mirrors/bitcoin
1
0
Fork 0
mirror of https://github.com/bitcoin/bitcoin.git synced 2025-02-22 23:07:59 +01:00
Code Issues Projects Releases Wiki Activity

fuzz: adapt Miniscript targets to Tapscript

Browse source 
We introduce another global that dictates the script context under which
to operate when running the target.

For miniscript_script, just consume another byte to set the context.
This should only affect existing seeds to the extent they contain a
CHECKMULTISIG. However it would not invalidate them entirely as they may
contain a NUMEQUAL or a CHECKSIGADD, and this still exercises a bit of
the parser.

For miniscript_string, reduce the string size by one byte and use the
last byte to determine the context. This is the change that i think
would invalidate the lowest number of existing seeds.

For miniscript_stable, we don't want to invalidate any seed. Instead of
creating a new miniscript_stable_tapscript, simply run the target once
for P2WSH and once for Tapscript (with the same seed).

For miniscript_smart, consume one byte before generating a pseudo-random
node to set the context. We have less regard for seed stability for this
target anyways.
This commit is contained in:
Antoine Poinsot 2023-02-22 16:28:58 +01:00
parent 84623722ef
commit 574523dbe0
No known key found for this signature in database
GPG key ID: E13FC145CD3F4304
1 changed files with 195 additions and 86 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

273
src/test/fuzz/miniscript.cpp
View file

@ -7,6 +7,7 @@
#include <key.h> #include <key.h>
#include <script/miniscript.h> #include <script/miniscript.h>
#include <script/script.h> #include <script/script.h>
#include <script/signingprovider.h>
#include <test/fuzz/FuzzedDataProvider.h> #include <test/fuzz/FuzzedDataProvider.h>
#include <test/fuzz/fuzz.h> #include <test/fuzz/fuzz.h>
#include <test/fuzz/util.h> #include <test/fuzz/util.h>
@ -14,6 +15,15 @@
namespace { namespace {
using Fragment = miniscript::Fragment;
using NodeRef = miniscript::NodeRef<CPubKey>;
using Node = miniscript::Node<CPubKey>;
using Type = miniscript::Type;
using MsCtx = miniscript::MiniscriptContext;
// https://github.com/llvm/llvm-project/issues/53444
// NOLINTNEXTLINE(misc-unused-using-decls)
using miniscript::operator"" _mst;
//! Some pre-computed data for more efficient string roundtrips and to simulate challenges. //! Some pre-computed data for more efficient string roundtrips and to simulate challenges.
struct TestData { struct TestData {
typedef CPubKey Key; typedef CPubKey Key;
@ -23,6 +33,7 @@ struct TestData {
std::map<Key, int> dummy_key_idx_map; std::map<Key, int> dummy_key_idx_map;
std::map<CKeyID, Key> dummy_keys_map; std::map<CKeyID, Key> dummy_keys_map;
std::map<Key, std::pair<std::vector<unsigned char>, bool>> dummy_sigs; std::map<Key, std::pair<std::vector<unsigned char>, bool>> dummy_sigs;
std::map<XOnlyPubKey, std::pair<std::vector<unsigned char>, bool>> schnorr_sigs;
// Precomputed hashes of each kind. // Precomputed hashes of each kind.
std::vector<std::vector<unsigned char>> sha256; std::vector<std::vector<unsigned char>> sha256;
@ -37,6 +48,11 @@ struct TestData {
//! Set the precomputed data. //! Set the precomputed data.
void Init() { void Init() {
unsigned char keydata[32] = {1}; unsigned char keydata[32] = {1};
// All our signatures sign (and are required to sign) this constant message.
auto const MESSAGE_HASH{uint256S("f5cd94e18b6fe77dd7aca9e35c2b0c9cbd86356c80a71065")};
// We don't pass additional randomness when creating a schnorr signature.
auto const EMPTY_AUX{uint256S("")};
for (size_t i = 0; i < 256; i++) { for (size_t i = 0; i < 256; i++) {
keydata[31] = i; keydata[31] = i;
CKey privkey; CKey privkey;
@ -46,11 +62,17 @@ struct TestData {
dummy_keys.push_back(pubkey); dummy_keys.push_back(pubkey);
dummy_key_idx_map.emplace(pubkey, i); dummy_key_idx_map.emplace(pubkey, i);
dummy_keys_map.insert({pubkey.GetID(), pubkey}); dummy_keys_map.insert({pubkey.GetID(), pubkey});
XOnlyPubKey xonly_pubkey{pubkey};
dummy_key_idx_map.emplace(xonly_pubkey, i);
uint160 xonly_hash{Hash160(xonly_pubkey)};
dummy_keys_map.emplace(xonly_hash, pubkey);
std::vector<unsigned char> sig; std::vector<unsigned char> sig, schnorr_sig(64);
privkey.Sign(uint256S(""), sig); privkey.Sign(MESSAGE_HASH, sig);
sig.push_back(1); // SIGHASH_ALL sig.push_back(1); // SIGHASH_ALL
dummy_sigs.insert({pubkey, {sig, i & 1}}); dummy_sigs.insert({pubkey, {sig, i & 1}});
assert(privkey.SignSchnorr(MESSAGE_HASH, schnorr_sig, nullptr, EMPTY_AUX));
schnorr_sigs.emplace(XOnlyPubKey{pubkey}, std::make_pair(std::move(schnorr_sig), i & 1));
std::vector<unsigned char> hash; std::vector<unsigned char> hash;
hash.resize(32); hash.resize(32);
@ -70,6 +92,19 @@ struct TestData {
if (i & 1) hash160_preimages[hash] = std::vector<unsigned char>(keydata, keydata + 32); if (i & 1) hash160_preimages[hash] = std::vector<unsigned char>(keydata, keydata + 32);
} }
} }
//! Get the (Schnorr or ECDSA, depending on context) signature for this pubkey.
