Bitcoin Core 28.0.0
P2P Digital Currency
Loading...
Searching...
No Matches
miniscript.cpp
Go to the documentation of this file.
1// Copyright (c) 2021-2022 The Bitcoin Core developers
2// Distributed under the MIT software license, see the accompanying
3// file COPYING or http://www.opensource.org/licenses/mit-license.php.
4
5#include <core_io.h>
6#include <hash.h>
7#include <key.h>
8#include <script/miniscript.h>
9#include <script/script.h>
10#include <script/signingprovider.h>
11#include <test/fuzz/FuzzedDataProvider.h>
12#include <test/fuzz/fuzz.h>
13#include <test/fuzz/util.h>
14#include <util/strencodings.h>
15
16namespace {
17
18using Fragment = miniscript::Fragment;
19using NodeRef = miniscript::NodeRef<CPubKey>;
20using Node = miniscript::Node<CPubKey>;
21using Type = miniscript::Type;
22using MsCtx = miniscript::MiniscriptContext;
23using miniscript::operator"" _mst;
24
26struct TestData {
27 typedef CPubKey Key;
28
29 // Precomputed public keys, and a dummy signature for each of them.
30 std::vector<Key> dummy_keys;
31 std::map<Key, int> dummy_key_idx_map;
32 std::map<CKeyID, Key> dummy_keys_map;
33 std::map<Key, std::pair<std::vector<unsigned char>, bool>> dummy_sigs;
34 std::map<XOnlyPubKey, std::pair<std::vector<unsigned char>, bool>> schnorr_sigs;
35
36 // Precomputed hashes of each kind.
37 std::vector<std::vector<unsigned char>> sha256;
38 std::vector<std::vector<unsigned char>> ripemd160;
39 std::vector<std::vector<unsigned char>> hash256;
40 std::vector<std::vector<unsigned char>> hash160;
41 std::map<std::vector<unsigned char>, std::vector<unsigned char>> sha256_preimages;
42 std::map<std::vector<unsigned char>, std::vector<unsigned char>> ripemd160_preimages;
43 std::map<std::vector<unsigned char>, std::vector<unsigned char>> hash256_preimages;
44 std::map<std::vector<unsigned char>, std::vector<unsigned char>> hash160_preimages;
45
47 void Init() {
48 unsigned char keydata[32] = {1};
49 // All our signatures sign (and are required to sign) this constant message.
50 constexpr uint256 MESSAGE_HASH{"0000000000000000f5cd94e18b6fe77dd7aca9e35c2b0c9cbd86356c80a71065"};
51 // We don't pass additional randomness when creating a schnorr signature.
52 const auto EMPTY_AUX{uint256::ZERO};
53
54 for (size_t i = 0; i < 256; i++) {
55 keydata[31] = i;
56 CKey privkey;
57 privkey.Set(keydata, keydata + 32, true);
58 const Key pubkey = privkey.GetPubKey();
59
60 dummy_keys.push_back(pubkey);
61 dummy_key_idx_map.emplace(pubkey, i);
62 dummy_keys_map.insert({pubkey.GetID(), pubkey});
63 XOnlyPubKey xonly_pubkey{pubkey};
64 dummy_key_idx_map.emplace(xonly_pubkey, i);
65 uint160 xonly_hash{Hash160(xonly_pubkey)};
66 dummy_keys_map.emplace(xonly_hash, pubkey);
67
68 std::vector<unsigned char> sig, schnorr_sig(64);
69 privkey.Sign(MESSAGE_HASH, sig);
70 sig.push_back(1); // SIGHASH_ALL
71 dummy_sigs.insert({pubkey, {sig, i & 1}});
72 assert(privkey.SignSchnorr(MESSAGE_HASH, schnorr_sig, nullptr, EMPTY_AUX));
73 schnorr_sig.push_back(1); // Maximally-sized signature has sighash byte
74 schnorr_sigs.emplace(XOnlyPubKey{pubkey}, std::make_pair(std::move(schnorr_sig), i & 1));
75
76 std::vector<unsigned char> hash;
77 hash.resize(32);
78 CSHA256().Write(keydata, 32).Finalize(hash.data());
79 sha256.push_back(hash);
80 if (i & 1) sha256_preimages[hash] = std::vector<unsigned char>(keydata, keydata + 32);
81 CHash256().Write(keydata).Finalize(hash);
82 hash256.push_back(hash);
83 if (i & 1) hash256_preimages[hash] = std::vector<unsigned char>(keydata, keydata + 32);
84 hash.resize(20);
85 CRIPEMD160().Write(keydata, 32).Finalize(hash.data());
86 assert(hash.size() == 20);
87 ripemd160.push_back(hash);
88 if (i & 1) ripemd160_preimages[hash] = std::vector<unsigned char>(keydata, keydata + 32);
89 CHash160().Write(keydata).Finalize(hash);
90 hash160.push_back(hash);
91 if (i & 1) hash160_preimages[hash] = std::vector<unsigned char>(keydata, keydata + 32);
92 }
93 }
94
96 const std::pair<std::vector<unsigned char>, bool>* GetSig(const MsCtx script_ctx, const Key& key) const {
97 if (!miniscript::IsTapscript(script_ctx)) {
98 const auto it = dummy_sigs.find(key);
99 if (it == dummy_sigs.end()) return nullptr;
100 return &it->second;
101 } else {
102 const auto it = schnorr_sigs.find(XOnlyPubKey{key});
103 if (it == schnorr_sigs.end()) return nullptr;
104 return &it->second;
105 }
106 }
107} TEST_DATA;
108
114struct ParserContext {
115 typedef CPubKey Key;
116
117 const MsCtx script_ctx;
118
119 constexpr ParserContext(MsCtx ctx) noexcept : script_ctx(ctx) {}
120
121 bool KeyCompare(const Key& a, const Key& b) const {
122 return a < b;
123 }
124
125 std::optional<std::string> ToString(const Key& key) const
126 {
127 auto it = TEST_DATA.dummy_key_idx_map.find(key);
128 if (it == TEST_DATA.dummy_key_idx_map.end()) return {};
129 uint8_t idx = it->second;
130 return HexStr(Span{&idx, 1});
131 }
132
133 std::vector<unsigned char> ToPKBytes(const Key& key) const {
134 if (!miniscript::IsTapscript(script_ctx)) {
135 return {key.begin(), key.end()};
136 }
137 const XOnlyPubKey xonly_pubkey{key};
138 return {xonly_pubkey.begin(), xonly_pubkey.end()};
139 }
140
141 std::vector<unsigned char> ToPKHBytes(const Key& key) const {
142 if (!miniscript::IsTapscript(script_ctx)) {
143 const auto h = Hash160(key);
144 return {h.begin(), h.end()};
145 }
146 const auto h = Hash160(XOnlyPubKey{key});
147 return {h.begin(), h.end()};
148 }
149
150 template<typename I>
151 std::optional<Key> FromString(I first, I last) const {
152 if (last - first != 2) return {};
153 auto idx = ParseHex(std::string(first, last));
154 if (idx.size() != 1) return {};
155 return TEST_DATA.dummy_keys[idx[0]];
156 }
157
158 template<typename I>
159 std::optional<Key> FromPKBytes(I first, I last) const {
160 if (!miniscript::IsTapscript(script_ctx)) {
161 Key key{first, last};
162 if (key.IsValid()) return key;
163 return {};
164 }
165 if (last - first != 32) return {};
166 XOnlyPubKey xonly_pubkey;
167 std::copy(first, last, xonly_pubkey.begin());
168 return xonly_pubkey.GetEvenCorrespondingCPubKey();
169 }
170
171 template<typename I>
172 std::optional<Key> FromPKHBytes(I first, I last) const {
173 assert(last - first == 20);
174 CKeyID keyid;
175 std::copy(first, last, keyid.begin());
176 const auto it = TEST_DATA.dummy_keys_map.find(keyid);
177 if (it == TEST_DATA.dummy_keys_map.end()) return {};
178 return it->second;
179 }
180
181 MsCtx MsContext() const {
182 return script_ctx;
183 }
184};
185
187struct ScriptParserContext {
188 const MsCtx script_ctx;
189
190 constexpr ScriptParserContext(MsCtx ctx) noexcept : script_ctx(ctx) {}
191
193 struct Key {
194 bool is_hash;
195 std::vector<unsigned char> data;
196 };
197
198 bool KeyCompare(const Key& a, const Key& b) const {
199 return a.data < b.data;
200 }
201
202 const std::vector<unsigned char>& ToPKBytes(const Key& key) const
203 {
204 assert(!key.is_hash);
205 return key.data;
206 }
207
208 std::vector<unsigned char> ToPKHBytes(const Key& key) const
209 {
210 if (key.is_hash) return key.data;
211 const auto h = Hash160(key.data);
212 return {h.begin(), h.end()};
213 }
214
215 template<typename I>
216 std::optional<Key> FromPKBytes(I first, I last) const
217 {
218 Key key;
219 key.data.assign(first, last);
220 key.is_hash = false;
221 return key;
222 }
223
224 template<typename I>
225 std::optional<Key> FromPKHBytes(I first, I last) const
226 {
227 Key key;
228 key.data.assign(first, last);
229 key.is_hash = true;
230 return key;
231 }
232
233 MsCtx MsContext() const {
234 return script_ctx;
235 }
236};
237
239struct SatisfierContext : ParserContext {
240
241 constexpr SatisfierContext(MsCtx ctx) noexcept : ParserContext(ctx) {}
242
243 // Timelock challenges satisfaction. Make the value (deterministically) vary to explore different
244 // paths.
