Merge #11377: Disallow uncompressed pubkeys in bitcoin-tx [multisig] output adds

28d4542 Disallow uncompressed pubkeys in bitcoin-tx [multisig] output adds (Matt Corallo)

Pull request description:

  Does what it says on the tin.

Tree-SHA512: 324b8da8a9f9a35d3ade74f6c587f981894a085dfea9d64f78de745d5e6ec05c3a7bced487e9aad9c8a48151cd14969a0806f30f80b621edfce0da082fe6f4be

Author: laanwj

Makefile.am

@@ -249,6 +249,7 @@ EXTRA_DIST += \
     test/util/data/txcreatemultisig3.json \
     test/util/data/txcreatemultisig4.hex \
     test/util/data/txcreatemultisig4.json \
+    test/util/data/txcreatemultisig5.json \
     test/util/data/txcreateoutpubkey1.hex \
     test/util/data/txcreateoutpubkey1.json \
     test/util/data/txcreateoutpubkey2.hex \

src/bitcoin-tx.cpp

@@ -310,6 +310,9 @@ static void MutateTxAddOutPubKey(CMutableTransaction& tx, const std::string& str
     }
 
     if (bSegWit) {
+        if (!pubkey.IsCompressed()) {
+            throw std::runtime_error("Uncompressed pubkeys are not useable for SegWit outputs");
+        }
         // Call GetScriptForWitness() to build a P2WSH scriptPubKey
         scriptPubKey = GetScriptForWitness(scriptPubKey);
     }
@@ -375,6 +378,11 @@ static void MutateTxAddOutMultiSig(CMutableTransaction& tx, const std::string& s
     CScript scriptPubKey = GetScriptForMultisig(required, pubkeys);
 
     if (bSegWit) {
+        for (CPubKey& pubkey : pubkeys) {
+            if (!pubkey.IsCompressed()) {
+                throw std::runtime_error("Uncompressed pubkeys are not useable for SegWit outputs");
+            }
+        }
         // Call GetScriptForWitness() to build a P2WSH scriptPubKey
         scriptPubKey = GetScriptForWitness(scriptPubKey);
     }

test/util/data/bitcoin-util-test.json

@@ -261,6 +261,13 @@
     "output_cmp": "txcreateoutpubkey3.json",
     "description": "Creates a new transaction with a single pay-to-pub-key output, wrapped in P2SH (output as json)"
   },
+  { "exec": "./bitcoin-tx",
+    "args":
+    ["-json", "-create", "outpubkey=0:047d1368ba7ae01c94bc32293efd70bd7e3be7aa7912d07d0b1c659c1008d179b8642f5fb90f47580feb29f045e216ff5a4716d3a0fed36da414d332046303c44a:WS", "nversion=1"],
+    "return_code": 1,
+    "error_txt": "error: Uncompressed pubkeys are not useable for SegWit outputs",
+    "description": "Creates a new transaction with a single pay-to-pub-key output, wrapped in P2SH (output as json)"
+  },
   { "exec": "./bitcoin-tx",
     "args":
     ["-create",
@@ -388,5 +395,16 @@
     "args": ["-json", "-create", "outmultisig=1:2:3:02a5613bd857b7048924264d1e70e08fb2a7e6527d32b7ab1bb993ac59964ff397:021ac43c7ff740014c3b33737ede99c967e4764553d1b2b83db77c83b8715fa72d:02df2089105c77f266fa11a9d33f05c735234075f2e8780824c6b709415f9fb485:WS", "nversion=1"],
     "output_cmp": "txcreatemultisig4.json",
     "description": "Creates a new transaction with a single 2-of-3 multisig in a P2WSH output, wrapped in P2SH (output in json)"
+  },
+  { "exec": "./bitcoin-tx",
+    "args": ["-json", "-create", "outmultisig=1:2:3:02a5613bd857b7048924264d1e70e08fb2a7e6527d32b7ab1bb993ac59964ff397:021ac43c7ff740014c3b33737ede99c967e4764553d1b2b83db77c83b8715fa72d:047d1368ba7ae01c94bc32293efd70bd7e3be7aa7912d07d0b1c659c1008d179b8642f5fb90f47580feb29f045e216ff5a4716d3a0fed36da414d332046303c44a:S"],
+    "output_cmp": "txcreatemultisig5.json",
+    "description": "Uncompressed pubkeys should work just fine for non-witness outputs"
+  },
+  { "exec": "./bitcoin-tx",
+    "args": ["-json", "-create", "outmultisig=1:2:3:02a5613bd857b7048924264d1e70e08fb2a7e6527d32b7ab1bb993ac59964ff397:021ac43c7ff740014c3b33737ede99c967e4764553d1b2b83db77c83b8715fa72d:047d1368ba7ae01c94bc32293efd70bd7e3be7aa7912d07d0b1c659c1008d179b8642f5fb90f47580feb29f045e216ff5a4716d3a0fed36da414d332046303c44a:WS"],
+    "return_code": 1,
+    "error_txt": "error: Uncompressed pubkeys are not useable for SegWit outputs",
+    "description": "Ensure adding witness outputs with uncompressed pubkeys fails"
   }
 ]

test/util/data/txcreatemultisig5.json

@@ -0,0 +1,26 @@
+{
+    "txid": "813cf75e1f08debd242ef7c8192b7d478fb651355209369499a0de779ba7eb2f",
+    "hash": "813cf75e1f08debd242ef7c8192b7d478fb651355209369499a0de779ba7eb2f",
+    "version": 2,
+    "size": 42,
+    "vsize": 42,
+    "locktime": 0,
+    "vin": [
+    ],
+    "vout": [
+        {
+            "value": 1.00000000,
+            "n": 0,
+            "scriptPubKey": {
+                "asm": "OP_HASH160 a4051c02398868af83f28f083208fae99a769263 OP_EQUAL",
+                "hex": "a914a4051c02398868af83f28f083208fae99a76926387",
+                "reqSigs": 1,
+                "type": "scripthash",
+                "addresses": [
+                    "3GeGs1eHUxPz5YyuFe9WPpXid2UsUb5Jos"
+                ]
+            }
+        }
+    ],
+    "hex": "02000000000100e1f5050000000017a914a4051c02398868af83f28f083208fae99a7692638700000000"
+}