Line data Source code
1 : // Copyright (c) 2019-2022 The Bitcoin Core developers
2 : // Distributed under the MIT software license, see the accompanying
3 : // file COPYING or http://www.opensource.org/licenses/mit-license.php.
4 :
5 : #include <hash.h>
6 : #include <key_io.h>
7 : #include <logging.h>
8 : #include <outputtype.h>
9 : #include <script/descriptor.h>
10 : #include <script/script.h>
11 : #include <script/sign.h>
12 : #include <script/solver.h>
13 : #include <util/bip32.h>
14 : #include <util/strencodings.h>
15 : #include <util/string.h>
16 : #include <util/time.h>
17 2 : #include <util/translation.h>
18 2 : #include <wallet/scriptpubkeyman.h>
19 :
20 : #include <optional>
21 :
22 : namespace wallet {
23 : //! Value for the first BIP 32 hardened derivation. Can be used as a bit mask and as a value. See BIP 32 for more details.
24 : const uint32_t BIP32_HARDENED_KEY_LIMIT = 0x80000000;
25 :
26 0 : util::Result<CTxDestination> LegacyScriptPubKeyMan::GetNewDestination(const OutputType type)
27 2 : {
28 0 : if (LEGACY_OUTPUT_TYPES.count(type) == 0) {
29 0 : return util::Error{_("Error: Legacy wallets only support the \"legacy\", \"p2sh-segwit\", and \"bech32\" address types")};
30 : }
31 0 : assert(type != OutputType::BECH32M);
32 :
33 : // Fill-up keypool if needed
34 0 : TopUp();
35 :
36 0 : LOCK(cs_KeyStore);
37 :
38 : // Generate a new key that is added to wallet
39 0 : CPubKey new_key;
40 0 : if (!GetKeyFromPool(new_key, type)) {
41 0 : return util::Error{_("Error: Keypool ran out, please call keypoolrefill first")};
42 : }
43 0 : LearnRelatedScripts(new_key, type);
44 0 : return GetDestinationForKey(new_key, type);
45 0 : }
46 :
47 : typedef std::vector<unsigned char> valtype;
48 :
49 : namespace {
50 :
51 : /**
52 : * This is an enum that tracks the execution context of a script, similar to
53 0 : * SigVersion in script/interpreter. It is separate however because we want to
54 : * distinguish between top-level scriptPubKey execution and P2SH redeemScript
55 : * execution (a distinction that has no impact on consensus rules).
56 : */
57 : enum class IsMineSigVersion
58 : {
59 : TOP = 0, //!< scriptPubKey execution
60 : P2SH = 1, //!< P2SH redeemScript
61 : WITNESS_V0 = 2, //!< P2WSH witness script execution
62 : };
63 :
64 : /**
65 : * This is an internal representation of isminetype + invalidity.
66 : * Its order is significant, as we return the max of all explored
67 : * possibilities.
68 : */
69 : enum class IsMineResult
70 : {
71 : NO = 0, //!< Not ours
72 : WATCH_ONLY = 1, //!< Included in watch-only balance
73 : SPENDABLE = 2, //!< Included in all balances
74 2 : INVALID = 3, //!< Not spendable by anyone (uncompressed pubkey in segwit, P2SH inside P2SH or witness, witness inside witness)
75 : };
76 :
77 0 : bool PermitsUncompressed(IsMineSigVersion sigversion)
78 : {
79 0 : return sigversion == IsMineSigVersion::TOP || sigversion == IsMineSigVersion::P2SH;
80 : }
81 :
82 0 : bool HaveKeys(const std::vector<valtype>& pubkeys, const LegacyScriptPubKeyMan& keystore)
83 : {
84 0 : for (const valtype& pubkey : pubkeys) {
85 0 : CKeyID keyID = CPubKey(pubkey).GetID();
86 0 : if (!keystore.HaveKey(keyID)) return false;
87 : }
88 0 : return true;
89 0 : }
90 :
91 2 : //! Recursively solve script and return spendable/watchonly/invalid status.
92 : //!
93 : //! @param keystore legacy key and script store
94 : //! @param scriptPubKey script to solve
95 : //! @param sigversion script type (top-level / redeemscript / witnessscript)
96 : //! @param recurse_scripthash whether to recurse into nested p2sh and p2wsh
97 : //! scripts or simply treat any script that has been
98 : //! stored in the keystore as spendable
99 2 : IsMineResult IsMineInner(const LegacyScriptPubKeyMan& keystore, const CScript& scriptPubKey, IsMineSigVersion sigversion, bool recurse_scripthash=true)
100 : {
101 0 : IsMineResult ret = IsMineResult::NO;
102 :
103 0 : std::vector<valtype> vSolutions;
104 0 : TxoutType whichType = Solver(scriptPubKey, vSolutions);
105 :
106 0 : CKeyID keyID;
107 0 : switch (whichType) {
108 : case TxoutType::NONSTANDARD:
109 : case TxoutType::NULL_DATA:
110 : case TxoutType::WITNESS_UNKNOWN:
111 : case TxoutType::WITNESS_V1_TAPROOT:
112 0 : break;
113 : case TxoutType::PUBKEY:
114 0 : keyID = CPubKey(vSolutions[0]).GetID();
115 0 : if (!PermitsUncompressed(sigversion) && vSolutions[0].size() != 33) {
116 0 : return IsMineResult::INVALID;
117 : }
118 0 : if (keystore.HaveKey(keyID)) {
119 0 : ret = std::max(ret, IsMineResult::SPENDABLE);
120 0 : }
121 0 : break;
122 : case TxoutType::WITNESS_V0_KEYHASH:
123 : {
124 0 : if (sigversion == IsMineSigVersion::WITNESS_V0) {
125 : // P2WPKH inside P2WSH is invalid.
126 0 : return IsMineResult::INVALID;
127 : }
128 0 : if (sigversion == IsMineSigVersion::TOP && !keystore.HaveCScript(CScriptID(CScript() << OP_0 << vSolutions[0]))) {
129 : // We do not support bare witness outputs unless the P2SH version of it would be
130 : // acceptable as well. This protects against matching before segwit activates.
131 : // This also applies to the P2WSH case.
132 0 : break;
133 : }
134 0 : ret = std::max(ret, IsMineInner(keystore, GetScriptForDestination(PKHash(uint160(vSolutions[0]))), IsMineSigVersion::WITNESS_V0));
135 0 : break;
136 : }
137 : case TxoutType::PUBKEYHASH:
138 0 : keyID = CKeyID(uint160(vSolutions[0]));
139 0 : if (!PermitsUncompressed(sigversion)) {
140 0 : CPubKey pubkey;
141 0 : if (keystore.GetPubKey(keyID, pubkey) && !pubkey.IsCompressed()) {
142 0 : return IsMineResult::INVALID;
143 : }
144 0 : }
145 0 : if (keystore.HaveKey(keyID)) {
146 0 : ret = std::max(ret, IsMineResult::SPENDABLE);
147 0 : }
148 0 : break;
149 : case TxoutType::SCRIPTHASH:
150 : {
151 0 : if (sigversion != IsMineSigVersion::TOP) {
152 : // P2SH inside P2WSH or P2SH is invalid.
153 0 : return IsMineResult::INVALID;
154 : }
155 0 : CScriptID scriptID = CScriptID(uint160(vSolutions[0]));
156 0 : CScript subscript;
157 0 : if (keystore.GetCScript(scriptID, subscript)) {
158 0 : ret = std::max(ret, recurse_scripthash ? IsMineInner(keystore, subscript, IsMineSigVersion::P2SH) : IsMineResult::SPENDABLE);
159 0 : }
160 : break;
161 0 : }
162 : case TxoutType::WITNESS_V0_SCRIPTHASH:
163 : {
164 0 : if (sigversion == IsMineSigVersion::WITNESS_V0) {
165 : // P2WSH inside P2WSH is invalid.
166 0 : return IsMineResult::INVALID;
167 : }
168 0 : if (sigversion == IsMineSigVersion::TOP && !keystore.HaveCScript(CScriptID(CScript() << OP_0 << vSolutions[0]))) {
169 0 : break;
170 : }
171 0 : CScriptID scriptID{RIPEMD160(vSolutions[0])};
172 0 : CScript subscript;
173 0 : if (keystore.GetCScript(scriptID, subscript)) {
174 0 : ret = std::max(ret, recurse_scripthash ? IsMineInner(keystore, subscript, IsMineSigVersion::WITNESS_V0) : IsMineResult::SPENDABLE);
175 0 : }
176 : break;
177 0 : }
178 :
179 : case TxoutType::MULTISIG:
180 : {
181 : // Never treat bare multisig outputs as ours (they can still be made watchonly-though)
182 0 : if (sigversion == IsMineSigVersion::TOP) {
183 0 : break;
184 : }
185 :
186 : // Only consider transactions "mine" if we own ALL the
187 : // keys involved. Multi-signature transactions that are
188 : // partially owned (somebody else has a key that can spend
189 : // them) enable spend-out-from-under-you attacks, especially
190 : // in shared-wallet situations.
191 0 : std::vector<valtype> keys(vSolutions.begin()+1, vSolutions.begin()+vSolutions.size()-1);
192 0 : if (!PermitsUncompressed(sigversion)) {
193 0 : for (size_t i = 0; i < keys.size(); i++) {
194 0 : if (keys[i].size() != 33) {
195 0 : return IsMineResult::INVALID;
196 : }
197 0 : }
198 0 : }
199 0 : if (HaveKeys(keys, keystore)) {
200 0 : ret = std::max(ret, IsMineResult::SPENDABLE);
201 0 : }
202 0 : break;
203 0 : }
204 : } // no default case, so the compiler can warn about missing cases
205 :
206 0 : if (ret == IsMineResult::NO && keystore.HaveWatchOnly(scriptPubKey)) {
207 0 : ret = std::max(ret, IsMineResult::WATCH_ONLY);
208 0 : }
209 0 : return ret;
210 0 : }
211 :
212 : } // namespace
213 :
214 0 : isminetype LegacyScriptPubKeyMan::IsMine(const CScript& script) const
215 : {
216 0 : switch (IsMineInner(*this, script, IsMineSigVersion::TOP)) {
217 : case IsMineResult::INVALID:
218 : case IsMineResult::NO:
219 0 : return ISMINE_NO;
220 : case IsMineResult::WATCH_ONLY:
221 0 : return ISMINE_WATCH_ONLY;
222 : case IsMineResult::SPENDABLE:
223 0 : return ISMINE_SPENDABLE;
224 : }
225 0 : assert(false);
226 0 : }
227 :
228 0 : bool LegacyScriptPubKeyMan::CheckDecryptionKey(const CKeyingMaterial& master_key, bool accept_no_keys)
229 : {
230 : {
231 0 : LOCK(cs_KeyStore);
232 0 : assert(mapKeys.empty());
233 :
234 0 : bool keyPass = mapCryptedKeys.empty(); // Always pass when there are no encrypted keys
235 0 : bool keyFail = false;
236 0 : CryptedKeyMap::const_iterator mi = mapCryptedKeys.begin();
237 0 : WalletBatch batch(m_storage.GetDatabase());
238 0 : for (; mi != mapCryptedKeys.end(); ++mi)
239 : {
240 0 : const CPubKey &vchPubKey = (*mi).second.first;
241 0 : const std::vector<unsigned char> &vchCryptedSecret = (*mi).second.second;
242 0 : CKey key;
243 0 : if (!DecryptKey(master_key, vchCryptedSecret, vchPubKey, key))
244 : {
245 0 : keyFail = true;
246 0 : break;
247 : }
248 0 : keyPass = true;
249 0 : if (fDecryptionThoroughlyChecked)
250 0 : break;
251 : else {
252 : // Rewrite these encrypted keys with checksums
253 0 : batch.WriteCryptedKey(vchPubKey, vchCryptedSecret, mapKeyMetadata[vchPubKey.GetID()]);
254 : }
255 0 : }
256 0 : if (keyPass && keyFail)
257 : {
258 0 : LogPrintf("The wallet is probably corrupted: Some keys decrypt but not all.\n");
259 0 : throw std::runtime_error("Error unlocking wallet: some keys decrypt but not all. Your wallet file may be corrupt.");
260 : }
261 0 : if (keyFail || (!keyPass && !accept_no_keys))
262 0 : return false;
263 0 : fDecryptionThoroughlyChecked = true;
264 0 : }
265 0 : return true;
266 0 : }
267 :
268 0 : bool LegacyScriptPubKeyMan::Encrypt(const CKeyingMaterial& master_key, WalletBatch* batch)
269 : {
270 2 : LOCK(cs_KeyStore);
271 0 : encrypted_batch = batch;
272 0 : if (!mapCryptedKeys.empty()) {
273 0 : encrypted_batch = nullptr;
274 0 : return false;
275 : }
276 :
277 0 : KeyMap keys_to_encrypt;
278 0 : keys_to_encrypt.swap(mapKeys); // Clear mapKeys so AddCryptedKeyInner will succeed.
279 0 : for (const KeyMap::value_type& mKey : keys_to_encrypt)
280 : {
281 0 : const CKey &key = mKey.second;
282 0 : CPubKey vchPubKey = key.GetPubKey();
283 0 : CKeyingMaterial vchSecret(key.begin(), key.end());
284 0 : std::vector<unsigned char> vchCryptedSecret;
285 0 : if (!EncryptSecret(master_key, vchSecret, vchPubKey.GetHash(), vchCryptedSecret)) {
286 0 : encrypted_batch = nullptr;
287 0 : return false;
288 : }
289 0 : if (!AddCryptedKey(vchPubKey, vchCryptedSecret)) {
290 0 : encrypted_batch = nullptr;
291 0 : return false;
292 : }
293 0 : }
294 0 : encrypted_batch = nullptr;
295 0 : return true;
296 0 : }
297 :
298 0 : util::Result<CTxDestination> LegacyScriptPubKeyMan::GetReservedDestination(const OutputType type, bool internal, int64_t& index, CKeyPool& keypool)
299 : {
300 0 : if (LEGACY_OUTPUT_TYPES.count(type) == 0) {
301 0 : return util::Error{_("Error: Legacy wallets only support the \"legacy\", \"p2sh-segwit\", and \"bech32\" address types")};
302 : }
303 0 : assert(type != OutputType::BECH32M);
304 :
305 0 : LOCK(cs_KeyStore);
306 0 : if (!CanGetAddresses(internal)) {
307 0 : return util::Error{_("Error: Keypool ran out, please call keypoolrefill first")};
308 : }
309 :
310 : // Fill-up keypool if needed
311 0 : TopUp();
312 :
313 0 : if (!ReserveKeyFromKeyPool(index, keypool, internal)) {
314 0 : return util::Error{_("Error: Keypool ran out, please call keypoolrefill first")};
315 : }
316 0 : return GetDestinationForKey(keypool.vchPubKey, type);
317 0 : }
318 :
319 0 : bool LegacyScriptPubKeyMan::TopUpInactiveHDChain(const CKeyID seed_id, int64_t index, bool internal)
320 : {
321 0 : LOCK(cs_KeyStore);
322 :
323 0 : auto it = m_inactive_hd_chains.find(seed_id);
324 0 : if (it == m_inactive_hd_chains.end()) {
325 0 : return false;
326 : }
327 :
328 0 : CHDChain& chain = it->second;
329 :
330 0 : if (internal) {
331 0 : chain.m_next_internal_index = std::max(chain.m_next_internal_index, index + 1);
332 0 : } else {
333 0 : chain.m_next_external_index = std::max(chain.m_next_external_index, index + 1);
334 : }
335 :
336 0 : TopUpChain(chain, 0);
337 :
338 0 : return true;
339 0 : }
340 :
341 0 : std::vector<WalletDestination> LegacyScriptPubKeyMan::MarkUnusedAddresses(const CScript& script)
342 : {
343 0 : LOCK(cs_KeyStore);
344 0 : std::vector<WalletDestination> result;
345 : // extract addresses and check if they match with an unused keypool key
346 0 : for (const auto& keyid : GetAffectedKeys(script, *this)) {
347 0 : std::map<CKeyID, int64_t>::const_iterator mi = m_pool_key_to_index.find(keyid);
348 0 : if (mi != m_pool_key_to_index.end()) {
349 0 : WalletLogPrintf("%s: Detected a used keypool key, mark all keypool keys up to this key as used\n", __func__);
350 0 : for (const auto& keypool : MarkReserveKeysAsUsed(mi->second)) {
351 : // derive all possible destinations as any of them could have been used
352 0 : for (const auto& type : LEGACY_OUTPUT_TYPES) {
353 0 : const auto& dest = GetDestinationForKey(keypool.vchPubKey, type);
354 0 : result.push_back({dest, keypool.fInternal});
355 0 : }
356 : }
357 :
358 0 : if (!TopUp()) {
359 0 : WalletLogPrintf("%s: Topping up keypool failed (locked wallet)\n", __func__);
360 0 : }
361 0 : }
362 :
363 : // Find the key's metadata and check if it's seed id (if it has one) is inactive, i.e. it is not the current m_hd_chain seed id.
