Branch data Line data Source code
1 : : // Copyright (c) 2020-2022 The Bitcoin Core developers
2 : : // Distributed under the MIT software license, see the accompanying
3 : : // file COPYING or http://www.opensource.org/licenses/mit-license.php.
4 : :
5 : : #include <chainparams.h>
6 : : #include <key.h>
7 : : #include <key_io.h>
8 : : #include <outputtype.h>
9 : : #include <policy/policy.h>
10 : : #include <pubkey.h>
11 : : #include <rpc/util.h>
12 : : #include <script/keyorigin.h>
13 : : #include <script/script.h>
14 : : #include <script/sign.h>
15 : : #include <script/signingprovider.h>
16 : : #include <script/solver.h>
17 : : #include <streams.h>
18 : : #include <test/fuzz/FuzzedDataProvider.h>
19 : : #include <test/fuzz/fuzz.h>
20 : : #include <test/fuzz/util.h>
21 : : #include <util/chaintype.h>
22 : : #include <util/strencodings.h>
23 : :
24 : : #include <array>
25 : : #include <cassert>
26 : : #include <cstddef>
27 : : #include <cstdint>
28 : : #include <numeric>
29 : : #include <optional>
30 : : #include <string>
31 : : #include <vector>
32 : :
33 : 0 : void initialize_key()
34 : : {
35 [ # # # # : 0 : static ECC_Context ecc_context{};
# # ]
36 : 0 : SelectParams(ChainType::REGTEST);
37 : 0 : }
38 : :
39 [ # # ]: 0 : FUZZ_TARGET(key, .init = initialize_key)
40 : : {
41 : 0 : const CKey key = [&] {
42 : 0 : CKey k;
43 [ # # ]: 0 : k.Set(buffer.begin(), buffer.end(), true);
44 : 0 : return k;
45 : 0 : }();
46 [ # # ]: 0 : if (!key.IsValid()) {
47 : 0 : return;
48 : : }
49 : :
50 : 0 : {
51 [ # # ]: 0 : assert(key.begin() + key.size() == key.end());
52 [ # # ]: 0 : assert(key.IsCompressed());
53 [ # # ]: 0 : assert(key.size() == 32);
54 [ # # # # : 0 : assert(DecodeSecret(EncodeSecret(key)) == key);
# # ]
55 : : }
56 : :
57 : 0 : {
58 : 0 : CKey invalid_key;
59 [ # # ]: 0 : assert(!(invalid_key == key));
60 : 0 : assert(!invalid_key.IsCompressed());
61 : 0 : assert(!invalid_key.IsValid());
62 : 0 : assert(invalid_key.size() == 0);
63 : 0 : }
64 : :
65 : 0 : {
66 : 0 : CKey uncompressed_key;
67 [ # # ]: 0 : uncompressed_key.Set(buffer.begin(), buffer.end(), false);
68 [ # # ]: 0 : assert(!(uncompressed_key == key));
69 [ # # ]: 0 : assert(!uncompressed_key.IsCompressed());
70 [ # # ]: 0 : assert(key.size() == 32);
71 [ # # # # : 0 : assert(uncompressed_key.begin() + uncompressed_key.size() == uncompressed_key.end());
# # # # ]
72 [ # # ]: 0 : assert(uncompressed_key.IsValid());
73 : 0 : }
74 : :
75 : 0 : {
76 : 0 : CKey copied_key;
77 [ # # # # : 0 : copied_key.Set(key.begin(), key.end(), key.IsCompressed());
# # ]
78 [ # # ]: 0 : assert(copied_key == key);
79 : 0 : }
80 : :
81 [ # # ]: 0 : const uint256 random_uint256 = Hash(buffer);
82 : :
83 : 0 : {
84 : 0 : CKey child_key;
85 : 0 : ChainCode child_chaincode;
