1 // Copyright (c) 2011-2018 The Bitcoin Core developers
2 // Distributed under the MIT software license, see the accompanying
3 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
4
5 #include <consensus/validation.h>
6 #include <key.h>
7 #include <validation.h>
8 #include <miner.h>
9 #include <pubkey.h>
10 #include <txmempool.h>
11 #include <random.h>
12 #include <script/standard.h>
13 #include <script/sign.h>
14 #include <test/test_bitcoin.h>
15 #include <util/time.h>
16 #include <core_io.h>
17 #include <keystore.h>
18 #include <policy/policy.h>
19
20 #include <boost/test/unit_test.hpp>
21
22 bool CheckInputs(const CTransaction& tx, CValidationState &state, const CCoinsViewCache &inputs, bool fScriptChecks, unsigned int flags, bool cacheSigStore, bool cacheFullScriptStore, PrecomputedTransactionData& txdata, std::vector<CScriptCheck> *pvChecks);
23
BOOST_AUTO_TEST_SUITE(tx_validationcache_tests)24 BOOST_AUTO_TEST_SUITE(tx_validationcache_tests)
25
26 static bool
27 ToMemPool(const CMutableTransaction& tx)
28 {
29 LOCK(cs_main);
30
31 CValidationState state;
32 return AcceptToMemoryPool(mempool, state, MakeTransactionRef(tx), nullptr /* pfMissingInputs */,
33 nullptr /* plTxnReplaced */, true /* bypass_limits */, 0 /* nAbsurdFee */);
34 }
35
BOOST_FIXTURE_TEST_CASE(tx_mempool_block_doublespend,TestChain100Setup)36 BOOST_FIXTURE_TEST_CASE(tx_mempool_block_doublespend, TestChain100Setup)
37 {
38 // Make sure skipping validation of transactions that were
39 // validated going into the memory pool does not allow
40 // double-spends in blocks to pass validation when they should not.
41
42 CScript scriptPubKey = CScript() << ToByteVector(coinbaseKey.GetPubKey()) << OP_CHECKSIG;
43
44 // Create a double-spend of mature coinbase txn:
45 std::vector<CMutableTransaction> spends;
46 spends.resize(2);
47 for (int i = 0; i < 2; i++)
48 {
49 spends[i].nVersion = 1;
50 spends[i].vin.resize(1);
51 spends[i].vin[0].prevout.hash = m_coinbase_txns[0]->GetHash();
52 spends[i].vin[0].prevout.n = 0;
53 spends[i].vout.resize(1);
54 spends[i].vout[0].nValue = 11*CENT;
55 spends[i].vout[0].scriptPubKey = scriptPubKey;
56
57 // Sign:
58 std::vector<unsigned char> vchSig;
59 uint256 hash = SignatureHash(scriptPubKey, spends[i], 0, SIGHASH_ALL, 0, SigVersion::BASE);
60 BOOST_CHECK(coinbaseKey.Sign(hash, vchSig));
61 vchSig.push_back((unsigned char)SIGHASH_ALL);
62 spends[i].vin[0].scriptSig << vchSig;
63 }
64
65 CBlock block;
66
67 // Test 1: block with both of those transactions should be rejected.
68 block = CreateAndProcessBlock(spends, scriptPubKey);
69 BOOST_CHECK(chainActive.Tip()->GetBlockHash() != block.GetHash());
70
71 // Test 2: ... and should be rejected if spend1 is in the memory pool
72 BOOST_CHECK(ToMemPool(spends[0]));
73 block = CreateAndProcessBlock(spends, scriptPubKey);
74 BOOST_CHECK(chainActive.Tip()->GetBlockHash() != block.GetHash());
75 mempool.clear();
76
77 // Test 3: ... and should be rejected if spend2 is in the memory pool
78 BOOST_CHECK(ToMemPool(spends[1]));
79 block = CreateAndProcessBlock(spends, scriptPubKey);
80 BOOST_CHECK(chainActive.Tip()->GetBlockHash() != block.GetHash());
81 mempool.clear();
82
83 // Final sanity test: first spend in mempool, second in block, that's OK:
84 std::vector<CMutableTransaction> oneSpend;
85 oneSpend.push_back(spends[0]);
86 BOOST_CHECK(ToMemPool(spends[1]));
87 block = CreateAndProcessBlock(oneSpend, scriptPubKey);
88 BOOST_CHECK(chainActive.Tip()->GetBlockHash() == block.GetHash());
89 // spends[1] should have been removed from the mempool when the
90 // block with spends[0] is accepted:
91 BOOST_CHECK_EQUAL(mempool.size(), 0U);
92 }
93
94 // Run CheckInputs (using pcoinsTip) on the given transaction, for all script
95 // flags. Test that CheckInputs passes for all flags that don't overlap with
96 // the failing_flags argument, but otherwise fails.
