Bitcoin Core  29.1.0
P2P Digital Currency
scriptpubkeyman.cpp
Go to the documentation of this file.
1 // Copyright (c) 2023-present The Bitcoin Core developers
2 // Distributed under the MIT software license, see the accompanying
3 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
4 
5 #include <addresstype.h>
6 #include <chainparams.h>
7 #include <coins.h>
8 #include <key.h>
9 #include <primitives/transaction.h>
10 #include <psbt.h>
11 #include <script/descriptor.h>
12 #include <script/interpreter.h>
13 #include <script/script.h>
14 #include <script/signingprovider.h>
15 #include <sync.h>
16 #include <test/fuzz/FuzzedDataProvider.h>
17 #include <test/fuzz/fuzz.h>
18 #include <test/fuzz/util.h>
19 #include <test/fuzz/util/descriptor.h>
20 #include <test/util/setup_common.h>
21 #include <util/check.h>
22 #include <util/time.h>
23 #include <util/translation.h>
24 #include <validation.h>
25 #include <wallet/scriptpubkeyman.h>
26 #include <wallet/test/util.h>
27 #include <wallet/types.h>
28 #include <wallet/wallet.h>
29 #include <wallet/walletutil.h>
30 
31 #include <map>
32 #include <memory>
33 #include <optional>
34 #include <string>
35 #include <utility>
36 #include <variant>
37 
38 namespace wallet {
39 namespace {
40 const TestingSetup* g_setup;
41 
43 MockedDescriptorConverter MOCKED_DESC_CONVERTER;
44 
45 void initialize_spkm()
46 {
47  static const auto testing_setup{MakeNoLogFileContext<const TestingSetup>()};
48  g_setup = testing_setup.get();
49  SelectParams(ChainType::MAIN);
50  MOCKED_DESC_CONVERTER.Init();
51 }
52 
58 static bool TooDeepDerivPath(std::string_view desc)
59 {
60  const FuzzBufferType desc_buf{reinterpret_cast<const unsigned char *>(desc.data()), desc.size()};
61  return HasDeepDerivPath(desc_buf);
62 }
63 
64 static std::optional<std::pair<WalletDescriptor, FlatSigningProvider>> CreateWalletDescriptor(FuzzedDataProvider& fuzzed_data_provider)
65 {
66  const std::string mocked_descriptor{fuzzed_data_provider.ConsumeRandomLengthString()};
67  if (TooDeepDerivPath(mocked_descriptor)) return {};
68  const auto desc_str{MOCKED_DESC_CONVERTER.GetDescriptor(mocked_descriptor)};
69  if (!desc_str.has_value()) return std::nullopt;
70 
71  FlatSigningProvider keys;
72  std::string error;
73  std::vector<std::unique_ptr<Descriptor>> parsed_descs = Parse(desc_str.value(), keys, error, false);
74  if (parsed_descs.empty()) return std::nullopt;
75 
76  WalletDescriptor w_desc{std::move(parsed_descs.at(0)), /*creation_time=*/0, /*range_start=*/0, /*range_end=*/1, /*next_index=*/1};
77  return std::make_pair(w_desc, keys);
78 }
79 
80 static DescriptorScriptPubKeyMan* CreateDescriptor(WalletDescriptor& wallet_desc, FlatSigningProvider& keys, CWallet& keystore)
81 {
82  LOCK(keystore.cs_wallet);
83  keystore.AddWalletDescriptor(wallet_desc, keys, /*label=*/"", /*internal=*/false);
84  return keystore.GetDescriptorScriptPubKeyMan(wallet_desc);
85 };
86 
87 FUZZ_TARGET(scriptpubkeyman, .init = initialize_spkm)
88 {
89  SeedRandomStateForTest(SeedRand::ZEROS);
90  FuzzedDataProvider fuzzed_data_provider{buffer.data(), buffer.size()};
91  SetMockTime(ConsumeTime(fuzzed_data_provider));
