highperfocused/bitcoin
1
0
Fork 0
mirror of https://github.com/bitcoin/bitcoin.git synced 2025-11-15 16:38:23 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
2cb473d9f2152e33bab2c3c626801deb7841aa20
bitcoin/test/functional/test_framework/script_util.py
Ava Chow e9edd43a95 Merge bitcoin/bitcoin#32521: policy: make pathological transactions packed with legacy sigops non-standard 
96da68a38f qa: functional test a transaction running into the legacy sigop limit (Antoine Poinsot)
367147954d qa: unit test standardness of inputs packed with legacy sigops (Antoine Poinsot)
5863315e33 policy: make pathological transactions packed with legacy sigops non-standard. (Antoine Poinsot)

Pull request description:

  The Consensus Cleanup soft fork proposal includes a limit on the number of legacy signature
  operations potentially executed when validating a transaction. If this change is to be implemented
  here and activated by Bitcoin users in the future, we should make transactions that are not valid
  according to the new rules non-standard first because it would otherwise be a trivial DoS to
  potentially unupgraded miners after the soft fork activates.

  ML post: https://gnusha.org/pi/bitcoindev/49dyqqkf5NqGlGdinp6SELIoxzE_ONh3UIj6-EB8S804Id5yROq-b1uGK8DUru66eIlWuhb5R3nhRRutwuYjemiuOOBS2FQ4KWDnEh0wLuA=@protonmail.com/T/#u

ACKs for top commit:
  instagibbs:
    reACK 96da68a38f
  maflcko:
    review ACK 96da68a38f 🚋
  achow101:
    ACK 96da68a38f
  glozow:
    light code review ACK 96da68a38f, looks correct to me

Tree-SHA512: 106ffe62e48952affa31c5894a404a17a3b4ea8971815828166fba89069f757366129f7807205e8c6558beb75c6f67d8f9a41000be2f8cf95be3b1a02d87bfe9
2025-07-18 13:24:54 -07:00

