Allow parsing expr fragments from string/script

Standard/Sane scripts refer to miniscripts that are described in the
spec.
Insane scripts refer to miniscript that are valid but can contain
timelock mixes, not all paths would require signature, etc.

Experimental features with ext flag current only allow parsing hash160
expr_raw_pkh scripts from string and bitcoin::Script. All regular APIs
fail while parsing scripts with raw_pkh.

The interpreter module relies on partial information from the
blockchian without the descriptor. All the parsing in the interpreter
module in done with all exprimental features.
Similarly, our psbt finalizer also uses the expr features as it relies on
inferring the descriptor from witness script and then puts things into the
correct place.

Author: sanket1729

src/interpreter/inner.rs

@@ -20,7 +20,7 @@ use bitcoin::util::taproot::{ControlBlock, TAPROOT_ANNEX_PREFIX};
 use super::{stack, BitcoinKey, Error, Stack};
 use crate::miniscript::context::{NoChecks, ScriptContext, SigType};
 use crate::prelude::*;
-use crate::{BareCtx, Legacy, Miniscript, Segwitv0, Tap, ToPublicKey, Translator};
+use crate::{BareCtx, ExtParams, Legacy, Miniscript, Segwitv0, Tap, ToPublicKey, Translator};
 
 /// Attempts to parse a slice as a Bitcoin public key, checking compressedness
 /// if asked to, but otherwise dropping it
@@ -54,9 +54,11 @@ fn script_from_stack_elem<Ctx: ScriptContext>(
     elem: &stack::Element<'_>,
 ) -> Result<Miniscript<Ctx::Key, Ctx>, Error> {
     match *elem {
-        stack::Element::Push(sl) => {
-            Miniscript::parse_insane(&bitcoin::Script::from(sl.to_owned())).map_err(Error::from)
-        }
+        stack::Element::Push(sl) => Miniscript::parse_with_ext(
+            &bitcoin::Script::from(sl.to_owned()),
+            &ExtParams::allow_all(),
+        )
+        .map_err(Error::from),
         stack::Element::Satisfied => {
             Miniscript::from_ast(crate::Terminal::True).map_err(Error::from)
         }
@@ -345,7 +347,10 @@ pub(super) fn from_txdata<'txin>(
     } else {
         if wit_stack.is_empty() {
             // Bare script parsed in BareCtx
-            let miniscript = Miniscript::<bitcoin::PublicKey, BareCtx>::parse_insane(spk)?;
+            let miniscript = Miniscript::<bitcoin::PublicKey, BareCtx>::parse_with_ext(
+                spk,
+                &ExtParams::allow_all(),
+            )?;
             let miniscript = miniscript.to_no_checks_ms();
             Ok((
                 Inner::Script(miniscript, ScriptType::Bare),
@@ -416,6 +421,7 @@ mod tests {
     use bitcoin::{self, Script};
 
     use super::*;
+    use crate::miniscript::analyzable::ExtParams;
 
     struct KeyTestData {
         pk_spk: bitcoin::Script,
@@ -754,11 +760,13 @@ mod tests {
     }
 
     fn ms_inner_script(ms: &str) -> (Miniscript<BitcoinKey, NoChecks>, bitcoin::Script) {
-        let ms = Miniscript::<bitcoin::PublicKey, Segwitv0>::from_str_insane(ms).unwrap();
+        let ms = Miniscript::<bitcoin::PublicKey, Segwitv0>::from_str_ext(ms, &ExtParams::insane())
+            .unwrap();
         let spk = ms.encode();
         let miniscript = ms.to_no_checks_ms();
         (miniscript, spk)
     }
+
     #[test]
     fn script_bare() {
         let preimage = b"12345678----____12345678----____";

src/interpreter/mod.rs

@@ -1048,6 +1048,7 @@ mod tests {
 
     use super::inner::ToNoChecks;
     use super::*;
+    use crate::miniscript::analyzable::ExtParams;
     use crate::miniscript::context::NoChecks;
     use crate::{Miniscript, ToPublicKey};
 
@@ -1608,14 +1609,15 @@ mod tests {
     // By design there is no support for parse a miniscript with BitcoinKey
     // because it does not implement FromStr
     fn no_checks_ms(ms: &str) -> Miniscript<BitcoinKey, NoChecks> {
+        // Parsing should allow raw hashes in the interpreter
         let elem: Miniscript<bitcoin::PublicKey, NoChecks> =
-            Miniscript::from_str_insane(ms).unwrap();
+            Miniscript::from_str_ext(ms, &ExtParams::allow_all()).unwrap();
         elem.to_no_checks_ms()
     }
 