92  const auto& node{g_setup->m_node};
93  Chainstate& chainstate{node.chainman->ActiveChainstate()};
94  std::unique_ptr<CWallet> wallet_ptr{std::make_unique<CWallet>(node.chain.get(), "", CreateMockableWalletDatabase())};
95  CWallet& wallet{*wallet_ptr};
96  {
97  LOCK(wallet.cs_wallet);
98  wallet.SetWalletFlag(WALLET_FLAG_DESCRIPTORS);
99  wallet.SetLastBlockProcessed(chainstate.m_chain.Height(), chainstate.m_chain.Tip()->GetBlockHash());
100  wallet.m_keypool_size = 1;
101  }
102 
103  auto wallet_desc{CreateWalletDescriptor(fuzzed_data_provider)};
104  if (!wallet_desc.has_value()) return;
105  auto spk_manager{CreateDescriptor(wallet_desc->first, wallet_desc->second, wallet)};
106  if (spk_manager == nullptr) return;
107 
108  if (fuzzed_data_provider.ConsumeBool()) {
109  auto wallet_desc{CreateWalletDescriptor(fuzzed_data_provider)};
110  if (!wallet_desc.has_value()) {
111  return;
112  }
113  std::string error;
114  if (spk_manager->CanUpdateToWalletDescriptor(wallet_desc->first, error)) {
115  auto new_spk_manager{CreateDescriptor(wallet_desc->first, wallet_desc->second, wallet)};
116  if (new_spk_manager != nullptr) spk_manager = new_spk_manager;
117  }
118  }
119 
120  bool good_data{true};
121  LIMITED_WHILE(good_data && fuzzed_data_provider.ConsumeBool(), 20) {
122  CallOneOf(
123  fuzzed_data_provider,
124  [&] {
125  const CScript script{ConsumeScript(fuzzed_data_provider)};
126  auto is_mine{spk_manager->IsMine(script)};
127  if (is_mine == isminetype::ISMINE_SPENDABLE) {
128  assert(spk_manager->GetScriptPubKeys().count(script));
129  }
130  },
131  [&] {
132  auto spks{spk_manager->GetScriptPubKeys()};
133  for (const CScript& spk : spks) {
134  assert(spk_manager->IsMine(spk) == ISMINE_SPENDABLE);
135  CTxDestination dest;
136  bool extract_dest{ExtractDestination(spk, dest)};
137  if (extract_dest) {
138  const std::string msg{fuzzed_data_provider.ConsumeRandomLengthString()};
139  PKHash pk_hash{std::get_if<PKHash>(&dest) && fuzzed_data_provider.ConsumeBool() ?
140  *std::get_if<PKHash>(&dest) :
141  PKHash{ConsumeUInt160(fuzzed_data_provider)}};
142  std::string str_sig;
143  (void)spk_manager->SignMessage(msg, pk_hash, str_sig);
144  (void)spk_manager->GetMetadata(dest);
145  }
146  }
147  },
148  [&] {
149  auto spks{spk_manager->GetScriptPubKeys()};
150  if (!spks.empty()) {
151  auto& spk{PickValue(fuzzed_data_provider, spks)};
152  (void)spk_manager->MarkUnusedAddresses(spk);
153  }
154  },
155  [&] {
156  LOCK(spk_manager->cs_desc_man);
157  auto wallet_desc{spk_manager->GetWalletDescriptor()};
158  if (wallet_desc.descriptor->IsSingleType()) {
159  auto output_type{wallet_desc.descriptor->GetOutputType()};
160  if (output_type.has_value()) {
161  auto dest{spk_manager->GetNewDestination(*output_type)};
162  if (dest) {
163  assert(IsValidDestination(*dest));
164  assert(spk_manager->IsHDEnabled());
165  }
166  }
167  }
168  },
169  [&] {
170  CMutableTransaction tx_to;
171  const std::optional<CMutableTransaction> opt_tx_to{ConsumeDeserializable<CMutableTransaction>(fuzzed_data_provider, TX_WITH_WITNESS)};
172  if (!opt_tx_to) {
173  good_data = false;
174  return;
175  }
