1 // Copyright (c) 2011-2020 The Bitcoin Core developers
2 // Distributed under the MIT software license, see the accompanying
3 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
4
5 #include <consensus/validation.h>
6 #include <key.h>
7 #include <validation.h>
8 #include <txmempool.h>
9 #include <script/standard.h>
10 #include <script/sign.h>
11 #include <script/signingprovider.h>
12 #include <test/util/setup_common.h>
13
14 #include <boost/test/unit_test.hpp>
15
16 bool CheckInputScripts(const CTransaction& tx, TxValidationState &state, const CCoinsViewCache &inputs, unsigned int flags, bool cacheSigStore, bool cacheFullScriptStore, PrecomputedTransactionData& txdata, std::vector<CScriptCheck> *pvChecks);
17
18 BOOST_AUTO_TEST_SUITE(txvalidationcache_tests)
19
BOOST_FIXTURE_TEST_CASE(tx_mempool_block_doublespend,TestChain100Setup)20 BOOST_FIXTURE_TEST_CASE(tx_mempool_block_doublespend, TestChain100Setup)
21 {
22 // Make sure skipping validation of transactions that were
23 // validated going into the memory pool does not allow
24 // double-spends in blocks to pass validation when they should not.
25
26 CScript scriptPubKey = CScript() << ToByteVector(coinbaseKey.GetPubKey()) << OP_CHECKSIG;
27
28 const auto ToMemPool = [this](const CMutableTransaction& tx) {
29 LOCK(cs_main);
30
31 TxValidationState state;
32 return AcceptToMemoryPool(*m_node.mempool, state, MakeTransactionRef(tx),
33 nullptr /* plTxnReplaced */, true /* bypass_limits */, 0 /* nAbsurdFee */);
34 };
35
36 // Create a double-spend of mature coinbase txn:
37 std::vector<CMutableTransaction> spends;
38 spends.resize(2);
39 for (int i = 0; i < 2; i++)
40 {
41 spends[i].nVersion = 1;
42 spends[i].vin.resize(1);
43 spends[i].vin[0].prevout.hash = m_coinbase_txns[0]->GetHash();
44 spends[i].vin[0].prevout.n = 0;
45 spends[i].vout.resize(1);
46 spends[i].vout[0].nValue = 11*CENT;
47 spends[i].vout[0].scriptPubKey = scriptPubKey;
48
49 // Sign:
50 std::vector<unsigned char> vchSig;
51 uint256 hash = SignatureHash(scriptPubKey, spends[i], 0, SIGHASH_ALL, 0, SigVersion::BASE);
52 BOOST_CHECK(coinbaseKey.Sign(hash, vchSig));
53 vchSig.push_back((unsigned char)SIGHASH_ALL);
54 spends[i].vin[0].scriptSig << vchSig;
55 }
56
57 CBlock block;
58
59 // Test 1: block with both of those transactions should be rejected.
60 block = CreateAndProcessBlock(spends, scriptPubKey);
61 {
62 LOCK(cs_main);
63 BOOST_CHECK(::ChainActive().Tip()->GetBlockHash() != block.GetHash());
64 }
65
66 // Test 2: ... and should be rejected if spend1 is in the memory pool
67 BOOST_CHECK(ToMemPool(spends[0]));
68 block = CreateAndProcessBlock(spends, scriptPubKey);
69 {
70 LOCK(cs_main);
71 BOOST_CHECK(::ChainActive().Tip()->GetBlockHash() != block.GetHash());
72 }
73 m_node.mempool->clear();
74
75 // Test 3: ... and should be rejected if spend2 is in the memory pool
76 BOOST_CHECK(ToMemPool(spends[1]));
77 block = CreateAndProcessBlock(spends, scriptPubKey);
78 {
79 LOCK(cs_main);
80 BOOST_CHECK(::ChainActive().Tip()->GetBlockHash() != block.GetHash());
81 }
82 m_node.mempool->clear();
83
84 // Final sanity test: first spend in *m_node.mempool, second in block, that's OK:
85 std::vector<CMutableTransaction> oneSpend;
86 oneSpend.push_back(spends[0]);
87 BOOST_CHECK(ToMemPool(spends[1]));
88 block = CreateAndProcessBlock(oneSpend, scriptPubKey);
89 {
90 LOCK(cs_main);
91 BOOST_CHECK(::ChainActive().Tip()->GetBlockHash() == block.GetHash());
92 }
93 // spends[1] should have been removed from the mempool when the
94 // block with spends[0] is accepted:
95 BOOST_CHECK_EQUAL(m_node.mempool->size(), 0U);
96 }
97
98 // Run CheckInputScripts (using CoinsTip()) on the given transaction, for all script
99 // flags. Test that CheckInputScripts passes for all flags that don't overlap with
100 // the failing_flags argument, but otherwise fails.
