Line data Source code
1 : // Copyright (c) 2009-2022 The Bitcoin Core developers
2 : // Distributed under the MIT software license, see the accompanying
3 : // file COPYING or http://www.opensource.org/licenses/mit-license.php.
4 :
5 : #ifndef BITCOIN_PSBT_H
6 : #define BITCOIN_PSBT_H
7 :
8 : #include <node/transaction.h>
9 : #include <policy/feerate.h>
10 : #include <primitives/transaction.h>
11 : #include <pubkey.h>
12 : #include <script/keyorigin.h>
13 : #include <script/sign.h>
14 : #include <script/signingprovider.h>
15 : #include <span.h>
16 : #include <streams.h>
17 :
18 : #include <optional>
19 :
20 : // Magic bytes
21 : static constexpr uint8_t PSBT_MAGIC_BYTES[5] = {'p', 's', 'b', 't', 0xff};
22 :
23 : // Global types
24 : static constexpr uint8_t PSBT_GLOBAL_UNSIGNED_TX = 0x00;
25 : static constexpr uint8_t PSBT_GLOBAL_XPUB = 0x01;
26 : static constexpr uint8_t PSBT_GLOBAL_VERSION = 0xFB;
27 : static constexpr uint8_t PSBT_GLOBAL_PROPRIETARY = 0xFC;
28 :
29 : // Input types
30 : static constexpr uint8_t PSBT_IN_NON_WITNESS_UTXO = 0x00;
31 : static constexpr uint8_t PSBT_IN_WITNESS_UTXO = 0x01;
32 : static constexpr uint8_t PSBT_IN_PARTIAL_SIG = 0x02;
33 : static constexpr uint8_t PSBT_IN_SIGHASH = 0x03;
34 : static constexpr uint8_t PSBT_IN_REDEEMSCRIPT = 0x04;
35 : static constexpr uint8_t PSBT_IN_WITNESSSCRIPT = 0x05;
36 : static constexpr uint8_t PSBT_IN_BIP32_DERIVATION = 0x06;
37 : static constexpr uint8_t PSBT_IN_SCRIPTSIG = 0x07;
38 : static constexpr uint8_t PSBT_IN_SCRIPTWITNESS = 0x08;
39 : static constexpr uint8_t PSBT_IN_RIPEMD160 = 0x0A;
40 : static constexpr uint8_t PSBT_IN_SHA256 = 0x0B;
41 : static constexpr uint8_t PSBT_IN_HASH160 = 0x0C;
42 : static constexpr uint8_t PSBT_IN_HASH256 = 0x0D;
43 : static constexpr uint8_t PSBT_IN_TAP_KEY_SIG = 0x13;
44 : static constexpr uint8_t PSBT_IN_TAP_SCRIPT_SIG = 0x14;
45 : static constexpr uint8_t PSBT_IN_TAP_LEAF_SCRIPT = 0x15;
46 : static constexpr uint8_t PSBT_IN_TAP_BIP32_DERIVATION = 0x16;
47 : static constexpr uint8_t PSBT_IN_TAP_INTERNAL_KEY = 0x17;
48 : static constexpr uint8_t PSBT_IN_TAP_MERKLE_ROOT = 0x18;
49 : static constexpr uint8_t PSBT_IN_PROPRIETARY = 0xFC;
50 :
51 : // Output types
52 : static constexpr uint8_t PSBT_OUT_REDEEMSCRIPT = 0x00;
53 : static constexpr uint8_t PSBT_OUT_WITNESSSCRIPT = 0x01;
54 : static constexpr uint8_t PSBT_OUT_BIP32_DERIVATION = 0x02;
55 : static constexpr uint8_t PSBT_OUT_TAP_INTERNAL_KEY = 0x05;
56 : static constexpr uint8_t PSBT_OUT_TAP_TREE = 0x06;
57 : static constexpr uint8_t PSBT_OUT_TAP_BIP32_DERIVATION = 0x07;
58 : static constexpr uint8_t PSBT_OUT_PROPRIETARY = 0xFC;
59 :
60 : // The separator is 0x00. Reading this in means that the unserializer can interpret it
61 : // as a 0 length key which indicates that this is the separator. The separator has no value.
62 : static constexpr uint8_t PSBT_SEPARATOR = 0x00;
63 :
64 : // BIP 174 does not specify a maximum file size, but we set a limit anyway
65 : // to prevent reading a stream indefinitely and running out of memory.
66 : const std::streamsize MAX_FILE_SIZE_PSBT = 100000000; // 100 MB
67 :
68 : // PSBT version number
69 : static constexpr uint32_t PSBT_HIGHEST_VERSION = 0;
70 :
71 : /** A structure for PSBT proprietary types */
72 0 : struct PSBTProprietary
73 : {
74 : uint64_t subtype;
75 : std::vector<unsigned char> identifier;
76 : std::vector<unsigned char> key;
77 : std::vector<unsigned char> value;
78 :
79 0 : bool operator<(const PSBTProprietary &b) const {
80 0 : return key < b.key;
81 : }
82 : bool operator==(const PSBTProprietary &b) const {
83 : return key == b.key;
84 : }
85 : };
86 :
87 : // Takes a stream and multiple arguments and serializes them as if first serialized into a vector and then into the stream
88 : // The resulting output into the stream has the total serialized length of all of the objects followed by all objects concatenated with each other.
89 : template<typename Stream, typename... X>
90 0 : void SerializeToVector(Stream& s, const X&... args)
91 : {
92 0 : WriteCompactSize(s, GetSerializeSizeMany(s.GetVersion(), args...));
93 0 : SerializeMany(s, args...);
94 0 : }
95 :
96 : // Takes a stream and multiple arguments and unserializes them first as a vector then each object individually in the order provided in the arguments
97 : template<typename Stream, typename... X>
98 0 : void UnserializeFromVector(Stream& s, X&... args)
99 : {
100 0 : size_t expected_size = ReadCompactSize(s);
101 0 : size_t remaining_before = s.size();
102 0 : UnserializeMany(s, args...);
103 0 : size_t remaining_after = s.size();
104 0 : if (remaining_after + expected_size != remaining_before) {
105 0 : throw std::ios_base::failure("Size of value was not the stated size");
106 : }
107 0 : }
108 :
109 : // Deserialize bytes of given length from the stream as a KeyOriginInfo
110 : template<typename Stream>
111 0 : KeyOriginInfo DeserializeKeyOrigin(Stream& s, uint64_t length)
112 : {
113 : // Read in key path
114 0 : if (length % 4 || length == 0) {
115 0 : throw std::ios_base::failure("Invalid length for HD key path");
116 : }
117 :
118 0 : KeyOriginInfo hd_keypath;
119 0 : s >> hd_keypath.fingerprint;
120 0 : for (unsigned int i = 4; i < length; i += sizeof(uint32_t)) {
121 : uint32_t index;
122 0 : s >> index;
123 0 : hd_keypath.path.push_back(index);
124 0 : }
125 0 : return hd_keypath;
126 0 : }
127 :
128 : // Deserialize a length prefixed KeyOriginInfo from a stream
129 : template<typename Stream>
130 0 : void DeserializeHDKeypath(Stream& s, KeyOriginInfo& hd_keypath)
131 : {
132 0 : hd_keypath = DeserializeKeyOrigin(s, ReadCompactSize(s));
133 0 : }
134 :
135 : // Deserialize HD keypaths into a map
136 : template<typename Stream>
137 0 : void DeserializeHDKeypaths(Stream& s, const std::vector<unsigned char>& key, std::map<CPubKey, KeyOriginInfo>& hd_keypaths)
138 : {
139 : // Make sure that the key is the size of pubkey + 1
140 0 : if (key.size() != CPubKey::SIZE + 1 && key.size() != CPubKey::COMPRESSED_SIZE + 1) {
