LCOV - code coverage report
Current view: top level - src/test - script_tests.cpp (source / functions) Coverage Total Hit
Test: total_coverage.info Lines: 91.6 % 1114 1020
Test Date: 2025-04-28 05:00:59 Functions: 92.1 % 76 70
Branches: 48.9 % 6546 3198

             Branch data     Line data    Source code
       1                 :             : // Copyright (c) 2011-present The Bitcoin Core developers
       2                 :             : // Distributed under the MIT software license, see the accompanying
       3                 :             : // file COPYING or http://www.opensource.org/licenses/mit-license.php.
       4                 :             : 
       5                 :             : #include <test/data/script_tests.json.h>
       6                 :             : #include <test/data/bip341_wallet_vectors.json.h>
       7                 :             : 
       8                 :             : #include <common/system.h>
       9                 :             : #include <core_io.h>
      10                 :             : #include <key.h>
      11                 :             : #include <rpc/util.h>
      12                 :             : #include <script/script.h>
      13                 :             : #include <script/script_error.h>
      14                 :             : #include <script/sigcache.h>
      15                 :             : #include <script/sign.h>
      16                 :             : #include <script/signingprovider.h>
      17                 :             : #include <script/solver.h>
      18                 :             : #include <streams.h>
      19                 :             : #include <test/util/json.h>
      20                 :             : #include <test/util/random.h>
      21                 :             : #include <test/util/setup_common.h>
      22                 :             : #include <test/util/transaction_utils.h>
      23                 :             : #include <util/fs.h>
      24                 :             : #include <util/strencodings.h>
      25                 :             : 
      26                 :             : #include <cstdint>
      27                 :             : #include <fstream>
      28                 :             : #include <string>
      29                 :             : #include <vector>
      30                 :             : 
      31                 :             : #include <boost/test/unit_test.hpp>
      32                 :             : 
      33                 :             : #include <univalue.h>
      34                 :             : 
      35                 :             : // Uncomment if you want to output updated JSON tests.
      36                 :             : // #define UPDATE_JSON_TESTS
      37                 :             : 
      38                 :             : using namespace util::hex_literals;
      39                 :             : 
      40                 :             : static const unsigned int gFlags = SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_STRICTENC;
      41                 :             : 
      42                 :             : unsigned int ParseScriptFlags(std::string strFlags);
      43                 :             : std::string FormatScriptFlags(unsigned int flags);
      44                 :             : 
      45                 :             : struct ScriptErrorDesc
      46                 :             : {
      47                 :             :     ScriptError_t err;
      48                 :             :     const char *name;
      49                 :             : };
      50                 :             : 
      51                 :             : static ScriptErrorDesc script_errors[]={
      52                 :             :     {SCRIPT_ERR_OK, "OK"},
      53                 :             :     {SCRIPT_ERR_UNKNOWN_ERROR, "UNKNOWN_ERROR"},
      54                 :             :     {SCRIPT_ERR_EVAL_FALSE, "EVAL_FALSE"},
      55                 :             :     {SCRIPT_ERR_OP_RETURN, "OP_RETURN"},
      56                 :             :     {SCRIPT_ERR_SCRIPT_SIZE, "SCRIPT_SIZE"},
      57                 :             :     {SCRIPT_ERR_PUSH_SIZE, "PUSH_SIZE"},
      58                 :             :     {SCRIPT_ERR_OP_COUNT, "OP_COUNT"},
      59                 :             :     {SCRIPT_ERR_STACK_SIZE, "STACK_SIZE"},
      60                 :             :     {SCRIPT_ERR_SIG_COUNT, "SIG_COUNT"},
      61                 :             :     {SCRIPT_ERR_PUBKEY_COUNT, "PUBKEY_COUNT"},
      62                 :             :     {SCRIPT_ERR_VERIFY, "VERIFY"},
      63                 :             :     {SCRIPT_ERR_EQUALVERIFY, "EQUALVERIFY"},
      64                 :             :     {SCRIPT_ERR_CHECKMULTISIGVERIFY, "CHECKMULTISIGVERIFY"},
      65                 :             :     {SCRIPT_ERR_CHECKSIGVERIFY, "CHECKSIGVERIFY"},
      66                 :             :     {SCRIPT_ERR_NUMEQUALVERIFY, "NUMEQUALVERIFY"},
      67                 :             :     {SCRIPT_ERR_BAD_OPCODE, "BAD_OPCODE"},
      68                 :             :     {SCRIPT_ERR_DISABLED_OPCODE, "DISABLED_OPCODE"},
      69                 :             :     {SCRIPT_ERR_INVALID_STACK_OPERATION, "INVALID_STACK_OPERATION"},
      70                 :             :     {SCRIPT_ERR_INVALID_ALTSTACK_OPERATION, "INVALID_ALTSTACK_OPERATION"},
      71                 :             :     {SCRIPT_ERR_UNBALANCED_CONDITIONAL, "UNBALANCED_CONDITIONAL"},
      72                 :             :     {SCRIPT_ERR_NEGATIVE_LOCKTIME, "NEGATIVE_LOCKTIME"},
      73                 :             :     {SCRIPT_ERR_UNSATISFIED_LOCKTIME, "UNSATISFIED_LOCKTIME"},
      74                 :             :     {SCRIPT_ERR_SIG_HASHTYPE, "SIG_HASHTYPE"},
      75                 :             :     {SCRIPT_ERR_SIG_DER, "SIG_DER"},
      76                 :             :     {SCRIPT_ERR_MINIMALDATA, "MINIMALDATA"},
      77                 :             :     {SCRIPT_ERR_SIG_PUSHONLY, "SIG_PUSHONLY"},
      78                 :             :     {SCRIPT_ERR_SIG_HIGH_S, "SIG_HIGH_S"},
      79                 :             :     {SCRIPT_ERR_SIG_NULLDUMMY, "SIG_NULLDUMMY"},
      80                 :             :     {SCRIPT_ERR_PUBKEYTYPE, "PUBKEYTYPE"},
      81                 :             :     {SCRIPT_ERR_CLEANSTACK, "CLEANSTACK"},
      82                 :             :     {SCRIPT_ERR_MINIMALIF, "MINIMALIF"},
      83                 :             :     {SCRIPT_ERR_SIG_NULLFAIL, "NULLFAIL"},
      84                 :             :     {SCRIPT_ERR_DISCOURAGE_UPGRADABLE_NOPS, "DISCOURAGE_UPGRADABLE_NOPS"},
      85                 :             :     {SCRIPT_ERR_DISCOURAGE_UPGRADABLE_WITNESS_PROGRAM, "DISCOURAGE_UPGRADABLE_WITNESS_PROGRAM"},
      86                 :             :     {SCRIPT_ERR_WITNESS_PROGRAM_WRONG_LENGTH, "WITNESS_PROGRAM_WRONG_LENGTH"},
      87                 :             :     {SCRIPT_ERR_WITNESS_PROGRAM_WITNESS_EMPTY, "WITNESS_PROGRAM_WITNESS_EMPTY"},
      88                 :             :     {SCRIPT_ERR_WITNESS_PROGRAM_MISMATCH, "WITNESS_PROGRAM_MISMATCH"},
      89                 :             :     {SCRIPT_ERR_WITNESS_MALLEATED, "WITNESS_MALLEATED"},
      90                 :             :     {SCRIPT_ERR_WITNESS_MALLEATED_P2SH, "WITNESS_MALLEATED_P2SH"},
      91                 :             :     {SCRIPT_ERR_WITNESS_UNEXPECTED, "WITNESS_UNEXPECTED"},
      92                 :             :     {SCRIPT_ERR_WITNESS_PUBKEYTYPE, "WITNESS_PUBKEYTYPE"},
      93                 :             :     {SCRIPT_ERR_OP_CODESEPARATOR, "OP_CODESEPARATOR"},
      94                 :             :     {SCRIPT_ERR_SIG_FINDANDDELETE, "SIG_FINDANDDELETE"},
      95                 :             : };
      96                 :             : 
      97                 :        2824 : static std::string FormatScriptError(ScriptError_t err)
      98                 :             : {
      99         [ +  - ]:       23057 :     for (const auto& se : script_errors)
     100         [ +  + ]:       23057 :         if (se.err == err)
     101                 :        2824 :             return se.name;
     102         [ #  # ]:           0 :     BOOST_ERROR("Unknown scripterror enumeration value, update script_errors in script_tests.cpp.");
     103                 :           0 :     return "";
     104                 :             : }
     105                 :             : 
     106                 :        1211 : static ScriptError_t ParseScriptError(const std::string& name)
     107                 :             : {
     108         [ +  - ]:        9157 :     for (const auto& se : script_errors)
     109         [ +  + ]:        9157 :         if (se.name == name)
     110                 :        1211 :             return se.err;
     111         [ #  # ]:           0 :     BOOST_ERROR("Unknown scripterror \"" << name << "\" in test description");
     112                 :           0 :     return SCRIPT_ERR_UNKNOWN_ERROR;
     113                 :             : }
     114                 :             : 
     115                 :          38 : struct ScriptTest : BasicTestingSetup {
     116                 :        1345 : void DoTest(const CScript& scriptPubKey, const CScript& scriptSig, const CScriptWitness& scriptWitness, uint32_t flags, const std::string& message, int scriptError, CAmount nValue = 0)
     117                 :             : {
     118                 :        1345 :     bool expect = (scriptError == SCRIPT_ERR_OK);
     119         [ +  + ]:        1345 :     if (flags & SCRIPT_VERIFY_CLEANSTACK) {
     120                 :           6 :         flags |= SCRIPT_VERIFY_P2SH;
     121                 :           6 :         flags |= SCRIPT_VERIFY_WITNESS;
     122                 :             :     }
     123                 :        1345 :     ScriptError err;
     124         [ +  - ]:        1345 :     const CTransaction txCredit{BuildCreditingTransaction(scriptPubKey, nValue)};
     125         [ +  - ]:        1345 :     CMutableTransaction tx = BuildSpendingTransaction(scriptSig, scriptWitness, txCredit);
     126   [ +  -  +  -  :        2690 :     BOOST_CHECK_MESSAGE(VerifyScript(scriptSig, scriptPubKey, &scriptWitness, flags, MutableTransactionSignatureChecker(&tx, 0, txCredit.vout[0].nValue, MissingDataBehavior::ASSERT_FAIL), &err) == expect, message);
             +  -  +  - ]
     127   [ +  -  +  -  :        5380 :     BOOST_CHECK_MESSAGE(err == scriptError, FormatScriptError(err) + " where " + FormatScriptError((ScriptError_t)scriptError) + " expected: " + message);
          +  -  +  -  +  
                -  +  - ]
     128                 :             : 
     129                 :             :     // Verify that removing flags from a passing test or adding flags to a failing test does not change the result.
     130         [ +  + ]:       22865 :     for (int i = 0; i < 16; ++i) {
     131                 :       21520 :         uint32_t extra_flags(m_rng.randbits(16));
     132         [ +  + ]:       21520 :         uint32_t combined_flags{expect ? (flags & ~extra_flags) : (flags | extra_flags)};
     133                 :             :         // Weed out some invalid flag combinations.
     134   [ +  +  +  + ]:       21520 :         if (combined_flags & SCRIPT_VERIFY_CLEANSTACK && ~combined_flags & (SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS)) continue;
     135         [ +  + ]:       19163 :         if (combined_flags & SCRIPT_VERIFY_WITNESS && ~combined_flags & SCRIPT_VERIFY_P2SH) continue;
     136   [ +  -  +  -  :       37050 :         BOOST_CHECK_MESSAGE(VerifyScript(scriptSig, scriptPubKey, &scriptWitness, combined_flags, MutableTransactionSignatureChecker(&tx, 0, txCredit.vout[0].nValue, MissingDataBehavior::ASSERT_FAIL), &err) == expect, message + strprintf(" (with flags %x)", combined_flags));
          +  -  +  -  +  
                      - ]
     137                 :             :     }
     138                 :        2690 : }
     139                 :             : }; // struct ScriptTest
     140                 :             : 
     141                 :           2 : void static NegateSignatureS(std::vector<unsigned char>& vchSig) {
     142                 :             :     // Parse the signature.
     143                 :           2 :     std::vector<unsigned char> r, s;
     144   [ +  -  +  - ]:           4 :     r = std::vector<unsigned char>(vchSig.begin() + 4, vchSig.begin() + 4 + vchSig[3]);
     145         [ +  - ]:           4 :     s = std::vector<unsigned char>(vchSig.begin() + 6 + vchSig[3], vchSig.begin() + 6 + vchSig[3] + vchSig[5 + vchSig[3]]);
     146                 :             : 
     147                 :             :     // Really ugly to implement mod-n negation here, but it would be feature creep to expose such functionality from libsecp256k1.
     148                 :           2 :     static const unsigned char order[33] = {
     149                 :             :         0x00,
     150                 :             :         0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
     151                 :             :         0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE,
     152                 :             :         0xBA, 0xAE, 0xDC, 0xE6, 0xAF, 0x48, 0xA0, 0x3B,
     153                 :             :         0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41, 0x41
     154                 :             :     };
     155         [ +  + ]:           4 :     while (s.size() < 33) {
     156         [ +  - ]:           2 :         s.insert(s.begin(), 0x00);
     157                 :             :     }
     158                 :             :     int carry = 0;
     159         [ +  + ]:          66 :     for (int p = 32; p >= 1; p--) {
     160                 :          64 :         int n = (int)order[p] - s[p] - carry;
     161                 :          64 :         s[p] = (n + 256) & 0xFF;
     162                 :          64 :         carry = (n < 0);
     163                 :             :     }
     164         [ -  + ]:           2 :     assert(carry == 0);
     165   [ +  -  +  -  :           2 :     if (s.size() > 1 && s[0] == 0 && s[1] < 0x80) {
                   -  + ]
     166                 :           0 :         s.erase(s.begin());
     167                 :             :     }
     168                 :             : 
     169                 :             :     // Reconstruct the signature.
     170         [ +  - ]:           2 :     vchSig.clear();
     171         [ +  - ]:           2 :     vchSig.push_back(0x30);
     172         [ +  - ]:           2 :     vchSig.push_back(4 + r.size() + s.size());
     173         [ +  - ]:           2 :     vchSig.push_back(0x02);
     174         [ +  - ]:           2 :     vchSig.push_back(r.size());
     175         [ +  - ]:           2 :     vchSig.insert(vchSig.end(), r.begin(), r.end());
     176         [ +  - ]:           2 :     vchSig.push_back(0x02);
     177         [ +  - ]:           2 :     vchSig.push_back(s.size());
     178         [ +  - ]:           2 :     vchSig.insert(vchSig.end(), s.begin(), s.end());
     179                 :           2 : }
     180                 :             : 
     181                 :             : namespace
     182                 :             : {
     183                 :             : const unsigned char vchKey0[32] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1};
     184                 :             : const unsigned char vchKey1[32] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0};
     185                 :             : const unsigned char vchKey2[32] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0};
     186                 :             : 
     187                 :             : struct KeyData
     188                 :             : {
     189                 :             :     CKey key0, key0C, key1, key1C, key2, key2C;
     190                 :             :     CPubKey pubkey0, pubkey0C, pubkey0H;
     191                 :             :     CPubKey pubkey1, pubkey1C;
     192                 :             :     CPubKey pubkey2, pubkey2C;
     193                 :             : 
     194                 :           2 :     KeyData()
     195         [ +  - ]:           2 :     {
     196         [ +  - ]:           2 :         key0.Set(vchKey0, vchKey0 + 32, false);
     197         [ +  - ]:           2 :         key0C.Set(vchKey0, vchKey0 + 32, true);
     198         [ +  - ]:           2 :         pubkey0 = key0.GetPubKey();
     199         [ +  - ]:           2 :         pubkey0H = key0.GetPubKey();
     200         [ +  - ]:           2 :         pubkey0C = key0C.GetPubKey();
     201         [ +  - ]:           2 :         *const_cast<unsigned char*>(pubkey0H.data()) = 0x06 | (pubkey0H[64] & 1);
     202                 :             : 
     203         [ +  - ]:           2 :         key1.Set(vchKey1, vchKey1 + 32, false);
     204         [ +  - ]:           2 :         key1C.Set(vchKey1, vchKey1 + 32, true);
     205         [ +  - ]:           2 :         pubkey1 = key1.GetPubKey();
     206         [ +  - ]:           2 :         pubkey1C = key1C.GetPubKey();
     207                 :             : 
     208         [ +  - ]:           2 :         key2.Set(vchKey2, vchKey2 + 32, false);
     209         [ +  - ]:           2 :         key2C.Set(vchKey2, vchKey2 + 32, true);
     210         [ +  - ]:           2 :         pubkey2 = key2.GetPubKey();
     211         [ +  - ]:           2 :         pubkey2C = key2C.GetPubKey();
     212                 :           2 :     }
     213                 :             : };
     214                 :             : 
     215                 :             : enum class WitnessMode {
     216                 :             :     NONE,
     217                 :             :     PKH,
     218                 :             :     SH
     219                 :             : };
     220                 :             : 
     221                 :             : class TestBuilder
     222                 :             : {
     223                 :             : private:
     224                 :             :     //! Actually executed script
     225                 :             :     CScript script;
     226                 :             :     //! The P2SH redeemscript
     227                 :             :     CScript redeemscript;
     228                 :             :     //! The Witness embedded script
     229                 :             :     CScript witscript;
     230                 :             :     CScriptWitness scriptWitness;
     231                 :             :     CTransactionRef creditTx;
     232                 :             :     CMutableTransaction spendTx;
     233                 :             :     bool havePush{false};
     234                 :             :     std::vector<unsigned char> push;
     235                 :             :     std::string comment;
     236                 :             :     uint32_t flags;
     237                 :             :     int scriptError{SCRIPT_ERR_OK};
     238                 :             :     CAmount nValue;
     239                 :             : 
     240                 :         577 :     void DoPush()
     241                 :             :     {
     242         [ +  + ]:         577 :         if (havePush) {
     243                 :         220 :             spendTx.vin[0].scriptSig << push;
     244                 :         220 :             havePush = false;
     245                 :             :         }
     246                 :         577 :     }
     247                 :             : 
     248                 :         253 :     void DoPush(const std::vector<unsigned char>& data)
     249                 :             :     {
     250                 :         253 :         DoPush();
     251                 :         253 :         push = data;
     252                 :         253 :         havePush = true;
     253                 :         253 :     }
     254                 :             : 
     255                 :             : public:
     256   [ +  -  +  - ]:         134 :     TestBuilder(const CScript& script_, const std::string& comment_, uint32_t flags_, bool P2SH = false, WitnessMode wm = WitnessMode::NONE, int witnessversion = 0, CAmount nValue_ = 0) : script(script_), comment(comment_), flags(flags_), nValue(nValue_)
     257                 :             :     {
     258                 :         134 :         CScript scriptPubKey = script;
     259         [ +  + ]:         134 :         if (wm == WitnessMode::PKH) {
     260                 :          16 :             uint160 hash;
     261   [ +  -  -  +  :          32 :             CHash160().Write(std::span{script}.subspan(1)).Finalize(hash);
             +  -  +  - ]
     262   [ +  -  +  -  :          16 :             script = CScript() << OP_DUP << OP_HASH160 << ToByteVector(hash) << OP_EQUALVERIFY << OP_CHECKSIG;
          +  -  +  -  +  
                      - ]
     263   [ +  -  +  - ]:          16 :             scriptPubKey = CScript() << witnessversion << ToByteVector(hash);
     264         [ +  + ]:         118 :         } else if (wm == WitnessMode::SH) {
     265                 :          34 :             witscript = scriptPubKey;
     266                 :          34 :             uint256 hash;
     267   [ +  -  +  -  :         102 :             CSHA256().Write(witscript.data(), witscript.size()).Finalize(hash.begin());
          -  +  +  -  +  
                      - ]
     268   [ +  -  +  - ]:          34 :             scriptPubKey = CScript() << witnessversion << ToByteVector(hash);
     269                 :             :         }
     270         [ +  + ]:         134 :         if (P2SH) {
     271                 :          36 :             redeemscript = scriptPubKey;
     272   [ +  -  +  -  :          36 :             scriptPubKey = CScript() << OP_HASH160 << ToByteVector(CScriptID(redeemscript)) << OP_EQUAL;
             +  -  +  - ]
     273                 :             :         }
     274   [ +  -  -  + ]:         268 :         creditTx = MakeTransactionRef(BuildCreditingTransaction(scriptPubKey, nValue));
     275         [ +  - ]:         268 :         spendTx = BuildSpendingTransaction(CScript(), CScriptWitness(), *creditTx);
     276         [ -  - ]:         134 :     }
     277                 :             : 
     278                 :          71 :     TestBuilder& ScriptError(ScriptError_t err)
     279                 :             :     {
     280                 :          71 :         scriptError = err;
     281                 :          71 :         return *this;
     282                 :             :     }
     283                 :             : 
     284                 :           6 :     TestBuilder& Opcode(const opcodetype& _op)
     285                 :             :     {
     286                 :           6 :         DoPush();
     287   [ +  -  +  -  :           6 :         spendTx.vin[0].scriptSig << _op;
          +  -  +  -  +  
                -  +  - ]
     288                 :           6 :         return *this;
     289                 :             :     }
     290                 :             : 
     291                 :          50 :     TestBuilder& Num(int num)
     292                 :             :     {
     293                 :          38 :         DoPush();
     294   [ +  -  +  -  :          50 :         spendTx.vin[0].scriptSig << num;
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
                      - ]
     295                 :          50 :         return *this;
     296                 :             :     }
     297                 :             : 
     298                 :           2 :     TestBuilder& Push(const std::string& hex)
     299                 :             :     {
     300         [ +  - ]:           2 :         DoPush(ParseHex(hex));
     301                 :           2 :         return *this;
     302                 :             :     }
     303                 :             : 
     304                 :          21 :     TestBuilder& Push(const CScript& _script)
     305                 :             :     {
     306   [ +  +  +  - ]:          63 :         DoPush(std::vector<unsigned char>(_script.begin(), _script.end()));
     307                 :          21 :         return *this;
     308                 :             :     }
     309                 :             : 
     310                 :         142 :     TestBuilder& PushSig(const CKey& key, int nHashType = SIGHASH_ALL, unsigned int lenR = 32, unsigned int lenS = 32, SigVersion sigversion = SigVersion::BASE, CAmount amount = 0)
     311                 :             :     {
     312                 :         142 :         uint256 hash = SignatureHash(script, spendTx, 0, nHashType, amount, sigversion);
     313                 :         142 :         std::vector<unsigned char> vchSig, r, s;
     314                 :         142 :         uint32_t iter = 0;
     315                 :        1340 :         do {
     316         [ +  - ]:        1340 :             key.Sign(hash, vchSig, false, iter++);
     317         [ +  + ]:        1340 :             if ((lenS == 33) != (vchSig[5 + vchSig[3]] == 33)) {
     318         [ +  - ]:           2 :                 NegateSignatureS(vchSig);
     319                 :             :             }
     320   [ +  -  +  - ]:        2680 :             r = std::vector<unsigned char>(vchSig.begin() + 4, vchSig.begin() + 4 + vchSig[3]);
     321   [ +  -  +  + ]:        2680 :             s = std::vector<unsigned char>(vchSig.begin() + 6 + vchSig[3], vchSig.begin() + 6 + vchSig[3] + vchSig[5 + vchSig[3]]);
     322   [ +  +  -  +  :        1340 :         } while (lenR != r.size() || lenS != s.size());
                   +  + ]
     323         [ +  - ]:         142 :         vchSig.push_back(static_cast<unsigned char>(nHashType));
     324         [ +  - ]:         142 :         DoPush(vchSig);
     325                 :         142 :         return *this;
     326                 :         142 :     }
     327                 :             : 
     328                 :          50 :     TestBuilder& PushWitSig(const CKey& key, CAmount amount = -1, int nHashType = SIGHASH_ALL, unsigned int lenR = 32, unsigned int lenS = 32, SigVersion sigversion = SigVersion::WITNESS_V0)
     329                 :             :     {
     330         [ +  + ]:          50 :         if (amount == -1)
     331                 :          46 :             amount = nValue;
     332                 :          50 :         return PushSig(key, nHashType, lenR, lenS, sigversion, amount).AsWit();
     333                 :             :     }
     334                 :             : 
     335                 :          20 :     TestBuilder& Push(const CPubKey& pubkey)
     336                 :             :     {
     337         [ +  - ]:          40 :         DoPush(std::vector<unsigned char>(pubkey.begin(), pubkey.end()));
     338                 :          20 :         return *this;
     339                 :             :     }
     340                 :             : 
     341                 :          36 :     TestBuilder& PushRedeem()
     342                 :             :     {
     343   [ +  +  +  - ]:         108 :         DoPush(std::vector<unsigned char>(redeemscript.begin(), redeemscript.end()));
     344                 :          36 :         return *this;
     345                 :             :     }
     346                 :             : 
     347                 :          32 :     TestBuilder& PushWitRedeem()
     348                 :             :     {
     349   [ -  +  +  - ]:          96 :         DoPush(std::vector<unsigned char>(witscript.begin(), witscript.end()));
     350                 :          32 :         return AsWit();
     351                 :             :     }
     352                 :             : 
     353                 :          31 :     TestBuilder& EditPush(unsigned int pos, const std::string& hexin, const std::string& hexout)
     354                 :             :     {
     355         [ -  + ]:          31 :         assert(havePush);
     356                 :          31 :         std::vector<unsigned char> datain = ParseHex(hexin);
     357         [ +  - ]:          31 :         std::vector<unsigned char> dataout = ParseHex(hexout);
     358         [ -  + ]:          31 :         assert(pos + datain.size() <= push.size());
     359   [ +  -  +  -  :          62 :         BOOST_CHECK_MESSAGE(std::vector<unsigned char>(push.begin() + pos, push.begin() + pos + datain.size()) == datain, comment);
                   +  - ]
     360                 :          31 :         push.erase(push.begin() + pos, push.begin() + pos + datain.size());
     361         [ +  - ]:          31 :         push.insert(push.begin() + pos, dataout.begin(), dataout.end());
     362                 :          31 :         return *this;
     363                 :          31 :     }
     364                 :             : 
     365                 :          14 :     TestBuilder& DamagePush(unsigned int pos)
     366                 :             :     {
     367         [ -  + ]:          14 :         assert(havePush);
     368         [ -  + ]:          14 :         assert(pos < push.size());
     369                 :          14 :         push[pos] ^= 1;
     370                 :          14 :         return *this;
     371                 :             :     }
     372                 :             : 
     373                 :         134 :     TestBuilder& Test(ScriptTest& test)
     374                 :             :     {
     375                 :         134 :         TestBuilder copy = *this; // Make a copy so we can rollback the push.