86 [ # # ]: 0 : const bool ok = key.Derive(child_key, child_chaincode, 0, random_uint256);
87 [ # # ]: 0 : assert(ok);
88 [ # # ]: 0 : assert(child_key.IsValid());
89 [ # # ]: 0 : assert(!(child_key == key));
90 [ # # ]: 0 : assert(child_chaincode != random_uint256);
91 : 0 : }
92 : :
93 [ # # ]: 0 : const CPubKey pubkey = key.GetPubKey();
94 : :
95 : 0 : {
96 [ # # ]: 0 : assert(pubkey.size() == 33);
97 [ # # # # ]: 0 : assert(key.VerifyPubKey(pubkey));
98 [ # # # # ]: 0 : assert(pubkey.GetHash() != random_uint256);
99 [ # # ]: 0 : assert(pubkey.begin() + pubkey.size() == pubkey.end());
100 : 0 : assert(pubkey.data() == pubkey.begin());
101 [ # # ]: 0 : assert(pubkey.IsCompressed());
102 [ # # ]: 0 : assert(pubkey.IsValid());
103 [ # # # # ]: 0 : assert(pubkey.IsFullyValid());
104 [ # # # # : 0 : assert(HexToPubKey(HexStr(pubkey)) == pubkey);
# # ]
105 [ # # # # ]: 0 : assert(GetAllDestinationsForKey(pubkey).size() == 3);
106 : : }
107 : :
108 : 0 : {
109 : 0 : DataStream data_stream{};
110 [ # # ]: 0 : pubkey.Serialize(data_stream);
111 : :
112 [ # # ]: 0 : CPubKey pubkey_deserialized;
113 [ # # ]: 0 : pubkey_deserialized.Unserialize(data_stream);
114 [ # # ]: 0 : assert(pubkey_deserialized == pubkey);
115 : 0 : }
116 : :
117 : 0 : {
118 [ # # ]: 0 : const CScript tx_pubkey_script = GetScriptForRawPubKey(pubkey);
119 [ # # # # ]: 0 : assert(!tx_pubkey_script.IsPayToScriptHash());
120 [ # # # # ]: 0 : assert(!tx_pubkey_script.IsPayToWitnessScriptHash());
121 [ # # # # ]: 0 : assert(!tx_pubkey_script.IsPushOnly());
122 [ # # ]: 0 : assert(!tx_pubkey_script.IsUnspendable());
123 [ # # # # ]: 0 : assert(tx_pubkey_script.HasValidOps());
124 [ # # # # ]: 0 : assert(tx_pubkey_script.size() == 35);
125 : :
126 [ # # # # : 0 : const CScript tx_multisig_script = GetScriptForMultisig(1, {pubkey});
# # ]
127 [ # # # # ]: 0 : assert(!tx_multisig_script.IsPayToScriptHash());
128 [ # # # # ]: 0 : assert(!tx_multisig_script.IsPayToWitnessScriptHash());
129 [ # # # # ]: 0 : assert(!tx_multisig_script.IsPushOnly());
130 [ # # ]: 0 : assert(!tx_multisig_script.IsUnspendable());
131 [ # # # # ]: 0 : assert(tx_multisig_script.HasValidOps());
132 [ # # # # ]: 0 : assert(tx_multisig_script.size() == 37);
133 : :
134 : 0 : FillableSigningProvider fillable_signing_provider;
135 [ # # # # ]: 0 : assert(!IsSegWitOutput(fillable_signing_provider, tx_pubkey_script));
136 [ # # # # ]: 0 : assert(!IsSegWitOutput(fillable_signing_provider, tx_multisig_script));
137 [ # # # # ]: 0 : assert(fillable_signing_provider.GetKeys().size() == 0);
138 [ # # # # : 0 : assert(!fillable_signing_provider.HaveKey(pubkey.GetID()));
# # ]
139 : :
140 [ # # ]: 0 : const bool ok_add_key = fillable_signing_provider.AddKey(key);
141 [ # # ]: 0 : assert(ok_add_key);
142 [ # # # # : 0 : assert(fillable_signing_provider.HaveKey(pubkey.GetID()));
