Add SCRIPT_VERIFY_SIGPUSHONLY (BIP62 rule 2)

author: Pieter Wuille <pieter.wuille@gmail.com> 2014-10-08 16:29:45 -0700
committer: Pieter Wuille <pieter.wuille@gmail.com> 2014-10-25 03:03:16 -0700
commit: d752ba86c1872f64a4641cf77008826d32bde65f (patch)
tree: 07728ee7eee5a8dacc3d31496ef4b9b204f9f06e
parent: 65e4e8427d900b27f579dc12af6c74b3ec628286 (diff)
download: bitcoin-d752ba86c1872f64a4641cf77008826d32bde65f.tar.xz
8 files changed, 61 insertions, 4 deletions
diff --git a/src/script/interpreter.cpp b/src/script/interpreter.cpp
index cd73b88210..e463de8cc2 100644
--- a/src/script/interpreter.cpp
+++ b/src/script/interpreter.cpp
@@ -980,6 +980,10 @@ bool SignatureChecker::CheckSig(const vector<unsigned char>& vchSigIn, const vec
 
 bool VerifyScript(const CScript& scriptSig, const CScript& scriptPubKey, unsigned int flags, const BaseSignatureChecker& checker)
 {
+    if ((flags & SCRIPT_VERIFY_SIGPUSHONLY) != 0 && !scriptSig.IsPushOnly()) {
+        return false;
+    }
+
     vector<vector<unsigned char> > stack, stackCopy;
     if (!EvalScript(stack, scriptSig, flags, checker))
         return false;
diff --git a/src/script/interpreter.h b/src/script/interpreter.h
index de5ce2ced1..085cd867da 100644
--- a/src/script/interpreter.h
+++ b/src/script/interpreter.h
@@ -46,6 +46,9 @@ enum
 
     // verify dummy stack item consumed by CHECKMULTISIG is of zero-length (softfork safe, BIP62 rule 7).
     SCRIPT_VERIFY_NULLDUMMY = (1U << 4),
+
+    // Using a non-push operator in the scriptSig causes script failure (softfork safe, BIP62 rule 2).
+    SCRIPT_VERIFY_SIGPUSHONLY = (1U << 5),
 };
 
 uint256 SignatureHash(const CScript &scriptCode, const CTransaction& txTo, unsigned int nIn, int nHashType);
diff --git a/src/script/script.cpp b/src/script/script.cpp
index 3e19d0c2bf..bbcfe9dfdd 100644
--- a/src/script/script.cpp
+++ b/src/script/script.cpp
@@ -230,7 +230,7 @@ bool CScript::IsPushOnly() const
             return false;
         // Note that IsPushOnly() *does* consider OP_RESERVED to be a
         // push-type opcode, however execution of OP_RESERVED fails, so
-        // it's not relevant to P2SH as the scriptSig would fail prior to
+        // it's not relevant to P2SH/BIP62 as the scriptSig would fail prior to
         // the P2SH special validation code being executed.
         if (opcode > OP_16)
             return false;
diff --git a/src/script/script.h b/src/script/script.h
index d450db5cad..706a85a29b 100644
--- a/src/script/script.h
+++ b/src/script/script.h
@@ -551,7 +551,7 @@ public:
 
     bool IsPayToScriptHash() const;
 
-    // Called by IsStandardTx and P2SH VerifyScript (which makes it consensus-critical).
+    // Called by IsStandardTx and P2SH/BIP62 VerifyScript (which makes it consensus-critical).
     bool IsPushOnly() const;
 