std::pair<std::vector<unsigned char>, bool>* GetSig(const MsCtx script_ctx, const Key& key) {
if (!miniscript::IsTapscript(script_ctx)) {
const auto it = dummy_sigs.find(key);
if (it == dummy_sigs.end()) return nullptr;
return &it->second;
} else {
const auto it = schnorr_sigs.find(XOnlyPubKey{key});
if (it == schnorr_sigs.end()) return nullptr;
return &it->second;
}
}
} TEST_DATA; } TEST_DATA;
/** /**
@ -80,6 +115,8 @@ struct TestData {
struct ParserContext { struct ParserContext {
typedef CPubKey Key; typedef CPubKey Key;
MsCtx script_ctx{MsCtx::P2WSH};
bool KeyCompare(const Key& a, const Key& b) const { bool KeyCompare(const Key& a, const Key& b) const {
return a < b; return a < b;
} }
@ -92,16 +129,22 @@ struct ParserContext {
return HexStr(Span{&idx, 1}); return HexStr(Span{&idx, 1});
} }
std::vector<unsigned char> ToPKBytes(const Key& key) const std::vector<unsigned char> ToPKBytes(const Key& key) const {
{ if (!miniscript::IsTapscript(script_ctx)) {
return {key.begin(), key.end()}; return {key.begin(), key.end()};
} }
const XOnlyPubKey xonly_pubkey{key};
return {xonly_pubkey.begin(), xonly_pubkey.end()};
}
std::vector<unsigned char> ToPKHBytes(const Key& key) const std::vector<unsigned char> ToPKHBytes(const Key& key) const {
{ if (!miniscript::IsTapscript(script_ctx)) {
const auto h = Hash160(key); const auto h = Hash160(key);
return {h.begin(), h.end()}; return {h.begin(), h.end()};
} }
const auto h = Hash160(XOnlyPubKey{key});
return {h.begin(), h.end()};
}
template<typename I> template<typename I>
std::optional<Key> FromString(I first, I last) const { std::optional<Key> FromString(I first, I last) const {
@ -113,10 +156,15 @@ struct ParserContext {
template<typename I> template<typename I>
std::optional<Key> FromPKBytes(I first, I last) const { std::optional<Key> FromPKBytes(I first, I last) const {
CPubKey key; if (!miniscript::IsTapscript(script_ctx)) {
key.Set(first, last); Key key{first, last};
if (!key.IsValid()) return {}; if (key.IsValid()) return key;
return key; return {};
}
if (last - first != 32) return {};
XOnlyPubKey xonly_pubkey;
std::copy(first, last, xonly_pubkey.begin());
return xonly_pubkey.GetEvenCorrespondingCPubKey();
} }
template<typename I> template<typename I>
@ -129,13 +177,15 @@ struct ParserContext {
return it->second; return it->second;
} }
miniscript::MiniscriptContext MsContext() const { MsCtx MsContext() const {
return miniscript::MiniscriptContext::P2WSH; return script_ctx;
} }
} PARSER_CTX; } PARSER_CTX;
//! Context that implements naive conversion from/to script only, for roundtrip testing. //! Context that implements naive conversion from/to script only, for roundtrip testing.
struct ScriptParserContext { struct ScriptParserContext {
MsCtx script_ctx{MsCtx::P2WSH};
//! For Script roundtrip we never need the key from a key hash. //! For Script roundtrip we never need the key from a key hash.
struct Key { struct Key {
bool is_hash; bool is_hash;
@ -177,8 +227,8 @@ struct ScriptParserContext {
return key; return key;
} }
miniscript::MiniscriptContext MsContext() const { MsCtx MsContext() const {
return miniscript::MiniscriptContext::P2WSH; return script_ctx;
} }
} SCRIPT_PARSER_CONTEXT; } SCRIPT_PARSER_CONTEXT;
@ -191,15 +241,11 @@ struct SatisfierContext: ParserContext {
// Signature challenges fulfilled with a dummy signature, if it was one of our dummy keys. // Signature challenges fulfilled with a dummy signature, if it was one of our dummy keys.
