Merge #871: Remove a bit of validation-related cruft

bd8fca6 miniscript: replace decode_with_ext(., Ext::allow_all) with decode_consensus (Andrew Poelstra)
3dd006a miniscript: remove Ctx::check_witness (Andrew Poelstra)

Pull request description:

  This PR contains two mostly-unrelated commits.
  
  The first removes the `Ctx::check_witness` function, which is a no-op for the overwhelmingly common case that users are working with sane Miniscripts, and probably wrong in uncommon cases.
  
  The second one removes the `decode_insane` method, replacing it with `decode_consensus` which allows much more stuff. The premise here is that "insane" Miniscripts are about allowing well-formed scripts that might not be analyzable because they violate some sanity rules, while "consensus" Miniscripts are anything the library can parse, no matter how half-baked or incomplete it is. When parsing strings we want "insane", when parsing on-chain scripts we want "consensus". The difference, for now, is that "consensus" Miniscripts can have raw pkhs while "insane" ones cannot.
  
  More details in the commit messages.


ACKs for top commit:
  tcharding:
    ACK bd8fca6 - My review does not hold much weight.
  sanket1729:
    ACK bd8fca6


Tree-SHA512: c889fc66debde8bc8942ad1db5522ece660cded6962a7b3833d5465759a69063f57ea1283fccb89ad66836ec58114fb7ffb57586440e31c0917caf7b658c8fb9

Author: apoelstra

src/interpreter/inner.rs

@@ -8,7 +8,7 @@ use bitcoin::Witness;
 use super::{stack, BitcoinKey, Error, Stack};
 use crate::miniscript::context::{NoChecks, ScriptContext, SigType};
 use crate::prelude::*;
-use crate::{BareCtx, ExtParams, Legacy, Miniscript, Segwitv0, Tap, ToPublicKey, Translator};
+use crate::{BareCtx, Legacy, Miniscript, Segwitv0, Tap, ToPublicKey, Translator};
 
 /// Attempts to parse a slice as a Bitcoin public key, checking compressedness
 /// if asked to, but otherwise dropping it
@@ -43,8 +43,7 @@ fn script_from_stack_elem<Ctx: ScriptContext>(
 ) -> Result<Miniscript<Ctx::Key, Ctx>, Error> {
     match *elem {
         stack::Element::Push(sl) => {
-            Miniscript::decode_with_ext(bitcoin::Script::from_bytes(sl), &ExtParams::allow_all())
-                .map_err(Error::from)
+            Miniscript::decode_consensus(bitcoin::Script::from_bytes(sl)).map_err(Error::from)
         }
         stack::Element::Satisfied => Ok(Miniscript::TRUE),
         stack::Element::Dissatisfied => Ok(Miniscript::FALSE),
@@ -327,10 +326,7 @@ pub(super) fn from_txdata<'txin>(
     } else {
         if wit_stack.is_empty() {
             // Bare script parsed in BareCtx
-            let miniscript = Miniscript::<bitcoin::PublicKey, BareCtx>::decode_with_ext(
-                spk,
-                &ExtParams::allow_all(),
-            )?;
+            let miniscript = Miniscript::<bitcoin::PublicKey, BareCtx>::decode_consensus(spk)?;
             let miniscript = miniscript.to_no_checks_ms();
             Ok((Inner::Script(miniscript, ScriptType::Bare), ssig_stack, Some(spk.to_owned())))
         } else {
@@ -678,8 +674,7 @@ mod tests {
     }
 
     fn ms_inner_script(ms: &str) -> (Miniscript<BitcoinKey, NoChecks>, bitcoin::ScriptBuf) {
-        let ms = Miniscript::<bitcoin::PublicKey, Segwitv0>::from_str_ext(ms, &ExtParams::insane())
-            .unwrap();
+        let ms = Miniscript::<bitcoin::PublicKey, Segwitv0>::from_str_insane(ms).unwrap();
         let spk = ms.encode();
         let miniscript = ms.to_no_checks_ms();
         (miniscript, spk)

src/miniscript/context.rs

@@ -15,7 +15,6 @@ use crate::miniscript::limits::{
 };
 use crate::miniscript::types;
 use crate::prelude::*;
-use crate::util::witness_to_scriptsig;
 use crate::{hash256, Error, ForEachKey, Miniscript, MiniscriptKey, Terminal};
 
