miniscript: replace decode_with_ext(., Ext::allow_all) with decode_consensus

Currently we have decode() and decode_insane() (which were both called
parse_* before PR #845). In practice though, throughout the codebase we
see that when decoding from script we want to relax more than sanity.

In particular, we frequently with ExtParams::allow_all, which beyond
relaxing the sanity rules, also allows raw pubkeyhashes. We do this in
the script interpreter and in PSBT, on the basis that once we're working
with a script, we should just deal with whatever the library is capable
of dealing with. (Is this the right decision? IMO yes. It could be
argued. But regardless, it's the decision we've made for the past many
versions of rust-miniscript.)

I also propose to backport this with deprecation, telling users that if
they really want parse_insane, they now need to call decode_with_ext and
specify ExtParams::insane. But if their goal was "parse anything that
might be allowed", they actually want decode_consensus.

There is now an asymmetry between parsing from string and parsing from
script: with strings we have parse() and parse_insane(). With script we
have decode() and decode_consensus(). I think this is correct, and
reflects the fact that somebody "breaking the rules" with a string is
likely trying to use syntactically valid Miniscripts without the library
whining at him, while somebody "breaking the rules" with a Script is
probably trying to deal with some immutable on-chain thing and wants the
library to work if at-all possible.

Right now the distinction is simply "do we support raw pkh or not" but I
think we could accept more-or-less arbitrary extensions to Miniscript in
this library that worked the same way (allowed when decoded from script
but disallowed from strings since there's no serialization).

Author: apoelstra

src/interpreter/inner.rs

@@ -8,7 +8,7 @@ use bitcoin::Witness;
 use super::{stack, BitcoinKey, Error, Stack};
 use crate::miniscript::context::{NoChecks, ScriptContext, SigType};
 use crate::prelude::*;
-use crate::{BareCtx, ExtParams, Legacy, Miniscript, Segwitv0, Tap, ToPublicKey, Translator};
+use crate::{BareCtx, Legacy, Miniscript, Segwitv0, Tap, ToPublicKey, Translator};
 
 /// Attempts to parse a slice as a Bitcoin public key, checking compressedness
 /// if asked to, but otherwise dropping it
@@ -43,8 +43,7 @@ fn script_from_stack_elem<Ctx: ScriptContext>(
 ) -> Result<Miniscript<Ctx::Key, Ctx>, Error> {
     match *elem {
         stack::Element::Push(sl) => {
-            Miniscript::decode_with_ext(bitcoin::Script::from_bytes(sl), &ExtParams::allow_all())
-                .map_err(Error::from)
+            Miniscript::decode_consensus(bitcoin::Script::from_bytes(sl)).map_err(Error::from)
         }
         stack::Element::Satisfied => Ok(Miniscript::TRUE),
         stack::Element::Dissatisfied => Ok(Miniscript::FALSE),
@@ -327,10 +326,7 @@ pub(super) fn from_txdata<'txin>(
     } else {
         if wit_stack.is_empty() {
             // Bare script parsed in BareCtx
-            let miniscript = Miniscript::<bitcoin::PublicKey, BareCtx>::decode_with_ext(
-                spk,
-                &ExtParams::allow_all(),
-            )?;
+            let miniscript = Miniscript::<bitcoin::PublicKey, BareCtx>::decode_consensus(spk)?;
             let miniscript = miniscript.to_no_checks_ms();
             Ok((Inner::Script(miniscript, ScriptType::Bare), ssig_stack, Some(spk.to_owned())))
         } else {
@@ -678,8 +674,7 @@ mod tests {
     }
 
     fn ms_inner_script(ms: &str) -> (Miniscript<BitcoinKey, NoChecks>, bitcoin::ScriptBuf) {
-        let ms = Miniscript::<bitcoin::PublicKey, Segwitv0>::from_str_ext(ms, &ExtParams::insane())
-            .unwrap();
+        let ms = Miniscript::<bitcoin::PublicKey, Segwitv0>::from_str_insane(ms).unwrap();
         let spk = ms.encode();
         let miniscript = ms.to_no_checks_ms();
         (miniscript, spk)

