descriptor-policy: disallow solved cardinalities other than 1 and 2

jgriffiths · jgriffiths · commit 13a7fd731eeb · 2023-09-06T23:04:39.000+12:00
Point 10 of the policy key requirements
diff --git a/src/ctest/test_descriptor.c b/src/ctest/test_descriptor.c
@@ -1466,6 +1466,11 @@ static const struct descriptor_test {
         "sh(multi(1,@0/<0;1>/*,@1/*))",
         WALLY_NETWORK_BITCOIN_MAINNET, 0, 0, 0, NULL,
         WALLY_MINISCRIPT_POLICY, NULL, ""
+    }, {
+        "policy errchk - invlid key cardinality",
+        "pkh(@0/<0;1;2>/*)",
+        WALLY_NETWORK_BITCOIN_MAINNET, 0, 0, 0, NULL,
+        WALLY_MINISCRIPT_POLICY, NULL, ""
     }
 };
 
diff --git a/src/descriptor.c b/src/descriptor.c
@@ -2613,9 +2613,12 @@ int wally_descriptor_parse(const char *miniscript,
                                      flags, NULL, NULL, &ctx->top_node);
         if (ret == WALLY_OK)
             ret = node_generation_size(ctx->top_node, &ctx->script_len);
-        if (ret == WALLY_OK && (flags & WALLY_MINISCRIPT_POLICY) &&
-            ctx->num_keys != num_substitutions)
-            ret = WALLY_EINVAL;
+        if (ret == WALLY_OK && (flags & WALLY_MINISCRIPT_POLICY)) {
+            if (ctx->num_keys != num_substitutions)
+                ret = WALLY_EINVAL; /* A non-substituted key was present */
+            else if (ctx->num_variants > 1 || ctx->num_multipaths > 2)
+                ret = WALLY_EINVAL; /* Solved cardinality must be 1 or 2 */
+        }
     }
     if (ret != WALLY_OK) {
         wally_descriptor_free(ctx);