101 // CHECKLOCKTIMEVERIFY and CHECKSEQUENCEVERIFY (and future NOP codes that may
102 // get reassigned) have an interaction with DISCOURAGE_UPGRADABLE_NOPS: if
103 // the script flags used contain DISCOURAGE_UPGRADABLE_NOPS but don't contain
104 // CHECKLOCKTIMEVERIFY (or CHECKSEQUENCEVERIFY), but the script does contain
105 // OP_CHECKLOCKTIMEVERIFY (or OP_CHECKSEQUENCEVERIFY), then script execution
106 // should fail.
107 // Capture this interaction with the upgraded_nop argument: set it when evaluating
108 // any script flag that is implemented as an upgraded NOP code.
ValidateCheckInputsForAllFlags(const CTransaction & tx,uint32_t failing_flags,bool add_to_cache)109 static void ValidateCheckInputsForAllFlags(const CTransaction &tx, uint32_t failing_flags, bool add_to_cache) EXCLUSIVE_LOCKS_REQUIRED(cs_main)
110 {
111 PrecomputedTransactionData txdata(tx);
112 // If we add many more flags, this loop can get too expensive, but we can
113 // rewrite in the future to randomly pick a set of flags to evaluate.
114 for (uint32_t test_flags=0; test_flags < (1U << 16); test_flags += 1) {
115 TxValidationState state;
116 // Filter out incompatible flag choices
117 if ((test_flags & SCRIPT_VERIFY_CLEANSTACK)) {
118 // CLEANSTACK requires P2SH and WITNESS, see VerifyScript() in
119 // script/interpreter.cpp
120 test_flags |= SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS;
121 }
122 if ((test_flags & SCRIPT_VERIFY_WITNESS)) {
123 // WITNESS requires P2SH
124 test_flags |= SCRIPT_VERIFY_P2SH;
125 }
126 bool ret = CheckInputScripts(tx, state, &::ChainstateActive().CoinsTip(), test_flags, true, add_to_cache, txdata, nullptr);
127 // CheckInputScripts should succeed iff test_flags doesn't intersect with
128 // failing_flags
129 bool expected_return_value = !(test_flags & failing_flags);
130 BOOST_CHECK_EQUAL(ret, expected_return_value);
131
132 // Test the caching
133 if (ret && add_to_cache) {
134 // Check that we get a cache hit if the tx was valid
135 std::vector<CScriptCheck> scriptchecks;
136 BOOST_CHECK(CheckInputScripts(tx, state, &::ChainstateActive().CoinsTip(), test_flags, true, add_to_cache, txdata, &scriptchecks));
137 BOOST_CHECK(scriptchecks.empty());
138 } else {
139 // Check that we get script executions to check, if the transaction
140 // was invalid, or we didn't add to cache.
141 std::vector<CScriptCheck> scriptchecks;
142 BOOST_CHECK(CheckInputScripts(tx, state, &::ChainstateActive().CoinsTip(), test_flags, true, add_to_cache, txdata, &scriptchecks));
143 BOOST_CHECK_EQUAL(scriptchecks.size(), tx.vin.size());
144 }
145 }
146 }
147
BOOST_FIXTURE_TEST_CASE(checkinputs_test,TestChain100Setup)148 BOOST_FIXTURE_TEST_CASE(checkinputs_test, TestChain100Setup)
149 {
150 // Test that passing CheckInputScripts with one set of script flags doesn't imply
151 // that we would pass again with a different set of flags.
