script_sign.cpp
1 // Copyright (c) 2020-present The Bitcoin Core developers 2 // Distributed under the MIT software license, see the accompanying 3 // file COPYING or http://www.opensource.org/licenses/mit-license.php. 4 5 #include <chainparams.h> 6 #include <key.h> 7 #include <psbt.h> 8 #include <pubkey.h> 9 #include <script/keyorigin.h> 10 #include <script/sign.h> 11 #include <script/signingprovider.h> 12 #include <streams.h> 13 #include <test/fuzz/FuzzedDataProvider.h> 14 #include <test/fuzz/fuzz.h> 15 #include <test/fuzz/util.h> 16 #include <test/util/transaction_utils.h> 17 #include <util/chaintype.h> 18 #include <util/translation.h> 19 20 #include <cassert> 21 #include <cstdint> 22 #include <iostream> 23 #include <map> 24 #include <optional> 25 #include <string> 26 #include <vector> 27 28 void initialize_script_sign() 29 { 30 static ECC_Context ecc_context{}; 31 SelectParams(ChainType::REGTEST); 32 } 33 34 FUZZ_TARGET(script_sign, .init = initialize_script_sign) 35 { 36 FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size()); 37 const std::vector<uint8_t> key = ConsumeRandomLengthByteVector(fuzzed_data_provider, 128); 38 39 { 40 DataStream random_data_stream{ConsumeDataStream(fuzzed_data_provider)}; 41 std::map<CPubKey, KeyOriginInfo> hd_keypaths; 42 try { 43 DeserializeHDKeypaths(random_data_stream, key, hd_keypaths); 44 } catch (const std::ios_base::failure&) { 45 } 46 DataStream serialized{}; 47 SerializeHDKeypaths(serialized, hd_keypaths, CompactSizeWriter(fuzzed_data_provider.ConsumeIntegral<uint8_t>())); 48 } 49 50 { 51 std::map<CPubKey, KeyOriginInfo> hd_keypaths; 52 LIMITED_WHILE(fuzzed_data_provider.ConsumeBool(), 10000) { 53 const std::optional<CPubKey> pub_key = ConsumeDeserializable<CPubKey>(fuzzed_data_provider); 54 if (!pub_key) { 55 break; 56 } 57 const std::optional<KeyOriginInfo> key_origin_info = ConsumeDeserializable<KeyOriginInfo>(fuzzed_data_provider); 58 if (!key_origin_info) { 59 break; 60 } 61 hd_keypaths[*pub_key] = *key_origin_info; 62 } 63 DataStream serialized{}; 64 try { 65 SerializeHDKeypaths(serialized, hd_keypaths, CompactSizeWriter(fuzzed_data_provider.ConsumeIntegral<uint8_t>())); 66 } catch (const std::ios_base::failure&) { 67 } 68 std::map<CPubKey, KeyOriginInfo> deserialized_hd_keypaths; 69 try { 70 DeserializeHDKeypaths(serialized, key, hd_keypaths); 71 } catch (const std::ios_base::failure&) { 72 } 73 assert(hd_keypaths.size() >= deserialized_hd_keypaths.size()); 74 } 75 76 { 77 SignatureData signature_data_1{ConsumeScript(fuzzed_data_provider)}; 78 SignatureData signature_data_2{ConsumeScript(fuzzed_data_provider)}; 79 signature_data_1.MergeSignatureData(signature_data_2); 80 } 81 82 FillableSigningProvider provider; 83 CKey k = ConsumePrivateKey(fuzzed_data_provider); 84 if (k.IsValid()) { 85 provider.AddKey(k); 86 } 87 88 { 89 const std::optional<CMutableTransaction> mutable_transaction = ConsumeDeserializable<CMutableTransaction>(fuzzed_data_provider, TX_WITH_WITNESS); 90 const std::optional<CTxOut> tx_out = ConsumeDeserializable<CTxOut>(fuzzed_data_provider); 91 const unsigned int n_in = fuzzed_data_provider.ConsumeIntegral<unsigned int>(); 92 if (mutable_transaction && tx_out && mutable_transaction->vin.size() > n_in) { 93 SignatureData signature_data_1 = DataFromTransaction(*mutable_transaction, n_in, *tx_out); 94 CTxIn input; 95 UpdateInput(input, signature_data_1); 96 const CScript script = ConsumeScript(fuzzed_data_provider); 97 SignatureData signature_data_2{script}; 98 signature_data_1.MergeSignatureData(signature_data_2); 99 } 100 if (mutable_transaction) { 101 CTransaction tx_from{*mutable_transaction}; 102 CMutableTransaction tx_to; 103 const std::optional<CMutableTransaction> opt_tx_to = ConsumeDeserializable<CMutableTransaction>(fuzzed_data_provider, TX_WITH_WITNESS); 104 if (opt_tx_to) { 105 tx_to = *opt_tx_to; 106 } 107 CMutableTransaction script_tx_to = tx_to; 108 CMutableTransaction sign_transaction_tx_to = tx_to; 109 if (n_in < tx_to.vin.size() && tx_to.vin[n_in].prevout.n < tx_from.vout.size()) { 110 SignatureData empty; 111 (void)SignSignature(provider, tx_from, tx_to, n_in, fuzzed_data_provider.ConsumeIntegral<int>(), empty); 112 } 113 if (n_in < script_tx_to.vin.size()) { 114 SignatureData empty; 115 auto from_pub_key = ConsumeScript(fuzzed_data_provider); 116 auto amount = ConsumeMoney(fuzzed_data_provider); 117 auto n_hash_type = fuzzed_data_provider.ConsumeIntegral<int>(); 118 (void)SignSignature(provider, from_pub_key, script_tx_to, n_in, amount, n_hash_type, empty); 119 MutableTransactionSignatureCreator signature_creator{tx_to, n_in, ConsumeMoney(fuzzed_data_provider), {.sighash_type = fuzzed_data_provider.ConsumeIntegral<int>()}}; 120 std::vector<unsigned char> vch_sig; 121 CKeyID address; 122 if (fuzzed_data_provider.ConsumeBool()) { 123 if (k.IsValid()) { 124 address = k.GetPubKey().GetID(); 125 } 126 } else { 127 address = CKeyID{ConsumeUInt160(fuzzed_data_provider)}; 128 } 129 auto script_code = ConsumeScript(fuzzed_data_provider); 130 auto sigversion = fuzzed_data_provider.PickValueInArray({SigVersion::BASE, SigVersion::WITNESS_V0}); 131 (void)signature_creator.CreateSig(provider, vch_sig, address, script_code, sigversion); 132 } 133 std::map<COutPoint, Coin> coins{ConsumeCoins(fuzzed_data_provider)}; 134 std::map<int, bilingual_str> input_errors; 135 (void)SignTransaction(sign_transaction_tx_to, &provider, coins, {.sighash_type = fuzzed_data_provider.ConsumeIntegral<int>()}, input_errors); 136 } 137 } 138 139 { 140 SignatureData signature_data_1; 141 (void)ProduceSignature(provider, DUMMY_SIGNATURE_CREATOR, ConsumeScript(fuzzed_data_provider), signature_data_1); 142 SignatureData signature_data_2; 143 (void)ProduceSignature(provider, DUMMY_MAXIMUM_SIGNATURE_CREATOR, ConsumeScript(fuzzed_data_provider), signature_data_2); 144 } 145 }