97 // CHECKLOCKTIMEVERIFY and CHECKSEQUENCEVERIFY (and future NOP codes that may
98 // get reassigned) have an interaction with DISCOURAGE_UPGRADABLE_NOPS: if
99 // the script flags used contain DISCOURAGE_UPGRADABLE_NOPS but don't contain
100 // CHECKLOCKTIMEVERIFY (or CHECKSEQUENCEVERIFY), but the script does contain
101 // OP_CHECKLOCKTIMEVERIFY (or OP_CHECKSEQUENCEVERIFY), then script execution
102 // should fail.
103 // Capture this interaction with the upgraded_nop argument: set it when evaluating
104 // any script flag that is implemented as an upgraded NOP code.
ValidateCheckInputsForAllFlags(const CTransaction & tx,uint32_t failing_flags,bool add_to_cache)105 static void ValidateCheckInputsForAllFlags(const CTransaction &tx, uint32_t failing_flags, bool add_to_cache) EXCLUSIVE_LOCKS_REQUIRED(cs_main)
106 {
107 PrecomputedTransactionData txdata(tx);
108 // If we add many more flags, this loop can get too expensive, but we can
109 // rewrite in the future to randomly pick a set of flags to evaluate.
110 for (uint32_t test_flags=0; test_flags < (1U << 16); test_flags += 1) {
111 CValidationState state;
112 // Filter out incompatible flag choices
113 if ((test_flags & SCRIPT_VERIFY_CLEANSTACK)) {
114 // CLEANSTACK requires P2SH and WITNESS, see VerifyScript() in
115 // script/interpreter.cpp
116 test_flags |= SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS;
117 }
118 if ((test_flags & SCRIPT_VERIFY_WITNESS)) {
119 // WITNESS requires P2SH
120 test_flags |= SCRIPT_VERIFY_P2SH;
121 }
122 bool ret = CheckInputs(tx, state, pcoinsTip.get(), true, test_flags, true, add_to_cache, txdata, nullptr);
123 // CheckInputs should succeed iff test_flags doesn't intersect with
124 // failing_flags
125 bool expected_return_value = !(test_flags & failing_flags);
126 BOOST_CHECK_EQUAL(ret, expected_return_value);
127
128 // Test the caching
129 if (ret && add_to_cache) {
130 // Check that we get a cache hit if the tx was valid
131 std::vector<CScriptCheck> scriptchecks;
132 BOOST_CHECK(CheckInputs(tx, state, pcoinsTip.get(), true, test_flags, true, add_to_cache, txdata, &scriptchecks));
133 BOOST_CHECK(scriptchecks.empty());
134 } else {
135 // Check that we get script executions to check, if the transaction
136 // was invalid, or we didn't add to cache.
137 std::vector<CScriptCheck> scriptchecks;
138 BOOST_CHECK(CheckInputs(tx, state, pcoinsTip.get(), true, test_flags, true, add_to_cache, txdata, &scriptchecks));
139 BOOST_CHECK_EQUAL(scriptchecks.size(), tx.vin.size());
140 }
141 }
142 }
143
BOOST_FIXTURE_TEST_CASE(checkinputs_test,TestChain100Setup)144 BOOST_FIXTURE_TEST_CASE(checkinputs_test, TestChain100Setup)
145 {
146 // Test that passing CheckInputs with one set of script flags doesn't imply
147 // that we would pass again with a different set of flags.