     376                 :         134 :         DoPush();
     377         [ +  - ]:         134 :         test.DoTest(creditTx->vout[0].scriptPubKey, spendTx.vin[0].scriptSig, scriptWitness, flags, comment, scriptError, nValue);
     378         [ +  - ]:         134 :         *this = copy;
     379                 :         134 :         return *this;
     380                 :         134 :     }
     381                 :             : 
     382                 :         122 :     TestBuilder& AsWit()
     383                 :             :     {
     384         [ -  + ]:         122 :         assert(havePush);
     385                 :         122 :         scriptWitness.stack.push_back(push);
     386                 :         122 :         havePush = false;
     387                 :         122 :         return *this;
     388                 :             :     }
     389                 :             : 
     390                 :         134 :     UniValue GetJSON()
     391                 :             :     {
     392                 :         134 :         DoPush();
     393                 :         134 :         UniValue array(UniValue::VARR);
     394         [ +  + ]:         134 :         if (!scriptWitness.stack.empty()) {
     395                 :          51 :             UniValue wit(UniValue::VARR);
     396         [ +  + ]:         173 :             for (unsigned i = 0; i < scriptWitness.stack.size(); i++) {
     397   [ +  -  +  -  :         122 :                 wit.push_back(HexStr(scriptWitness.stack[i]));
                   +  - ]
     398                 :             :             }
     399   [ +  -  +  - ]:          51 :             wit.push_back(ValueFromAmount(nValue));
     400         [ +  - ]:          51 :             array.push_back(std::move(wit));
     401                 :          51 :         }
     402   [ +  -  +  -  :         134 :         array.push_back(FormatScript(spendTx.vin[0].scriptSig));
                   +  - ]
     403   [ +  -  +  -  :         134 :         array.push_back(FormatScript(creditTx->vout[0].scriptPubKey));
                   +  - ]
     404   [ +  -  +  -  :         134 :         array.push_back(FormatScriptFlags(flags));
                   +  - ]
     405   [ +  -  +  -  :         134 :         array.push_back(FormatScriptError((ScriptError_t)scriptError));
                   +  - ]
     406   [ +  -  +  - ]:         134 :         array.push_back(comment);
     407                 :         134 :         return array;
     408                 :           0 :     }
     409                 :             : 
     410                 :           0 :     std::string GetComment() const
     411                 :             :     {
     412         [ #  # ]:           0 :         return comment;
     413                 :             :     }
     414                 :             : };
     415                 :             : 
     416                 :        1397 : std::string JSONPrettyPrint(const UniValue& univalue)
     417                 :             : {
     418                 :        1397 :     std::string ret = univalue.write(4);
     419                 :             :     // Workaround for libunivalue pretty printer, which puts a space between commas and newlines
     420                 :        1397 :     size_t pos = 0;
     421         [ -  + ]:        2794 :     while ((pos = ret.find(" \n", pos)) != std::string::npos) {
     422         [ #  # ]:           0 :         ret.replace(pos, 2, "\n");
     423                 :           0 :         pos++;
     424                 :             :     }
     425                 :        1397 :     return ret;
     426                 :           0 : }
     427                 :             : } // namespace
     428                 :             : 
     429                 :             : BOOST_FIXTURE_TEST_SUITE(script_tests, ScriptTest)
     430                 :             : 
     431   [ +  -  +  -  :           7 : BOOST_AUTO_TEST_CASE(script_build)
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
                      - ]
     432                 :             : {
     433                 :           1 :     const KeyData keys;
     434                 :             : 
     435                 :           1 :     std::vector<TestBuilder> tests;
     436                 :             : 
     437   [ +  -  +  -  :           2 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
             +  -  +  - ]
     438                 :             :                                 "P2PK", 0
     439   [ +  -  +  -  :           2 :                                ).PushSig(keys.key0));
                   +  - ]
     440   [ +  -  +  -  :           2 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
                   +  - ]
     441                 :             :                                 "P2PK, bad sig", 0
     442   [ +  -  +  -  :           2 :                                ).PushSig(keys.key0).DamagePush(10).ScriptError(SCRIPT_ERR_EVAL_FALSE));
             +  -  +  - ]
     443                 :             : 
     444   [ +  -  +  -  :           2 :     tests.push_back(TestBuilder(CScript() << OP_DUP << OP_HASH160 << ToByteVector(keys.pubkey1C.GetID()) << OP_EQUALVERIFY << OP_CHECKSIG,
          +  -  +  -  +  
          -  +  -  +  -  
                   +  - ]
     445                 :             :                                 "P2PKH", 0
     446   [ +  -  +  -  :           2 :                                ).PushSig(keys.key1).Push(keys.pubkey1C));
             +  -  +  - ]
     447   [ +  -  +  -  :           2 :     tests.push_back(TestBuilder(CScript() << OP_DUP << OP_HASH160 << ToByteVector(keys.pubkey2C.GetID()) << OP_EQUALVERIFY << OP_CHECKSIG,
          +  -  +  -  +  
             -  +  -  +  
                      - ]
     448                 :             :                                 "P2PKH, bad pubkey", 0
     449   [ +  -  +  -  :           2 :                                ).PushSig(keys.key2).Push(keys.pubkey2C).DamagePush(5).ScriptError(SCRIPT_ERR_EQUALVERIFY));
          +  -  +  -  +  
                      - ]
     450                 :             : 
     451   [ +  -  +  -  :           2 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG,
             +  -  +  - ]
     452                 :             :                                 "P2PK anyonecanpay", 0
     453   [ +  -  +  -  :           2 :                                ).PushSig(keys.key1, SIGHASH_ALL | SIGHASH_ANYONECANPAY));
                   +  - ]
     454   [ +  -  +  -  :           2 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG,
                   +  - ]
     455                 :             :                                 "P2PK anyonecanpay marked with normal hashtype", 0
     456   [ +  -  +  -  :           3 :                                ).PushSig(keys.key1, SIGHASH_ALL | SIGHASH_ANYONECANPAY).EditPush(70, "81", "01").ScriptError(SCRIPT_ERR_EVAL_FALSE));
          +  -  +  -  +  
             -  +  -  +  
                      - ]
     457                 :             : 
     458   [ +  -  +  -  :           2 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0C) << OP_CHECKSIG,
             +  -  +  - ]
     459                 :             :                                 "P2SH(P2PK)", SCRIPT_VERIFY_P2SH, true
     460   [ +  -  +  -  :           2 :                                ).PushSig(keys.key0).PushRedeem());
             +  -  +  - ]
     461   [ +  -  +  -  :           2 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0C) << OP_CHECKSIG,
             +  -  +  - ]
     462                 :             :                                 "P2SH(P2PK), bad redeemscript", SCRIPT_VERIFY_P2SH, true
     463   [ +  -  +  -  :           2 :                                ).PushSig(keys.key0).PushRedeem().DamagePush(10).ScriptError(SCRIPT_ERR_EVAL_FALSE));
          +  -  +  -  +  
                      - ]
     464                 :             : 
     465   [ +  -  +  -  :           2 :     tests.push_back(TestBuilder(CScript() << OP_DUP << OP_HASH160 << ToByteVector(keys.pubkey0.GetID()) << OP_EQUALVERIFY << OP_CHECKSIG,
          +  -  +  -  +  
          -  +  -  +  -  
                   +  - ]
     466                 :             :                                 "P2SH(P2PKH)", SCRIPT_VERIFY_P2SH, true
     467   [ +  -  +  -  :           2 :                                ).PushSig(keys.key0).Push(keys.pubkey0).PushRedeem());
          +  -  +  -  +  
                      - ]
     468   [ +  -  +  -  :           2 :     tests.push_back(TestBuilder(CScript() << OP_DUP << OP_HASH160 << ToByteVector(keys.pubkey1.GetID()) << OP_EQUALVERIFY << OP_CHECKSIG,
          +  -  +  -  +  
          -  +  -  +  -  
                   +  - ]
     469                 :             :                                 "P2SH(P2PKH), bad sig but no VERIFY_P2SH", 0, true
     470   [ +  -  +  -  :           2 :                                ).PushSig(keys.key0).DamagePush(10).PushRedeem());
             +  -  +  - ]
     471   [ +  -  +  -  :           2 :     tests.push_back(TestBuilder(CScript() << OP_DUP << OP_HASH160 << ToByteVector(keys.pubkey1.GetID()) << OP_EQUALVERIFY << OP_CHECKSIG,
          +  -  +  -  +  
             -  +  -  +  
                      - ]
     472                 :             :                                 "P2SH(P2PKH), bad sig", SCRIPT_VERIFY_P2SH, true
     473   [ +  -  +  -  :           2 :                                ).PushSig(keys.key0).DamagePush(10).PushRedeem().ScriptError(SCRIPT_ERR_EQUALVERIFY));
          +  -  +  -  +  
                      - ]
     474                 :             : 
     475   [ +  -  +  -  :           2 :     tests.push_back(TestBuilder(CScript() << OP_3 << ToByteVector(keys.pubkey0C) << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_3 << OP_CHECKMULTISIG,
          +  -  +  -  +  
          -  +  -  +  -  
                   +  - ]
     476                 :             :                                 "3-of-3", 0
     477   [ +  -  +  -  :           3 :                                ).Num(0).PushSig(keys.key0).PushSig(keys.key1).PushSig(keys.key2));
          +  -  +  -  +  
                      - ]
     478   [ +  -  +  -  :           2 :     tests.push_back(TestBuilder(CScript() << OP_3 << ToByteVector(keys.pubkey0C) << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_3 << OP_CHECKMULTISIG,
          +  -  +  -  +  
             -  +  -  +  
                      - ]
     479                 :             :                                 "3-of-3, 2 sigs", 0
     480   [ +  -  +  -  :           4 :                                ).Num(0).PushSig(keys.key0).PushSig(keys.key1).Num(0).ScriptError(SCRIPT_ERR_EVAL_FALSE));
          +  -  +  -  +  
                      - ]
     481                 :             : 
     482   [ +  -  +  -  :           2 :     tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey0C) << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_3 << OP_CHECKMULTISIG,
          +  -  +  -  +  
          -  +  -  +  -  
                   +  - ]
     483                 :             :                                 "P2SH(2-of-3)", SCRIPT_VERIFY_P2SH, true
     484   [ +  -  +  -  :           3 :                                ).Num(0).PushSig(keys.key1).PushSig(keys.key2).PushRedeem());
          +  -  +  -  +  
                      - ]
     485   [ +  -  +  -  :           2 :     tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey0C) << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_3 << OP_CHECKMULTISIG,
          +  -  +  -  +  
             -  +  -  +  
                      - ]
     486                 :             :                                 "P2SH(2-of-3), 1 sig", SCRIPT_VERIFY_P2SH, true
     487   [ +  -  +  -  :           4 :                                ).Num(0).PushSig(keys.key1).Num(0).PushRedeem().ScriptError(SCRIPT_ERR_EVAL_FALSE));
          +  -  +  -  +  
                      - ]
     488                 :             : 
     489   [ +  -  +  -  :           3 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
             +  -  +  - ]
     490                 :             :                                 "P2PK with too much R padding but no DERSIG", 0
     491   [ +  -  +  -  :           3 :                                ).PushSig(keys.key1, SIGHASH_ALL, 31, 32).EditPush(1, "43021F", "44022000"));
          +  -  +  -  +  
                -  +  - ]
     492   [ +  -  +  -  :           2 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
                   +  - ]
     493                 :             :                                 "P2PK with too much R padding", SCRIPT_VERIFY_DERSIG
     494   [ +  -  +  -  :           3 :                                ).PushSig(keys.key1, SIGHASH_ALL, 31, 32).EditPush(1, "43021F", "44022000").ScriptError(SCRIPT_ERR_SIG_DER));
          +  -  +  -  +  
             -  +  -  +  
                      - ]
     495   [ +  -  +  -  :           3 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
             +  -  +  - ]
     496                 :             :                                 "P2PK with too much S padding but no DERSIG", 0
     497   [ +  -  +  -  :           3 :                                ).PushSig(keys.key1, SIGHASH_ALL).EditPush(1, "44", "45").EditPush(37, "20", "2100"));
          +  -  +  -  +  
          -  +  -  +  -  
             +  -  +  - ]
     498   [ +  -  +  -  :           2 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
                   +  - ]
     499                 :             :                                 "P2PK with too much S padding", SCRIPT_VERIFY_DERSIG
     500   [ +  -  +  -  :           3 :                                ).PushSig(keys.key1, SIGHASH_ALL).EditPush(1, "44", "45").EditPush(37, "20", "2100").ScriptError(SCRIPT_ERR_SIG_DER));
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
                      - ]
     501   [ +  -  +  -  :           3 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
             +  -  +  - ]
     502                 :             :                                 "P2PK with too little R padding but no DERSIG", 0
     503   [ +  -  +  -  :           3 :                                ).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220"));
          +  -  +  -  +  
                -  +  - ]
     504   [ +  -  +  -  :           2 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
                   +  - ]
     505                 :             :                                 "P2PK with too little R padding", SCRIPT_VERIFY_DERSIG
     506   [ +  -  +  -  :           3 :                                ).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").ScriptError(SCRIPT_ERR_SIG_DER));
          +  -  +  -  +  
             -  +  -  +  
                      - ]
     507   [ +  -  +  -  :           3 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG << OP_NOT,
          +  -  +  -  +  
                      - ]
     508                 :             :                                 "P2PK NOT with bad sig with too much R padding but no DERSIG", 0
     509   [ +  -  +  -  :           3 :                                ).PushSig(keys.key2, SIGHASH_ALL, 31, 32).EditPush(1, "43021F", "44022000").DamagePush(10));
          +  -  +  -  +  
                -  +  - ]
     510   [ +  -  +  -  :           2 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG << OP_NOT,
             +  -  +  - ]
     511                 :             :                                 "P2PK NOT with bad sig with too much R padding", SCRIPT_VERIFY_DERSIG
     512   [ +  -  +  -  :           3 :                                ).PushSig(keys.key2, SIGHASH_ALL, 31, 32).EditPush(1, "43021F", "44022000").DamagePush(10).ScriptError(SCRIPT_ERR_SIG_DER));
          +  -  +  -  +  
             -  +  -  +  
                      - ]
     513   [ +  -  +  -  :           2 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG << OP_NOT,
             +  -  +  - ]
     514                 :             :                                 "P2PK NOT with too much R padding but no DERSIG", 0
     515   [ +  -  +  -  :           3 :                                ).PushSig(keys.key2, SIGHASH_ALL, 31, 32).EditPush(1, "43021F", "44022000").ScriptError(SCRIPT_ERR_EVAL_FALSE));
          +  -  +  -  +  
             -  +  -  +  
                      - ]
     516   [ +  -  +  -  :           2 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG << OP_NOT,
             +  -  +  - ]
     517                 :             :                                 "P2PK NOT with too much R padding", SCRIPT_VERIFY_DERSIG
     518   [ +  -  +  -  :           3 :                                ).PushSig(keys.key2, SIGHASH_ALL, 31, 32).EditPush(1, "43021F", "44022000").ScriptError(SCRIPT_ERR_SIG_DER));
          +  -  +  -  +  
             -  +  -  +  
                      - ]
     519                 :             : 
     520   [ +  -  +  -  :           3 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
             +  -  +  - ]
     521                 :             :                                 "BIP66 example 1, without DERSIG", 0
     522   [ +  -  +  -  :           3 :                                ).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220"));
          +  -  +  -  +  
                -  +  - ]
     523   [ +  -  +  -  :           2 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
                   +  - ]
     524                 :             :                                 "BIP66 example 1, with DERSIG", SCRIPT_VERIFY_DERSIG
     525   [ +  -  +  -  :           3 :                                ).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").ScriptError(SCRIPT_ERR_SIG_DER));
          +  -  +  -  +  
             -  +  -  +  
                      - ]
     526   [ +  -  +  -  :           2 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG << OP_NOT,
             +  -  +  - ]
     527                 :             :                                 "BIP66 example 2, without DERSIG", 0
     528   [ +  -  +  -  :           3 :                                ).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").ScriptError(SCRIPT_ERR_EVAL_FALSE));
          +  -  +  -  +  
             -  +  -  +  
                      - ]
     529   [ +  -  +  -  :           2 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG << OP_NOT,
             +  -  +  - ]
     530                 :             :                                 "BIP66 example 2, with DERSIG", SCRIPT_VERIFY_DERSIG
     531   [ +  -  +  -  :           3 :                                ).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").ScriptError(SCRIPT_ERR_SIG_DER));
          +  -  +  -  +  
             -  +  -  +  
                      - ]
     532   [ +  -  +  -  :           2 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
                   +  - ]
     533                 :             :                                 "BIP66 example 3, without DERSIG", 0
     534   [ +  -  +  -  :           3 :                                ).Num(0).ScriptError(SCRIPT_ERR_EVAL_FALSE));
                   +  - ]
     535   [ +  -  +  -  :           2 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
                   +  - ]
     536                 :             :                                 "BIP66 example 3, with DERSIG", SCRIPT_VERIFY_DERSIG
     537   [ +  -  +  -  :           3 :                                ).Num(0).ScriptError(SCRIPT_ERR_EVAL_FALSE));
                   +  - ]
     538   [ +  -  +  -  :           2 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG << OP_NOT,
             +  -  +  - ]
     539                 :             :                                 "BIP66 example 4, without DERSIG", 0
     540   [ +  -  +  -  :           3 :                                ).Num(0));
                   +  - ]
     541   [ +  -  +  -  :           2 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG << OP_NOT,
             +  -  +  - ]
     542                 :             :                                 "BIP66 example 4, with DERSIG", SCRIPT_VERIFY_DERSIG
     543   [ +  -  +  -  :           3 :                                ).Num(0));
                   +  - ]
     544   [ +  -  +  -  :           2 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
                   +  - ]
     545                 :             :                                 "BIP66 example 5, without DERSIG", 0
     546   [ +  -  +  -  :           3 :                                ).Num(1).ScriptError(SCRIPT_ERR_EVAL_FALSE));
                   +  - ]
     547   [ +  -  +  -  :           2 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG,
                   +  - ]
     548                 :             :                                 "BIP66 example 5, with DERSIG", SCRIPT_VERIFY_DERSIG
     549   [ +  -  +  -  :           3 :                                ).Num(1).ScriptError(SCRIPT_ERR_SIG_DER));
                   +  - ]
     550   [ +  -  +  -  :           2 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG << OP_NOT,
             +  -  +  - ]
     551                 :             :                                 "BIP66 example 6, without DERSIG", 0
     552   [ +  -  +  -  :           3 :                                ).Num(1));
                   +  - ]
     553   [ +  -  +  -  :           2 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1C) << OP_CHECKSIG << OP_NOT,
             +  -  +  - ]
     554                 :             :                                 "BIP66 example 6, with DERSIG", SCRIPT_VERIFY_DERSIG
     555   [ +  -  +  -  :           3 :                                ).Num(1).ScriptError(SCRIPT_ERR_SIG_DER));
                   +  - ]
     556   [ +  -  +  -  :           3 :     tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG,
          +  -  +  -  +  
             -  +  -  +  
                      - ]
     557                 :             :                                 "BIP66 example 7, without DERSIG", 0
     558   [ +  -  +  -  :           4 :                                ).Num(0).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").PushSig(keys.key2));
          +  -  +  -  +  
             -  +  -  +  
                      - ]
     559   [ +  -  +  -  :           2 :     tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG,
          +  -  +  -  +  
                -  +  - ]
     560                 :             :                                 "BIP66 example 7, with DERSIG", SCRIPT_VERIFY_DERSIG
     561   [ +  -  +  -  :           4 :                                ).Num(0).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").PushSig(keys.key2).ScriptError(SCRIPT_ERR_SIG_DER));
          +  -  +  -  +  
          -  +  -  +  -  
                   +  - ]
     562   [ +  -  +  -  :           2 :     tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG << OP_NOT,
          +  -  +  -  +  
             -  +  -  +  
                      - ]
     563                 :             :                                 "BIP66 example 8, without DERSIG", 0
     564   [ +  -  +  -  :           4 :                                ).Num(0).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").PushSig(keys.key2).ScriptError(SCRIPT_ERR_EVAL_FALSE));
          +  -  +  -  +  
          -  +  -  +  -  
                   +  - ]
     565   [ +  -  +  -  :           2 :     tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG << OP_NOT,
          +  -  +  -  +  
             -  +  -  +  
                      - ]
     566                 :             :                                 "BIP66 example 8, with DERSIG", SCRIPT_VERIFY_DERSIG
     567   [ +  -  +  -  :           4 :                                ).Num(0).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").PushSig(keys.key2).ScriptError(SCRIPT_ERR_SIG_DER));
          +  -  +  -  +  
          -  +  -  +  -  
                   +  - ]
     568   [ +  -  +  -  :           2 :     tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG,
          +  -  +  -  +  
                -  +  - ]
     569                 :             :                                 "BIP66 example 9, without DERSIG", 0
     570   [ +  -  +  -  :           5 :                                ).Num(0).Num(0).PushSig(keys.key2, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").ScriptError(SCRIPT_ERR_EVAL_FALSE));
          +  -  +  -  +  
             -  +  -  +  
                      - ]
     571   [ +  -  +  -  :           2 :     tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG,
          +  -  +  -  +  
                -  +  - ]
     572                 :             :                                 "BIP66 example 9, with DERSIG", SCRIPT_VERIFY_DERSIG
     573   [ +  -  +  -  :           5 :                                ).Num(0).Num(0).PushSig(keys.key2, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").ScriptError(SCRIPT_ERR_SIG_DER));
          +  -  +  -  +  
             -  +  -  +  
                      - ]
     574   [ +  -  +  -  :           3 :     tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG << OP_NOT,
          +  -  +  -  +  
          -  +  -  +  -  
                   +  - ]
     575                 :             :                                 "BIP66 example 10, without DERSIG", 0
     576   [ +  -  +  -  :           5 :                                ).Num(0).Num(0).PushSig(keys.key2, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220"));
          +  -  +  -  +  
                -  +  - ]
     577   [ +  -  +  -  :           2 :     tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG << OP_NOT,
          +  -  +  -  +  
             -  +  -  +  
                      - ]
     578                 :             :                                 "BIP66 example 10, with DERSIG", SCRIPT_VERIFY_DERSIG