206 lines
6.7 KiB
Python
Executable File
Raw Blame History

#!/usr/bin/env python3
# Copyright (c) 2019-2022 The Bitcoin Core developers
# Distributed under the MIT software license, see the accompanying
# file COPYING or http://www.opensource.org/licenses/mit-license.php.
"""Useful Script constants and utils."""
import unittest
from copy import deepcopy
from test_framework.messages import (
COutPoint,
CTransaction,
CTxIn,
CTxInWitness,
CTxOut,
sha256,
)
from test_framework.script import (
CScript,
OP_0,
OP_1,
OP_15,
OP_16,
OP_CHECKMULTISIG,
OP_CHECKSIG,
OP_DUP,
OP_ELSE,
OP_ENDIF,
OP_EQUAL,
OP_EQUALVERIFY,
OP_HASH160,
OP_IF,
OP_RETURN,
OP_TRUE,
hash160,
)
# Maximum number of potentially executed legacy signature operations in validating a transaction.
MAX_STD_LEGACY_SIGOPS = 2_500
# Maximum number of sigops per standard P2SH redeemScript.
MAX_STD_P2SH_SIGOPS = 15
# To prevent a "tx-size-small" policy rule error, a transaction has to have a
# non-witness size of at least 65 bytes (MIN_STANDARD_TX_NONWITNESS_SIZE in
# src/policy/policy.h). Considering a Tx with the smallest possible single
# input (blank, empty scriptSig), and with an output omitting the scriptPubKey,
# we get to a minimum size of 60 bytes:
#
# Tx Skeleton: 4 [Version] + 1 [InCount] + 1 [OutCount] + 4 [LockTime] = 10 bytes
# Blank Input: 32 [PrevTxHash] + 4 [Index] + 1 [scriptSigLen] + 4 [SeqNo] = 41 bytes
# Output: 8 [Amount] + 1 [scriptPubKeyLen] = 9 bytes
#
# Hence, the scriptPubKey of the single output has to have a size of at
# least 5 bytes.
MIN_STANDARD_TX_NONWITNESS_SIZE = 65
MIN_PADDING = MIN_STANDARD_TX_NONWITNESS_SIZE - 10 - 41 - 9
assert MIN_PADDING == 5
# This script cannot be spent, allowing dust output values under
# standardness checks
DUMMY_MIN_OP_RETURN_SCRIPT = CScript([OP_RETURN] + ([OP_0] * (MIN_PADDING - 1)))
assert len(DUMMY_MIN_OP_RETURN_SCRIPT) == MIN_PADDING
PAY_TO_ANCHOR = CScript([OP_1, bytes.fromhex("4e73")])
def key_to_p2pk_script(key):
key = check_key(key)
return CScript([key, OP_CHECKSIG])
def keys_to_multisig_script(keys, *, k=None):
n = len(keys)
if k is None: # n-of-n multisig by default
k = n
assert k <= n
checked_keys = [check_key(key) for key in keys]
return CScript([k] + checked_keys + [n, OP_CHECKMULTISIG])
def keyhash_to_p2pkh_script(hash):
assert len(hash) == 20
return CScript([OP_DUP, OP_HASH160, hash, OP_EQUALVERIFY, OP_CHECKSIG])
def scripthash_to_p2sh_script(hash):
assert len(hash) == 20
return CScript([OP_HASH160, hash, OP_EQUAL])
def key_to_p2pkh_script(key):
key = check_key(key)
return keyhash_to_p2pkh_script(hash160(key))
def script_to_p2sh_script(script):
script = check_script(script)
return scripthash_to_p2sh_script(hash160(script))
def key_to_p2sh_p2wpkh_script(key):
key = check_key(key)
p2shscript = CScript([OP_0, hash160(key)])
return script_to_p2sh_script(p2shscript)
def program_to_witness_script(version, program):
if isinstance(program, str):
program = bytes.fromhex(program)
assert 0 <= version <= 16
assert 2 <= len(program) <= 40
assert version > 0 or len(program) in [20, 32]
return CScript([version, program])
def script_to_p2wsh_script(script):
script = check_script(script)
return program_to_witness_script(0, sha256(script))
def key_to_p2wpkh_script(key):
key = check_key(key)
return program_to_witness_script(0, hash160(key))
def script_to_p2sh_p2wsh_script(script):
script = check_script(script)
p2shscript = CScript([OP_0, sha256(script)])
return script_to_p2sh_script(p2shscript)
def output_key_to_p2tr_script(key):
assert len(key) == 32
return program_to_witness_script(1, key)
def check_key(key):
if isinstance(key, str):
key = bytes.fromhex(key) # Assuming this is hex string
if isinstance(key, bytes) and (len(key) == 33 or len(key) == 65):
return key
assert False
def check_script(script):
if isinstance(script, str):
script = bytes.fromhex(script) # Assuming this is hex string
if isinstance(script, bytes) or isinstance(script, CScript):
return script
assert False
class ValidWitnessMalleatedTx:
"""
Creates a valid witness malleation transaction test case:
- Parent transaction with a script supporting 2 branches
- 2 child transactions with the same txid but different wtxids
"""
def __init__(self):
hashlock = hash160(b'Preimage')
self.witness_script = CScript([OP_IF, OP_HASH160, hashlock, OP_EQUAL, OP_ELSE, OP_TRUE, OP_ENDIF])
def build_parent_tx(self, funding_txid, amount):
# Create an unsigned parent transaction paying to the witness script.
witness_program = sha256(self.witness_script)
script_pubkey = CScript([OP_0, witness_program])
parent = CTransaction()
parent.vin.append(CTxIn(COutPoint(int(funding_txid, 16), 0), b""))
parent.vout.append(CTxOut(int(amount), script_pubkey))
return parent
def build_malleated_children(self, signed_parent_txid, amount):
# Create 2 valid children that differ only in witness data.
# 1. Create a new transaction with witness solving first branch
child_witness_script = CScript([OP_TRUE])
child_witness_program = sha256(child_witness_script)
child_script_pubkey = CScript([OP_0, child_witness_program])
child_one = CTransaction()
child_one.vin.append(CTxIn(COutPoint(int(signed_parent_txid, 16), 0), b""))
child_one.vout.append(CTxOut(int(amount), child_script_pubkey))
child_one.wit.vtxinwit.append(CTxInWitness())
child_one.wit.vtxinwit[0].scriptWitness.stack = [b'Preimage', b'\x01', self.witness_script]
# 2. Create another identical transaction with witness solving second branch
child_two = deepcopy(child_one)
child_two.wit.vtxinwit[0].scriptWitness.stack = [b'', self.witness_script]
return child_one, child_two
class TestFrameworkScriptUtil(unittest.TestCase):
def test_multisig(self):
fake_pubkey = bytes([0]*33)
# check correct encoding of P2MS script with n,k <= 16
normal_ms_script = keys_to_multisig_script([fake_pubkey]*16, k=15)
self.assertEqual(len(normal_ms_script), 1 + 16*34 + 1 + 1)
self.assertTrue(normal_ms_script.startswith(bytes([OP_15])))
self.assertTrue(normal_ms_script.endswith(bytes([OP_16, OP_CHECKMULTISIG])))
# check correct encoding of P2MS script with n,k > 16
max_ms_script = keys_to_multisig_script([fake_pubkey]*20, k=19)
self.assertEqual(len(max_ms_script), 2 + 20*34 + 2 + 1)
self.assertTrue(max_ms_script.startswith(bytes([1, 19]))) # using OP_PUSH1
self.assertTrue(max_ms_script.endswith(bytes([1, 20, OP_CHECKMULTISIG])))
Reference in New Issue View Git Blame Copy Permalink