Branch data Line data Source code
1 : : // Copyright (c) 2020-2021 The Bitcoin Core developers
2 : : // Distributed under the MIT software license, see the accompanying
3 : : // file COPYING or http://www.opensource.org/licenses/mit-license.php.
4 : :
5 : : #include <chainparams.h>
6 : : #include <key.h>
7 : : #include <psbt.h>
8 : : #include <pubkey.h>
9 : : #include <script/keyorigin.h>
10 : : #include <script/sign.h>
11 : : #include <script/signingprovider.h>
12 : : #include <streams.h>
13 : : #include <test/fuzz/FuzzedDataProvider.h>
14 : : #include <test/fuzz/fuzz.h>
15 : : #include <test/fuzz/util.h>
16 : : #include <util/chaintype.h>
17 : : #include <util/translation.h>
18 : :
19 : : #include <cassert>
20 : : #include <cstdint>
21 : : #include <iostream>
22 : : #include <map>
23 : : #include <optional>
24 : : #include <string>
25 : : #include <vector>
26 : :
27 : 2 : void initialize_script_sign()
28 : : {
29 : 0 : ECC_Start();
30 : 0 : SelectParams(ChainType::REGTEST);
31 : 0 : }
32 : :
33 [ + - ]: 4 : FUZZ_TARGET(script_sign, .init = initialize_script_sign)
34 : : {
35 : 0 : FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
36 : 0 : const std::vector<uint8_t> key = ConsumeRandomLengthByteVector(fuzzed_data_provider, 128);
37 : :
38 : : {
39 : 0 : DataStream random_data_stream{ConsumeDataStream(fuzzed_data_provider)};
40 : 0 : std::map<CPubKey, KeyOriginInfo> hd_keypaths;
41 : : try {
42 [ # # ]: 0 : DeserializeHDKeypaths(random_data_stream, key, hd_keypaths);
43 [ # # ]: 0 : } catch (const std::ios_base::failure&) {
44 [ # # ]: 0 : }
45 [ # # ]: 0 : DataStream serialized{};
46 [ # # ][ # # ]: 0 : SerializeHDKeypaths(serialized, hd_keypaths, CompactSizeWriter(fuzzed_data_provider.ConsumeIntegral<uint8_t>()));
[ # # ]
47 : 0 : }
48 : :
49 : : {
50 : 0 : std::map<CPubKey, KeyOriginInfo> hd_keypaths;
51 [ # # ][ # # ]: 0 : LIMITED_WHILE(fuzzed_data_provider.ConsumeBool(), 10000) {
[ # # ]
52 : 0 : const std::optional<CPubKey> pub_key = ConsumeDeserializable<CPubKey>(fuzzed_data_provider);
53 [ # # ]: 0 : if (!pub_key) {
54 : 0 : break;
55 : : }
56 : 0 : const std::optional<KeyOriginInfo> key_origin_info = ConsumeDeserializable<KeyOriginInfo>(fuzzed_data_provider);
57 [ # # ]: 0 : if (!key_origin_info) {
58 : 0 : break;
59 : : }
60 [ # # ][ # # ]: 0 : hd_keypaths[*pub_key] = *key_origin_info;
61 [ # # # ]: 0 : }
62 [ # # ]: 0 : DataStream serialized{};
63 : : try {
64 [ # # ][ # # ]: 0 : SerializeHDKeypaths(serialized, hd_keypaths, CompactSizeWriter(fuzzed_data_provider.ConsumeIntegral<uint8_t>()));
[ # # ]
65 [ # # ]: 0 : } catch (const std::ios_base::failure&) {
66 [ # # ]: 0 : }
67 : 0 : std::map<CPubKey, KeyOriginInfo> deserialized_hd_keypaths;
68 : : try {
69 [ # # ]: 0 : DeserializeHDKeypaths(serialized, key, hd_keypaths);
70 [ # # ]: 0 : } catch (const std::ios_base::failure&) {
71 [ # # ]: 0 : }
72 [ # # ]: 0 : assert(hd_keypaths.size() >= deserialized_hd_keypaths.size());
73 : 0 : }
74 : :
75 : : {
76 [ # # ]: 0 : SignatureData signature_data_1{ConsumeScript(fuzzed_data_provider)};
77 [ # # ]: 0 : SignatureData signature_data_2{ConsumeScript(fuzzed_data_provider)};
78 [ # # ][ # # ]: 0 : signature_data_1.MergeSignatureData(signature_data_2);
79 : 0 : }
80 : :
81 : 0 : FillableSigningProvider provider;
82 : 0 : CKey k = ConsumePrivateKey(fuzzed_data_provider);
83 [ # # ][ # # ]: 0 : if (k.IsValid()) {
84 [ # # ]: 0 : provider.AddKey(k);
85 : 0 : }