     // Called by IsStandardTx.
diff --git a/src/test/data/script_invalid.json b/src/test/data/script_invalid.json
index b6447cb221..e4dd8fe9aa 100644
--- a/src/test/data/script_invalid.json
+++ b/src/test/data/script_invalid.json
@@ -504,6 +504,24 @@ nSequences are max.
     "NULLDUMMY",
     "3-of-3 NOT with invalid sig with nonzero dummy"
 ],
+[
+    "0 0x47 0x3044022035341cc377b19138f944f90c45772cb06338c6d56a4c0c31a65bf1a8a105fadc022046dd232850b6bacb25879c9da82a7a628982aa19d055f1753468f68047662e0301 DUP",
+    "2 0x21 0x038282263212c609d9ea2a6e3e172de238d8c39cabd5ac1ca10646e23fd5f51508 0x21 0x038282263212c609d9ea2a6e3e172de238d8c39cabd5ac1ca10646e23fd5f51508 2 CHECKMULTISIG",
+    "SIGPUSHONLY",
+    "2-of-2 with two identical keys and sigs pushed using OP_DUP"
+],
+[
+    "0x47 0x304402204d8b99eea2f53382fd67e0dbc8ed0596bd614aa0dad6bc6843c7860c79b901c3022062f022a71993013e3d9b22302a8e4b40109d7bb057aeb250b9aab2197b3e96b801 0x23 0x2103363d90d447b00c9c99ceac05b6262ee053441c7e55552ffe526bad8f83ff4640ac",
+    "0x21 0x03363d90d447b00c9c99ceac05b6262ee053441c7e55552ffe526bad8f83ff4640 CHECKSIG",
+    "",
+    "P2SH(P2PK) with non-push scriptSig but no SIGPUSHONLY"
+],
+[
+    "0x47 0x30440220078c887c33abc67fbbd827ceb3f661c1c459e78218161b652f23e3ca76cfabbd022047df245eacb8a88d8c5ca7b5228e3b4d070c102d2f542433362d3f443cd24eda01 0x23 0x2103363d90d447b00c9c99ceac05b6262ee053441c7e55552ffe526bad8f83ff4640ac",
+    "0x21 0x03363d90d447b00c9c99ceac05b6262ee053441c7e55552ffe526bad8f83ff4640 CHECKSIG",
+    "SIGPUSHONLY",
+    "P2SH(P2PK) with non-push scriptSig"
+],
 
 ["The End"]
 ]
diff --git a/src/test/data/script_valid.json b/src/test/data/script_valid.json
index 88bec7238c..f7d1531698 100644
--- a/src/test/data/script_valid.json
+++ b/src/test/data/script_valid.json
@@ -649,6 +649,18 @@ nSequences are max.
     "",
     "3-of-3 NOT with invalid sig and nonzero dummy but no NULLDUMMY"
 ],
+[
+    "0 0x47 0x3044022002a27769ee33db258bdf7a3792e7da4143ec4001b551f73e6a190b8d1bde449d02206742c56ccd94a7a2e16ca52fc1ae4a0aa122b0014a867a80de104f9cb18e472c01 DUP",
+    "2 0x21 0x038282263212c609d9ea2a6e3e172de238d8c39cabd5ac1ca10646e23fd5f51508 0x21 0x038282263212c609d9ea2a6e3e172de238d8c39cabd5ac1ca10646e23fd5f51508 2 CHECKMULTISIG",
+    "",
+    "2-of-2 with two identical keys and sigs pushed using OP_DUP but no SIGPUSHONLY"
+],
+[
+    "0 0x47 0x304402203acf75dd59bbef171aeeedae4f1020b824195820db82575c2b323b8899f95de9022067df297d3a5fad049ba0bb81255d0e495643cbcf9abae9e396988618bc0c6dfe01 0x47 0x304402205f8b859230c1cab7d4e8de38ff244d2ebe046b64e8d3f4219b01e483c203490a022071bdc488e31b557f7d9e5c8a8bec90dc92289ca70fa317685f4f140e38b30c4601",
+    "2 0x21 0x038282263212c609d9ea2a6e3e172de238d8c39cabd5ac1ca10646e23fd5f51508 0x21 0x038282263212c609d9ea2a6e3e172de238d8c39cabd5ac1ca10646e23fd5f51508 2 CHECKMULTISIG",
+    "SIGPUSHONLY",
+    "2-of-2 with two identical keys and sigs pushed"
+],
 
