LCOV - code coverage report
Current view: top level - src/test - script_tests.cpp (source / functions) Coverage Total Hit
Test: total_coverage.info Lines: 98.0 % 1209 1185
Test Date: 2025-08-04 05:03:43 Functions: 100.0 % 70 70
Branches: 50.5 % 6624 3342

             Branch data     Line data    Source code
       1                 :             : // Copyright (c) 2011-present The Bitcoin Core developers
       2                 :             : // Distributed under the MIT software license, see the accompanying
       3                 :             : // file COPYING or http://www.opensource.org/licenses/mit-license.php.
       4                 :             : 
       5                 :             : #include <test/data/script_tests.json.h>
       6                 :             : #include <test/data/bip341_wallet_vectors.json.h>
       7                 :             : 
       8                 :             : #include <common/system.h>
       9                 :             : #include <core_io.h>
      10                 :             : #include <key.h>
      11                 :             : #include <rpc/util.h>
      12                 :             : #include <script/script.h>
      13                 :             : #include <script/script_error.h>
      14                 :             : #include <script/sigcache.h>
      15                 :             : #include <script/sign.h>
      16                 :             : #include <script/signingprovider.h>
      17                 :             : #include <script/solver.h>
      18                 :             : #include <streams.h>
      19                 :             : #include <test/util/json.h>
      20                 :             : #include <test/util/random.h>
      21                 :             : #include <test/util/setup_common.h>
      22                 :             : #include <test/util/transaction_utils.h>
      23                 :             : #include <util/fs.h>
      24                 :             : #include <util/strencodings.h>
      25                 :             : 
      26                 :             : #include <cstdint>
      27                 :             : #include <fstream>
      28                 :             : #include <string>
      29                 :             : #include <vector>
      30                 :             : 
      31                 :             : #include <boost/test/unit_test.hpp>
      32                 :             : 
      33                 :             : #include <secp256k1.h>
      34                 :             : #include <univalue.h>
      35                 :             : 
      36                 :             : // Uncomment if you want to output updated JSON tests.
      37                 :             : // #define UPDATE_JSON_TESTS
      38                 :             : 
      39                 :             : using namespace util::hex_literals;
      40                 :             : 
      41                 :             : static const unsigned int gFlags = SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_STRICTENC;
      42                 :             : 
      43                 :             : unsigned int ParseScriptFlags(std::string strFlags);
      44                 :             : std::string FormatScriptFlags(unsigned int flags);
      45                 :             : 
      46                 :             : struct ScriptErrorDesc
      47                 :             : {
      48                 :             :     ScriptError_t err;
      49                 :             :     const char *name;
      50                 :             : };
      51                 :             : 
      52                 :             : static ScriptErrorDesc script_errors[]={
      53                 :             :     {SCRIPT_ERR_OK, "OK"},
      54                 :             :     {SCRIPT_ERR_UNKNOWN_ERROR, "UNKNOWN_ERROR"},
      55                 :             :     {SCRIPT_ERR_EVAL_FALSE, "EVAL_FALSE"},
      56                 :             :     {SCRIPT_ERR_OP_RETURN, "OP_RETURN"},
      57                 :             :     {SCRIPT_ERR_SCRIPT_SIZE, "SCRIPT_SIZE"},
      58                 :             :     {SCRIPT_ERR_PUSH_SIZE, "PUSH_SIZE"},
      59                 :             :     {SCRIPT_ERR_OP_COUNT, "OP_COUNT"},
      60                 :             :     {SCRIPT_ERR_STACK_SIZE, "STACK_SIZE"},
      61                 :             :     {SCRIPT_ERR_SIG_COUNT, "SIG_COUNT"},
      62                 :             :     {SCRIPT_ERR_PUBKEY_COUNT, "PUBKEY_COUNT"},
      63                 :             :     {SCRIPT_ERR_VERIFY, "VERIFY"},
      64                 :             :     {SCRIPT_ERR_EQUALVERIFY, "EQUALVERIFY"},
      65                 :             :     {SCRIPT_ERR_CHECKMULTISIGVERIFY, "CHECKMULTISIGVERIFY"},
      66                 :             :     {SCRIPT_ERR_CHECKSIGVERIFY, "CHECKSIGVERIFY"},
      67                 :             :     {SCRIPT_ERR_NUMEQUALVERIFY, "NUMEQUALVERIFY"},
      68                 :             :     {SCRIPT_ERR_BAD_OPCODE, "BAD_OPCODE"},
      69                 :             :     {SCRIPT_ERR_DISABLED_OPCODE, "DISABLED_OPCODE"},
      70                 :             :     {SCRIPT_ERR_INVALID_STACK_OPERATION, "INVALID_STACK_OPERATION"},
      71                 :             :     {SCRIPT_ERR_INVALID_ALTSTACK_OPERATION, "INVALID_ALTSTACK_OPERATION"},
      72                 :             :     {SCRIPT_ERR_UNBALANCED_CONDITIONAL, "UNBALANCED_CONDITIONAL"},
      73                 :             :     {SCRIPT_ERR_NEGATIVE_LOCKTIME, "NEGATIVE_LOCKTIME"},
      74                 :             :     {SCRIPT_ERR_UNSATISFIED_LOCKTIME, "UNSATISFIED_LOCKTIME"},
      75                 :             :     {SCRIPT_ERR_SIG_HASHTYPE, "SIG_HASHTYPE"},
      76                 :             :     {SCRIPT_ERR_SIG_DER, "SIG_DER"},
      77                 :             :     {SCRIPT_ERR_MINIMALDATA, "MINIMALDATA"},
      78                 :             :     {SCRIPT_ERR_SIG_PUSHONLY, "SIG_PUSHONLY"},
      79                 :             :     {SCRIPT_ERR_SIG_HIGH_S, "SIG_HIGH_S"},
      80                 :             :     {SCRIPT_ERR_SIG_NULLDUMMY, "SIG_NULLDUMMY"},
      81                 :             :     {SCRIPT_ERR_PUBKEYTYPE, "PUBKEYTYPE"},
      82                 :             :     {SCRIPT_ERR_CLEANSTACK, "CLEANSTACK"},
      83                 :             :     {SCRIPT_ERR_MINIMALIF, "MINIMALIF"},
      84                 :             :     {SCRIPT_ERR_SIG_NULLFAIL, "NULLFAIL"},
      85                 :             :     {SCRIPT_ERR_DISCOURAGE_UPGRADABLE_NOPS, "DISCOURAGE_UPGRADABLE_NOPS"},
      86                 :             :     {SCRIPT_ERR_DISCOURAGE_UPGRADABLE_WITNESS_PROGRAM, "DISCOURAGE_UPGRADABLE_WITNESS_PROGRAM"},
      87                 :             :     {SCRIPT_ERR_WITNESS_PROGRAM_WRONG_LENGTH, "WITNESS_PROGRAM_WRONG_LENGTH"},
      88                 :             :     {SCRIPT_ERR_WITNESS_PROGRAM_WITNESS_EMPTY, "WITNESS_PROGRAM_WITNESS_EMPTY"},
      89                 :             :     {SCRIPT_ERR_WITNESS_PROGRAM_MISMATCH, "WITNESS_PROGRAM_MISMATCH"},
      90                 :             :     {SCRIPT_ERR_WITNESS_MALLEATED, "WITNESS_MALLEATED"},
      91                 :             :     {SCRIPT_ERR_WITNESS_MALLEATED_P2SH, "WITNESS_MALLEATED_P2SH"},
      92                 :             :     {SCRIPT_ERR_WITNESS_UNEXPECTED, "WITNESS_UNEXPECTED"},
      93                 :             :     {SCRIPT_ERR_WITNESS_PUBKEYTYPE, "WITNESS_PUBKEYTYPE"},
      94                 :             :     {SCRIPT_ERR_OP_CODESEPARATOR, "OP_CODESEPARATOR"},
      95                 :             :     {SCRIPT_ERR_SIG_FINDANDDELETE, "SIG_FINDANDDELETE"},
      96                 :             : };
      97                 :             : 
      98                 :        2826 : static std::string FormatScriptError(ScriptError_t err)
      99                 :             : {
     100         [ +  - ]:       23059 :     for (const auto& se : script_errors)
     101         [ +  + ]:       23059 :         if (se.err == err)
     102                 :        2826 :             return se.name;
     103         [ #  # ]:           0 :     BOOST_ERROR("Unknown scripterror enumeration value, update script_errors in script_tests.cpp.");
     104                 :           0 :     return "";
     105                 :             : }
     106                 :             : 
     107                 :        1212 : static ScriptError_t ParseScriptError(const std::string& name)
     108                 :             : {
     109         [ +  - ]:        9158 :     for (const auto& se : script_errors)
     110         [ +  + ]:        9158 :         if (se.name == name)
     111                 :        1212 :             return se.err;
     112         [ #  # ]:           0 :     BOOST_ERROR("Unknown scripterror \"" << name << "\" in test description");
     113                 :           0 :     return SCRIPT_ERR_UNKNOWN_ERROR;
     114                 :             : }
     115                 :             : 
     116                 :          38 : struct ScriptTest : BasicTestingSetup {
     117                 :        1346 : void DoTest(const CScript& scriptPubKey, const CScript& scriptSig, const CScriptWitness& scriptWitness, uint32_t flags, const std::string& message, int scriptError, CAmount nValue = 0)
     118                 :             : {
     119                 :        1346 :     bool expect = (scriptError == SCRIPT_ERR_OK);
     120         [ +  + ]:        1346 :     if (flags & SCRIPT_VERIFY_CLEANSTACK) {
     121                 :           6 :         flags |= SCRIPT_VERIFY_P2SH;
     122                 :           6 :         flags |= SCRIPT_VERIFY_WITNESS;
     123                 :             :     }
     124                 :        1346 :     ScriptError err;
     125         [ +  - ]:        1346 :     const CTransaction txCredit{BuildCreditingTransaction(scriptPubKey, nValue)};
     126         [ +  - ]:        1346 :     CMutableTransaction tx = BuildSpendingTransaction(scriptSig, scriptWitness, txCredit);
     127   [ +  -  +  -  :        2692 :     BOOST_CHECK_MESSAGE(VerifyScript(scriptSig, scriptPubKey, &scriptWitness, flags, MutableTransactionSignatureChecker(&tx, 0, txCredit.vout[0].nValue, MissingDataBehavior::ASSERT_FAIL), &err) == expect, message);
             +  -  +  - ]
     128   [ +  -  +  -  :        5384 :     BOOST_CHECK_MESSAGE(err == scriptError, FormatScriptError(err) + " where " + FormatScriptError((ScriptError_t)scriptError) + " expected: " + message);
          +  -  +  -  +  
                -  +  - ]
     129                 :             : 
     130                 :             :     // Verify that removing flags from a passing test or adding flags to a failing test does not change the result.
     131         [ +  + ]:       22882 :     for (int i = 0; i < 16; ++i) {
     132                 :       21536 :         uint32_t extra_flags(m_rng.randbits(16));
     133         [ +  + ]:       21536 :         uint32_t combined_flags{expect ? (flags & ~extra_flags) : (flags | extra_flags)};
     134                 :             :         // Weed out some invalid flag combinations.
     135   [ +  +  +  + ]:       21536 :         if (combined_flags & SCRIPT_VERIFY_CLEANSTACK && ~combined_flags & (SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS)) continue;
     136   [ +  +  +  + ]:       19140 :         if (combined_flags & SCRIPT_VERIFY_WITNESS && ~combined_flags & SCRIPT_VERIFY_P2SH) continue;
     137   [ +  -  +  -  :       36994 :         BOOST_CHECK_MESSAGE(VerifyScript(scriptSig, scriptPubKey, &scriptWitness, combined_flags, MutableTransactionSignatureChecker(&tx, 0, txCredit.vout[0].nValue, MissingDataBehavior::ASSERT_FAIL), &err) == expect, message + strprintf(" (with flags %x)", combined_flags));
          +  -  +  -  +  
                      - ]
     138                 :             :     }
     139                 :        2692 : }
     140                 :             : }; // struct ScriptTest
     141                 :             : 
     142                 :           2 : void static NegateSignatureS(std::vector<unsigned char>& vchSig) {
     143                 :             :     // Parse the signature.
     144                 :           2 :     std::vector<unsigned char> r, s;
     145   [ +  -  +  - ]:           4 :     r = std::vector<unsigned char>(vchSig.begin() + 4, vchSig.begin() + 4 + vchSig[3]);
     146         [ +  - ]:           4 :     s = std::vector<unsigned char>(vchSig.begin() + 6 + vchSig[3], vchSig.begin() + 6 + vchSig[3] + vchSig[5 + vchSig[3]]);
     147                 :             : 
     148   [ -  +  +  + ]:           4 :     while (s.size() < 33) {
     149         [ +  - ]:           2 :         s.insert(s.begin(), 0x00);
     150                 :             :     }
     151         [ -  + ]:           2 :     assert(s[0] == 0);
     152                 :             :     // Perform mod-n negation of s by (ab)using libsecp256k1
     153                 :             :     // (note that this function is meant to be used for negating secret keys,
     154                 :             :     //  but it works for any non-zero scalar modulo the group order, i.e. also for s)
     155         [ +  - ]:           2 :     int ret = secp256k1_ec_seckey_negate(secp256k1_context_static, s.data() + 1);
     156         [ -  + ]:           2 :     assert(ret);
     157                 :             : 
     158         [ -  + ]:           2 :     if (s[1] < 0x80) {
     159                 :           0 :         s.erase(s.begin());
     160                 :             :     }
     161                 :             : 
     162                 :             :     // Reconstruct the signature.
     163         [ +  - ]:           2 :     vchSig.clear();
     164         [ +  - ]:           2 :     vchSig.push_back(0x30);
     165   [ -  +  -  +  :           2 :     vchSig.push_back(4 + r.size() + s.size());
                   +  - ]
     166         [ +  - ]:           2 :     vchSig.push_back(0x02);
     167   [ -  +  +  - ]:           2 :     vchSig.push_back(r.size());
     168         [ +  - ]:           2 :     vchSig.insert(vchSig.end(), r.begin(), r.end());
     169         [ +  - ]:           2 :     vchSig.push_back(0x02);
     170   [ -  +  +  - ]:           2 :     vchSig.push_back(s.size());
     171         [ +  - ]:           2 :     vchSig.insert(vchSig.end(), s.begin(), s.end());
     172                 :           2 : }
     173                 :             : 
     174                 :             : namespace
     175                 :             : {
     176                 :             : const unsigned char vchKey0[32] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1};
     177                 :             : const unsigned char vchKey1[32] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0};
     178                 :             : const unsigned char vchKey2[32] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0};
     179                 :             : 
     180                 :             : struct KeyData
     181                 :             : {
     182                 :             :     CKey key0, key0C, key1, key1C, key2, key2C;
     183                 :             :     CPubKey pubkey0, pubkey0C, pubkey0H;
     184                 :             :     CPubKey pubkey1, pubkey1C;
     185                 :             :     CPubKey pubkey2, pubkey2C;
     186                 :             : 
     187                 :           2 :     KeyData()
     188         [ +  - ]:           2 :     {
     189         [ +  - ]:           2 :         key0.Set(vchKey0, vchKey0 + 32, false);
     190         [ +  - ]:           2 :         key0C.Set(vchKey0, vchKey0 + 32, true);
     191         [ +  - ]:           2 :         pubkey0 = key0.GetPubKey();
     192         [ +  - ]:           2 :         pubkey0H = key0.GetPubKey();
     193         [ +  - ]:           2 :         pubkey0C = key0C.GetPubKey();
     194         [ +  - ]:           2 :         *const_cast<unsigned char*>(pubkey0H.data()) = 0x06 | (pubkey0H[64] & 1);
     195                 :             : 
     196         [ +  - ]:           2 :         key1.Set(vchKey1, vchKey1 + 32, false);
     197         [ +  - ]:           2 :         key1C.Set(vchKey1, vchKey1 + 32, true);
     198         [ +  - ]:           2 :         pubkey1 = key1.GetPubKey();
     199         [ +  - ]:           2 :         pubkey1C = key1C.GetPubKey();
     200                 :             : 
     201         [ +  - ]:           2 :         key2.Set(vchKey2, vchKey2 + 32, false);
     202         [ +  - ]:           2 :         key2C.Set(vchKey2, vchKey2 + 32, true);
     203         [ +  - ]:           2 :         pubkey2 = key2.GetPubKey();
     204         [ +  - ]:           2 :         pubkey2C = key2C.GetPubKey();
     205                 :           2 :     }
     206                 :             : };
     207                 :             : 
     208                 :             : enum class WitnessMode {
     209                 :             :     NONE,
     210                 :             :     PKH,
     211                 :             :     SH
     212                 :             : };
     213                 :             : 
     214                 :             : class TestBuilder
     215                 :             : {
     216                 :             : private:
     217                 :             :     //! Actually executed script
     218                 :             :     CScript script;
     219                 :             :     //! The P2SH redeemscript
     220                 :             :     CScript redeemscript;
     221                 :             :     //! The Witness embedded script
     222                 :             :     CScript witscript;
     223                 :             :     CScriptWitness scriptWitness;
     224                 :             :     CTransactionRef creditTx;
     225                 :             :     CMutableTransaction spendTx;
     226                 :             :     bool havePush{false};
     227                 :             :     std::vector<unsigned char> push;
     228                 :             :     std::string comment;
     229                 :             :     uint32_t flags;
     230                 :             :     int scriptError{SCRIPT_ERR_OK};
     231                 :             :     CAmount nValue;
     232                 :             : 
     233                 :         577 :     void DoPush()
     234                 :             :     {
     235         [ +  + ]:         577 :         if (havePush) {
     236         [ -  + ]:         220 :             spendTx.vin[0].scriptSig << push;
     237                 :         220 :             havePush = false;
     238                 :             :         }
     239                 :         577 :     }
     240                 :             : 
     241                 :         253 :     void DoPush(const std::vector<unsigned char>& data)
     242                 :             :     {
     243                 :         253 :         DoPush();
     244                 :         253 :         push = data;
     245                 :         253 :         havePush = true;
     246                 :         253 :     }
     247                 :             : 
     248                 :             : public:
     249   [ +  -  -  + ]:         134 :     TestBuilder(const CScript& script_, const std::string& comment_, uint32_t flags_, bool P2SH = false, WitnessMode wm = WitnessMode::NONE, int witnessversion = 0, CAmount nValue_ = 0) : script(script_), comment(comment_), flags(flags_), nValue(nValue_)
     250                 :             :     {
     251                 :         134 :         CScript scriptPubKey = script;
     252         [ +  + ]:         134 :         if (wm == WitnessMode::PKH) {
     253                 :          16 :             uint160 hash;
     254   [ +  -  +  +  :          32 :             CHash160().Write(std::span{script}.subspan(1)).Finalize(hash);
             +  -  +  - ]
     255   [ +  -  +  -  :          32 :             script = CScript() << OP_DUP << OP_HASH160 << ToByteVector(hash) << OP_EQUALVERIFY << OP_CHECKSIG;
          +  -  +  -  +  
                      - ]
     256   [ +  -  +  - ]:          32 :             scriptPubKey = CScript() << witnessversion << ToByteVector(hash);
     257         [ +  + ]:         118 :         } else if (wm == WitnessMode::SH) {
     258                 :          34 :             witscript = scriptPubKey;
     259                 :          34 :             uint256 hash;
     260   [ +  -  +  +  :         100 :             CSHA256().Write(witscript.data(), witscript.size()).Finalize(hash.begin());
          +  +  +  -  +  
                      - ]
     261   [ +  -  +  - ]:          68 :             scriptPubKey = CScript() << witnessversion << ToByteVector(hash);
     262                 :             :         }
     263         [ +  + ]:         134 :         if (P2SH) {
     264                 :          36 :             redeemscript = scriptPubKey;
     265   [ +  -  +  -  :          72 :             scriptPubKey = CScript() << OP_HASH160 << ToByteVector(CScriptID(redeemscript)) << OP_EQUAL;
             +  -  +  - ]
     266                 :             :         }
     267   [ +  -  -  + ]:         268 :         creditTx = MakeTransactionRef(BuildCreditingTransaction(scriptPubKey, nValue));
     268         [ +  - ]:         268 :         spendTx = BuildSpendingTransaction(CScript(), CScriptWitness(), *creditTx);
     269         [ -  - ]:         134 :     }
     270                 :             : 
     271                 :          71 :     TestBuilder& ScriptError(ScriptError_t err)
     272                 :             :     {
     273                 :          71 :         scriptError = err;
     274                 :          71 :         return *this;
     275                 :             :     }
     276                 :             : 
     277                 :           6 :     TestBuilder& Opcode(const opcodetype& _op)
     278                 :             :     {
     279                 :           6 :         DoPush();
     280   [ +  -  +  -  :           6 :         spendTx.vin[0].scriptSig << _op;
          +  -  +  -  +  
                -  +  - ]
     281                 :           6 :         return *this;
     282                 :             :     }
     283                 :             : 
     284                 :          50 :     TestBuilder& Num(int num)
     285                 :             :     {
     286                 :          38 :         DoPush();
     287   [ +  -  +  -  :          50 :         spendTx.vin[0].scriptSig << num;
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
                      - ]
     288                 :          50 :         return *this;
     289                 :             :     }
     290                 :             : 
     291                 :           2 :     TestBuilder& Push(const std::string& hex)
     292                 :             :     {
     293   [ -  +  +  - ]:           2 :         DoPush(ParseHex(hex));
     294                 :           2 :         return *this;
     295                 :             :     }
     296                 :             : 
     297                 :          21 :     TestBuilder& Push(const CScript& _script)
     298                 :             :     {
     299   [ +  +  +  - ]:          63 :         DoPush(std::vector<unsigned char>(_script.begin(), _script.end()));
     300                 :          21 :         return *this;
     301                 :             :     }
     302                 :             : 
     303                 :         142 :     TestBuilder& PushSig(const CKey& key, int nHashType = SIGHASH_ALL, unsigned int lenR = 32, unsigned int lenS = 32, SigVersion sigversion = SigVersion::BASE, CAmount amount = 0)
     304                 :             :     {
     305                 :         142 :         uint256 hash = SignatureHash(script, spendTx, 0, nHashType, amount, sigversion);
     306                 :         142 :         std::vector<unsigned char> vchSig, r, s;
     307                 :         142 :         uint32_t iter = 0;
     308                 :        1340 :         do {
     309         [ +  - ]:        1340 :             key.Sign(hash, vchSig, false, iter++);
     310         [ +  + ]:        1340 :             if ((lenS == 33) != (vchSig[5 + vchSig[3]] == 33)) {
     311         [ +  - ]:           2 :                 NegateSignatureS(vchSig);
     312                 :             :             }
     313   [ +  -  +  - ]:        2680 :             r = std::vector<unsigned char>(vchSig.begin() + 4, vchSig.begin() + 4 + vchSig[3]);
     314   [ +  -  -  + ]:        2680 :             s = std::vector<unsigned char>(vchSig.begin() + 6 + vchSig[3], vchSig.begin() + 6 + vchSig[3] + vchSig[5 + vchSig[3]]);
     315   [ -  +  +  +  :        1340 :         } while (lenR != r.size() || lenS != s.size());
          -  +  -  +  +  
                      + ]
     316         [ +  - ]:         142 :         vchSig.push_back(static_cast<unsigned char>(nHashType));
     317         [ +  - ]:         142 :         DoPush(vchSig);
     318                 :         142 :         return *this;
     319                 :         142 :     }
     320                 :             : 
     321                 :          50 :     TestBuilder& PushWitSig(const CKey& key, CAmount amount = -1, int nHashType = SIGHASH_ALL, unsigned int lenR = 32, unsigned int lenS = 32, SigVersion sigversion = SigVersion::WITNESS_V0)
     322                 :             :     {
     323         [ +  + ]:          50 :         if (amount == -1)
     324                 :          46 :             amount = nValue;
     325                 :          50 :         return PushSig(key, nHashType, lenR, lenS, sigversion, amount).AsWit();
     326                 :             :     }
     327                 :             : 
     328                 :          20 :     TestBuilder& Push(const CPubKey& pubkey)
     329                 :             :     {
     330         [ +  - ]:          40 :         DoPush(std::vector<unsigned char>(pubkey.begin(), pubkey.end()));
     331                 :          20 :         return *this;
     332                 :             :     }
     333                 :             : 
     334                 :          36 :     TestBuilder& PushRedeem()
     335                 :             :     {
     336   [ +  +  +  - ]:         108 :         DoPush(std::vector<unsigned char>(redeemscript.begin(), redeemscript.end()));
     337                 :          36 :         return *this;
     338                 :             :     }
     339                 :             : 
     340                 :          32 :     TestBuilder& PushWitRedeem()
     341                 :             :     {
     342   [ +  +  +  - ]:          96 :         DoPush(std::vector<unsigned char>(witscript.begin(), witscript.end()));
     343                 :          32 :         return AsWit();
     344                 :             :     }
     345                 :             : 
     346                 :          31 :     TestBuilder& EditPush(unsigned int pos, const std::string& hexin, const std::string& hexout)
     347                 :             :     {
     348         [ -  + ]:          31 :         assert(havePush);
     349         [ -  + ]:          31 :         std::vector<unsigned char> datain = ParseHex(hexin);
     350   [ -  +  +  - ]:          31 :         std::vector<unsigned char> dataout = ParseHex(hexout);
     351   [ -  +  -  +  :          31 :         assert(pos + datain.size() <= push.size());
                   -  + ]
     352   [ +  -  -  +  :          62 :         BOOST_CHECK_MESSAGE(std::vector<unsigned char>(push.begin() + pos, push.begin() + pos + datain.size()) == datain, comment);
          +  -  +  -  -  
                      + ]
     353         [ -  + ]:          31 :         push.erase(push.begin() + pos, push.begin() + pos + datain.size());
     354         [ +  - ]:          31 :         push.insert(push.begin() + pos, dataout.begin(), dataout.end());
     355                 :          31 :         return *this;
     356                 :          31 :     }
     357                 :             : 
     358                 :          14 :     TestBuilder& DamagePush(unsigned int pos)
     359                 :             :     {
     360         [ -  + ]:          14 :         assert(havePush);
     361   [ -  +  -  + ]:          14 :         assert(pos < push.size());
     362                 :          14 :         push[pos] ^= 1;
     363                 :          14 :         return *this;
     364                 :             :     }
     365                 :             : 
     366                 :         134 :     TestBuilder& Test(ScriptTest& test)
     367                 :             :     {
     368                 :         134 :         TestBuilder copy = *this; // Make a copy so we can rollback the push.