176  tx_to = *opt_tx_to;
177 
178  std::map<COutPoint, Coin> coins{ConsumeCoins(fuzzed_data_provider)};
179  const int sighash{fuzzed_data_provider.ConsumeIntegral<int>()};
180  std::map<int, bilingual_str> input_errors;
181  (void)spk_manager->SignTransaction(tx_to, coins, sighash, input_errors);
182  },
183  [&] {
184  std::optional<PartiallySignedTransaction> opt_psbt{ConsumeDeserializable<PartiallySignedTransaction>(fuzzed_data_provider)};
185  if (!opt_psbt) {
186  good_data = false;
187  return;
188  }
189  auto psbt{*opt_psbt};
190  const PrecomputedTransactionData txdata{PrecomputePSBTData(psbt)};
191  const int sighash_type{fuzzed_data_provider.ConsumeIntegralInRange<int>(0, 150)};
192  auto sign = fuzzed_data_provider.ConsumeBool();
193  auto bip32derivs = fuzzed_data_provider.ConsumeBool();
194  auto finalize = fuzzed_data_provider.ConsumeBool();
195  (void)spk_manager->FillPSBT(psbt, txdata, sighash_type, sign, bip32derivs, nullptr, finalize);
196  }
197  );
198  }
199 
200  std::string descriptor;
201  (void)spk_manager->GetDescriptorString(descriptor, /*priv=*/fuzzed_data_provider.ConsumeBool());
202  (void)spk_manager->GetEndRange();
203  (void)spk_manager->GetKeyPoolSize();
204 }
205 
206 } // namespace
207 } // namespace wallet
Parse
static UniValue Parse(std::string_view raw)
Parse string to UniValue or throw runtime_error if string contains invalid JSON.
Definition: client.cpp:327
tests_wycheproof_generate.msg
def msg
Definition: tests_wycheproof_generate.py:56
assert
assert(!tx.IsCoinBase())
IsValidDestination
bool IsValidDestination(const CTxDestination &dest)
Check whether a CTxDestination corresponds to one with an address.
Definition: addresstype.cpp:171
FuzzedDataProvider.h
wallet::CreateDescriptor
wallet::ScriptPubKeyMan * CreateDescriptor(CWallet &keystore, const std::string &desc_str, const bool success)
Definition: util.cpp:196
wallet::FUZZ_TARGET
FUZZ_TARGET(coin_grinder)
Definition: coinselection.cpp:81
ConsumeCoins
std::map< COutPoint, Coin > ConsumeCoins(FuzzedDataProvider &fuzzed_data_provider) noexcept
Definition: util.cpp:166
ConsumeScript
CScript ConsumeScript(FuzzedDataProvider &fuzzed_data_provider, const bool maybe_p2wsh) noexcept
Definition: util.cpp:93
LIMITED_WHILE
#define LIMITED_WHILE(condition, limit)
Can be used to limit a theoretically unbounded loop.
Definition: fuzz.h:22
SetMockTime
void SetMockTime(int64_t nMockTimeIn)
DEPRECATED Use SetMockTime with chrono type.
Definition: time.cpp:40
FuzzBufferType
std::span< const uint8_t > FuzzBufferType
Definition: fuzz.h:25
Chainstate
Chainstate stores and provides an API to update our local knowledge of the current best chain...
Definition: validation.h:504
ExtractDestination
bool ExtractDestination(const CScript &scriptPubKey, CTxDestination &addressRet)
Parse a scriptPubKey for the destination.
Definition: addresstype.cpp:49
LOCK
#define LOCK(cs)
Definition: sync.h:257
setup_common.h
FuzzedDataProvider::ConsumeRandomLengthString
std::string ConsumeRandomLengthString(size_t max_length)
Definition: FuzzedDataProvider.h:153
wallet::WALLET_FLAG_DESCRIPTORS
Indicate that this wallet supports DescriptorScriptPubKeyMan.