 ["The End"]
 ]
diff --git a/src/test/script_tests.cpp b/src/test/script_tests.cpp
index d3fc673a79..0729119017 100644
--- a/src/test/script_tests.cpp
+++ b/src/test/script_tests.cpp
@@ -1,5 +1,5 @@
-// Copyright (c) 2011-2013 The Bitcoin Core developers
-// Distributed under the MIT/X11 software license, see the accompanying
+// Copyright (c) 2011-2014 The Bitcoin Core developers
+// Distributed under the MIT software license, see the accompanying
 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
 
 #include "data/script_invalid.json.h"
@@ -171,12 +171,14 @@ public:
 
     TestBuilder& Add(const CScript& script)
     {
+        DoPush();
         spendTx.vin[0].scriptSig += script;
         return *this;
     }
 
     TestBuilder& Num(int num)
     {
+        DoPush();
         spendTx.vin[0].scriptSig << CScriptNum(num);
         return *this;
     }
@@ -402,6 +404,23 @@ BOOST_AUTO_TEST_CASE(script_build)
                               "3-of-3 NOT with invalid sig with nonzero dummy", SCRIPT_VERIFY_NULLDUMMY
                              ).Num(1).PushSig(keys.key0).PushSig(keys.key1).PushSig(keys.key2).DamagePush(10));
 
+    good.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey1C) << OP_2 << OP_CHECKMULTISIG,
+                               "2-of-2 with two identical keys and sigs pushed using OP_DUP but no SIGPUSHONLY", 0
+                              ).Num(0).PushSig(keys.key1).Add(CScript() << OP_DUP));
+    bad.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey1C) << OP_2 << OP_CHECKMULTISIG,
+                              "2-of-2 with two identical keys and sigs pushed using OP_DUP", SCRIPT_VERIFY_SIGPUSHONLY
+                             ).Num(0).PushSig(keys.key1).Add(CScript() << OP_DUP));
+    bad.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG,
+                              "P2SH(P2PK) with non-push scriptSig but no SIGPUSHONLY", 0
+                             ).PushSig(keys.key2).PushRedeem());
+    bad.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG,
+                              "P2SH(P2PK) with non-push scriptSig", SCRIPT_VERIFY_SIGPUSHONLY
+                             ).PushSig(keys.key2).PushRedeem());
+    good.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey1C) << OP_2 << OP_CHECKMULTISIG,
+                               "2-of-2 with two identical keys and sigs pushed", SCRIPT_VERIFY_SIGPUSHONLY
+                              ).Num(0).PushSig(keys.key1).PushSig(keys.key1));
+
+
     std::map<std::string, Array> tests_good;
     std::map<std::string, Array> tests_bad;
 
diff --git a/src/test/transaction_tests.cpp b/src/test/transaction_tests.cpp
index 41ccaaac94..9209c6697f 100644
--- a/src/test/transaction_tests.cpp
+++ b/src/test/transaction_tests.cpp
@@ -33,6 +33,7 @@ static std::map<string, unsigned int> mapFlagNames = boost::assign::map_list_of
     (string("STRICTENC"), (unsigned int)SCRIPT_VERIFY_STRICTENC)
     (string("DERSIG"), (unsigned int)SCRIPT_VERIFY_DERSIG)
     (string("LOW_S"), (unsigned int)SCRIPT_VERIFY_LOW_S)
+    (string("SIGPUSHONLY"), (unsigned int)SCRIPT_VERIFY_SIGPUSHONLY)
     (string("NULLDUMMY"), (unsigned int)SCRIPT_VERIFY_NULLDUMMY);
 
 unsigned int ParseScriptFlags(string strFlags)
author	Pieter Wuille <pieter.wuille@gmail.com>	2014-10-08 16:29:45 -0700
committer	Pieter Wuille <pieter.wuille@gmail.com>	2014-10-25 03:03:16 -0700
commit	d752ba86c1872f64a4641cf77008826d32bde65f (patch)
tree	07728ee7eee5a8dacc3d31496ef4b9b204f9f06e
parent	65e4e8427d900b27f579dc12af6c74b3ec628286 (diff)
download	bitcoin-d752ba86c1872f64a4641cf77008826d32bde65f.tar.xz