Line data Source code
1 : // Copyright (c) 2009-2020 The Bitcoin Core developers
2 : // Distributed under the MIT software license, see the accompanying
3 : // file COPYING or http://www.opensource.org/licenses/mit-license.php.
4 :
5 : #include <psbt.h>
6 : #include <util/strencodings.h>
7 :
8 :
9 146 : PartiallySignedTransaction::PartiallySignedTransaction(const CMutableTransaction& tx) : tx(tx)
10 73 : {
11 73 : inputs.resize(tx.vin.size());
12 73 : outputs.resize(tx.vout.size());
13 146 : }
14 :
15 0 : bool PartiallySignedTransaction::IsNull() const
16 : {
17 0 : return !tx && inputs.empty() && outputs.empty() && unknown.empty();
18 : }
19 :
20 6 : bool PartiallySignedTransaction::Merge(const PartiallySignedTransaction& psbt)
21 : {
22 : // Prohibited to merge two PSBTs over different transactions
23 6 : if (tx->GetHash() != psbt.tx->GetHash()) {
24 0 : return false;
25 : }
26 :
27 16 : for (unsigned int i = 0; i < inputs.size(); ++i) {
28 10 : inputs[i].Merge(psbt.inputs[i]);
29 : }
30 14 : for (unsigned int i = 0; i < outputs.size(); ++i) {
31 8 : outputs[i].Merge(psbt.outputs[i]);
32 : }
33 6 : unknown.insert(psbt.unknown.begin(), psbt.unknown.end());
34 :
35 6 : return true;
36 6 : }
37 :
38 36 : bool PartiallySignedTransaction::AddInput(const CTxIn& txin, PSBTInput& psbtin)
39 : {
40 36 : if (std::find(tx->vin.begin(), tx->vin.end(), txin) != tx->vin.end()) {
41 2 : return false;
42 : }
43 34 : tx->vin.push_back(txin);
44 34 : psbtin.partial_sigs.clear();
45 34 : psbtin.final_script_sig.clear();
46 34 : psbtin.final_script_witness.SetNull();
47 34 : inputs.push_back(psbtin);
48 34 : return true;
49 36 : }
50 :
51 18 : bool PartiallySignedTransaction::AddOutput(const CTxOut& txout, const PSBTOutput& psbtout)
52 : {
53 18 : tx->vout.push_back(txout);
54 18 : outputs.push_back(psbtout);
55 18 : return true;
56 : }
57 :
58 22 : bool PartiallySignedTransaction::GetInputUTXO(CTxOut& utxo, int input_index) const
59 : {
60 22 : PSBTInput input = inputs[input_index];
61 22 : uint32_t prevout_index = tx->vin[input_index].prevout.n;
62 22 : if (input.non_witness_utxo) {
63 10 : if (prevout_index >= input.non_witness_utxo->vout.size()) {
64 2 : return false;
65 : }
66 8 : utxo = input.non_witness_utxo->vout[prevout_index];
67 12 : } else if (!input.witness_utxo.IsNull()) {
68 10 : utxo = input.witness_utxo;
69 : } else {
70 2 : return false;
71 : }
72 18 : return true;
73 22 : }
74 :
75 0 : bool PSBTInput::IsNull() const
76 : {
77 0 : return !non_witness_utxo && witness_utxo.IsNull() && partial_sigs.empty() && unknown.empty() && hd_keypaths.empty() && redeem_script.empty() && witness_script.empty();
78 : }
79 :
80 1213 : void PSBTInput::FillSignatureData(SignatureData& sigdata) const
81 : {
82 1213 : if (!final_script_sig.empty()) {
83 0 : sigdata.scriptSig = final_script_sig;
84 0 : sigdata.complete = true;
85 0 : }
86 1213 : if (!final_script_witness.IsNull()) {
87 0 : sigdata.scriptWitness = final_script_witness;
88 0 : sigdata.complete = true;
89 0 : }
90 1213 : if (sigdata.complete) {
91 : return;
92 : }
93 :
94 1213 : sigdata.signatures.insert(partial_sigs.begin(), partial_sigs.end());
95 1213 : if (!redeem_script.empty()) {
96 312 : sigdata.redeem_script = redeem_script;
97 312 : }
98 1213 : if (!witness_script.empty()) {
99 158 : sigdata.witness_script = witness_script;
100 158 : }
101 2139 : for (const auto& key_pair : hd_keypaths) {
102 926 : sigdata.misc_pubkeys.emplace(key_pair.first.GetID(), key_pair);
103 : }
104 1213 : }
105 :
106 589 : void PSBTInput::FromSignatureData(const SignatureData& sigdata)
107 : {
108 589 : if (sigdata.complete) {
109 65 : partial_sigs.clear();
110 65 : hd_keypaths.clear();
111 65 : redeem_script.clear();
112 65 : witness_script.clear();
113 :
114 65 : if (!sigdata.scriptSig.empty()) {
115 42 : final_script_sig = sigdata.scriptSig;
116 42 : }
117 65 : if (!sigdata.scriptWitness.IsNull()) {
118 35 : final_script_witness = sigdata.scriptWitness;
119 35 : }
120 : return;
121 : }
122 :