     369                 :         134 :         DoPush();
     370         [ +  - ]:         134 :         test.DoTest(creditTx->vout[0].scriptPubKey, spendTx.vin[0].scriptSig, scriptWitness, flags, comment, scriptError, nValue);
     371         [ +  - ]:         134 :         *this = copy;
     372                 :         134 :         return *this;
     373                 :         134 :     }
     374                 :             : 
     375                 :         122 :     TestBuilder& AsWit()
     376                 :             :     {
     377         [ -  + ]:         122 :         assert(havePush);
     378                 :         122 :         scriptWitness.stack.push_back(push);
     379                 :         122 :         havePush = false;
     380                 :         122 :         return *this;
     381                 :             :     }
     382                 :             : 
     383                 :         134 :     UniValue GetJSON()
     384                 :             :     {
     385                 :         134 :         DoPush();
     386                 :         134 :         UniValue array(UniValue::VARR);
     387         [ +  + ]:         134 :         if (!scriptWitness.stack.empty()) {
     388                 :          51 :             UniValue wit(UniValue::VARR);
     389   [ -  +  +  + ]:         173 :             for (unsigned i = 0; i < scriptWitness.stack.size(); i++) {
     390   [ -  +  +  -  :         122 :                 wit.push_back(HexStr(scriptWitness.stack[i]));
             +  -  +  - ]
     391                 :             :             }
     392   [ +  -  +  - ]:          51 :             wit.push_back(ValueFromAmount(nValue));
     393         [ +  - ]:          51 :             array.push_back(std::move(wit));
     394                 :          51 :         }
     395   [ +  -  +  -  :         134 :         array.push_back(FormatScript(spendTx.vin[0].scriptSig));
                   +  - ]
     396   [ +  -  +  -  :         134 :         array.push_back(FormatScript(creditTx->vout[0].scriptPubKey));
                   +  - ]
     397   [ +  -  +  -  :         134 :         array.push_back(FormatScriptFlags(flags));
                   +  - ]
     398   [ +  -  +  -  :         134 :         array.push_back(FormatScriptError((ScriptError_t)scriptError));
                   +  - ]
     399   [ +  -  +  - ]:         134 :         array.push_back(comment);
     400                 :         134 :         return array;
     401                 :           0 :     }
     402                 :             : 
     403                 :           0 :     std::string GetComment() const
     404                 :             :     {
     405         [ #  # ]:           0 :         return comment;
     406                 :             :     }
     407                 :             : };
     408                 :             : 
     409                 :        1398 : std::string JSONPrettyPrint(const UniValue& univalue)
     410                 :             : {
     411                 :        1398 :     std::string ret = univalue.write(4);
     412                 :             :     // Workaround for libunivalue pretty printer, which puts a space between commas and newlines
     413                 :        1398 :     size_t pos = 0;
     414         [ -  + ]:        2796 :     while ((pos = ret.find(" \n", pos)) != std::string::npos) {
     415         [ #  # ]:           0 :         ret.replace(pos, 2, "\n");
     416                 :           0 :         pos++;
     417                 :             :     }
     418                 :        1398 :     return ret;
     419                 :           0 : }
     420                 :             : } // namespace
     421                 :             : 
     422                 :             : BOOST_FIXTURE_TEST_SUITE(script_tests, ScriptTest)
     423                 :             : 
     424   [ +  -  +  -  :           7 : BOOST_AUTO_TEST_CASE(script_build)
          +  -  +  -  -  
          +  +  -  +  -  
          +  -  +  -  +  
          -  +  -  -  +  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  -  +  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  -  +  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  -  +  +  
                      - ]
     425                 :             : {
     426                 :           1 :     const KeyData keys;
     427                 :             : 
     428                 :           1 :     std::vector<TestBuilder> tests;
     429                 :             : 
     430   [ +  -  +  -  :           3 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
                   +  - ]
     431         [ +  - ]:           1 :                                 "P2PK", 0
     432   [ +  -  +  - ]:           1 :                                ).PushSig(keys.key0));
     433   [ +  -  +  - ]:           3 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
     434         [ +  - ]:           1 :                                 "P2PK, bad sig", 0
     435   [ +  -  +  -  :           1 :                                ).PushSig(keys.key0).DamagePush(10).ScriptError(SCRIPT_ERR_EVAL_FALSE));
                   +  - ]
     436                 :             : 
     437   [ +  -  +  -  :           3 :     tests.push_back(TestBuilder(CScript() << OP_DUP << OP_HASH160 << ToByteVector(keys.pubkey1C.GetID()) << OP_EQUALVERIFY << OP_CHECKSIG,
          +  -  +  -  +  
             -  +  -  +  
                      - ]
     438         [ +  - ]:           1 :                                 "P2PKH", 0
     439   [ +  -  +  -  :           1 :                                ).PushSig(keys.key1).Push(keys.pubkey1C));
                   +  - ]
     440   [ +  -  +  -  :           3 :     tests.push_back(TestBuilder(CScript() << OP_DUP << OP_HASH160 << ToByteVector(keys.pubkey2C.GetID()) << OP_EQUALVERIFY << OP_CHECKSIG,
          +  -  +  -  +  
                -  +  - ]
     441         [ +  - ]:           1 :                                 "P2PKH, bad pubkey", 0
     442   [ +  -  +  -  :           1 :                                ).PushSig(keys.key2).Push(keys.pubkey2C).DamagePush(5).ScriptError(SCRIPT_ERR_EQUALVERIFY));
             +  -  +  - ]
     443                 :             : 
     444   [ +  -  +  -  :           3 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG,
                   +  - ]
     445         [ +  - ]:           1 :                                 "P2PK anyonecanpay", 0
     446   [ +  -  +  - ]:           1 :                                ).PushSig(keys.key1, SIGHASH_ALL | SIGHASH_ANYONECANPAY));
     447   [ +  -  +  - ]:           3 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG,
     448         [ +  - ]:           1 :                                 "P2PK anyonecanpay marked with normal hashtype", 0
     449   [ +  -  +  -  :           2 :                                ).PushSig(keys.key1, SIGHASH_ALL | SIGHASH_ANYONECANPAY).EditPush(70, "81", "01").ScriptError(SCRIPT_ERR_EVAL_FALSE));
          +  -  +  -  +  
                -  +  - ]
     450                 :             : 
     451   [ +  -  +  -  :           3 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0C) << OP_CHECKSIG,
                   +  - ]
     452         [ +  - ]:           1 :                                 "P2SH(P2PK)", SCRIPT_VERIFY_P2SH, true
     453   [ +  -  +  -  :           1 :                                ).PushSig(keys.key0).PushRedeem());
                   +  - ]
     454   [ +  -  +  - ]:           3 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0C) << OP_CHECKSIG,
     455         [ +  - ]:           1 :                                 "P2SH(P2PK), bad redeemscript", SCRIPT_VERIFY_P2SH, true
     456   [ +  -  +  -  :           1 :                                ).PushSig(keys.key0).PushRedeem().DamagePush(10).ScriptError(SCRIPT_ERR_EVAL_FALSE));
             +  -  +  - ]
     457                 :             : 
     458   [ +  -  +  -  :           3 :     tests.push_back(TestBuilder(CScript() << OP_DUP << OP_HASH160 << ToByteVector(keys.pubkey0.GetID()) << OP_EQUALVERIFY << OP_CHECKSIG,
          +  -  +  -  +  
             -  +  -  +  
                      - ]
     459         [ +  - ]:           1 :                                 "P2SH(P2PKH)", SCRIPT_VERIFY_P2SH, true
     460   [ +  -  +  -  :           1 :                                ).PushSig(keys.key0).Push(keys.pubkey0).PushRedeem());
             +  -  +  - ]
     461   [ +  -  +  -  :           3 :     tests.push_back(TestBuilder(CScript() << OP_DUP << OP_HASH160 << ToByteVector(keys.pubkey1.GetID()) << OP_EQUALVERIFY << OP_CHECKSIG,
          +  -  +  -  +  
             -  +  -  +  
                      - ]
     462         [ +  - ]:           1 :                                 "P2SH(P2PKH), bad sig but no VERIFY_P2SH", 0, true
     463   [ +  -  +  -  :           1 :                                ).PushSig(keys.key0).DamagePush(10).PushRedeem());
                   +  - ]
     464   [ +  -  +  -  :           3 :     tests.push_back(TestBuilder(CScript() << OP_DUP << OP_HASH160 << ToByteVector(keys.pubkey1.GetID()) << OP_EQUALVERIFY << OP_CHECKSIG,
          +  -  +  -  +  
                -  +  - ]
     465         [ +  - ]:           1 :                                 "P2SH(P2PKH), bad sig", SCRIPT_VERIFY_P2SH, true
     466   [ +  -  +  -  :           1 :                                ).PushSig(keys.key0).DamagePush(10).PushRedeem().ScriptError(SCRIPT_ERR_EQUALVERIFY));
             +  -  +  - ]
     467                 :             : 
     468   [ +  -  +  -  :           5 :     tests.push_back(TestBuilder(CScript() << OP_3 << ToByteVector(keys.pubkey0C) << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_3 << OP_CHECKMULTISIG,
          +  -  +  -  +  
             -  +  -  +  
                      - ]
     469         [ +  - ]:           1 :                                 "3-of-3", 0
     470   [ +  -  +  -  :           2 :                                ).Num(0).PushSig(keys.key0).PushSig(keys.key1).PushSig(keys.key2));
             +  -  +  - ]
     471   [ +  -  +  -  :           5 :     tests.push_back(TestBuilder(CScript() << OP_3 << ToByteVector(keys.pubkey0C) << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_3 << OP_CHECKMULTISIG,
          +  -  +  -  +  
                -  +  - ]
     472         [ +  - ]:           1 :                                 "3-of-3, 2 sigs", 0
     473   [ +  -  +  -  :           3 :                                ).Num(0).PushSig(keys.key0).PushSig(keys.key1).Num(0).ScriptError(SCRIPT_ERR_EVAL_FALSE));
             +  -  +  - ]
     474                 :             : 
     475   [ +  -  +  -  :           5 :     tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey0C) << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_3 << OP_CHECKMULTISIG,
          +  -  +  -  +  
             -  +  -  +  
                      - ]
     476         [ +  - ]:           1 :                                 "P2SH(2-of-3)", SCRIPT_VERIFY_P2SH, true
     477   [ +  -  +  -  :           2 :                                ).Num(0).PushSig(keys.key1).PushSig(keys.key2).PushRedeem());
             +  -  +  - ]
     478   [ +  -  +  -  :           5 :     tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey0C) << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_3 << OP_CHECKMULTISIG,
          +  -  +  -  +  
                -  +  - ]
     479         [ +  - ]:           1 :                                 "P2SH(2-of-3), 1 sig", SCRIPT_VERIFY_P2SH, true
     480   [ +  -  +  -  :           3 :                                ).Num(0).PushSig(keys.key1).Num(0).PushRedeem().ScriptError(SCRIPT_ERR_EVAL_FALSE));
             +  -  +  - ]
     481                 :             : 
     482   [ +  -  +  -  :           4 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
                   +  - ]
     483         [ +  - ]:           1 :                                 "P2PK with too much R padding but no DERSIG", 0
     484   [ +  -  +  -  :           2 :                                ).PushSig(keys.key1, SIGHASH_ALL, 31, 32).EditPush(1, "43021F", "44022000"));
          +  -  +  -  +  
                      - ]
     485   [ +  -  +  - ]:           3 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
     486         [ +  - ]:           1 :                                 "P2PK with too much R padding", SCRIPT_VERIFY_DERSIG
     487   [ +  -  +  -  :           2 :                                ).PushSig(keys.key1, SIGHASH_ALL, 31, 32).EditPush(1, "43021F", "44022000").ScriptError(SCRIPT_ERR_SIG_DER));
          +  -  +  -  +  
                -  +  - ]
     488   [ +  -  +  -  :           4 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
                   +  - ]
     489         [ +  - ]:           1 :                                 "P2PK with too much S padding but no DERSIG", 0
     490   [ +  -  +  -  :           2 :                                ).PushSig(keys.key1, SIGHASH_ALL).EditPush(1, "44", "45").EditPush(37, "20", "2100"));
          +  -  +  -  +  
          -  +  -  +  -  
                   +  - ]
     491   [ +  -  +  - ]:           3 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
     492         [ +  - ]:           1 :                                 "P2PK with too much S padding", SCRIPT_VERIFY_DERSIG
     493   [ +  -  +  -  :           2 :                                ).PushSig(keys.key1, SIGHASH_ALL).EditPush(1, "44", "45").EditPush(37, "20", "2100").ScriptError(SCRIPT_ERR_SIG_DER));
          +  -  +  -  +  
          -  +  -  +  -  
             +  -  +  - ]
     494   [ +  -  +  -  :           4 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
                   +  - ]
     495         [ +  - ]:           1 :                                 "P2PK with too little R padding but no DERSIG", 0
     496   [ +  -  +  -  :           2 :                                ).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220"));
          +  -  +  -  +  
                      - ]
     497   [ +  -  +  - ]:           3 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
     498         [ +  - ]:           1 :                                 "P2PK with too little R padding", SCRIPT_VERIFY_DERSIG
     499   [ +  -  +  -  :           2 :                                ).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").ScriptError(SCRIPT_ERR_SIG_DER));
          +  -  +  -  +  
                -  +  - ]
     500   [ +  -  +  -  :           4 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG << OP_NOT,
             +  -  +  - ]
     501         [ +  - ]:           1 :                                 "P2PK NOT with bad sig with too much R padding but no DERSIG", 0
     502   [ +  -  +  -  :           2 :                                ).PushSig(keys.key2, SIGHASH_ALL, 31, 32).EditPush(1, "43021F", "44022000").DamagePush(10));
          +  -  +  -  +  
                      - ]
     503   [ +  -  +  -  :           3 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG << OP_NOT,
                   +  - ]
     504         [ +  - ]:           1 :                                 "P2PK NOT with bad sig with too much R padding", SCRIPT_VERIFY_DERSIG
     505   [ +  -  +  -  :           2 :                                ).PushSig(keys.key2, SIGHASH_ALL, 31, 32).EditPush(1, "43021F", "44022000").DamagePush(10).ScriptError(SCRIPT_ERR_SIG_DER));
          +  -  +  -  +  
                -  +  - ]
     506   [ +  -  +  -  :           3 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG << OP_NOT,
                   +  - ]
     507         [ +  - ]:           1 :                                 "P2PK NOT with too much R padding but no DERSIG", 0
     508   [ +  -  +  -  :           2 :                                ).PushSig(keys.key2, SIGHASH_ALL, 31, 32).EditPush(1, "43021F", "44022000").ScriptError(SCRIPT_ERR_EVAL_FALSE));
          +  -  +  -  +  
                -  +  - ]
     509   [ +  -  +  -  :           3 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG << OP_NOT,
                   +  - ]
     510         [ +  - ]:           1 :                                 "P2PK NOT with too much R padding", SCRIPT_VERIFY_DERSIG
     511   [ +  -  +  -  :           2 :                                ).PushSig(keys.key2, SIGHASH_ALL, 31, 32).EditPush(1, "43021F", "44022000").ScriptError(SCRIPT_ERR_SIG_DER));
          +  -  +  -  +  
                -  +  - ]
     512                 :             : 
     513   [ +  -  +  -  :           4 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
                   +  - ]
     514         [ +  - ]:           1 :                                 "BIP66 example 1, without DERSIG", 0
     515   [ +  -  +  -  :           2 :                                ).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220"));
          +  -  +  -  +  
                      - ]
     516   [ +  -  +  - ]:           3 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
     517         [ +  - ]:           1 :                                 "BIP66 example 1, with DERSIG", SCRIPT_VERIFY_DERSIG
     518   [ +  -  +  -  :           2 :                                ).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").ScriptError(SCRIPT_ERR_SIG_DER));
          +  -  +  -  +  
                -  +  - ]
     519   [ +  -  +  -  :           3 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG << OP_NOT,
                   +  - ]
     520         [ +  - ]:           1 :                                 "BIP66 example 2, without DERSIG", 0
     521   [ +  -  +  -  :           2 :                                ).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").ScriptError(SCRIPT_ERR_EVAL_FALSE));
          +  -  +  -  +  
                -  +  - ]
     522   [ +  -  +  -  :           3 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG << OP_NOT,
                   +  - ]
     523         [ +  - ]:           1 :                                 "BIP66 example 2, with DERSIG", SCRIPT_VERIFY_DERSIG
     524   [ +  -  +  -  :           2 :                                ).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").ScriptError(SCRIPT_ERR_SIG_DER));
          +  -  +  -  +  
                -  +  - ]
     525   [ +  -  +  - ]:           3 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
     526         [ +  - ]:           1 :                                 "BIP66 example 3, without DERSIG", 0
     527   [ +  -  +  - ]:           2 :                                ).Num(0).ScriptError(SCRIPT_ERR_EVAL_FALSE));
     528   [ +  -  +  - ]:           3 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
     529         [ +  - ]:           1 :                                 "BIP66 example 3, with DERSIG", SCRIPT_VERIFY_DERSIG
     530   [ +  -  +  - ]:           2 :                                ).Num(0).ScriptError(SCRIPT_ERR_EVAL_FALSE));
     531   [ +  -  +  -  :           3 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG << OP_NOT,
                   +  - ]
     532         [ +  - ]:           1 :                                 "BIP66 example 4, without DERSIG", 0
     533   [ +  -  +  - ]:           2 :                                ).Num(0));
     534   [ +  -  +  -  :           3 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG << OP_NOT,
                   +  - ]
     535         [ +  - ]:           1 :                                 "BIP66 example 4, with DERSIG", SCRIPT_VERIFY_DERSIG
     536   [ +  -  +  - ]:           2 :                                ).Num(0));
     537   [ +  -  +  - ]:           3 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
     538         [ +  - ]:           1 :                                 "BIP66 example 5, without DERSIG", 0
     539   [ +  -  +  - ]:           2 :                                ).Num(1).ScriptError(SCRIPT_ERR_EVAL_FALSE));
     540   [ +  -  +  - ]:           3 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
     541         [ +  - ]:           1 :                                 "BIP66 example 5, with DERSIG", SCRIPT_VERIFY_DERSIG
     542   [ +  -  +  - ]:           2 :                                ).Num(1).ScriptError(SCRIPT_ERR_SIG_DER));
     543   [ +  -  +  -  :           3 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG << OP_NOT,
                   +  - ]
     544         [ +  - ]:           1 :                                 "BIP66 example 6, without DERSIG", 0
     545   [ +  -  +  - ]:           2 :                                ).Num(1));
     546   [ +  -  +  -  :           3 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG << OP_NOT,
                   +  - ]
     547         [ +  - ]:           1 :                                 "BIP66 example 6, with DERSIG", SCRIPT_VERIFY_DERSIG
     548   [ +  -  +  - ]:           2 :                                ).Num(1).ScriptError(SCRIPT_ERR_SIG_DER));
     549   [ +  -  +  -  :           5 :     tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG,
          +  -  +  -  +  
                -  +  - ]
     550         [ +  - ]:           1 :                                 "BIP66 example 7, without DERSIG", 0
     551   [ +  -  +  -  :           3 :                                ).Num(0).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").PushSig(keys.key2));
          +  -  +  -  +  
                -  +  - ]
     552   [ +  -  +  -  :           4 :     tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG,
          +  -  +  -  +  
                      - ]
     553         [ +  - ]:           1 :                                 "BIP66 example 7, with DERSIG", SCRIPT_VERIFY_DERSIG
     554   [ +  -  +  -  :           3 :                                ).Num(0).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").PushSig(keys.key2).ScriptError(SCRIPT_ERR_SIG_DER));
          +  -  +  -  +  
             -  +  -  +  
                      - ]
     555   [ +  -  +  -  :           4 :     tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG << OP_NOT,
          +  -  +  -  +  
                -  +  - ]
     556         [ +  - ]:           1 :                                 "BIP66 example 8, without DERSIG", 0
     557   [ +  -  +  -  :           3 :                                ).Num(0).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").PushSig(keys.key2).ScriptError(SCRIPT_ERR_EVAL_FALSE));
          +  -  +  -  +  
             -  +  -  +  
                      - ]
     558   [ +  -  +  -  :           4 :     tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG << OP_NOT,
          +  -  +  -  +  
                -  +  - ]
     559         [ +  - ]:           1 :                                 "BIP66 example 8, with DERSIG", SCRIPT_VERIFY_DERSIG
     560   [ +  -  +  -  :           3 :                                ).Num(0).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").PushSig(keys.key2).ScriptError(SCRIPT_ERR_SIG_DER));
          +  -  +  -  +  
             -  +  -  +  
                      - ]
     561   [ +  -  +  -  :           4 :     tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG,
          +  -  +  -  +  
                      - ]
     562         [ +  - ]:           1 :                                 "BIP66 example 9, without DERSIG", 0
     563   [ +  -  +  -  :           4 :                                ).Num(0).Num(0).PushSig(keys.key2, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").ScriptError(SCRIPT_ERR_EVAL_FALSE));
          +  -  +  -  +  
                -  +  - ]
     564   [ +  -  +  -  :           4 :     tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG,
          +  -  +  -  +  
                      - ]
     565         [ +  - ]:           1 :                                 "BIP66 example 9, with DERSIG", SCRIPT_VERIFY_DERSIG
     566   [ +  -  +  -  :           4 :                                ).Num(0).Num(0).PushSig(keys.key2, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").ScriptError(SCRIPT_ERR_SIG_DER));
          +  -  +  -  +  
                -  +  - ]
     567   [ +  -  +  -  :           5 :     tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG << OP_NOT,
          +  -  +  -  +  
             -  +  -  +  
                      - ]
     568         [ +  - ]:           1 :                                 "BIP66 example 10, without DERSIG", 0
     569   [ +  -  +  -  :           4 :                                ).Num(0).Num(0).PushSig(keys.key2, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220"));
          +  -  +  -  +  
                      - ]
     570   [ +  -  +  -  :           4 :     tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG << OP_NOT,
          +  -  +  -  +  
                -  +  - ]
     571         [ +  - ]:           1 :                                 "BIP66 example 10, with DERSIG", SCRIPT_VERIFY_DERSIG
