test_2fuzz_2scriptpubkeyman_8cpp_source.html

// Copyright (c) 2023-present The Bitcoin Core developers

// Distributed under the MIT software license, see the accompanying

// file COPYING or http://www.opensource.org/licenses/mit-license.php.


#include <addresstype.h>

#include <chainparams.h>

#include <coins.h>

#include <key.h>

#include <primitives/transaction.h>

#include <psbt.h>

#include <script/descriptor.h>

#include <script/interpreter.h>

#include <script/script.h>

#include <script/signingprovider.h>

#include <sync.h>

#include <test/fuzz/FuzzedDataProvider.h>

#include <test/fuzz/fuzz.h>

#include <test/fuzz/util.h>

#include <test/fuzz/util/descriptor.h>

#include <test/util/setup_common.h>

#include <util/check.h>

#include <util/translation.h>

#include <validation.h>

#include <wallet/scriptpubkeyman.h>

#include <wallet/test/util.h>

#include <wallet/types.h>

#include <wallet/wallet.h>

#include <wallet/walletutil.h>


#include <map>

#include <memory>

#include <optional>

#include <string>

#include <utility>

#include <variant>


namespace wallet {

namespace {

const TestingSetup* g_setup;


MockedDescriptorConverter MOCKED_DESC_CONVERTER;


void initialize_spkm()

{

    static const auto testing_setup{MakeNoLogFileContext<const TestingSetup>()};

    g_setup = testing_setup.get();

    SelectParams(ChainType::MAIN);

    MOCKED_DESC_CONVERTER.Init();

}


static bool TooDeepDerivPath(std::string_view desc)

{

    const FuzzBufferType desc_buf{reinterpret_cast<const unsigned char *>(desc.data()), desc.size()};

    return HasDeepDerivPath(desc_buf);

}


static std::optional<std::pair<WalletDescriptor, FlatSigningProvider>> CreateWalletDescriptor(FuzzedDataProvider& fuzzed_data_provider)

{

    const std::string mocked_descriptor{fuzzed_data_provider.ConsumeRandomLengthString()};

    if (TooDeepDerivPath(mocked_descriptor)) return {};

    const auto desc_str{MOCKED_DESC_CONVERTER.GetDescriptor(mocked_descriptor)};

    if (!desc_str.has_value()) return std::nullopt;


    FlatSigningProvider keys;

    std::string error;

    std::vector<std::unique_ptr<Descriptor>> parsed_descs = Parse(desc_str.value(), keys, error, false);

    if (parsed_descs.empty()) return std::nullopt;


    WalletDescriptor w_desc{std::move(parsed_descs.at(0)), /*creation_time=*/0, /*range_start=*/0, /*range_end=*/1, /*next_index=*/1};

    return std::make_pair(w_desc, keys);

}


static DescriptorScriptPubKeyMan* CreateDescriptor(WalletDescriptor& wallet_desc, FlatSigningProvider& keys, CWallet& keystore)

{

    LOCK(keystore.cs_wallet);

    keystore.AddWalletDescriptor(wallet_desc, keys, /*label=*/"", /*internal=*/false);

    return keystore.GetDescriptorScriptPubKeyMan(wallet_desc);

};


FUZZ_TARGET(scriptpubkeyman, .init = initialize_spkm)

{

    SeedRandomStateForTest(SeedRand::ZEROS);

    FuzzedDataProvider fuzzed_data_provider{buffer.data(), buffer.size()};

    const auto& node{g_setup->m_node};

    Chainstate& chainstate{node.chainman->ActiveChainstate()};

    std::unique_ptr<CWallet> wallet_ptr{std::make_unique<CWallet>(node.chain.get(), "", CreateMockableWalletDatabase())};

    CWallet& wallet{*wallet_ptr};

    {

        LOCK(wallet.cs_wallet);

        wallet.SetWalletFlag(WALLET_FLAG_DESCRIPTORS);

        wallet.SetLastBlockProcessed(chainstate.m_chain.Height(), chainstate.m_chain.Tip()->GetBlockHash());

        wallet.m_keypool_size = 1;