152 {
153 LOCK(cs_main);
154 InitScriptExecutionCache();
155 }
156
157 CScript p2pk_scriptPubKey = CScript() << ToByteVector(coinbaseKey.GetPubKey()) << OP_CHECKSIG;
158 CScript p2sh_scriptPubKey = GetScriptForDestination(ScriptHash(p2pk_scriptPubKey));
159 CScript p2pkh_scriptPubKey = GetScriptForDestination(PKHash(coinbaseKey.GetPubKey()));
160 CScript p2wpkh_scriptPubKey = GetScriptForWitness(p2pkh_scriptPubKey);
161
162 FillableSigningProvider keystore;
163 BOOST_CHECK(keystore.AddKey(coinbaseKey));
164 BOOST_CHECK(keystore.AddCScript(p2pk_scriptPubKey));
165
166 // flags to test: SCRIPT_VERIFY_CHECKLOCKTIMEVERIFY, SCRIPT_VERIFY_CHECKSEQUENCE_VERIFY, SCRIPT_VERIFY_NULLDUMMY, uncompressed pubkey thing
167
168 // Create 2 outputs that match the three scripts above, spending the first
169 // coinbase tx.
170 CMutableTransaction spend_tx;
171
172 spend_tx.nVersion = 1;
173 spend_tx.vin.resize(1);
174 spend_tx.vin[0].prevout.hash = m_coinbase_txns[0]->GetHash();
175 spend_tx.vin[0].prevout.n = 0;
176 spend_tx.vout.resize(4);
177 spend_tx.vout[0].nValue = 11*CENT;
178 spend_tx.vout[0].scriptPubKey = p2sh_scriptPubKey;
179 spend_tx.vout[1].nValue = 11*CENT;
180 spend_tx.vout[1].scriptPubKey = p2wpkh_scriptPubKey;
181 spend_tx.vout[2].nValue = 11*CENT;
182 spend_tx.vout[2].scriptPubKey = CScript() << OP_CHECKLOCKTIMEVERIFY << OP_DROP << ToByteVector(coinbaseKey.GetPubKey()) << OP_CHECKSIG;
183 spend_tx.vout[3].nValue = 11*CENT;
184 spend_tx.vout[3].scriptPubKey = CScript() << OP_CHECKSEQUENCEVERIFY << OP_DROP << ToByteVector(coinbaseKey.GetPubKey()) << OP_CHECKSIG;
185
186 // Sign, with a non-DER signature
187 {
188 std::vector<unsigned char> vchSig;
189 uint256 hash = SignatureHash(p2pk_scriptPubKey, spend_tx, 0, SIGHASH_ALL, 0, SigVersion::BASE);
190 BOOST_CHECK(coinbaseKey.Sign(hash, vchSig));
191 vchSig.push_back((unsigned char) 0); // padding byte makes this non-DER
192 vchSig.push_back((unsigned char)SIGHASH_ALL);
193 spend_tx.vin[0].scriptSig << vchSig;
194 }
195
196 // Test that invalidity under a set of flags doesn't preclude validity
197 // under other (eg consensus) flags.
198 // spend_tx is invalid according to DERSIG
199 {
200 LOCK(cs_main);
201
202 TxValidationState state;
203 PrecomputedTransactionData ptd_spend_tx(spend_tx);
204
205 BOOST_CHECK(!CheckInputScripts(CTransaction(spend_tx), state, &::ChainstateActive().CoinsTip(), SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_DERSIG, true, true, ptd_spend_tx, nullptr));
206
207 // If we call again asking for scriptchecks (as happens in
208 // ConnectBlock), we should add a script check object for this -- we're
209 // not caching invalidity (if that changes, delete this test case).
210 std::vector<CScriptCheck> scriptchecks;
211 BOOST_CHECK(CheckInputScripts(CTransaction(spend_tx), state, &::ChainstateActive().CoinsTip(), SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_DERSIG, true, true, ptd_spend_tx, &scriptchecks));
212 BOOST_CHECK_EQUAL(scriptchecks.size(), 1U);
213
214 // Test that CheckInputScripts returns true iff DERSIG-enforcing flags are
215 // not present. Don't add these checks to the cache, so that we can
216 // test later that block validation works fine in the absence of cached
217 // successes.
218 ValidateCheckInputsForAllFlags(CTransaction(spend_tx), SCRIPT_VERIFY_DERSIG | SCRIPT_VERIFY_LOW_S | SCRIPT_VERIFY_STRICTENC, false);
219 }
220
221 // And if we produce a block with this tx, it should be valid (DERSIG not
222 // enabled yet), even though there's no cache entry.
223 CBlock block;
224
225 block = CreateAndProcessBlock({spend_tx}, p2pk_scriptPubKey);
226 LOCK(cs_main);
227 BOOST_CHECK(::ChainActive().Tip()->GetBlockHash() == block.GetHash());
228 BOOST_CHECK(::ChainstateActive().CoinsTip().GetBestBlock() == block.GetHash());
229
230 // Test P2SH: construct a transaction that is valid without P2SH, and
231 // then test validity with P2SH.