245 bool CheckAfter(uint32_t value) const { return value % 2; }
246 bool CheckOlder(uint32_t value) const { return value % 2; }
247
248 // Signature challenges fulfilled with a dummy signature, if it was one of our dummy keys.
249 miniscript::Availability Sign(const CPubKey& key, std::vector<unsigned char>& sig) const {
250 bool sig_available{false};
251 if (auto res = TEST_DATA.GetSig(script_ctx, key)) {
252 std::tie(sig, sig_available) = *res;
253 }
254 return sig_available ? miniscript::Availability::YES : miniscript::Availability::NO;
255 }
256
258 miniscript::Availability LookupHash(const std::vector<unsigned char>& hash, std::vector<unsigned char>& preimage,
259 const std::map<std::vector<unsigned char>, std::vector<unsigned char>>& map) const
260 {
261 const auto it = map.find(hash);
262 if (it == map.end()) return miniscript::Availability::NO;
263 preimage = it->second;
264 return miniscript::Availability::YES;
265 }
266 miniscript::Availability SatSHA256(const std::vector<unsigned char>& hash, std::vector<unsigned char>& preimage) const {
267 return LookupHash(hash, preimage, TEST_DATA.sha256_preimages);
268 }
269 miniscript::Availability SatRIPEMD160(const std::vector<unsigned char>& hash, std::vector<unsigned char>& preimage) const {
270 return LookupHash(hash, preimage, TEST_DATA.ripemd160_preimages);
271 }
272 miniscript::Availability SatHASH256(const std::vector<unsigned char>& hash, std::vector<unsigned char>& preimage) const {
273 return LookupHash(hash, preimage, TEST_DATA.hash256_preimages);
274 }
275 miniscript::Availability SatHASH160(const std::vector<unsigned char>& hash, std::vector<unsigned char>& preimage) const {
276 return LookupHash(hash, preimage, TEST_DATA.hash160_preimages);
277 }
278};
279
281const struct CheckerContext: BaseSignatureChecker {
282 // Signature checker methods. Checks the right dummy signature is used.
283 bool CheckECDSASignature(const std::vector<unsigned char>& sig, const std::vector<unsigned char>& vchPubKey,
284 const CScript& scriptCode, SigVersion sigversion) const override
285 {
286 const CPubKey key{vchPubKey};
287 const auto it = TEST_DATA.dummy_sigs.find(key);
288 if (it == TEST_DATA.dummy_sigs.end()) return false;
289 return it->second.first == sig;
290 }
291 bool CheckSchnorrSignature(Span<const unsigned char> sig, Span<const unsigned char> pubkey, SigVersion,
292 ScriptExecutionData&, ScriptError*) const override {
293 XOnlyPubKey pk{pubkey};
294 auto it = TEST_DATA.schnorr_sigs.find(pk);
295 if (it == TEST_DATA.schnorr_sigs.end()) return false;
296 return it->second.first == sig;
297 }
298 bool CheckLockTime(const CScriptNum& nLockTime) const override { return nLockTime.GetInt64() & 1; }
299 bool CheckSequence(const CScriptNum& nSequence) const override { return nSequence.GetInt64() & 1; }
300} CHECKER_CTX;
301
303const struct KeyComparator {
304 bool KeyCompare(const CPubKey& a, const CPubKey& b) const {
305 return a < b;
306 }
307} KEY_COMP;
308
309// A dummy scriptsig to pass to VerifyScript (we always use Segwit v0).
310const CScript DUMMY_SCRIPTSIG;
311
313template<typename... Args> NodeRef MakeNodeRef(Args&&... args) {
314 return miniscript::MakeNodeRef<CPubKey>(miniscript::internal::NoDupCheck{}, std::forward<Args>(args)...);
315}
316
318struct NodeInfo {
320 Fragment fragment;
322 uint32_t k;
324 std::vector<CPubKey> keys;
326 std::vector<unsigned char> hash;
328 std::vector<Type> subtypes;
329
330 NodeInfo(Fragment frag): fragment(frag), k(0) {}
331 NodeInfo(Fragment frag, CPubKey key): fragment(frag), k(0), keys({key}) {}
332 NodeInfo(Fragment frag, uint32_t _k): fragment(frag), k(_k) {}
333 NodeInfo(Fragment frag, std::vector<unsigned char> h): fragment(frag), k(0), hash(std::move(h)) {}
334 NodeInfo(std::vector<Type> subt, Fragment frag): fragment(frag), k(0), subtypes(std::move(subt)) {}
335 NodeInfo(std::vector<Type> subt, Fragment frag, uint32_t _k): fragment(frag), k(_k), subtypes(std::move(subt)) {}
336 NodeInfo(Fragment frag, uint32_t _k, std::vector<CPubKey> _keys): fragment(frag), k(_k), keys(std::move(_keys)) {}
337};
338
340template<typename T, typename A>
341T ConsumeIndex(FuzzedDataProvider& provider, A& col) {
342 const uint8_t i = provider.ConsumeIntegral<uint8_t>();
343 return col[i];
344}
345
346CPubKey ConsumePubKey(FuzzedDataProvider& provider) {
347 return ConsumeIndex<CPubKey>(provider, TEST_DATA.dummy_keys);
348}
349
350std::vector<unsigned char> ConsumeSha256(FuzzedDataProvider& provider) {
351 return ConsumeIndex<std::vector<unsigned char>>(provider, TEST_DATA.sha256);
352}
353
354std::vector<unsigned char> ConsumeHash256(FuzzedDataProvider& provider) {
355 return ConsumeIndex<std::vector<unsigned char>>(provider, TEST_DATA.hash256);
356}
357
358std::vector<unsigned char> ConsumeRipemd160(FuzzedDataProvider& provider) {
359 return ConsumeIndex<std::vector<unsigned char>>(provider, TEST_DATA.ripemd160);
360}
361
362std::vector<unsigned char> ConsumeHash160(FuzzedDataProvider& provider) {
363 return ConsumeIndex<std::vector<unsigned char>>(provider, TEST_DATA.hash160);
364}
365
366std::optional<uint32_t> ConsumeTimeLock(FuzzedDataProvider& provider) {
367 const uint32_t k = provider.ConsumeIntegral<uint32_t>();
368 if (k == 0 || k >= 0x80000000) return {};
369 return k;
370}
371
386std::optional<NodeInfo> ConsumeNodeStable(MsCtx script_ctx, FuzzedDataProvider& provider, Type type_needed) {
387 bool allow_B = (type_needed == ""_mst) || (type_needed << "B"_mst);
388 bool allow_K = (type_needed == ""_mst) || (type_needed << "K"_mst);
389 bool allow_V = (type_needed == ""_mst) || (type_needed << "V"_mst);
390 bool allow_W = (type_needed == ""_mst) || (type_needed << "W"_mst);
391 static constexpr auto B{"B"_mst}, K{"K"_mst}, V{"V"_mst}, W{"W"_mst};
392
393 switch (provider.ConsumeIntegral<uint8_t>()) {
394 case 0:
395 if (!allow_B) return {};
396 return {{Fragment::JUST_0}};
397 case 1:
398 if (!allow_B) return {};
399 return {{Fragment::JUST_1}};
400 case 2:
401 if (!allow_K) return {};
402 return {{Fragment::PK_K, ConsumePubKey(provider)}};
403 case 3:
404 if (!allow_K) return {};
405 return {{Fragment::PK_H, ConsumePubKey(provider)}};
406 case 4: {
407 if (!allow_B) return {};
408 const auto k = ConsumeTimeLock(provider);
409 if (!k) return {};
410 return {{Fragment::OLDER, *k}};
411 }
412 case 5: {