141 0 : throw std::ios_base::failure("Size of key was not the expected size for the type BIP32 keypath");
142 : }
143 : // Read in the pubkey from key
144 0 : CPubKey pubkey(key.begin() + 1, key.end());
145 0 : if (!pubkey.IsFullyValid()) {
146 0 : throw std::ios_base::failure("Invalid pubkey");
147 : }
148 0 : if (hd_keypaths.count(pubkey) > 0) {
149 0 : throw std::ios_base::failure("Duplicate Key, pubkey derivation path already provided");
150 : }
151 :
152 0 : KeyOriginInfo keypath;
153 0 : DeserializeHDKeypath(s, keypath);
154 :
155 : // Add to map
156 0 : hd_keypaths.emplace(pubkey, std::move(keypath));
157 0 : }
158 :
159 : // Serialize a KeyOriginInfo to a stream
160 : template<typename Stream>
161 0 : void SerializeKeyOrigin(Stream& s, KeyOriginInfo hd_keypath)
162 : {
163 0 : s << hd_keypath.fingerprint;
164 0 : for (const auto& path : hd_keypath.path) {
165 0 : s << path;
166 : }
167 0 : }
168 :
169 : // Serialize a length prefixed KeyOriginInfo to a stream
170 : template<typename Stream>
171 0 : void SerializeHDKeypath(Stream& s, KeyOriginInfo hd_keypath)
172 : {
173 0 : WriteCompactSize(s, (hd_keypath.path.size() + 1) * sizeof(uint32_t));
174 0 : SerializeKeyOrigin(s, hd_keypath);
175 0 : }
176 :
177 : // Serialize HD keypaths to a stream from a map
178 : template<typename Stream>
179 0 : void SerializeHDKeypaths(Stream& s, const std::map<CPubKey, KeyOriginInfo>& hd_keypaths, CompactSizeWriter type)
180 : {
181 0 : for (const auto& keypath_pair : hd_keypaths) {
182 0 : if (!keypath_pair.first.IsValid()) {
183 0 : throw std::ios_base::failure("Invalid CPubKey being serialized");
184 : }
185 0 : SerializeToVector(s, type, Span{keypath_pair.first});
186 0 : SerializeHDKeypath(s, keypath_pair.second);
187 : }
188 0 : }
189 :
190 : /** A structure for PSBTs which contain per-input information */
191 0 : struct PSBTInput
192 : {
193 : CTransactionRef non_witness_utxo;
194 : CTxOut witness_utxo;
195 : CScript redeem_script;
196 : CScript witness_script;
197 : CScript final_script_sig;
198 : CScriptWitness final_script_witness;
199 : std::map<CPubKey, KeyOriginInfo> hd_keypaths;
200 : std::map<CKeyID, SigPair> partial_sigs;
201 : std::map<uint160, std::vector<unsigned char>> ripemd160_preimages;
202 : std::map<uint256, std::vector<unsigned char>> sha256_preimages;
203 : std::map<uint160, std::vector<unsigned char>> hash160_preimages;
204 : std::map<uint256, std::vector<unsigned char>> hash256_preimages;
205 :
206 : // Taproot fields
207 : std::vector<unsigned char> m_tap_key_sig;
208 : std::map<std::pair<XOnlyPubKey, uint256>, std::vector<unsigned char>> m_tap_script_sigs;
209 : std::map<std::pair<std::vector<unsigned char>, int>, std::set<std::vector<unsigned char>, ShortestVectorFirstComparator>> m_tap_scripts;
210 : std::map<XOnlyPubKey, std::pair<std::set<uint256>, KeyOriginInfo>> m_tap_bip32_paths;
211 : XOnlyPubKey m_tap_internal_key;
212 : uint256 m_tap_merkle_root;
213 :
214 : std::map<std::vector<unsigned char>, std::vector<unsigned char>> unknown;
215 : std::set<PSBTProprietary> m_proprietary;
216 : std::optional<int> sighash_type;
217 :
218 : bool IsNull() const;
219 : void FillSignatureData(SignatureData& sigdata) const;
220 : void FromSignatureData(const SignatureData& sigdata);
221 : void Merge(const PSBTInput& input);
222 0 : PSBTInput() {}
223 :
224 : template <typename Stream>
225 0 : inline void Serialize(Stream& s) const {
226 : // Write the utxo
227 0 : if (non_witness_utxo) {
228 0 : SerializeToVector(s, CompactSizeWriter(PSBT_IN_NON_WITNESS_UTXO));
229 0 : OverrideStream<Stream> os(&s, s.GetType(), s.GetVersion() | SERIALIZE_TRANSACTION_NO_WITNESS);
230 0 : SerializeToVector(os, non_witness_utxo);
231 0 : }
232 0 : if (!witness_utxo.IsNull()) {
233 0 : SerializeToVector(s, CompactSizeWriter(PSBT_IN_WITNESS_UTXO));
234 0 : SerializeToVector(s, witness_utxo);
235 0 : }
236 :
237 0 : if (final_script_sig.empty() && final_script_witness.IsNull()) {
238 : // Write any partial signatures
239 0 : for (auto sig_pair : partial_sigs) {
240 0 : SerializeToVector(s, CompactSizeWriter(PSBT_IN_PARTIAL_SIG), Span{sig_pair.second.first});
241 0 : s << sig_pair.second.second;
242 0 : }
243 :
244 : // Write the sighash type
245 0 : if (sighash_type != std::nullopt) {
246 0 : SerializeToVector(s, CompactSizeWriter(PSBT_IN_SIGHASH));
247 0 : SerializeToVector(s, *sighash_type);
248 0 : }
249 :
250 : // Write the redeem script
251 0 : if (!redeem_script.empty()) {
252 0 : SerializeToVector(s, CompactSizeWriter(PSBT_IN_REDEEMSCRIPT));
253 0 : s << redeem_script;
254 0 : }
255 :
256 : // Write the witness script
257 0 : if (!witness_script.empty()) {
258 0 : SerializeToVector(s, CompactSizeWriter(PSBT_IN_WITNESSSCRIPT));
259 0 : s << witness_script;
260 0 : }
261 :
262 : // Write any hd keypaths
263 0 : SerializeHDKeypaths(s, hd_keypaths, CompactSizeWriter(PSBT_IN_BIP32_DERIVATION));
264 :
265 : // Write any ripemd160 preimage
266 0 : for (const auto& [hash, preimage] : ripemd160_preimages) {
267 0 : SerializeToVector(s, CompactSizeWriter(PSBT_IN_RIPEMD160), Span{hash});
268 0 : s << preimage;
269 : }
270 :
271 : // Write any sha256 preimage
272 0 : for (const auto& [hash, preimage] : sha256_preimages) {
273 0 : SerializeToVector(s, CompactSizeWriter(PSBT_IN_SHA256), Span{hash});
274 0 : s << preimage;
275 : }
276 :
277 : // Write any hash160 preimage
278 0 : for (const auto& [hash, preimage] : hash160_preimages) {
279 0 : SerializeToVector(s, CompactSizeWriter(PSBT_IN_HASH160), Span{hash});
280 0 : s << preimage;
281 : }
282 :
283 : // Write any hash256 preimage
284 0 : for (const auto& [hash, preimage] : hash256_preimages) {
285 0 : SerializeToVector(s, CompactSizeWriter(PSBT_IN_HASH256), Span{hash});
286 0 : s << preimage;
287 : }
288 :
289 : // Write taproot key sig
290 0 : if (!m_tap_key_sig.empty()) {
291 0 : SerializeToVector(s, PSBT_IN_TAP_KEY_SIG);
292 0 : s << m_tap_key_sig;
293 0 : }
294 :
295 : // Write taproot script sigs
296 0 : for (const auto& [pubkey_leaf, sig] : m_tap_script_sigs) {
297 0 : const auto& [xonly, leaf_hash] = pubkey_leaf;
