From 587e8d0c9cec40383e9bcd9068c85fe778a5e170 Mon Sep 17 00:00:00 2001 From: Antoine Poinsot Date: Sun, 9 Oct 2022 15:50:27 +0200 Subject: [PATCH] qa: add a fuzz target ensuring the sighash behaviour for non APO keys was conserved This fuzz targets copied the SignatureHashSchnorr function for Bitcoin Core 23.0 and checks the output of the APO-ready SignatureHashSchnorr from this branch against it. This is to make sure the behaviour of the function was not changed for non ANYPREVOUT keys, which would make some previously valid signatures invalid and, even worse, some previously invalid signatures valid. --- src/Makefile.test.include | 1 + src/script/interpreter.cpp | 4 + src/test/fuzz/anyprevout.cpp | 187 +++++++++++++++++++++++++++++++++++ 3 files changed, 192 insertions(+) create mode 100644 src/test/fuzz/anyprevout.cpp diff --git a/src/Makefile.test.include b/src/Makefile.test.include index 22ba9ee90ba609..b2ef42805e59be 100644 --- a/src/Makefile.test.include +++ b/src/Makefile.test.include @@ -289,6 +289,7 @@ test_fuzz_fuzz_SOURCES = \ $(FUZZ_WALLET_SRC) \ test/fuzz/addition_overflow.cpp \ test/fuzz/addrman.cpp \ + test/fuzz/anyprevout.cpp \ test/fuzz/asmap.cpp \ test/fuzz/asmap_direct.cpp \ test/fuzz/autofile.cpp \ diff --git a/src/script/interpreter.cpp b/src/script/interpreter.cpp index 36bdaca998ebf1..d942f0893b2a68 100644 --- a/src/script/interpreter.cpp +++ b/src/script/interpreter.cpp @@ -1671,9 +1671,11 @@ bool SignatureHashSchnorr(uint256& hash_out, ScriptExecutionData& execdata, cons ss << cache.m_spent_outputs[in_pos]; ss << tx_to.vin[in_pos].nSequence; } else if (input_type == SIGHASH_ANYPREVOUT) { + assert(keyversion == KeyVersion::ANYPREVOUT); ss << cache.m_spent_outputs[in_pos]; ss << tx_to.vin[in_pos].nSequence; } else if (input_type == SIGHASH_ANYPREVOUTANYSCRIPT) { + assert(keyversion == KeyVersion::ANYPREVOUT); ss << tx_to.vin[in_pos].nSequence; } else { ss << in_pos; @@ -1698,6 +1700,8 @@ bool SignatureHashSchnorr(uint256& hash_out, ScriptExecutionData& execdata, cons assert(execdata.m_tapleaf_hash_init); if (input_type != SIGHASH_ANYPREVOUTANYSCRIPT) { ss << execdata.m_tapleaf_hash; + } else { + assert(keyversion == KeyVersion::ANYPREVOUT); } ss << uint8_t(keyversion); assert(execdata.m_codeseparator_pos_init); diff --git a/src/test/fuzz/anyprevout.cpp b/src/test/fuzz/anyprevout.cpp new file mode 100644 index 00000000000000..14fe0beb40b2e6 --- /dev/null +++ b/src/test/fuzz/anyprevout.cpp @@ -0,0 +1,187 @@ +// Copyright (c) 2020 The Bitcoin Core developers +// Distributed under the MIT software license, see the accompanying +// file COPYING or http://www.opensource.org/licenses/mit-license.php. + +#include +#include +#include