     579   [ +  -  +  -  :           5 :                                ).Num(0).Num(0).PushSig(keys.key2, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").ScriptError(SCRIPT_ERR_SIG_DER));
          +  -  +  -  +  
             -  +  -  +  
                      - ]
     580   [ +  -  +  -  :           2 :     tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG,
          +  -  +  -  +  
                -  +  - ]
     581                 :             :                                 "BIP66 example 11, without DERSIG", 0
     582   [ +  -  +  -  :           5 :                                ).Num(0).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").Num(0).ScriptError(SCRIPT_ERR_EVAL_FALSE));
          +  -  +  -  +  
             -  +  -  +  
                      - ]
     583   [ +  -  +  -  :           2 :     tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG,
          +  -  +  -  +  
                -  +  - ]
     584                 :             :                                 "BIP66 example 11, with DERSIG", SCRIPT_VERIFY_DERSIG
     585   [ +  -  +  -  :           5 :                                ).Num(0).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").Num(0).ScriptError(SCRIPT_ERR_EVAL_FALSE));
          +  -  +  -  +  
             -  +  -  +  
                      - ]
     586   [ +  -  +  -  :           2 :     tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG << OP_NOT,
          +  -  +  -  +  
             -  +  -  +  
                      - ]
     587                 :             :                                 "BIP66 example 12, without DERSIG", 0
     588   [ +  -  +  -  :           5 :                                ).Num(0).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").Num(0));
          +  -  +  -  +  
             -  +  -  +  
                      - ]
     589   [ +  -  +  -  :           2 :     tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG << OP_NOT,
          +  -  +  -  +  
             -  +  -  +  
                      - ]
     590                 :             :                                 "BIP66 example 12, with DERSIG", SCRIPT_VERIFY_DERSIG
     591   [ +  -  +  -  :           5 :                                ).Num(0).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").Num(0));
          +  -  +  -  +  
             -  +  -  +  
                      - ]
     592   [ +  -  +  -  :           3 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG,
             +  -  +  - ]
     593                 :             :                                 "P2PK with multi-byte hashtype, without DERSIG", 0
     594   [ +  -  +  -  :           3 :                                ).PushSig(keys.key2, SIGHASH_ALL).EditPush(70, "01", "0101"));
          +  -  +  -  +  
                -  +  - ]
     595   [ +  -  +  -  :           2 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG,
                   +  - ]
     596                 :             :                                 "P2PK with multi-byte hashtype, with DERSIG", SCRIPT_VERIFY_DERSIG
     597   [ +  -  +  -  :           3 :                                ).PushSig(keys.key2, SIGHASH_ALL).EditPush(70, "01", "0101").ScriptError(SCRIPT_ERR_SIG_DER));
          +  -  +  -  +  
             -  +  -  +  
                      - ]
     598                 :             : 
     599   [ +  -  +  -  :           2 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG,
             +  -  +  - ]
     600                 :             :                                 "P2PK with high S but no LOW_S", 0
     601   [ +  -  +  -  :           2 :                                ).PushSig(keys.key2, SIGHASH_ALL, 32, 33));
                   +  - ]
     602   [ +  -  +  -  :           2 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG,
                   +  - ]
     603                 :             :                                 "P2PK with high S", SCRIPT_VERIFY_LOW_S
     604   [ +  -  +  -  :           2 :                                ).PushSig(keys.key2, SIGHASH_ALL, 32, 33).ScriptError(SCRIPT_ERR_SIG_HIGH_S));
             +  -  +  - ]
     605                 :             : 
     606   [ +  -  +  -  :           2 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0H) << OP_CHECKSIG,
             +  -  +  - ]
     607                 :             :                                 "P2PK with hybrid pubkey but no STRICTENC", 0
     608   [ +  -  +  -  :           2 :                                ).PushSig(keys.key0, SIGHASH_ALL));
                   +  - ]
     609   [ +  -  +  -  :           2 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0H) << OP_CHECKSIG,
                   +  - ]
     610                 :             :                                 "P2PK with hybrid pubkey", SCRIPT_VERIFY_STRICTENC
     611   [ +  -  +  -  :           2 :                                ).PushSig(keys.key0, SIGHASH_ALL).ScriptError(SCRIPT_ERR_PUBKEYTYPE));
             +  -  +  - ]
     612   [ +  -  +  -  :           2 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0H) << OP_CHECKSIG << OP_NOT,
             +  -  +  - ]
     613                 :             :                                 "P2PK NOT with hybrid pubkey but no STRICTENC", 0
     614   [ +  -  +  -  :           2 :                                ).PushSig(keys.key0, SIGHASH_ALL).ScriptError(SCRIPT_ERR_EVAL_FALSE));
             +  -  +  - ]
     615   [ +  -  +  -  :           2 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0H) << OP_CHECKSIG << OP_NOT,
             +  -  +  - ]
     616                 :             :                                 "P2PK NOT with hybrid pubkey", SCRIPT_VERIFY_STRICTENC
     617   [ +  -  +  -  :           2 :                                ).PushSig(keys.key0, SIGHASH_ALL).ScriptError(SCRIPT_ERR_PUBKEYTYPE));
             +  -  +  - ]
     618   [ +  -  +  -  :           2 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0H) << OP_CHECKSIG << OP_NOT,
          +  -  +  -  +  
                      - ]
     619                 :             :                                 "P2PK NOT with invalid hybrid pubkey but no STRICTENC", 0
     620   [ +  -  +  -  :           2 :                                ).PushSig(keys.key0, SIGHASH_ALL).DamagePush(10));
                   +  - ]
     621   [ +  -  +  -  :           2 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0H) << OP_CHECKSIG << OP_NOT,
             +  -  +  - ]
     622                 :             :                                 "P2PK NOT with invalid hybrid pubkey", SCRIPT_VERIFY_STRICTENC
     623   [ +  -  +  -  :           2 :                                ).PushSig(keys.key0, SIGHASH_ALL).DamagePush(10).ScriptError(SCRIPT_ERR_PUBKEYTYPE));
             +  -  +  - ]
     624   [ +  -  +  -  :           2 :     tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey0H) << ToByteVector(keys.pubkey1C) << OP_2 << OP_CHECKMULTISIG,
          +  -  +  -  +  
             -  +  -  +  
                      - ]
     625                 :             :                                 "1-of-2 with the second 1 hybrid pubkey and no STRICTENC", 0
     626   [ +  -  +  -  :           3 :                                ).Num(0).PushSig(keys.key1, SIGHASH_ALL));
                   +  - ]
     627   [ +  -  +  -  :           2 :     tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey0H) << ToByteVector(keys.pubkey1C) << OP_2 << OP_CHECKMULTISIG,
          +  -  +  -  +  
             -  +  -  +  
                      - ]
     628                 :             :                                 "1-of-2 with the second 1 hybrid pubkey", SCRIPT_VERIFY_STRICTENC
     629   [ +  -  +  -  :           3 :                                ).Num(0).PushSig(keys.key1, SIGHASH_ALL));
                   +  - ]
     630   [ +  -  +  -  :           2 :     tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey0H) << OP_2 << OP_CHECKMULTISIG,
          +  -  +  -  +  
                -  +  - ]
     631                 :             :                                 "1-of-2 with the first 1 hybrid pubkey", SCRIPT_VERIFY_STRICTENC
     632   [ +  -  +  -  :           3 :                                ).Num(0).PushSig(keys.key1, SIGHASH_ALL).ScriptError(SCRIPT_ERR_PUBKEYTYPE));
             +  -  +  - ]
     633                 :             : 
     634   [ +  -  +  -  :           2 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG,
             +  -  +  - ]
     635                 :             :                                 "P2PK with undefined hashtype but no STRICTENC", 0
     636   [ +  -  +  -  :           2 :                                ).PushSig(keys.key1, 5));
                   +  - ]
     637   [ +  -  +  -  :           2 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG,
                   +  - ]
     638                 :             :                                 "P2PK with undefined hashtype", SCRIPT_VERIFY_STRICTENC
     639   [ +  -  +  -  :           2 :                                ).PushSig(keys.key1, 5).ScriptError(SCRIPT_ERR_SIG_HASHTYPE));
             +  -  +  - ]
     640   [ +  -  +  -  :           2 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG << OP_NOT,
          +  -  +  -  +  
                      - ]
     641                 :             :                                 "P2PK NOT with invalid sig and undefined hashtype but no STRICTENC", 0
     642   [ +  -  +  -  :           2 :                                ).PushSig(keys.key1, 5).DamagePush(10));
                   +  - ]
     643   [ +  -  +  -  :           2 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG << OP_NOT,
             +  -  +  - ]
     644                 :             :                                 "P2PK NOT with invalid sig and undefined hashtype", SCRIPT_VERIFY_STRICTENC
     645   [ +  -  +  -  :           2 :                                ).PushSig(keys.key1, 5).DamagePush(10).ScriptError(SCRIPT_ERR_SIG_HASHTYPE));
             +  -  +  - ]
     646                 :             : 
     647   [ +  -  +  -  :           2 :     tests.push_back(TestBuilder(CScript() << OP_3 << ToByteVector(keys.pubkey0C) << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_3 << OP_CHECKMULTISIG,
          +  -  +  -  +  
          -  +  -  +  -  
                   +  - ]
     648                 :             :                                 "3-of-3 with nonzero dummy but no NULLDUMMY", 0
     649   [ +  -  +  -  :           3 :                                ).Num(1).PushSig(keys.key0).PushSig(keys.key1).PushSig(keys.key2));
          +  -  +  -  +  
                      - ]
     650   [ +  -  +  -  :           2 :     tests.push_back(TestBuilder(CScript() << OP_3 << ToByteVector(keys.pubkey0C) << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_3 << OP_CHECKMULTISIG,
          +  -  +  -  +  
             -  +  -  +  
                      - ]
     651                 :             :                                 "3-of-3 with nonzero dummy", SCRIPT_VERIFY_NULLDUMMY
     652   [ +  -  +  -  :           3 :                                ).Num(1).PushSig(keys.key0).PushSig(keys.key1).PushSig(keys.key2).ScriptError(SCRIPT_ERR_SIG_NULLDUMMY));
          +  -  +  -  +  
                -  +  - ]
     653   [ +  -  +  -  :           2 :     tests.push_back(TestBuilder(CScript() << OP_3 << ToByteVector(keys.pubkey0C) << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_3 << OP_CHECKMULTISIG << OP_NOT,
          +  -  +  -  +  
          -  +  -  +  -  
             +  -  +  - ]
     654                 :             :                                 "3-of-3 NOT with invalid sig and nonzero dummy but no NULLDUMMY", 0
     655   [ +  -  +  -  :           3 :                                ).Num(1).PushSig(keys.key0).PushSig(keys.key1).PushSig(keys.key2).DamagePush(10));
          +  -  +  -  +  
                      - ]
     656   [ +  -  +  -  :           2 :     tests.push_back(TestBuilder(CScript() << OP_3 << ToByteVector(keys.pubkey0C) << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_3 << OP_CHECKMULTISIG << OP_NOT,
          +  -  +  -  +  
          -  +  -  +  -  
                   +  - ]
     657                 :             :                                 "3-of-3 NOT with invalid sig with nonzero dummy", SCRIPT_VERIFY_NULLDUMMY
     658   [ +  -  +  -  :           3 :                                ).Num(1).PushSig(keys.key0).PushSig(keys.key1).PushSig(keys.key2).DamagePush(10).ScriptError(SCRIPT_ERR_SIG_NULLDUMMY));
          +  -  +  -  +  
                -  +  - ]
     659                 :             : 
     660   [ +  -  +  -  :           2 :     tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey1C) << OP_2 << OP_CHECKMULTISIG,
          +  -  +  -  +  
                -  +  - ]
     661                 :             :                                 "2-of-2 with two identical keys and sigs pushed using OP_DUP but no SIGPUSHONLY", 0
     662   [ +  -  +  -  :           4 :                                ).Num(0).PushSig(keys.key1).Opcode(OP_DUP));
             +  -  +  - ]
     663   [ +  -  +  -  :           2 :     tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey1C) << OP_2 << OP_CHECKMULTISIG,
          +  -  +  -  +  
                -  +  - ]
     664                 :             :                                 "2-of-2 with two identical keys and sigs pushed using OP_DUP", SCRIPT_VERIFY_SIGPUSHONLY
     665   [ +  -  +  -  :           4 :                                ).Num(0).PushSig(keys.key1).Opcode(OP_DUP).ScriptError(SCRIPT_ERR_SIG_PUSHONLY));
             +  -  +  - ]
     666   [ +  -  +  -  :           2 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG,
             +  -  +  - ]
     667                 :             :                                 "P2SH(P2PK) with non-push scriptSig but no P2SH or SIGPUSHONLY", 0, true
     668   [ +  -  +  -  :           3 :                                ).PushSig(keys.key2).Opcode(OP_NOP8).PushRedeem());
             +  -  +  - ]
     669   [ +  -  +  -  :           2 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG,
                   +  - ]
     670                 :             :                                 "P2PK with non-push scriptSig but with P2SH validation", 0
     671   [ +  -  +  -  :           3 :                                ).PushSig(keys.key2).Opcode(OP_NOP8));
             +  -  +  - ]
     672   [ +  -  +  -  :           2 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG,
                   +  - ]
     673                 :             :                                 "P2SH(P2PK) with non-push scriptSig but no SIGPUSHONLY", SCRIPT_VERIFY_P2SH, true
     674   [ +  -  +  -  :           3 :                                ).PushSig(keys.key2).Opcode(OP_NOP8).PushRedeem().ScriptError(SCRIPT_ERR_SIG_PUSHONLY));
          +  -  +  -  +  
                      - ]
     675   [ +  -  +  -  :           2 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG,
                   +  - ]
     676                 :             :                                 "P2SH(P2PK) with non-push scriptSig but not P2SH", SCRIPT_VERIFY_SIGPUSHONLY, true
     677   [ +  -  +  -  :           3 :                                ).PushSig(keys.key2).Opcode(OP_NOP8).PushRedeem().ScriptError(SCRIPT_ERR_SIG_PUSHONLY));
          +  -  +  -  +  
                      - ]
     678   [ +  -  +  -  :           2 :     tests.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey1C) << OP_2 << OP_CHECKMULTISIG,
          +  -  +  -  +  
             -  +  -  +  
                      - ]
     679                 :             :                                 "2-of-2 with two identical keys and sigs pushed", SCRIPT_VERIFY_SIGPUSHONLY
     680   [ +  -  +  -  :           3 :                                ).Num(0).PushSig(keys.key1).PushSig(keys.key1));
             +  -  +  - ]
     681   [ +  -  +  -  :           2 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
             +  -  +  - ]
     682                 :             :                                 "P2PK with unnecessary input but no CLEANSTACK", SCRIPT_VERIFY_P2SH
     683   [ +  -  +  -  :           3 :                                ).Num(11).PushSig(keys.key0));
                   +  - ]
     684   [ +  -  +  -  :           2 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
                   +  - ]
     685                 :             :                                 "P2PK with unnecessary input", SCRIPT_VERIFY_CLEANSTACK | SCRIPT_VERIFY_P2SH
     686   [ +  -  +  -  :           3 :                                ).Num(11).PushSig(keys.key0).ScriptError(SCRIPT_ERR_CLEANSTACK));
             +  -  +  - ]
     687   [ +  -  +  -  :           2 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
             +  -  +  - ]
     688                 :             :                                 "P2SH with unnecessary input but no CLEANSTACK", SCRIPT_VERIFY_P2SH, true
     689   [ +  -  +  -  :           3 :                                ).Num(11).PushSig(keys.key0).PushRedeem());
             +  -  +  - ]
     690   [ +  -  +  -  :           2 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
                   +  - ]
     691                 :             :                                 "P2SH with unnecessary input", SCRIPT_VERIFY_CLEANSTACK | SCRIPT_VERIFY_P2SH, true
     692   [ +  -  +  -  :           3 :                                ).Num(11).PushSig(keys.key0).PushRedeem().ScriptError(SCRIPT_ERR_CLEANSTACK));
          +  -  +  -  +  
                      - ]
     693   [ +  -  +  -  :           2 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
             +  -  +  - ]
     694                 :             :                                 "P2SH with CLEANSTACK", SCRIPT_VERIFY_CLEANSTACK | SCRIPT_VERIFY_P2SH, true
     695   [ +  -  +  -  :           2 :                                ).PushSig(keys.key0).PushRedeem());
             +  -  +  - ]
     696                 :             : 
     697   [ +  -  +  -  :           2 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
             +  -  +  - ]
     698                 :             :                                 "Basic P2WSH", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false, WitnessMode::SH,
     699   [ +  -  +  -  :           2 :                                 0, 1).PushWitSig(keys.key0).PushWitRedeem());
             +  -  +  - ]
     700   [ +  -  +  -  :           2 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0),
                   +  - ]
     701                 :             :                                 "Basic P2WPKH", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false, WitnessMode::PKH,
     702   [ +  -  +  -  :           2 :                                 0, 1).PushWitSig(keys.key0).Push(keys.pubkey0).AsWit());
          +  -  +  -  +  
                      - ]
     703   [ +  -  +  -  :           2 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
             +  -  +  - ]
     704                 :             :                                 "Basic P2SH(P2WSH)", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, true, WitnessMode::SH,
     705   [ +  -  +  -  :           2 :                                 0, 1).PushWitSig(keys.key0).PushWitRedeem().PushRedeem());
          +  -  +  -  +  
                      - ]
     706   [ +  -  +  -  :           2 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0),
                   +  - ]
     707                 :             :                                 "Basic P2SH(P2WPKH)", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, true, WitnessMode::PKH,
     708   [ +  -  +  -  :           2 :                                 0, 1).PushWitSig(keys.key0).Push(keys.pubkey0).AsWit().PushRedeem());
          +  -  +  -  +  
                -  +  - ]
     709   [ +  -  +  -  :           2 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG,
                   +  - ]
     710                 :             :                                 "Basic P2WSH with the wrong key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false, WitnessMode::SH
     711   [ +  -  +  -  :           2 :                                ).PushWitSig(keys.key0).PushWitRedeem().ScriptError(SCRIPT_ERR_EVAL_FALSE));
          +  -  +  -  +  
                      - ]
     712   [ +  -  +  - ]:           2 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1),
     713                 :             :                                 "Basic P2WPKH with the wrong key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false, WitnessMode::PKH
     714   [ +  -  +  -  :           2 :                                ).PushWitSig(keys.key0).Push(keys.pubkey1).AsWit().ScriptError(SCRIPT_ERR_EVAL_FALSE));
          +  -  +  -  +  
                -  +  - ]
     715   [ +  -  +  -  :           2 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG,
                   +  - ]
     716                 :             :                                 "Basic P2SH(P2WSH) with the wrong key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, true, WitnessMode::SH
     717   [ +  -  +  -  :           2 :                                ).PushWitSig(keys.key0).PushWitRedeem().PushRedeem().ScriptError(SCRIPT_ERR_EVAL_FALSE));
          +  -  +  -  +  
                -  +  - ]
     718   [ +  -  +  - ]:           2 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1),
     719                 :             :                                 "Basic P2SH(P2WPKH) with the wrong key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, true, WitnessMode::PKH
     720   [ +  -  +  -  :           2 :                                ).PushWitSig(keys.key0).Push(keys.pubkey1).AsWit().PushRedeem().ScriptError(SCRIPT_ERR_EVAL_FALSE));
          +  -  +  -  +  
             -  +  -  +  
                      - ]
     721   [ +  -  +  -  :           2 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG,
             +  -  +  - ]
     722                 :             :                                 "Basic P2WSH with the wrong key but no WITNESS", SCRIPT_VERIFY_P2SH, false, WitnessMode::SH
     723   [ +  -  +  -  :           2 :                                ).PushWitSig(keys.key0).PushWitRedeem());
             +  -  +  - ]
     724   [ +  -  +  -  :           2 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1),
                   +  - ]
     725                 :             :                                 "Basic P2WPKH with the wrong key but no WITNESS", SCRIPT_VERIFY_P2SH, false, WitnessMode::PKH
     726   [ +  -  +  -  :           2 :                                ).PushWitSig(keys.key0).Push(keys.pubkey1).AsWit());
          +  -  +  -  +  
                      - ]
     727   [ +  -  +  -  :           2 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1) << OP_CHECKSIG,
             +  -  +  - ]
     728                 :             :                                 "Basic P2SH(P2WSH) with the wrong key but no WITNESS", SCRIPT_VERIFY_P2SH, true, WitnessMode::SH
     729   [ +  -  +  -  :           2 :                                ).PushWitSig(keys.key0).PushWitRedeem().PushRedeem());
          +  -  +  -  +  
                      - ]
     730   [ +  -  +  -  :           2 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1),
                   +  - ]
     731                 :             :                                 "Basic P2SH(P2WPKH) with the wrong key but no WITNESS", SCRIPT_VERIFY_P2SH, true, WitnessMode::PKH
     732   [ +  -  +  -  :           2 :                                ).PushWitSig(keys.key0).Push(keys.pubkey1).AsWit().PushRedeem());
          +  -  +  -  +  
                -  +  - ]
     733   [ +  -  +  -  :           2 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
                   +  - ]
     734                 :             :                                 "Basic P2WSH with wrong value", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false, WitnessMode::SH,
     735   [ +  -  +  -  :           2 :                                 0, 0).PushWitSig(keys.key0, 1).PushWitRedeem().ScriptError(SCRIPT_ERR_EVAL_FALSE));
          +  -  +  -  +  
                      - ]
     736   [ +  -  +  - ]:           2 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0),
     737                 :             :                                 "Basic P2WPKH with wrong value", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false, WitnessMode::PKH,
     738   [ +  -  +  -  :           2 :                                 0, 0).PushWitSig(keys.key0, 1).Push(keys.pubkey0).AsWit().ScriptError(SCRIPT_ERR_EVAL_FALSE));
          +  -  +  -  +  
                -  +  - ]
     739   [ +  -  +  -  :           2 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
                   +  - ]
     740                 :             :                                 "Basic P2SH(P2WSH) with wrong value", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, true, WitnessMode::SH,
     741   [ +  -  +  -  :           2 :                                 0, 0).PushWitSig(keys.key0, 1).PushWitRedeem().PushRedeem().ScriptError(SCRIPT_ERR_EVAL_FALSE));
          +  -  +  -  +  
                -  +  - ]
     742   [ +  -  +  - ]:           2 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0),
     743                 :             :                                 "Basic P2SH(P2WPKH) with wrong value", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, true, WitnessMode::PKH,
     744   [ +  -  +  -  :           2 :                                 0, 0).PushWitSig(keys.key0, 1).Push(keys.pubkey0).AsWit().PushRedeem().ScriptError(SCRIPT_ERR_EVAL_FALSE));
          +  -  +  -  +  
             -  +  -  +  
                      - ]
     745                 :             : 
     746   [ +  -  +  - ]:           2 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0),
     747                 :             :                                 "P2WPKH with future witness version", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH |
