LCOV - code coverage report
Current view: top level - src/test - script_tests.cpp (source / functions) Hit Total Coverage
Test: total_coverage.info Lines: 714 727 98.2 %
Date: 2025-02-23 09:33:43 Functions: 45 45 100.0 %

          Line data    Source code
       1             : // Copyright (c) 2011-2014 The Bitcoin Core developers
       2             : // Copyright (c) 2017-2021 The PIVX Core developers
       3             : // Distributed under the MIT software license, see the accompanying
       4             : // file COPYING or http://www.opensource.org/licenses/mit-license.php.
       5             : 
       6             : #include "test/test_pivx.h"
       7             : #include "test/data/script_tests.json.h"
       8             : 
       9             : #include "core_io.h"
      10             : #include "fs.h"
      11             : #include "key.h"
      12             : #include "keystore.h"
      13             : #include "script/script.h"
      14             : #include "script/script_error.h"
      15             : #include "script/sign.h"
      16             : 
      17             : #if defined(HAVE_CONSENSUS_LIB)
      18             : #include "script/bitcoinconsensus.h"
      19             : #endif
      20             : 
      21             : #include <boost/algorithm/string/classification.hpp>
      22             : #include <boost/test/unit_test.hpp>
      23             : 
      24             : #include <univalue.h>
      25             : 
      26             : 
      27             : // Uncomment if you want to output updated JSON tests.
      28             : // #define UPDATE_JSON_TESTS
      29             : 
      30             : static const unsigned int flags = SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_STRICTENC;
      31             : 
      32             : unsigned int ParseScriptFlags(std::string strFlags);
      33             : std::string FormatScriptFlags(unsigned int flags);
      34             : 
      35             : UniValue
      36          18 : read_json(const std::string& jsondata)
      37             : {
      38          36 :     UniValue v;
      39             : 
      40          18 :     if (!v.read(jsondata) || !v.isArray())
      41             :     {
      42           0 :         BOOST_ERROR("Parse error.");
      43           0 :         return UniValue(UniValue::VARR);
      44             :     }
      45          18 :     return v.get_array();
      46             : }
      47             : 
      48             : struct ScriptErrorDesc
      49             : {
      50             :     ScriptError_t err;
      51             :     const char *name;
      52             : };
      53             : 
      54             : static ScriptErrorDesc script_errors[]={
      55             :     {SCRIPT_ERR_OK, "OK"},
      56             :     {SCRIPT_ERR_UNKNOWN_ERROR, "UNKNOWN_ERROR"},
      57             :     {SCRIPT_ERR_EVAL_FALSE, "EVAL_FALSE"},
      58             :     {SCRIPT_ERR_OP_RETURN, "OP_RETURN"},
      59             :     {SCRIPT_ERR_SCRIPT_SIZE, "SCRIPT_SIZE"},
      60             :     {SCRIPT_ERR_PUSH_SIZE, "PUSH_SIZE"},
      61             :     {SCRIPT_ERR_OP_COUNT, "OP_COUNT"},
      62             :     {SCRIPT_ERR_STACK_SIZE, "STACK_SIZE"},
      63             :     {SCRIPT_ERR_SIG_COUNT, "SIG_COUNT"},
      64             :     {SCRIPT_ERR_PUBKEY_COUNT, "PUBKEY_COUNT"},
      65             :     {SCRIPT_ERR_VERIFY, "VERIFY"},
      66             :     {SCRIPT_ERR_EQUALVERIFY, "EQUALVERIFY"},
      67             :     {SCRIPT_ERR_CHECKMULTISIGVERIFY, "CHECKMULTISIGVERIFY"},
      68             :     {SCRIPT_ERR_CHECKSIGVERIFY, "CHECKSIGVERIFY"},
      69             :     {SCRIPT_ERR_NUMEQUALVERIFY, "NUMEQUALVERIFY"},
      70             :     {SCRIPT_ERR_BAD_OPCODE, "BAD_OPCODE"},
      71             :     {SCRIPT_ERR_DISABLED_OPCODE, "DISABLED_OPCODE"},
      72             :     {SCRIPT_ERR_INVALID_STACK_OPERATION, "INVALID_STACK_OPERATION"},
      73             :     {SCRIPT_ERR_INVALID_ALTSTACK_OPERATION, "INVALID_ALTSTACK_OPERATION"},
      74             :     {SCRIPT_ERR_UNBALANCED_CONDITIONAL, "UNBALANCED_CONDITIONAL"},
      75             :     {SCRIPT_ERR_NEGATIVE_LOCKTIME, "NEGATIVE_LOCKTIME"},
      76             :     {SCRIPT_ERR_UNSATISFIED_LOCKTIME, "UNSATISFIED_LOCKTIME"},
      77             :     {SCRIPT_ERR_SIG_HASHTYPE, "SIG_HASHTYPE"},
      78             :     {SCRIPT_ERR_SIG_DER, "SIG_DER"},
      79             :     {SCRIPT_ERR_MINIMALDATA, "MINIMALDATA"},
      80             :     {SCRIPT_ERR_SIG_PUSHONLY, "SIG_PUSHONLY"},
      81             :     {SCRIPT_ERR_SIG_HIGH_S, "SIG_HIGH_S"},
      82             :     {SCRIPT_ERR_SIG_NULLDUMMY, "SIG_NULLDUMMY"},
      83             :     {SCRIPT_ERR_PUBKEYTYPE, "PUBKEYTYPE"},
      84             :     {SCRIPT_ERR_CLEANSTACK, "CLEANSTACK"},
      85             :     {SCRIPT_ERR_DISCOURAGE_UPGRADABLE_NOPS, "DISCOURAGE_UPGRADABLE_NOPS"}
      86             : };
      87             : 
      88        2334 : const char *FormatScriptError(ScriptError_t err)
      89             : {
      90       16281 :     for (unsigned int i=0; i<ARRAYLEN(script_errors); ++i)
      91       16281 :         if (script_errors[i].err == err)
      92        2334 :             return script_errors[i].name;
      93           0 :     BOOST_ERROR("Unknown scripterror enumeration value, update script_errors in script_tests.cpp.");
      94           0 :     return "";
      95             : }
      96             : 
      97        1044 : ScriptError_t ParseScriptError(const std::string &name)
      98             : {
      99        6903 :     for (unsigned int i=0; i<ARRAYLEN(script_errors); ++i)
     100        6903 :         if (script_errors[i].name == name)
     101        1044 :             return script_errors[i].err;
     102           0 :     BOOST_ERROR("Unknown scripterror \"" << name << "\" in test description");
     103           0 :     return SCRIPT_ERR_UNKNOWN_ERROR;
     104             : }
     105             : 
     106             : BOOST_FIXTURE_TEST_SUITE(script_tests, BasicTestingSetup)
     107             : 
     108        1211 : CMutableTransaction BuildCreditingTransaction(const CScript& scriptPubKey)
     109             : {
     110        1211 :     CMutableTransaction txCredit;
     111        1211 :     txCredit.nVersion = 1;
     112        1211 :     txCredit.nLockTime = 0;
     113        1211 :     txCredit.vin.resize(1);
     114        1211 :     txCredit.vout.resize(1);
     115        1211 :     txCredit.vin[0].prevout.SetNull();
     116        1211 :     txCredit.vin[0].scriptSig = CScript() << CScriptNum(0) << CScriptNum(0);
     117        1211 :     txCredit.vin[0].nSequence = CTxIn::SEQUENCE_FINAL;
     118        1211 :     txCredit.vout[0].scriptPubKey = scriptPubKey;
     119        1211 :     txCredit.vout[0].nValue = 0;
     120             : 
     121        1211 :     return txCredit;
     122             : }
     123             : 
     124        1211 : CMutableTransaction BuildSpendingTransaction(const CScript& scriptSig, const CMutableTransaction& txCredit)
     125             : {
     126        1211 :     CMutableTransaction txSpend;
     127        1211 :     txSpend.nVersion = 1;
     128        1211 :     txSpend.nLockTime = 0;
     129        1211 :     txSpend.vin.resize(1);
     130        1211 :     txSpend.vout.resize(1);
     131        1211 :     txSpend.vin[0].prevout.hash = txCredit.GetHash();
     132        1211 :     txSpend.vin[0].prevout.n = 0;
     133        1211 :     txSpend.vin[0].scriptSig = scriptSig;
     134        1211 :     txSpend.vin[0].nSequence = CTxIn::SEQUENCE_FINAL;
     135        1211 :     txSpend.vout[0].scriptPubKey = CScript();
     136        1211 :     txSpend.vout[0].nValue = 0;
     137             : 
     138        1211 :     return txSpend;
     139             : }
     140             : 
     141        1126 : void DoTest(const CScript& scriptPubKey, const CScript& scriptSig, int flags, const std::string& message, int scriptError)
     142             : {
     143        1126 :     bool expect = (scriptError == SCRIPT_ERR_OK);
     144        1126 :     ScriptError err;
     145        2252 :     CMutableTransaction tx = BuildSpendingTransaction(scriptSig, BuildCreditingTransaction(scriptPubKey));
     146        2252 :     CMutableTransaction tx2 = tx;
     147        1126 :     static const CAmount amountZero = 0;
     148        3378 :     BOOST_CHECK_MESSAGE(VerifyScript(scriptSig, scriptPubKey, flags,
     149             :             MutableTransactionSignatureChecker(&tx, 0, amountZero), tx.GetRequiredSigVersion(), &err) == expect, message);
     150        3501 :     BOOST_CHECK_MESSAGE(err == scriptError, std::string(FormatScriptError(err)) + " where " + std::string(FormatScriptError((ScriptError_t)scriptError)) + " expected: " + message);
     151             : #if defined(HAVE_CONSENSUS_LIB)
     152             :     CDataStream stream(SER_NETWORK, PROTOCOL_VERSION);
     153             :     stream << tx2;
     154             :     BOOST_CHECK_MESSAGE(bitcoinconsensus_verify_script(scriptPubKey.data(), scriptPubKey.size(), (const unsigned char*)&stream[0], stream.size(), 0, flags, nullptr) == expect,message);
     155             : #endif
     156        1126 : }
     157             : 
     158           2 : void static NegateSignatureS(std::vector<unsigned char>& vchSig) {
     159             :     // Parse the signature.