123 524 : partial_sigs.insert(sigdata.signatures.begin(), sigdata.signatures.end());
124 524 : if (redeem_script.empty() && !sigdata.redeem_script.empty()) {
125 53 : redeem_script = sigdata.redeem_script;
126 53 : }
127 524 : if (witness_script.empty() && !sigdata.witness_script.empty()) {
128 29 : witness_script = sigdata.witness_script;
129 29 : }
130 1100 : for (const auto& entry : sigdata.misc_pubkeys) {
131 576 : hd_keypaths.emplace(entry.second);
132 : }
133 589 : }
134 :
135 10 : void PSBTInput::Merge(const PSBTInput& input)
136 : {
137 10 : if (!non_witness_utxo && input.non_witness_utxo) non_witness_utxo = input.non_witness_utxo;
138 10 : if (witness_utxo.IsNull() && !input.witness_utxo.IsNull()) {
139 : // TODO: For segwit v1, we will want to clear out the non-witness utxo when setting a witness one. For v0 and non-segwit, this is not safe
140 2 : witness_utxo = input.witness_utxo;
141 2 : }
142 :
143 10 : partial_sigs.insert(input.partial_sigs.begin(), input.partial_sigs.end());
144 10 : hd_keypaths.insert(input.hd_keypaths.begin(), input.hd_keypaths.end());
145 10 : unknown.insert(input.unknown.begin(), input.unknown.end());
146 :
147 10 : if (redeem_script.empty() && !input.redeem_script.empty()) redeem_script = input.redeem_script;
148 10 : if (witness_script.empty() && !input.witness_script.empty()) witness_script = input.witness_script;
149 10 : if (final_script_sig.empty() && !input.final_script_sig.empty()) final_script_sig = input.final_script_sig;
150 10 : if (final_script_witness.IsNull() && !input.final_script_witness.IsNull()) final_script_witness = input.final_script_witness;
151 10 : }
152 :
153 234 : void PSBTOutput::FillSignatureData(SignatureData& sigdata) const
154 : {
155 234 : if (!redeem_script.empty()) {
156 0 : sigdata.redeem_script = redeem_script;
157 0 : }
158 234 : if (!witness_script.empty()) {
159 0 : sigdata.witness_script = witness_script;
160 0 : }
161 261 : for (const auto& key_pair : hd_keypaths) {
162 27 : sigdata.misc_pubkeys.emplace(key_pair.first.GetID(), key_pair);
163 : }
164 234 : }
165 :
166 234 : void PSBTOutput::FromSignatureData(const SignatureData& sigdata)
167 : {
168 234 : if (redeem_script.empty() && !sigdata.redeem_script.empty()) {
169 39 : redeem_script = sigdata.redeem_script;
170 39 : }
171 234 : if (witness_script.empty() && !sigdata.witness_script.empty()) {
172 24 : witness_script = sigdata.witness_script;
173 24 : }
174 400 : for (const auto& entry : sigdata.misc_pubkeys) {
175 166 : hd_keypaths.emplace(entry.second);
176 : }
177 234 : }
178 :
179 0 : bool PSBTOutput::IsNull() const
180 : {
181 0 : return redeem_script.empty() && witness_script.empty() && hd_keypaths.empty() && unknown.empty();
182 : }
183 :
184 8 : void PSBTOutput::Merge(const PSBTOutput& output)
185 : {
186 8 : hd_keypaths.insert(output.hd_keypaths.begin(), output.hd_keypaths.end());
187 8 : unknown.insert(output.unknown.begin(), output.unknown.end());
188 :
189 8 : if (redeem_script.empty() && !output.redeem_script.empty()) redeem_script = output.redeem_script;
190 8 : if (witness_script.empty() && !output.witness_script.empty()) witness_script = output.witness_script;
191 8 : }
192 2474 : bool PSBTInputSigned(const PSBTInput& input)
193 : {
194 2474 : return !input.final_script_sig.empty() || !input.final_script_witness.IsNull();
195 : }
196 :
197 0 : size_t CountPSBTUnsignedInputs(const PartiallySignedTransaction& psbt) {
198 0 : size_t count = 0;
199 0 : for (const auto& input : psbt.inputs) {
200 0 : if (!PSBTInputSigned(input)) {
201 0 : count++;
202 0 : }
203 : }
204 :
205 0 : return count;
206 : }
207 :
208 234 : void UpdatePSBTOutput(const SigningProvider& provider, PartiallySignedTransaction& psbt, int index)
209 : {
210 234 : const CTxOut& out = psbt.tx->vout.at(index);
211 234 : PSBTOutput& psbt_out = psbt.outputs.at(index);
212 :
213 : // Fill a SignatureData with output info
214 234 : SignatureData sigdata;
215 234 : psbt_out.FillSignatureData(sigdata);
216 :
217 : // Construct a would-be spend of this output, to update sigdata with.