     fn x_only_no_checks_ms(ms: &str) -> Miniscript<BitcoinKey, NoChecks> {
         let elem: Miniscript<bitcoin::XOnlyPublicKey, NoChecks> =
-            Miniscript::from_str_insane(ms).unwrap();
+            Miniscript::from_str_ext(ms, &ExtParams::allow_all()).unwrap();
         elem.to_no_checks_ms()
     }
 }

src/lib.rs

@@ -141,6 +141,7 @@ use bitcoin::hashes::{hash160, ripemd160, sha256, Hash};
 
 pub use crate::descriptor::{DefiniteDescriptorKey, Descriptor, DescriptorPublicKey};
 pub use crate::interpreter::Interpreter;
+pub use crate::miniscript::analyzable::{AnalysisError, ExtParams};
 pub use crate::miniscript::context::{BareCtx, Legacy, ScriptContext, Segwitv0, SigType, Tap};
 pub use crate::miniscript::decode::Terminal;
 pub use crate::miniscript::satisfy::{Preimage32, Satisfier};

src/macros.rs

@@ -6,7 +6,7 @@
 /// `ms_str!("c:or_i(pk({}),pk({}))", pk1, pk2)`
 #[cfg(test)]
 macro_rules! ms_str {
-    ($($arg:tt)*) => (Miniscript::from_str_insane(&format!($($arg)*)).unwrap())
+    ($($arg:tt)*) => (Miniscript::from_str_ext(&format!($($arg)*), &$crate::ExtParams::allow_all()).unwrap())
 }
 
 /// Allows tests to create a concrete policy directly from string as

src/miniscript/analyzable.rs

@@ -22,7 +22,117 @@ use core::fmt;
 use std::error;
 
 use crate::prelude::*;
-use crate::{Miniscript, MiniscriptKey, ScriptContext};
+use crate::{Miniscript, MiniscriptKey, ScriptContext, Terminal};
+
+/// Params for parsing miniscripts that either non-sane or non-specified(experimental) in the spec.
+/// Used as a parameter [`Miniscript::from_str_ext`] and [`Miniscript::parse_with_ext`].
+///
+/// This allows parsing miniscripts if
+/// 1. It is unsafe(does not require a digital signature to spend it)
+/// 2. It contains a unspendable path because of either
+///     a. Resource limitations
+///     b. Timelock Mixing
+/// 3. The script is malleable and thereby some of satisfaction weight
+///    guarantees are not satisfied.
+/// 4. It has repeated public keys
+/// 5. raw pkh fragments without the pk. This could be obtained when parsing miniscript from script
+#[derive(Debug, PartialEq, Eq, PartialOrd, Ord, Clone, Copy, Default)]
+pub struct ExtParams {
+    /// Allow parsing of non-safe miniscripts
+    pub top_unsafe: bool,
+    /// Allow parsing of miniscripts with unspendable paths
+    pub resource_limitations: bool,
+    /// Allow parsing of miniscripts with timelock mixing
+    pub timelock_mixing: bool,
+    /// Allow parsing of malleable miniscripts
+    pub malleability: bool,
+    /// Allow parsing of miniscripts with repeated public keys
+    pub repeated_pk: bool,
+    /// Allow parsing of miniscripts with raw pkh fragments without the pk.
+    /// This could be obtained when parsing miniscript from script
+    pub raw_pkh: bool,
+}
+
+impl ExtParams {
+    /// Create a new ExtParams that with all the sanity rules
+    pub fn new() -> ExtParams {
+        ExtParams {
+            top_unsafe: false,
+            resource_limitations: false,
+            timelock_mixing: false,
+            malleability: false,
+            repeated_pk: false,
+            raw_pkh: false,
+        }
+    }
+
+    /// Create a new ExtParams that allows all the sanity rules
+    pub fn sane() -> ExtParams {
+        ExtParams::new()
+    }
+
+    /// Create a new ExtParams that insanity rules
+    /// This enables parsing well specified but "insane" miniscripts.
+    /// Refer to the [`ExtParams`] documentation for more details on "insane" miniscripts.
+    pub fn insane() -> ExtParams {
+        ExtParams {
+            top_unsafe: true,
+            resource_limitations: true,
+            timelock_mixing: true,
+            malleability: true,
+            repeated_pk: true,
+            raw_pkh: false,
+        }
+    }
+
+    /// Enable all non-sane rules and experimental rules
+    pub fn allow_all() -> ExtParams {
+        ExtParams {
+            top_unsafe: true,
+            resource_limitations: true,
+            timelock_mixing: true,
+            malleability: true,
+            repeated_pk: true,
+            raw_pkh: true,
+        }
+    }
+
+    /// Builder that allows non-safe miniscripts.
+    pub fn top_unsafe(mut self) -> ExtParams {
+        self.top_unsafe = true;
+        self
+    }
+
+    /// Builder that allows miniscripts with exceed resource limitations.
+    pub fn exceed_resource_limitations(mut self) -> ExtParams {
+        self.resource_limitations = true;
+        self
+    }
+
+    /// Builder that allows miniscripts with timelock mixing.
+    pub fn timelock_mixing(mut self) -> ExtParams {
+        self.timelock_mixing = true;
+        self
+    }
+
+    /// Builder that allows malleable miniscripts.
+    pub fn malleability(mut self) -> ExtParams {
+        self.malleability = true;
+        self
+    }
+
+    /// Builder that allows miniscripts with repeated public keys.
+    pub fn repeated_pk(mut self) -> ExtParams {
+        self.repeated_pk = true;
+        self
+    }
+
+    /// Builder that allows miniscripts with raw pkh fragments.
+    pub fn raw_pkh(mut self) -> ExtParams {
+        self.raw_pkh = true;
+        self
+    }
+}
 