     748                 :             :                                 SCRIPT_VERIFY_DISCOURAGE_UPGRADABLE_WITNESS_PROGRAM, false, WitnessMode::PKH, 1
     749   [ +  -  +  -  :           2 :                                ).PushWitSig(keys.key0).Push(keys.pubkey0).AsWit().ScriptError(SCRIPT_ERR_DISCOURAGE_UPGRADABLE_WITNESS_PROGRAM));
          +  -  +  -  +  
                -  +  - ]
     750                 :           1 :     {
     751         [ +  - ]:           1 :         CScript witscript = CScript() << ToByteVector(keys.pubkey0);
     752                 :           1 :         uint256 hash;
     753   [ +  -  +  -  :           3 :         CSHA256().Write(witscript.data(), witscript.size()).Finalize(hash.begin());
             +  -  +  - ]
     754         [ +  - ]:           1 :         std::vector<unsigned char> hashBytes = ToByteVector(hash);
     755         [ +  - ]:           1 :         hashBytes.pop_back();
     756   [ +  -  +  - ]:           2 :         tests.push_back(TestBuilder(CScript() << OP_0 << hashBytes,
     757                 :             :                                     "P2WPKH with wrong witness program length", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false
     758   [ +  -  +  -  :           3 :                                    ).PushWitSig(keys.key0).Push(keys.pubkey0).AsWit().ScriptError(SCRIPT_ERR_WITNESS_PROGRAM_WRONG_LENGTH));
          +  -  +  -  +  
                -  +  - ]
     759                 :           1 :     }
     760   [ +  -  +  -  :           2 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
                   +  - ]
     761                 :             :                                 "P2WSH with empty witness", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false, WitnessMode::SH
     762   [ +  -  +  -  :           2 :                                ).ScriptError(SCRIPT_ERR_WITNESS_PROGRAM_WITNESS_EMPTY));
                   +  - ]
     763                 :           1 :     {
     764   [ +  -  +  - ]:           1 :         CScript witscript = CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG;
     765         [ +  - ]:           2 :         tests.push_back(TestBuilder(witscript,
     766                 :             :                                     "P2WSH with witness program mismatch", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false, WitnessMode::SH
     767   [ +  -  +  -  :           2 :                                    ).PushWitSig(keys.key0).Push(witscript).DamagePush(0).AsWit().ScriptError(SCRIPT_ERR_WITNESS_PROGRAM_MISMATCH));
          +  -  +  -  +  
                -  +  - ]
     768                 :           0 :     }
     769   [ +  -  +  - ]:           2 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0),
     770                 :             :                                 "P2WPKH with witness program mismatch", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false, WitnessMode::PKH
     771   [ +  -  +  -  :           3 :                                ).PushWitSig(keys.key0).Push(keys.pubkey0).AsWit().Push("0").AsWit().ScriptError(SCRIPT_ERR_WITNESS_PROGRAM_MISMATCH));
          +  -  +  -  +  
          -  +  -  +  -  
             +  -  +  - ]
     772   [ +  -  +  - ]:           2 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0),
     773                 :             :                                 "P2WPKH with non-empty scriptSig", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false, WitnessMode::PKH
     774   [ +  -  +  -  :           3 :                                ).PushWitSig(keys.key0).Push(keys.pubkey0).AsWit().Num(11).ScriptError(SCRIPT_ERR_WITNESS_MALLEATED));
          +  -  +  -  +  
                -  +  - ]
     775   [ +  -  +  - ]:           2 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey1),
     776                 :             :                                 "P2SH(P2WPKH) with superfluous push in scriptSig", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, true, WitnessMode::PKH
     777   [ +  -  +  -  :           3 :                                ).PushWitSig(keys.key0).Push(keys.pubkey1).AsWit().Num(11).PushRedeem().ScriptError(SCRIPT_ERR_WITNESS_MALLEATED_P2SH));
          +  -  +  -  +  
             -  +  -  +  
                      - ]
     778   [ +  -  +  -  :           2 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
                   +  - ]
     779                 :             :                                 "P2PK with witness", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH
     780   [ +  -  +  -  :           3 :                                ).PushSig(keys.key0).Push("0").AsWit().ScriptError(SCRIPT_ERR_WITNESS_UNEXPECTED));
          +  -  +  -  +  
             -  +  -  +  
                      - ]
     781                 :             : 
     782                 :             :     // Compressed keys should pass SCRIPT_VERIFY_WITNESS_PUBKEYTYPE
     783   [ +  -  +  -  :           2 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0C) << OP_CHECKSIG,
             +  -  +  - ]
     784                 :             :                                 "Basic P2WSH with compressed key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, false, WitnessMode::SH,
     785   [ +  -  +  -  :           2 :                                 0, 1).PushWitSig(keys.key0C).PushWitRedeem());
             +  -  +  - ]
     786   [ +  -  +  -  :           2 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0C),
                   +  - ]
     787                 :             :                                 "Basic P2WPKH with compressed key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, false, WitnessMode::PKH,
     788   [ +  -  +  -  :           2 :                                 0, 1).PushWitSig(keys.key0C).Push(keys.pubkey0C).AsWit());
          +  -  +  -  +  
                      - ]
     789   [ +  -  +  -  :           2 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0C) << OP_CHECKSIG,
             +  -  +  - ]
     790                 :             :                                 "Basic P2SH(P2WSH) with compressed key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, true, WitnessMode::SH,
     791   [ +  -  +  -  :           2 :                                 0, 1).PushWitSig(keys.key0C).PushWitRedeem().PushRedeem());
          +  -  +  -  +  
                      - ]
     792   [ +  -  +  -  :           2 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0C),
                   +  - ]
     793                 :             :                                 "Basic P2SH(P2WPKH) with compressed key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, true, WitnessMode::PKH,
     794   [ +  -  +  -  :           2 :                                 0, 1).PushWitSig(keys.key0C).Push(keys.pubkey0C).AsWit().PushRedeem());
          +  -  +  -  +  
                -  +  - ]
     795                 :             : 
     796                 :             :     // Testing uncompressed key in witness with SCRIPT_VERIFY_WITNESS_PUBKEYTYPE
     797   [ +  -  +  -  :           2 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
                   +  - ]
     798                 :             :                                 "Basic P2WSH", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, false, WitnessMode::SH,
     799   [ +  -  +  -  :           2 :                                 0, 1).PushWitSig(keys.key0).PushWitRedeem().ScriptError(SCRIPT_ERR_WITNESS_PUBKEYTYPE));
          +  -  +  -  +  
                      - ]
     800   [ +  -  +  - ]:           2 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0),
     801                 :             :                                 "Basic P2WPKH", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, false, WitnessMode::PKH,
     802   [ +  -  +  -  :           2 :                                 0, 1).PushWitSig(keys.key0).Push(keys.pubkey0).AsWit().ScriptError(SCRIPT_ERR_WITNESS_PUBKEYTYPE));
          +  -  +  -  +  
                -  +  - ]
     803   [ +  -  +  -  :           2 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0) << OP_CHECKSIG,
                   +  - ]
     804                 :             :                                 "Basic P2SH(P2WSH)", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, true, WitnessMode::SH,
     805   [ +  -  +  -  :           2 :                                 0, 1).PushWitSig(keys.key0).PushWitRedeem().PushRedeem().ScriptError(SCRIPT_ERR_WITNESS_PUBKEYTYPE));
          +  -  +  -  +  
                -  +  - ]
     806   [ +  -  +  - ]:           2 :     tests.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey0),
     807                 :             :                                 "Basic P2SH(P2WPKH)", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, true, WitnessMode::PKH,
     808   [ +  -  +  -  :           2 :                                 0, 1).PushWitSig(keys.key0).Push(keys.pubkey0).AsWit().PushRedeem().ScriptError(SCRIPT_ERR_WITNESS_PUBKEYTYPE));
          +  -  +  -  +  
             -  +  -  +  
                      - ]
     809                 :             : 
     810                 :             :     // P2WSH 1-of-2 multisig with compressed keys
     811   [ +  -  +  -  :           3 :     tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey0C) << OP_2 << OP_CHECKMULTISIG,
          +  -  +  -  +  
             -  +  -  +  
                      - ]
     812                 :             :                                 "P2WSH CHECKMULTISIG with compressed keys", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, false, WitnessMode::SH,
     813   [ +  -  +  -  :           3 :                                 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key0C).PushWitRedeem());
          +  -  +  -  +  
                -  +  - ]
     814   [ +  -  +  -  :           3 :     tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey0C) << OP_2 << OP_CHECKMULTISIG,
          +  -  +  -  +  
             -  +  -  +  
                      - ]
     815                 :             :                                 "P2SH(P2WSH) CHECKMULTISIG with compressed keys", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, true, WitnessMode::SH,
     816   [ +  -  +  -  :           3 :                                 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key0C).PushWitRedeem().PushRedeem());
          +  -  +  -  +  
             -  +  -  +  
                      - ]
     817   [ +  -  +  -  :           3 :     tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey0C) << OP_2 << OP_CHECKMULTISIG,
          +  -  +  -  +  
             -  +  -  +  
                      - ]
     818                 :             :                                 "P2WSH CHECKMULTISIG with compressed keys", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, false, WitnessMode::SH,
     819   [ +  -  +  -  :           3 :                                 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key1C).PushWitRedeem());
          +  -  +  -  +  
                -  +  - ]
     820   [ +  -  +  -  :           3 :     tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey0C) << OP_2 << OP_CHECKMULTISIG,
          +  -  +  -  +  
             -  +  -  +  
                      - ]
     821                 :             :                                 "P2SH(P2WSH) CHECKMULTISIG with compressed keys", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, true, WitnessMode::SH,
     822   [ +  -  +  -  :           3 :                                 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key1C).PushWitRedeem().PushRedeem());
          +  -  +  -  +  
             -  +  -  +  
                      - ]
     823                 :             : 
     824                 :             :     // P2WSH 1-of-2 multisig with first key uncompressed
     825   [ +  -  +  -  :           3 :     tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey0) << OP_2 << OP_CHECKMULTISIG,
          +  -  +  -  +  
             -  +  -  +  
                      - ]
     826                 :             :                                 "P2WSH CHECKMULTISIG with first key uncompressed and signing with the first key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false, WitnessMode::SH,
     827   [ +  -  +  -  :           3 :                                 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key0).PushWitRedeem());
          +  -  +  -  +  
                -  +  - ]
     828   [ +  -  +  -  :           3 :     tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey0) << OP_2 << OP_CHECKMULTISIG,
          +  -  +  -  +  
             -  +  -  +  
                      - ]
     829                 :             :                                 "P2SH(P2WSH) CHECKMULTISIG first key uncompressed and signing with the first key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, true, WitnessMode::SH,
     830   [ +  -  +  -  :           3 :                                 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key0).PushWitRedeem().PushRedeem());
          +  -  +  -  +  
             -  +  -  +  
                      - ]
     831   [ +  -  +  -  :           2 :     tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey0) << OP_2 << OP_CHECKMULTISIG,
          +  -  +  -  +  
                -  +  - ]
     832                 :             :                                 "P2WSH CHECKMULTISIG with first key uncompressed and signing with the first key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, false, WitnessMode::SH,
     833   [ +  -  +  -  :           3 :                                 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key0).PushWitRedeem().ScriptError(SCRIPT_ERR_WITNESS_PUBKEYTYPE));
          +  -  +  -  +  
             -  +  -  +  
                      - ]
     834   [ +  -  +  -  :           2 :     tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey0) << OP_2 << OP_CHECKMULTISIG,
          +  -  +  -  +  
                -  +  - ]
     835                 :             :                                 "P2SH(P2WSH) CHECKMULTISIG with first key uncompressed and signing with the first key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, true, WitnessMode::SH,
     836   [ +  -  +  -  :           3 :                                 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key0).PushWitRedeem().PushRedeem().ScriptError(SCRIPT_ERR_WITNESS_PUBKEYTYPE));
          +  -  +  -  +  
          -  +  -  +  -  
                   +  - ]
     837   [ +  -  +  -  :           3 :     tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey0) << OP_2 << OP_CHECKMULTISIG,
          +  -  +  -  +  
             -  +  -  +  
                      - ]
     838                 :             :                                 "P2WSH CHECKMULTISIG with first key uncompressed and signing with the second key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false, WitnessMode::SH,
     839   [ +  -  +  -  :           3 :                                 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key1C).PushWitRedeem());
          +  -  +  -  +  
                -  +  - ]
     840   [ +  -  +  -  :           3 :     tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey0) << OP_2 << OP_CHECKMULTISIG,
          +  -  +  -  +  
             -  +  -  +  
                      - ]
     841                 :             :                                 "P2SH(P2WSH) CHECKMULTISIG with first key uncompressed and signing with the second key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, true, WitnessMode::SH,
     842   [ +  -  +  -  :           3 :                                 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key1C).PushWitRedeem().PushRedeem());
          +  -  +  -  +  
             -  +  -  +  
                      - ]
     843   [ +  -  +  -  :           2 :     tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey0) << OP_2 << OP_CHECKMULTISIG,
          +  -  +  -  +  
                -  +  - ]
     844                 :             :                                 "P2WSH CHECKMULTISIG with first key uncompressed and signing with the second key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, false, WitnessMode::SH,
     845   [ +  -  +  -  :           3 :                                 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key1C).PushWitRedeem().ScriptError(SCRIPT_ERR_WITNESS_PUBKEYTYPE));
          +  -  +  -  +  
             -  +  -  +  
                      - ]
     846   [ +  -  +  -  :           2 :     tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey0) << OP_2 << OP_CHECKMULTISIG,
          +  -  +  -  +  
                -  +  - ]
     847                 :             :                                 "P2SH(P2WSH) CHECKMULTISIG with first key uncompressed and signing with the second key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, true, WitnessMode::SH,
     848   [ +  -  +  -  :           3 :                                 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key1C).PushWitRedeem().PushRedeem().ScriptError(SCRIPT_ERR_WITNESS_PUBKEYTYPE));
          +  -  +  -  +  
          -  +  -  +  -  
                   +  - ]
     849                 :             :     // P2WSH 1-of-2 multisig with second key uncompressed
     850   [ +  -  +  -  :           3 :     tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1) << ToByteVector(keys.pubkey0C) << OP_2 << OP_CHECKMULTISIG,
          +  -  +  -  +  
             -  +  -  +  
                      - ]
     851                 :             :                                 "P2WSH CHECKMULTISIG with second key uncompressed and signing with the first key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false, WitnessMode::SH,
     852   [ +  -  +  -  :           3 :                                 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key0C).PushWitRedeem());
          +  -  +  -  +  
                -  +  - ]
     853   [ +  -  +  -  :           3 :     tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1) << ToByteVector(keys.pubkey0C) << OP_2 << OP_CHECKMULTISIG,
          +  -  +  -  +  
             -  +  -  +  
                      - ]
     854                 :             :                                 "P2SH(P2WSH) CHECKMULTISIG second key uncompressed and signing with the first key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, true, WitnessMode::SH,
     855   [ +  -  +  -  :           3 :                                 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key0C).PushWitRedeem().PushRedeem());
          +  -  +  -  +  
             -  +  -  +  
                      - ]
     856   [ +  -  +  -  :           3 :     tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1) << ToByteVector(keys.pubkey0C) << OP_2 << OP_CHECKMULTISIG,
          +  -  +  -  +  
             -  +  -  +  
                      - ]
     857                 :             :                                 "P2WSH CHECKMULTISIG with second key uncompressed and signing with the first key should pass as the uncompressed key is not used", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, false, WitnessMode::SH,
     858   [ +  -  +  -  :           3 :                                 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key0C).PushWitRedeem());
          +  -  +  -  +  
                -  +  - ]
     859   [ +  -  +  -  :           3 :     tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1) << ToByteVector(keys.pubkey0C) << OP_2 << OP_CHECKMULTISIG,
          +  -  +  -  +  
             -  +  -  +  
                      - ]
     860                 :             :                                 "P2SH(P2WSH) CHECKMULTISIG with second key uncompressed and signing with the first key should pass as the uncompressed key is not used", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, true, WitnessMode::SH,
     861   [ +  -  +  -  :           3 :                                 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key0C).PushWitRedeem().PushRedeem());
          +  -  +  -  +  
             -  +  -  +  
                      - ]
     862   [ +  -  +  -  :           3 :     tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1) << ToByteVector(keys.pubkey0C) << OP_2 << OP_CHECKMULTISIG,
          +  -  +  -  +  
             -  +  -  +  
                      - ]
     863                 :             :                                 "P2WSH CHECKMULTISIG with second key uncompressed and signing with the second key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, false, WitnessMode::SH,
     864   [ +  -  +  -  :           3 :                                 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key1).PushWitRedeem());
          +  -  +  -  +  
                -  +  - ]
     865   [ +  -  +  -  :           3 :     tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1) << ToByteVector(keys.pubkey0C) << OP_2 << OP_CHECKMULTISIG,
          +  -  +  -  +  
             -  +  -  +  
                      - ]
     866                 :             :                                 "P2SH(P2WSH) CHECKMULTISIG with second key uncompressed and signing with the second key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH, true, WitnessMode::SH,
     867   [ +  -  +  -  :           3 :                                 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key1).PushWitRedeem().PushRedeem());
          +  -  +  -  +  
             -  +  -  +  
                      - ]
     868   [ +  -  +  -  :           2 :     tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1) << ToByteVector(keys.pubkey0C) << OP_2 << OP_CHECKMULTISIG,
          +  -  +  -  +  
                -  +  - ]
     869                 :             :                                 "P2WSH CHECKMULTISIG with second key uncompressed and signing with the second key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, false, WitnessMode::SH,
     870   [ +  -  +  -  :           3 :                                 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key1).PushWitRedeem().ScriptError(SCRIPT_ERR_WITNESS_PUBKEYTYPE));
          +  -  +  -  +  
             -  +  -  +  
                      - ]
     871   [ +  -  +  -  :           2 :     tests.push_back(TestBuilder(CScript() << OP_1 << ToByteVector(keys.pubkey1) << ToByteVector(keys.pubkey0C) << OP_2 << OP_CHECKMULTISIG,
          +  -  +  -  +  
                -  +  - ]
     872                 :             :                                 "P2SH(P2WSH) CHECKMULTISIG with second key uncompressed and signing with the second key", SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS_PUBKEYTYPE, true, WitnessMode::SH,
     873   [ +  -  +  -  :           3 :                                 0, 1).Push(CScript()).AsWit().PushWitSig(keys.key1).PushWitRedeem().PushRedeem().ScriptError(SCRIPT_ERR_WITNESS_PUBKEYTYPE));
          +  -  +  -  +  
          -  +  -  +  -  
                   +  - ]
     874                 :             : 
     875         [ +  - ]:           1 :     std::set<std::string> tests_set;
     876                 :             : 
     877                 :           1 :     {
     878         [ +  - ]:           1 :         UniValue json_tests = read_json(json_tests::script_tests);
     879                 :             : 
     880         [ +  + ]:        1264 :         for (unsigned int idx = 0; idx < json_tests.size(); idx++) {
     881         [ +  - ]:        1263 :             const UniValue& tv = json_tests[idx];
     882   [ +  -  +  -  :        2526 :             tests_set.insert(JSONPrettyPrint(tv.get_array()));
                   +  - ]
     883                 :             :         }
     884                 :           1 :     }
     885                 :             : 
     886                 :             : #ifdef UPDATE_JSON_TESTS
     887                 :             :     std::string strGen;
     888                 :             : #endif
     889         [ +  + ]:         135 :     for (TestBuilder& test : tests) {
     890         [ +  - ]:         134 :         test.Test(*this);
     891   [ +  -  +  - ]:         134 :         std::string str = JSONPrettyPrint(test.GetJSON());
     892                 :             : #ifdef UPDATE_JSON_TESTS
     893                 :             :         strGen += str + ",\n";
     894                 :             : #else
     895         [ -  + ]:         134 :         if (tests_set.count(str) == 0) {
     896   [ #  #  #  #  :           0 :             BOOST_CHECK_MESSAGE(false, "Missing auto script_valid test: " + test.GetComment());
             #  #  #  # ]
     897                 :             :         }
     898                 :             : #endif
     899                 :         134 :     }
     900                 :             : 
     901                 :             : #ifdef UPDATE_JSON_TESTS
     902                 :             :     FILE* file = fsbridge::fopen("script_tests.json.gen", "w");
     903                 :             :     fputs(strGen.c_str(), file);
     904                 :             :     fclose(file);
     905                 :             : #endif
     906                 :           1 : }
     907                 :             : 
     908   [ +  -  +  -  :           7 : BOOST_AUTO_TEST_CASE(script_json_test)
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
                      - ]
     909                 :             : {
     910                 :             :     // Read tests from test/data/script_tests.json
     911                 :             :     // Format is an array of arrays
     912                 :             :     // Inner arrays are [ ["wit"..., nValue]?, "scriptSig", "scriptPubKey", "flags", "expected_scripterror" ]
     913                 :             :     // ... where scriptSig and scriptPubKey are stringified
     914                 :             :     // scripts.