miniscript::Availability Sign(const CPubKey& key, std::vector<unsigned char>& sig) const { miniscript::Availability Sign(const CPubKey& key, std::vector<unsigned char>& sig) const {
const auto it = TEST_DATA.dummy_sigs.find(key); bool sig_available{false};
if (it == TEST_DATA.dummy_sigs.end()) return miniscript::Availability::NO; if (auto res = TEST_DATA.GetSig(script_ctx, key)) {
if (it->second.second) { std::tie(sig, sig_available) = *res;
// Key is "available"
sig = it->second.first;
return miniscript::Availability::YES;
} else {
return miniscript::Availability::NO;
} }
return sig_available ? miniscript::Availability::YES : miniscript::Availability::NO;
} }
//! Lookup generalization for all the hash satisfactions below //! Lookup generalization for all the hash satisfactions below
@ -238,6 +284,13 @@ struct CheckerContext: BaseSignatureChecker {
if (it == TEST_DATA.dummy_sigs.end()) return false; if (it == TEST_DATA.dummy_sigs.end()) return false;
return it->second.first == sig; return it->second.first == sig;
} }
bool CheckSchnorrSignature(Span<const unsigned char> sig, Span<const unsigned char> pubkey, SigVersion,
ScriptExecutionData&, ScriptError*) const override {
XOnlyPubKey pk{pubkey};
auto it = TEST_DATA.schnorr_sigs.find(pk);
if (it == TEST_DATA.schnorr_sigs.end()) return false;
return it->second.first == sig;
}
bool CheckLockTime(const CScriptNum& nLockTime) const override { return nLockTime.GetInt64() & 1; } bool CheckLockTime(const CScriptNum& nLockTime) const override { return nLockTime.GetInt64() & 1; }
bool CheckSequence(const CScriptNum& nSequence) const override { return nSequence.GetInt64() & 1; } bool CheckSequence(const CScriptNum& nSequence) const override { return nSequence.GetInt64() & 1; }
} CHECKER_CTX; } CHECKER_CTX;
@ -252,16 +305,12 @@ struct KeyComparator {
// A dummy scriptsig to pass to VerifyScript (we always use Segwit v0). // A dummy scriptsig to pass to VerifyScript (we always use Segwit v0).
const CScript DUMMY_SCRIPTSIG; const CScript DUMMY_SCRIPTSIG;
using Fragment = miniscript::Fragment; //! Public key to be used as internal key for dummy Taproot spends.
using NodeRef = miniscript::NodeRef<CPubKey>; const std::vector<unsigned char> NUMS_PK{ParseHex("50929b74c1a04954b78b4b6035e97a5e078a5a0f28ec96d547bfee9ace803ac0")};
using Node = miniscript::Node<CPubKey>;
using Type = miniscript::Type;
using miniscript::operator"" _mst;
using MsCtx = miniscript::MiniscriptContext;
//! Construct a miniscript node as a shared_ptr. //! Construct a miniscript node as a shared_ptr.
template<typename... Args> NodeRef MakeNodeRef(Args&&... args) { template<typename... Args> NodeRef MakeNodeRef(Args&&... args) {
return miniscript::MakeNodeRef<CPubKey>(miniscript::internal::NoDupCheck{}, MsCtx::P2WSH, std::forward<Args>(args)...); return miniscript::MakeNodeRef<CPubKey>(miniscript::internal::NoDupCheck{}, std::forward<Args>(args)...);
} }
/** Information about a yet to be constructed Miniscript node. */ /** Information about a yet to be constructed Miniscript node. */
@ -330,9 +379,10 @@ std::optional<uint32_t> ConsumeTimeLock(FuzzedDataProvider& provider) {
* - For pk_k(), pk_h(), and all hashes, the next byte defines the index of the value in the test data. * - For pk_k(), pk_h(), and all hashes, the next byte defines the index of the value in the test data.
* - For multi(), the next 2 bytes define respectively the threshold and the number of keys. Then as many * - For multi(), the next 2 bytes define respectively the threshold and the number of keys. Then as many
* bytes as the number of keys define the index of each key in the test data. * bytes as the number of keys define the index of each key in the test data.
* - For multi_a(), same as for multi() but the threshold and the keys count are encoded on two bytes.
* - For thresh(), the next byte defines the threshold value and the following one the number of subs. * - For thresh(), the next byte defines the threshold value and the following one the number of subs.