Definition: walletutil.h:74
MockedDescriptorConverter::Init
void Init()
When initializing the target, populate the list of keys.
Definition: descriptor.cpp:10
types.h
is a home for public enum and struct type definitions that are used by internally by wallet code...
node
Definition: messages.h:20
MockedDescriptorConverter::GetDescriptor
std::optional< std::string > GetDescriptor(std::string_view mocked_desc) const
Get an actual descriptor string from a descriptor string whose keys were mocked.
Definition: descriptor.cpp:51
sign
static int sign(const secp256k1_context *ctx, struct signer_secrets *signer_secrets, struct signer *signer, const secp256k1_musig_keyagg_cache *cache, const unsigned char *msg32, unsigned char *sig64)
Definition: musig.c:105
SeedRandomStateForTest
void SeedRandomStateForTest(SeedRand seedtype)
Seed the global RNG state for testing and log the seed value.
Definition: random.cpp:19
wallet::CreateMockableWalletDatabase
std::unique_ptr< WalletDatabase > CreateMockableWalletDatabase(MockableData records)
Definition: util.cpp:186
ConsumeTime
int64_t ConsumeTime(FuzzedDataProvider &fuzzed_data_provider, const std::optional< int64_t > &min, const std::optional< int64_t > &max) noexcept
Definition: util.cpp:34
MockedDescriptorConverter
Converts a mocked descriptor string to a valid one.
Definition: descriptor.h:21
CScript
Serialized script, used inside transaction inputs and outputs.
Definition: script.h:414
CTxDestination
std::variant< CNoDestination, PubKeyDestination, PKHash, ScriptHash, WitnessV0ScriptHash, WitnessV0KeyHash, WitnessV1Taproot, PayToAnchor, WitnessUnknown > CTxDestination
A txout script categorized into standard templates.
Definition: addresstype.h:140
CMutableTransaction
A mutable version of CTransaction.
Definition: transaction.h:377
CallOneOf
size_t CallOneOf(FuzzedDataProvider &fuzzed_data_provider, Callables... callables)
Definition: util.h:35
PickValue
auto & PickValue(FuzzedDataProvider &fuzzed_data_provider, Collection &col)
Definition: util.h:47
MOCKED_DESC_CONVERTER
MockedDescriptorConverter MOCKED_DESC_CONVERTER
The converter of mocked descriptors, needs to be initialized when the target is.
Definition: descriptor_parse.cpp:15
ConsumeUInt160
uint160 ConsumeUInt160(FuzzedDataProvider &fuzzed_data_provider) noexcept
Definition: util.h:162
FuzzedDataProvider::ConsumeIntegralInRange
T ConsumeIntegralInRange(T min, T max)
Definition: FuzzedDataProvider.h:205
HasDeepDerivPath
bool HasDeepDerivPath(const FuzzBufferType &buff, const int max_depth)
Whether the buffer, if it represents a valid descriptor, contains a derivation path deeper than a giv...
Definition: descriptor.cpp:77
SeedRand::ZEROS
Seed with a compile time constant of zeros.
BasicTestingSetup::m_node
node::NodeContext m_node
Definition: setup_common.h:66
TestingSetup
Testing setup that configures a complete environment.
Definition: setup_common.h:121
SelectParams
void SelectParams(const ChainType chain)
Sets the params returned by Params() to those for the given chain type.
Definition: chainparams.cpp:133
TX_WITH_WITNESS
static constexpr TransactionSerParams TX_WITH_WITNESS
Definition: transaction.h:195
PrecomputePSBTData
PrecomputedTransactionData PrecomputePSBTData(const PartiallySignedTransaction &psbt)
Compute a PrecomputedTransactionData object from a psbt.
Definition: psbt.cpp:358
Generated on Wed Sep 3 2025 12:00:00 for Bitcoin Core by   doxygen 1.8.14