# # ]
143 : :
144 : 0 : FillableSigningProvider fillable_signing_provider_pub;
145 [ # # # # : 0 : assert(!fillable_signing_provider_pub.HaveKey(pubkey.GetID()));
# # ]
146 : :
147 [ # # ]: 0 : const bool ok_add_key_pubkey = fillable_signing_provider_pub.AddKeyPubKey(key, pubkey);
148 [ # # ]: 0 : assert(ok_add_key_pubkey);
149 [ # # # # : 0 : assert(fillable_signing_provider_pub.HaveKey(pubkey.GetID()));
# # ]
150 : :
151 : 0 : TxoutType which_type_tx_pubkey;
152 [ # # ]: 0 : const bool is_standard_tx_pubkey = IsStandard(tx_pubkey_script, std::nullopt, which_type_tx_pubkey);
153 [ # # ]: 0 : assert(is_standard_tx_pubkey);
154 [ # # ]: 0 : assert(which_type_tx_pubkey == TxoutType::PUBKEY);
155 : :
156 : 0 : TxoutType which_type_tx_multisig;
157 [ # # ]: 0 : const bool is_standard_tx_multisig = IsStandard(tx_multisig_script, std::nullopt, which_type_tx_multisig);
158 [ # # ]: 0 : assert(is_standard_tx_multisig);
159 [ # # ]: 0 : assert(which_type_tx_multisig == TxoutType::MULTISIG);
160 : :
161 : 0 : std::vector<std::vector<unsigned char>> v_solutions_ret_tx_pubkey;
162 [ # # ]: 0 : const TxoutType outtype_tx_pubkey = Solver(tx_pubkey_script, v_solutions_ret_tx_pubkey);
163 [ # # ]: 0 : assert(outtype_tx_pubkey == TxoutType::PUBKEY);
164 [ # # ]: 0 : assert(v_solutions_ret_tx_pubkey.size() == 1);
165 [ # # ]: 0 : assert(v_solutions_ret_tx_pubkey[0].size() == 33);
166 : :
167 : 0 : std::vector<std::vector<unsigned char>> v_solutions_ret_tx_multisig;
168 [ # # ]: 0 : const TxoutType outtype_tx_multisig = Solver(tx_multisig_script, v_solutions_ret_tx_multisig);
169 [ # # ]: 0 : assert(outtype_tx_multisig == TxoutType::MULTISIG);
170 [ # # ]: 0 : assert(v_solutions_ret_tx_multisig.size() == 3);
171 [ # # ]: 0 : assert(v_solutions_ret_tx_multisig[0].size() == 1);
172 [ # # ]: 0 : assert(v_solutions_ret_tx_multisig[1].size() == 33);
173 [ # # ]: 0 : assert(v_solutions_ret_tx_multisig[2].size() == 1);
174 : :
175 : 0 : OutputType output_type{};
176 [ # # ]: 0 : const CTxDestination tx_destination = GetDestinationForKey(pubkey, output_type);
177 : 0 : assert(output_type == OutputType::LEGACY);
178 [ # # # # ]: 0 : assert(IsValidDestination(tx_destination));
179 [ # # # # : 0 : assert(PKHash{pubkey} == *std::get_if<PKHash>(&tx_destination));
# # ]
180 : :
181 [ # # ]: 0 : const CScript script_for_destination = GetScriptForDestination(tx_destination);
182 [ # # # # ]: 0 : assert(script_for_destination.size() == 25);
183 : :
184 [ # # ]: 0 : const std::string destination_address = EncodeDestination(tx_destination);
185 [ # # # # ]: 0 : assert(DecodeDestination(destination_address) == tx_destination);
186 : :
187 [ # # ]: 0 : const CPubKey pubkey_from_address_string = AddrToPubKey(fillable_signing_provider, destination_address);