*/ */
std::optional<NodeInfo> ConsumeNodeStable(FuzzedDataProvider& provider, Type type_needed) { std::optional<NodeInfo> ConsumeNodeStable(MsCtx script_ctx, FuzzedDataProvider& provider, Type type_needed) {
bool allow_B = (type_needed == ""_mst) || (type_needed << "B"_mst); bool allow_B = (type_needed == ""_mst) || (type_needed << "B"_mst);
bool allow_K = (type_needed == ""_mst) || (type_needed << "K"_mst); bool allow_K = (type_needed == ""_mst) || (type_needed << "K"_mst);
bool allow_V = (type_needed == ""_mst) || (type_needed << "V"_mst); bool allow_V = (type_needed == ""_mst) || (type_needed << "V"_mst);
@ -376,7 +426,7 @@ std::optional<NodeInfo> ConsumeNodeStable(FuzzedDataProvider& provider, Type typ
if (!allow_B) return {}; if (!allow_B) return {};
return {{Fragment::HASH160, ConsumeHash160(provider)}}; return {{Fragment::HASH160, ConsumeHash160(provider)}};
case 10: { case 10: {
if (!allow_B) return {}; if (!allow_B || IsTapscript(script_ctx)) return {};
const auto k = provider.ConsumeIntegral<uint8_t>(); const auto k = provider.ConsumeIntegral<uint8_t>();
const auto n_keys = provider.ConsumeIntegral<uint8_t>(); const auto n_keys = provider.ConsumeIntegral<uint8_t>();
if (n_keys > 20 || k == 0 || k > n_keys) return {}; if (n_keys > 20 || k == 0 || k > n_keys) return {};
@ -437,6 +487,15 @@ std::optional<NodeInfo> ConsumeNodeStable(FuzzedDataProvider& provider, Type typ
case 26: case 26:
if (!allow_B) return {}; if (!allow_B) return {};
return {{{"B"_mst}, Fragment::WRAP_N}}; return {{{"B"_mst}, Fragment::WRAP_N}};
case 27: {
if (!allow_B || !IsTapscript(script_ctx)) return {};
const auto k = provider.ConsumeIntegral<uint16_t>();
const auto n_keys = provider.ConsumeIntegral<uint16_t>();
if (n_keys > 999 || k == 0 || k > n_keys) return {};
std::vector<CPubKey> keys{n_keys};
for (auto& key: keys) key = ConsumePubKey(provider);
return {{Fragment::MULTI_A, k, std::move(keys)}};
}
default: default:
break; break;
} }
@ -453,9 +512,15 @@ std::optional<NodeInfo> ConsumeNodeStable(FuzzedDataProvider& provider, Type typ
struct SmartInfo struct SmartInfo
{ {
using recipe = std::pair<Fragment, std::vector<Type>>; using recipe = std::pair<Fragment, std::vector<Type>>;
std::map<Type, std::vector<recipe>> table; std::map<Type, std::vector<recipe>> wsh_table, tap_table;
void Init() void Init()
{
Init(wsh_table, MsCtx::P2WSH);
Init(tap_table, MsCtx::TAPSCRIPT);
}
void Init(std::map<Type, std::vector<recipe>>& table, MsCtx script_ctx)
{ {
/* Construct a set of interesting type requirements to reason with (sections of BKVWzondu). */ /* Construct a set of interesting type requirements to reason with (sections of BKVWzondu). */
std::vector<Type> types; std::vector<Type> types;
@ -504,7 +569,7 @@ struct SmartInfo
std::sort(types.begin(), types.end()); std::sort(types.begin(), types.end());
// Iterate over all possible fragments. // Iterate over all possible fragments.
for (int fragidx = 0; fragidx <= int(Fragment::MULTI); ++fragidx) { for (int fragidx = 0; fragidx <= int(Fragment::MULTI_A); ++fragidx) {
int sub_count = 0; //!< The minimum number of child nodes this recipe has. int sub_count = 0; //!< The minimum number of child nodes this recipe has.
int sub_range = 1; //!< The maximum number of child nodes for this recipe is sub_count+sub_range-1. int sub_range = 1; //!< The maximum number of child nodes for this recipe is sub_count+sub_range-1.
size_t data_size = 0; size_t data_size = 0;
@ -512,16 +577,20 @@ struct SmartInfo
uint32_t k = 0; uint32_t k = 0;
Fragment frag{fragidx}; Fragment frag{fragidx};
// Only produce recipes valid in the given context.
if ((!miniscript::IsTapscript(script_ctx) && frag == Fragment::MULTI_A)
|| (miniscript::IsTapscript(script_ctx) && frag == Fragment::MULTI)) {
continue;
}
// Based on the fragment, determine #subs/data/k/keys to pass to ComputeType. */ // Based on the fragment, determine #subs/data/k/keys to pass to ComputeType. */
switch (frag) { switch (frag) {
case Fragment::MULTI_A:
// TODO: Tapscript support.
assert(false);
case Fragment::PK_K: case Fragment::PK_K:
case Fragment::PK_H: case Fragment::PK_H:
n_keys = 1; n_keys = 1;
break; break;
case Fragment::MULTI: case Fragment::MULTI:
case Fragment::MULTI_A:
n_keys = 1; n_keys = 1;
k = 1; k = 1;
break; break;
@ -580,7 +649,7 @@ struct SmartInfo
if (subs > 0) subt.push_back(x); if (subs > 0) subt.push_back(x);
if (subs > 1) subt.push_back(y); if (subs > 1) subt.push_back(y);
if (subs > 2) subt.push_back(z); if (subs > 2) subt.push_back(z);
Type res = miniscript::internal::ComputeType(frag, x, y, z, subt, k, data_size, subs, n_keys, MsCtx::P2WSH); Type res = miniscript::internal::ComputeType(frag, x, y, z, subt, k, data_size, subs, n_keys, script_ctx);
// Continue if the result is not a valid node. // Continue if the result is not a valid node.
if ((res << "K"_mst) + (res << "V"_mst) + (res << "B"_mst) + (res << "W"_mst) != 1) continue; if ((res << "K"_mst) + (res << "V"_mst) + (res << "B"_mst) + (res << "W"_mst) != 1) continue;
@ -697,18 +766,16 @@ struct SmartInfo
* (as improvements to the tables or changes to the typing rules could invalidate * (as improvements to the tables or changes to the typing rules could invalidate
* everything). * everything).