364 : // If so, TopUp the inactive hd chain
365 0 : auto it = mapKeyMetadata.find(keyid);
366 0 : if (it != mapKeyMetadata.end()){
367 0 : CKeyMetadata meta = it->second;
368 0 : if (!meta.hd_seed_id.IsNull() && meta.hd_seed_id != m_hd_chain.seed_id) {
369 0 : std::vector<uint32_t> path;
370 0 : if (meta.has_key_origin) {
371 0 : path = meta.key_origin.path;
372 0 : } else if (!ParseHDKeypath(meta.hdKeypath, path)) {
373 0 : WalletLogPrintf("%s: Adding inactive seed keys failed, invalid hdKeypath: %s\n",
374 : __func__,
375 0 : meta.hdKeypath);
376 0 : }
377 0 : if (path.size() != 3) {
378 0 : WalletLogPrintf("%s: Adding inactive seed keys failed, invalid path size: %d, has_key_origin: %s\n",
379 : __func__,
380 0 : path.size(),
381 0 : meta.has_key_origin);
382 0 : } else {
383 0 : bool internal = (path[1] & ~BIP32_HARDENED_KEY_LIMIT) != 0;
384 0 : int64_t index = path[2] & ~BIP32_HARDENED_KEY_LIMIT;
385 :
386 0 : if (!TopUpInactiveHDChain(meta.hd_seed_id, index, internal)) {
387 0 : WalletLogPrintf("%s: Adding inactive seed keys failed\n", __func__);
388 0 : }
389 : }
390 0 : }
391 0 : }
392 : }
393 :
394 0 : return result;
395 0 : }
396 :
397 0 : void LegacyScriptPubKeyMan::UpgradeKeyMetadata()
398 : {
399 0 : LOCK(cs_KeyStore);
400 0 : if (m_storage.IsLocked() || m_storage.IsWalletFlagSet(WALLET_FLAG_KEY_ORIGIN_METADATA)) {
401 0 : return;
402 : }
403 :
404 0 : std::unique_ptr<WalletBatch> batch = std::make_unique<WalletBatch>(m_storage.GetDatabase());
405 0 : for (auto& meta_pair : mapKeyMetadata) {
406 0 : CKeyMetadata& meta = meta_pair.second;
407 0 : if (!meta.hd_seed_id.IsNull() && !meta.has_key_origin && meta.hdKeypath != "s") { // If the hdKeypath is "s", that's the seed and it doesn't have a key origin
408 0 : CKey key;
409 0 : GetKey(meta.hd_seed_id, key);
410 0 : CExtKey masterKey;
411 0 : masterKey.SetSeed(key);
412 : // Add to map
413 0 : CKeyID master_id = masterKey.key.GetPubKey().GetID();
414 0 : std::copy(master_id.begin(), master_id.begin() + 4, meta.key_origin.fingerprint);
415 0 : if (!ParseHDKeypath(meta.hdKeypath, meta.key_origin.path)) {
416 0 : throw std::runtime_error("Invalid stored hdKeypath");
417 : }
418 0 : meta.has_key_origin = true;
419 0 : if (meta.nVersion < CKeyMetadata::VERSION_WITH_KEY_ORIGIN) {
420 0 : meta.nVersion = CKeyMetadata::VERSION_WITH_KEY_ORIGIN;
421 0 : }
422 :
423 : // Write meta to wallet
424 0 : CPubKey pubkey;
425 0 : if (GetPubKey(meta_pair.first, pubkey)) {
426 0 : batch->WriteKeyMetadata(meta, pubkey, true);
427 0 : }
428 0 : }
429 : }
430 0 : }
431 :
432 0 : bool LegacyScriptPubKeyMan::SetupGeneration(bool force)
433 : {
434 0 : if ((CanGenerateKeys() && !force) || m_storage.IsLocked()) {
435 0 : return false;
436 : }
437 :
438 0 : SetHDSeed(GenerateNewSeed());
439 0 : if (!NewKeyPool()) {
440 0 : return false;
441 : }
442 0 : return true;
443 0 : }
444 :
445 0 : bool LegacyScriptPubKeyMan::IsHDEnabled() const
446 : {
447 0 : return !m_hd_chain.seed_id.IsNull();
448 : }
449 :
450 0 : bool LegacyScriptPubKeyMan::CanGetAddresses(bool internal) const
451 : {
452 0 : LOCK(cs_KeyStore);
453 : // Check if the keypool has keys
454 : bool keypool_has_keys;
455 0 : if (internal && m_storage.CanSupportFeature(FEATURE_HD_SPLIT)) {
456 0 : keypool_has_keys = setInternalKeyPool.size() > 0;
457 0 : } else {
458 0 : keypool_has_keys = KeypoolCountExternalKeys() > 0;
459 : }
460 : // If the keypool doesn't have keys, check if we can generate them
461 0 : if (!keypool_has_keys) {
462 0 : return CanGenerateKeys();
463 : }
464 0 : return keypool_has_keys;
465 0 : }
466 :
467 0 : bool LegacyScriptPubKeyMan::Upgrade(int prev_version, int new_version, bilingual_str& error)
468 : {
469 0 : LOCK(cs_KeyStore);
470 :
471 0 : if (m_storage.IsWalletFlagSet(WALLET_FLAG_DISABLE_PRIVATE_KEYS)) {
472 : // Nothing to do here if private keys are not enabled
473 0 : return true;
474 : }
475 :
476 0 : bool hd_upgrade = false;
477 0 : bool split_upgrade = false;
478 0 : if (IsFeatureSupported(new_version, FEATURE_HD) && !IsHDEnabled()) {
479 0 : WalletLogPrintf("Upgrading wallet to HD\n");
480 0 : m_storage.SetMinVersion(FEATURE_HD);
481 :
482 : // generate a new master key
483 0 : CPubKey masterPubKey = GenerateNewSeed();
484 0 : SetHDSeed(masterPubKey);
485 0 : hd_upgrade = true;
486 0 : }
487 : // Upgrade to HD chain split if necessary
488 0 : if (!IsFeatureSupported(prev_version, FEATURE_HD_SPLIT) && IsFeatureSupported(new_version, FEATURE_HD_SPLIT)) {
489 0 : WalletLogPrintf("Upgrading wallet to use HD chain split\n");
490 0 : m_storage.SetMinVersion(FEATURE_PRE_SPLIT_KEYPOOL);
491 0 : split_upgrade = FEATURE_HD_SPLIT > prev_version;
492 : // Upgrade the HDChain
493 0 : if (m_hd_chain.nVersion < CHDChain::VERSION_HD_CHAIN_SPLIT) {
494 0 : m_hd_chain.nVersion = CHDChain::VERSION_HD_CHAIN_SPLIT;
495 0 : if (!WalletBatch(m_storage.GetDatabase()).WriteHDChain(m_hd_chain)) {
496 0 : throw std::runtime_error(std::string(__func__) + ": writing chain failed");
497 : }
498 0 : }
499 0 : }
500 : // Mark all keys currently in the keypool as pre-split
501 0 : if (split_upgrade) {
502 0 : MarkPreSplitKeys();
503 0 : }
504 : // Regenerate the keypool if upgraded to HD
505 0 : if (hd_upgrade) {
506 0 : if (!NewKeyPool()) {
507 0 : error = _("Unable to generate keys");
508 0 : return false;
509 : }
510 0 : }
511 0 : return true;
512 0 : }
513 :
514 0 : bool LegacyScriptPubKeyMan::HavePrivateKeys() const
515 : {
516 0 : LOCK(cs_KeyStore);
517 0 : return !mapKeys.empty() || !mapCryptedKeys.empty();
518 0 : }
519 :
520 0 : void LegacyScriptPubKeyMan::RewriteDB()
521 : {
522 0 : LOCK(cs_KeyStore);
523 0 : setInternalKeyPool.clear();
524 0 : setExternalKeyPool.clear();
525 0 : m_pool_key_to_index.clear();
526 : // Note: can't top-up keypool here, because wallet is locked.
527 : // User will be prompted to unlock wallet the next operation
528 : // that requires a new key.
529 0 : }
530 :
531 0 : static int64_t GetOldestKeyTimeInPool(const std::set<int64_t>& setKeyPool, WalletBatch& batch) {
532 0 : if (setKeyPool.empty()) {
533 0 : return GetTime();
534 : }
535 :
536 0 : CKeyPool keypool;
537 0 : int64_t nIndex = *(setKeyPool.begin());
538 0 : if (!batch.ReadPool(nIndex, keypool)) {
539 0 : throw std::runtime_error(std::string(__func__) + ": read oldest key in keypool failed");
540 : }
541 0 : assert(keypool.vchPubKey.IsValid());
542 0 : return keypool.nTime;
543 0 : }
544 :
545 0 : std::optional<int64_t> LegacyScriptPubKeyMan::GetOldestKeyPoolTime() const
546 : {
547 0 : LOCK(cs_KeyStore);
548 :
549 0 : WalletBatch batch(m_storage.GetDatabase());
550 :
551 : // load oldest key from keypool, get time and return
552 0 : int64_t oldestKey = GetOldestKeyTimeInPool(setExternalKeyPool, batch);
553 0 : if (IsHDEnabled() && m_storage.CanSupportFeature(FEATURE_HD_SPLIT)) {
554 0 : oldestKey = std::max(GetOldestKeyTimeInPool(setInternalKeyPool, batch), oldestKey);
555 0 : if (!set_pre_split_keypool.empty()) {
556 0 : oldestKey = std::max(GetOldestKeyTimeInPool(set_pre_split_keypool, batch), oldestKey);
557 0 : }
558 0 : }
559 :
560 0 : return oldestKey;
561 0 : }
562 :
563 0 : size_t LegacyScriptPubKeyMan::KeypoolCountExternalKeys() const
564 : {
565 0 : LOCK(cs_KeyStore);
566 0 : return setExternalKeyPool.size() + set_pre_split_keypool.size();
567 0 : }
568 :
569 0 : unsigned int LegacyScriptPubKeyMan::GetKeyPoolSize() const
570 : {
571 0 : LOCK(cs_KeyStore);
572 0 : return setInternalKeyPool.size() + setExternalKeyPool.size() + set_pre_split_keypool.size();
573 0 : }
574 :
575 0 : int64_t LegacyScriptPubKeyMan::GetTimeFirstKey() const
576 : {
577 0 : LOCK(cs_KeyStore);
578 0 : return nTimeFirstKey;
579 0 : }
580 :
581 0 : std::unique_ptr<SigningProvider> LegacyScriptPubKeyMan::GetSolvingProvider(const CScript& script) const
582 : {
583 0 : return std::make_unique<LegacySigningProvider>(*this);
584 : }
585 :
586 0 : bool LegacyScriptPubKeyMan::CanProvide(const CScript& script, SignatureData& sigdata)
587 : {
588 0 : IsMineResult ismine = IsMineInner(*this, script, IsMineSigVersion::TOP, /* recurse_scripthash= */ false);
589 0 : if (ismine == IsMineResult::SPENDABLE || ismine == IsMineResult::WATCH_ONLY) {
590 : // If ismine, it means we recognize keys or script ids in the script, or
591 : // are watching the script itself, and we can at least provide metadata
592 : // or solving information, even if not able to sign fully.
593 0 : return true;
594 : } else {
595 : // If, given the stuff in sigdata, we could make a valid signature, then we can provide for this script
596 0 : ProduceSignature(*this, DUMMY_SIGNATURE_CREATOR, script, sigdata);
597 0 : if (!sigdata.signatures.empty()) {
598 : // If we could make signatures, make sure we have a private key to actually make a signature
599 0 : bool has_privkeys = false;
600 0 : for (const auto& key_sig_pair : sigdata.signatures) {
601 0 : has_privkeys |= HaveKey(key_sig_pair.first);
602 : }
603 0 : return has_privkeys;
604 : }
605 0 : return false;
606 : }
607 0 : }
608 :
609 0 : bool LegacyScriptPubKeyMan::SignTransaction(CMutableTransaction& tx, const std::map<COutPoint, Coin>& coins, int sighash, std::map<int, bilingual_str>& input_errors) const
610 : {
611 0 : return ::SignTransaction(tx, this, coins, sighash, input_errors);
612 : }
613 :
614 0 : SigningResult LegacyScriptPubKeyMan::SignMessage(const std::string& message, const PKHash& pkhash, std::string& str_sig) const
615 : {
616 0 : CKey key;
617 0 : if (!GetKey(ToKeyID(pkhash), key)) {
618 0 : return SigningResult::PRIVATE_KEY_NOT_AVAILABLE;
619 : }
620 :
621 0 : if (MessageSign(key, message, str_sig)) {
622 0 : return SigningResult::OK;
623 : }
624 0 : return SigningResult::SIGNING_FAILED;
625 0 : }
626 :
627 0 : TransactionError LegacyScriptPubKeyMan::FillPSBT(PartiallySignedTransaction& psbtx, const PrecomputedTransactionData& txdata, int sighash_type, bool sign, bool bip32derivs, int* n_signed, bool finalize) const
628 : {
629 0 : if (n_signed) {
630 0 : *n_signed = 0;
631 0 : }
632 0 : for (unsigned int i = 0; i < psbtx.tx->vin.size(); ++i) {
633 0 : const CTxIn& txin = psbtx.tx->vin[i];
634 0 : PSBTInput& input = psbtx.inputs.at(i);
635 :
636 0 : if (PSBTInputSigned(input)) {
637 0 : continue;
638 : }
639 :
640 : // Get the Sighash type
641 0 : if (sign && input.sighash_type != std::nullopt && *input.sighash_type != sighash_type) {
642 0 : return TransactionError::SIGHASH_MISMATCH;
643 : }
644 :
645 : // Check non_witness_utxo has specified prevout
646 0 : if (input.non_witness_utxo) {
647 0 : if (txin.prevout.n >= input.non_witness_utxo->vout.size()) {
648 0 : return TransactionError::MISSING_INPUTS;
649 : }
650 0 : } else if (input.witness_utxo.IsNull()) {
651 : // There's no UTXO so we can just skip this now
652 0 : continue;
653 : }
654 0 : SignatureData sigdata;
655 0 : input.FillSignatureData(sigdata);
656 0 : SignPSBTInput(HidingSigningProvider(this, !sign, !bip32derivs), psbtx, i, &txdata, sighash_type, nullptr, finalize);
657 :
658 0 : bool signed_one = PSBTInputSigned(input);
659 0 : if (n_signed && (signed_one || !sign)) {
660 : // If sign is false, we assume that we _could_ sign if we get here. This
661 : // will never have false negatives; it is hard to tell under what i
662 : // circumstances it could have false positives.
663 0 : (*n_signed)++;
664 0 : }
665 0 : }
666 :
667 : // Fill in the bip32 keypaths and redeemscripts for the outputs so that hardware wallets can identify change
668 0 : for (unsigned int i = 0; i < psbtx.tx->vout.size(); ++i) {
669 0 : UpdatePSBTOutput(HidingSigningProvider(this, true, !bip32derivs), psbtx, i);
670 0 : }
671 :
672 0 : return TransactionError::OK;
673 0 : }
674 :
675 0 : std::unique_ptr<CKeyMetadata> LegacyScriptPubKeyMan::GetMetadata(const CTxDestination& dest) const
676 : {
677 0 : LOCK(cs_KeyStore);
678 :
679 0 : CKeyID key_id = GetKeyForDestination(*this, dest);
680 0 : if (!key_id.IsNull()) {
681 0 : auto it = mapKeyMetadata.find(key_id);
682 0 : if (it != mapKeyMetadata.end()) {
683 0 : return std::make_unique<CKeyMetadata>(it->second);
684 : }
685 0 : }
686 :
687 0 : CScript scriptPubKey = GetScriptForDestination(dest);
688 0 : auto it = m_script_metadata.find(CScriptID(scriptPubKey));
689 0 : if (it != m_script_metadata.end()) {
690 0 : return std::make_unique<CKeyMetadata>(it->second);
691 : }
692 :
693 0 : return nullptr;
694 0 : }
695 :
696 0 : uint256 LegacyScriptPubKeyMan::GetID() const
697 : {
698 0 : return uint256::ONE;
699 : }
700 :
701 : /**
702 : * Update wallet first key creation time. This should be called whenever keys
703 : * are added to the wallet, with the oldest key creation time.
704 : */
705 0 : void LegacyScriptPubKeyMan::UpdateTimeFirstKey(int64_t nCreateTime)
706 : {
707 0 : AssertLockHeld(cs_KeyStore);
708 0 : if (nCreateTime <= 1) {
709 : // Cannot determine birthday information, so set the wallet birthday to
710 : // the beginning of time.
711 0 : nTimeFirstKey = 1;
712 0 : } else if (!nTimeFirstKey || nCreateTime < nTimeFirstKey) {
713 0 : nTimeFirstKey = nCreateTime;
714 0 : }
715 :
716 0 : NotifyFirstKeyTimeChanged(this, nTimeFirstKey);
717 0 : }
718 :
719 0 : bool LegacyScriptPubKeyMan::LoadKey(const CKey& key, const CPubKey &pubkey)
720 : {
721 0 : return AddKeyPubKeyInner(key, pubkey);
722 : }
723 :
724 0 : bool LegacyScriptPubKeyMan::AddKeyPubKey(const CKey& secret, const CPubKey &pubkey)
725 : {
726 0 : LOCK(cs_KeyStore);
727 0 : WalletBatch batch(m_storage.GetDatabase());
728 0 : return LegacyScriptPubKeyMan::AddKeyPubKeyWithDB(batch, secret, pubkey);
729 0 : }
730 :
731 0 : bool LegacyScriptPubKeyMan::AddKeyPubKeyWithDB(WalletBatch& batch, const CKey& secret, const CPubKey& pubkey)
732 : {
733 0 : AssertLockHeld(cs_KeyStore);
734 :
735 : // Make sure we aren't adding private keys to private key disabled wallets
736 0 : assert(!m_storage.IsWalletFlagSet(WALLET_FLAG_DISABLE_PRIVATE_KEYS));
737 :
738 : // FillableSigningProvider has no concept of wallet databases, but calls AddCryptedKey
739 : // which is overridden below. To avoid flushes, the database handle is
740 : // tunneled through to it.