 /// Error for Script Context
@@ -189,16 +188,6 @@ where
         _frag: &Terminal<Pk, Self>,
     ) -> Result<(), ScriptContextError>;
 
-    /// Check whether the given satisfaction is valid under the ScriptContext
-    /// For example, segwit satisfactions may fail if the witness len is more
-    /// 3600 or number of stack elements are more than 100.
-    fn check_witness(_witness: &[Vec<u8>]) -> Result<(), ScriptContextError> {
-        // Only really need to do this for segwitv0 and legacy
-        // Bare is already restricted by standardness rules
-        // and would reach these limits.
-        Ok(())
-    }
-
     /// Each context has slightly different rules on what Pks are allowed in descriptors
     /// Legacy/Bare does not allow x_only keys
     /// Segwit does not allow uncompressed keys and x_only keys
@@ -389,19 +378,6 @@ impl ScriptContext for Legacy {
         }
     }
 
-    fn check_witness(witness: &[Vec<u8>]) -> Result<(), ScriptContextError> {
-        // In future, we could avoid by having a function to count only
-        // len of script instead of converting it.
-        let script_sig = witness_to_scriptsig(witness);
-        if script_sig.len() > MAX_SCRIPTSIG_SIZE {
-            return Err(ScriptContextError::MaxScriptSigSizeExceeded {
-                actual: script_sig.len(),
-                limit: MAX_SCRIPTSIG_SIZE,
-            });
-        }
-        Ok(())
-    }
-
     fn check_global_consensus_validity<Pk: MiniscriptKey>(
         ms: &Miniscript<Pk, Self>,
     ) -> Result<(), ScriptContextError> {
@@ -506,16 +482,6 @@ impl ScriptContext for Segwitv0 {
         }
     }
 
-    fn check_witness(witness: &[Vec<u8>]) -> Result<(), ScriptContextError> {
-        if witness.len() > MAX_STANDARD_P2WSH_STACK_ITEMS {
-            return Err(ScriptContextError::MaxWitnessItemsExceeded {
-                actual: witness.len(),
-                limit: MAX_STANDARD_P2WSH_STACK_ITEMS,
-            });
-        }
-        Ok(())
-    }
-
     fn check_global_consensus_validity<Pk: MiniscriptKey>(
         ms: &Miniscript<Pk, Self>,
     ) -> Result<(), ScriptContextError> {
@@ -627,17 +593,6 @@ impl ScriptContext for Tap {
         }
     }
 
-    fn check_witness(witness: &[Vec<u8>]) -> Result<(), ScriptContextError> {
-        // Note that tapscript has a 1000 limit compared to 100 of segwitv0
-        if witness.len() > MAX_STACK_SIZE {
-            return Err(ScriptContextError::MaxWitnessItemsExceeded {
-                actual: witness.len(),
-                limit: MAX_STACK_SIZE,
-            });
-        }
-        Ok(())
-    }
-
     fn check_global_consensus_validity<Pk: MiniscriptKey>(
         ms: &Miniscript<Pk, Self>,
     ) -> Result<(), ScriptContextError> {
@@ -882,13 +837,6 @@ impl ScriptContext for NoChecks {
         "NochecksEcdsa"
     }
 
-    fn check_witness(_witness: &[Vec<u8>]) -> Result<(), ScriptContextError> {
-        // Only really need to do this for segwitv0 and legacy
-        // Bare is already restricted by standardness rules
-        // and would reach these limits.
-        Ok(())
-    }
-
     fn check_global_validity<Pk: MiniscriptKey>(
         ms: &Miniscript<Pk, Self>,
     ) -> Result<(), ScriptContextError> {

src/miniscript/mod.rs

@@ -471,10 +471,7 @@ impl<Pk: MiniscriptKey, Ctx: ScriptContext> Miniscript<Pk, Ctx> {
         Pk: ToPublicKey,
     {
         match satisfaction.stack {
-            satisfy::Witness::Stack(stack) => {
-                Ctx::check_witness(&stack)?;
-                Ok(stack)
-            }
+            satisfy::Witness::Stack(stack) => Ok(stack),
             satisfy::Witness::Unavailable | satisfy::Witness::Impossible => {
                 Err(Error::CouldNotSatisfy)
             }
@@ -522,24 +519,17 @@ impl Miniscript<<Tap as ScriptContext>::Key, Tap> {
 }
 