src/miniscript/mod.rs

@@ -519,24 +519,17 @@ impl Miniscript<<Tap as ScriptContext>::Key, Tap> {
 }
 
 impl<Ctx: ScriptContext> Miniscript<Ctx::Key, Ctx> {
-    /// Attempt to parse an insane(scripts don't clear sanity checks)
-    /// script into a Miniscript representation.
-    /// Use this to parse scripts with repeated pubkeys, timelock mixing, malleable
-    /// scripts without sig or scripts that can exceed resource limits.
-    /// Some of the analysis guarantees of miniscript are lost when dealing with
-    /// insane scripts. In general, in a multi-party setting users should only
-    /// accept sane scripts.
-    pub fn decode_insane(script: &script::Script) -> Result<Miniscript<Ctx::Key, Ctx>, Error> {
-        Miniscript::decode_with_ext(script, &ExtParams::insane())
+    /// Attempt to decode a Miniscript from Script, checking only for consensus compatibility,
+    /// and no other checks.
+    ///
+    /// It may make sense to use this method when parsing Script that is already
+    /// embedded in the chain. While it is inadvisable to use insane Miniscripts,
+    /// once it's on the chain you don't have much choice anymore.
+    pub fn decode_consensus(script: &script::Script) -> Result<Miniscript<Ctx::Key, Ctx>, Error> {
+        Miniscript::decode_with_ext(script, &ExtParams::allow_all())
     }
 
-    /// Attempt to parse an miniscript with extra features that not yet specified in the spec.
-    /// Users should not use this function unless they scripts can/will change in the future.
-    /// Currently, this function supports the following features:
-    ///     - Parsing all insane scripts
-    ///     - Parsing miniscripts with raw pubkey hashes
-    ///
-    /// Allowed extra features can be specified by the ext [`ExtParams`] argument.
+    /// Attempt to decode a Miniscript from Script, specifying which validation parameters to apply.
     pub fn decode_with_ext(
         script: &script::Script,
         ext: &ExtParams,
@@ -561,7 +554,7 @@ impl<Ctx: ScriptContext> Miniscript<Ctx::Key, Ctx> {
     /// Attempt to parse a Script into Miniscript representation.
     ///
     /// This function will fail parsing for scripts that do not clear the
-    /// [`Miniscript::sanity_check`] checks. Use [`Miniscript::decode_insane`] to
+    /// [`Miniscript::sanity_check`] checks. Use [`Miniscript::decode_consensus`] to
     /// parse such scripts.
     ///
     /// ## Decode/Parse a miniscript from script hex
@@ -1161,8 +1154,8 @@ mod tests {
             assert_eq!(format!("{:x}", bitcoin_script), expected);
         }
         // Parse scripts with all extensions
-        let roundtrip = Segwitv0Script::decode_with_ext(&bitcoin_script, &ExtParams::allow_all())
-            .expect("parse string serialization");
+        let roundtrip =
+            Segwitv0Script::decode_consensus(&bitcoin_script).expect("parse string serialization");
         assert_eq!(roundtrip, script);
     }
 
@@ -1171,7 +1164,8 @@ mod tests {
         let ser = tree.encode();
         assert_eq!(ser.len(), tree.script_size());
         assert_eq!(ser.to_string(), s);
-        let deser = Segwitv0Script::decode_insane(&ser).expect("deserialize result of serialize");
+        let deser =
+            Segwitv0Script::decode_consensus(&ser).expect("deserialize result of serialize");
         assert_eq!(*tree, deser);
     }
 