413 if (!allow_B) return {};
414 const auto k = ConsumeTimeLock(provider);
415 if (!k) return {};
416 return {{Fragment::AFTER, *k}};
417 }
418 case 6:
419 if (!allow_B) return {};
420 return {{Fragment::SHA256, ConsumeSha256(provider)}};
421 case 7:
422 if (!allow_B) return {};
423 return {{Fragment::HASH256, ConsumeHash256(provider)}};
424 case 8:
425 if (!allow_B) return {};
426 return {{Fragment::RIPEMD160, ConsumeRipemd160(provider)}};
427 case 9:
428 if (!allow_B) return {};
429 return {{Fragment::HASH160, ConsumeHash160(provider)}};
430 case 10: {
431 if (!allow_B || IsTapscript(script_ctx)) return {};
432 const auto k = provider.ConsumeIntegral<uint8_t>();
433 const auto n_keys = provider.ConsumeIntegral<uint8_t>();
434 if (n_keys > 20 || k == 0 || k > n_keys) return {};
435 std::vector<CPubKey> keys{n_keys};
436 for (auto& key: keys) key = ConsumePubKey(provider);
437 return {{Fragment::MULTI, k, std::move(keys)}};
438 }
439 case 11:
440 if (!(allow_B || allow_K || allow_V)) return {};
441 return {{{B, type_needed, type_needed}, Fragment::ANDOR}};
442 case 12:
443 if (!(allow_B || allow_K || allow_V)) return {};
444 return {{{V, type_needed}, Fragment::AND_V}};
445 case 13:
446 if (!allow_B) return {};
447 return {{{B, W}, Fragment::AND_B}};
448 case 15:
449 if (!allow_B) return {};
450 return {{{B, W}, Fragment::OR_B}};
451 case 16:
452 if (!allow_V) return {};
453 return {{{B, V}, Fragment::OR_C}};
454 case 17:
455 if (!allow_B) return {};
456 return {{{B, B}, Fragment::OR_D}};
457 case 18:
458 if (!(allow_B || allow_K || allow_V)) return {};
459 return {{{type_needed, type_needed}, Fragment::OR_I}};
460 case 19: {
461 if (!allow_B) return {};
462 auto k = provider.ConsumeIntegral<uint8_t>();
463 auto n_subs = provider.ConsumeIntegral<uint8_t>();
464 if (k == 0 || k > n_subs) return {};
465 std::vector<Type> subtypes;
466 subtypes.reserve(n_subs);
467 subtypes.emplace_back("B"_mst);
468 for (size_t i = 1; i < n_subs; ++i) subtypes.emplace_back("W"_mst);
469 return {{std::move(subtypes), Fragment::THRESH, k}};
470 }
471 case 20:
472 if (!allow_W) return {};
473 return {{{B}, Fragment::WRAP_A}};
474 case 21:
475 if (!allow_W) return {};
476 return {{{B}, Fragment::WRAP_S}};
477 case 22:
478 if (!allow_B) return {};
479 return {{{K}, Fragment::WRAP_C}};
480 case 23:
481 if (!allow_B) return {};
482 return {{{V}, Fragment::WRAP_D}};
483 case 24:
484 if (!allow_V) return {};
485 return {{{B}, Fragment::WRAP_V}};
486 case 25:
487 if (!allow_B) return {};
488 return {{{B}, Fragment::WRAP_J}};
489 case 26:
490 if (!allow_B) return {};
491 return {{{B}, Fragment::WRAP_N}};
492 case 27: {
493 if (!allow_B || !IsTapscript(script_ctx)) return {};
494 const auto k = provider.ConsumeIntegral<uint16_t>();
495 const auto n_keys = provider.ConsumeIntegral<uint16_t>();
496 if (n_keys > 999 || k == 0 || k > n_keys) return {};
497 std::vector<CPubKey> keys{n_keys};
498 for (auto& key: keys) key = ConsumePubKey(provider);
499 return {{Fragment::MULTI_A, k, std::move(keys)}};
500 }
501 default:
502 break;
503 }
504 return {};
505}
506
507/* This structure contains a table which for each "target" Type a list of recipes
508 * to construct it, automatically inferred from the behavior of ComputeType.
509 * Note that the Types here are not the final types of the constructed Nodes, but
510 * just the subset that are required. For example, a recipe for the "Bo" type
511 * might construct a "Bondu" sha256() NodeInfo, but cannot construct a "Bz" older().
512 * Each recipe is a Fragment together with a list of required types for its subnodes.
513 */
514struct SmartInfo
515{
516 using recipe = std::pair<Fragment, std::vector<Type>>;
517 std::map<Type, std::vector<recipe>> wsh_table, tap_table;
518
519 void Init()
520 {
521 Init(wsh_table, MsCtx::P2WSH);
522 Init(tap_table, MsCtx::TAPSCRIPT);
523 }
524
525 void Init(std::map<Type, std::vector<recipe>>& table, MsCtx script_ctx)
526 {
527 /* Construct a set of interesting type requirements to reason with (sections of BKVWzondu). */
528 std::vector<Type> types;
529 static constexpr auto B_mst{"B"_mst}, K_mst{"K"_mst}, V_mst{"V"_mst}, W_mst{"W"_mst};
530 static constexpr auto d_mst{"d"_mst}, n_mst{"n"_mst}, o_mst{"o"_mst}, u_mst{"u"_mst}, z_mst{"z"_mst};
531 static constexpr auto NONE_mst{""_mst};
532 for (int base = 0; base < 4; ++base) { /* select from B,K,V,W */
533 Type type_base = base == 0 ? B_mst : base == 1 ? K_mst : base == 2 ? V_mst : W_mst;
534 for (int zo = 0; zo < 3; ++zo) { /* select from z,o,(none) */
535 Type type_zo = zo == 0 ? z_mst : zo == 1 ? o_mst : NONE_mst;
536 for (int n = 0; n < 2; ++n) { /* select from (none),n */
537 if (zo == 0 && n == 1) continue; /* z conflicts with n */
538 if (base == 3 && n == 1) continue; /* W conflicts with n */
539 Type type_n = n == 0 ? NONE_mst : n_mst;
540 for (int d = 0; d < 2; ++d) { /* select from (none),d */
541 if (base == 2 && d == 1) continue; /* V conflicts with d */
542 Type type_d = d == 0 ? NONE_mst : d_mst;
543 for (int u = 0; u < 2; ++u) { /* select from (none),u */
544 if (base == 2 && u == 1) continue; /* V conflicts with u */
545 Type type_u = u == 0 ? NONE_mst : u_mst;
546 Type type = type_base | type_zo | type_n | type_d | type_u;
547 types.push_back(type);
548 }
549 }
550 }
551 }
552 }
553
554 /* We define a recipe a to be a super-recipe of recipe b if they use the same
555 * fragment, the same number of subexpressions, and each of a's subexpression
556 * types is a supertype of the corresponding subexpression type of b.
557 * Within the set of recipes for the construction of a given type requirement,
558 * no recipe should be a super-recipe of another (as the super-recipe is
559 * applicable in every place the sub-recipe is, the sub-recipe is redundant). */
560 auto is_super_of = [](const recipe& a, const recipe& b) {
561 if (a.first != b.first) return false;
562 if (a.second.size() != b.second.size()) return false;
563 for (size_t i = 0; i < a.second.size(); ++i) {
564 if (!(b.second[i] << a.second[i])) return false;
565 }
566 return true;
567 };
568
569 /* Sort the type requirements. Subtypes will always sort later (e.g. Bondu will
570 * sort after Bo or Bu). As we'll be constructing recipes using these types, in
571 * order, in what follows, we'll construct super-recipes before sub-recipes.