188 [ # # ]: 0 : assert(pubkey_from_address_string == pubkey);
189 : :
190 [ # # ]: 0 : CKeyID key_id = pubkey.GetID();
191 [ # # ]: 0 : assert(!key_id.IsNull());
192 [ # # ]: 0 : assert(key_id == CKeyID{key_id});
193 [ # # # # ]: 0 : assert(key_id == GetKeyForDestination(fillable_signing_provider, tx_destination));
194 : :
195 [ # # ]: 0 : CPubKey pubkey_out;
196 [ # # ]: 0 : const bool ok_get_pubkey = fillable_signing_provider.GetPubKey(key_id, pubkey_out);
197 [ # # ]: 0 : assert(ok_get_pubkey);
198 : :
199 : 0 : CKey key_out;
200 [ # # ]: 0 : const bool ok_get_key = fillable_signing_provider.GetKey(key_id, key_out);
201 [ # # ]: 0 : assert(ok_get_key);
202 [ # # # # ]: 0 : assert(fillable_signing_provider.GetKeys().size() == 1);
203 [ # # # # ]: 0 : assert(fillable_signing_provider.HaveKey(key_id));
204 : :
205 : 0 : KeyOriginInfo key_origin_info;
206 : 0 : const bool ok_get_key_origin = fillable_signing_provider.GetKeyOrigin(key_id, key_origin_info);
207 : 0 : assert(!ok_get_key_origin);
208 : 0 : }
209 : :
210 : 0 : {
211 [ # # ]: 0 : const std::vector<unsigned char> vch_pubkey{pubkey.begin(), pubkey.end()};
212 [ # # ]: 0 : assert(CPubKey::ValidSize(vch_pubkey));
213 [ # # # # ]: 0 : assert(!CPubKey::ValidSize({pubkey.begin(), pubkey.begin() + pubkey.size() - 1}));
214 : :
215 : 0 : const CPubKey pubkey_ctor_1{vch_pubkey};
216 [ # # ]: 0 : assert(pubkey == pubkey_ctor_1);
217 : :
218 : 0 : const CPubKey pubkey_ctor_2{vch_pubkey.begin(), vch_pubkey.end()};
219 [ # # ]: 0 : assert(pubkey == pubkey_ctor_2);
220 : :
221 : 0 : CPubKey pubkey_set;
222 : 0 : pubkey_set.Set(vch_pubkey.begin(), vch_pubkey.end());
223 [ # # ]: 0 : assert(pubkey == pubkey_set);
224 : 0 : }
225 : :
226 : 0 : {
227 [ # # ]: 0 : const CPubKey invalid_pubkey{};
228 [ # # ]: 0 : assert(!invalid_pubkey.IsValid());
229 [ # # # # ]: 0 : assert(!invalid_pubkey.IsFullyValid());
230 [ # # ]: 0 : assert(!(pubkey == invalid_pubkey));
231 : 0 : assert(pubkey != invalid_pubkey);
232 [ # # ]: 0 : assert(pubkey < invalid_pubkey);
233 : : }
234 : :
235 : : {
236 : : // Cover CPubKey's operator[](unsigned int pos)
237 : : unsigned int sum = 0;
238 [ # # ]: 0 : for (size_t i = 0; i < pubkey.size(); ++i) {
239 : 0 : sum += pubkey[i];
240 : : }
241 [ # # ]: 0 : assert(std::accumulate(pubkey.begin(), pubkey.end(), 0U) == sum);
242 : : }
243 : :
244 : 0 : {
245 : 0 : CPubKey decompressed_pubkey = pubkey;
246 [ # # ]: 0 : assert(decompressed_pubkey.IsCompressed());
247 : :
248 [ # # ]: 0 : const bool ok = decompressed_pubkey.Decompress();
249 [ # # ]: 0 : assert(ok);
250 [ # # ]: 0 : assert(!decompressed_pubkey.IsCompressed());
251 [ # # ]: 0 : assert(decompressed_pubkey.size() == 65);
252 : : }
253 : :
254 : 0 : {
255 : 0 : std::vector<unsigned char> vch_sig;
256 [ # # ]: 0 : const bool ok = key.Sign(random_uint256, vch_sig, false);