 impl<Ctx: ScriptContext> Miniscript<Ctx::Key, Ctx> {
-    /// Attempt to parse an insane(scripts don't clear sanity checks)
-    /// script into a Miniscript representation.
-    /// Use this to parse scripts with repeated pubkeys, timelock mixing, malleable
-    /// scripts without sig or scripts that can exceed resource limits.
-    /// Some of the analysis guarantees of miniscript are lost when dealing with
-    /// insane scripts. In general, in a multi-party setting users should only
-    /// accept sane scripts.
-    pub fn decode_insane(script: &script::Script) -> Result<Miniscript<Ctx::Key, Ctx>, Error> {
-        Miniscript::decode_with_ext(script, &ExtParams::insane())
+    /// Attempt to decode a Miniscript from Script, checking only for consensus compatibility,
+    /// and no other checks.
+    ///
+    /// It may make sense to use this method when parsing Script that is already
+    /// embedded in the chain. While it is inadvisable to use insane Miniscripts,
+    /// once it's on the chain you don't have much choice anymore.
+    pub fn decode_consensus(script: &script::Script) -> Result<Miniscript<Ctx::Key, Ctx>, Error> {
+        Miniscript::decode_with_ext(script, &ExtParams::allow_all())
     }
 
-    /// Attempt to parse an miniscript with extra features that not yet specified in the spec.
-    /// Users should not use this function unless they scripts can/will change in the future.
-    /// Currently, this function supports the following features:
-    ///     - Parsing all insane scripts
-    ///     - Parsing miniscripts with raw pubkey hashes
-    ///
-    /// Allowed extra features can be specified by the ext [`ExtParams`] argument.
+    /// Attempt to decode a Miniscript from Script, specifying which validation parameters to apply.
     pub fn decode_with_ext(
         script: &script::Script,
         ext: &ExtParams,
@@ -564,7 +554,7 @@ impl<Ctx: ScriptContext> Miniscript<Ctx::Key, Ctx> {
     /// Attempt to parse a Script into Miniscript representation.
     ///
     /// This function will fail parsing for scripts that do not clear the
-    /// [`Miniscript::sanity_check`] checks. Use [`Miniscript::decode_insane`] to
+    /// [`Miniscript::sanity_check`] checks. Use [`Miniscript::decode_consensus`] to
     /// parse such scripts.
     ///
     /// ## Decode/Parse a miniscript from script hex
@@ -1164,8 +1154,8 @@ mod tests {
             assert_eq!(format!("{:x}", bitcoin_script), expected);
         }
         // Parse scripts with all extensions
-        let roundtrip = Segwitv0Script::decode_with_ext(&bitcoin_script, &ExtParams::allow_all())
-            .expect("parse string serialization");
+        let roundtrip =
+            Segwitv0Script::decode_consensus(&bitcoin_script).expect("parse string serialization");
         assert_eq!(roundtrip, script);
     }
 
@@ -1174,7 +1164,8 @@ mod tests {
         let ser = tree.encode();
         assert_eq!(ser.len(), tree.script_size());
         assert_eq!(ser.to_string(), s);
-        let deser = Segwitv0Script::decode_insane(&ser).expect("deserialize result of serialize");
+        let deser =
+            Segwitv0Script::decode_consensus(&ser).expect("deserialize result of serialize");
         assert_eq!(*tree, deser);
     }
 