     160           4 :     std::vector<unsigned char> r, s;
     161           2 :     r = std::vector<unsigned char>(vchSig.begin() + 4, vchSig.begin() + 4 + vchSig[3]);
     162           4 :     s = std::vector<unsigned char>(vchSig.begin() + 6 + vchSig[3], vchSig.begin() + 6 + vchSig[3] + vchSig[5 + vchSig[3]]);
     163             : 
     164             :     // Really ugly to implement mod-n negation here, but it would be feature creep to expose such functionality from libsecp256k1.
     165           4 :     static const unsigned char order[33] = {
     166             :         0x00,
     167             :         0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
     168             :         0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE,
     169             :         0xBA, 0xAE, 0xDC, 0xE6, 0xAF, 0x48, 0xA0, 0x3B,
     170             :         0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41, 0x41
     171             :     };
     172           4 :     while (s.size() < 33) {
     173           2 :         s.insert(s.begin(), 0x00);
     174             :     }
     175             :     int carry = 0;
     176          66 :     for (int p = 32; p >= 1; p--) {
     177          64 :         int n = (int)order[p] - s[p] - carry;
     178          64 :         s[p] = (n + 256) & 0xFF;
     179          64 :         carry = (n < 0);
     180             :     }
     181           2 :     assert(carry == 0);
     182           2 :     if (s.size() > 1 && s[0] == 0 && s[1] < 0x80) {
     183           0 :         s.erase(s.begin());
     184             :     }
     185             : 
     186             :     // Reconstruct the signature.
     187           2 :     vchSig.clear();
     188           2 :     vchSig.push_back(0x30);
     189           2 :     vchSig.push_back(4 + r.size() + s.size());
     190           2 :     vchSig.push_back(0x02);
     191           2 :     vchSig.push_back(r.size());
     192           2 :     vchSig.insert(vchSig.end(), r.begin(), r.end());
     193           2 :     vchSig.push_back(0x02);
     194           2 :     vchSig.push_back(s.size());
     195           2 :     vchSig.insert(vchSig.end(), s.begin(), s.end());
     196           2 : }
     197             : 
     198             : namespace
     199             : {
     200             : const unsigned char vchKey0[32] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1};
     201             : const unsigned char vchKey1[32] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0};
     202             : const unsigned char vchKey2[32] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0};
     203             : 
     204             : struct KeyData
     205             : {
     206             :     CKey key0, key0C, key1, key1C, key2, key2C;
     207             :     CPubKey pubkey0, pubkey0C, pubkey0H;
     208             :     CPubKey pubkey1, pubkey1C;
     209             :     CPubKey pubkey2, pubkey2C;
     210             : 
     211           1 :     KeyData()
     212           1 :     {
     213             : 
     214           1 :         key0.Set(vchKey0, vchKey0 + 32, false);
     215           1 :         key0C.Set(vchKey0, vchKey0 + 32, true);
     216           1 :         pubkey0 = key0.GetPubKey();
     217           1 :         pubkey0H = key0.GetPubKey();
     218           1 :         pubkey0C = key0C.GetPubKey();
     219           1 :         *const_cast<unsigned char*>(&pubkey0H[0]) = 0x06 | (pubkey0H[64] & 1);
     220             : 
     221           1 :         key1.Set(vchKey1, vchKey1 + 32, false);
     222           1 :         key1C.Set(vchKey1, vchKey1 + 32, true);
     223           1 :         pubkey1 = key1.GetPubKey();
     224           1 :         pubkey1C = key1C.GetPubKey();
     225             : 
     226           1 :         key2.Set(vchKey2, vchKey2 + 32, false);
     227           1 :         key2C.Set(vchKey2, vchKey2 + 32, true);
     228           1 :         pubkey2 = key2.GetPubKey();
     229           1 :         pubkey2C = key2C.GetPubKey();
     230           1 :     }
     231             : };
     232             : 
     233             : 
     234             : class TestBuilder
     235             : {
     236             : private:
     237             :     CScript scriptPubKey;
     238             :     CTransactionRef creditTx;
     239             :     CMutableTransaction spendTx;
     240             :     bool havePush;
     241             :     std::vector<unsigned char> push;
     242             :     std::string comment;
     243             :     int flags;
     244             :     int scriptError;
     245             : 
     246         325 :     void DoPush()
     247             :     {
     248         325 :         if (havePush) {
     249         173 :             spendTx.vin[0].scriptSig << push;
     250         173 :             havePush = false;
     251             :         }
     252             :     }
     253             : 
     254         107 :     void DoPush(const std::vector<unsigned char>& data)
     255             :     {
     256         107 :          DoPush();
     257         107 :          push = data;
     258         107 :          havePush = true;
     259         107 :     }
     260             : 
     261             : public:
     262          82 :     TestBuilder(const CScript& redeemScript, const std::string& comment_, int flags_, bool P2SH = false) : scriptPubKey(redeemScript), havePush(false), comment(comment_), flags(flags_), scriptError(SCRIPT_ERR_OK)
     263             :     {
     264          82 :         if (P2SH) {
     265          39 :             creditTx = MakeTransactionRef(BuildCreditingTransaction(CScript() << OP_HASH160 << ToByteVector(CScriptID(redeemScript)) << OP_EQUAL));
     266             :         } else {
     267         138 :             creditTx = MakeTransactionRef(BuildCreditingTransaction(redeemScript));
     268             :         }
     269          82 :         spendTx = BuildSpendingTransaction(CScript(), *creditTx);
     270          82 :     }
     271             : 
     272          45 :     TestBuilder& ScriptError(ScriptError_t err)
     273             :     {
     274          45 :         scriptError = err;
     275          45 :         return *this;
     276             :     }
     277             : 
     278           6 :     TestBuilder& Add(const CScript& script)
     279             :     {
     280           6 :         DoPush();
     281           6 :         spendTx.vin[0].scriptSig += script;
     282           6 :         return *this;
     283             :     }
     284             : 
     285          48 :     TestBuilder& Num(int num)
     286             :     {
     287          48 :         DoPush();
     288          48 :         spendTx.vin[0].scriptSig << num;
     289          48 :         return *this;
     290             :     }
     291             : 
     292             :     TestBuilder& Push(const std::string& hex)
     293             :     {
     294             :         DoPush(ParseHex(hex));
     295             :         return *this;
     296             :     }
     297             : 
     298          91 :     TestBuilder& PushSig(const CKey& key, int nHashType = SIGHASH_ALL, unsigned int lenR = 32, unsigned int lenS = 32)
     299             :     {
     300          91 :         uint256 hash = SignatureHash(scriptPubKey, spendTx, 0, nHashType, 0, SIGVERSION_BASE);
     301         273 :         std::vector<unsigned char> vchSig, r, s;
     302          91 :         uint32_t iter = 0;
     303        1247 :         do {
     304        1247 :             key.Sign(hash, vchSig, iter++);
     305        1247 :             if ((lenS == 33) != (vchSig[5 + vchSig[3]] == 33)) {
     306           2 :                 NegateSignatureS(vchSig);
     307             :             }
     308        2494 :             r = std::vector<unsigned char>(vchSig.begin() + 4, vchSig.begin() + 4 + vchSig[3]);
     309        2494 :             s = std::vector<unsigned char>(vchSig.begin() + 6 + vchSig[3], vchSig.begin() + 6 + vchSig[3] + vchSig[5 + vchSig[3]]);
     310        1247 :         } while (lenR != r.size() || lenS != s.size());
     311          91 :         vchSig.push_back(static_cast<unsigned char>(nHashType));
     312          91 :         DoPush(vchSig);
     313         182 :         return *this;
     314             :     }
     315             : 
     316           3 :     TestBuilder& Push(const CPubKey& pubkey)
     317             :     {
     318           4 :         DoPush(std::vector<unsigned char>(pubkey.begin(), pubkey.end()));
     319           3 :         return *this;
     320             :     }
     321             : 
     322          13 :     TestBuilder& PushRedeem()
     323             :     {
     324          39 :         DoPush(std::vector<unsigned char>(scriptPubKey.begin(), scriptPubKey.end()));
     325          13 :         return *this;
     326             :     }
     327             : 
     328          31 :     TestBuilder& EditPush(unsigned int pos, const std::string& hexin, const std::string& hexout)
     329             :     {
     330          31 :         assert(havePush);
     331          31 :         std::vector<unsigned char> datain = ParseHex(hexin);
     332          62 :         std::vector<unsigned char> dataout = ParseHex(hexout);
     333          31 :         assert(pos + datain.size() <= push.size());
     334          93 :         BOOST_CHECK_MESSAGE(std::vector<unsigned char>(push.begin() + pos, push.begin() + pos + datain.size()) == datain, comment);
     335          31 :         push.erase(push.begin() + pos, push.begin() + pos + datain.size());
     336          31 :         push.insert(push.begin() + pos, dataout.begin(), dataout.end());
     337          62 :         return *this;
     338             :     }
     339             : 
     340          13 :     TestBuilder& DamagePush(unsigned int pos)
     341             :     {
     342          13 :         assert(havePush);
     343          13 :         assert(pos < push.size());
     344          13 :         push[pos] ^= 1;
     345          13 :         return *this;
     346             :     }
     347             : 
     348          82 :     TestBuilder& Test()
     349             :     {
     350          82 :         TestBuilder copy = *this; // Make a copy so we can rollback the push.