148 {
149 LOCK(cs_main);
150 InitScriptExecutionCache();
151 }
152
153 CScript p2pk_scriptPubKey = CScript() << ToByteVector(coinbaseKey.GetPubKey()) << OP_CHECKSIG;
154 CScript p2sh_scriptPubKey = GetScriptForDestination(CScriptID(p2pk_scriptPubKey));
155 CScript p2pkh_scriptPubKey = GetScriptForDestination(coinbaseKey.GetPubKey().GetID());
156 CScript p2wpkh_scriptPubKey = GetScriptForWitness(p2pkh_scriptPubKey);
157
158 CBasicKeyStore keystore;
159 BOOST_CHECK(keystore.AddKey(coinbaseKey));
160 BOOST_CHECK(keystore.AddCScript(p2pk_scriptPubKey));
161
162 // flags to test: SCRIPT_VERIFY_CHECKLOCKTIMEVERIFY, SCRIPT_VERIFY_CHECKSEQUENCE_VERIFY, SCRIPT_VERIFY_NULLDUMMY, uncompressed pubkey thing
163
164 // Create 2 outputs that match the three scripts above, spending the first
165 // coinbase tx.
166 CMutableTransaction spend_tx;
167
168 spend_tx.nVersion = 1;
169 spend_tx.vin.resize(1);
170 spend_tx.vin[0].prevout.hash = m_coinbase_txns[0]->GetHash();
171 spend_tx.vin[0].prevout.n = 0;
172 spend_tx.vout.resize(4);
173 spend_tx.vout[0].nValue = 11*CENT;
174 spend_tx.vout[0].scriptPubKey = p2sh_scriptPubKey;
175 spend_tx.vout[1].nValue = 11*CENT;
176 spend_tx.vout[1].scriptPubKey = p2wpkh_scriptPubKey;
177 spend_tx.vout[2].nValue = 11*CENT;
178 spend_tx.vout[2].scriptPubKey = CScript() << OP_CHECKLOCKTIMEVERIFY << OP_DROP << ToByteVector(coinbaseKey.GetPubKey()) << OP_CHECKSIG;
179 spend_tx.vout[3].nValue = 11*CENT;
180 spend_tx.vout[3].scriptPubKey = CScript() << OP_CHECKSEQUENCEVERIFY << OP_DROP << ToByteVector(coinbaseKey.GetPubKey()) << OP_CHECKSIG;
181
182 // Sign, with a non-DER signature
183 {
184 std::vector<unsigned char> vchSig;
185 uint256 hash = SignatureHash(p2pk_scriptPubKey, spend_tx, 0, SIGHASH_ALL, 0, SigVersion::BASE);
186 BOOST_CHECK(coinbaseKey.Sign(hash, vchSig));
187 vchSig.push_back((unsigned char) 0); // padding byte makes this non-DER
188 vchSig.push_back((unsigned char)SIGHASH_ALL);
189 spend_tx.vin[0].scriptSig << vchSig;
190 }
191
192 // Test that invalidity under a set of flags doesn't preclude validity
193 // under other (eg consensus) flags.
194 // spend_tx is invalid according to DERSIG
195 {
196 LOCK(cs_main);
197
198 CValidationState state;
199 PrecomputedTransactionData ptd_spend_tx(spend_tx);
200
201 BOOST_CHECK(!CheckInputs(CTransaction(spend_tx), state, pcoinsTip.get(), true, SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_DERSIG, true, true, ptd_spend_tx, nullptr));
202
203 // If we call again asking for scriptchecks (as happens in
204 // ConnectBlock), we should add a script check object for this -- we're
205 // not caching invalidity (if that changes, delete this test case).
206 std::vector<CScriptCheck> scriptchecks;
207 BOOST_CHECK(CheckInputs(CTransaction(spend_tx), state, pcoinsTip.get(), true, SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_DERSIG, true, true, ptd_spend_tx, &scriptchecks));
208 BOOST_CHECK_EQUAL(scriptchecks.size(), 1U);
209
210 // Test that CheckInputs returns true iff DERSIG-enforcing flags are
211 // not present. Don't add these checks to the cache, so that we can
212 // test later that block validation works fine in the absence of cached
213 // successes.
214 ValidateCheckInputsForAllFlags(CTransaction(spend_tx), SCRIPT_VERIFY_DERSIG | SCRIPT_VERIFY_LOW_S | SCRIPT_VERIFY_STRICTENC, false);
215 }
216
217 // And if we produce a block with this tx, it should be valid (DERSIG not
218 // enabled yet), even though there's no cache entry.
219 CBlock block;
220
221 block = CreateAndProcessBlock({spend_tx}, p2pk_scriptPubKey);
222 LOCK(cs_main);
223 BOOST_CHECK(chainActive.Tip()->GetBlockHash() == block.GetHash());
224 BOOST_CHECK(pcoinsTip->GetBestBlock() == block.GetHash());
225
226 // Test P2SH: construct a transaction that is valid without P2SH, and
227 // then test validity with P2SH.