741 0 : bool needsDB = !encrypted_batch;
742 0 : if (needsDB) {
743 0 : encrypted_batch = &batch;
744 0 : }
745 0 : if (!AddKeyPubKeyInner(secret, pubkey)) {
746 0 : if (needsDB) encrypted_batch = nullptr;
747 0 : return false;
748 : }
749 0 : if (needsDB) encrypted_batch = nullptr;
750 :
751 : // check if we need to remove from watch-only
752 0 : CScript script;
753 0 : script = GetScriptForDestination(PKHash(pubkey));
754 0 : if (HaveWatchOnly(script)) {
755 0 : RemoveWatchOnly(script);
756 0 : }
757 0 : script = GetScriptForRawPubKey(pubkey);
758 0 : if (HaveWatchOnly(script)) {
759 0 : RemoveWatchOnly(script);
760 0 : }
761 :
762 0 : m_storage.UnsetBlankWalletFlag(batch);
763 0 : if (!m_storage.HasEncryptionKeys()) {
764 0 : return batch.WriteKey(pubkey,
765 0 : secret.GetPrivKey(),
766 0 : mapKeyMetadata[pubkey.GetID()]);
767 : }
768 0 : return true;
769 0 : }
770 :
771 0 : bool LegacyScriptPubKeyMan::LoadCScript(const CScript& redeemScript)
772 : {
773 : /* A sanity check was added in pull #3843 to avoid adding redeemScripts
774 : * that never can be redeemed. However, old wallets may still contain
775 : * these. Do not add them to the wallet and warn. */
776 0 : if (redeemScript.size() > MAX_SCRIPT_ELEMENT_SIZE)
777 : {
778 0 : std::string strAddr = EncodeDestination(ScriptHash(redeemScript));
779 0 : WalletLogPrintf("%s: Warning: This wallet contains a redeemScript of size %i which exceeds maximum size %i thus can never be redeemed. Do not use address %s.\n", __func__, redeemScript.size(), MAX_SCRIPT_ELEMENT_SIZE, strAddr);
780 0 : return true;
781 0 : }
782 :
783 0 : return FillableSigningProvider::AddCScript(redeemScript);
784 0 : }
785 :
786 0 : void LegacyScriptPubKeyMan::LoadKeyMetadata(const CKeyID& keyID, const CKeyMetadata& meta)
787 : {
788 0 : LOCK(cs_KeyStore);
789 0 : UpdateTimeFirstKey(meta.nCreateTime);
790 0 : mapKeyMetadata[keyID] = meta;
791 0 : }
792 :
793 0 : void LegacyScriptPubKeyMan::LoadScriptMetadata(const CScriptID& script_id, const CKeyMetadata& meta)
794 : {
795 0 : LOCK(cs_KeyStore);
796 0 : UpdateTimeFirstKey(meta.nCreateTime);
797 0 : m_script_metadata[script_id] = meta;
798 0 : }
799 :
800 0 : bool LegacyScriptPubKeyMan::AddKeyPubKeyInner(const CKey& key, const CPubKey &pubkey)
801 : {
802 0 : LOCK(cs_KeyStore);
803 0 : if (!m_storage.HasEncryptionKeys()) {
804 0 : return FillableSigningProvider::AddKeyPubKey(key, pubkey);
805 : }
806 :
807 0 : if (m_storage.IsLocked()) {
808 0 : return false;
809 : }
810 :
811 0 : std::vector<unsigned char> vchCryptedSecret;
812 0 : CKeyingMaterial vchSecret(key.begin(), key.end());
813 0 : if (!EncryptSecret(m_storage.GetEncryptionKey(), vchSecret, pubkey.GetHash(), vchCryptedSecret)) {
814 0 : return false;
815 : }
816 :
817 0 : if (!AddCryptedKey(pubkey, vchCryptedSecret)) {
818 0 : return false;
819 : }
820 0 : return true;
821 0 : }
822 :
823 0 : bool LegacyScriptPubKeyMan::LoadCryptedKey(const CPubKey &vchPubKey, const std::vector<unsigned char> &vchCryptedSecret, bool checksum_valid)
824 : {
825 : // Set fDecryptionThoroughlyChecked to false when the checksum is invalid
826 0 : if (!checksum_valid) {
827 0 : fDecryptionThoroughlyChecked = false;
828 0 : }
829 :
830 0 : return AddCryptedKeyInner(vchPubKey, vchCryptedSecret);
831 : }
832 :
833 0 : bool LegacyScriptPubKeyMan::AddCryptedKeyInner(const CPubKey &vchPubKey, const std::vector<unsigned char> &vchCryptedSecret)
834 : {
835 0 : LOCK(cs_KeyStore);
836 0 : assert(mapKeys.empty());
837 :
838 0 : mapCryptedKeys[vchPubKey.GetID()] = make_pair(vchPubKey, vchCryptedSecret);
839 0 : ImplicitlyLearnRelatedKeyScripts(vchPubKey);
840 : return true;
841 0 : }
842 :
843 0 : bool LegacyScriptPubKeyMan::AddCryptedKey(const CPubKey &vchPubKey,
844 : const std::vector<unsigned char> &vchCryptedSecret)
845 : {
846 0 : if (!AddCryptedKeyInner(vchPubKey, vchCryptedSecret))
847 0 : return false;
848 : {
849 0 : LOCK(cs_KeyStore);
850 0 : if (encrypted_batch)
851 0 : return encrypted_batch->WriteCryptedKey(vchPubKey,
852 0 : vchCryptedSecret,
853 0 : mapKeyMetadata[vchPubKey.GetID()]);
854 : else
855 0 : return WalletBatch(m_storage.GetDatabase()).WriteCryptedKey(vchPubKey,
856 0 : vchCryptedSecret,
857 0 : mapKeyMetadata[vchPubKey.GetID()]);
858 0 : }
859 0 : }
860 :
861 0 : bool LegacyScriptPubKeyMan::HaveWatchOnly(const CScript &dest) const
862 : {
863 0 : LOCK(cs_KeyStore);
864 0 : return setWatchOnly.count(dest) > 0;
865 0 : }
866 :
867 0 : bool LegacyScriptPubKeyMan::HaveWatchOnly() const
868 : {
869 0 : LOCK(cs_KeyStore);
870 0 : return (!setWatchOnly.empty());
871 0 : }
872 :
873 0 : static bool ExtractPubKey(const CScript &dest, CPubKey& pubKeyOut)
874 : {
875 0 : std::vector<std::vector<unsigned char>> solutions;
876 0 : return Solver(dest, solutions) == TxoutType::PUBKEY &&
877 0 : (pubKeyOut = CPubKey(solutions[0])).IsFullyValid();
878 0 : }
879 :
880 0 : bool LegacyScriptPubKeyMan::RemoveWatchOnly(const CScript &dest)
881 : {
882 : {
883 0 : LOCK(cs_KeyStore);
884 0 : setWatchOnly.erase(dest);
885 0 : CPubKey pubKey;
886 0 : if (ExtractPubKey(dest, pubKey)) {
887 0 : mapWatchKeys.erase(pubKey.GetID());
888 0 : }
889 : // Related CScripts are not removed; having superfluous scripts around is
890 : // harmless (see comment in ImplicitlyLearnRelatedKeyScripts).
891 0 : }
892 :
893 0 : if (!HaveWatchOnly())
894 0 : NotifyWatchonlyChanged(false);
895 0 : if (!WalletBatch(m_storage.GetDatabase()).EraseWatchOnly(dest))
896 0 : return false;
897 :
898 0 : return true;
899 0 : }
900 :
901 0 : bool LegacyScriptPubKeyMan::LoadWatchOnly(const CScript &dest)
902 : {
903 0 : return AddWatchOnlyInMem(dest);
904 : }
905 :
906 0 : bool LegacyScriptPubKeyMan::AddWatchOnlyInMem(const CScript &dest)
907 : {
908 0 : LOCK(cs_KeyStore);
909 0 : setWatchOnly.insert(dest);
910 0 : CPubKey pubKey;
911 0 : if (ExtractPubKey(dest, pubKey)) {
912 0 : mapWatchKeys[pubKey.GetID()] = pubKey;
913 0 : ImplicitlyLearnRelatedKeyScripts(pubKey);
914 0 : }
915 : return true;
916 0 : }
917 :
918 0 : bool LegacyScriptPubKeyMan::AddWatchOnlyWithDB(WalletBatch &batch, const CScript& dest)
919 : {
920 0 : if (!AddWatchOnlyInMem(dest))
921 0 : return false;
922 0 : const CKeyMetadata& meta = m_script_metadata[CScriptID(dest)];
923 0 : UpdateTimeFirstKey(meta.nCreateTime);
924 0 : NotifyWatchonlyChanged(true);
925 0 : if (batch.WriteWatchOnly(dest, meta)) {
926 0 : m_storage.UnsetBlankWalletFlag(batch);
927 0 : return true;
928 : }
929 0 : return false;
930 0 : }
931 :
932 0 : bool LegacyScriptPubKeyMan::AddWatchOnlyWithDB(WalletBatch &batch, const CScript& dest, int64_t create_time)
933 : {
934 0 : m_script_metadata[CScriptID(dest)].nCreateTime = create_time;
935 0 : return AddWatchOnlyWithDB(batch, dest);
936 : }
937 :
938 0 : bool LegacyScriptPubKeyMan::AddWatchOnly(const CScript& dest)
939 : {
940 0 : WalletBatch batch(m_storage.GetDatabase());
941 0 : return AddWatchOnlyWithDB(batch, dest);
942 0 : }
943 :
944 0 : bool LegacyScriptPubKeyMan::AddWatchOnly(const CScript& dest, int64_t nCreateTime)
945 : {
946 0 : m_script_metadata[CScriptID(dest)].nCreateTime = nCreateTime;
947 0 : return AddWatchOnly(dest);
948 : }
949 :
950 0 : void LegacyScriptPubKeyMan::LoadHDChain(const CHDChain& chain)
951 : {
952 0 : LOCK(cs_KeyStore);
953 0 : m_hd_chain = chain;
954 0 : }
955 :
956 0 : void LegacyScriptPubKeyMan::AddHDChain(const CHDChain& chain)
957 : {
958 0 : LOCK(cs_KeyStore);
959 : // Store the new chain
960 0 : if (!WalletBatch(m_storage.GetDatabase()).WriteHDChain(chain)) {
961 0 : throw std::runtime_error(std::string(__func__) + ": writing chain failed");
962 : }
963 : // When there's an old chain, add it as an inactive chain as we are now rotating hd chains
964 0 : if (!m_hd_chain.seed_id.IsNull()) {
965 0 : AddInactiveHDChain(m_hd_chain);
966 0 : }
967 :
968 0 : m_hd_chain = chain;
969 0 : }
970 :
971 0 : void LegacyScriptPubKeyMan::AddInactiveHDChain(const CHDChain& chain)
972 : {
973 0 : LOCK(cs_KeyStore);
974 0 : assert(!chain.seed_id.IsNull());
975 0 : m_inactive_hd_chains[chain.seed_id] = chain;
976 0 : }
977 :
978 0 : bool LegacyScriptPubKeyMan::HaveKey(const CKeyID &address) const
979 : {
980 0 : LOCK(cs_KeyStore);
981 0 : if (!m_storage.HasEncryptionKeys()) {
982 0 : return FillableSigningProvider::HaveKey(address);
983 : }
984 0 : return mapCryptedKeys.count(address) > 0;
985 0 : }
986 :
987 0 : bool LegacyScriptPubKeyMan::GetKey(const CKeyID &address, CKey& keyOut) const
988 : {
989 0 : LOCK(cs_KeyStore);
990 0 : if (!m_storage.HasEncryptionKeys()) {
991 0 : return FillableSigningProvider::GetKey(address, keyOut);
992 : }
993 :
994 0 : CryptedKeyMap::const_iterator mi = mapCryptedKeys.find(address);
995 0 : if (mi != mapCryptedKeys.end())
996 : {
997 0 : const CPubKey &vchPubKey = (*mi).second.first;
998 0 : const std::vector<unsigned char> &vchCryptedSecret = (*mi).second.second;
999 0 : return DecryptKey(m_storage.GetEncryptionKey(), vchCryptedSecret, vchPubKey, keyOut);
1000 : }
1001 0 : return false;
1002 0 : }
1003 :
1004 0 : bool LegacyScriptPubKeyMan::GetKeyOrigin(const CKeyID& keyID, KeyOriginInfo& info) const
1005 : {
1006 0 : CKeyMetadata meta;
1007 : {
1008 0 : LOCK(cs_KeyStore);
1009 0 : auto it = mapKeyMetadata.find(keyID);
1010 0 : if (it == mapKeyMetadata.end()) {
1011 0 : return false;
1012 : }
1013 0 : meta = it->second;
1014 0 : }
1015 0 : if (meta.has_key_origin) {
1016 0 : std::copy(meta.key_origin.fingerprint, meta.key_origin.fingerprint + 4, info.fingerprint);
1017 0 : info.path = meta.key_origin.path;
1018 0 : } else { // Single pubkeys get the master fingerprint of themselves
1019 0 : std::copy(keyID.begin(), keyID.begin() + 4, info.fingerprint);
1020 : }
1021 0 : return true;
1022 0 : }
1023 :
1024 0 : bool LegacyScriptPubKeyMan::GetWatchPubKey(const CKeyID &address, CPubKey &pubkey_out) const
1025 : {
1026 0 : LOCK(cs_KeyStore);
1027 0 : WatchKeyMap::const_iterator it = mapWatchKeys.find(address);
1028 0 : if (it != mapWatchKeys.end()) {
1029 0 : pubkey_out = it->second;
1030 0 : return true;
1031 : }
1032 0 : return false;
1033 0 : }
1034 :
1035 0 : bool LegacyScriptPubKeyMan::GetPubKey(const CKeyID &address, CPubKey& vchPubKeyOut) const
1036 : {
1037 0 : LOCK(cs_KeyStore);
1038 0 : if (!m_storage.HasEncryptionKeys()) {
1039 0 : if (!FillableSigningProvider::GetPubKey(address, vchPubKeyOut)) {
1040 0 : return GetWatchPubKey(address, vchPubKeyOut);
1041 : }
1042 0 : return true;
1043 : }
1044 :
1045 0 : CryptedKeyMap::const_iterator mi = mapCryptedKeys.find(address);
1046 0 : if (mi != mapCryptedKeys.end())
1047 : {
1048 0 : vchPubKeyOut = (*mi).second.first;
1049 0 : return true;
1050 : }
1051 : // Check for watch-only pubkeys
1052 0 : return GetWatchPubKey(address, vchPubKeyOut);
1053 0 : }
1054 :
1055 0 : CPubKey LegacyScriptPubKeyMan::GenerateNewKey(WalletBatch &batch, CHDChain& hd_chain, bool internal)
1056 : {
1057 0 : assert(!m_storage.IsWalletFlagSet(WALLET_FLAG_DISABLE_PRIVATE_KEYS));
1058 0 : assert(!m_storage.IsWalletFlagSet(WALLET_FLAG_BLANK_WALLET));
1059 0 : AssertLockHeld(cs_KeyStore);
1060 0 : bool fCompressed = m_storage.CanSupportFeature(FEATURE_COMPRPUBKEY); // default to compressed public keys if we want 0.6.0 wallets
1061 :
1062 0 : CKey secret;
1063 :
1064 : // Create new metadata
1065 0 : int64_t nCreationTime = GetTime();
1066 0 : CKeyMetadata metadata(nCreationTime);
1067 :
1068 : // use HD key derivation if HD was enabled during wallet creation and a seed is present
1069 0 : if (IsHDEnabled()) {
1070 0 : DeriveNewChildKey(batch, metadata, secret, hd_chain, (m_storage.CanSupportFeature(FEATURE_HD_SPLIT) ? internal : false));
1071 0 : } else {
1072 0 : secret.MakeNewKey(fCompressed);
1073 : }
1074 :
1075 : // Compressed public keys were introduced in version 0.6.0
1076 0 : if (fCompressed) {
1077 0 : m_storage.SetMinVersion(FEATURE_COMPRPUBKEY);
1078 0 : }
1079 :
1080 0 : CPubKey pubkey = secret.GetPubKey();
1081 0 : assert(secret.VerifyPubKey(pubkey));
1082 :
1083 0 : mapKeyMetadata[pubkey.GetID()] = metadata;
1084 0 : UpdateTimeFirstKey(nCreationTime);
1085 :
1086 0 : if (!AddKeyPubKeyWithDB(batch, secret, pubkey)) {
1087 0 : throw std::runtime_error(std::string(__func__) + ": AddKey failed");
1088 : }
1089 : return pubkey;
1090 0 : }
1091 :
1092 : //! Try to derive an extended key, throw if it fails.