     572   [ +  -  +  -  :           4 :                                ).Num(0).Num(0).PushSig(keys.key2, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").ScriptError(SCRIPT_ERR_SIG_DER));
          +  -  +  -  +  
                -  +  - ]
     573   [ +  -  +  -  :           4 :     tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG,
          +  -  +  -  +  
                      - ]
     574         [ +  - ]:           1 :                                 "BIP66 example 11, without DERSIG", 0
     575   [ +  -  +  -  :           4 :                                ).Num(0).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").Num(0).ScriptError(SCRIPT_ERR_EVAL_FALSE));
          +  -  +  -  +  
                -  +  - ]
     576   [ +  -  +  -  :           4 :     tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG,
          +  -  +  -  +  
                      - ]
     577         [ +  - ]:           1 :                                 "BIP66 example 11, with DERSIG", SCRIPT_VERIFY_DERSIG
     578   [ +  -  +  -  :           4 :                                ).Num(0).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").Num(0).ScriptError(SCRIPT_ERR_EVAL_FALSE));
          +  -  +  -  +  
                -  +  - ]
     579   [ +  -  +  -  :           4 :     tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG << OP_NOT,
          +  -  +  -  +  
                -  +  - ]
     580         [ +  - ]:           1 :                                 "BIP66 example 12, without DERSIG", 0
     581   [ +  -  +  -  :           4 :                                ).Num(0).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").Num(0));
          +  -  +  -  +  
                -  +  - ]
     582   [ +  -  +  -  :           4 :     tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG << OP_NOT,
          +  -  +  -  +  
                -  +  - ]
     583         [ +  - ]:           1 :                                 "BIP66 example 12, with DERSIG", SCRIPT_VERIFY_DERSIG
     584   [ +  -  +  -  :           4 :                                ).Num(0).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").Num(0));
          +  -  +  -  +  
                -  +  - ]
     585   [ +  -  +  -  :           4 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG,
                   +  - ]
     586         [ +  - ]:           1 :                                 "P2PK with multi-byte hashtype, without DERSIG", 0
     587   [ +  -  +  -  :           2 :                                ).PushSig(keys.key2, SIGHASH_ALL).EditPush(70, "01", "0101"));
          +  -  +  -  +  
                      - ]
     588   [ +  -  +  - ]:           3 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG,
     589         [ +  - ]:           1 :                                 "P2PK with multi-byte hashtype, with DERSIG", SCRIPT_VERIFY_DERSIG
     590   [ +  -  +  -  :           2 :                                ).PushSig(keys.key2, SIGHASH_ALL).EditPush(70, "01", "0101").ScriptError(SCRIPT_ERR_SIG_DER));
          +  -  +  -  +  
                -  +  - ]
     591                 :             : 
     592   [ +  -  +  -  :           3 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG,
                   +  - ]
     593         [ +  - ]:           1 :                                 "P2PK with high S but no LOW_S", 0
     594   [ +  -  +  - ]:           1 :                                ).PushSig(keys.key2, SIGHASH_ALL, 32, 33));
     595   [ +  -  +  - ]:           3 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG,
     596         [ +  - ]:           1 :                                 "P2PK with high S", SCRIPT_VERIFY_LOW_S
     597   [ +  -  +  -  :           1 :                                ).PushSig(keys.key2, SIGHASH_ALL, 32, 33).ScriptError(SCRIPT_ERR_SIG_HIGH_S));
                   +  - ]
     598                 :             : 
     599   [ +  -  +  -  :           3 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0H) << OP_CHECKSIG,
                   +  - ]
     600         [ +  - ]:           1 :                                 "P2PK with hybrid pubkey but no STRICTENC", 0
     601   [ +  -  +  - ]:           1 :                                ).PushSig(keys.key0, SIGHASH_ALL));
     602   [ +  -  +  - ]:           3 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0H) << OP_CHECKSIG,
     603         [ +  - ]:           1 :                                 "P2PK with hybrid pubkey", SCRIPT_VERIFY_STRICTENC
     604   [ +  -  +  -  :           1 :                                ).PushSig(keys.key0, SIGHASH_ALL).ScriptError(SCRIPT_ERR_PUBKEYTYPE));
                   +  - ]
     605   [ +  -  +  -  :           3 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0H) << OP_CHECKSIG << OP_NOT,
                   +  - ]
     606         [ +  - ]:           1 :                                 "P2PK NOT with hybrid pubkey but no STRICTENC", 0
     607   [ +  -  +  -  :           1 :                                ).PushSig(keys.key0, SIGHASH_ALL).ScriptError(SCRIPT_ERR_EVAL_FALSE));
                   +  - ]
     608   [ +  -  +  -  :           3 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0H) << OP_CHECKSIG << OP_NOT,
                   +  - ]
     609         [ +  - ]:           1 :                                 "P2PK NOT with hybrid pubkey", SCRIPT_VERIFY_STRICTENC
     610   [ +  -  +  -  :           1 :                                ).PushSig(keys.key0, SIGHASH_ALL).ScriptError(SCRIPT_ERR_PUBKEYTYPE));
                   +  - ]
     611   [ +  -  +  -  :           3 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0H) << OP_CHECKSIG << OP_NOT,
             +  -  +  - ]
     612         [ +  - ]:           1 :                                 "P2PK NOT with invalid hybrid pubkey but no STRICTENC", 0
     613   [ +  -  +  - ]:           1 :                                ).PushSig(keys.key0, SIGHASH_ALL).DamagePush(10));
     614   [ +  -  +  -  :           3 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0H) << OP_CHECKSIG << OP_NOT,
                   +  - ]
     615         [ +  - ]:           1 :                                 "P2PK NOT with invalid hybrid pubkey", SCRIPT_VERIFY_STRICTENC
     616   [ +  -  +  -  :           1 :                                ).PushSig(keys.key0, SIGHASH_ALL).DamagePush(10).ScriptError(SCRIPT_ERR_PUBKEYTYPE));
                   +  - ]
     617   [ +  -  +  -  :           4 :     tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey0H) << ToByteVector(keys.pubkey1C) << OP_2 << OP_CHECKMULTISIG,
          +  -  +  -  +  
                -  +  - ]
     618         [ +  - ]:           1 :                                 "1-of-2 with the second 1 hybrid pubkey and no STRICTENC", 0
     619   [ +  -  +  - ]:           2 :                                ).Num(0).PushSig(keys.key1, SIGHASH_ALL));
     620   [ +  -  +  -  :           4 :     tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey0H) << ToByteVector(keys.pubkey1C) << OP_2 << OP_CHECKMULTISIG,
          +  -  +  -  +  
                -  +  - ]
     621         [ +  - ]:           1 :                                 "1-of-2 with the second 1 hybrid pubkey", SCRIPT_VERIFY_STRICTENC
     622   [ +  -  +  - ]:           2 :                                ).Num(0).PushSig(keys.key1, SIGHASH_ALL));
     623   [ +  -  +  -  :           4 :     tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey0H) << OP_2 << OP_CHECKMULTISIG,
          +  -  +  -  +  
                      - ]
     624         [ +  - ]:           1 :                                 "1-of-2 with the first 1 hybrid pubkey", SCRIPT_VERIFY_STRICTENC
     625   [ +  -  +  -  :           2 :                                ).Num(0).PushSig(keys.key1, SIGHASH_ALL).ScriptError(SCRIPT_ERR_PUBKEYTYPE));
                   +  - ]
     626                 :             : 
     627   [ +  -  +  -  :           3 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG,
                   +  - ]
     628         [ +  - ]:           1 :                                 "P2PK with undefined hashtype but no STRICTENC", 0
     629   [ +  -  +  - ]:           1 :                                ).PushSig(keys.key1, 5));
     630   [ +  -  +  - ]:           3 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG,
     631         [ +  - ]:           1 :                                 "P2PK with undefined hashtype", SCRIPT_VERIFY_STRICTENC
     632   [ +  -  +  -  :           1 :                                ).PushSig(keys.key1, 5).ScriptError(SCRIPT_ERR_SIG_HASHTYPE));
                   +  - ]
     633   [ +  -  +  -  :           3 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG << OP_NOT,
             +  -  +  - ]
     634         [ +  - ]:           1 :                                 "P2PK NOT with invalid sig and undefined hashtype but no STRICTENC", 0
     635   [ +  -  +  - ]:           1 :                                ).PushSig(keys.key1, 5).DamagePush(10));
     636   [ +  -  +  -  :           3 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG << OP_NOT,
                   +  - ]
     637         [ +  - ]:           1 :                                 "P2PK NOT with invalid sig and undefined hashtype", SCRIPT_VERIFY_STRICTENC
     638   [ +  -  +  -  :           1 :                                ).PushSig(keys.key1, 5).DamagePush(10).ScriptError(SCRIPT_ERR_SIG_HASHTYPE));
                   +  - ]
     639                 :             : 
     640   [ +  -  +  -  :           5 :     tests.push_back(TestBuilder(CScript() << OP_3 << ToByteVector(keys.pubkey0C) << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_3 << OP_CHECKMULTISIG,
          +  -  +  -  +  
             -  +  -  +  
                      - ]
     641         [ +  - ]:           1 :                                 "3-of-3 with nonzero dummy but no NULLDUMMY", 0
     642   [ +  -  +  -  :           2 :                                ).Num(1).PushSig(keys.key0).PushSig(keys.key1).PushSig(keys.key2));
             +  -  +  - ]
     643   [ +  -  +  -  :           5 :     tests.push_back(TestBuilder(CScript() << OP_3 << ToByteVector(keys.pubkey0C) << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_3 << OP_CHECKMULTISIG,
          +  -  +  -  +  
                -  +  - ]
     644         [ +  - ]:           1 :                                 "3-of-3 with nonzero dummy", SCRIPT_VERIFY_NULLDUMMY
     645   [ +  -  +  -  :           2 :                                ).Num(1).PushSig(keys.key0).PushSig(keys.key1).PushSig(keys.key2).ScriptError(SCRIPT_ERR_SIG_NULLDUMMY));
          +  -  +  -  +  
                      - ]
     646   [ +  -  +  -  :           5 :     tests.push_back(TestBuilder(CScript() << OP_3 << ToByteVector(keys.pubkey0C) << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_3 << OP_CHECKMULTISIG << OP_NOT,
          +  -  +  -  +  
          -  +  -  +  -  
                   +  - ]
     647         [ +  - ]:           1 :                                 "3-of-3 NOT with invalid sig and nonzero dummy but no NULLDUMMY", 0
     648   [ +  -  +  -  :           2 :                                ).Num(1).PushSig(keys.key0).PushSig(keys.key1).PushSig(keys.key2).DamagePush(10));
             +  -  +  - ]
     649   [ +  -  +  -  :           5 :     tests.push_back(TestBuilder(CScript() << OP_3 << ToByteVector(keys.pubkey0C) << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_3 << OP_CHECKMULTISIG << OP_NOT,
          +  -  +  -  +  
             -  +  -  +  
                      - ]
     650         [ +  - ]:           1 :                                 "3-of-3 NOT with invalid sig with nonzero dummy", SCRIPT_VERIFY_NULLDUMMY
     651   [ +  -  +  -  :           2 :                                ).Num(1).PushSig(keys.key0).PushSig(keys.key1).PushSig(keys.key2).DamagePush(10).ScriptError(SCRIPT_ERR_SIG_NULLDUMMY));
          +  -  +  -  +  
                      - ]
     652                 :             : 
     653   [ +  -  +  -  :           4 :     tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey1C) << OP_2 << OP_CHECKMULTISIG,
          +  -  +  -  +  
                      - ]
     654         [ +  - ]:           1 :                                 "2-of-2 with two identical keys and sigs pushed using OP_DUP but no SIGPUSHONLY", 0
     655   [ +  -  +  -  :           3 :                                ).Num(0).PushSig(keys.key1).Opcode(OP_DUP));
                   +  - ]
     656   [ +  -  +  -  :           4 :     tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey1C) << OP_2 << OP_CHECKMULTISIG,
          +  -  +  -  +  
                      - ]
     657         [ +  - ]:           1 :                                 "2-of-2 with two identical keys and sigs pushed using OP_DUP", SCRIPT_VERIFY_SIGPUSHONLY
     658   [ +  -  +  -  :           3 :                                ).Num(0).PushSig(keys.key1).Opcode(OP_DUP).ScriptError(SCRIPT_ERR_SIG_PUSHONLY));
                   +  - ]
     659   [ +  -  +  -  :           3 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG,
                   +  - ]
     660         [ +  - ]:           1 :                                 "P2SH(P2PK) with non-push scriptSig but no P2SH or SIGPUSHONLY", 0, true
     661   [ +  -  +  -  :           2 :                                ).PushSig(keys.key2).Opcode(OP_NOP8).PushRedeem());
                   +  - ]
     662   [ +  -  +  - ]:           3 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG,
     663         [ +  - ]:           1 :                                 "P2PK with non-push scriptSig but with P2SH validation", 0
     664   [ +  -  +  -  :           2 :                                ).PushSig(keys.key2).Opcode(OP_NOP8));
                   +  - ]
     665   [ +  -  +  - ]:           3 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG,
     666         [ +  - ]:           1 :                                 "P2SH(P2PK) with non-push scriptSig but no SIGPUSHONLY", SCRIPT_VERIFY_P2SH, true
     667   [ +  -  +  -  :           2 :                                ).PushSig(keys.key2).Opcode(OP_NOP8).PushRedeem().ScriptError(SCRIPT_ERR_SIG_PUSHONLY));
             +  -  +  - ]
     668   [ +  -  +  - ]:           3 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG,
     669         [ +  - ]:           1 :                                 "P2SH(P2PK) with non-push scriptSig but not P2SH", SCRIPT_VERIFY_SIGPUSHONLY, true
     670   [ +  -  +  -  :           2 :                                ).PushSig(keys.key2).Opcode(OP_NOP8).PushRedeem().ScriptError(SCRIPT_ERR_SIG_PUSHONLY));
             +  -  +  - ]
     671   [ +  -  +  -  :           4 :     tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey1C) << OP_2 << OP_CHECKMULTISIG,
          +  -  +  -  +  
                -  +  - ]
     672         [ +  - ]:           1 :                                 "2-of-2 with two identical keys and sigs pushed", SCRIPT_VERIFY_SIGPUSHONLY
     673   [ +  -  +  -  :           2 :                                ).Num(0).PushSig(keys.key1).PushSig(keys.key1));
                   +  - ]
     674   [ +  -  +  -  :           3 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
                   +  - ]
     675         [ +  - ]:           1 :                                 "P2PK with unnecessary input but no CLEANSTACK", SCRIPT_VERIFY_P2SH
     676   [ +  -  +  - ]:           2 :                                ).Num(11).PushSig(keys.key0));
     677   [ +  -  +  - ]:           3 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
     678         [ +  - ]:           1 :                                 "P2PK with unnecessary input", SCRIPT_VERIFY_CLEANSTACK | SCRIPT_VERIFY_P2SH
     679   [ +  -  +  -  :           2 :                                ).Num(11).PushSig(keys.key0).ScriptError(SCRIPT_ERR_CLEANSTACK));
                   +  - ]
     680   [ +  -  +  -  :           3 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
                   +  - ]
     681         [ +  - ]:           1 :                                 "P2SH with unnecessary input but no CLEANSTACK", SCRIPT_VERIFY_P2SH, true
     682   [ +  -  +  -  :           2 :                                ).Num(11).PushSig(keys.key0).PushRedeem());
                   +  - ]
     683   [ +  -  +  - ]:           3 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
     684         [ +  - ]:           1 :                                 "P2SH with unnecessary input", SCRIPT_VERIFY_CLEANSTACK | SCRIPT_VERIFY_P2SH, true
     685   [ +  -  +  -  :           2 :                                ).Num(11).PushSig(keys.key0).PushRedeem().ScriptError(SCRIPT_ERR_CLEANSTACK));
             +  -  +  - ]
     686   [ +  -  +  -  :           3 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
                   +  - ]
     687         [ +  - ]:           1 :                                 "P2SH with CLEANSTACK", SCRIPT_VERIFY_CLEANSTACK | SCRIPT_VERIFY_P2SH, true
     688   [ +  -  +  -  :           1 :                                ).PushSig(keys.key0).PushRedeem());
                   +  - ]
     689                 :             : 
     690   [ +  -  +  -  :           3 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
                   +  - ]
     691         [ +  - ]:           1 :                                 "Basic P2WSH", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false, WitnessMode::SH,
     692   [ +  -  +  -  :           1 :                                 0, 1).PushWitSig(keys.key0).PushWitRedeem());
                   +  - ]
     693   [ +  -  +  - ]:           3 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0),
     694         [ +  - ]:           1 :                                 "Basic P2WPKH", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false, WitnessMode::PKH,
     695   [ +  -  +  -  :           1 :                                 0, 1).PushWitSig(keys.key0).Push(keys.pubkey0).AsWit());
             +  -  +  - ]
     696   [ +  -  +  -  :           3 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
                   +  - ]
     697         [ +  - ]:           1 :                                 "Basic P2SH(P2WSH)", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, true, WitnessMode::SH,
     698   [ +  -  +  -  :           1 :                                 0, 1).PushWitSig(keys.key0).PushWitRedeem().PushRedeem());
             +  -  +  - ]
     699   [ +  -  +  - ]:           3 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0),
     700         [ +  - ]:           1 :                                 "Basic P2SH(P2WPKH)", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, true, WitnessMode::PKH,
     701   [ +  -  +  -  :           1 :                                 0, 1).PushWitSig(keys.key0).Push(keys.pubkey0).AsWit().PushRedeem());
          +  -  +  -  +  
                      - ]
     702   [ +  -  +  - ]:           3 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG,
     703         [ +  - ]:           1 :                                 "Basic P2WSH with the wrong key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false, WitnessMode::SH
     704   [ +  -  +  -  :           1 :                                ).PushWitSig(keys.key0).PushWitRedeem().ScriptError(SCRIPT_ERR_EVAL_FALSE));
             +  -  +  - ]
     705         [ +  - ]:           3 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1),
     706         [ +  - ]:           1 :                                 "Basic P2WPKH with the wrong key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false, WitnessMode::PKH
     707   [ +  -  +  -  :           1 :                                ).PushWitSig(keys.key0).Push(keys.pubkey1).AsWit().ScriptError(SCRIPT_ERR_EVAL_FALSE));
          +  -  +  -  +  
                      - ]
     708   [ +  -  +  - ]:           3 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG,
     709         [ +  - ]:           1 :                                 "Basic P2SH(P2WSH) with the wrong key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, true, WitnessMode::SH
     710   [ +  -  +  -  :           1 :                                ).PushWitSig(keys.key0).PushWitRedeem().PushRedeem().ScriptError(SCRIPT_ERR_EVAL_FALSE));
          +  -  +  -  +  
                      - ]
     711         [ +  - ]:           3 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1),
     712         [ +  - ]:           1 :                                 "Basic P2SH(P2WPKH) with the wrong key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, true, WitnessMode::PKH
     713   [ +  -  +  -  :           1 :                                ).PushWitSig(keys.key0).Push(keys.pubkey1).AsWit().PushRedeem().ScriptError(SCRIPT_ERR_EVAL_FALSE));
          +  -  +  -  +  
                -  +  - ]
     714   [ +  -  +  -  :           3 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG,
                   +  - ]
     715         [ +  - ]:           1 :                                 "Basic P2WSH with the wrong key but no WITNESS", SCRIPT_VERIFY_P2SH, false, WitnessMode::SH
     716   [ +  -  +  -  :           1 :                                ).PushWitSig(keys.key0).PushWitRedeem());
                   +  - ]
     717   [ +  -  +  - ]:           3 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1),
     718         [ +  - ]:           1 :                                 "Basic P2WPKH with the wrong key but no WITNESS", SCRIPT_VERIFY_P2SH, false, WitnessMode::PKH
     719   [ +  -  +  -  :           1 :                                ).PushWitSig(keys.key0).Push(keys.pubkey1).AsWit());
             +  -  +  - ]
     720   [ +  -  +  -  :           3 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG,
                   +  - ]
     721         [ +  - ]:           1 :                                 "Basic P2SH(P2WSH) with the wrong key but no WITNESS", SCRIPT_VERIFY_P2SH, true, WitnessMode::SH
     722   [ +  -  +  -  :           1 :                                ).PushWitSig(keys.key0).PushWitRedeem().PushRedeem());
             +  -  +  - ]
     723   [ +  -  +  - ]:           3 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1),
     724         [ +  - ]:           1 :                                 "Basic P2SH(P2WPKH) with the wrong key but no WITNESS", SCRIPT_VERIFY_P2SH, true, WitnessMode::PKH
     725   [ +  -  +  -  :           1 :                                ).PushWitSig(keys.key0).Push(keys.pubkey1).AsWit().PushRedeem());
          +  -  +  -  +  
                      - ]
     726   [ +  -  +  - ]:           3 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
     727         [ +  - ]:           1 :                                 "Basic P2WSH with wrong value", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false, WitnessMode::SH,
     728   [ +  -  +  -  :           1 :                                 0, 0).PushWitSig(keys.key0, 1).PushWitRedeem().ScriptError(SCRIPT_ERR_EVAL_FALSE));
             +  -  +  - ]
     729         [ +  - ]:           3 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0),
     730         [ +  - ]:           1 :                                 "Basic P2WPKH with wrong value", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false, WitnessMode::PKH,
     731   [ +  -  +  -  :           1 :                                 0, 0).PushWitSig(keys.key0, 1).Push(keys.pubkey0).AsWit().ScriptError(SCRIPT_ERR_EVAL_FALSE));
          +  -  +  -  +  
                      - ]
     732   [ +  -  +  - ]:           3 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
     733         [ +  - ]:           1 :                                 "Basic P2SH(P2WSH) with wrong value", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, true, WitnessMode::SH,
     734   [ +  -  +  -  :           1 :                                 0, 0).PushWitSig(keys.key0, 1).PushWitRedeem().PushRedeem().ScriptError(SCRIPT_ERR_EVAL_FALSE));
          +  -  +  -  +  
                      - ]
     735         [ +  - ]:           3 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0),
     736         [ +  - ]:           1 :                                 "Basic P2SH(P2WPKH) with wrong value", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, true, WitnessMode::PKH,
     737   [ +  -  +  -  :           1 :                                 0, 0).PushWitSig(keys.key0, 1).Push(keys.pubkey0).AsWit().PushRedeem().ScriptError(SCRIPT_ERR_EVAL_FALSE));
          +  -  +  -  +  
                -  +  - ]
     738                 :             : 
     739         [ +  - ]:           3 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0),
     740         [ +  - ]:           1 :                                 "P2WPKH with future witness version", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH |
     741                 :             :                                 SCRIPT_VERIFY_DISCOURAGE_UPGRADABLE_WITNESS_PROGRAM, false, WitnessMode::PKH, 1
     742   [ +  -  +  -  :           1 :                                ).PushWitSig(keys.key0).Push(keys.pubkey0).AsWit().ScriptError(SCRIPT_ERR_DISCOURAGE_UPGRADABLE_WITNESS_PROGRAM));