218 : // Note that ProduceSignature is used to fill in metadata (not actual signatures),
219 : // so provider does not need to provide any private keys (it can be a HidingSigningProvider).
220 234 : MutableTransactionSignatureCreator creator(psbt.tx.get_ptr(), /* index */ 0, out.nValue, SIGHASH_ALL);
221 234 : ProduceSignature(provider, creator, out.scriptPubKey, sigdata);
222 :
223 : // Put redeem_script, witness_script, key paths, into PSBTOutput.
224 234 : psbt_out.FromSignatureData(sigdata);
225 234 : }
226 :
227 675 : bool SignPSBTInput(const SigningProvider& provider, PartiallySignedTransaction& psbt, int index, int sighash, SignatureData* out_sigdata, bool use_dummy)
228 : {
229 675 : PSBTInput& input = psbt.inputs.at(index);
230 675 : const CMutableTransaction& tx = *psbt.tx;
231 :
232 675 : if (PSBTInputSigned(input)) {
233 54 : return true;
234 : }
235 :
236 : // Fill SignatureData with input info
237 621 : SignatureData sigdata;
238 621 : input.FillSignatureData(sigdata);
239 :
240 : // Get UTXO
241 : bool require_witness_sig = false;
242 621 : CTxOut utxo;
243 :
244 621 : if (input.non_witness_utxo) {
245 : // If we're taking our information from a non-witness UTXO, verify that it matches the prevout.
246 542 : COutPoint prevout = tx.vin[index].prevout;
247 542 : if (prevout.n >= input.non_witness_utxo->vout.size()) {
248 0 : return false;
249 : }
250 542 : if (input.non_witness_utxo->GetHash() != prevout.hash) {
251 0 : return false;
252 : }
253 542 : utxo = input.non_witness_utxo->vout[prevout.n];
254 621 : } else if (!input.witness_utxo.IsNull()) {
255 73 : utxo = input.witness_utxo;
256 : // When we're taking our information from a witness UTXO, we can't verify it is actually data from
257 : // the output being spent. This is safe in case a witness signature is produced (which includes this
258 : // information directly in the hash), but not for non-witness signatures. Remember that we require
259 : // a witness signature in this situation.
260 : require_witness_sig = true;
261 : } else {
262 6 : return false;
263 : }
264 :
265 615 : sigdata.witness = false;
266 : bool sig_complete;
267 615 : if (use_dummy) {
268 2 : sig_complete = ProduceSignature(provider, DUMMY_SIGNATURE_CREATOR, utxo.scriptPubKey, sigdata);
269 2 : } else {
270 613 : MutableTransactionSignatureCreator creator(&tx, index, utxo.nValue, sighash);
271 613 : sig_complete = ProduceSignature(provider, creator, utxo.scriptPubKey, sigdata);
272 613 : }
273 : // Verify that a witness signature was produced in case one was required.
274 615 : if (require_witness_sig && !sigdata.witness) return false;
275 589 : input.FromSignatureData(sigdata);
276 :
277 : // If we have a witness signature, put a witness UTXO.