     915                 :             :     // If a witness is given, then the last value in the array should be the
     916                 :             :     // amount (nValue) to use in the crediting tx
     917                 :           1 :     UniValue tests = read_json(json_tests::script_tests);
     918                 :             : 
     919         [ +  - ]:           1 :     const KeyData keys;
     920         [ +  + ]:        1264 :     for (unsigned int idx = 0; idx < tests.size(); idx++) {
     921         [ +  - ]:        1263 :         const UniValue& test = tests[idx];
     922         [ +  - ]:        1263 :         std::string strTest = test.write();
     923                 :        1263 :         CScriptWitness witness;
     924         [ +  - ]:        1263 :         TaprootBuilder taprootBuilder;
     925                 :        1263 :         CAmount nValue = 0;
     926                 :        1263 :         unsigned int pos = 0;
     927   [ +  -  +  -  :        1263 :         if (test.size() > 0 && test[pos].isArray()) {
                   +  + ]
     928                 :             :             unsigned int i=0;
     929   [ +  -  +  + ]:         344 :             for (i = 0; i < test[pos].size()-1; i++) {
     930   [ +  -  +  -  :         233 :                 auto element = test[pos][i].get_str();
             +  -  +  - ]
     931                 :             :                 // We use #SCRIPT# to flag a non-hex script that we can read using ParseScript
     932                 :             :                 // Taproot script must be third from the last element in witness stack
     933   [ +  +  +  - ]:         233 :                 static const std::string SCRIPT_FLAG{"#SCRIPT#"};
     934         [ +  + ]:         233 :                 if (element.starts_with(SCRIPT_FLAG)) {
     935   [ +  -  +  - ]:           4 :                     CScript script = ParseScript(element.substr(SCRIPT_FLAG.size()));
     936         [ +  - ]:           8 :                     witness.stack.push_back(ToByteVector(script));
     937         [ +  + ]:         233 :                 } else if (element == "#CONTROLBLOCK#") {
     938                 :             :                     // Taproot script control block - second from the last element in witness stack
     939                 :             :                     // If #CONTROLBLOCK# we auto-generate the control block
     940         [ +  - ]:           4 :                     taprootBuilder.Add(/*depth=*/0, witness.stack.back(), TAPROOT_LEAF_TAPSCRIPT, /*track=*/true);
     941   [ +  -  +  - ]:           4 :                     taprootBuilder.Finalize(XOnlyPubKey(keys.key0.GetPubKey()));
     942   [ +  -  +  -  :           4 :                     auto controlblocks = taprootBuilder.GetSpendData().scripts[{witness.stack.back(), TAPROOT_LEAF_TAPSCRIPT}];
             +  -  +  - ]
     943         [ +  - ]:           4 :                     witness.stack.push_back(*(controlblocks.begin()));
     944                 :           4 :                 } else {
     945         [ +  - ]:         225 :                     const auto witness_value{TryParseHex<unsigned char>(element)};
     946         [ -  + ]:         225 :                     if (!witness_value.has_value()) {
     947   [ #  #  #  # ]:           0 :                         BOOST_ERROR("Bad witness in test: " << strTest << " witness is not hex: " << element);
     948                 :             :                     }
     949   [ +  -  +  - ]:         225 :                     witness.stack.push_back(witness_value.value());
     950                 :         225 :                 }
     951                 :         233 :             }
     952   [ +  -  +  -  :         111 :             nValue = AmountFromValue(test[pos][i]);
                   +  - ]
     953                 :             :             pos++;
     954                 :             :         }
     955         [ +  + ]:        1263 :         if (test.size() < 4 + pos) // Allow size > 3; extra stuff ignored (useful for comments)
     956                 :             :         {
     957         [ -  + ]:          52 :             if (test.size() != 1) {
     958   [ #  #  #  # ]:           0 :                 BOOST_ERROR("Bad test: " << strTest);
     959                 :             :             }
     960                 :          52 :             continue;
     961                 :             :         }
     962   [ +  -  +  -  :        1211 :         std::string scriptSigString = test[pos++].get_str();
                   +  - ]
     963         [ +  - ]:        1211 :         CScript scriptSig = ParseScript(scriptSigString);
     964   [ +  -  +  -  :        1211 :         std::string scriptPubKeyString = test[pos++].get_str();
                   +  - ]
     965                 :        1211 :         CScript scriptPubKey;
     966                 :             :         // If requested, auto-generate the taproot output
     967         [ +  + ]:        1211 :         if (scriptPubKeyString == "0x51 0x20 #TAPROOTOUTPUT#") {
     968   [ +  -  +  -  :           8 :             BOOST_CHECK_MESSAGE(taprootBuilder.IsComplete(), "Failed to autogenerate Tapscript output key");
                   +  - ]
     969   [ +  -  +  -  :           4 :             scriptPubKey = CScript() << OP_1 << ToByteVector(taprootBuilder.GetOutput());
                   +  - ]
     970                 :             :         } else {
     971         [ +  - ]:        2414 :             scriptPubKey = ParseScript(scriptPubKeyString);
     972                 :             :         }
     973   [ +  -  +  -  :        1211 :         unsigned int scriptflags = ParseScriptFlags(test[pos++].get_str());
             +  -  +  - ]
     974   [ +  -  +  -  :        1211 :         int scriptError = ParseScriptError(test[pos++].get_str());
                   +  - ]
     975                 :             : 
     976         [ +  - ]:        1211 :         DoTest(scriptPubKey, scriptSig, witness, scriptflags, strTest, scriptError, nValue);
     977                 :        1263 :     }
     978                 :           1 : }
     979                 :             : 
     980   [ +  -  +  -  :           7 : BOOST_AUTO_TEST_CASE(script_PushData)
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
                      - ]
     981                 :             : {
     982                 :             :     // Check that PUSHDATA1, PUSHDATA2, and PUSHDATA4 create the same value on
     983                 :             :     // the stack as the 1-75 opcodes do.
     984                 :           1 :     static const unsigned char direct[] = { 1, 0x5a };
     985                 :           1 :     static const unsigned char pushdata1[] = { OP_PUSHDATA1, 1, 0x5a };
     986                 :           1 :     static const unsigned char pushdata2[] = { OP_PUSHDATA2, 1, 0, 0x5a };
     987                 :           1 :     static const unsigned char pushdata4[] = { OP_PUSHDATA4, 1, 0, 0, 0, 0x5a };
     988                 :             : 
     989                 :           1 :     ScriptError err;
     990                 :           1 :     std::vector<std::vector<unsigned char> > directStack;
     991   [ +  -  +  -  :           2 :     BOOST_CHECK(EvalScript(directStack, CScript(direct, direct + sizeof(direct)), SCRIPT_VERIFY_P2SH, BaseSignatureChecker(), SigVersion::BASE, &err));
             +  -  +  - ]
     992   [ +  -  +  -  :           2 :     BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
                   +  - ]
     993                 :             : 
     994                 :           1 :     std::vector<std::vector<unsigned char> > pushdata1Stack;
     995   [ +  -  +  -  :           2 :     BOOST_CHECK(EvalScript(pushdata1Stack, CScript(pushdata1, pushdata1 + sizeof(pushdata1)), SCRIPT_VERIFY_P2SH, BaseSignatureChecker(), SigVersion::BASE, &err));
             +  -  +  - ]
     996   [ +  -  +  -  :           2 :     BOOST_CHECK(pushdata1Stack == directStack);
                   +  - ]
     997   [ +  -  +  -  :           2 :     BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
                   +  - ]
     998                 :             : 
     999                 :           1 :     std::vector<std::vector<unsigned char> > pushdata2Stack;
    1000   [ +  -  +  -  :           2 :     BOOST_CHECK(EvalScript(pushdata2Stack, CScript(pushdata2, pushdata2 + sizeof(pushdata2)), SCRIPT_VERIFY_P2SH, BaseSignatureChecker(), SigVersion::BASE, &err));
             +  -  +  - ]
    1001   [ +  -  +  -  :           2 :     BOOST_CHECK(pushdata2Stack == directStack);
                   +  - ]
    1002   [ +  -  +  -  :           2 :     BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
                   +  - ]
    1003                 :             : 
    1004                 :           1 :     std::vector<std::vector<unsigned char> > pushdata4Stack;
    1005   [ +  -  +  -  :           2 :     BOOST_CHECK(EvalScript(pushdata4Stack, CScript(pushdata4, pushdata4 + sizeof(pushdata4)), SCRIPT_VERIFY_P2SH, BaseSignatureChecker(), SigVersion::BASE, &err));
             +  -  +  - ]
    1006   [ +  -  +  -  :           2 :     BOOST_CHECK(pushdata4Stack == directStack);
                   +  - ]
    1007   [ +  -  +  -  :           2 :     BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
                   +  - ]
    1008                 :             : 
    1009         [ +  - ]:           1 :     const std::vector<unsigned char> pushdata1_trunc{OP_PUSHDATA1, 1};
    1010         [ +  - ]:           1 :     const std::vector<unsigned char> pushdata2_trunc{OP_PUSHDATA2, 1, 0};
    1011         [ +  - ]:           1 :     const std::vector<unsigned char> pushdata4_trunc{OP_PUSHDATA4, 1, 0, 0, 0};
    1012                 :             : 
    1013                 :           1 :     std::vector<std::vector<unsigned char>> stack_ignore;
    1014   [ +  -  +  -  :           2 :     BOOST_CHECK(!EvalScript(stack_ignore, CScript(pushdata1_trunc.begin(), pushdata1_trunc.end()), SCRIPT_VERIFY_P2SH, BaseSignatureChecker(), SigVersion::BASE, &err));
             +  -  +  - ]
    1015   [ +  -  +  - ]:           1 :     BOOST_CHECK_EQUAL(err, SCRIPT_ERR_BAD_OPCODE);
    1016   [ +  -  +  -  :           2 :     BOOST_CHECK(!EvalScript(stack_ignore, CScript(pushdata2_trunc.begin(), pushdata2_trunc.end()), SCRIPT_VERIFY_P2SH, BaseSignatureChecker(), SigVersion::BASE, &err));
             +  -  +  - ]
    1017   [ +  -  +  - ]:           1 :     BOOST_CHECK_EQUAL(err, SCRIPT_ERR_BAD_OPCODE);
    1018   [ +  -  +  -  :           2 :     BOOST_CHECK(!EvalScript(stack_ignore, CScript(pushdata4_trunc.begin(), pushdata4_trunc.end()), SCRIPT_VERIFY_P2SH, BaseSignatureChecker(), SigVersion::BASE, &err));
             +  -  +  - ]
    1019   [ +  -  +  - ]:           1 :     BOOST_CHECK_EQUAL(err, SCRIPT_ERR_BAD_OPCODE);
    1020                 :           1 : }
    1021                 :             : 
    1022   [ +  -  +  -  :           7 : BOOST_AUTO_TEST_CASE(script_cltv_truncated)
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
                      - ]
    1023                 :             : {
    1024         [ +  - ]:           1 :     const auto script_cltv_trunc = CScript() << OP_CHECKLOCKTIMEVERIFY;
    1025                 :             : 
    1026                 :           1 :     std::vector<std::vector<unsigned char>> stack_ignore;
    1027                 :           1 :     ScriptError err;
    1028   [ +  -  +  -  :           2 :     BOOST_CHECK(!EvalScript(stack_ignore, script_cltv_trunc, SCRIPT_VERIFY_CHECKLOCKTIMEVERIFY, BaseSignatureChecker(), SigVersion::BASE, &err));
             +  -  +  - ]
    1029   [ +  -  +  - ]:           1 :     BOOST_CHECK_EQUAL(err, SCRIPT_ERR_INVALID_STACK_OPERATION);
    1030                 :           1 : }
    1031                 :             : 
    1032                 :             : static CScript
    1033                 :          12 : sign_multisig(const CScript& scriptPubKey, const std::vector<CKey>& keys, const CTransaction& transaction)
    1034                 :             : {
    1035                 :          12 :     uint256 hash = SignatureHash(scriptPubKey, transaction, 0, SIGHASH_ALL, 0, SigVersion::BASE);
    1036                 :             : 
    1037                 :          12 :     CScript result;
    1038                 :             :     //
    1039                 :             :     // NOTE: CHECKMULTISIG has an unfortunate bug; it requires
    1040                 :             :     // one extra item on the stack, before the signatures.