    }


    auto wallet_desc{CreateWalletDescriptor(fuzzed_data_provider)};

    if (!wallet_desc.has_value()) return;

    auto spk_manager{CreateDescriptor(wallet_desc->first, wallet_desc->second, wallet)};

    if (spk_manager == nullptr) return;


    if (fuzzed_data_provider.ConsumeBool()) {

        auto wallet_desc{CreateWalletDescriptor(fuzzed_data_provider)};

        if (!wallet_desc.has_value()) {

            return;

        }

        std::string error;

        if (spk_manager->CanUpdateToWalletDescriptor(wallet_desc->first, error)) {

            auto new_spk_manager{CreateDescriptor(wallet_desc->first, wallet_desc->second, wallet)};

            if (new_spk_manager != nullptr) spk_manager = new_spk_manager;

        }

    }


    bool good_data{true};

    LIMITED_WHILE(good_data && fuzzed_data_provider.ConsumeBool(), 20) {

        CallOneOf(

            fuzzed_data_provider,

            [&] {

                const CScript script{ConsumeScript(fuzzed_data_provider)};

                auto is_mine{spk_manager->IsMine(script)};

                if (is_mine == isminetype::ISMINE_SPENDABLE) {

                    assert(spk_manager->GetScriptPubKeys().count(script));

                }

            },

            [&] {

                auto spks{spk_manager->GetScriptPubKeys()};

                for (const CScript& spk : spks) {

                    assert(spk_manager->IsMine(spk) == ISMINE_SPENDABLE);

                    CTxDestination dest;

                    bool extract_dest{ExtractDestination(spk, dest)};

                    if (extract_dest) {

                        const std::string msg{fuzzed_data_provider.ConsumeRandomLengthString()};

                        PKHash pk_hash{std::get_if<PKHash>(&dest) && fuzzed_data_provider.ConsumeBool() ?

                                           *std::get_if<PKHash>(&dest) :

                                           PKHash{ConsumeUInt160(fuzzed_data_provider)}};

                        std::string str_sig;

                        (void)spk_manager->SignMessage(msg, pk_hash, str_sig);

                        (void)spk_manager->GetMetadata(dest);

                    }

                }

            },

            [&] {

                auto spks{spk_manager->GetScriptPubKeys()};

                if (!spks.empty()) {

                    auto& spk{PickValue(fuzzed_data_provider, spks)};

                    (void)spk_manager->MarkUnusedAddresses(spk);

                }

            },

            [&] {

                LOCK(spk_manager->cs_desc_man);

                auto wallet_desc{spk_manager->GetWalletDescriptor()};

                if (wallet_desc.descriptor->IsSingleType()) {

                    auto output_type{wallet_desc.descriptor->GetOutputType()};

                    if (output_type.has_value()) {

                        auto dest{spk_manager->GetNewDestination(*output_type)};

                        if (dest) {

                            assert(IsValidDestination(*dest));

                            assert(spk_manager->IsHDEnabled());

                        }

                    }

                }

            },

            [&] {

                CMutableTransaction tx_to;

                const std::optional<CMutableTransaction> opt_tx_to{ConsumeDeserializable<CMutableTransaction>(fuzzed_data_provider, TX_WITH_WITNESS)};

                if (!opt_tx_to) {

                    good_data = false;

                    return;

                }

                tx_to = *opt_tx_to;


                std::map<COutPoint, Coin> coins{ConsumeCoins(fuzzed_data_provider)};

                const int sighash{fuzzed_data_provider.ConsumeIntegral<int>()};

                std::map<int, bilingual_str> input_errors;

                (void)spk_manager->SignTransaction(tx_to, coins, sighash, input_errors);