298 0 : SerializeToVector(s, PSBT_IN_TAP_SCRIPT_SIG, xonly, leaf_hash);
299 0 : s << sig;
300 : }
301 :
302 : // Write taproot leaf scripts
303 0 : for (const auto& [leaf, control_blocks] : m_tap_scripts) {
304 0 : const auto& [script, leaf_ver] = leaf;
305 0 : for (const auto& control_block : control_blocks) {
306 0 : SerializeToVector(s, PSBT_IN_TAP_LEAF_SCRIPT, Span{control_block});
307 0 : std::vector<unsigned char> value_v(script.begin(), script.end());
308 0 : value_v.push_back((uint8_t)leaf_ver);
309 0 : s << value_v;
310 0 : }
311 : }
312 :
313 : // Write taproot bip32 keypaths
314 0 : for (const auto& [xonly, leaf_origin] : m_tap_bip32_paths) {
315 0 : const auto& [leaf_hashes, origin] = leaf_origin;
316 0 : SerializeToVector(s, PSBT_IN_TAP_BIP32_DERIVATION, xonly);
317 0 : std::vector<unsigned char> value;
318 0 : CVectorWriter s_value(s.GetType(), s.GetVersion(), value, 0);
319 0 : s_value << leaf_hashes;
320 0 : SerializeKeyOrigin(s_value, origin);
321 0 : s << value;
322 0 : }
323 :
324 : // Write taproot internal key
325 0 : if (!m_tap_internal_key.IsNull()) {
326 0 : SerializeToVector(s, PSBT_IN_TAP_INTERNAL_KEY);
327 0 : s << ToByteVector(m_tap_internal_key);
328 0 : }
329 :
330 : // Write taproot merkle root
331 0 : if (!m_tap_merkle_root.IsNull()) {
332 0 : SerializeToVector(s, PSBT_IN_TAP_MERKLE_ROOT);
333 0 : SerializeToVector(s, m_tap_merkle_root);
334 0 : }
335 0 : }
336 :
337 : // Write script sig
338 0 : if (!final_script_sig.empty()) {
339 0 : SerializeToVector(s, CompactSizeWriter(PSBT_IN_SCRIPTSIG));
340 0 : s << final_script_sig;
341 0 : }
342 : // write script witness
343 0 : if (!final_script_witness.IsNull()) {
344 0 : SerializeToVector(s, CompactSizeWriter(PSBT_IN_SCRIPTWITNESS));
345 0 : SerializeToVector(s, final_script_witness.stack);
346 0 : }
347 :
348 : // Write proprietary things
349 0 : for (const auto& entry : m_proprietary) {
350 0 : s << entry.key;
351 0 : s << entry.value;
352 : }
353 :
354 : // Write unknown things
355 0 : for (auto& entry : unknown) {
356 0 : s << entry.first;
357 0 : s << entry.second;
358 : }
359 :
360 0 : s << PSBT_SEPARATOR;
361 0 : }
362 :
363 :
364 : template <typename Stream>
365 0 : inline void Unserialize(Stream& s) {
366 : // Used for duplicate key detection
367 0 : std::set<std::vector<unsigned char>> key_lookup;
368 :
369 : // Read loop
370 0 : bool found_sep = false;
371 0 : while(!s.empty()) {
372 : // Read
373 0 : std::vector<unsigned char> key;
374 0 : s >> key;
375 :
376 : // the key is empty if that was actually a separator byte
377 : // This is a special case for key lengths 0 as those are not allowed (except for separator)
378 0 : if (key.empty()) {
379 0 : found_sep = true;
380 0 : break;
381 : }
382 :
383 : // Type is compact size uint at beginning of key
384 0 : SpanReader skey(s.GetType(), s.GetVersion(), key);
385 0 : uint64_t type = ReadCompactSize(skey);
386 :
387 : // Do stuff based on type
388 0 : switch(type) {
389 : case PSBT_IN_NON_WITNESS_UTXO:
390 : {
391 0 : if (!key_lookup.emplace(key).second) {
392 0 : throw std::ios_base::failure("Duplicate Key, input non-witness utxo already provided");
393 0 : } else if (key.size() != 1) {
394 0 : throw std::ios_base::failure("Non-witness utxo key is more than one byte type");
395 : }
396 : // Set the stream to unserialize with witness since this is always a valid network transaction
397 0 : OverrideStream<Stream> os(&s, s.GetType(), s.GetVersion() & ~SERIALIZE_TRANSACTION_NO_WITNESS);
398 0 : UnserializeFromVector(os, non_witness_utxo);
399 0 : break;
400 : }
401 : case PSBT_IN_WITNESS_UTXO:
402 0 : if (!key_lookup.emplace(key).second) {
403 0 : throw std::ios_base::failure("Duplicate Key, input witness utxo already provided");
404 0 : } else if (key.size() != 1) {
405 0 : throw std::ios_base::failure("Witness utxo key is more than one byte type");
406 : }
407 0 : UnserializeFromVector(s, witness_utxo);
408 0 : break;
409 : case PSBT_IN_PARTIAL_SIG:
410 : {
411 : // Make sure that the key is the size of pubkey + 1
412 0 : if (key.size() != CPubKey::SIZE + 1 && key.size() != CPubKey::COMPRESSED_SIZE + 1) {
413 0 : throw std::ios_base::failure("Size of key was not the expected size for the type partial signature pubkey");
414 : }
415 : // Read in the pubkey from key
416 0 : CPubKey pubkey(key.begin() + 1, key.end());
417 0 : if (!pubkey.IsFullyValid()) {
418 0 : throw std::ios_base::failure("Invalid pubkey");
419 : }
420 0 : if (partial_sigs.count(pubkey.GetID()) > 0) {
421 0 : throw std::ios_base::failure("Duplicate Key, input partial signature for pubkey already provided");
422 : }
423 :
424 : // Read in the signature from value
425 0 : std::vector<unsigned char> sig;
426 0 : s >> sig;
427 :
428 : // Add to list
429 0 : partial_sigs.emplace(pubkey.GetID(), SigPair(pubkey, std::move(sig)));
430 : break;
431 0 : }
432 : case PSBT_IN_SIGHASH:
433 0 : if (!key_lookup.emplace(key).second) {
434 0 : throw std::ios_base::failure("Duplicate Key, input sighash type already provided");
435 0 : } else if (key.size() != 1) {
436 0 : throw std::ios_base::failure("Sighash type key is more than one byte type");
437 : }
438 : int sighash;
439 0 : UnserializeFromVector(s, sighash);
440 0 : sighash_type = sighash;
441 0 : break;
442 : case PSBT_IN_REDEEMSCRIPT:
443 : {
444 0 : if (!key_lookup.emplace(key).second) {
445 0 : throw std::ios_base::failure("Duplicate Key, input redeemScript already provided");
446 0 : } else if (key.size() != 1) {
447 0 : throw std::ios_base::failure("Input redeemScript key is more than one byte type");
448 : }
449 0 : s >> redeem_script;
450 0 : break;
451 : }
452 : case PSBT_IN_WITNESSSCRIPT:
453 : {
454 0 : if (!key_lookup.emplace(key).second) {
455 0 : throw std::ios_base::failure("Duplicate Key, input witnessScript already provided");
456 0 : } else if (key.size() != 1) {
457 0 : throw std::ios_base::failure("Input witnessScript key is more than one byte type");
458 : }
459 0 : s >> witness_script;
460 0 : break;
461 : }
462 : case PSBT_IN_BIP32_DERIVATION:
463 : {