@@ -1312,19 +1306,19 @@ mod tests {
     fn verify_parse() {
         let ms = "and_v(v:hash160(20195b5a3d650c17f0f29f91c33f8f6335193d07),or_d(sha256(96de8fc8c256fa1e1556d41af431cace7dca68707c78dd88c3acab8b17164c47),older(16)))";
         let ms: Segwitv0Script = Miniscript::from_str_insane(ms).unwrap();
-        assert_eq!(ms, Segwitv0Script::decode_insane(&ms.encode()).unwrap());
+        assert_eq!(ms, Segwitv0Script::decode_consensus(&ms.encode()).unwrap());
 
         let ms = "and_v(v:sha256(96de8fc8c256fa1e1556d41af431cace7dca68707c78dd88c3acab8b17164c47),or_d(sha256(96de8fc8c256fa1e1556d41af431cace7dca68707c78dd88c3acab8b17164c47),older(16)))";
         let ms: Segwitv0Script = Miniscript::from_str_insane(ms).unwrap();
-        assert_eq!(ms, Segwitv0Script::decode_insane(&ms.encode()).unwrap());
+        assert_eq!(ms, Segwitv0Script::decode_consensus(&ms.encode()).unwrap());
 
         let ms = "and_v(v:ripemd160(20195b5a3d650c17f0f29f91c33f8f6335193d07),or_d(sha256(96de8fc8c256fa1e1556d41af431cace7dca68707c78dd88c3acab8b17164c47),older(16)))";
         let ms: Segwitv0Script = Miniscript::from_str_insane(ms).unwrap();
-        assert_eq!(ms, Segwitv0Script::decode_insane(&ms.encode()).unwrap());
+        assert_eq!(ms, Segwitv0Script::decode_consensus(&ms.encode()).unwrap());
 
         let ms = "and_v(v:hash256(96de8fc8c256fa1e1556d41af431cace7dca68707c78dd88c3acab8b17164c47),or_d(sha256(96de8fc8c256fa1e1556d41af431cace7dca68707c78dd88c3acab8b17164c47),older(16)))";
         let ms: Segwitv0Script = Miniscript::from_str_insane(ms).unwrap();
-        assert_eq!(ms, Segwitv0Script::decode_insane(&ms.encode()).unwrap());
+        assert_eq!(ms, Segwitv0Script::decode_consensus(&ms.encode()).unwrap());
     }
 
     #[test]
@@ -1515,21 +1509,21 @@ mod tests {
     #[test]
     fn deserialize() {
         // Most of these came from fuzzing, hence the increasing lengths
-        assert!(Segwitv0Script::decode_insane(&hex_script("")).is_err()); // empty
-        assert!(Segwitv0Script::decode_insane(&hex_script("00")).is_ok()); // FALSE
-        assert!(Segwitv0Script::decode_insane(&hex_script("51")).is_ok()); // TRUE
-        assert!(Segwitv0Script::decode_insane(&hex_script("69")).is_err()); // VERIFY
-        assert!(Segwitv0Script::decode_insane(&hex_script("0000")).is_err()); //and_v(FALSE,FALSE)
-        assert!(Segwitv0Script::decode_insane(&hex_script("1001")).is_err()); // incomplete push
-        assert!(Segwitv0Script::decode_insane(&hex_script("03990300b2")).is_err()); // non-minimal #
-        assert!(Segwitv0Script::decode_insane(&hex_script("8559b2")).is_err()); // leading bytes
-        assert!(Segwitv0Script::decode_insane(&hex_script("4c0169b2")).is_err()); // non-minimal push
-        assert!(Segwitv0Script::decode_insane(&hex_script("0000af0000ae85")).is_err()); // OR not BOOLOR
+        assert!(Segwitv0Script::decode_consensus(&hex_script("")).is_err()); // empty
+        assert!(Segwitv0Script::decode_consensus(&hex_script("00")).is_ok()); // FALSE
+        assert!(Segwitv0Script::decode_consensus(&hex_script("51")).is_ok()); // TRUE
+        assert!(Segwitv0Script::decode_consensus(&hex_script("69")).is_err()); // VERIFY
+        assert!(Segwitv0Script::decode_consensus(&hex_script("0000")).is_err()); //and_v(FALSE,FALSE)
+        assert!(Segwitv0Script::decode_consensus(&hex_script("1001")).is_err()); // incomplete push
+        assert!(Segwitv0Script::decode_consensus(&hex_script("03990300b2")).is_err()); // non-minimal #
+        assert!(Segwitv0Script::decode_consensus(&hex_script("8559b2")).is_err()); // leading bytes
+        assert!(Segwitv0Script::decode_consensus(&hex_script("4c0169b2")).is_err()); // non-minimal push
+        assert!(Segwitv0Script::decode_consensus(&hex_script("0000af0000ae85")).is_err()); // OR not BOOLOR
 