1093 0 : static void DeriveExtKey(CExtKey& key_in, unsigned int index, CExtKey& key_out) {
1094 0 : if (!key_in.Derive(key_out, index)) {
1095 0 : throw std::runtime_error("Could not derive extended key");
1096 : }
1097 0 : }
1098 :
1099 0 : void LegacyScriptPubKeyMan::DeriveNewChildKey(WalletBatch &batch, CKeyMetadata& metadata, CKey& secret, CHDChain& hd_chain, bool internal)
1100 : {
1101 : // for now we use a fixed keypath scheme of m/0'/0'/k
1102 0 : CKey seed; //seed (256bit)
1103 0 : CExtKey masterKey; //hd master key
1104 0 : CExtKey accountKey; //key at m/0'
1105 0 : CExtKey chainChildKey; //key at m/0'/0' (external) or m/0'/1' (internal)
1106 0 : CExtKey childKey; //key at m/0'/0'/<n>'
1107 :
1108 : // try to get the seed
1109 0 : if (!GetKey(hd_chain.seed_id, seed))
1110 0 : throw std::runtime_error(std::string(__func__) + ": seed not found");
1111 :
1112 0 : masterKey.SetSeed(seed);
1113 :
1114 : // derive m/0'
1115 : // use hardened derivation (child keys >= 0x80000000 are hardened after bip32)
1116 0 : DeriveExtKey(masterKey, BIP32_HARDENED_KEY_LIMIT, accountKey);
1117 :
1118 : // derive m/0'/0' (external chain) OR m/0'/1' (internal chain)
1119 0 : assert(internal ? m_storage.CanSupportFeature(FEATURE_HD_SPLIT) : true);
1120 0 : DeriveExtKey(accountKey, BIP32_HARDENED_KEY_LIMIT+(internal ? 1 : 0), chainChildKey);
1121 :
1122 : // derive child key at next index, skip keys already known to the wallet
1123 0 : do {
1124 : // always derive hardened keys
1125 : // childIndex | BIP32_HARDENED_KEY_LIMIT = derive childIndex in hardened child-index-range
1126 : // example: 1 | BIP32_HARDENED_KEY_LIMIT == 0x80000001 == 2147483649
1127 0 : if (internal) {
1128 0 : DeriveExtKey(chainChildKey, hd_chain.nInternalChainCounter | BIP32_HARDENED_KEY_LIMIT, childKey);
1129 0 : metadata.hdKeypath = "m/0'/1'/" + ToString(hd_chain.nInternalChainCounter) + "'";
1130 0 : metadata.key_origin.path.push_back(0 | BIP32_HARDENED_KEY_LIMIT);
1131 0 : metadata.key_origin.path.push_back(1 | BIP32_HARDENED_KEY_LIMIT);
1132 0 : metadata.key_origin.path.push_back(hd_chain.nInternalChainCounter | BIP32_HARDENED_KEY_LIMIT);
1133 0 : hd_chain.nInternalChainCounter++;
1134 0 : }
1135 : else {
1136 0 : DeriveExtKey(chainChildKey, hd_chain.nExternalChainCounter | BIP32_HARDENED_KEY_LIMIT, childKey);
1137 0 : metadata.hdKeypath = "m/0'/0'/" + ToString(hd_chain.nExternalChainCounter) + "'";
1138 0 : metadata.key_origin.path.push_back(0 | BIP32_HARDENED_KEY_LIMIT);
1139 0 : metadata.key_origin.path.push_back(0 | BIP32_HARDENED_KEY_LIMIT);
1140 0 : metadata.key_origin.path.push_back(hd_chain.nExternalChainCounter | BIP32_HARDENED_KEY_LIMIT);
1141 0 : hd_chain.nExternalChainCounter++;
1142 : }
1143 0 : } while (HaveKey(childKey.key.GetPubKey().GetID()));
1144 0 : secret = childKey.key;
1145 0 : metadata.hd_seed_id = hd_chain.seed_id;
1146 0 : CKeyID master_id = masterKey.key.GetPubKey().GetID();
1147 0 : std::copy(master_id.begin(), master_id.begin() + 4, metadata.key_origin.fingerprint);
1148 0 : metadata.has_key_origin = true;
1149 : // update the chain model in the database
1150 0 : if (hd_chain.seed_id == m_hd_chain.seed_id && !batch.WriteHDChain(hd_chain))
1151 0 : throw std::runtime_error(std::string(__func__) + ": writing HD chain model failed");
1152 0 : }
1153 :
1154 0 : void LegacyScriptPubKeyMan::LoadKeyPool(int64_t nIndex, const CKeyPool &keypool)
1155 : {
1156 0 : LOCK(cs_KeyStore);
1157 0 : if (keypool.m_pre_split) {
1158 0 : set_pre_split_keypool.insert(nIndex);
1159 0 : } else if (keypool.fInternal) {
1160 0 : setInternalKeyPool.insert(nIndex);
1161 0 : } else {
1162 0 : setExternalKeyPool.insert(nIndex);
1163 : }
1164 0 : m_max_keypool_index = std::max(m_max_keypool_index, nIndex);
1165 0 : m_pool_key_to_index[keypool.vchPubKey.GetID()] = nIndex;
1166 :
1167 : // If no metadata exists yet, create a default with the pool key's
1168 : // creation time. Note that this may be overwritten by actually
1169 : // stored metadata for that key later, which is fine.
1170 0 : CKeyID keyid = keypool.vchPubKey.GetID();
1171 0 : if (mapKeyMetadata.count(keyid) == 0)
1172 0 : mapKeyMetadata[keyid] = CKeyMetadata(keypool.nTime);
1173 0 : }
1174 :
1175 0 : bool LegacyScriptPubKeyMan::CanGenerateKeys() const
1176 : {
1177 : // A wallet can generate keys if it has an HD seed (IsHDEnabled) or it is a non-HD wallet (pre FEATURE_HD)
1178 0 : LOCK(cs_KeyStore);
1179 0 : return IsHDEnabled() || !m_storage.CanSupportFeature(FEATURE_HD);
1180 0 : }
1181 :
1182 0 : CPubKey LegacyScriptPubKeyMan::GenerateNewSeed()
1183 : {
1184 0 : assert(!m_storage.IsWalletFlagSet(WALLET_FLAG_DISABLE_PRIVATE_KEYS));
1185 0 : CKey key;
1186 0 : key.MakeNewKey(true);
1187 0 : return DeriveNewSeed(key);
1188 0 : }
1189 :
1190 0 : CPubKey LegacyScriptPubKeyMan::DeriveNewSeed(const CKey& key)
1191 : {
1192 0 : int64_t nCreationTime = GetTime();
1193 0 : CKeyMetadata metadata(nCreationTime);
1194 :
1195 : // calculate the seed
1196 0 : CPubKey seed = key.GetPubKey();
1197 0 : assert(key.VerifyPubKey(seed));
1198 :
1199 : // set the hd keypath to "s" -> Seed, refers the seed to itself
1200 0 : metadata.hdKeypath = "s";
1201 0 : metadata.has_key_origin = false;
1202 0 : metadata.hd_seed_id = seed.GetID();
1203 :
1204 : {
1205 0 : LOCK(cs_KeyStore);
1206 :
1207 : // mem store the metadata
1208 0 : mapKeyMetadata[seed.GetID()] = metadata;
1209 :
1210 : // write the key&metadata to the database
1211 0 : if (!AddKeyPubKey(key, seed))
1212 0 : throw std::runtime_error(std::string(__func__) + ": AddKeyPubKey failed");
1213 0 : }
1214 :
1215 : return seed;
1216 0 : }
1217 :
1218 0 : void LegacyScriptPubKeyMan::SetHDSeed(const CPubKey& seed)
1219 : {
1220 0 : LOCK(cs_KeyStore);
1221 : // store the keyid (hash160) together with
1222 : // the child index counter in the database
1223 : // as a hdchain object
1224 0 : CHDChain newHdChain;
1225 0 : newHdChain.nVersion = m_storage.CanSupportFeature(FEATURE_HD_SPLIT) ? CHDChain::VERSION_HD_CHAIN_SPLIT : CHDChain::VERSION_HD_BASE;
1226 0 : newHdChain.seed_id = seed.GetID();
1227 0 : AddHDChain(newHdChain);
1228 0 : NotifyCanGetAddressesChanged();
1229 0 : WalletBatch batch(m_storage.GetDatabase());
1230 0 : m_storage.UnsetBlankWalletFlag(batch);
1231 0 : }
1232 :
1233 : /**
1234 : * Mark old keypool keys as used,
1235 : * and generate all new keys
1236 : */
1237 0 : bool LegacyScriptPubKeyMan::NewKeyPool()
1238 : {
1239 0 : if (m_storage.IsWalletFlagSet(WALLET_FLAG_DISABLE_PRIVATE_KEYS)) {
1240 0 : return false;
1241 : }
1242 : {
1243 0 : LOCK(cs_KeyStore);
1244 0 : WalletBatch batch(m_storage.GetDatabase());
1245 :
1246 0 : for (const int64_t nIndex : setInternalKeyPool) {
1247 0 : batch.ErasePool(nIndex);
1248 : }
1249 0 : setInternalKeyPool.clear();
1250 :
1251 0 : for (const int64_t nIndex : setExternalKeyPool) {
1252 0 : batch.ErasePool(nIndex);
1253 : }
1254 0 : setExternalKeyPool.clear();
1255 :
1256 0 : for (const int64_t nIndex : set_pre_split_keypool) {
1257 0 : batch.ErasePool(nIndex);
1258 : }
1259 0 : set_pre_split_keypool.clear();
1260 :
1261 0 : m_pool_key_to_index.clear();
1262 :
1263 0 : if (!TopUp()) {
1264 0 : return false;
1265 : }
1266 0 : WalletLogPrintf("LegacyScriptPubKeyMan::NewKeyPool rewrote keypool\n");
1267 0 : }
1268 0 : return true;
1269 0 : }
1270 :
1271 0 : bool LegacyScriptPubKeyMan::TopUp(unsigned int kpSize)
1272 : {
1273 0 : if (!CanGenerateKeys()) {
1274 0 : return false;
1275 : }
1276 :
1277 0 : if (!TopUpChain(m_hd_chain, kpSize)) {
1278 0 : return false;
1279 : }
1280 0 : for (auto& [chain_id, chain] : m_inactive_hd_chains) {
1281 0 : if (!TopUpChain(chain, kpSize)) {
1282 0 : return false;
1283 : }
1284 : }
1285 0 : NotifyCanGetAddressesChanged();
1286 0 : return true;
1287 0 : }
1288 :
1289 0 : bool LegacyScriptPubKeyMan::TopUpChain(CHDChain& chain, unsigned int kpSize)
1290 : {
1291 0 : LOCK(cs_KeyStore);
1292 :
1293 0 : if (m_storage.IsLocked()) return false;
1294 :
1295 : // Top up key pool
1296 : unsigned int nTargetSize;
1297 0 : if (kpSize > 0) {
1298 0 : nTargetSize = kpSize;
1299 0 : } else {
1300 0 : nTargetSize = m_keypool_size;
1301 : }
1302 0 : int64_t target = std::max((int64_t) nTargetSize, int64_t{1});
1303 :
1304 : // count amount of available keys (internal, external)
1305 : // make sure the keypool of external and internal keys fits the user selected target (-keypool)
1306 : int64_t missingExternal;
1307 : int64_t missingInternal;
1308 0 : if (chain == m_hd_chain) {
1309 0 : missingExternal = std::max(target - (int64_t)setExternalKeyPool.size(), int64_t{0});
1310 0 : missingInternal = std::max(target - (int64_t)setInternalKeyPool.size(), int64_t{0});
1311 0 : } else {
1312 0 : missingExternal = std::max(target - (chain.nExternalChainCounter - chain.m_next_external_index), int64_t{0});
1313 0 : missingInternal = std::max(target - (chain.nInternalChainCounter - chain.m_next_internal_index), int64_t{0});
1314 : }
1315 :
1316 0 : if (!IsHDEnabled() || !m_storage.CanSupportFeature(FEATURE_HD_SPLIT)) {
1317 : // don't create extra internal keys
1318 0 : missingInternal = 0;
1319 0 : }
1320 0 : bool internal = false;
1321 0 : WalletBatch batch(m_storage.GetDatabase());
1322 0 : for (int64_t i = missingInternal + missingExternal; i--;) {
1323 0 : if (i < missingInternal) {
1324 0 : internal = true;
1325 0 : }
1326 :
1327 0 : CPubKey pubkey(GenerateNewKey(batch, chain, internal));
1328 0 : if (chain == m_hd_chain) {
1329 0 : AddKeypoolPubkeyWithDB(pubkey, internal, batch);
1330 0 : }
1331 : }
1332 0 : if (missingInternal + missingExternal > 0) {
1333 0 : if (chain == m_hd_chain) {
1334 0 : WalletLogPrintf("keypool added %d keys (%d internal), size=%u (%u internal)\n", missingInternal + missingExternal, missingInternal, setInternalKeyPool.size() + setExternalKeyPool.size() + set_pre_split_keypool.size(), setInternalKeyPool.size());
1335 0 : } else {
1336 0 : WalletLogPrintf("inactive seed with id %s added %d external keys, %d internal keys\n", HexStr(chain.seed_id), missingExternal, missingInternal);
1337 : }
1338 0 : }
1339 0 : return true;
1340 0 : }
1341 :
1342 0 : void LegacyScriptPubKeyMan::AddKeypoolPubkeyWithDB(const CPubKey& pubkey, const bool internal, WalletBatch& batch)
1343 : {
1344 0 : LOCK(cs_KeyStore);
1345 0 : assert(m_max_keypool_index < std::numeric_limits<int64_t>::max()); // How in the hell did you use so many keys?
1346 0 : int64_t index = ++m_max_keypool_index;
1347 0 : if (!batch.WritePool(index, CKeyPool(pubkey, internal))) {
1348 0 : throw std::runtime_error(std::string(__func__) + ": writing imported pubkey failed");
1349 : }
1350 0 : if (internal) {
1351 0 : setInternalKeyPool.insert(index);
1352 0 : } else {
1353 0 : setExternalKeyPool.insert(index);
1354 : }
1355 0 : m_pool_key_to_index[pubkey.GetID()] = index;
1356 0 : }
1357 :
1358 0 : void LegacyScriptPubKeyMan::KeepDestination(int64_t nIndex, const OutputType& type)
1359 : {
1360 0 : assert(type != OutputType::BECH32M);
1361 : // Remove from key pool
1362 0 : WalletBatch batch(m_storage.GetDatabase());
1363 0 : batch.ErasePool(nIndex);
1364 0 : CPubKey pubkey;
1365 0 : bool have_pk = GetPubKey(m_index_to_reserved_key.at(nIndex), pubkey);
1366 0 : assert(have_pk);
1367 0 : LearnRelatedScripts(pubkey, type);
1368 0 : m_index_to_reserved_key.erase(nIndex);
1369 0 : WalletLogPrintf("keypool keep %d\n", nIndex);
1370 0 : }
1371 :
1372 0 : void LegacyScriptPubKeyMan::ReturnDestination(int64_t nIndex, bool fInternal, const CTxDestination&)
1373 : {
1374 : // Return to key pool
1375 : {
1376 0 : LOCK(cs_KeyStore);
1377 0 : if (fInternal) {
1378 0 : setInternalKeyPool.insert(nIndex);
1379 0 : } else if (!set_pre_split_keypool.empty()) {
1380 0 : set_pre_split_keypool.insert(nIndex);
1381 0 : } else {
1382 0 : setExternalKeyPool.insert(nIndex);
1383 : }
1384 0 : CKeyID& pubkey_id = m_index_to_reserved_key.at(nIndex);
1385 0 : m_pool_key_to_index[pubkey_id] = nIndex;
1386 0 : m_index_to_reserved_key.erase(nIndex);
1387 0 : NotifyCanGetAddressesChanged();
1388 0 : }
1389 0 : WalletLogPrintf("keypool return %d\n", nIndex);
1390 0 : }
1391 :
1392 0 : bool LegacyScriptPubKeyMan::GetKeyFromPool(CPubKey& result, const OutputType type)
1393 : {
1394 0 : assert(type != OutputType::BECH32M);
1395 0 : if (!CanGetAddresses(/*internal=*/ false)) {
1396 0 : return false;
1397 : }
1398 :
1399 0 : CKeyPool keypool;
1400 : {
1401 0 : LOCK(cs_KeyStore);
1402 : int64_t nIndex;
1403 0 : if (!ReserveKeyFromKeyPool(nIndex, keypool, /*fRequestedInternal=*/ false) && !m_storage.IsWalletFlagSet(WALLET_FLAG_DISABLE_PRIVATE_KEYS)) {
1404 0 : if (m_storage.IsLocked()) return false;
1405 0 : WalletBatch batch(m_storage.GetDatabase());
1406 0 : result = GenerateNewKey(batch, m_hd_chain, /*internal=*/ false);
1407 0 : return true;
1408 0 : }
1409 0 : KeepDestination(nIndex, type);
1410 0 : result = keypool.vchPubKey;
1411 0 : }
1412 0 : return true;
1413 0 : }
1414 :
1415 0 : bool LegacyScriptPubKeyMan::ReserveKeyFromKeyPool(int64_t& nIndex, CKeyPool& keypool, bool fRequestedInternal)
1416 : {
1417 0 : nIndex = -1;
1418 0 : keypool.vchPubKey = CPubKey();
1419 : {
1420 0 : LOCK(cs_KeyStore);
1421 :
1422 0 : bool fReturningInternal = fRequestedInternal;
1423 0 : fReturningInternal &= (IsHDEnabled() && m_storage.CanSupportFeature(FEATURE_HD_SPLIT)) || m_storage.IsWalletFlagSet(WALLET_FLAG_DISABLE_PRIVATE_KEYS);
1424 0 : bool use_split_keypool = set_pre_split_keypool.empty();
1425 0 : std::set<int64_t>& setKeyPool = use_split_keypool ? (fReturningInternal ? setInternalKeyPool : setExternalKeyPool) : set_pre_split_keypool;
1426 :
1427 : // Get the oldest key
1428 0 : if (setKeyPool.empty()) {
1429 0 : return false;
1430 : }
1431 :
1432 0 : WalletBatch batch(m_storage.GetDatabase());
1433 :
1434 0 : auto it = setKeyPool.begin();
1435 0 : nIndex = *it;
1436 0 : setKeyPool.erase(it);
1437 0 : if (!batch.ReadPool(nIndex, keypool)) {
1438 0 : throw std::runtime_error(std::string(__func__) + ": read failed");
1439 : }
1440 0 : CPubKey pk;
1441 0 : if (!GetPubKey(keypool.vchPubKey.GetID(), pk)) {
1442 0 : throw std::runtime_error(std::string(__func__) + ": unknown key in key pool");
1443 : }
1444 : // If the key was pre-split keypool, we don't care about what type it is
1445 0 : if (use_split_keypool && keypool.fInternal != fReturningInternal) {
1446 0 : throw std::runtime_error(std::string(__func__) + ": keypool entry misclassified");
1447 : }
1448 0 : if (!keypool.vchPubKey.IsValid()) {
1449 0 : throw std::runtime_error(std::string(__func__) + ": keypool entry invalid");
1450 : }
1451 :
1452 0 : assert(m_index_to_reserved_key.count(nIndex) == 0);
1453 0 : m_index_to_reserved_key[nIndex] = keypool.vchPubKey.GetID();
1454 0 : m_pool_key_to_index.erase(keypool.vchPubKey.GetID());
1455 0 : WalletLogPrintf("keypool reserve %d\n", nIndex);
1456 0 : }
1457 0 : NotifyCanGetAddressesChanged();
1458 0 : return true;
1459 0 : }
1460 :
1461 0 : void LegacyScriptPubKeyMan::LearnRelatedScripts(const CPubKey& key, OutputType type)
1462 : {
1463 0 : assert(type != OutputType::BECH32M);
1464 0 : if (key.IsCompressed() && (type == OutputType::P2SH_SEGWIT || type == OutputType::BECH32)) {
1465 0 : CTxDestination witdest = WitnessV0KeyHash(key.GetID());
1466 0 : CScript witprog = GetScriptForDestination(witdest);
1467 : // Make sure the resulting program is solvable.