    1041                 :             :     // Putting OP_0 on the stack is the workaround;
    1042                 :             :     // fixing the bug would mean splitting the block chain (old
    1043                 :             :     // clients would not accept new CHECKMULTISIG transactions,
    1044                 :             :     // and vice-versa)
    1045                 :             :     //
    1046         [ +  - ]:          12 :     result << OP_0;
    1047         [ +  + ]:          31 :     for (const CKey &key : keys)
    1048                 :             :     {
    1049                 :          19 :         std::vector<unsigned char> vchSig;
    1050   [ +  -  +  -  :          38 :         BOOST_CHECK(key.Sign(hash, vchSig));
             +  -  +  - ]
    1051         [ +  - ]:          19 :         vchSig.push_back((unsigned char)SIGHASH_ALL);
    1052                 :          19 :         result << vchSig;
    1053                 :          19 :     }
    1054                 :          12 :     return result;
    1055                 :           0 : }
    1056                 :             : static CScript
    1057                 :           3 : sign_multisig(const CScript& scriptPubKey, const CKey& key, const CTransaction& transaction)
    1058                 :             : {
    1059                 :           3 :     std::vector<CKey> keys;
    1060         [ +  - ]:           3 :     keys.push_back(key);
    1061         [ +  - ]:           6 :     return sign_multisig(scriptPubKey, keys, transaction);
    1062                 :           3 : }
    1063                 :             : 
    1064   [ +  -  +  -  :           7 : BOOST_AUTO_TEST_CASE(script_CHECKMULTISIG12)
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
                      - ]
    1065                 :             : {
    1066                 :           1 :     ScriptError err;
    1067                 :           1 :     CKey key1 = GenerateRandomKey();
    1068                 :           1 :     CKey key2 = GenerateRandomKey(/*compressed=*/false);
    1069                 :           1 :     CKey key3 = GenerateRandomKey();
    1070                 :             : 
    1071                 :           1 :     CScript scriptPubKey12;
    1072   [ +  -  +  -  :           2 :     scriptPubKey12 << OP_1 << ToByteVector(key1.GetPubKey()) << ToByteVector(key2.GetPubKey()) << OP_2 << OP_CHECKMULTISIG;
          +  -  +  -  +  
             -  +  -  +  
                      - ]
    1073                 :             : 
    1074   [ +  -  +  - ]:           1 :     const CTransaction txFrom12{BuildCreditingTransaction(scriptPubKey12)};
    1075         [ +  - ]:           2 :     CMutableTransaction txTo12 = BuildSpendingTransaction(CScript(), CScriptWitness(), txFrom12);
    1076                 :             : 
    1077   [ +  -  +  - ]:           1 :     CScript goodsig1 = sign_multisig(scriptPubKey12, key1, CTransaction(txTo12));
    1078   [ +  -  +  -  :           2 :     BOOST_CHECK(VerifyScript(goodsig1, scriptPubKey12, nullptr, gFlags, MutableTransactionSignatureChecker(&txTo12, 0, txFrom12.vout[0].nValue, MissingDataBehavior::ASSERT_FAIL), &err));
             +  -  +  - ]
    1079   [ +  -  +  -  :           2 :     BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
                   +  - ]
    1080         [ +  - ]:           1 :     txTo12.vout[0].nValue = 2;
    1081   [ +  -  +  -  :           2 :     BOOST_CHECK(!VerifyScript(goodsig1, scriptPubKey12, nullptr, gFlags, MutableTransactionSignatureChecker(&txTo12, 0, txFrom12.vout[0].nValue, MissingDataBehavior::ASSERT_FAIL), &err));
             +  -  +  - ]
    1082   [ +  -  +  -  :           2 :     BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_EVAL_FALSE, ScriptErrorString(err));
                   +  - ]
    1083                 :             : 
    1084   [ +  -  +  - ]:           1 :     CScript goodsig2 = sign_multisig(scriptPubKey12, key2, CTransaction(txTo12));
    1085   [ +  -  +  -  :           2 :     BOOST_CHECK(VerifyScript(goodsig2, scriptPubKey12, nullptr, gFlags, MutableTransactionSignatureChecker(&txTo12, 0, txFrom12.vout[0].nValue, MissingDataBehavior::ASSERT_FAIL), &err));
             +  -  +  - ]
    1086   [ +  -  +  -  :           2 :     BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
                   +  - ]
    1087                 :             : 
    1088   [ +  -  +  - ]:           1 :     CScript badsig1 = sign_multisig(scriptPubKey12, key3, CTransaction(txTo12));
    1089   [ +  -  +  -  :           2 :     BOOST_CHECK(!VerifyScript(badsig1, scriptPubKey12, nullptr, gFlags, MutableTransactionSignatureChecker(&txTo12, 0, txFrom12.vout[0].nValue, MissingDataBehavior::ASSERT_FAIL), &err));
             +  -  +  - ]
    1090   [ +  -  +  -  :           2 :     BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_EVAL_FALSE, ScriptErrorString(err));
                   +  - ]
    1091                 :           3 : }
    1092                 :             : 
    1093   [ +  -  +  -  :           7 : BOOST_AUTO_TEST_CASE(script_CHECKMULTISIG23)
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
                      - ]
    1094                 :             : {
    1095                 :           1 :     ScriptError err;
    1096                 :           1 :     CKey key1 = GenerateRandomKey();
    1097                 :           1 :     CKey key2 = GenerateRandomKey(/*compressed=*/false);
    1098                 :           1 :     CKey key3 = GenerateRandomKey();
    1099                 :           1 :     CKey key4 = GenerateRandomKey(/*compressed=*/false);
    1100                 :             : 
    1101                 :           1 :     CScript scriptPubKey23;
    1102   [ +  -  +  -  :           2 :     scriptPubKey23 << OP_2 << ToByteVector(key1.GetPubKey()) << ToByteVector(key2.GetPubKey()) << ToByteVector(key3.GetPubKey()) << OP_3 << OP_CHECKMULTISIG;
          +  -  +  -  +  
          -  +  -  +  -  
             +  -  +  - ]
    1103                 :             : 
    1104   [ +  -  +  - ]:           1 :     const CTransaction txFrom23{BuildCreditingTransaction(scriptPubKey23)};
    1105         [ +  - ]:           2 :     CMutableTransaction txTo23 = BuildSpendingTransaction(CScript(), CScriptWitness(), txFrom23);
    1106                 :             : 
    1107                 :           1 :     std::vector<CKey> keys;
    1108   [ +  -  +  - ]:           1 :     keys.push_back(key1); keys.push_back(key2);
    1109   [ +  -  +  - ]:           1 :     CScript goodsig1 = sign_multisig(scriptPubKey23, keys, CTransaction(txTo23));
    1110   [ +  -  +  -  :           2 :     BOOST_CHECK(VerifyScript(goodsig1, scriptPubKey23, nullptr, gFlags, MutableTransactionSignatureChecker(&txTo23, 0, txFrom23.vout[0].nValue, MissingDataBehavior::ASSERT_FAIL), &err));
             +  -  +  - ]
    1111   [ +  -  +  -  :           2 :     BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
                   +  - ]
    1112                 :             : 
    1113                 :           1 :     keys.clear();
    1114   [ +  -  +  - ]:           1 :     keys.push_back(key1); keys.push_back(key3);
    1115   [ +  -  +  - ]:           1 :     CScript goodsig2 = sign_multisig(scriptPubKey23, keys, CTransaction(txTo23));
    1116   [ +  -  +  -  :           2 :     BOOST_CHECK(VerifyScript(goodsig2, scriptPubKey23, nullptr, gFlags, MutableTransactionSignatureChecker(&txTo23, 0, txFrom23.vout[0].nValue, MissingDataBehavior::ASSERT_FAIL), &err));
             +  -  +  - ]
    1117   [ +  -  +  -  :           2 :     BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
                   +  - ]
    1118                 :             : 
    1119                 :           1 :     keys.clear();
    1120   [ +  -  +  - ]:           1 :     keys.push_back(key2); keys.push_back(key3);
    1121   [ +  -  +  - ]:           1 :     CScript goodsig3 = sign_multisig(scriptPubKey23, keys, CTransaction(txTo23));
    1122   [ +  -  +  -  :           2 :     BOOST_CHECK(VerifyScript(goodsig3, scriptPubKey23, nullptr, gFlags, MutableTransactionSignatureChecker(&txTo23, 0, txFrom23.vout[0].nValue, MissingDataBehavior::ASSERT_FAIL), &err));
             +  -  +  - ]
    1123   [ +  -  +  -  :           2 :     BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
                   +  - ]
    1124                 :             : 
    1125                 :           1 :     keys.clear();
    1126   [ +  -  +  - ]:           1 :     keys.push_back(key2); keys.push_back(key2); // Can't reuse sig
    1127   [ +  -  +  - ]:           1 :     CScript badsig1 = sign_multisig(scriptPubKey23, keys, CTransaction(txTo23));
    1128   [ +  -  +  -  :           2 :     BOOST_CHECK(!VerifyScript(badsig1, scriptPubKey23, nullptr, gFlags, MutableTransactionSignatureChecker(&txTo23, 0, txFrom23.vout[0].nValue, MissingDataBehavior::ASSERT_FAIL), &err));
             +  -  +  - ]
    1129   [ +  -  +  -  :           2 :     BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_EVAL_FALSE, ScriptErrorString(err));
                   +  - ]
    1130                 :             : 
    1131                 :           1 :     keys.clear();
    1132   [ +  -  +  - ]:           1 :     keys.push_back(key2); keys.push_back(key1); // sigs must be in correct order
    1133   [ +  -  +  - ]:           1 :     CScript badsig2 = sign_multisig(scriptPubKey23, keys, CTransaction(txTo23));
    1134   [ +  -  +  -  :           2 :     BOOST_CHECK(!VerifyScript(badsig2, scriptPubKey23, nullptr, gFlags, MutableTransactionSignatureChecker(&txTo23, 0, txFrom23.vout[0].nValue, MissingDataBehavior::ASSERT_FAIL), &err));
             +  -  +  - ]
    1135   [ +  -  +  -  :           2 :     BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_EVAL_FALSE, ScriptErrorString(err));
                   +  - ]
    1136                 :             : 
    1137                 :           1 :     keys.clear();
    1138   [ +  -  +  - ]:           1 :     keys.push_back(key3); keys.push_back(key2); // sigs must be in correct order
    1139   [ +  -  +  - ]:           1 :     CScript badsig3 = sign_multisig(scriptPubKey23, keys, CTransaction(txTo23));
    1140   [ +  -  +  -  :           2 :     BOOST_CHECK(!VerifyScript(badsig3, scriptPubKey23, nullptr, gFlags, MutableTransactionSignatureChecker(&txTo23, 0, txFrom23.vout[0].nValue, MissingDataBehavior::ASSERT_FAIL), &err));
             +  -  +  - ]
    1141   [ +  -  +  -  :           2 :     BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_EVAL_FALSE, ScriptErrorString(err));
                   +  - ]
    1142                 :             : 
    1143                 :           1 :     keys.clear();
    1144   [ +  -  +  - ]:           1 :     keys.push_back(key4); keys.push_back(key2); // sigs must match pubkeys
    1145   [ +  -  +  - ]:           1 :     CScript badsig4 = sign_multisig(scriptPubKey23, keys, CTransaction(txTo23));
    1146   [ +  -  +  -  :           2 :     BOOST_CHECK(!VerifyScript(badsig4, scriptPubKey23, nullptr, gFlags, MutableTransactionSignatureChecker(&txTo23, 0, txFrom23.vout[0].nValue, MissingDataBehavior::ASSERT_FAIL), &err));
             +  -  +  - ]
    1147   [ +  -  +  -  :           2 :     BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_EVAL_FALSE, ScriptErrorString(err));
                   +  - ]
    1148                 :             : 
    1149                 :           1 :     keys.clear();
    1150   [ +  -  +  - ]:           1 :     keys.push_back(key1); keys.push_back(key4); // sigs must match pubkeys
    1151   [ +  -  +  - ]:           1 :     CScript badsig5 = sign_multisig(scriptPubKey23, keys, CTransaction(txTo23));
    1152   [ +  -  +  -  :           2 :     BOOST_CHECK(!VerifyScript(badsig5, scriptPubKey23, nullptr, gFlags, MutableTransactionSignatureChecker(&txTo23, 0, txFrom23.vout[0].nValue, MissingDataBehavior::ASSERT_FAIL), &err));
             +  -  +  - ]
    1153   [ +  -  +  -  :           2 :     BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_EVAL_FALSE, ScriptErrorString(err));
                   +  - ]
    1154                 :             : 
    1155                 :           1 :     keys.clear(); // Must have signatures
    1156   [ +  -  +  - ]:           1 :     CScript badsig6 = sign_multisig(scriptPubKey23, keys, CTransaction(txTo23));
    1157   [ +  -  +  -  :           2 :     BOOST_CHECK(!VerifyScript(badsig6, scriptPubKey23, nullptr, gFlags, MutableTransactionSignatureChecker(&txTo23, 0, txFrom23.vout[0].nValue, MissingDataBehavior::ASSERT_FAIL), &err));
             +  -  +  - ]
    1158   [ +  -  +  -  :           2 :     BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_INVALID_STACK_OPERATION, ScriptErrorString(err));
                   +  - ]
    1159                 :           3 : }
    1160                 :             : 
    1161                 :             : /* Wrapper around ProduceSignature to combine two scriptsigs */
    1162                 :          17 : SignatureData CombineSignatures(const CTxOut& txout, const CMutableTransaction& tx, const SignatureData& scriptSig1, const SignatureData& scriptSig2)
    1163                 :             : {
    1164                 :          17 :     SignatureData data;
    1165   [ +  -  +  - ]:          17 :     data.MergeSignatureData(scriptSig1);
    1166   [ +  -  +  - ]:          17 :     data.MergeSignatureData(scriptSig2);
    1167   [ +  -  +  - ]:          17 :     ProduceSignature(DUMMY_SIGNING_PROVIDER, MutableTransactionSignatureCreator(tx, 0, txout.nValue, SIGHASH_DEFAULT), txout.scriptPubKey, data);
    1168                 :          17 :     return data;
    1169                 :           0 : }
    1170                 :             : 
    1171   [ +  -  +  -  :           7 : BOOST_AUTO_TEST_CASE(script_combineSigs)
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
                      - ]
    1172                 :             : {
    1173                 :             :     // Test the ProduceSignature's ability to combine signatures function
    1174                 :           1 :     FillableSigningProvider keystore;
    1175                 :           1 :     std::vector<CKey> keys;
    1176                 :           1 :     std::vector<CPubKey> pubkeys;
    1177         [ +  + ]:           4 :     for (int i = 0; i < 3; i++)
    1178                 :             :     {
    1179                 :           3 :         CKey key = GenerateRandomKey(/*compressed=*/i%2 == 1);
    1180         [ +  - ]:           3 :         keys.push_back(key);
    1181         [ +  - ]:           3 :         pubkeys.push_back(key.GetPubKey());
    1182   [ +  -  +  -  :           6 :         BOOST_CHECK(keystore.AddKey(key));
                   +  - ]
    1183                 :           3 :     }
    1184                 :             : 
    1185   [ +  -  +  -  :           2 :     CMutableTransaction txFrom = BuildCreditingTransaction(GetScriptForDestination(PKHash(keys[0].GetPubKey())));
             +  -  +  - ]
    1186   [ +  -  +  - ]:           2 :     CMutableTransaction txTo = BuildSpendingTransaction(CScript(), CScriptWitness(), CTransaction(txFrom));
    1187                 :           1 :     CScript& scriptPubKey = txFrom.vout[0].scriptPubKey;
    1188                 :           1 :     SignatureData scriptSig;
    1189                 :             : 
    1190                 :           1 :     SignatureData empty;
    1191         [ +  - ]:           1 :     SignatureData combined = CombineSignatures(txFrom.vout[0], txTo, empty, empty);
    1192   [ +  -  -  +  :           2 :     BOOST_CHECK(combined.scriptSig.empty());
                   +  - ]
    1193                 :             : 
    1194                 :             :     // Single signature case:
    1195                 :           1 :     SignatureData dummy;
    1196   [ +  -  +  -  :           3 :     BOOST_CHECK(SignSignature(keystore, CTransaction(txFrom), txTo, 0, SIGHASH_ALL, dummy)); // changes scriptSig
          +  -  +  -  +  
                      - ]
    1197         [ +  - ]:           1 :     scriptSig = DataFromTransaction(txTo, 0, txFrom.vout[0]);
    1198         [ +  - ]:           1 :     combined = CombineSignatures(txFrom.vout[0], txTo, scriptSig, empty);
    1199   [ +  -  +  -  :           2 :     BOOST_CHECK(combined.scriptSig == scriptSig.scriptSig);
                   +  - ]
    1200         [ +  - ]:           1 :     combined = CombineSignatures(txFrom.vout[0], txTo, empty, scriptSig);
    1201   [ +  -  +  -  :           2 :     BOOST_CHECK(combined.scriptSig == scriptSig.scriptSig);
                   +  - ]
    1202         [ +  - ]:           1 :     SignatureData scriptSigCopy = scriptSig;
    1203                 :             :     // Signing again will give a different, valid signature:
    1204                 :           1 :     SignatureData dummy_b;
    1205   [ +  -  +  -  :           3 :     BOOST_CHECK(SignSignature(keystore, CTransaction(txFrom), txTo, 0, SIGHASH_ALL, dummy_b));
          +  -  +  -  +  
                      - ]
    1206         [ +  - ]:           1 :     scriptSig = DataFromTransaction(txTo, 0, txFrom.vout[0]);
    1207         [ +  - ]:           1 :     combined = CombineSignatures(txFrom.vout[0], txTo, scriptSigCopy, scriptSig);
    1208   [ +  -  -  +  :           2 :     BOOST_CHECK(combined.scriptSig == scriptSigCopy.scriptSig || combined.scriptSig == scriptSig.scriptSig);
          -  -  +  -  +  
                      - ]
    1209                 :             : 
    1210                 :             :     // P2SH, single-signature case:
    1211   [ +  -  +  -  :           1 :     CScript pkSingle; pkSingle << ToByteVector(keys[0].GetPubKey()) << OP_CHECKSIG;
                   +  - ]
    1212   [ +  -  +  -  :           2 :     BOOST_CHECK(keystore.AddCScript(pkSingle));
             +  -  +  - ]
    1213   [ +  -  +  - ]:           2 :     scriptPubKey = GetScriptForDestination(ScriptHash(pkSingle));
    1214                 :           1 :     SignatureData dummy_c;
    1215   [ +  -  +  -  :           3 :     BOOST_CHECK(SignSignature(keystore, CTransaction(txFrom), txTo, 0, SIGHASH_ALL, dummy_c));
          +  -  +  -  +  
                      - ]
    1216         [ +  - ]:           1 :     scriptSig = DataFromTransaction(txTo, 0, txFrom.vout[0]);
    1217         [ +  - ]:           1 :     combined = CombineSignatures(txFrom.vout[0], txTo, scriptSig, empty);
    1218   [ +  -  +  -  :           2 :     BOOST_CHECK(combined.scriptSig == scriptSig.scriptSig);
                   +  - ]
    1219         [ +  - ]:           1 :     combined = CombineSignatures(txFrom.vout[0], txTo, empty, scriptSig);
    1220   [ +  -  +  -  :           2 :     BOOST_CHECK(combined.scriptSig == scriptSig.scriptSig);
                   +  - ]
    1221         [ +  - ]:           1 :     scriptSigCopy = scriptSig;
    1222                 :           1 :     SignatureData dummy_d;
    1223   [ +  -  +  -  :           3 :     BOOST_CHECK(SignSignature(keystore, CTransaction(txFrom), txTo, 0, SIGHASH_ALL, dummy_d));
          +  -  +  -  +  
                      - ]
    1224         [ +  - ]:           1 :     scriptSig = DataFromTransaction(txTo, 0, txFrom.vout[0]);
    1225         [ +  - ]:           1 :     combined = CombineSignatures(txFrom.vout[0], txTo, scriptSigCopy, scriptSig);
    1226   [ +  -  -  +  :           2 :     BOOST_CHECK(combined.scriptSig == scriptSigCopy.scriptSig || combined.scriptSig == scriptSig.scriptSig);
          -  -  +  -  +  
                      - ]
    1227                 :             : 
    1228                 :             :     // Hardest case:  Multisig 2-of-3
    1229         [ +  - ]:           2 :     scriptPubKey = GetScriptForMultisig(2, pubkeys);
    1230   [ +  -  +  -  :           2 :     BOOST_CHECK(keystore.AddCScript(scriptPubKey));
                   +  - ]
    1231                 :           1 :     SignatureData dummy_e;
    1232   [ +  -  +  -  :           3 :     BOOST_CHECK(SignSignature(keystore, CTransaction(txFrom), txTo, 0, SIGHASH_ALL, dummy_e));
          +  -  +  -  +  
                      - ]
    1233         [ +  - ]:           1 :     scriptSig = DataFromTransaction(txTo, 0, txFrom.vout[0]);
    1234         [ +  - ]:           1 :     combined = CombineSignatures(txFrom.vout[0], txTo, scriptSig, empty);
    1235   [ +  -  +  -  :           2 :     BOOST_CHECK(combined.scriptSig == scriptSig.scriptSig);
                   +  - ]
    1236         [ +  - ]:           1 :     combined = CombineSignatures(txFrom.vout[0], txTo, empty, scriptSig);
    1237   [ +  -  +  -  :           2 :     BOOST_CHECK(combined.scriptSig == scriptSig.scriptSig);
                   +  - ]
    1238                 :             : 
    1239                 :             :     // A couple of partially-signed versions:
    1240                 :           1 :     std::vector<unsigned char> sig1;
    1241         [ +  - ]:           1 :     uint256 hash1 = SignatureHash(scriptPubKey, txTo, 0, SIGHASH_ALL, 0, SigVersion::BASE);
    1242   [ +  -  +  -  :           2 :     BOOST_CHECK(keys[0].Sign(hash1, sig1));
             +  -  +  - ]
    1243         [ +  - ]:           1 :     sig1.push_back(SIGHASH_ALL);
    1244                 :           1 :     std::vector<unsigned char> sig2;
    1245         [ +  - ]:           1 :     uint256 hash2 = SignatureHash(scriptPubKey, txTo, 0, SIGHASH_NONE, 0, SigVersion::BASE);
    1246   [ +  -  +  -  :           2 :     BOOST_CHECK(keys[1].Sign(hash2, sig2));
             +  -  +  - ]
    1247         [ +  - ]:           1 :     sig2.push_back(SIGHASH_NONE);
    1248                 :           1 :     std::vector<unsigned char> sig3;
    1249         [ +  - ]:           1 :     uint256 hash3 = SignatureHash(scriptPubKey, txTo, 0, SIGHASH_SINGLE, 0, SigVersion::BASE);
    1250   [ +  -  +  -  :           2 :     BOOST_CHECK(keys[2].Sign(hash3, sig3));
             +  -  +  - ]
    1251         [ +  - ]:           1 :     sig3.push_back(SIGHASH_SINGLE);
    1252                 :             : 
    1253                 :             :     // Not fussy about order (or even existence) of placeholders or signatures:
    1254   [ +  -  +  - ]:           1 :     CScript partial1a = CScript() << OP_0 << sig1 << OP_0;
    1255   [ +  -  +  - ]:           1 :     CScript partial1b = CScript() << OP_0 << OP_0 << sig1;
    1256         [ +  - ]:           1 :     CScript partial2a = CScript() << OP_0 << sig2;
    1257         [ +  - ]:           1 :     CScript partial2b = CScript() << sig2 << OP_0;
    1258                 :           1 :     CScript partial3a = CScript() << sig3;
    1259   [ +  -  +  - ]:           1 :     CScript partial3b = CScript() << OP_0 << OP_0 << sig3;
    1260   [ +  -  +  - ]:           1 :     CScript partial3c = CScript() << OP_0 << sig3 << OP_0;
    1261         [ +  - ]:           1 :     CScript complete12 = CScript() << OP_0 << sig1 << sig2;
    1262         [ +  - ]:           1 :     CScript complete13 = CScript() << OP_0 << sig1 << sig3;
    1263         [ +  - ]:           1 :     CScript complete23 = CScript() << OP_0 << sig2 << sig3;
    1264                 :           1 :     SignatureData partial1_sigs;
    1265   [ +  -  +  -  :           2 :     partial1_sigs.signatures.emplace(keys[0].GetPubKey().GetID(), SigPair(keys[0].GetPubKey(), sig1));
             +  -  +  - ]
    1266                 :           1 :     SignatureData partial2_sigs;
    1267   [ +  -  +  -  :           2 :     partial2_sigs.signatures.emplace(keys[1].GetPubKey().GetID(), SigPair(keys[1].GetPubKey(), sig2));
             +  -  +  - ]
    1268                 :           1 :     SignatureData partial3_sigs;
    1269   [ +  -  +  -  :           2 :     partial3_sigs.signatures.emplace(keys[2].GetPubKey().GetID(), SigPair(keys[2].GetPubKey(), sig3));
             +  -  +  - ]
    1270                 :             : 
    1271         [ +  - ]:           1 :     combined = CombineSignatures(txFrom.vout[0], txTo, partial1_sigs, partial1_sigs);
    1272   [ +  -  +  -  :           2 :     BOOST_CHECK(combined.scriptSig == partial1a);
                   +  - ]
    1273         [ +  - ]:           1 :     combined = CombineSignatures(txFrom.vout[0], txTo, partial1_sigs, partial2_sigs);
    1274   [ +  -  +  -  :           2 :     BOOST_CHECK(combined.scriptSig == complete12);
                   +  - ]
    1275         [ +  - ]:           1 :     combined = CombineSignatures(txFrom.vout[0], txTo, partial2_sigs, partial1_sigs);
    1276   [ +  -  +  -  :           2 :     BOOST_CHECK(combined.scriptSig == complete12);
                   +  - ]
    1277         [ +  - ]:           1 :     combined = CombineSignatures(txFrom.vout[0], txTo, partial1_sigs, partial2_sigs);
    1278   [ +  -  +  -  :           2 :     BOOST_CHECK(combined.scriptSig == complete12);
                   +  - ]
    1279         [ +  - ]:           1 :     combined = CombineSignatures(txFrom.vout[0], txTo, partial3_sigs, partial1_sigs);
    1280   [ +  -  +  -  :           2 :     BOOST_CHECK(combined.scriptSig == complete13);
                   +  - ]
    1281         [ +  - ]:           1 :     combined = CombineSignatures(txFrom.vout[0], txTo, partial2_sigs, partial3_sigs);
    1282   [ +  -  +  -  :           2 :     BOOST_CHECK(combined.scriptSig == complete23);
                   +  - ]
    1283         [ +  - ]:           1 :     combined = CombineSignatures(txFrom.vout[0], txTo, partial3_sigs, partial2_sigs);
    1284   [ +  -  +  -  :           2 :     BOOST_CHECK(combined.scriptSig == complete23);
                   +  - ]
    1285         [ +  - ]:           1 :     combined = CombineSignatures(txFrom.vout[0], txTo, partial3_sigs, partial3_sigs);
    1286   [ +  -  +  - ]:           2 :     BOOST_CHECK(combined.scriptSig == partial3c);
    1287                 :           3 : }
    1288                 :             : 
    1289                 :             : /**
    1290                 :             :  * Reproduction of an exception incorrectly raised when parsing a public key inside a TapMiniscript.
    1291                 :             :  */
    1292   [ +  -  +  -  :           7 : BOOST_AUTO_TEST_CASE(sign_invalid_miniscript)
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
                      - ]
    1293                 :             : {
    1294                 :           1 :     FillableSigningProvider keystore;
    1295                 :           1 :     SignatureData sig_data;
    1296   [ +  -  +  - ]:           1 :     CMutableTransaction prev, curr;
    1297                 :             : 
    1298                 :             :     // Create a Taproot output which contains a leaf in which a non-32 bytes push is used where a public key is expected
    1299                 :             :     // by the Miniscript parser. This offending Script was found by the RPC fuzzer.