228 {
229 CMutableTransaction invalid_under_p2sh_tx;
230 invalid_under_p2sh_tx.nVersion = 1;
231 invalid_under_p2sh_tx.vin.resize(1);
232 invalid_under_p2sh_tx.vin[0].prevout.hash = spend_tx.GetHash();
233 invalid_under_p2sh_tx.vin[0].prevout.n = 0;
234 invalid_under_p2sh_tx.vout.resize(1);
235 invalid_under_p2sh_tx.vout[0].nValue = 11*CENT;
236 invalid_under_p2sh_tx.vout[0].scriptPubKey = p2pk_scriptPubKey;
237 std::vector<unsigned char> vchSig2(p2pk_scriptPubKey.begin(), p2pk_scriptPubKey.end());
238 invalid_under_p2sh_tx.vin[0].scriptSig << vchSig2;
239
240 ValidateCheckInputsForAllFlags(CTransaction(invalid_under_p2sh_tx), SCRIPT_VERIFY_P2SH, true);
241 }
242
243 // Test CHECKLOCKTIMEVERIFY
244 {
245 CMutableTransaction invalid_with_cltv_tx;
246 invalid_with_cltv_tx.nVersion = 1;
247 invalid_with_cltv_tx.nLockTime = 100;
248 invalid_with_cltv_tx.vin.resize(1);
249 invalid_with_cltv_tx.vin[0].prevout.hash = spend_tx.GetHash();
250 invalid_with_cltv_tx.vin[0].prevout.n = 2;
251 invalid_with_cltv_tx.vin[0].nSequence = 0;
252 invalid_with_cltv_tx.vout.resize(1);
253 invalid_with_cltv_tx.vout[0].nValue = 11*CENT;
254 invalid_with_cltv_tx.vout[0].scriptPubKey = p2pk_scriptPubKey;
255
256 // Sign
257 std::vector<unsigned char> vchSig;
258 uint256 hash = SignatureHash(spend_tx.vout[2].scriptPubKey, invalid_with_cltv_tx, 0, SIGHASH_ALL, 0, SigVersion::BASE);
259 BOOST_CHECK(coinbaseKey.Sign(hash, vchSig));
260 vchSig.push_back((unsigned char)SIGHASH_ALL);
261 invalid_with_cltv_tx.vin[0].scriptSig = CScript() << vchSig << 101;
262
263 ValidateCheckInputsForAllFlags(CTransaction(invalid_with_cltv_tx), SCRIPT_VERIFY_CHECKLOCKTIMEVERIFY, true);
264
265 // Make it valid, and check again
266 invalid_with_cltv_tx.vin[0].scriptSig = CScript() << vchSig << 100;
267 CValidationState state;
268 PrecomputedTransactionData txdata(invalid_with_cltv_tx);
269 BOOST_CHECK(CheckInputs(CTransaction(invalid_with_cltv_tx), state, pcoinsTip.get(), true, SCRIPT_VERIFY_CHECKLOCKTIMEVERIFY, true, true, txdata, nullptr));
270 }
271
272 // TEST CHECKSEQUENCEVERIFY
273 {
274 CMutableTransaction invalid_with_csv_tx;
275 invalid_with_csv_tx.nVersion = 2;
276 invalid_with_csv_tx.vin.resize(1);
277 invalid_with_csv_tx.vin[0].prevout.hash = spend_tx.GetHash();
278 invalid_with_csv_tx.vin[0].prevout.n = 3;
279 invalid_with_csv_tx.vin[0].nSequence = 100;
280 invalid_with_csv_tx.vout.resize(1);
281 invalid_with_csv_tx.vout[0].nValue = 11*CENT;
282 invalid_with_csv_tx.vout[0].scriptPubKey = p2pk_scriptPubKey;
283
284 // Sign
285 std::vector<unsigned char> vchSig;
286 uint256 hash = SignatureHash(spend_tx.vout[3].scriptPubKey, invalid_with_csv_tx, 0, SIGHASH_ALL, 0, SigVersion::BASE);
287 BOOST_CHECK(coinbaseKey.Sign(hash, vchSig));
288 vchSig.push_back((unsigned char)SIGHASH_ALL);
289 invalid_with_csv_tx.vin[0].scriptSig = CScript() << vchSig << 101;
290
291 ValidateCheckInputsForAllFlags(CTransaction(invalid_with_csv_tx), SCRIPT_VERIFY_CHECKSEQUENCEVERIFY, true);
292
293 // Make it valid, and check again
294 invalid_with_csv_tx.vin[0].scriptSig = CScript() << vchSig << 100;
295 CValidationState state;
296 PrecomputedTransactionData txdata(invalid_with_csv_tx);
297 BOOST_CHECK(CheckInputs(CTransaction(invalid_with_csv_tx), state, pcoinsTip.get(), true, SCRIPT_VERIFY_CHECKSEQUENCEVERIFY, true, true, txdata, nullptr));
298 }
299
300 // TODO: add tests for remaining script flags
301
302 // Test that passing CheckInputs with a valid witness doesn't imply success
303 // for the same tx with a different witness.