1468 0 : const auto desc = InferDescriptor(witprog, *this);
1469 0 : assert(desc && desc->IsSolvable());
1470 0 : AddCScript(witprog);
1471 0 : }
1472 0 : }
1473 :
1474 0 : void LegacyScriptPubKeyMan::LearnAllRelatedScripts(const CPubKey& key)
1475 : {
1476 : // OutputType::P2SH_SEGWIT always adds all necessary scripts for all types.
1477 0 : LearnRelatedScripts(key, OutputType::P2SH_SEGWIT);
1478 0 : }
1479 :
1480 0 : std::vector<CKeyPool> LegacyScriptPubKeyMan::MarkReserveKeysAsUsed(int64_t keypool_id)
1481 : {
1482 0 : AssertLockHeld(cs_KeyStore);
1483 0 : bool internal = setInternalKeyPool.count(keypool_id);
1484 0 : if (!internal) assert(setExternalKeyPool.count(keypool_id) || set_pre_split_keypool.count(keypool_id));
1485 0 : std::set<int64_t> *setKeyPool = internal ? &setInternalKeyPool : (set_pre_split_keypool.empty() ? &setExternalKeyPool : &set_pre_split_keypool);
1486 0 : auto it = setKeyPool->begin();
1487 :
1488 0 : std::vector<CKeyPool> result;
1489 0 : WalletBatch batch(m_storage.GetDatabase());
1490 0 : while (it != std::end(*setKeyPool)) {
1491 0 : const int64_t& index = *(it);
1492 0 : if (index > keypool_id) break; // set*KeyPool is ordered
1493 :
1494 0 : CKeyPool keypool;
1495 0 : if (batch.ReadPool(index, keypool)) { //TODO: This should be unnecessary
1496 0 : m_pool_key_to_index.erase(keypool.vchPubKey.GetID());
1497 0 : }
1498 0 : LearnAllRelatedScripts(keypool.vchPubKey);
1499 0 : batch.ErasePool(index);
1500 0 : WalletLogPrintf("keypool index %d removed\n", index);
1501 0 : it = setKeyPool->erase(it);
1502 0 : result.push_back(std::move(keypool));
1503 : }
1504 :
1505 0 : return result;
1506 0 : }
1507 :
1508 0 : std::vector<CKeyID> GetAffectedKeys(const CScript& spk, const SigningProvider& provider)
1509 : {
1510 0 : std::vector<CScript> dummy;
1511 0 : FlatSigningProvider out;
1512 0 : InferDescriptor(spk, provider)->Expand(0, DUMMY_SIGNING_PROVIDER, dummy, out);
1513 0 : std::vector<CKeyID> ret;
1514 0 : ret.reserve(out.pubkeys.size());
1515 0 : for (const auto& entry : out.pubkeys) {
1516 0 : ret.push_back(entry.first);
1517 : }
1518 0 : return ret;
1519 0 : }
1520 :
1521 0 : void LegacyScriptPubKeyMan::MarkPreSplitKeys()
1522 : {
1523 0 : WalletBatch batch(m_storage.GetDatabase());
1524 0 : for (auto it = setExternalKeyPool.begin(); it != setExternalKeyPool.end();) {
1525 0 : int64_t index = *it;
1526 0 : CKeyPool keypool;
1527 0 : if (!batch.ReadPool(index, keypool)) {
1528 0 : throw std::runtime_error(std::string(__func__) + ": read keypool entry failed");
1529 : }
1530 0 : keypool.m_pre_split = true;
1531 0 : if (!batch.WritePool(index, keypool)) {
1532 0 : throw std::runtime_error(std::string(__func__) + ": writing modified keypool entry failed");
1533 : }
1534 0 : set_pre_split_keypool.insert(index);
1535 0 : it = setExternalKeyPool.erase(it);
1536 : }
1537 0 : }
1538 :
1539 0 : bool LegacyScriptPubKeyMan::AddCScript(const CScript& redeemScript)
1540 : {
1541 0 : WalletBatch batch(m_storage.GetDatabase());
1542 0 : return AddCScriptWithDB(batch, redeemScript);
1543 0 : }
1544 :
1545 0 : bool LegacyScriptPubKeyMan::AddCScriptWithDB(WalletBatch& batch, const CScript& redeemScript)
1546 : {
1547 0 : if (!FillableSigningProvider::AddCScript(redeemScript))
1548 0 : return false;
1549 0 : if (batch.WriteCScript(Hash160(redeemScript), redeemScript)) {
1550 0 : m_storage.UnsetBlankWalletFlag(batch);
1551 0 : return true;
1552 : }
1553 0 : return false;
1554 0 : }
1555 :
1556 0 : bool LegacyScriptPubKeyMan::AddKeyOriginWithDB(WalletBatch& batch, const CPubKey& pubkey, const KeyOriginInfo& info)
1557 : {
1558 0 : LOCK(cs_KeyStore);
1559 0 : std::copy(info.fingerprint, info.fingerprint + 4, mapKeyMetadata[pubkey.GetID()].key_origin.fingerprint);
1560 0 : mapKeyMetadata[pubkey.GetID()].key_origin.path = info.path;
1561 0 : mapKeyMetadata[pubkey.GetID()].has_key_origin = true;
1562 0 : mapKeyMetadata[pubkey.GetID()].hdKeypath = WriteHDKeypath(info.path, /*apostrophe=*/true);
1563 0 : return batch.WriteKeyMetadata(mapKeyMetadata[pubkey.GetID()], pubkey, true);
1564 0 : }
1565 :
1566 0 : bool LegacyScriptPubKeyMan::ImportScripts(const std::set<CScript> scripts, int64_t timestamp)
1567 : {
1568 0 : WalletBatch batch(m_storage.GetDatabase());
1569 0 : for (const auto& entry : scripts) {
1570 0 : CScriptID id(entry);
1571 0 : if (HaveCScript(id)) {
1572 0 : WalletLogPrintf("Already have script %s, skipping\n", HexStr(entry));
1573 0 : continue;
1574 : }
1575 0 : if (!AddCScriptWithDB(batch, entry)) {
1576 0 : return false;
1577 : }
1578 :
1579 0 : if (timestamp > 0) {
1580 0 : m_script_metadata[CScriptID(entry)].nCreateTime = timestamp;
1581 0 : }
1582 : }
1583 0 : if (timestamp > 0) {
1584 0 : UpdateTimeFirstKey(timestamp);
1585 0 : }
1586 :
1587 0 : return true;
1588 0 : }
1589 :
1590 0 : bool LegacyScriptPubKeyMan::ImportPrivKeys(const std::map<CKeyID, CKey>& privkey_map, const int64_t timestamp)
1591 : {
1592 0 : WalletBatch batch(m_storage.GetDatabase());
1593 0 : for (const auto& entry : privkey_map) {
1594 0 : const CKey& key = entry.second;
1595 0 : CPubKey pubkey = key.GetPubKey();
1596 0 : const CKeyID& id = entry.first;
1597 0 : assert(key.VerifyPubKey(pubkey));
1598 : // Skip if we already have the key
1599 0 : if (HaveKey(id)) {
1600 0 : WalletLogPrintf("Already have key with pubkey %s, skipping\n", HexStr(pubkey));
1601 0 : continue;
1602 : }
1603 0 : mapKeyMetadata[id].nCreateTime = timestamp;
1604 : // If the private key is not present in the wallet, insert it.
1605 0 : if (!AddKeyPubKeyWithDB(batch, key, pubkey)) {
1606 0 : return false;
1607 : }
1608 0 : UpdateTimeFirstKey(timestamp);
1609 : }
1610 0 : return true;
1611 0 : }
1612 :
1613 0 : bool LegacyScriptPubKeyMan::ImportPubKeys(const std::vector<CKeyID>& ordered_pubkeys, const std::map<CKeyID, CPubKey>& pubkey_map, const std::map<CKeyID, std::pair<CPubKey, KeyOriginInfo>>& key_origins, const bool add_keypool, const bool internal, const int64_t timestamp)
1614 : {
1615 0 : WalletBatch batch(m_storage.GetDatabase());
1616 0 : for (const auto& entry : key_origins) {
1617 0 : AddKeyOriginWithDB(batch, entry.second.first, entry.second.second);
1618 : }
1619 0 : for (const CKeyID& id : ordered_pubkeys) {
1620 0 : auto entry = pubkey_map.find(id);
1621 0 : if (entry == pubkey_map.end()) {
1622 0 : continue;
1623 : }
1624 0 : const CPubKey& pubkey = entry->second;
1625 0 : CPubKey temp;
1626 0 : if (GetPubKey(id, temp)) {
1627 : // Already have pubkey, skipping
1628 0 : WalletLogPrintf("Already have pubkey %s, skipping\n", HexStr(temp));
1629 0 : continue;
1630 : }
1631 0 : if (!AddWatchOnlyWithDB(batch, GetScriptForRawPubKey(pubkey), timestamp)) {
1632 0 : return false;
1633 : }
1634 0 : mapKeyMetadata[id].nCreateTime = timestamp;
1635 :
1636 : // Add to keypool only works with pubkeys
1637 0 : if (add_keypool) {
1638 0 : AddKeypoolPubkeyWithDB(pubkey, internal, batch);
1639 0 : NotifyCanGetAddressesChanged();
1640 0 : }
1641 : }
1642 0 : return true;
1643 0 : }
1644 :
1645 0 : bool LegacyScriptPubKeyMan::ImportScriptPubKeys(const std::set<CScript>& script_pub_keys, const bool have_solving_data, const int64_t timestamp)
1646 : {
1647 0 : WalletBatch batch(m_storage.GetDatabase());
1648 0 : for (const CScript& script : script_pub_keys) {
1649 0 : if (!have_solving_data || !IsMine(script)) { // Always call AddWatchOnly for non-solvable watch-only, so that watch timestamp gets updated
1650 0 : if (!AddWatchOnlyWithDB(batch, script, timestamp)) {
1651 0 : return false;
1652 : }
1653 0 : }
1654 : }
1655 0 : return true;
1656 0 : }
1657 :
1658 0 : std::set<CKeyID> LegacyScriptPubKeyMan::GetKeys() const
1659 : {
1660 0 : LOCK(cs_KeyStore);
1661 0 : if (!m_storage.HasEncryptionKeys()) {
1662 0 : return FillableSigningProvider::GetKeys();
1663 : }
1664 0 : std::set<CKeyID> set_address;
1665 0 : for (const auto& mi : mapCryptedKeys) {
1666 0 : set_address.insert(mi.first);
1667 : }
1668 0 : return set_address;
1669 0 : }
1670 :
1671 0 : std::unordered_set<CScript, SaltedSipHasher> LegacyScriptPubKeyMan::GetScriptPubKeys() const
1672 : {
1673 0 : LOCK(cs_KeyStore);
1674 0 : std::unordered_set<CScript, SaltedSipHasher> spks;
1675 :
1676 : // All keys have at least P2PK and P2PKH
1677 0 : for (const auto& key_pair : mapKeys) {
1678 0 : const CPubKey& pub = key_pair.second.GetPubKey();
1679 0 : spks.insert(GetScriptForRawPubKey(pub));
1680 0 : spks.insert(GetScriptForDestination(PKHash(pub)));
1681 : }
1682 0 : for (const auto& key_pair : mapCryptedKeys) {
1683 0 : const CPubKey& pub = key_pair.second.first;
1684 0 : spks.insert(GetScriptForRawPubKey(pub));
1685 0 : spks.insert(GetScriptForDestination(PKHash(pub)));
1686 : }
1687 :
1688 : // For every script in mapScript, only the ISMINE_SPENDABLE ones are being tracked.
1689 : // The watchonly ones will be in setWatchOnly which we deal with later
1690 : // For all keys, if they have segwit scripts, those scripts will end up in mapScripts
1691 0 : for (const auto& script_pair : mapScripts) {
1692 0 : const CScript& script = script_pair.second;
1693 0 : if (IsMine(script) == ISMINE_SPENDABLE) {
1694 : // Add ScriptHash for scripts that are not already P2SH
1695 0 : if (!script.IsPayToScriptHash()) {
1696 0 : spks.insert(GetScriptForDestination(ScriptHash(script)));
1697 0 : }
1698 : // For segwit scripts, we only consider them spendable if we have the segwit spk
1699 0 : int wit_ver = -1;
1700 0 : std::vector<unsigned char> witprog;
1701 0 : if (script.IsWitnessProgram(wit_ver, witprog) && wit_ver == 0) {
1702 0 : spks.insert(script);
1703 0 : }
1704 0 : } else {
1705 : // Multisigs are special. They don't show up as ISMINE_SPENDABLE unless they are in a P2SH
1706 : // So check the P2SH of a multisig to see if we should insert it
1707 0 : std::vector<std::vector<unsigned char>> sols;
1708 0 : TxoutType type = Solver(script, sols);
1709 0 : if (type == TxoutType::MULTISIG) {
1710 0 : CScript ms_spk = GetScriptForDestination(ScriptHash(script));
1711 0 : if (IsMine(ms_spk) != ISMINE_NO) {
1712 0 : spks.insert(ms_spk);
1713 0 : }
1714 0 : }
1715 0 : }
1716 : }
1717 :
1718 : // All watchonly scripts are raw
1719 0 : for (const CScript& script : setWatchOnly) {
1720 : // As the legacy wallet allowed to import any script, we need to verify the validity here.
1721 : // LegacyScriptPubKeyMan::IsMine() return 'ISMINE_NO' for invalid or not watched scripts (IsMineResult::INVALID or IsMineResult::NO).
1722 : // e.g. a "sh(sh(pkh()))" which legacy wallets allowed to import!.
1723 0 : if (IsMine(script) != ISMINE_NO) spks.insert(script);
1724 : }
1725 :
1726 0 : return spks;
1727 0 : }
1728 :
1729 0 : std::unordered_set<CScript, SaltedSipHasher> LegacyScriptPubKeyMan::GetNotMineScriptPubKeys() const
1730 : {
1731 0 : LOCK(cs_KeyStore);
1732 0 : std::unordered_set<CScript, SaltedSipHasher> spks;
1733 0 : for (const CScript& script : setWatchOnly) {
1734 0 : if (IsMine(script) == ISMINE_NO) spks.insert(script);
1735 : }
1736 0 : return spks;
1737 0 : }
1738 :
1739 0 : std::optional<MigrationData> LegacyScriptPubKeyMan::MigrateToDescriptor()
1740 : {
1741 0 : LOCK(cs_KeyStore);
1742 0 : if (m_storage.IsLocked()) {
1743 0 : return std::nullopt;
1744 : }
1745 :
1746 0 : MigrationData out;
1747 :
1748 0 : std::unordered_set<CScript, SaltedSipHasher> spks{GetScriptPubKeys()};
1749 :
1750 : // Get all key ids
1751 0 : std::set<CKeyID> keyids;
1752 0 : for (const auto& key_pair : mapKeys) {
1753 0 : keyids.insert(key_pair.first);
1754 : }
1755 0 : for (const auto& key_pair : mapCryptedKeys) {
1756 0 : keyids.insert(key_pair.first);
1757 : }
1758 :
1759 : // Get key metadata and figure out which keys don't have a seed
1760 : // Note that we do not ignore the seeds themselves because they are considered IsMine!