          +  -  +  -  +  
                      - ]
     743                 :           1 :     {
     744         [ +  - ]:           2 :         CScript witscript = CScript() << ToByteVector(keys.pubkey0);
     745                 :           1 :         uint256 hash;
     746   [ +  -  +  -  :           3 :         CSHA256().Write(witscript.data(), witscript.size()).Finalize(hash.begin());
             +  -  +  - ]
     747         [ +  - ]:           1 :         std::vector<unsigned char> hashBytes = ToByteVector(hash);
     748         [ +  - ]:           1 :         hashBytes.pop_back();
     749   [ +  -  -  + ]:           2 :         tests.push_back(TestBuilder(CScript() << OP_0 << hashBytes,
     750         [ +  - ]:           2 :                                     "P2WPKH with wrong witness program length", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false
     751   [ +  -  +  -  :           1 :                                    ).PushWitSig(keys.key0).Push(keys.pubkey0).AsWit().ScriptError(SCRIPT_ERR_WITNESS_PROGRAM_WRONG_LENGTH));
          +  -  +  -  +  
                      - ]
     752                 :           1 :     }
     753   [ +  -  +  - ]:           3 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
     754         [ +  - ]:           1 :                                 "P2WSH with empty witness", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false, WitnessMode::SH
     755   [ +  -  +  - ]:           1 :                                ).ScriptError(SCRIPT_ERR_WITNESS_PROGRAM_WITNESS_EMPTY));
     756                 :           1 :     {
     757   [ +  -  +  - ]:           2 :         CScript witscript = CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG;
     758                 :           1 :         tests.push_back(TestBuilder(witscript,
     759         [ +  - ]:           2 :                                     "P2WSH with witness program mismatch", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false, WitnessMode::SH
     760   [ +  -  +  -  :           1 :                                    ).PushWitSig(keys.key0).Push(witscript).DamagePush(0).AsWit().ScriptError(SCRIPT_ERR_WITNESS_PROGRAM_MISMATCH));
          +  -  +  -  +  
                      - ]
     761                 :           0 :     }
     762         [ +  - ]:           3 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0),
     763         [ +  - ]:           1 :                                 "P2WPKH with witness program mismatch", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false, WitnessMode::PKH
     764   [ +  -  +  -  :           2 :                                ).PushWitSig(keys.key0).Push(keys.pubkey0).AsWit().Push("0").AsWit().ScriptError(SCRIPT_ERR_WITNESS_PROGRAM_MISMATCH));
          +  -  +  -  +  
          -  +  -  +  -  
                   +  - ]
     765         [ +  - ]:           3 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0),
     766         [ +  - ]:           1 :                                 "P2WPKH with non-empty scriptSig", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false, WitnessMode::PKH
     767   [ +  -  +  -  :           2 :                                ).PushWitSig(keys.key0).Push(keys.pubkey0).AsWit().Num(11).ScriptError(SCRIPT_ERR_WITNESS_MALLEATED));
          +  -  +  -  +  
                      - ]
     768         [ +  - ]:           3 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1),
     769         [ +  - ]:           1 :                                 "P2SH(P2WPKH) with superfluous push in scriptSig", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, true, WitnessMode::PKH
     770   [ +  -  +  -  :           2 :                                ).PushWitSig(keys.key0).Push(keys.pubkey1).AsWit().Num(11).PushRedeem().ScriptError(SCRIPT_ERR_WITNESS_MALLEATED_P2SH));
          +  -  +  -  +  
                -  +  - ]
     771   [ +  -  +  - ]:           3 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
     772         [ +  - ]:           1 :                                 "P2PK with witness", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH
     773   [ +  -  +  -  :           2 :                                ).PushSig(keys.key0).Push("0").AsWit().ScriptError(SCRIPT_ERR_WITNESS_UNEXPECTED));
          +  -  +  -  +  
                -  +  - ]
     774                 :             : 
     775                 :             :     // Compressed keys should pass SCRIPT_VERIFY_WITNESS_PUBKEYTYPE
     776   [ +  -  +  -  :           3 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0C) << OP_CHECKSIG,
                   +  - ]
     777         [ +  - ]:           1 :                                 "Basic P2WSH with compressed key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, false, WitnessMode::SH,
     778   [ +  -  +  -  :           1 :                                 0, 1).PushWitSig(keys.key0C).PushWitRedeem());
                   +  - ]
     779   [ +  -  +  - ]:           3 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0C),
     780         [ +  - ]:           1 :                                 "Basic P2WPKH with compressed key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, false, WitnessMode::PKH,
     781   [ +  -  +  -  :           1 :                                 0, 1).PushWitSig(keys.key0C).Push(keys.pubkey0C).AsWit());
             +  -  +  - ]
     782   [ +  -  +  -  :           3 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0C) << OP_CHECKSIG,
                   +  - ]
     783         [ +  - ]:           1 :                                 "Basic P2SH(P2WSH) with compressed key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, true, WitnessMode::SH,
     784   [ +  -  +  -  :           1 :                                 0, 1).PushWitSig(keys.key0C).PushWitRedeem().PushRedeem());
             +  -  +  - ]
     785   [ +  -  +  - ]:           3 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0C),
     786         [ +  - ]:           1 :                                 "Basic P2SH(P2WPKH) with compressed key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, true, WitnessMode::PKH,
     787   [ +  -  +  -  :           1 :                                 0, 1).PushWitSig(keys.key0C).Push(keys.pubkey0C).AsWit().PushRedeem());
          +  -  +  -  +  
                      - ]
     788                 :             : 
     789                 :             :     // Testing uncompressed key in witness with SCRIPT_VERIFY_WITNESS_PUBKEYTYPE
     790   [ +  -  +  - ]:           3 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
     791         [ +  - ]:           1 :                                 "Basic P2WSH", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, false, WitnessMode::SH,
     792   [ +  -  +  -  :           1 :                                 0, 1).PushWitSig(keys.key0).PushWitRedeem().ScriptError(SCRIPT_ERR_WITNESS_PUBKEYTYPE));
             +  -  +  - ]
     793         [ +  - ]:           3 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0),
     794         [ +  - ]:           1 :                                 "Basic P2WPKH", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, false, WitnessMode::PKH,
     795   [ +  -  +  -  :           1 :                                 0, 1).PushWitSig(keys.key0).Push(keys.pubkey0).AsWit().ScriptError(SCRIPT_ERR_WITNESS_PUBKEYTYPE));
          +  -  +  -  +  
                      - ]
     796   [ +  -  +  - ]:           3 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
     797         [ +  - ]:           1 :                                 "Basic P2SH(P2WSH)", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, true, WitnessMode::SH,
     798   [ +  -  +  -  :           1 :                                 0, 1).PushWitSig(keys.key0).PushWitRedeem().PushRedeem().ScriptError(SCRIPT_ERR_WITNESS_PUBKEYTYPE));
          +  -  +  -  +  
                      - ]
     799         [ +  - ]:           3 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0),
     800         [ +  - ]:           1 :                                 "Basic P2SH(P2WPKH)", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, true, WitnessMode::PKH,
     801   [ +  -  +  -  :           1 :                                 0, 1).PushWitSig(keys.key0).Push(keys.pubkey0).AsWit().PushRedeem().ScriptError(SCRIPT_ERR_WITNESS_PUBKEYTYPE));
          +  -  +  -  +  
                -  +  - ]
     802                 :             : 
     803                 :             :     // P2WSH 1-of-2 multisig with compressed keys
     804   [ +  -  +  -  :           5 :     tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey0C) << OP_2 << OP_CHECKMULTISIG,
          +  -  +  -  +  
                -  +  - ]
     805         [ +  - ]:           1 :                                 "P2WSH CHECKMULTISIG with compressed keys", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, false, WitnessMode::SH,
     806   [ +  -  +  -  :           2 :                                 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key0C).PushWitRedeem());
          +  -  +  -  +  
                      - ]
     807   [ +  -  +  -  :           5 :     tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey0C) << OP_2 << OP_CHECKMULTISIG,
          +  -  +  -  +  
                -  +  - ]
     808         [ +  - ]:           1 :                                 "P2SH(P2WSH) CHECKMULTISIG with compressed keys", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, true, WitnessMode::SH,
     809   [ +  -  +  -  :           2 :                                 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key0C).PushWitRedeem().PushRedeem());
          +  -  +  -  +  
                -  +  - ]
     810   [ +  -  +  -  :           5 :     tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey0C) << OP_2 << OP_CHECKMULTISIG,
          +  -  +  -  +  
                -  +  - ]
     811         [ +  - ]:           1 :                                 "P2WSH CHECKMULTISIG with compressed keys", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, false, WitnessMode::SH,
     812   [ +  -  +  -  :           2 :                                 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key1C).PushWitRedeem());
          +  -  +  -  +  
                      - ]
     813   [ +  -  +  -  :           5 :     tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey0C) << OP_2 << OP_CHECKMULTISIG,
          +  -  +  -  +  
                -  +  - ]
     814         [ +  - ]:           1 :                                 "P2SH(P2WSH) CHECKMULTISIG with compressed keys", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, true, WitnessMode::SH,
     815   [ +  -  +  -  :           2 :                                 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key1C).PushWitRedeem().PushRedeem());
          +  -  +  -  +  
                -  +  - ]
     816                 :             : 
     817                 :             :     // P2WSH 1-of-2 multisig with first key uncompressed
     818   [ +  -  +  -  :           5 :     tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey0) << OP_2 << OP_CHECKMULTISIG,
          +  -  +  -  +  
                -  +  - ]
     819         [ +  - ]:           1 :                                 "P2WSH CHECKMULTISIG with first key uncompressed and signing with the first key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false, WitnessMode::SH,
     820   [ +  -  +  -  :           2 :                                 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key0).PushWitRedeem());
          +  -  +  -  +  
                      - ]
     821   [ +  -  +  -  :           5 :     tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey0) << OP_2 << OP_CHECKMULTISIG,
          +  -  +  -  +  
                -  +  - ]
     822         [ +  - ]:           1 :                                 "P2SH(P2WSH) CHECKMULTISIG first key uncompressed and signing with the first key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, true, WitnessMode::SH,
     823   [ +  -  +  -  :           2 :                                 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key0).PushWitRedeem().PushRedeem());
          +  -  +  -  +  
                -  +  - ]
     824   [ +  -  +  -  :           4 :     tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey0) << OP_2 << OP_CHECKMULTISIG,
          +  -  +  -  +  
                      - ]
     825         [ +  - ]:           1 :                                 "P2WSH CHECKMULTISIG with first key uncompressed and signing with the first key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, false, WitnessMode::SH,
     826   [ +  -  +  -  :           2 :                                 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key0).PushWitRedeem().ScriptError(SCRIPT_ERR_WITNESS_PUBKEYTYPE));
          +  -  +  -  +  
                -  +  - ]
     827   [ +  -  +  -  :           4 :     tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey0) << OP_2 << OP_CHECKMULTISIG,
          +  -  +  -  +  
                      - ]
     828         [ +  - ]:           1 :                                 "P2SH(P2WSH) CHECKMULTISIG with first key uncompressed and signing with the first key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, true, WitnessMode::SH,
     829   [ +  -  +  -  :           2 :                                 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key0).PushWitRedeem().PushRedeem().ScriptError(SCRIPT_ERR_WITNESS_PUBKEYTYPE));
          +  -  +  -  +  
             -  +  -  +  
                      - ]
     830   [ +  -  +  -  :           5 :     tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey0) << OP_2 << OP_CHECKMULTISIG,
          +  -  +  -  +  
                -  +  - ]
     831         [ +  - ]:           1 :                                 "P2WSH CHECKMULTISIG with first key uncompressed and signing with the second key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false, WitnessMode::SH,
     832   [ +  -  +  -  :           2 :                                 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key1C).PushWitRedeem());
          +  -  +  -  +  
                      - ]
     833   [ +  -  +  -  :           5 :     tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey0) << OP_2 << OP_CHECKMULTISIG,
          +  -  +  -  +  
                -  +  - ]
     834         [ +  - ]:           1 :                                 "P2SH(P2WSH) CHECKMULTISIG with first key uncompressed and signing with the second key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, true, WitnessMode::SH,
     835   [ +  -  +  -  :           2 :                                 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key1C).PushWitRedeem().PushRedeem());
          +  -  +  -  +  
                -  +  - ]
     836   [ +  -  +  -  :           4 :     tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey0) << OP_2 << OP_CHECKMULTISIG,
          +  -  +  -  +  
                      - ]
     837         [ +  - ]:           1 :                                 "P2WSH CHECKMULTISIG with first key uncompressed and signing with the second key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, false, WitnessMode::SH,
     838   [ +  -  +  -  :           2 :                                 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key1C).PushWitRedeem().ScriptError(SCRIPT_ERR_WITNESS_PUBKEYTYPE));
          +  -  +  -  +  
                -  +  - ]
     839   [ +  -  +  -  :           4 :     tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey0) << OP_2 << OP_CHECKMULTISIG,
          +  -  +  -  +  
                      - ]
     840         [ +  - ]:           1 :                                 "P2SH(P2WSH) CHECKMULTISIG with first key uncompressed and signing with the second key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, true, WitnessMode::SH,
     841   [ +  -  +  -  :           2 :                                 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key1C).PushWitRedeem().PushRedeem().ScriptError(SCRIPT_ERR_WITNESS_PUBKEYTYPE));
          +  -  +  -  +  
             -  +  -  +  
                      - ]
     842                 :             :     // P2WSH 1-of-2 multisig with second key uncompressed
     843   [ +  -  +  -  :           5 :     tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1) << ToByteVector(keys.pubkey0C) << OP_2 << OP_CHECKMULTISIG,
          +  -  +  -  +  
                -  +  - ]
     844         [ +  - ]:           1 :                                 "P2WSH CHECKMULTISIG with second key uncompressed and signing with the first key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false, WitnessMode::SH,
     845   [ +  -  +  -  :           2 :                                 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key0C).PushWitRedeem());
          +  -  +  -  +  
                      - ]
     846   [ +  -  +  -  :           5 :     tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1) << ToByteVector(keys.pubkey0C) << OP_2 << OP_CHECKMULTISIG,
          +  -  +  -  +  
                -  +  - ]
     847         [ +  - ]:           1 :                                 "P2SH(P2WSH) CHECKMULTISIG second key uncompressed and signing with the first key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, true, WitnessMode::SH,
     848   [ +  -  +  -  :           2 :                                 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key0C).PushWitRedeem().PushRedeem());
          +  -  +  -  +  
                -  +  - ]
     849   [ +  -  +  -  :           5 :     tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1) << ToByteVector(keys.pubkey0C) << OP_2 << OP_CHECKMULTISIG,
          +  -  +  -  +  
                -  +  - ]
     850         [ +  - ]:           1 :                                 "P2WSH CHECKMULTISIG with second key uncompressed and signing with the first key should pass as the uncompressed key is not used", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, false, WitnessMode::SH,
     851   [ +  -  +  -  :           2 :                                 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key0C).PushWitRedeem());
          +  -  +  -  +  
                      - ]
     852   [ +  -  +  -  :           5 :     tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1) << ToByteVector(keys.pubkey0C) << OP_2 << OP_CHECKMULTISIG,
          +  -  +  -  +  
                -  +  - ]
     853         [ +  - ]:           1 :                                 "P2SH(P2WSH) CHECKMULTISIG with second key uncompressed and signing with the first key should pass as the uncompressed key is not used", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, true, WitnessMode::SH,
     854   [ +  -  +  -  :           2 :                                 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key0C).PushWitRedeem().PushRedeem());
          +  -  +  -  +  
                -  +  - ]
     855   [ +  -  +  -  :           5 :     tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1) << ToByteVector(keys.pubkey0C) << OP_2 << OP_CHECKMULTISIG,
          +  -  +  -  +  
                -  +  - ]
     856         [ +  - ]:           1 :                                 "P2WSH CHECKMULTISIG with second key uncompressed and signing with the second key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false, WitnessMode::SH,
     857   [ +  -  +  -  :           2 :                                 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key1).PushWitRedeem());
          +  -  +  -  +  
                      - ]
     858   [ +  -  +  -  :           5 :     tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1) << ToByteVector(keys.pubkey0C) << OP_2 << OP_CHECKMULTISIG,
          +  -  +  -  +  
                -  +  - ]
     859         [ +  - ]:           1 :                                 "P2SH(P2WSH) CHECKMULTISIG with second key uncompressed and signing with the second key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, true, WitnessMode::SH,
     860   [ +  -  +  -  :           2 :                                 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key1).PushWitRedeem().PushRedeem());
          +  -  +  -  +  
                -  +  - ]
     861   [ +  -  +  -  :           4 :     tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1) << ToByteVector(keys.pubkey0C) << OP_2 << OP_CHECKMULTISIG,
          +  -  +  -  +  
                      - ]
     862         [ +  - ]:           1 :                                 "P2WSH CHECKMULTISIG with second key uncompressed and signing with the second key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, false, WitnessMode::SH,
     863   [ +  -  +  -  :           2 :                                 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key1).PushWitRedeem().ScriptError(SCRIPT_ERR_WITNESS_PUBKEYTYPE));
          +  -  +  -  +  
                -  +  - ]
     864   [ +  -  +  -  :           4 :     tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1) << ToByteVector(keys.pubkey0C) << OP_2 << OP_CHECKMULTISIG,
          +  -  +  -  +  
                      - ]
     865         [ +  - ]:           1 :                                 "P2SH(P2WSH) CHECKMULTISIG with second key uncompressed and signing with the second key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, true, WitnessMode::SH,
     866   [ +  -  +  -  :           2 :                                 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key1).PushWitRedeem().PushRedeem().ScriptError(SCRIPT_ERR_WITNESS_PUBKEYTYPE));
          +  -  +  -  +  
             -  +  -  +  
                      - ]
     867                 :             : 
     868         [ +  - ]:           1 :     std::set<std::string> tests_set;
     869                 :             : 
     870                 :           1 :     {
     871         [ +  - ]:           1 :         UniValue json_tests = read_json(json_tests::script_tests);
     872                 :             : 
     873   [ -  +  +  + ]:        1265 :         for (unsigned int idx = 0; idx < json_tests.size(); idx++) {
     874         [ +  - ]:        1264 :             const UniValue& tv = json_tests[idx];
     875   [ +  -  +  -  :        2528 :             tests_set.insert(JSONPrettyPrint(tv.get_array()));
                   +  - ]
     876                 :             :         }
     877                 :           1 :     }
     878                 :             : 
     879                 :             : #ifdef UPDATE_JSON_TESTS
     880                 :             :     std::string strGen;
     881                 :             : #endif
     882         [ +  + ]:         135 :     for (TestBuilder& test : tests) {
     883         [ +  - ]:         134 :         test.Test(*this);
     884   [ +  -  +  - ]:         134 :         std::string str = JSONPrettyPrint(test.GetJSON());
     885                 :             : #ifdef UPDATE_JSON_TESTS
     886                 :             :         strGen += str + ",\n";
     887                 :             : #else
     888         [ -  + ]:         134 :         if (tests_set.count(str) == 0) {
     889   [ #  #  #  #  :           0 :             BOOST_CHECK_MESSAGE(false, "Missing auto script_valid test: " + test.GetComment());
             #  #  #  # ]
     890                 :             :         }
     891                 :             : #endif
     892                 :         134 :     }
     893                 :             : 
     894                 :             : #ifdef UPDATE_JSON_TESTS
     895                 :             :     FILE* file = fsbridge::fopen("script_tests.json.gen", "w");
     896                 :             :     fputs(strGen.c_str(), file);
     897                 :             :     fclose(file);
     898                 :             : #endif
     899                 :           1 : }
     900                 :             : 
     901   [ +  -  +  -  :           7 : BOOST_AUTO_TEST_CASE(script_json_test)
          +  -  +  -  -  
          +  +  -  +  -  
          +  -  +  -  +  
          -  +  -  -  +  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  -  +  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  -  +  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  -  +  +  
                      - ]
     902                 :             : {
     903                 :             :     // Read tests from test/data/script_tests.json
     904                 :             :     // Format is an array of arrays
     905                 :             :     // Inner arrays are [ ["wit"..., nValue]?, "scriptSig", "scriptPubKey", "flags", "expected_scripterror" ]
     906                 :             :     // ... where scriptSig and scriptPubKey are stringified
     907                 :             :     // scripts.
