingTx, CCoinsViewCache& coins, CMutableTransaction& creationTx, const CScript& scriptPubKey, const CScript& scriptSig, const CScriptWitness& witness)
86 {
87     creationTx.nVersion = 1;
88     creationTx.vin.resize(1);
89     creationTx.vin[0].prevout.SetNull();
90     creationTx.vin[0].scriptSig = CScript();
91     creationTx.vout.resize(1);
92     creationTx.vout[0].nValue = 1;
93     creationTx.vout[0].scriptPubKey = scriptPubKey;
94 
95     spendingTx.nVersion = 1;
96     spendingTx.vin.resize(1);
97     spendingTx.vin[0].prevout.hash = creationTx.GetHash();
98     spendingTx.vin[0].prevout.n = 0;
99     spendingTx.vin[0].scriptSig = scriptSig;
100     spendingTx.vin[0].scriptWitness = witness;
101     spendingTx.vout.resize(1);
102     spendingTx.vout[0].nValue = 1;
103     spendingTx.vout[0].scriptPubKey = CScript();
104 
105     AddCoins(coins, CTransaction(creationTx), 0);
106 }
107 
BOOST_AUTO_TEST_CASE(GetTxSigOpCost)108 BOOST_AUTO_TEST_CASE(GetTxSigOpCost)
109 {
110     // Transaction creates outputs
111     CMutableTransaction creationTx;
112     // Transaction that spends outputs and whose
113     // sig op cost is going to be tested
114     CMutableTransaction spendingTx;
115 
116     // Create utxo set
117     CCoinsView coinsDummy;
118     CCoinsViewCache coins(&coinsDummy);
119     // Create key
120     CKey key;
121     key.MakeNewKey(true);
122     CPubKey pubkey = key.GetPubKey();
123     // Default flags
124     int flags = SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH;
125 
126     // Multisig script (legacy counting)
127     {
128         CScript scriptPubKey = CScript() << 1 << ToByteVector(pubkey) << ToByteVector(pubkey) << 2 << OP_CHECKMULTISIGVERIFY;
129         // Do not use a valid signature to avoid using wallet operations.
130         CScript scriptSig = CScript() << OP_0 << OP_0;
131 
132         BuildTxs(spendingTx, coins, creationTx, scriptPubKey, scriptSig, CScriptWitness());
133         // Legacy counting only includes signature operations in scriptSigs and scriptPubKeys
134         // of a transaction and does not take the actual executed sig operations into account.
135         // spendingTx in itself does not contain a signature operation.
136         assert(GetTransactionSigOpCost(CTransaction(spendingTx), coins, flags) == 0);
137         // creationTx contains two signature operations in its scriptPubKey, but legacy counting
138         // is not accurate.
139         assert(GetTransactionSigOpCost(CTransaction(creationTx), coins, flags) == MAX_PUBKEYS_PER_MULTISIG * WITNESS_SCALE_FACTOR);
140         // Sanity check: script verification fails because of an invalid signature.
141         assert(VerifyWithFlag(CTransaction(creationTx), spendingTx, flags) == SCRIPT_ERR_CHECKMULTISIGVERIFY);
142     }
143 
144     // Multisig nested in P2SH
145     {
146         CScript redeemScript = CScript() << 1 << ToByteVector(pubkey) << ToByteVector(pubkey) << 2 << OP_CHECKMULTISIGVERIFY;
147         CScript scriptPubKey = GetScriptForDestination(CScriptID(redeemScript));
148         CScript scriptSig = CScript() << OP_0 << OP_0 << ToByteVector(redeemScript);
149 
150         BuildTxs(spendingTx, coins, creationTx, scriptPubKey, scriptSig, CScriptWitness());
151         assert(GetTransactionSigOpCost(CTransaction(spendingTx), coins, flags) == 2 * WITNESS_SCALE_FACTOR);
152         assert(VerifyWithFlag(CTransaction(creationTx), spendingTx, flags) == SCRIPT_ERR_CHECKMULTISIGVERIFY);
153     }
154 
155     // P2WPKH witness program
156     {
157         CScript p2pk = CScript() << ToByteVector(pubkey) << OP_CHECKSIG;
158         CScript scriptPubKey = GetScriptForWitness(p2pk);
159         CScript scriptSig = CScript();
160         CScriptWitness scriptWitness;
161         scriptWitness.stack.push_back(std::vector<unsigned char>(0));
162         scriptWitness.stack.push_back(std::vector<unsigned char>(0));
163 
164 
165         BuildTxs(spendingTx, coins, creationTx, scriptPubKey, scriptSig, scriptWitness);
166         assert(GetTransactionSigOpCost(CTransaction(spendingTx), coins, flags) == 1);
167         // No signature operations if we don't verify the witness.