1761 0 : for (auto keyid_it = keyids.begin(); keyid_it != keyids.end();) {
1762 0 : const CKeyID& keyid = *keyid_it;
1763 0 : const auto& it = mapKeyMetadata.find(keyid);
1764 0 : if (it != mapKeyMetadata.end()) {
1765 0 : const CKeyMetadata& meta = it->second;
1766 0 : if (meta.hdKeypath == "s" || meta.hdKeypath == "m") {
1767 0 : keyid_it++;
1768 0 : continue;
1769 : }
1770 0 : if (m_hd_chain.seed_id == meta.hd_seed_id || m_inactive_hd_chains.count(meta.hd_seed_id) > 0) {
1771 0 : keyid_it = keyids.erase(keyid_it);
1772 0 : continue;
1773 : }
1774 0 : }
1775 0 : keyid_it++;
1776 : }
1777 :
1778 : // keyids is now all non-HD keys. Each key will have its own combo descriptor
1779 0 : for (const CKeyID& keyid : keyids) {
1780 0 : CKey key;
1781 0 : if (!GetKey(keyid, key)) {
1782 0 : assert(false);
1783 : }
1784 :
1785 : // Get birthdate from key meta
1786 0 : uint64_t creation_time = 0;
1787 0 : const auto& it = mapKeyMetadata.find(keyid);
1788 0 : if (it != mapKeyMetadata.end()) {
1789 0 : creation_time = it->second.nCreateTime;
1790 0 : }
1791 :
1792 : // Get the key origin
1793 : // Maybe this doesn't matter because floating keys here shouldn't have origins
1794 0 : KeyOriginInfo info;
1795 0 : bool has_info = GetKeyOrigin(keyid, info);
1796 0 : std::string origin_str = has_info ? "[" + HexStr(info.fingerprint) + FormatHDKeypath(info.path) + "]" : "";
1797 :
1798 : // Construct the combo descriptor
1799 0 : std::string desc_str = "combo(" + origin_str + HexStr(key.GetPubKey()) + ")";
1800 0 : FlatSigningProvider keys;
1801 0 : std::string error;
1802 0 : std::unique_ptr<Descriptor> desc = Parse(desc_str, keys, error, false);
1803 0 : WalletDescriptor w_desc(std::move(desc), creation_time, 0, 0, 0);
1804 :
1805 : // Make the DescriptorScriptPubKeyMan and get the scriptPubKeys
1806 0 : auto desc_spk_man = std::unique_ptr<DescriptorScriptPubKeyMan>(new DescriptorScriptPubKeyMan(m_storage, w_desc, m_keypool_size));
1807 0 : desc_spk_man->AddDescriptorKey(key, key.GetPubKey());
1808 0 : desc_spk_man->TopUp();
1809 0 : auto desc_spks = desc_spk_man->GetScriptPubKeys();
1810 :
1811 : // Remove the scriptPubKeys from our current set
1812 0 : for (const CScript& spk : desc_spks) {
1813 0 : size_t erased = spks.erase(spk);
1814 0 : assert(erased == 1);
1815 0 : assert(IsMine(spk) == ISMINE_SPENDABLE);
1816 : }
1817 :
1818 0 : out.desc_spkms.push_back(std::move(desc_spk_man));
1819 0 : }
1820 :
1821 : // Handle HD keys by using the CHDChains
1822 0 : std::vector<CHDChain> chains;
1823 0 : chains.push_back(m_hd_chain);
1824 0 : for (const auto& chain_pair : m_inactive_hd_chains) {
1825 0 : chains.push_back(chain_pair.second);
1826 : }
1827 0 : for (const CHDChain& chain : chains) {
1828 0 : for (int i = 0; i < 2; ++i) {
1829 : // Skip if doing internal chain and split chain is not supported
1830 0 : if (chain.seed_id.IsNull() || (i == 1 && !m_storage.CanSupportFeature(FEATURE_HD_SPLIT))) {
1831 0 : continue;
1832 : }
1833 : // Get the master xprv
1834 0 : CKey seed_key;
1835 0 : if (!GetKey(chain.seed_id, seed_key)) {
1836 0 : assert(false);
1837 : }
1838 0 : CExtKey master_key;
1839 0 : master_key.SetSeed(seed_key);
1840 :
1841 : // Make the combo descriptor
1842 0 : std::string xpub = EncodeExtPubKey(master_key.Neuter());
1843 0 : std::string desc_str = "combo(" + xpub + "/0h/" + ToString(i) + "h/*h)";
1844 0 : FlatSigningProvider keys;
1845 0 : std::string error;
1846 0 : std::unique_ptr<Descriptor> desc = Parse(desc_str, keys, error, false);
1847 0 : uint32_t chain_counter = std::max((i == 1 ? chain.nInternalChainCounter : chain.nExternalChainCounter), (uint32_t)0);
1848 0 : WalletDescriptor w_desc(std::move(desc), 0, 0, chain_counter, 0);
1849 :
1850 : // Make the DescriptorScriptPubKeyMan and get the scriptPubKeys
1851 0 : auto desc_spk_man = std::unique_ptr<DescriptorScriptPubKeyMan>(new DescriptorScriptPubKeyMan(m_storage, w_desc, m_keypool_size));
1852 0 : desc_spk_man->AddDescriptorKey(master_key.key, master_key.key.GetPubKey());
1853 0 : desc_spk_man->TopUp();
1854 0 : auto desc_spks = desc_spk_man->GetScriptPubKeys();
1855 :
1856 : // Remove the scriptPubKeys from our current set
1857 0 : for (const CScript& spk : desc_spks) {
1858 0 : size_t erased = spks.erase(spk);
1859 0 : assert(erased == 1);
1860 0 : assert(IsMine(spk) == ISMINE_SPENDABLE);
1861 : }
1862 :
1863 0 : out.desc_spkms.push_back(std::move(desc_spk_man));
1864 0 : }
1865 : }
1866 : // Add the current master seed to the migration data
1867 0 : if (!m_hd_chain.seed_id.IsNull()) {
1868 0 : CKey seed_key;
1869 0 : if (!GetKey(m_hd_chain.seed_id, seed_key)) {
1870 0 : assert(false);
1871 : }
1872 0 : out.master_key.SetSeed(seed_key);
1873 0 : }
1874 :
1875 : // Handle the rest of the scriptPubKeys which must be imports and may not have all info
1876 0 : for (auto it = spks.begin(); it != spks.end();) {
1877 0 : const CScript& spk = *it;
1878 :
1879 : // Get birthdate from script meta
1880 0 : uint64_t creation_time = 0;
1881 0 : const auto& mit = m_script_metadata.find(CScriptID(spk));
1882 0 : if (mit != m_script_metadata.end()) {
1883 0 : creation_time = mit->second.nCreateTime;
1884 0 : }
1885 :
1886 : // InferDescriptor as that will get us all the solving info if it is there
1887 0 : std::unique_ptr<Descriptor> desc = InferDescriptor(spk, *GetSolvingProvider(spk));
1888 : // Get the private keys for this descriptor
1889 0 : std::vector<CScript> scripts;
1890 0 : FlatSigningProvider keys;
1891 0 : if (!desc->Expand(0, DUMMY_SIGNING_PROVIDER, scripts, keys)) {
1892 0 : assert(false);
1893 : }
1894 0 : std::set<CKeyID> privkeyids;
1895 0 : for (const auto& key_orig_pair : keys.origins) {
1896 0 : privkeyids.insert(key_orig_pair.first);
1897 : }
1898 :
1899 0 : std::vector<CScript> desc_spks;
1900 :
1901 : // Make the descriptor string with private keys
1902 0 : std::string desc_str;
1903 0 : bool watchonly = !desc->ToPrivateString(*this, desc_str);
1904 0 : if (watchonly && !m_storage.IsWalletFlagSet(WALLET_FLAG_DISABLE_PRIVATE_KEYS)) {
1905 0 : out.watch_descs.push_back({desc->ToString(), creation_time});
1906 :
1907 : // Get the scriptPubKeys without writing this to the wallet
1908 0 : FlatSigningProvider provider;
1909 0 : desc->Expand(0, provider, desc_spks, provider);
1910 0 : } else {
1911 : // Make the DescriptorScriptPubKeyMan and get the scriptPubKeys
1912 0 : WalletDescriptor w_desc(std::move(desc), creation_time, 0, 0, 0);
1913 0 : auto desc_spk_man = std::unique_ptr<DescriptorScriptPubKeyMan>(new DescriptorScriptPubKeyMan(m_storage, w_desc, m_keypool_size));
1914 0 : for (const auto& keyid : privkeyids) {
1915 0 : CKey key;
1916 0 : if (!GetKey(keyid, key)) {
1917 0 : continue;
1918 : }
1919 0 : desc_spk_man->AddDescriptorKey(key, key.GetPubKey());
1920 0 : }
1921 0 : desc_spk_man->TopUp();
1922 0 : auto desc_spks_set = desc_spk_man->GetScriptPubKeys();
1923 0 : desc_spks.insert(desc_spks.end(), desc_spks_set.begin(), desc_spks_set.end());
1924 :
1925 0 : out.desc_spkms.push_back(std::move(desc_spk_man));
1926 0 : }
1927 :
1928 : // Remove the scriptPubKeys from our current set
1929 0 : for (const CScript& desc_spk : desc_spks) {
1930 0 : auto del_it = spks.find(desc_spk);
1931 0 : assert(del_it != spks.end());
1932 0 : assert(IsMine(desc_spk) != ISMINE_NO);
1933 0 : it = spks.erase(del_it);
1934 : }
1935 0 : }
1936 :
1937 : // Multisigs are special. They don't show up as ISMINE_SPENDABLE unless they are in a P2SH
1938 : // So we have to check if any of our scripts are a multisig and if so, add the P2SH
1939 0 : for (const auto& script_pair : mapScripts) {
1940 0 : const CScript script = script_pair.second;
1941 :
1942 : // Get birthdate from script meta
1943 0 : uint64_t creation_time = 0;
1944 0 : const auto& it = m_script_metadata.find(CScriptID(script));
1945 0 : if (it != m_script_metadata.end()) {
1946 0 : creation_time = it->second.nCreateTime;
1947 0 : }
1948 :
1949 0 : std::vector<std::vector<unsigned char>> sols;
1950 0 : TxoutType type = Solver(script, sols);
1951 0 : if (type == TxoutType::MULTISIG) {
1952 0 : CScript sh_spk = GetScriptForDestination(ScriptHash(script));
1953 0 : CTxDestination witdest = WitnessV0ScriptHash(script);
1954 0 : CScript witprog = GetScriptForDestination(witdest);
1955 0 : CScript sh_wsh_spk = GetScriptForDestination(ScriptHash(witprog));
1956 :
1957 : // We only want the multisigs that we have not already seen, i.e. they are not watchonly and not spendable
1958 : // For P2SH, a multisig is not ISMINE_NO when:
1959 : // * All keys are in the wallet
1960 : // * The multisig itself is watch only
1961 : // * The P2SH is watch only
1962 : // For P2SH-P2WSH, if the script is in the wallet, then it will have the same conditions as P2SH.
1963 : // For P2WSH, a multisig is not ISMINE_NO when, other than the P2SH conditions:
1964 : // * The P2WSH script is in the wallet and it is being watched
1965 0 : std::vector<std::vector<unsigned char>> keys(sols.begin() + 1, sols.begin() + sols.size() - 1);
1966 0 : if (HaveWatchOnly(sh_spk) || HaveWatchOnly(script) || HaveKeys(keys, *this) || (HaveCScript(CScriptID(witprog)) && HaveWatchOnly(witprog))) {
1967 : // The above emulates IsMine for these 3 scriptPubKeys, so double check that by running IsMine
1968 0 : assert(IsMine(sh_spk) != ISMINE_NO || IsMine(witprog) != ISMINE_NO || IsMine(sh_wsh_spk) != ISMINE_NO);
1969 0 : continue;
1970 : }
1971 0 : assert(IsMine(sh_spk) == ISMINE_NO && IsMine(witprog) == ISMINE_NO && IsMine(sh_wsh_spk) == ISMINE_NO);
1972 :
1973 0 : std::unique_ptr<Descriptor> sh_desc = InferDescriptor(sh_spk, *GetSolvingProvider(sh_spk));
1974 0 : out.solvable_descs.push_back({sh_desc->ToString(), creation_time});
1975 :
1976 0 : const auto desc = InferDescriptor(witprog, *this);
1977 0 : if (desc->IsSolvable()) {
1978 0 : std::unique_ptr<Descriptor> wsh_desc = InferDescriptor(witprog, *GetSolvingProvider(witprog));
1979 0 : out.solvable_descs.push_back({wsh_desc->ToString(), creation_time});
1980 0 : std::unique_ptr<Descriptor> sh_wsh_desc = InferDescriptor(sh_wsh_spk, *GetSolvingProvider(sh_wsh_spk));
1981 0 : out.solvable_descs.push_back({sh_wsh_desc->ToString(), creation_time});
1982 0 : }
1983 0 : }
1984 0 : }
1985 :
1986 : // Make sure that we have accounted for all scriptPubKeys
1987 0 : assert(spks.size() == 0);
1988 0 : return out;
1989 0 : }
1990 :
1991 0 : bool LegacyScriptPubKeyMan::DeleteRecords()
1992 : {
1993 0 : LOCK(cs_KeyStore);
1994 0 : WalletBatch batch(m_storage.GetDatabase());
1995 0 : return batch.EraseRecords(DBKeys::LEGACY_TYPES);
1996 0 : }
1997 :
1998 0 : util::Result<CTxDestination> DescriptorScriptPubKeyMan::GetNewDestination(const OutputType type)
1999 : {
2000 : // Returns true if this descriptor supports getting new addresses. Conditions where we may be unable to fetch them (e.g. locked) are caught later
2001 0 : if (!CanGetAddresses()) {
2002 0 : return util::Error{_("No addresses available")};
2003 : }
2004 : {
2005 0 : LOCK(cs_desc_man);
2006 0 : assert(m_wallet_descriptor.descriptor->IsSingleType()); // This is a combo descriptor which should not be an active descriptor
2007 0 : std::optional<OutputType> desc_addr_type = m_wallet_descriptor.descriptor->GetOutputType();
2008 0 : assert(desc_addr_type);
2009 0 : if (type != *desc_addr_type) {
2010 0 : throw std::runtime_error(std::string(__func__) + ": Types are inconsistent. Stored type does not match type of newly generated address");
2011 : }
2012 :
2013 0 : TopUp();
2014 :
2015 : // Get the scriptPubKey from the descriptor
2016 0 : FlatSigningProvider out_keys;
2017 0 : std::vector<CScript> scripts_temp;
2018 0 : if (m_wallet_descriptor.range_end <= m_max_cached_index && !TopUp(1)) {
2019 : // We can't generate anymore keys
2020 0 : return util::Error{_("Error: Keypool ran out, please call keypoolrefill first")};
2021 : }
2022 0 : if (!m_wallet_descriptor.descriptor->ExpandFromCache(m_wallet_descriptor.next_index, m_wallet_descriptor.cache, scripts_temp, out_keys)) {
2023 : // We can't generate anymore keys
2024 0 : return util::Error{_("Error: Keypool ran out, please call keypoolrefill first")};
2025 : }
2026 :
2027 0 : CTxDestination dest;
2028 0 : if (!ExtractDestination(scripts_temp[0], dest)) {
2029 0 : return util::Error{_("Error: Cannot extract destination from the generated scriptpubkey")}; // shouldn't happen
2030 : }
2031 0 : m_wallet_descriptor.next_index++;
2032 0 : WalletBatch(m_storage.GetDatabase()).WriteDescriptor(GetID(), m_wallet_descriptor);
2033 0 : return dest;
2034 0 : }
2035 0 : }
2036 :
2037 0 : isminetype DescriptorScriptPubKeyMan::IsMine(const CScript& script) const
2038 : {
2039 0 : LOCK(cs_desc_man);
2040 0 : if (m_map_script_pub_keys.count(script) > 0) {
2041 0 : return ISMINE_SPENDABLE;
2042 : }
2043 0 : return ISMINE_NO;
2044 0 : }
2045 :
2046 0 : bool DescriptorScriptPubKeyMan::CheckDecryptionKey(const CKeyingMaterial& master_key, bool accept_no_keys)
2047 : {
2048 0 : LOCK(cs_desc_man);
2049 0 : if (!m_map_keys.empty()) {
2050 0 : return false;
2051 : }
2052 :
2053 0 : bool keyPass = m_map_crypted_keys.empty(); // Always pass when there are no encrypted keys
2054 0 : bool keyFail = false;
2055 0 : for (const auto& mi : m_map_crypted_keys) {
2056 0 : const CPubKey &pubkey = mi.second.first;
2057 0 : const std::vector<unsigned char> &crypted_secret = mi.second.second;
2058 0 : CKey key;
2059 0 : if (!DecryptKey(master_key, crypted_secret, pubkey, key)) {
2060 0 : keyFail = true;
2061 0 : break;
2062 : }
2063 0 : keyPass = true;
2064 0 : if (m_decryption_thoroughly_checked)
2065 0 : break;
2066 0 : }
2067 0 : if (keyPass && keyFail) {
2068 0 : LogPrintf("The wallet is probably corrupted: Some keys decrypt but not all.\n");
2069 0 : throw std::runtime_error("Error unlocking wallet: some keys decrypt but not all. Your wallet file may be corrupt.");
2070 : }
2071 0 : if (keyFail || (!keyPass && !accept_no_keys)) {
2072 0 : return false;
2073 : }
2074 0 : m_decryption_thoroughly_checked = true;
2075 0 : return true;
2076 0 : }
2077 :
2078 0 : bool DescriptorScriptPubKeyMan::Encrypt(const CKeyingMaterial& master_key, WalletBatch* batch)
2079 : {
2080 0 : LOCK(cs_desc_man);
2081 0 : if (!m_map_crypted_keys.empty()) {
2082 0 : return false;
2083 : }
2084 :
2085 0 : for (const KeyMap::value_type& key_in : m_map_keys)
2086 : {
2087 0 : const CKey &key = key_in.second;
2088 0 : CPubKey pubkey = key.GetPubKey();
2089 0 : CKeyingMaterial secret(key.begin(), key.end());
2090 0 : std::vector<unsigned char> crypted_secret;
2091 0 : if (!EncryptSecret(master_key, secret, pubkey.GetHash(), crypted_secret)) {
2092 0 : return false;
2093 : }
2094 0 : m_map_crypted_keys[pubkey.GetID()] = make_pair(pubkey, crypted_secret);
2095 0 : batch->WriteCryptedDescriptorKey(GetID(), pubkey, crypted_secret);
2096 0 : }
2097 0 : m_map_keys.clear();
2098 0 : return true;
2099 0 : }
2100 :
2101 0 : util::Result<CTxDestination> DescriptorScriptPubKeyMan::GetReservedDestination(const OutputType type, bool internal, int64_t& index, CKeyPool& keypool)
2102 : {
2103 0 : LOCK(cs_desc_man);
2104 0 : auto op_dest = GetNewDestination(type);
2105 0 : index = m_wallet_descriptor.next_index - 1;
2106 0 : return op_dest;
2107 0 : }
2108 :
2109 0 : void DescriptorScriptPubKeyMan::ReturnDestination(int64_t index, bool internal, const CTxDestination& addr)
2110 : {
2111 0 : LOCK(cs_desc_man);
2112 : // Only return when the index was the most recent
2113 0 : if (m_wallet_descriptor.next_index - 1 == index) {
2114 0 : m_wallet_descriptor.next_index--;
2115 0 : }
2116 0 : WalletBatch(m_storage.GetDatabase()).WriteDescriptor(GetID(), m_wallet_descriptor);
2117 0 : NotifyCanGetAddressesChanged();
2118 0 : }
2119 :
2120 0 : std::map<CKeyID, CKey> DescriptorScriptPubKeyMan::GetKeys() const
2121 : {
2122 0 : AssertLockHeld(cs_desc_man);
2123 0 : if (m_storage.HasEncryptionKeys() && !m_storage.IsLocked()) {
2124 0 : KeyMap keys;
2125 0 : for (const auto& key_pair : m_map_crypted_keys) {
2126 0 : const CPubKey& pubkey = key_pair.second.first;
2127 0 : const std::vector<unsigned char>& crypted_secret = key_pair.second.second;
2128 0 : CKey key;
2129 0 : DecryptKey(m_storage.GetEncryptionKey(), crypted_secret, pubkey, key);
2130 0 : keys[pubkey.GetID()] = key;
2131 0 : }
2132 0 : return keys;
2133 0 : }
2134 0 : return m_map_keys;
2135 0 : }
2136 :
2137 0 : bool DescriptorScriptPubKeyMan::TopUp(unsigned int size)
2138 : {
2139 0 : LOCK(cs_desc_man);
2140 : unsigned int target_size;
2141 0 : if (size > 0) {
2142 0 : target_size = size;
2143 0 : } else {
2144 0 : target_size = m_keypool_size;
2145 : }
2146 :
2147 : // Calculate the new range_end
2148 0 : int32_t new_range_end = std::max(m_wallet_descriptor.next_index + (int32_t)target_size, m_wallet_descriptor.range_end);
2149 :
2150 : // If the descriptor is not ranged, we actually just want to fill the first cache item
2151 0 : if (!m_wallet_descriptor.descriptor->IsRange()) {
2152 0 : new_range_end = 1;
2153 0 : m_wallet_descriptor.range_end = 1;
2154 0 : m_wallet_descriptor.range_start = 0;
2155 0 : }
2156 :
2157 0 : FlatSigningProvider provider;
2158 0 : provider.keys = GetKeys();
2159 :
2160 0 : WalletBatch batch(m_storage.GetDatabase());
2161 0 : uint256 id = GetID();
2162 0 : for (int32_t i = m_max_cached_index + 1; i < new_range_end; ++i) {
2163 0 : FlatSigningProvider out_keys;
2164 0 : std::vector<CScript> scripts_temp;
2165 0 : DescriptorCache temp_cache;
2166 : // Maybe we have a cached xpub and we can expand from the cache first
2167 0 : if (!m_wallet_descriptor.descriptor->ExpandFromCache(i, m_wallet_descriptor.cache, scripts_temp, out_keys)) {
2168 0 : if (!m_wallet_descriptor.descriptor->Expand(i, provider, scripts_temp, out_keys, &temp_cache)) return false;
2169 0 : }
2170 : // Add all of the scriptPubKeys to the scriptPubKey set
2171 0 : for (const CScript& script : scripts_temp) {
2172 0 : m_map_script_pub_keys[script] = i;
2173 : }
2174 0 : for (const auto& pk_pair : out_keys.pubkeys) {
2175 0 : const CPubKey& pubkey = pk_pair.second;
2176 0 : if (m_map_pubkeys.count(pubkey) != 0) {
2177 : // We don't need to give an error here.