     908                 :             :     // If a witness is given, then the last value in the array should be the
     909                 :             :     // amount (nValue) to use in the crediting tx
     910                 :           1 :     UniValue tests = read_json(json_tests::script_tests);
     911                 :             : 
     912         [ +  - ]:           1 :     const KeyData keys;
     913   [ -  +  +  + ]:        1265 :     for (unsigned int idx = 0; idx < tests.size(); idx++) {
     914         [ +  - ]:        1264 :         const UniValue& test = tests[idx];
     915         [ +  - ]:        1264 :         std::string strTest = test.write();
     916                 :        1264 :         CScriptWitness witness;
     917         [ -  + ]:        1264 :         TaprootBuilder taprootBuilder;
     918                 :        1264 :         CAmount nValue = 0;
     919                 :        1264 :         unsigned int pos = 0;
     920   [ -  +  +  -  :        1264 :         if (test.size() > 0 && test[pos].isArray()) {
             +  -  +  + ]
     921                 :             :             unsigned int i=0;
     922   [ +  -  -  +  :         344 :             for (i = 0; i < test[pos].size()-1; i++) {
                   +  + ]
     923   [ +  -  +  -  :         233 :                 auto element = test[pos][i].get_str();
             +  -  -  + ]
     924                 :             :                 // We use #SCRIPT# to flag a non-hex script that we can read using ParseScript
     925                 :             :                 // Taproot script must be third from the last element in witness stack
     926   [ +  +  +  - ]:         233 :                 static const std::string SCRIPT_FLAG{"#SCRIPT#"};
     927   [ -  +  -  +  :         233 :                 if (element.starts_with(SCRIPT_FLAG)) {
                   +  + ]
     928   [ +  -  +  - ]:           4 :                     CScript script = ParseScript(element.substr(SCRIPT_FLAG.size()));
     929         [ +  - ]:           8 :                     witness.stack.push_back(ToByteVector(script));
     930         [ +  + ]:         233 :                 } else if (element == "#CONTROLBLOCK#") {
     931                 :             :                     // Taproot script control block - second from the last element in witness stack
     932                 :             :                     // If #CONTROLBLOCK# we auto-generate the control block
     933   [ -  +  +  - ]:           4 :                     taprootBuilder.Add(/*depth=*/0, witness.stack.back(), TAPROOT_LEAF_TAPSCRIPT, /*track=*/true);
     934   [ +  -  +  - ]:           4 :                     taprootBuilder.Finalize(XOnlyPubKey(keys.key0.GetPubKey()));
     935   [ +  -  +  -  :           4 :                     auto controlblocks = taprootBuilder.GetSpendData().scripts[{witness.stack.back(), TAPROOT_LEAF_TAPSCRIPT}];
             +  -  +  - ]
     936         [ +  - ]:           4 :                     witness.stack.push_back(*(controlblocks.begin()));
     937                 :           4 :                 } else {
     938         [ +  - ]:         225 :                     const auto witness_value{TryParseHex<unsigned char>(element)};
     939         [ -  + ]:         225 :                     if (!witness_value.has_value()) {
     940   [ #  #  #  # ]:           0 :                         BOOST_ERROR("Bad witness in test: " << strTest << " witness is not hex: " << element);
     941                 :             :                     }
     942   [ +  -  +  - ]:         225 :                     witness.stack.push_back(witness_value.value());
     943                 :         225 :                 }
     944                 :         233 :             }
     945   [ +  -  +  -  :         111 :             nValue = AmountFromValue(test[pos][i]);
                   +  - ]
     946                 :             :             pos++;
     947                 :             :         }
     948   [ -  +  +  + ]:        1264 :         if (test.size() < 4 + pos) // Allow size > 3; extra stuff ignored (useful for comments)
     949                 :             :         {
     950         [ -  + ]:          52 :             if (test.size() != 1) {
     951   [ #  #  #  # ]:           0 :                 BOOST_ERROR("Bad test: " << strTest);
     952                 :             :             }
     953                 :          52 :             continue;
     954                 :             :         }
     955   [ +  -  +  -  :        1212 :         std::string scriptSigString = test[pos++].get_str();
                   -  + ]
     956         [ +  - ]:        1212 :         CScript scriptSig = ParseScript(scriptSigString);
     957   [ +  -  +  -  :        1212 :         std::string scriptPubKeyString = test[pos++].get_str();
                   -  + ]
     958                 :        1212 :         CScript scriptPubKey;
     959                 :             :         // If requested, auto-generate the taproot output
     960         [ +  + ]:        1212 :         if (scriptPubKeyString == "0x51 0x20 #TAPROOTOUTPUT#") {
     961   [ +  -  +  -  :           8 :             BOOST_CHECK_MESSAGE(taprootBuilder.IsComplete(), "Failed to autogenerate Tapscript output key");
                   +  - ]
     962   [ +  -  +  -  :           8 :             scriptPubKey = CScript() << OP_1 << ToByteVector(taprootBuilder.GetOutput());
                   +  - ]
     963                 :             :         } else {
     964         [ +  - ]:        2416 :             scriptPubKey = ParseScript(scriptPubKeyString);
     965                 :             :         }
     966   [ +  -  +  -  :        2424 :         unsigned int scriptflags = ParseScriptFlags(test[pos++].get_str());
             -  +  +  - ]
     967   [ +  -  +  -  :        1212 :         int scriptError = ParseScriptError(test[pos++].get_str());
                   +  - ]
     968                 :             : 
     969         [ +  - ]:        1212 :         DoTest(scriptPubKey, scriptSig, witness, scriptflags, strTest, scriptError, nValue);
     970                 :        1264 :     }
     971                 :           1 : }
     972                 :             : 
     973   [ +  -  +  -  :           7 : BOOST_AUTO_TEST_CASE(script_PushData)
          +  -  +  -  -  
          +  +  -  +  -  
          +  -  +  -  +  
          -  +  -  -  +  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  -  +  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  -  +  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  -  +  +  
                      - ]
     974                 :             : {
     975                 :             :     // Check that PUSHDATA1, PUSHDATA2, and PUSHDATA4 create the same value on
     976                 :             :     // the stack as the 1-75 opcodes do.
     977                 :           1 :     static const unsigned char direct[] = { 1, 0x5a };
     978                 :           1 :     static const unsigned char pushdata1[] = { OP_PUSHDATA1, 1, 0x5a };
     979                 :           1 :     static const unsigned char pushdata2[] = { OP_PUSHDATA2, 1, 0, 0x5a };
     980                 :           1 :     static const unsigned char pushdata4[] = { OP_PUSHDATA4, 1, 0, 0, 0, 0x5a };
     981                 :             : 
     982                 :           1 :     ScriptError err;
     983                 :           1 :     std::vector<std::vector<unsigned char> > directStack;
     984   [ +  -  +  -  :           2 :     BOOST_CHECK(EvalScript(directStack, CScript(direct, direct + sizeof(direct)), SCRIPT_VERIFY_P2SH, BaseSignatureChecker(), SigVersion::BASE, &err));
             +  -  +  - ]
     985   [ +  -  +  -  :           2 :     BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
                   +  - ]
     986                 :             : 
     987                 :           1 :     std::vector<std::vector<unsigned char> > pushdata1Stack;
     988   [ +  -  +  -  :           2 :     BOOST_CHECK(EvalScript(pushdata1Stack, CScript(pushdata1, pushdata1 + sizeof(pushdata1)), SCRIPT_VERIFY_P2SH, BaseSignatureChecker(), SigVersion::BASE, &err));
             +  -  +  - ]
     989   [ +  -  +  -  :           2 :     BOOST_CHECK(pushdata1Stack == directStack);
                   +  - ]
     990   [ +  -  +  -  :           2 :     BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
                   +  - ]
     991                 :             : 
     992                 :           1 :     std::vector<std::vector<unsigned char> > pushdata2Stack;
     993   [ +  -  +  -  :           2 :     BOOST_CHECK(EvalScript(pushdata2Stack, CScript(pushdata2, pushdata2 + sizeof(pushdata2)), SCRIPT_VERIFY_P2SH, BaseSignatureChecker(), SigVersion::BASE, &err));
             +  -  +  - ]
     994   [ +  -  +  -  :           2 :     BOOST_CHECK(pushdata2Stack == directStack);
                   +  - ]
     995   [ +  -  +  -  :           2 :     BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
                   +  - ]
     996                 :             : 
     997                 :           1 :     std::vector<std::vector<unsigned char> > pushdata4Stack;
     998   [ +  -  +  -  :           2 :     BOOST_CHECK(EvalScript(pushdata4Stack, CScript(pushdata4, pushdata4 + sizeof(pushdata4)), SCRIPT_VERIFY_P2SH, BaseSignatureChecker(), SigVersion::BASE, &err));
             +  -  +  - ]
     999   [ +  -  +  -  :           2 :     BOOST_CHECK(pushdata4Stack == directStack);
                   +  - ]
    1000   [ +  -  +  -  :           2 :     BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
                   +  - ]
    1001                 :             : 
    1002         [ +  - ]:           1 :     const std::vector<unsigned char> pushdata1_trunc{OP_PUSHDATA1, 1};
    1003         [ +  - ]:           1 :     const std::vector<unsigned char> pushdata2_trunc{OP_PUSHDATA2, 1, 0};
    1004         [ +  - ]:           1 :     const std::vector<unsigned char> pushdata4_trunc{OP_PUSHDATA4, 1, 0, 0, 0};
    1005                 :             : 
    1006                 :           1 :     std::vector<std::vector<unsigned char>> stack_ignore;
    1007   [ +  -  +  -  :           2 :     BOOST_CHECK(!EvalScript(stack_ignore, CScript(pushdata1_trunc.begin(), pushdata1_trunc.end()), SCRIPT_VERIFY_P2SH, BaseSignatureChecker(), SigVersion::BASE, &err));
             +  -  +  - ]
    1008   [ +  -  +  - ]:           1 :     BOOST_CHECK_EQUAL(err, SCRIPT_ERR_BAD_OPCODE);
    1009   [ +  -  +  -  :           2 :     BOOST_CHECK(!EvalScript(stack_ignore, CScript(pushdata2_trunc.begin(), pushdata2_trunc.end()), SCRIPT_VERIFY_P2SH, BaseSignatureChecker(), SigVersion::BASE, &err));
             +  -  +  - ]
    1010   [ +  -  +  - ]:           1 :     BOOST_CHECK_EQUAL(err, SCRIPT_ERR_BAD_OPCODE);
    1011   [ +  -  +  -  :           2 :     BOOST_CHECK(!EvalScript(stack_ignore, CScript(pushdata4_trunc.begin(), pushdata4_trunc.end()), SCRIPT_VERIFY_P2SH, BaseSignatureChecker(), SigVersion::BASE, &err));
             +  -  +  - ]
    1012   [ +  -  +  - ]:           1 :     BOOST_CHECK_EQUAL(err, SCRIPT_ERR_BAD_OPCODE);
    1013                 :           1 : }
    1014                 :             : 
    1015   [ +  -  +  -  :           7 : BOOST_AUTO_TEST_CASE(script_cltv_truncated)
          +  -  +  -  -  
          +  +  -  +  -  
          +  -  +  -  +  
          -  +  -  -  +  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  -  +  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  -  +  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  -  +  +  
                      - ]
    1016                 :             : {
    1017         [ +  - ]:           1 :     const auto script_cltv_trunc = CScript() << OP_CHECKLOCKTIMEVERIFY;
    1018                 :             : 
    1019                 :           1 :     std::vector<std::vector<unsigned char>> stack_ignore;
    1020                 :           1 :     ScriptError err;
    1021   [ +  -  +  -  :           2 :     BOOST_CHECK(!EvalScript(stack_ignore, script_cltv_trunc, SCRIPT_VERIFY_CHECKLOCKTIMEVERIFY, BaseSignatureChecker(), SigVersion::BASE, &err));
             +  -  +  - ]
    1022   [ +  -  +  - ]:           1 :     BOOST_CHECK_EQUAL(err, SCRIPT_ERR_INVALID_STACK_OPERATION);
    1023                 :           1 : }
    1024                 :             : 
    1025                 :             : static CScript
    1026                 :          12 : sign_multisig(const CScript& scriptPubKey, const std::vector<CKey>& keys, const CTransaction& transaction)
    1027                 :             : {
    1028                 :          12 :     uint256 hash = SignatureHash(scriptPubKey, transaction, 0, SIGHASH_ALL, 0, SigVersion::BASE);
    1029                 :             : 
    1030                 :          12 :     CScript result;
    1031                 :             :     //
    1032                 :             :     // NOTE: CHECKMULTISIG has an unfortunate bug; it requires
    1033                 :             :     // one extra item on the stack, before the signatures.
