script_sign.cpp
1 // Copyright (c) 2020-2021 The Bitcoin Core developers 2 // Distributed under the MIT software license, see the accompanying 3 // file COPYING or http://www.opensource.org/licenses/mit-license.php. 4 5 #include <chainparams.h> 6 #include <key.h> 7 #include <psbt.h> 8 #include <pubkey.h> 9 #include <script/keyorigin.h> 10 #include <script/sign.h> 11 #include <script/signingprovider.h> 12 #include <streams.h> 13 #include <test/fuzz/FuzzedDataProvider.h> 14 #include <test/fuzz/fuzz.h> 15 #include <test/fuzz/util.h> 16 #include <util/chaintype.h> 17 #include <util/translation.h> 18 19 #include <cassert> 20 #include <cstdint> 21 #include <iostream> 22 #include <map> 23 #include <optional> 24 #include <string> 25 #include <vector> 26 27 void initialize_script_sign() 28 { 29 ECC_Start(); 30 SelectParams(ChainType::REGTEST); 31 } 32 33 FUZZ_TARGET(script_sign, .init = initialize_script_sign) 34 { 35 FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size()); 36 const std::vector<uint8_t> key = ConsumeRandomLengthByteVector(fuzzed_data_provider, 128); 37 38 { 39 DataStream random_data_stream{ConsumeDataStream(fuzzed_data_provider)}; 40 std::map<CPubKey, KeyOriginInfo> hd_keypaths; 41 try { 42 DeserializeHDKeypaths(random_data_stream, key, hd_keypaths); 43 } catch (const std::ios_base::failure&) { 44 } 45 DataStream serialized{}; 46 SerializeHDKeypaths(serialized, hd_keypaths, CompactSizeWriter(fuzzed_data_provider.ConsumeIntegral<uint8_t>())); 47 } 48 49 { 50 std::map<CPubKey, KeyOriginInfo> hd_keypaths; 51 LIMITED_WHILE(fuzzed_data_provider.ConsumeBool(), 10000) { 52 const std::optional<CPubKey> pub_key = ConsumeDeserializable<CPubKey>(fuzzed_data_provider); 53 if (!pub_key) { 54 break; 55 } 56 const std::optional<KeyOriginInfo> key_origin_info = ConsumeDeserializable<KeyOriginInfo>(fuzzed_data_provider); 57 if (!key_origin_info) { 58 break; 59 } 60 hd_keypaths[*pub_key] = *key_origin_info; 61 } 62 DataStream serialized{}; 63 try { 64 SerializeHDKeypaths(serialized, hd_keypaths, CompactSizeWriter(fuzzed_data_provider.ConsumeIntegral<uint8_t>())); 65 } catch (const std::ios_base::failure&) { 66 } 67 std::map<CPubKey, KeyOriginInfo> deserialized_hd_keypaths; 68 try { 69 DeserializeHDKeypaths(serialized, key, hd_keypaths); 70 } catch (const std::ios_base::failure&) { 71 } 72 assert(hd_keypaths.size() >= deserialized_hd_keypaths.size()); 73 } 74 75 { 76 SignatureData signature_data_1{ConsumeScript(fuzzed_data_provider)}; 77 SignatureData signature_data_2{ConsumeScript(fuzzed_data_provider)}; 78 signature_data_1.MergeSignatureData(signature_data_2); 79 } 80 81 FillableSigningProvider provider; 82 CKey k = ConsumePrivateKey(fuzzed_data_provider); 83 if (k.IsValid()) { 84 provider.AddKey(k); 85 } 86 87 { 88 const std::optional<CMutableTransaction> mutable_transaction = ConsumeDeserializable<CMutableTransaction>(fuzzed_data_provider, TX_WITH_WITNESS); 89 const std::optional<CTxOut> tx_out = ConsumeDeserializable<CTxOut>(fuzzed_data_provider); 90 const unsigned int n_in = fuzzed_data_provider.ConsumeIntegral<unsigned int>(); 91 if (mutable_transaction && tx_out && mutable_transaction->vin.size() > n_in) { 92 SignatureData signature_data_1 = DataFromTransaction(*mutable_transaction, n_in, *tx_out); 93 CTxIn input; 94 UpdateInput(input, signature_data_1); 95 const CScript script = ConsumeScript(fuzzed_data_provider); 96 SignatureData signature_data_2{script}; 97 signature_data_1.MergeSignatureData(signature_data_2); 98 } 99 if (mutable_transaction) { 100 CTransaction tx_from{*mutable_transaction}; 101 CMutableTransaction tx_to; 102 const std::optional<CMutableTransaction> opt_tx_to = ConsumeDeserializable<CMutableTransaction>(fuzzed_data_provider, TX_WITH_WITNESS); 103 if (opt_tx_to) { 104 tx_to = *opt_tx_to; 105 } 106 CMutableTransaction script_tx_to = tx_to; 107 CMutableTransaction sign_transaction_tx_to = tx_to; 108 if (n_in < tx_to.vin.size() && tx_to.vin[n_in].prevout.n < tx_from.vout.size()) { 109 SignatureData empty; 110 (void)SignSignature(provider, tx_from, tx_to, n_in, fuzzed_data_provider.ConsumeIntegral<int>(), empty); 111 } 112 if (n_in < script_tx_to.vin.size()) { 113 SignatureData empty; 114 (void)SignSignature(provider, ConsumeScript(fuzzed_data_provider), script_tx_to, n_in, ConsumeMoney(fuzzed_data_provider), fuzzed_data_provider.ConsumeIntegral<int>(), empty); 115 MutableTransactionSignatureCreator signature_creator{tx_to, n_in, ConsumeMoney(fuzzed_data_provider), fuzzed_data_provider.ConsumeIntegral<int>()}; 116 std::vector<unsigned char> vch_sig; 117 CKeyID address; 118 if (fuzzed_data_provider.ConsumeBool()) { 119 if (k.IsValid()) { 120 address = k.GetPubKey().GetID(); 121 } 122 } else { 123 address = CKeyID{ConsumeUInt160(fuzzed_data_provider)}; 124 } 125 (void)signature_creator.CreateSig(provider, vch_sig, address, ConsumeScript(fuzzed_data_provider), fuzzed_data_provider.PickValueInArray({SigVersion::BASE, SigVersion::WITNESS_V0})); 126 } 127 std::map<COutPoint, Coin> coins{ConsumeCoins(fuzzed_data_provider)}; 128 std::map<int, bilingual_str> input_errors; 129 (void)SignTransaction(sign_transaction_tx_to, &provider, coins, fuzzed_data_provider.ConsumeIntegral<int>(), input_errors); 130 } 131 } 132 133 { 134 SignatureData signature_data_1; 135 (void)ProduceSignature(provider, DUMMY_SIGNATURE_CREATOR, ConsumeScript(fuzzed_data_provider), signature_data_1); 136 SignatureData signature_data_2; 137 (void)ProduceSignature(provider, DUMMY_MAXIMUM_SIGNATURE_CREATOR, ConsumeScript(fuzzed_data_provider), signature_data_2); 138 } 139 }