572 * That means we never need to go back and delete a sub-recipe because a
573 * super-recipe got added. */
574 std::sort(types.begin(), types.end());
575
576 // Iterate over all possible fragments.
577 for (int fragidx = 0; fragidx <= int(Fragment::MULTI_A); ++fragidx) {
578 int sub_count = 0;
579 int sub_range = 1;
580 size_t data_size = 0;
581 size_t n_keys = 0;
582 uint32_t k = 0;
583 Fragment frag{fragidx};
584
585 // Only produce recipes valid in the given context.
586 if ((!miniscript::IsTapscript(script_ctx) && frag == Fragment::MULTI_A)
587 || (miniscript::IsTapscript(script_ctx) && frag == Fragment::MULTI)) {
588 continue;
589 }
590
591 // Based on the fragment, determine #subs/data/k/keys to pass to ComputeType. */
592 switch (frag) {
593 case Fragment::PK_K:
594 case Fragment::PK_H:
595 n_keys = 1;
596 break;
597 case Fragment::MULTI:
598 case Fragment::MULTI_A:
599 n_keys = 1;
600 k = 1;
601 break;
602 case Fragment::OLDER:
603 case Fragment::AFTER:
604 k = 1;
605 break;
606 case Fragment::SHA256:
607 case Fragment::HASH256:
608 data_size = 32;
609 break;
610 case Fragment::RIPEMD160:
611 case Fragment::HASH160:
612 data_size = 20;
613 break;
614 case Fragment::JUST_0:
615 case Fragment::JUST_1:
616 break;
617 case Fragment::WRAP_A:
618 case Fragment::WRAP_S:
619 case Fragment::WRAP_C:
620 case Fragment::WRAP_D:
621 case Fragment::WRAP_V:
622 case Fragment::WRAP_J:
623 case Fragment::WRAP_N:
624 sub_count = 1;
625 break;
626 case Fragment::AND_V:
627 case Fragment::AND_B:
628 case Fragment::OR_B:
629 case Fragment::OR_C:
630 case Fragment::OR_D:
631 case Fragment::OR_I:
632 sub_count = 2;
633 break;
634 case Fragment::ANDOR:
635 sub_count = 3;
636 break;
637 case Fragment::THRESH:
638 // Thresh logic is executed for 1 and 2 arguments. Larger numbers use ad-hoc code to extend.
639 sub_count = 1;
640 sub_range = 2;
641 k = 1;
642 break;
643 }
644
645 // Iterate over the number of subnodes (sub_count...sub_count+sub_range-1).
646 std::vector<Type> subt;
647 for (int subs = sub_count; subs < sub_count + sub_range; ++subs) {
648 // Iterate over the possible subnode types (at most 3).
649 for (Type x : types) {
650 for (Type y : types) {
651 for (Type z : types) {
652 // Compute the resulting type of a node with the selected fragment / subnode types.
653 subt.clear();
654 if (subs > 0) subt.push_back(x);
655 if (subs > 1) subt.push_back(y);
656 if (subs > 2) subt.push_back(z);
657 Type res = miniscript::internal::ComputeType(frag, x, y, z, subt, k, data_size, subs, n_keys, script_ctx);
658 // Continue if the result is not a valid node.
659 if ((res << "K"_mst) + (res << "V"_mst) + (res << "B"_mst) + (res << "W"_mst) != 1) continue;
660
661 recipe entry{frag, subt};
662 auto super_of_entry = [&](const recipe& rec) { return is_super_of(rec, entry); };
663 // Iterate over all supertypes of res (because if e.g. our selected fragment/subnodes result
664 // in a Bondu, they can form a recipe that is also applicable for constructing a B, Bou, Bdu, ...).
665 for (Type s : types) {
666 if ((res & "BKVWzondu"_mst) << s) {
667 auto& recipes = table[s];
668 // If we don't already have a super-recipe to the new one, add it.
669 if (!std::any_of(recipes.begin(), recipes.end(), super_of_entry)) {
670 recipes.push_back(entry);
671 }
672 }
673 }
674
675 if (subs <= 2) break;
676 }
677 if (subs <= 1) break;
678 }
679 if (subs <= 0) break;
680 }
681 }
682 }
683
684 /* Find which types are useful. The fuzzer logic only cares about constructing
685 * B,V,K,W nodes, so any type that isn't needed in any recipe (directly or
686 * indirectly) for the construction of those is uninteresting. */
687 std::set<Type> useful_types{B_mst, V_mst, K_mst, W_mst};
688 // Find the transitive closure by adding types until the set of types does not change.
689 while (true) {
690 size_t set_size = useful_types.size();
691 for (const auto& [type, recipes] : table) {
692 if (useful_types.count(type) != 0) {
693 for (const auto& [_, subtypes] : recipes) {
694 for (auto subtype : subtypes) useful_types.insert(subtype);
695 }
696 }
697 }
698 if (useful_types.size() == set_size) break;
699 }
700 // Remove all rules that construct uninteresting types.
701 for (auto type_it = table.begin(); type_it != table.end();) {
702 if (useful_types.count(type_it->first) == 0) {
703 type_it = table.erase(type_it);
704 } else {
705 ++type_it;
706 }
707 }
708
709 /* Find which types are constructible. A type is constructible if there is a leaf
710 * node recipe for constructing it, or a recipe whose subnodes are all constructible.
711 * Types can be non-constructible because they have no recipes to begin with,
712 * because they can only be constructed using recipes that involve otherwise
713 * non-constructible types, or because they require infinite recursion. */
714 std::set<Type> constructible_types{};
715 auto known_constructible = [&](Type type) { return constructible_types.count(type) != 0; };
716 // Find the transitive closure by adding types until the set of types does not change.
717 while (true) {
718 size_t set_size = constructible_types.size();
719 // Iterate over all types we have recipes for.
720 for (const auto& [type, recipes] : table) {
721 if (!known_constructible(type)) {
722 // For not (yet known to be) constructible types, iterate over their recipes.
723 for (const auto& [_, subt] : recipes) {
724 // If any recipe involves only (already known to be) constructible types,
725 // add the recipe's type to the set.
726 if (std::all_of(subt.begin(), subt.end(), known_constructible)) {
727 constructible_types.insert(type);
728 break;
729 }
730 }
731 }
732 }
733 if (constructible_types.size() == set_size) break;
734 }
735 for (auto type_it = table.begin(); type_it != table.end();) {
736 // Remove all recipes which involve non-constructible types.
737 type_it->second.erase(std::remove_if(type_it->second.begin(), type_it->second.end(),
738 [&](const recipe& rec) {
739 return !std::all_of(rec.second.begin(), rec.second.end(), known_constructible);
740 }), type_it->second.end());
741 // Delete types entirely which have no recipes left.
742 if (type_it->second.empty()) {
743 type_it = table.erase(type_it);
744 } else {
745 ++type_it;
746 }
747 }
748
749 for (auto& [type, recipes] : table) {
750 // Sort recipes for determinism, and place those using fewer subnodes first.
751 // This avoids runaway expansion (when reaching the end of the fuzz input,
752 // all zeroes are read, resulting in the first available recipe being picked).
753 std::sort(recipes.begin(), recipes.end(),
754 [](const recipe& a, const recipe& b) {
755 if (a.second.size() < b.second.size()) return true;
756 if (a.second.size() > b.second.size()) return false;
757 return a < b;
758 }
759 );
760 }
761 }
762} SMARTINFO;
763
774std::optional<NodeInfo> ConsumeNodeSmart(MsCtx script_ctx, FuzzedDataProvider& provider, Type type_needed) {
776 const auto& table{IsTapscript(script_ctx) ? SMARTINFO.tap_table : SMARTINFO.wsh_table};
777 auto recipes_it = table.find(type_needed);
778 assert(recipes_it != table.end());
780 const auto& [frag, subt] = PickValue(provider, recipes_it->second);
781
782 // Based on the fragment the recipe uses, fill in other data (k, keys, data).