    1034                 :             :     // Putting OP_0 on the stack is the workaround;
    1035                 :             :     // fixing the bug would mean splitting the block chain (old
    1036                 :             :     // clients would not accept new CHECKMULTISIG transactions,
    1037                 :             :     // and vice-versa)
    1038                 :             :     //
    1039         [ +  - ]:          12 :     result << OP_0;
    1040         [ +  + ]:          31 :     for (const CKey &key : keys)
    1041                 :             :     {
    1042                 :          19 :         std::vector<unsigned char> vchSig;
    1043   [ +  -  +  -  :          38 :         BOOST_CHECK(key.Sign(hash, vchSig));
             +  -  +  - ]
    1044         [ +  - ]:          19 :         vchSig.push_back((unsigned char)SIGHASH_ALL);
    1045         [ -  + ]:          19 :         result << vchSig;
    1046                 :          19 :     }
    1047                 :          12 :     return result;
    1048                 :           0 : }
    1049                 :             : static CScript
    1050                 :           3 : sign_multisig(const CScript& scriptPubKey, const CKey& key, const CTransaction& transaction)
    1051                 :             : {
    1052                 :           3 :     std::vector<CKey> keys;
    1053         [ +  - ]:           3 :     keys.push_back(key);
    1054         [ +  - ]:           6 :     return sign_multisig(scriptPubKey, keys, transaction);
    1055                 :           3 : }
    1056                 :             : 
    1057   [ +  -  +  -  :           7 : BOOST_AUTO_TEST_CASE(script_CHECKMULTISIG12)
          +  -  +  -  -  
          +  +  -  +  -  
          +  -  +  -  +  
          -  +  -  -  +  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  -  +  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  -  +  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  -  +  +  
                      - ]
    1058                 :             : {
    1059                 :           1 :     ScriptError err;
    1060                 :           1 :     CKey key1 = GenerateRandomKey();
    1061                 :           1 :     CKey key2 = GenerateRandomKey(/*compressed=*/false);
    1062                 :           1 :     CKey key3 = GenerateRandomKey();
    1063                 :             : 
    1064                 :           1 :     CScript scriptPubKey12;
    1065   [ +  -  +  -  :           4 :     scriptPubKey12 << OP_1 << ToByteVector(key1.GetPubKey()) << ToByteVector(key2.GetPubKey()) << OP_2 << OP_CHECKMULTISIG;
          +  -  +  -  +  
             -  +  -  +  
                      - ]
    1066                 :             : 
    1067   [ +  -  +  - ]:           1 :     const CTransaction txFrom12{BuildCreditingTransaction(scriptPubKey12)};
    1068         [ +  - ]:           2 :     CMutableTransaction txTo12 = BuildSpendingTransaction(CScript(), CScriptWitness(), txFrom12);
    1069                 :             : 
    1070   [ +  -  +  - ]:           1 :     CScript goodsig1 = sign_multisig(scriptPubKey12, key1, CTransaction(txTo12));
    1071   [ +  -  +  -  :           2 :     BOOST_CHECK(VerifyScript(goodsig1, scriptPubKey12, nullptr, gFlags, MutableTransactionSignatureChecker(&txTo12, 0, txFrom12.vout[0].nValue, MissingDataBehavior::ASSERT_FAIL), &err));
             +  -  +  - ]
    1072   [ +  -  +  -  :           2 :     BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
                   +  - ]
    1073         [ +  - ]:           1 :     txTo12.vout[0].nValue = 2;
    1074   [ +  -  +  -  :           2 :     BOOST_CHECK(!VerifyScript(goodsig1, scriptPubKey12, nullptr, gFlags, MutableTransactionSignatureChecker(&txTo12, 0, txFrom12.vout[0].nValue, MissingDataBehavior::ASSERT_FAIL), &err));
             +  -  +  - ]
    1075   [ +  -  +  -  :           2 :     BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_EVAL_FALSE, ScriptErrorString(err));
                   +  - ]
    1076                 :             : 
    1077   [ +  -  +  - ]:           1 :     CScript goodsig2 = sign_multisig(scriptPubKey12, key2, CTransaction(txTo12));
    1078   [ +  -  +  -  :           2 :     BOOST_CHECK(VerifyScript(goodsig2, scriptPubKey12, nullptr, gFlags, MutableTransactionSignatureChecker(&txTo12, 0, txFrom12.vout[0].nValue, MissingDataBehavior::ASSERT_FAIL), &err));
             +  -  +  - ]
    1079   [ +  -  +  -  :           2 :     BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
                   +  - ]
    1080                 :             : 
    1081   [ +  -  +  - ]:           1 :     CScript badsig1 = sign_multisig(scriptPubKey12, key3, CTransaction(txTo12));
    1082   [ +  -  +  -  :           2 :     BOOST_CHECK(!VerifyScript(badsig1, scriptPubKey12, nullptr, gFlags, MutableTransactionSignatureChecker(&txTo12, 0, txFrom12.vout[0].nValue, MissingDataBehavior::ASSERT_FAIL), &err));
             +  -  +  - ]
    1083   [ +  -  +  -  :           2 :     BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_EVAL_FALSE, ScriptErrorString(err));
                   +  - ]
    1084                 :           3 : }
    1085                 :             : 
    1086   [ +  -  +  -  :           7 : BOOST_AUTO_TEST_CASE(script_CHECKMULTISIG23)
          +  -  +  -  -  
          +  +  -  +  -  
          +  -  +  -  +  
          -  +  -  -  +  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  -  +  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  -  +  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  -  +  +  
                      - ]
    1087                 :             : {
    1088                 :           1 :     ScriptError err;
    1089                 :           1 :     CKey key1 = GenerateRandomKey();
    1090                 :           1 :     CKey key2 = GenerateRandomKey(/*compressed=*/false);
    1091                 :           1 :     CKey key3 = GenerateRandomKey();
    1092                 :           1 :     CKey key4 = GenerateRandomKey(/*compressed=*/false);
    1093                 :             : 
    1094                 :           1 :     CScript scriptPubKey23;
    1095   [ +  -  +  -  :           5 :     scriptPubKey23 << OP_2 << ToByteVector(key1.GetPubKey()) << ToByteVector(key2.GetPubKey()) << ToByteVector(key3.GetPubKey()) << OP_3 << OP_CHECKMULTISIG;
          +  -  +  -  +  
          -  +  -  +  -  
             +  -  +  - ]
    1096                 :             : 
    1097   [ +  -  +  - ]:           1 :     const CTransaction txFrom23{BuildCreditingTransaction(scriptPubKey23)};
    1098         [ +  - ]:           2 :     CMutableTransaction txTo23 = BuildSpendingTransaction(CScript(), CScriptWitness(), txFrom23);
    1099                 :             : 
    1100                 :           1 :     std::vector<CKey> keys;
    1101   [ +  -  +  - ]:           1 :     keys.push_back(key1); keys.push_back(key2);
    1102   [ +  -  +  - ]:           1 :     CScript goodsig1 = sign_multisig(scriptPubKey23, keys, CTransaction(txTo23));
    1103   [ +  -  +  -  :           2 :     BOOST_CHECK(VerifyScript(goodsig1, scriptPubKey23, nullptr, gFlags, MutableTransactionSignatureChecker(&txTo23, 0, txFrom23.vout[0].nValue, MissingDataBehavior::ASSERT_FAIL), &err));
             +  -  +  - ]
    1104   [ +  -  +  -  :           2 :     BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
                   +  - ]
    1105                 :             : 
    1106                 :           1 :     keys.clear();
    1107   [ +  -  +  - ]:           1 :     keys.push_back(key1); keys.push_back(key3);
    1108   [ +  -  +  - ]:           1 :     CScript goodsig2 = sign_multisig(scriptPubKey23, keys, CTransaction(txTo23));
    1109   [ +  -  +  -  :           2 :     BOOST_CHECK(VerifyScript(goodsig2, scriptPubKey23, nullptr, gFlags, MutableTransactionSignatureChecker(&txTo23, 0, txFrom23.vout[0].nValue, MissingDataBehavior::ASSERT_FAIL), &err));
             +  -  +  - ]
    1110   [ +  -  +  -  :           2 :     BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
                   +  - ]
    1111                 :             : 
    1112                 :           1 :     keys.clear();
    1113   [ +  -  +  - ]:           1 :     keys.push_back(key2); keys.push_back(key3);
    1114   [ +  -  +  - ]:           1 :     CScript goodsig3 = sign_multisig(scriptPubKey23, keys, CTransaction(txTo23));
    1115   [ +  -  +  -  :           2 :     BOOST_CHECK(VerifyScript(goodsig3, scriptPubKey23, nullptr, gFlags, MutableTransactionSignatureChecker(&txTo23, 0, txFrom23.vout[0].nValue, MissingDataBehavior::ASSERT_FAIL), &err));
             +  -  +  - ]
    1116   [ +  -  +  -  :           2 :     BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
                   +  - ]
    1117                 :             : 
    1118                 :           1 :     keys.clear();
    1119   [ +  -  +  - ]:           1 :     keys.push_back(key2); keys.push_back(key2); // Can't reuse sig
    1120   [ +  -  +  - ]:           1 :     CScript badsig1 = sign_multisig(scriptPubKey23, keys, CTransaction(txTo23));
    1121   [ +  -  +  -  :           2 :     BOOST_CHECK(!VerifyScript(badsig1, scriptPubKey23, nullptr, gFlags, MutableTransactionSignatureChecker(&txTo23, 0, txFrom23.vout[0].nValue, MissingDataBehavior::ASSERT_FAIL), &err));
             +  -  +  - ]
    1122   [ +  -  +  -  :           2 :     BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_EVAL_FALSE, ScriptErrorString(err));
                   +  - ]
    1123                 :             : 
    1124                 :           1 :     keys.clear();
    1125   [ +  -  +  - ]:           1 :     keys.push_back(key2); keys.push_back(key1); // sigs must be in correct order
    1126   [ +  -  +  - ]:           1 :     CScript badsig2 = sign_multisig(scriptPubKey23, keys, CTransaction(txTo23));
    1127   [ +  -  +  -  :           2 :     BOOST_CHECK(!VerifyScript(badsig2, scriptPubKey23, nullptr, gFlags, MutableTransactionSignatureChecker(&txTo23, 0, txFrom23.vout[0].nValue, MissingDataBehavior::ASSERT_FAIL), &err));
             +  -  +  - ]
    1128   [ +  -  +  -  :           2 :     BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_EVAL_FALSE, ScriptErrorString(err));
                   +  - ]
    1129                 :             : 
    1130                 :           1 :     keys.clear();
    1131   [ +  -  +  - ]:           1 :     keys.push_back(key3); keys.push_back(key2); // sigs must be in correct order
    1132   [ +  -  +  - ]:           1 :     CScript badsig3 = sign_multisig(scriptPubKey23, keys, CTransaction(txTo23));
    1133   [ +  -  +  -  :           2 :     BOOST_CHECK(!VerifyScript(badsig3, scriptPubKey23, nullptr, gFlags, MutableTransactionSignatureChecker(&txTo23, 0, txFrom23.vout[0].nValue, MissingDataBehavior::ASSERT_FAIL), &err));
             +  -  +  - ]
    1134   [ +  -  +  -  :           2 :     BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_EVAL_FALSE, ScriptErrorString(err));
                   +  - ]
    1135                 :             : 
    1136                 :           1 :     keys.clear();
    1137   [ +  -  +  - ]:           1 :     keys.push_back(key4); keys.push_back(key2); // sigs must match pubkeys
    1138   [ +  -  +  - ]:           1 :     CScript badsig4 = sign_multisig(scriptPubKey23, keys, CTransaction(txTo23));
    1139   [ +  -  +  -  :           2 :     BOOST_CHECK(!VerifyScript(badsig4, scriptPubKey23, nullptr, gFlags, MutableTransactionSignatureChecker(&txTo23, 0, txFrom23.vout[0].nValue, MissingDataBehavior::ASSERT_FAIL), &err));
             +  -  +  - ]
    1140   [ +  -  +  -  :           2 :     BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_EVAL_FALSE, ScriptErrorString(err));
                   +  - ]
    1141                 :             : 
    1142                 :           1 :     keys.clear();
    1143   [ +  -  +  - ]:           1 :     keys.push_back(key1); keys.push_back(key4); // sigs must match pubkeys
    1144   [ +  -  +  - ]:           1 :     CScript badsig5 = sign_multisig(scriptPubKey23, keys, CTransaction(txTo23));
    1145   [ +  -  +  -  :           2 :     BOOST_CHECK(!VerifyScript(badsig5, scriptPubKey23, nullptr, gFlags, MutableTransactionSignatureChecker(&txTo23, 0, txFrom23.vout[0].nValue, MissingDataBehavior::ASSERT_FAIL), &err));
             +  -  +  - ]
    1146   [ +  -  +  -  :           2 :     BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_EVAL_FALSE, ScriptErrorString(err));
                   +  - ]
    1147                 :             : 
    1148                 :           1 :     keys.clear(); // Must have signatures
    1149   [ +  -  +  - ]:           1 :     CScript badsig6 = sign_multisig(scriptPubKey23, keys, CTransaction(txTo23));
    1150   [ +  -  +  -  :           2 :     BOOST_CHECK(!VerifyScript(badsig6, scriptPubKey23, nullptr, gFlags, MutableTransactionSignatureChecker(&txTo23, 0, txFrom23.vout[0].nValue, MissingDataBehavior::ASSERT_FAIL), &err));
             +  -  +  - ]
    1151   [ +  -  +  -  :           2 :     BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_INVALID_STACK_OPERATION, ScriptErrorString(err));
                   +  - ]
    1152                 :           3 : }
    1153                 :             : 
    1154                 :             : /** Return the TxoutType of a script without exposing Solver details. */
    1155                 :           7 : static TxoutType GetTxoutType(const CScript& output_script)
    1156                 :             : {
    1157                 :           7 :     std::vector<std::vector<uint8_t>> unused;
    1158         [ +  - ]:          14 :     return Solver(output_script, unused);
    1159                 :           7 : }
    1160                 :             : 
    1161                 :             : #define CHECK_SCRIPT_STATIC_SIZE(script, expected_size)                   \
    1162                 :             :     do {                                                                  \
    1163                 :             :         BOOST_CHECK_EQUAL((script).size(), (expected_size));              \
    1164                 :             :         BOOST_CHECK_EQUAL((script).capacity(), CScriptBase::STATIC_SIZE); \
    1165                 :             :         BOOST_CHECK_EQUAL((script).allocated_memory(), 0);                \
    1166                 :             :     } while (0)
    1167                 :             : 
    1168                 :             : #define CHECK_SCRIPT_DYNAMIC_SIZE(script, expected_size, expected_extra)                 \
    1169                 :             :     do {                                                                 \
    1170                 :             :         BOOST_CHECK_EQUAL((script).size(), (expected_size));             \
    1171                 :             :         BOOST_CHECK_EQUAL((script).capacity(), (expected_extra));         \
    1172                 :             :         BOOST_CHECK_EQUAL((script).allocated_memory(), (expected_extra)); \
    1173                 :             :     } while (0)
    1174                 :             : 
    1175   [ +  -  +  -  :           7 : BOOST_AUTO_TEST_CASE(script_size_and_capacity_test)
          +  -  +  -  -  
          +  +  -  +  -  
          +  -  +  -  +  
          -  +  -  -  +  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  -  +  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  -  +  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  -  +  +  
                      - ]
    1176                 :             : {
    1177         [ +  - ]:           1 :     BOOST_CHECK_EQUAL(sizeof(CompressedScript), 40);
    1178         [ +  - ]:           1 :     BOOST_CHECK_EQUAL(sizeof(CScriptBase), 40);
    1179         [ +  - ]:           1 :     BOOST_CHECK_NE(sizeof(CScriptBase), sizeof(prevector<CScriptBase::STATIC_SIZE + 1, uint8_t>)); // CScriptBase size should be set to avoid wasting space in padding
    1180         [ +  - ]:           1 :     BOOST_CHECK_EQUAL(sizeof(CScript), 40);
    1181         [ +  - ]:           1 :     BOOST_CHECK_EQUAL(sizeof(CTxOut), 48);
    1182                 :             : 
    1183                 :           1 :     CKey dummy_key;
    1184         [ +  - ]:           1 :     dummy_key.MakeNewKey(/*fCompressed=*/true);
    1185         [ +  - ]:           1 :     const CPubKey dummy_pubkey{dummy_key.GetPubKey()};
    1186                 :             : 
    1187                 :             :     // Small OP_RETURN has direct allocation
    1188                 :           1 :     {
    1189   [ +  -  +  - ]:           2 :         const auto script{CScript() << OP_RETURN << std::vector<uint8_t>(10, 0xaa)};
    1190   [ +  -  +  -  :           1 :         BOOST_CHECK_EQUAL(GetTxoutType(script), TxoutType::NULL_DATA);
                   +  - ]
    1191   [ +  -  -  +  :           1 :         CHECK_SCRIPT_STATIC_SIZE(script, 12);
          +  -  +  -  -  
          +  +  -  +  -  
             -  +  +  - ]
    1192                 :           0 :     }
    1193                 :             : 
    1194                 :             :     // P2WPKH has direct allocation
    1195                 :           1 :     {
    1196   [ +  -  +  -  :           1 :         const auto script{GetScriptForDestination(WitnessV0KeyHash{PKHash{dummy_pubkey}})};
                   +  - ]
    1197   [ +  -  +  -  :           1 :         BOOST_CHECK_EQUAL(GetTxoutType(script), TxoutType::WITNESS_V0_KEYHASH);
                   +  - ]
    1198   [ +  -  -  +  :           1 :         CHECK_SCRIPT_STATIC_SIZE(script, 22);
          +  -  +  -  -  
          +  +  -  +  -  
             -  +  +  - ]
    1199                 :           0 :     }
    1200                 :             : 
    1201                 :             :     // P2SH has direct allocation
    1202                 :           1 :     {
    1203   [ +  -  +  -  :           2 :         const auto script{GetScriptForDestination(ScriptHash{CScript{} << OP_TRUE})};
                   +  - ]
    1204   [ +  -  +  -  :           2 :         BOOST_CHECK(script.IsPayToScriptHash());
             +  -  +  - ]
    1205   [ +  -  -  +  :           1 :         CHECK_SCRIPT_STATIC_SIZE(script, 23);
          +  -  +  -  -  
          +  +  -  +  -  
             -  +  +  - ]
    1206                 :           0 :     }
    1207                 :             : 
    1208                 :             :     // P2PKH has direct allocation
    1209                 :           1 :     {
    1210   [ +  -  +  - ]:           1 :         const auto script{GetScriptForDestination(PKHash{dummy_pubkey})};
    1211   [ +  -  +  -  :           1 :         BOOST_CHECK_EQUAL(GetTxoutType(script), TxoutType::PUBKEYHASH);
                   +  - ]
    1212   [ +  -  -  +  :           1 :         CHECK_SCRIPT_STATIC_SIZE(script, 25);
          +  -  +  -  -  
          +  +  -  +  -  
             -  +  +  - ]
    1213                 :           0 :     }
    1214                 :             : 
    1215                 :             :     // P2WSH has direct allocation
    1216                 :           1 :     {
    1217   [ +  -  +  -  :           2 :         const auto script{GetScriptForDestination(WitnessV0ScriptHash{CScript{} << OP_TRUE})};
                   +  - ]
    1218   [ +  -  +  -  :           2 :         BOOST_CHECK(script.IsPayToWitnessScriptHash());
             +  -  +  - ]
    1219   [ +  -  -  +  :           1 :         CHECK_SCRIPT_STATIC_SIZE(script, 34);
          +  -  +  -  -  
          +  +  -  +  -  
             -  +  +  - ]
    1220                 :           0 :     }
    1221                 :             : 
    1222                 :             :     // P2TR has direct allocation
    1223                 :           1 :     {
    1224         [ +  - ]:           1 :         const auto script{GetScriptForDestination(WitnessV1Taproot{XOnlyPubKey{dummy_pubkey}})};
    1225   [ +  -  +  -  :           1 :         BOOST_CHECK_EQUAL(GetTxoutType(script), TxoutType::WITNESS_V1_TAPROOT);
                   +  - ]
    1226   [ +  -  -  +  :           1 :         CHECK_SCRIPT_STATIC_SIZE(script, 34);
          +  -  +  -  -  
          +  +  -  +  -  
             -  +  +  - ]
    1227                 :           0 :     }
    1228                 :             : 
    1229                 :             :     // Compressed P2PK has direct allocation
    1230                 :           1 :     {
    1231         [ +  - ]:           1 :         const auto script{GetScriptForRawPubKey(dummy_pubkey)};
    1232   [ +  -  +  -  :           1 :         BOOST_CHECK_EQUAL(GetTxoutType(script), TxoutType::PUBKEY);
                   +  - ]
    1233   [ +  -  -  +  :           1 :         CHECK_SCRIPT_STATIC_SIZE(script, 35);
          +  -  +  -  -  
          +  +  -  +  -  
             -  +  +  - ]
    1234                 :           0 :     }
    1235                 :             : 
    1236                 :             :     // Uncompressed P2PK needs extra allocation
    1237                 :           1 :     {
    1238                 :           1 :         CKey uncompressed_key;
    1239         [ +  - ]:           1 :         uncompressed_key.MakeNewKey(/*fCompressed=*/false);
    1240         [ +  - ]:           1 :         const CPubKey uncompressed_pubkey{uncompressed_key.GetPubKey()};
    1241                 :             : 
    1242         [ +  - ]:           1 :         const auto script{GetScriptForRawPubKey(uncompressed_pubkey)};
    1243   [ +  -  +  -  :           1 :         BOOST_CHECK_EQUAL(GetTxoutType(script), TxoutType::PUBKEY);
                   +  - ]
    1244   [ +  -  +  -  :           4 :         CHECK_SCRIPT_DYNAMIC_SIZE(script, 67, 67);
          +  -  +  -  +  
          -  +  -  +  -  
             +  -  +  - ]
    1245                 :           1 :     }
    1246                 :             : 
    1247                 :             :     // Bare multisig needs extra allocation
    1248                 :           1 :     {
    1249   [ +  -  +  -  :           2 :         const auto script{GetScriptForMultisig(1, std::vector{2, dummy_pubkey})};
                   +  - ]
    1250   [ +  -  +  -  :           1 :         BOOST_CHECK_EQUAL(GetTxoutType(script), TxoutType::MULTISIG);
                   +  - ]
    1251   [ +  -  +  -  :           4 :         CHECK_SCRIPT_DYNAMIC_SIZE(script, 71, 103);
          +  -  +  -  +  
          -  +  -  +  -  
             +  -  +  - ]
    1252                 :           1 :     }
    1253                 :           1 : }
    1254                 :             : 
    1255                 :             : /* Wrapper around ProduceSignature to combine two scriptsigs */
    1256                 :          17 : SignatureData CombineSignatures(const CTxOut& txout, const CMutableTransaction& tx, const SignatureData& scriptSig1, const SignatureData& scriptSig2)
    1257                 :             : {
    1258                 :          17 :     SignatureData data;
    1259   [ +  -  +  - ]:          17 :     data.MergeSignatureData(scriptSig1);
    1260   [ +  -  +  - ]:          17 :     data.MergeSignatureData(scriptSig2);
    1261   [ +  -  +  - ]:          17 :     ProduceSignature(DUMMY_SIGNING_PROVIDER, MutableTransactionSignatureCreator(tx, 0, txout.nValue, SIGHASH_DEFAULT), txout.scriptPubKey, data);
    1262                 :          17 :     return data;
    1263                 :           0 : }
    1264                 :             : 
    1265   [ +  -  +  -  :           7 : BOOST_AUTO_TEST_CASE(script_combineSigs)
          +  -  +  -  -  
          +  +  -  +  -  
          +  -  +  -  +  
          -  +  -  -  +  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  -  +  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  -  +  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  -  +  +  
                      - ]
    1266                 :             : {