*/ */
std::optional<NodeInfo> ConsumeNodeSmart(FuzzedDataProvider& provider, Type type_needed) { std::optional<NodeInfo> ConsumeNodeSmart(MsCtx script_ctx, FuzzedDataProvider& provider, Type type_needed) {
/** Table entry for the requested type. */ /** Table entry for the requested type. */
auto recipes_it = SMARTINFO.table.find(type_needed); const auto& table{IsTapscript(script_ctx) ? SMARTINFO.tap_table : SMARTINFO.wsh_table};
assert(recipes_it != SMARTINFO.table.end()); auto recipes_it = table.find(type_needed);
assert(recipes_it != table.end());
/** Pick one recipe from the available ones for that type. */ /** Pick one recipe from the available ones for that type. */
const auto& [frag, subt] = PickValue(provider, recipes_it->second); const auto& [frag, subt] = PickValue(provider, recipes_it->second);
// Based on the fragment the recipe uses, fill in other data (k, keys, data). // Based on the fragment the recipe uses, fill in other data (k, keys, data).
switch (frag) { switch (frag) {
case Fragment::MULTI_A:
// TODO: Tapscript support.
assert(false);
case Fragment::PK_K: case Fragment::PK_K:
case Fragment::PK_H: case Fragment::PK_H:
return {{frag, ConsumePubKey(provider)}}; return {{frag, ConsumePubKey(provider)}};
@ -719,6 +786,13 @@ std::optional<NodeInfo> ConsumeNodeSmart(FuzzedDataProvider& provider, Type type
for (auto& key: keys) key = ConsumePubKey(provider); for (auto& key: keys) key = ConsumePubKey(provider);
return {{frag, k, std::move(keys)}}; return {{frag, k, std::move(keys)}};
} }
case Fragment::MULTI_A: {
const auto n_keys = provider.ConsumeIntegralInRange<uint16_t>(1, 999);
const auto k = provider.ConsumeIntegralInRange<uint16_t>(1, n_keys);
std::vector<CPubKey> keys{n_keys};
for (auto& key: keys) key = ConsumePubKey(provider);
return {{frag, k, std::move(keys)}};
}
case Fragment::OLDER: case Fragment::OLDER:
case Fragment::AFTER: case Fragment::AFTER:
return {{frag, provider.ConsumeIntegralInRange<uint32_t>(1, 0x7FFFFFF)}}; return {{frag, provider.ConsumeIntegralInRange<uint32_t>(1, 0x7FFFFFF)}};
@ -775,7 +849,7 @@ std::optional<NodeInfo> ConsumeNodeSmart(FuzzedDataProvider& provider, Type type
* a NodeRef whose Type() matches the type fed to ConsumeNode. * a NodeRef whose Type() matches the type fed to ConsumeNode.
*/ */
template<typename F> template<typename F>
NodeRef GenNode(F ConsumeNode, Type root_type, bool strict_valid = false) { NodeRef GenNode(MsCtx script_ctx, F ConsumeNode, Type root_type, bool strict_valid = false) {
/** A stack of miniscript Nodes being built up. */ /** A stack of miniscript Nodes being built up. */
std::vector<NodeRef> stack; std::vector<NodeRef> stack;
/** The queue of instructions. */ /** The queue of instructions. */
@ -797,12 +871,9 @@ NodeRef GenNode(F ConsumeNode, Type root_type, bool strict_valid = false) {
// byte long, we move one byte from each child to their parent. A similar technique is // byte long, we move one byte from each child to their parent. A similar technique is
// used in the miniscript::internal::Parse function to prevent runaway string parsing. // used in the miniscript::internal::Parse function to prevent runaway string parsing.
scriptsize += miniscript::internal::ComputeScriptLen(node_info->fragment, ""_mst, node_info->subtypes.size(), node_info->k, node_info->subtypes.size(), scriptsize += miniscript::internal::ComputeScriptLen(node_info->fragment, ""_mst, node_info->subtypes.size(), node_info->k, node_info->subtypes.size(),
node_info->keys.size(), miniscript::MiniscriptContext::P2WSH) - 1; node_info->keys.size(), script_ctx) - 1;
if (scriptsize > MAX_STANDARD_P2WSH_SCRIPT_SIZE) return {}; if (scriptsize > MAX_STANDARD_P2WSH_SCRIPT_SIZE) return {};
switch (node_info->fragment) { switch (node_info->fragment) {
case Fragment::MULTI_A:
// TODO: Tapscript support.