464 0 : DeserializeHDKeypaths(s, key, hd_keypaths);
465 0 : break;
466 : }
467 : case PSBT_IN_SCRIPTSIG:
468 : {
469 0 : if (!key_lookup.emplace(key).second) {
470 0 : throw std::ios_base::failure("Duplicate Key, input final scriptSig already provided");
471 0 : } else if (key.size() != 1) {
472 0 : throw std::ios_base::failure("Final scriptSig key is more than one byte type");
473 : }
474 0 : s >> final_script_sig;
475 0 : break;
476 : }
477 : case PSBT_IN_SCRIPTWITNESS:
478 : {
479 0 : if (!key_lookup.emplace(key).second) {
480 0 : throw std::ios_base::failure("Duplicate Key, input final scriptWitness already provided");
481 0 : } else if (key.size() != 1) {
482 0 : throw std::ios_base::failure("Final scriptWitness key is more than one byte type");
483 : }
484 0 : UnserializeFromVector(s, final_script_witness.stack);
485 0 : break;
486 : }
487 : case PSBT_IN_RIPEMD160:
488 : {
489 : // Make sure that the key is the size of a ripemd160 hash + 1
490 0 : if (key.size() != CRIPEMD160::OUTPUT_SIZE + 1) {
491 0 : throw std::ios_base::failure("Size of key was not the expected size for the type ripemd160 preimage");
492 : }
493 : // Read in the hash from key
494 0 : std::vector<unsigned char> hash_vec(key.begin() + 1, key.end());
495 0 : uint160 hash(hash_vec);
496 0 : if (ripemd160_preimages.count(hash) > 0) {
497 0 : throw std::ios_base::failure("Duplicate Key, input ripemd160 preimage already provided");
498 : }
499 :
500 : // Read in the preimage from value
501 0 : std::vector<unsigned char> preimage;
502 0 : s >> preimage;
503 :
504 : // Add to preimages list
505 0 : ripemd160_preimages.emplace(hash, std::move(preimage));
506 : break;
507 0 : }
508 : case PSBT_IN_SHA256:
509 : {
510 : // Make sure that the key is the size of a sha256 hash + 1
511 0 : if (key.size() != CSHA256::OUTPUT_SIZE + 1) {
512 0 : throw std::ios_base::failure("Size of key was not the expected size for the type sha256 preimage");
513 : }
514 : // Read in the hash from key
515 0 : std::vector<unsigned char> hash_vec(key.begin() + 1, key.end());
516 0 : uint256 hash(hash_vec);
517 0 : if (sha256_preimages.count(hash) > 0) {
518 0 : throw std::ios_base::failure("Duplicate Key, input sha256 preimage already provided");
519 : }
520 :
521 : // Read in the preimage from value
522 0 : std::vector<unsigned char> preimage;
523 0 : s >> preimage;
524 :
525 : // Add to preimages list
526 0 : sha256_preimages.emplace(hash, std::move(preimage));
527 : break;
528 0 : }
529 : case PSBT_IN_HASH160:
530 : {
531 : // Make sure that the key is the size of a hash160 hash + 1
532 0 : if (key.size() != CHash160::OUTPUT_SIZE + 1) {
533 0 : throw std::ios_base::failure("Size of key was not the expected size for the type hash160 preimage");
534 : }
535 : // Read in the hash from key
536 0 : std::vector<unsigned char> hash_vec(key.begin() + 1, key.end());
537 0 : uint160 hash(hash_vec);
538 0 : if (hash160_preimages.count(hash) > 0) {
539 0 : throw std::ios_base::failure("Duplicate Key, input hash160 preimage already provided");
540 : }
541 :
542 : // Read in the preimage from value
543 0 : std::vector<unsigned char> preimage;
544 0 : s >> preimage;
545 :
546 : // Add to preimages list
547 0 : hash160_preimages.emplace(hash, std::move(preimage));
548 : break;
549 0 : }
550 : case PSBT_IN_HASH256:
551 : {
552 : // Make sure that the key is the size of a hash256 hash + 1
553 0 : if (key.size() != CHash256::OUTPUT_SIZE + 1) {
554 0 : throw std::ios_base::failure("Size of key was not the expected size for the type hash256 preimage");
555 : }
556 : // Read in the hash from key
557 0 : std::vector<unsigned char> hash_vec(key.begin() + 1, key.end());
558 0 : uint256 hash(hash_vec);
559 0 : if (hash256_preimages.count(hash) > 0) {
560 0 : throw std::ios_base::failure("Duplicate Key, input hash256 preimage already provided");
561 : }
562 :
563 : // Read in the preimage from value
564 0 : std::vector<unsigned char> preimage;
565 0 : s >> preimage;
566 :
567 : // Add to preimages list
568 0 : hash256_preimages.emplace(hash, std::move(preimage));
569 : break;
570 0 : }
571 : case PSBT_IN_TAP_KEY_SIG:
572 : {
573 0 : if (!key_lookup.emplace(key).second) {
574 0 : throw std::ios_base::failure("Duplicate Key, input Taproot key signature already provided");
575 0 : } else if (key.size() != 1) {
576 0 : throw std::ios_base::failure("Input Taproot key signature key is more than one byte type");
577 : }
578 0 : s >> m_tap_key_sig;
579 0 : if (m_tap_key_sig.size() < 64) {
580 0 : throw std::ios_base::failure("Input Taproot key path signature is shorter than 64 bytes");
581 0 : } else if (m_tap_key_sig.size() > 65) {
582 0 : throw std::ios_base::failure("Input Taproot key path signature is longer than 65 bytes");
583 : }
584 0 : break;
585 : }
586 : case PSBT_IN_TAP_SCRIPT_SIG:
587 : {
588 0 : if (!key_lookup.emplace(key).second) {
589 0 : throw std::ios_base::failure("Duplicate Key, input Taproot script signature already provided");
590 0 : } else if (key.size() != 65) {
591 0 : throw std::ios_base::failure("Input Taproot script signature key is not 65 bytes");
592 : }
593 0 : SpanReader s_key(s.GetType(), s.GetVersion(), Span{key}.subspan(1));
594 0 : XOnlyPubKey xonly;
595 0 : uint256 hash;
596 0 : s_key >> xonly;
597 0 : s_key >> hash;
598 0 : std::vector<unsigned char> sig;
599 0 : s >> sig;
600 0 : if (sig.size() < 64) {
601 0 : throw std::ios_base::failure("Input Taproot script path signature is shorter than 64 bytes");
602 0 : } else if (sig.size() > 65) {
603 0 : throw std::ios_base::failure("Input Taproot script path signature is longer than 65 bytes");
604 : }
605 0 : m_tap_script_sigs.emplace(std::make_pair(xonly, hash), sig);
606 : break;
607 0 : }
608 : case PSBT_IN_TAP_LEAF_SCRIPT:
609 : {
610 0 : if (!key_lookup.emplace(key).second) {
611 0 : throw std::ios_base::failure("Duplicate Key, input Taproot leaf script already provided");
612 0 : } else if (key.size() < 34) {
613 0 : throw std::ios_base::failure("Taproot leaf script key is not at least 34 bytes");
614 0 : } else if ((key.size() - 2) % 32 != 0) {