    1267                 :             :     // Test the ProduceSignature's ability to combine signatures function
    1268                 :           1 :     FillableSigningProvider keystore;
    1269                 :           1 :     std::vector<CKey> keys;
    1270                 :           1 :     std::vector<CPubKey> pubkeys;
    1271         [ +  + ]:           4 :     for (int i = 0; i < 3; i++)
    1272                 :             :     {
    1273                 :           3 :         CKey key = GenerateRandomKey(/*compressed=*/i%2 == 1);
    1274         [ +  - ]:           3 :         keys.push_back(key);
    1275         [ +  - ]:           3 :         pubkeys.push_back(key.GetPubKey());
    1276   [ +  -  +  -  :           6 :         BOOST_CHECK(keystore.AddKey(key));
                   +  - ]
    1277                 :           3 :     }
    1278                 :             : 
    1279   [ +  -  +  -  :           2 :     CMutableTransaction txFrom = BuildCreditingTransaction(GetScriptForDestination(PKHash(keys[0].GetPubKey())));
             +  -  +  - ]
    1280   [ +  -  +  - ]:           2 :     CMutableTransaction txTo = BuildSpendingTransaction(CScript(), CScriptWitness(), CTransaction(txFrom));
    1281                 :           1 :     CScript& scriptPubKey = txFrom.vout[0].scriptPubKey;
    1282                 :           1 :     SignatureData scriptSig;
    1283                 :             : 
    1284                 :           1 :     SignatureData empty;
    1285         [ +  - ]:           1 :     SignatureData combined = CombineSignatures(txFrom.vout[0], txTo, empty, empty);
    1286   [ +  -  -  +  :           2 :     BOOST_CHECK(combined.scriptSig.empty());
                   +  - ]
    1287                 :             : 
    1288                 :             :     // Single signature case:
    1289                 :           1 :     SignatureData dummy;
    1290   [ +  -  +  -  :           3 :     BOOST_CHECK(SignSignature(keystore, CTransaction(txFrom), txTo, 0, SIGHASH_ALL, dummy)); // changes scriptSig
          +  -  +  -  +  
                      - ]
    1291         [ +  - ]:           1 :     scriptSig = DataFromTransaction(txTo, 0, txFrom.vout[0]);
    1292         [ +  - ]:           1 :     combined = CombineSignatures(txFrom.vout[0], txTo, scriptSig, empty);
    1293   [ +  -  +  -  :           2 :     BOOST_CHECK(combined.scriptSig == scriptSig.scriptSig);
                   +  - ]
    1294         [ +  - ]:           1 :     combined = CombineSignatures(txFrom.vout[0], txTo, empty, scriptSig);
    1295   [ +  -  +  -  :           2 :     BOOST_CHECK(combined.scriptSig == scriptSig.scriptSig);
                   +  - ]
    1296         [ +  - ]:           1 :     SignatureData scriptSigCopy = scriptSig;
    1297                 :             :     // Signing again will give a different, valid signature:
    1298                 :           1 :     SignatureData dummy_b;
    1299   [ +  -  +  -  :           3 :     BOOST_CHECK(SignSignature(keystore, CTransaction(txFrom), txTo, 0, SIGHASH_ALL, dummy_b));
          +  -  +  -  +  
                      - ]
    1300         [ +  - ]:           1 :     scriptSig = DataFromTransaction(txTo, 0, txFrom.vout[0]);
    1301         [ +  - ]:           1 :     combined = CombineSignatures(txFrom.vout[0], txTo, scriptSigCopy, scriptSig);
    1302   [ +  -  -  +  :           2 :     BOOST_CHECK(combined.scriptSig == scriptSigCopy.scriptSig || combined.scriptSig == scriptSig.scriptSig);
          -  -  +  -  +  
                      - ]
    1303                 :             : 
    1304                 :             :     // P2SH, single-signature case:
    1305   [ +  -  +  -  :           2 :     CScript pkSingle; pkSingle << ToByteVector(keys[0].GetPubKey()) << OP_CHECKSIG;
                   +  - ]
    1306   [ +  -  +  -  :           2 :     BOOST_CHECK(keystore.AddCScript(pkSingle));
             +  -  +  - ]
    1307   [ +  -  +  - ]:           2 :     scriptPubKey = GetScriptForDestination(ScriptHash(pkSingle));
    1308                 :           1 :     SignatureData dummy_c;
    1309   [ +  -  +  -  :           3 :     BOOST_CHECK(SignSignature(keystore, CTransaction(txFrom), txTo, 0, SIGHASH_ALL, dummy_c));
          +  -  +  -  +  
                      - ]
    1310         [ +  - ]:           1 :     scriptSig = DataFromTransaction(txTo, 0, txFrom.vout[0]);
    1311         [ +  - ]:           1 :     combined = CombineSignatures(txFrom.vout[0], txTo, scriptSig, empty);
    1312   [ +  -  +  -  :           2 :     BOOST_CHECK(combined.scriptSig == scriptSig.scriptSig);
                   +  - ]
    1313         [ +  - ]:           1 :     combined = CombineSignatures(txFrom.vout[0], txTo, empty, scriptSig);
    1314   [ +  -  +  -  :           2 :     BOOST_CHECK(combined.scriptSig == scriptSig.scriptSig);
                   +  - ]
    1315         [ +  - ]:           1 :     scriptSigCopy = scriptSig;
    1316                 :           1 :     SignatureData dummy_d;
    1317   [ +  -  +  -  :           3 :     BOOST_CHECK(SignSignature(keystore, CTransaction(txFrom), txTo, 0, SIGHASH_ALL, dummy_d));
          +  -  +  -  +  
                      - ]
    1318         [ +  - ]:           1 :     scriptSig = DataFromTransaction(txTo, 0, txFrom.vout[0]);
    1319         [ +  - ]:           1 :     combined = CombineSignatures(txFrom.vout[0], txTo, scriptSigCopy, scriptSig);
    1320   [ +  -  -  +  :           2 :     BOOST_CHECK(combined.scriptSig == scriptSigCopy.scriptSig || combined.scriptSig == scriptSig.scriptSig);
          -  -  +  -  +  
                      - ]
    1321                 :             : 
    1322                 :             :     // Hardest case:  Multisig 2-of-3
    1323         [ +  - ]:           2 :     scriptPubKey = GetScriptForMultisig(2, pubkeys);
    1324   [ +  -  +  -  :           2 :     BOOST_CHECK(keystore.AddCScript(scriptPubKey));
                   +  - ]
    1325                 :           1 :     SignatureData dummy_e;
    1326   [ +  -  +  -  :           3 :     BOOST_CHECK(SignSignature(keystore, CTransaction(txFrom), txTo, 0, SIGHASH_ALL, dummy_e));
          +  -  +  -  +  
                      - ]
    1327         [ +  - ]:           1 :     scriptSig = DataFromTransaction(txTo, 0, txFrom.vout[0]);
    1328         [ +  - ]:           1 :     combined = CombineSignatures(txFrom.vout[0], txTo, scriptSig, empty);
    1329   [ +  -  +  -  :           2 :     BOOST_CHECK(combined.scriptSig == scriptSig.scriptSig);
                   +  - ]
    1330         [ +  - ]:           1 :     combined = CombineSignatures(txFrom.vout[0], txTo, empty, scriptSig);
    1331   [ +  -  +  -  :           2 :     BOOST_CHECK(combined.scriptSig == scriptSig.scriptSig);
                   +  - ]
    1332                 :             : 
    1333                 :             :     // A couple of partially-signed versions:
    1334                 :           1 :     std::vector<unsigned char> sig1;
    1335         [ +  - ]:           1 :     uint256 hash1 = SignatureHash(scriptPubKey, txTo, 0, SIGHASH_ALL, 0, SigVersion::BASE);
    1336   [ +  -  +  -  :           2 :     BOOST_CHECK(keys[0].Sign(hash1, sig1));
             +  -  +  - ]
    1337         [ +  - ]:           1 :     sig1.push_back(SIGHASH_ALL);
    1338                 :           1 :     std::vector<unsigned char> sig2;
    1339         [ +  - ]:           1 :     uint256 hash2 = SignatureHash(scriptPubKey, txTo, 0, SIGHASH_NONE, 0, SigVersion::BASE);
    1340   [ +  -  +  -  :           2 :     BOOST_CHECK(keys[1].Sign(hash2, sig2));
             +  -  +  - ]
    1341         [ +  - ]:           1 :     sig2.push_back(SIGHASH_NONE);
    1342                 :           1 :     std::vector<unsigned char> sig3;
    1343         [ +  - ]:           1 :     uint256 hash3 = SignatureHash(scriptPubKey, txTo, 0, SIGHASH_SINGLE, 0, SigVersion::BASE);
    1344   [ +  -  +  -  :           2 :     BOOST_CHECK(keys[2].Sign(hash3, sig3));
             +  -  +  - ]
    1345         [ +  - ]:           1 :     sig3.push_back(SIGHASH_SINGLE);
    1346                 :             : 
    1347                 :             :     // Not fussy about order (or even existence) of placeholders or signatures:
    1348   [ +  -  -  +  :           1 :     CScript partial1a = CScript() << OP_0 << sig1 << OP_0;
                   +  - ]
    1349   [ +  -  +  -  :           1 :     CScript partial1b = CScript() << OP_0 << OP_0 << sig1;
                   -  + ]
    1350   [ +  -  -  + ]:           1 :     CScript partial2a = CScript() << OP_0 << sig2;
    1351   [ -  +  +  - ]:           1 :     CScript partial2b = CScript() << sig2 << OP_0;
    1352         [ -  + ]:           1 :     CScript partial3a = CScript() << sig3;
    1353   [ +  -  +  -  :           1 :     CScript partial3b = CScript() << OP_0 << OP_0 << sig3;
                   -  + ]
    1354   [ +  -  -  +  :           1 :     CScript partial3c = CScript() << OP_0 << sig3 << OP_0;
                   +  - ]
    1355   [ +  -  -  +  :           1 :     CScript complete12 = CScript() << OP_0 << sig1 << sig2;
                   -  + ]
    1356   [ +  -  -  +  :           1 :     CScript complete13 = CScript() << OP_0 << sig1 << sig3;
                   -  + ]
    1357   [ +  -  -  +  :           1 :     CScript complete23 = CScript() << OP_0 << sig2 << sig3;
                   -  + ]
    1358                 :           1 :     SignatureData partial1_sigs;
    1359   [ +  -  +  -  :           2 :     partial1_sigs.signatures.emplace(keys[0].GetPubKey().GetID(), SigPair(keys[0].GetPubKey(), sig1));
             +  -  +  - ]
    1360                 :           1 :     SignatureData partial2_sigs;
    1361   [ +  -  +  -  :           2 :     partial2_sigs.signatures.emplace(keys[1].GetPubKey().GetID(), SigPair(keys[1].GetPubKey(), sig2));
             +  -  +  - ]
    1362                 :           1 :     SignatureData partial3_sigs;
    1363   [ +  -  +  -  :           2 :     partial3_sigs.signatures.emplace(keys[2].GetPubKey().GetID(), SigPair(keys[2].GetPubKey(), sig3));
             +  -  +  - ]
    1364                 :             : 
    1365         [ +  - ]:           1 :     combined = CombineSignatures(txFrom.vout[0], txTo, partial1_sigs, partial1_sigs);
    1366   [ +  -  +  -  :           2 :     BOOST_CHECK(combined.scriptSig == partial1a);
                   +  - ]
    1367         [ +  - ]:           1 :     combined = CombineSignatures(txFrom.vout[0], txTo, partial1_sigs, partial2_sigs);
    1368   [ +  -  +  -  :           2 :     BOOST_CHECK(combined.scriptSig == complete12);
                   +  - ]
    1369         [ +  - ]:           1 :     combined = CombineSignatures(txFrom.vout[0], txTo, partial2_sigs, partial1_sigs);
    1370   [ +  -  +  -  :           2 :     BOOST_CHECK(combined.scriptSig == complete12);
                   +  - ]
    1371         [ +  - ]:           1 :     combined = CombineSignatures(txFrom.vout[0], txTo, partial1_sigs, partial2_sigs);
    1372   [ +  -  +  -  :           2 :     BOOST_CHECK(combined.scriptSig == complete12);
                   +  - ]
    1373         [ +  - ]:           1 :     combined = CombineSignatures(txFrom.vout[0], txTo, partial3_sigs, partial1_sigs);
    1374   [ +  -  +  -  :           2 :     BOOST_CHECK(combined.scriptSig == complete13);
                   +  - ]
    1375         [ +  - ]:           1 :     combined = CombineSignatures(txFrom.vout[0], txTo, partial2_sigs, partial3_sigs);
    1376   [ +  -  +  -  :           2 :     BOOST_CHECK(combined.scriptSig == complete23);
                   +  - ]
    1377         [ +  - ]:           1 :     combined = CombineSignatures(txFrom.vout[0], txTo, partial3_sigs, partial2_sigs);
    1378   [ +  -  +  -  :           2 :     BOOST_CHECK(combined.scriptSig == complete23);
                   +  - ]
    1379         [ +  - ]:           1 :     combined = CombineSignatures(txFrom.vout[0], txTo, partial3_sigs, partial3_sigs);
    1380   [ +  -  +  - ]:           2 :     BOOST_CHECK(combined.scriptSig == partial3c);
    1381                 :           3 : }
    1382                 :             : 
    1383                 :             : /**
    1384                 :             :  * Reproduction of an exception incorrectly raised when parsing a public key inside a TapMiniscript.
    1385                 :             :  */
    1386   [ +  -  +  -  :           7 : BOOST_AUTO_TEST_CASE(sign_invalid_miniscript)
          +  -  +  -  -  
          +  +  -  +  -  
          +  -  +  -  +  
          -  +  -  -  +  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  -  +  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  -  +  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  -  +  +  
                      - ]
    1387                 :             : {
    1388                 :           1 :     FillableSigningProvider keystore;
    1389                 :           1 :     SignatureData sig_data;
    1390   [ +  -  +  - ]:           1 :     CMutableTransaction prev, curr;
    1391                 :             : 
    1392                 :             :     // Create a Taproot output which contains a leaf in which a non-32 bytes push is used where a public key is expected
    1393                 :             :     // by the Miniscript parser. This offending Script was found by the RPC fuzzer.
    1394                 :           1 :     const auto invalid_pubkey{"173d36c8c9c9c9ffffffffffff0200000000021e1e37373721361818181818181e1e1e1e19000000000000000000b19292929292926b006c9b9b9292"_hex_u8};
    1395         [ +  - ]:           1 :     TaprootBuilder builder;
    1396         [ +  - ]:           1 :     builder.Add(0, {invalid_pubkey}, 0xc0);
    1397         [ +  - ]:           1 :     builder.Finalize(XOnlyPubKey::NUMS_H);
    1398   [ +  -  +  -  :           2 :     prev.vout.emplace_back(0, GetScriptForDestination(builder.GetOutput()));
                   +  - ]
    1399   [ +  -  +  - ]:           1 :     curr.vin.emplace_back(COutPoint{prev.GetHash(), 0});
    1400         [ +  - ]:           1 :     sig_data.tr_spenddata = builder.GetSpendData();
    1401                 :             : 
    1402                 :             :     // SignSignature can fail but it shouldn't raise an exception (nor crash).
    1403   [ +  -  +  -  :           3 :     BOOST_CHECK(!SignSignature(keystore, CTransaction(prev), curr, 0, SIGHASH_ALL, sig_data));
             +  -  +  - ]
    1404                 :           3 : }
    1405                 :             : 
    1406                 :             : /* P2A input should be considered signed. */
    1407   [ +  -  +  -  :           7 : BOOST_AUTO_TEST_CASE(sign_paytoanchor)
          +  -  +  -  -  
          +  +  -  +  -  
          +  -  +  -  +  
          -  +  -  -  +  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  -  +  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  -  +  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  -  +  +  
                      - ]
    1408                 :             : {
    1409                 :           1 :     FillableSigningProvider keystore;
    1410                 :           1 :     SignatureData sig_data;
    1411   [ +  -  +  - ]:           1 :     CMutableTransaction prev, curr;
    1412   [ +  -  +  -  :           2 :     prev.vout.emplace_back(0, GetScriptForDestination(PayToAnchor{}));
                   +  - ]
    1413                 :             : 
    1414   [ +  -  +  - ]:           1 :     curr.vin.emplace_back(COutPoint{prev.GetHash(), 0});
    1415                 :             : 
    1416   [ +  -  +  -  :           3 :     BOOST_CHECK(SignSignature(keystore, CTransaction(prev), curr, 0, SIGHASH_ALL, sig_data));
             +  -  +  - ]
    1417                 :           2 : }
    1418                 :             : 
    1419   [ +  -  +  -  :           7 : BOOST_AUTO_TEST_CASE(script_standard_push)
          +  -  +  -  -  
          +  +  -  +  -  
          +  -  +  -  +  
          -  +  -  -  +  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  -  +  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  -  +  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  -  +  +  
                      - ]
    1420                 :             : {
    1421                 :           1 :     ScriptError err;
    1422         [ +  + ]:       67001 :     for (int i=0; i<67000; i++) {
    1423                 :       67000 :         CScript script;
    1424         [ +  - ]:       67000 :         script << i;
    1425   [ +  -  +  -  :      134000 :         BOOST_CHECK_MESSAGE(script.IsPushOnly(), "Number " << i << " is not pure push.");
             +  -  +  - ]
    1426   [ +  -  +  -  :      134000 :         BOOST_CHECK_MESSAGE(VerifyScript(script, CScript() << OP_1, nullptr, SCRIPT_VERIFY_MINIMALDATA, BaseSignatureChecker(), &err), "Number " << i << " push is not minimal data.");
          +  -  +  -  +  
                      - ]
    1427   [ +  -  +  -  :      134000 :         BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
                   +  - ]
    1428                 :       67000 :     }
    1429                 :             : 
    1430         [ +  + ]:         522 :     for (unsigned int i=0; i<=MAX_SCRIPT_ELEMENT_SIZE; i++) {
    1431                 :         521 :         std::vector<unsigned char> data(i, '\111');
    1432                 :         521 :         CScript script;
    1433         [ -  + ]:         521 :         script << data;
    1434   [ +  -  +  -  :        1042 :         BOOST_CHECK_MESSAGE(script.IsPushOnly(), "Length " << i << " is not pure push.");
             +  -  +  - ]
    1435   [ +  -  +  -  :        1042 :         BOOST_CHECK_MESSAGE(VerifyScript(script, CScript() << OP_1, nullptr, SCRIPT_VERIFY_MINIMALDATA, BaseSignatureChecker(), &err), "Length " << i << " push is not minimal data.");
          +  -  +  -  +  
                      - ]
    1436   [ +  -  +  -  :        1042 :         BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
                   +  - ]
    1437                 :         521 :     }
    1438                 :           1 : }
    1439                 :             : 
    1440   [ +  -  +  -  :           7 : BOOST_AUTO_TEST_CASE(script_IsPushOnly_on_invalid_scripts)
          +  -  +  -  -  
          +  +  -  +  -  
          +  -  +  -  +  
          -  +  -  -  +  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  -  +  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  -  +  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  -  +  +  
                      - ]
    1441                 :             : {
    1442                 :             :     // IsPushOnly returns false when given a script containing only pushes that
    1443                 :             :     // are invalid due to truncation. IsPushOnly() is consensus critical
    1444                 :             :     // because P2SH evaluation uses it, although this specific behavior should
    1445                 :             :     // not be consensus critical as the P2SH evaluation would fail first due to
    1446                 :             :     // the invalid push. Still, it doesn't hurt to test it explicitly.
    1447                 :           1 :     static const unsigned char direct[] = { 1 };
    1448   [ +  -  +  - ]:           2 :     BOOST_CHECK(!CScript(direct, direct+sizeof(direct)).IsPushOnly());
    1449                 :           1 : }
    1450                 :             : 
    1451   [ +  -  +  -  :           7 : BOOST_AUTO_TEST_CASE(script_GetScriptAsm)
          +  -  +  -  -  
          +  +  -  +  -  
          +  -  +  -  +  
          -  +  -  -  +  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  -  +  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  -  +  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  -  +  +  
                      - ]
    1452                 :             : {
    1453   [ +  -  +  -  :           1 :     BOOST_CHECK_EQUAL("OP_CHECKLOCKTIMEVERIFY", ScriptToAsmStr(CScript() << OP_NOP2, true));
                   +  - ]
    1454   [ +  -  +  -  :           1 :     BOOST_CHECK_EQUAL("OP_CHECKLOCKTIMEVERIFY", ScriptToAsmStr(CScript() << OP_CHECKLOCKTIMEVERIFY, true));
                   +  - ]
    1455   [ +  -  +  -  :           1 :     BOOST_CHECK_EQUAL("OP_CHECKLOCKTIMEVERIFY", ScriptToAsmStr(CScript() << OP_NOP2));
                   +  - ]
    1456   [ +  -  +  -  :           1 :     BOOST_CHECK_EQUAL("OP_CHECKLOCKTIMEVERIFY", ScriptToAsmStr(CScript() << OP_CHECKLOCKTIMEVERIFY));
                   +  - ]
    1457                 :             : 
    1458                 :           1 :     std::string derSig("304502207fa7a6d1e0ee81132a269ad84e68d695483745cde8b541e3bf630749894e342a022100c1f7ab20e13e22fb95281a870f3dcf38d782e53023ee313d741ad0cfbc0c5090");
    1459         [ +  - ]:           1 :     std::string pubKey("03b0da749730dc9b4b1f4a14d6902877a92541f5368778853d9c4a0cb7802dcfb2");
    1460   [ -  +  +  -  :           1 :     std::vector<unsigned char> vchPubKey = ToByteVector(ParseHex(pubKey));
                   +  - ]
    1461                 :             : 
    1462   [ +  -  +  -  :           3 :     BOOST_CHECK_EQUAL(derSig + "00 " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "00")) << vchPubKey, true));
          +  -  +  -  -  
          +  +  -  +  -  
             +  -  +  - ]
    1463   [ +  -  +  -  :           3 :     BOOST_CHECK_EQUAL(derSig + "80 " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "80")) << vchPubKey, true));
          +  -  +  -  -  
          +  +  -  +  -  
             +  -  +  - ]
    1464   [ +  -  +  -  :           3 :     BOOST_CHECK_EQUAL(derSig + "[ALL] " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "01")) << vchPubKey, true));
          +  -  +  -  -  
          +  +  -  +  -  
             +  -  +  - ]
    1465   [ +  -  +  -  :           3 :     BOOST_CHECK_EQUAL(derSig + "[NONE] " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "02")) << vchPubKey, true));
          +  -  +  -  -  
          +  +  -  +  -  
             +  -  +  - ]
    1466   [ +  -  +  -  :           3 :     BOOST_CHECK_EQUAL(derSig + "[SINGLE] " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "03")) << vchPubKey, true));
          +  -  +  -  -  
          +  +  -  +  -  
             +  -  +  - ]
    1467   [ +  -  +  -  :           3 :     BOOST_CHECK_EQUAL(derSig + "[ALL|ANYONECANPAY] " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "81")) << vchPubKey, true));
          +  -  +  -  -  
          +  +  -  +  -  
             +  -  +  - ]
    1468   [ +  -  +  -  :           3 :     BOOST_CHECK_EQUAL(derSig + "[NONE|ANYONECANPAY] " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "82")) << vchPubKey, true));
          +  -  +  -  -  
          +  +  -  +  -  
             +  -  +  - ]
    1469   [ +  -  +  -  :           3 :     BOOST_CHECK_EQUAL(derSig + "[SINGLE|ANYONECANPAY] " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "83")) << vchPubKey, true));
          +  -  +  -  -  
          +  +  -  +  -  
             +  -  +  - ]
    1470                 :             : 
    1471   [ +  -  +  -  :           3 :     BOOST_CHECK_EQUAL(derSig + "00 " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "00")) << vchPubKey));
          +  -  +  -  -  
          +  +  -  +  -  
             +  -  +  - ]
    1472   [ +  -  +  -  :           3 :     BOOST_CHECK_EQUAL(derSig + "80 " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "80")) << vchPubKey));
          +  -  +  -  -  
          +  +  -  +  -  
             +  -  +  - ]
    1473   [ +  -  +  -  :           3 :     BOOST_CHECK_EQUAL(derSig + "01 " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "01")) << vchPubKey));
          +  -  +  -  -  
          +  +  -  +  -  
             +  -  +  - ]
    1474   [ +  -  +  -  :           3 :     BOOST_CHECK_EQUAL(derSig + "02 " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "02")) << vchPubKey));
          +  -  +  -  -  
          +  +  -  +  -  
             +  -  +  - ]