2178 : // It doesn't matter which of many valid indexes the pubkey has, we just need an index where we can derive it and it's private key
2179 0 : continue;
2180 : }
2181 0 : m_map_pubkeys[pubkey] = i;
2182 : }
2183 : // Merge and write the cache
2184 0 : DescriptorCache new_items = m_wallet_descriptor.cache.MergeAndDiff(temp_cache);
2185 0 : if (!batch.WriteDescriptorCacheItems(id, new_items)) {
2186 0 : throw std::runtime_error(std::string(__func__) + ": writing cache items failed");
2187 : }
2188 0 : m_max_cached_index++;
2189 0 : }
2190 0 : m_wallet_descriptor.range_end = new_range_end;
2191 0 : batch.WriteDescriptor(GetID(), m_wallet_descriptor);
2192 :
2193 : // By this point, the cache size should be the size of the entire range
2194 0 : assert(m_wallet_descriptor.range_end - 1 == m_max_cached_index);
2195 :
2196 0 : NotifyCanGetAddressesChanged();
2197 0 : return true;
2198 0 : }
2199 :
2200 0 : std::vector<WalletDestination> DescriptorScriptPubKeyMan::MarkUnusedAddresses(const CScript& script)
2201 : {
2202 0 : LOCK(cs_desc_man);
2203 0 : std::vector<WalletDestination> result;
2204 0 : if (IsMine(script)) {
2205 0 : int32_t index = m_map_script_pub_keys[script];
2206 0 : if (index >= m_wallet_descriptor.next_index) {
2207 0 : WalletLogPrintf("%s: Detected a used keypool item at index %d, mark all keypool items up to this item as used\n", __func__, index);
2208 0 : auto out_keys = std::make_unique<FlatSigningProvider>();
2209 0 : std::vector<CScript> scripts_temp;
2210 0 : while (index >= m_wallet_descriptor.next_index) {
2211 0 : if (!m_wallet_descriptor.descriptor->ExpandFromCache(m_wallet_descriptor.next_index, m_wallet_descriptor.cache, scripts_temp, *out_keys)) {
2212 0 : throw std::runtime_error(std::string(__func__) + ": Unable to expand descriptor from cache");
2213 : }
2214 0 : CTxDestination dest;
2215 0 : ExtractDestination(scripts_temp[0], dest);
2216 0 : result.push_back({dest, std::nullopt});
2217 0 : m_wallet_descriptor.next_index++;
2218 0 : }
2219 0 : }
2220 0 : if (!TopUp()) {
2221 0 : WalletLogPrintf("%s: Topping up keypool failed (locked wallet)\n", __func__);
2222 0 : }
2223 0 : }
2224 :
2225 0 : return result;
2226 0 : }
2227 :
2228 0 : void DescriptorScriptPubKeyMan::AddDescriptorKey(const CKey& key, const CPubKey &pubkey)
2229 : {
2230 0 : LOCK(cs_desc_man);
2231 0 : WalletBatch batch(m_storage.GetDatabase());
2232 0 : if (!AddDescriptorKeyWithDB(batch, key, pubkey)) {
2233 0 : throw std::runtime_error(std::string(__func__) + ": writing descriptor private key failed");
2234 : }
2235 0 : }
2236 :
2237 0 : bool DescriptorScriptPubKeyMan::AddDescriptorKeyWithDB(WalletBatch& batch, const CKey& key, const CPubKey &pubkey)
2238 : {
2239 0 : AssertLockHeld(cs_desc_man);
2240 0 : assert(!m_storage.IsWalletFlagSet(WALLET_FLAG_DISABLE_PRIVATE_KEYS));
2241 :
2242 : // Check if provided key already exists
2243 0 : if (m_map_keys.find(pubkey.GetID()) != m_map_keys.end() ||
2244 0 : m_map_crypted_keys.find(pubkey.GetID()) != m_map_crypted_keys.end()) {
2245 0 : return true;
2246 : }
2247 :
2248 0 : if (m_storage.HasEncryptionKeys()) {
2249 0 : if (m_storage.IsLocked()) {
2250 0 : return false;
2251 : }
2252 :
2253 0 : std::vector<unsigned char> crypted_secret;
2254 0 : CKeyingMaterial secret(key.begin(), key.end());
2255 0 : if (!EncryptSecret(m_storage.GetEncryptionKey(), secret, pubkey.GetHash(), crypted_secret)) {
2256 0 : return false;
2257 : }
2258 :
2259 0 : m_map_crypted_keys[pubkey.GetID()] = make_pair(pubkey, crypted_secret);
2260 0 : return batch.WriteCryptedDescriptorKey(GetID(), pubkey, crypted_secret);
2261 0 : } else {
2262 0 : m_map_keys[pubkey.GetID()] = key;
2263 0 : return batch.WriteDescriptorKey(GetID(), pubkey, key.GetPrivKey());
2264 : }
2265 0 : }
2266 :
2267 0 : bool DescriptorScriptPubKeyMan::SetupDescriptorGeneration(const CExtKey& master_key, OutputType addr_type, bool internal)
2268 : {
2269 0 : LOCK(cs_desc_man);
2270 0 : assert(m_storage.IsWalletFlagSet(WALLET_FLAG_DESCRIPTORS));
2271 :
2272 : // Ignore when there is already a descriptor
2273 0 : if (m_wallet_descriptor.descriptor) {
2274 0 : return false;
2275 : }
2276 :
2277 0 : int64_t creation_time = GetTime();
2278 :
2279 0 : std::string xpub = EncodeExtPubKey(master_key.Neuter());
2280 :
2281 : // Build descriptor string
2282 0 : std::string desc_prefix;
2283 0 : std::string desc_suffix = "/*)";
2284 0 : switch (addr_type) {
2285 : case OutputType::LEGACY: {
2286 0 : desc_prefix = "pkh(" + xpub + "/44h";
2287 0 : break;
2288 : }
2289 : case OutputType::P2SH_SEGWIT: {
2290 0 : desc_prefix = "sh(wpkh(" + xpub + "/49h";
2291 0 : desc_suffix += ")";
2292 0 : break;
2293 : }
2294 : case OutputType::BECH32: {
2295 0 : desc_prefix = "wpkh(" + xpub + "/84h";
2296 0 : break;
2297 : }
2298 : case OutputType::BECH32M: {
2299 0 : desc_prefix = "tr(" + xpub + "/86h";
2300 0 : break;
2301 : }
2302 : case OutputType::UNKNOWN: {
2303 : // We should never have a DescriptorScriptPubKeyMan for an UNKNOWN OutputType,
2304 : // so if we get to this point something is wrong
2305 0 : assert(false);
2306 : }
2307 : } // no default case, so the compiler can warn about missing cases
2308 0 : assert(!desc_prefix.empty());
2309 :
2310 : // Mainnet derives at 0', testnet and regtest derive at 1'
2311 0 : if (Params().IsTestChain()) {
2312 0 : desc_prefix += "/1h";
2313 0 : } else {
2314 0 : desc_prefix += "/0h";
2315 : }
2316 :
2317 0 : std::string internal_path = internal ? "/1" : "/0";
2318 0 : std::string desc_str = desc_prefix + "/0h" + internal_path + desc_suffix;
2319 :
2320 : // Make the descriptor
2321 0 : FlatSigningProvider keys;
2322 0 : std::string error;
2323 0 : std::unique_ptr<Descriptor> desc = Parse(desc_str, keys, error, false);
2324 0 : WalletDescriptor w_desc(std::move(desc), creation_time, 0, 0, 0);
2325 0 : m_wallet_descriptor = w_desc;
2326 :
2327 : // Store the master private key, and descriptor
2328 0 : WalletBatch batch(m_storage.GetDatabase());
2329 0 : if (!AddDescriptorKeyWithDB(batch, master_key.key, master_key.key.GetPubKey())) {
2330 0 : throw std::runtime_error(std::string(__func__) + ": writing descriptor master private key failed");
2331 : }
2332 0 : if (!batch.WriteDescriptor(GetID(), m_wallet_descriptor)) {
2333 0 : throw std::runtime_error(std::string(__func__) + ": writing descriptor failed");
2334 : }
2335 :
2336 : // TopUp
2337 0 : TopUp();
2338 :
2339 0 : m_storage.UnsetBlankWalletFlag(batch);
2340 0 : return true;
2341 0 : }
2342 :
2343 0 : bool DescriptorScriptPubKeyMan::IsHDEnabled() const
2344 : {
2345 0 : LOCK(cs_desc_man);
2346 0 : return m_wallet_descriptor.descriptor->IsRange();
2347 0 : }
2348 :
2349 0 : bool DescriptorScriptPubKeyMan::CanGetAddresses(bool internal) const
2350 : {
2351 : // We can only give out addresses from descriptors that are single type (not combo), ranged,
2352 : // and either have cached keys or can generate more keys (ignoring encryption)
2353 0 : LOCK(cs_desc_man);
2354 0 : return m_wallet_descriptor.descriptor->IsSingleType() &&
2355 0 : m_wallet_descriptor.descriptor->IsRange() &&
2356 0 : (HavePrivateKeys() || m_wallet_descriptor.next_index < m_wallet_descriptor.range_end);
2357 0 : }
2358 :
2359 0 : bool DescriptorScriptPubKeyMan::HavePrivateKeys() const
2360 : {
2361 0 : LOCK(cs_desc_man);
2362 0 : return m_map_keys.size() > 0 || m_map_crypted_keys.size() > 0;
2363 0 : }
2364 :
2365 0 : std::optional<int64_t> DescriptorScriptPubKeyMan::GetOldestKeyPoolTime() const
2366 : {
2367 : // This is only used for getwalletinfo output and isn't relevant to descriptor wallets.