783 switch (frag) {
784 case Fragment::PK_K:
785 case Fragment::PK_H:
786 return {{frag, ConsumePubKey(provider)}};
787 case Fragment::MULTI: {
788 const auto n_keys = provider.ConsumeIntegralInRange<uint8_t>(1, 20);
789 const auto k = provider.ConsumeIntegralInRange<uint8_t>(1, n_keys);
790 std::vector<CPubKey> keys{n_keys};
791 for (auto& key: keys) key = ConsumePubKey(provider);
792 return {{frag, k, std::move(keys)}};
793 }
794 case Fragment::MULTI_A: {
795 const auto n_keys = provider.ConsumeIntegralInRange<uint16_t>(1, 999);
796 const auto k = provider.ConsumeIntegralInRange<uint16_t>(1, n_keys);
797 std::vector<CPubKey> keys{n_keys};
798 for (auto& key: keys) key = ConsumePubKey(provider);
799 return {{frag, k, std::move(keys)}};
800 }
801 case Fragment::OLDER:
802 case Fragment::AFTER:
803 return {{frag, provider.ConsumeIntegralInRange<uint32_t>(1, 0x7FFFFFF)}};
804 case Fragment::SHA256:
805 return {{frag, PickValue(provider, TEST_DATA.sha256)}};
806 case Fragment::HASH256:
807 return {{frag, PickValue(provider, TEST_DATA.hash256)}};
808 case Fragment::RIPEMD160:
809 return {{frag, PickValue(provider, TEST_DATA.ripemd160)}};
810 case Fragment::HASH160:
811 return {{frag, PickValue(provider, TEST_DATA.hash160)}};
812 case Fragment::JUST_0:
813 case Fragment::JUST_1:
814 case Fragment::WRAP_A:
815 case Fragment::WRAP_S:
816 case Fragment::WRAP_C:
817 case Fragment::WRAP_D:
818 case Fragment::WRAP_V:
819 case Fragment::WRAP_J:
820 case Fragment::WRAP_N:
821 case Fragment::AND_V:
822 case Fragment::AND_B:
823 case Fragment::OR_B:
824 case Fragment::OR_C:
825 case Fragment::OR_D:
826 case Fragment::OR_I:
827 case Fragment::ANDOR:
828 return {{subt, frag}};
829 case Fragment::THRESH: {
830 uint32_t children;
831 if (subt.size() < 2) {
832 children = subt.size();
833 } else {
834 // If we hit a thresh with 2 subnodes, artificially extend it to any number
835 // (2 or larger) by replicating the type of the last subnode.
836 children = provider.ConsumeIntegralInRange<uint32_t>(2, MAX_OPS_PER_SCRIPT / 2);
837 }
838 auto k = provider.ConsumeIntegralInRange<uint32_t>(1, children);
839 std::vector<Type> subs = subt;
840 while (subs.size() < children) subs.push_back(subs.back());
841 return {{std::move(subs), frag, k}};
842 }
843 }
844
845 assert(false);
846}
847
856template<typename F>
857NodeRef GenNode(MsCtx script_ctx, F ConsumeNode, Type root_type, bool strict_valid = false) {
859 std::vector<NodeRef> stack;
861 std::vector<std::pair<Type, std::optional<NodeInfo>>> todo{{root_type, {}}};
863 uint32_t ops{0};
866 uint32_t scriptsize{1};
867
868 while (!todo.empty()) {
869 // The expected type we have to construct.
870 auto type_needed = todo.back().first;
871 if (!todo.back().second) {
872 // Fragment/children have not been decided yet. Decide them.
873 auto node_info = ConsumeNode(type_needed);
874 if (!node_info) return {};
875 // Update predicted resource limits. Since every leaf Miniscript node is at least one
876 // byte long, we move one byte from each child to their parent. A similar technique is
877 // used in the miniscript::internal::Parse function to prevent runaway string parsing.
878 scriptsize += miniscript::internal::ComputeScriptLen(node_info->fragment, ""_mst, node_info->subtypes.size(), node_info->k, node_info->subtypes.size(),
879 node_info->keys.size(), script_ctx) - 1;
880 if (scriptsize > MAX_STANDARD_P2WSH_SCRIPT_SIZE) return {};
881 switch (node_info->fragment) {
882 case Fragment::JUST_0:
883 case Fragment::JUST_1:
884 break;
885 case Fragment::PK_K:
886 break;
887 case Fragment::PK_H:
888 ops += 3;
889 break;
890 case Fragment::OLDER:
891 case Fragment::AFTER:
892 ops += 1;
893 break;
894 case Fragment::RIPEMD160:
895 case Fragment::SHA256:
896 case Fragment::HASH160:
897 case Fragment::HASH256:
898 ops += 4;
899 break;
900 case Fragment::ANDOR:
901 ops += 3;
902 break;
903 case Fragment::AND_V:
904 break;
905 case Fragment::AND_B:
906 case Fragment::OR_B:
907 ops += 1;
908 break;
909 case Fragment::OR_C:
910 ops += 2;
911 break;
912 case Fragment::OR_D:
913 ops += 3;
914 break;
915 case Fragment::OR_I:
916 ops += 3;
917 break;
918 case Fragment::THRESH:
919 ops += node_info->subtypes.size();
920 break;
921 case Fragment::MULTI:
922 ops += 1;
923 break;
924 case Fragment::MULTI_A:
925 ops += node_info->keys.size() + 1;
926 break;
927 case Fragment::WRAP_A:
928 ops += 2;
929 break;
930 case Fragment::WRAP_S:
931 ops += 1;
932 break;
933 case Fragment::WRAP_C:
934 ops += 1;
935 break;
936 case Fragment::WRAP_D:
937 ops += 3;
938 break;
939 case Fragment::WRAP_V:
940 // We don't account for OP_VERIFY here; that will be corrected for when the actual
941 // node is constructed below.
942 break;
943 case Fragment::WRAP_J:
944 ops += 4;
945 break;
946 case Fragment::WRAP_N:
947 ops += 1;
948 break;
949 }
950 if (ops > MAX_OPS_PER_SCRIPT) return {};
951 auto subtypes = node_info->subtypes;
952 todo.back().second = std::move(node_info);
953 todo.reserve(todo.size() + subtypes.size());
954 // As elements on the todo stack are processed back to front, construct
955 // them in reverse order (so that the first subnode is generated first).
956 for (size_t i = 0; i < subtypes.size(); ++i) {
957 todo.emplace_back(*(subtypes.rbegin() + i), std::nullopt);
958 }
959 } else {
960 // The back of todo has fragment and number of children decided, and
961 // those children have been constructed at the back of stack. Pop
962 // that entry off todo, and use it to construct a new NodeRef on
963 // stack.
964 NodeInfo& info = *todo.back().second;
965 // Gather children from the back of stack.
966 std::vector<NodeRef> sub;
967 sub.reserve(info.subtypes.size());
968 for (size_t i = 0; i < info.subtypes.size(); ++i) {
969 sub.push_back(std::move(*(stack.end() - info.subtypes.size() + i)));
970 }
971 stack.erase(stack.end() - info.subtypes.size(), stack.end());
972 // Construct new NodeRef.
973 NodeRef node;
974 if (info.keys.empty()) {
975 node = MakeNodeRef(script_ctx, info.fragment, std::move(sub), std::move(info.hash), info.k);
976 } else {
977 assert(sub.empty());
978 assert(info.hash.empty());
979 node = MakeNodeRef(script_ctx, info.fragment, std::move(info.keys), info.k);
980 }
981 // Verify acceptability.
982 if (!node || (node->GetType() & "KVWB"_mst) == ""_mst) {
983 assert(!strict_valid);
984 return {};
985 }
986 if (!(type_needed == ""_mst)) {
987 assert(node->GetType() << type_needed);
988 }
989 if (!node->IsValid()) return {};
990 // Update resource predictions.
991 if (node->fragment == Fragment::WRAP_V && node->subs[0]->GetType() << "x"_mst) {
992 ops += 1;
993 scriptsize += 1;
994 }
995 if (!miniscript::IsTapscript(script_ctx) && ops > MAX_OPS_PER_SCRIPT) return {};
996 if (scriptsize > miniscript::internal::MaxScriptSize(script_ctx)) {
997 return {};
998 }
999 // Move it to the stack.