assert(false);
case Fragment::JUST_0: case Fragment::JUST_0:
case Fragment::JUST_1: case Fragment::JUST_1:
break; break;
@ -845,6 +916,9 @@ NodeRef GenNode(F ConsumeNode, Type root_type, bool strict_valid = false) {
case Fragment::MULTI: case Fragment::MULTI:
ops += 1; ops += 1;
break; break;
case Fragment::MULTI_A:
ops += node_info->keys.size() + 1;
break;
case Fragment::WRAP_A: case Fragment::WRAP_A:
ops += 2; ops += 2;
break; break;
@ -893,11 +967,11 @@ NodeRef GenNode(F ConsumeNode, Type root_type, bool strict_valid = false) {
// Construct new NodeRef. // Construct new NodeRef.
NodeRef node; NodeRef node;
if (info.keys.empty()) { if (info.keys.empty()) {
node = MakeNodeRef(info.fragment, std::move(sub), std::move(info.hash), info.k); node = MakeNodeRef(script_ctx, info.fragment, std::move(sub), std::move(info.hash), info.k);
} else { } else {
assert(sub.empty()); assert(sub.empty());
assert(info.hash.empty()); assert(info.hash.empty());
node = MakeNodeRef(info.fragment, std::move(info.keys), info.k); node = MakeNodeRef(script_ctx, info.fragment, std::move(info.keys), info.k);
} }
// Verify acceptability. // Verify acceptability.
if (!node || (node->GetType() & "KVWB"_mst) == ""_mst) { if (!node || (node->GetType() & "KVWB"_mst) == ""_mst) {
@ -913,8 +987,10 @@ NodeRef GenNode(F ConsumeNode, Type root_type, bool strict_valid = false) {
ops += 1; ops += 1;
scriptsize += 1; scriptsize += 1;
} }
if (ops > MAX_OPS_PER_SCRIPT) return {}; if (!miniscript::IsTapscript(script_ctx) && ops > MAX_OPS_PER_SCRIPT) return {};
if (scriptsize > MAX_STANDARD_P2WSH_SCRIPT_SIZE) return {}; if (scriptsize > miniscript::internal::MaxScriptSize(script_ctx)) {
return {};
}
// Move it to the stack. // Move it to the stack.
stack.push_back(std::move(node)); stack.push_back(std::move(node));
todo.pop_back(); todo.pop_back();
@ -927,12 +1003,33 @@ NodeRef GenNode(F ConsumeNode, Type root_type, bool strict_valid = false) {
return std::move(stack[0]); return std::move(stack[0]);
} }
//! The spk for this script under the given context. If it's a Taproot output also record the spend data.
CScript ScriptPubKey(MsCtx ctx, const CScript& script, TaprootBuilder& builder)
{
if (!miniscript::IsTapscript(ctx)) return CScript() << OP_0 << WitnessV0ScriptHash(script);
// For Taproot outputs we always use a tree with a single script and a dummy internal key.
builder.Add(0, script, TAPROOT_LEAF_TAPSCRIPT);
builder.Finalize(XOnlyPubKey{NUMS_PK});
return GetScriptForDestination(builder.GetOutput());
}
//! Fill the witness with the data additional to the script satisfaction.
void SatisfactionToWitness(MsCtx ctx, CScriptWitness& witness, const CScript& script, TaprootBuilder& builder) {
// For P2WSH, it's only the witness script.
witness.stack.push_back(std::vector<unsigned char>(script.begin(), script.end()));
if (!miniscript::IsTapscript(ctx)) return;
// For Tapscript we also need the control block.
witness.stack.push_back(*builder.GetSpendData().scripts.begin()->second.begin());
}
/** Perform various applicable tests on a miniscript Node. */ /** Perform various applicable tests on a miniscript Node. */
void TestNode(const NodeRef& node, FuzzedDataProvider& provider) void TestNode(const MsCtx script_ctx, const NodeRef& node, FuzzedDataProvider& provider)
{ {
if (!node) return; if (!node) return;
// Check that it roundtrips to text representation // Check that it roundtrips to text representation
PARSER_CTX.script_ctx = script_ctx;
std::optional<std::string> str{node->ToString(PARSER_CTX)}; std::optional<std::string> str{node->ToString(PARSER_CTX)};
assert(str); assert(str);
auto parsed = miniscript::FromString(*str, PARSER_CTX); auto parsed = miniscript::FromString(*str, PARSER_CTX);
@ -947,7 +1044,7 @@ void TestNode(const NodeRef& node, FuzzedDataProvider& provider)
// with a push of a key, which could match these opcodes). // with a push of a key, which could match these opcodes).
if (!(node->GetType() << "K"_mst)) { if (!(node->GetType() << "K"_mst)) {
bool ends_in_verify = !(node->GetType() << "x"_mst); bool ends_in_verify = !(node->GetType() << "x"_mst);
assert(ends_in_verify == (script.back() == OP_CHECKSIG || script.back() == OP_CHECKMULTISIG || script.back() == OP_EQUAL)); assert(ends_in_verify == (script.back() == OP_CHECKSIG || script.back() == OP_CHECKMULTISIG || script.back() == OP_EQUAL || script.back() == OP_NUMEQUAL));
} }
// The rest of the checks only apply when testing a valid top-level script. // The rest of the checks only apply when testing a valid top-level script.