         // misc fuzzer problems
-        assert!(Segwitv0Script::decode_insane(&hex_script("0000000000af")).is_err());
-        assert!(Segwitv0Script::decode_insane(&hex_script("04009a2970af00")).is_err()); // giant CMS key num
-        assert!(Segwitv0Script::decode_insane(&hex_script(
+        assert!(Segwitv0Script::decode_consensus(&hex_script("0000000000af")).is_err());
+        assert!(Segwitv0Script::decode_consensus(&hex_script("04009a2970af00")).is_err()); // giant CMS key num
+        assert!(Segwitv0Script::decode_consensus(&hex_script(
             "2102ffffffffffffffefefefefefefefefefefef394c0fe5b711179e124008584753ac6900"
         ))
         .is_err());
@@ -1569,22 +1563,22 @@ mod tests {
 
         //---------------- test script <-> miniscript ---------------
         // Test parsing from scripts: x-only fails decoding in segwitv0 ctx
-        Segwitv0Script::decode_insane(&hex_script(
+        Segwitv0Script::decode_consensus(&hex_script(
             "202788ee41e76f4f3af603da5bc8fa22997bc0344bb0f95666ba6aaff0242baa99ac",
         ))
         .unwrap_err();
         // x-only succeeds in tap ctx
-        Tapscript::decode_insane(&hex_script(
+        Tapscript::decode_consensus(&hex_script(
             "202788ee41e76f4f3af603da5bc8fa22997bc0344bb0f95666ba6aaff0242baa99ac",
         ))
         .unwrap();
         // tapscript fails decoding with compressed
-        Tapscript::decode_insane(&hex_script(
+        Tapscript::decode_consensus(&hex_script(
             "21022788ee41e76f4f3af603da5bc8fa22997bc0344bb0f95666ba6aaff0242baa99ac",
         ))
         .unwrap_err();
         // Segwitv0 succeeds decoding with tapscript.
-        Segwitv0Script::decode_insane(&hex_script(
+        Segwitv0Script::decode_consensus(&hex_script(
             "21022788ee41e76f4f3af603da5bc8fa22997bc0344bb0f95666ba6aaff0242baa99ac",
         ))
         .unwrap();
@@ -1620,7 +1614,7 @@ mod tests {
             .unwrap();
         // script rtt test
         assert_eq!(
-            Miniscript::<XOnlyPublicKey, Tap>::decode_insane(&tap_ms.encode()).unwrap(),
+            Miniscript::<XOnlyPublicKey, Tap>::decode_consensus(&tap_ms.encode()).unwrap(),
             tap_ms
         );
         assert_eq!(tap_ms.script_size(), 104);
@@ -1661,7 +1655,7 @@ mod tests {
         .unwrap();
         let ms_trans = ms.translate_pk(&mut StrKeyTranslator::new()).unwrap();
         let enc = ms_trans.encode();
-        let ms = Miniscript::<bitcoin::PublicKey, Segwitv0>::decode_insane(&enc).unwrap();
+        let ms = Miniscript::<bitcoin::PublicKey, Segwitv0>::decode_consensus(&enc).unwrap();
         assert_eq!(ms_trans.encode(), ms.encode());
     }
 
@@ -1684,8 +1678,8 @@ mod tests {
         let script = ms.encode();
         // The same test, but parsing from script
         SegwitMs::decode(&script).unwrap_err();
-        SegwitMs::decode_insane(&script).unwrap_err();
-        SegwitMs::decode_with_ext(&script, &ExtParams::allow_all()).unwrap();
+        SegwitMs::decode_with_ext(&script, &ExtParams::insane()).unwrap_err();
+        SegwitMs::decode_consensus(&script).unwrap();
 