     351          82 :         DoPush();
     352          82 :         DoTest(creditTx->vout[0].scriptPubKey, spendTx.vin[0].scriptSig, flags, comment, scriptError);
     353          82 :         *this = copy;
     354          82 :         return *this;
     355             :     }
     356             : 
     357          82 :     UniValue GetJSON()
     358             :     {
     359          82 :         DoPush();
     360          82 :         UniValue array(UniValue::VARR);
     361          82 :         array.push_back(FormatScript(spendTx.vin[0].scriptSig));
     362          82 :         array.push_back(FormatScript(creditTx->vout[0].scriptPubKey));
     363          82 :         array.push_back(FormatScriptFlags(flags));
     364          82 :         array.push_back(FormatScriptError((ScriptError_t)scriptError));
     365          82 :         array.push_back(comment);
     366          82 :         return array;
     367             :     }
     368             : 
     369           0 :     std::string GetComment()
     370             :     {
     371           0 :         return comment;
     372             :     }
     373             : };
     374             : 
     375        1160 : std::string JSONPrettyPrint(const UniValue& univalue)
     376             : {
     377        1160 :     std::string ret = univalue.write(4);
     378             :     // Workaround for libunivalue pretty printer, which puts a space between comma's and newlines
     379        1160 :     size_t pos = 0;
     380        1160 :     while ((pos = ret.find(" \n", pos)) != std::string::npos) {
     381           0 :         ret.replace(pos, 2, "\n");
     382           0 :         pos++;
     383             :     }
     384        1160 :     return ret;
     385             : }
     386             : }
     387             : 
     388           2 : BOOST_AUTO_TEST_CASE(script_build)
     389             : {
     390           2 :     const KeyData keys;
     391             : 
     392           1 :     std::vector<TestBuilder> tests;
     393             : 
     394           4 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
     395             :                                 "P2PK", 0
     396           1 :                                ).PushSig(keys.key0));
     397           4 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
     398             :                                 "P2PK, bad sig", 0
     399           1 :                                ).PushSig(keys.key0).DamagePush(10).ScriptError(SCRIPT_ERR_EVAL_FALSE));
     400             : 
     401           3 :     tests.push_back(TestBuilder(CScript() << OP_DUP << OP_HASH160 << ToByteVector(keys.pubkey1C.GetID()) << OP_EQUALVERIFY << OP_CHECKSIG,
     402             :                                 "P2PKH", 0
     403           1 :                                ).PushSig(keys.key1).Push(keys.pubkey1C));
     404           3 :     tests.push_back(TestBuilder(CScript() << OP_DUP << OP_HASH160 << ToByteVector(keys.pubkey2C.GetID()) << OP_EQUALVERIFY << OP_CHECKSIG,
     405             :                                 "P2PKH, bad pubkey", 0
     406           1 :                                ).PushSig(keys.key2).Push(keys.pubkey2C).DamagePush(5).ScriptError(SCRIPT_ERR_EQUALVERIFY));
     407             : 
     408           4 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG,
     409             :                                 "P2PK anyonecanpay", 0
     410           1 :                                ).PushSig(keys.key1, SIGHASH_ALL | SIGHASH_ANYONECANPAY));
     411           4 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG,
     412             :                                 "P2PK anyonecanpay marked with normal hashtype", 0
     413           2 :                                ).PushSig(keys.key1, SIGHASH_ALL | SIGHASH_ANYONECANPAY).EditPush(70, "81", "01").ScriptError(SCRIPT_ERR_EVAL_FALSE));
     414             : 
     415           4 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0C) << OP_CHECKSIG,
     416             :                                 "P2SH(P2PK)", SCRIPT_VERIFY_P2SH, true
     417           1 :                                ).PushSig(keys.key0).PushRedeem());
     418           4 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0C) << OP_CHECKSIG,
     419             :                                 "P2SH(P2PK), bad redeemscript", SCRIPT_VERIFY_P2SH, true
     420           1 :                                ).PushSig(keys.key0).PushRedeem().DamagePush(10).ScriptError(SCRIPT_ERR_EVAL_FALSE));
     421             : 
     422           3 :     tests.push_back(TestBuilder(CScript() << OP_DUP << OP_HASH160 << ToByteVector(keys.pubkey0.GetID()) << OP_EQUALVERIFY << OP_CHECKSIG,
     423             :                                 "P2SH(P2PKH)", SCRIPT_VERIFY_P2SH, true
     424           1 :                                ).PushSig(keys.key0).Push(keys.pubkey0).PushRedeem());
     425           3 :     tests.push_back(TestBuilder(CScript() << OP_DUP << OP_HASH160 << ToByteVector(keys.pubkey1.GetID()) << OP_EQUALVERIFY << OP_CHECKSIG,
     426             :                                 "P2SH(P2PKH), bad sig but no VERIFY_P2SH", 0, true
     427           1 :                                ).PushSig(keys.key0).DamagePush(10).PushRedeem());
     428           3 :     tests.push_back(TestBuilder(CScript() << OP_DUP << OP_HASH160 << ToByteVector(keys.pubkey1.GetID()) << OP_EQUALVERIFY << OP_CHECKSIG,
     429             :                                 "P2SH(P2PKH), bad sig", SCRIPT_VERIFY_P2SH, true
     430           1 :                                ).PushSig(keys.key0).DamagePush(10).PushRedeem().ScriptError(SCRIPT_ERR_EQUALVERIFY));
     431             : 
     432           6 :     tests.push_back(TestBuilder(CScript() << OP_3 << ToByteVector(keys.pubkey0C) << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_3 << OP_CHECKMULTISIG,
     433             :                                 "3-of-3", 0
     434           1 :                                ).Num(0).PushSig(keys.key0).PushSig(keys.key1).PushSig(keys.key2));
     435           6 :     tests.push_back(TestBuilder(CScript() << OP_3 << ToByteVector(keys.pubkey0C) << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_3 << OP_CHECKMULTISIG,
     436             :                                 "3-of-3, 2 sigs", 0
     437           1 :                                ).Num(0).PushSig(keys.key0).PushSig(keys.key1).Num(0).ScriptError(SCRIPT_ERR_EVAL_FALSE));
     438             : 
     439           6 :     tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey0C) << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_3 << OP_CHECKMULTISIG,
     440             :                                 "P2SH(2-of-3)", SCRIPT_VERIFY_P2SH, true
     441           1 :                                ).Num(0).PushSig(keys.key1).PushSig(keys.key2).PushRedeem());
     442           6 :     tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey0C) << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_3 << OP_CHECKMULTISIG,
     443             :                                 "P2SH(2-of-3), 1 sig", SCRIPT_VERIFY_P2SH, true
     444           1 :                                ).Num(0).PushSig(keys.key1).Num(0).PushRedeem().ScriptError(SCRIPT_ERR_EVAL_FALSE));
     445             : 
     446           5 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
     447             :                                 "P2PK with too much R padding but no DERSIG", 0
     448           2 :                                ).PushSig(keys.key1, SIGHASH_ALL, 31, 32).EditPush(1, "43021F", "44022000"));
     449           4 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
     450             :                                 "P2PK with too much R padding", SCRIPT_VERIFY_DERSIG
     451           2 :                                ).PushSig(keys.key1, SIGHASH_ALL, 31, 32).EditPush(1, "43021F", "44022000").ScriptError(SCRIPT_ERR_SIG_DER));
     452           5 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
     453             :                                 "P2PK with too much S padding but no DERSIG", 0
     454           2 :                                ).PushSig(keys.key1, SIGHASH_ALL).EditPush(1, "44", "45").EditPush(37, "20", "2100"));
     455           4 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
     456             :                                 "P2PK with too much S padding", SCRIPT_VERIFY_DERSIG
     457           2 :                                ).PushSig(keys.key1, SIGHASH_ALL).EditPush(1, "44", "45").EditPush(37, "20", "2100").ScriptError(SCRIPT_ERR_SIG_DER));
     458           5 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
     459             :                                 "P2PK with too little R padding but no DERSIG", 0
     460           2 :                                ).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220"));
     461           4 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
     462             :                                 "P2PK with too little R padding", SCRIPT_VERIFY_DERSIG
     463           2 :                                ).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").ScriptError(SCRIPT_ERR_SIG_DER));
     464           5 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG << OP_NOT,
     465             :                                 "P2PK NOT with bad sig with too much R padding but no DERSIG", 0
     466           2 :                                ).PushSig(keys.key2, SIGHASH_ALL, 31, 32).EditPush(1, "43021F", "44022000").DamagePush(10));
     467           4 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG << OP_NOT,
     468             :                                 "P2PK NOT with bad sig with too much R padding", SCRIPT_VERIFY_DERSIG
     469           2 :                                ).PushSig(keys.key2, SIGHASH_ALL, 31, 32).EditPush(1, "43021F", "44022000").DamagePush(10).ScriptError(SCRIPT_ERR_SIG_DER));
     470           4 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG << OP_NOT,
     471             :                                 "P2PK NOT with too much R padding but no DERSIG", 0
     472           2 :                                ).PushSig(keys.key2, SIGHASH_ALL, 31, 32).EditPush(1, "43021F", "44022000").ScriptError(SCRIPT_ERR_EVAL_FALSE));
     473           4 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG << OP_NOT,
     474             :                                 "P2PK NOT with too much R padding", SCRIPT_VERIFY_DERSIG
     475           2 :                                ).PushSig(keys.key2, SIGHASH_ALL, 31, 32).EditPush(1, "43021F", "44022000").ScriptError(SCRIPT_ERR_SIG_DER));
     476             : 
     477           5 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
     478             :                                 "BIP66 example 1, without DERSIG", 0
     479           2 :                                ).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220"));
     480           4 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
     481             :                                 "BIP66 example 1, with DERSIG", SCRIPT_VERIFY_DERSIG
     482           2 :                                ).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").ScriptError(SCRIPT_ERR_SIG_DER));
     483           4 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG << OP_NOT,
     484             :                                 "BIP66 example 2, without DERSIG", 0
     485           2 :                                ).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").ScriptError(SCRIPT_ERR_EVAL_FALSE));
     486           4 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG << OP_NOT,
     487             :                                 "BIP66 example 2, with DERSIG", SCRIPT_VERIFY_DERSIG
     488           2 :                                ).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").ScriptError(SCRIPT_ERR_SIG_DER));