@ -963,8 +1060,9 @@ void TestNode(const NodeRef& node, FuzzedDataProvider& provider)
assert(decoded->GetType() == node->GetType()); assert(decoded->GetType() == node->GetType());
const auto node_ops{node->GetOps()}; const auto node_ops{node->GetOps()};
if (provider.ConsumeBool() && node_ops && *node_ops < MAX_OPS_PER_SCRIPT && node->ScriptSize() < MAX_STANDARD_P2WSH_SCRIPT_SIZE) { if (!IsTapscript(script_ctx) && provider.ConsumeBool() && node_ops && *node_ops < MAX_OPS_PER_SCRIPT
// Optionally pad the script with OP_NOPs to max op the ops limit of the constructed script. && node->ScriptSize() < MAX_STANDARD_P2WSH_SCRIPT_SIZE) {
// Under P2WSH, optionally pad the script with OP_NOPs to max op the ops limit of the constructed script.
// This makes the script obviously not actually miniscript-compatible anymore, but the // This makes the script obviously not actually miniscript-compatible anymore, but the
// signatures constructed in this test don't commit to the script anyway, so the same // signatures constructed in this test don't commit to the script anyway, so the same
// miniscript satisfier will work. This increases the sensitivity of the test to the ops // miniscript satisfier will work. This increases the sensitivity of the test to the ops
@ -979,20 +1077,28 @@ void TestNode(const NodeRef& node, FuzzedDataProvider& provider)
for (int i = 0; i < add; ++i) script.push_back(OP_NOP); for (int i = 0; i < add; ++i) script.push_back(OP_NOP);
} }
SATISFIER_CTX.script_ctx = script_ctx;
// Get the ScriptPubKey for this script, filling spend data if it's Taproot.
TaprootBuilder builder;
const CScript script_pubkey{ScriptPubKey(script_ctx, script, builder)};
// Run malleable satisfaction algorithm. // Run malleable satisfaction algorithm.
const CScript script_pubkey = CScript() << OP_0 << WitnessV0ScriptHash(script);
CScriptWitness witness_mal; CScriptWitness witness_mal;
const bool mal_success = node->Satisfy(SATISFIER_CTX, witness_mal.stack, false) == miniscript::Availability::YES; const bool mal_success = node->Satisfy(SATISFIER_CTX, witness_mal.stack, false) == miniscript::Availability::YES;
witness_mal.stack.push_back(std::vector<unsigned char>(script.begin(), script.end())); SatisfactionToWitness(script_ctx, witness_mal, script, builder);
// Run non-malleable satisfaction algorithm. // Run non-malleable satisfaction algorithm.
CScriptWitness witness_nonmal; CScriptWitness witness_nonmal;
const bool nonmal_success = node->Satisfy(SATISFIER_CTX, witness_nonmal.stack, true) == miniscript::Availability::YES; const bool nonmal_success = node->Satisfy(SATISFIER_CTX, witness_nonmal.stack, true) == miniscript::Availability::YES;
witness_nonmal.stack.push_back(std::vector<unsigned char>(script.begin(), script.end())); SatisfactionToWitness(script_ctx, witness_nonmal, script, builder);
if (nonmal_success) { if (nonmal_success) {
// Non-malleable satisfactions are bounded by GetStackSize(). // Non-malleable satisfactions are bounded by the satisfaction size plus:
assert(witness_nonmal.stack.size() <= *node->GetStackSize() + 1); // - For P2WSH spends, the witness script
// - For Tapscript spends, both the witness script and the control block
const size_t max_stack_size{*node->GetStackSize() + 1 + miniscript::IsTapscript(script_ctx)};
assert(witness_nonmal.stack.size() <= max_stack_size);
// If a non-malleable satisfaction exists, the malleable one must also exist, and be identical to it. // If a non-malleable satisfaction exists, the malleable one must also exist, and be identical to it.
assert(mal_success); assert(mal_success);
assert(witness_nonmal.stack == witness_mal.stack); assert(witness_nonmal.stack == witness_mal.stack);
@ -1027,24 +1133,20 @@ void TestNode(const NodeRef& node, FuzzedDataProvider& provider)
// algorithm succeeds. Given that under IsSane() both satisfactions // algorithm succeeds. Given that under IsSane() both satisfactions
// are identical, this implies that for such nodes, the non-malleable // are identical, this implies that for such nodes, the non-malleable
// satisfaction will also match the expected policy. // satisfaction will also match the expected policy.