257 [ # # ]: 0 : assert(ok);
258 [ # # # # ]: 0 : assert(pubkey.Verify(random_uint256, vch_sig));
259 [ # # # # ]: 0 : assert(CPubKey::CheckLowS(vch_sig));
260 : :
261 [ # # ]: 0 : const std::vector<unsigned char> vch_invalid_sig{vch_sig.begin(), vch_sig.begin() + vch_sig.size() - 1};
262 [ # # # # ]: 0 : assert(!pubkey.Verify(random_uint256, vch_invalid_sig));
263 [ # # # # ]: 0 : assert(!CPubKey::CheckLowS(vch_invalid_sig));
264 : 0 : }
265 : :
266 : 0 : {
267 : 0 : std::vector<unsigned char> vch_compact_sig;
268 [ # # ]: 0 : const bool ok_sign_compact = key.SignCompact(random_uint256, vch_compact_sig);
269 [ # # ]: 0 : assert(ok_sign_compact);
270 : :
271 [ # # ]: 0 : CPubKey recover_pubkey;
272 [ # # ]: 0 : const bool ok_recover_compact = recover_pubkey.RecoverCompact(random_uint256, vch_compact_sig);
273 [ # # ]: 0 : assert(ok_recover_compact);
274 [ # # ]: 0 : assert(recover_pubkey == pubkey);
275 : 0 : }
276 : :
277 : 0 : {
278 [ # # ]: 0 : CPubKey child_pubkey;
279 : 0 : ChainCode child_chaincode;
280 [ # # ]: 0 : const bool ok = pubkey.Derive(child_pubkey, child_chaincode, 0, random_uint256);
281 [ # # ]: 0 : assert(ok);
282 [ # # ]: 0 : assert(child_pubkey != pubkey);
283 [ # # ]: 0 : assert(child_pubkey.IsCompressed());
284 [ # # # # ]: 0 : assert(child_pubkey.IsFullyValid());
285 [ # # ]: 0 : assert(child_pubkey.IsValid());
286 [ # # ]: 0 : assert(child_pubkey.size() == 33);
287 [ # # ]: 0 : assert(child_chaincode != random_uint256);
288 : : }
289 : :
290 [ # # ]: 0 : const CPrivKey priv_key = key.GetPrivKey();
291 : :
292 : 0 : {
293 [ # # ]: 0 : for (const bool skip_check : {true, false}) {
294 : 0 : CKey loaded_key;
295 [ # # ]: 0 : const bool ok = loaded_key.Load(priv_key, pubkey, skip_check);
296 [ # # ]: 0 : assert(ok);
297 [ # # ]: 0 : assert(key == loaded_key);
298 : 0 : }
299 : : }
300 : 0 : }
301 : :
302 [ # # ]: 0 : FUZZ_TARGET(ellswift_roundtrip, .init = initialize_key)
303 : : {
304 : 0 : FuzzedDataProvider fdp{buffer.data(), buffer.size()};
305 : :
306 : 0 : CKey key = ConsumePrivateKey(fdp, /*compressed=*/true);
307 [ # # ]: 0 : if (!key.IsValid()) return;
308 : :
309 [ # # ]: 0 : auto ent32 = fdp.ConsumeBytes<std::byte>(32);
310 [ # # ]: 0 : ent32.resize(32);
311 : :
312 [ # # ]: 0 : auto encoded_ellswift = key.EllSwiftCreate(ent32);
313 [ # # ]: 0 : auto decoded_pubkey = encoded_ellswift.Decode();
314 : :
315 : 0 : uint256 hash{ConsumeUInt256(fdp)};
316 : 0 : std::vector<unsigned char> sig;
317 [ # # ]: 0 : key.Sign(hash, sig);
318 [ # # # # ]: 0 : assert(decoded_pubkey.Verify(hash, sig));
319 : 0 : }
320 : :
321 [ # # ]: 0 : FUZZ_TARGET(bip324_ecdh, .init = initialize_key)
322 : : {
323 : 0 : FuzzedDataProvider fdp{buffer.data(), buffer.size()};
324 : :
325 : : // We generate private key, k1.