2368 0 : return std::nullopt;
2369 : }
2370 :
2371 :
2372 0 : unsigned int DescriptorScriptPubKeyMan::GetKeyPoolSize() const
2373 : {
2374 0 : LOCK(cs_desc_man);
2375 0 : return m_wallet_descriptor.range_end - m_wallet_descriptor.next_index;
2376 0 : }
2377 :
2378 0 : int64_t DescriptorScriptPubKeyMan::GetTimeFirstKey() const
2379 : {
2380 0 : LOCK(cs_desc_man);
2381 0 : return m_wallet_descriptor.creation_time;
2382 0 : }
2383 :
2384 0 : std::unique_ptr<FlatSigningProvider> DescriptorScriptPubKeyMan::GetSigningProvider(const CScript& script, bool include_private) const
2385 : {
2386 0 : LOCK(cs_desc_man);
2387 :
2388 : // Find the index of the script
2389 0 : auto it = m_map_script_pub_keys.find(script);
2390 0 : if (it == m_map_script_pub_keys.end()) {
2391 0 : return nullptr;
2392 : }
2393 0 : int32_t index = it->second;
2394 :
2395 0 : return GetSigningProvider(index, include_private);
2396 0 : }
2397 :
2398 0 : std::unique_ptr<FlatSigningProvider> DescriptorScriptPubKeyMan::GetSigningProvider(const CPubKey& pubkey) const
2399 : {
2400 0 : LOCK(cs_desc_man);
2401 :
2402 : // Find index of the pubkey
2403 0 : auto it = m_map_pubkeys.find(pubkey);
2404 0 : if (it == m_map_pubkeys.end()) {
2405 0 : return nullptr;
2406 : }
2407 0 : int32_t index = it->second;
2408 :
2409 : // Always try to get the signing provider with private keys. This function should only be called during signing anyways
2410 0 : return GetSigningProvider(index, true);
2411 0 : }
2412 :
2413 0 : std::unique_ptr<FlatSigningProvider> DescriptorScriptPubKeyMan::GetSigningProvider(int32_t index, bool include_private) const
2414 : {
2415 0 : AssertLockHeld(cs_desc_man);
2416 :
2417 0 : std::unique_ptr<FlatSigningProvider> out_keys = std::make_unique<FlatSigningProvider>();
2418 :
2419 : // Fetch SigningProvider from cache to avoid re-deriving
2420 0 : auto it = m_map_signing_providers.find(index);
2421 0 : if (it != m_map_signing_providers.end()) {
2422 0 : out_keys->Merge(FlatSigningProvider{it->second});
2423 0 : } else {
2424 : // Get the scripts, keys, and key origins for this script
2425 0 : std::vector<CScript> scripts_temp;
2426 0 : if (!m_wallet_descriptor.descriptor->ExpandFromCache(index, m_wallet_descriptor.cache, scripts_temp, *out_keys)) return nullptr;
2427 :
2428 : // Cache SigningProvider so we don't need to re-derive if we need this SigningProvider again
2429 0 : m_map_signing_providers[index] = *out_keys;
2430 0 : }
2431 :
2432 0 : if (HavePrivateKeys() && include_private) {
2433 0 : FlatSigningProvider master_provider;
2434 0 : master_provider.keys = GetKeys();
2435 0 : m_wallet_descriptor.descriptor->ExpandPrivate(index, master_provider, *out_keys);
2436 0 : }
2437 :
2438 0 : return out_keys;
2439 0 : }
2440 :
2441 0 : std::unique_ptr<SigningProvider> DescriptorScriptPubKeyMan::GetSolvingProvider(const CScript& script) const
2442 : {
2443 0 : return GetSigningProvider(script, false);
2444 : }
2445 :
2446 0 : bool DescriptorScriptPubKeyMan::CanProvide(const CScript& script, SignatureData& sigdata)
2447 : {
2448 0 : return IsMine(script);
2449 : }
2450 :
2451 0 : bool DescriptorScriptPubKeyMan::SignTransaction(CMutableTransaction& tx, const std::map<COutPoint, Coin>& coins, int sighash, std::map<int, bilingual_str>& input_errors) const
2452 : {
2453 0 : std::unique_ptr<FlatSigningProvider> keys = std::make_unique<FlatSigningProvider>();
2454 0 : for (const auto& coin_pair : coins) {
2455 0 : std::unique_ptr<FlatSigningProvider> coin_keys = GetSigningProvider(coin_pair.second.out.scriptPubKey, true);
2456 0 : if (!coin_keys) {
2457 0 : continue;
2458 : }
2459 0 : keys->Merge(std::move(*coin_keys));
2460 0 : }
2461 :
2462 0 : return ::SignTransaction(tx, keys.get(), coins, sighash, input_errors);
2463 0 : }
2464 :
2465 0 : SigningResult DescriptorScriptPubKeyMan::SignMessage(const std::string& message, const PKHash& pkhash, std::string& str_sig) const
2466 : {
2467 0 : std::unique_ptr<FlatSigningProvider> keys = GetSigningProvider(GetScriptForDestination(pkhash), true);
2468 0 : if (!keys) {
2469 0 : return SigningResult::PRIVATE_KEY_NOT_AVAILABLE;
2470 : }
2471 :
2472 0 : CKey key;
2473 0 : if (!keys->GetKey(ToKeyID(pkhash), key)) {
2474 0 : return SigningResult::PRIVATE_KEY_NOT_AVAILABLE;
2475 : }
2476 :
2477 0 : if (!MessageSign(key, message, str_sig)) {
2478 0 : return SigningResult::SIGNING_FAILED;
2479 : }
2480 0 : return SigningResult::OK;
2481 0 : }
2482 :
2483 0 : TransactionError DescriptorScriptPubKeyMan::FillPSBT(PartiallySignedTransaction& psbtx, const PrecomputedTransactionData& txdata, int sighash_type, bool sign, bool bip32derivs, int* n_signed, bool finalize) const
2484 : {
2485 0 : if (n_signed) {
2486 0 : *n_signed = 0;
2487 0 : }
2488 0 : for (unsigned int i = 0; i < psbtx.tx->vin.size(); ++i) {
2489 0 : const CTxIn& txin = psbtx.tx->vin[i];
2490 0 : PSBTInput& input = psbtx.inputs.at(i);
2491 :
2492 0 : if (PSBTInputSigned(input)) {
2493 0 : continue;
2494 : }
2495 :
2496 : // Get the Sighash type
2497 0 : if (sign && input.sighash_type != std::nullopt && *input.sighash_type != sighash_type) {
2498 0 : return TransactionError::SIGHASH_MISMATCH;
2499 : }
2500 :
2501 : // Get the scriptPubKey to know which SigningProvider to use
2502 0 : CScript script;
2503 0 : if (!input.witness_utxo.IsNull()) {
2504 0 : script = input.witness_utxo.scriptPubKey;
2505 0 : } else if (input.non_witness_utxo) {
2506 0 : if (txin.prevout.n >= input.non_witness_utxo->vout.size()) {
2507 0 : return TransactionError::MISSING_INPUTS;
2508 : }
2509 0 : script = input.non_witness_utxo->vout[txin.prevout.n].scriptPubKey;
2510 0 : } else {
2511 : // There's no UTXO so we can just skip this now
2512 0 : continue;
2513 : }
2514 0 : SignatureData sigdata;
2515 0 : input.FillSignatureData(sigdata);
2516 :
2517 0 : std::unique_ptr<FlatSigningProvider> keys = std::make_unique<FlatSigningProvider>();
2518 0 : std::unique_ptr<FlatSigningProvider> script_keys = GetSigningProvider(script, /*include_private=*/sign);
2519 0 : if (script_keys) {
2520 0 : keys->Merge(std::move(*script_keys));
2521 0 : } else {
2522 : // Maybe there are pubkeys listed that we can sign for
2523 0 : std::vector<CPubKey> pubkeys;
2524 0 : pubkeys.reserve(input.hd_keypaths.size() + 2);
2525 :
2526 : // ECDSA Pubkeys
2527 0 : for (const auto& [pk, _] : input.hd_keypaths) {
2528 0 : pubkeys.push_back(pk);
2529 : }
2530 :
2531 : // Taproot output pubkey
2532 0 : std::vector<std::vector<unsigned char>> sols;
2533 0 : if (Solver(script, sols) == TxoutType::WITNESS_V1_TAPROOT) {
2534 0 : sols[0].insert(sols[0].begin(), 0x02);
2535 0 : pubkeys.emplace_back(sols[0]);
2536 0 : sols[0][0] = 0x03;
2537 0 : pubkeys.emplace_back(sols[0]);
2538 0 : }
2539 :
2540 : // Taproot pubkeys
2541 0 : for (const auto& pk_pair : input.m_tap_bip32_paths) {
2542 0 : const XOnlyPubKey& pubkey = pk_pair.first;
2543 0 : for (unsigned char prefix : {0x02, 0x03}) {
2544 0 : unsigned char b[33] = {prefix};
2545 0 : std::copy(pubkey.begin(), pubkey.end(), b + 1);
2546 0 : CPubKey fullpubkey;
2547 0 : fullpubkey.Set(b, b + 33);
2548 0 : pubkeys.push_back(fullpubkey);
2549 : }
2550 : }
2551 :
2552 0 : for (const auto& pubkey : pubkeys) {
2553 0 : std::unique_ptr<FlatSigningProvider> pk_keys = GetSigningProvider(pubkey);
2554 0 : if (pk_keys) {
2555 0 : keys->Merge(std::move(*pk_keys));
2556 0 : }
2557 0 : }
2558 0 : }
2559 :
2560 0 : SignPSBTInput(HidingSigningProvider(keys.get(), /*hide_secret=*/!sign, /*hide_origin=*/!bip32derivs), psbtx, i, &txdata, sighash_type, nullptr, finalize);
2561 :
2562 0 : bool signed_one = PSBTInputSigned(input);
2563 0 : if (n_signed && (signed_one || !sign)) {
2564 : // If sign is false, we assume that we _could_ sign if we get here. This
2565 : // will never have false negatives; it is hard to tell under what i
2566 : // circumstances it could have false positives.
2567 0 : (*n_signed)++;
2568 0 : }
2569 0 : }
2570 :
2571 : // Fill in the bip32 keypaths and redeemscripts for the outputs so that hardware wallets can identify change
2572 0 : for (unsigned int i = 0; i < psbtx.tx->vout.size(); ++i) {
2573 0 : std::unique_ptr<SigningProvider> keys = GetSolvingProvider(psbtx.tx->vout.at(i).scriptPubKey);
2574 0 : if (!keys) {
2575 0 : continue;
2576 : }
2577 0 : UpdatePSBTOutput(HidingSigningProvider(keys.get(), /*hide_secret=*/true, /*hide_origin=*/!bip32derivs), psbtx, i);
2578 0 : }
2579 :
2580 0 : return TransactionError::OK;
2581 0 : }
2582 :
2583 0 : std::unique_ptr<CKeyMetadata> DescriptorScriptPubKeyMan::GetMetadata(const CTxDestination& dest) const
2584 : {
2585 0 : std::unique_ptr<SigningProvider> provider = GetSigningProvider(GetScriptForDestination(dest));
2586 0 : if (provider) {
2587 0 : KeyOriginInfo orig;
2588 0 : CKeyID key_id = GetKeyForDestination(*provider, dest);
2589 0 : if (provider->GetKeyOrigin(key_id, orig)) {
2590 0 : LOCK(cs_desc_man);
2591 0 : std::unique_ptr<CKeyMetadata> meta = std::make_unique<CKeyMetadata>();
2592 0 : meta->key_origin = orig;
2593 0 : meta->has_key_origin = true;
2594 0 : meta->nCreateTime = m_wallet_descriptor.creation_time;
2595 0 : return meta;
2596 0 : }
2597 0 : }
2598 0 : return nullptr;
2599 0 : }
2600 :
2601 0 : uint256 DescriptorScriptPubKeyMan::GetID() const
2602 : {
2603 0 : LOCK(cs_desc_man);
2604 0 : return DescriptorID(*m_wallet_descriptor.descriptor);
2605 0 : }
2606 :
2607 0 : void DescriptorScriptPubKeyMan::SetCache(const DescriptorCache& cache)
2608 : {
2609 0 : LOCK(cs_desc_man);
2610 0 : m_wallet_descriptor.cache = cache;
2611 0 : for (int32_t i = m_wallet_descriptor.range_start; i < m_wallet_descriptor.range_end; ++i) {
2612 0 : FlatSigningProvider out_keys;
2613 0 : std::vector<CScript> scripts_temp;
2614 0 : if (!m_wallet_descriptor.descriptor->ExpandFromCache(i, m_wallet_descriptor.cache, scripts_temp, out_keys)) {
2615 0 : throw std::runtime_error("Error: Unable to expand wallet descriptor from cache");
2616 : }
2617 : // Add all of the scriptPubKeys to the scriptPubKey set
2618 0 : for (const CScript& script : scripts_temp) {
2619 0 : if (m_map_script_pub_keys.count(script) != 0) {
2620 0 : throw std::runtime_error(strprintf("Error: Already loaded script at index %d as being at index %d", i, m_map_script_pub_keys[script]));
2621 : }
2622 0 : m_map_script_pub_keys[script] = i;
2623 : }
2624 0 : for (const auto& pk_pair : out_keys.pubkeys) {
2625 0 : const CPubKey& pubkey = pk_pair.second;
2626 0 : if (m_map_pubkeys.count(pubkey) != 0) {
2627 : // We don't need to give an error here.
2628 : // It doesn't matter which of many valid indexes the pubkey has, we just need an index where we can derive it and it's private key
2629 0 : continue;
2630 : }
2631 0 : m_map_pubkeys[pubkey] = i;
2632 : }
2633 0 : m_max_cached_index++;
2634 0 : }
2635 0 : }
2636 :
2637 0 : bool DescriptorScriptPubKeyMan::AddKey(const CKeyID& key_id, const CKey& key)
2638 : {
2639 0 : LOCK(cs_desc_man);
2640 0 : m_map_keys[key_id] = key;
2641 : return true;
2642 0 : }
2643 :
2644 0 : bool DescriptorScriptPubKeyMan::AddCryptedKey(const CKeyID& key_id, const CPubKey& pubkey, const std::vector<unsigned char>& crypted_key)
2645 : {
2646 0 : LOCK(cs_desc_man);
2647 0 : if (!m_map_keys.empty()) {
2648 0 : return false;
2649 : }
2650 :
2651 0 : m_map_crypted_keys[key_id] = make_pair(pubkey, crypted_key);
2652 0 : return true;
2653 0 : }
2654 :
2655 0 : bool DescriptorScriptPubKeyMan::HasWalletDescriptor(const WalletDescriptor& desc) const
2656 : {
2657 0 : LOCK(cs_desc_man);
2658 0 : return m_wallet_descriptor.descriptor != nullptr && desc.descriptor != nullptr && m_wallet_descriptor.descriptor->ToString() == desc.descriptor->ToString();
2659 0 : }
2660 :
2661 0 : void DescriptorScriptPubKeyMan::WriteDescriptor()
2662 : {
2663 0 : LOCK(cs_desc_man);
2664 0 : WalletBatch batch(m_storage.GetDatabase());
2665 0 : if (!batch.WriteDescriptor(GetID(), m_wallet_descriptor)) {
2666 0 : throw std::runtime_error(std::string(__func__) + ": writing descriptor failed");
2667 : }
2668 0 : }
2669 :
2670 0 : WalletDescriptor DescriptorScriptPubKeyMan::GetWalletDescriptor() const
2671 : {
2672 0 : return m_wallet_descriptor;
2673 : }
2674 :
2675 0 : std::unordered_set<CScript, SaltedSipHasher> DescriptorScriptPubKeyMan::GetScriptPubKeys() const
2676 : {
2677 0 : return GetScriptPubKeys(0);
2678 : }
2679 :
2680 0 : std::unordered_set<CScript, SaltedSipHasher> DescriptorScriptPubKeyMan::GetScriptPubKeys(int32_t minimum_index) const
2681 : {
2682 0 : LOCK(cs_desc_man);
2683 0 : std::unordered_set<CScript, SaltedSipHasher> script_pub_keys;
2684 0 : script_pub_keys.reserve(m_map_script_pub_keys.size());
2685 :
2686 0 : for (auto const& [script_pub_key, index] : m_map_script_pub_keys) {
2687 0 : if (index >= minimum_index) script_pub_keys.insert(script_pub_key);
2688 : }
2689 0 : return script_pub_keys;
2690 0 : }
2691 :
2692 0 : int32_t DescriptorScriptPubKeyMan::GetEndRange() const
2693 : {
2694 0 : return m_max_cached_index + 1;
2695 : }
2696 :
2697 0 : bool DescriptorScriptPubKeyMan::GetDescriptorString(std::string& out, const bool priv) const
2698 : {
2699 0 : LOCK(cs_desc_man);
2700 :
2701 0 : FlatSigningProvider provider;
2702 0 : provider.keys = GetKeys();
2703 :
2704 0 : if (priv) {
2705 : // For the private version, always return the master key to avoid
2706 : // exposing child private keys. The risk implications of exposing child
2707 : // private keys together with the parent xpub may be non-obvious for users.
2708 0 : return m_wallet_descriptor.descriptor->ToPrivateString(provider, out);
2709 : }
2710 :
2711 0 : return m_wallet_descriptor.descriptor->ToNormalizedString(provider, out, &m_wallet_descriptor.cache);
2712 0 : }
2713 :
2714 0 : void DescriptorScriptPubKeyMan::UpgradeDescriptorCache()
2715 : {
2716 0 : LOCK(cs_desc_man);
2717 0 : if (m_storage.IsLocked() || m_storage.IsWalletFlagSet(WALLET_FLAG_LAST_HARDENED_XPUB_CACHED)) {
2718 0 : return;
2719 : }
2720 :
2721 : // Skip if we have the last hardened xpub cache
2722 0 : if (m_wallet_descriptor.cache.GetCachedLastHardenedExtPubKeys().size() > 0) {
2723 0 : return;
2724 : }
2725 :
2726 : // Expand the descriptor
2727 0 : FlatSigningProvider provider;
2728 0 : provider.keys = GetKeys();
2729 0 : FlatSigningProvider out_keys;
2730 0 : std::vector<CScript> scripts_temp;
2731 0 : DescriptorCache temp_cache;
2732 0 : if (!m_wallet_descriptor.descriptor->Expand(0, provider, scripts_temp, out_keys, &temp_cache)){
2733 0 : throw std::runtime_error("Unable to expand descriptor");
2734 : }
2735 :
2736 : // Cache the last hardened xpubs
2737 0 : DescriptorCache diff = m_wallet_descriptor.cache.MergeAndDiff(temp_cache);
2738 0 : if (!WalletBatch(m_storage.GetDatabase()).WriteDescriptorCacheItems(GetID(), diff)) {
2739 0 : throw std::runtime_error(std::string(__func__) + ": writing cache items failed");
2740 : }
2741 0 : }
2742 :
2743 0 : void DescriptorScriptPubKeyMan::UpdateWalletDescriptor(WalletDescriptor& descriptor)
2744 : {
2745 0 : LOCK(cs_desc_man);
2746 0 : std::string error;
2747 0 : if (!CanUpdateToWalletDescriptor(descriptor, error)) {
2748 0 : throw std::runtime_error(std::string(__func__) + ": " + error);
2749 : }
2750 :
2751 0 : m_map_pubkeys.clear();
2752 0 : m_map_script_pub_keys.clear();
2753 0 : m_max_cached_index = -1;
2754 0 : m_wallet_descriptor = descriptor;
2755 :
2756 0 : NotifyFirstKeyTimeChanged(this, m_wallet_descriptor.creation_time);
2757 0 : }
2758 :
2759 0 : bool DescriptorScriptPubKeyMan::CanUpdateToWalletDescriptor(const WalletDescriptor& descriptor, std::string& error)
2760 : {
2761 0 : LOCK(cs_desc_man);
2762 0 : if (!HasWalletDescriptor(descriptor)) {
2763 0 : error = "can only update matching descriptor";
2764 0 : return false;
2765 : }
2766 :
2767 0 : if (descriptor.range_start > m_wallet_descriptor.range_start ||
2768 0 : descriptor.range_end < m_wallet_descriptor.range_end) {
2769 : // Use inclusive range for error
2770 0 : error = strprintf("new range must include current range = [%d,%d]",
2771 0 : m_wallet_descriptor.range_start,
2772 0 : m_wallet_descriptor.range_end - 1);
2773 0 : return false;
2774 : }
2775 :
2776 0 : return true;
2777 0 : }
2778 : } // namespace wallet
|