@@ -1315,19 +1306,19 @@ mod tests {
     fn verify_parse() {
         let ms = "and_v(v:hash160(20195b5a3d650c17f0f29f91c33f8f6335193d07),or_d(sha256(96de8fc8c256fa1e1556d41af431cace7dca68707c78dd88c3acab8b17164c47),older(16)))";
         let ms: Segwitv0Script = Miniscript::from_str_insane(ms).unwrap();
-        assert_eq!(ms, Segwitv0Script::decode_insane(&ms.encode()).unwrap());
+        assert_eq!(ms, Segwitv0Script::decode_consensus(&ms.encode()).unwrap());
 
         let ms = "and_v(v:sha256(96de8fc8c256fa1e1556d41af431cace7dca68707c78dd88c3acab8b17164c47),or_d(sha256(96de8fc8c256fa1e1556d41af431cace7dca68707c78dd88c3acab8b17164c47),older(16)))";
         let ms: Segwitv0Script = Miniscript::from_str_insane(ms).unwrap();
-        assert_eq!(ms, Segwitv0Script::decode_insane(&ms.encode()).unwrap());
+        assert_eq!(ms, Segwitv0Script::decode_consensus(&ms.encode()).unwrap());
 
         let ms = "and_v(v:ripemd160(20195b5a3d650c17f0f29f91c33f8f6335193d07),or_d(sha256(96de8fc8c256fa1e1556d41af431cace7dca68707c78dd88c3acab8b17164c47),older(16)))";
         let ms: Segwitv0Script = Miniscript::from_str_insane(ms).unwrap();
-        assert_eq!(ms, Segwitv0Script::decode_insane(&ms.encode()).unwrap());
+        assert_eq!(ms, Segwitv0Script::decode_consensus(&ms.encode()).unwrap());
 
         let ms = "and_v(v:hash256(96de8fc8c256fa1e1556d41af431cace7dca68707c78dd88c3acab8b17164c47),or_d(sha256(96de8fc8c256fa1e1556d41af431cace7dca68707c78dd88c3acab8b17164c47),older(16)))";
         let ms: Segwitv0Script = Miniscript::from_str_insane(ms).unwrap();
-        assert_eq!(ms, Segwitv0Script::decode_insane(&ms.encode()).unwrap());
+        assert_eq!(ms, Segwitv0Script::decode_consensus(&ms.encode()).unwrap());
     }
 
     #[test]
@@ -1518,21 +1509,21 @@ mod tests {
     #[test]
     fn deserialize() {
         // Most of these came from fuzzing, hence the increasing lengths
-        assert!(Segwitv0Script::decode_insane(&hex_script("")).is_err()); // empty
-        assert!(Segwitv0Script::decode_insane(&hex_script("00")).is_ok()); // FALSE
-        assert!(Segwitv0Script::decode_insane(&hex_script("51")).is_ok()); // TRUE
-        assert!(Segwitv0Script::decode_insane(&hex_script("69")).is_err()); // VERIFY
-        assert!(Segwitv0Script::decode_insane(&hex_script("0000")).is_err()); //and_v(FALSE,FALSE)
-        assert!(Segwitv0Script::decode_insane(&hex_script("1001")).is_err()); // incomplete push
-        assert!(Segwitv0Script::decode_insane(&hex_script("03990300b2")).is_err()); // non-minimal #
-        assert!(Segwitv0Script::decode_insane(&hex_script("8559b2")).is_err()); // leading bytes
-        assert!(Segwitv0Script::decode_insane(&hex_script("4c0169b2")).is_err()); // non-minimal push
-        assert!(Segwitv0Script::decode_insane(&hex_script("0000af0000ae85")).is_err()); // OR not BOOLOR
+        assert!(Segwitv0Script::decode_consensus(&hex_script("")).is_err()); // empty
+        assert!(Segwitv0Script::decode_consensus(&hex_script("00")).is_ok()); // FALSE
+        assert!(Segwitv0Script::decode_consensus(&hex_script("51")).is_ok()); // TRUE
+        assert!(Segwitv0Script::decode_consensus(&hex_script("69")).is_err()); // VERIFY
+        assert!(Segwitv0Script::decode_consensus(&hex_script("0000")).is_err()); //and_v(FALSE,FALSE)
+        assert!(Segwitv0Script::decode_consensus(&hex_script("1001")).is_err()); // incomplete push
+        assert!(Segwitv0Script::decode_consensus(&hex_script("03990300b2")).is_err()); // non-minimal #
+        assert!(Segwitv0Script::decode_consensus(&hex_script("8559b2")).is_err()); // leading bytes
+        assert!(Segwitv0Script::decode_consensus(&hex_script("4c0169b2")).is_err()); // non-minimal push
+        assert!(Segwitv0Script::decode_consensus(&hex_script("0000af0000ae85")).is_err()); // OR not BOOLOR
 