         // Try replacing the raw_pkh with a pkh
         let mut map = BTreeMap::new();
@@ -1877,7 +1871,7 @@ mod tests {
         for _ in 0..10000 {
             script = script.push_opcode(bitcoin::opcodes::all::OP_0NOTEQUAL);
         }
-        Tapscript::decode_insane(&script.into_script()).unwrap_err();
+        Tapscript::decode_consensus(&script.into_script()).unwrap_err();
     }
 
     #[test]

src/psbt/finalizer.rs

@@ -24,8 +24,8 @@ use super::{sanity_check, Error, InputError, Psbt, PsbtInputSatisfier};
 use crate::prelude::*;
 use crate::util::witness_size;
 use crate::{
-    interpreter, BareCtx, Descriptor, ExtParams, Legacy, Miniscript, Satisfier, Segwitv0, SigType,
-    Tap, ToPublicKey,
+    interpreter, BareCtx, Descriptor, Legacy, Miniscript, Satisfier, Segwitv0, SigType, Tap,
+    ToPublicKey,
 };
 
 // Satisfy the taproot descriptor. It is not possible to infer the complete
@@ -71,10 +71,7 @@ fn construct_tap_witness(
                 // We don't know how to satisfy non default version scripts yet
                 continue;
             }
-            let ms = match Miniscript::<XOnlyPublicKey, Tap>::decode_with_ext(
-                script,
-                &ExtParams::allow_all(),
-            ) {
+            let ms = match Miniscript::<XOnlyPublicKey, Tap>::decode_consensus(script) {
                 Ok(ms) => ms.substitute_raw_pkh(&map),
                 Err(..) => continue, // try another script
             };
@@ -213,10 +210,7 @@ fn get_descriptor(psbt: &Psbt, index: usize) -> Result<Descriptor<PublicKey>, In
                     p2wsh_expected: script_pubkey.clone(),
                 });
             }
-            let ms = Miniscript::<bitcoin::PublicKey, Segwitv0>::decode_with_ext(
-                witness_script,
-                &ExtParams::allow_all(),
-            )?;
+            let ms = Miniscript::<bitcoin::PublicKey, Segwitv0>::decode_consensus(witness_script)?;
             Ok(Descriptor::new_wsh(ms.substitute_raw_pkh(&map))?)
         } else {
             Err(InputError::MissingWitnessScript)
@@ -240,9 +234,8 @@ fn get_descriptor(psbt: &Psbt, index: usize) -> Result<Descriptor<PublicKey>, In
                                 p2wsh_expected: redeem_script.clone(),
                             });
                         }
-                        let ms = Miniscript::<bitcoin::PublicKey, Segwitv0>::decode_with_ext(
+                        let ms = Miniscript::<bitcoin::PublicKey, Segwitv0>::decode_consensus(
                             witness_script,
-                            &ExtParams::allow_all(),
                         )?;
                         Ok(Descriptor::new_sh_wsh(ms.substitute_raw_pkh(&map))?)
                     } else {
@@ -272,9 +265,8 @@ fn get_descriptor(psbt: &Psbt, index: usize) -> Result<Descriptor<PublicKey>, In
                         return Err(InputError::NonEmptyWitnessScript);
                     }
                     if let Some(ref redeem_script) = inp.redeem_script {
-                        let ms = Miniscript::<bitcoin::PublicKey, Legacy>::decode_with_ext(
+                        let ms = Miniscript::<bitcoin::PublicKey, Legacy>::decode_consensus(
                             redeem_script,
-                            &ExtParams::allow_all(),
                         )?;
                         Ok(Descriptor::new_sh(ms)?)
                     } else {
@@ -291,10 +283,7 @@ fn get_descriptor(psbt: &Psbt, index: usize) -> Result<Descriptor<PublicKey>, In
         if inp.redeem_script.is_some() {
             return Err(InputError::NonEmptyRedeemScript);
         }
-        let ms = Miniscript::<bitcoin::PublicKey, BareCtx>::decode_with_ext(
-            &script_pubkey,
-            &ExtParams::allow_all(),
-        )?;
+        let ms = Miniscript::<bitcoin::PublicKey, BareCtx>::decode_consensus(&script_pubkey)?;
         Ok(Descriptor::new_bare(ms.substitute_raw_pkh(&map))?)
     }
 }