     489           4 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
     490             :                                 "BIP66 example 3, without DERSIG", 0
     491           1 :                                ).Num(0).ScriptError(SCRIPT_ERR_EVAL_FALSE));
     492           4 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
     493             :                                 "BIP66 example 3, with DERSIG", SCRIPT_VERIFY_DERSIG
     494           1 :                                ).Num(0).ScriptError(SCRIPT_ERR_EVAL_FALSE));
     495           4 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG << OP_NOT,
     496             :                                 "BIP66 example 4, without DERSIG", 0
     497           1 :                                ).Num(0));
     498           4 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG << OP_NOT,
     499             :                                 "BIP66 example 4, with DERSIG", SCRIPT_VERIFY_DERSIG
     500           1 :                                ).Num(0));
     501           4 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
     502             :                                 "BIP66 example 5, without DERSIG", 0
     503           1 :                                ).Num(1).ScriptError(SCRIPT_ERR_EVAL_FALSE));
     504           4 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
     505             :                                 "BIP66 example 5, with DERSIG", SCRIPT_VERIFY_DERSIG
     506           1 :                                ).Num(1).ScriptError(SCRIPT_ERR_SIG_DER));
     507           4 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG << OP_NOT,
     508             :                                 "BIP66 example 6, without DERSIG", 0
     509           1 :                                ).Num(1));
     510           4 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG << OP_NOT,
     511             :                                 "BIP66 example 6, with DERSIG", SCRIPT_VERIFY_DERSIG
     512           1 :                                ).Num(1).ScriptError(SCRIPT_ERR_SIG_DER));
     513           6 :     tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG,
     514             :                                 "BIP66 example 7, without DERSIG", 0
     515           2 :                                ).Num(0).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").PushSig(keys.key2));
     516           5 :     tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG,
     517             :                                 "BIP66 example 7, with DERSIG", SCRIPT_VERIFY_DERSIG
     518           2 :                                ).Num(0).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").PushSig(keys.key2).ScriptError(SCRIPT_ERR_SIG_DER));
     519           5 :     tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG << OP_NOT,
     520             :                                 "BIP66 example 8, without DERSIG", 0
     521           2 :                                ).Num(0).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").PushSig(keys.key2).ScriptError(SCRIPT_ERR_EVAL_FALSE));
     522           5 :     tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG << OP_NOT,
     523             :                                 "BIP66 example 8, with DERSIG", SCRIPT_VERIFY_DERSIG
     524           2 :                                ).Num(0).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").PushSig(keys.key2).ScriptError(SCRIPT_ERR_SIG_DER));
     525           5 :     tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG,
     526             :                                 "BIP66 example 9, without DERSIG", 0
     527           2 :                                ).Num(0).Num(0).PushSig(keys.key2, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").ScriptError(SCRIPT_ERR_EVAL_FALSE));
     528           5 :     tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG,
     529             :                                 "BIP66 example 9, with DERSIG", SCRIPT_VERIFY_DERSIG
     530           2 :                                ).Num(0).Num(0).PushSig(keys.key2, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").ScriptError(SCRIPT_ERR_SIG_DER));
     531           6 :     tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG << OP_NOT,
     532             :                                 "BIP66 example 10, without DERSIG", 0
     533           2 :                                ).Num(0).Num(0).PushSig(keys.key2, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220"));
     534           5 :     tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG << OP_NOT,
     535             :                                 "BIP66 example 10, with DERSIG", SCRIPT_VERIFY_DERSIG
     536           2 :                                ).Num(0).Num(0).PushSig(keys.key2, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").ScriptError(SCRIPT_ERR_SIG_DER));
     537           5 :     tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG,
     538             :                                 "BIP66 example 11, without DERSIG", 0
     539           2 :                                ).Num(0).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").Num(0).ScriptError(SCRIPT_ERR_EVAL_FALSE));
     540           5 :     tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG,
     541             :                                 "BIP66 example 11, with DERSIG", SCRIPT_VERIFY_DERSIG
     542           2 :                                ).Num(0).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").Num(0).ScriptError(SCRIPT_ERR_EVAL_FALSE));
     543           6 :     tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG << OP_NOT,
     544             :                                 "BIP66 example 12, without DERSIG", 0
     545           2 :                                ).Num(0).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").Num(0));
     546           6 :     tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG << OP_NOT,
     547             :                                 "BIP66 example 12, with DERSIG", SCRIPT_VERIFY_DERSIG
     548           2 :                                ).Num(0).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").Num(0));
     549           5 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG,
     550             :                                 "P2PK with multi-byte hashtype, without DERSIG", 0
     551           2 :                                ).PushSig(keys.key2, SIGHASH_ALL).EditPush(70, "01", "0101"));
     552           4 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG,
     553             :                                 "P2PK with multi-byte hashtype, with DERSIG", SCRIPT_VERIFY_DERSIG
     554           2 :                                ).PushSig(keys.key2, SIGHASH_ALL).EditPush(70, "01", "0101").ScriptError(SCRIPT_ERR_SIG_DER));
     555             : 
     556           4 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG,
     557             :                                 "P2PK with high S but no LOW_S", 0
     558           1 :                                ).PushSig(keys.key2, SIGHASH_ALL, 32, 33));
     559           4 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG,
     560             :                                 "P2PK with high S", SCRIPT_VERIFY_LOW_S
     561           1 :                                ).PushSig(keys.key2, SIGHASH_ALL, 32, 33).ScriptError(SCRIPT_ERR_SIG_HIGH_S));
     562             : 
     563           4 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0H) << OP_CHECKSIG,
     564             :                                 "P2PK with hybrid pubkey but no STRICTENC", 0
     565           1 :                                ).PushSig(keys.key0, SIGHASH_ALL));
     566           4 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0H) << OP_CHECKSIG,
     567             :                                 "P2PK with hybrid pubkey", SCRIPT_VERIFY_STRICTENC
     568           1 :                                ).PushSig(keys.key0, SIGHASH_ALL).ScriptError(SCRIPT_ERR_PUBKEYTYPE));
     569           4 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0H) << OP_CHECKSIG << OP_NOT,
     570             :                                 "P2PK NOT with hybrid pubkey but no STRICTENC", 0
     571           1 :                                ).PushSig(keys.key0, SIGHASH_ALL).ScriptError(SCRIPT_ERR_EVAL_FALSE));
     572           4 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0H) << OP_CHECKSIG << OP_NOT,
     573             :                                 "P2PK NOT with hybrid pubkey", SCRIPT_VERIFY_STRICTENC
     574           1 :                                ).PushSig(keys.key0, SIGHASH_ALL).ScriptError(SCRIPT_ERR_PUBKEYTYPE));
     575           4 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0H) << OP_CHECKSIG << OP_NOT,
     576             :                                 "P2PK NOT with invalid hybrid pubkey but no STRICTENC", 0
     577           1 :                                ).PushSig(keys.key0, SIGHASH_ALL).DamagePush(10));
     578           4 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0H) << OP_CHECKSIG << OP_NOT,
     579             :                                 "P2PK NOT with invalid hybrid pubkey", SCRIPT_VERIFY_STRICTENC
     580           1 :                                ).PushSig(keys.key0, SIGHASH_ALL).DamagePush(10).ScriptError(SCRIPT_ERR_PUBKEYTYPE));
     581           5 :     tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey0H) << ToByteVector(keys.pubkey1C) << OP_2 << OP_CHECKMULTISIG,
     582             :                                 "1-of-2 with the second 1 hybrid pubkey and no STRICTENC", 0
     583           1 :                                ).Num(0).PushSig(keys.key1, SIGHASH_ALL));
     584           5 :     tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey0H) << ToByteVector(keys.pubkey1C) << OP_2 << OP_CHECKMULTISIG,
     585             :                                 "1-of-2 with the second 1 hybrid pubkey", SCRIPT_VERIFY_STRICTENC
     586           1 :                                ).Num(0).PushSig(keys.key1, SIGHASH_ALL));
     587           5 :     tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey0H) << OP_2 << OP_CHECKMULTISIG,
     588             :                                 "1-of-2 with the first 1 hybrid pubkey", SCRIPT_VERIFY_STRICTENC
     589           1 :                                ).Num(0).PushSig(keys.key1, SIGHASH_ALL).ScriptError(SCRIPT_ERR_PUBKEYTYPE));
     590             : 
     591           4 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG,
     592             :                                 "P2PK with undefined hashtype but no STRICTENC", 0
     593           1 :                                ).PushSig(keys.key1, 5));
     594           4 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG,
     595             :                                 "P2PK with undefined hashtype", SCRIPT_VERIFY_STRICTENC
     596           1 :                                ).PushSig(keys.key1, 5).ScriptError(SCRIPT_ERR_SIG_HASHTYPE));
     597           4 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG << OP_NOT,
     598             :                                 "P2PK NOT with invalid sig and undefined hashtype but no STRICTENC", 0
     599           1 :                                ).PushSig(keys.key1, 5).DamagePush(10));
     600           4 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG << OP_NOT,
     601             :                                 "P2PK NOT with invalid sig and undefined hashtype", SCRIPT_VERIFY_STRICTENC
     602           1 :                                ).PushSig(keys.key1, 5).DamagePush(10).ScriptError(SCRIPT_ERR_SIG_HASHTYPE));
     603             : 
     604           6 :     tests.push_back(TestBuilder(CScript() << OP_3 << ToByteVector(keys.pubkey0C) << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_3 << OP_CHECKMULTISIG,
     605             :                                 "3-of-3 with nonzero dummy but no NULLDUMMY", 0