86 : :
87 : : {
88 : 0 : const std::optional<CMutableTransaction> mutable_transaction = ConsumeDeserializable<CMutableTransaction>(fuzzed_data_provider, TX_WITH_WITNESS);
89 : 0 : const std::optional<CTxOut> tx_out = ConsumeDeserializable<CTxOut>(fuzzed_data_provider);
90 [ # # ]: 0 : const unsigned int n_in = fuzzed_data_provider.ConsumeIntegral<unsigned int>();
91 [ # # ][ # # ]: 0 : if (mutable_transaction && tx_out && mutable_transaction->vin.size() > n_in) {
[ # # ]
92 [ # # ]: 0 : SignatureData signature_data_1 = DataFromTransaction(*mutable_transaction, n_in, *tx_out);
93 [ # # ]: 0 : CTxIn input;
94 [ # # ]: 0 : UpdateInput(input, signature_data_1);
95 : 0 : const CScript script = ConsumeScript(fuzzed_data_provider);
96 [ # # ]: 0 : SignatureData signature_data_2{script};
97 [ # # ][ # # ]: 0 : signature_data_1.MergeSignatureData(signature_data_2);
98 : 0 : }
99 [ # # ]: 0 : if (mutable_transaction) {
100 [ # # ]: 0 : CTransaction tx_from{*mutable_transaction};
101 [ # # ]: 0 : CMutableTransaction tx_to;
102 : 0 : const std::optional<CMutableTransaction> opt_tx_to = ConsumeDeserializable<CMutableTransaction>(fuzzed_data_provider, TX_WITH_WITNESS);
103 [ # # ]: 0 : if (opt_tx_to) {
104 [ # # ]: 0 : tx_to = *opt_tx_to;
105 : 0 : }
106 [ # # ]: 0 : CMutableTransaction script_tx_to = tx_to;
107 [ # # ]: 0 : CMutableTransaction sign_transaction_tx_to = tx_to;
108 [ # # ][ # # ]: 0 : if (n_in < tx_to.vin.size() && tx_to.vin[n_in].prevout.n < tx_from.vout.size()) {
109 [ # # ]: 0 : SignatureData empty;
110 [ # # ][ # # ]: 0 : (void)SignSignature(provider, tx_from, tx_to, n_in, fuzzed_data_provider.ConsumeIntegral<int>(), empty);
111 : 0 : }
112 [ # # ]: 0 : if (n_in < script_tx_to.vin.size()) {
113 [ # # ]: 0 : SignatureData empty;
114 [ # # ][ # # ]: 0 : (void)SignSignature(provider, ConsumeScript(fuzzed_data_provider), script_tx_to, n_in, ConsumeMoney(fuzzed_data_provider), fuzzed_data_provider.ConsumeIntegral<int>(), empty);
115 [ # # ][ # # ]: 0 : MutableTransactionSignatureCreator signature_creator{tx_to, n_in, ConsumeMoney(fuzzed_data_provider), fuzzed_data_provider.ConsumeIntegral<int>()};
116 : 0 : std::vector<unsigned char> vch_sig;
117 [ # # ]: 0 : CKeyID address;
118 [ # # ][ # # ]: 0 : if (fuzzed_data_provider.ConsumeBool()) {
119 [ # # ][ # # ]: 0 : if (k.IsValid()) {
120 [ # # ][ # # ]: 0 : address = k.GetPubKey().GetID();
121 : 0 : }
122 : 0 : } else {
123 [ # # ]: 0 : address = CKeyID{ConsumeUInt160(fuzzed_data_provider)};
124 : : }
125 [ # # ][ # # ]: 0 : (void)signature_creator.CreateSig(provider, vch_sig, address, ConsumeScript(fuzzed_data_provider), fuzzed_data_provider.PickValueInArray({SigVersion::BASE, SigVersion::WITNESS_V0}));
126 : 0 : }
127 : 0 : std::map<COutPoint, Coin> coins{ConsumeCoins(fuzzed_data_provider)};
128 : 0 : std::map<int, bilingual_str> input_errors;
129 [ # # ][ # # ]: 0 : (void)SignTransaction(sign_transaction_tx_to, &provider, coins, fuzzed_data_provider.ConsumeIntegral<int>(), input_errors);
130 : 0 : }
131 : 0 : }
132 : :
133 : : {
134 [ # # ]: 0 : SignatureData signature_data_1;
135 [ # # ]: 0 : (void)ProduceSignature(provider, DUMMY_SIGNATURE_CREATOR, ConsumeScript(fuzzed_data_provider), signature_data_1);
136 [ # # ]: 0 : SignatureData signature_data_2;
137 [ # # ]: 0 : (void)ProduceSignature(provider, DUMMY_MAXIMUM_SIGNATURE_CREATOR, ConsumeScript(fuzzed_data_provider), signature_data_2);
138 : 0 : }
139 : 0 : }
|