1000 stack.push_back(std::move(node));
1001 todo.pop_back();
1002 }
1003 }
1004 assert(stack.size() == 1);
1005 assert(stack[0]->GetStaticOps() == ops);
1006 assert(stack[0]->ScriptSize() == scriptsize);
1007 stack[0]->DuplicateKeyCheck(KEY_COMP);
1008 return std::move(stack[0]);
1009}
1010
1012CScript ScriptPubKey(MsCtx ctx, const CScript& script, TaprootBuilder& builder)
1013{
1014 if (!miniscript::IsTapscript(ctx)) return CScript() << OP_0 << WitnessV0ScriptHash(script);
1015
1016 // For Taproot outputs we always use a tree with a single script and a dummy internal key.
1017 builder.Add(0, script, TAPROOT_LEAF_TAPSCRIPT);
1018 builder.Finalize(XOnlyPubKey::NUMS_H);
1019 return GetScriptForDestination(builder.GetOutput());
1020}
1021
1023void SatisfactionToWitness(MsCtx ctx, CScriptWitness& witness, const CScript& script, TaprootBuilder& builder) {
1024 // For P2WSH, it's only the witness script.
1025 witness.stack.emplace_back(script.begin(), script.end());
1026 if (!miniscript::IsTapscript(ctx)) return;
1027 // For Tapscript we also need the control block.
1028 witness.stack.push_back(*builder.GetSpendData().scripts.begin()->second.begin());
1029}
1030
1032void TestNode(const MsCtx script_ctx, const NodeRef& node, FuzzedDataProvider& provider)
1033{
1034 if (!node) return;
1035
1036 // Check that it roundtrips to text representation
1037 const ParserContext parser_ctx{script_ctx};
1038 std::optional<std::string> str{node->ToString(parser_ctx)};
1039 assert(str);
1040 auto parsed = miniscript::FromString(*str, parser_ctx);
1041 assert(parsed);
1042 assert(*parsed == *node);
1043
1044 // Check consistency between script size estimation and real size.
1045 auto script = node->ToScript(parser_ctx);
1046 assert(node->ScriptSize() == script.size());
1047
1048 // Check consistency of "x" property with the script (type K is excluded, because it can end
1049 // with a push of a key, which could match these opcodes).
1050 if (!(node->GetType() << "K"_mst)) {
1051 bool ends_in_verify = !(node->GetType() << "x"_mst);
1052 assert(ends_in_verify == (script.back() == OP_CHECKSIG || script.back() == OP_CHECKMULTISIG || script.back() == OP_EQUAL || script.back() == OP_NUMEQUAL));
1053 }
1054
1055 // The rest of the checks only apply when testing a valid top-level script.
1056 if (!node->IsValidTopLevel()) return;
1057
1058 // Check roundtrip to script
1059 auto decoded = miniscript::FromScript(script, parser_ctx);
1060 assert(decoded);
1061 // Note we can't use *decoded == *node because the miniscript representation may differ, so we check that:
1062 // - The script corresponding to that decoded form matches exactly
1063 // - The type matches exactly
1064 assert(decoded->ToScript(parser_ctx) == script);
1065 assert(decoded->GetType() == node->GetType());
1066
1067 // Optionally pad the script or the witness in order to increase the sensitivity of the tests of
1068 // the resources limits logic.
1069 CScriptWitness witness_mal, witness_nonmal;
1070 if (provider.ConsumeBool()) {
1071 // Under P2WSH, optionally pad the script with OP_NOPs to max op the ops limit of the constructed script.
1072 // This makes the script obviously not actually miniscript-compatible anymore, but the
1073 // signatures constructed in this test don't commit to the script anyway, so the same
1074 // miniscript satisfier will work. This increases the sensitivity of the test to the ops
1075 // counting logic being too low, especially for simple scripts.
1076 // Do this optionally because we're not solely interested in cases where the number of ops is
1077 // maximal.
1078 // Do not pad more than what would cause MAX_STANDARD_P2WSH_SCRIPT_SIZE to be reached, however,
1079 // as that also invalidates scripts.
1080 const auto node_ops{node->GetOps()};
1081 if (!IsTapscript(script_ctx) && node_ops && *node_ops < MAX_OPS_PER_SCRIPT
1082 && node->ScriptSize() < MAX_STANDARD_P2WSH_SCRIPT_SIZE) {
1083 int add = std::min<int>(
1084 MAX_OPS_PER_SCRIPT - *node_ops,
1085 MAX_STANDARD_P2WSH_SCRIPT_SIZE - node->ScriptSize());
1086 for (int i = 0; i < add; ++i) script.push_back(OP_NOP);
1087 }
1088
1089 // Under Tapscript, optionally pad the stack up to the limit minus the calculated maximum execution stack
1090 // size to assert a Miniscript would never add more elements to the stack during execution than anticipated.
1091 const auto node_exec_ss{node->GetExecStackSize()};
1092 if (miniscript::IsTapscript(script_ctx) && node_exec_ss && *node_exec_ss < MAX_STACK_SIZE) {
1093 unsigned add{(unsigned)MAX_STACK_SIZE - *node_exec_ss};
1094 witness_mal.stack.resize(add);
1095 witness_nonmal.stack.resize(add);
1096 script.reserve(add);
1097 for (unsigned i = 0; i < add; ++i) script.push_back(OP_NIP);
1098 }
1099 }
1100
1101 const SatisfierContext satisfier_ctx{script_ctx};
1102
1103 // Get the ScriptPubKey for this script, filling spend data if it's Taproot.
1104 TaprootBuilder builder;
1105 const CScript script_pubkey{ScriptPubKey(script_ctx, script, builder)};
1106
1107 // Run malleable satisfaction algorithm.
1108 std::vector<std::vector<unsigned char>> stack_mal;
1109 const bool mal_success = node->Satisfy(satisfier_ctx, stack_mal, false) == miniscript::Availability::YES;
1110
1111 // Run non-malleable satisfaction algorithm.
1112 std::vector<std::vector<unsigned char>> stack_nonmal;
1113 const bool nonmal_success = node->Satisfy(satisfier_ctx, stack_nonmal, true) == miniscript::Availability::YES;
1114
1115 if (nonmal_success) {
1116 // Non-malleable satisfactions are bounded by the satisfaction size plus:
1117 // - For P2WSH spends, the witness script
1118 // - For Tapscript spends, both the witness script and the control block
1119 const size_t max_stack_size{*node->GetStackSize() + 1 + miniscript::IsTapscript(script_ctx)};
1120 assert(stack_nonmal.size() <= max_stack_size);
1121 // If a non-malleable satisfaction exists, the malleable one must also exist, and be identical to it.
1122 assert(mal_success);
1123 assert(stack_nonmal == stack_mal);
1124 // Compute witness size (excluding script push, control block, and witness count encoding).
1125 const size_t wit_size = GetSerializeSize(stack_nonmal) - GetSizeOfCompactSize(stack_nonmal.size());
1126 assert(wit_size <= *node->GetWitnessSize());
1127
1128 // Test non-malleable satisfaction.
1129 witness_nonmal.stack.insert(witness_nonmal.stack.end(), std::make_move_iterator(stack_nonmal.begin()), std::make_move_iterator(stack_nonmal.end()));
1130 SatisfactionToWitness(script_ctx, witness_nonmal, script, builder);
1131 ScriptError serror;
1132 bool res = VerifyScript(DUMMY_SCRIPTSIG, script_pubkey, &witness_nonmal, STANDARD_SCRIPT_VERIFY_FLAGS, CHECKER_CTX, &serror);
1133 // Non-malleable satisfactions are guaranteed to be valid if ValidSatisfactions().
1134 if (node->ValidSatisfactions()) assert(res);
1135 // More detailed: non-malleable satisfactions must be valid, or could fail with ops count error (if CheckOpsLimit failed),
1136 // or with a stack size error (if CheckStackSize check failed).
1137 assert(res ||
1138 (!node->CheckOpsLimit() && serror == ScriptError::SCRIPT_ERR_OP_COUNT) ||
1139 (!node->CheckStackSize() && serror == ScriptError::SCRIPT_ERR_STACK_SIZE));
1140 }
1141
1142 if (mal_success && (!nonmal_success || witness_mal.stack != witness_nonmal.stack)) {
1143 // Test malleable satisfaction only if it's different from the non-malleable one.