bool satisfiable = node->IsSatisfiable([](const Node& node) -> bool { const auto is_key_satisfiable = [script_ctx](const CPubKey& pubkey) -> bool {
auto sig_ptr{TEST_DATA.GetSig(script_ctx, pubkey)};
return sig_ptr != nullptr && sig_ptr->second;
};
bool satisfiable = node->IsSatisfiable([&](const Node& node) -> bool {
switch (node.fragment) { switch (node.fragment) {
case Fragment::MULTI_A:
// TODO: Tapscript support.
assert(false);
case Fragment::PK_K: case Fragment::PK_K:
case Fragment::PK_H: { case Fragment::PK_H:
auto it = TEST_DATA.dummy_sigs.find(node.keys[0]); return is_key_satisfiable(node.keys[0]);
assert(it != TEST_DATA.dummy_sigs.end()); case Fragment::MULTI:
return it->second.second; case Fragment::MULTI_A: {
} size_t sats = std::count_if(node.keys.begin(), node.keys.end(), [&](const auto& key) {
case Fragment::MULTI: { return size_t(is_key_satisfiable(key));
size_t sats = 0; });
for (const auto& key : node.keys) {
auto it = TEST_DATA.dummy_sigs.find(key);
assert(it != TEST_DATA.dummy_sigs.end());
sats += it->second.second;
}
return sats >= node.k; return sats >= node.k;
} }
case Fragment::OLDER: case Fragment::OLDER:
@ -1083,10 +1185,13 @@ void FuzzInitSmart()
/** Fuzz target that runs TestNode on nodes generated using ConsumeNodeStable. */ /** Fuzz target that runs TestNode on nodes generated using ConsumeNodeStable. */
FUZZ_TARGET(miniscript_stable, .init = FuzzInit) FUZZ_TARGET(miniscript_stable, .init = FuzzInit)
{ {
// Run it under both P2WSH and Tapscript contexts.
for (const auto script_ctx: {MsCtx::P2WSH, MsCtx::TAPSCRIPT}) {
FuzzedDataProvider provider(buffer.data(), buffer.size()); FuzzedDataProvider provider(buffer.data(), buffer.size());
TestNode(GenNode([&](Type needed_type) { TestNode(script_ctx, GenNode(script_ctx, [&](Type needed_type) {
return ConsumeNodeStable(provider, needed_type); return ConsumeNodeStable(script_ctx, provider, needed_type);
}, ""_mst), provider); }, ""_mst), provider);
}
} }
/** Fuzz target that runs TestNode on nodes generated using ConsumeNodeSmart. */ /** Fuzz target that runs TestNode on nodes generated using ConsumeNodeSmart. */
@ -1096,16 +1201,19 @@ FUZZ_TARGET(miniscript_smart, .init = FuzzInitSmart)
static constexpr std::array<Type, 4> BASE_TYPES{"B"_mst, "V"_mst, "K"_mst, "W"_mst}; static constexpr std::array<Type, 4> BASE_TYPES{"B"_mst, "V"_mst, "K"_mst, "W"_mst};
FuzzedDataProvider provider(buffer.data(), buffer.size()); FuzzedDataProvider provider(buffer.data(), buffer.size());
TestNode(GenNode([&](Type needed_type) { const auto script_ctx{(MsCtx)provider.ConsumeBool()};
return ConsumeNodeSmart(provider, needed_type); TestNode(script_ctx, GenNode(script_ctx, [&](Type needed_type) {
return ConsumeNodeSmart(script_ctx, provider, needed_type);
}, PickValue(provider, BASE_TYPES), true), provider); }, PickValue(provider, BASE_TYPES), true), provider);
} }
/* Fuzz tests that test parsing from a string, and roundtripping via string. */ /* Fuzz tests that test parsing from a string, and roundtripping via string. */
FUZZ_TARGET(miniscript_string, .init = FuzzInit) FUZZ_TARGET(miniscript_string, .init = FuzzInit)
{ {
if (buffer.empty()) return;
FuzzedDataProvider provider(buffer.data(), buffer.size()); FuzzedDataProvider provider(buffer.data(), buffer.size());
auto str = provider.ConsumeRemainingBytesAsString(); auto str = provider.ConsumeBytesAsString(provider.remaining_bytes() - 1);
PARSER_CTX.script_ctx = (MsCtx)provider.ConsumeBool();
auto parsed = miniscript::FromString(str, PARSER_CTX); auto parsed = miniscript::FromString(str, PARSER_CTX);
if (!parsed) return; if (!parsed) return;
@ -1123,6 +1231,7 @@ FUZZ_TARGET(miniscript_script)
const std::optional<CScript> script = ConsumeDeserializable<CScript>(fuzzed_data_provider); const std::optional<CScript> script = ConsumeDeserializable<CScript>(fuzzed_data_provider);
if (!script) return; if (!script) return;
SCRIPT_PARSER_CONTEXT.script_ctx = (MsCtx)fuzzed_data_provider.ConsumeBool();
const auto ms = miniscript::FromScript(*script, SCRIPT_PARSER_CONTEXT); const auto ms = miniscript::FromScript(*script, SCRIPT_PARSER_CONTEXT);
if (!ms) return; if (!ms) return;