Conversation
Contributor
|
elf sizes
Stack consumption summary
|
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## develop #494 +/- ##
===========================================
+ Coverage 71.25% 71.39% +0.14%
===========================================
Files 62 64 +2
Lines 9510 10264 +754
Branches 1690 1917 +227
===========================================
+ Hits 6776 7328 +552
- Misses 2140 2228 +88
- Partials 594 708 +114
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Harness. 🚀 New features to boost your workflow:
|
bigspider
force-pushed
the
cleartext
branch
5 times, most recently
from
407e2b5 to
308dab3
Compare
bigspider
force-pushed
the
cleartext
branch
8 times, most recently
from
2b4b96c to
ac59da0
Compare
Writing the struct directly is fragile, and risks incomplete initializations or non-zeroed fields 'leaking' into future calls. We rather write a simple helper that creates the full struct with a literal, guaranteeing that everything that is no not explicitly set is zeroed.
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
Implements the computation of the confusion score, and the cleartext representation, for a large subset of commonly used wallet policies. For multisig wallet policies specifically, this also simplifies the UX by omitting the raw descriptor template altogether. This is safe for such simple policies, with very little ambiguity. In the long term, we might be able to extend this to more complex wallet policies, but that needs to be done intentiionally, and possibly be an opt-in feature that is explicitly requested by software wallets that adapt their own UX accordingly. Mostly ported by Claude from the Rust reference implementation, with several iterations of review and refinement.
Contributor
Code coverage reportPer-file coverage
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
TODO:
confusion_scoreis computed (maybe in the Rust crate)Enhances the UX for the registration of multisig and (taproot) miniscript wallet policies by identifying and explaining in human terms the meaning of the descriptor template.
The cleartext representation has the following properties:
build.rsfile in the reference Rust crate. As long as the language's grammar doesn't change, adding some new patterns only requires updating the TOML files, and regenerating the code.The model introduces a
confusion_scorethat allows to provide an upper bound on the number of different descriptor templates that could possibly generate the same cleartext description. For any descriptor template with a too highconfusion_score, or with no cleartext representation for any other reason, the descriptor template is shown as usual, in order to not prevent more advanced users from benefiting from the generality of miniscript.This guarantees that, even if the user does not have a backup of the descriptor template, but has an exact backup of the cleartext description, it is possible to programmatically enumerate all the possible descriptor templates, and eventually find the correct one. In this way, the user is protected from ransom attacks even if they only check that they have a backup for the cleartext, rather than the descriptor template.
The implementation in C only needs:
The full reversible process (validating that the grammar is unambiguous, and that bruteforcing a cleartext description is feasible) is implemented in this rust crate.
In this PR, the descriptor template is still shown to the user in addition to the descriptor template. In the future, we could have as an opt-in feature to hide the descriptor_template (if the software wallet is prepared to show the identical clear-text to the user).