1144 witness_mal.stack.insert(witness_mal.stack.end(), std::make_move_iterator(stack_mal.begin()), std::make_move_iterator(stack_mal.end()));
1145 SatisfactionToWitness(script_ctx, witness_mal, script, builder);
1146 ScriptError serror;
1147 bool res = VerifyScript(DUMMY_SCRIPTSIG, script_pubkey, &witness_mal, STANDARD_SCRIPT_VERIFY_FLAGS, CHECKER_CTX, &serror);
1148 // Malleable satisfactions are not guaranteed to be valid under any conditions, but they can only
1149 // fail due to stack or ops limits.
1150 assert(res || serror == ScriptError::SCRIPT_ERR_OP_COUNT || serror == ScriptError::SCRIPT_ERR_STACK_SIZE);
1151 }
1152
1153 if (node->IsSane()) {
1154 // For sane nodes, the two algorithms behave identically.
1155 assert(mal_success == nonmal_success);
1156 }
1157
1158 // Verify that if a node is policy-satisfiable, the malleable satisfaction
1159 // algorithm succeeds. Given that under IsSane() both satisfactions
1160 // are identical, this implies that for such nodes, the non-malleable
1161 // satisfaction will also match the expected policy.
1162 const auto is_key_satisfiable = [script_ctx](const CPubKey& pubkey) -> bool {
1163 auto sig_ptr{TEST_DATA.GetSig(script_ctx, pubkey)};
1164 return sig_ptr != nullptr && sig_ptr->second;
1165 };
1166 bool satisfiable = node->IsSatisfiable([&](const Node& node) -> bool {
1167 switch (node.fragment) {
1168 case Fragment::PK_K:
1169 case Fragment::PK_H:
1170 return is_key_satisfiable(node.keys[0]);
1171 case Fragment::MULTI:
1172 case Fragment::MULTI_A: {
1173 size_t sats = std::count_if(node.keys.begin(), node.keys.end(), [&](const auto& key) {
1174 return size_t(is_key_satisfiable(key));
1175 });
1176 return sats >= node.k;
1177 }
1178 case Fragment::OLDER:
1179 case Fragment::AFTER:
1180 return node.k & 1;
1181 case Fragment::SHA256:
1182 return TEST_DATA.sha256_preimages.count(node.data);
1183 case Fragment::HASH256:
1184 return TEST_DATA.hash256_preimages.count(node.data);
1185 case Fragment::RIPEMD160:
1186 return TEST_DATA.ripemd160_preimages.count(node.data);
1187 case Fragment::HASH160:
1188 return TEST_DATA.hash160_preimages.count(node.data);
1189 default:
1190 assert(false);
1191 }
1192 return false;
1193 });
1194 assert(mal_success == satisfiable);
1195}
1196
1197} // namespace
1198
1199void FuzzInit()
1200{
1201 static ECC_Context ecc_context{};
1202 TEST_DATA.Init();
1203}
1204
1205void FuzzInitSmart()
1206{
1207 FuzzInit();
1208 SMARTINFO.Init();
1209}
1210
1212FUZZ_TARGET(miniscript_stable, .init = FuzzInit)
1213{
1214 // Run it under both P2WSH and Tapscript contexts.
1215 for (const auto script_ctx: {MsCtx::P2WSH, MsCtx::TAPSCRIPT}) {
1216 FuzzedDataProvider provider(buffer.data(), buffer.size());
1217 TestNode(script_ctx, GenNode(script_ctx, [&](Type needed_type) {
1218 return ConsumeNodeStable(script_ctx, provider, needed_type);
1219 }, ""_mst), provider);
1220 }
1221}
1222
1224FUZZ_TARGET(miniscript_smart, .init = FuzzInitSmart)
1225{
1227 static constexpr std::array<Type, 4> BASE_TYPES{"B"_mst, "V"_mst, "K"_mst, "W"_mst};
1228
1229 FuzzedDataProvider provider(buffer.data(), buffer.size());
1230 const auto script_ctx{(MsCtx)provider.ConsumeBool()};
1231 TestNode(script_ctx, GenNode(script_ctx, [&](Type needed_type) {
1232 return ConsumeNodeSmart(script_ctx, provider, needed_type);
1233 }, PickValue(provider, BASE_TYPES), true), provider);
1234}
1235
1236/* Fuzz tests that test parsing from a string, and roundtripping via string. */
1237FUZZ_TARGET(miniscript_string, .init = FuzzInit)
1238{
1239 if (buffer.empty()) return;
1240 FuzzedDataProvider provider(buffer.data(), buffer.size());
1241 auto str = provider.ConsumeBytesAsString(provider.remaining_bytes() - 1);
1242 const ParserContext parser_ctx{(MsCtx)provider.ConsumeBool()};
1243 auto parsed = miniscript::FromString(str, parser_ctx);
1244 if (!parsed) return;
1245
1246 const auto str2 = parsed->ToString(parser_ctx);
1247 assert(str2);
1248 auto parsed2 = miniscript::FromString(*str2, parser_ctx);
1249 assert(parsed2);
1250 assert(*parsed == *parsed2);
1251}
1252
1253/* Fuzz tests that test parsing from a script, and roundtripping via script. */
1254FUZZ_TARGET(miniscript_script)
1255{
1256 FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
1257 const std::optional<CScript> script = ConsumeDeserializable<CScript>(fuzzed_data_provider);
1258 if (!script) return;
1259
1260 const ScriptParserContext script_parser_ctx{(MsCtx)fuzzed_data_provider.ConsumeBool()};
1261 const auto ms = miniscript::FromScript(*script, script_parser_ctx);
1262 if (!ms) return;
1263
1264 assert(ms->ToScript(script_parser_ctx) == *script);
1265}
GetScriptForDestination
CScript GetScriptForDestination(const CTxDestination &dest)
Generate a Bitcoin scriptPubKey for the given CTxDestination.
Definition addresstype.cpp:166
ecc_context
ECC_Context ecc_context
Definition bitcoin-wallet.cpp:134
args
ArgsManager & args
Definition bitcoind.cpp:270
CHash160
A hasher class for Bitcoin's 160-bit hash (SHA-256 + RIPEMD-160).
Definition hash.h:49
CHash160::Finalize
void Finalize(Span< unsigned char > output)
Definition hash.h:55
CHash160::Write
CHash160 & Write(Span< const unsigned char > input)
Definition hash.h:62
CHash256
A hasher class for Bitcoin's 256-bit hash (double SHA-256).
Definition hash.h:24
CHash256::Finalize
void Finalize(Span< unsigned char > output)
Definition hash.h:30
CHash256::Write
CHash256 & Write(Span< const unsigned char > input)
Definition hash.h:37
CKey
An encapsulated private key.
Definition key.h:35
CKey::SignSchnorr
bool SignSchnorr(const uint256 &hash, Span< unsigned char > sig, const uint256 *merkle_root, const uint256 &aux) const
Create a BIP-340 Schnorr signature, for the xonly-pubkey corresponding to *this, optionally tweaked b...
Definition key.cpp:272
CKey::Sign
bool Sign(const uint256 &hash, std::vector< unsigned char > &vchSig, bool grind=true, uint32_t test_case=0) const
Create a DER-serialized signature.
Definition key.cpp:208
CKey::GetPubKey
CPubKey GetPubKey() const
Compute the public key from a private key.
Definition key.cpp:182
CKey::Set
void Set(const T pbegin, const T pend, bool fCompressedIn)
Initialize using begin and end iterators to byte data.
Definition key.h:103
CKeyID
A reference to a CKey: the Hash160 of its serialized public key.
Definition pubkey.h:24
CPubKey
An encapsulated public key.
Definition pubkey.h:34
CRIPEMD160
A hasher class for RIPEMD-160.
Definition ripemd160.h:13
CRIPEMD160::Write
CRIPEMD160 & Write(const unsigned char *data, size_t len)
Definition ripemd160.cpp:247
CRIPEMD160::Finalize
void Finalize(unsigned char hash[OUTPUT_SIZE])
Definition ripemd160.cpp:273
CSHA256
A hasher class for SHA-256.
Definition sha256.h:14
CSHA256::Finalize
void Finalize(unsigned char hash[OUTPUT_SIZE])
Definition sha256.cpp:727
CSHA256::Write
CSHA256 & Write(const unsigned char *data, size_t len)
Definition sha256.cpp:701
CScript
Serialized script, used inside transaction inputs and outputs.
Definition script.h:414
CScriptNum::GetInt64
int64_t GetInt64() const
Definition script.h:341
ECC_Context
RAII class initializing and deinitializing global state for elliptic curve support.