615 0 : throw std::ios_base::failure("Input Taproot leaf script key's control block size is not valid");
616 : }
617 0 : std::vector<unsigned char> script_v;
618 0 : s >> script_v;
619 0 : if (script_v.empty()) {
620 0 : throw std::ios_base::failure("Input Taproot leaf script must be at least 1 byte");
621 : }
622 0 : uint8_t leaf_ver = script_v.back();
623 0 : script_v.pop_back();
624 0 : const auto leaf_script = std::make_pair(script_v, (int)leaf_ver);
625 0 : m_tap_scripts[leaf_script].insert(std::vector<unsigned char>(key.begin() + 1, key.end()));
626 : break;
627 0 : }
628 : case PSBT_IN_TAP_BIP32_DERIVATION:
629 : {
630 0 : if (!key_lookup.emplace(key).second) {
631 0 : throw std::ios_base::failure("Duplicate Key, input Taproot BIP32 keypath already provided");
632 0 : } else if (key.size() != 33) {
633 0 : throw std::ios_base::failure("Input Taproot BIP32 keypath key is not at 33 bytes");
634 : }
635 0 : SpanReader s_key(s.GetType(), s.GetVersion(), Span{key}.subspan(1));
636 0 : XOnlyPubKey xonly;
637 0 : s_key >> xonly;
638 0 : std::set<uint256> leaf_hashes;
639 0 : uint64_t value_len = ReadCompactSize(s);
640 0 : size_t before_hashes = s.size();
641 0 : s >> leaf_hashes;
642 0 : size_t after_hashes = s.size();
643 0 : size_t hashes_len = before_hashes - after_hashes;
644 0 : if (hashes_len > value_len) {
645 0 : throw std::ios_base::failure("Input Taproot BIP32 keypath has an invalid length");
646 : }
647 0 : size_t origin_len = value_len - hashes_len;
648 0 : m_tap_bip32_paths.emplace(xonly, std::make_pair(leaf_hashes, DeserializeKeyOrigin(s, origin_len)));
649 : break;
650 0 : }
651 : case PSBT_IN_TAP_INTERNAL_KEY:
652 : {
653 0 : if (!key_lookup.emplace(key).second) {
654 0 : throw std::ios_base::failure("Duplicate Key, input Taproot internal key already provided");
655 0 : } else if (key.size() != 1) {
656 0 : throw std::ios_base::failure("Input Taproot internal key key is more than one byte type");
657 : }
658 0 : UnserializeFromVector(s, m_tap_internal_key);
659 0 : break;
660 : }
661 : case PSBT_IN_TAP_MERKLE_ROOT:
662 : {
663 0 : if (!key_lookup.emplace(key).second) {
664 0 : throw std::ios_base::failure("Duplicate Key, input Taproot merkle root already provided");
665 0 : } else if (key.size() != 1) {
666 0 : throw std::ios_base::failure("Input Taproot merkle root key is more than one byte type");
667 : }
668 0 : UnserializeFromVector(s, m_tap_merkle_root);
669 0 : break;
670 : }
671 : case PSBT_IN_PROPRIETARY:
672 : {
673 0 : PSBTProprietary this_prop;
674 0 : skey >> this_prop.identifier;
675 0 : this_prop.subtype = ReadCompactSize(skey);
676 0 : this_prop.key = key;
677 :
678 0 : if (m_proprietary.count(this_prop) > 0) {
679 0 : throw std::ios_base::failure("Duplicate Key, proprietary key already found");
680 : }
681 0 : s >> this_prop.value;
682 0 : m_proprietary.insert(this_prop);
683 : break;
684 0 : }
685 : // Unknown stuff
686 : default:
687 0 : if (unknown.count(key) > 0) {
688 0 : throw std::ios_base::failure("Duplicate Key, key for unknown value already provided");
689 : }
690 : // Read in the value
691 0 : std::vector<unsigned char> val_bytes;
692 0 : s >> val_bytes;
693 0 : unknown.emplace(std::move(key), std::move(val_bytes));
694 : break;
695 0 : }
696 0 : }
697 :
698 0 : if (!found_sep) {
699 0 : throw std::ios_base::failure("Separator is missing at the end of an input map");
700 : }
701 0 : }
702 :
703 : template <typename Stream>
704 : PSBTInput(deserialize_type, Stream& s) {
705 : Unserialize(s);
706 : }
707 : };
708 :
709 : /** A structure for PSBTs which contains per output information */
710 0 : struct PSBTOutput
711 : {
712 : CScript redeem_script;
713 : CScript witness_script;
714 : std::map<CPubKey, KeyOriginInfo> hd_keypaths;
715 : XOnlyPubKey m_tap_internal_key;
716 : std::vector<std::tuple<uint8_t, uint8_t, std::vector<unsigned char>>> m_tap_tree;
717 : std::map<XOnlyPubKey, std::pair<std::set<uint256>, KeyOriginInfo>> m_tap_bip32_paths;
718 : std::map<std::vector<unsigned char>, std::vector<unsigned char>> unknown;
719 : std::set<PSBTProprietary> m_proprietary;
720 :
721 : bool IsNull() const;
722 : void FillSignatureData(SignatureData& sigdata) const;
723 : void FromSignatureData(const SignatureData& sigdata);
724 : void Merge(const PSBTOutput& output);
725 0 : PSBTOutput() {}
726 :
727 : template <typename Stream>
728 0 : inline void Serialize(Stream& s) const {
729 : // Write the redeem script
730 0 : if (!redeem_script.empty()) {
731 0 : SerializeToVector(s, CompactSizeWriter(PSBT_OUT_REDEEMSCRIPT));
732 0 : s << redeem_script;
733 0 : }
734 :
735 : // Write the witness script
736 0 : if (!witness_script.empty()) {
737 0 : SerializeToVector(s, CompactSizeWriter(PSBT_OUT_WITNESSSCRIPT));
738 0 : s << witness_script;
739 0 : }
740 :
741 : // Write any hd keypaths
742 0 : SerializeHDKeypaths(s, hd_keypaths, CompactSizeWriter(PSBT_OUT_BIP32_DERIVATION));
743 :
744 : // Write proprietary things
745 0 : for (const auto& entry : m_proprietary) {
746 0 : s << entry.key;
747 0 : s << entry.value;
748 : }
749 :
750 : // Write taproot internal key
751 0 : if (!m_tap_internal_key.IsNull()) {
752 0 : SerializeToVector(s, PSBT_OUT_TAP_INTERNAL_KEY);
753 0 : s << ToByteVector(m_tap_internal_key);
754 0 : }
755 :
756 : // Write taproot tree
757 0 : if (!m_tap_tree.empty()) {
758 0 : SerializeToVector(s, PSBT_OUT_TAP_TREE);
759 0 : std::vector<unsigned char> value;
760 0 : CVectorWriter s_value(s.GetType(), s.GetVersion(), value, 0);
761 0 : for (const auto& [depth, leaf_ver, script] : m_tap_tree) {
762 0 : s_value << depth;
763 0 : s_value << leaf_ver;
764 0 : s_value << script;
765 : }
766 0 : s << value;
767 0 : }
768 :
769 : // Write taproot bip32 keypaths
770 0 : for (const auto& [xonly, leaf] : m_tap_bip32_paths) {
771 0 : const auto& [leaf_hashes, origin] = leaf;
772 0 : SerializeToVector(s, PSBT_OUT_TAP_BIP32_DERIVATION, xonly);
773 0 : std::vector<unsigned char> value;
774 0 : CVectorWriter s_value(s.GetType(), s.GetVersion(), value, 0);
775 0 : s_value << leaf_hashes;