     606           1 :                                ).Num(1).PushSig(keys.key0).PushSig(keys.key1).PushSig(keys.key2));
     607           6 :     tests.push_back(TestBuilder(CScript() << OP_3 << ToByteVector(keys.pubkey0C) << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_3 << OP_CHECKMULTISIG,
     608             :                                 "3-of-3 with nonzero dummy", SCRIPT_VERIFY_NULLDUMMY
     609           1 :                                ).Num(1).PushSig(keys.key0).PushSig(keys.key1).PushSig(keys.key2).ScriptError(SCRIPT_ERR_SIG_NULLDUMMY));
     610           6 :     tests.push_back(TestBuilder(CScript() << OP_3 << ToByteVector(keys.pubkey0C) << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_3 << OP_CHECKMULTISIG << OP_NOT,
     611             :                                 "3-of-3 NOT with invalid sig and nonzero dummy but no NULLDUMMY", 0
     612           1 :                                ).Num(1).PushSig(keys.key0).PushSig(keys.key1).PushSig(keys.key2).DamagePush(10));
     613           6 :     tests.push_back(TestBuilder(CScript() << OP_3 << ToByteVector(keys.pubkey0C) << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_3 << OP_CHECKMULTISIG << OP_NOT,
     614             :                                 "3-of-3 NOT with invalid sig with nonzero dummy", SCRIPT_VERIFY_NULLDUMMY
     615           1 :                                ).Num(1).PushSig(keys.key0).PushSig(keys.key1).PushSig(keys.key2).DamagePush(10).ScriptError(SCRIPT_ERR_SIG_NULLDUMMY));
     616             : 
     617           6 :     tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey1C) << OP_2 << OP_CHECKMULTISIG,
     618             :                                 "2-of-2 with two identical keys and sigs pushed using OP_DUP but no SIGPUSHONLY", 0
     619           2 :                                ).Num(0).PushSig(keys.key1).Add(CScript() << OP_DUP));
     620           5 :     tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey1C) << OP_2 << OP_CHECKMULTISIG,
     621             :                                 "2-of-2 with two identical keys and sigs pushed using OP_DUP", SCRIPT_VERIFY_SIGPUSHONLY
     622           2 :                                ).Num(0).PushSig(keys.key1).Add(CScript() << OP_DUP).ScriptError(SCRIPT_ERR_SIG_PUSHONLY));
     623           5 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG,
     624             :                                 "P2SH(P2PK) with non-push scriptSig but no P2SH or SIGPUSHONLY", 0, true
     625           2 :                                ).PushSig(keys.key2).Add(CScript() << OP_NOP8).PushRedeem());
     626           5 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG,
     627             :                                 "P2PK with non-push scriptSig but with P2SH validation", 0
     628           2 :                                ).PushSig(keys.key2).Add(CScript() << OP_NOP8));
     629           4 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG,
     630             :                                 "P2SH(P2PK) with non-push scriptSig but no SIGPUSHONLY", SCRIPT_VERIFY_P2SH, true
     631           2 :                                ).PushSig(keys.key2).Add(CScript() << OP_NOP8).PushRedeem().ScriptError(SCRIPT_ERR_SIG_PUSHONLY));
     632           4 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG,
     633             :                                 "P2SH(P2PK) with non-push scriptSig but not P2SH", SCRIPT_VERIFY_SIGPUSHONLY, true
     634           2 :                                ).PushSig(keys.key2).Add(CScript() << OP_NOP8).PushRedeem().ScriptError(SCRIPT_ERR_SIG_PUSHONLY));
     635           5 :     tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey1C) << OP_2 << OP_CHECKMULTISIG,
     636             :                                 "2-of-2 with two identical keys and sigs pushed", SCRIPT_VERIFY_SIGPUSHONLY
     637           1 :                                ).Num(0).PushSig(keys.key1).PushSig(keys.key1));
     638           4 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
     639             :                                 "P2PK with unnecessary input but no CLEANSTACK", SCRIPT_VERIFY_P2SH
     640           1 :                                ).Num(11).PushSig(keys.key0));
     641           4 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
     642             :                                 "P2PK with unnecessary input", SCRIPT_VERIFY_CLEANSTACK | SCRIPT_VERIFY_P2SH
     643           1 :                                ).Num(11).PushSig(keys.key0).ScriptError(SCRIPT_ERR_CLEANSTACK));
     644           4 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
     645             :                                 "P2SH with unnecessary input but no CLEANSTACK", SCRIPT_VERIFY_P2SH, true
     646           1 :                                ).Num(11).PushSig(keys.key0).PushRedeem());
     647           4 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
     648             :                                 "P2SH with unnecessary input", SCRIPT_VERIFY_CLEANSTACK | SCRIPT_VERIFY_P2SH, true
     649           1 :                                ).Num(11).PushSig(keys.key0).PushRedeem().ScriptError(SCRIPT_ERR_CLEANSTACK));
     650           4 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
     651             :                                 "P2SH with CLEANSTACK", SCRIPT_VERIFY_CLEANSTACK | SCRIPT_VERIFY_P2SH, true
     652           1 :                                ).PushSig(keys.key0).PushRedeem());
     653             : 
     654             : 
     655           2 :     std::set<std::string> tests_set;
     656             : 
     657           1 :     {
     658           3 :         UniValue json_tests = read_json(std::string(json_tests::script_tests, json_tests::script_tests + sizeof(json_tests::script_tests)));
     659             : 
     660        1079 :         for (unsigned int idx = 0; idx < json_tests.size(); idx++) {
     661        1078 :             const UniValue& tv = json_tests[idx];
     662        2164 :             tests_set.insert(JSONPrettyPrint(tv.get_array()));
     663             :         }
     664             :     }
     665             : 
     666           2 :     std::string strGen;
     667             : 
     668          83 :     for (TestBuilder& test : tests) {
     669          82 :         test.Test();
     670         164 :         std::string str = JSONPrettyPrint(test.GetJSON());
     671             : #ifndef UPDATE_JSON_TESTS
     672         164 :         if (tests_set.count(str) == 0) {
     673           0 :             BOOST_CHECK_MESSAGE(false, "Missing auto script_valid test: " + test.GetComment());
     674             :         }
     675             : #endif
     676         246 :         strGen += str + ",\n";
     677             :     }
     678             : 
     679             : #ifdef UPDATE_JSON_TESTS
     680             :     FILE* file = fopen("script_tests.json.gen", "w");
     681             :     fputs(strGen.c_str(), file);
     682             :     fclose(file);
     683             : #endif
     684           1 : }
     685             : 
     686           2 : BOOST_AUTO_TEST_CASE(script_json_test)
     687             : {
     688             :     // Read tests from test/data/script_tests.json
     689             :     // Format is an array of arrays
     690             :     // Inner arrays are [ "scriptSig", "scriptPubKey", "flags", "expected_scripterror" ]
     691             :     // ... where scriptSig and scriptPubKey are stringified
     692             :     // scripts.
     693           3 :     UniValue tests = read_json(std::string(json_tests::script_tests, json_tests::script_tests + sizeof(json_tests::script_tests)));
     694             : 
     695        1079 :     for (unsigned int idx = 0; idx < tests.size(); idx++) {
     696        1078 :         UniValue test = tests[idx];
     697        2122 :         std::string strTest = test.write();
     698        1078 :         if (test.size() < 4) // Allow size > 3; extra stuff ignored (useful for comments)
     699             :         {
     700          34 :             if (test.size() != 1) {
     701           0 :                 BOOST_ERROR("Bad test: " << strTest);
     702             :             }
     703          68 :             continue;
     704             :         }
     705        2088 :         std::string scriptSigString = test[0].get_str();
     706        3132 :         CScript scriptSig = ParseScript(scriptSigString);
     707        2088 :         std::string scriptPubKeyString = test[1].get_str();
     708        3132 :         CScript scriptPubKey = ParseScript(scriptPubKeyString);
     709        2088 :         unsigned int scriptflags = ParseScriptFlags(test[2].get_str());
     710        1044 :         int scriptError = ParseScriptError(test[3].get_str());
     711             : 
     712        1044 :         DoTest(scriptPubKey, scriptSig, scriptflags, strTest, scriptError);
     713             :     }
     714           1 : }
     715             : 
     716           2 : BOOST_AUTO_TEST_CASE(script_PushData)
     717             : {
     718             :     // Check that PUSHDATA1, PUSHDATA2, and PUSHDATA4 create the same value on
     719             :     // the stack as the 1-75 opcodes do.
     720           1 :     static const unsigned char direct[] = { 1, 0x5a };
     721           1 :     static const unsigned char pushdata1[] = { OP_PUSHDATA1, 1, 0x5a };
     722           1 :     static const unsigned char pushdata2[] = { OP_PUSHDATA2, 1, 0, 0x5a };
     723           1 :     static const unsigned char pushdata4[] = { OP_PUSHDATA4, 1, 0, 0, 0, 0x5a };
     724             : 
     725           1 :     ScriptError err;
     726           2 :     std::vector<std::vector<unsigned char> > directStack;
     727           2 :     BOOST_CHECK(EvalScript(directStack, CScript(&direct[0], &direct[sizeof(direct)]), SCRIPT_VERIFY_P2SH, BaseSignatureChecker(), SIGVERSION_BASE, &err));
     728           2 :     BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
     729             : 
     730           2 :     std::vector<std::vector<unsigned char> > pushdata1Stack;
     731           2 :     BOOST_CHECK(EvalScript(pushdata1Stack, CScript(&pushdata1[0], &pushdata1[sizeof(pushdata1)]), SCRIPT_VERIFY_P2SH, BaseSignatureChecker(), SIGVERSION_BASE, &err));
     732           2 :     BOOST_CHECK(pushdata1Stack == directStack);
     733           2 :     BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
     734             : 
     735           2 :     std::vector<std::vector<unsigned char> > pushdata2Stack;
     736           2 :     BOOST_CHECK(EvalScript(pushdata2Stack, CScript(&pushdata2[0], &pushdata2[sizeof(pushdata2)]), SCRIPT_VERIFY_P2SH, BaseSignatureChecker(), SIGVERSION_BASE, &err));
     737           2 :     BOOST_CHECK(pushdata2Stack == directStack);
     738           2 :     BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
     739             : 
     740           2 :     std::vector<std::vector<unsigned char> > pushdata4Stack;
     741           2 :     BOOST_CHECK(EvalScript(pushdata4Stack, CScript(&pushdata4[0], &pushdata4[sizeof(pushdata4)]), SCRIPT_VERIFY_P2SH, BaseSignatureChecker(), SIGVERSION_BASE, &err));
     742           2 :     BOOST_CHECK(pushdata4Stack == directStack);
     743           2 :     BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
     744           1 : }
     745             : 
     746             : CScript
     747          12 : sign_multisig(const CScript& scriptPubKey, const std::vector<CKey>& keys, const CTransaction& transaction)
     748             : {
     749          12 :     uint256 hash = SignatureHash(scriptPubKey, transaction, 0, SIGHASH_ALL, 0, SIGVERSION_BASE);
     750             : 
     751          12 :     CScript result;
     752             :     //
     753             :     // NOTE: CHECKMULTISIG has an unfortunate bug; it requires
     754             :     // one extra item on the stack, before the signatures.