232 {
233 CMutableTransaction invalid_under_p2sh_tx;
234 invalid_under_p2sh_tx.nVersion = 1;
235 invalid_under_p2sh_tx.vin.resize(1);
236 invalid_under_p2sh_tx.vin[0].prevout.hash = spend_tx.GetHash();
237 invalid_under_p2sh_tx.vin[0].prevout.n = 0;
238 invalid_under_p2sh_tx.vout.resize(1);
239 invalid_under_p2sh_tx.vout[0].nValue = 11*CENT;
240 invalid_under_p2sh_tx.vout[0].scriptPubKey = p2pk_scriptPubKey;
241 std::vector<unsigned char> vchSig2(p2pk_scriptPubKey.begin(), p2pk_scriptPubKey.end());
242 invalid_under_p2sh_tx.vin[0].scriptSig << vchSig2;
243
244 ValidateCheckInputsForAllFlags(CTransaction(invalid_under_p2sh_tx), SCRIPT_VERIFY_P2SH, true);
245 }
246
247 // Test CHECKLOCKTIMEVERIFY
248 {
249 CMutableTransaction invalid_with_cltv_tx;
250 invalid_with_cltv_tx.nVersion = 1;
251 invalid_with_cltv_tx.nLockTime = 100;
252 invalid_with_cltv_tx.vin.resize(1);
253 invalid_with_cltv_tx.vin[0].prevout.hash = spend_tx.GetHash();
254 invalid_with_cltv_tx.vin[0].prevout.n = 2;
255 invalid_with_cltv_tx.vin[0].nSequence = 0;
256 invalid_with_cltv_tx.vout.resize(1);
257 invalid_with_cltv_tx.vout[0].nValue = 11*CENT;
258 invalid_with_cltv_tx.vout[0].scriptPubKey = p2pk_scriptPubKey;
259
260 // Sign
261 std::vector<unsigned char> vchSig;
262 uint256 hash = SignatureHash(spend_tx.vout[2].scriptPubKey, invalid_with_cltv_tx, 0, SIGHASH_ALL, 0, SigVersion::BASE);
263 BOOST_CHECK(coinbaseKey.Sign(hash, vchSig));
264 vchSig.push_back((unsigned char)SIGHASH_ALL);
265 invalid_with_cltv_tx.vin[0].scriptSig = CScript() << vchSig << 101;
266
267 ValidateCheckInputsForAllFlags(CTransaction(invalid_with_cltv_tx), SCRIPT_VERIFY_CHECKLOCKTIMEVERIFY, true);
268
269 // Make it valid, and check again
270 invalid_with_cltv_tx.vin[0].scriptSig = CScript() << vchSig << 100;
271 TxValidationState state;
272 PrecomputedTransactionData txdata(invalid_with_cltv_tx);
273 BOOST_CHECK(CheckInputScripts(CTransaction(invalid_with_cltv_tx), state, ::ChainstateActive().CoinsTip(), SCRIPT_VERIFY_CHECKLOCKTIMEVERIFY, true, true, txdata, nullptr));
274 }
275
276 // TEST CHECKSEQUENCEVERIFY
277 {
278 CMutableTransaction invalid_with_csv_tx;
279 invalid_with_csv_tx.nVersion = 2;
280 invalid_with_csv_tx.vin.resize(1);
281 invalid_with_csv_tx.vin[0].prevout.hash = spend_tx.GetHash();
282 invalid_with_csv_tx.vin[0].prevout.n = 3;
283 invalid_with_csv_tx.vin[0].nSequence = 100;
284 invalid_with_csv_tx.vout.resize(1);
285 invalid_with_csv_tx.vout[0].nValue = 11*CENT;
286 invalid_with_csv_tx.vout[0].scriptPubKey = p2pk_scriptPubKey;
287
288 // Sign
289 std::vector<unsigned char> vchSig;
290 uint256 hash = SignatureHash(spend_tx.vout[3].scriptPubKey, invalid_with_csv_tx, 0, SIGHASH_ALL, 0, SigVersion::BASE);
291 BOOST_CHECK(coinbaseKey.Sign(hash, vchSig));
292 vchSig.push_back((unsigned char)SIGHASH_ALL);
293 invalid_with_csv_tx.vin[0].scriptSig = CScript() << vchSig << 101;
294
295 ValidateCheckInputsForAllFlags(CTransaction(invalid_with_csv_tx), SCRIPT_VERIFY_CHECKSEQUENCEVERIFY, true);
296
297 // Make it valid, and check again
298 invalid_with_csv_tx.vin[0].scriptSig = CScript() << vchSig << 100;
299 TxValidationState state;
300 PrecomputedTransactionData txdata(invalid_with_csv_tx);
301 BOOST_CHECK(CheckInputScripts(CTransaction(invalid_with_csv_tx), state, &::ChainstateActive().CoinsTip(), SCRIPT_VERIFY_CHECKSEQUENCEVERIFY, true, true, txdata, nullptr));
302 }
303
304 // TODO: add tests for remaining script flags
305
306 // Test that passing CheckInputScripts with a valid witness doesn't imply success
307 // for the same tx with a different witness.