Definition key.h:322
FuzzedDataProvider::ConsumeBytesAsString
std::string ConsumeBytesAsString(size_t num_bytes)
Definition FuzzedDataProvider.h:136
FuzzedDataProvider::ConsumeIntegralInRange
T ConsumeIntegralInRange(T min, T max)
Definition FuzzedDataProvider.h:204
Span
A Span is an object that can refer to a contiguous sequence of objects.
Definition span.h:98
TaprootBuilder
Utility class to construct Taproot outputs from internal key and script tree.
Definition signingprovider.h:46
TaprootBuilder::GetOutput
WitnessV1Taproot GetOutput()
Compute scriptPubKey (after Finalize()).
Definition signingprovider.cpp:400
TaprootBuilder::GetSpendData
TaprootSpendData GetSpendData() const
Compute spending data (after Finalize()).
Definition signingprovider.cpp:402
TaprootBuilder::Add
TaprootBuilder & Add(int depth, Span< const unsigned char > script, int leaf_version, bool track=true)
Add a new script at a certain depth in the tree.
Definition signingprovider.cpp:366
TaprootBuilder::Finalize
TaprootBuilder & Finalize(const XOnlyPubKey &internal_key)
Finalize the construction.
Definition signingprovider.cpp:389
XOnlyPubKey::begin
const unsigned char * begin() const
Definition pubkey.h:295
XOnlyPubKey::GetEvenCorrespondingCPubKey
CPubKey GetEvenCorrespondingCPubKey() const
Definition pubkey.cpp:219
XOnlyPubKey::NUMS_H
static const XOnlyPubKey NUMS_H
Nothing Up My Sleeve point H Used as an internal key for provably disabling the key path spend see BI...
Definition pubkey.h:194
base_blob::begin
constexpr unsigned char * begin()
Definition uint256.h:102
miniscript::Type
This type encapsulates the miniscript type system properties.
Definition miniscript.h:122
uint160
160-bit opaque blob.
Definition uint256.h:166
uint256
256-bit opaque blob.
Definition uint256.h:178
uint256::ZERO
static const uint256 ZERO
Definition uint256.h:185
core_io.h
FUZZ_TARGET
#define FUZZ_TARGET(...)
Definition fuzz.h:35
Hash160
uint160 Hash160(const T1 &in1)
Compute the 160-bit hash an object.
Definition hash.h:92
T
#define T(expected, seed, data)
HexStr
std::string HexStr(const Span< const uint8_t > s)
Convert a span of bytes to a lower-case hexadecimal string.
Definition hex_base.cpp:29
VerifyScript
bool VerifyScript(const CScript &scriptSig, const CScript &scriptPubKey, const CScriptWitness *witness, unsigned int flags, const BaseSignatureChecker &checker, ScriptError *serror)
Definition interpreter.cpp:1958
SigVersion
SigVersion
Definition interpreter.h:191
TAPROOT_LEAF_TAPSCRIPT
static constexpr uint8_t TAPROOT_LEAF_TAPSCRIPT
Definition interpreter.h:232
miniscript::internal::ComputeScriptLen
size_t ComputeScriptLen(Fragment fragment, Type sub0typ, size_t subsize, uint32_t k, size_t n_subs, size_t n_keys, MiniscriptContext ms_ctx)
Helper function for Node::CalcScriptLen.
Definition miniscript.cpp:262
miniscript::internal::MaxScriptSize
constexpr uint32_t MaxScriptSize(MiniscriptContext ms_ctx)
The maximum size of a script depending on the context.
Definition miniscript.h:265
miniscript::internal::ComputeType
Type ComputeType(Fragment fragment, Type x, Type y, Type z, const std::vector< Type > &sub_types, uint32_t k, size_t data_size, size_t n_subs, size_t n_keys, MiniscriptContext ms_ctx)
Helper function for Node::CalcType.
Definition miniscript.cpp:36
miniscript::FromString
NodeRef< typename Ctx::Key > FromString(const std::string &str, const Ctx &ctx)
Definition miniscript.h:2612
miniscript::IsTapscript
constexpr bool IsTapscript(MiniscriptContext ms_ctx)
Whether the context Tapscript, ensuring the only other possibility is P2WSH.
Definition miniscript.h:240
miniscript::NodeRef
std::shared_ptr< const Node< Key > > NodeRef
Definition miniscript.h:187
miniscript::FromScript
NodeRef< typename Ctx::Key > FromScript(const CScript &script, const Ctx &ctx)
Definition miniscript.h:2617
miniscript::MakeNodeRef
NodeRef< Key > MakeNodeRef(Args &&... args)
Construct a miniscript node as a shared_ptr.
Definition miniscript.h:191
miniscript::Fragment
Fragment
The different node types in miniscript.
Definition miniscript.h:194
ripemd160
Internal RIPEMD-160 implementation.
Definition ripemd160.cpp:16
sha256
Internal SHA-256 implementation.
Definition sha256.cpp:70
tests_wycheproof_generate.pk
pk
Definition tests_wycheproof_generate.py:69
STANDARD_SCRIPT_VERIFY_FLAGS
static constexpr unsigned int STANDARD_SCRIPT_VERIFY_FLAGS
Standard script verification flags that standard transactions will comply with.
Definition policy.h:103
MAX_STANDARD_P2WSH_SCRIPT_SIZE
static constexpr unsigned int MAX_STANDARD_P2WSH_SCRIPT_SIZE
The maximum size in bytes of a standard witnessScript.
Definition policy.h:47
OP_CHECKMULTISIG
@ OP_CHECKMULTISIG
Definition script.h:191
OP_CHECKSIG
@ OP_CHECKSIG
Definition script.h:189
OP_EQUAL
@ OP_EQUAL
Definition script.h:145
OP_NUMEQUAL
@ OP_NUMEQUAL
Definition script.h:170
OP_NOP
@ OP_NOP
Definition script.h:101
OP_NIP
@ OP_NIP
Definition script.h:125
OP_0
@ OP_0
Definition script.h:75
MAX_STACK_SIZE
static const int MAX_STACK_SIZE
Definition script.h:42
MAX_OPS_PER_SCRIPT
static const int MAX_OPS_PER_SCRIPT
Definition script.h:30
ScriptError
enum ScriptError_t ScriptError
GetSerializeSize
size_t GetSerializeSize(const T &t)
Definition serialize.h:1101
GetSizeOfCompactSize
constexpr unsigned int GetSizeOfCompactSize(uint64_t nSize)
Compact Size size < 253 – 1 byte size <= USHRT_MAX – 3 bytes (253 + 2 bytes) size <= UINT_MAX – 5 byt...
Definition serialize.h:295
ParseHex
std::vector< Byte > ParseHex(std::string_view hex_str)
Like TryParseHex, but returns an empty vector on invalid input.
Definition strencodings.h:66
CScriptWitness::stack
std::vector< std::vector< unsigned char > > stack
Definition script.h:577
TaprootSpendData::scripts
std::map< std::pair< std::vector< unsigned char >, int >, std::set< std::vector< unsigned char >, ShortestVectorFirstComparator > > scripts
Map from (script, leaf_version) to (sets of) control blocks.
Definition signingprovider.h:39
miniscript::Node
A node in a miniscript expression.
Definition miniscript.h:499
FuzzInit
void FuzzInit()
Definition miniscript.cpp:1199
FuzzInitSmart
void FuzzInitSmart()
Definition miniscript.cpp:1205
ConsumeNode
auto ConsumeNode(FuzzedDataProvider &fuzzed_data_provider, const std::optional< NodeId > &node_id_in=std::nullopt) noexcept
Definition net.h:109
PickValue
auto & PickValue(FuzzedDataProvider &fuzzed_data_provider, Collection &col)
Definition util.h:47
ConsumeDeserializable
std::optional< T > ConsumeDeserializable(FuzzedDataProvider &fuzzed_data_provider, const P &params, const std::optional< size_t > &max_length=std::nullopt) noexcept
Definition util.h:103
_
bilingual_str _(ConstevalStringLiteral str)
Translation function.
Definition translation.h:80
B
#define B
Definition util_tests.cpp:498
assert
assert(!tx.IsCoinBase())
Generated on Thu Oct 3 2024 09:20:15 for Bitcoin Core by doxygen 1.12.0