168         assert(GetTransactionSigOpCost(CTransaction(spendingTx), coins, flags & ~SCRIPT_VERIFY_WITNESS) == 0);
169         assert(VerifyWithFlag(CTransaction(creationTx), spendingTx, flags) == SCRIPT_ERR_EQUALVERIFY);
170 
171         // The sig op cost for witness version != 0 is zero.
172         assert(scriptPubKey[0] == 0x00);
173         scriptPubKey[0] = 0x51;
174         BuildTxs(spendingTx, coins, creationTx, scriptPubKey, scriptSig, scriptWitness);
175         assert(GetTransactionSigOpCost(CTransaction(spendingTx), coins, flags) == 0);
176         scriptPubKey[0] = 0x00;
177         BuildTxs(spendingTx, coins, creationTx, scriptPubKey, scriptSig, scriptWitness);
178 
179         // The witness of a coinbase transaction is not taken into account.
180         spendingTx.vin[0].prevout.SetNull();
181         assert(GetTransactionSigOpCost(CTransaction(spendingTx), coins, flags) == 0);
182     }
183 
184     // P2WPKH nested in P2SH
185     {
186         CScript p2pk = CScript() << ToByteVector(pubkey) << OP_CHECKSIG;
187         CScript scriptSig = GetScriptForWitness(p2pk);
188         CScript scriptPubKey = GetScriptForDestination(CScriptID(scriptSig));
189         scriptSig = CScript() << ToByteVector(scriptSig);
190         CScriptWitness scriptWitness;
191         scriptWitness.stack.push_back(std::vector<unsigned char>(0));
192         scriptWitness.stack.push_back(std::vector<unsigned char>(0));
193 
194         BuildTxs(spendingTx, coins, creationTx, scriptPubKey, scriptSig, scriptWitness);
195         assert(GetTransactionSigOpCost(CTransaction(spendingTx), coins, flags) == 1);
196         assert(VerifyWithFlag(CTransaction(creationTx), spendingTx, flags) == SCRIPT_ERR_EQUALVERIFY);
197     }
198 
199     // P2WSH witness program
200     {
201         CScript witnessScript = CScript() << 1 << ToByteVector(pubkey) << ToByteVector(pubkey) << 2 << OP_CHECKMULTISIGVERIFY;
202         CScript scriptPubKey = GetScriptForWitness(witnessScript);
203         CScript scriptSig = CScript();
204         CScriptWitness scriptWitness;
205         scriptWitness.stack.push_back(std::vector<unsigned char>(0));
206         scriptWitness.stack.push_back(std::vector<unsigned char>(0));
207         scriptWitness.stack.push_back(std::vector<unsigned char>(witnessScript.begin(), witnessScript.end()));
208 
209         BuildTxs(spendingTx, coins, creationTx, scriptPubKey, scriptSig, scriptWitness);
210         assert(GetTransactionSigOpCost(CTransaction(spendingTx), coins, flags) == 2);
211         assert(GetTransactionSigOpCost(CTransaction(spendingTx), coins, flags & ~SCRIPT_VERIFY_WITNESS) == 0);
212         assert(VerifyWithFlag(CTransaction(creationTx), spendingTx, flags) == SCRIPT_ERR_CHECKMULTISIGVERIFY);
213     }
214 
215     // P2WSH nested in P2SH
216     {
217         CScript witnessScript = CScript() << 1 << ToByteVector(pubkey) << ToByteVector(pubkey) << 2 << OP_CHECKMULTISIGVERIFY;
218         CScript redeemScript = GetScriptForWitness(witnessScript);
219         CScript scriptPubKey = GetScriptForDestination(CScriptID(redeemScript));
220         CScript scriptSig = CScript() << ToByteVector(redeemScript);
221         CScriptWitness scriptWitness;
222         scriptWitness.stack.push_back(std::vector<unsigned char>(0));
223         scriptWitness.stack.push_back(std::vector<unsigned char>(0));
224         scriptWitness.stack.push_back(std::vector<unsigned char>(witnessScript.begin(), witnessScript.end()));
225 
226         BuildTxs(spendingTx, coins, creationTx, scriptPubKey, scriptSig, scriptWitness);
227         assert(GetTransactionSigOpCost(CTransaction(spendingTx), coins, flags) == 2);
228         assert(VerifyWithFlag(CTransaction(creationTx), spendingTx, flags) == SCRIPT_ERR_CHECKMULTISIGVERIFY);
229     }
230 }
231 
232 BOOST_AUTO_TEST_SUITE_END()
233