304 {
305 CMutableTransaction valid_with_witness_tx;
306 valid_with_witness_tx.nVersion = 1;
307 valid_with_witness_tx.vin.resize(1);
308 valid_with_witness_tx.vin[0].prevout.hash = spend_tx.GetHash();
309 valid_with_witness_tx.vin[0].prevout.n = 1;
310 valid_with_witness_tx.vout.resize(1);
311 valid_with_witness_tx.vout[0].nValue = 11*CENT;
312 valid_with_witness_tx.vout[0].scriptPubKey = p2pk_scriptPubKey;
313
314 // Sign
315 SignatureData sigdata;
316 BOOST_CHECK(ProduceSignature(keystore, MutableTransactionSignatureCreator(&valid_with_witness_tx, 0, 11*CENT, SIGHASH_ALL), spend_tx.vout[1].scriptPubKey, sigdata));
317 UpdateInput(valid_with_witness_tx.vin[0], sigdata);
318
319 // This should be valid under all script flags.
320 ValidateCheckInputsForAllFlags(CTransaction(valid_with_witness_tx), 0, true);
321
322 // Remove the witness, and check that it is now invalid.
323 valid_with_witness_tx.vin[0].scriptWitness.SetNull();
324 ValidateCheckInputsForAllFlags(CTransaction(valid_with_witness_tx), SCRIPT_VERIFY_WITNESS, true);
325 }
326
327 {
328 // Test a transaction with multiple inputs.
329 CMutableTransaction tx;
330
331 tx.nVersion = 1;
332 tx.vin.resize(2);
333 tx.vin[0].prevout.hash = spend_tx.GetHash();
334 tx.vin[0].prevout.n = 0;
335 tx.vin[1].prevout.hash = spend_tx.GetHash();
336 tx.vin[1].prevout.n = 1;
337 tx.vout.resize(1);
338 tx.vout[0].nValue = 22*CENT;
339 tx.vout[0].scriptPubKey = p2pk_scriptPubKey;
340
341 // Sign
342 for (int i=0; i<2; ++i) {
343 SignatureData sigdata;
344 BOOST_CHECK(ProduceSignature(keystore, MutableTransactionSignatureCreator(&tx, i, 11*CENT, SIGHASH_ALL), spend_tx.vout[i].scriptPubKey, sigdata));
345 UpdateInput(tx.vin[i], sigdata);
346 }
347
348 // This should be valid under all script flags
349 ValidateCheckInputsForAllFlags(CTransaction(tx), 0, true);
350
351 // Check that if the second input is invalid, but the first input is
352 // valid, the transaction is not cached.
353 // Invalidate vin[1]
354 tx.vin[1].scriptWitness.SetNull();
355
356 CValidationState state;
357 PrecomputedTransactionData txdata(tx);
358 // This transaction is now invalid under segwit, because of the second input.
359 BOOST_CHECK(!CheckInputs(CTransaction(tx), state, pcoinsTip.get(), true, SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS, true, true, txdata, nullptr));
360
361 std::vector<CScriptCheck> scriptchecks;
362 // Make sure this transaction was not cached (ie because the first
363 // input was valid)
364 BOOST_CHECK(CheckInputs(CTransaction(tx), state, pcoinsTip.get(), true, SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS, true, true, txdata, &scriptchecks));
365 // Should get 2 script checks back -- caching is on a whole-transaction basis.
366 BOOST_CHECK_EQUAL(scriptchecks.size(), 2U);
367 }
368 }
369
370 BOOST_AUTO_TEST_SUITE_END()
371