    1300                 :           1 :     const auto invalid_pubkey{"173d36c8c9c9c9ffffffffffff0200000000021e1e37373721361818181818181e1e1e1e19000000000000000000b19292929292926b006c9b9b9292"_hex_u8};
    1301         [ +  - ]:           1 :     TaprootBuilder builder;
    1302         [ +  - ]:           1 :     builder.Add(0, {invalid_pubkey}, 0xc0);
    1303         [ +  - ]:           1 :     builder.Finalize(XOnlyPubKey::NUMS_H);
    1304   [ +  -  +  -  :           2 :     prev.vout.emplace_back(0, GetScriptForDestination(builder.GetOutput()));
                   +  - ]
    1305   [ +  -  +  - ]:           1 :     curr.vin.emplace_back(COutPoint{prev.GetHash(), 0});
    1306         [ +  - ]:           1 :     sig_data.tr_spenddata = builder.GetSpendData();
    1307                 :             : 
    1308                 :             :     // SignSignature can fail but it shouldn't raise an exception (nor crash).
    1309   [ +  -  +  -  :           3 :     BOOST_CHECK(!SignSignature(keystore, CTransaction(prev), curr, 0, SIGHASH_ALL, sig_data));
             +  -  +  - ]
    1310                 :           3 : }
    1311                 :             : 
    1312                 :             : /* P2A input should be considered signed. */
    1313   [ +  -  +  -  :           7 : BOOST_AUTO_TEST_CASE(sign_paytoanchor)
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
                      - ]
    1314                 :             : {
    1315                 :           1 :     FillableSigningProvider keystore;
    1316                 :           1 :     SignatureData sig_data;
    1317   [ +  -  +  - ]:           1 :     CMutableTransaction prev, curr;
    1318   [ +  -  +  -  :           2 :     prev.vout.emplace_back(0, GetScriptForDestination(PayToAnchor{}));
                   +  - ]
    1319                 :             : 
    1320   [ +  -  +  - ]:           1 :     curr.vin.emplace_back(COutPoint{prev.GetHash(), 0});
    1321                 :             : 
    1322   [ +  -  +  -  :           3 :     BOOST_CHECK(SignSignature(keystore, CTransaction(prev), curr, 0, SIGHASH_ALL, sig_data));
             +  -  +  - ]
    1323                 :           2 : }
    1324                 :             : 
    1325   [ +  -  +  -  :           7 : BOOST_AUTO_TEST_CASE(script_standard_push)
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
                      - ]
    1326                 :             : {
    1327                 :           1 :     ScriptError err;
    1328         [ +  + ]:       67001 :     for (int i=0; i<67000; i++) {
    1329                 :       67000 :         CScript script;
    1330         [ +  - ]:       67000 :         script << i;
    1331   [ +  -  +  -  :      134000 :         BOOST_CHECK_MESSAGE(script.IsPushOnly(), "Number " << i << " is not pure push.");
             +  -  +  - ]
    1332   [ +  -  +  -  :      134000 :         BOOST_CHECK_MESSAGE(VerifyScript(script, CScript() << OP_1, nullptr, SCRIPT_VERIFY_MINIMALDATA, BaseSignatureChecker(), &err), "Number " << i << " push is not minimal data.");
          +  -  +  -  +  
                      - ]
    1333   [ +  -  +  -  :      134000 :         BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
                   +  - ]
    1334                 :       67000 :     }
    1335                 :             : 
    1336         [ +  + ]:         522 :     for (unsigned int i=0; i<=MAX_SCRIPT_ELEMENT_SIZE; i++) {
    1337                 :         521 :         std::vector<unsigned char> data(i, '\111');
    1338                 :         521 :         CScript script;
    1339                 :         521 :         script << data;
    1340   [ +  -  +  -  :        1042 :         BOOST_CHECK_MESSAGE(script.IsPushOnly(), "Length " << i << " is not pure push.");
             +  -  +  - ]
    1341   [ +  -  +  -  :        1042 :         BOOST_CHECK_MESSAGE(VerifyScript(script, CScript() << OP_1, nullptr, SCRIPT_VERIFY_MINIMALDATA, BaseSignatureChecker(), &err), "Length " << i << " push is not minimal data.");
          +  -  +  -  +  
                      - ]
    1342   [ +  -  +  -  :        1042 :         BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err));
                   +  - ]
    1343                 :         521 :     }
    1344                 :           1 : }
    1345                 :             : 
    1346   [ +  -  +  -  :           7 : BOOST_AUTO_TEST_CASE(script_IsPushOnly_on_invalid_scripts)
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
                      - ]
    1347                 :             : {
    1348                 :             :     // IsPushOnly returns false when given a script containing only pushes that
    1349                 :             :     // are invalid due to truncation. IsPushOnly() is consensus critical
    1350                 :             :     // because P2SH evaluation uses it, although this specific behavior should
    1351                 :             :     // not be consensus critical as the P2SH evaluation would fail first due to
    1352                 :             :     // the invalid push. Still, it doesn't hurt to test it explicitly.
    1353                 :           1 :     static const unsigned char direct[] = { 1 };
    1354   [ +  -  +  - ]:           2 :     BOOST_CHECK(!CScript(direct, direct+sizeof(direct)).IsPushOnly());
    1355                 :           1 : }
    1356                 :             : 
    1357   [ +  -  +  -  :           7 : BOOST_AUTO_TEST_CASE(script_GetScriptAsm)
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
                      - ]
    1358                 :             : {
    1359   [ +  -  +  -  :           1 :     BOOST_CHECK_EQUAL("OP_CHECKLOCKTIMEVERIFY", ScriptToAsmStr(CScript() << OP_NOP2, true));
                   +  - ]
    1360   [ +  -  +  -  :           1 :     BOOST_CHECK_EQUAL("OP_CHECKLOCKTIMEVERIFY", ScriptToAsmStr(CScript() << OP_CHECKLOCKTIMEVERIFY, true));
                   +  - ]
    1361   [ +  -  +  -  :           1 :     BOOST_CHECK_EQUAL("OP_CHECKLOCKTIMEVERIFY", ScriptToAsmStr(CScript() << OP_NOP2));
                   +  - ]
    1362   [ +  -  +  -  :           1 :     BOOST_CHECK_EQUAL("OP_CHECKLOCKTIMEVERIFY", ScriptToAsmStr(CScript() << OP_CHECKLOCKTIMEVERIFY));
                   +  - ]
    1363                 :             : 
    1364                 :           1 :     std::string derSig("304502207fa7a6d1e0ee81132a269ad84e68d695483745cde8b541e3bf630749894e342a022100c1f7ab20e13e22fb95281a870f3dcf38d782e53023ee313d741ad0cfbc0c5090");
    1365         [ +  - ]:           1 :     std::string pubKey("03b0da749730dc9b4b1f4a14d6902877a92541f5368778853d9c4a0cb7802dcfb2");
    1366   [ +  -  +  - ]:           1 :     std::vector<unsigned char> vchPubKey = ToByteVector(ParseHex(pubKey));
    1367                 :             : 
    1368   [ +  -  +  -  :           1 :     BOOST_CHECK_EQUAL(derSig + "00 " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "00")) << vchPubKey, true));
          +  -  +  -  +  
          -  +  -  +  -  
                   +  - ]
    1369   [ +  -  +  -  :           1 :     BOOST_CHECK_EQUAL(derSig + "80 " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "80")) << vchPubKey, true));
          +  -  +  -  +  
          -  +  -  +  -  
                   +  - ]
    1370   [ +  -  +  -  :           1 :     BOOST_CHECK_EQUAL(derSig + "[ALL] " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "01")) << vchPubKey, true));
          +  -  +  -  +  
          -  +  -  +  -  
                   +  - ]
    1371   [ +  -  +  -  :           1 :     BOOST_CHECK_EQUAL(derSig + "[NONE] " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "02")) << vchPubKey, true));
          +  -  +  -  +  
          -  +  -  +  -  
                   +  - ]
    1372   [ +  -  +  -  :           1 :     BOOST_CHECK_EQUAL(derSig + "[SINGLE] " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "03")) << vchPubKey, true));
          +  -  +  -  +  
          -  +  -  +  -  
                   +  - ]
    1373   [ +  -  +  -  :           1 :     BOOST_CHECK_EQUAL(derSig + "[ALL|ANYONECANPAY] " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "81")) << vchPubKey, true));
          +  -  +  -  +  
          -  +  -  +  -  
                   +  - ]
    1374   [ +  -  +  -  :           1 :     BOOST_CHECK_EQUAL(derSig + "[NONE|ANYONECANPAY] " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "82")) << vchPubKey, true));
          +  -  +  -  +  
          -  +  -  +  -  
                   +  - ]
    1375   [ +  -  +  -  :           1 :     BOOST_CHECK_EQUAL(derSig + "[SINGLE|ANYONECANPAY] " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "83")) << vchPubKey, true));
          +  -  +  -  +  
          -  +  -  +  -  
                   +  - ]
    1376                 :             : 
    1377   [ +  -  +  -  :           1 :     BOOST_CHECK_EQUAL(derSig + "00 " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "00")) << vchPubKey));
          +  -  +  -  +  
          -  +  -  +  -  
                   +  - ]
    1378   [ +  -  +  -  :           1 :     BOOST_CHECK_EQUAL(derSig + "80 " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "80")) << vchPubKey));
          +  -  +  -  +  
          -  +  -  +  -  
                   +  - ]
    1379   [ +  -  +  -  :           1 :     BOOST_CHECK_EQUAL(derSig + "01 " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "01")) << vchPubKey));
          +  -  +  -  +  
          -  +  -  +  -  
                   +  - ]
    1380   [ +  -  +  -  :           1 :     BOOST_CHECK_EQUAL(derSig + "02 " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "02")) << vchPubKey));
          +  -  +  -  +  
          -  +  -  +  -  
                   +  - ]
    1381   [ +  -  +  -  :           1 :     BOOST_CHECK_EQUAL(derSig + "03 " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "03")) << vchPubKey));
          +  -  +  -  +  
          -  +  -  +  -  
                   +  - ]
    1382   [ +  -  +  -  :           1 :     BOOST_CHECK_EQUAL(derSig + "81 " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "81")) << vchPubKey));
          +  -  +  -  +  
          -  +  -  +  -  
                   +  - ]
    1383   [ +  -  +  -  :           1 :     BOOST_CHECK_EQUAL(derSig + "82 " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "82")) << vchPubKey));
          +  -  +  -  +  
          -  +  -  +  -  
                   +  - ]
    1384   [ +  -  +  -  :           1 :     BOOST_CHECK_EQUAL(derSig + "83 " + pubKey, ScriptToAsmStr(CScript() << ToByteVector(ParseHex(derSig + "83")) << vchPubKey));
          +  -  +  -  +  
          -  +  -  +  -  
                   +  - ]
    1385                 :           1 : }
    1386                 :             : 
    1387                 :             : template <typename T>
    1388                 :          30 : CScript ToScript(const T& byte_container)
    1389                 :             : {
    1390                 :          30 :     auto span{MakeUCharSpan(byte_container)};
    1391                 :          30 :     return {span.begin(), span.end()};
    1392                 :             : }
    1393                 :             : 
    1394                 :           0 : static CScript ScriptFromHex(const std::string& str)
    1395                 :             : {
    1396         [ #  # ]:           0 :     return ToScript(*Assert(TryParseHex(str)));
    1397                 :             : }
    1398                 :             : 
    1399   [ +  -  +  -  :           7 : BOOST_AUTO_TEST_CASE(script_byte_array_u8_vector_equivalence)
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
                      - ]
    1400                 :             : {
    1401   [ +  -  +  - ]:           1 :     const CScript scriptPubKey1 = CScript() << "04678afdb0fe5548271967f1a67130b7105cd6a828e03909a67962e0ea1f61deb649f6bc3f4cef38c4f35504e51ec112de5c384df7ba0b8d578a4c702b6bf11d5f"_hex_v_u8 << OP_CHECKSIG;
    1402         [ +  - ]:           1 :     const CScript scriptPubKey2 = CScript() << "04678afdb0fe5548271967f1a67130b7105cd6a828e03909a67962e0ea1f61deb649f6bc3f4cef38c4f35504e51ec112de5c384df7ba0b8d578a4c702b6bf11d5f"_hex << OP_CHECKSIG;
    1403   [ +  -  +  - ]:           2 :     BOOST_CHECK(scriptPubKey1 == scriptPubKey2);
    1404                 :           1 : }
    1405                 :             : 
    1406   [ +  -  +  -  :           7 : BOOST_AUTO_TEST_CASE(script_FindAndDelete)
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
                      - ]
    1407                 :             : {
    1408                 :             :     // Exercise the FindAndDelete functionality
    1409                 :           1 :     CScript s;
    1410                 :           1 :     CScript d;
    1411                 :           1 :     CScript expect;
    1412                 :             : 
    1413   [ +  -  +  - ]:           1 :     s = CScript() << OP_1 << OP_2;
    1414                 :           1 :     d = CScript(); // delete nothing should be a no-op
    1415                 :           1 :     expect = s;
    1416   [ +  -  +  -  :           1 :     BOOST_CHECK_EQUAL(FindAndDelete(s, d), 0);
                   +  - ]
    1417   [ +  -  +  -  :           2 :     BOOST_CHECK(s == expect);
                   +  - ]
    1418                 :             : 
    1419   [ +  -  +  -  :           1 :     s = CScript() << OP_1 << OP_2 << OP_3;
                   +  - ]
    1420         [ +  - ]:           1 :     d = CScript() << OP_2;
    1421   [ +  -  +  - ]:           1 :     expect = CScript() << OP_1 << OP_3;
    1422   [ +  -  +  -  :           1 :     BOOST_CHECK_EQUAL(FindAndDelete(s, d), 1);
                   +  - ]
    1423   [ +  -  +  -  :           2 :     BOOST_CHECK(s == expect);
                   +  - ]
    1424                 :             : 
    1425   [ +  -  +  -  :           1 :     s = CScript() << OP_3 << OP_1 << OP_3 << OP_3 << OP_4 << OP_3;
          +  -  +  -  +  
                -  +  - ]
    1426         [ +  - ]:           1 :     d = CScript() << OP_3;
    1427   [ +  -  +  - ]:           1 :     expect = CScript() << OP_1 << OP_4;
    1428   [ +  -  +  -  :           1 :     BOOST_CHECK_EQUAL(FindAndDelete(s, d), 4);
                   +  - ]
    1429   [ +  -  +  - ]:           2 :     BOOST_CHECK(s == expect);
    1430                 :             : 
    1431                 :           1 :     s = ToScript("0302ff03"_hex); // PUSH 0x02ff03 onto stack
    1432                 :           1 :     d = ToScript("0302ff03"_hex);
    1433                 :           1 :     expect = CScript();
    1434   [ +  -  +  -  :           1 :     BOOST_CHECK_EQUAL(FindAndDelete(s, d), 1);
                   +  - ]
    1435   [ +  -  +  - ]:           2 :     BOOST_CHECK(s == expect);
    1436                 :             : 
    1437                 :           1 :     s = ToScript("0302ff030302ff03"_hex); // PUSH 0x02ff03 PUSH 0x02ff03
    1438                 :           1 :     d = ToScript("0302ff03"_hex);
    1439                 :           1 :     expect = CScript();
    1440   [ +  -  +  -  :           1 :     BOOST_CHECK_EQUAL(FindAndDelete(s, d), 2);
                   +  - ]
    1441   [ +  -  +  - ]:           2 :     BOOST_CHECK(s == expect);
    1442                 :             : 
    1443                 :           1 :     s = ToScript("0302ff030302ff03"_hex);
    1444                 :           1 :     d = ToScript("02"_hex);
    1445                 :           1 :     expect = s; // FindAndDelete matches entire opcodes
    1446   [ +  -  +  -  :           1 :     BOOST_CHECK_EQUAL(FindAndDelete(s, d), 0);
                   +  - ]
    1447   [ +  -  +  - ]:           2 :     BOOST_CHECK(s == expect);
    1448                 :             : 
    1449                 :           1 :     s = ToScript("0302ff030302ff03"_hex);
    1450                 :           1 :     d = ToScript("ff"_hex);
    1451                 :           1 :     expect = s;
    1452   [ +  -  +  -  :           1 :     BOOST_CHECK_EQUAL(FindAndDelete(s, d), 0);
                   +  - ]
    1453   [ +  -  +  - ]:           2 :     BOOST_CHECK(s == expect);
    1454                 :             : 
    1455                 :             :     // This is an odd edge case: strip of the push-three-bytes
    1456                 :             :     // prefix, leaving 02ff03 which is push-two-bytes:
    1457                 :           1 :     s = ToScript("0302ff030302ff03"_hex);
    1458                 :           1 :     d = ToScript("03"_hex);
    1459                 :           1 :     expect = CScript() << "ff03"_hex << "ff03"_hex;
    1460   [ +  -  +  -  :           1 :     BOOST_CHECK_EQUAL(FindAndDelete(s, d), 2);
                   +  - ]
    1461   [ +  -  +  - ]:           2 :     BOOST_CHECK(s == expect);
    1462                 :             : 
    1463                 :             :     // Byte sequence that spans multiple opcodes:
    1464                 :           1 :     s = ToScript("02feed5169"_hex); // PUSH(0xfeed) OP_1 OP_VERIFY
    1465                 :           1 :     d = ToScript("feed51"_hex);
    1466                 :           1 :     expect = s;
    1467   [ +  -  +  -  :           1 :     BOOST_CHECK_EQUAL(FindAndDelete(s, d), 0); // doesn't match 'inside' opcodes
                   +  - ]
    1468   [ +  -  +  - ]:           2 :     BOOST_CHECK(s == expect);
    1469                 :             : 
    1470                 :           1 :     s = ToScript("02feed5169"_hex); // PUSH(0xfeed) OP_1 OP_VERIFY
    1471                 :           1 :     d = ToScript("02feed51"_hex);
    1472                 :           1 :     expect = ToScript("69"_hex);
    1473   [ +  -  +  -  :           1 :     BOOST_CHECK_EQUAL(FindAndDelete(s, d), 1);
                   +  - ]
    1474   [ +  -  +  - ]:           2 :     BOOST_CHECK(s == expect);
    1475                 :             : 
    1476                 :           1 :     s = ToScript("516902feed5169"_hex);
    1477                 :           1 :     d = ToScript("feed51"_hex);
    1478                 :           1 :     expect = s;
    1479   [ +  -  +  -  :           1 :     BOOST_CHECK_EQUAL(FindAndDelete(s, d), 0);
                   +  - ]
    1480   [ +  -  +  - ]:           2 :     BOOST_CHECK(s == expect);
    1481                 :             : 
    1482                 :           1 :     s = ToScript("516902feed5169"_hex);
    1483                 :           1 :     d = ToScript("02feed51"_hex);
    1484                 :           1 :     expect = ToScript("516969"_hex);
    1485   [ +  -  +  -  :           1 :     BOOST_CHECK_EQUAL(FindAndDelete(s, d), 1);
                   +  - ]
    1486   [ +  -  +  -  :           2 :     BOOST_CHECK(s == expect);
                   +  - ]
    1487                 :             : 
    1488   [ +  -  +  -  :           1 :     s = CScript() << OP_0 << OP_0 << OP_1 << OP_1;
             +  -  +  - ]
    1489   [ +  -  +  - ]:           1 :     d = CScript() << OP_0 << OP_1;
    1490   [ +  -  +  - ]:           1 :     expect = CScript() << OP_0 << OP_1; // FindAndDelete is single-pass
    1491   [ +  -  +  -  :           1 :     BOOST_CHECK_EQUAL(FindAndDelete(s, d), 1);
                   +  - ]
    1492   [ +  -  +  -  :           2 :     BOOST_CHECK(s == expect);
                   +  - ]
    1493                 :             : 
    1494   [ +  -  +  -  :           1 :     s = CScript() << OP_0 << OP_0 << OP_1 << OP_0 << OP_1 << OP_1;
          +  -  +  -  +  
                -  +  - ]
    1495   [ +  -  +  - ]:           1 :     d = CScript() << OP_0 << OP_1;
    1496   [ +  -  +  - ]:           1 :     expect = CScript() << OP_0 << OP_1; // FindAndDelete is single-pass
    1497   [ +  -  +  -  :           1 :     BOOST_CHECK_EQUAL(FindAndDelete(s, d), 2);
                   +  - ]
    1498   [ +  -  +  - ]:           2 :     BOOST_CHECK(s == expect);
    1499                 :             : 
    1500                 :             :     // Another weird edge case:
    1501                 :             :     // End with invalid push (not enough data)...