            },

            [&] {

                std::optional<PartiallySignedTransaction> opt_psbt{ConsumeDeserializable<PartiallySignedTransaction>(fuzzed_data_provider)};

                if (!opt_psbt) {

                    good_data = false;

                    return;

                }

                auto psbt{*opt_psbt};

                const PrecomputedTransactionData txdata{PrecomputePSBTData(psbt)};

                const int sighash_type{fuzzed_data_provider.ConsumeIntegralInRange<int>(0, 150)};

                auto sign  = fuzzed_data_provider.ConsumeBool();

                auto bip32derivs = fuzzed_data_provider.ConsumeBool();

                auto finalize = fuzzed_data_provider.ConsumeBool();

                (void)spk_manager->FillPSBT(psbt, txdata, sighash_type, sign, bip32derivs, nullptr, finalize);

            }

        );

    }


    std::string descriptor;

    (void)spk_manager->GetDescriptorString(descriptor, /*priv=*/fuzzed_data_provider.ConsumeBool());

    (void)spk_manager->GetEndRange();

    (void)spk_manager->GetKeyPoolSize();

}


} // namespace

} // namespace wallet

FuzzedDataProvider.h

ExtractDestination
bool ExtractDestination(const CScript &scriptPubKey, CTxDestination &addressRet)
Parse a scriptPubKey for the destination.
Definition: addresstype.cpp:49

IsValidDestination
bool IsValidDestination(const CTxDestination &dest)
Check whether a CTxDestination corresponds to one with an address.
Definition: addresstype.cpp:171

addresstype.h

CTxDestination
std::variant< CNoDestination, PubKeyDestination, PKHash, ScriptHash, WitnessV0ScriptHash, WitnessV0KeyHash, WitnessV1Taproot, PayToAnchor, WitnessUnknown > CTxDestination
A txout script categorized into standard templates.
Definition: addresstype.h:140

SelectParams
void SelectParams(const ChainType chain)
Sets the params returned by Params() to those for the given chain type.
Definition: chainparams.cpp:135

ChainType::MAIN
@ MAIN

check.h

CScript
Serialized script, used inside transaction inputs and outputs.
Definition: script.h:415

Chainstate
Chainstate stores and provides an API to update our local knowledge of the current best chain.
Definition: validation.h:505

FuzzedDataProvider
Definition: FuzzedDataProvider.h:32

FuzzedDataProvider::ConsumeRandomLengthString
std::string ConsumeRandomLengthString(size_t max_length)
Definition: FuzzedDataProvider.h:153

FuzzedDataProvider::ConsumeBool
bool ConsumeBool()
Definition: FuzzedDataProvider.h:289

FuzzedDataProvider::ConsumeIntegralInRange
T ConsumeIntegralInRange(T min, T max)
Definition: FuzzedDataProvider.h:205

FuzzedDataProvider::ConsumeIntegral
T ConsumeIntegral()
Definition: FuzzedDataProvider.h:195

MockedDescriptorConverter
Converts a mocked descriptor string to a valid one.
Definition: descriptor.h:21

MockedDescriptorConverter::Init
void Init()
When initializing the target, populate the list of keys.
Definition: descriptor.cpp:10

MockedDescriptorConverter::GetDescriptor
std::optional< std::string > GetDescriptor(std::string_view mocked_desc) const
Get an actual descriptor string from a descriptor string whose keys were mocked.
Definition: descriptor.cpp:51

Parse
static UniValue Parse(std::string_view raw)
Parse string to UniValue or throw runtime_error if string contains invalid JSON.
Definition: client.cpp:327