         // misc fuzzer problems
-        assert!(Segwitv0Script::decode_insane(&hex_script("0000000000af")).is_err());
-        assert!(Segwitv0Script::decode_insane(&hex_script("04009a2970af00")).is_err()); // giant CMS key num
-        assert!(Segwitv0Script::decode_insane(&hex_script(
+        assert!(Segwitv0Script::decode_consensus(&hex_script("0000000000af")).is_err());
+        assert!(Segwitv0Script::decode_consensus(&hex_script("04009a2970af00")).is_err()); // giant CMS key num
+        assert!(Segwitv0Script::decode_consensus(&hex_script(
             "2102ffffffffffffffefefefefefefefefefefef394c0fe5b711179e124008584753ac6900"
         ))
         .is_err());
@@ -1572,22 +1563,22 @@ mod tests {
 
         //---------------- test script <-> miniscript ---------------
         // Test parsing from scripts: x-only fails decoding in segwitv0 ctx
-        Segwitv0Script::decode_insane(&hex_script(
+        Segwitv0Script::decode_consensus(&hex_script(
             "202788ee41e76f4f3af603da5bc8fa22997bc0344bb0f95666ba6aaff0242baa99ac",
         ))
         .unwrap_err();
         // x-only succeeds in tap ctx
-        Tapscript::decode_insane(&hex_script(
+        Tapscript::decode_consensus(&hex_script(
             "202788ee41e76f4f3af603da5bc8fa22997bc0344bb0f95666ba6aaff0242baa99ac",
         ))
         .unwrap();
         // tapscript fails decoding with compressed
-        Tapscript::decode_insane(&hex_script(
+        Tapscript::decode_consensus(&hex_script(
             "21022788ee41e76f4f3af603da5bc8fa22997bc0344bb0f95666ba6aaff0242baa99ac",
         ))
         .unwrap_err();
         // Segwitv0 succeeds decoding with tapscript.
-        Segwitv0Script::decode_insane(&hex_script(
+        Segwitv0Script::decode_consensus(&hex_script(
             "21022788ee41e76f4f3af603da5bc8fa22997bc0344bb0f95666ba6aaff0242baa99ac",
         ))
         .unwrap();
@@ -1623,7 +1614,7 @@ mod tests {
             .unwrap();
         // script rtt test
         assert_eq!(
-            Miniscript::<XOnlyPublicKey, Tap>::decode_insane(&tap_ms.encode()).unwrap(),
+            Miniscript::<XOnlyPublicKey, Tap>::decode_consensus(&tap_ms.encode()).unwrap(),
             tap_ms
         );
         assert_eq!(tap_ms.script_size(), 104);
@@ -1664,7 +1655,7 @@ mod tests {
         .unwrap();
         let ms_trans = ms.translate_pk(&mut StrKeyTranslator::new()).unwrap();
         let enc = ms_trans.encode();
-        let ms = Miniscript::<bitcoin::PublicKey, Segwitv0>::decode_insane(&enc).unwrap();
+        let ms = Miniscript::<bitcoin::PublicKey, Segwitv0>::decode_consensus(&enc).unwrap();
         assert_eq!(ms_trans.encode(), ms.encode());
     }
 
@@ -1687,8 +1678,8 @@ mod tests {
         let script = ms.encode();
         // The same test, but parsing from script
         SegwitMs::decode(&script).unwrap_err();
-        SegwitMs::decode_insane(&script).unwrap_err();
-        SegwitMs::decode_with_ext(&script, &ExtParams::allow_all()).unwrap();
+        SegwitMs::decode_with_ext(&script, &ExtParams::insane()).unwrap_err();
+        SegwitMs::decode_consensus(&script).unwrap();
 
         // Try replacing the raw_pkh with a pkh
         let mut map = BTreeMap::new();
@@ -1880,7 +1871,7 @@ mod tests {
         for _ in 0..10000 {
             script = script.push_opcode(bitcoin::opcodes::all::OP_0NOTEQUAL);
         }
-        Tapscript::decode_insane(&script.into_script()).unwrap_err();
+        Tapscript::decode_consensus(&script.into_script()).unwrap_err();
     }
 
     #[test]