278 : // TODO: For segwit v1, we should remove the non_witness_utxo
279 589 : if (sigdata.witness) {
280 339 : input.witness_utxo = utxo;
281 : // input.non_witness_utxo = nullptr;
282 : }
283 :
284 : // Fill in the missing info
285 589 : if (out_sigdata) {
286 6 : out_sigdata->missing_pubkeys = sigdata.missing_pubkeys;
287 6 : out_sigdata->missing_sigs = sigdata.missing_sigs;
288 6 : out_sigdata->missing_redeem_script = sigdata.missing_redeem_script;
289 6 : out_sigdata->missing_witness_script = sigdata.missing_witness_script;
290 6 : }
291 :
292 589 : return sig_complete;
293 675 : }
294 :
295 39 : bool FinalizePSBT(PartiallySignedTransaction& psbtx)
296 : {
297 : // Finalize input signatures -- in case we have partial signatures that add up to a complete
298 : // signature, but have not combined them yet (e.g. because the combiner that created this
299 : // PartiallySignedTransaction did not understand them), this will combine them into a final
300 : // script.
301 : bool complete = true;
302 98 : for (unsigned int i = 0; i < psbtx.tx->vin.size(); ++i) {
303 59 : complete &= SignPSBTInput(DUMMY_SIGNING_PROVIDER, psbtx, i, SIGHASH_ALL);
304 : }
305 :
306 39 : return complete;
307 : }
308 :
309 39 : bool FinalizeAndExtractPSBT(PartiallySignedTransaction& psbtx, CMutableTransaction& result)
310 : {
311 : // It's not safe to extract a PSBT that isn't finalized, and there's no easy way to check
312 : // whether a PSBT is finalized without finalizing it, so we just do this.
313 39 : if (!FinalizePSBT(psbtx)) {
314 4 : return false;
315 : }
316 :
317 35 : result = *psbtx.tx;
318 89 : for (unsigned int i = 0; i < result.vin.size(); ++i) {
319 54 : result.vin[i].scriptSig = psbtx.inputs[i].final_script_sig;
320 54 : result.vin[i].scriptWitness = psbtx.inputs[i].final_script_witness;
321 : }
322 35 : return true;
323 39 : }
324 :
325 6 : TransactionError CombinePSBTs(PartiallySignedTransaction& out, const std::vector<PartiallySignedTransaction>& psbtxs)
326 : {
327 6 : out = psbtxs[0]; // Copy the first one
328 :
329 : // Merge
330 12 : for (auto it = std::next(psbtxs.begin()); it != psbtxs.end(); ++it) {
331 6 : if (!out.Merge(*it)) {
332 0 : return TransactionError::PSBT_MISMATCH;
333 : }
334 : }
335 6 : return TransactionError::OK;
336 6 : }
337 :
338 24 : std::string PSBTRoleName(PSBTRole role) {
339 24 : switch (role) {
340 8 : case PSBTRole::CREATOR: return "creator";
341 4 : case PSBTRole::UPDATER: return "updater";
342 4 : case PSBTRole::SIGNER: return "signer";
343 4 : case PSBTRole::FINALIZER: return "finalizer";
344 4 : case PSBTRole::EXTRACTOR: return "extractor";
345 : // no default case, so the compiler can warn about missing cases
346 : }
347 0 : assert(false);
348 24 : }
349 :
350 347 : bool DecodeBase64PSBT(PartiallySignedTransaction& psbt, const std::string& base64_tx, std::string& error)
351 : {
352 347 : bool invalid;
353 347 : std::string tx_data = DecodeBase64(base64_tx, &invalid);
354 347 : if (invalid) {
355 4 : error = "invalid base64";
356 4 : return false;
357 : }
358 343 : return DecodeRawPSBT(psbt, tx_data, error);
359 347 : }
360 :
361 343 : bool DecodeRawPSBT(PartiallySignedTransaction& psbt, const std::string& tx_data, std::string& error)
362 : {
363 343 : CDataStream ss_data(tx_data.data(), tx_data.data() + tx_data.size(), SER_NETWORK, PROTOCOL_VERSION);
364 : try {
365 343 : ss_data >> psbt;
366 289 : if (!ss_data.empty()) {
367 0 : error = "extra data after PSBT";
368 0 : return false;
369 : }
370 54 : } catch (const std::exception& e) {
371 54 : error = e.what();
372 : return false;
373 54 : }
374 289 : return true;
375 397 : }
|