308 {
309 CMutableTransaction valid_with_witness_tx;
310 valid_with_witness_tx.nVersion = 1;
311 valid_with_witness_tx.vin.resize(1);
312 valid_with_witness_tx.vin[0].prevout.hash = spend_tx.GetHash();
313 valid_with_witness_tx.vin[0].prevout.n = 1;
314 valid_with_witness_tx.vout.resize(1);
315 valid_with_witness_tx.vout[0].nValue = 11*CENT;
316 valid_with_witness_tx.vout[0].scriptPubKey = p2pk_scriptPubKey;
317
318 // Sign
319 SignatureData sigdata;
320 BOOST_CHECK(ProduceSignature(keystore, MutableTransactionSignatureCreator(&valid_with_witness_tx, 0, 11*CENT, SIGHASH_ALL), spend_tx.vout[1].scriptPubKey, sigdata));
321 UpdateInput(valid_with_witness_tx.vin[0], sigdata);
322
323 // This should be valid under all script flags.
324 ValidateCheckInputsForAllFlags(CTransaction(valid_with_witness_tx), 0, true);
325
326 // Remove the witness, and check that it is now invalid.
327 valid_with_witness_tx.vin[0].scriptWitness.SetNull();
328 ValidateCheckInputsForAllFlags(CTransaction(valid_with_witness_tx), SCRIPT_VERIFY_WITNESS, true);
329 }
330
331 {
332 // Test a transaction with multiple inputs.
333 CMutableTransaction tx;
334
335 tx.nVersion = 1;
336 tx.vin.resize(2);
337 tx.vin[0].prevout.hash = spend_tx.GetHash();
338 tx.vin[0].prevout.n = 0;
339 tx.vin[1].prevout.hash = spend_tx.GetHash();
340 tx.vin[1].prevout.n = 1;
341 tx.vout.resize(1);
342 tx.vout[0].nValue = 22*CENT;
343 tx.vout[0].scriptPubKey = p2pk_scriptPubKey;
344
345 // Sign
346 for (int i=0; i<2; ++i) {
347 SignatureData sigdata;
348 BOOST_CHECK(ProduceSignature(keystore, MutableTransactionSignatureCreator(&tx, i, 11*CENT, SIGHASH_ALL), spend_tx.vout[i].scriptPubKey, sigdata));
349 UpdateInput(tx.vin[i], sigdata);
350 }
351
352 // This should be valid under all script flags
353 ValidateCheckInputsForAllFlags(CTransaction(tx), 0, true);
354
355 // Check that if the second input is invalid, but the first input is
356 // valid, the transaction is not cached.
357 // Invalidate vin[1]
358 tx.vin[1].scriptWitness.SetNull();
359
360 TxValidationState state;
361 PrecomputedTransactionData txdata(tx);
362 // This transaction is now invalid under segwit, because of the second input.
363 BOOST_CHECK(!CheckInputScripts(CTransaction(tx), state, &::ChainstateActive().CoinsTip(), SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS, true, true, txdata, nullptr));
364
365 std::vector<CScriptCheck> scriptchecks;
366 // Make sure this transaction was not cached (ie because the first
367 // input was valid)
368 BOOST_CHECK(CheckInputScripts(CTransaction(tx), state, &::ChainstateActive().CoinsTip(), SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS, true, true, txdata, &scriptchecks));
369 // Should get 2 script checks back -- caching is on a whole-transaction basis.
370 BOOST_CHECK_EQUAL(scriptchecks.size(), 2U);
371 }
372 }
373
374 BOOST_AUTO_TEST_SUITE_END()
375