776 0 : SerializeKeyOrigin(s_value, origin);
777 0 : s << value;
778 0 : }
779 :
780 : // Write unknown things
781 0 : for (auto& entry : unknown) {
782 0 : s << entry.first;
783 0 : s << entry.second;
784 : }
785 :
786 0 : s << PSBT_SEPARATOR;
787 0 : }
788 :
789 :
790 : template <typename Stream>
791 0 : inline void Unserialize(Stream& s) {
792 : // Used for duplicate key detection
793 0 : std::set<std::vector<unsigned char>> key_lookup;
794 :
795 : // Read loop
796 0 : bool found_sep = false;
797 0 : while(!s.empty()) {
798 : // Read
799 0 : std::vector<unsigned char> key;
800 0 : s >> key;
801 :
802 : // the key is empty if that was actually a separator byte
803 : // This is a special case for key lengths 0 as those are not allowed (except for separator)
804 0 : if (key.empty()) {
805 0 : found_sep = true;
806 0 : break;
807 : }
808 :
809 : // Type is compact size uint at beginning of key
810 0 : SpanReader skey(s.GetType(), s.GetVersion(), key);
811 0 : uint64_t type = ReadCompactSize(skey);
812 :
813 : // Do stuff based on type
814 0 : switch(type) {
815 : case PSBT_OUT_REDEEMSCRIPT:
816 : {
817 0 : if (!key_lookup.emplace(key).second) {
818 0 : throw std::ios_base::failure("Duplicate Key, output redeemScript already provided");
819 0 : } else if (key.size() != 1) {
820 0 : throw std::ios_base::failure("Output redeemScript key is more than one byte type");
821 : }
822 0 : s >> redeem_script;
823 0 : break;
824 : }
825 : case PSBT_OUT_WITNESSSCRIPT:
826 : {
827 0 : if (!key_lookup.emplace(key).second) {
828 0 : throw std::ios_base::failure("Duplicate Key, output witnessScript already provided");
829 0 : } else if (key.size() != 1) {
830 0 : throw std::ios_base::failure("Output witnessScript key is more than one byte type");
831 : }
832 0 : s >> witness_script;
833 0 : break;
834 : }
835 : case PSBT_OUT_BIP32_DERIVATION:
836 : {
837 0 : DeserializeHDKeypaths(s, key, hd_keypaths);
838 0 : break;
839 : }
840 : case PSBT_OUT_TAP_INTERNAL_KEY:
841 : {
842 0 : if (!key_lookup.emplace(key).second) {
843 0 : throw std::ios_base::failure("Duplicate Key, output Taproot internal key already provided");
844 0 : } else if (key.size() != 1) {
845 0 : throw std::ios_base::failure("Output Taproot internal key key is more than one byte type");
846 : }
847 0 : UnserializeFromVector(s, m_tap_internal_key);
848 0 : break;
849 : }
850 : case PSBT_OUT_TAP_TREE:
851 : {
852 0 : if (!key_lookup.emplace(key).second) {
853 0 : throw std::ios_base::failure("Duplicate Key, output Taproot tree already provided");
854 0 : } else if (key.size() != 1) {
855 0 : throw std::ios_base::failure("Output Taproot tree key is more than one byte type");
856 : }
857 0 : std::vector<unsigned char> tree_v;
858 0 : s >> tree_v;
859 0 : SpanReader s_tree(s.GetType(), s.GetVersion(), tree_v);
860 0 : if (s_tree.empty()) {
861 0 : throw std::ios_base::failure("Output Taproot tree must not be empty");
862 : }
863 0 : TaprootBuilder builder;
864 0 : while (!s_tree.empty()) {
865 : uint8_t depth;
866 : uint8_t leaf_ver;
867 0 : std::vector<unsigned char> script;
868 0 : s_tree >> depth;
869 0 : s_tree >> leaf_ver;
870 0 : s_tree >> script;
871 0 : if (depth > TAPROOT_CONTROL_MAX_NODE_COUNT) {
872 0 : throw std::ios_base::failure("Output Taproot tree has as leaf greater than Taproot maximum depth");
873 : }
874 0 : if ((leaf_ver & ~TAPROOT_LEAF_MASK) != 0) {
875 0 : throw std::ios_base::failure("Output Taproot tree has a leaf with an invalid leaf version");
876 : }
877 0 : m_tap_tree.push_back(std::make_tuple(depth, leaf_ver, script));
878 0 : builder.Add((int)depth, script, (int)leaf_ver, /*track=*/true);
879 0 : }
880 0 : if (!builder.IsComplete()) {
881 0 : throw std::ios_base::failure("Output Taproot tree is malformed");
882 : }
883 : break;
884 0 : }
885 : case PSBT_OUT_TAP_BIP32_DERIVATION:
886 : {
887 0 : if (!key_lookup.emplace(key).second) {
888 0 : throw std::ios_base::failure("Duplicate Key, output Taproot BIP32 keypath already provided");
889 0 : } else if (key.size() != 33) {
890 0 : throw std::ios_base::failure("Output Taproot BIP32 keypath key is not at 33 bytes");
891 : }
892 0 : XOnlyPubKey xonly(uint256(Span<uint8_t>(key).last(32)));
893 0 : std::set<uint256> leaf_hashes;
894 0 : uint64_t value_len = ReadCompactSize(s);
895 0 : size_t before_hashes = s.size();
896 0 : s >> leaf_hashes;
897 0 : size_t after_hashes = s.size();
898 0 : size_t hashes_len = before_hashes - after_hashes;
899 0 : if (hashes_len > value_len) {
900 0 : throw std::ios_base::failure("Output Taproot BIP32 keypath has an invalid length");
901 : }
902 0 : size_t origin_len = value_len - hashes_len;
903 0 : m_tap_bip32_paths.emplace(xonly, std::make_pair(leaf_hashes, DeserializeKeyOrigin(s, origin_len)));
904 : break;
905 0 : }
906 : case PSBT_OUT_PROPRIETARY:
907 : {
908 0 : PSBTProprietary this_prop;
909 0 : skey >> this_prop.identifier;
910 0 : this_prop.subtype = ReadCompactSize(skey);
911 0 : this_prop.key = key;
912 :
913 0 : if (m_proprietary.count(this_prop) > 0) {
914 0 : throw std::ios_base::failure("Duplicate Key, proprietary key already found");
915 : }
916 0 : s >> this_prop.value;
917 0 : m_proprietary.insert(this_prop);
918 : break;
919 0 : }
920 : // Unknown stuff
921 : default: {
922 0 : if (unknown.count(key) > 0) {
923 0 : throw std::ios_base::failure("Duplicate Key, key for unknown value already provided");
924 : }
925 : // Read in the value
926 0 : std::vector<unsigned char> val_bytes;
927 0 : s >> val_bytes;
928 0 : unknown.emplace(std::move(key), std::move(val_bytes));
929 : break;
930 0 : }
931 : }
932 0 : }
933 :
934 0 : if (!found_sep) {
935 0 : throw std::ios_base::failure("Separator is missing at the end of an output map");
936 : }
937 0 : }
938 :
939 : template <typename Stream>
940 : PSBTOutput(deserialize_type, Stream& s) {
941 : Unserialize(s);
942 : }
943 : };
944 :
945 : /** A version of CTransaction with the PSBT format*/
946 0 : struct PartiallySignedTransaction
947 : {
948 : std::optional<CMutableTransaction> tx;