     755             :     // Putting OP_0 on the stack is the workaround;
     756             :     // fixing the bug would mean splitting the block chain (old
     757             :     // clients would not accept new CHECKMULTISIG transactions,
     758             :     // and vice-versa)
     759             :     //
     760          12 :     result << OP_0;
     761          31 :     for (const CKey &key : keys)
     762             :     {
     763          38 :         std::vector<unsigned char> vchSig;
     764          38 :         BOOST_CHECK(key.Sign(hash, vchSig));
     765          19 :         vchSig.push_back((unsigned char)SIGHASH_ALL);
     766          19 :         result << vchSig;
     767             :     }
     768          12 :     return result;
     769             : }
     770             : CScript
     771           3 : sign_multisig(const CScript& scriptPubKey, const CKey& key, const CTransaction& transaction)
     772             : {
     773           6 :     std::vector<CKey> keys;
     774           3 :     keys.push_back(key);
     775           6 :     return sign_multisig(scriptPubKey, keys, transaction);
     776             : }
     777             : 
     778           2 : BOOST_AUTO_TEST_CASE(script_CHECKMULTISIG12)
     779             : {
     780           1 :     ScriptError err;
     781           3 :     CKey key1, key2, key3;
     782           1 :     key1.MakeNewKey(true);
     783           1 :     key2.MakeNewKey(false);
     784           1 :     key3.MakeNewKey(true);
     785             : 
     786           2 :     CScript scriptPubKey12;
     787           2 :     scriptPubKey12 << OP_1 << ToByteVector(key1.GetPubKey()) << ToByteVector(key2.GetPubKey()) << OP_2 << OP_CHECKMULTISIG;
     788             : 
     789           2 :     CMutableTransaction txFrom12 = BuildCreditingTransaction(scriptPubKey12);
     790           1 :     CMutableTransaction txTo12 = BuildSpendingTransaction(CScript(), txFrom12);
     791           1 :     const SigVersion sv12 = txTo12.GetRequiredSigVersion();
     792             : 
     793           2 :     CScript goodsig1 = sign_multisig(scriptPubKey12, key1, txTo12);
     794           2 :     BOOST_CHECK(VerifyScript(goodsig1, scriptPubKey12, flags, MutableTransactionSignatureChecker(&txTo12, 0, txFrom12.vout[0].nValue), sv12, &err));
     795           2 :     BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
     796           1 :     txTo12.vout[0].nValue = 2;
     797           2 :     BOOST_CHECK(!VerifyScript(goodsig1, scriptPubKey12, flags, MutableTransactionSignatureChecker(&txTo12, 0, txFrom12.vout[0].nValue), sv12, &err));
     798           2 :     BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_EVAL_FALSE, ScriptErrorString(err));
     799             : 
     800           2 :     CScript goodsig2 = sign_multisig(scriptPubKey12, key2, txTo12);
     801           2 :     BOOST_CHECK(VerifyScript(goodsig2, scriptPubKey12, flags, MutableTransactionSignatureChecker(&txTo12, 0, txFrom12.vout[0].nValue), sv12, &err));
     802           2 :     BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
     803             : 
     804           2 :     CScript badsig1 = sign_multisig(scriptPubKey12, key3, txTo12);
     805           2 :     BOOST_CHECK(!VerifyScript(badsig1, scriptPubKey12, flags, MutableTransactionSignatureChecker(&txTo12, 0, txFrom12.vout[0].nValue), sv12, &err));
     806           2 :     BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_EVAL_FALSE, ScriptErrorString(err));
     807           1 : }
     808             : 
     809           2 : BOOST_AUTO_TEST_CASE(script_CHECKMULTISIG23)
     810             : {
     811           1 :     ScriptError err;
     812           4 :     CKey key1, key2, key3, key4;
     813           1 :     key1.MakeNewKey(true);
     814           1 :     key2.MakeNewKey(false);
     815           1 :     key3.MakeNewKey(true);
     816           1 :     key4.MakeNewKey(false);
     817             : 
     818           2 :     CScript scriptPubKey23;
     819           3 :     scriptPubKey23 << OP_2 << ToByteVector(key1.GetPubKey()) << ToByteVector(key2.GetPubKey()) << ToByteVector(key3.GetPubKey()) << OP_3 << OP_CHECKMULTISIG;
     820             : 
     821           2 :     CMutableTransaction txFrom23 = BuildCreditingTransaction(scriptPubKey23);
     822           2 :     CMutableTransaction txTo23 = BuildSpendingTransaction(CScript(), txFrom23);
     823           1 :     const SigVersion sv23 = txTo23.GetRequiredSigVersion();
     824             : 
     825           1 :     std::vector<CKey> keys;
     826           1 :     keys.push_back(key1); keys.push_back(key2);
     827           2 :     CScript goodsig1 = sign_multisig(scriptPubKey23, keys, txTo23);
     828           2 :     BOOST_CHECK(VerifyScript(goodsig1, scriptPubKey23, flags, MutableTransactionSignatureChecker(&txTo23, 0, txFrom23.vout[0].nValue), sv23, &err));
     829           2 :     BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
     830             : 
     831           1 :     keys.clear();
     832           1 :     keys.push_back(key1); keys.push_back(key3);
     833           2 :     CScript goodsig2 = sign_multisig(scriptPubKey23, keys, txTo23);
     834           2 :     BOOST_CHECK(VerifyScript(goodsig2, scriptPubKey23, flags, MutableTransactionSignatureChecker(&txTo23, 0, txFrom23.vout[0].nValue), sv23, &err));
     835           2 :     BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
     836             : 
     837           1 :     keys.clear();
     838           1 :     keys.push_back(key2); keys.push_back(key3);
     839           2 :     CScript goodsig3 = sign_multisig(scriptPubKey23, keys, txTo23);
     840           2 :     BOOST_CHECK(VerifyScript(goodsig3, scriptPubKey23, flags, MutableTransactionSignatureChecker(&txTo23, 0, txFrom23.vout[0].nValue), sv23, &err));
     841           2 :     BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
     842             : 
     843           1 :     keys.clear();
     844           1 :     keys.push_back(key2); keys.push_back(key2); // Can't re-use sig
     845           2 :     CScript badsig1 = sign_multisig(scriptPubKey23, keys, txTo23);
     846           2 :     BOOST_CHECK(!VerifyScript(badsig1, scriptPubKey23, flags, MutableTransactionSignatureChecker(&txTo23, 0, txFrom23.vout[0].nValue), sv23, &err));
     847           2 :     BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_EVAL_FALSE, ScriptErrorString(err));
     848             : 
     849           1 :     keys.clear();
     850           1 :     keys.push_back(key2); keys.push_back(key1); // sigs must be in correct order
     851           2 :     CScript badsig2 = sign_multisig(scriptPubKey23, keys, txTo23);
     852           2 :     BOOST_CHECK(!VerifyScript(badsig2, scriptPubKey23, flags, MutableTransactionSignatureChecker(&txTo23, 0, txFrom23.vout[0].nValue), sv23, &err));
     853           2 :     BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_EVAL_FALSE, ScriptErrorString(err));
     854             : 
     855           1 :     keys.clear();
     856           1 :     keys.push_back(key3); keys.push_back(key2); // sigs must be in correct order
     857           2 :     CScript badsig3 = sign_multisig(scriptPubKey23, keys, txTo23);
     858           2 :     BOOST_CHECK(!VerifyScript(badsig3, scriptPubKey23, flags, MutableTransactionSignatureChecker(&txTo23, 0, txFrom23.vout[0].nValue), sv23, &err));
     859           2 :     BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_EVAL_FALSE, ScriptErrorString(err));
     860             : 
     861           1 :     keys.clear();
     862           1 :     keys.push_back(key4); keys.push_back(key2); // sigs must match pubkeys
     863           2 :     CScript badsig4 = sign_multisig(scriptPubKey23, keys, txTo23);
     864           2 :     BOOST_CHECK(!VerifyScript(badsig4, scriptPubKey23, flags, MutableTransactionSignatureChecker(&txTo23, 0, txFrom23.vout[0].nValue), sv23, &err));
     865           2 :     BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_EVAL_FALSE, ScriptErrorString(err));
     866             : 
     867           1 :     keys.clear();
     868           1 :     keys.push_back(key1); keys.push_back(key4); // sigs must match pubkeys
     869           2 :     CScript badsig5 = sign_multisig(scriptPubKey23, keys, txTo23);
     870           2 :     BOOST_CHECK(!VerifyScript(badsig5, scriptPubKey23, flags, MutableTransactionSignatureChecker(&txTo23, 0, txFrom23.vout[0].nValue), sv23, &err));
     871           2 :     BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_EVAL_FALSE, ScriptErrorString(err));
     872             : 
     873           1 :     keys.clear(); // Must have signatures
     874           2 :     CScript badsig6 = sign_multisig(scriptPubKey23, keys, txTo23);
     875           2 :     BOOST_CHECK(!VerifyScript(badsig6, scriptPubKey23, flags, MutableTransactionSignatureChecker(&txTo23, 0, txFrom23.vout[0].nValue), sv23, &err));
     876           2 :     BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_INVALID_STACK_OPERATION, ScriptErrorString(err));
     877           1 : }
     878             : 
     879           2 : BOOST_AUTO_TEST_CASE(script_combineSigs)
     880             : {
     881             :     // Test the CombineSignatures function
     882           1 :     CAmount amount = 0;
     883           2 :     CBasicKeyStore keystore;
     884           1 :     std::vector<CKey> keys;
     885           1 :     std::vector<CPubKey> pubkeys;
     886           4 :     for (int i = 0; i < 3; i++)
     887             :     {
     888           6 :         CKey key;
     889           3 :         key.MakeNewKey(i%2 == 1);
     890           3 :         keys.push_back(key);
     891           3 :         pubkeys.push_back(key.GetPubKey());
     892           3 :         keystore.AddKey(key);
     893             :     }
     894             : 
     895           3 :     CMutableTransaction txFrom = BuildCreditingTransaction(GetScriptForDestination(keys[0].GetPubKey().GetID()));
     896           1 :     CMutableTransaction txTo = BuildSpendingTransaction(CScript(), txFrom);
     897           1 :     CScript& scriptPubKey = txFrom.vout[0].scriptPubKey;
     898           1 :     CScript& scriptSig = txTo.vin[0].scriptSig;