 /// Possible reasons Miniscript guarantees can fail
 /// We currently mark Miniscript as Non-Analyzable if
@@ -45,6 +155,8 @@ pub enum AnalysisError {
     HeightTimelockCombination,
     /// Malleable script
     Malleable,
+    /// Contains partial descriptor raw pkh
+    ContainsRawPkh,
 }
 
 impl fmt::Display for AnalysisError {
@@ -62,7 +174,8 @@ impl fmt::Display for AnalysisError {
             AnalysisError::HeightTimelockCombination => {
                 f.write_str("Contains a combination of heightlock and timelock")
             }
-            AnalysisError::Malleable => f.write_str("Miniscript is malleable")
+            AnalysisError::Malleable => f.write_str("Miniscript is malleable"),
+            AnalysisError::ContainsRawPkh => f.write_str("Miniscript contains raw pkh"),
         }
     }
 }
@@ -77,7 +190,8 @@ impl error::Error for AnalysisError {
             | RepeatedPubkeys
             | BranchExceedResouceLimits
             | HeightTimelockCombination
-            | Malleable => None,
+            | Malleable
+            | ContainsRawPkh => None,
         }
     }
 }
@@ -116,6 +230,14 @@ impl<Pk: MiniscriptKey, Ctx: ScriptContext> Miniscript<Pk, Ctx> {
         unique_pkhs_len != all_pkhs_len
     }
 
+    /// Whether the given miniscript contains a raw pkh fragment
+    pub fn contains_raw_pkh(&self) -> bool {
+        self.iter().any(|ms| match ms.node {
+            Terminal::RawPkH(_) => true,
+            _ => false,
+        })
+    }
+
     /// Check whether the underlying Miniscript is safe under the current context
     /// Lifting these polices would create a semantic representation that does
     /// not represent the underlying semantics when miniscript is spent.
@@ -140,4 +262,23 @@ impl<Pk: MiniscriptKey, Ctx: ScriptContext> Miniscript<Pk, Ctx> {
             Ok(())
         }
     }
+
+    /// Check whether the miniscript follows the given Extra policy [`ExtParams`]
+    pub fn ext_check(&self, ext: &ExtParams) -> Result<(), AnalysisError> {
+        if !ext.top_unsafe && !self.requires_sig() {
+            Err(AnalysisError::SiglessBranch)
+        } else if !ext.malleability && !self.is_non_malleable() {
+            Err(AnalysisError::Malleable)
+        } else if !ext.resource_limitations && !self.within_resource_limits() {
+            Err(AnalysisError::BranchExceedResouceLimits)
+        } else if !ext.repeated_pk && self.has_repeated_keys() {
+            Err(AnalysisError::RepeatedPubkeys)
+        } else if !ext.timelock_mixing && self.has_mixed_timelocks() {
+            Err(AnalysisError::HeightTimelockCombination)
+        } else if !ext.raw_pkh && self.contains_raw_pkh() {
+            Err(AnalysisError::ContainsRawPkh)
+        } else {
+            Ok(())
+        }
+    }
 }

src/miniscript/astelem.rs

@@ -23,6 +23,7 @@ use core::fmt;
 use core::str::FromStr;
 
 use bitcoin::blockdata::{opcodes, script};
+use bitcoin::hashes::hash160;
 use bitcoin::{LockTime, Sequence};
 use sync::Arc;
 
@@ -457,6 +458,9 @@ impl_from_tree!(
             }
         }
         let mut unwrapped = match (frag_name, top.args.len()) {
+            ("expr_raw_pkh", 1) => expression::terminal(&top.args[0], |x| {
+                hash160::Hash::from_str(x).map(Terminal::RawPkH)
+            }),
             ("pk_k", 1) => {
                 expression::terminal(&top.args[0], |x| Pk::from_str(x).map(Terminal::PkK))
             }