949 : // We use a vector of CExtPubKey in the event that there happens to be the same KeyOriginInfos for different CExtPubKeys
950 : // Note that this map swaps the key and values from the serialization
951 : std::map<KeyOriginInfo, std::set<CExtPubKey>> m_xpubs;
952 : std::vector<PSBTInput> inputs;
953 : std::vector<PSBTOutput> outputs;
954 : std::map<std::vector<unsigned char>, std::vector<unsigned char>> unknown;
955 : std::optional<uint32_t> m_version;
956 : std::set<PSBTProprietary> m_proprietary;
957 :
958 : bool IsNull() const;
959 : uint32_t GetVersion() const;
960 :
961 : /** Merge psbt into this. The two psbts must have the same underlying CTransaction (i.e. the
962 : * same actual Bitcoin transaction.) Returns true if the merge succeeded, false otherwise. */
963 : [[nodiscard]] bool Merge(const PartiallySignedTransaction& psbt);
964 : bool AddInput(const CTxIn& txin, PSBTInput& psbtin);
965 : bool AddOutput(const CTxOut& txout, const PSBTOutput& psbtout);
966 0 : PartiallySignedTransaction() {}
967 : explicit PartiallySignedTransaction(const CMutableTransaction& tx);
968 : /**
969 : * Finds the UTXO for a given input index
970 : *
971 : * @param[out] utxo The UTXO of the input if found
972 : * @param[in] input_index Index of the input to retrieve the UTXO of
973 : * @return Whether the UTXO for the specified input was found
974 : */
975 : bool GetInputUTXO(CTxOut& utxo, int input_index) const;
976 :
977 : template <typename Stream>
978 0 : inline void Serialize(Stream& s) const {
979 :
980 : // magic bytes
981 0 : s << PSBT_MAGIC_BYTES;
982 :
983 : // unsigned tx flag
984 0 : SerializeToVector(s, CompactSizeWriter(PSBT_GLOBAL_UNSIGNED_TX));
985 :
986 : // Write serialized tx to a stream
987 0 : OverrideStream<Stream> os(&s, s.GetType(), s.GetVersion() | SERIALIZE_TRANSACTION_NO_WITNESS);
988 0 : SerializeToVector(os, *tx);
989 :
990 : // Write xpubs
991 0 : for (const auto& xpub_pair : m_xpubs) {
992 0 : for (const auto& xpub : xpub_pair.second) {
993 : unsigned char ser_xpub[BIP32_EXTKEY_WITH_VERSION_SIZE];
994 0 : xpub.EncodeWithVersion(ser_xpub);
995 : // Note that the serialization swaps the key and value
996 : // The xpub is the key (for uniqueness) while the path is the value
997 0 : SerializeToVector(s, PSBT_GLOBAL_XPUB, ser_xpub);
998 0 : SerializeHDKeypath(s, xpub_pair.first);
999 : }
1000 : }
1001 :
1002 : // PSBT version
1003 0 : if (GetVersion() > 0) {
1004 0 : SerializeToVector(s, CompactSizeWriter(PSBT_GLOBAL_VERSION));
1005 0 : SerializeToVector(s, *m_version);
1006 0 : }
1007 :
1008 : // Write proprietary things
1009 0 : for (const auto& entry : m_proprietary) {
1010 0 : s << entry.key;
1011 0 : s << entry.value;
1012 : }
1013 :
1014 : // Write the unknown things
1015 0 : for (auto& entry : unknown) {
1016 0 : s << entry.first;
1017 0 : s << entry.second;
1018 : }
1019 :
1020 : // Separator
1021 0 : s << PSBT_SEPARATOR;
1022 :
1023 : // Write inputs
1024 0 : for (const PSBTInput& input : inputs) {
1025 0 : s << input;
1026 : }
1027 : // Write outputs
1028 0 : for (const PSBTOutput& output : outputs) {
1029 0 : s << output;
1030 : }
1031 0 : }
1032 :
1033 :
1034 : template <typename Stream>
1035 0 : inline void Unserialize(Stream& s) {
1036 : // Read the magic bytes
1037 : uint8_t magic[5];
1038 0 : s >> magic;
1039 0 : if (!std::equal(magic, magic + 5, PSBT_MAGIC_BYTES)) {
1040 0 : throw std::ios_base::failure("Invalid PSBT magic bytes");
1041 : }
1042 :
1043 : // Used for duplicate key detection
1044 0 : std::set<std::vector<unsigned char>> key_lookup;
1045 :
1046 : // Track the global xpubs we have already seen. Just for sanity checking
1047 0 : std::set<CExtPubKey> global_xpubs;
1048 :
1049 : // Read global data
1050 0 : bool found_sep = false;
1051 0 : while(!s.empty()) {
1052 : // Read
1053 0 : std::vector<unsigned char> key;
1054 0 : s >> key;
1055 :
1056 : // the key is empty if that was actually a separator byte
1057 : // This is a special case for key lengths 0 as those are not allowed (except for separator)
1058 0 : if (key.empty()) {
1059 0 : found_sep = true;
1060 0 : break;
1061 : }
1062 :
1063 : // Type is compact size uint at beginning of key
1064 0 : SpanReader skey(s.GetType(), s.GetVersion(), key);
1065 0 : uint64_t type = ReadCompactSize(skey);
1066 :
1067 : // Do stuff based on type
1068 0 : switch(type) {
1069 : case PSBT_GLOBAL_UNSIGNED_TX:
1070 : {
1071 0 : if (!key_lookup.emplace(key).second) {
1072 0 : throw std::ios_base::failure("Duplicate Key, unsigned tx already provided");
1073 0 : } else if (key.size() != 1) {
1074 0 : throw std::ios_base::failure("Global unsigned tx key is more than one byte type");
1075 : }
1076 0 : CMutableTransaction mtx;
1077 : // Set the stream to serialize with non-witness since this should always be non-witness
1078 0 : OverrideStream<Stream> os(&s, s.GetType(), s.GetVersion() | SERIALIZE_TRANSACTION_NO_WITNESS);
1079 0 : UnserializeFromVector(os, mtx);
1080 0 : tx = std::move(mtx);
1081 : // Make sure that all scriptSigs and scriptWitnesses are empty
1082 0 : for (const CTxIn& txin : tx->vin) {
1083 0 : if (!txin.scriptSig.empty() || !txin.scriptWitness.IsNull()) {
1084 0 : throw std::ios_base::failure("Unsigned tx does not have empty scriptSigs and scriptWitnesses.");
1085 : }
1086 : }
1087 : break;
1088 0 : }
1089 : case PSBT_GLOBAL_XPUB:
1090 : {
1091 0 : if (key.size() != BIP32_EXTKEY_WITH_VERSION_SIZE + 1) {
1092 0 : throw std::ios_base::failure("Size of key was not the expected size for the type global xpub");
1093 : }
1094 : // Read in the xpub from key
1095 0 : CExtPubKey xpub;
1096 0 : xpub.DecodeWithVersion(&key.data()[1]);
1097 0 : if (!xpub.pubkey.IsFullyValid()) {
1098 0 : throw std::ios_base::failure("Invalid pubkey");
1099 : }
1100 0 : if (global_xpubs.count(xpub) > 0) {
1101 0 : throw std::ios_base::failure("Duplicate key, global xpub already provided");
1102 : }
1103 0 : global_xpubs.insert(xpub);
1104 : // Read in the keypath from stream
1105 0 : KeyOriginInfo keypath;
1106 0 : DeserializeHDKeypath(s, keypath);
1107 :
1108 : // Note that we store these swapped to make searches faster.