     899             : 
     900           2 :     SignatureData empty;
     901           2 :     SignatureData combined = CombineSignatures(scriptPubKey, MutableTransactionSignatureChecker(&txTo, 0, amount), empty, empty);
     902           2 :     BOOST_CHECK(combined.scriptSig.empty());
     903             : 
     904             :     // Single signature case:
     905           1 :     SignSignature(keystore, txFrom, txTo, 0, SIGHASH_ALL); // changes scriptSig
     906           1 :     combined = CombineSignatures(scriptPubKey, MutableTransactionSignatureChecker(&txTo, 0, amount), SignatureData(scriptSig), empty);
     907           2 :     BOOST_CHECK(combined.scriptSig == scriptSig);
     908           2 :     combined = CombineSignatures(scriptPubKey, MutableTransactionSignatureChecker(&txTo, 0, amount), empty, SignatureData(scriptSig));
     909           2 :     BOOST_CHECK(combined.scriptSig == scriptSig);
     910           2 :     CScript scriptSigCopy = scriptSig;
     911             :     // Signing again will give a different, valid signature:
     912           1 :     SignSignature(keystore, txFrom, txTo, 0, SIGHASH_ALL);
     913           3 :     combined = CombineSignatures(scriptPubKey, MutableTransactionSignatureChecker(&txTo, 0, amount), SignatureData(scriptSigCopy), SignatureData(scriptSig));
     914           2 :     BOOST_CHECK(combined.scriptSig == scriptSigCopy || combined.scriptSig == scriptSig);
     915             : 
     916             :     // P2SH, single-signature case:
     917           2 :     CScript pkSingle; pkSingle << ToByteVector(keys[0].GetPubKey()) << OP_CHECKSIG;
     918           1 :     keystore.AddCScript(pkSingle);
     919           1 :     scriptPubKey = GetScriptForDestination(CScriptID(pkSingle));
     920           1 :     SignSignature(keystore, txFrom, txTo, 0, SIGHASH_ALL);
     921           2 :     combined = CombineSignatures(scriptPubKey, MutableTransactionSignatureChecker(&txTo, 0, amount), SignatureData(scriptSig), empty);
     922           2 :     BOOST_CHECK(combined.scriptSig == scriptSig);
     923           2 :     combined = CombineSignatures(scriptPubKey, MutableTransactionSignatureChecker(&txTo, 0, amount), empty, SignatureData(scriptSig));
     924           2 :     BOOST_CHECK(combined.scriptSig == scriptSig);
     925           1 :     scriptSigCopy = scriptSig;
     926           1 :     SignSignature(keystore, txFrom, txTo, 0, SIGHASH_ALL);
     927           3 :     combined = CombineSignatures(scriptPubKey, MutableTransactionSignatureChecker(&txTo, 0, amount), SignatureData(scriptSigCopy), SignatureData(scriptSig));
     928           2 :     BOOST_CHECK(combined.scriptSig == scriptSigCopy || combined.scriptSig == scriptSig);
     929             :     // dummy scriptSigCopy with placeholder, should always choose non-placeholder:
     930           4 :     scriptSigCopy = CScript() << OP_0 << std::vector<unsigned char>(pkSingle.begin(), pkSingle.end());
     931           3 :     combined = CombineSignatures(scriptPubKey, MutableTransactionSignatureChecker(&txTo, 0, amount), SignatureData(scriptSigCopy), SignatureData(scriptSig));
     932           2 :     BOOST_CHECK(combined.scriptSig == scriptSig);
     933           3 :     combined = CombineSignatures(scriptPubKey, MutableTransactionSignatureChecker(&txTo, 0, amount), SignatureData(scriptSig), SignatureData(scriptSigCopy));
     934           2 :     BOOST_CHECK(combined.scriptSig == scriptSig);
     935             : 
     936             :     // Hardest case:  Multisig 2-of-3
     937           1 :     scriptPubKey = GetScriptForMultisig(2, pubkeys);
     938           1 :     keystore.AddCScript(scriptPubKey);
     939           1 :     SignSignature(keystore, txFrom, txTo, 0, SIGHASH_ALL);
     940           2 :     combined = CombineSignatures(scriptPubKey, MutableTransactionSignatureChecker(&txTo, 0, amount), SignatureData(scriptSig), empty);
     941           2 :     BOOST_CHECK(combined.scriptSig == scriptSig);
     942           2 :     combined = CombineSignatures(scriptPubKey, MutableTransactionSignatureChecker(&txTo, 0, amount), empty, SignatureData(scriptSig));
     943           2 :     BOOST_CHECK(combined.scriptSig == scriptSig);
     944             : 
     945             :     // A couple of partially-signed versions:
     946           2 :     std::vector<unsigned char> sig1;
     947           1 :     uint256 hash1 = SignatureHash(scriptPubKey, txTo, 0, SIGHASH_ALL, 0, SIGVERSION_BASE);
     948           2 :     BOOST_CHECK(keys[0].Sign(hash1, sig1));
     949           1 :     sig1.push_back(SIGHASH_ALL);
     950           2 :     std::vector<unsigned char> sig2;
     951           1 :     uint256 hash2 = SignatureHash(scriptPubKey, txTo, 0, SIGHASH_NONE, 0, SIGVERSION_BASE);
     952           2 :     BOOST_CHECK(keys[1].Sign(hash2, sig2));
     953           1 :     sig2.push_back(SIGHASH_NONE);
     954           2 :     std::vector<unsigned char> sig3;
     955           1 :     uint256 hash3 = SignatureHash(scriptPubKey, txTo, 0, SIGHASH_SINGLE, 0, SIGVERSION_BASE);
     956           2 :     BOOST_CHECK(keys[2].Sign(hash3, sig3));
     957           1 :     sig3.push_back(SIGHASH_SINGLE);
     958             : 
     959             :     // Not fussy about order (or even existence) of placeholders or signatures:
     960           2 :     CScript partial1a = CScript() << OP_0 << sig1 << OP_0;
     961           2 :     CScript partial1b = CScript() << OP_0 << OP_0 << sig1;
     962           2 :     CScript partial2a = CScript() << OP_0 << sig2;
     963           2 :     CScript partial2b = CScript() << sig2 << OP_0;
     964           2 :     CScript partial3a = CScript() << sig3;
     965           2 :     CScript partial3b = CScript() << OP_0 << OP_0 << sig3;
     966           2 :     CScript partial3c = CScript() << OP_0 << sig3 << OP_0;
     967           2 :     CScript complete12 = CScript() << OP_0 << sig1 << sig2;
     968           2 :     CScript complete13 = CScript() << OP_0 << sig1 << sig3;
     969           2 :     CScript complete23 = CScript() << OP_0 << sig2 << sig3;
     970             : 
     971           3 :     combined = CombineSignatures(scriptPubKey, MutableTransactionSignatureChecker(&txTo, 0, amount), SignatureData(partial1a), SignatureData(partial1b));
     972           2 :     BOOST_CHECK(combined.scriptSig == partial1a);
     973           3 :     combined = CombineSignatures(scriptPubKey, MutableTransactionSignatureChecker(&txTo, 0, amount), SignatureData(partial1a), SignatureData(partial2a));
     974           2 :     BOOST_CHECK(combined.scriptSig == complete12);
     975           3 :     combined = CombineSignatures(scriptPubKey, MutableTransactionSignatureChecker(&txTo, 0, amount), SignatureData(partial2a), SignatureData(partial1a));
     976           2 :     BOOST_CHECK(combined.scriptSig == complete12);
     977           3 :     combined = CombineSignatures(scriptPubKey, MutableTransactionSignatureChecker(&txTo, 0, amount), SignatureData(partial1b), SignatureData(partial2b));
     978           2 :     BOOST_CHECK(combined.scriptSig == complete12);
     979           3 :     combined = CombineSignatures(scriptPubKey, MutableTransactionSignatureChecker(&txTo, 0, amount), SignatureData(partial3b), SignatureData(partial1b));
     980           2 :     BOOST_CHECK(combined.scriptSig == complete13);
     981           3 :     combined = CombineSignatures(scriptPubKey, MutableTransactionSignatureChecker(&txTo, 0, amount), SignatureData(partial2a), SignatureData(partial3a));
     982           2 :     BOOST_CHECK(combined.scriptSig == complete23);
     983           3 :     combined = CombineSignatures(scriptPubKey, MutableTransactionSignatureChecker(&txTo, 0, amount), SignatureData(partial3b), SignatureData(partial2b));
     984           2 :     BOOST_CHECK(combined.scriptSig == complete23);
     985           3 :     combined = CombineSignatures(scriptPubKey, MutableTransactionSignatureChecker(&txTo, 0, amount), SignatureData(partial3b), SignatureData(partial3a));
     986           2 :     BOOST_CHECK(combined.scriptSig == partial3c);
     987           1 : }
     988             : 
     989             : 
     990           2 : BOOST_AUTO_TEST_CASE(script_standard_push)
     991             : {
     992           1 :     ScriptError err;
     993       67001 :     for (int i=0; i<67000; i++) {
     994      134000 :         CScript script;
     995       67000 :         script << i;
     996      134000 :         BOOST_CHECK_MESSAGE(script.IsPushOnly(), "Number " << i << " is not pure push.");
     997      134000 :         BOOST_CHECK_MESSAGE(VerifyScript(script, CScript() << OP_1, SCRIPT_VERIFY_MINIMALDATA, BaseSignatureChecker(), SIGVERSION_BASE, &err), "Number " << i << " push is not minimal data.");
     998      134000 :         BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
     999             :     }
    1000             : 
    1001         522 :     for (unsigned int i=0; i<=MAX_SCRIPT_ELEMENT_SIZE; i++) {
    1002        1042 :         std::vector<unsigned char> data(i, '\111');
    1003        1042 :         CScript script;
    1004         521 :         script << data;
    1005        1042 :         BOOST_CHECK_MESSAGE(script.IsPushOnly(), "Length " << i << " is not pure push.");
    1006        1042 :         BOOST_CHECK_MESSAGE(VerifyScript(script, CScript() << OP_1, SCRIPT_VERIFY_MINIMALDATA, BaseSignatureChecker(), SIGVERSION_BASE, &err), "Length " << i << " push is not minimal data.");
    1007        1042 :         BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
    1008             :     }
    1009           1 : }
    1010             : 
    1011           2 : BOOST_AUTO_TEST_CASE(script_IsPushOnly_on_invalid_scripts)
    1012             : {
    1013             :     // IsPushOnly returns false when given a script containing only pushes that
    1014             :     // are invalid due to truncation. IsPushOnly() is consensus critical
    1015             :     // because P2SH evaluation uses it, although this specific behavior should
    1016             :     // not be consensus critical as the P2SH evaluation would fail first due to
    1017             :     // the invalid push. Still, it doesn't hurt to test it explicitly.