    1475   [ +  -  +  -  :           3 :     BOOST_CHECK_EQUAL(derSig + "03 " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "03")) << vchPubKey));
          +  -  +  -  -  
          +  +  -  +  -  
             +  -  +  - ]
    1476   [ +  -  +  -  :           3 :     BOOST_CHECK_EQUAL(derSig + "81 " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "81")) << vchPubKey));
          +  -  +  -  -  
          +  +  -  +  -  
             +  -  +  - ]
    1477   [ +  -  +  -  :           3 :     BOOST_CHECK_EQUAL(derSig + "82 " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "82")) << vchPubKey));
          +  -  +  -  -  
          +  +  -  +  -  
             +  -  +  - ]
    1478   [ +  -  +  -  :           3 :     BOOST_CHECK_EQUAL(derSig + "83 " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "83")) << vchPubKey));
          +  -  +  -  -  
          +  +  -  +  -  
             +  -  +  - ]
    1479                 :           1 : }
    1480                 :             : 
    1481                 :             : template <typename T>
    1482                 :          30 : CScript ToScript(const T& byte_container)
    1483                 :             : {
    1484                 :          30 :     auto span{MakeUCharSpan(byte_container)};
    1485                 :          30 :     return {span.begin(), span.end()};
    1486                 :             : }
    1487                 :             : 
    1488   [ +  -  +  -  :           7 : BOOST_AUTO_TEST_CASE(script_byte_array_u8_vector_equivalence)
          +  -  +  -  -  
          +  +  -  +  -  
          +  -  +  -  +  
          -  +  -  -  +  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  -  +  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  -  +  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  -  +  +  
                      - ]
    1489                 :             : {
    1490   [ +  -  +  - ]:           2 :     const CScript scriptPubKey1 = CScript() << "04678afdb0fe5548271967f1a67130b7105cd6a828e03909a67962e0ea1f61deb649f6bc3f4cef38c4f35504e51ec112de5c384df7ba0b8d578a4c702b6bf11d5f"_hex_v_u8 << OP_CHECKSIG;
    1491         [ +  - ]:           1 :     const CScript scriptPubKey2 = CScript() << "04678afdb0fe5548271967f1a67130b7105cd6a828e03909a67962e0ea1f61deb649f6bc3f4cef38c4f35504e51ec112de5c384df7ba0b8d578a4c702b6bf11d5f"_hex << OP_CHECKSIG;
    1492   [ +  -  +  - ]:           2 :     BOOST_CHECK(scriptPubKey1 == scriptPubKey2);
    1493                 :           1 : }
    1494                 :             : 
    1495   [ +  -  +  -  :           7 : BOOST_AUTO_TEST_CASE(script_FindAndDelete)
          +  -  +  -  -  
          +  +  -  +  -  
          +  -  +  -  +  
          -  +  -  -  +  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  -  +  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  -  +  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  -  +  +  
                      - ]
    1496                 :             : {
    1497                 :             :     // Exercise the FindAndDelete functionality
    1498                 :           1 :     CScript s;
    1499                 :           1 :     CScript d;
    1500                 :           1 :     CScript expect;
    1501                 :             : 
    1502   [ +  -  +  - ]:           1 :     s = CScript() << OP_1 << OP_2;
    1503                 :           1 :     d = CScript(); // delete nothing should be a no-op
    1504                 :           1 :     expect = s;
    1505   [ +  -  +  -  :           1 :     BOOST_CHECK_EQUAL(FindAndDelete(s, d), 0);
                   +  - ]
    1506   [ +  -  +  -  :           2 :     BOOST_CHECK(s == expect);
                   +  - ]
    1507                 :             : 
    1508   [ +  -  +  -  :           1 :     s = CScript() << OP_1 << OP_2 << OP_3;
                   +  - ]
    1509         [ +  - ]:           1 :     d = CScript() << OP_2;
    1510   [ +  -  +  - ]:           1 :     expect = CScript() << OP_1 << OP_3;
    1511   [ +  -  +  -  :           1 :     BOOST_CHECK_EQUAL(FindAndDelete(s, d), 1);
                   +  - ]
    1512   [ +  -  +  -  :           2 :     BOOST_CHECK(s == expect);
                   +  - ]
    1513                 :             : 
    1514   [ +  -  +  -  :           1 :     s = CScript() << OP_3 << OP_1 << OP_3 << OP_3 << OP_4 << OP_3;
          +  -  +  -  +  
                -  +  - ]
    1515         [ +  - ]:           1 :     d = CScript() << OP_3;
    1516   [ +  -  +  - ]:           1 :     expect = CScript() << OP_1 << OP_4;
    1517   [ +  -  +  -  :           1 :     BOOST_CHECK_EQUAL(FindAndDelete(s, d), 4);
                   +  - ]
    1518   [ +  -  +  - ]:           2 :     BOOST_CHECK(s == expect);
    1519                 :             : 
    1520                 :           1 :     s = ToScript("0302ff03"_hex); // PUSH 0x02ff03 onto stack
    1521                 :           1 :     d = ToScript("0302ff03"_hex);
    1522                 :           1 :     expect = CScript();
    1523   [ +  -  +  -  :           1 :     BOOST_CHECK_EQUAL(FindAndDelete(s, d), 1);
                   +  - ]
    1524   [ +  -  +  - ]:           2 :     BOOST_CHECK(s == expect);
    1525                 :             : 
    1526                 :           1 :     s = ToScript("0302ff030302ff03"_hex); // PUSH 0x02ff03 PUSH 0x02ff03
    1527                 :           1 :     d = ToScript("0302ff03"_hex);
    1528                 :           1 :     expect = CScript();
    1529   [ +  -  +  -  :           1 :     BOOST_CHECK_EQUAL(FindAndDelete(s, d), 2);
                   +  - ]
    1530   [ +  -  +  - ]:           2 :     BOOST_CHECK(s == expect);
    1531                 :             : 
    1532                 :           1 :     s = ToScript("0302ff030302ff03"_hex);
    1533                 :           1 :     d = ToScript("02"_hex);
    1534                 :           1 :     expect = s; // FindAndDelete matches entire opcodes
    1535   [ +  -  +  -  :           1 :     BOOST_CHECK_EQUAL(FindAndDelete(s, d), 0);
                   +  - ]
    1536   [ +  -  +  - ]:           2 :     BOOST_CHECK(s == expect);
    1537                 :             : 
    1538                 :           1 :     s = ToScript("0302ff030302ff03"_hex);
    1539                 :           1 :     d = ToScript("ff"_hex);
    1540                 :           1 :     expect = s;
    1541   [ +  -  +  -  :           1 :     BOOST_CHECK_EQUAL(FindAndDelete(s, d), 0);
                   +  - ]
    1542   [ +  -  +  - ]:           2 :     BOOST_CHECK(s == expect);
    1543                 :             : 
    1544                 :             :     // This is an odd edge case: strip of the push-three-bytes
    1545                 :             :     // prefix, leaving 02ff03 which is push-two-bytes:
    1546                 :           1 :     s = ToScript("0302ff030302ff03"_hex);
    1547                 :           1 :     d = ToScript("03"_hex);
    1548                 :           1 :     expect = CScript() << "ff03"_hex << "ff03"_hex;
    1549   [ +  -  +  -  :           1 :     BOOST_CHECK_EQUAL(FindAndDelete(s, d), 2);
                   +  - ]
    1550   [ +  -  +  - ]:           2 :     BOOST_CHECK(s == expect);
    1551                 :             : 
    1552                 :             :     // Byte sequence that spans multiple opcodes:
    1553                 :           1 :     s = ToScript("02feed5169"_hex); // PUSH(0xfeed) OP_1 OP_VERIFY
    1554                 :           1 :     d = ToScript("feed51"_hex);
    1555                 :           1 :     expect = s;
    1556   [ +  -  +  -  :           1 :     BOOST_CHECK_EQUAL(FindAndDelete(s, d), 0); // doesn't match 'inside' opcodes
                   +  - ]
    1557   [ +  -  +  - ]:           2 :     BOOST_CHECK(s == expect);
    1558                 :             : 
    1559                 :           1 :     s = ToScript("02feed5169"_hex); // PUSH(0xfeed) OP_1 OP_VERIFY
    1560                 :           1 :     d = ToScript("02feed51"_hex);
    1561                 :           1 :     expect = ToScript("69"_hex);
    1562   [ +  -  +  -  :           1 :     BOOST_CHECK_EQUAL(FindAndDelete(s, d), 1);
                   +  - ]
    1563   [ +  -  +  - ]:           2 :     BOOST_CHECK(s == expect);
    1564                 :             : 
    1565                 :           1 :     s = ToScript("516902feed5169"_hex);
    1566                 :           1 :     d = ToScript("feed51"_hex);
    1567                 :           1 :     expect = s;
    1568   [ +  -  +  -  :           1 :     BOOST_CHECK_EQUAL(FindAndDelete(s, d), 0);
                   +  - ]
    1569   [ +  -  +  - ]:           2 :     BOOST_CHECK(s == expect);
    1570                 :             : 
    1571                 :           1 :     s = ToScript("516902feed5169"_hex);
    1572                 :           1 :     d = ToScript("02feed51"_hex);
    1573                 :           1 :     expect = ToScript("516969"_hex);
    1574   [ +  -  +  -  :           1 :     BOOST_CHECK_EQUAL(FindAndDelete(s, d), 1);
                   +  - ]
    1575   [ +  -  +  -  :           2 :     BOOST_CHECK(s == expect);
                   +  - ]
    1576                 :             : 
    1577   [ +  -  +  -  :           1 :     s = CScript() << OP_0 << OP_0 << OP_1 << OP_1;
             +  -  +  - ]
    1578   [ +  -  +  - ]:           1 :     d = CScript() << OP_0 << OP_1;
    1579   [ +  -  +  - ]:           1 :     expect = CScript() << OP_0 << OP_1; // FindAndDelete is single-pass
    1580   [ +  -  +  -  :           1 :     BOOST_CHECK_EQUAL(FindAndDelete(s, d), 1);
                   +  - ]
    1581   [ +  -  +  -  :           2 :     BOOST_CHECK(s == expect);
                   +  - ]
    1582                 :             : 
    1583   [ +  -  +  -  :           1 :     s = CScript() << OP_0 << OP_0 << OP_1 << OP_0 << OP_1 << OP_1;
          +  -  +  -  +  
                -  +  - ]
    1584   [ +  -  +  - ]:           1 :     d = CScript() << OP_0 << OP_1;
    1585   [ +  -  +  - ]:           1 :     expect = CScript() << OP_0 << OP_1; // FindAndDelete is single-pass
    1586   [ +  -  +  -  :           1 :     BOOST_CHECK_EQUAL(FindAndDelete(s, d), 2);
                   +  - ]
    1587   [ +  -  +  - ]:           2 :     BOOST_CHECK(s == expect);
    1588                 :             : 
    1589                 :             :     // Another weird edge case:
    1590                 :             :     // End with invalid push (not enough data)...
    1591                 :           1 :     s = ToScript("0003feed"_hex);
    1592                 :           1 :     d = ToScript("03feed"_hex); // ... can remove the invalid push
    1593                 :           1 :     expect = ToScript("00"_hex);
    1594   [ +  -  +  -  :           1 :     BOOST_CHECK_EQUAL(FindAndDelete(s, d), 1);
                   +  - ]
    1595   [ +  -  +  - ]:           2 :     BOOST_CHECK(s == expect);
    1596                 :             : 
    1597                 :           1 :     s = ToScript("0003feed"_hex);
    1598                 :           1 :     d = ToScript("00"_hex);
    1599                 :           1 :     expect = ToScript("03feed"_hex);
    1600   [ +  -  +  -  :           1 :     BOOST_CHECK_EQUAL(FindAndDelete(s, d), 1);
                   +  - ]
    1601   [ +  -  +  - ]:           2 :     BOOST_CHECK(s == expect);
    1602                 :           1 : }
    1603                 :             : 
    1604   [ +  -  +  -  :           7 : BOOST_AUTO_TEST_CASE(script_HasValidOps)
          +  -  +  -  -  
          +  +  -  +  -  
          +  -  +  -  +  
          -  +  -  -  +  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  -  +  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  -  +  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  -  +  +  
                      - ]
    1605                 :             : {
    1606                 :             :     // Exercise the HasValidOps functionality
    1607                 :           1 :     CScript script;
    1608                 :           1 :     script = ToScript("76a9141234567890abcdefa1a2a3a4a5a6a7a8a9a0aaab88ac"_hex); // Normal script
    1609   [ +  -  +  -  :           2 :     BOOST_CHECK(script.HasValidOps());
                   +  - ]
    1610                 :           1 :     script = ToScript("76a914ff34567890abcdefa1a2a3a4a5a6a7a8a9a0aaab88ac"_hex);
    1611   [ +  -  +  -  :           2 :     BOOST_CHECK(script.HasValidOps());
                   +  - ]
    1612                 :           1 :     script = ToScript("ff88ac"_hex); // Script with OP_INVALIDOPCODE explicit
    1613   [ +  -  +  -  :           2 :     BOOST_CHECK(!script.HasValidOps());
                   +  - ]
    1614                 :           1 :     script = ToScript("88acc0"_hex); // Script with undefined opcode
    1615   [ +  -  +  -  :           2 :     BOOST_CHECK(!script.HasValidOps());
                   +  - ]
    1616                 :           1 : }
    1617                 :             : 
    1618   [ +  -  +  -  :           7 : BOOST_AUTO_TEST_CASE(bip341_keypath_test_vectors)
          +  -  +  -  -  
          +  +  -  +  -  
          +  -  +  -  +  
          -  +  -  -  +  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  -  +  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  -  +  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  -  +  +  
                      - ]
    1619                 :             : {
    1620         [ +  - ]:           1 :     UniValue tests;
    1621         [ +  - ]:           1 :     tests.read(json_tests::bip341_wallet_vectors);
    1622                 :             : 
    1623   [ +  -  +  - ]:           1 :     const auto& vectors = tests["keyPathSpending"];
    1624                 :             : 
    1625   [ +  -  +  + ]:           2 :     for (const auto& vec : vectors.getValues()) {
    1626   [ +  -  +  -  :           2 :         auto txhex = ParseHex(vec["given"]["rawUnsignedTx"].get_str());
          +  -  +  -  +  
             -  -  +  +  
                      - ]
    1627         [ +  - ]:           1 :         CMutableTransaction tx;
    1628   [ -  +  +  - ]:           1 :         SpanReader{txhex} >> TX_WITH_WITNESS(tx);
    1629                 :           1 :         std::vector<CTxOut> utxos;
    1630   [ +  -  +  -  :          10 :         for (const auto& utxo_spent : vec["given"]["utxosSpent"].getValues()) {
          +  -  +  -  +  
                -  +  + ]
    1631   [ +  -  +  -  :           9 :             auto script_bytes = ParseHex(utxo_spent["scriptPubKey"].get_str());
          +  -  -  +  +  
                      - ]
    1632                 :           9 :             CScript script{script_bytes.begin(), script_bytes.end()};
    1633   [ +  -  +  -  :           9 :             CAmount amount{utxo_spent["amountSats"].getInt<int>()};
                   +  - ]
    1634         [ +  - ]:           9 :             utxos.emplace_back(amount, script);
    1635                 :           9 :         }
    1636                 :             : 
    1637                 :           1 :         PrecomputedTransactionData txdata;
    1638   [ +  -  +  - ]:           1 :         txdata.Init(tx, std::vector<CTxOut>{utxos}, true);
    1639                 :             : 
    1640   [ +  -  +  -  :           2 :         BOOST_CHECK(txdata.m_bip341_taproot_ready);
                   +  - ]
    1641   [ +  -  +  -  :           1 :         BOOST_CHECK_EQUAL(HexStr(txdata.m_spent_amounts_single_hash), vec["intermediary"]["hashAmounts"].get_str());
          +  -  +  -  +  
          -  +  -  +  -  
                   +  - ]
    1642   [ +  -  +  -  :           1 :         BOOST_CHECK_EQUAL(HexStr(txdata.m_outputs_single_hash), vec["intermediary"]["hashOutputs"].get_str());
          +  -  +  -  +  
          -  +  -  +  -  
                   +  - ]
    1643   [ +  -  +  -  :           1 :         BOOST_CHECK_EQUAL(HexStr(txdata.m_prevouts_single_hash), vec["intermediary"]["hashPrevouts"].get_str());
          +  -  +  -  +  
          -  +  -  +  -  
                   +  - ]
    1644   [ +  -  +  -  :           1 :         BOOST_CHECK_EQUAL(HexStr(txdata.m_spent_scripts_single_hash), vec["intermediary"]["hashScriptPubkeys"].get_str());
          +  -  +  -  +  
          -  +  -  +  -  
                   +  - ]
    1645   [ +  -  +  -  :           1 :         BOOST_CHECK_EQUAL(HexStr(txdata.m_sequences_single_hash), vec["intermediary"]["hashSequences"].get_str());
          +  -  +  -  +  
          -  +  -  +  -  
                   +  - ]
    1646                 :             : 
    1647   [ +  -  +  -  :           8 :         for (const auto& input : vec["inputSpending"].getValues()) {
             +  -  +  + ]
    1648   [ +  -  +  -  :           7 :             int txinpos = input["given"]["txinIndex"].getInt<int>();
          +  -  +  -  +  
                      - ]
    1649   [ +  -  +  -  :           7 :             int hashtype = input["given"]["hashType"].getInt<int>();
          +  -  +  -  +  
                      - ]
    1650                 :             : 
    1651                 :             :             // Load key.
    1652   [ +  -  +  -  :          14 :             auto privkey = ParseHex(input["given"]["internalPrivkey"].get_str());
          +  -  +  -  +  
             -  -  +  +  
                      - ]
    1653                 :           7 :             CKey key;
    1654         [ +  - ]:           7 :             key.Set(privkey.begin(), privkey.end(), true);
    1655                 :             : 
    1656                 :             :             // Load Merkle root.
    1657                 :           7 :             uint256 merkle_root;
    1658   [ +  -  +  -  :           7 :             if (!input["given"]["merkleRoot"].isNull()) {
          +  -  +  -  +  
                      + ]
    1659   [ +  -  +  -  :          12 :                 merkle_root = uint256{ParseHex(input["given"]["merkleRoot"].get_str())};
          +  -  +  -  +  
             -  -  +  +  
                      - ]
    1660                 :             :             }
    1661                 :             : 
    1662                 :             :             // Compute and verify (internal) public key.
    1663         [ +  - ]:           7 :             XOnlyPubKey pubkey{key.GetPubKey()};
    1664   [ +  -  +  -  :           7 :             BOOST_CHECK_EQUAL(HexStr(pubkey), input["intermediary"]["internalPubkey"].get_str());
          +  -  +  -  +  
          -  +  -  +  -  
                   +  - ]
    1665                 :             : 
    1666                 :             :             // Sign and verify signature.
    1667                 :           7 :             FlatSigningProvider provider;
    1668   [ +  -  +  -  :           7 :             provider.keys[key.GetPubKey().GetID()] = key;
             +  -  +  - ]
    1669         [ +  - ]:           7 :             MutableTransactionSignatureCreator creator(tx, txinpos, utxos[txinpos].nValue, &txdata, hashtype);
    1670                 :           7 :             std::vector<unsigned char> signature;
    1671   [ +  -  +  -  :          14 :             BOOST_CHECK(creator.CreateSchnorrSig(provider, signature, pubkey, nullptr, &merkle_root, SigVersion::TAPROOT));
             +  -  +  - ]
    1672   [ +  -  +  -  :           7 :             BOOST_CHECK_EQUAL(HexStr(signature), input["expected"]["witness"][0].get_str());
          +  -  +  -  +  
          -  +  -  +  -  
          -  +  +  -  +  
                      - ]
    1673                 :             : 
    1674                 :             :             // We can't observe the tweak used inside the signing logic, so verify by recomputing it.
    1675   [ +  -  +  -  :          20 :             BOOST_CHECK_EQUAL(HexStr(pubkey.ComputeTapTweakHash(merkle_root.IsNull() ? nullptr : &merkle_root)), input["intermediary"]["tweak"].get_str());
          +  -  +  -  +  
          -  +  -  +  +  
          +  -  +  -  +  
                      - ]
    1676                 :             : 
    1677                 :             :             // We can't observe the sighash used inside the signing logic, so verify by recomputing it.
    1678         [ +  - ]:           7 :             ScriptExecutionData sed;
    1679                 :           7 :             sed.m_annex_init = true;
    1680                 :           7 :             sed.m_annex_present = false;
    1681                 :           7 :             uint256 sighash;
    1682   [ +  -  +  -  :          14 :             BOOST_CHECK(SignatureHashSchnorr(sighash, sed, tx, txinpos, hashtype, SigVersion::TAPROOT, txdata, MissingDataBehavior::FAIL));
             +  -  +  - ]
    1683   [ +  -  +  -  :           7 :             BOOST_CHECK_EQUAL(HexStr(sighash), input["intermediary"]["sigHash"].get_str());
          +  -  +  -  +  
          -  +  -  +  -  
                   +  - ]
    1684                 :             : 
    1685                 :             :             // To verify the sigmsg, hash the expected sigmsg, and compare it with the (expected) sighash.
    1686   [ +  -  +  -  :          21 :             BOOST_CHECK_EQUAL(HexStr((HashWriter{HASHER_TAPSIGHASH} << std::span<const uint8_t>{ParseHex(input["intermediary"]["sigMsg"].get_str())}).GetSHA256()), input["intermediary"]["sigHash"].get_str());
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  -  +  
          +  -  +  -  +  
             -  +  -  +  
                      - ]
    1687                 :           7 :         }
    1688                 :           2 :     }
    1689                 :           1 : }
    1690                 :             : 
    1691   [ +  -  +  -  :           7 : BOOST_AUTO_TEST_CASE(compute_tapbranch)
          +  -  +  -  -  
          +  +  -  +  -  
          +  -  +  -  +  
          -  +  -  -  +  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  -  +  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  -  +  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  -  +  +  
                      - ]
    1692                 :             : {
    1693                 :           1 :     constexpr uint256 hash1{"8ad69ec7cf41c2a4001fd1f738bf1e505ce2277acdcaa63fe4765192497f47a7"};
    1694                 :           1 :     constexpr uint256 hash2{"f224a923cd0021ab202ab139cc56802ddb92dcfc172b9212261a539df79a112a"};
    1695                 :           1 :     constexpr uint256 result{"a64c5b7b943315f9b805d7a7296bedfcfd08919270a1f7a1466e98f8693d8cd9"};
    1696         [ +  - ]:           1 :     BOOST_CHECK_EQUAL(ComputeTapbranchHash(hash1, hash2), result);
    1697                 :           1 : }
    1698                 :             : 
    1699   [ +  -  +  -  :           7 : BOOST_AUTO_TEST_CASE(compute_tapleaf)
          +  -  +  -  -  
          +  +  -  +  -  
          +  -  +  -  +  
          -  +  -  -  +  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  -  +  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  -  +  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  -  +  +  
                      - ]
    1700                 :             : {
    1701                 :           1 :     constexpr uint8_t script[6] = {'f','o','o','b','a','r'};
    1702                 :           1 :     constexpr uint256 tlc0{"edbc10c272a1215dcdcc11d605b9027b5ad6ed97cd45521203f136767b5b9c06"};
    1703                 :           1 :     constexpr uint256 tlc2{"8b5c4f90ae6bf76e259dbef5d8a59df06359c391b59263741b25eca76451b27a"};
    1704                 :             : 
    1705         [ +  - ]:           1 :     BOOST_CHECK_EQUAL(ComputeTapleafHash(0xc0, std::span(script)), tlc0);
    1706         [ +  - ]:           1 :     BOOST_CHECK_EQUAL(ComputeTapleafHash(0xc2, std::span(script)), tlc2);
    1707                 :           1 : }
    1708                 :             : 
    1709                 :             : BOOST_AUTO_TEST_SUITE_END()
        

Generated by: LCOV version 2.0-1