1109 : // Serialization uses xpub -> keypath to enqure key uniqueness
1110 0 : if (m_xpubs.count(keypath) == 0) {
1111 : // Make a new set to put the xpub in
1112 0 : m_xpubs[keypath] = {xpub};
1113 0 : } else {
1114 : // Insert xpub into existing set
1115 0 : m_xpubs[keypath].insert(xpub);
1116 : }
1117 : break;
1118 0 : }
1119 : case PSBT_GLOBAL_VERSION:
1120 : {
1121 0 : if (m_version) {
1122 0 : throw std::ios_base::failure("Duplicate Key, version already provided");
1123 0 : } else if (key.size() != 1) {
1124 0 : throw std::ios_base::failure("Global version key is more than one byte type");
1125 : }
1126 : uint32_t v;
1127 0 : UnserializeFromVector(s, v);
1128 0 : m_version = v;
1129 0 : if (*m_version > PSBT_HIGHEST_VERSION) {
1130 0 : throw std::ios_base::failure("Unsupported version number");
1131 : }
1132 0 : break;
1133 : }
1134 : case PSBT_GLOBAL_PROPRIETARY:
1135 : {
1136 0 : PSBTProprietary this_prop;
1137 0 : skey >> this_prop.identifier;
1138 0 : this_prop.subtype = ReadCompactSize(skey);
1139 0 : this_prop.key = key;
1140 :
1141 0 : if (m_proprietary.count(this_prop) > 0) {
1142 0 : throw std::ios_base::failure("Duplicate Key, proprietary key already found");
1143 : }
1144 0 : s >> this_prop.value;
1145 0 : m_proprietary.insert(this_prop);
1146 : break;
1147 0 : }
1148 : // Unknown stuff
1149 : default: {
1150 0 : if (unknown.count(key) > 0) {
1151 0 : throw std::ios_base::failure("Duplicate Key, key for unknown value already provided");
1152 : }
1153 : // Read in the value
1154 0 : std::vector<unsigned char> val_bytes;
1155 0 : s >> val_bytes;
1156 0 : unknown.emplace(std::move(key), std::move(val_bytes));
1157 0 : }
1158 0 : }
1159 0 : }
1160 :
1161 0 : if (!found_sep) {
1162 0 : throw std::ios_base::failure("Separator is missing at the end of the global map");
1163 : }
1164 :
1165 : // Make sure that we got an unsigned tx
1166 0 : if (!tx) {
1167 0 : throw std::ios_base::failure("No unsigned transaction was provided");
1168 : }
1169 :
1170 : // Read input data
1171 0 : unsigned int i = 0;
1172 0 : while (!s.empty() && i < tx->vin.size()) {
1173 0 : PSBTInput input;
1174 0 : s >> input;
1175 0 : inputs.push_back(input);
1176 :
1177 : // Make sure the non-witness utxo matches the outpoint
1178 0 : if (input.non_witness_utxo && input.non_witness_utxo->GetHash() != tx->vin[i].prevout.hash) {
1179 0 : throw std::ios_base::failure("Non-witness UTXO does not match outpoint hash");
1180 : }
1181 0 : ++i;
1182 0 : }
1183 : // Make sure that the number of inputs matches the number of inputs in the transaction
1184 0 : if (inputs.size() != tx->vin.size()) {
1185 0 : throw std::ios_base::failure("Inputs provided does not match the number of inputs in transaction.");
1186 : }
1187 :
1188 : // Read output data
1189 0 : i = 0;
1190 0 : while (!s.empty() && i < tx->vout.size()) {
1191 0 : PSBTOutput output;
1192 0 : s >> output;
1193 0 : outputs.push_back(output);
1194 0 : ++i;
1195 0 : }
1196 : // Make sure that the number of outputs matches the number of outputs in the transaction
1197 0 : if (outputs.size() != tx->vout.size()) {
1198 0 : throw std::ios_base::failure("Outputs provided does not match the number of outputs in transaction.");
1199 : }
1200 0 : }
1201 :
1202 : template <typename Stream>
1203 : PartiallySignedTransaction(deserialize_type, Stream& s) {
1204 : Unserialize(s);
1205 : }
1206 : };
1207 :
1208 : enum class PSBTRole {
1209 : CREATOR,
1210 : UPDATER,
1211 : SIGNER,
1212 : FINALIZER,
1213 : EXTRACTOR
1214 : };
1215 :
1216 : std::string PSBTRoleName(PSBTRole role);
1217 :
1218 : /** Compute a PrecomputedTransactionData object from a psbt. */
1219 : PrecomputedTransactionData PrecomputePSBTData(const PartiallySignedTransaction& psbt);
1220 :
1221 : /** Checks whether a PSBTInput is already signed by checking for non-null finalized fields. */
1222 : bool PSBTInputSigned(const PSBTInput& input);
1223 :
1224 : /** Checks whether a PSBTInput is already signed by doing script verification using final fields. */
1225 : bool PSBTInputSignedAndVerified(const PartiallySignedTransaction psbt, unsigned int input_index, const PrecomputedTransactionData* txdata);
1226 :
1227 : /** Signs a PSBTInput, verifying that all provided data matches what is being signed.
1228 : *
1229 : * txdata should be the output of PrecomputePSBTData (which can be shared across
1230 : * multiple SignPSBTInput calls). If it is nullptr, a dummy signature will be created.
1231 : **/
1232 : bool SignPSBTInput(const SigningProvider& provider, PartiallySignedTransaction& psbt, int index, const PrecomputedTransactionData* txdata, int sighash = SIGHASH_ALL, SignatureData* out_sigdata = nullptr, bool finalize = true);
1233 :
1234 : /** Reduces the size of the PSBT by dropping unnecessary `non_witness_utxos` (i.e. complete previous transactions) from a psbt when all inputs are segwit v1. */
1235 : void RemoveUnnecessaryTransactions(PartiallySignedTransaction& psbtx, const int& sighash_type);
1236 :
1237 : /** Counts the unsigned inputs of a PSBT. */
1238 : size_t CountPSBTUnsignedInputs(const PartiallySignedTransaction& psbt);
1239 :
1240 : /** Updates a PSBTOutput with information from provider.
1241 : *
1242 : * This fills in the redeem_script, witness_script, and hd_keypaths where possible.
1243 : */
1244 : void UpdatePSBTOutput(const SigningProvider& provider, PartiallySignedTransaction& psbt, int index);
1245 :
1246 : /**
1247 : * Finalizes a PSBT if possible, combining partial signatures.
1248 : *
1249 : * @param[in,out] psbtx PartiallySignedTransaction to finalize
1250 : * return True if the PSBT is now complete, false otherwise
1251 : */
1252 : bool FinalizePSBT(PartiallySignedTransaction& psbtx);
1253 :
1254 : /**
1255 : * Finalizes a PSBT if possible, and extracts it to a CMutableTransaction if it could be finalized.
1256 : *
1257 : * @param[in] psbtx PartiallySignedTransaction
1258 : * @param[out] result CMutableTransaction representing the complete transaction, if successful
1259 : * @return True if we successfully extracted the transaction, false otherwise
1260 : */
1261 : bool FinalizeAndExtractPSBT(PartiallySignedTransaction& psbtx, CMutableTransaction& result);
1262 :
1263 : /**
1264 : * Combines PSBTs with the same underlying transaction, resulting in a single PSBT with all partial signatures from each input.
1265 : *
1266 : * @param[out] out the combined PSBT, if successful
1267 : * @param[in] psbtxs the PSBTs to combine
1268 : * @return error (OK if we successfully combined the transactions, other error if they were not compatible)
1269 : */
1270 : [[nodiscard]] TransactionError CombinePSBTs(PartiallySignedTransaction& out, const std::vector<PartiallySignedTransaction>& psbtxs);
1271 :
1272 : //! Decode a base64ed PSBT into a PartiallySignedTransaction
1273 : [[nodiscard]] bool DecodeBase64PSBT(PartiallySignedTransaction& decoded_psbt, const std::string& base64_psbt, std::string& error);
1274 : //! Decode a raw (binary blob) PSBT into a PartiallySignedTransaction
1275 : [[nodiscard]] bool DecodeRawPSBT(PartiallySignedTransaction& decoded_psbt, Span<const std::byte> raw_psbt, std::string& error);
1276 :
1277 : #endif // BITCOIN_PSBT_H
|