    1018           1 :     static const unsigned char direct[] = { 1 };
    1019           2 :     BOOST_CHECK(!CScript(direct, direct+sizeof(direct)).IsPushOnly());
    1020           1 : }
    1021             : 
    1022           2 : BOOST_AUTO_TEST_CASE(script_GetScriptAsm)
    1023             : {
    1024           2 :     BOOST_CHECK_EQUAL("OP_CHECKLOCKTIMEVERIFY", ScriptToAsmStr(CScript() << OP_NOP2, true));
    1025           2 :     BOOST_CHECK_EQUAL("OP_CHECKLOCKTIMEVERIFY", ScriptToAsmStr(CScript() << OP_CHECKLOCKTIMEVERIFY, true));
    1026           2 :     BOOST_CHECK_EQUAL("OP_CHECKLOCKTIMEVERIFY", ScriptToAsmStr(CScript() << OP_NOP2));
    1027           2 :     BOOST_CHECK_EQUAL("OP_CHECKLOCKTIMEVERIFY", ScriptToAsmStr(CScript() << OP_CHECKLOCKTIMEVERIFY));
    1028             : 
    1029           1 :     std::string derSig("304502207fa7a6d1e0ee81132a269ad84e68d695483745cde8b541e3bf630749894e342a022100c1f7ab20e13e22fb95281a870f3dcf38d782e53023ee313d741ad0cfbc0c5090");
    1030           2 :     std::string pubKey("03b0da749730dc9b4b1f4a14d6902877a92541f5368778853d9c4a0cb7802dcfb2");
    1031           2 :     std::vector<unsigned char> vchPubKey = ToByteVector(ParseHex(pubKey));
    1032             : 
    1033           7 :     BOOST_CHECK_EQUAL(derSig + "00 " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "00")) << vchPubKey, true));
    1034           7 :     BOOST_CHECK_EQUAL(derSig + "80 " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "80")) << vchPubKey, true));
    1035           7 :     BOOST_CHECK_EQUAL(derSig + "[ALL] " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "01")) << vchPubKey, true));
    1036           7 :     BOOST_CHECK_EQUAL(derSig + "[NONE] " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "02")) << vchPubKey, true));
    1037           7 :     BOOST_CHECK_EQUAL(derSig + "[SINGLE] " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "03")) << vchPubKey, true));
    1038           7 :     BOOST_CHECK_EQUAL(derSig + "[ALL|ANYONECANPAY] " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "81")) << vchPubKey, true));
    1039           7 :     BOOST_CHECK_EQUAL(derSig + "[NONE|ANYONECANPAY] " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "82")) << vchPubKey, true));
    1040           7 :     BOOST_CHECK_EQUAL(derSig + "[SINGLE|ANYONECANPAY] " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "83")) << vchPubKey, true));
    1041             : 
    1042           7 :     BOOST_CHECK_EQUAL(derSig + "00 " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "00")) << vchPubKey));
    1043           7 :     BOOST_CHECK_EQUAL(derSig + "80 " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "80")) << vchPubKey));
    1044           7 :     BOOST_CHECK_EQUAL(derSig + "01 " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "01")) << vchPubKey));
    1045           7 :     BOOST_CHECK_EQUAL(derSig + "02 " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "02")) << vchPubKey));
    1046           7 :     BOOST_CHECK_EQUAL(derSig + "03 " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "03")) << vchPubKey));
    1047           7 :     BOOST_CHECK_EQUAL(derSig + "81 " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "81")) << vchPubKey));
    1048           7 :     BOOST_CHECK_EQUAL(derSig + "82 " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "82")) << vchPubKey));
    1049           7 :     BOOST_CHECK_EQUAL(derSig + "83 " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "83")) << vchPubKey));
    1050           1 : }
    1051             : 
    1052             : 
    1053             : static CScript
    1054          28 : ScriptFromHex(const char* hex)
    1055             : {
    1056          28 :     std::vector<unsigned char> data = ParseHex(hex);
    1057          28 :     return CScript(data.begin(), data.end());
    1058             : }
    1059             : 
    1060             : 
    1061           2 : BOOST_AUTO_TEST_CASE(script_FindAndDelete)
    1062             : {
    1063             :     // Exercise the FindAndDelete functionality
    1064           1 :     CScript s;
    1065           1 :     CScript d;
    1066           1 :     CScript expect;
    1067             : 
    1068           1 :     s = CScript() << OP_1 << OP_2;
    1069           1 :     d = CScript(); // delete nothing should be a no-op
    1070           1 :     expect = s;
    1071           1 :     BOOST_CHECK_EQUAL(s.FindAndDelete(d), 0);
    1072           2 :     BOOST_CHECK(s == expect);
    1073             : 
    1074           1 :     s = CScript() << OP_1 << OP_2 << OP_3;
    1075           1 :     d = CScript() << OP_2;
    1076           1 :     expect = CScript() << OP_1 << OP_3;
    1077           1 :     BOOST_CHECK_EQUAL(s.FindAndDelete(d), 1);
    1078           2 :     BOOST_CHECK(s == expect);
    1079             : 
    1080           1 :     s = CScript() << OP_3 << OP_1 << OP_3 << OP_3 << OP_4 << OP_3;
    1081           1 :     d = CScript() << OP_3;
    1082           1 :     expect = CScript() << OP_1 << OP_4;
    1083           1 :     BOOST_CHECK_EQUAL(s.FindAndDelete(d), 4);
    1084           2 :     BOOST_CHECK(s == expect);
    1085             : 
    1086           1 :     s = ScriptFromHex("0302ff03"); // PUSH 0x02ff03 onto stack
    1087           1 :     d = ScriptFromHex("0302ff03");
    1088           1 :     expect = CScript();
    1089           1 :     BOOST_CHECK_EQUAL(s.FindAndDelete(d), 1);
    1090           2 :     BOOST_CHECK(s == expect);
    1091             : 
    1092           1 :     s = ScriptFromHex("0302ff030302ff03"); // PUSH 0x2ff03 PUSH 0x2ff03
    1093           1 :     d = ScriptFromHex("0302ff03");
    1094           1 :     expect = CScript();
    1095           1 :     BOOST_CHECK_EQUAL(s.FindAndDelete(d), 2);
    1096           2 :     BOOST_CHECK(s == expect);
    1097             : 
    1098           1 :     s = ScriptFromHex("0302ff030302ff03");
    1099           1 :     d = ScriptFromHex("02");
    1100           1 :     expect = s; // FindAndDelete matches entire opcodes
    1101           1 :     BOOST_CHECK_EQUAL(s.FindAndDelete(d), 0);
    1102           2 :     BOOST_CHECK(s == expect);
    1103             : 
    1104           1 :     s = ScriptFromHex("0302ff030302ff03");
    1105           1 :     d = ScriptFromHex("ff");
    1106           1 :     expect = s;
    1107           1 :     BOOST_CHECK_EQUAL(s.FindAndDelete(d), 0);
    1108           2 :     BOOST_CHECK(s == expect);
    1109             : 
    1110             :     // This is an odd edge case: strip of the push-three-bytes
    1111             :     // prefix, leaving 02ff03 which is push-two-bytes:
    1112           1 :     s = ScriptFromHex("0302ff030302ff03");
    1113           1 :     d = ScriptFromHex("03");
    1114           3 :     expect = CScript() << ParseHex("ff03") << ParseHex("ff03");
    1115           1 :     BOOST_CHECK_EQUAL(s.FindAndDelete(d), 2);
    1116           2 :     BOOST_CHECK(s == expect);
    1117             : 
    1118             :     // Byte sequence that spans multiple opcodes:
    1119           1 :     s = ScriptFromHex("02feed5169"); // PUSH(0xfeed) OP_1 OP_VERIFY
    1120           1 :     d = ScriptFromHex("feed51");
    1121           1 :     expect = s;
    1122           1 :     BOOST_CHECK_EQUAL(s.FindAndDelete(d), 0); // doesn't match 'inside' opcodes
    1123           2 :     BOOST_CHECK(s == expect);
    1124             : 
    1125           1 :     s = ScriptFromHex("02feed5169"); // PUSH(0xfeed) OP_1 OP_VERIFY
    1126           1 :     d = ScriptFromHex("02feed51");
    1127           1 :     expect = ScriptFromHex("69");
    1128           1 :     BOOST_CHECK_EQUAL(s.FindAndDelete(d), 1);
    1129           2 :     BOOST_CHECK(s == expect);
    1130             : 
    1131           1 :     s = ScriptFromHex("516902feed5169");
    1132           1 :     d = ScriptFromHex("feed51");
    1133           1 :     expect = s;
    1134           1 :     BOOST_CHECK_EQUAL(s.FindAndDelete(d), 0);
    1135           2 :     BOOST_CHECK(s == expect);
    1136             : 
    1137           1 :     s = ScriptFromHex("516902feed5169");
    1138           1 :     d = ScriptFromHex("02feed51");
    1139           1 :     expect = ScriptFromHex("516969");
    1140           1 :     BOOST_CHECK_EQUAL(s.FindAndDelete(d), 1);
    1141           2 :     BOOST_CHECK(s == expect);
    1142             : 
    1143           1 :     s = CScript() << OP_0 << OP_0 << OP_1 << OP_1;
    1144           1 :     d = CScript() << OP_0 << OP_1;
    1145           1 :     expect = CScript() << OP_0 << OP_1; // FindAndDelete is single-pass
    1146           1 :     BOOST_CHECK_EQUAL(s.FindAndDelete(d), 1);
    1147           2 :     BOOST_CHECK(s == expect);
    1148             : 
    1149           1 :     s = CScript() << OP_0 << OP_0 << OP_1 << OP_0 << OP_1 << OP_1;
    1150           1 :     d = CScript() << OP_0 << OP_1;
    1151           1 :     expect = CScript() << OP_0 << OP_1; // FindAndDelete is single-pass
    1152           1 :     BOOST_CHECK_EQUAL(s.FindAndDelete(d), 2);
    1153           2 :     BOOST_CHECK(s == expect);
    1154             : 
    1155             :     // Another weird edge case:
    1156             :     // End with invalid push (not enough data)...
    1157           1 :     s = ScriptFromHex("0003feed");
    1158           1 :     d = ScriptFromHex("03feed"); // ... can remove the invalid push
    1159           1 :     expect = ScriptFromHex("00");
    1160           1 :     BOOST_CHECK_EQUAL(s.FindAndDelete(d), 1);
    1161           2 :     BOOST_CHECK(s == expect);
    1162             : 
    1163           1 :     s = ScriptFromHex("0003feed");
    1164           1 :     d = ScriptFromHex("00");
    1165           1 :     expect = ScriptFromHex("03feed");
    1166           1 :     BOOST_CHECK_EQUAL(s.FindAndDelete(d), 1);
    1167           2 :     BOOST_CHECK(s == expect);
    1168           1 : }
    1169             : 
    1170           2 : BOOST_AUTO_TEST_CASE(script_can_append_self)
    1171             : {
    1172           2 :     CScript s, d;
    1173             : 
    1174           1 :     s = ScriptFromHex("00");
    1175           1 :     s += s;
    1176           1 :     d = ScriptFromHex("0000");
    1177           2 :     BOOST_CHECK(s == d);
    1178             : 
    1179             :     // check doubling a script that's large enough to require reallocation
    1180           1 :     static const char hex[] = "04678afdb0fe5548271967f1a67130b7105cd6a828e03909a67962e0ea1f61deb649f6bc3f4cef38c4f35504e51ec112de5c384df7ba0b8d578a4c702b6bf11d5f";
    1181           2 :     s = CScript() << ParseHex(hex) << OP_CHECKSIG;
    1182           3 :     d = CScript() << ParseHex(hex) << OP_CHECKSIG << ParseHex(hex) << OP_CHECKSIG;
    1183           1 :     s += s;
    1184           2 :     BOOST_CHECK(s == d);
    1185           1 : }
    1186             : 
    1187             : BOOST_AUTO_TEST_SUITE_END()

Generated by: LCOV version 1.14