326 : 0 : CKey k1 = ConsumePrivateKey(fdp, /*compressed=*/true);
327 [ # # ]: 0 : if (!k1.IsValid()) return;
328 : :
329 : : // They generate private key, k2.
330 : 0 : CKey k2 = ConsumePrivateKey(fdp, /*compressed=*/true);
331 [ # # ]: 0 : if (!k2.IsValid()) return;
332 : :
333 : : // We construct an ellswift encoding for our key, k1_ellswift.
334 [ # # ]: 0 : auto ent32_1 = fdp.ConsumeBytes<std::byte>(32);
335 [ # # ]: 0 : ent32_1.resize(32);
336 [ # # ]: 0 : auto k1_ellswift = k1.EllSwiftCreate(ent32_1);
337 : :
338 : : // They construct an ellswift encoding for their key, k2_ellswift.
339 [ # # ]: 0 : auto ent32_2 = fdp.ConsumeBytes<std::byte>(32);
340 [ # # ]: 0 : ent32_2.resize(32);
341 [ # # ]: 0 : auto k2_ellswift = k2.EllSwiftCreate(ent32_2);
342 : :
343 : : // They construct another (possibly distinct) ellswift encoding for their key, k2_ellswift_bad.
344 [ # # ]: 0 : auto ent32_2_bad = fdp.ConsumeBytes<std::byte>(32);
345 [ # # ]: 0 : ent32_2_bad.resize(32);
346 [ # # ]: 0 : auto k2_ellswift_bad = k2.EllSwiftCreate(ent32_2_bad);
347 [ # # ]: 0 : assert((ent32_2_bad == ent32_2) == (k2_ellswift_bad == k2_ellswift));
348 : :
349 : : // Determine who is who.
350 : 0 : bool initiating = fdp.ConsumeBool();
351 : :
352 : : // We compute our shared secret using our key and their public key.
353 [ # # ]: 0 : auto ecdh_secret_1 = k1.ComputeBIP324ECDHSecret(k2_ellswift, k1_ellswift, initiating);
354 : : // They compute their shared secret using their key and our public key.
355 [ # # ]: 0 : auto ecdh_secret_2 = k2.ComputeBIP324ECDHSecret(k1_ellswift, k2_ellswift, !initiating);
356 : : // Those must match, as everyone is behaving correctly.
357 [ # # ]: 0 : assert(ecdh_secret_1 == ecdh_secret_2);
358 : :
359 [ # # ]: 0 : if (k1_ellswift != k2_ellswift) {
360 : : // Unless the two keys are exactly identical, acting as the wrong party breaks things.
361 [ # # ]: 0 : auto ecdh_secret_bad = k1.ComputeBIP324ECDHSecret(k2_ellswift, k1_ellswift, !initiating);
362 [ # # ]: 0 : assert(ecdh_secret_bad != ecdh_secret_1);
363 : : }
364 : :
365 [ # # ]: 0 : if (k2_ellswift_bad != k2_ellswift) {
366 : : // Unless both encodings created by them are identical, using the second one breaks things.
367 [ # # ]: 0 : auto ecdh_secret_bad = k1.ComputeBIP324ECDHSecret(k2_ellswift_bad, k1_ellswift, initiating);
368 [ # # ]: 0 : assert(ecdh_secret_bad != ecdh_secret_1);
369 : : }
370 : 0 : }
|