MOCKED_DESC_CONVERTER
MockedDescriptorConverter MOCKED_DESC_CONVERTER
The converter of mocked descriptors, needs to be initialized when the target is.
Definition: descriptor_parse.cpp:15

fuzz.h

FuzzBufferType
std::span< const uint8_t > FuzzBufferType
Definition: fuzz.h:25

LIMITED_WHILE
#define LIMITED_WHILE(condition, limit)
Can be used to limit a theoretically unbounded loop.
Definition: fuzz.h:22

interpreter.h

key.h

sign
static int sign(const secp256k1_context *ctx, struct signer_secrets *signer_secrets, struct signer *signer, const secp256k1_musig_keyagg_cache *cache, const unsigned char *msg32, unsigned char *sig64)
Definition: musig.c:105

init
Definition: bitcoin-gui.cpp:17

node
Definition: messages.h:20

script
Definition: parsing.cpp:13

tests_wycheproof_generate.msg
def msg
Definition: tests_wycheproof_generate.py:56

wallet
Definition: wallet_balance.cpp:26

wallet::FUZZ_TARGET
FUZZ_TARGET(coin_grinder)
Definition: coinselection.cpp:81

wallet::CreateDescriptor
wallet::ScriptPubKeyMan * CreateDescriptor(CWallet &keystore, const std::string &desc_str, const bool success)
Definition: ismine_tests.cpp:23

wallet::CreateMockableWalletDatabase
std::unique_ptr< WalletDatabase > CreateMockableWalletDatabase(MockableData records)
Definition: util.cpp:186

wallet::ISMINE_SPENDABLE
@ ISMINE_SPENDABLE
Definition: types.h:44

wallet::WALLET_FLAG_DESCRIPTORS
@ WALLET_FLAG_DESCRIPTORS
Indicate that this wallet supports DescriptorScriptPubKeyMan.
Definition: walletutil.h:74

transaction.h

TX_WITH_WITNESS
static constexpr TransactionSerParams TX_WITH_WITNESS
Definition: transaction.h:195

PrecomputePSBTData
PrecomputedTransactionData PrecomputePSBTData(const PartiallySignedTransaction &psbt)
Compute a PrecomputedTransactionData object from a psbt.
Definition: psbt.cpp:358

descriptor.h

script.h

scriptpubkeyman.h

setup_common.h

signingprovider.h

BasicTestingSetup::m_node
node::NodeContext m_node
Definition: setup_common.h:65

CMutableTransaction
A mutable version of CTransaction.
Definition: transaction.h:378

FlatSigningProvider
Definition: signingprovider.h:208

PKHash
Definition: addresstype.h:48

PrecomputedTransactionData
Definition: interpreter.h:154

TestingSetup
Testing setup that configures a complete environment.
Definition: setup_common.h:120

sync.h

LOCK
#define LOCK(cs)
Definition: sync.h:257

HasDeepDerivPath
bool HasDeepDerivPath(const FuzzBufferType &buff, const int max_depth)
Whether the buffer, if it represents a valid descriptor, contains a derivation path deeper than a giv...
Definition: descriptor.cpp:77

descriptor.h

ConsumeScript
CScript ConsumeScript(FuzzedDataProvider &fuzzed_data_provider, const bool maybe_p2wsh) noexcept
Definition: util.cpp:93

ConsumeCoins
std::map< COutPoint, Coin > ConsumeCoins(FuzzedDataProvider &fuzzed_data_provider) noexcept
Definition: util.cpp:166

util.h

PickValue
auto & PickValue(FuzzedDataProvider &fuzzed_data_provider, Collection &col)
Definition: util.h:47

CallOneOf
size_t CallOneOf(FuzzedDataProvider &fuzzed_data_provider, Callables... callables)
Definition: util.h:35

ConsumeUInt160
uint160 ConsumeUInt160(FuzzedDataProvider &fuzzed_data_provider) noexcept
Definition: util.h:162

SeedRandomStateForTest
void SeedRandomStateForTest(SeedRand seedtype)
Seed the global RNG state for testing and log the seed value.
Definition: random.cpp:19

SeedRand::ZEROS
@ ZEROS
Seed with a compile time constant of zeros.

translation.h

assert
assert(!tx.IsCoinBase())

util.h

types.h
is a home for public enum and struct type definitions that are used by internally by wallet code,...

wallet.h

walletutil.h