    1502                 :           1 :     s = ToScript("0003feed"_hex);
    1503                 :           1 :     d = ToScript("03feed"_hex); // ... can remove the invalid push
    1504                 :           1 :     expect = ToScript("00"_hex);
    1505   [ +  -  +  -  :           1 :     BOOST_CHECK_EQUAL(FindAndDelete(s, d), 1);
                   +  - ]
    1506   [ +  -  +  - ]:           2 :     BOOST_CHECK(s == expect);
    1507                 :             : 
    1508                 :           1 :     s = ToScript("0003feed"_hex);
    1509                 :           1 :     d = ToScript("00"_hex);
    1510                 :           1 :     expect = ToScript("03feed"_hex);
    1511   [ +  -  +  -  :           1 :     BOOST_CHECK_EQUAL(FindAndDelete(s, d), 1);
                   +  - ]
    1512   [ +  -  +  - ]:           2 :     BOOST_CHECK(s == expect);
    1513                 :           1 : }
    1514                 :             : 
    1515   [ +  -  +  -  :           7 : BOOST_AUTO_TEST_CASE(script_HasValidOps)
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
                      - ]
    1516                 :             : {
    1517                 :             :     // Exercise the HasValidOps functionality
    1518                 :           1 :     CScript script;
    1519                 :           1 :     script = ToScript("76a9141234567890abcdefa1a2a3a4a5a6a7a8a9a0aaab88ac"_hex); // Normal script
    1520   [ +  -  +  -  :           2 :     BOOST_CHECK(script.HasValidOps());
                   +  - ]
    1521                 :           1 :     script = ToScript("76a914ff34567890abcdefa1a2a3a4a5a6a7a8a9a0aaab88ac"_hex);
    1522   [ +  -  +  -  :           2 :     BOOST_CHECK(script.HasValidOps());
                   +  - ]
    1523                 :           1 :     script = ToScript("ff88ac"_hex); // Script with OP_INVALIDOPCODE explicit
    1524   [ +  -  +  -  :           2 :     BOOST_CHECK(!script.HasValidOps());
                   +  - ]
    1525                 :           1 :     script = ToScript("88acc0"_hex); // Script with undefined opcode
    1526   [ +  -  +  -  :           2 :     BOOST_CHECK(!script.HasValidOps());
                   +  - ]
    1527                 :           1 : }
    1528                 :             : 
    1529                 :           0 : static CMutableTransaction TxFromHex(const std::string& str)
    1530                 :             : {
    1531                 :           0 :     CMutableTransaction tx;
    1532   [ #  #  #  # ]:           0 :     SpanReader{ParseHex(str)} >> TX_NO_WITNESS(tx);
    1533                 :           0 :     return tx;
    1534                 :           0 : }
    1535                 :             : 
    1536                 :           0 : static std::vector<CTxOut> TxOutsFromJSON(const UniValue& univalue)
    1537                 :             : {
    1538         [ #  # ]:           0 :     assert(univalue.isArray());
    1539                 :           0 :     std::vector<CTxOut> prevouts;
    1540         [ #  # ]:           0 :     for (size_t i = 0; i < univalue.size(); ++i) {
    1541                 :           0 :         CTxOut txout;
    1542   [ #  #  #  #  :           0 :         SpanReader{ParseHex(univalue[i].get_str())} >> txout;
             #  #  #  # ]
    1543         [ #  # ]:           0 :         prevouts.push_back(std::move(txout));
    1544                 :           0 :     }
    1545                 :           0 :     return prevouts;
    1546                 :           0 : }
    1547                 :             : 
    1548                 :           0 : static CScriptWitness ScriptWitnessFromJSON(const UniValue& univalue)
    1549                 :             : {
    1550         [ #  # ]:           0 :     assert(univalue.isArray());
    1551                 :           0 :     CScriptWitness scriptwitness;
    1552         [ #  # ]:           0 :     for (size_t i = 0; i < univalue.size(); ++i) {
    1553   [ #  #  #  #  :           0 :         auto bytes = ParseHex(univalue[i].get_str());
                   #  # ]
    1554         [ #  # ]:           0 :         scriptwitness.stack.push_back(std::move(bytes));
    1555                 :           0 :     }
    1556                 :           0 :     return scriptwitness;
    1557                 :           0 : }
    1558                 :             : 
    1559                 :         132 : static std::vector<unsigned int> AllConsensusFlags()
    1560                 :             : {
    1561                 :         132 :     std::vector<unsigned int> ret;
    1562                 :             : 
    1563         [ +  + ]:       17028 :     for (unsigned int i = 0; i < 128; ++i) {
    1564                 :       16896 :         unsigned int flag = 0;
    1565         [ +  + ]:       16896 :         if (i & 1) flag |= SCRIPT_VERIFY_P2SH;
    1566         [ +  + ]:       16896 :         if (i & 2) flag |= SCRIPT_VERIFY_DERSIG;
    1567         [ +  + ]:       16896 :         if (i & 4) flag |= SCRIPT_VERIFY_NULLDUMMY;
    1568         [ +  + ]:       16896 :         if (i & 8) flag |= SCRIPT_VERIFY_CHECKLOCKTIMEVERIFY;
    1569         [ +  + ]:       16896 :         if (i & 16) flag |= SCRIPT_VERIFY_CHECKSEQUENCEVERIFY;
    1570         [ +  + ]:       16896 :         if (i & 32) flag |= SCRIPT_VERIFY_WITNESS;
    1571         [ +  + ]:       16896 :         if (i & 64) flag |= SCRIPT_VERIFY_TAPROOT;
    1572                 :             : 
    1573                 :             :         // SCRIPT_VERIFY_WITNESS requires SCRIPT_VERIFY_P2SH
    1574         [ +  + ]:       16896 :         if (flag & SCRIPT_VERIFY_WITNESS && !(flag & SCRIPT_VERIFY_P2SH)) continue;
    1575                 :             :         // SCRIPT_VERIFY_TAPROOT requires SCRIPT_VERIFY_WITNESS
    1576         [ +  + ]:       12672 :         if (flag & SCRIPT_VERIFY_TAPROOT && !(flag & SCRIPT_VERIFY_WITNESS)) continue;
    1577                 :             : 
    1578         [ +  - ]:        8448 :         ret.push_back(flag);
    1579                 :             :     }
    1580                 :             : 
    1581                 :         132 :     return ret;
    1582                 :           0 : }
    1583                 :             : 
    1584                 :             : /** Precomputed list of all valid combinations of consensus-relevant script validation flags. */
    1585                 :             : static const std::vector<unsigned int> ALL_CONSENSUS_FLAGS = AllConsensusFlags();
    1586                 :             : 
    1587                 :           0 : static void AssetTest(const UniValue& test, SignatureCache& signature_cache)
    1588                 :             : {
    1589         [ #  # ]:           0 :     BOOST_CHECK(test.isObject());
    1590                 :             : 
    1591   [ #  #  #  #  :           0 :     CMutableTransaction mtx = TxFromHex(test["tx"].get_str());
                   #  # ]
    1592   [ #  #  #  #  :           0 :     const std::vector<CTxOut> prevouts = TxOutsFromJSON(test["prevouts"]);
                   #  # ]
    1593   [ #  #  #  #  :           0 :     BOOST_CHECK(prevouts.size() == mtx.vin.size());
                   #  # ]
    1594   [ #  #  #  #  :           0 :     size_t idx = test["index"].getInt<int64_t>();
                   #  # ]
    1595   [ #  #  #  #  :           0 :     uint32_t test_flags{ParseScriptFlags(test["flags"].get_str())};
          #  #  #  #  #  
                      # ]
    1596   [ #  #  #  #  :           0 :     bool fin = test.exists("final") && test["final"].get_bool();
          #  #  #  #  #  
          #  #  #  #  #  
                   #  # ]
    1597                 :             : 
    1598   [ #  #  #  # ]:           0 :     if (test.exists("success")) {
    1599   [ #  #  #  #  :           0 :         mtx.vin[idx].scriptSig = ScriptFromHex(test["success"]["scriptSig"].get_str());
          #  #  #  #  #  
                #  #  # ]
    1600   [ #  #  #  #  :           0 :         mtx.vin[idx].scriptWitness = ScriptWitnessFromJSON(test["success"]["witness"]);
          #  #  #  #  #  
                      # ]
    1601         [ #  # ]:           0 :         CTransaction tx(mtx);
    1602                 :           0 :         PrecomputedTransactionData txdata;
    1603   [ #  #  #  # ]:           0 :         txdata.Init(tx, std::vector<CTxOut>(prevouts));
    1604                 :           0 :         CachingTransactionSignatureChecker txcheck(&tx, idx, prevouts[idx].nValue, true, signature_cache, txdata);
    1605                 :             : 
    1606         [ #  # ]:           0 :         for (const auto flags : ALL_CONSENSUS_FLAGS) {
    1607                 :             :             // "final": true tests are valid for all flags. Others are only valid with flags that are
    1608                 :             :             // a subset of test_flags.
    1609   [ #  #  #  # ]:           0 :             if (fin || ((flags & test_flags) == flags)) {
    1610         [ #  # ]:           0 :                 bool ret = VerifyScript(tx.vin[idx].scriptSig, prevouts[idx].scriptPubKey, &tx.vin[idx].scriptWitness, flags, txcheck, nullptr);
    1611   [ #  #  #  # ]:           0 :                 BOOST_CHECK(ret);
    1612                 :             :             }
    1613                 :             :         }
    1614                 :           0 :     }
    1615                 :             : 
    1616   [ #  #  #  # ]:           0 :     if (test.exists("failure")) {
    1617   [ #  #  #  #  :           0 :         mtx.vin[idx].scriptSig = ScriptFromHex(test["failure"]["scriptSig"].get_str());
          #  #  #  #  #  
                #  #  # ]
    1618   [ #  #  #  #  :           0 :         mtx.vin[idx].scriptWitness = ScriptWitnessFromJSON(test["failure"]["witness"]);
          #  #  #  #  #  
                      # ]
    1619         [ #  # ]:           0 :         CTransaction tx(mtx);
    1620                 :           0 :         PrecomputedTransactionData txdata;
    1621   [ #  #  #  # ]:           0 :         txdata.Init(tx, std::vector<CTxOut>(prevouts));
    1622                 :           0 :         CachingTransactionSignatureChecker txcheck(&tx, idx, prevouts[idx].nValue, true, signature_cache, txdata);
    1623                 :             : 
    1624         [ #  # ]:           0 :         for (const auto flags : ALL_CONSENSUS_FLAGS) {
    1625                 :             :             // If a test is supposed to fail with test_flags, it should also fail with any superset thereof.
    1626         [ #  # ]:           0 :             if ((flags & test_flags) == test_flags) {
    1627         [ #  # ]:           0 :                 bool ret = VerifyScript(tx.vin[idx].scriptSig, prevouts[idx].scriptPubKey, &tx.vin[idx].scriptWitness, flags, txcheck, nullptr);
    1628   [ #  #  #  # ]:           0 :                 BOOST_CHECK(!ret);
    1629                 :             :             }
    1630                 :             :         }
    1631                 :           0 :     }
    1632                 :           0 : }
    1633                 :             : 
    1634   [ +  -  +  -  :           7 : BOOST_AUTO_TEST_CASE(script_assets_test)
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
                      - ]
    1635                 :             : {
    1636                 :             :     // See src/test/fuzz/script_assets_test_minimizer.cpp for information on how to generate
    1637                 :             :     // the script_assets_test.json file used by this test.
    1638                 :           1 :     SignatureCache signature_cache{DEFAULT_SIGNATURE_CACHE_BYTES};
    1639                 :             : 
    1640                 :           1 :     const char* dir = std::getenv("DIR_UNIT_TEST_DATA");
    1641   [ +  -  +  -  :           2 :     BOOST_WARN_MESSAGE(dir != nullptr, "Variable DIR_UNIT_TEST_DATA unset, skipping script_assets_test");
                   -  + ]
    1642         [ -  + ]:           1 :     if (dir == nullptr) return;
    1643   [ #  #  #  # ]:           0 :     auto path = fs::path(dir) / "script_assets_test.json";
    1644         [ #  # ]:           0 :     bool exists = fs::exists(path);
    1645   [ #  #  #  #  :           0 :     BOOST_WARN_MESSAGE(exists, "File $DIR_UNIT_TEST_DATA/script_assets_test.json not found, skipping script_assets_test");
                   #  # ]
    1646         [ #  # ]:           0 :     if (!exists) return;
    1647         [ #  # ]:           0 :     std::ifstream file{path};
    1648   [ #  #  #  #  :           0 :     BOOST_CHECK(file.is_open());
                   #  # ]
    1649         [ #  # ]:           0 :     file.seekg(0, std::ios::end);
    1650         [ #  # ]:           0 :     size_t length = file.tellg();
    1651         [ #  # ]:           0 :     file.seekg(0, std::ios::beg);
    1652   [ #  #  #  # ]:           0 :     std::string data(length, '\0');
    1653         [ #  # ]:           0 :     file.read(data.data(), data.size());
    1654         [ #  # ]:           0 :     UniValue tests = read_json(data);
    1655   [ #  #  #  #  :           0 :     BOOST_CHECK(tests.isArray());
                   #  # ]
    1656   [ #  #  #  # ]:           0 :     BOOST_CHECK(tests.size() > 0);
    1657                 :             : 
    1658         [ #  # ]:           0 :     for (size_t i = 0; i < tests.size(); i++) {
    1659   [ #  #  #  # ]:           0 :         AssetTest(tests[i], signature_cache);
    1660                 :             :     }
    1661         [ #  # ]:           0 :     file.close();
    1662                 :           1 : }
    1663                 :             : 
    1664   [ +  -  +  -  :           7 : BOOST_AUTO_TEST_CASE(bip341_keypath_test_vectors)
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
                      - ]
    1665                 :             : {
    1666         [ +  - ]:           1 :     UniValue tests;
    1667         [ +  - ]:           1 :     tests.read(json_tests::bip341_wallet_vectors);
    1668                 :             : 
    1669   [ +  -  +  - ]:           1 :     const auto& vectors = tests["keyPathSpending"];
    1670                 :             : 
    1671   [ +  -  +  + ]:           2 :     for (const auto& vec : vectors.getValues()) {
    1672   [ +  -  +  -  :           2 :         auto txhex = ParseHex(vec["given"]["rawUnsignedTx"].get_str());
          +  -  +  -  +  
                -  +  - ]
    1673         [ +  - ]:           1 :         CMutableTransaction tx;
    1674         [ +  - ]:           1 :         SpanReader{txhex} >> TX_WITH_WITNESS(tx);
    1675                 :           1 :         std::vector<CTxOut> utxos;
    1676   [ +  -  +  -  :          10 :         for (const auto& utxo_spent : vec["given"]["utxosSpent"].getValues()) {
          +  -  +  -  +  
                -  +  + ]
    1677   [ +  -  +  -  :           9 :             auto script_bytes = ParseHex(utxo_spent["scriptPubKey"].get_str());
             +  -  +  - ]
    1678                 :           9 :             CScript script{script_bytes.begin(), script_bytes.end()};
    1679   [ +  -  +  -  :           9 :             CAmount amount{utxo_spent["amountSats"].getInt<int>()};
                   +  - ]
    1680         [ +  - ]:           9 :             utxos.emplace_back(amount, script);
    1681                 :           9 :         }
    1682                 :             : 
    1683                 :           1 :         PrecomputedTransactionData txdata;
    1684   [ +  -  +  - ]:           1 :         txdata.Init(tx, std::vector<CTxOut>{utxos}, true);
    1685                 :             : 
    1686   [ +  -  +  -  :           2 :         BOOST_CHECK(txdata.m_bip341_taproot_ready);
                   +  - ]
    1687   [ +  -  +  -  :           1 :         BOOST_CHECK_EQUAL(HexStr(txdata.m_spent_amounts_single_hash), vec["intermediary"]["hashAmounts"].get_str());
          +  -  +  -  +  
          -  +  -  +  -  
                   +  - ]
    1688   [ +  -  +  -  :           1 :         BOOST_CHECK_EQUAL(HexStr(txdata.m_outputs_single_hash), vec["intermediary"]["hashOutputs"].get_str());
          +  -  +  -  +  
          -  +  -  +  -  
                   +  - ]
    1689   [ +  -  +  -  :           1 :         BOOST_CHECK_EQUAL(HexStr(txdata.m_prevouts_single_hash), vec["intermediary"]["hashPrevouts"].get_str());
          +  -  +  -  +  
          -  +  -  +  -  
                   +  - ]
    1690   [ +  -  +  -  :           1 :         BOOST_CHECK_EQUAL(HexStr(txdata.m_spent_scripts_single_hash), vec["intermediary"]["hashScriptPubkeys"].get_str());
          +  -  +  -  +  
          -  +  -  +  -  
                   +  - ]
    1691   [ +  -  +  -  :           1 :         BOOST_CHECK_EQUAL(HexStr(txdata.m_sequences_single_hash), vec["intermediary"]["hashSequences"].get_str());
          +  -  +  -  +  
          -  +  -  +  -  
                   +  - ]
    1692                 :             : 
    1693   [ +  -  +  -  :           8 :         for (const auto& input : vec["inputSpending"].getValues()) {
             +  -  +  + ]
    1694   [ +  -  +  -  :           7 :             int txinpos = input["given"]["txinIndex"].getInt<int>();
          +  -  +  -  +  
                      - ]
    1695   [ +  -  +  -  :           7 :             int hashtype = input["given"]["hashType"].getInt<int>();
          +  -  +  -  +  
                      - ]
    1696                 :             : 
    1697                 :             :             // Load key.
    1698   [ +  -  +  -  :          14 :             auto privkey = ParseHex(input["given"]["internalPrivkey"].get_str());
          +  -  +  -  +  
                -  +  - ]
    1699                 :           7 :             CKey key;
    1700         [ +  - ]:           7 :             key.Set(privkey.begin(), privkey.end(), true);
    1701                 :             : 
    1702                 :             :             // Load Merkle root.
    1703                 :           7 :             uint256 merkle_root;
    1704   [ +  -  +  -  :           7 :             if (!input["given"]["merkleRoot"].isNull()) {
          +  -  +  -  +  
                      + ]
    1705   [ +  -  +  -  :           6 :                 merkle_root = uint256{ParseHex(input["given"]["merkleRoot"].get_str())};
          +  -  +  -  +  
                -  +  - ]
    1706                 :             :             }
    1707                 :             : 
    1708                 :             :             // Compute and verify (internal) public key.
    1709         [ +  - ]:           7 :             XOnlyPubKey pubkey{key.GetPubKey()};
    1710   [ +  -  +  -  :           7 :             BOOST_CHECK_EQUAL(HexStr(pubkey), input["intermediary"]["internalPubkey"].get_str());
          +  -  +  -  +  
          -  +  -  +  -  
                   +  - ]
    1711                 :             : 
    1712                 :             :             // Sign and verify signature.
    1713                 :           7 :             FlatSigningProvider provider;
    1714   [ +  -  +  -  :           7 :             provider.keys[key.GetPubKey().GetID()] = key;
             +  -  +  - ]
    1715         [ +  - ]:           7 :             MutableTransactionSignatureCreator creator(tx, txinpos, utxos[txinpos].nValue, &txdata, hashtype);
    1716                 :           7 :             std::vector<unsigned char> signature;
    1717   [ +  -  +  -  :          14 :             BOOST_CHECK(creator.CreateSchnorrSig(provider, signature, pubkey, nullptr, &merkle_root, SigVersion::TAPROOT));
             +  -  +  - ]
    1718   [ +  -  +  -  :           7 :             BOOST_CHECK_EQUAL(HexStr(signature), input["expected"]["witness"][0].get_str());
          +  -  +  -  +  
          -  +  -  +  -  
             +  -  +  - ]
    1719                 :             : 
    1720                 :             :             // We can't observe the tweak used inside the signing logic, so verify by recomputing it.
    1721   [ +  -  +  -  :          13 :             BOOST_CHECK_EQUAL(HexStr(pubkey.ComputeTapTweakHash(merkle_root.IsNull() ? nullptr : &merkle_root)), input["intermediary"]["tweak"].get_str());
          +  -  +  -  +  
          -  +  -  +  +  
          +  -  +  -  +  
                      - ]
    1722                 :             : 
    1723                 :             :             // We can't observe the sighash used inside the signing logic, so verify by recomputing it.
    1724         [ +  - ]:           7 :             ScriptExecutionData sed;
    1725                 :           7 :             sed.m_annex_init = true;
    1726                 :           7 :             sed.m_annex_present = false;
    1727                 :           7 :             uint256 sighash;
    1728   [ +  -  +  -  :          14 :             BOOST_CHECK(SignatureHashSchnorr(sighash, sed, tx, txinpos, hashtype, SigVersion::TAPROOT, txdata, MissingDataBehavior::FAIL));
             +  -  +  - ]
    1729   [ +  -  +  -  :           7 :             BOOST_CHECK_EQUAL(HexStr(sighash), input["intermediary"]["sigHash"].get_str());
          +  -  +  -  +  
          -  +  -  +  -  
                   +  - ]
    1730                 :             : 
    1731                 :             :             // To verify the sigmsg, hash the expected sigmsg, and compare it with the (expected) sighash.
    1732   [ +  -  +  -  :          14 :             BOOST_CHECK_EQUAL(HexStr((HashWriter{HASHER_TAPSIGHASH} << std::span<const uint8_t>{ParseHex(input["intermediary"]["sigMsg"].get_str())}).GetSHA256()), input["intermediary"]["sigHash"].get_str());
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
                -  +  - ]
    1733                 :           7 :         }
    1734                 :           2 :     }
    1735                 :           1 : }
    1736                 :             : 
    1737   [ +  -  +  -  :           7 : BOOST_AUTO_TEST_CASE(compute_tapbranch)
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
                      - ]
    1738                 :             : {
    1739                 :           1 :     constexpr uint256 hash1{"8ad69ec7cf41c2a4001fd1f738bf1e505ce2277acdcaa63fe4765192497f47a7"};
    1740                 :           1 :     constexpr uint256 hash2{"f224a923cd0021ab202ab139cc56802ddb92dcfc172b9212261a539df79a112a"};
    1741                 :           1 :     constexpr uint256 result{"a64c5b7b943315f9b805d7a7296bedfcfd08919270a1f7a1466e98f8693d8cd9"};
    1742         [ +  - ]:           1 :     BOOST_CHECK_EQUAL(ComputeTapbranchHash(hash1, hash2), result);
    1743                 :           1 : }
    1744                 :             : 
    1745   [ +  -  +  -  :           7 : BOOST_AUTO_TEST_CASE(compute_tapleaf)
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
          -  +  -  +  -  
          +  -  +  -  +  
                      - ]
    1746                 :             : {
    1747                 :           1 :     constexpr uint8_t script[6] = {'f','o','o','b','a','r'};
    1748                 :           1 :     constexpr uint256 tlc0{"edbc10c272a1215dcdcc11d605b9027b5ad6ed97cd45521203f136767b5b9c06"};
    1749                 :           1 :     constexpr uint256 tlc2{"8b5c4f90ae6bf76e259dbef5d8a59df06359c391b59263741b25eca76451b27a"};
    1750                 :             : 
    1751         [ +  - ]:           1 :     BOOST_CHECK_EQUAL(ComputeTapleafHash(0xc0, std::span(script)), tlc0);
    1752         [ +  - ]:           1 :     BOOST_CHECK_EQUAL(ComputeTapleafHash(0xc2, std::span(script)), tlc2);
    1753                 :           1 : }
    1754                 :             : 
    1755                 :             : BOOST_AUTO_TEST_SUITE_END()
        

Generated by: LCOV version 2.0-1